Kubernetes-native system managing the full lifecycle of conformant Kubernetes clusters as a service on Alicloud, AWS, Azure, GCP, OpenStack, vSphere, KubeVirt, Hetzner, EquinixMetal, MetalStack, and OnMetal with minimal TCO.
OTHER License
Shoot
manifest and their corresponding configuration. Please see this for an example. (#322)HorizontalPodAutoscaler
. It is configured to scale automatically up to maximum number of 4 replicas in case the cluster is large. The scale decision will be made based on its CPU consumption. (#315)Shoot
resources to .status.lastOperation.state=Aborted
if .status.lastOperation.state=Processing
. (0d85b6012e0811e62a0708659ebe9224441932df)eu.gcr.io/gardener-project/gardener/machine-controller-manager
: 0.7.0
-> 0.9.0
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.10.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.10.0
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.9.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.9.1
kubectl get
calls. (f0dcad05d960430481158447230876db3cc59528)NetworkPolicy
in the Seed clusters does now restrict outgoing traffic from Shoot cluster kube-apiservers. They can no longer talk to the Seed networks but only to their corresponding etcd instance and kube-dns. (#266, ec7e29f5e683c9df968eeb737b2b2eaf356ff105, 5ec60cc6b9066876a0914172494058bd4c467589, 81f122834e06db8c777cd0a4461cec522d88eaca)monitoring-ingress-credentials
Secret
in the Seed cluster. (#271, 8e671890710b707ba6e2870e1ae88163292da32f)PodPriority
feature gate and the scheduling.k8s.io/v1alpha1
API version for Kubernetes < 1.11. The amount of excess capacity is computed so that new Shoot control planes can be deployed (allowing to enable the cluster-autoscaler in Seeds). Currently, the Shoot control plane size has been statically set to a requirement of 7
CPU cores and 14Gi
of memory. The number of Shoot control planes that can be supported is 3 or 5% of currently running Shoots, whichever is greater. The feature can be disabled in the Gardener controller manager's component config (.controllers.seed.reserveExcessCapacity
). (#267, 3e8e350c806d9acbdf22dbb6b336fc7205be48a9, daad692286f7b4672ff1004460f7654412a677f9)InternalIP
or an ExternalIP
on its corresponding Node
object, resolving an issue with Shoots of Kubernetes version 1.11. (1311de43a1745cbc8cf65d57c72e9ed0a2c5e586)maxUnavailable
parameters of MachineDeployment
s is now set to 0
as we do not want that the number of available replicas goes below the desired number of replicas during rolling updates. (#274, 6bb3addfd8bdd7231be3f9a46bd92a86c8a391b)loadBalancerSourceRanges
for the nginx-ingress
addon via the .spec.addons.nginx-ingress.loadBalancerSourceRanges
field. (#298, ee24d30a6ac2c7846ff81ad05ecb2868d5f02c44)machine-controller-manager
deployment now features a liveness probe. (9757e95d897290747de67f76330d113d48714a61)RoleBinding
s inside their project, but only read the one listing all members. In the future we will add dedicated resources for the management of projects. (3252c5c7e3f1e4a6132be6111d4bafd81b975727)SecretBinding
resources are forbidden. It is needed for SecretBinding
s referencing trial Quota
s which are assigned by Garden administrators. We do not want project members to simply patch these Quota
s out of the provided SecretBinding
. (30f03cdb70b1a9bb785cd6c241f42c14d719ed58)Seed
resources can now be configured in the controller manager's component config. (3110346016638d36c11e14f4fc08d43a61ba95a6)Seed
resources for Shoot
s which have been marked to be be used as Seed cluster has been fixed. (5c5ae5f8c053724279b62177abbe42ce82ea248b)quay.io/coreos/etcd
: v3.3.8
-> v3.3.9
