[gardener]

Action Required

• [USER] node-exporter deployed by Gardener in kube-system now runs on port 16909. Adjust your Prometheus configuration, if it uses the old 9100 port. (#970, @mvladev)
• [OPERATOR] Minimum supported version for seed cluster is now 1.11.x. Before updating to this Gardener version you will have to update seed cluster to at least Kubernetes version 1.11.x. (#937, @swapnilgm)

Most notable changes

• [USER] The kubelet config contained an invalid option that prevented the pod pid limit feature to work properly - this has been fixed now. (#971, @rfranzke)
• [USER] node-exporter deployed in kube-system now runs on port 16909. (#970, @mvladev)
• [USER] It is now possible to add labels, annotations, and taints for each worker pool in the Shoot manifest. Please consult the example Shoot manifests for more information on how to configure it. (#952, @rfranzke)
• [OPERATOR] Reduce excess capacity for Shoot Control Planes on Seed to 3% (or min. 2 Control Planes). (#992, @mliepold)
• [OPERATOR] The dependency-watchdog controller is now deployed next to every control plane in the seed. (#990, @georgekuruvillak)
• [OPERATOR] PVC for etcd-main StatefulSet will now use gardener.cloud-fast storage class which will be configured to have fast cloud provider disks with more IOPS. The size of PV attached to etcd-main pods will differ per cloud provider. (#937, @swapnilgm)
  • ⚠️ Seed infrastructure account will now have one additional volumes per shoot; one extra for etcd-main. The old etcd volumes will continue to exist and will be cleaned up with next Gardener release.
• [OPERATOR] Etcd pods will be marked with annotation cluster-autoscaler.kubernetes.io/safe-to-evict=false, hence, seed nodes on which etcd is scheduled will be refrained for removal by cluster autoscale in case of scale down. (#937, @swapnilgm)

Improvements

• [USER] Fixes an issue which left stale, unhealthy Nodes in the Shoot cluster after ending hibernation. (#1015, @timuthy)
• [USER] Gardener does now create Alicloud EIPs with PayByTraffic policy for new clusters to save costs. (#994, @jia-jerry)
• [USER] An issue that prevented deleting hibernated Alicloud clusters has been fixed. (#975, @jia-jerry)
• [OPERATOR] Increased machine drain and scale down timeouts (#1011, @prashanth26)
• [OPERATOR] Gardener removes CustomResources and APIServices during the deletion of a Shoot cluster before further resources get deleted. (#989, @timuthy)
• [OPERATOR] Integrate vpa-exporter into seeds. (#982, @wyb1)
• [OPERATOR] An issue with the merge behaviour of the image vector has been fixed when images are overwritten. (#974, @adracus)
• [OPERATOR] An issue in the Plant health check has been fixed. (#973, @danielfoehrKn)
• [OPERATOR] Add controlplane webhooks documentation (#968, @stoyanr)
• [OPERATOR] Alertmanagers now send out warning level alerts (#954, @wyb1)

[dependency-watchdog]

Most notable changes

• [USER] dependency-watchdog checks for the readiness of a service. If the endpoints are ready to accept requests, the dependant pods as specified in the config is restarted if found to be in CrashLoopBackoff. (gardener/dependency-watchdog#0, @georgekuruvillak)

[etcd-backup-restore]

Most notable changes

• [USER] Updated etcd vendoring version to 3.3.13. (gardener/etcd-backup-restore#157, @shreyas-s-rao)
• [USER] Full snapshot on etcd startup will now be deferred in favour of an initial delta snapshot, followed by a full snapshot and subsequent delta snapshots. (gardener/etcd-backup-restore#157, @shreyas-s-rao)
• [USER] Added the embedded-etcd-quota-bytes flag to allow configuring the backend quota size of the embedded etcd instance used during restoration of data. (gardener/etcd-backup-restore#134, @shreyas-s-rao)
• [USER] Unnecessary data validation will now be skipped, allowing for quicker etcd restarts. (gardener/etcd-backup-restore#93, @georgekuruvillak)

Improvements

• [USER] Fixed the sorting of snapshots. (gardener/etcd-backup-restore#162, @shreyas-s-rao)
• [OPERATOR] Optimized WAL verification memory usage. (gardener/etcd-backup-restore#157, @shreyas-s-rao)
• [OPERATOR] Reduced etcd downtime by optimizing readiness probe. (gardener/etcd-backup-restore#153, @shreyas-s-rao)
• [OPERATOR] Updated the base image of alpine in docker container to 3.9.3. (gardener/etcd-backup-restore#153, @shreyas-s-rao)
• [OPERATOR] The golang version has been upgraded to v1.12.0. (gardener/etcd-backup-restore#132, @ialidzhikov)
• [OPERATOR] In case of storage provider is not configured, i.e. backup disabled, we skip the backup dependent sanity checks. (gardener/etcd-backup-restore#122, @swapnilgm)

[machine-controller-manager]

Most notable changes

• [USER] Enables support for propagating and maintaining the taints, annotations and labels from machine-api objects to node-objects. (gardener/machine-controller-manager#256, @hardikdr)

Improvements

• [OPERATOR] Bugfix: Existing machine-objects now adopts the node-label. (gardener/machine-controller-manager#265, @hardikdr)
• [OPERATOR] Bugfix: MachineDeployment with partial freeze status has been syncronized to display the correct status (gardener/machine-controller-manager#264, @prashanth26)
• [OPERATOR] Added safety controller cases in integration tests (gardener/machine-controller-manager#257, @prashanth26)

[vpa-exporter]

Improvements

• [OPERATOR] Upperbound metrics are now properly exposed. (gardener/vpa-exporter#2, @wyb1)
• [OPERATOR] Changed the metric names exported for VPA. (gardener/vpa-exporter#2, @wyb1)
• [OPERATOR] Change default port to 9570 (gardener/vpa-exporter#5, @wyb1)
• [OPERATOR] Added --port flag to specify on which port prometheus metrics should be exposed. (gardener/vpa-exporter#3, @wyb1)
• [OPERATOR] Expose CPU metrics as millicores instead of cores. (gardener/vpa-exporter#3, @wyb1)
• [OPERATOR] Add targetName and targetKind labels (gardener/vpa-exporter#6, @wyb1)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.22.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.22.0

[gardener]

