Kubernetes-native system managing the full lifecycle of conformant Kubernetes clusters as a service on Alicloud, AWS, Azure, GCP, OpenStack, vSphere, KubeVirt, Hetzner, EquinixMetal, MetalStack, and OnMetal with minimal TCO.
OTHER License
Published by gardener-robot-ci-3 over 3 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.20.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.20.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.20.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.20.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.20.3
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.20.3
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.20.3
Published by gardener-robot-ci-2 over 3 years ago
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.19.3
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.19.3
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.19.3
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.19.3
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.19.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.19.3
Published by gardener-robot-ci-1 over 3 years ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.20.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.20.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.20.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.20.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.20.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.20.2
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.20.2
Published by gardener-robot-ci-2 over 3 years ago
AuditPolicy
validation are fixed. (#3856, @timebertt)BackupEntries
. Earlier, the controller retrieved all entries instead of only checking the one that is associated to the processed shoot. (#3859, @timebertt)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.20.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.20.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.20.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.20.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.20.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.20.1
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.20.1
Published by gardener-robot-ci-1 over 3 years ago
ControlPlaneConfig
and WorkerConfig
, are now deserialized in "strict" mode. This means that deserializing resources with fields that are not allowed by the API schema will result in errors. Shoots containing such resources will fail with an appropriate error until you manually update the shoot to make sure any extension resources contained in it are valid. Note that due to other changes will not be able to create new shoots containing such resources, since they will be rejected by validation. (#3804, @stoyanr)internal-domain
, default-domain
, etc. dynamically during reconciliation. Earlier the secrets were only read and stored in memory during start-up, so that any changes to those secrets were not reflected until the next restart. (#3700, @timuthy)internal-domain
, default-domain
, etc. dynamically during shoot reconciliation. Earlier the secrets were only read and stored in memory during start-up, so that any changes to those secrets were not reflected until the next restart. (#3700, @timuthy)pkg/envtest
has been added, which can be used to bootstrap a temporary Kubernetes control plane including gardener-apiserver
in integration tests. With this, developers can start writing integration tests for controllers, webhooks and so on that work on Gardener API resources. (#3796, @timebertt)Infrastructure
destruction that may result in Shoot
resources stuck in deletion has been fixed. (#3738, @rfranzke)GardenletConfiguration.seedConfig
earlier in the start-up flow to allow Gardener Controller Manager to replicate the required credentials in the namespace dedicated to the configured seed. (#3822, @vpnachev)gardenlet
was not updating the allow-to-seed-apiserver
network policy with the IP address of the seed's API server when the APIServerSNI
feature gate is just enabled. (#3741, @vpnachev)EnovyFilters
now use V3
for envoy API configuration and the new fully qualified filter names. (#3817, @mvladev)istiod
webhook in the seed clusters managed by Gardener when ManagedIstio
feature gate is enabled, is now set to 10s. (#3797, @vpnachev)RetryableError
will not stop automatic reconciliation attempts. (#3762, @kon-angelo)OperatingSystemConfig
is now created after ControlPlane
has been deployed (#3761, @kon-angelo)production
purpose have now at least two kube-apiserver
replicas. (#3764, @rfranzke)gardener-admission-controller
does now have a new handler for validating the internal domain Secret
(earlier, there was no API validation at all). (#3756, @rfranzke)v1.16.2
. Support of packr
and go-bindata
has been dropped in favor of the native go:embed
. (#3739, @rfranzke)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.20.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.20.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.20.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.20.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.20.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.20.0
