Kubernetes-native system managing the full lifecycle of conformant Kubernetes clusters as a service on Alicloud, AWS, Azure, GCP, OpenStack, vSphere, KubeVirt, Hetzner, EquinixMetal, MetalStack, and OnMetal with minimal TCO.
OTHER License
Published by gardener-robot-ci-1 over 4 years ago
application/vnd.kubernetes.protobuf
content type in the Accept header for their requests. For more information about protobuf representation see this documentation. (#2113, @ialidzhikov)CustomResourceDefinitions
labeled with gardener.cloud/deletion-protected=true
, and most custom resources of the extensions.gardener.cloud/v1alpha1
API group if they were not previously annotated with confirmation.gardener.cloud/deletion=true
. (#2066, @rfranzke)github.com/gardener/gardener-extensions
Golang dependency in favour of github.com/gardener/gardener
, and adapt your hack
script call invocations if necessary. (#2141, @rfranzke)./hack/dev-setup-extensions
script was removed in favour of the Gardener Extensions Manager. (#2141, @rfranzke)kube-apiserver
container to 300m
as it caused boot crash loopback. (#2174, @mvladev)--disable-admission-plugins
and --enable-admission-plugins
flags. (#2159, @ialidzhikov)Cluster
resource does not exist. (#2135, @plkokanov).status.lastError
is now properly propagated as reason to Shoot .status.lastErrors
. (#2134, @ialidzhikov)Shoot
with experimental.addons.shoot.gardener.cloud/kyma=enabled
. Be aware that we won't provide upgrades or customization, and that this addon is temporary and will be removed in a future version of Gardener again. Its purpose is to ease the Kyma installation and to show-case which features it provides. It is by no means a production-ready setup. Also, please note that, once enabled, the Kyma addon can never be disabled again. The only way to get rid of it is to delete the shoot cluster. You can check the status of the installation by using kubectl get installation/kyma-installation -o jsonpath="{'Status: '}{.status.state}{', description: '}{.status.description}"
. (#2126, @a-thaler)Seed
object does now allow to specify a provider-specific and seed-specific configuration in the .spec.provider.providerConfig
field. (#2162, @rfranzke)ControllerInstallation
controller does now pass the complete specification of the Seed
object to the extension's Helm chart with the .gardener.seed.spec
value. This way extension's can find out every information about the seed they get installed to. (#2162, @rfranzke)oscommon
package for OperatingSystemConfig
extension does now work for one or multiple extension types. (#2161, @Kristian-ZH)v1.17.3
. (#2125, @tim-ebert)etcd-druid
does now accept openstack
for spec.backup.store.provider. (gardener/etcd-druid#43, @ialidzhikov)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.3.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.3.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.3.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.3.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.3.0
Published by gardener-robot-ci-1 over 4 years ago
etcd-druid
does now accept openstack
for spec.backup.store.provider. (gardener/etcd-druid#43, @ialidzhikov)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.2.3
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.2.3
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.2.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.2.3
Published by gardener-robot-ci-2 over 4 years ago
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.2.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.2.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.2.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.2.2
Published by gardener-robot-ci-3 over 4 years ago
Cluster
resource does not exist. (cf8fbf9c9ff2238bcee259ac02cacab6d0c09b5f).status.lastError
is now properly propagated as reason to Shoot .status.lastErrors
. (ef30875fd55a4fb71c3bdf08c836ff4dad474467)--disable-admission-plugins
and --enable-admission-plugins
flags. (07259f7b689d8a04bbb1a6e872107bc229df803d)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.2.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.2.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.2.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.2.1
Published by gardener-robot-ci-1 over 4 years ago
worker.Minimum
to be zero while worker.Maximum
is non-zero, it is recommended to install following provider extensions with the proper related validation enabled, to avoid incompatibility with cluster-autoscaler. gardener-extension-provider-gcp: v1.4.0
, gardener-extension-provider-alicloud: v1.7.0
, gardener-extension-provider-openstack: v1.4.0
. (#2045, @hardikdr)etcd-druid
