Kubernetes-native system managing the full lifecycle of conformant Kubernetes clusters as a service on Alicloud, AWS, Azure, GCP, OpenStack, vSphere, KubeVirt, Hetzner, EquinixMetal, MetalStack, and OnMetal with minimal TCO.
OTHER License
Bot releases are visible (Hide)
Published by gardener-robot-ci-1 9 months ago
[DEPENDENCY]
The signature of github.com/gardener/gardener/pkg/chartrenderer.RenderedChart#Files
has changed. by @acumino [#8877][OPERATOR]
The deprecated field seed.spec.secretRef
has been removed from the Seed API. Please check your Seed
s and remove any usage before upgrading to this Gardener version. by @acumino [#8896][OPERATOR]
Migration code for Plutono and Vali is now removed. Consider manual cleanup for longterm broken Shoots as described in the PR to avoid leaking Loki's PV. by @rickardsjp [#8999][DEVELOPER]
The pkg/resourcemanager/predicate.ClassFilter.Active
function was replaced by IsTransferringResponsibility
and IsWaitForCleanupRequired
.
pkg/resourcemanager/predicate.ClassFilter.IsTransferringResponsibility
should be used to check whether the .spec.class
field of a ManagedResource
has changed and let the controller which was previously responsible for the ManagedResource
perform any additional/cleanup tasks.pkg/resourcemanager/predicate.ClassFilter.IsWaitForCleanupRequired
should be used by the controller to which the responsibility was transferred to determine whether it should wait for any tasks/cleanup activities made by the previously responsible controller. by @Kostov6 [#8886][OPERATOR]
The ContainerdRegistryHostsDir
feature gate has been promoted to GA and is now locked to "enabled by default". by @ialidzhikov [#8979][OPERATOR]
When hibernating a cluster, Gardener now assigns an error code ERR_CLEANUP_CLUSTER_RESOURCES
to shoot clusters if (user) pods are still running in namespaces other than kube-system
. by @benedictweis [#9060][OPERATOR]
node-agent
checks health of containerd
and kubelet
now. This replaces the previous bash implementation of these health checks. by @majst01 [#8786][OPERATOR]
Gardener can now support clusters with Kubernetes version 1.29. To allow creation/update of 1.29 clusters you will have to update the version of your provider extension(s) to a version that supports 1.29 as well. Please consult the respective releases and notes in the provider extension's repository. by @acumino [#8976][OPERATOR]
The components managed by gardener now use PDBs with unhealthyPodEvictionPolicy: AlwaysAllow
for clusters with kubernetes version >= 1.26. (For v1.26 clusters (shoots and virtual-garden cluster), the featuregate PDBUnhealthyPodEvictionPolicy
needs to be turned on in the kube-apiserver. From v1.27 this is enabled by default.) by @shafeeqes [#8969][DEVELOPER]
Add local setup for dual-stack seeds. by @axel7born [#8983][DEVELOPER]
Gardener can now support clusters with Kubernetes version 1.29. Extension developers have to prepare individual extensions as well to work with 1.29. by @acumino [#8976][OPERATOR]
False positive PrometheusCantScrape
alerts for the etcd-druid job in the shoot control plane are no longer firing, even if the --enable-backup-compaction
feature of etcd-druid
is not turned on. by @istvanballok [#8988][OPERATOR]
Allow the dependency-watchdog-prober
to patch deployments
and deployments/scale
resources. by @aaronfern [#9036][DEVELOPER]
Local single-zone gardener development setups should now work as expected again even if the istio ingress pods are not scheduled on the control plane node. by @ScheererJ [#8998][DEVELOPER]
Local gardener-operator and multi-zone gardener development setups now use externalTrafficPolicy: Local
for inbound communication to mitigate cross-node network problems. by @ScheererJ [#8972][OPERATOR]
The following dependency has been updated:
k8s.io/[email protected]+incompatible
-> helm.sh/helm/[email protected]
by @acumino [#8877][OPERATOR]
Spreading istio pods across hosts is now enforced if there are enough hosts in a particular zone. by @ScheererJ [#8970][OPERATOR]
The following images are updated:
europe-docker.pkg.dev/gardener-project/releases/3rd/kubesphere/fluent-operator
: v2.3.0 -> v2.7.0europe-docker.pkg.dev/gardener-project/releases/3rd/kubesphere/fluent-bit
: v2.1.4 -> v2.2.0 by @nickytd [#9031][OPERATOR]
The reliability of kube-state-metrics
in the garden
namespace of the Seed
cluster has been improved to minimize periods of unavailability for Prometheus metric collection by @petersutter [#8931][OPERATOR]
The following image is updated:
quay.io/prometheus/prometheus
: v2.47.0
-> v2.48.1
by @istvanballok [#8994][OPERATOR]
kube-proxy is now running in non-privileged mode for K8s >= 1.29 Shoots. The work that needs privileged mode is extracted to an init container. See https://www.kubernetes.dev/blog/2024/01/05/kube-proxy-non-privileged/. by @shafeeqes [#9000][OPERATOR]
Plutono is updated to v7.5.28.[OPERATOR]
nginx-ingress-controller
image is updated to v1.9.5
