Kubernetes-native system managing the full lifecycle of conformant Kubernetes clusters as a service on Alicloud, AWS, Azure, GCP, OpenStack, vSphere, KubeVirt, Hetzner, EquinixMetal, MetalStack, and OnMetal with minimal TCO.
OTHER License
Bot releases are hidden (Show)
Published by gardener-robot-ci-2 over 1 year ago
sshd-ensurer
script running on all shoot worker nodes has been fixed which was causing it to also kill processes other than sshd
when SSHAccess
for worker nodes is disabled. (gardener/gardener#7427, @gardener-ci-robot)etcd.Spec.Etcd.PeerUrlTls
in the ETCD CRs of high available shoots when marked for hibernation. (gardener/gardener#7532, @gardener-ci-robot)
GARDENER_PREVIOUS_RELEASE
is not specified. (gardener/gardener#7500, @gardener-ci-robot)PodSecurity
kube-apiserver admission plugin config in the Shoot, if provided, is now validated. (gardener/gardener#7486, @gardener-ci-robot)seed-lifecycle
controller is fixed. (gardener/gardener#7544, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.63.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.63.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.63.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.63.2
operator: eu.gcr.io/gardener-project/gardener/operator:v1.63.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.63.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.63.2
Published by gardener-robot-ci-2 over 1 year ago
core.gardener.cloud/v1alpha1
API is deprecated and will be removed soon. The core.gardener.cloud/v1beta1
API is already available since a very long time and should be used instead. (gardener/gardener#7443, @ary1992)alpha.control-plane.shoot.gardener.cloud/high-availability
has been dropped. Existing shoot clusters have already been migrated to the respective spec
fields since Gardener v1.60.0. Starting with this release, the annotation is not respected and the migration will not happen anymore. Please make sure to use shoot.spec.controlPlane.highAvailability.failureTolerance: {node, zone}
instead. (gardener/gardener#7493, @timuthy)Seed
s using .spec.dns.ingressDomain
must now finally be switched to using .spec.ingress
and .spec.dns.provider
(as changed with https://github.com/gardener/gardener/pull/3131 back in 2020). Please find more information about it here. The .spec.dns.ingressDomain
field is deprecated since more than 2 years and will be removed in a future version. (gardener/gardener#7515, @rfranzke)NetworkPolicy
s. For more information, read this section. (gardener/gardener#7484, @rfranzke)NetworkPolicy
s. Concretely, the following labels related to NetworkPolicies
are deprecated and should be replaced: (gardener/gardener#7515, @rfranzke)
networking.gardener.cloud/to-shoot-apiserver=allowed
, replace it with networking.resources.gardener.cloud/to-kube-apiserver-tcp-443=allowed
.networking.gardener.cloud/from-shoot-apiserver=allowed
, replace it with the label networking.resources.gardener.cloud/to-<service-name>-tcp-<container-port>=allowed
on kube-apiserver
pods.Node
objects on registration by the kubelet
. Gardener removes the taint once all node-critical pods are ready. This makes sure that user workload is only scheduled to nodes where all node-critical components are ready. Please refer to the documentation for more details. (gardener/gardener#7406, @timebertt)ManagedResource
s with .spec.class=nil
created in the shoot namespaces. Extensions using Gardener v1.65.0
onwards can drop the health check for the MangedResource. (gardener/gardener#7462, @acumino)node.gardener.cloud/critical-component=true
to ensure user workload is only scheduled to nodes where all node-critical components are ready. Please refer to the documentation for more details. (gardener/gardener#7406, @timebertt)goimports-reviser
is updated to a version that properly ignores generated files. (gardener/gardener#7492, @vpnachev)etcd.Spec.Etcd.PeerUrlTls
in the ETCD CRs of high available shoots when marked for hibernation. (gardener/gardener#7514, @aaronfern)
Istio-Ingress
namespaces. (gardener/gardener#7397, @timuthy)GARDENER_PREVIOUS_RELEASE
is not specified. (gardener/gardener#7491, @seshachalam-yv)PodSecurity
kube-apiserver admission plugin config in the Shoot, if provided, is now validated. (gardener/gardener#7472, @shafeeqes)ExposureClass
and ShootState
resources have been promoted to v1beta1
. (gardener/gardener#7443, @ary1992)nginx-ingress-controller-seed
image is updated to v1.6.4
for 1.23+ seeds and v1.4.0
for 1.22.x seeds. (gardener/gardener#7490, @shafeeqes)seed-lifecycle
controller is fixed. (gardener/gardener#7539, @acumino)shoot/adminkubeconfig
to $TM_KUBECONFIG_PATH/shoot.config
. Previously, it was saving the static token kubeconfig. (gardener/gardener#7495, @ialidzhikov)golangci-lint
has been updated to v1.51.2. (gardener/gardener#7537, @vpnachev)1.19.6
. (gardener/gardener#7542, @oliver-goetz)hack/format.sh