quay.io/prometheus/alertmanager
: v0.14.0
-> v0.15.1
grafana/grafana
: 5.1.3
-> 5.2.2
k8s.gcr.io/cluster-proportional-autoscaler-amd64
: 1.1.2
-> 1.2.0
jetstack/kube-lego
: 0.1.5
-> 0.1.7
jtblin/kube2iam
: 0.9.0
-> 0.10.1
quay.io/kubernetes-ingress-controller/nginx-ingress-controller
: 0.16.2
-> 0.17.1
busybox
: 1.28.4
-> 1.29.2
gcr.io/google_containers/pause-amd64
: 3.1
(new)quay.io/prometheus/prometheus
: v2.2.0
-> v2.3.2
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.9.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.9.0
machine-controller-manager
deployment now features a liveness probe. (395865c208bade634d1f194a2eb943b1420cb8e8)RoleBinding
s inside their project, but only read the one listing all members. In the future we will add dedicated resources for the management of projects. (5f04e91fa1299d58a6aea03ea33987f6a2d90a17)SecretBinding
resources are forbidden. It is needed for SecretBinding
s referencing trial Quota
s which are assigned by Garden administrators. We do not want project members to simply patch these Quota
s out of the provided SecretBinding
. (ce8120ac2d9f14ba2f4a798635459971efa8688f)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.8.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.8.1
BackupInfrastructure
objects has been removed. Upgrading from a Gardener version prior 0.5.0 is not supported. (cc8807d3bf66a4c70a145959c64fbc864d644634)DeletionConfirmation
feature gate as well as the old deletion logic have been removed. This script shows how to trigger a Shoot deletion. (f14e9b8950d60e1d4e9c3932123abad9f7a9a5e9)ResourceReference
admission controller now performs a live lookup in case a referenced secret was continuously not found in the cache (#227, 6228f43a7d52de92a974a7ab266f4b0c30f7eba6)eu.gcr.io/gardener-project/gardener/etcdbrctl
: 0.2.3
-> 0.3.0
eu.gcr.io/gardener-project/gardener/machine-controller-manager
: 0.6.1
-> 0.7.0
eu.gcr.io/gardener-project/gardener/vpn-seed
: 0.11.0
-> 0.12.0
eu.gcr.io/gardener-project/gardener/aws-lb-readvertiser
: 0.2.0
-> 0.3.0
eu.gcr.io/gardener-project/gardener/vpn-shoot
: 0.11.0
-> 0.12.0
eu.gcr.io/gardener-project/gardener/ingress-default-backend
: 0.5.0
-> 0.6.0
eu.gcr.io/gardener-project/gardener/terraformer
: 0.6.0
-> 0.7.0
-> 0.8.0
eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: 0.1.0
-> 0.2.0
quay.io/kubernetes-ingress-controller/nginx-ingress-controller
: 0.15.0
-> 0.16.2
k8s.io/api
: kubernetes-1.10.3
-> kubernetes-1.11.0
k8s.io/apimachinery
: kubernetes-1.10.3
-> kubernetes-1.11.0
k8s.io/apiserver
: kubernetes-1.10.3
-> kubernetes-1.11.0
k8s.io/client-go
: kubernetes-1.10.3
-> kubernetes-1.11.0
k8s.io/code-generator
: kubernetes-1.10.3
-> kubernetes-1.11.0
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.8.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.8.0
ResourceReference
admission controller now performs a live lookup in case a referenced secret was continuously not found in the cache (#227, d43d276837d3e07091ad5d4305a6bbc36d3fce09)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.7.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.7.1
DeletionConfirmation
admission controller feature is now enabled by default. It requires Shoots to have set the confirmation.garden.sapcloud.io/deletion=true
annotation before they are allowed to become deleted. The old/deprecated annotation (confirmation.garden.sapcloud.io/deletionTimestamp=<x>
) is still needed but will be removed entirely in the next version. (e8c3e31cf192335532b9b20ba05a6d94df40351b)Machine
to MachineDeployment
objects. In case Gardener detects these errors it will abort the machine reconciliation and push detailed information into the Shoots .status.lastOperation
