Release Notes next
Yake release notes and upgrade guide
Related upstream release notes / changelogs
Update backup-s3 to 0.7.1
General Changes
- Remove deployment anti affinity rule. (#12) @Gerrit91
Update gardener-controlplane to 1.110.3
[gardener/gardener]
🐛 Bug Fixes
[OPERATOR]Fix bug where gardenlet was missing permissions to readv1.Eventsin the istio ingress namespace in the seed cluster. by @vpnachev [#11163]
🏃 Others
[DEPENDENCY]Thegardener/vpn2image has been updated to0.34.0. Release Notes by @gardener-ci-robot [#11161][OPERATOR]Fix a bug in the gardener operator where the issuer URL domain for workload identity tokens was not prefixed withdiscovery.resulting in invalid OIDC tokens and discovery documents. by @vpnachev [#11158]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.3 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.3 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.3 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.3
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.3 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.3 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.3 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.3 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.3 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.3 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.3 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.3
Update gardener-controlplane to 1.110.3
[gardener/gardener]
🐛 Bug Fixes
[OPERATOR]Fix bug where gardenlet was missing permissions to readv1.Eventsin the istio ingress namespace in the seed cluster. by @vpnachev [#11163]
🏃 Others
[DEPENDENCY]Thegardener/vpn2image has been updated to0.34.0. Release Notes by @gardener-ci-robot [#11161][OPERATOR]Fix a bug in the gardener operator where the issuer URL domain for workload identity tokens was not prefixed withdiscovery.resulting in invalid OIDC tokens and discovery documents. by @vpnachev [#11158]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.3 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.3 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.3 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.3
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.3 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.3 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.3 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.3 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.3 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.3 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.3 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.3
Update gardenlet to 1.110.3
[gardener/gardener]
🐛 Bug Fixes
[OPERATOR]Fix bug where gardenlet was missing permissions to readv1.Eventsin the istio ingress namespace in the seed cluster. by @vpnachev [#11163]
🏃 Others
[DEPENDENCY]Thegardener/vpn2image has been updated to0.34.0. Release Notes by @gardener-ci-robot [#11161][OPERATOR]Fix a bug in the gardener operator where the issuer URL domain for workload identity tokens was not prefixed withdiscovery.resulting in invalid OIDC tokens and discovery documents. by @vpnachev [#11158]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.3 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.3 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.3 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.3
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.3 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.3 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.3 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.3 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.3 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.3 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.3 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.3
Update provider-azure to 1.49.3
[gardener/gardener-extension-provider-azure]
🐛 Bug Fixes
[OPERATOR]Fix an issue causing nil pointer exception when the remote resource that was once existing and present in the inventory, had been deleted during reconciliation by @AndreasBurger [#1062]
Helm Charts
- admission-azure-application:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.49.3 - admission-azure-runtime:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.49.3 - provider-azure:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.49.3
Docker Images
- gardener-extension-admission-azure:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.49.3 - gardener-extension-provider-azure:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.49.3
Update cloudprofiles to 0.7.22
Update gardener-controlplane to 1.110.4
[gardener/gardener]
🏃 Others
[DEPENDENCY]The following images have been updated:registry.k8s.io/autoscaling/vpa-admission-controller: 1.2.1 -> 1.2.2registry.k8s.io/autoscaling/vpa-recommender: 1.2.1 -> 1.2.2registry.k8s.io/autoscaling/vpa-updater: 1.2.1 -> 1.2.2 by @ialidzhikov [#11179]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.4 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.4 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.4 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.4
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.4 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.4 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.4 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.4 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.4 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.4 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.4 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.4
Update gardener-controlplane to 1.110.4
