Kubernetes-native system managing the full lifecycle of conformant Kubernetes clusters as a service on Alicloud, AWS, Azure, GCP, OpenStack, vSphere, KubeVirt, Hetzner, EquinixMetal, MetalStack, and OnMetal with minimal TCO.
OTHER License
Published by gardener-robot-ci-3 almost 5 years ago
au-<project-name--shoot-name>.<seed-ingress-domain>
, Grafana - gu-<project-name--shoot-name>.<seed-ingress-domain>
, go-<project-name--shoot-name>.<seed-ingress-domain>
, Prometheus - p-<project-name--shoot-name>.<seed-ingress-domain>
, Kibana - k-<project-name--shoot-name>.<seed-ingress-domain>
. Previous hostnames are still active but will be removed in the future. (#1769, @timuthy)kube-apiserver
service for clusters in hibernation if the related seed cluster doesn't disable DNS (seed taint: seed.gardener.cloud/disable-dns
). This reduces the costs of hibernated clusters, especially on public cloud providers. Please make sure your extension provider can deal with this change. Versions >= 1.2.0 of Gardener-Extensions
are compatible if you use providers from this repository. Please also bear in mind to always use the shoot's api-server domain name provided by Gardener (api.<shoot.spec.dns.domain
>, or api..., or server
in generated kubeconfig) instead of the load balancer's IP/Hostname. (#1791, @timuthy)v1.2.0
of the provider extension controllers. (#1771, @rfranzke)garden
namespace) have been changed: Grafana - g-seed.<seed-ingress-domain>
, Prometheus - p-seed.<seed-ingress-domain>
, Kibana - k-seed.<seed-ingress-domain>
. (#1769, @timuthy)core.gardener.cloud/v1beta1
API group (instead of core.gardener.cloud/v1alpha1
). Please make sure that all extension controllers can understand both the v1alpha1
and v1beta1
version to ensure a smooth update. (#1763, @rfranzke)./hack/dev-setup-register-gardener
in order to refresh the API version priority. In some cases the .kube
caches should be cleaned by rm -rf ~/.kube/cache; rm -rf ~/.kube/http-cache
. (#1760, @rfranzke)v0.3.3
to v0.3.6
. (#1771, @rfranzke)v2.0.0-beta8
Kubernetes Dashboard for 1.16+ shoot clusters. Please note that the URL to access it is http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
. For shoot clusters < 1.16 the v1.10.1
version of the Kubernetes Dashboard is used - the URL remains the same (http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
). (#1765, @rfranzke)core.gardener.cloud/v1beta1
API version now has the highest priority. This means that e.g. kubectl get shoot
will no longer return the Shoot
in garden.sapcloud.io/v1beta1
but in core.gardener.cloud/v1beta1
. If the garden.sapcloud.io/v1beta1
is desired then kubectl get shoot.garden.sapcloud.io
should be used. In some cases the .kube
caches should be cleaned by rm -rf ~/.kube/cache; rm -rf ~/.kube/http-cache
. Please note that this is the last step before the garden.sapcloud.io/v1beta1
will finally be removed. (#1760, @rfranzke)networking-calico
extension version (if you use it) is at least . (#1805, @rfranzke)AlertManager
, Grafana
, Prometheus
, Kibana
as well as seeds' monitoring and logging components. Please have a look at https://github.com/gardener/gardener/tree/master/docs/usage/ for more information. (#1769, @timuthy)ControllerInstallation
resources now have a new ControllerHealthy
condition that reflects the healthiness of the deployed extension controller. It is regularly updated and can be controlled via the Gardenlet's .controllers.controllerInstallationCare.syncPeriod
flag (default: 30s
). (#1753, @rfranzke)Seed
resources now have a new ExtensionsReady
condition that reflects the healthiness of all deployed extensions to this seed. It is updated as soon as the status of a related ControllerInstallation
resource changes. (Please note that this condition will be transported to the Shoot
conditions as well in case the Shoot
is a seed.) (#1753, @rfranzke)core.gardener.cloud/v1beta1
version (except ShootState
resources as they were not yet promoted to v1beta1
). (#1748, @rfranzke)cloud-config-downloader
service didn't start automatically. Please note that all nodes will be rolled out in case your Worker
extension controllers are not using v1.1.0
(see https://github.com/gardener/gardener-extensions/pull/474 for more information). [Contributed by @majst01] (#1736, @timuthy)Infrastructure