now can run goimports-reviser
with custom options set via the environment variable GOIMPORTS_REVISER_OPTIONS
. (gardener/gardener#7502, @vpnachev)3.15.7
. (gardener/etcd-backup-restore#590, @shreyas-s-rao)--min-chunk-size
(default value 5MB), it will be helpful in fine tuning the multi-part chunk upload size for different storage provider. (gardener/etcd-backup-restore#545, @louisportay)etcd
process that runs in the source Seed
cluster during "bad case" control plane migration. (gardener/etcd-backup-restore#555, @plkokanov)v1.19.3
. (gardener/etcd-backup-restore#561, @ishan16696)1.19.5
. (gardener/etcd-backup-restore#590, @shreyas-s-rao)v1.19
. (gardener/etcd-backup-restore#561, @ishan16696)kubectl
printer columns for Etcd
resource. (gardener/etcd-druid#490, @shreyas-s-rao)--etcd-process-name
has been deprecated and is now not added to the statefulset (gardener/etcd-druid#514, @aaronfern)spec.etcd.clientService.labels
field. (gardener/etcd-druid#485, @ialidzhikov)etcd
process that runs in the source Seed
cluster during "bad case" control plane migration. (gardener/etcd-druid#461, @plkokanov)v1.19.4
. (gardener/etcd-druid#495, @shreyas-s-rao)github.com/gardener/gardener
is updated v1.36.0
-> v1.57.1
(gardener/etcd-druid#450, @AleksandarSavchev)github.com/onsi/ginkgo
is upgraded to github.com/onsi/ginkgo/v2
(gardener/etcd-druid#450, @AleksandarSavchev)sigs.k8s.io/controller-runtime/pkg/envtest/printer
package in etcd-druid
is removed. (gardener/etcd-druid#493, @shafeeqes)docker_id
is replaced by container_id
. (gardener/logging#172, @vlvasilev)EnableMultiTenancy
. (gardener/logging#172, @vlvasilev)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.65.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.65.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.65.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.65.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.65.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.65.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.65.0
Published by gardener-robot-ci-2 over 1 year ago
etcd.Spec.Etcd.PeerUrlTls
in the ETCD CRs of high available shoots when marked for hibernation. (gardener/gardener#7531, @gardener-ci-robot)
GARDENER_PREVIOUS_RELEASE
is not specified. (gardener/gardener#7499, @gardener-ci-robot)PodSecurity
kube-apiserver admission plugin config in the Shoot, if provided, is now validated. (gardener/gardener#7487, @gardener-ci-robot)seed-lifecycle
controller is fixed. (gardener/gardener#7545, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.64.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.64.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.64.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.64.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.64.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.64.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.64.1
Published by gardener-robot-ci-2 over 1 year ago
Shoot
s to be set to Unknown
too fast in case the responsible gardenlet
is no longer posting its heartbeat. (gardener/gardener#7414, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.62.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.62.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.62.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.62.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.62.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.62.3
operator: eu.gcr.io/gardener-project/gardener/operator:v1.62.3
Published by gardener-robot-ci-1 over 1 year ago
rootcapublisher
controller has been dropped from gardener-resource-manager
since Gardener no longer supports Kubernetes clusters below v1.20
. For higher versions, the controller is no longer needed. (gardener/gardener#7367, @rfranzke)gardenlet
's NetworkPolicy
controller must now be submitted via .controllers.networkPolicy
instead of controllers.seedAPIServerNetworkPolicy
. (gardener/gardener#7389, @rfranzke)seed.spec.settings.shootDNS
has been removed from the Seed API. Please check your Seed
s and remove any usage before upgrading to this Gardener version. (gardener/gardener#7399, @acumino)allow-to-seed-apiserver
NetworkPolicy
is now deprecated and replaced by the new allow-to-runtime-apiserver
NetworkPolicy
. Components running in the seed cluster that need to talk to the kube-apiserver
should be labeled with networking.gardener.cloud/to-runtime-apiserver=allowed
. (gardener/gardener#7389, @rfranzke)MutableShootSpecNetworkingNodes
in gardener-apiserver
makes .spec.networking.nodes
in Shoot
s mutable. This allows increasing the network space for nodes. (gardener/gardener#7368, @axel7born)istio-system
namespace in seed clusters is now labeled with gardener.cloud/role=istio-system
. All istio-ingress*
namespaces are now labeled with gardener.cloud/role=istio-ingress
. (gardener/gardener#7389, @rfranzke)make start-envtest
