Kubernetes-native system managing the full lifecycle of conformant Kubernetes clusters as a service on Alicloud, AWS, Azure, GCP, OpenStack, vSphere, KubeVirt, Hetzner, EquinixMetal, MetalStack, and OnMetal with minimal TCO.
OTHER License
Bot releases are hidden (Show)
Published by gardener-robot-ci-1 about 1 year ago
[OPERATOR]
gardener-resource-manager
now disables cache only for Secrets
and ConfigMap
if DisableCachedClient
set to true. by @gardener-ci-robot [#8476][USER]
Applying Gardener resources server-side has caused the the server is currently unable to handle the request
error which is now fixed. by @gardener-ci-robot [#8473][OPERATOR]
Several default settings of Kubernetes feature gates have been corrected. by @gardener-ci-robot [#8469][OPERATOR]
A bug has been fixed that prevented ControllerInstallation
s from getting deleted when the backing ControllerRegistration
with .spec.deployment.policy={Always,AlwaysExceptNoShoots}
was deleted. by @gardener-ci-robot [#8451]Published by gardener-robot-ci-1 about 1 year ago
[DEVELOPER]
uncachedObjects
under pkg/client/kubernetes/options.go is now removed from Config struct which is used to set options for new ClientSets. Now the uncached objects can be directly set under clientOptions.Cache.DisableFor
field. by @ary1992 [#8245][OPERATOR]
The DisablingScalingClassesForShoots
feature gate has been promoted to beta. by @rfranzke [#8428][OPERATOR]
Operators can now use the annotation gardener.cloud/operation=rotate-observability-credentials
on the garden
resource to rotate the observability credentials. by @acumino [#8393][OPERATOR]
Configuring multiple reserve-excess-capacity
deployments on Seed
s is supported now by specifying .spec.settings.excessCapacityReservation.configs
. by @oliver-goetz [#8356][USER]
When the Kubernetes control plane version is at least v1.28
, it is now possible to set the worker pool Kubernetes version to be at most three versions behind the control plane version. Earlier, only a skew of at most two versions was allowed. Find more details here. by @shafeeqes [#8402][OPERATOR]
A bug has been fixed which was causing the garbage collector in gardener-resource-manager
to wrongfully collect Secret
s related to ManagedResource
s when the source and the target cluster are equal. by @dimityrmirchev [#8398][OPERATOR]
An issue has been fixed which was causing a broken ControlPlaneHealthy
condition report for Shoot
s when the MachineControllerManagerDeployment
feature gate gets enabled until their next reconciliation. by @rfranzke [#8407][OPERATOR]
Update Kubernetes dependencies (especially k8s.io/client-go
) from v0.26.3
to v0.26.4
to resolve panic on working with special shoots. by @MartinWeindel [#8422][OPERATOR]
Add Prometheus alert for pending seed pods by @StenlyTU [#8406][OPERATOR]
The admission controllers of common provider extensions are automatically installed in the local extensions development setup by @ScheererJ [#8311][OPERATOR]
The WorkerlessShoots
feature gate has been promoted to beta and is now turned on by default. Before deploying this Gardener version, make sure that all your registered extensions support this feature gate. by @acumino [#8417][OPERATOR]
The following image is updated:
quay.io/prometheus/alertmanager
: v0.24.0
-> v0.26.0
by @istvanballok [#8408][DEVELOPER]
The following dependencies are updated:
k8s.io/*
: v0.26.4
-> v0.27.5
sigs.k8s.io/controller-runtime
: v0.14.6
-> v0.15.2
by @ary1992 [#8245][OPERATOR]
Update golang base container image to 1.21.0. by @dependabot[bot] [gardener/apiserver-proxy#43][OPERATOR]
Update alpine base image components to 3.18.3. by @dependabot[bot] [gardener/apiserver-proxy#42][OPERATOR]
Removed apiserver-proxy pod webhook as it is now included in Gardener Resource Manager. by @ScheererJ [gardener/apiserver-proxy#39][OPERATOR]
Update gardener/gardener to 1.77.1. by @dependabot[bot] [gardener/apiserver-proxy#44][OPERATOR]
Update to golang v1.21 by @ScheererJ [gardener/vpn2#42]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.79.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.79.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.79.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.79.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.79.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.79.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.79.0
Published by gardener-robot-ci-3 about 1 year ago
[OPERATOR]
Update Kubernetes dependencies (especially k8s.io/client-go
) from v0.26.3
to v0.26.4
to resolve panic on working with special shoots. by @gardener-ci-robot [#8425][OPERATOR]
An issue has been fixed which was causing a broken ControlPlaneHealthy
condition report for Shoot
s when the MachineControllerManagerDeployment
feature gate gets enabled until their next reconciliation. by @gardener-ci-robot [#8409]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.76.4
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.76.4