reconciliation. Please see this document for further information. (#1782, @rfranzke)Seed
s and the Shoot
s do not need to specify a node CIDR. Gardener won’t configure the VPN components as it assumes network connectivity by default between the seed worker nodes and the shoot worker nodes. (#1782, @rfranzke)extensions.gardener.cloud/v1alpha1
API now uses types from the core.gardener.cloud/v1beta1
(instead of the core.gardener.cloud/v1alpha1
API). (#1741, @rfranzke)CloudProfile
. (#1757, @timuthy).spec.dns
section during shoot updates. Earlier it was (unintentionally) possible to remove the complete section when updating a shoot. (#1756, @rfranzke).spec.dns.providers
section when a seed is assigned as final DNS decisions can only be taken when the seed is clarified. (#1756, @rfranzke)Shoot
with experimental.addons.shoot.gardener.cloud/kyma=enabled
. Be aware that we won't provide upgrades or customization, and that this addon is temporary and will be removed in a future version of Gardener again. Its purpose is to ease the Kyma installation and to show-case which features it provides. It is by no means a production-ready setup. Also, please note that, once enabled, the Kyma addon can never be disabled again. The only way to get rid of it is to delete the shoot cluster. You can check the status of the installation by using kubectl -n kyma-installer logs deploy/kyma-installer -f
. (#1754, @rfranzke)kubectl describe shoot <shoot-name>
experience. (#1729, @vpnachev)v0.26.1
to v0.22.0
. Generally, we advice to deploy nginx-ingress on your own and leverage the DNS service extension for shoot clusters in order to get full control over version and customization suitable to your workload's needs. (#1719, @rfranzke)kubernetes-1.16.0
. (#1737, @ialidzhikov)featureGates
to be enabled in GardenletConfiguration
is now fixed. (#1728, @ialidzhikov).spec.provider.workers[].volume.type
value of all shoot worker pools. (#1714, @timuthy)Kind
version (v0.6.1). (#1780, @timuthy)Network
extension resource has been added. (#1775, @zanetworker)v
. (gardener/logging#32, @vpnachev)NODE_NETWORK
environment variable for both vpn-seed
and vpn-shoot
in case it is not required to tunnel traffic from the seed to the shoot node network via the VPN. (gardener/vpn#49, @rfranzke)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v0.34.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v0.34.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v0.34.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v0.34.0
Published by gardener-robot-ci-1 almost 5 years ago
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v0.33.7
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v0.33.7
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v0.33.7
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v0.33.7
Published by gardener-robot-ci-1 almost 5 years ago
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v0.33.6
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v0.33.6
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v0.33.6
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v0.33.6
Published by gardener-robot-ci-2 almost 5 years ago
core.gardener.cloud/v1beta1
version (except ShootState
resources as they were not yet promoted to v1beta1
). (9a8e6b48925cacf3ec5a62b4aba1433157e5b9d7).spec.dns.providers
section when a seed is assigned as final DNS decisions can only be taken when the seed is clarified. (44f04579f3f48599f92a42eccb3d0b6c23254917).spec.dns
section during shoot updates. Earlier it was (unintentionally) possible to remove the complete section when updating a shoot. (002f231ad71a10ed7ebeee2f5e6408f652768321)CloudProfile
. (8d0518dd570ed0137c7593d0f3b583937ae209c8)Shoot
with experimental.addons.shoot.gardener.cloud/kyma=enabled
. Be aware that we won't provide upgrades or customization, and that this addon is temporary and will be removed in a future version of Gardener again. Its purpose is to ease the Kyma installation and to show-case which features it provides. It is by no means a production-ready setup. Also, please note that, once enabled, the Kyma addon can never be disabled again. The only way to get rid of it is to delete the shoot cluster. You can check the status of the installation by using kubectl -n kyma-installer logs deploy/kyma-installer -f