brings up a test environment that can simplify debugging of integration tests. See the docs for more information. (gardener/gardener#7431, @timebertt)make kind-up IPFAMILY=ipv6
. (gardener/gardener#7388, @breuerfelix)NetworkPolicy
controller (disabled by default) has been introduced in gardener-resource-manager
. You can read all about it in this document. (gardener/gardener#7392, @rfranzke)node-role.kubernetes.io/default
, due to restrictions for the kubelet on applying them, is now reverted. (gardener/gardener#7424, @shafeeqes)cluster-identity
config map in kube-system
namespace is not deleted anymore if it was already existing on seed creation. (gardener/gardener#7436, @oliver-goetz)Shoot
s to be set to Unknown
too fast in case the responsible gardenlet
is no longer posting its heartbeat. (gardener/gardener#7404, @rfranzke)ssh-keypair
secrets from being deleted when SSHAccess
for worker nodes is disabled. (gardener/gardener#7411, @AleksandarSavchev)sshd-ensurer
script running on all shoot worker nodes has been fixed which was causing it to also kill processes other than sshd
when SSHAccess
for worker nodes is disabled. (gardener/gardener#7418, @AleksandarSavchev)provider-local
extension that causes the local-setup to not work with the runtime-gvisor
extension. (gardener/gardener#7316, @danielfoehrKn)Node
labels are added immediately on registration of new Nodes
. Excluded from this are labels that kubelets are forbidden to add by the NodeRestriction
admission plugin (they are still added asynchronously by machine-controller-manager). (gardener/gardener#7426, @timebertt)autoscaling.k8s.io/v1beta2
API, switch to autoscaling.k8s.io/v1
instead. (gardener/gardener#7441, @voelzmo)apiserver-proxy
now uses a dynamic base-id
for shared memory segments and hence allows multiple envoy-proxy
servers to run on the same node. (gardener/gardener#7446, @ScheererJ)sigs.k8s.io/controller-runtime
: v0.14.1
-> v0.14.4
sigs.k8s.io/controller-tools
: v0.11.1
-> v0.11.3
k8s.io/*
: v0.25.0
-> v0.26.1
sigs.k8s.io/controller-runtime
: v0.13.0
-> v0.14.1
MutableShootSpecNetworkingNodes
feature gate is enabled in gardener-apiserver
, Infrastructure
extensions need to guarantee that the condition "infrastructure virtual network range >= nodes CIDR range >= worker CIDR range" is met. (gardener/gardener#7368, @axel7born)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.64.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.64.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.64.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.64.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.64.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.64.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.64.0
Published by gardener-robot-ci-1 over 1 year ago
node-role.kubernetes.io/default
, due to restrictions for the kubelet on applying them, is now reverted. (gardener/gardener#7425, @shafeeqes)Shoot
s to be set to Unknown
too fast in case the responsible gardenlet
is no longer posting its heartbeat. (gardener/gardener#7413, @gardener-ci-robot)ssh-keypair
secrets from being deleted when SSHAccess
for worker nodes is disabled. (gardener/gardener#7417, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.63.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.63.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.63.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.63.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.63.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.63.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.63.1
Published by gardener-robot-ci-3 over 1 year ago
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.60.7
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.60.7
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.60.7
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.60.7
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.60.7
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.60.7
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.60.7
Published by gardener-robot-ci-2 over 1 year ago
BackupEntry
not to be correctly reconciled in case of secret rotation and a controller restart is now fixed. (gardener/gardener#7347, @shafeeqes)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.61.6
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.61.6
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.61.6
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.61.6
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.61.6
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.61.6
operator: eu.gcr.io/gardener-project/gardener/operator:v1.61.6
Published by gardener-robot-ci-1 over 1 year ago
ServiceAccount
signing key has been removed. This means that the Shoot
API no longer supports the .spec.kubernetes.kubeAPIServer.serviceAccountConfig.signingKeySecret