[gardener/gardener]
🏃 Others
[DEPENDENCY]The following images have been updated:registry.k8s.io/autoscaling/vpa-admission-controller: 1.2.1 -> 1.2.2registry.k8s.io/autoscaling/vpa-recommender: 1.2.1 -> 1.2.2registry.k8s.io/autoscaling/vpa-updater: 1.2.1 -> 1.2.2 by @ialidzhikov [#11179]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.4 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.4 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.4 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.4
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.4 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.4 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.4 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.4 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.4 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.4 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.4 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.4
Update gardenlet to 1.110.4
[gardener/gardener]
🏃 Others
[DEPENDENCY]The following images have been updated:registry.k8s.io/autoscaling/vpa-admission-controller: 1.2.1 -> 1.2.2registry.k8s.io/autoscaling/vpa-recommender: 1.2.1 -> 1.2.2registry.k8s.io/autoscaling/vpa-updater: 1.2.1 -> 1.2.2 by @ialidzhikov [#11179]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.4 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.4 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.4 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.4
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.4 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.4 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.4 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.4 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.4 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.4 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.4 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.4
Update os-gardenlinux to 0.28.0
[gardener/gardener-extension-os-gardenlinux]
🏃 Others
[OPERATOR]SAST assets are now collected in the release pipeline and attached to the component-descriptor. by @MrBatschner [#225][OPERATOR]remove 11-exec_config.conf & config.toml file creation by @Roncossek [#215]
Helm Charts
- os-gardenlinux:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-gardenlinux:v0.28.0
Docker Images
- gardener-extension-os-gardenlinux:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.28.0
Update shoot-flux to 0.14.0
What's Changed
- bump gardener to
v1.109.0by @ElDrinko in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/130
Full Changelog: https://github.com/stackitcloud/gardener-extension-shoot-flux/compare/v0.13.0...v0.14.0
Update shoot-dns-service to 1.56.0
[gardener/gardener-extension-shoot-dns-service]
📰 Noteworthy
[OPERATOR]The entry list stored in the extension resource status is now compressed to shift the limit before hitting the request size limit of etcd. by @MartinWeindel [#416]
Helm Charts
- admission-shoot-dns-service-application:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-application:v1.56.0 - admission-shoot-dns-service-runtime:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-runtime:v1.56.0 - shoot-dns-service:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-dns-service:v1.56.0
Docker Images
- gardener-extension-admission-shoot-dns-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-shoot-dns-service:v1.56.0 - gardener-extension-shoot-dns-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-dns-service:v1.56.0
Update dashboard to 1.79.0
[gardener/dashboard]
⚠️ Breaking Changes
[OPERATOR]Access Restrictions:- This dashboard version requires Gardener version
v1.107.0if access restrictions are configured. - The
accessRestriction.items[].display.visibleIfandaccessRestriction.items[].display.invertedconfigurations are no longer supported and will be ignored. The dashboard will now assumevisibleIf=trueandinverted=false. However, this change does not affect theaccessRestriction.items[].input.options[].display.visibleIfandaccessRestriction.items[].input.options[].display.invertedsettings. by @petersutter [#2163]
- This dashboard version requires Gardener version
[OPERATOR]The dashboard no longer falls back to reading the cluster CA from the deprecated<shoot-name>.ca-clusterSecret. This change requires Gardenerv1.89.0or higher. by @petersutter [#2164][USER]Static token kubeconfig support has been removed from the dashboard. This feature is no longer needed as of Kubernetes version1.27, where theenableStaticTokenKubeconfigfield is permanently set tofalse. by @petersutter [#2171][USER]The dashboard no longer relies on the specific labelscloudprofile.garden.sapcloud.io/nameandgardener.cloud/dnsProviderNameto filter when selecting secrets. Instead, it now solely relies on the newly introduced provider.type field. As a result, cloud profiles are no longer selectable during secret creation, and all cloud profiles for the current infrastructure are now available for selection by @grolu [#2141]
🐛 Bug Fixes
[USER]Fixed alertmanager URL by @petersutter [#2178][USER]Resolved an issue where the editor search did not function correctly for non-editable clusters, such as 'Purpose: Infrastructure' by @grolu [#2176][OPERATOR]Switched to a polling-based watcher approach for kube-config files, as we've observed that some filesystem events can be missed by chokidar. by @holgerkoser [#2202]
🏃 Others