. (b7b3d0f277f3138d6be1679191566ddf64908f22)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v0.33.5
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v0.33.5
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v0.33.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v0.33.5
Published by gardener-robot-ci-1 almost 5 years ago
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v0.33.4
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v0.33.4
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v0.33.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v0.33.4
Published by gardener-robot-ci-1 almost 5 years ago
featureGates
to be enabled in GardenletConfiguration
is now fixed. (daafce1748232048a0d32576e7fe741eff48d793)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v0.33.3
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v0.33.3
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v0.33.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v0.33.3
Published by gardener-robot-ci-2 almost 5 years ago
v0.26.1
to v0.22.0
. (034818a78da4be0910f60a2d2e9204f7fb254b12)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v0.33.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v0.33.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v0.33.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v0.33.2
Published by gardener-robot-ci-1 almost 5 years ago
Shoot
does not specify a DNS domain has been fixed. (4068682793d985ec43e3b8d78b50b50d6be1e03a).spec.provider.workers[].volume.type
value of all shoot worker pools. (ae3568b5456997bf1ce8b32a227ff62ec3196ada)Published by gardener-robot-ci-1 almost 5 years ago
.spec.provider.workers[].volume.type
value of all shoot worker pools. (2ffa234eecfdf9d8e41e92a74a3c6e0b61e0d09a)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v0.33.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v0.33.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v0.33.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v0.33.1
Published by gardener-robot-ci-2 almost 5 years ago
gardener-controller-manager
).gardener-controller-manager
and factored out the control loops that are involving communication with seed and shoot clusters into the new gardenlet
component.gardener-apiserver
, gardener-controller-manager
, and gardener-scheduler
, while the gardenlet
is the primary agent running in every seed cluster. Take a look at this comparison diagram.gardener
Helm chart is now split into two separate Helm charts: controlplane
and gardenlet
. Also, some keys in the chart values have been moved around!SeedAvailable
condition does no longer exist and has been replaced by Bootstrapped
and GardenletReady
.spec.secretRef
field in the Seed
resource is now optional. It is only required in case the Seed
is controlled by a Gardenlet that runs outside of the seed cluster itself.Logging
and HVPA
feature gates have been moved from the gardener-controller-manager
to the gardenlet
.Seed
status does now contain a new kubernetesVersion
field into which the gardenlet reports the Kubernetes version of the seed cluster.kubectl get seeds
have been reworked.gardener-controller-manager
features two new controllers:GardenletReady
condition to Unknown
for Seed
resources which don't receive heartbeats from the gardenlet anymore.CertificateSigningRequest
s and auto-approves them in case they were filed by a gardenlet.garden.sapcloud.io:...
RBAC resources have been renamed to gardener.cloud:...
. (#1601, @rfranzke)./hack/dev-setup-register-gardener
in order to register the new core.gardener.cloud/v1beta1
API group. (#1681, @rfranzke)make dev-setup
again, and make start-gardenlet
in order to start the Gardenlet. Please find here more instructions for how to setup the local development environment. (#1601, @rfranzke)shoot-info
configmap in its kube-system
namespace. This configmap contains some important information about the shoot cluster itself, e.g., maintenance time window, project name, etc. (#1690, @rfranzke)garden.sapcloud.io/v1beta1
API group, all resources (except ShootState
) available in core.gardener.cloud/v1alpha1
are now promoted to core.gardener.cloud/v1beta1
with the following changes: (#1681, @rfranzke)
.spec.seed
field in core.gardener.cloud/v1alpha1.BackupBucket
has been renamed to .spec.seedName
in core.gardener.cloud/v1beta1.BackupBucket