Improvements

• [OPERATOR] Gardener removes CustomResources and APIServices during the deletion of a Shoot cluster before further resources get deleted. (f05695ad9f17174a276a3a12901eafc3fed6e0e4)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.21.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.21.2

[gardener]

Action Required

• [USER] node-exporter deployed by Gardener in kube-system now runs on port 16909. Adjust your Prometheus configuration, if it uses the old 9100 port. (06bdbab1a7c3018916a12e4abe73f78a3fb8d8c8)

Most notable changes

• [USER] The kubelet config contained an invalid option that prevented the pod pid limit feature to work properly - this has been fixed now. (c04dd80b6416577d502b884ad032178609d381c3)
• [USER] node-exporter deployed in kube-system now runs on port 16909. (06bdbab1a7c3018916a12e4abe73f78a3fb8d8c8)

Improvements

• [USER] An issue that prevented deleting hibernated Alicloud clusters has been fixed. (#977, @jia-jerry)
• [OPERATOR] An issue with the merge behaviour of the image vector has been fixed when images are overwritten. (8bc500d9033435522e0279d26b51f41cc8cdf8c7)
• [OPERATOR] An issue in the Plant health check has been fixed. (f795cf99f13efacc542767361cf572922ab0e607)
• [OPERATOR] Alertmanagers now send out warning level alerts (fab92f41149efd1ceb9e739d9e8c1b2cd8b1bf42)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.21.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.21.1

[gardener]

Most notable changes

• [USER] Gardener does now support Alicloud shoot clusters with Kubernetes version 1.14. You should consider the Kubernetes release notes before upgrading to 1.14. (#951, @jia-jerry)
• [USER] The authentication mode of the Kubernetes Dashboard managed by Gardener can now be controlled via .spec.addons.kubenetes-dashboard.authenticationMode={basic,token} (defaults to basic). (#941, @rfranzke)
• [USER] Calico is now only used for policies on Azure, Bird backend is removed. (#914, @zanetworker)
• [USER] Fixed an issue in the shoot care controller that did not correctly initialize the health check conditions. (436a1dfb98f7f4c5f55fba1133e5804702b88c25)
• [OPERATOR] Label shooted seeds with garden.sapcloud.io/role=seed (#944, @vpnachev)
• [OPERATOR] The etcd of shoot clusters on Alicloud are now backed up in Alicloud OSS. (#929, @minchaow)
• [OPERATOR] Gardener's ShootSeedManager admission plugin is now configurable by providing an AdmissionConfiguration file to the API server. This admission plugin is responsible for automatically determining an appropriate seed for a created shoot. It does now support two strategies: SameRegion (default) which will only consider seeds of the same provider and in the same region like the shoot, or MinimalDistance which will first try to find a seed of the same provider and in the same region, but if no such seed can be found it will choose the geographically nearest seed cluster. (#917, @danielfoehrKn)
• [OPERATOR] If you have enabled the VPA feature gate then the VPA mode for all Prometheus instances in the seed will now be set to Auto mode. That means that the pod's resource requests will change based on the recommendations of the VPA. If Prometheus is using too much/too little resources it will be killed by the VPA and given new resource requests (can only happen to pods that are 12h+ old or get killed through other means). (#915, @wyb1)

Improvements

• [USER] Shoot owners can set the annotation shoot.garden.sapcloud.io/ignore-alerts to true if they want don't want alerts to fire for their shoot cluster. (#957, @wyb1)
• [OPERATOR] Add fixed version of charts in the integration tests (#953, @schrodit)
• [OPERATOR] An invalid type conversion that may lead to panics has been fixed. (#950, @rfranzke)
• [OPERATOR] Gardener does now label all shoot namespaces in the seed with seed.gardener.cloud/provider={aws,azure,...} and shoot.gardener.cloud/provider={aws,azure,...}. (#949, @rfranzke)
• [OPERATOR] When creating a Terraform pod/job Gardener does now create a Role in the respective namespace instead of relying on a ClusterRole that was deployed during seed bootstrap process. (#949, @rfranzke)
• [OPERATOR] MCM metrics are exposed to the Prometheus (#948, @prashanth26)
• [OPERATOR] Docker image version updates: (#947, @ialidzhikov)
  • grafana/grafana: 6.0.1 -> 6.1.4
  • docker.elastic.co/elasticsearch/elasticsearch-oss: 6.5.4 -> 6.7.1
  • docker.elastic.co/kibana/kibana-oss: 6.5.4 -> 6.7.1
  • fluent/fluent-bit: 1.0.5 -> 1.0.6
• [OPERATOR] PVs created via PVCs are now correctly deleted in the backing cloud provider. (#940, @adracus)
• [OPERATOR] An issue that prevented kube-scheduler RBAC roles to be applied properly for 1.13 clusters has been resolved. (#935, @rfranzke)
• [OPERATOR] Added VPA objects for control plane components. VPA objects are in Off mode. (#926, @wyb1)
• [OPERATOR] Gardener does now respect the unmanaged DNS provider and does not deploy DNS records for it. (#922, @vpnachev)
• [OPERATOR] The memory limits of daily-curator cronJob are increased (from 50Mi to 70Mi) to prevent OOM issues. (#911, @ialidzhikov)
• [OPERATOR] Validating webhook validate-namespace-deletion is now called only for Project namespaces. (#908, @mvladev)
• [OPERATOR] The garden.sapcloud.io:admin cluster role does now allow reading namespaces. (#907, @petersutter)
• [OPERATOR] Remnant route entries are now explicitly deleted by Gardener during the shoot deletion flow. (#901, @DockToFuture)

[machine-controller-manager]

Most notable changes

• [USER] Manual unfreezing of machineSets and machineDeployment is now possible using the annotation - 'safety.machine.sapcloud.io/unfreeze': 'True' (gardener/machine-controller-manager#253, @prashanth26)
• [USER] The drain is always invoked even the case of forceful deletion (gardener/machine-controller-manager#248, @prashanth26)
• [USER] Drain now tries to evict pods and if eviction fails, it forcefully deletes the pods (gardener/machine-controller-manager#248, @prashanth26)