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.76.4
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.76.4
operator: eu.gcr.io/gardener-project/gardener/operator:v1.76.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.76.4
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.76.4
Published by gardener-robot-ci-3 about 1 year ago
[OPERATOR]
Update Kubernetes dependencies (especially k8s.io/client-go
) from v0.26.3
to v0.26.4
to resolve panic on working with special shoots. by @gardener-ci-robot [#8424][OPERATOR]
An issue has been fixed which was causing a broken ControlPlaneHealthy
condition report for Shoot
s when the MachineControllerManagerDeployment
feature gate gets enabled until their next reconciliation. by @gardener-ci-robot [#8410]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.77.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.77.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.77.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.77.3
operator: eu.gcr.io/gardener-project/gardener/operator:v1.77.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.77.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.77.3
Published by gardener-robot-ci-3 about 1 year ago
[OPERATOR]
An issue has been fixed which was causing a broken ControlPlaneHealthy
condition report for Shoot
s when the MachineControllerManagerDeployment
feature gate gets enabled until their next reconciliation. by @gardener-ci-robot [#8411][OPERATOR]
Update Kubernetes dependencies (especially k8s.io/client-go
) from v0.26.3
to v0.26.4
to resolve panic on working with special shoots. by @gardener-ci-robot [#8423]Published by gardener-robot-ci-1 about 1 year ago
[OPERATOR]
A bug has been fixed which was causing the garbage collector in gardener-resource-manager
to wrongfully collect Secret
s related to ManagedResource
s when the source and the target cluster are equal. by @gardener-ci-robot [#8404]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.77.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.77.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.77.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.77.2
operator: eu.gcr.io/gardener-project/gardener/operator:v1.77.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.77.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.77.2
Published by gardener-robot-ci-1 about 1 year ago
[OPERATOR]
A bug has been fixed which was causing the garbage collector in gardener-resource-manager
to wrongfully collect Secret
s related to ManagedResource
s when the source and the target cluster are equal. by @gardener-ci-robot [#8403]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.78.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.78.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.78.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.78.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.78.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.78.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.78.1
Published by gardener-robot-ci-1 about 1 year ago
[DEVELOPER]
The following mapper funcs from the extension library no longer accept a context.Context
arg - ClusterToContainerResourceMapper
, ClusterToControlPlaneMapper
, ClusterToDNSRecordMapper
, ClusterToExtensionMapper
, ClusterToInfrastructureMapper
, ClusterToNetworkMapper
, ClusterToWorkerMapper
and ClusterToObjectMapper
. The context.Context
arg was redundant and not used. by @acumino [#8321][USER]
Deprecated annotation alpha.featuregates.shoot.gardener.cloud/node-local-dns
is removed. Use field .spec.systemComponents.nodeLocalDNS.enabled
in Shoot
instead. Switching on node-local-dns via shoot specification will roll the nodes even if node-local-dns was enabled beforehand via annotation. by @acumino [#8364][USER]
Deprecated annotation alpha.featuregates.shoot.gardener.cloud/node-local-dns-force-tcp-to-{cluster-dns, upstream-dns}
is removed. Use field .spec.systemComponents.nodeLocalDNS.{forceTCPToClusterDNS, forceTCPToUpstreamDNS}
in Shoot
instead. by @acumino [#8364][OPERATOR]
kubectl get garden
now features additional printer column Observability
providing information about the Observability components of the runtime cluster. by @gardener-ci-robot [#8384][OPERATOR]
It is possible now to trigger a seed reconciliation by annotating the Seed with gardener.cloud/operation=reconcile
. by @shafeeqes [#8347][OPERATOR]
Status of garden
now includes the ObservabilityComponentsHealthy
condition which show the health of observability components in the garden runtime-cluster. by @oliver-goetz [#8346][OPERATOR]
operator
now deletes ManagedResources
deployed to the virtual-garden before deleting virtual-garden-kube-apiserver
. by @oliver-goetz [#8368][OPERATOR]
A bug is fixed that prevented scraping the metrics of etcd in the shoot control plane. by @istvanballok [#8371][OPERATOR]
A bug is fixed that rendered the "CPU usage" panel of the "VPN" Plutono dashboard blank. by @gardener-ci-robot [#8392][OPERATOR]