..spec.seed
field in core.gardener.cloud/v1alpha1.BackupEntry
has been renamed to .spec.seedName
in core.gardener.cloud/v1beta1.BackupEntry
..spec.blockCIDRs
field core.gardener.cloud/v1alpha1.Seed
has been moved to .spec.networks.blockCIDRs
in core.gardener.cloud/v1beta1.Seed
..spec.addons.kubernetes-dashboard
field core.gardener.cloud/v1alpha1.Shoot
has been renamed to .spec.addons.kubernetesDashboard
in core.gardener.cloud/v1beta1.Shoot
..spec.addons.nginx-ingress
field core.gardener.cloud/v1alpha1.Shoot
has been renamed to .spec.addons.nginxIngress
in core.gardener.cloud/v1beta1.Shoot
..status.seed
field core.gardener.cloud/v1alpha1.Shoot
has been renamed to .status.seedName
in core.gardener.cloud/v1beta1.Shoot
..status.lastError
field core.gardener.cloud/v1alpha1.Shoot
does no longer exist in core.gardener.cloud/v1beta1.Shoot
(in favour of .status.lastErrors
).Shoot
cluster by annotating it with shoot.gardener.cloud/skip-cleanup=true
. Please be careful using this as it might leave orphaned infrastructure resources. Services (of type load balancer) as well as persistent volume resources are still deleted even if this annotation is set. (#1679, @rfranzke)dependency-watchdog
in every shoot control-plane in the seed clusters. Bumped dependency-watchdog to v0.3.0.seed.gardener.cloud/disable-dns
taint. This will cause all shoot clusters assigned to this seed to not use any DNS records for the kube-apiservers. Instead, the load balancer IP/hostname is used directly in all kubeconfigs for communication. (#1617, @rfranzke).status.ingress[].hostname
and .status.ingress[].ip
then the provided hostname is now taken instead of the IP address. (#1617, @rfranzke)pkg/operation/common.CalicoTyphaDeploymentName
has been removed (#1712, @vpnachev)core.gardener.cloud/v1alpha1
but will soon switch to core.gardener.cloud/v1beta1
. That means that the extensions.gardener.cloud/v1alpha1.Cluster
resource will then contain the core.gardener.cloud/v1beta1
resources only. Extension controllers should be prepared to be able to work with both the v1alpha1
and the v1beta1
version. (#1681, @rfranzke)seed.gardener.cloud/disable-dns
taint. No internal or default domain secrets are required in this case. (#1617, @rfranzke)alpine:3.10
. (#1601, @rfranzke).spec.addons.nginx-ingress.externalTrafficPolicy
. It defaults to Cluster
and valid values are {Cluster,Local}
. (#1701, @rfranzke)v0.22.0
to v0.26.1
. (#1701, @rfranzke)EncryptionConfiguration
must be passed via the --encryption-provider-config
flag to the Gardener-Apiserver. This is based on the Kubernetes standard encryption option which is already supported for the Kube-Apiserver (https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/). (#1707, @timuthy)kube-system
namespace of the shoot to guarantee that the blackbox-exporter
component can communicate with the control plane. (#1688, @wyb1).spec.kubernetes.allowPrivilegedContainers=false
to be created is now fixed. (#1686, @ialidzhikov)storageclasses
ManagedResource is no longer deleted during DeployManagedResources
step. (#1677, @ialidzhikov)sigs.k8s.io/controller-runtime
is updated to v0.2.2
. (#1700, @ialidzhikov)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v0.33.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v0.33.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v0.33.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v0.33.0
Published by gardener-robot-ci-3 almost 5 years ago
.spec.kubernetes.allowPrivilegedContainers=false
to be created is now fixed. (5ba3ce75d7e3d23884743c7f6401b5e6e4cf744b)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v0.32.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v0.32.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v0.32.1
Published by gardener-robot-ci-1 almost 5 years ago
.controller.alertingSMTP
to .controller.alerting
. (#1594, @wyb1)CloudProfile
resource. Please make sure, that there are no duplicates in your existing CloudProfile
s before upgrading gardener. (#1568, @tim-ebert)kube-scheduler
will no longer use a ClusterAutoscaler-friendly scheduling algorithm as it can cause instability in the workloads. (#1610, @mvladev)kube-apiserver
and etcd
of shooted seeds via HVPA, enable the feature gate HVPAForShootedSeed
. (#1668, @ggaurav10)cloudprofile.spec.caBundle
