Kubernetes-native system managing the full lifecycle of conformant Kubernetes clusters as a service on Alicloud, AWS, Azure, GCP, OpenStack, vSphere, KubeVirt, Hetzner, EquinixMetal, MetalStack, and OnMetal with minimal TCO.
OTHER License
Bot releases are hidden (Show)
Published by gardener-robot-ci-3 12 months ago
[OPERATOR]
A bug causing the managedseed controller to error if the controller restarts and the seed secret is already deleted is now fixed. by @shafeeqes [#8699][OPERATOR]
A bug has been fixed which caused ServiceAccount
s related to garden access secrets for extensions to leak in the seed namespace in the garden cluster after uninstallation of said extensions. by @rfranzke [#8697][OPERATOR]
The testmachinery tests now use AdminKubeconfig
of the Shoot
s of ManagedSeed
s to create seed client. by @shafeeqes [#8698]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.80.6
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.80.6
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.80.6
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.80.6
operator: eu.gcr.io/gardener-project/gardener/operator:v1.80.6
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.80.6
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.80.6
Published by gardener-robot-ci-1 about 1 year ago
[OPERATOR]
An issue has been fixed which was causing a broken ControlPlaneHealthy
condition report for Shoot
s when the MachineControllerManagerDeployment
feature gate gets enabled until their next reconciliation. by @rfranzke [#8663][OPERATOR]
The following Golang dependencies have been updated:
k8s.io/*
from v0.28.2
to v0.28.3
sigs.k8s.io/controller-runtime
from v0.16.2
to v0.16.3
by @rfranzke [#8680][OPERATOR]
Kubernetes feature gate UnauthenticatedHTTP2DOSMitigation
is considered valid for versions >= 1.25
. by @gardener-ci-robot [#8672]apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.80.5
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.80.5
operator: eu.gcr.io/gardener-project/gardener/operator:v1.80.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.80.5
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.80.5
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.80.5
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.80.5
Published by gardener-robot-ci-1 about 1 year ago
[OPERATOR]
Kubernetes feature gate UnauthenticatedHTTP2DOSMitigation
is considered valid for versions >= 1.25
. by @gardener-ci-robot [#8671][OPERATOR]
The following Golang dependencies have been updated:
k8s.io/*
from v0.28.2
to v0.28.3
sigs.k8s.io/controller-runtime
from v0.16.2
to v0.16.3
by @rfranzke [#8681]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.81.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.81.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.81.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.81.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.81.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.81.3
operator: eu.gcr.io/gardener-project/gardener/operator:v1.81.3
Published by gardener-robot-ci-2 about 1 year ago
[DEPENDENCY]
The deprecated ChartRenderer.Render
and ChartApplier.{Apply,Delete}
methods have been dropped. Use ChartRendere.RenderEmbeddedFS
and ChartApplier.{Apply,Delete}FromEmbeddedFS
instead. by @rfranzke [#8540][DEPENDENCY]
The hack/generate-crds.sh
script now receives the file name prefix via the -p
option (previously, the prefix was the first argument to the script). by @rfranzke [#8560][DEPENDENCY]
The no longer required --gardenlet-manages-mcm
option has been removed. All code in provider extensions related to management/deployment of machine-controller-manager
should be removed. by @rfranzke [#8596][DEPENDENCY]
The deprecated core.gardener.cloud/apiserver-exposure
label and handling has been dropped. by @rfranzke [#8540][DEPENDENCY]
Provider extensions must now pass the cluster.Cluster
object for the garden cluster to the genericactuator.NewActuator
function. See this for an example how to create such a cluster.Cluster
object. by @rfranzke [#8559][OPERATOR]
Before upgrading to this Gardener versions, you must make sure that the Service
s of all registered provider extensions serving webhooks for the shoot cluster are annotated with networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports=[{"protocol":"TCP","port":<port>}]
, networking.resources.gardener.cloud/namespace-selectors=[{"matchLabels":{"gardener.cloud/role":"shoot"}}]
, and networking.resources.gardener.cloud/pod-label-selector-namespace-alias=extensions
. by @rfranzke [#8540][DEVELOPER]
Methods SkipIf
and DoIf
for TaskFn