Improvements

• [OPERATOR] Bugfix: Improvements while unfreezing machineSet/machineDeployment (gardener/machine-controller-manager#251, @prashanth26)
• [OPERATOR] Drain logic makes use of lesser API calls (gardener/machine-controller-manager#249, @hardikdr)
• [OPERATOR] Azure explicitly detaches data disks before VM deletion (gardener/machine-controller-manager#248, @prashanth26)
• [OPERATOR] Enhanced unit-test coverage for machineset controller (gardener/machine-controller-manager#241, @hardikdr)
• [OPERATOR] The golang version has been upgraded to v1.12.0. (gardener/machine-controller-manager#237, @ialidzhikov)

[terraformer]

Most notable changes

• [USER] The Packet Terraform provider has been added. (gardener/terraformer#21, @deitch)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.21.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.21.0

[gardener]

Most notable changes

• [USER] Calico is now only used for policies on Azure, Bird backend is removed. (cee9bb1dcced9ccefd850868cf7fba6ea6bf5782)

Improvements

• [OPERATOR] Remnant route entries are now explicitly deleted by Gardener during the shoot deletion flow. (#913, @DockToFuture)
• [OPERATOR] The memory limits of daily-curator cronJob are increased (from 50Mi to 70Mi) to prevent OOM issues. (#912, @ialidzhikov)
• [OPERATOR] An issue with Prometheus alerts that caused firing false positive ApiServerNotReachable alerts has been fixed. (#909, @wyb1)
• [OPERATOR] The garden.sapcloud.io:admin cluster role does now allow reading namespaces. (23f717e6b933cd20d0e66d98ca1a91b13064827c)
• [OPERATOR] Validating webhook validate-namespace-deletion is now called only for Project namespaces. (3ed4a1240625c48e22b854355385398531151b7f)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.20.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.20.2

[gardener]

Most notable changes

• [USER] Alicloud does not yet support Kubernetes 1.14.x but continues to support Kubernetes 1.13.x. (d67cc224cd9985a0c5cd19f915ef850253e32ab7)
• [USER] Fixed an issue in the shoot care controller that did not correctly initialize the health check conditions. (0b4c1acb2d275b657e68358dea8481defdedb355)

Improvements

• [OPERATOR] Several issues in the Plant test has been fixed. (61243faf6df7a0c1e8383406f8afb12ef70e0d54)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.20.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.20.1

[gardener]

Action Required

• [USER] The kube-apiserver server certificate does not contain the external ip/hostname of its load balancer anymore (only for new clusters). In case you use the ip/hostname directly, then client-side SSL validation will not work anymore (you have to disable it). (#839, @dkistner)
• [OPERATOR] ⚠️ Gardener does no longer have in-tree supported for DNS. Instead, it now relies on extension controllers to manage DNS records for the specific provider they have been developed for, e.g. aws-route53, google-clouddns, etc. (see GEP-1 on extensibility). We have prepared the implementation of the external-dns-management which supports AWS Route53, Alicloud DNS, Azure DNS, Google CloudDNS, and OpenStack Designate. After updating Gardener you need to create corresponding ControllerRegistration resources to make these extension controllers known to Gardener (otherwise none of your shoots will be able to get reconciled anymore). Please find example ControllerRegistration resources here. To get information about more details please walk through these documents. (#850, @rfranzke)
• [OPERATOR] ⚠️ Now that you are registering extension controllers for DNS you must update the credentials in the internal-domain secret, default-domain secrets, and all other secrets used for creating DNS records for shoots. If you use the external-dns-management project then consult the Secret example files. Also be aware of the fact that the Gardener Helm chart changed! (#850, @rfranzke)

Most notable changes

• [USER] The gardener-controller-manager does now not only check the presence but also the value of the shoot.garden.sapcloud.io/ignore annotation. (#878, @ialidzhikov)
  • ⚠️ Existing shoots with the shoot.garden.sapcloud.io/ignore annotation but any other value than ("1", "t", "T", "true", "TRUE", "True") will be considered for reconciliation.
• [USER] You can now specify a location (timezone) for your hibernation schedules in the Shoot resource. (#876, @adracus)
• [USER] Gardener does now support Shoot clusters with Kubernetes version 1.14. You should consider the Kubernetes release notes before upgrading to 1.14. (#863, @rfranzke)
• [USER] It is now possible to configure the maximum number of PIDs per pod by setting the .spec.kubernetes.kubelet.podPidsLimit flag in the Shoot specification. (#853, @rfranzke)
• [USER] The .spec.dns.hostedZoneID field in the Shoot resource is deprecated and no longer respected/used. It will be removed in the future. (#850, @rfranzke)
• [USER] Due to flow/performance optimisations in the shoot creation process Gardener does not longer wait until the load balancer for the kube-apiserver is fully provisioned/ready before starting to create the infrastructure and the etcd volumes. As a consequence, Gardener will not longer add the ip/hostname of the load balancer as SAN to the kube-apiserver's server certificate. (#839, @dkistner)
• [USER] ⚠️ The nginx-ingress addon for shoot clusters is now deprecated (but still supported for a couple of releases). Shoot owners are now encouraged to deploy an Ingress controller according to their preferences themselves. (#837, @timuthy)
• [USER] It is now possible to register external clusters to Gardener via the Plant resource. Gardener will do basic health checks of the cluster, and it allows you to manage all your clusters (managed by Gardener or any other tool) at a single place. (#826, @zanetworker)
• [USER] When the shoot's domain is a default domain then Gardener will set .spec.dns.provider=nil. (6b542463ad0424a0ba04c3998c47107d1003ae51)
• [OPERATOR] Improved resource management: (#888, @amshuman-kr)
  • kube-scheduler limits raised to 512Mi to support larger workloads (~4.5k pods).
  • kube-proxy limits removed in accordance with upstream reference
  • blackbox-exporter in the shoot cluster gets a priority class to make sure it stays scheduled during a capacity crunch.
  • kube-apiserver requests and limits are raised by 30% for the different node count buckets.
• [OPERATOR] The metadata service of Alicloud is now blocked for all pods in the seed other than the kube-controller-manager and the cloud-controller-manager. (#875, @schrodit)
• [OPERATOR] Traffic from shoot to seed via the VPN endpoint is now blocked. (#874, @DockToFuture)
• [OPERATOR] The old dns.garden.sapcloud.io/domain, dns.garden.sapcloud.io/hostedZoneID, and dns.garden.sapcloud.io/provider annotations for domain secrets are deprecated and will be removed in a future version. Please use dns.gardener.cloud/domain and dns.gardener.cloud/provider now. (#850, @rfranzke)
• [OPERATOR] Due to the fact that the Initializer feature is entirely dropped with Kubernetes 1.14 Gardener does now no longer rely on it. It was used to enable the cloud-controller-manager for labelling created PVs. This is now done by the PersistentVolumeLabel admission controller inside the kube-apiserver. Consequently, the kube-apiserver does now have information about the cloud (credentials/config). (#838, @rfranzke)
• [OPERATOR] When new shoots are created Gardener does now validate that the used DNS domain is not used by another shoot, and that it is no subdomain used by another shoot. (6b542463ad0424a0ba04c3998c47107d1003ae51)

