Kubernetes-native system managing the full lifecycle of conformant Kubernetes clusters as a service on Alicloud, AWS, Azure, GCP, OpenStack, vSphere, KubeVirt, Hetzner, EquinixMetal, MetalStack, and OnMetal with minimal TCO.
OTHER License
Published by gardener-robot-ci-2 almost 4 years ago
ShootState
resource to be updated with newly generated secrets is now fixed. (6b7fc47d5b0348cfdf42ef588e8456ff8e99f6a6)Published by gardener-robot-ci-3 almost 4 years ago
CachedRuntimeClients
feature gate is enabled is now fixed. (2a320c81e85550a7ef41e7e7179c9daddea076e3)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.12.3
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.12.3
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.12.3
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.12.3
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.12.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.12.3
Published by gardener-robot-ci-1 almost 4 years ago
apiserver-proxy
overload's manager is removed. (#3063, @mvladev)(Cluster)RoleBindings
of system components or addons, that were changed to an invalid state by endusers to be able to reconcile them back to the desired state. (f5bad77a249c57a06d7bdc586073b3ff40386573)ShootState
resource to be updated with newly generated secrets is now fixed. (17ac770ddaba554b512463c7b578534ac148c64f)kube-controller-manager
VPA now has minAllowed
values to prevent VPA from scaling it down too much. (9de318e3e03fbc056418eab8e224feb92c1bfbb2)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.12.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.12.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.12.2
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.12.2
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.12.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.12.2
Published by gardener-robot-ci-3 almost 4 years ago
spec.kubernetes.kubelet.kubeReserved.pid
field of the Shoot to be set for Kubernetes versions that don't support the corresponding feature is now fixed. (0e4a3cfea10df856c25fd61c7d983c1cfdbbca93)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.12.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.12.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.12.1
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.12.1
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.12.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.12.1
Published by gardener-robot-ci-1 almost 4 years ago
apiserver-proxy
now listens on port 16910
on all Nodes if APIServerSNI
feature gate is enabled. It causes a conflict with workloads with hostNetwork: true
and listening on 0.0.0.0:16910
, so it's required to change your workload's bind port. (#3044, @mvladev).spec.dns.domain
, also known as additional, non-primary providers, must now be specified with .type
and .secretName
. Such providers were previously removed automatically from the shoot specification during create or update requests. (#3036, @timuthy)seed.gardener.cloud/{disable-capacity-reservation,disable-dns,invisible}
are no longer respected and are disallowed in gardener version v1.12 (will be enabled again in the next minor version without any special semantic like previously). They are automatically removed from the seed resources , please use the respective seed.spec.settings fields from now on. (#2955, @vpnachev)global.apiserver.admissionConfig
configuration of charts/gardener/controlplane
is no longer used. Existing plugin configuration must be migrated to use the new global.apiserver.admission.plugins
list. ValidatingAdmissionWebhook
or MutatingAdmissionWebhook
plugins must not be used. (#2673, @mvladev)Shoot
s do now transition from False
status to Progressing
in case the reason or message changes (if thresholds are defined in the gardenlet component config only, otherwise Progressing
is not used anyways). (#3013, @rfranzke)KonnectivityTunnel
feature can now be configured for a single shoot cluster via the alpha.featuregates.shoot.gardener.cloud/konnectivity-tunnel
annotation on the Shoot
(true
to enable it, false
to disable it). (#3007, @DockToFuture)EveryNodeReady
condition on Shoot
resources does now reflect kubelet version mismatches for shoot worker nodes (e.g., its status will be False
if a kubelet wasn't updated after a patch version change, for example). (#3002, @rfranzke).spec.provider.providerConfig
field in Seed
resources) when creating shooted seeds. Please consult the documentation for more information (#3035, @MartinWeindel)gardener-apiserver