have been dropped. A new field SkipIf
is introduced in Task
, If set to true the task will be skipped and will also not be reported by the progress reporter. by @acumino [#8541][DEVELOPER]
The pkg/utils/secrets
package now signs certificates with 3072 bit RSA keys. by @dimityrmirchev [#8635][DEVELOPER]
During the Migrate
phase of a control plane migration of a Shoot
, the state is now only persisted after all extension resources have been migrated. Consequently, make sure that you have added all state to the .status.state
field of the respective extension object when running Migrate()
. by @rfranzke [#8559][DEVELOPER]
A generate-admin-kubeconf.sh
script which can be used to generate an admin kubeconfig for a local shoot cluster was added in the hack/usage
directory. by @dimityrmirchev [#8636][DEVELOPER]
The extensions/pkg/controller/operatingsystemconfig/oscommon
package is deprecated and will be removed as soon as the UseGardenerNodeAgent
feature gate has been promoted to GA. OS extension developers should start adapting to this new feature, see documentation and example based on provider-local
. by @rfranzke [#8647][OPERATOR]
The Worker
state reconciler has been dropped, i.e., updated provider extensions will no longer populate the machine state to the .status.state
field of Worker
resources. For a few releases, gardenlet
will no longer persist any still existing data in the .status.state
field of Worker
resources during a control plane migration of a Shoot
, and it will set .status.state
to nil
after a successful reconciliation or restore operation. by @rfranzke [#8559][OPERATOR]
Configure the value for the flag metrics-scrape-wait-duration
for compaction controller to set a wait duration at the end of every compaction job, to allow for metrics to be scraped by a Prometheus instance. by @abdasgupta [#8607][OPERATOR]
The MachineControllerManagerDeployment
has been promoted to GA and is now locked to "enabled by default". Make sure that all registered provider extensions support this feature gate before upgrading to this version of Gardener. by @rfranzke [#8596][OPERATOR]
The GA-ed DisableScalingClassesForShoots
feature gate has been removed. by @rfranzke [#8596][OPERATOR]
maxSurge
for kube-apiserver
and gardener-apiserver
of the virtual garden cluster is set to 100%
. by @oliver-goetz [#8640][OPERATOR]
The kube-apiserver
no longer mounts root CA bundles from the underlying host. by @dimityrmirchev [#8645][USER]
Gardener now uses 3072 bit RSA keys in order to generate TLS certificates. by @dimityrmirchev [#8635][USER]
nginx-ingress-controller
now enables annotation validation. by @dimityrmirchev [#8644][DEPENDENCY]
The MachineClassKind()
, MachineClass()
, and MachineClassList()
methods have been dropped from the generic Worker
actuator's interface and do not need to be implemented anymore. by @rfranzke [#8559][OPERATOR]
gardener-operator
maintains the two most recent generic-token-kubeconfig
secrets in the runtime-cluster. In addition the latest secret name is published to the garden
resource in .metadata.annotations[generic-token-kubeconfig.secret.gardener.cloud/name]
. Third-party components referring to this secret should check this annotation value after a credentials or CA rotation for the virtual-garden cluster took place. by @timuthy [#8657][OPERATOR]
Feature gate APIServerFastRollout
for gardenlet
is introduced and enabled by default. When enabled, maxSurge
for kube-apiservers
of Shoot
s is set to 100%
. by @oliver-goetz [#8640][DEVELOPER]
It is now possible to annotate managed resources part of ManagedResource
objects with resources.gardener.cloud/finalize-deletion-after=<duration>
, e.g., resources.gardener.cloud/finalize-deletion-after=1h
. After this time, gardener-resource-manager
will forcefully delete the resource by removing their finalizers. by @rfranzke [#8584][DEVELOPER]
Change port of ssh reverse tunnel to 443 by @axel7born [#8606][USER]
Machine scale-up delay for new pods can now be configured for cluster-autoscaler
via the field .spec.kubernetes.clusterAutoscaler.newPodScaleupDelay
in the Shoot
API . by @aaronfern [#8590][USER]
Concurrent empty machines bulk deletion can now be configured for cluster-autoscaler
via the field .spec.kubernetes.clusterAutoscaler.maxEmptyBulkDelete
in the Shoot
API . by @aaronfern [#8590][DEVELOPER]
Use cgroupv2 fix for local-setup on macOS too. by @oliver-goetz [#8633][DEVELOPER]
Gardener base image is updated to gcr.io/distroless/static-debian12:nonroot
. by @oliver-goetz [#8628][DEPENDENCY]
nginx-ingress-controller
image is updated to v1.9.1
. by @dimityrmirchev [#8644][DEPENDENCY]
