Kubernetes-native system managing the full lifecycle of conformant Kubernetes clusters as a service on Alicloud, AWS, Azure, GCP, OpenStack, vSphere, KubeVirt, Hetzner, EquinixMetal, MetalStack, and OnMetal with minimal TCO.
OTHER License
Bot releases are hidden (Show)
Published by gardener-robot-ci-1 over 2 years ago
ReversedVPN
feature gate is disabled, the kube-apiserver-http-proxy
secret is properly removed from the ShootState
and the shoot's control plane. (gardener/gardener#5367, @plkokanov)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.39.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.39.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.39.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.39.2
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.39.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.39.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.39.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.39.2
Published by gardener-robot-ci-3 over 2 years ago
ControlPlane
actuator package has been fixed. (gardener/gardener#5339, @rfranzke)cgroupfs
cgroup driver (the change to use systemd
was reverted). (gardener/gardener#5334, @timuthy)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.39.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.39.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.39.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.39.1
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.39.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.39.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.39.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.39.1
Published by gardener-robot-ci-3 over 2 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.36.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.36.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.36.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.36.2
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.36.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.36.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.36.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.36.2
Published by gardener-robot-ci-1 over 2 years ago
v1.37
. (gardener/gardener#5121, @rfranzke)NewActuator
function of the generic Worker
actuator now takes two additional parameters: useTokenRequestor
(set this to true
only when running with Gardener >= 1.36
), and useProjectedTokenMount
(set this to true
only when running with Gardener >= 1.37
). They allow switching to the token requestor and projected ServiceAccount
tokens instead of relying on static credentials for the machine-controller-manager
. Caution: Make sure to adapt your Deployment
s similar to https://github.com/gardener/gardener/pull/5008/commits/e3cb8d84b9217667aaf5c5ce0ba60204ed4a4db3#diff-4ecb783d75e20fae3586a525a59b334f42474f9465af8defaac8e3da965cff3a when set to true
. (gardener/gardener#5163, @rfranzke)NewActuator
function of the generic ControlPlane
actuator now takes four additional parameters: shootAccessSecrets
and legacySecretNamesToCleanup
, and exposureShootAccessSecrets
and legacyExposureSecretNamesToCleanup
(use them only when running with Gardener >= 1.36
). They allow switching to the token requestor instead of relying on static client certificates for the control plane components like cloud-controller-manager
. Caution: Make sure to adapt your Deployment
s similar to https://github.com/gardener/gardener/pull/5008/commits/e3cb8d84b9217667aaf5c5ce0ba60204ed4a4db3#diff-4ecb783d75e20fae3586a525a59b334f42474f9465af8defaac8e3da965cff3a when set to true
. (gardener/gardener#5163, @rfranzke)genericmutator.Ensurer
interface methods concerning kubelets were extended with an additional parameter for the effective kubelet versions. Implementors of this interface should make use of this parameter instead of parsing the version from the Cluster
object. (gardener/gardener#5256, @rfranzke)generate-controller-registration.sh
script does no longer take a path to a VERSION file but instead the VERSION directly. (gardener/gardener#5202, @rfranzke)pkg/controllerutils.Try{Patch,Update}
and friends have been removed. Please switch to the usual client methods for updating/patching without RetryOnConflict
-semantics. See https://github.com/gardener/gardener/blob/master/docs/development/kubernetes-clients.md#dont-retry-on-conflict for more details on why their usage was discouraged. (gardener/gardener#4799, @timebertt)extensions/pkg/controller.DeleteAllFinalizers
function has been removed. You can use pkg/controllerutils.RemoveAllFinalizers
instead. (gardener/gardener#4799, @timebertt).status.technicalID
) in the SAN
list of the Kube-Apiserver server certificate. (gardener/gardener#5177, @timuthy)ForceRestore
feature gate is enabled, the shoot's restoration to the destination seed during control plane migration will be forced if the preparation for migration in the source seed is not finished after a certain grace period and is considered unlikely to succeed ("bad case" scenario). (gardener/gardener#5123, @stoyanr)VolumeSnapshots
and VolumeSnapshotContents