A bug is fixed in the Prometheus alert definitions that caused false positive KubePodNotReadyControlPlane alerts related to the etcd compaction job. by @rickardsjp [#8361][OPERATOR]
Shoot node network and seed pod network need to be disjoint. This will be checked during scheduling of a shoot cluster, i.e. during initial admission or on control-plane migration. by @ScheererJ [#8353][OPERATOR]
Prometheus scrape job configs for targets in the shoot cluster have been improved. by @rickardsjp [#8360][OPERATOR]
The following images are updated:
[OPERATOR]
The following images are updated:
registry.k8s.io/kube-state-metrics/kube-state-metrics
: v2.5.0
-> v2.8.2
by @gardener-ci-robot [#8391][OPERATOR]
gardener-operator
now takes over management of plutono
. by @acumino [#8301][OPERATOR]
kubectl proxy
now works as expected in the local development setup in conjunction with highly available vpn by @ScheererJ [#8370][DEPENDENCY]
Backupbucket/backupentry controllers: watch secret metadata only by @MartinWeindel [#8348][DEVELOPER]
Test-machinery integration tests are now using upstream K8s e2e test images such as registry.k8s.io/e2e-test-images/busybox
, registry.k8s.io/e2e-test-images/agnhost
instead Gardener images such as eu.gcr.io/gardener-project/3rd/busybox
, eu.gcr.io/gardener-project/3rd/alpine
and others. by @ialidzhikov [#8341][OPERATOR]
Upgrade gardener/gardener from 1.65.0
to 1.76.0
by @acumino [gardener/etcd-druid#657][OPERATOR]
All default images are now present in images.yaml
by @aaronfern [gardener/etcd-druid#673][OPERATOR]
Bump g/g version to remove stale client-go dependency by @rishabh-11 [gardener/dependency-watchdog#92][OPERATOR]
Updated go to 1.20.7 by @voelzmo [gardener/hvpa-controller#126]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.78.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.78.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.78.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.78.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.78.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.78.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.78.0
Published by gardener-robot-ci-3 about 1 year ago
[OPERATOR]
A bug is fixed that prevented scraping the metrics of etcd in the shoot control plane. by @gardener-ci-robot [#8372]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.77.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.77.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.77.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.77.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.77.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.77.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.77.1
Published by gardener-robot-ci-3 about 1 year ago
[USER]
An issue has been fixed for highly-available Shoot
s whose etcd
clusters didn't get ready in the Completing
phase of a CA credentials rotation. by @gardener-ci-robot [#8305][OPERATOR]
gardenlet: A regression preventing the alertmanager in the garden namespace from sending email notifications is now fixed. by @gardener-ci-robot [#8315][OPERATOR]
Fixed a bug that caused HVPA reconciliation to fail with expected pointer, but got v2beta1.MetricSpec type
when the HPA spec had changed. by @voelzmo [gardener/hvpa-controller#125]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.75.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.75.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.75.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.75.2
operator: eu.gcr.io/gardener-project/gardener/operator:v1.75.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.75.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.75.2
Published by gardener-robot-ci-1 about 1 year ago
[USER]
An issue has been fixed for highly-available Shoot
s whose etcd
clusters didn't get ready in the Completing
phase of a CA credentials rotation. by @gardener-ci-robot [#8304][OPERATOR]
gardenlet: A regression preventing the alertmanager in the garden namespace from sending email notifications is now fixed. by @gardener-ci-robot [#8316][OPERATOR]
Fixed a bug that caused HVPA reconciliation to fail with expected pointer, but got v2beta1.MetricSpec type
when the HPA spec had changed. by @voelzmo [gardener/hvpa-controller#125]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.74.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.74.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.74.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.74.3
operator: eu.gcr.io/gardener-project/gardener/operator:v1.74.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.74.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.74.3
Published by gardener-robot-ci-2 about 1 year ago
[OPERATOR]
Fixed a bug that caused HVPA reconciliation to fail with expected pointer, but got v2beta1.MetricSpec type