object to become visible to users. (ac08ddc5d1ec9bf9f3a84035ca8eb76feaa8503e)Ingress
resources. (#154, 82dbdf88756d4843d241798a7cf3fdd010304da5)230000-010000
) are now handled correctly. (57a2e2b80b5aacffaf9bd8c024d3b0e35b25c152)SystemComponentsHealthy
condition of the Shoot health check only checks deployments deployed by Gardener, and the ControlPlaneHealthy
now also checks the deployments statuses (was only checking the pod statuses before). (b1611bf59de3d3ab3e3a5d70ae8891091a4d4010, 6a052343476d4d45eaa3fde8b18e6828f30e09a6)quay.io/coreos/etcd
: v3.3.5
-> v3.3.7
-> v3.3.8
quay.io/calico/node
: v3.1.2
-> v3.1.3
quay.io/calico/cni
: v3.1.2
-> v3.1.3
quay.io/calico/typha
: v0.7.3
-> v0.7.4
eu.gcr.io/gardener-project/gardener/ingress-default-backend
: 0.3.0
-> 0.4.0
-> 0.5.0
eu.gcr.io/gardener-project/gardener/machine-controller-manager
: 0.4.0
-> 0.5.0
-> 0.6.1
eu.gcr.io/gardener-project/gardener/vpn-seed
: 0.10.0
-> 0.11.0
eu.gcr.io/gardener-project/gardener/vpn-shoot
: 0.10.0
-> 0.11.0
busybox
: 1.28
-> 1.28.4
github.com/gardener/machine-controller-manager
: 0be5317161d27ef7b95fa7b53844ae3b78f24c7a
-> 0.5.0
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.7.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.7.0
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.6.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.6.1
.spec.addons.cluster-autoscaler.enabled=true
in the Shoot manifest. The Shoot cluster worker nodes will be scaled according to what the user has defined in his/her worker pool's autoScalerMin
/autoScalerMax
constraints. Due to the Machine
abstraction it is capable of auto-scaling Shoots independent of the cloud provider they are deployed to.autoScalerMin=0
are no longer allowed unless autoScalerMax=0
as well (cluster hibernation). If you have Shoot
resource specifying worker pools with autoScalerMin=0
and autoScalerMax>0
every modification to the Shoot resource will be rejected until you update your pools to autoScalerMin>0
. (#200, #207, 47ee5625cac3585c88c6a478863b40207ca0a7c4, 93b8444a686e9c261ea510e2953d693d2045439f, 3527ad11d7295bd36331ddb14ab1581312e38f99, 01d7ec7daba49df6db32fe4d1bfdcecbe59f90e4, 63232bbe70680acc12d73a12354bca693a5b5323, f2253092898f2cc19e1e3a9a8d1846c5a8cc9e76, be662f96616ac12affb93684b3b6633f61c9ff1c)--feature-gates=MyFeature=true,AnotherFeatue=false
. For the Gardener controller manager the feature gates are enabled or disabled per its componentconfig file. (4c251be0b11639c20d41ce20c5de0deb59b0f008)DeletionConfirmation
admission controller has been added which is currently disabled by default. You can enable it by enabling the DeletionConfirmation
feature gate. Once it's enabled it will only allow DELETE
requests on Shoots that have been annotated by confirmation.garden.sapcloud.io/deletion=true
. This is to prevent users from accidentally deleting their Shoot clusters with a simple kubectl delete shoot
command.EveryNodeReady
health check now correlates the number of desired worker nodes with the number of nodes actually registered. Previously, the check did only verify that every registered node is ready (which was true even if no node was registered at all). (122945d8b8a346a2d5d77e2d41e1875b2f371396)Machine
objects have been marked to be forcefully deleted (or until the operation returned an error) before continuing with its flow. (#203, 1a5e1acab07882193d1e3e2a4798e30a48629187)CloudProfile
resources. (#205, 6309a19a66a4e1ee5cf91b5ac15c00c6fff6b01b)eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
: 0.1.0