will be applied only to newly created nodes. (#1586, @vpnachev)machine.sapcloud.io
API group has been replaced in favour of the controller-runtime client. (#1656, @rfranzke)CloudProfile
has been fixed. (#1661, @rfranzke)v
. (#1665, @ialidzhikov)CloudProfile
. (#1661, @rfranzke)kubeproxy_network_programming_duration_seconds
and kubeproxy_sync_proxy_rules
). (#1654, @wyb1)MutatingWebhookConfigurations
and ValidatingWebhookConfigurations
with failurePolicy=Fail|nil
and rules for CREATE|UPDATE|* for pods|nodes
. (#1642, @tim-ebert)gardener-apiserver
now prevents the removal of the gardener
finalizer for existing shoots if the shoot deletion has not yet finished successfully. (#1608, @tim-ebert).spec.kubernetes.kubeAPIServer.auditConfig.auditPolicy.configMapRef.resourceVersion
of shoot resources is set when an audit policy ConfigMap
is referenced. (#1598, @timuthy)garden.sapcloud.io/v1beta1.CloudProfile
. (#1570, @vpnachev)SecretBinding
controller that could cause the controller-manager to panic has been resolved. (#1569, @rfranzke)kube2iam
addon has been removed. (#1566, @rfranzke)garden.sapcloud.io/v1beta1.Shoot
and core.gardener.cloud/v1alpha1.Shoot
: .status.lastErrors[]
contains a list of all errors which occurred during the last operation on the Shoot
resource. Each error in the list has a unique TaskID
which depends on the task that caused the error. (#1404, @plkokanov)Shoot
resource completes successfully, the corresponding error is removed from .status.lastErrors[]
. (#1404, @plkokanov)sigs.k8s.io/controller-runtime
is updated to v0.2.0-beta.5
. (#1548, @ialidzhikov)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v0.32.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v0.32.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v0.32.0
Published by gardener-robot-ci-2 almost 5 years ago
kube-scheduler
will no longer use a ClusterAutoscaler-friendly scheduling algorithm as it can cause instability in the workloads. (#1611, @mvladev).spec.kubernetes.kubeAPIServer.auditConfig.auditPolicy.configMapRef.resourceVersion
of shoot resources is set when an audit policy ConfigMap
is referenced. (1d2aff4bc26d8c808e9f410df5e8a105a6af2230)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.31.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.31.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:0.31.2
Published by gardener-robot-ci-3 almost 5 years ago
SecretBinding
controller that could cause the controller-manager to panic has been resolved. (1a3636f59b27274cc80c377918ef50e494f4a838)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.31.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.31.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:0.31.1
Published by gardener-robot-ci-3 almost 5 years ago
gardener-controller-manager
is now working only with core.gardener.cloud/v1alpha1
instead of garden.sapcloud.io/v1beta1
resources. You have to use at least version 0.14.0 of the gardener-extensions. (#1453, @rfranzke)BackupInfrastructure
resource has been removed from the garden.sapcloud.io/v1beta1
API group. Please ensure that no BackupInfrastructure
resources exist in your landscape anymore before updating to this Gardener version. (#1453, @rfranzke)networking-calico
extension. Please update your networking-calico
extension version to at least 0.13.1
. (cd5a9096ecd38f7c7110632599ef32cbc0bf60d4)nginx-ingress
addon provided by Gardener using the .spec.addons.nginx-ingress.config
map. (#1563, @rfranzke)
kube-scheduler
will use a ClusterAutoscaler-friendly scheduling algorithm. (#1551, @mvladev)
kube-scheduler
will more likely prioritize nodes with higher resource usage for pod scheduling. This would lead to better resource usage and it will likely provision less nodes. All other scheduler priority configurations are not affected.<shoot-name>.<project-name>.<default-domain>
. (#1520, @rfranzke)core.gardener.cloud/v1alpha1.Shoot
and garden.sapcloud.io/v1beta1.Shoot
now support monitoring configurations under spec.monitoring
. (#1516, @wyb1)garden.sapcloud.io/v1beta1.Shoot
resource does now support the configuration of availability zones and service endpoints for Azure shoot clusters. (#1505, @dkistner)kube-lego
and kube2iam
addons are now finally removed. They will remain in the garden.sapcloud.io/v1beta1.Shoot