Improvements

• [USER] A bug has been fixed that prevented kube-dashboard and blackbox-exporter to start if .spec.kubernetes.allowPrivilegedContainers was set to false (securityContext was missing). (#883, @mvladev)
• [USER] Monitoring: CAdvisor filesystem metrics for the etcds will be collected and displayed in the etcd monitoring dashboard. (#849, @dkistner)
• [USER] The minimum of the HorizontalPodAutoscaler for CoreDNS has been changed to 2. (ee25f9ca2cb6f3e7a3035fce5fb6f96ee600cae0)
• [OPERATOR] upgrade vertical-pod-autoscaler to 0.5.0 (#898, @wyb1)
• [OPERATOR] The HorizontalPodAutoscaler for kube-apiserver now scales based on memory metrics (in addition to the existing CPU metrics). (#890, @amshuman-kr)
• [OPERATOR] Improved alerting to reduce false positive alerts. (#872, @wyb1)
• [OPERATOR] The testing framework now supports Ali-cloud. (#869, @zanetworker)
• [OPERATOR] Add packet validations. (#865, @deitch)
• [OPERATOR] The kubelet-monitor does no longer restart the kubelet if it reports PLEG is not healthy errors. (#861, @fsniper)
• [OPERATOR] The version of fluent-bit has been upgraded from 1.0.4 to 1.0.5. (#860, @ialidzhikov)
• [OPERATOR] Make it easier to run on other platforms. (#858, @deitch)
• [OPERATOR] Allow specifying machine image name in local development environment to facilitate testing different images. (#840, @pablochacin)
• [OPERATOR] Enable custom vpn configs by cloud provider, including runtime determination (#833, @deitch)
• [OPERATOR] Remnant GCP firewall rules for load balancers are now explicitly deleted by Gardener during the shoot deletion flow. (#831, @DockToFuture)
• [OPERATOR] The default audit log policy for Gardener has been refined. (#830, @vpnachev)
• [OPERATOR] The memory limits for kube-proxy and node-exporter have been doubled. (#828, @ggaurav10)
• [OPERATOR] Seed validation now fails if the network field in the spec is modified. (#819, @zanetworker)

[logging]

Improvements

• [OPERATOR] fluentd image version has beed upgraded to v2.5.0. (gardener/logging#25, @ialidzhikov)
• [OPERATOR] Curator now supports http_auth option for basic auth against elasticsearch. (gardener/logging#24, @ialidzhikov)
• [OPERATOR] The golang version has been upgraded to v1.12.0. (gardener/logging#23, @ialidzhikov)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.20.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.20.0

[gardener]

Improvements

• [OPERATOR] The memory limits for kube-proxy and node-exporter have been doubled. (575f7a7b3cda85e16c90dd4bd5b9c91d4ea591a6)
• [OPERATOR] switch the order of ports for the nginx-ingress service to prioritize https over http. (5b0add27b6ed9fe6e4648ad8c279fc129caaebe6)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.18.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.18.2

[gardener]

Improvements

• [USER] The Terraformer error code mapping has been extended. (#832, @rfranzke)
• [OPERATOR] A bug has been fixed that has taken the configuration for the kube-apiserver's load balancer service from the wrong provider for cross-provider shoots. (#832, @rfranzke)
• [OPERATOR] A nil pointer exception in the ControllerRegistration controller has been fixed. (#832, @rfranzke)
• [OPERATOR] The default audit log policy for Gardener has been refined. (7c1957b3cec02e23130b74176c87a5ce4f9e70da)
• [OPERATOR] The memory limits for kube-proxy and node-exporter have been doubled. (6aee4973f0133a50469a658c60d4bb62e6d140c6)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.19.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.19.1

[machine-controller-manager]

Improvements

• [OPERATOR] AliCloud driver now generates the correct ProviderID on machine-object (gardener/machine-controller-manager#236, @prashanth26)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.18.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.18.1

[etcd-backup-restore]

Most notable changes

• [USER] Added the embedded-etcd-quota-bytes flag to allow configuring the backend quota size of the embedded etcd instance used during restoration of data. (gardener/etcd-backup-restore#136, @swapnilgm)

[gardener]

Most notable changes

• [USER] Alicloud does now support 1.13 shoot clusters. The support for 1.11 will be dropped. Please refrain from creating 1.11 clusters and recreate your existing clusters with Kubernetes version 1.13. (#805, @jia-jerry)
• [USER] If a shoot gets hibernated Gardener does now scale down the entire control plane (previously, etcd and kube-apiserver were still running). (#786, @rfranzke)
• [USER] IPVS mode in kube-proxy can now be enabled via the Shoot's spec.kubernetes.kubeProxy.mode field. Recommended versions of Kubernetes which can be used with this configuration are: (#496, @mvladev)
  • ~1.11.6
  • ~1.12.4
  • ~1.13.1
  • ^1.14
• [OPERATOR] The gardener-controller-manager now uses a cached discovery client for the Garden cluster that can be configured via entries in the ControllerManagerConfiguration. Also, the previous two environment variables KUBECONFIG and GARDENER_KUBECONFIG have been merged into a single KUBECONFIG variable. This means Gardener will communicate to only a single Garden cluster, being more in line with other Kubernetes controllers. (#778, @adracus)
• [OPERATOR] If the new VPA feature gate is enabled then Gardener will deploy the Vertical Pod Autoscaler into the garden namespace of every seed cluster. (#739, @wyb1)
• [OPERATOR] If the new VPA feature gate is enabled then the vertical pod autoscaler will provide scaling recommendations for the central Prometheus in the garden namespace as well as all shoot-specific Prometheus instances. It will not yet scale them automatically. We might enable this in a future release. (#739, @wyb1)