. by @shafeeqes [#8997][OPERATOR]
Istio ingress gateway dashboard now always shows a graph for all istio namespaces even if no traffic was received in some of them. by @ScheererJ [#9032][OPERATOR]
kube-proxy's sidecar container no longer installs its tools at runtime, but comes with its toolset pre-installed. by @ScheererJ [#9006][DEVELOPER]
On startup, gardenlet
now removes the resources.gardener.cloud/gardener-resource-manager
finalizer from Secret
s related to ManagedResource
s. by @Kostov6 [#8912][OPERATOR]
EtcdWrapper
has progressed from the alpha stage to the beta stage, which now allows for its default usage in etcd-druid. If you prefer to continue using the etcd-custom-image, you can disable the EtcdWrapper by adjusting the feature flag. by @ishan16696 [gardener/etcd-druid#744][USER]
Add support for overriding storage API endpoint for provider GCS, by adding new field storageAPIEndpoint
in the GCP/GCS backup secret, with the value in the format http[s]://host[:port]/storage/v1/
. ⚠️ Note: GCS storage API endpoint will not be overridden for EtcdCopyBackupsTask
s, since backup buckets may reside in different regions. by @shreyas-s-rao [gardener/etcd-druid#737][OPERATOR]
Adds documentation for local setup of Etcd Druid by @anveshreddy18 [gardener/etcd-druid#721][OPERATOR]
Documentation for the controllers of etcd-druid by @renormalize [gardener/etcd-druid#722][DEVELOPER]
Upgrade to go 1.21.4 by @seshachalam-yv [gardener/etcd-druid#727][USER]
Security improvements to the openvpn
configuration. Due to backwards incompatible change between the vpn server and client a short downtime is to be expected during the initial upgrade. by @dimityrmirchev [gardener/vpn2#53][OPERATOR]
The etcd
process now runs with umask set to 0077
, this way the files it creates have no permissions on group
and others
level. by @AleksandarSavchev [gardener/etcd-wrapper#16]europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.87.0
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.87.0
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.87.0
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.87.0
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.87.0
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.87.0
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.87.0
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.87.0
Published by gardener-robot-ci-3 9 months ago
[OPERATOR]
Change OCI Image Registry from GCR (eu.gcr.io/gardener-project
) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases
). Users should update their references. by @shreyas-s-rao [gardener/etcd-druid#756][OPERATOR]
Dynamic loading of IaaS credentials is now optimized to make use of file system information instead of calculating a hash of the credentials to detect changes. by @renormalize [gardener/etcd-backup-restore#670][OPERATOR]
A regression in chunk deletion behavior for openstack provider has now been fixed. by @shreyas-s-rao [gardener/etcd-backup-restore#703][OPERATOR]
Add unit tests for chunk deletion by @anveshreddy18 [gardener/etcd-backup-restore#685][USER]
Add support for overriding storage API endpoint for provider GCS, by setting environment variable GOOGLE_STORAGE_API_ENDPOINT
, with the value in the format http[s]://host[:port]/storage/v1/
. ⚠️ Note: GCS storage API endpoint will not be overridden for copy
subcommand, since backup buckets may reside in different regions. by @shreyas-s-rao [gardener/etcd-backup-restore#691]eu.gcr.io/gardener-project/gardener/admission-controller:v1.86.1
eu.gcr.io/gardener-project/gardener/apiserver:v1.86.1
eu.gcr.io/gardener-project/gardener/controller-manager:v1.86.1
eu.gcr.io/gardener-project/gardener/gardenlet:v1.86.1
eu.gcr.io/gardener-project/gardener/node-agent:v1.86.1
eu.gcr.io/gardener-project/gardener/operator:v1.86.1
eu.gcr.io/gardener-project/gardener/resource-manager:v1.86.1
eu.gcr.io/gardener-project/gardener/scheduler:v1.86.1
Published by gardener-robot-ci-1 10 months ago
[OPERATOR]
All virtual garden access Secrets have to be labeled with with resources.gardener.cloud/class=shoot
. Otherwise the virtual-GRM won't consider the Secrets and won't renew them. by @rfranzke [#8883][OPERATOR]
The ContainerdRegistryHostsDir
feature gate has been promoted to beta and is now turned on by default. by @ialidzhikov [#8873][DEVELOPER]
Support for the deprecated NetworkPolicy
annotations networking.resources.gardener.cloud/from-policy-allowed-ports
and networking.resources.gardener.cloud/from-policy-pod-label-selector
has been removed. Use networking.resources.gardener.cloud/from-<some-alias>-allowed-ports
instead (documentation). by @rfranzke [#8883][DEVELOPER]
The local Gardener environments for e2e tests running in Prow are now backed by the registry-cache
extensions enabled in the Prow cluster. This should have a positive impact on the network I/O for image pulls and resulting costs. by @oliver-goetz [#8880][OPERATOR]
The WorkerlessShoots