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.20.0
Published by gardener-robot-ci-1 over 3 years ago
RetryableError
will not stop automatic reconciliation attempts. (#3792, @ialidzhikov)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.19.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.19.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.19.2
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.19.2
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.19.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.19.2
Published by gardener-robot-ci-1 over 3 years ago
nil
pointer exception in the Shoot
validation (leading to 503
responses from gardener-apiserver
) when validating PID reservations (e.g., in kubeReserved
or systemReserved
) has been fixed. (#3635, @ialidzhikov)istiod
deployment in the istio-system
namespace now has replicas set to 2 and can be properly scaled by its corresponding VPA. (#3694, @ialidzhikov)apiserver-proxy-pod-mutator
container which should allow the corresponding HPA to properly read CPU metrics from the kube-apiserver
when SNI is enabled. (#3694, @ialidzhikov)istio-ingressgateway
memory limit is increased to 2048Mi
(#3736, @vpnachev)istiod
is now scaled automatically by VerticalPodAutoscaler
instead of HorizontalPodAutoscaler
. This fixes OOMKilled issues on big Seed clusters. (#3639, @mvladev)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.16.5
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.16.5
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.16.5
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.16.5
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.16.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.16.5
Published by gardener-robot-ci-2 over 3 years ago
gardenlet
was not updating the allow-to-seed-apiserver
network policy with the IP address of the seed's API server when the APIServerSNI
feature gate is just enabled. (#3752, @vpnachev)istio-ingressgateway
memory limit is increased to 2048Mi
(#3735, @vpnachev)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.17.3
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.17.3
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.17.3
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.17.3
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.17.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.17.3
Published by gardener-robot-ci-3 over 3 years ago
gardenlet
was not updating the allow-to-seed-apiserver
network policy with the IP address of the seed's API server when the APIServerSNI
feature gate is just enabled. (#3744, @vpnachev)istio-ingressgateway
memory limit is increased to 2048Mi
(#3734, @vpnachev)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.18.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.18.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.18.2
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.18.2
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.18.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.18.2
Published by gardener-robot-ci-2 over 3 years ago
gardenlet
was not updating the allow-to-seed-apiserver
network policy with the IP address of the seed's API server when the APIServerSNI
feature gate is just enabled. (#3743, @vpnachev)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.19.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.19.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.19.1
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.19.1
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.19.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.19.1
Published by gardener-robot-ci-3 over 3 years ago
gardener-controller-manager
, gardener-scheduler
and gardenlet
has been changed to leases
. (#3719, @timebertt)
leases.coordination.k8s.io
in the respective clusters.[email protected]
running before upgrading to v1.19
, so that all components have successfully required leadership with the hybrid resource lock (configmapsleases
) at least once.ManagedIstio
and APIServerSNI
feature gates in the gardenlet
have been promoted to beta and are now enabled by default. If you run your own istio installation then you have to disable the ManagedIstio
feature gate (and probably also the APIServerSNI
) in your gardenlet configurations. (#3633, @rfranzke)istiod
deployment in the istio-system
namespace now has replicas set to 2 and can be properly scaled by its corresponding VPA. (#3691, @plkokanov)apiserver-proxy-pod-mutator
container which should allow the corresponding HPA to properly read CPU metrics from the kube-apiserver
when SNI is enabled. (#3691, @plkokanov)etcds.druid.gardener.cloud
is now fixed. (#3686, @stoyanr).spec.secretRef
) is now fixed. (#3677, @ialidzhikov)ControllerInstallations
have been resolved, that caused the Seed
deletion to deadlock and required manual cleanup. (#3653, @timebertt)extensions/pkg/controller/controlplane/genericactuator.Actuator