API but won't have any effect anymore. (#1453, @rfranzke)kube2iam
addon it will be deprovisioned of all existing Shoot
s that still enable it. Also, all IAM roles created by Gardener for the kube2iam
addon will be deleted. (#1453, @rfranzke)Plant
s may now only contain the following keys as authentication info: client-certificate-data
, client-key-data
, token
, username
, or password
. You may have to update your secrets accordingly. (0635b74b8785533d1d6cccf1beec18a63339c1ba)gopkg.in/yaml.v2
library is updated to version v2.2.4
to mitigate CVE-2019-11253. (0635b74b8785533d1d6cccf1beec18a63339c1ba).spec.networking.type
for a Shoot
is now immutable. (8dbfed921e62e510896be975916d172939524fa0)garden.sapcloud.io:system:project-member
andgarden.sapcloud.io:system:project-viewer
are now aggregated. (#1539, @mvladev)
rbac.gardener.cloud/aggregate-to-project-member: "true"
and rbac.gardener.cloud/aggregate-to-project-viewer: "true"
labels to add additional rules to the aggregated roles.core.gardener.cloud/v1alpha1.CloudProfile
resource: .spec.machineTypes[].storage.class
can be used to indicate the storage class (standard
or premium
, similar to .spec.volumeTypes[].class
) in case Quota
s are used for environments in which the root disk of VMs is defined by the machine type and not separately (like OpenStack, for example). (#1527, @rfranzke)gardener-apiserver
prevents the removal of the gardener
finalizer for existing shoots if there are some backing assets like networks, machines, etc. (e.g. if the shoot namespace in the seed still exists). (#1519, @tim-ebert)0.6.3
. VPA can now increase the limits of containers proportionally, effectively enabling better auto-scaling of control plane components. (#1512, @wyb1)kube-apiserver
and etcd
will be autoscaled horizontally and vertically using hvpa-controller
if the HVPA
feature gate is enabled. Currently, the update policy for the autoscalers is set to ScaleUp
, which is intended as a safer first step, however, it might have cost impact. Eventually, the update policy will be changed to Auto
for kube-apiserver
first and later for etcd
in a future release. (#1421, @ggaurav10)CREATE
and UPDATE
requests on Secret
s. This is in order to validate that kubeconfig secrets may only contain kubeconfigs whose authentication information meets our requirements. (924fb2692c04b5321774e0168ceed510954800aa)Seed
s may now only contain the following keys as authentication info: client-certificate-data
, client-key-data
, token
, username
, or password
. You may have to update your secrets accordingly. (0635b74b8785533d1d6cccf1beec18a63339c1ba)gardener-controller-manager
is now working only with core.gardener.cloud/v1alpha1
instead of garden.sapcloud.io/v1beta1
resources. (#1453, @rfranzke)Cluster
resource in the seed clusters will now contain the core.gardener.cloud/v1alpha1
version of the CloudProfile
, Seed
, and Shoot
resource. Extension controllers should be made capable of supporting/understanding both for at least one release until all shoots have been reconciled. (Existing Cluster
resource of not-yet-reconciled shoots will still contain the garden.sapcloud.io/v1beta1
version). (#1453, @rfranzke)shoot.garden.sapcloud.io/uid
as well as the shoot.garden.sapcloud.io/hibernated
annotation on the shoot namespace in the seed cluster are deprecated and will be removed in a future version. You should consider using the Cluster
resource instead. (#1453, @rfranzke)make dev-setup
and execute kubectl delete validatingwebhookconfiguration validate-namespace-deletion
(it has been renamed to gardener-controller-manager
). (924fb2692c04b5321774e0168ceed510954800aa)custom-dns
in the kube-system namespace. More documentation can be found here (#1541, @zanetworker)core.gardener.cloud/v1alpha1.Shoot
does now support field selector by spec.seedName
and spec.cloudProfileName
. (#1529, @ialidzhikov)NodeConditions
or Event
. Refer NPD doc for more info. (#1525, @hardikdr)spec.workers[].volume
was stated has been fixed. (#1506, @danielfoehrKn)gardener-apiserver
. Instead, the gardener-controller-manager
writes them once it starts reconciliation. (#1463, @tim-ebert).spec.provider.workers[].volume.type
field is now optional in the core.gardener.cloud/v1alpha1.Shoot
resource. (3a5a59fbf55f68923b865a4cf0ad83607697a407)1.5Gi
. (#1557, @ialidzhikov)gardener