now has a new feature gate SeedChange
. If set, this feature gate enables updating the spec.seedName
field during shoot validation from a non-empty value in order to trigger shoot control plane migration. (#3024, @stoyanr)vpa-exporter
is now deployed again into the garden
namespace of seed clusters (also for shooted seeds). (#3022, @wyb1)VolumeAttachment
s on shoot hibernation. As during hibernation machine-controller-manager performs a "force" deletion of machines and does not wait for volumes to detach, kube-controller-manager is not able to delete the corresponding VolumeAttachment
s (and also the external-attacher to notice this deletion and remove its finalizer from the VolumeAttachment). Deleting VolumeAttachment
s on hibernation should prevent VolumeAttachment
s to be orphaned. Currently in the upstream kube-controller-manager, there is no garbage collection for VolumeAttachment
s (see kubernetes/kubernetes#77324). (#2963, @ialidzhikov)shoot-
(#2933, @vlvasilev)global.apiserver.admission.plugins
can now be used to configure admission plugins of the Gardener API Server. ValidatingAdmissionWebhookor
MutatingAdmissionWebhook` plugins must not be used. (#2673, @mvladev)global.apiserver.admission.validatingWebhook
and global.apiserver.admission.mutatingWebhook
can now be used to configure validating/mutating admission plugins of the Gardener API Server. If enabled, Service Account Token Volume Projection is could be used to generate tokens which are used for authentication against webhooks. (#2673, @mvladev)ResourceQuota
s for Gardener API groups and resources like Shoot
s, Seed
s, SecretBinding
s, etc.. At the moment the quota supports object counts only, e.g. count/shoots.core.gardener.cloud
. (#2627, @timuthy)
--controllers=...,resourcequota,...
if you want to use them.terraformer@v2
Pods. To enable this, you have to set UseV2(true)
on the Terraformer
instance, otherwise the old PodSpec
, that is compatible with v1, will be used. (#3034, @timebertt)client.Client
implementation under pkg/client/kubernetes/utils
can be used to enable/disable the controller-runtime cache only for a given set of object kinds. (#2940, @timebertt)
utils.NewClientFuncWithDisabledCacheFor(&corev1.Secret{})
to manager.Options.NewClient
to use a client, that always reads Secrets directly from the API server instead of caching all Secrets in the cluster.API Server Proxy
showing data for apiserver-proxy
is now available in the Grafana dashboard of the cluster, if APIServerSNI
feature gate is enabled. (#3051, @mvladev)Logging
for each exposed component. (#2945, @Kristian-ZH)
Kubernetes Controlplane Status
are removedapiserver-proxy
, if APIServerSNI
feature gate is enabled. (#3051, @mvladev)API Server Proxy
showing data for apiserver-proxy
is now available in the Grafana dashboard of the cluster, if APIServerSNI
feature gate is enabled. (#3051, @mvladev)nginx
is replaced with envoy
for apiserver-proxy
. This allows to have the same proxy for both the client and the server. (#3041, @mvladev)apiserver-proxy
now uses PROXY Protocol
v2 when talking to the upstream kube-apiserver. (#3041, @mvladev)APIServerSNI
featuregate is enabled, system components in the kube-system
namespace are talking to their kube-apiserver via its FQDN. (#3026, @mvladev)ClusterRole
was not created), which, as a consequence, led to broken/non-working cluster-autoscaler pods for all shoots on that seed. (#3015, @rfranzke)$__rate_interval
instead of hard coded intervals. This should improve dashboard performance when selecting large time ranges. (#3008, @wyb1)istiod
and istio-ingress-gateway
now have PodDisruptionBudget
. (#3005, @mvladev)gardener.cloud--allow-to-dns
network policy do not allow traffic to DNS when NodeLocalDNS
feature gate is enabled. (#3003, @mvladev)docker_id
from the log tag to the kubernetes metadata when FallbackToTagWhenMetadataIsMissing
flag is set. (#2994, @Kristian-ZH)ManagedIstio
feature gate is enabled. (#2989, @mvladev)cloud-config-downloader
systemd service is now configured with maximum allowed time of 20 minutes to do its job. This change is needed, to mitigate issues where the execution of the service got stuck and in-place changes might not be applied, for example kubelet patch update. (#2987, @vpnachev)SeedSelector
from being created/applied/updated/deleted. (#2985, @timebertt)seed.spec.settings
fields to be flapping between true
and false
when the settings and the taints in the sent request are not synced. (#2955, @vpnachev)image_id