can now use a separate ManagedResource for ControlPlane CRDs that are installed in the Shoot cluster to separate the deletion of CRDs from the deletion of the RBAC for controller leader election. (#3562, @ialidzhikov)istio-ingressgateway
memory limit is increased to 2048Mi
(#3732, @mvladev)hostNetwork: true
and dnsPolicy: ClusterFirstWithHostNet
(#3687, @DockToFuture)1.15.9
. The alpine base image is updated to 3.13.2
. (#3688, @ialidzhikov)5m
(earlier, the maximum delay was ~30s
). This is to prevent too many systemd unit restarts (e.g., kubelet restarts) at the ~same time when there is a change (e.g., a Kubernetes patch version update). (#3715, @rfranzke)kubernetes/*
and kubernetes-sigs/controller-runtime
were updated to v0.20.2
and v0.8.3
respectively. (#3651, @rfranzke)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.19.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.19.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.19.0
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.19.0
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.19.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.19.0
Published by gardener-robot-ci-2 over 3 years ago
istiod
deployment in the istio-system
namespace now has replicas set to 2 and can be properly scaled by its corresponding VPA. (#3692, @ialidzhikov)apiserver-proxy-pod-mutator
container which should allow the corresponding HPA to properly read CPU metrics from the kube-apiserver
when SNI is enabled. (#3692, @ialidzhikov)etcds.druid.gardener.cloud
is now fixed. (#3689, @vpnachev).spec.secretRef
) is now fixed. (#3678, @ialidzhikov)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.18.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.18.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.18.1
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.18.1
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.18.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.18.1
Published by gardener-robot-ci-2 over 3 years ago
nil
pointer exception in the Shoot
validation (leading to 503
responses from gardener-apiserver
) when validating PID reservations (e.g., in kubeReserved
or systemReserved
) has been fixed. (#3634, @ialidzhikov)istiod
deployment in the istio-system
namespace now has replicas set to 2 and can be properly scaled by its corresponding VPA. (#3693, @ialidzhikov)apiserver-proxy-pod-mutator
container which should allow the corresponding HPA to properly read CPU metrics from the kube-apiserver
when SNI is enabled. (#3693, @ialidzhikov)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.17.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.17.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.17.2
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.17.2
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.17.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.17.2
Published by gardener-robot-ci-2 over 3 years ago
gardener-admission-controller
configuration API and http endpoints were changed in several aspects: (#3577, @timebertt)
server.https.tls.server{Cert,Key}Path
have been removed in favor of server.https.tls.serverCertDir
(the cert directory is expected to contain a tls.crt
and tls.key
file)server.{healthProbes,metrics}.port
gardener-admission-controller
service included in Gardener's helm chart has a new named port (metrics
) for exposing the metrics endpoint.controllers.shootedSeedRegistration
field has been removed from the GardenletConfiguration
in favor of the newly introduced ManagedSeed
controller (configurable via .controllers.managedSeed
). Please adapt your Gardenlet Helm chart values and/or example Gardenlet configuration files. (#3418, @stoyanr)controllerutils.{EnsureFinalizer,RemoveFinalizer}
were changed. Both funcs now use PATCH
requests instead of UPDATE
and RemoveFinalizer
expects an additional client.Reader
for reading from the API server. (#3641, @timebertt)
controllerutils.{PatchFinalizers,PatchRemoveFinalizers}
preferably were applicable, if your controller is able to tolerate conflict errors tolerated by stale reads..controllers.shootedSeedRegistration
field has been removed from the GardenletConfiguration
in favor of the newly introduced ManagedSeed
controller (configurable via .controllers.managedSeed
). Please run make dev-setup
or manually copy example/20-componentconfig-gardenlet.yaml
over your old configuration file. (#3418, @stoyanr)controllerutils.{EnsureFinalizer,RemoveFinalizer}
were changed. Both funcs now use PATCH
requests instead of UPDATE
and RemoveFinalizer
expects an additional client.Reader
for reading from the API server. (#3641, @timebertt)
extensioncontroller.{EnsureFinalizer,DeleteFinalizer}
have been removed in favor of the funcs in controllerutils
.controllerutils.PatchFinalizers
was renamed to PatchAddFinalizers
.foo
in ./pkg/path/to/foo
then the mock would be in pkg/path/to/foo/mock
instead of ./pkg/mock/gardener/path/to/foo
. Only the mocks for third-party/vendored packages remain in ./pkg/mock
. (#3640, @rfranzke)github.com/gardener/gardener/pkg/version
and github.com/gardener/gardener/pkg/version/verflag
are now removed. (#3626, @ialidzhikov)BackupEntry