when the HPA spec had changed. by @voelzmo [gardener/hvpa-controller#125][OPERATOR]
A bug preventing prometheus
ingress to use wildcard-certificate
is fixed. by @gardener-ci-robot [#8320]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.76.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.76.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.76.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.76.3
operator: eu.gcr.io/gardener-project/gardener/operator:v1.76.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.76.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.76.3
Published by gardener-robot-ci-1 about 1 year ago
[OPERATOR]
Etcd-backup-restore now uses a distroless image as its base image. It is no longer compatible with etcd-custom-image, and must be used with etcd-wrapper instead. by @aaronfern [gardener/etcd-backup-restore#637][OPERATOR]
Etcd-backup-restore now uses the user home directory to create files. by @aaronfern [gardener/etcd-backup-restore#637][OPERATOR]
While scaling up a non-HA etcd cluster to HA skipping the scale-up checks for first member of etcd cluster as first member can never be a part of scale-up scenarios. by @ishan16696 [gardener/etcd-backup-restore#649][OPERATOR]
Backup-restore waits for its etcd to be ready before attempting to update peerUrl by @aaronfern [gardener/etcd-backup-restore#628][DEVELOPER]
Add CVE categorization for etcd-backup-restore. by @shreyas-s-rao [gardener/etcd-backup-restore#644][DEVELOPER]
If you are using provider-extension
setup you should adapt your files in example/provider-extensions/garden/controlplane
because default-domain
and internal-domain
secrets are removed from gardener-controlplane
Helm chart. by @oliver-goetz [#8308][DEVELOPER]
Package pkg/utils/managedresources
now works with immutable secrets for managed resources under the hood. Existing secrets will be marked for garbage collection and replaced with immutable ones during the first reconciliation of the managed resource. by @dimityrmirchev [#8116][DEVELOPER]
The Secrets
type as well as the Delete
functions for secrets were removed from pkg/utils/managedresources/builder
since their usage was prone to errors. The higher level package pkg/utils/managedresources
should be used instead. by @dimityrmirchev [#8116][DEPENDENCY]
hack/generate.sh
has been renamed to hack/generate-sequential.sh
. by @shafeeqes [#8289][DEPENDENCY]
The deprecated extensions/pkg/controller/worker.{Options,ApplyMachineResources{ForConfig}}
symbols have been dropped since gardenlet
takes over management of the machine.gardener.cloud/v1alpha1
API CRDs since gardener/[email protected]
. by @rfranzke [#8280][OPERATOR]
The virtual-garden-kube-apiserver
service (for the virtual-garden
cluster) was switched from type LoadBalancer
to ClusterIP
. Please make sure to migrate all DNS records from the virtual-garden-kube-apiserver
to the istio-ingressgateway
endpoint before upgrading to this Gardener version. by @timuthy [#8302][OPERATOR]
gardenlet
no longer reports the Bootstrapped
condition on Seed
s. Instead, it now reports the progress in .status.lastOperation
, similar to how it's done for Shoot
s. by @rfranzke [#8290][OPERATOR]
default-domain
, internal-domain
, alerting
and openvpn-diffie-hellman
secrets are removed from gardener-controlplane
Helm chart. Please ensure to update them in a different way before upgrading Gardener. If you would like to prevent Helm from deleting these secret during the upgrade, you could annotate them with "helm.sh/resource-policy": keep
. by @oliver-goetz [#8308][DEVELOPER]
The charts/images.yaml
file was moved to imagevector/images.yaml
. by @rfranzke [#8250][DEPENDENCY]
pkg/utils/chart
does now support embedded charts. The already deprecated methods in the ChartApplier
and ChartRenderer
will be removed in a few releases, so extensions should adapt to embedded charts. by @rfranzke [#8250][OPERATOR]
Gardenlet can now set feature gates for etcd-druid
. They can be specified via the gardenlet configuration GardenletConfiguration.EtcdConfig.FeatureGates
by @gardener-ci-robot [#8335][OPERATOR]
The garbage collection controller now also considers managed resources when deciding if secrets/configmaps should be garbage collected. by @dimityrmirchev [#8116][OPERATOR]
Gardener Scheduler's Minimal Distance strategy can take scheduling decisions based on region distances configured by operators. This especially improves the allocation for shoots of providers regions for which the standard Levenshtein distance is inappropriate. Please see docs/concepts/scheduler.md
for more information. by @timuthy [#8277][OPERATOR]
Operators can now view and manage dashboards for compaction jobs running in shoot control plane. by @abdasgupta [#8206][OPERATOR]
maintenance-controller
now disables PodSecurityPolicy
admission controller when forcefully upgrading the Kubernetes version of a Shoot
to v1.25
. It also ensures maximum workers of each for group is greater or equal to its number of zone for forceful upgrades to v1.27