field. If you were using this field before then Gardener will now generate a new signing key secret. All existing ServiceAccount
tokens will become invalid and must be regenerated. (gardener/gardener#7242, @rfranzke)alpha.featuregates.shoot.gardener.cloud/reversed-vpn
on Shoot
s is no longer respected and should be removed from all resources. (gardener/gardener#7167, @axel7born)seed.spec.settings.shootDNS
has been removed and subsequently seed.spec.settings.shootDNS
will be dropped from the Seed API in a later release of Gardener. Please check your Seed
s and remove any usage before upgrading to this Gardener version. (gardener/gardener#7314, @acumino)basic_auth.csv
field under the Secret's data
. The basic_auth.csv
field was only required for the kube-apiserver basic auth which can no longer be enabled for K8s >= 1.19 Shoot clusters. (gardener/gardener#7362, @dimitar-kostadinov)ReversedVPN
, ManagedIstio
and APIServerSNI
are unconditionally enabled (locked to their default values) now. (gardener/gardener#7167, @axel7born)controllerutils.{WithLogger,CreateWorker}
functions have been removed. (gardener/gardener#7239, @rfranzke)sshAccess
field for the workers settings in the Shoot
API via .spec.provider.workersSettings.sshAccess
. It is set to true
by default and when enabled it ensures that the sshd.service
on the worker nodes is enabled and running. When set to false
it ensures that the sshd.service
on the worker nodes is disabled and stopped, and all already established SSH connections are terminated. (gardener/gardener#7188, @AleksandarSavchev)IPv6SingleStack
has been added along with new ipFamilies
fields in the Shoot
, Seed
, and Network
APIs (defaulted to ["IPv4"]
) in preparation for supporting IPv6 in gardener clusters. Please see the documentation for more information. (gardener/gardener#7288, @timebertt)controller-runtime
metrics for all the controllers and webhooks in the seed and the shoot controlplanes. (gardener/gardener#7180, @shafeeqes).spec.virtualCluster.controlPlane.highAvailability={}
. As of today, this causes the ETCDs to run with 3 replicas each. (gardener/gardener#7225, @rfranzke)gardener-operator
is now managing the load balancer Service
for exposing the virtual-garden-kube-apiserver
as part of the virtual garden cluster control plane. It is possible to specify annotations for it via .spec.runtimeCluster.settings.loadBalancerServices.annotations
in the Garden
resource. (gardener/gardener#7238, @rfranzke)controllers.shootCare.managedResourceProgressingThreshold
is introduced in GardenletConfiguration
, which can be used to set the threshold time for tolerating long-running ManagedResources
with Progressing=True
condition. (gardener/gardener#7241, @acumino)shoot.gardener.cloud/skip-readiness
has been added. Gardener skips most readiness checks in the shoot reconciliation flow when shoots have this annotation. It is meant to push through shoot spec changes in case of critical situations, e.g. an availability zone outage, in which various steps can never reach readiness. Once successfully reconciled, the annotation is automatically removed again. Using this annotation however, must be evaluated on a case-by-case basis since it can severely affect the availability of shoot control planes. (gardener/gardener#7268, @timuthy)HVPA
feature gate disabled) with Kubernetes version 1.26. In order to allow creation/update of 1.26 clusters you will have to update the version of your provider extension(s) to a version that supports 1.26 as well. Please consult the respective releases and notes in the provider extension's repository. (gardener/gardener#7275, @ialidzhikov)ObservabilityComponentsHealthy
has been introduced in the Shoot for tracking the status of observability components like Prometheus, Loki, Grafana, etc. The ControlPlaneHealthy
condition now only tracks core control plane components like ETCD, KAPI, KCM etc. (gardener/gardener#7325, @shafeeqes)SystemComponentsConfig
has been added to the Gardener Resource Manager. It automatically adds the system component node selector as well as any custom taints specified by the user to Pod
s not managed by DaemonSet
s. Hence, if you set the worker.gardener.cloud/system-components: true
node selector manually, this can be dropped in favor of the webhook's automatic handling. (gardener/gardener#7204, @timuthy)HighAvailabilityConfig
webhook now also mutates replica settings of HPA
and HVPA
resources. To make use of this handling, please label respective resources with the well known high-availability-config.resource.gardener.cloud/type
label, see docs/development/high-availability.md
for more information. (gardener/gardener#7226, @timuthy)HVPA
feature gate disabled) with Kubernetes version 1.26. Extension developers have to prepare individual extensions as well to work with 1.26. (gardener/gardener#7275, @ialidzhikov)DNSRecord
API now supports records of type AAAA
. If you implement a DNSRecord