(new)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.6.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.6.0
CREATE
. (6cf35958fe2ebd0cdd68e402972a662ee271e840)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.5.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.5.1
BackupInfrastructure
has been introduced in the Gardener API server. The Gardener controller manager features a corresponding controller which creates or deletes cloud provider specific blob storage buckets which are used for etcd backups. So far, these tasks have been performed by the Shoot controller itself. This change not only supports a better separation of concerns but also allows to retain the blob store bucket of a specific Shoot even though the Shoot has been deleted. The default behavior is to delete the blob store bucket immediately when a Shoot is deleted, however, the .controllers.backupInfrastructure.deletionGracePeriodDays
key in the Gardener controller manager's component config allows overwriting it. The changes are backwards compatible, hence, for all Shoots a corresponding BackupInfrastructure
resource will be created in the next reconciliation period. (e93c11b5ae9aab3c9782b41809be2e3d102daf4c, 1086c2fb273550bf3e4a96589031f4f1de37f707, f37c866c8040f16e51b12b98df1a6bb8a0c7d5dd, a1eb7a28d76c4a59b26294e349d01ad9650d651a, cdb68b0e4b58a7e14333bae8e603a82d2682ec36, 389773b986267743f6f3ac6e934eaa609346263a, 18355bd3bfef19b93750d059200a9180200c9634, 504c552c4c443895409cf38df9e07f99aeebe70d, f57d36ee42f50fe95f19db6afd8e5caed31102cc)shoot-<projectName>-<shootName>
to shoot--<projectName>--<shootName>
, and the usage of two consecutive hyphens in either projectName
or shootName
is now forbidden. The technical ID is used for creating the Shoot namespace in the Seed cluster as well as for naming/tagging all infrastructure resources. Existing Shoots are not migrated to the new scheme. (#164, 285ef971d31c75d8aaa8fc7362068da0f990dcc6, 0d95fe1fb9ef8a902fe28c109c798c27d6d2cee5)LimitRange
object in the default
namespace of a Shoot cluster. The cluster administrator/owner is responsible for defining these ranges if needed. (226f23d380ee560f7cfba6bfd99f41594fbe9e0e)Pending
or NotReady
for 10m
. (8891409c14f3934a929b6019da7973362e18b5aa)>= 1.10.3
are now supported (the OpenStack-specific behavior regarding the worker node naming scheme prior to Kubernetes 1.10 has been re-introduced and the cloud provider config needed to reflect these changes). AWS, Azure, and GCP Shoots are supporting Kubernetes >= 1.10.3
without any modifications inside Gardener. (1c9bd91a3c83c8cb517afa58b0811be6cf202db1)nginx-ingress-controller
is now started with --enable-ssl-passthrough=true
. (#187, 24ce349d60aadac4f7560f520610cebabe9f611b)12h
to 2h
. (7074a55551fb6e43d790701a85ddd3945cf5e3e6)Initializer
and PodPreset
admission controllers have been disabled as their feature statuses are 'alpha'. (9f5529594c2f9bbfa5639b6797ae4b8a348e334a)vpc_name
. (4ac05a9a1a3279a9372aec2a6b13a21a0b78778b)router_id
and security_group_id
. (9cbcb66096a32848de0a81cca7756edc3c34f003)eu.gcr.io/gardener-project/gardener/aws-lb-readvertiser
: 0.1.0
-> 0.2.0
quay.io/coreos/etcd
: v3.3.3
-> v3.3.5
eu.gcr.io/gardener-project/gardener/etcdbrctl
: 0.2.1
-> 0.2.3
grafana/grafana
: 5.0.4
-> 5.1.3
quay.io/prometheus/node-exporter
: v0.15.2
-> v0.16.0
quay.io/calico/node
: v3.1.0
-> v3.1.2
quay.io/calico/cni
: v3.1.0
-> v3.1.2
quay.io/calico/typha
: v0.7.1
-> v0.7.3
quay.io/kubernetes-ingress-controller/nginx-ingress-controller
: 0.14.0
-> 0.15.0
eu.gcr.io/gardener-project/gardener/ingress-default-backend
: 0.2.0
-> 0.3.0
gcr.io/kubernetes-helm/tiller
: v2.8.2
-> v2.9.1