Improvements

• [USER] The Shoot's control plane condition indicating issues during a rolling worker upgrade due to a purposefully missing cluster-autoscaler has been fixed. (#787, @adracus)
• [USER] The error code mapping has been extended. (70591f03130ed2fe2f7188246dc1bb8b6e5d5c31)
• [OPERATOR] The default audit log policy for Gardener has been improved to reduce the amount to a reasonable volume. (#813, @vpnachev)
• [OPERATOR] Add support for vpn dynamic configuration via initContainers. (#798, @deitch)
• [OPERATOR] Fix local provider to work with the new mechanism for generating OS config (#795, @stoyanr)
• [OPERATOR] switch the order of ports for the nginx-ingress service to prioritize https over http. (#794, @zanetworker)
• [OPERATOR] The golang version has been upgraded to v1.12.0. (#790, @ialidzhikov)

[machine-controller-manager]

Improvements

• [OPERATOR] AliCloud driver now generates the correct ProviderID on machine-object. (gardener/machine-controller-manager#236, @prashanth26)

[vpn]

Most notable changes

• [OPERATOR] The alpine base image version has been updated to 3.8. (gardener/vpn#38, @marwinski)

Improvements

• [OPERATOR] The vpn-shoot is now able to load its CIDR configuration dynamically at run-time or at build-time. (gardener/vpn#39, @deitch)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.19.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.19.0

[gardener]

Action Required

• [OPERATOR] ⚠️ Gardener does now require that all the registered seed clusters have at least Kubernetes version 1.11+. You may only use a seed with Kubernetes version 1.10+ if you have enabled the CustomResourceSubresources feature gate prior to upgrading Gardener. (d102d6d088490e5e59d88e4137ee954842be82ac)

• [OPERATOR] ⚠️ Gardener does no longer have in-tree supported for operating system configurations. Instead, it now relies on extension controllers to generate this configuration for the specific OS they have been developed for (see GEP-1 on extensibility). We have prepared the implementation of the CoreOS Container Linux extension and the CoreOS Container Linux (Alicloud-specific) extension. After updating Gardener you need to create corresponding ControllerRegistration resources to make these extension controllers known to Gardener (otherwise none of your shoots will be able to get reconciled anymore). Please find example ControllerRegistration resources here and here. Please ensure that you use the extension controllers of at least version 0.4.0. To get information about more details please walk through these documents. (#713, @rfranzke)

• [OPERATOR] ⚠️ This release requires manual migration steps as it incorporates the latest version (0.14.0) of the machine-controller-manager. In this version MCM has incompatibly changed to use CRD subresources. Also, now that you will register extension controllers for the CoreOS Container Linux operating system you must update the machine image name in the CloudProfiles for Alicloud to coreos-alicloud, and for all other providers (AWS, GCP, ...) to coreos. Gardener will try to update the specification of all existing Shoot objects when starting, so make sure that you update the CloudProfiles (otherwise, the update request by Gardener will not happen and shoots may break). Please follow the following steps:

  1. Scale down the gardener-controller-manager in the garden cluster: kubectl -n garden scale deployment/gardener-controller-manager --replicas=0
  2. Scale down the machine-controller-managers in ALL your seed clusters: for ns in $(kubectl get namespaces -l garden.sapcloud.io/role=shoot -o jsonpath={.items..metadata.name}); do kubectl -n ${ns} scale deployment/machine-controller-manager --replicas=0 && echo "Scaled down machine-controller-manager in shoot namespace ${ns}"; done
  3. Verify that all machine-controller-managers are offline (if needed, wait for that): kubectl get pod --all-namespaces | grep machine-controller-manager (should return no results)
  4. Update the CRDs managed by MCM in ALL your seed clusters: kubectl apply -f https://raw.githubusercontent.com/gardener/gardener/0.18.0/charts/seed-bootstrap/templates/crd-machines.yaml
  5. Update the container image of the machine-controller-managers in ALL your seed clusters: for ns in $(kubectl get namespaces -l garden.sapcloud.io/role=shoot -o jsonpath={.items..metadata.name}); do kubectl -n ${ns} set image deployment/machine-controller-manager machine-controller-manager=eu.gcr.io/gardener-project/gardener/machine-controller-manager:0.14.0 && echo "Updated machine-controller-manager in shoot namespace ${ns}"; done
  6. Scale up the machine-controller-managers in ALL your seed clusters: for ns in $(kubectl get namespaces -l garden.sapcloud.io/role=shoot -o jsonpath={.items..metadata.name}); do kubectl -n ${ns} scale deployment/machine-controller-manager --replicas=1 && echo "Scaled up machine-controller-manager in shoot namespace ${ns}"; done
  7. Deploy Gardener 0.18.0
  8. Update the machine image names in your CloudProfile resources in the garden cluster as described above.
  9. Scale up the gardener-controller-manager in the garden cluster: kubectl -n garden scale deployment/gardener-controller-manager --replicas=1
  10. Deploy the ControllerRegistration resources as described above: kubectl apply -f https://raw.githubusercontent.com/gardener/gardener-extensions/0.4.0/controllers/os-coreos/example/controller-registration.yaml (and, for Alicloud, kubectl apply -f https://raw.githubusercontent.com/gardener/gardener-extensions/0.4.0/controllers/os-coreos-alicloud/example/controller-registration.yaml)

  ⚠️ Please note that, after we have now removed in-tree support for operating systems, the generated user-data used for bootstrapping VMs does syntactically change. This will trigger a rolling update of all worker VMs for all existing shoots as soon as Gardener reconciles them. (#713, #774, @rfranzke)

• [OPERATOR] Developers need to run make dev-setup-extensions to prepare their local Gardener development setup. They should also update the machine image name in the CloudProfiles for Alicloud to coreos-alicloud, and for all other providers to coreos. (#713, @rfranzke)

Most notable changes

• [USER] Gardener does now support internal load balancers for GCP shoot clusters. In order to enable internal load balancers you need to define a network range for the subnet into which the load balancers should be placed, see this for an example. After that, you can order an internal load balancers by annotating the respective Service object of type LoadBalancer with cloud.google.com/load-balancer-type=Internal. (#765, @DockToFuture)
• [USER] The version of etcd has been upgraded from 3.3.10 to 3.3.12. (#748, @swapnilgm)
• [USER] The version of the nginx-ingress-controller has been upgraded from 0.21.0 to 0.22.0. Please note that there were breaking changes, check out the release notes. (e360f3d7a7fdfa6d415c4c073c11d4faf6e4a075)
• [OPERATOR] Added an integration testing framework for Gardener. (#624, @zanetworker)
• [OPERATOR] The cloud-config-downloader script does no longer depend on hyperkube/kubectl. (e2ab6b81754af2dbd13565ebb9aac4193ae9b18e)