during cluster deletion. These resources are forcefully deleted after a 1h
grace period which eventually lead to leaked snapshots on the cloud provider side. Hence, if the CSI-Snapshotter cannot delete affected snapshots successfully for 1h
, operators/shoot-owners have to purge them manually. (gardener/gardener#5104, @timuthy)Terraformer
interface does now support a new UseProjectedTokenMount
method for switching the terraformer
pods to a projected ServiceAccount
token. Set this to true
only when running with Gardener >= 1.37
. (gardener/gardener#5163, @rfranzke)ControllerInstallation
controller in gardenlet is now populating the .gardener.version
field when rendering Helm charts. Extension controllers can use this information to turn on or off certain features. The new General{Options,Config}
structures introduced in the extensions/pkg/controller/cmd
package can be used for exposing the --gardener-version
flag. This allows to read the Gardener version information from the Helm chart values and use it. (gardener/gardener#5162, @rfranzke)UseTokenRequestor
and UseServiceAccountTokenVolumeProjection
have been introduced in the extensions/pkg/controller
package. They can be used to decide (based on the used Gardener version) whether the respective features should be enabled. (gardener/gardener#5162, @rfranzke).spec.kubernetes.allowPrivilegedContainers=false
is now fixed. (gardener/gardener#5263, @DockToFuture)unmanaged
primary DNS providers. (gardener/gardener#5241, @timuthy)ServiceAccount
tokens as currently the component cannot properly handle projected ServiceAccount
tokens. (gardener/gardener#5228, @ialidzhikov)etcd
pods still to be active in the control plane even though the cluster was hibernated successfully. (gardener/gardener#5209, @timuthy)etcd-main
pod to constantly crash on seed clusters that their Kube-Apiservers in the same cluster (usually not managed by Gardener). (gardener/gardener#5198, @timuthy)Worker
resource at the start of a restore
operation. (gardener/gardener#5187, @plkokanov)nodeTemplate
field. This is essential for scale-from-zero feature of CA to work. (gardener/gardener#5266, @himanshu-kun)--ignore-taint
is exposed at Shoot API level with which user can specify a taint to ignore in node templates when considering to scale a node group. (gardener/gardener#5169, @AxiomSamarth)create-shoot
TestDefinition does now specify the --networking-type
flag that can be configured via the $NETWORKING_TYPE
env var. (gardener/gardener#5257, @hendrikKahl)AdminKubeconfigRequest
feature gate in the apiserver
has been promoted to beta and is now enabled by default. (gardener/gardener#5220, @shafeeqes)UseDNSRecords
feature gate in the apiserver
, controllermanager
and gardenlet
has been promoted to beta and is now enabled by default. Please see the support forDNSRecords
resources in provider extensions documentation. (gardener/gardener#5219, @shafeeqes)1.17.6
. (gardener/gardener#5231, @ialidzhikov)Created
condition to DNSRecord
to allow deletion on unsuccessful creation in infrastructure (gardener/gardener#5234, @MartinWeindel)systemd
cgroup driver as recommended by the community. (gardener/gardener#5255, @rfranzke)gardener-resource-manager
does no longer use a client certificate but an auto-rotated ServiceAccount
token which is only valid for 24h
. (gardener/gardener#5138, @rfranzke)cloud-config-downloader
does no longer use a client certificate but an auto-rotated ServiceAccount
token which is only valid for 90d
. (gardener/gardener#5121, @rfranzke)provider-local
Gardener extension has been introduced. It allows to run Gardener entirely locally on your machine (i.e., without any real infrastructure/cloud provider involved). This document describes how it works and which limitations exist. (gardener/gardener#5115, @rfranzke)Shoot
resources should be extended according to this document. (gardener/gardener#5256, @rfranzke)GetOrCreateShootKubeconfig
function in the extensions/pkg/util
package is deprecated since it generates a kubeconfig with a static client certificate. Switch to the token requestor instead. (gardener/gardener#5162, @rfranzke)cpu
, gpu
, memory
, region
, zone
, instanceType
etc. The latter scenario is the scale from zero scenario where there are zero nodes in the nodeGroup
that is expected to scale up and so far the existing logic limited this feature to AWS and Azure only. (gardener/autoscaler#102, @AxiomSamarth)
nodeTemplate
property in the MachineClass
, the scale from zero feature has been extended generically across all providers.admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.39.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.39.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.39.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.39.0
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.39.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.39.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.39.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.39.0
Published by gardener-robot-ci-1 over 2 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.37.6
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.37.6