controller, you can start implementing support for this record type. (gardener/gardener#7246, @nschad)kubelet-monitor
script running on all shoot worker nodes has been fixed which was causing to also kill processes other than kubelet
only. (gardener/gardener#7278, @eric-garber)Shoot
s from being deleted if they have never been reconciled at least once. (gardener/gardener#7326, @rfranzke)kube-apiserver
version v1.24, gardener will add the --shutdown-send-retry-after=true
command line flag to the kube-apiserver command. This is necessary so that during the graceful termination of the kube-apiserver
process, it responds to new requests with the Connection: close
and Retry-After: N
headers so that any active TCP connections are closed and they have a chance to be reopened to running kube-apiserver
s. This is a workaround for an issue in which if the --audit-log-mode=batch
is set on the kube-apiserver
, it can enter a deadlock during graceful termination. This deadlock can lead to kubelet
s not being able to update their corresponding Node
's status as the TCP connection to the broken kube-apiserver
will never be closed. (gardener/gardener#7250, @plkokanov)BackupEntry
not to be correctly reconciled in case of secret rotation and a controller restart is now fixed. (gardener/gardener#7281, @shafeeqes)kube-system
namespace only. Now it shows the count of pods in all namespaces. (gardener/gardener#7291, @acumino)ManagedSeed
bootstrapping for 1.24+ Kubernetes clusters has been fixed. (gardener/gardener#7315, @rfranzke)/etc/hosts
file that also prevented make test-e2e-local-simple
to be executed successfully is now fixed. (gardener/gardener#7271, @ialidzhikov)Node
labels are added immediately on registration of new Nodes
. (gardener/gardener#7202, @timebertt)ServiceAccount
signing key rotation procedure has been improved and should work better for clusters with lots of ServiceAccount
s or intermittent creations/deletions of new/old ServiceAccount
secrets. (gardener/gardener#7313, @rfranzke)service
objects. Earlier, shoot clusters were assigned a constraint reporting a problem with a failurePolicy: Fail
webhook acting on these objects. Now, only service
s in the kube-system
and defaults
namespaces are considered for this check. (gardener/gardener#7324, @timuthy)kube-system
) by using the well known and Kubernetes standard label key kubernetes.io/metadata.name
. Earlier, Gardener reported such webhooks as problematic. (gardener/gardener#7324, @timuthy)SystemComponentsConfig
has been added to the Gardener Resource Manager. It makes sure that matching Pod
s can run on Node
s which allow system components. Please see ./docs/concepts/resource-manager.md#System-Components-Webhook
for more information. (gardener/gardener#7204, @timuthy)NodeStatusUpdateFrequency
to use its default value. With this, shoots make full use of kubelet's node lease feature now instead of performing heartbeats on the Node
objects. (gardener/gardener#7261, @breuerfelix)endpoint
and lease
objects in all namespaces. Under some circumstances, such webhooks were not reported as problematic before. (gardener/gardener#7355, @timuthy)watchdog
container to kube-apiserver
pods for kubernetes v1.24
which will monitor if the kube-apiserver
process is working properly and use some heuristics to detect if it is stuck during shutdown. If that happens it will forcefully cause it to finish shutting down by sending a SIGTERM
signal to it. (gardener/gardener#7366, @plkokanov)make kind-*up
commands. (gardener/gardener#7369, @timuthy)linux/amd64
and linux/arm64
now. (gardener/autoscaler#162, @oliver-goetz)
1.19.5
.make manifests
target. (gardener/etcd-druid#489, @shreyas-s-rao)spec.etcd.clientService.labels
field. (gardener/etcd-druid#491, @ialidzhikov)github.com/gardener/gardener
is updated v1.36.0
-> v1.57.1
(gardener/etcd-druid#450, @AleksandarSavchev)github.com/onsi/ginkgo
is upgraded to github.com/onsi/ginkgo/v2
(gardener/etcd-druid#450, @AleksandarSavchev)sigs.k8s.io/controller-runtime/pkg/envtest/printer
package in etcd-druid
is removed. (gardener/etcd-druid#493, @shafeeqes)metrics-addr
and enable-leader-election
have been changed to metrics-bind-address
and leader-elect
respectively to be in-line with kubebuilder v3 scaffolding. (gardener/hvpa-controller#113, @voelzmo)make test
is adapted to automatically configure envtest to use k8s 1.24.2 binaries (gardener/hvpa-controller#113, @voelzmo)controller-gen
, kustomize
and setup-envtest
are automatically downloaded and installed into ./bin
(gardener/hvpa-controller#113, @voelzmo)golang:1.19.5
(gardener/vpn2#25, @MartinWeindel)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.63.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.63.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.63.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.63.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.63.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.63.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.63.0