has been promoted to GA and is now locked to "enabled by default". by @acumino [#8906][USER]
It is now possible to configure the resources encrypted in the ETCD for shoot clusters, see this document for more details. by @shafeeqes [#8842][USER]
The shoots/viewerkubeconfig
subresource now also restricts viewer access to resources which are specified in the spec.kubernetes.kubeAPIServer.encryptionConfig
in the Shoot in addition to Secrets
. by @shafeeqes [#8966][USER]
It is now possible to request a kubeconfig with read-only access (all APIs except core/v1.Secret
) for shoot clusters by using the new shoots/viewerkubeconfig
subresource. Read all about it here. by @rfranzke [#8870][OPERATOR]
The vpn-seed-server
component now supports IPv4 seed clusters hosting IPv6 shoot clusters. by @DockToFuture [#8830][OPERATOR]
It is now possible to configure the resources encrypted in the ETCD for the virtual garden cluster, see this document for more details. by @shafeeqes [#8842][DEPENDENCY]
extension library: An issue causing the Worker restore operation to fail for hibernated Shoots is now fixed. by @ialidzhikov [#8943][OPERATOR]
A bug causing the Shoot to use the wrong istio load balancer if the ExposureClass
name and the exposureclass handler name are not the same is now fixed. by @shafeeqes [#8926][OPERATOR]
Fixed a bug where a Shoot with an expired machine image or Kubernetes version could be created.[OPERATOR]
gardener-node-agent
's OperatingSystemConfig
controller now respects the reconciliation timeout and aborts the reconciliation if it takes too long. by @rfranzke [#8907][OPERATOR]
gardener-node-agent
now creates temporary directories and files under /var/lib/gardener-node-agent/tmp
instead of /tmp
. This fixes issues during OperatingSystemConfig
reconciliation which occur when /var
and /tmp
are backed by different file systems or devices. by @rfranzke [#8894][OPERATOR]
gardener-node-agent
now skips disablement and stop attempts of deleted units in case their unit files have already been cleaned up by third parties. by @rfranzke [#8898][OPERATOR]
gardener-node-agent
now converts the hostname to lower case to match kubelet
behaviour when it maintains the kubernetes.io/hostname
label on Node
s. by @rfranzke [#8902][OPERATOR]
gardener-node-agent
now stops waiting for systemd
command results if they don't respond back after 10s
. by @rfranzke [#8919][OPERATOR]
Add unhealthy nodes dashboard. by @adenitiu [#8869][OPERATOR]
Add egressCIDRs
field to the infrastructureStatus resource. This allows provider-extensions to specify a list of stable CIDRs used as source IP for traffic generated by the shoot's worker nodes. by @kon-angelo [#8888][DEVELOPER]
Add support for optional SCRIPT_ROOT
environment var in vgopath
enabled hack scripts by @afritzler [#8935][OPERATOR]
Change OCI Image Registry from GCR (eu.gcr.io/gardener-project
) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases
). Users should update their references. by @ccwienk [gardener/vpn2#62][OPERATOR]
added ipv6 single-stack support by @nschad [gardener/vpn2#45][OPERATOR]
Add iptables backend detection to firewall script. by @axel7born [gardener/vpn2#64][OPERATOR]
Remove the optional creation of iptables rules and the flag--setup-iptables
. by @axel7born [gardener/apiserver-proxy#70][OPERATOR]
Metrics are exported for pending shoots as well. by @timebertt [gardener/gardener-metrics-exporter#91]eu.gcr.io/gardener-project/gardener/admission-controller:v1.86.0
eu.gcr.io/gardener-project/gardener/apiserver:v1.86.0
eu.gcr.io/gardener-project/gardener/controller-manager:v1.86.0
eu.gcr.io/gardener-project/gardener/gardenlet:v1.86.0
eu.gcr.io/gardener-project/gardener/node-agent:v1.86.0
eu.gcr.io/gardener-project/gardener/operator:v1.86.0
eu.gcr.io/gardener-project/gardener/resource-manager:v1.86.0
eu.gcr.io/gardener-project/gardener/scheduler:v1.86.0
Published by gardener-robot-ci-1 10 months ago
[OPERATOR]
gardener-node-agent
now converts the hostname to lower case to match kubelet
behaviour when it maintains the kubernetes.io/hostname
label on Node
s. by @rfranzke [#8903][OPERATOR]
gardener-node-agent
now skips disablement and stop attempts of deleted units in case their unit files have already been cleaned up by third parties. by @rfranzke [#8900][OPERATOR]
gardener-node-agent
now creates temporary directories and files under /var/lib/gardener-node-agent/tmp
instead of /tmp
. This fixes issues during OperatingSystemConfig
reconciliation which occur when /var
and /tmp
are backed by different file systems or devices. by @rfranzke [#8895][OPERATOR]
gardener-node-agent
's OperatingSystemConfig
controller now respects the reconciliation timeout and aborts the reconciliation if it takes too long. by @rfranzke [#8908][DEPENDENCY]
extension library: An issue causing the Worker restore operation to fail for hibernated Shoots is now fixed. by @ialidzhikov [#8949][DEVELOPER]
Add support for optional SCRIPT_ROOT
environment var in vgopath