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.37.6
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.37.6
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.37.6
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.37.6
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.37.6
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.37.6
Published by gardener-robot-ci-2 over 2 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.38.4
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.38.4
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.38.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.38.4
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.38.4
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.38.4
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.38.4
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.38.4
Published by gardener-robot-ci-1 almost 3 years ago
resources.gardener.cloud/preserve-resources
annotation was added for Job
s, CronJob
s, and DaemonSet
s. (gardener/gardener#5264, @rfranzke)etcd
pods still to be active in the control plane even though the cluster was hibernated successfully. (gardener/gardener#5238, @timuthy)resources.gardener.cloud/preserve-resources
annotation does now work properly for StatefulSet
s. (gardener/gardener#5264, @rfranzke)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.37.5
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.37.5
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.37.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.37.5
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.37.5
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.37.5
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.37.5
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.37.5
Published by gardener-robot-ci-1 almost 3 years ago
.spec.kubernetes.allowPrivilegedContainers=false
is now fixed. (gardener/gardener#5265, @ialidzhikov)etcd
pods still to be active in the control plane even though the cluster was hibernated successfully. (gardener/gardener#5237, @timuthy)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.38.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.38.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.38.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.38.3
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.38.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.38.3
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.38.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.38.3
Published by gardener-robot-ci-3 almost 3 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.37.4
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.37.4
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.37.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.37.4
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.37.4
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.37.4
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.37.4
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.37.4
Published by gardener-robot-ci-2 almost 3 years ago
ServiceAccount
tokens as currently the component cannot properly handle projected ServiceAccount
tokens. (gardener/gardener#5232, @ialidzhikov)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.38.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.38.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.38.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.38.2
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.38.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.38.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.38.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.38.2
Published by gardener-robot-ci-2 almost 3 years ago
Worker
resource at the start of a restore
operation. (gardener/gardener#5196, @plkokanov)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.36.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.36.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.36.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.36.1
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.36.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.36.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.36.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.36.1
Published by gardener-robot-ci-2 almost 3 years ago
etcd-main
pod to constantly crash on seed clusters that their Kube-Apiservers in the same cluster (usually not managed by Gardener). (gardener/gardener#5199, @timuthy)Worker
resource at the start of a restore
operation. (gardener/gardener#5195, @plkokanov)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.37.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.37.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.37.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.37.3
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.37.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.37.3
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.37.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.37.3
Published by gardener-robot-ci-2 almost 3 years ago
etcd-main