. by @oliver-goetz [#8281][OPERATOR]
kubectl get garden
now features additional printer columns providing more information about the substantial configuration values and statuses. by @rfranzke [#8279][OPERATOR]
The gardener-apiserver
now drops expired Kubernetes
and MachineImage
versions from Cloudprofile
s during creation. by @shafeeqes [#8297][OPERATOR]
gardener-operator
now takes over management of fluent-operator
and vali
. by @vlvasilev [#8240][USER]
Two additional labels worker.gardener.cloud/image-name
and worker.gardener.cloud/image-version
are attached to worker nodes to identify which operating system they are running. This can then be used in selectors that target only workers with a specific operating system and is helpful for e.g. driver deployment. by @MrBatschner [#8295][USER]
A new feature gate named ContainerdRegistryHostsDir
is introduced to gardenlet. When enabled, the /etc/containerd/certs.d
directory is created on the Node and containerd is configured to look up for registries/mirrors configuration in this directory (if there is any configuration applied). In future, the registry-cache extension will add such registries/mirrors configuration under this directory (via OperatingSystemConfig mutation). by @ialidzhikov [#8094][USER]
The Shoot
maintenance controller now updates the CRI of worker pools from docker
to containerd
when force-upgrading from Kubernetes v1.22
to v1.23
. by @oliver-goetz [#8272][DEVELOPER]
Extensions running on seed clusters can get access to the garden cluster by using the injected kubeconfig specified by the GARDEN_KUBECONFIG
environment variable. You can read about the details in this doc. by @timebertt [#8264][OPERATOR]
When Shoot
s were updated from non high-availability to zone
high-availability, it could happen that the control-plane was scheduled to two instead of three zones. This issue is relevant for cloud providers with an inconsistent zone naming (Azure
is currently the only candidate to our knowledge).etcd
s and their volumes is not part of this fix due to availability reasons. by @gardener-ci-robot [#8345][OPERATOR]
gardenlet: A regression causing metering related recording rules for the aggregate-prometheus not to be applied is now fixed. by @istvanballok [#8284][USER]
An issue has been fixed for highly-available Shoot
s whose etcd
clusters didn't get ready in the Completing
phase of a CA credentials rotation. by @timuthy [#8303][OPERATOR]
A bug preventing prometheus
ingress to use wildcard-certificate
is fixed. by @acumino [#8319][OPERATOR]
A bug preventing plutono
ingress to use wildcard-certificate
is fixed. by @acumino [#8317][OPERATOR]
gardenlet: A regression preventing the alertmanager in the garden namespace from sending email notifications is now fixed. by @istvanballok [#8310][DEVELOPER]
The github.com/golang/mock/gomock
dependency is replaced by go.uber.org/mock
. by @afritzler [#8269][DEVELOPER]
Add failure tolerance option to the CreateShoot
test. by @hendrikKahl [#8298][OPERATOR]
⚠️ etcd.Status.ClusterSize
, etcd.Status.ServiceName
, etcd.Status.UpdatedReplicas
have been marked as deprecated and users should refrain from depending on these fields. by @unmarshall [gardener/etcd-druid#594][OPERATOR]
File ownership for var/etcd/data
will be changed to non-root user (65532). by @aaronfern [gardener/etcd-druid#620][OPERATOR]
Etcd-druid will now deploy distroless etcd-wrapper
and etcd-backup-restore
images. Please refer to etcd-wrapper for more information. by @aaronfern [gardener/etcd-druid#620][OPERATOR]
Etcd-related secrets will now be mounted onto the /var/
directory instead of /root/
. by @aaronfern [gardener/etcd-druid#620][DEVELOPER]
Developer Action Required: The make deploy
command has been replaced with make deploy-via-kustomize
. Please update your deployment workflows accordingly. by @seshachalam-yv [gardener/etcd-druid#599][DEVELOPER]
Makefile has been updated to use Skaffold
for deploying etcd-druid
with the make deploy
target, simplifying the deployment process and eliminating the need to push the image to the container registry for each local development testing. by @seshachalam-yv [gardener/etcd-druid#599][OPERATOR]
Feature gates have been introduced in etcd-druid, and can be specified using CLI flag --feature-gate
. by @aaronfern [gardener/etcd-druid#646][OPERATOR]
Druid now exposes metrics related to snapshot compaction, on default port 8080. Please expose the desired metrics port via the etcd-druid service to allow metrics to be scraped by a Prometheus instance. by @abdasgupta [gardener/etcd-druid#569][OPERATOR]
UseEtcdWrapper
feature gate has been introduced to allow users to opt for the new etcd-wrapper image. by @aaronfern [gardener/etcd-druid#646][OPERATOR]
A bug causing incorrect volume mount path for Etcd
s and EtcdCopyBackupsTask
s using Local
snapshot storage provider while using distroless etcd-backup-restore image v0.25.x