The skaffold version is updated from v2.7.0 to v2.8.0. by @dimitar-kostadinov [#8634][DEPENDENCY]
nginx-ingress-controller
image is updated to v1.9.3
. by @dimityrmirchev [#8650][OPERATOR]
Kubernetes feature gate UnauthenticatedHTTP2DOSMitigation
is considered valid for versions >= 1.25
. by @gardener-ci-robot [#8670][OPERATOR]
The regression is now fixed and the control plane logs shall be visible in the Plutono dashboards. by @nickytd [#8655][OPERATOR]
The following Golang dependencies have been updated:
k8s.io/*
from v0.28.2
to v0.28.3
sigs.k8s.io/controller-runtime
from v0.16.2
to v0.16.3
by @gardener-ci-robot [#8677][USER]
Added an example for AdminKubeconfigRequest
via the Python Kubernetes client. by @Shegox [#8651][USER]
Update golang 1.20.4 -> 1.21.3 by @axel7born [gardener/ext-authz-server#23][OPERATOR]
Remove unneeded Monitor function from iptables implementation by @axel7born [gardener/apiserver-proxy#54][OPERATOR]
Update golang image in verify step to 1.21.3. by @DockToFuture [gardener/apiserver-proxy#56][OPERATOR]
Update alpine base image version to 3.18.4. by @shreyas-s-rao [gardener/etcd-backup-restore#666]operator: eu.gcr.io/gardener-project/gardener/operator:v1.82.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.82.0
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.82.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.82.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.82.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.82.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.82.0
Published by gardener-robot-ci-3 about 1 year ago
[OPERATOR]
An issue has been fixed which was causing a broken ControlPlaneHealthy
condition report for Shoot
s when the MachineControllerManagerDeployment
feature gate gets enabled until their next reconciliation. by @rfranzke [#8664][DEPENDENCY]
nginx-ingress-controller
image is updated to v1.9.3
. by @gardener-ci-robot [#8658]Published by gardener-robot-ci-2 about 1 year ago
[OPERATOR]
The regression is now fixed and the control plane logs shall be visible in the Plutono dashboards. by @gardener-ci-robot [#8656][DEPENDENCY]
nginx-ingress-controller
image is updated to v1.9.1
. by @gardener-ci-robot [#8652]operator: eu.gcr.io/gardener-project/gardener/operator:v1.81.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.81.1
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.81.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.81.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.81.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.81.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.81.1
Published by gardener-robot-ci-1 about 1 year ago
[OPERATOR]
Fixed a possibility for the migrate
phase of control plane migration to become permanently stuck if the shoot was created when the MachineControllerManagerDeployment
feature gate is disabled, control plane migration is triggered for the shoot and the feature gate is enabled during the migration phase. by @gardener-ci-robot [#8571]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.79.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.79.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.79.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.79.3
operator: eu.gcr.io/gardener-project/gardener/operator:v1.79.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.79.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.79.3
Published by gardener-robot-ci-2 about 1 year ago
no release notes available
Published by gardener-robot-ci-2 about 1 year ago
[OPERATOR]
Fixed a possibility for the migrate
phase of control plane migration to become permanently stuck if the shoot was created when the MachineControllerManagerDeployment
feature gate is disabled, control plane migration is triggered for the shoot and the feature gate is enabled during the migration phase. by @gardener-ci-robot [#8572]Published by gardener-robot-ci-1 about 1 year ago
[USER]
Update etcd-custom-image to v3.4.26-2
. by @shreyas-s-rao [gardener/etcd-druid#656][OPERATOR]
Etcd druid will now not support policy/v1beta1
for PodDisruptionBudget
s and will only use policy/v1
for PodDisruptionBudget
s by @aaronfern [gardener/etcd-druid#681][OPERATOR]
custodian-sync-period
value is set to 15s
in the Helm chart for etcd-druid. by @shreyas-s-rao [gardener/etcd-druid#688][OPERATOR]
Add new flag metrics-scrape-wait-duration
for compaction controller to set a wait duration at the end of every compaction job, to allow for metrics to be scraped by a Prometheus instance. by @abdasgupta [gardener/etcd-druid#686][OPERATOR]
Etcd snapshot compaction jobs will now be named <etcd-name>-compactor