pod to constantly crash on seed clusters that their Kube-Apiservers in the same cluster (usually not managed by Gardener). (gardener/gardener#5200, @timuthy)Worker
resource at the start of a restore
operation. (gardener/gardener#5194, @plkokanov)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.38.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.38.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.38.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.38.1
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.38.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.38.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.38.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.38.1
Published by gardener-robot-ci-3 almost 3 years ago
__internal
for the apiVersion in their InfrastructureConfig. For compatibility reasons, existing Shoots with this configuration can still be updated. (gardener/gardener#4927, @voelzmo)etcdConfig
section in the Gardenlet-Componentconfig. (gardener/gardener#5144, @timuthy)v1.37
. (gardener/gardener#5128, @rfranzke)DisallowKubeconfigRotationForShootInDeletion
feature gate that is GA since v1.36 is unconditionally enabled, and can no longer be specified in the gardener-apiserver's configuration. (gardener/gardener#5124, @acumino)SeedAuthorizer
and SeedRestriction
features do no longer support "ambiguous" gardenlets (i.e., gardenlets responsible for multiple seed clusters) since this feature was dropped already with Gardener v1.27. In case you have activated these features then you have to make sure that you deploy a dedicated gardenlet per seed cluster and that they don't use a client certificate with the (now removed) gardener.cloud:system:seeds:<ambiguous>
common name before updating to this Gardener version. This document describes how to make the gardenlet regenerate its client certificate after you have reconfigured it. (gardener/gardener#5093, @rfranzke)ManagedResource
objects that are stuck when a shoot is deleted. This enables Gardener to assign the corresponding error code(s) to the shoot object. (gardener/gardener#5111, @timuthy)LeaseDurationSeconds
and LeaseResyncSeconds
added under SeedControllerConfiguration
to make Seed lease and duration configurable. Both field have default value of 2 seconds. (gardener/gardener#5092, @ary1992)resources.gardener.cloud/preserve-resources
annotation was added for Job
s, CronJob
s, and DaemonSet
s. (gardener/gardener#5131, @rfranzke)TokenRequestor
controller (part of gardener-resource-manager
) can now optionally sync the tokens into a Secret
in the target cluster (see this document for more information). (gardener/gardener#5084, @rfranzke).spec.selector
of Job
objects anymore. (gardener/gardener#5167, @timuthy)GardenletConfiguration
. (gardener/gardener#5151, @timuthy)UseDNSRecords
enabled if it was never previously reconciled with this feature gate enabled. (gardener/gardener#5135, @stoyanr)DNSProvider
, DNSEntry
, and DNSOwner
resources. (gardener/gardener#5119, @stoyanr)gardener-controller-manager
to hang forever in case the internal domain secret got deleted before the last ControllerRegistration
. (gardener/gardener#5105, @rfranzke)BackupBucket
s. (gardener/gardener#5091, @rfranzke)ManagedResource
CRD in the /example
dir was fixed. (gardener/gardener#5168, @timuthy)resources.gardener.cloud/preserve-resources
annotation does now work properly for StatefulSet
s. (gardener/gardener#5131, @rfranzke)cloudprofile
, seed,
project,
shoot`, etc. relate to each other. (gardener/gardener#5137, @vlerenc)provider.type
. (gardener/gardener#5058, @ialidzhikov)rateLimit
fields to CRD dnsproviders.dns.gardener.cloud (gardener/gardener#5165, @MartinWeindel)1.12.0
. (gardener/gardener#5080, @DockToFuture).spec.secretRef
). (gardener/gardener#5073, @ialidzhikov)json
log format to have harmonized logging during the migration period. (gardener/gardener#5057, @timebertt)1.17.5
. (gardener/gardener#5152, @ialidzhikov)check-docforge
step will be executed on each PR in the CI/CD (gardener/gardener#5108, @Kristian-ZH)DELETE
requests if the resource does not exist in the system. (gardener/gardener#5091, @rfranzke)kubelet
s running on the worker nodes of shoot clusters, the expiration duration for certificates issued via CertificateSigningRequest
s has been reduced from 1y
to 30d
. A custom expiration duration per CertificateSigningRequest
can be set via the .spec.expirationSeconds
fields (available from Kubernetes v1.22). (gardener/gardener#5096, @rfranzke)ServiceAccount
tokens (instead of continued usage of static tokens). (gardener/gardener#5128, @rfranzke)ServiceAccount
tokens (instead of continued usage of static tokens). (gardener/gardener#5099, @rfranzke)gardenlet
and extension controllers do no longer use a client certificate but an auto-rotated ServiceAccount
token which is only valid for 12h
. (gardener/gardener#5012, @rfranzke)dependency-watchdog-probe
does no longer use a client certificate but an auto-rotated ServiceAccount
token which is only valid for 12h
. (gardener/gardener#5011, @rfranzke)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.38.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.38.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.38.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.38.0