Improvements

• [USER] Shoot conditions during creation and deletion having status=False are 'pardoned' to status=Progressing if no error has occurred yet. (#776, @adracus)
• [USER] The load on CoreDNS produced by the blackbox-exporter running in the shoot cluster's kube-system is now reduced (#749, @zanetworker)
• [USER] The CPU and memory resource limits for kube2iam have been increased. (6681717a9ed3d9b60e82f389bf01405ae862eeb6)
• [USER] Calico's FELIX_LOGSEVERITYSCREEN level has been set to error. (43af59a6ba3b8b93068752d1485a186cdff27d76)
• [OPERATOR] The version of fluent-bit has been upgraded from 1.0.3 to 1.0.4. (#763, @ialidzhikov)
• [OPERATOR] It is now possible to overwrite images of the image vector during deployment of Gardener. Please consult this documentation to learn more. (#718, @rfranzke)
• [OPERATOR] Logrotate timer on all shoot worker VMs does now run hourly (instead of daily). (#714, @ialidzhikov)
• [OPERATOR] Seed prometheus now uses storage and time based retention. (#710, @wyb1)
• [OPERATOR] Cert-Manager version has been changed from v0.4.1 to v0.6.0. (#708, @timuthy)
• [OPERATOR] Kubelet and docker logs (for seed clusters) are now accessible from EFK. (#706, @ialidzhikov)
• [OPERATOR] Prometheus has been upgraded to v2.7.1. (#705, @wyb1)
• [OPERATOR] Shoot Hibernation workers can now be configured in the Gardener chart. (#693, @adracus)
• [OPERATOR] The shoot care controller does now remove stale OutOfDisk node conditions for 1.13 clusters. See https://github.com/kubernetes/kubernetes/pull/72507 for more details. (#691, @rfranzke)
• [OPERATOR] The version of the kube-addon-manager has been bumped from v8.8 to v9.0. (57b4326ea577f8fedaf43182a81b40ccc2351511)
• [OPERATOR] The etcd statefulset is now automatically rolled in case the backup secret changes. (2ce71537cb42355cc2310307b9d90b9257c195d0)
• [OPERATOR] It is now possible to specify the minimum volume size annotation for shooted seeds via minimumVolumeSize=20Gi. (3e4406f1f3efacdd95c8b1eca9b4479d87c4ab8a)
• [OPERATOR] The unintentionally stated second tolerations section in the node-exporter manifest has been removed. (0fb3aefb6c0e433a4d65f8b1e7226fe219beedd1)

[autoscaler]

Improvements

• [USER] Autoscaler does now make use of the OwnerReferences while finding the MachineDeployment object from Machine object. (gardener/autoscaler#15, @hardikdr)

[aws-lb-readvertiser]

Improvements

• [OPERATOR] The aws-lb-readvertiser does now ensure that the load balancer name provided via command line flags is a FQDN. If not, it will automatically convert it before starting the control loops. (gardener/aws-lb-readvertiser#12, @zanetworker)

[etcd-backup-restore]

Most notable changes

• [USER] In case of storage provider is not configured, i.e. backup disabled, we skip the backup dependent sanity checks. (gardener/etcd-backup-restore#123, @swapnilgm)
• [USER] Add new cloud provider OSS (Alibaba Object Storage Service) support for etcd-backup-restore (gardener/etcd-backup-restore#108, @minchaow)
• [USER] Added configurable flag delta-snapshot-memory-limit to restrict memory consumption due to periodic delta snapshots. (gardener/etcd-backup-restore#84, @swapnilgm)
• [OPERATOR] Fixed memory/goroutine leak: close previous Etcd watches (gardener/etcd-backup-restore#116, @databus23)

Improvements

• [USER] It now skips full snapshot if there were no updates on the etcd since previous full snapshot. (gardener/etcd-backup-restore#86, @swapnilgm)
• [USER] Fixed the authentication call for swift to retry authentication on token expiration by setting AllowReauth flag for swift authentication call to true. (gardener/etcd-backup-restore#80, @georgekuruvillak)
• [OPERATOR] Added the option to disable delta snapshots, by setting the 'delta-snapshot-period-seconds' flag to any value lesser than 1. (gardener/etcd-backup-restore#96, @shreyas-s-rao)
• [OPERATOR] Added a sanity check to prevent data loss during initialization, by ensuring that the etcd revision is greater than or equal to the latest snapshot revision (gardener/etcd-backup-restore#85, @shreyas-s-rao)
• [OPERATOR] Add mock test for GCS provider. (gardener/etcd-backup-restore#82, @swapnilgm)
• [OPERATOR] There is now a helm chart to deploy etcd-backup-restore. (gardener/etcd-backup-restore#59, @bergerx)

[logging]

Improvements

• [USER] Now fluentd does not lose log messages. (gardener/logging#22, @ialidzhikov)

[machine-controller-manager]

Most notable changes

• [USER] Add support for Packet cloud provider https://www.packet.com (gardener/machine-controller-manager#190, @deitch)
• [OPERATOR] Prefers scheduling of pods on newer machines during roll-outs (gardener/machine-controller-manager#202, @prashanth26)

Improvements

• [USER] Fixes documentation while running CLI client (gardener/machine-controller-manager#204, @deitch)
• [USER] Metrics endpoint is enhanced. (gardener/machine-controller-manager#195, @fsniper)
• [OPERATOR] Removes null pointer exception on Azure (gardener/machine-controller-manager#232, @prashanth26)
• [OPERATOR] Machine CRDs now use status subresource (gardener/machine-controller-manager#228, @prashanth26)
• [OPERATOR] Fixes panic issue while fetching metrics of failed machines (gardener/machine-controller-manager#225, @prashanth26)
• [OPERATOR] Azure now powers off VM before deletion (gardener/machine-controller-manager#206, @prashanth26)
• [OPERATOR] Leader election defaults were updated (gardener/machine-controller-manager#203, @prashanth26)
• [OPERATOR] Vendored K8s version 1.12 (gardener/machine-controller-manager#194, @prashanth26)