label to seed:images:count
recording rule (#2951, @wyb1)--version
flag that prints the component version information and useful metadata. (#3040, @ialidzhikov)1.15.3
. (#3038, @ialidzhikov)hack/check-generate.sh
script is now able to detect manual changes in the vendor
folder by running the revendor
Make rule. (#2999, @rfranzke)github.com/gardener/gardener/extensions
) have been implemented which increase the runtime performance and reduce network traffic. Please update your github.com/gardener/gardener
to the latest version to profit from these changes. (#2995, @timuthy)hack/local-development/local-garden/etcdctl-{gardener,kube}-etcd.sh
) for talking to the etcds running in the local-garden
. (#2980, @timebertt)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.12.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.12.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.12.0
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.12.0
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.12.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.12.0
Published by gardener-robot-ci-3 about 4 years ago
SeedSelector
from being created/applied/updated/deleted. (28cb7e15c9340c90413bb507591b5d73adb35be6)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.11.3
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.11.3
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.11.3
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.11.3
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.11.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.11.3
Published by gardener-robot-ci-2 about 4 years ago
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.11.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.11.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.11.2
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.11.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.11.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.11.2
Published by gardener-robot-ci-3 about 4 years ago
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.11.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.11.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.11.1
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.11.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.11.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.11.1
Published by gardener-robot-ci-3 about 4 years ago
ManagedIstio
feature gate. (#2866, @mvladev)pkg/utils/test(/matchers)
and isolated from unneeded dependencies to make them easier to reuse. (#2912, @timebertt)flow
package's progress reporter option has been changed to return the new ProgressReporter
interface. You can call flow.NewImmediateProgressReporter
with your reporter function as a replacement. (#2908, @rfranzke)./hack/test.sh
now executes tests via go test
instead of ginkgo
. Please adapt your extensions' Makefile
s, if you use the vendored hack scripts. (#2809, @timebertt)DeployMachineDependencies
and DeployMachineDependencies
need to be implemented in the worker controllers of the provider extensions. (#2806, @dkistner)GetMachineImages()
in the implementation of the WorkerDelegate
interface to the new UpdateMachineImageStatus()
method. The provider extensions need now to update the provider status on their own in the new UpdateMachineImageStatus()
method instead of returning it. (#2806, @dkistner).spec.providerID
or .status.node
will no longer be persisted in the Worker
' .status.state
field. This is to prevent unnecessary updates to the ShootState
resources. (#2909, @rfranzke).controllers.shoot.progressReportPeriod
field in the gardenlet component config. This might helpful in large landscape where a lot of shoots exist to limit the number of updates to the Shoot
s' status
sections. (#2908, @rfranzke)ControllerRegistration
resource does now support the new AlwaysExceptNoShoots
deployment policy. Respective extension controllers using this policy are only being deployed to seeds if there is at least one shoot. (#2896, @rfranzke)Gardener-Controller-Manager
to a dedicated component Gardener-Admission-Controller
. Therefore, new values have been added to the Gardener Helm chart (charts/gardener/controlplane
). Please consult the documentation (docs/concepts/admission-controller.md
) for more information about the Gardener-Admission-Controller
. (#2832, @timuthy)docs/concepts/controller-manager.md#Resource-Size-Validator
for more details. (#2781, @timuthy)kubeconfig
, ssh-keypair
, monitoring