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.38.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.38.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.38.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.38.0
Published by gardener-robot-ci-2 almost 3 years ago
GardenletConfiguration
. (gardener/gardener#5155, @timuthy)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.37.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.37.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.37.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.37.2
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.37.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.37.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.37.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.37.2
Published by gardener-robot-ci-2 almost 3 years ago
UseDNSRecords
enabled if it was never previously reconciled with this feature gate enabled. (gardener/gardener#5139, @timebertt)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.37.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.37.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.37.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.37.1
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.37.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.37.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.37.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.37.1
Published by gardener-robot-ci-1 almost 3 years ago
tls_config
and authorization
section) of extension controllers must be adapted such that they match the example in https://github.com/gardener/gardener/blob/master/docs/extensions/logging-and-monitoring.md#extensions-monitoring-integration. (gardener/gardener#5008, @rfranzke)shoot.gardener.cloud/cleanup-infrastructure-resources-grace-period-seconds
annotation on the Shoot
(default behaviour: "300"
). Please be aware that overriding this value might lead to orphaned infrastructure artifacts. (gardener/gardener#5044, @rfranzke)WorkerPoolKubernetesVersion
feature gate is enabled then it is possible to specify the Kubernetes version per worker pool for Shoot
s by setting .spec.provider.workers[].kubernetes.version
. Please consult this document for more information. (gardener/gardener#4971, @rfranzke)dependency-watchdog
s in the seed cluster by configuring the .spec.settings.dependencyWatchdog
section. Please consult the documentation for more information. (gardener/gardener#5075, @rfranzke)unknown
that corresponds to Unknown
conditions has been introduced. (gardener/gardener#5041, @stoyanr)extensionsv1alpha1.Worker
resource under spec.pools[].nodeTemplate.capacity
from the CloudProfile
for the corresponding machine type. These resources will be carried to the MachineClass
and will later be used by cluster-autoscaler for scale-from-zero. (gardener/gardener#4980, @himanshu-kun)WorkerPoolKubernetesVersion
feature gate must only be enabled when all provider extensions explicitly announce in their release notes that they support specific Kubernetes versions per worker pool. Otherwise, worker nodes of shoot clusters might be misconfigured or rolled out unexpectedly. (gardener/gardener#4971, @rfranzke)ObjectSelector
when registering an extension webhook by configuring github.com/gardener/gardener/extensions/pkg/webhook.Webhook
. (gardener/gardener#5043, @rfranzke)spec
section has changed. (gardener/gardener#5049, @rfranzke)ControllerInstallation
s when a Seed
was marked for deletion. (gardener/gardener#5047, @rfranzke)hack/generate-seed-crds.sh
was called with an empty <file-name-prefix>
. (gardener/gardener#5053, @timuthy)make-generate
are no longer executed in parallel. (gardener/gardener#5020, @BeckerMax)SerializeImagePulls
fields for the kubelet configuration (defaults: true) in the Shoot
API via .spec.{provider.workers[]}.kubernetes.kubelet.SerializeImagePulls
. (gardener/gardener#5074, @shafeeqes)github.com/gardener/etcd-druid
update, etcd pods of shoot clusters will be restarted during their next reconciliation (e.g. within next maintenance time window, manual reconciliation, spec updates). (gardener/gardener#5037, @abdasgupta)reason
s or message
s. (gardener/gardener#5021, @timuthy)gardenlet
shoot controller will now set the owner check configuration parameters in the etcd-main
Etcd
resource. This will cause etcd-backup-restore
to disable the cluster if the owner domain name no longer resolves to the specified owner ID. The creation and checking of owner DNS record can be disabled via the spec.settings.ownerChecks
seed setting. (gardener/gardener#4813, @stoyanr)kube-rbac-proxy
does no longer use a client certificate but an auto-rotated ServiceAccount
token which is only valid for 12h
. (gardener/gardener#5010, @rfranzke)vpa-{admission-controller,recommender,updater}
do no longer use a client certificate but an auto-rotated ServiceAccount
token which is only valid for 12h
. (gardener/gardener#5009, @rfranzke)kube-state-metrics
does no longer use a client certificate but an auto-rotated ServiceAccount