Published by gardener-robot-ci-3 over 1 year ago
Shoot
s from being deleted if they have never been reconciled at least once. (gardener/gardener#7328, @gardener-ci-robot)kubelet-monitor
script running on all shoot worker nodes has been fixed which was causing to also kill processes other than kubelet
only. (gardener/gardener#7354, @gardener-ci-robot)BackupEntry
not to be correctly reconciled in case of secret rotation and a controller restart is now fixed. (gardener/gardener#7346, @shafeeqes)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.62.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.62.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.62.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.62.2
operator: eu.gcr.io/gardener-project/gardener/operator:v1.62.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.62.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.62.2
Published by gardener-robot-ci-2 almost 2 years ago
kube-apiserver
version v1.24, gardener will add the --shutdown-send-retry-after=true
command line flag to the kube-apiserver command. This is necessary so that during the graceful termination of the kube-apiserver
process, it responds to new requests with the Connection: close
and Retry-After: N
headers so that any active TCP connections are closed and they have a chance to be reopened to running kube-apiserver
s. This is a workaround for an issue in which if the --audit-log-mode=batch
is set on the kube-apiserver
, it can enter a deadlock during graceful termination. This deadlock can lead to kubelet
s not being able to update their corresponding Node
's status as the TCP connection to the broken kube-apiserver
will never be closed. (gardener/gardener#7263, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.61.5
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.61.5
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.61.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.61.5
operator: eu.gcr.io/gardener-project/gardener/operator:v1.61.5
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.61.5
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.61.5
Published by gardener-robot-ci-1 almost 2 years ago
kube-apiserver
version v1.24, gardener will add the --shutdown-send-retry-after=true
command line flag to the kube-apiserver command. This is necessary so that during the graceful termination of the kube-apiserver
process, it responds to new requests with the Connection: close
and Retry-After: N
headers so that any active TCP connections are closed and they have a chance to be reopened to running kube-apiserver
s. This is a workaround for an issue in which if the --audit-log-mode=batch
is set on the kube-apiserver
, it can enter a deadlock during graceful termination. This deadlock can lead to kubelet
s not being able to update their corresponding Node
's status as the TCP connection to the broken kube-apiserver
will never be closed. (gardener/gardener#7262, @gardener-ci-robot)/etc/hosts
file that also prevented make test-e2e-local-simple
to be executed successfully is now fixed. (gardener/gardener#7274, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.62.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.62.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.62.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.62.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.62.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.62.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.62.1
Published by gardener-robot-ci-3 almost 2 years ago
kube-apiserver
version v1.24, gardener will add the --shutdown-send-retry-after=true
command line flag to the kube-apiserver command. This is necessary so that during the graceful termination of the kube-apiserver
process, it responds to new requests with the Connection: close
and Retry-After: N
headers so that any active TCP connections are closed and they have a chance to be reopened to running kube-apiserver
s. This is a workaround for an issue in which if the --audit-log-mode=batch
is set on the kube-apiserver
, it can enter a deadlock during graceful termination. This deadlock can lead to kubelet
s not being able to update their corresponding Node
's status as the TCP connection to the broken kube-apiserver
will never be closed. (gardener/gardener#7264, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.60.6
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.60.6
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.60.6
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.60.6
operator: eu.gcr.io/gardener-project/gardener/operator:v1.60.6
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.60.6
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.60.6
Published by gardener-robot-ci-2 almost 2 years ago
DNSProvider