has been resolved. by @aaronfern [gardener/etcd-druid#662][OPERATOR]
AllMembersReady
condition has now been fixed to eventually show the correct overall readiness of an etcd cluster. by @unmarshall [gardener/etcd-druid#594][OPERATOR]
A bug causing EtcdCopyBackupsTask
jobs to fail to create temp snapshot directory while using distroless etcd-backup-restore image v0.25.x
has been resolved. by @aaronfern [gardener/etcd-druid#662][OPERATOR]
Print build version and go runtime info. by @shreyas-s-rao [gardener/etcd-druid#636][OPERATOR]
Bumped up the custom image version to v3.4.13-bootstrap-11 by @abdasgupta [gardener/etcd-druid#623][OPERATOR]
When scaling from single-node to multi-node etcd cluster, Etcd Druid will now first ensure that any change to the peer URL (e.g TLS enablement) is seen by the existing etcd process running within the etcd member pod. Once that is confirmed then it will scale up the Etcd StatefulSet and add relevant annotations. by @unmarshall [gardener/etcd-druid#598][DEVELOPER]
Refactored statefulset
, service
, poddisruptionbudget
, lease
, and configmap
components to use default labels and owner references from etcd
. by @seshachalam-yv [gardener/etcd-druid#559][DEVELOPER]
Add CVE categorization for etcd-druid. by @shreyas-s-rao [gardener/etcd-druid#634][OPERATOR]
Bump builder image golang from 1.20.4
to 1.20.6
by @axel7born [gardener/vpn2#33][OPERATOR]
Fixed a bug that caused HVPA reconciliation to fail with expected pointer, but got v2beta1.MetricSpec type
when the HPA spec had changed. by @voelzmo [gardener/hvpa-controller#125]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.77.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.77.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.77.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.77.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.77.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.77.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.77.0
Published by gardener-robot-ci-1 about 1 year ago
[USER]
An issue has been fixed for highly-available Shoot
s whose etcd
clusters didn't get ready in the Completing
phase of a CA credentials rotation. by @gardener-ci-robot [#8306][OPERATOR]
A bug preventing plutono
ingress to use wildcard-certificate
is fixed. by @gardener-ci-robot [#8318][OPERATOR]
gardenlet: A regression preventing the alertmanager in the garden namespace from sending email notifications is now fixed. by @gardener-ci-robot [#8314]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.76.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.76.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.76.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.76.2
operator: eu.gcr.io/gardener-project/gardener/operator:v1.76.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.76.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.76.2
Published by gardener-robot-ci-1 about 1 year ago
[OPERATOR]
gardenlet: A regression causing metering related recording rules for the aggregate-prometheus not to be applied is now fixed. by @gardener-ci-robot [#8286]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.76.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.76.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.76.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.76.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.76.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.76.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.76.1
Published by gardener-robot-ci-3 about 1 year ago
[OPERATOR]
Removed service.beta.kubernetes.io/aws-load-balancer-type: nlb
annotation from istio-ingressgateway service template. Set this annotation in seed configuration. Note: Changing load balancer type creates a new one, old one requires manual clean-up. by @axel7born [#8214][OPERATOR]
When deploying this version of gardener-operator
, make sure that you update your Garden
resources with the new .spec.virtualCluster.gardener.clusterIdentity
field. If you already have a gardener-apiserver
deployment, make sure that the value matches the --cluster-identity
flag of the current gardener-apiserver
deployment. by @rfranzke [#8234][OPERATOR]
gardener-operator
no longer reports the Reconciled
condition. Instead, it now reports the progress in .status.lastOperation
, similar to how it's done for Shoot
s. by @rfranzke [#8238][OPERATOR]
⚠️ The deprecated field .spec.settings.ownerChecks
has been removed from the Seed API. Please check your Seed
s and remove any usage before upgrading to this Gardener version. by @dimitar-kostadinov [#8109][DEVELOPER]
So far the github.com/gardener/gardener/pkg/utils/managedresources.{NewForShoot,CreateForShoot}
funcs were ignoring the passed origin
func parameter and were always using gardener
as value. These funcs will now respect and use the passed origin
value. by @ialidzhikov [#8260][DEVELOPER]
A new field errorCodeCheckFunc
is introduced in the generic Worker