you have to make sure that the extension controllers that are deployed do no longer inject the backup-restore sidecar as this task is now handled by gardener/etcd-druid
directly. The corresponding implementation in the gardener/gardener-extensions
library has been adapted, see https://github.com/gardener/gardener-extensions/pull/603. You can also find an example adaptation for a specific provider extension here: https://github.com/gardener/gardener-extension-provider-aws/pull/42 (#1762, @georgekuruvillak)project.spec.namespace
) is not already taken by another project. (#2071, @timuthy)Shoot
specification contains at least one worker pool with either no taints or only taints with PreferNoSchedule
effect. This is to make sure that the system components (CoreDNS, vpn-shoot, etc.) can be scheduled correctly. (#2067, @rfranzke)NetworkPolicies
that allow the necessary traffic directions for the nginx-ingress-controller, metrics-server, and node-exporter. (#2044, @neo-liang-sap).spec.provider.workers[].cri.containerRuntimes
list. Example value: [{type: gvisor}]
. It can be set to each worker pool in the shoot cluster. (#2035, @nimrodoron)Roles
and RoleBindings
to further customize the access to the resources in their Project namespace. (#2032, @mvladev)Roles
and RoleBindings
in their Project namespace. (#2032, @mvladev)TokenRequest
and TokenRequestProjection
feature gates are now enabled by default. By default, service account tokens now have audience - kubernetes
and issuer - the external address of the API server. This allows for service account token volume projection to be used in the cluster. .spec.kubernetes.kubeAPIServer.audiences
and .spec.kubernetes.kubeAPIServer.serviceAccountConfig.issuer
can still be used to override those values if needed. (#1991, @mvladev)core.gardener.cloud/v1beta1.Shoot
resource now has a new .spec.provider.workers[].cri
optional property. This property contains a name
field. The only valid value for this field at this time is: containerd
. Setting this property with the relevant value will enable the kubelet to work with containerd
as a CRI instead of the default Docker Shim in case the used operating system config extension supports it. Please note that this cannot be changed afterwards - only during cluster creation or when a new worker pool is added. Also, please double-check whether the corresponding extension controller for the operating system that you use is supporting containerd
. (#1971, @nimrodoron)BackupBucket
s, BackupEntry
s, and Shoot
s. (#1993, @rfranzke)etcd-druid
to manage Etcd
resources in shoot control planes.etcd-druid
will be deployed during seed-bootstrap phase in the garden
namespace. etcd-druid
listens for Etcd
resources deployed/updated/deleted in the shoot namespaces. When an Etcd
resource is created, the etcd-druid
adds finalizers to the dependant secrets
such as the tls
and the object-store
secrets. It then goes on to create the statefulsets
, services
and the configmap
to deploy etcd
along with the backup-restore
sidecar. The ready
field in the Etcd
resource reflects the availability of the related etcd statefulsets
. This is checked before kube-apiserver
is deployed by gardenlet. (#1762, @georgekuruvillak)maintenance.gardener.cloud/restart: true
if a shoot is assigned the task annotation shoot.gardener.cloud/tasks: restartControlPlanePods
. This is used to refresh the state and cache of probably long running containers and thus can circumvent potential dead-locks or starving routines. If you are a developer of a Gardener extension please check the necessity and possibility of labelling such pods. For example, a running instance of the Cloud-Controller-Manager can safely be deleted/restarted while the shoot profits from a refreshed instance. More information can be found in docs/extensions/shoot-maintenance.md
(#2098, @timuthy)extensions.gardener.cloud/v1alpha1.OperatingSystemConfig
resource has a new .spec.criConfig
property. This property contains a new name
field. This optional property will be set if the shoot's worker pool config contains CRI configuration with the current only valid value containerd
. Each OS extensions should enable the containerd
with the default configurations as mentioned in: (#1971, @nimrodoron)
HIBERNATION
has been added to the output of kubectl get shoots
which shows the current hibernation status (Awake
, Hibernated
, Hibernating
or Waking Up
). (#2078, @tim-ebert)Shoot
resources whose specification targets extension types that are not registered in the system. (#2049, @rfranzke)minimum=0
for worker pools in the Shoot
. However, not all providers might support it yet and setting it to 0
might cause undesired issues with the availability of the machines. As of today, only AWS and Azure are known to support it (will be extended to other providers in the future). (#2045, @hardikdr)ControllerManagerConfiguration