from supported extension kinds. Make sure that the dns-external
extension has been removed completely before installing this Gardener version. (gardener/gardener#7138, @MartinWeindel)pkg/utils/managedresources
had their signatures changed. They both now accept an additional parameter called origin
. Gardener acts on resources with "origin=gardener" label. External callers of these functions should provide their own unique origin value when creating managedresources
in order to prevent unwanted actions on these resources. (gardener/gardener#7162, @dimityrmirchev)TokenReview
s and SelfSubjectaAccessReview
s. This is a required for the new gardenctl ssh-patch
command. (gardener/gardener#7201, @holgerkoser)gardener-admission-controller
now validates Shoot
Kubernetes version compatibility with Audit Policy API version on Shoot
update request. (gardener/gardener#7205, @acumino)kube-apiserver
via the Shoot
specification. (gardener/gardener#7094, @vlvasilev)kube-apiserver
pod on the seed side or the vpn-shoot
pod on the shoot side are terminated. But new connections can be opened within seconds. For more details see this document. (gardener/gardener#6978, @MartinWeindel)Shoot
specification is kept in Shoot
's .status.lastMaintenance
field. (gardener/gardener#7035, @acumino)gardener-operator
is now managing the two ETCD instances (main, events) as part of the virtual garden cluster control plane. (gardener/gardener#7067, @rfranzke)Extension
kinds during different control flows (reconciliation, deletion, migration). Please consult this document for more information. (gardener/gardener#6999, @dimityrmirchev)gardener-operator
now supports credentials rotation. The procedure is similar to how it works for Shoot
s. Please read this for more information. (gardener/gardener#7144, @rfranzke)Shoot
s are protected from accidental deletion, Garden
s must now be annotated with confirmation.gardener.cloud/deletion=true
before DELETE
requests are accepted. (gardener/gardener#7144, @rfranzke)gardener-operator
now serves a validating webhook which ensures that there is only one Garden
resource in the system at a time. (gardener/gardener#7144, @rfranzke)gardener-apiserver
when using the Gardener controlplane
Helm chart. (gardener/gardener#7160, @rfranzke)garden-local
environment is extended by a scenario running Seeds
and Shoots
on a real infrastructure and registering provider-extensions
. Please see docs/deployment/getting_started_locally_with_extensions.md
for more information. (gardener/gardener#6678, @oliver-goetz)bin-packing-scheduler
not to be added to the kube-scheduler configuration when the bin-packing profile is configured in the Shoot spec is now fixed. (gardener/gardener#7216, @ialidzhikov)Pending
state when kubelet's protectKernelDefaults
is set to true
. (gardener/gardener#7088, @AleksandarSavchev)Shoot
s whose domains were not unique in the system. (gardener/gardener#7134, @shafeeqes)etcd-druid
and hvpa-controller
to be deleted on Seed
deletion when the seed is the garden at the same time. (gardener/gardener#7172, @rfranzke)vpn-seed-server
deployment. (gardener/gardener#7194, @MartinWeindel)Shoot
s which are scheduled to a Seed
with less then 3 zones to spec.controlPlane.failureTolerance.type: zone
(gardener/gardener#7195, @oliver-goetz)allow-to-private-networks
networkpolicy. (gardener/gardener#7112, @axel7born)gardenlet
from reconciling its Seed
in case the seed cluster is the garden cluster at the same time. (gardener/gardener#7154, @rfranzke)gardener-resource-manager
now only considers ConfigMap
s/Secret
s as garbage-collectable resources (i.e., other resources with the "garbage-collectable" label will not be kept even if removed from the ManagedResource
or when it is deleted). (gardener/gardener#7161, @rfranzke)HighAvailabilityConfig
webhook part of gardener-resource-manager
now ensures that the zone-pinning affinity is always respected. (gardener/gardener#7166, @rfranzke).status.lastOperationType=Create
or .status.lastOperationType=nil
and a machine deployment exists with .status.Replicas
> 0. (gardener/gardener#7179, @rishabh-11)HOSTNAME
contains capital letters (gardener/gardener#7132, @vlvasilev)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.62.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.62.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.62.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.62.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.62.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.62.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.62.0
Published by gardener-robot-ci-3 almost 2 years ago
bin-packing-scheduler
not to be added to the kube-scheduler configuration when the bin-packing profile is configured in the Shoot spec is now fixed. (gardener/gardener#7217, @gardener-ci-robot)Shoot
s which are scheduled to a Seed
with less then 3 zones to spec.controlPlane.failureTolerance.type: zone