quay.io/coreos/grafana-watcher
quay.io/cy-play/vts-nginx-exporter
migmartri/prerender
k8s.io/api
: kubernetes-1.10.1
-> kubernetes-1.10.3
k8s.io/apimachinery
: kubernetes-1.10.1
-> kubernetes-1.10.3
k8s.io/apiserver
: kubernetes-1.10.1
-> kubernetes-1.10.3
k8s.io/client-go
: kubernetes-1.10.1
-> kubernetes-1.10.3
k8s.io/code-generator
: kubernetes-1.10.1
-> kubernetes-1.10.3
github.com/gardener/machine-controller-manager
: 0be5317161d27ef7b95fa7b53844ae3b78f24c7a
(new)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.5.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.5.0
OpenVPN
-based approach instead of SSH
. It requires to generate a dedicated TLS auth key for every Shoot cluster (which can only be generated by the openvpn
binary), hence, openvpn
is now part of the controller-manager's Docker image. Moreover, a default Diffie Hellman key for encryption is provided in the vpn-shoot
Helm chart. It is possible to provide a self-generated key to the Gardener which is then used for all Shoot clusters. (149a20a3d25e29d13f8548bc3511bfd592a1b53b, 98a834df97e94248251e9897dc70c8e39c6c65a0, c7f34bce7539c3c90398d985b9a81d8e34c3994f, 4aed15e555789aaa440ec8a4ab21f5e1484400f0, f2edd976a76fe9ad4df5058e0cc61dc8e9231011)GlobalNetworkSet
was missing from the Calico manifest and has been added. (9654b619ca007b245d5c87b8948b89bcd287b3a2)8080
instead of 80
) which has been resolved. (f563c6f5dd7b28744d298251d194afa3537b5154, 44f9aa2a35de03d99ea672b36d28684a154abbb3)kube-system
namespace. (7a62dbf4fdfb8cdc9eea4b723d5d292dd2212c2d).spec.cloud.aws.networks.nodes
field is now defaulted with the first worker network in case the Shoot is deployed into an existing VPC. (6bef1385d7bad56f0c842ed105f3eb2dddf32ab7)Service
object has been resolved. NodePorts of existing Service
s are not longer overwritten, leading to re-balancing of possible load balancers and a short unavailability of the underlying services. (d93bd87c690593f405be98ebd7cb87586698e5d3)MachineSet
during scale operations has been increased to 40 minutes. (9d5622c6fc1ffce76a347b02185a67cb4a6cd2f6)Machine
is now propagated into the Shoot's EveryNodeReady
status condition. (4e7ee75f0ac14ee82db17022b19a67f68486d57b)eu.gcr.io/gardener-project/gardener/vpn-seed
: 0.8.0
-> 0.10.0
eu.gcr.io/gardener-project/gardener/vpn-shoot
: 0.8.0
-> 0.10.0
k8s.gcr.io/k8s-dns-kube-dns-amd64
: 1.14.9
-> 1.14.10
k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64
: 1.14.9
-> 1.14.10
k8s.gcr.io/k8s-dns-sidecar-amd64
: 1.14.9
-> 1.14.10
quay.io/kubernetes-ingress-controller/nginx-ingress-controller
: 0.12.0
-> 0.14.0
eu.gcr.io/gardener-project/gardener/terraformer
: 0.5.0
-> 0.6.0
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.4.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.4.0
.spec.cloud.aws.networks.nodes
field is now defaulted with the first worker network in case the Shoot is deployed into an existing VPC. (999ef31edc91fac741a645b7faec16a70bb75dad)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.3.3
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.3.3
Service
object has been resolved. NodePorts of existing Service
s are not longer overwritten, leading to re-balancing of possible load balancers and a short unavailability of the underlying services. (ab1e67b42d7cb8a5806e232d16303125042f919e)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.3.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.3.2
MachineSet
during scale operations has been increased to 40 minutes. (f492ffb6a95c0658dccb821fa9ac22e1fff50e20)Machine
is now propagated into the Shoot's EveryNodeReady
status condition. (2aac1f3d78e9c6605bef2f4b7369b12f2ebce696)k8s.gcr.io/k8s-dns-kube-dns-amd64