under .controllers.shootMaintecance.enableShootControlPlaneRestarter
(see example/20-componentconfig-gardener-controller-manager.yaml
). (#2098, @timuthy)ERR_CLEANUP_CLUSTER_RESOURCES
in .status.lastErrors
(#2090, @timuthy)gardener.cloud/role: project
, project.gardener.cloud/name: <project-name>
. (#2072, @timuthy)24h
) to a lower value. (#2060, @amshuman-kr)BackupBucket,
BackupEntry, or
Seed` resources whose specifications target extension types that are not registered in the system. (#2049, @rfranzke)gardenlet
does no longer explicitly label well-known ManagedResources that don't have the origin: gardener
label because of legacy reasons. (#2040, @ialidzhikov)resources
field on every reconcile, thus, overriding the values set by HVPA controller. (#2025, @ggaurav10)spec.dns.domain
configuration from being scheduled on a seed. (#2010, @timuthy)pkg/chartrenderer
package is now fixed. (#2009, @ialidzhikov)ShootState
resource is now created at the beginning of the shoot reconciliation flow. (#1972, @plkokanov)ShootState
. (#1972, @plkokanov)int
to int32
. (#2104, @ialidzhikov)(>= v1.8.0)
. (#2088, @ialidzhikov)runtime.RawExtension
instead of a string
map to persist data required for deploying resources. (#1972, @plkokanov)gardener-shoot-control-plane
priority class to the etcd pods and changed the temporary directory path for the snapstore from /tmp
to /var/etcd/data/temp
. (gardener/etcd-druid#35, @rfranzke)gardener.cloud/operation=reconcil
e and oldMeta.generation != newMeta.generation
or .status.LastError != nil
minChange
configuration while overriding scale up stabilisation. This ensures that full VPA recommendations are applied in case the target pods are OOMKilled or restarted due to livenessProbe failure, no matter what. (gardener/hvpa-controller#62, @amshuman-kr)ScalingLimited
. (gardener/hvpa-controller#58, @ggaurav10)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.2.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.2.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.2.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.2.0
Published by gardener-robot-ci-2 over 4 years ago
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.1.6
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.1.6
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.1.6
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.1.6
Published by gardener-robot-ci-3 over 4 years ago
minChange
configuration while overriding scale up stabilisation. This ensures that full VPA recommendations are applied in case the target pods are OOMKilled or restarted due to livenessProbe failure, no matter what. (gardener/hvpa-controller#62, @amshuman-kr)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.1.5
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.1.5
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.1.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.1.5
Published by gardener-robot-ci-3 over 4 years ago
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.1.4
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.1.4
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.1.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.1.4
Published by gardener-robot-ci-2 over 4 years ago
resources
field on every reconcile, thus, overriding the values set by HVPA controller. (#2024, @ggaurav10)ScalingLimited
. (gardener/hvpa-controller#58, @ggaurav10)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.1.3
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.1.3
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.1.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.1.3
Published by gardener-robot-ci-2 over 4 years ago
pkg/chartrenderer
package is now fixed. (#2011, @ialidzhikov)spec.dns.domain
configuration from being scheduled on a seed. (08919f57e22f871366a7e655be34d32d9449b55a)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.1.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.1.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.1.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.1.2
Published by gardener-robot-ci-2 over 4 years ago
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.1.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.1.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.1.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.1.1
Published by gardener-robot-ci-1 over 4 years ago
spec.dns.providers[0].secretName
. These functionless providers are removed by Gardener automatically, but will be forbidden in the future. Please make sure that you don't use a DNS provider without spec.dns.providers[*].secretName
. (#1998, @timuthy)core.gardener.cloud/apiserver-exposure: gardener-managed