(gardener/gardener#7198, @gardener-ci-robot).status.lastOperationType=Create
or .status.lastOperationType=nil
and a machine deployment exists with .status.Replicas
> 0. (gardener/gardener#7181, @rishabh-11)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.61.4
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.61.4
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.61.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.61.4
operator: eu.gcr.io/gardener-project/gardener/operator:v1.61.4
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.61.4
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.61.4
Published by gardener-robot-ci-3 almost 2 years ago
bin-packing-scheduler
not to be added to the kube-scheduler configuration when the bin-packing profile is configured in the Shoot spec is now fixed. (gardener/gardener#7218, @ialidzhikov)Shoot
s which are scheduled to a Seed
with less then 3 zones to spec.controlPlane.failureTolerance.type: zone
(gardener/gardener#7197, @gardener-ci-robot).status.lastOperationType=Create
or .status.lastOperationType=nil
and a machine deployment exists with .status.Replicas
> 0. (gardener/gardener#7182, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.60.5
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.60.5
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.60.5
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.60.5
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.60.5
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.60.5
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.60.5
Published by gardener-robot-ci-1 almost 2 years ago
Shoot
s whose domains were not unique in the system. (gardener/gardener#7137, @gardener-ci-robot)bin-packing-scheduler
not to be added to the kube-scheduler configuration when the bin-packing profile is configured in the Shoot spec is now fixed. (gardener/gardener#7219, @ialidzhikov)BackupEntry
to become ready. The issue could occur if the gardenlet
configration specifies controllers.backupEntry.deletionGracePeriodHours
larger than 0 and the Shoot
's control plane is migrated twice within that timeframe. (gardener/gardener#7128, @gardener-ci-robot)Shoot
s which are scheduled to a Seed
with less then 3 zones to spec.controlPlane.failureTolerance.type: zone
(gardener/gardener#7196, @gardener-ci-robot).status.lastOperationType=Create
or .status.lastOperationType=nil
and a machine deployment exists with .status.Replicas
> 0. (gardener/gardener#7183, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.59.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.59.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.59.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.59.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.59.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.59.3
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.59.3
Published by gardener-robot-ci-3 almost 2 years ago
etcd-druid
and hvpa-controller
to be deleted on Seed
deletion when the seed is the garden at the same time. (gardener/gardener#7176, @rfranzke)HighAvailabilityConfig
webhook part of gardener-resource-manager
now ensures that the zone-pinning affinity is always respected. (gardener/gardener#7169, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.61.3
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.61.3
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.61.3
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.61.3
operator: eu.gcr.io/gardener-project/gardener/operator:v1.61.3
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.61.3
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.61.3
Published by gardener-robot-ci-3 almost 2 years ago
HighAvailabilityConfig
webhook part of gardener-resource-manager
now ensures that the zone-pinning affinity is always respected. (gardener/gardener#7170, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.60.4
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.60.4
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.60.4
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.60.4
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.60.4
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.60.4
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.60.4
Published by gardener-robot-ci-3 almost 2 years ago
gardenlet
from reconciling its Seed
in case the seed cluster is the garden cluster at the same time. (gardener/gardener#7155, @gardener-ci-robot)admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.61.2
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.61.2
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.61.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.61.2
operator: eu.gcr.io/gardener-project/gardener/operator:v1.61.2
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.61.2
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.61.2