, are now labelled with gardener.cloud/role
which enables clients to filter these secret types via label matchers. (#2844, @timuthy)Gardener-Controller-Manager
to a dedicated component Gardener-Admission-Controller
. Please run make dev-setup
to create the necessary configuration for this component for local development use-cases. make start-admission-controller
starts the new component locally. (#2832, @timuthy)make test
now makes use of cached test results to reduce turn-around times when writing unit tests. (#2809, @timebertt)v2.0.0
to v2.0.3
. For 1.19 shoot clusters the v2.0.4
version will be used. (#2813, @rfranzke)kube-state-metrics
is now updated to v1.9.7. (#2913, @ialidzhikov)secrets.Interface
not matching the implementing struct Secrets
(#2903, @kon-angelo)1.7.2
(#2902, @mvladev)BackupBucket
and BackupEntry
resources from being deleted despite the respective infrastructure provider credentials have been updated to the correct data. (#2898, @rfranzke)ControllerInstallation
resources in case the Seed
has a deletion timestamp. (#2896, @rfranzke)BackupBucket
and BackupEntry
resources in the garden cluster are now only reconciled once per 24h by the gardenlet. (#2889, @rfranzke).status.conditions[].lastUpdateTime
is no longer continuously updated. Note that if the gardenlet does not renew its lease anymore then the gardener-controller-manager will, after a certain threshold, set the Shoot
's conditions to Unknown
to indicate that the displayed information is most likely outdated. (#2888, @rfranzke).spec.kubernetes.kubeAPIServer.admissionPlugins[*].config
) to be specified for the Kubernetes apiserver is now fixed. (#2861, @ialidzhikov)metrics-server
now has a readiness and liveness probes. (#2855, @vpnachev)MountHostCADirectories
that enables mounting common CA certificate directories in the Shoot API server pod that might be required for webhooks or OIDC. (#2852, @danielfoehrKn)
/etc/ssl/
mounts in the Shoot API Server)./docs
in the extension repository.konnectivity-server
is now logging to the stdout. (#2850, @vpnachev)ClusterIP
only after DNSEntries
are updated to point to the istio ingress gateway. (#2847, @mvladev)kubeconfig
, ssh-keypair
, monitoring
, are now labelled with gardener.cloud/role
which enables clients to filter these secret types via label matchers. (#2844, @timuthy)maxSurge=1
, maxUnavailable=0
, minReadySeconds=30
) can now be controlled in the gardener/controlplane
Helm chart. (#2841, @rfranzke)garden.sapcloud.io/purpose
. (#2826, @ialidzhikov)system-cluster-critical
. (#2819, @ialidzhikov)ControllerInstallationRequired
controller was optimized to execute less API calls to improve stability on startup of the gardenlet. (#2816, @timebertt)ShootState.Spec.Gardener
field. (#2798, @plkokanov)/etc/ssl/
./etc/ssl/
directory mount from the kube-apiserver deployment via webhook . This is a problem when the Shoot Kubernetes version > 1.17 and CSI is enabled, as the Shoot API Server could require the Root CAs in /etc/ssl/
to make requests to OIDC providers or webhook endpoints. (#2791, @danielfoehrKn)
/etc/ssl/
mount - a provider extension with a previous version would remove the /etc/ssl/
mount from the deployment if the Shoot Kubernetes version > 1.17 and CSI is enabled.gardener.garden.clusterIdentity
and gardener.seed.clusterIdentity
for controller registration helm charts. (#2851, @MartinWeindel)
gardener.garden.identity
and gardener.seed.identity
are deprecated and will be removed in a future release.BackupBucket
extension controller has been added and will run as part of make test{-cov}
. (#2830, @rfranzke)QueSegmentSize
is renamed to QueueSegmentSize
(gardener/logging#67, @vlvasilev)pod_name
, namespace
and container_id
. (gardener/logging#67, @vlvasilev)DropLogEntryWithoutK8sMetadata
. (gardener/logging#67, @vlvasilev)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.11.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.11.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.11.0
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.11.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.11.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.11.0
Published by gardener-robot-ci-2 about 4 years ago
flow
package's progress reporter option has been changed to return the new ProgressReporter
interface. You can call flow.NewImmediateProgressReporter
with your reporter function as a replacement. (2df2fec1d2e25bd00aafa1436923422ee56a2b51).controllers.shoot.progressReportPeriod