for better readability for human operators. by @abdasgupta [gardener/etcd-druid#672][OPERATOR]
Introduce Spec.Backup.DeltaSnapshotRetentionPeriod
in the Etcd
resource to allow configuring retention period for delta snapshots. by @seshachalam-yv [gardener/etcd-druid#651][DEVELOPER]
Add support for Local
provider for e2e tests. by @shreyas-s-rao [gardener/etcd-druid#668][OPERATOR]
A bug causing incorrect volume mount path for Etcd
s and EtcdCopyBackupsTask
s using Local
snapshot storage provider while using distroless etcd-backup-restore image v0.25.x
has been resolved. by @aaronfern [gardener/etcd-druid#662][OPERATOR]
Custodian controller no longer watches leases owned by the etcd resources, thus reducing frequency of etcd status updates and now honouring custodian-sync-period
value. by @shreyas-s-rao [gardener/etcd-druid#688][OPERATOR]
Resolved an issue where the Custodian Controller was not updating the Replicas
field in the etcd
status to reflect the CurrentReplicas
from the StatefulSet status. This fix ensures consistent behavior with the etcd
Controller in Druid. by @seshachalam-yv [gardener/etcd-druid#701][OPERATOR]
A bug causing EtcdCopyBackupsTask
jobs to fail to create temp snapshot directory while using distroless etcd-backup-restore image v0.25.x
has been resolved. by @aaronfern [gardener/etcd-druid#662][OPERATOR]
Upgraded etcd-backup-restore
from v0.24.3
to v0.24.6
for etcd-custom-image
, and from v0.25.1
to v0.26.0
for etcd-wrapper
by @gardener-robot-ci-3 [gardener/etcd-druid#687][OPERATOR]
All default images are now present in images.yaml
by @aaronfern [gardener/etcd-druid#673][DEVELOPER]
Introduce DEPs (Druid Enhancement Proposals) for proposing large design changes in etcd-druid. by @shreyas-s-rao [gardener/etcd-druid#659][OPERATOR]
Introduce DEP-04 EtcdMember Custom Resource. by @shreyas-s-rao [gardener/etcd-druid#658][USER]
Introduce flag metrics-scrape-wait-duration
to etcdbrctl compact
command, that specifies a wait duration at the end of a snapshot compaction, to allow Prometheus to scrape metrics related to compaction before the etcdbrctl
process exits. by @abdasgupta [gardener/etcd-backup-restore#667][OPERATOR]
Etcd-backup-restore now uses the user home directory to create files. by @aaronfern [gardener/etcd-backup-restore#637][OPERATOR]
Etcd-backup-restore now uses a distroless image as its base image. It is no longer compatible with etcd-custom-image, and must be used with etcd-wrapper instead. by @aaronfern [gardener/etcd-backup-restore#637][OPERATOR]
Upgraded Ginkgo v1 to v2 and updated other dependencies by @seshachalam-yv [gardener/etcd-backup-restore#647][OPERATOR]
While scaling up a non-HA etcd cluster to HA skipping the scale-up checks for first member of etcd cluster as first member can never be a part of scale-up scenarios. by @ishan16696 [gardener/etcd-backup-restore#649][OPERATOR]
Bump alpine base version for Docker build to 3.18.2
. by @shreyas-s-rao [gardener/etcd-backup-restore#638][OPERATOR]
Backup-restore waits for its etcd to be ready before attempting to update peerUrl by @aaronfern [gardener/etcd-backup-restore#628][OPERATOR]
Introduced delta-snapshot-retention-period
CLI flag to extend the configurable retention period for delta snapshots in etcd-backup-restore
, enhancing flexibility for backup retention. by @seshachalam-yv [gardener/etcd-backup-restore#640][OPERATOR]
Revendors the bbolt from v1.3.6
to v1.3.7
by @ishan16696 [gardener/etcd-backup-restore#659][DEVELOPER]
Add CVE categorization for etcd-backup-restore. by @shreyas-s-rao [gardener/etcd-backup-restore#644][OPERATOR]
Force drain and delete volume attachments for nodes un-healthy due to ReadOnlyFileSystem
and NotReady
for too long by @elankath [gardener/machine-controller-manager#839][OPERATOR]
Included UnavailableReplicas
in determining if a machine deployment status update is needed by @rishabh-11 [gardener/machine-controller-manager#833][OPERATOR]
An issue causing nil pointer panic on scaleup of the machinedeployment along with trigger of rolling update, is fixed by @acumino [gardener/machine-controller-manager#814][USER]
An edge case where outdated DesiredReplicas annotation blocked a rolling update is fixed. by @rishabh-11 [gardener/machine-controller-manager#821][DEVELOPER]
status.Status now captures underline cause, allowing consumers to introspect the error returned by the provider. WrapError() function could be used to wrap the provider error by @unmarshall [gardener/machine-controller-manager#842][DEVELOPER]
A new make target is introduced to add license headers. by @unmarshall [gardener/machine-controller-manager#845][DEVELOPER]