will be used by Gardener to indicate to extensions that Gardener is responsible for managing the said resource. All extensions should check this label (using the helper IsAPIServerExposureManaged
function) and not modify the resource when they are handling API server exposure. (#1929, @mvladev)Seed
resources. (#1919, @rfranzke)podPidsLimit
field in the kubelet configuration for Shoot
resources is now 100
. If you have specified a value less then 100
the gardener-apiserver will automatically migrate it for you, however, you should switch to the new minimum value as this auto-migration logic will be removed again with one of the next releases. (#1901, @rfranzke)shoot-dns-service
(https://github.com/gardener/gardener-extension-shoot-dns-service) in your Garden environment. (#1959, @timuthy)gardener-internal
secret in every shoot namespace that can be used to communicate with the shoot API server via its Kubernetes service (in-cluster). If it does not run in the same seed cluster then it falls back to the gardener
secret which contains a kubeconfig with the public address to the shoot's API server. (#1928, @rfranzke)gardener.cloud:system:cloudprofiles
ClusterRole
and ClusterRoleBinding
resources have been renamed to gardener.cloud:system:read-global-resources
. They are now allowing all authenticated users to read CloudProfile
and Seed
resources. (#1919, @rfranzke).controllers.seed.shootMonitorPeriod
field. This field controls the time after which the controller-manager will set the status to Unknown
for all the shoot conditions and constraints in case the responsible gardenlet does not send heartbeats anymore. (#1911, @rfranzke)gardener-apiserver
does no longer use the value of garden.sapcloud.io/purpose
or gardener.cloud/purpose
when .spec.purpose
is not specified. (#1950, @ialidzhikov)spec.provider.workers[].volume.size
without spec.provider.workers[].volume.type
. (#1930, @timuthy)Secret
s if no referencing SecretBinding
s exist anymore. (#1927, @rfranzke)kube-scheduler
and cluster-autoscaler
of their shoot clusters. (#1918, @vpnachev)clientID
and issuerURl
is provided, the other must be provided also. (#1909, @swilen-iwanow)SystemComponentsHealthy
condition now also reflects the status of the connectivity between the control plane and the worker nodes. (#1900, @rfranzke)nodeless
local gardener setup. Simply run make local-garden-up
and get a nodeless Garden cluster. (#1842, @zanetworker)requests
for kube-apiserver based on cluster autoscaler minNodes instead of maxNodes (#1992, @ggaurav10)machine.image.name
and machine.image.version
. (#1986, @ialidzhikov)minAllowed
values for kube-apiserver and etcd have been lowered to improve resource utilization. (#1983, @wyb1)Shoot
with .spec.networking.pods = .spec.networking.services = nil
is created and there is at least one Seed
with .spec.networking.shootDefaults = nil
has been fixed. (#1965, @rfranzke)apiserver
, controller manager
, scheduler
and gardenlet
can be extended with custom annotations and labels via the gardener helm chart. (#1945, @vpnachev)shoot.garden.sapcloud.io/use-as-seed
-> shoot.gardener.cloud/use-as-seed
shoot.garden.sapcloud.io/ignore-alerts
-> shoot.gardener.cloud/ignore-alerts
sha256
image tags. (#1937, @rfranzke)Shoot
with experimental.addons.shoot.gardener.cloud/kyma=enabled
. Be aware that we won't provide upgrades or customization, and that this addon is temporary and will be removed in a future version of Gardener again. Its purpose is to ease the Kyma installation and to show-case which features it provides. It is by no means a production-ready setup. Also, please note that, once enabled, the Kyma addon can never be disabled again. The only way to get rid of it is to delete the shoot cluster. You can check the status of the installation by using kubectl get installation/kyma-installation -o jsonpath="{'Status: '}{.status.state}{', description: '}{.status.description}"
. (#1935, @a-thaler)zones
is now only cross checked with the referring CloudProfile
if a shoot is created or the worker zones
in a shoot are changed. This avoids the breakage of existing shoots whose availability zones were removed from the CloudProfile
afterwards. (#1925, @timuthy)shoot.garden.sapcloud.io/uid
annotation to the Shoot namespace as there is still machinery that relies on it. (#1906, @ialidzhikov)alertmanager
StatefulSet
is now automatically scaled vertically by the VPA. (#1903, @rfranzke)PriorityClass
for the gardenlet Deployment
to ensure it always runs and is never preempted in favor of other pods. (#1899, @rfranzke)Secret
s when a referencing SecretBinding
resource is deleted has been fixed. (#1898, @rfranzke)seed:images:count
exposes a count of the images running in the seeds. (#1897, @wyb1)fenced