field in the gardenlet component config. This might helpful in large landscape where a lot of shoots exist to limit the number of updates to the Shoot
s' status
sections. (2df2fec1d2e25bd00aafa1436923422ee56a2b51).spec.providerID
or .status.node
will no longer be persisted in the Worker
' .status.state
field. This is to prevent unnecessary updates to the ShootState
resources. (5b92cdc561d37c61660c4a2e5bdab47c16fcc847).status.conditions[].lastUpdateTime
is no longer continuously updated. Note that if the gardenlet does not renew its lease anymore then the gardener-controller-manager will, after a certain threshold, set the Shoot
's conditions to Unknown
to indicate that the displayed information is most likely outdated. (ffb2c7c66c6790bbdece39fe9f31c89e5f43fb6a)BackupBucket
and BackupEntry
resources in the garden cluster are now only reconciled once per 24h by the gardenlet. (db3c82472ff256c2048d21a3dcb766596478fb76)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.10.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.10.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.10.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.10.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.10.2
Published by gardener-robot-ci-2 about 4 years ago
.spec.kubernetes.kubeAPIServer.admissionPlugins[*].config
) to be specified for the Kubernetes apiserver is now fixed. (3e898aaf87fa693762af4444a73d8b4fed810daa)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.10.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.10.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.10.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.10.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.10.1
Published by gardener-robot-ci-1 about 4 years ago
hyperkube
images on their own we have created gardener/hyperkube. It produces Docker images containing only the kubelet
and kubectl
binaries which are used to bootstrap the shoot worker nodes. Please note that this means that new Kubernetes versions are now only supported by Gardener if there is a corresponding release on the gardener/hyperkube repository. (#2799, @rfranzke)KubeApiServerLatency
alert (#2776, @wyb1)extensions/pkg/predicate.Or
has been deprecated in favor of sigs.k8s.io/controller-runtime/pkg/predicate.Or
. (#2797, @timebertt)gardener.cloud:system:administrators
are now allowed to list namespaces, manage RBACs, admission webhooks and apiservices. (#2793, @vpnachev)service
label instead of cluster which should also reduce the amount of alerts sent (#2776, @wyb1)gardener.cloud/operation=restore
during the restore
phase of Control Plane Migration and their state (if any) is copied from the ShootState
to the CRs' status.state
field. (#2762, @plkokanov)shoot.gardener.cloud/use-as-seed
annotation on the shoot, if the seed is still used by a BackupBucket
or it is hosting the control plane of a shoot cluster. (#2732, @vpnachev)http://<loki-service>
and .svc:3100/loki/api/v1/push
(gardener/logging#64, @vlvasilev)out of order
error in the fluent bit plugin. It can be enabled by setting the flag ReplaceOutOfOrderTS to true. (gardener/logging#64, @vlvasilev)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.10.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.10.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.10.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.10.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.10.0
Published by gardener-robot-ci-1 about 4 years ago
CloudProfiles
needs to be enhanced with the list of supported CR and CRI per machine image version. An example can be found here (#2137, @vpnachev)experimental.addons.shoot.gardener.cloud/kyma
annotation has no effect anymore. Existing Kyma installations will remain deployed/untouched. (#2701, @rfranzke)Event
s related to Shoot
objects has been added to the Gardener Controller Manager (disabled by default). It can be used to extend the live-span of events regarding shoot clusters (the live-span of all other events can be configured separately). Please find more information in this document. (#2649, @BeckerMax)Maintain shoot annotations
with optimistic lock error message is now mitigated. (#2746, @ialidzhikov)CustomResourceDefinition
s are no longer deleted (they will remain in the system, together with all the VerticalPodAutoscaler
objects - if you don't need them anymore you can remove them with kubectl delete crd <crd-names>
). (#2715, @rfranzke)403 Forbidden
responses when creating new Project
s has been fixed. (#2699, @rfranzke)kube-scheduler