Bump k8s.io/*
deps to v0.27.2 by @afritzler [gardener/machine-controller-manager#820][DEVELOPER]
Removed dead metrics code and refactored the remaining metrics code by @himanshu-kun [gardener/machine-controller-manager#823][OPERATOR]
New metrics introduced:
[OPERATOR]
Updated to go v1.20.5 by @rishabh-11 [gardener/machine-controller-manager#827][OPERATOR]
Added a new metric that will allow to get the number of stale (due to unhealthiness) machines that are getting terminated by @jguipi [gardener/machine-controller-manager#808][OPERATOR]
Added errorCode
field in the LastOperation
struct. This should be implemented only for the CreateMachine
call in the triggerCreationFlow
. This field will be utilized by Cluster autoscaler to do early backoff by @rishabh-11 [gardener/machine-controller-manager#851][OPERATOR]
Makefile targets have changed: Introduced gardener-setup, gardener-restore, gardener-local-mcm-up, non-gardener-setup, non-gardener-restore, non-gardener-local-mcm-up. Users can also directly use the scripts which are used by these makefile targets. by @unmarshall [gardener/machine-controller-manager#852][DEPENDENCY]
Extensions have to implement the ForceDelete
function in the actuator with the logic of forcefully deleting all the resources deployed by them. by @shafeeqes [#8414][DEPENDENCY]
The extensions/pkg/controller.Use{TokenRequestor,ServiceAccountTokenVolumeProjection}
functions have been removed since they always return true
. by @rfranzke [#8582][OPERATOR]
⚠️ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions < 1.24. Make sure to upgrade all existing clusters before upgrading to this Gardener version. by @shafeeqes [#8487][DEVELOPER]
The pkg/utils/gardener.IntStrPtrFromInt
function has been renamed to IntStrPtrFromInt32
since intstr.FromInt
is deprecated. by @rfranzke [#8579][USER]
The alpha.kube-apiserver.scaling.shoot.gardener.cloud/class
annotation on Shoot
s has no effect anymore and should be removed. by @rfranzke [#8526][USER]
The two additional labels worker.gardener.cloud/image-name
and worker.gardener.cloud/image-version
that were previously introduced and attached to worker nodes are removed again to fix a regression that causes the kubelet
to restart on nodes that are due to be upgraded to a new OS but not rolled yet which causes their Pod
s to become temporarily unready. by @MrBatschner [#8524][OPERATOR]
The MachineControllerManagerDeployment
has been promoted to beta and is now enabled by default. Make sure that all registered provider extensions support this feature gate before upgrading to this version of Gardener. by @rfranzke [#8526][OPERATOR]
The DisableScalingClassesForShoots
feature gates has been promoted to GA (and is now always enabled). by @rfranzke [#8526][USER]
The gardener-scheduler
now populates scheduling failure reasons to the Shoot
's .status.lastOperation.description
field. by @rfranzke [#8527][USER]
When the ShootForceDeletion
featuregate in the apiserver is turned on, users will be able to force-delete the Shoot. You MUST ensure that all the resources created in the IaaS account are cleaned up to prevent orphaned resources. Gardener will NOT delete any resources in the Shoot cloud-provider account. See Shoot Force Deletion for more details. by @shafeeqes [#8414][USER]
Multiple expanders for cluster-autoscaler
can now be specified in the Shoot
API via the .spec.kubernetes.clusterAutoscaler.expander
field. by @aaronfern [#8573][OPERATOR]
Fixed a possibility for the migrate
phase of control plane migration to become permanently stuck if the shoot was created when the MachineControllerManagerDeployment
feature gate is disabled, control plane migration is triggered for the shoot and the feature gate is enabled during the migration phase. by @plkokanov [#8568][USER]
Fix an issue, where DNS lookups for non-existing pods of a StatefulSet yielded one of the existing pods even when it should not have. by @axel7born [#8544][USER]
A bug has been fixed that prevented users without permissions to list CustomResourceDefinition
s from interacting with the Gardener APIs when using a kubectl
version lower than 1.27
. by @rfranzke [#8577][USER]
A bug causing unnecessary reorder of extension in Shoot
spec.extensions
is fixed. by @acumino [#8569][OPERATOR]
The shoot namespace in seeds is redeployed during the shoot migration flow to update the zones in use. by @plkokanov [#8564][OPERATOR]
nginx-ingress-controller
image is updated to v1.9.0
. by @shafeeqes [#8558][OPERATOR]
Add an alert for VPNHAShootNoPods when shoot in HA (high availability) mode. by @tedteng [#8506][USER]