parameter to the test framework to specify shoots tests running in a fenced environment (#1973, @schrodit)24h
. If you want to overwrite this you can specify the --cache-resync-period
flag. (gardener/gardener-resource-manager#33, @rfranzke)MaintenanceWindow
. When this mode is set, scaling happens only during user-defined maintenance time window. (gardener/hvpa-controller#50, @ggaurav10)
scale
subresource in HVPAv
. (gardener/hvpa-controller#47, @ialidzhikov)9569
(gardener/hvpa-controller#42, @ggaurav10)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.1.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.1.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.1.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.1.0
Published by gardener-robot-ci-1 over 4 years ago
spec.provider.workers[].volume.size
without spec.provider.workers[].volume.type
. (#1932, @timuthy)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.0.4
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.0.4
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.0.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.0.4
Published by gardener-robot-ci-1 over 4 years ago
Secret
s if no referencing SecretBinding
s exist anymore. (6bcf688067fac03eb09f0b7557be4742d4db5a16)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.0.3
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.0.3
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.0.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.0.3
Published by gardener-robot-ci-2 over 4 years ago
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.0.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.0.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.0.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.0.2
Published by gardener-robot-ci-1 over 4 years ago
Secret
s when a referencing SecretBinding
resource is deleted has been fixed. (77ca4895250a028c1291d143b9b4b963cca16f07)shoot.garden.sapcloud.io/uid
annotation to the Shoot namespace as there is still machinery that relies on it. (0c781be437db55d5ae5450ef2cd387907dc682c4)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.0.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.0.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.0.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.0.1
Published by gardener-robot-ci-1 over 4 years ago
garden.sapcloud.io
API group is finally removed. If you have not yet adapted your manifests, templates, automation, etc., you have to do it now. It is no longer possible to interact with Gardener using the legacy API. (#1832, @rfranzke).gardenlet.kubeconfig
field in the Gardenlet Helm chart is no longer available. If you want to provide a kubeconfig for the garden cluster you have to use .gardenlet.config.gardenClientConnection.kubeconfig
now. Also, you now have the possibility to overwrite the kubeconfig for the seed cluster by specifying .gardenlet.config.seedClientConnection.kubeconfig
. (#1870, @rfranzke)garden.sapcloud.io
API group the keys for the Gardener-managed resources in etcd have to be renamed. We are providing a small tool to perform this operation. You must consult the migration guide document before you deploy the Gardener v1
version. Please, precisely follow the steps described in the document. (#1832, @rfranzke)hack/migrate-etcd
and hack/dev-setup-register-gardener
scripts must be run before starting the Gardener API server. (#1832, @rfranzke)extensions.gardener.cloud/v1alpha1.BackupBucket
resource does now have a new .spec.providerConfig
field that can be used to pass provider-specific configuration to the extension controller. The extensions.gardener.cloud/v1alpha1.BackupEntry
resource does now have new .spec.providerConfig
and .spec.backupBucketProviderStatus
fields. The contents for both fields are copied over from the respective BackupBucket
resource. In the garden cluster, the Seed
resource does now allow to provide the providerConfig
for backup buckets in .spec.backup.providerConfig
. (#1799, @rfranzke)Project
related ClusterRole aggregations. These are required e.g. for the Webterminal feature of the gardener dashboard and fixes the error: terminals.dashboard.gardener.cloud is forbidden: User "[email protected]" cannot list resource "terminals" in API group "dashboard.gardener.cloud" in the namespace "garden-project" (#1836, @petersutter)shoot.garden.sapcloud.io/uid
and label shoot.garden.sapcloud.io/hibernated
are no longer added to the Shoot namespace. (#1885, @ialidzhikov)custom.shoot.sapcloud.io/
are no longer maintained on the Shoot namespace. (#1885, @ialidzhikov)ResourcesApplied
condition of the ManagedResource to determine the Installed
condition for a given ControllerInstallation. (#1876, @tim-ebert)ShootState
resources for non-existing Shoot