is now auto-restarted in the shoot maintenance time window, similar to other controllers. (#2756, @rfranzke)terminationGracePeriodSeconds
configuration of the Gardener components has been removed. (#2749, @rfranzke)v0.17.11
. (#2728, @ialidzhikov)gardener-apiserver
Deployment does now define a readiness probe. (#2728, @ialidzhikov)fluent-bit
DaemonSet running in the seed clusters have been increased. (#2723, @vpnachev)24h
absence of the VPA for shooted seeds. (#2695, @rfranzke)controllerinstallations
and extensions
are retrieved during reconciliation by the ControllerInstallation controller and ShootState Sync controller are now created for each reconciliation, instead of the same object being reused multiple times per resource kind. (#2679, @plkokanov).status
. (#2678, @timuthy)node-role.kubernetes.io/master
with effect NoSchedule
. (#2671, @einfachnuralex)ControllerInstallation
s are no longer created for ControllerRegistration
s that are in deletion. (#2612, @vpnachev)CloudProfile
can specify list of supported container runtime interfaces and container runtimes. (#2137, @vpnachev)resources.gardener.cloud/keep-object
annotation can be used on resources managed by ManagedResource
objects in order to keep them in the system in case they get removed from the ManagedResource
or the ManagedResource
itself is being deleted. (gardener/gardener-resource-manager#73, @rfranzke)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.9.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.9.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.9.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.9.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.9.0
Published by gardener-robot-ci-3 about 4 years ago
Maintain shoot annotations
with optimistic lock error message is now mitigated. (23fc2d1b225f0826b0799fb6e509fe8270f21d73)ControllerInstallation
s are no longer created for ControllerRegistration
s that are in deletion. (d20c522d4b1dc52354e1bc4383ab25f1954911cf)terminationGracePeriodSeconds
configuration of the Gardener components has been removed. (c5abfc414349139983d796e88f100f66911f09b7)gardener-apiserver
Deployment does now define a readiness probe. (f3193b7987cbc5e2eb7ee81eb20e07cb96994b02)v0.17.11
. (23cb76ae5aa4d866fa65c040c73027da8e7494a9)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.8.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.8.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.8.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.8.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.8.2
Published by gardener-robot-ci-2 about 4 years ago
CustomResourceDefinition
s are no longer deleted (they will remain in the system, together with all the VerticalPodAutoscaler
objects - if you don't need them anymore you can remove them with kubectl delete crd <crd-names>
). (36c59ebc9412cfc92b0cea455c4af68916f3b9ee)403 Forbidden
responses when creating new Project
s has been fixed. (d95b2a539ada68c3f7d2901cdb1dec77d3a56ce3)controllerinstallations
and extensions
are retrieved during reconciliation by the ControllerInstallation controller and ShootState Sync controller are now created for each reconciliation, instead of the same object being reused multiple times per resource kind. (#2680, @timuthy).status
. (#2680, @timuthy)node-role.kubernetes.io/master
with effect NoSchedule
. (#2680, @timuthy)24h
absence of the VPA for shooted seeds. (966ba44d2b4d4841cb50d5f9b7fae0f327b989f5)resources.gardener.cloud/keep-object
annotation can be used on resources managed by ManagedResource
objects in order to keep them in the system in case they get removed from the ManagedResource
or the ManagedResource
itself is being deleted. (gardener/gardener-resource-manager#73, @rfranzke)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.8.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.8.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.8.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.8.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.8.1
Published by gardener-robot-ci-3 about 4 years ago
DNSOwner
objects in the seed cluster to manage the ownership of the DNS entries. You should run at least v0.7.16
of the external-dns-management extension. (#2576, @swilen-iwanow)--cluster-identity
. In case gardener is operated by helm - charts for the identity of the clusters are also provided without default values, meaning that they should be filled by the Gardener operators/admin. (#2471, @swilen-iwanow)url