[terraformer]

Most notable changes

• [USER] The version of Terraform core has been upgraded from version 0.11.6 to 0.11.11. (gardener/terraformer#18, @rfranzke)
• [USER] The version of the Terraform AWS provider plugin has been upgraded from version 1.17.0 to 1.60.0. (gardener/terraformer#18, @rfranzke)
• [USER] The version of the Terraform AzureRM provider plugin has been upgraded from version 1.4.0 to 1.22.1. (gardener/terraformer#18, @rfranzke)
• [USER] The version of the Terraform Google provider plugin has been upgraded from version 1.12.0 to 1.20.0. (gardener/terraformer#18, @rfranzke)
• [USER] The version of the Terraform OpenStack provider plugin has been upgraded from version 1.4.0 to 1.16.0. (gardener/terraformer#18, @rfranzke)
• [USER] The version of the Terraform Alicloud provider plugin has been upgraded from version 1.22.0 to 1.31.0. (gardener/terraformer#18, @rfranzke)

Improvements

• [OPERATOR] The Terraformer does now uses Docker multi-stage builds to drastically ease the build process. (gardener/terraformer#18, @rfranzke)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.18.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.18.0

[autoscaler]

Improvements

• [USER] Autoscaler does now make use of the OwnerReferences while finding the MachineDeployment object from Machine object. (gardener/autoscaler#15, @hardikdr)

[aws-lb-readvertiser]

Improvements

• [OPERATOR] The aws-lb-readvertiser does now ensure that the load balancer name provided via command line flags is a FQDN. If not, it will automatically convert it before starting the control loops. (gardener/aws-lb-readvertiser#12, @zanetworker)

[etcd-backup-restore]

Most notable changes

• [USER] In case of storage provider is not configured, i.e. backup disabled, we skip the backup dependent sanity checks. (gardener/etcd-backup-restore#123, @swapnilgm)
• [USER] Add new cloud provider OSS (Alibaba Object Storage Service) support for etcd-backup-restore (gardener/etcd-backup-restore#108, @minchaow)
• [USER] Added configurable flag delta-snapshot-memory-limit to restrict memory consumption due to periodic delta snapshots. (gardener/etcd-backup-restore#84, @swapnilgm)
• [OPERATOR] Fixed memory/goroutine leak: close previous Etcd watches (gardener/etcd-backup-restore#116, @databus23)

Improvements

• [USER] It now skips full snapshot if there were no updates on the etcd since previous full snapshot. (gardener/etcd-backup-restore#86, @swapnilgm)
• [USER] Fixed the authentication call for swift to retry authentication on token expiration by setting AllowReauth flag for swift authentication call to true. (gardener/etcd-backup-restore#80, @georgekuruvillak)
• [OPERATOR] Added the option to disable delta snapshots, by setting the 'delta-snapshot-period-seconds' flag to any value lesser than 1. (gardener/etcd-backup-restore#96, @shreyas-s-rao)
• [OPERATOR] Added a sanity check to prevent data loss during initialization, by ensuring that the etcd revision is greater than or equal to the latest snapshot revision (gardener/etcd-backup-restore#85, @shreyas-s-rao)
• [OPERATOR] Add mock test for GCS provider. (gardener/etcd-backup-restore#82, @swapnilgm)
• [OPERATOR] There is now a helm chart to deploy etcd-backup-restore. (gardener/etcd-backup-restore#59, @bergerx)

[gardener]

Most notable changes

• [USER] The version of the nginx-ingress-controller has been upgraded from 0.21.0 to 0.22.0. Please note that there were breaking changes, check out the release notes. (0c190c9a10a4f0f7216e7e4578a285483a625737)
• [USER] The version of etcd has been upgraded from 3.3.10 to 3.3.12. (66d86cc9790f74d9b3bd37e57201e74da121ee44)

Improvements

• [USER] The CPU and memory resource limits for kube2iam have been increased. (debdb794c9225b4840ccc513dc9f088292212437)
• [USER] The load on CoreDNS produced by the blackbox-exporter running in the shoot cluster's kube-system is now reduced (4b676eb8c9f21042a75d5d2df62b2fd04e5b3c6e)
• [OPERATOR] It is now possible to overwrite images of the image vector during deployment of Gardener. Please consult this documentation to learn more. (218acfeab1afb73fe837ae7254fcea8a96d35948)
• [OPERATOR] The version of the kube-addon-manager has been bumped from v8.8 to v9.0. (cb1b9d4e599ec2079f42ea14f73740ac2bf0dd37)
• [OPERATOR] The etcd statefulset is now automatically rolled in case the backup secret changes. (eeafbf129a755dcd6a71cf625605a2e111333061)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.17.4
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.17.4

[machine-controller-manager]

Improvements

• [OPERATOR] Fixes panic issue while fetching metrics of failed machines (gardener/machine-controller-manager#225, @prashanth26)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.17.3
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.17.3

[gardener]

Most notable changes

• [OPERATOR] Shoot hibernation workers are now 5 by default. (#737, @adracus)

Improvements

• [USER] The Alicloud cloud provider config does now contain the region which allows running the control plane of Alicloud shoots on another infrastructure. (6b09657ae313e8ae0c5f63511a7eb688e024feaa)
• [OPERATOR] It is now possible to specify the minimum volume size annotation for shooted seeds via minimumVolumeSize=20Gi. (#735, @jia-jerry)

[machine-controller-manager]

Most notable changes

• [USER] Add support for Packet cloud provider https://www.packet.com (gardener/machine-controller-manager#190, @deitch)
• [OPERATOR] Prefers scheduling of pods on newer machines during roll-outs (gardener/machine-controller-manager#202, @prashanth26)

Improvements

• [USER] Fixes documentation while running CLI client (gardener/machine-controller-manager#204, @deitch)
• [USER] Metrics endpoint is enhanced. (gardener/machine-controller-manager#195, @fsniper)
• [OPERATOR] Azure now powers off VM before deletion (gardener/machine-controller-manager#206, @prashanth26)
• [OPERATOR] Leader election defaults were updated (gardener/machine-controller-manager#203, @prashanth26)
• [OPERATOR] Vendored K8s version 1.12 (gardener/machine-controller-manager#194, @prashanth26)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.17.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.17.2

[gardener]