enabled hack scripts by @afritzler [#8948][OPERATOR]
gardener-node-agent
now stops waiting for systemd
command results if they don't respond back after 10s
. by @rfranzke [#8920]eu.gcr.io/gardener-project/gardener/admission-controller:v1.85.1
eu.gcr.io/gardener-project/gardener/apiserver:v1.85.1
eu.gcr.io/gardener-project/gardener/controller-manager:v1.85.1
eu.gcr.io/gardener-project/gardener/gardenlet:v1.85.1
eu.gcr.io/gardener-project/gardener/node-agent:v1.85.1
eu.gcr.io/gardener-project/gardener/operator:v1.85.1
eu.gcr.io/gardener-project/gardener/resource-manager:v1.85.1
eu.gcr.io/gardener-project/gardener/scheduler:v1.85.1
Published by gardener-robot-ci-3 10 months ago
[DEPENDENCY]
extension library: An issue causing the Worker restore operation to fail for hibernated Shoots is now fixed. by @ialidzhikov [#8950][DEVELOPER]
Add support for optional SCRIPT_ROOT
environment var in vgopath
enabled hack scripts by @afritzler [#8944]eu.gcr.io/gardener-project/gardener/admission-controller:v1.84.2
eu.gcr.io/gardener-project/gardener/apiserver:v1.84.2
eu.gcr.io/gardener-project/gardener/controller-manager:v1.84.2
eu.gcr.io/gardener-project/gardener/gardenlet:v1.84.2
eu.gcr.io/gardener-project/gardener/node-agent:v1.84.2
eu.gcr.io/gardener-project/gardener/operator:v1.84.2
eu.gcr.io/gardener-project/gardener/resource-manager:v1.84.2
eu.gcr.io/gardener-project/gardener/scheduler:v1.84.2
Published by gardener-robot-ci-1 10 months ago
[DEPENDENCY]
extension library: An issue causing the Worker restore operation to fail for hibernated Shoots is now fixed. by @ialidzhikov [#8951]eu.gcr.io/gardener-project/gardener/admission-controller:v1.83.3
eu.gcr.io/gardener-project/gardener/apiserver:v1.83.3
eu.gcr.io/gardener-project/gardener/controller-manager:v1.83.3
eu.gcr.io/gardener-project/gardener/gardenlet:v1.83.3
eu.gcr.io/gardener-project/gardener/node-agent:v1.83.3
eu.gcr.io/gardener-project/gardener/operator:v1.83.3
eu.gcr.io/gardener-project/gardener/resource-manager:v1.83.3
eu.gcr.io/gardener-project/gardener/scheduler:v1.83.3
Published by gardener-robot-ci-2 11 months ago
[OPERATOR]
Fix a restoration failure which can occurs due to an etcd database space exceeds during restoration. by @ishan16696 [gardener/etcd-backup-restore#668][OPERATOR]
Making etcd-backup-restore restart tolerant while scaling-up an etcd cluster. by @ishan16696 [gardener/etcd-backup-restore#661][OPERATOR]
Enhanced Garbage Collector to garbage collect the chunks for cloud providers like GCP and OpenStack which does not automatically delete snapshot chunks after the formation of a composite object. by @anveshreddy18 [gardener/etcd-backup-restore#673][USER]
The snapshots are fetched from the actual backend store when queried for latest snapshots on /snapshot/latest
endpoint. by @abdasgupta [gardener/etcd-backup-restore#675][DEPENDENCY]
The webhookcmd.NewAddToManagerSimpleOptions
function was removed, please use webhookcmd.NewAddToManagerOptions
instead. by @timuthy [#8725][DEPENDENCY]
The extensionswebhook.New
forbids to pass mutators
and validators
at the same time. Please use separate webhooks for validating and mutating actions if required. by @timuthy [#8725][OPERATOR]
All the functionality related to the deprecated field seed.spec.secretRef
has been removed and subsequently seed.spec.secretRef
will be dropped from the Seed API in a later release of Gardener. Please check your Seed
s and remove any usage before upgrading to this Gardener version. by @acumino [#8833][USER]
With this PR, the plutono UI will be able to fetch newer logs only. The older logs, which are submitted via the tenant operator will not be visible in the UI. To access the older logs, for the standard log retention period , either set the --org-id
parameter for valicli
or the X-Scope-Org
http request header for curl
or wget
needs to be supplied to fetch them, using the port-forwarded service to the vali
target. by @nickytd [#8800][DEVELOPER]
The extension webhook registration does now differentiate between mutating and validating actions and creates matching ValidatingWebhookConfigration
or MutatingWebhookConfiguration
objects. Earlier, only MutatingWebhookConfiguration
s were created. by @timuthy [#8725][DEVELOPER]
The UseGardenerNodeAgent
feature gate is now enabled for the local development scenario. You can read more about gardener-node-agent
here. by @rfranzke [#8847][DEVELOPER]
Add full single-stack IPv6 support for gardener provider-local by @nschad [#8574][DEPENDENCY]
Webhook registration webhookcmd.NewAddToManagerOptions
can now be used for admission controllers performing validation and mutation in the Garden cluster. This option automatically creates and maintains required {Mutating,Validating}WebhookConfiguration
objects as well as comes with an automated management for CA and server certificates. by @timuthy [#8725][OPERATOR]
gardenlet'
s Shoot
care controller now garbage-collects orphaned Lease
objects related to no longer existing Node