token which is only valid for 12h
. prometheus
has such a token as well, but for backwards-compatibility it also still has access to its client certificate (this will be dropped in the future). (gardener/gardener#5008, @rfranzke)kube-controller-manager
and cluster-autoscaler
do no longer use a client certificate but an auto-rotated ServiceAccount
token which is only valid for 12h
. (gardener/gardener#5007, @rfranzke)gardener-resource-manager
's TokenInvalidator
and the ProjectedTokenMount
webhooks are now enabled for the seed and shoot clusters. (gardener/gardener#5002, @rfranzke)ReversedVPN
feature gate is now activated by default for local development. (gardener/gardener#5045, @rfranzke)Shoot
clusters with overridden Kubernetes versions per worker pool, you need to revendor the extensions library. (gardener/gardener#4971, @rfranzke)health
package to allow backup-restore to renew member leases to indicate member health and snapshot leases to indicate snapshots being taken successfully (gardener/etcd-backup-restore#382, @aaronfern)
server
and compact
subcommand. --enable-snapshot-lease-renewal
to enable snapshot lease renewal, --enable-member-lease-renewal
to enable member lease updates, full-snapshot-lease-name
to specify the full snapshot lease name, and delta-snapshot-lease-name
to specify the delta snapshot lease namePOD_NAME
and POD_NAMESPACE
) when running the server subcommand when --enable-member-lease-renewal
flag is set to truePOD_NAMESPACE
) when running the server subcommand when --enable-snapshot-lease-renewal
flag is set to truePOD_NAMESPACE
) when running the compact subcommand when --enable-snapshot-lease-renewal
flag is set to trueetcdbrctl
tool to compact basesnapshot and all it's subsequent deltasnapshot to one single compacted snapshot. (gardener/etcd-backup-restore#301, @abdasgupta)v2
backup version prefix in a flat structure. (gardener/etcd-backup-restore#301, @abdasgupta)v1
backup version is still there but only for restoration and snapshot garbage collection. So backup storages that had v1
backup version and where snapshots were stored under separate prefix (Backup-XXX), can still be used with compaction sub command (as well as for restoration). However, the new snapshots will be stored under v2
backup version prefix. (gardener/etcd-backup-restore#301, @abdasgupta)v1
backup structure with separate prefix (Backup-XXX) will be dropped in a subsequent release. (gardener/etcd-backup-restore#301, @abdasgupta)BackupCompactionSchedule
field is removed from ETCD backup spec, as it was only necessary for scheduling CronJob.github.com/gardener/etcd-druid/api
has been removed. Please use github.com/gardener/etcd-druid
instead if your module(s) depend on etcd-druid
. (gardener/etcd-druid#244, @timuthy)github.com/gardener/etcd-druid-api
if you vendor only the API of etcd-druid. (gardener/etcd-druid#169, @amshuman-kr)druid
will now also reconcile a serviceaccount
, a role
, and a rolebinding
as part of it's etcd
reconcile flow and associate it with the etcd pod (gardener/etcd-druid#233, @aaronfern)--enable-backup-compation
has been introduced which globally enables automatic compaction of backups. (gardener/etcd-druid#258, @timuthy)Lease
s are introduced: One to hold the value of the latest full snapshot revision and one for the last delta revision.etcd druid
to regularly schedule backup compactions via configurable etcd spec spec.backup.compactionSchedule
(gardener/etcd-druid#197, @aaronfern)condition
and etcd member
checks have been added to Etcd-Druid. The results of those checks will be reflected in the etcd.status
sub-resource. (gardener/etcd-druid#188, @timuthy)
Ready
members in status.members
to fulfill the quorum.status.members
are Ready
.LastUpdateTime
as a heartbeat and checks if it is within the expected time range (configurable via --etcd-member-threshold
).--custodian-sync-period (default 30s)
controls the duration after which the Custodian controller re-enqueues etcd
resources for reconciliation. This can be considered as a health check interval. (gardener/etcd-druid#188, @timuthy)--custodian-workers
. (gardener/etcd-druid#180, @timuthy)etcd
resource was reconciled. (gardener/etcd-druid#264, @timuthy)Etcd
resource. (gardener/etcd-druid#205, @shreyas-s-rao)Etcd
resources after waiting for statefulset. (gardener/etcd-druid#222, @amshuman-kr)--enable-compaction-tempfs
to etcd druid to enable tempfs in the compaction job volumeMount (defaults to false) (gardener/etcd-druid#220, @aaronfern)etcdSnapshotTimeout
and etcdDefragTimeout
which configure the snapshotter timeout and defragmentation timeout respectively of etcd-backup-restore (gardener/etcd-druid#216, @aaronfern)Lease
resources in order to derive the readiness state of an etcd cluster member. This serves as a preparation for the etcd multi-node feature. (gardener/etcd-druid#214, @timuthy)create/update/delete
events. (gardener/etcd-druid#180, @timuthy)check-generate
has been added to check if generated code and the vendor dir are up-to-date. (gardener/etcd-druid#177, @timuthy)github.com/gardener/etcd-druid/api