Gardener refined the scope of the problematic webhook matcher for endpoint
objects. Earlier, shoot clusters were assigned a constraint reporting a problem with a failurePolocy: Fail
webhook acting on these objects. Now, only endpoint
s in the kube-system
and defaults
namespaces are considered for this check. by @acumino [#8521][DEVELOPER]
unit tests framework introduced to test implemented methods of Cloudprovider
and Nodegroup
interface by @rishabh-11 [gardener/autoscaler#215][USER]
Gardener autoscaler now backs-off early from a node-group (i.e. machinedeployment) in case of ResourceExhausted
error. Refer docs at https://github.com/gardener/autoscaler/blob/machine-controller-manager-provider/cluster-autoscaler/FAQ.md#when-does-autoscaler-backs-off-early-from-a-node-group
for details. by @himanshu-kun [gardener/autoscaler#253][OPERATOR]
A bug where MCM removed a machine other than the one , CA wanted , is resolved. by @rishabh-11 [gardener/autoscaler#215][OPERATOR]
Initial implementation for Refresh()
method of CloudProvider
interface done by @rishabh-11 [gardener/autoscaler#215][OPERATOR]
machinepriority.machine.sapcloud.io
annotation on machine is now reset to 3 by autoscaler if the corresponding node doesn't have ToBeDeletedByClusterAutoscaler
taint by @rishabh-11 [gardener/autoscaler#215][OPERATOR]
Update alpine base image version to 3.18.3. by @shreyas-s-rao [gardener/etcd-custom-image#40]operator: eu.gcr.io/gardener-project/gardener/operator:v1.81.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.81.0
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.81.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.81.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.81.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.81.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.81.0
Published by gardener-robot-ci-3 about 1 year ago
[USER]
A bug has been fixed that prevented users without permissions to list CustomResourceDefinition
s from interacting with the Gardener APIs when using a kubectl
version lower than 1.27
. by @gardener-ci-robot [#8580]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.80.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.80.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.80.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.80.3
operator: eu.gcr.io/gardener-project/gardener/operator:v1.80.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.80.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.80.3
Published by gardener-robot-ci-1 about 1 year ago
[USER]
A bug causing unnecessary reorder of extension in Shoot
spec.extensions
is fixed. by @gardener-ci-robot [#8575][OPERATOR]
Fixed a possibility for the migrate
phase of control plane migration to become permanently stuck if the shoot was created when the MachineControllerManagerDeployment
feature gate is disabled, control plane migration is triggered for the shoot and the feature gate is enabled during the migration phase. by @gardener-ci-robot [#8570]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.80.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.80.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.80.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.80.2
operator: eu.gcr.io/gardener-project/gardener/operator:v1.80.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.80.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.80.2
Published by gardener-robot-ci-3 about 1 year ago
[OPERATOR]
An issue causing several tasks from the Shoot reconciliation flow to fail with transient errors of type duplicate filename in registry
is now fixed. by @gardener-ci-robot [#8555][USER]
The two additional labels worker.gardener.cloud/image-name
and worker.gardener.cloud/image-version
that were previously introduced and attached to worker nodes are removed again to fix a regression that causes the kubelet
to restart on nodes that are due to be upgraded to a new OS but not rolled yet which causes their Pod
s to become temporarily unready. by @gardener-ci-robot [#8552][OPERATOR]
extension library: State update for a Worker object can be now skipped by annotating it with worker.gardener.cloud/skip-state-update=true
. by @gardener-ci-robot [#8492]Published by gardener-robot-ci-1 about 1 year ago
[OPERATOR]
An issue causing several tasks from the Shoot reconciliation flow to fail with transient errors of type duplicate filename in registry
is now fixed. by @gardener-ci-robot [#8556][USER]
The two additional labels worker.gardener.cloud/image-name
and worker.gardener.cloud/image-version
that were previously introduced and attached to worker nodes are removed again to fix a regression that causes the kubelet