s - see this upstream issue for more details. by @rfranzke [#8817][OPERATOR]
A bug has been fixed which prevented shoot reconciliations in case the old system:machine-controller-manager-seed
ClusterRole
was still referenced in the RoleBinding
for machine-controller-manager
. by @himanshu-kun [#8816][OPERATOR]
A bug causing EveryNodeReady
condition to be added in workerless shoot status if gardenlet of the given shoot's seed becomes unhealthy is fixed. by @gardener-ci-robot [#8889][OPERATOR]
A bug in the Seed
care controller has been fixed which caused the Seed
to remain in NotReady
state when vali
was disabled in gardenlet
's component config (via .logging.vali.enabled=false
) while logging was enabled (.logging.enabled=true
). by @rfranzke [#8840][OPERATOR]
Federate non-namespaced metrics, e.g. kube_node_spec_taint, kube_node_spec_unschedulable. by @adenitiu [#8850][OPERATOR]
The Version of Istio is up-dated to 1.19.3 by @axel7born [#8723][OPERATOR]
showing kubelet version and OS image version in Plutono Node/Worker Pool overview dashboard by @tedteng [#8757][OPERATOR]
The gardener-resource-manager
deployment procedure was improved. Earlier, GRM was unnecessarily rolled during shoot reconciliation if worker nodes contained custom taints. by @timuthy [#8835][OPERATOR]
Update vertical-pod-autoscaler to 1.0.0. This introduces the /status
subresource on VPA objects. by @voelzmo [#8852][USER]
Document whether is an error in the shoot.status
is a user error or not. by @hendrikKahl [#8758][DEVELOPER]
Added e2e test for compaction. by @abdasgupta [gardener/etcd-druid#723][OPERATOR]
Compaction job now reconciles on Job Status changes along with the holder identity changes in snapshot leases. by @abdasgupta [gardener/etcd-druid#711][DEVELOPER]
Added documentation and sample configurations for simplifying Localstack setup, making it easier for developers to create a local testing environment using a Kind cluster. by @seshachalam-yv [gardener/etcd-druid#713][OPERATOR]
Local storage provider for backups is now supported for snapshot compaction jobs. by @abdasgupta [gardener/etcd-druid#682][OPERATOR]
Update alpine image version to 3.18.4
. by @shreyas-s-rao [gardener/etcd-druid#724][OPERATOR]
Updated the recovery from permanent quorum loss ops guide. by @ishan16696 [gardener/etcd-druid#697]eu.gcr.io/gardener-project/gardener/admission-controller:v1.85.0
eu.gcr.io/gardener-project/gardener/apiserver:v1.85.0
eu.gcr.io/gardener-project/gardener/controller-manager:v1.85.0
eu.gcr.io/gardener-project/gardener/gardenlet:v1.85.0
eu.gcr.io/gardener-project/gardener/node-agent:v1.85.0
eu.gcr.io/gardener-project/gardener/operator:v1.85.0
eu.gcr.io/gardener-project/gardener/resource-manager:v1.85.0
eu.gcr.io/gardener-project/gardener/scheduler:v1.85.0
Published by gardener-robot-ci-2 11 months ago
[OPERATOR]
Updated alpine image to version 3.18.4
. by @plkokanov [#8858]eu.gcr.io/gardener-project/gardener/admission-controller:v1.84.1
eu.gcr.io/gardener-project/gardener/apiserver:v1.84.1
eu.gcr.io/gardener-project/gardener/controller-manager:v1.84.1
eu.gcr.io/gardener-project/gardener/gardenlet:v1.84.1
eu.gcr.io/gardener-project/gardener/node-agent:v1.84.1
eu.gcr.io/gardener-project/gardener/operator:v1.84.1
eu.gcr.io/gardener-project/gardener/resource-manager:v1.84.1
eu.gcr.io/gardener-project/gardener/scheduler:v1.84.1
Published by gardener-robot-ci-3 11 months ago
[DEVELOPER]
A bug causing the crd generation for druid.gardener.cloud
group to fail in extensions is now fixed. by @shafeeqes [#8789][OPERATOR]
NewClientForShoot
creates a client with a rest mapper using LazyDiscovery
. by @acumino [#8781]eu.gcr.io/gardener-project/gardener/admission-controller:v1.83.2
eu.gcr.io/gardener-project/gardener/apiserver:v1.83.2
eu.gcr.io/gardener-project/gardener/controller-manager:v1.83.2
eu.gcr.io/gardener-project/gardener/gardenlet:v1.83.2
eu.gcr.io/gardener-project/gardener/node-agent:v1.83.2
eu.gcr.io/gardener-project/gardener/operator:v1.83.2
eu.gcr.io/gardener-project/gardener/resource-manager:v1.83.2
eu.gcr.io/gardener-project/gardener/scheduler:v1.83.2
Published by gardener-robot-ci-1 11 months ago
[OPERATOR]
Removes node.machine.sapcloud.io/not-managed-by-mcm
annotation from nodes managed by the MCM. by @elankath [gardener/machine-controller-manager#866][OPERATOR]
The default machine-safety-orphan-vms-period
has been reduced from 30m to 15m. by @elankath [gardener/machine-controller-manager#866][DEVELOPER]
New Secret
s referenced in ManagedResource
s will no longer be patched with the label resources.gardener.cloud/garbage-collectable-reference
when the ManagedResource
is reconciled. Secret
s which already exist in the ManagedResource
specification will still be patched if necessary. by @dimityrmirchev [#8788][OPERATOR]
⚠️ The deprecated fields spec.settings.dependencyWatchdog.endpoint
and spec.settings.dependencyWatchdog.probe
have been removed from the Seed API. Please check your Seed