mode do now have to explicitly specify the port as part of their supplied --webhook-config-url
flag (earlier, the webhook server port was implicitly used). (#2665, @rfranzke)local-garden
's kube-apiserver cert has been updated to include host.docker.internal
as an alternative DNS Name, so clients running in docker containers can successfully validate the TLS cert when talking to the local garden. If you have copied the local-garden
kubeconfig to somewhere else, please update your copy with the newly generate one. (#2641, @timebertt)extensions/hack
folder have been merged into the hack
folder. (#2623, @rfranzke)--default-watch-cache-size
and --watch-cache-sizes
flags via the Shoot API (spec.kubernetes.kubeAPIServer.watchCacheSizes
). Please see this document for an example and consult the kube-apiserver command-line reference in case you plan on configuring it for your Shoot. (#2668, @timebertt)uam
role was introduced for Project
s (next to owner
, admin
, and viewer
). Members with this role will be bound to the uam
custom RBAC verb for the respective Project
. Only users bound to this verb are now allowed to add/modify/remove human users or groups from the .spec.members[]
list of the Project
. Please find more information here. (#2611, @rfranzke)dns.garden.sapcloud.io/provider
, dns.garden.sapcloud.io/domain
, shoot.garden.sapcloud.io/expirationTimestamp
, shoot.garden.sapcloud.io/tasks
, garden.sapcloud.io/createdBy
, shoot.garden.sapcloud.io/sync-period
, shoot.garden.sapcloud.io/ignore
annotations and shoot.garden.sapcloud.io/status
label are now removed. (#2603, @ialidzhikov)NodeLocalDNS
feature gate is enabled and a migration from IPTables to IPVS is performed then newer pods will be configured to use the node-local DNS while older pods will still use the non-cached CoreDNS server in the cluster. To enable older pods to use the node-local you have to restart the pods. (#2528, @zanetworker)gardener.cloud/role
. If you manually manage these Secrets (e.g you are not using the controlplane chart), please make sure that they have the required label. (#2603, @ialidzhikov)kube-system
namespace, that hold the cluster identity. Cluster identities for the Shoot and Seed are also visible in their status.clusterIdentity
fields. (#2471, @swilen-iwanow)ControlPlane
actuator package. It is recommended for all extensions that have shoot webhooks to call this function before starting the control loops to ensure that the webhook configurations are updated in case the ports change. (#2663, @rfranzke)BackupEntry
deletion to stuck infinitely if the referred secret does not exist. (#2659, @rfranzke)kubernetes.Interface.Cache()
) to obtain informers for arbitrary API objects (via GetInformer/GetInformerForKind
) to construct controllers. (#2581, @timebertt).spec.provider.infrastructureConfig
was changed multiple times while another shoot reconciliation operation was still in progress. (#2619, @rfranzke)systemReserved
and kubeReserved
in the kubelet configuration as documented here: https://kubernetes.io/docs/tasks/administer-cluster/reserve-compute-resources/ (#2574, @guydaichs)gardener-resource-manager
deployments in shoot namespaces in the seed is now happening less frequently to prevent overloading the seed's API server unnecessarily. (#2667, @rfranzke)gardener-seed-admission-controller
and vpa-admission-controller
is now changed to 10250. (#2660, @stoyanr)gardener-apiserver
Deployment does now define a liveness probe. (#2647, @ialidzhikov)CloudProfile
s. (#2640, @ialidzhikov)CachedRuntimeClients
feature gate is enabled. (#2637, @timebertt)gardener-apiserver
does now support a field selector for ControllerInstallation
s by spec.registrationRef.name
and spec.seedRef.name
. (#2634, @ialidzhikov)gardenlet
does not redeploy the Worker
extension resource anymore, as this sometimes caused leaking resources that blocked the deletion of the Shoot's namespace. (#2626, @timebertt)Shoot
whose .metadata.annotations=nil
. (#2617, @rfranzke)testing
to something else or for those that were woken up. (#2615, @rfranzke)istiod
cannot listen on 443
due to insufficient privileges. (#2613, @mvladev).spec.resources[].kind
in ControllerRegistrations. (#2610, @timuthy)/healthz
endpoint has been improved to be more stable under certain circumstances like CPU throttling. (#2609, @timebertt)cloud-config
secret in the Shoot to not get updated correctly after a change to the worker config in case the CachedRuntimeClients
feature gate was activated. (#2591, @timebertt)BackupBuckets
/BackupEntries