to restart on nodes that are due to be upgraded to a new OS but not rolled yet which causes their Pod
s to become temporarily unready. by @gardener-ci-robot [#8553][OPERATOR]
extension library: State update for a Worker object can be now skipped by annotating it with worker.gardener.cloud/skip-state-update=true
. by @gardener-ci-robot [#8493]Published by gardener-robot-ci-1 about 1 year ago
[OPERATOR]
An issue causing several tasks from the Shoot reconciliation flow to fail with transient errors of type duplicate filename in registry
is now fixed. by @gardener-ci-robot [#8557]Published by gardener-robot-ci-1 about 1 year ago
[USER]
The two additional labels worker.gardener.cloud/image-name
and worker.gardener.cloud/image-version
that were previously introduced and attached to worker nodes are removed again to fix a regression that causes the kubelet
to restart on nodes that are due to be upgraded to a new OS but not rolled yet which causes their Pod
s to become temporarily unready. by @gardener-ci-robot [#8551]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.80.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.80.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.80.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.80.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.80.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.80.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.80.1
Published by gardener-robot-ci-2 about 1 year ago
[OPERATOR]
extension library: State update for a Worker object can be now skipped by annotating it with worker.gardener.cloud/skip-state-update=true
. by @gardener-ci-robot [#8494]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.77.5
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.77.5
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.77.5
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.77.5
operator: eu.gcr.io/gardener-project/gardener/operator:v1.77.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.77.5
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.77.5
Published by gardener-robot-ci-1 about 1 year ago
[DEVELOPER]
If the kubeletCSRApprover
controller is enabled, it is now mandatory to specify the namespace in the source cluster in which the Machine
resources reside via .controllers.kubeletCSRApprover.machineNamespace
. by @rfranzke [#8483][DEVELOPER]
leader-election-resource-lock
flag is dropped and the leader-election resource-lock is hard coded to leases. by @acumino [#8464][DEVELOPER]
The .{source,target}ClientConnection.namespace
field has been renamed to namespaces
and now takes a list of namespaces. The .targetClientConnection.disableCachedClient
field has been removed. by @rfranzke [#8483][OPERATOR]
It is no longer possible to configure .spec.virtualCluster.kubernetes.kubeAPIServer.authorization
in the Garden
API. by @rfranzke [#8309][OPERATOR]
The deprecated .spec.virtualCluster.dns.domain
field has been dropped from the Garden
API. Make use of .spec.virtualCluster.dns.domains
. by @rfranzke [#8434][OPERATOR]
gardener-resource-manager
now disables cache only for Secrets
and ConfigMap
if DisableCachedClient
set to true. by @acumino [#8474][OPERATOR]
The following golang dependencies have been upgraded, please consult the upstream release notes and this issue for guidance on upgrading your golang dependencies when vendoring this gardener version:
k8s.io/*
to v0.28.2
sigs.k8s.io/controller-runtime
to v0.16.2
sigs.k8s.io/controller-tools
to v0.13.0
by @acumino [#8464][OPERATOR]
The target cache for gardener-resource-manager
is now unconditionally enabled, leading to faster reconciliations and less network I/O. by @rfranzke [#8483][USER]
Gardener now reports node
s for which the checksum/cloud-config-data
hasn't been populated yet. This could point towards an error on the node and that not all Gardener related configuration happened successfully. by @timuthy [#8448][OPERATOR]
gardener-operator
now runs a new controller which protects Secret
s and ConfigMap
s with a finalizer in case they are referenced in Garden
resources. by @rfranzke [#8439][OPERATOR]
It is now possible to trigger gardenlet kubeconfig renewal for unmanaged Seed
s by annotating them with gardener.cloud/operation=renew-kubeconfig
. This was already supported for ManagedSeed
s only. by @oliver-goetz [#8396][OPERATOR]
The ResourcesProgressing
condition appearing in the status of ManagedResource
s now checks for non-terminated Pod
s before reporting status=False
. by @rfranzke [#8515][OPERATOR]
gardener-operator