s and remove any usage before upgrading to this Gardener version. by @himanshu-kun [#8747][USER]
A validation rule was added that forbids changing the primary DNS provider in .spec.dns.providers
as soon as the shoot was scheduled. by @timuthy [#8761][DEVELOPER]
The Secret
reconciler in gardener-resource-manager
will now always remove its finalizer (if present). by @Kostov6 [#8745][DEVELOPER]
Vendoring has been removed from the project, i.e., there is no vendor
folder anymore. by @afritzler [#8775][OPERATOR]
The deltaSnapshotRetentionPeriod
parameter has been introduced in the etcdConfig
section of the GardenletConfiguration
. This new feature allows users to configure the retention period for delta snapshots in the ETCD component. By making the delta snapshot retention period configurable, we provide a more flexible debugging experience. Delta snapshots can now be retained for a user-defined duration, offering a valuable window for reviewing changes in case of any issues. by @seshachalam-yv [#8659][OPERATOR]
Enabled the node-exporter
's textfile collector. It will parse files matching the *.prom
glob in the /var/lib/node-exporter/textfile-collector
directory and load metrics from them so that they can be scraped by prometheus. by @plkokanov [#8721][OPERATOR]
Condition handling was improved for Shoot
s of ManagedSeed
s. Earlier, when unknown conditions were removed from seeds (e.g. maintained by third-party components), the affected condition was still present in the shoot's conditions. by @timuthy [#8736][USER]
The kube-controller-manager
controllers are now disabled based on disabled APIs, which can be configured with spec.kubernetes.kubeAPIServer.runtimeConfig
field in the Shoot API. All controllers are enabled by default for Shoot with workers. For workerless Shoots, some non-required APIs are disabled by default, which can be overridden by the above configuration. by @shafeeqes [#8763][DEVELOPER]
Use ginkgolinter
instead of self baked gomegacheck
by @afritzler [#8769][DEVELOPER]
A bug causing the crd generation for druid.gardener.cloud
group to fail in extensions is now fixed. by @shafeeqes [#8789][OPERATOR]
During the restore
phase of control plane migration, the machine-controller-manager
is deployed with 0 replicas if it did not exist before or if it existed and was not scaled up yet. This fixes an issue that could cause the Shoot
's nodes to get recreated during control plane migration. by @plkokanov [#8742][OPERATOR]
Control plane components kube-apiserver
, kube-controller-manager
and kube-scheduler
now run as nonroot
user and group 65532
. by @AleksandarSavchev [#8690][OPERATOR]
The credentials (CA) rotation has been made more robust. In some cases, the Shoot
reconciliation stuck at Deploying main and events etcd
when the rotation was in Preparing
phase. by @timuthy [#8795][OPERATOR]
Control plane components kube-apiserver
, kube-controller-manager
and kube-scheduler
now mount key
files with DefaultMode
set to 416
(0640
permissions). by @AleksandarSavchev [#8790][OPERATOR]
Plutono is updated to v7.5.26.[OPERATOR]
The registry of the prometheus-operator image is switched from ghcr (ghcr.io/prometheus-operator/prometheus-config-reloader
) to quay.io
(quay.io/prometheus-operator/prometheus-config-reloader
) because the ghcr does not support image pulls over IPv6. by @ialidzhikov [#8751][OPERATOR]
gardener-apiserver
and gardener-admission-controller
now mount key
files with DefaultMode
set to 416
(0640
permissions). by @AleksandarSavchev [#8790][OPERATOR]
NewClientForShoot
creates a client with a rest mapper using LazyDiscovery
. by @acumino [#8781][OPERATOR]
Shoot control plane prometheus is now scraping kubelet volume metrics (kubelet_volume_stats_available_bytes
, kubelet_volume_stats_capacity_bytes
and kubelet_volume_stats_used_bytes
) from the kube-system namespace. This allows Gardener extensions deploying PVCs to the Shoot's kube-system namespace (such as the registry-cache extension) to build alerting and plutono dashboard panels using these kubelet volume metrics. by @ialidzhikov [#8798][OPERATOR]
Prepare shared component_descriptor
script for migration from GCR to Artifact Registry. by @ccwienk [#8755][OPERATOR]
metrics exposed by cluster autoscaler
now scraped by prometheus
by @aaronfern [#8750][DEVELOPER]
The component checklist is enhanced with 2 new rules for container images:
eu.gcr.io/gardener-project/gardener/admission-controller:v1.84.0
eu.gcr.io/gardener-project/gardener/apiserver:v1.84.0
eu.gcr.io/gardener-project/gardener/controller-manager:v1.84.0
eu.gcr.io/gardener-project/gardener/gardenlet:v1.84.0
eu.gcr.io/gardener-project/gardener/node-agent:v1.84.0
eu.gcr.io/gardener-project/gardener/operator:v1.84.0
eu.gcr.io/gardener-project/gardener/resource-manager:v1.84.0
eu.gcr.io/gardener-project/gardener/scheduler:v1.84.0
Published by gardener-robot-ci-3 11 months ago
[OPERATOR]