: 1.14.9
-> 1.14.10
k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64
: 1.14.9
-> 1.14.10
k8s.gcr.io/k8s-dns-sidecar-amd64
: 1.14.9
-> 1.14.10
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.3.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.3.1
garden
namespace of all Seed clusters. It is used to scrape the kubelets of all Seeds and to federate the metrics for the individual Shoot Prometheuses, significantly reducing the load and network traffic in the Seeds. (2f05d7ac7e757277e9509c9047b2cc51b6a88cd9, 0ed18db74edf4335149882fad0d8b8e6e07ea4c0, a244fbec57e2540ca427b76c7e8752c85bb1f158, addeb16e5da4a4f90c7997a9629fcce1fc7aac56).controllers.shoot.respectSyncPeriodOverwrite
flag in the controller-managers componentconfig must be set to true
, and the respective Shoot cluster must be annotated with shoot.garden.sapcloud.io/ignore: true
. (2896cbb85ed61496e8cc3ad5e27a52e2ba022f3d).ci
folder now features integration and conformance tests for Shoot clusters..spec.revisionHistoryLimit
option in a Kubernetes deployment manifest. (0fa82ccc7fa8e84a80acee75996ad3f5b4656ade)garden.sapcloud.io/createdBy: <userName>
. (3fba68339f53f71211cbccc5ad419747015234d4)kube-system
namespace. (a221b4de9e184455b4596c414f666b2de54aa158, de1217bb9a071a41919252a8fdce9ea1bc1038b5)vagrant
provider has been renamed to local
. (790a66d39790ec0643129c24994fd9138c0b2ad2)Service
object, possibly existing nodePort
s are now safely provided into the new manifest. (4ff27849eca6845194f7e8ef074b73c48400e5c8)eu.gcr.io/gardener-project/gardener/etcdbrctl
: 0.2.1
(new)eu.gcr.io/gardener-project/gardener/terraformer
: 0.3.0
-> 0.5.0
quay.io/coreos/etcd
: v3.3.2
-> v3.3.3
quay.io/coreos/kube-state-metrics
: v1.2.0
-> v1.3.1
grafana/grafana
: 5.0.3
-> 5.0.4
quay.io/calico/node
: v3.0.4
-> v3.1.0
quay.io/calico/cni
: v2.0.3
-> v3.1.0
quay.io/calico/typha
: v0.7.0
-> v0.7.1
k8s.gcr.io/k8s-dns-kube-dns-amd64
: 1.14.8
-> 1.14.9
k8s.gcr.io/k8s-dns-dnsmasq-nanny-amd64
: 1.14.8
-> 1.14.9
k8s.gcr.io/k8s-dns-sidecar-amd64
: 1.14.8
-> 1.14.9
k8s.gcr.io/heapster
: v1.5.1
-> v1.5.2
eu.gcr.io/gardener-project/gardener/machine-controller-manager
: 0.3.0
-> 0.4.0
k8s.io/api
: kubernetes-1.10.0
-> kubernetes-1.10.1
k8s.io/apimachinery
: kubernetes-1.10.0
-> kubernetes-1.10.1
k8s.io/apiserver
: kubernetes-1.10.0
-> kubernetes-1.10.1
k8s.io/client-go
: kubernetes-1.10.0
-> kubernetes-1.10.1
k8s.io/code-generator
: kubernetes-1.10.0
-> kubernetes-1.10.1
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.3.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.3.0
23
characters. (ba62803117a2502026ae44da3ca330fd8ad50103)bool
and int
types which results now in a correct checksum for the machine class specifications. (ac5be8cf4bea9386c762c420b27f88cd9815ecd1)gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.1.1
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.1.1
1.10
is now supported for AWS and GCP Shoot clusters. Azure clusters are only supported with version 1.8
(1.9
can probably be supported with 1.9.7
(kubernetes/kubernetes#61754 was required and is merged), 1.10
can probably be supported with 1.10.1
(kubernetes/kubernetes#61753 was required and is merged)). OpenStack clusters are only supported with version 1.8
and 1.9
(1.10
can probably be supported with 1.10.1
(kubernetes/kubernetes#58502 has introduced an issue which was "fixed" with kubernetes/kubernetes#61000)). (21b347636f62ecc59e45054030e98822d675dab7)Quota
s are referenced in SecretBinding
s which are used by Shoot
s. Quota