is now managing the Gardener control plane components (gardener-{apiserver,admission-controller,controller-manager,scheduler}
). by @rfranzke [#8309][OPERATOR]
gardener-operator
now renews garden access secrets and the gardenlet kubeconfig on all Seed
s during CA/service account signing key credentials rotation. by @oliver-goetz [#8396][OPERATOR]
gardener-operator
now takes over management of gardener-metrics-exporter
. by @acumino [#8419][OPERATOR]
Gardener can now support clusters with Kubernetes version 1.28. In order to allow creation/update of 1.28 clusters you will have to update the version of your provider extension(s) to a version that supports 1.28 as well. Please consult the respective releases and notes in the provider extension's repository. by @oliver-goetz [#8479][OPERATOR]
It is now possible to configure .spec.virtualCluster.gardener.gardenerAPIServer.auditWebhook
in the Garden
API. by @rfranzke [#8309][OPERATOR]
gardener-operator
now refuses to start if operators attempt to downgrade or skip minor Gardener versions. Please see this document for more information. by @rfranzke [#8413][DEVELOPER]
Gardener can now support clusters with Kubernetes version 1.28. Extension developers have to prepare individual extensions as well to work with 1.28. by @oliver-goetz [#8479][DEVELOPER]
The plutono dashboards are now verified as part of make check
. by @Sallyan [#8401][OPERATOR]
A bug has been fixed that prevented ControllerInstallation
s from getting deleted when the backing ControllerRegistration
with .spec.deployment.policy={Always,AlwaysExceptNoShoots}
was deleted. by @rfranzke [#8443][OPERATOR]
Several default settings of Kubernetes feature gates have been corrected. by @oliver-goetz [#8427][OPERATOR]
An issue causing several tasks from the Shoot reconciliation flow to fail with transient errors of type duplicate filename in registry
is now fixed. by @ialidzhikov [#8478][OPERATOR]
A bug was fixed which was causing existing Bastion
resources on the garden cluster to not be deleted when SSHAccess
is disabled on a Shoot cluster. by @AleksandarSavchev [#8421][OPERATOR]
The .spec.kubernetes.kubeAPIServer.serviceAccountConfig.acceptedIssuers
field of the Shoot
spec no longer allows duplicate values. by @dimitar-kostadinov [#8466][USER]
A bug has been fixed which was allowing users to specify an extension of the same type in .spec.extensions[].type
more than once in the Shoot
API. by @acumino [#8457][USER]
Applying Gardener resources server-side has caused the the server is currently unable to handle the request
error which is now fixed. by @oliver-goetz [#8468][OPERATOR]
The Plutono version has been updated from v7.5.23
to v7.5.24
. by @istvanballok [#8475][OPERATOR]
The node-local-dns
ConfigMap
now has a label k8s-app=node-local-dns
for identifying it. by @ScheererJ [#8505][OPERATOR]
The following image is updated:
quay.io/prometheus/prometheus
: v2.43.1
-> v2.47.0
by @istvanballok [#8486][OPERATOR]
extension library: State update for a Worker object can be now skipped by annotating it with worker.gardener.cloud/skip-state-update=true
. by @ialidzhikov [#8482][OPERATOR]
The logging components: vali and valitail are now updated to v2.2.8. by @nickytd [#8458][USER]
It is possible to delete a Shoot even if shoot.gardener.cloud/ignore
annotation is set to true. by @shafeeqes [#8432][OPERATOR]
Update base image of ingress-default-backend
to alpine:3.18.3 by @ScheererJ [gardener/ingress-default-backend#27]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.80.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.80.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.80.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.80.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.80.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.80.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.80.0
Published by gardener-robot-ci-3 about 1 year ago
[OPERATOR]
A bug has been fixed that prevented ControllerInstallation
s from getting deleted when the backing ControllerRegistration
with .spec.deployment.policy={Always,AlwaysExceptNoShoots}
was deleted. by @rfranzke [#8455][OPERATOR]
Several default settings of Kubernetes feature gates have been corrected. by @gardener-ci-robot [#8471]Published by gardener-robot-ci-1 about 1 year ago
[OPERATOR]
A bug has been fixed that prevented ControllerInstallation
s from getting deleted when the backing ControllerRegistration
with .spec.deployment.policy={Always,AlwaysExceptNoShoots}
was deleted. by @gardener-ci-robot [#8452][OPERATOR]
Several default settings of Kubernetes feature gates have been corrected. by @gardener-ci-robot [#8470]