machine-controller-manager RBAC in the Shoot cluster does now allow MCM to delete volumeattachments. MCM provider extensions vendoring machine-controller-manager >= v0.50.0 (ref https://github.com/gardener/machine-controller-manager/pull/839) need to delete volumeattachments. by @ialidzhikov [#8774][DEVELOPER]
A bug causing the crd generation for druid.gardener.cloud
group to fail in extensions is now fixed. by @shafeeqes [#8789][OPERATOR]
NewClientForShoot
creates a client with a rest mapper using LazyDiscovery
. by @acumino [#8781]eu.gcr.io/gardener-project/gardener/admission-controller:v1.82.3
eu.gcr.io/gardener-project/gardener/apiserver:v1.82.3
eu.gcr.io/gardener-project/gardener/controller-manager:v1.82.3
eu.gcr.io/gardener-project/gardener/gardenlet:v1.82.3
eu.gcr.io/gardener-project/gardener/operator:v1.82.3
eu.gcr.io/gardener-project/gardener/resource-manager:v1.82.3
eu.gcr.io/gardener-project/gardener/scheduler:v1.82.3
Published by gardener-robot-ci-3 11 months ago
[OPERATOR]
machine-controller-manager RBAC in the Shoot cluster does now allow MCM to delete volumeattachments. MCM provider extensions vendoring machine-controller-manager >= v0.50.0 (ref https://github.com/gardener/machine-controller-manager/pull/839) need to delete volumeattachments. by @ialidzhikov [#8774][OPERATOR]
NewClientForShoot
creates a client with a rest mapper using LazyDiscovery
. by @acumino [#8781]eu.gcr.io/gardener-project/gardener/admission-controller:v1.81.7
eu.gcr.io/gardener-project/gardener/apiserver:v1.81.7
eu.gcr.io/gardener-project/gardener/controller-manager:v1.81.7
eu.gcr.io/gardener-project/gardener/gardenlet:v1.81.7
eu.gcr.io/gardener-project/gardener/operator:v1.81.7
eu.gcr.io/gardener-project/gardener/resource-manager:v1.81.7
eu.gcr.io/gardener-project/gardener/scheduler:v1.81.7
Published by gardener-robot-ci-2 12 months ago
[OPERATOR]
machine-controller-manager RBAC in the Shoot cluster does now allow MCM to delete volumeattachments. MCM provider extensions vendoring machine-controller-manager >= v0.50.0 (ref https://github.com/gardener/machine-controller-manager/pull/839) need to delete volumeattachments. by @ialidzhikov [#8774]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.83.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.83.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.83.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.83.1
node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.83.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.83.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.83.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.83.1
Published by gardener-robot-ci-1 12 months ago
no release notes available
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.81.6
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.81.6
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.81.6
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.81.6
operator: eu.gcr.io/gardener-project/gardener/operator:v1.81.6
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.81.6
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.81.6
Published by gardener-robot-ci-1 12 months ago
[DEPENDENCY]
The hack/check-docforge.sh
script is now removed. The repo based manifest are removed in favor of a centrally managed manifests. See https://github.com/gardener/documentation/issues/431. The manifests are now maintained centrally in https://github.com/gardener/documentation/tree/master/.docforge. by @Kostov6 [#8692][USER]
Validation has been added for spec.kubernetes.kubeAPIServer.runtimeConfig
field in the Shoot API. Disabling APIs marked as "Required" by gardener is not permitted. by @shafeeqes [#8695][OPERATOR]
CloudProfiles allow configuring update strategies {patch, minor, major} for machine images that affect update behavior during auto and force update. by @danielfoehrKn [#8275][OPERATOR]
A bug has been fixed which caused ServiceAccount
s related to garden access secrets for extensions to leak in the seed namespace in the garden cluster after uninstallation of said extensions. by @rfranzke [#8697][OPERATOR]
A bug causing the managedseed controller to error if the controller restarts and the seed secret is already deleted is now fixed. by @shafeeqes [#8699][OPERATOR]
An issue causing the etcd-backup
Secret to be wrongly deleted for a Shoot cluster due to stale BackupEntry deletion from a previous Shoot creation with the same name is now fixed. by @Kostov6 [#8709][OPERATOR]
An issue has been fixed that prevented setting the UnauthenticatedHTTP2DOSMitigation
feature gate. by @timuthy [#8732][OPERATOR]
Add memory and cpu limits (maxAllowed) to Prometheus (H)VPAs. by @rickardsjp [#8694][OPERATOR]
nginx-ingress-controller
image is updated to v1.9.4
. by @shafeeqes [#8727][OPERATOR]
Partial Shoot maintenance errors are now reported as events on the Shoot and in the Shoot's LastMaintenance
status. by @danielfoehrKn [#8275][OPERATOR]
With this release the obervability compoents are updated to the latest release versions. Plutono is now at v2.5.25 and Vali is now at v2.2.9 by @nickytd [#8689][OPERATOR]