can be used to get the API definitions. (gardener/etcd-druid#169, @amshuman-kr)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.37.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.37.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.37.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.37.0
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.37.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.37.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.37.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.37.0
Published by gardener-robot-ci-2 almost 3 years ago
github.com/gardener/gardener/extensions/pkg/terraformer
is now changed to v2. Consumers of this package can still configure the terraformer version using the funcs UseV1
and UseV2
(both of these functions are deprecated). (gardener/gardener#4930, @acumino)hack/install-requirements.sh
is deprecated and will be removed in a future version. Other repos can reuse newly added make recipes as a replacement to build/install tool binaries by including hack/tools.mk
in their top-level make file. (gardener/gardener#4879, @timebertt)gardener-resource-manager
can now auto-mount projected ServiceAccount
tokens into Pod
s in case their referenced ServiceAccount
sets .automountServiceAccountToken=false
. Please consult this document for more information. (gardener/gardener#4873, @rfranzke)make install-requirements
anymore. Instead, the needed binaries are built/installed on the fly to a local directory as needed. (gardener/gardener#4879, @timebertt)Status.Targets
for the corresponding provider in the shoot namespace. (gardener/gardener#4962, @stoyanr)ManagedIstio
feature gate is disabled is now fixed. (gardener/gardener#4991, @ScheererJ)extensions.gardener.cloud/v1alpha1.ControlPlane
resource already has a .metadata.deletionTimestamp
it will not be redeployed if the deletion flow is restarted. (gardener/gardener#4976, @plkokanov)github.com/gardener/gardener/extensions/pkg/terraformer
does now log by default the termination message of the Terraformer Pod (or its logs) when the Terraformer Pod finishes with error. (gardener/gardener#5016, @ialidzhikov)ShootCoreAddonRestarter
is now disabled by default in the gardener controlplane chart. (gardener/gardener#4997, @vpnachev)ManagedIstio
feature gate is turned off. (gardener/gardener#4996, @timuthy)DisallowKubeconfigRotationForShootInDeletion
feature gate in the gardener-apiserver
has been promoted to GA. (gardener/gardener#4984, @acumino)automaxprocs
to the controller manager (gardener/gardener#4979, @wyb1)ManagedResource
are now listed in the error returned when waiting for the deletion of the ManagedResource
fails. (gardener/gardener#4965, @plkokanov)shoot.status.advertisedAddresses
are now set as early as possible in the shoot reconciliation flow. (gardener/gardener#4963, @vpnachev)DNSOwner
CRD with DNSActivation
fields (gardener/gardener#4960, @MartinWeindel)gardener-resource-manager
is now deployed in a highly-available way (3
replicas, pod anti-affinity and a permitted pod disruption of 1
). (gardener/gardener#4941, @rfranzke)Cluster
resource is now synced at the start of a migrate operation, similar to what is done for reconciliation and deletion operations. (gardener/gardener#4883, @plkokanov)Request Latency
panel in the API Server dashboard uses a better query (gardener/gardener#4792, @wyb1)kube-proxy
version does now exactly match the kubelet
version on all shoot worker nodes as required by https://kubernetes.io/releases/version-skew-policy/#kube-proxy. (gardener/gardener#4969, @rfranzke)ca-vpn
) for the components related to the reversed VPN feature for shoot clusters. (gardener/gardener#4942, @rfranzke)kube-scheduler
does no longer use a client certificate but an auto-rotated ServiceAccount
token which is only valid for 12h
. (gardener/gardener#4931, @rfranzke)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.36.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.36.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.36.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.36.0
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.36.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.36.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.36.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.36.0
Published by gardener-robot-ci-3 almost 3 years ago
github.com/gardener/gardener/extensions/pkg/terraformer
does now log by default the termination message of the Terraformer Pod (or its logs) when the Terraformer Pod finishes with error. (gardener/gardener#5032, @ialidzhikov)Published by gardener-robot-ci-1 almost 3 years ago
ManagedIstio
feature gate is disabled is now fixed. (gardener/gardener#5017, @timebertt)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.35.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.35.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.35.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.35.1
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.35.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.35.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.35.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.35.1