actuator. This should be set to parse the Gardener error codes from the error returned in Worker
reconciliation. by @acumino [#8242][OPERATOR]
Add Care
reconciler to Garden
controller in gardener-operator
. by @oliver-goetz [#8158][OPERATOR]
Shoot
s allow to optionally configure a specific scheduler via .spec.schedulerName
. The default-scheduler
is used in case non is configured. Please note, that Shoot
s will remain Pending
in case a scheduler name is configured but an adequate scheduler is not available in the landscape. by @timuthy [#8261][USER]
An issue has been fixed which caused CoreDNS to not rewrite CNAME values in DNS answers. by @axel7born [#8231][DEVELOPER]
A bug in the local development environment has been fixed which prevented admission of Gardener resources by extension webhooks. by @vpnachev [#8239][OPERATOR]
The obsolete addons
ManagedResource
is now properly cleaned up. by @shafeeqes [#8233][OPERATOR]
Now the vali ingress definition points to the shoot logging service. by @nickytd [#8252][OPERATOR]
Stability of the ssh tunnel in the local extension setup should improve due to better failure handling. by @ScheererJ [#8236][OPERATOR]
Following dependency has been updated:-
[USER]
It is now possible to enable disabled APIs for workerless shoot clusters via spec.kubernetes.kubeAPIServer.runtimeConfig
. by @timuthy [#8258][DEVELOPER]
update client-go version and exclude the old one in go.mod by @acumino [gardener/dependency-watchdog#90]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.76.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.76.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.76.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.76.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.76.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.76.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.76.0
Published by gardener-robot-ci-1 over 1 year ago
[OPERATOR]
Now the vali ingress definition points to the shoot logging service. by @vpnachev [#8253]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.74.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.74.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.74.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.74.2
operator: eu.gcr.io/gardener-project/gardener/operator:v1.74.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.74.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.74.2
Published by gardener-robot-ci-3 over 1 year ago
[OPERATOR]
The obsolete addons
ManagedResource
is now properly cleaned up. by @gardener-ci-robot [#8255][OPERATOR]
Now the vali ingress definition points to the shoot logging service. by @vpnachev [#8254]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.75.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.75.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.75.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.75.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.75.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.75.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.75.1
Published by gardener-robot-ci-3 over 1 year ago
[DEVELOPER]
Added new option to ./hack/generate-controller-registration.sh
script [-e, --pod-security-enforce[=pod-security-standard]
which sets the security.gardener.cloud/pod-security-enforce
annotation of the generated ControllerRegistration
. When not set this option defaults to baseline
. by @AleksandarSavchev [#8099][DEVELOPER]
Shoot fields .spec.dns.providers[].domains
and .spec.dns.providers[].zones
are now deprecated and expected to be removed in version v1.87
. Please plan ahead to drop using those fields in extensions. by @timuthy [#8199][DEVELOPER]
Usage of the deprecated injection mechanisms in controller-runtime (like InjectScheme
, InjectLogger
, InjectConfig
, InjectClient
, InjectCache
etc) as well as package extensions/pkg/controller/common
are dropped in a preparation to upgrade to the next version where injection is removed entirely. With this, Inject*
functions on controllers, predicates, actuators, delegates, and friends are not called anymore. When upgrading the gardener/gardener
dependency to this version, all injection implementations need to be removed. As a replacement, you can get the needed clients and similar from the manager during initialisation of the component. by @ary1992 [#8217][OPERATOR]
gardener-operator
is now managing the nginx-ingress-controller
and nginx-ingress-k8s-backend
components. Make sure that your Garden
resource specifies the .spec.runtimeCluster.ingress
section. by @StenlyTU [#7945][OPERATOR]
Support for nip.io
shoot domains is discontinued. by @timuthy [#8199][USER]
Adding Gardener-managed finalizers (e.g., gardener
or gardener.cloud/reference-protection
) to the Shoot
on creation is now forbidden. by @shafeeqes [#8209][USER]
Shoot fields .spec.dns.providers[].domains
and .spec.dns.providers[].zones
are now deprecated and expected to be removed in version v1.87