is deployed on every shoot node to ease ssh access to it. (#1513, @KristianZH)kubectl
commands to not work properly on Kubernetes clusters of version 1.10.x
. Therefore, Gardener rolls back the metric-server
to v0.3.1
for those clusters. (#1485, @timuthy)TerminationGracePeriodSeconds
of 300 when deleting a shoot cluster. (#1469, @timuthy)ConfigMap
s labelled with extensions.gardener.cloud/configuration=monitoring
and injects their data into the prometheus
and grafana
configurations. This allows extension controllers to define their provider-specific monitoring configuration for the components they deploy. (#1466, @svetlinas)status
of existing VerticalPodAutoscaler
resources when applying manifests. (#1538, @rfranzke)TerraformerChartPath
and ChartInitializer
func are now removed from pkg/operation
. (#1481, @ialidzhikov).spec.pools[].volume.type
field is now optional in the extensions.gardener.cloud/v1alpha1.Worker
resource. (3a5a59fbf55f68923b865a4cf0ad83607697a407)extensions.gardener.cloud/v1alpha1
API group has been implemented. Gardener does not validate these resources itself, however, extension controllers can call them in order to validate the extension CRDs. They have to add proper validation logic for their provider configs, but the validation of general fields in the API can be done with the provided functions. (06bc8a037a48bab6ca0836b4fcfd6f28029d156d)resources.gardener.cloud/ignore: "true"
. This is to allow customisation of resources if required. (gardener/gardener-resource-manager#18, @zanetworker)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.31.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.31.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:0.31.0
Published by gardener-robot-ci-3 about 5 years ago
Plant
s may now only contain the following keys as authentication info: client-certificate-data
, client-key-data
, token
, username
, or password
. You may have to update your secrets accordingly. (51a925c48eaf4ef00753bd2c7d2e2ecbfaf431e2)gopkg.in/yaml.v2
library is updated to version v2.2.4
to mitigate CVE-2019-11253. (2b4383e4f6b648e5e46e6a83cf1ee1aa13462237)CREATE
and UPDATE
requests on Secret
s. This is in order to validate that kubeconfig secrets may only contain kubeconfigs whose authentication information meets our requirements. (b409b3a1036eff1d1ca6b7c5a6f321aa76437f96)Seed
s may now only contain the following keys as authentication info: client-certificate-data
, client-key-data
, token
, username
, or password
. You may have to update your secrets accordingly. (51a925c48eaf4ef00753bd2c7d2e2ecbfaf431e2)make dev-setup
and execute kubectl delete validatingwebhookconfiguration validate-namespace-deletion
(it has been renamed to gardener-controller-manager
). (b409b3a1036eff1d1ca6b7c5a6f321aa76437f96)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.30.5
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.30.5
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:0.30.5
Published by gardener-robot-ci-1 about 5 years ago
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.30.4
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.30.4
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:0.30.4
Published by gardener-robot-ci-2 about 5 years ago
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.30.3
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.30.3
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:0.30.3
Published by gardener-robot-ci-3 about 5 years ago
gardener-controller-manager
. (#1488, @ialidzhikov)kubectl
commands to not work properly on Kubernetes clusters of version 1.10.x
. Therefore, Gardener rolls back the metric-server
to v0.3.1
for those clusters. (#1486, @timuthy)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.30.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.30.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:0.30.2
Published by gardener-robot-ci-2 about 5 years ago
networking-calico
extension. Please update your networking-calico
extension version to at least 0.13.1
. (1086fe82cfe6a57368ce066c145714c73c72748f)1.13.1
. (eec8857e6702a1937f1d6fc7f56be8bee3be7ebf)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.30.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.30.1
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:0.30.1