deletion grace period applies. An empty list (default) means that it applies for all shoot purposes (as it was earlier). If you want to only select specific purposes then please configure .controllers.backupEntry.deletionGracePeriodShootPurposes[]
in the gardenlet's component configuration. (#3637, @rfranzke)ControllerManagerConfiguration
under .controllers.shootMaintecance.enableShootCoreAddonRestarter
(see example/20-componentconfig-gardener-controller-manager.yaml
). (#3596, @vpnachev)download-cloud-config.sh
is now used to ensure the file is up-to-date even after VM reboot. (#3583, @vpnachev)Seed
reconciler was added to the Gardener-Controller-Manager. It creates a dedicated namespace per seed in the Garden cluster seed-<seed-name>
and copies common secrets from the garden
Namespace (labelled with gardener.cloud/role
) to the seed namespace. Gardenlets are supposed to read secrets (or namespaced objects in general) from seed dedicated namespaces only in the future. (#3582, @timuthy)gardener-admission-controller
now exposes several metrics about its webhooks (e.g. controller_runtime_webhook_latency_seconds_bucket
, controller_runtime_webhook_requests_in_flight
and controller_runtime_webhook_requests_total
) (#3577, @timebertt)
gardener_admission_controller_invalid_webhook_requests_total
was removed in favor of the newly added metrics.Seed
resources now have a new condition type BackupBucketsReady
that is added when the corresponding seed has a backup configuration or related BackupBuckets
. Seeds
whose BackupBucketsReady
condition is status: "False"
are considered NotReady
and thus are excluded from scheduling during that time. (#3531, @timuthy)ManagedSeed
resource and its corresponding controller have been added and the existing shooted seed registration controller has been reworked to use them. (#3418, @stoyanr)nil
pointer exception in the Shoot
validation (leading to 503
responses from gardener-apiserver
) when validating PID reservations (e.g., in kubeReserved
or systemReserved
) has been fixed. (#3632, @rfranzke)Seed
, but the Cluster
resource has been deleted. (#3622, @plkokanov)cloud-config-downloder
systemd service is set to Failed
with status start-limit-hit
if it is requested to be restarted via the node annotation worker.gardener.cloud/restart-systemd-services
. (#3593, @vpnachev)KonnectivtyTunnel
via annotation (alpha.featuregates.shoot.gardener.cloud/konnectivity-tunnel: "false"
) on APIServerSNI
-enabled Seed cluster causing the tunnel to not be opened. (#3586, @mvladev)gardener-controller-manager
now waits for a project's namespace to be empty before continuing with releasing the namespace and deleting the project. (#3578, @timebertt)istiod
is now scaled automatically by VerticalPodAutoscaler
instead of HorizontalPodAutoscaler
. This fixes OOMKilled issues on big Seed clusters. (#3613, @mvladev)gardener-admission-controller
's webhooks now also accept reviews in version admission/v1
. Also, webhook timeouts have been lowered to 10s
. (#3577, @timebertt)ERR_INFRA_INSUFFICIENT_PRIVILEGES
, ERR_INFRA_QUOTA_EXCEEDED
or ERR_INFRA_DEPENDENCIES
then it is now immediately set to the Failed
status (this already happens also for ERR_INFRA_UNAUTHORIZED
or ERR_CONFIGURATION_PROBLEM
). This prevents Gardener from automatically retrying the operation. If you are hit by it, please manually retry the operation once you have resolved the issue. (#3669, @rfranzke)ERR_INFRA_INSUFFICIENT_PRIVILEGES
, ERR_INFRA_QUOTA_EXCEEDED
or ERR_INFRA_DEPENDENCIES
then it is now immediately set to the Failed
status (this already happens also for ERR_INFRA_UNAUTHORIZED
or ERR_CONFIGURATION_PROBLEM
). This prevents Gardener from automatically retrying the operation. If you are hit by it, please manually retry the operation once you have resolved the issue. (#3662, @rfranzke)shoot.gardener.cloud/use-as-seed
annotation is deprecated. The new ManagedSeed
resource should be used instead to register shoots as seeds. (#3579, @stoyanr)Worker
is not removed. We have now added functionality that checks that secret and removes only the MCM finalizers if necessary. (#3560, @kris94)Terraformer
interface has now a new function RemoveTerraformerFinalizerFromConfig
which will remove the "terraformer" finalizer from the Secret
/ConfigMap
resources. (#3556, @kris94)get
, create
, update
and watch
Lease
objects named gardener-resource-manager
in order to perform leader election. For a reference, please have a look at the pre-delivered Helm chart in charts/gardener-resource-manager
. (gardener/gardener-resource-manager#105, @timuthy).status.conditions
in case a Kubernetes Service
cannot be deleted. This allows to get more context about the underlying problem e.g., when Cloud-Controller-Manager cannot delete the backing load balancer. (gardener/gardener-resource-manager#106, @timuthy)Service
object of type LoadBalancer
, the Gardener Resource Manager now regularly checks if the Service
has an Ingress
status and contributes the result of this check to the ResourcesHealthy
condition. (gardener/gardener-resource-manager#106, @timuthy)ManagedResource
an annotation resources.gardener.cloud/origin