Improvements

• [USER] Calico's FELIX_LOGSEVERITYSCREEN level has been set to error. (22db1dd9cdde0dc8a6b1633500bc1daa2e66a15d)
• [OPERATOR] The shoot care controller does now remove stale OutOfDisk node conditions for 1.13 clusters. See https://github.com/kubernetes/kubernetes/pull/72507 for more details. (448be661e753f56d5adb768c57eefa55823abc4d)
• [OPERATOR] The unintentionally stated second tolerations section in the node-exporter manifest has been removed. (4b8d1a7b450bb33f4faf70aafdd1fc896a15fe1f)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.17.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.17.1

[gardener]

Action Required

• [OPERATOR] The componentconfig/v1alpha1 API group has been renamed to controllermanager.config.gardener.cloud/v1alpha1 (developers need to update the API version in their local config file in the dev/ folder). (#650, @rfranzke)

Most notable changes

• [USER] Added a new field selector spec.cloud.seed to Shoots so that end-users can query for all shoot clusters on a particular Seed, e.g. kubectl -n garden-my-project get shoot --field-selector .spec.cloud.seed=aws-eu1. (#677, @mvladev)
• [USER] The .spec.backup section in the Shoot resource is deprecated and no longer evaluated. Instead, operators are now asked to provide a meaningful backup schedule in the Gardener configuration. (#666, @timuthy)
• [USER] Gardener does no longer have support for deploying Monocular as an optional addon. The .spec.addons.monocular field in the Shoot resource was deprecated since long and is now no longer evaluated/respected at all, however, it is kept for API compatibility reasons. Users must deploy Monocular on their own if they want to use it. Rolling out this Gardener version will delete it from all existing shoot clusters that have had enabled it. (#658, @rfranzke)
• [USER] Only Kubernetes version 1.11.x is supported by Gardener on Alicloud in this PR (#626, @jia-jerry)
• [USER] When a shoot is deleted then Gardener cleans all Kubernetes resources before continuing with deleting the infrastructure and control plane. (ce71a6cf7ff31f2b673961f9e3d000c66545c959)
  • Now, during a shoot deletion, Gardener will delete stuck pods forcefully after a 5m grace period.
  • Generally: Make sure that you delete resources with possible side effects (CRDs, APIServices, NFS-provisioning pods, ...) first yourself before triggering shoot deletion.
• [USER] All PersistentVolume resources in a shoot cluster are now deleted when the shoot itself is deleted (independent of the specified reclaimPolicy). (b227e42f3c876dbc0afa7214f69b54d19e8a7e99)
• [OPERATOR] ⚠️ The .spec.backup section in the Shoot resource is deprecated and no longer evaluated. Instead, operators are now asked to provide a meaningful backup schedule in the gardener-controller-manager's configuration file which applies to all shoot clusters. If not specified the schedule will be defaulted to "once every 24 hours". (#666, @timuthy)
  • ⚠️ Please be aware that whenever the the schedule changes a restart of all etcd pods of all shoot clusters is triggered.
• [OPERATOR] All shoot worker machines are now configured with log rotation for user containers and system components. Log files are kept for a maximum of 14 days. (#664, @ialidzhikov)

Improvements

• [USER] The logging cron jobs are now suspended if the shoot is hibernated. (#683, @ialidzhikov)
• [USER] The log levels for calico and the node-exporter have been switched to error to reduce the number of noisy log messages. (#672, @DockToFuture)
• [USER] All system components deployed by Gardener do now tolerate the NoSchedule, CriticalAddonsOnly, and NoExecute taints on nodes. (#657, @rfranzke)
• [OPERATOR] Alertmanager now uses Pod's IP for clustering configuration. (#674, @mvladev)
• [OPERATOR] Non-Gardener webhooks are being deleted upfront cleaning up a Shoot cluster / waiting for KCM and CCM to become active. This results in fewer Shoots being stuck in a failed deletion loop. (#659, @adracus)
• [OPERATOR] The log retention period for ElasticSearch has been changed to 14d. (#655, @ialidzhikov)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.17.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.17.0

[autoscaler]

Improvements

• [USER] Bugfix: Trying to taint more than required nodes during scale down has been fixed (gardener/autoscaler#10, @prashanth26)
• [OPERATOR] The autoscaler has been rebased with the upstream and now vendors 1.12 (gardener/autoscaler#11, @prashanth26)

[cert-broker]

Most notable changes

• [OPERATOR] Cert-Broker now uses version 1.13.1 of client-go. (gardener/cert-broker#13, @timuthy)

Improvements

• [OPERATOR] Cert-Broker now uses the Kubernetes clientset to replicate secrets without a secret lister. This improves the applications memory consumption. (gardener/cert-broker#12, @timuthy)

[etcd-backup-restore]

Improvements

• [OPERATOR] Added configurable flag delta-snapshot-memory-limit to restrict memory consumption due to periodic delta snapshots. (gardener/etcd-backup-restore#84, @swapnilgm)
• [OPERATOR] Fixed the authentication call for swift to retry authentication on token expiration by setting AllowReauth flag for swift authentication call to true. (gardener/etcd-backup-restore#80, @georgekuruvillak)

[gardener]

Action Required

• [OPERATOR] ⚠️ Gardener does no longer support Kubernetes v1.9. You must upgrade all shoot cluster to at least Kubernetes v1.10 before upgrading Gardener. This also means that no seed clusters with versions prior to v1.10 are supported anymore. Please upgrade all seed clusters to at least v1.10 as well before upgrading Gardener. (#642, @rfranzke)

Most notable changes

• [USER] Gardener does now support Shoot clusters with Kubernetes version 1.13. You should consider the Kubernetes release notes before upgrading to 1.13. (#641, @rfranzke)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.16.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.16.0

[etcd-backup-restore]

Improvements

• [OPERATOR] Added configurable flag delta-snapshot-memory-limit to restrict memory consumption due to periodic delta snapshots. (gardener/etcd-backup-restore#84, @swapnilgm)
• [OPERATOR] Fixed the authentication call for swift to retry authentication on token expiration by setting AllowReauth flag for swift authentication call to true. (gardener/etcd-backup-restore#80, @georgekuruvillak)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.15.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.15.2

[gardener]

Improvements

• [USER] The nginx-ingress-controller version has been downgraded from 0.21.0 to 0.20.0. (5424ccf6787e518c4defb0a3034177adaf4568cf)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.15.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.15.1