The .status.lastOperation
in core.gardener.cloud/v1beta1.Seed
and operator.gardener.cloud/v1alpha1.Garden
resources is now only updated each 5s
during a reconciliation. Previously, it was updated immediately when a task was finished. by @rfranzke [#8705][OPERATOR]
The testmachinery tests now use AdminKubeconfig
of the Shoot
s of ManagedSeed
s to create seed client. by @shafeeqes [#8698][OPERATOR]
APIServer validation allows updating to expired Kubernetes and machine image versions. by @danielfoehrKn [#8275][OPERATOR]
Alpine image used in init containers is now part of the IMAGEVECTOR_OVERWRITE by @aaronfern [gardener/etcd-druid#714]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.83.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.83.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.83.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.83.0
node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.83.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.83.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.83.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.83.0
Published by gardener-robot-ci-1 12 months ago
[OPERATOR]
An issue has been fixed that prevented setting the UnauthenticatedHTTP2DOSMitigation
feature gate. by @timuthy [#8737]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.82.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.82.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.82.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.82.2
operator: eu.gcr.io/gardener-project/gardener/operator:v1.82.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.82.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.82.2
Published by gardener-robot-ci-1 12 months ago
[OPERATOR]
An issue has been fixed that prevented setting the UnauthenticatedHTTP2DOSMitigation
feature gate. by @timuthy [#8738]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.81.5
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.81.5
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.81.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.81.5
operator: eu.gcr.io/gardener-project/gardener/operator:v1.81.5
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.81.5
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.81.5
Published by gardener-robot-ci-2 12 months ago
[OPERATOR]
An issue has been fixed that prevented setting the UnauthenticatedHTTP2DOSMitigation
feature gate. by @timuthy [#8739]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.80.7
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.80.7
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.80.7
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.80.7
operator: eu.gcr.io/gardener-project/gardener/operator:v1.80.7
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.80.7
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.80.7
Published by gardener-robot-ci-3 12 months ago
[OPERATOR]
A bug causing the managedseed controller to error if the controller restarts and the seed secret is already deleted is now fixed. by @shafeeqes [#8699][OPERATOR]
A bug has been fixed which caused ServiceAccount
s related to garden access secrets for extensions to leak in the seed namespace in the garden cluster after uninstallation of said extensions. by @rfranzke [#8697][OPERATOR]
github.com/gardener/etcd-druid #714 @aaronfern[OPERATOR]
The testmachinery tests now use AdminKubeconfig
of the Shoot
s of ManagedSeed
s to create seed client. by @shafeeqes [#8698]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.82.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.82.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.82.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.82.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.82.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.82.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.82.1
Published by gardener-robot-ci-2 12 months ago
[OPERATOR]
A bug causing the managedseed controller to error if the controller restarts and the seed secret is already deleted is now fixed. by @shafeeqes [#8699][OPERATOR]
A bug has been fixed which caused ServiceAccount
s related to garden access secrets for extensions to leak in the seed namespace in the garden cluster after uninstallation of said extensions. by @rfranzke [#8697][OPERATOR]
The testmachinery tests now use AdminKubeconfig
of the Shoot
s of ManagedSeed
s to create seed client. by @shafeeqes [#8698]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.81.4
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.81.4
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.81.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.81.4
operator: eu.gcr.io/gardener-project/gardener/operator:v1.81.4
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.81.4
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.81.4