is set describing the ManagedResource
that caused this object to be created. The format of the origin annotation is [cluster id:]namespace/object-name
. For multi-cluster scenarios the GRM can be started with a --cluster-id
options to enable the extended annotation format (see https://github.com/gardener/gardener-resource-manager/blob/master/docs/concepts/managed-resource.md for further details). (gardener/gardener-resource-manager#89, @mandelsoft)APIServices
was fixed. (gardener/gardener-resource-manager#112, @timebertt).spec.loadBalancerIP
value for Service
s is now preserved. (gardener/gardener-resource-manager#108, @deitch)CheckDaemonSet
function does now lead to more accurate results. (gardener/gardener-resource-manager#103, @rfranzke)1m
. (gardener/gardener-resource-manager#102, @rfranzke)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.18.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.18.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.18.0
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.18.0
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.18.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.18.0
Published by gardener-robot-ci-2 over 3 years ago
download-cloud-config.sh
is now used to ensure the file is up-to-date even after VM reboot. (#3603, @rfranzke)cloud-config-downloder
systemd service is set to Failed
with status start-limit-hit
if it is requested to be restarted via the node annotation worker.gardener.cloud/restart-systemd-services
. (#3616, @rfranzke)gardener-controller-manager
now waits for a project's namespace to be empty before continuing with releasing the namespace and deleting the project. (#3606, @rfranzke)cloud-config-downloder
systemd service is set to Failed
with status start-limit-hit
if it is requested to be restarted via the node annotation worker.gardener.cloud/restart-systemd-services
. (#3593, @vpnachev)istiod
is now scaled automatically by VerticalPodAutoscaler
instead of HorizontalPodAutoscaler
. This fixes OOMKilled issues on big Seed clusters. (#3620, @mvladev)KonnectivtyTunnel
via annotation (alpha.featuregates.shoot.gardener.cloud/konnectivity-tunnel: "false"
) on APIServerSNI
-enabled Seed cluster causing the tunnel to not be opened. (#3605, @rfranzke)Worker
is not removed. We have now added functionality that checks that secret and removes only the MCM finalizers if necessary. (#3607, @rfranzke)Terraformer
interface has now a new function RemoveTerraformerFinalizerFromConfig
which will remove the "terraformer" finalizer from the Secret
/ConfigMap
resources. (#3604, @rfranzke)APIServices
was fixed. (gardener/gardener-resource-manager#116, @rfranzke).spec.loadBalancerIP
value for Service
s is now preserved. (gardener/gardener-resource-manager#114, @rfranzke)CheckDaemonSet
function does now lead to more accurate results. (gardener/gardener-resource-manager#113, @rfranzke)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.17.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.17.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.17.1
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.17.1
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.17.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.17.1
Published by gardener-robot-ci-3 over 3 years ago
APIServices
was fixed. (gardener/gardener-resource-manager#116, @rfranzke).spec.loadBalancerIP
value for Service
s is now preserved. (gardener/gardener-resource-manager#114, @rfranzke)CheckDaemonSet
function does now lead to more accurate results. (gardener/gardener-resource-manager#113, @rfranzke)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.16.4
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.16.4
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.16.4
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.16.4
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.16.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.16.4
Published by gardener-robot-ci-3 over 3 years ago
APIServices
was fixed. (gardener/gardener-resource-manager#116, @rfranzke).spec.loadBalancerIP
value for Service
s is now preserved. (gardener/gardener-resource-manager#114, @rfranzke)CheckDaemonSet
function does now lead to more accurate results. (gardener/gardener-resource-manager#113, @rfranzke)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.15.7
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.15.7
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.15.7
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.15.7
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.15.7
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.15.7
Published by gardener-robot-ci-2 over 3 years ago
gardener-controller-manager
, gardener-scheduler
and gardenlet
has been changed to configmapsleases
. This is a preparation to eventually migrate to leases
after a few releases. Please make sure, that the components have permissions to create, get, watch and update leases.coordination.k8s.io
in the respective clusters. (#3535, @timebertt)application/json
as the content type in the respective component configs.CopyValues