[OPERATOR]Action Required: The automatic mapping fromaccessRestriction.items[@key="seed.gardener.cloud/eu-access"]toaccessRestriction.items[@key="eu-access-only"]will be removed in a future dashboard version. Dashboard operators who useseed.gardener.cloud/eu-accessin their access restriction configuration should update the key toeu-access-only. If your configuration does not includeseed.gardener.cloud/eu-access, no action is required. by @petersutter [#2196]
📖 Documentation
[OPERATOR]Fix the link reference to the shoot credentials rotation page. by @marc1404 [#2221][OPERATOR]Fix the link reference to the control plane high availability page. by @marc1404 [#2225]
Docker Images
- gardener-dashboard:
europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.79.0
Update dashboard to 1.79.0
[gardener/dashboard]
⚠️ Breaking Changes
[OPERATOR]Access Restrictions:- This dashboard version requires Gardener version
v1.107.0if access restrictions are configured. - The
accessRestriction.items[].display.visibleIfandaccessRestriction.items[].display.invertedconfigurations are no longer supported and will be ignored. The dashboard will now assumevisibleIf=trueandinverted=false. However, this change does not affect theaccessRestriction.items[].input.options[].display.visibleIfandaccessRestriction.items[].input.options[].display.invertedsettings. by @petersutter [#2163]
- This dashboard version requires Gardener version
[OPERATOR]The dashboard no longer falls back to reading the cluster CA from the deprecated<shoot-name>.ca-clusterSecret. This change requires Gardenerv1.89.0or higher. by @petersutter [#2164][USER]Static token kubeconfig support has been removed from the dashboard. This feature is no longer needed as of Kubernetes version1.27, where theenableStaticTokenKubeconfigfield is permanently set tofalse. by @petersutter [#2171][USER]The dashboard no longer relies on the specific labelscloudprofile.garden.sapcloud.io/nameandgardener.cloud/dnsProviderNameto filter when selecting secrets. Instead, it now solely relies on the newly introduced provider.type field. As a result, cloud profiles are no longer selectable during secret creation, and all cloud profiles for the current infrastructure are now available for selection by @grolu [#2141]
🐛 Bug Fixes
[USER]Fixed alertmanager URL by @petersutter [#2178][USER]Resolved an issue where the editor search did not function correctly for non-editable clusters, such as 'Purpose: Infrastructure' by @grolu [#2176][OPERATOR]Switched to a polling-based watcher approach for kube-config files, as we've observed that some filesystem events can be missed by chokidar. by @holgerkoser [#2202]
🏃 Others
[OPERATOR]Action Required: The automatic mapping fromaccessRestriction.items[@key="seed.gardener.cloud/eu-access"]toaccessRestriction.items[@key="eu-access-only"]will be removed in a future dashboard version. Dashboard operators who useseed.gardener.cloud/eu-accessin their access restriction configuration should update the key toeu-access-only. If your configuration does not includeseed.gardener.cloud/eu-access, no action is required. by @petersutter [#2196]
📖 Documentation
[OPERATOR]Fix the link reference to the shoot credentials rotation page. by @marc1404 [#2221][OPERATOR]Fix the link reference to the control plane high availability page. by @marc1404 [#2225]
Docker Images
- gardener-dashboard:
europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.79.0
Update gardener-webterminal to 0.34.0
[gardener/terminal-controller-manager]
⚠️ Breaking Changes
[OPERATOR]Thecredential.secretRefproperty has been removed from the terminalhostandtargetproperties:- For
Seedresources,spec.secretRefwas removed from the API without replacement, eliminating the need forcredential.secretRef. - For
Shootresources,credential.shootRefnow replaces the previously usedcredential.secretReffor static token kubeconfigs. by @petersutter [#320]
- For
✨ New Features
[OPERATOR]Enhance terminal pods with service account token projection when the terminal host and target are in the same cluster and namespace by @petersutter [#322][DEVELOPER]gosecwas introduced for Static Application Security Testing (SAST). by @petersutter [#328]
Docker Images
- terminal-controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/terminal-controller-manager:v0.34.0
Update gardener-webterminal to 0.34.0
[gardener/terminal-controller-manager]
⚠️ Breaking Changes
[OPERATOR]Thecredential.secretRefproperty has been removed from the terminalhostandtargetproperties:- For
Seedresources,spec.secretRefwas removed from the API without replacement, eliminating the need forcredential.secretRef. - For
Shootresources,credential.shootRefnow replaces the previously usedcredential.secretReffor static token kubeconfigs. by @petersutter [#320]
- For
✨ New Features
[OPERATOR]Enhance terminal pods with service account token projection when the terminal host and target are in the same cluster and namespace by @petersutter [#322][DEVELOPER]gosecwas introduced for Static Application Security Testing (SAST). by @petersutter [#328]
Docker Images
- terminal-controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/terminal-controller-manager:v0.34.0
Update networking-calico to 1.46.0
[gardener/gardener-extension-networking-calico]
🏃 Others
[OPERATOR]Do not enable IPIP for non-overlay case when no networkConfig is set. by @DockToFuture [#563]
Helm Charts
- admission-calico-application:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.46.0 - admission-calico-runtime:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.46.0 - networking-calico:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.46.0
Docker Images
- gardener-extension-admission-calico:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.46.0 - gardener-extension-networking-calico:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.46.0