where not reconciled by the gardenlet
immediately when the CachedRuntimeClients
feature gate was enabled. (#2568, @timebertt)1.6.4
. Fix CVE-2020-8663 by setting overload.global_downstream_max_connections
on the istio-ingress gateway. (#2556, @mvladev)NodeLocalDNS
feature gate in the gardenlet's component configuration. More information can be found in the documentation (https://github.com/gardener/gardener/blob/master/docs/usage/node-local-dns.md). (#2528, @zanetworker)RollingUpdate
condition in the generic worker actuator (condition.Type RollingUpdate
) . Gardener provider extensions write this condition to the Worker CRD. (#2459, @danielfoehrKn)providers
for a cloud profile to enable scheduling on seeds running on different providers. (#2169, @mandelsoft)
Selector
has been chosen, which is the new default now.--webhook-config-service-port
command line flag. If it's not present the service port is defaulted to the webhook server port (i.e., old behaviour is preserved). (#2665, @rfranzke)version.major
without the v
-Prefix and version.gitTreeState
as clean
. (#2608, @timebertt)values-test.yaml
file to helm charts to specify default values for chart checks, which will be merged into the default values.yaml
when running hack/check-charts.sh
. This is useful for the case, that charts have a {{ required ... }}
statement, but don't specify default values in values.yaml
. (#2584, @timebertt)v
in the version. (gardener/autoscaler#42, @hardikdr)--leader-election-lease-duration
(default: 15s
), --leader-election-renew-deadline
(default: 10s
), --leader-election-retry-period
(default: 2s
). (gardener/gardener-resource-manager#72, @rfranzke)resources.gardener.cloud/delete-on-invalid-update=true
will now be deleted in case the Gardener-Resource-Manager fails to update them and receives an 422 Unprocessable Entity
error. This error is usually sent by the Kubernetes API server in case its static validation fails. (gardener/gardener-resource-manager#69, @rfranzke)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.8.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.8.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.8.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.8.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.8.0
Published by gardener-robot-ci-1 about 4 years ago
network.extensions.gardener.cloud
deletion is now fixed. (#2656, @ialidzhikov)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.7.4
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.7.4
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.7.4
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.7.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.7.4
Published by gardener-robot-ci-1 about 4 years ago
istiod
cannot listen on 443
due to insufficient privileges. (#2616, @mvladev)gardenlet
does not redeploy the Worker
extension resource anymore, as this sometimes caused leaking resources that blocked the deletion of the Shoot's namespace. (9d111b2e0aa1117aebdb44777bd11ad94c697ea0)Shoot
whose .metadata.annotations=nil
. (6dd88034db8605ffa1548ccd1f12b3b1ddee7652)/healthz
endpoint has been improved to be more stable under certain circumstances like CPU throttling. (5e2718a824dfbd4115265658b89c19ad473fc0d6)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.7.3
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.7.3
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.7.3
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.7.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.7.3
Published by gardener-robot-ci-3 over 4 years ago
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.7.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.7.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.7.2
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.7.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.7.2
Published by gardener-robot-ci-3 over 4 years ago
BackupBuckets
/BackupEntries
where not reconciled by the gardenlet
immediately when the CachedRuntimeClients
feature gate was enabled. (202b83aedac0481473d40efe7d11a334c4e2e349)1.6.4
. Fix CVE-2020-8663 by setting overload.global_downstream_max_connections
on the istio-ingress gateway. (9838a4ce4b849d2352d3e95ff92bd102fd56d04c)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.7.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.7.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.7.1
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.7.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.7.1