s that were accidentally left in the system. (#1868, @rfranzke)1.9.3
. (#1859, @wyb1)ShootState
resources do now has owner references to their respective Shoot
resources. (#1855, @swilen-iwanow)garden.sapcloud.io:system
RoleBinding
s in project namespaces are now properly cleaned up. (#1849, @rfranzke)ExtensionReady
condition for Seed
resources does now show in its message the rationale behind the computed status. (#1848, @rfranzke)cmd/registry-migrator/main.go
which can be used to migrate existing prefixed keys to a new prefix. See cmd/registry-migrator/README.md
for more details. (#1847, @mvladev)shoot.garden.sapcloud.io/expirationTimestamp
) to be extended to infinity is now fixed. Now Shoot lifetime can be extended only up to .spec.clusterLifetimeDays
from the current date, but never more. (#1841, @ialidzhikov)gardener-resource-manager
now logs errors and adds messages to the condition ResourcesApplied
if there were errors decoding resources in referenced secrets. (gardener/gardener-resource-manager#31, @tim-ebert)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.0.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.0.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.0.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.0.0
Published by gardener-robot-ci-3 over 4 years ago
ShootState
resources do now has owner references to their respective Shoot
resources. (733433ed58fbaf271460a0591f09411176041180)garden.sapcloud.io:system
RoleBinding
s in project namespaces are now properly cleaned up. (66e097abd0b0f045bb1f5b02624af0a511d4af2e)shoot.garden.sapcloud.io/expirationTimestamp
) to be extended to infinity is now fixed. Now Shoot lifetime can be extended only up to .spec.clusterLifetimeDays
from the current date, but never more. (7cff1c006626199303330d55077f57ecbd1c03f5)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v0.35.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v0.35.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v0.35.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v0.35.2
Published by gardener-robot-ci-1 over 4 years ago
Project
related ClusterRole aggregations. These are required e.g. for the Webterminal feature of the gardener dashboard and fixes the error: terminals.dashboard.gardener.cloud is forbidden: User "[email protected]" cannot list resource "terminals" in API group "dashboard.gardener.cloud" in the namespace "garden-project" (a787a3743ae6702305f41b73187bed870d4dddf4)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v0.35.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v0.35.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v0.35.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v0.35.1
Published by gardener-robot-ci-1 almost 5 years ago
blackbox-exporter
deployment in the kube-system
namespace of shoot clusters has now the monitoring
role label instead of system-component
. (#1830, @rfranzke)Shoot
resource does now have a new .spec.purpose
field with possible values evaluation
(default), testing
, development
, production
. As of today, testing
shoots won't get a logging or monitoring stack as part of their control planes. Also, the Gardener scheduler will not consider the region of the testing
shoot anymore, i.e., it may end up on a seed in a completely different region if it is better to balance the whole system. Other than these there is no difference currently, but we might introduce more in the future. (#1827, @rfranzke)aggregate-prometheus
now scrapes the vpa-exporter
and has vpa metrics for the components running in the garden
namespace of the seeds. (#1829, @wyb1).spec.externalTrafficPolicy
equals Local
correctly. (#1821, @jia-jerry)shoot-info
configmap in kube-system
namespace of shoot cluster. (#1819, @jia-jerry)data
section to the coredns-custom
configmap in your kube-system
namespace. (#1815, @zanetworker)shoot.garden.sapcloud.io/use-as-seed
annotation now supports as use-serviceaccount-bootstrapping
configuration option. If set, the Gardenlet will not create a bootstrap token but a service account when it deploys itself into a shooted seed cluster. This is useful in case the Garden cluster does not support bootstrap tokens. (#1810, @rfranzke)protected
and invisible
without disrupting CRUD operations for existing shoot clusters that have already been running on them. (#1808, @vpnachev)kubernetes-1.16.0
. (gardener/gardener-resource-manager#26, @ialidzhikov)sigs.k8s.io/controller-runtime
is updated to v0.2.2
. (gardener/gardener-resource-manager#25, @ialidzhikov)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v0.35.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v0.35.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v0.35.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v0.35.0