function has been moved from pkg/utils/chart
to pkg/utils
and was renamed to ShallowCopyMapStringInterface
. (#3454, @rfranzke)ImageMapToValues
function has been moved from pkg/utils/chart
to pkg/utils/imagevector
. (#3454, @rfranzke)client.{Object,ObjectList}
instead of runtime.Object
where applicable to have a clearer contract of what is expected from passed parameters. (#3476, @timebertt)kubernetes.Interface.RESTMapper
func has been removed in favor of the client.RESTMapper
func. Please adapt your usage accordingly. (#3473, @timebertt)kutils.KeyFromObject
in favor of client.ObjectKeyFromObject
controllerutils.HasFinalizer
in favor of controllerutil.ContainsFinalizer
extensionscontroller.HasFinalizer
in favor of controllerutil.ContainsFinalizer
controllerutils.BoolPtrDerefOr
in favor of pointer.BoolPtrDerefOr
flow.SimpleTaskFn
FileContentInlineCodec
and UnitSerializer
interfaces have been moved from extensions/pkg/webhook/controlplane
to pkg/operation/botanist/extensions/operatingsystemconfig/utils
. (#3454, @rfranzke)KubeletConfigCodec
interface has been moved from extensions/pkg/webhook/controlplane
to pkg/operation/botanist/extensions/operatingsystemconfig/original/components/kubelet
and was renamed to ConfigCodec
. (#3454, @rfranzke)ShootVPAEnabledByDefault
admission plugin of the gardener-apiserver
(disabled by default) controls whether the .spec.kubernetes.verticalPodAutoscaler.enabled
field for newly created Shoot
resources is defaulted to true
. Existing Shoot
s are not modified, i.e., if VPA shall be enabled then it needs to be explicitly set. Also Shoot's can still explicitly disable the VPA by setting .spec.kubernetes.verticalPodAutoscaler.enabled=false
. See this document. (#3468, @timebertt)konnectivity-server
is no longer a sidecar to kube-apiserver
when APIServerSNI
and KonnectivityTunnel
feature gates are enabled. This allows for existing opened tunnel connections from konnectivity-agents
to not be interrupted when kube-apiserver
is auto-scaled. (#3399, @mvladev)pkg/utils/kubernetes
does now have a new DeleteObjectsFromListConditionally
utility function. (#3454, @rfranzke)configmapsleases
). Please read through the doc string of the respective field (ManagerOptions.LeaderElectionResourceLock
) carefully before changing the default resource lock. (#3479, @timebertt)KonnectivityTunnel
to break when kubeconfig rotation occurs. (#3538, @mvladev)Auto
or Recreate
. (#3474, @amshuman-kr)shoot.gardener.cloud/status: unhealthy
) for a short period of time. (#3564, @timuthy)github.com/gardener/gardener/pkg/utils/imagevector.FindImages
to not give a higher score on exact matched targetVersion or runtimeVersion is now fixed. (#3555, @ialidzhikov)v0.0.15
(#3542, @mvladev)incoming_logs_with_endpoint_total
metric is added to count the number of logs with endpoints which are going to be forwarded to Promtail client. (#3532, @Kristian-ZH)Failed
(and no longer retried) on transient not found
error is now fixed. (#3500, @ialidzhikov)gardener-seed-admission-controller
's webhooks now also accept reviews in version admission/v1
. (#3459, @timebertt)
10s
for the extension deletion protection webhooks.github.com/gardener/gardener/pkg/version
and github.com/gardener/gardener/pkg/version/verflag
are now deprecated in favour of k8s.io/component-base/version
and k8s.io/component-base/version/verflag
. (#3472, @ialidzhikov)kube-apiserver
have been enhanced and are now providing more information for the various metrics. (#3502, @rfranzke)topology.kubernetes.io/zone
in addition to the existing failure-domain.beta.kubernetes.io/zone
while determining the zone for AWS machines. (gardener/autoscaler#70, @prashanth26)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.17.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.17.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.17.0
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.17.0
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.17.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.17.0
Published by gardener-robot-ci-3 over 3 years ago
shoot.gardener.cloud/status: unhealthy
) for a short period of time. (#3567, @timuthy)github.com/gardener/gardener/pkg/utils/imagevector.FindImages
to not give a higher score on exact matched targetVersion or runtimeVersion is now fixed. (#3568, @ialidzhikov)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.16.3
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.16.3
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.16.3
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.16.3
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.16.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.16.3
Published by gardener-robot-ci-3 over 3 years ago
Auto
or Recreate
. (#3480, @amshuman-kr)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.15.6
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.15.6
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.15.6
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.15.6
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.15.6
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.15.6