. Please use the extensions' configuration to configure providers with this ability. by @timuthy [#8199][DEPENDENCY]
github.com/gardener/gardener/pkg/utils/gardener.ShootAccessSecret
was renamed to AccessSecret
. by @timebertt [#8204][OPERATOR]
Added pod security enforce level baseline
label to Istio-related namespaces. The garden
and shoot namespaces have the privileged
level. For extension namespaces, the new security.gardener.cloud/pod-security-standard-enforce
annotation on ControllerRegistration
resources specifies the level. When set, the extension
namespace is created with pod-security.kubernetes.io/enforce
label set to security.gardener.cloud/pod-security-standard-enforce
's value. by @AleksandarSavchev [#8099][USER]
Gardener now allows to omit or to only partially define Kubernetes versions in Shoot
s. The version will automatically be defaulted to the latest minor and/or patch version found in the linked CloudProfile
. by @timuthy [#8198][USER]
A new optional constraint CRDsWithProblematicConversionWebhooks
is introduced in the Shoot
status. This constraint indicates that there is at least one CRD in the cluster which has multiple stored versions and a conversion webhook configured, which could break the reconciliation flow of a Shoot
in some cases. by @shafeeqes [#8159][USER]
It is now possible to reference Secret
s containing kubeconfigs for admission plugins in Shoot
s. The referenced Secret
must be referenced in.spec.resources
as well as in .spec.kubernetes.kubeAPIServer.admissionPlugins[].kubeconfigSecretName
. by @acumino [#8110][OPERATOR]
Fix network annotations to allow fluent-bit connecting to shoot Valis. by @vlvasilev [#8197][OPERATOR]
A bug causing the gardenlet to panic when a ETCD encryption key rotation operation is triggered for a hibernated Shoot is now fixed. Now, triggering ETCD encryption key rotation or ServiceAccount signing key rotation is forbidden when the Shoot is in waking up phase. by @shafeeqes [#8184][OPERATOR]
nginx-ingress-controller
image is updated to v1.8.1
for Kubernetesv1.24+
clusters. by @shafeeqes [#8205][OPERATOR]
The eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler
image has been updated from v1.26.2
to v1.27.0
(for Kubernetes >= 1.27
). by @rishabh-11 [#8187][OPERATOR]
The shoots/adminkubeconfig
relies on the ca-client
InternalSecret
only and does not use the ShootState
object anymore. by @timebertt [#8195][OPERATOR]
Update Prometheus job tunnel-probe-apiserver-proxy
to fix for HA VPN mode by @Sallyan [#7954][OPERATOR]
Update vertical-pod-autoscaler
to v0.14.0
. by @voelzmo [#8166][DEVELOPER]
Go version is updated to 1.20.6. by @oliver-goetz [#8224][OPERATOR]
⚠️ etcd.Status.ClusterSize
, etcd.Status.ServiceName
, etcd.Status.UpdatedReplicas
have been marked as deprecated and users should refrain from depending on these fields. by @shreyas-s-rao [gardener/etcd-druid#637][OPERATOR]
AllMembersReady
condition has now been fixed to eventually show the correct overall readiness of an etcd cluster. by @shreyas-s-rao [gardener/etcd-druid#637][OPERATOR]
Print build version and go runtime info. by @shreyas-s-rao [gardener/etcd-druid#637][DEVELOPER]
Add CVE categorization for etcd-druid. by @shreyas-s-rao [gardener/etcd-druid#637][OPERATOR]
Bump alpine base version for Docker build to 3.18.2
. by @shreyas-s-rao [gardener/etcd-backup-restore#638][DEVELOPER]
Add CVE categorization for etcd-backup-restore. by @shreyas-s-rao [gardener/etcd-backup-restore#644]admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.75.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.75.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.75.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.75.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.75.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.75.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.75.0
Published by gardener-robot-ci-1 over 1 year ago
[OPERATOR]
A bug has been fixed for Istio-Ingress Gateways for seeds that use ExposureClassHandler
s. Earlier, annotations in seed.spec.settings.loadBalancerServices
caused an override of the ones specified in gardenletConfiguration.exposureClassHandler[].loadBalancerService
for zonal Istios. Now, annotations in gardenletConfiguration.exposureClassHandler[].loadBalancerService
are given priority, like it was already the case of the global Istio. by @gardener-ci-robot [#8179][OPERATOR]
Adapt vpa-updater QPS limits such that it doesn't get throttled on large clusters by @gardener-ci-robot [#8175]apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.73.2
admission-controller: eu.gcr.io/gardener-project/gardener/apiserver:v1.73.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.73.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.73.2
operator: eu.gcr.io/gardener-project/gardener/operator:v1.73.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.73.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.73.2