s may also contain a maximum cluster life time which enables offering trial clusters that are terminated automatically after that time. (2490ae1589ccaf443d33b698bc768d3fc824d1d3, 77be92290a82848382af6faf8ae0abae5022af1f, 6d287bf0eb6b53f9bc0ad28332cc89dc4e554244, aa1043427333f2e4bef3667bb9584b21dd4d9f25, 55ef2ac3c9e3eaeff75662b4dde9050c3cab6237, 3b744ec4587bc1c0d2f079ee79ce5f133ce1ae1c)shoot.garden.sapcloud.io/unhealthy=true
to allow easy filtering of Shoots with issues. In case a Shoot is healthy, the label is not set/present. (d16c258b9d638c03a65afd020adb80b4b8761a38)True
and False
. (cc7c0bf8e55b37b3ba9e55e2b38ba19b262e9299)PLEG is not healthy
too often. (b07bf50c0ac601c5c5c26d852b73bd0fb1f7434f)23
characters. (ba62803117a2502026ae44da3ca330fd8ad50103)1.8.5
and 1.9
). (b1ce34bf0742304b3f0b47529146be5dd750bda0)shoot.garden.sapcloud.io/operation=retry
annotation on the Shoot. (f68421d0760716a8830411cee8d4e4dd3124bd44, 21288fa4cf7a8e9aa83d42163c484dfe582bcbf6, 93b1bdcf0138d392651f25c90b69d657a3e78dc3)shoot.garden.sapcloud.io/sync-period
annotation on a Shoot can be used to individually configure the Shoot's sync period. The controller manager's componentconfig allows now also to define the duration after which an errornous operation should be retried (was hard-coded with 15s
previously). (183de36e3b7e0ee91f450f2caedcf53c4d5a0af5)InvalidClientTokenId
are correlated to the ERR_INFRA_UNAUTHORIZED
error code. (0fb32f79d3bb48b1061c6f1fcd221c07223c8699)3
, meaning at most 4 pods will be scheduled to try to complete the job). (56d98600b3bbae1338623bf4ca219b2e48d41a50)Machine
objects have been removed. (8ae8f32f18d050b3f5e48a3a0a9a6b510b4041c2)bool
and int
types which results now in a correct checksum for the machine class specifications. (487e16209db6c236818f69f23ef0d6aca844c195).metadata.deletionTimestamp
is set. (2f1c762bd4fcaa787193b976f1db69495f1529d8)kube-apiserver
deployment is explicitly deleted when destroying the internal DNS record. (e133a507832450267330e4a7c7de89e3f606e586).metadata.ownerReference
is set on the computed Seed resource (pointing to the Shoot). (706a3267169339273439a6911c838c4a6e998575)kubectl get {seeds,shoots}
. (1ab403a0463166921842b776f4915338c2dcc891)k8s.gcr.io/kube-addon-manager
: v8.5
-> v8.6
quay.io/calico/node
: v3.0.3
-> v3.0.4
quay.io/calico/cni
: v2.0.2
-> v2.0.3
quay.io/calico/typha
: v0.6.2
-> v0.7.0
eu.gcr.io/gardener-project/gardener/terraformer
: 0.2.0
-> 0.3.0
eu.gcr.io/gardener-project/gardener/machine-controller-manager
: 0.2.0
-> 0.3.0
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.2.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.2.0
The Gardener implements the automated management and operation of Kubernetes clusters as a service and aims to support that service on multiple Cloud providers (AWS, GCP, Azure, OpenStack). Its main principle is to use Kubernetes itself as base for its tasks.
In essence, the Gardener is an extension API server along with a bundle of Kubernetes controllers which introduces new API objects in an existing Kubernetes cluster (which is called Garden cluster) in order to use them for the management of further Kubernetes clusters (which are called Shoot clusters).
To do that reliably and to offer a certain quality of service, it requires to control the main components of a Kubernetes cluster (etcd, API server, controller manager, scheduler). These so-called control plane components are hosted in Kubernetes clusters themselves (which are called Seed clusters).
Please find more information regarding the concepts and a detailed description of the architecture in our Kubernetes Wiki.
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.1.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.1.0