Release Notes v1.109

Yake release notes and upgrade guide

Update external-dns-management to 0.22.1

[gardener/external-dns-management]

📰 Noteworthy

[OPERATOR] gosec was introduced for Static Application Security Testing (SAST). by @MartinWeindel [#394]

🏃 Others

[OPERATOR] Bumps golang from 1.23.2 to 1.23.3. by @dependabot[bot] [#398]

Helm Charts

dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.22.1

Docker Images

dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.22.1

Update shoot-dns-service to 1.54.0

[gardener/gardener-extension-shoot-dns-service]

🏃 Others

[OPERATOR] Bumps github.com/gardener/gardener from 1.107.0 to 1.108.0. by @dependabot[bot] [#399]
[OPERATOR] Reduce default values for resource utilisation of shoot-dns-service controller in the control plane. by @MartinWeindel [#392]
[OPERATOR] gosec was introduced for Static Application Security Testing (SAST). by @MartinWeindel [#387]
[OPERATOR] Bumps github.com/gardener/gardener from 1.105.0 to 1.106.0. by @dependabot[bot] [#390]
[OPERATOR] Bumps github.com/gardener/gardener from 1.106.0 to 1.107.0. by @dependabot[bot] [#394]

[gardener/external-dns-management]

📰 Noteworthy

[OPERATOR] gosec was introduced for Static Application Security Testing (SAST). by @MartinWeindel [gardener/external-dns-management#394]

🏃 Others

[OPERATOR] Bumps golang from 1.23.2 to 1.23.3. by @dependabot[bot] [gardener/external-dns-management#398]

Helm Charts

admission-shoot-dns-service-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-application:v1.54.0
admission-shoot-dns-service-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-runtime:v1.54.0
shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-dns-service:v1.54.0

Docker Images

gardener-extension-admission-shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-shoot-dns-service:v1.54.0
gardener-extension-shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-dns-service:v1.54.0

Update shoot-flux to 0.11.0

What's Changed

Bump gardener to v1.105.3 by @Duciwuci in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/119

Full Changelog: https://github.com/stackitcloud/gardener-extension-shoot-flux/compare/v0.10.0...v0.11.0

Update shoot-cert-service to 1.46.0

[gardener/gardener-extension-shoot-cert-service]

🏃 Others

[OPERATOR] Reduce default values for resource utilisation of cert-management controller in the control plane. by @MartinWeindel [#308]
[OPERATOR] Bumps github.com/gardener/gardener from 1.106.0 to 1.107.0. by @dependabot[bot] [#310]
[OPERATOR] Bumps golang from 1.23.2 to 1.23.3. by @dependabot[bot] [#311]
[OPERATOR] Bumps github.com/gardener/gardener from 1.105.0 to 1.106.0. by @dependabot[bot] [#306]
[OPERATOR] Bumps github.com/gardener/gardener from 1.107.0 to 1.108.0. by @dependabot[bot] [#315]

Helm Charts

shoot-cert-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-cert-service:v1.46.0

Docker Images

gardener-extension-shoot-cert-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.46.0

Update backup-s3 to 0.7.0

General Changes

Revendor g/g v1.100 (https://github.com/metal-stack/gardener-extension-backup-s3/pull/11) @Gerrit91

Update cloudprofiles to 0.7.20

Full Changelog: https://github.com/gardener-community/cloudprofiles/compare/0.7.19...0.7.20

Update provider-azure to 1.49.0

[gardener/gardener-extension-provider-azure]

⚠️ Breaking Changes

[USER] Deprecate DNSRecordConfig object. Please configure the target Azure management API via the provided secret by @kon-angelo [#1018]

✨ New Features

[USER] Enable extra-create-metadata in csi-provisioner. by @kon-angelo [#1008]

🏃 Others

[DEPENDENCY] Update go to version 1.23.3 by @hebelsan [#1005]
[DEPENDENCY] Update gardener/gardener to v1.108.0 by @hebelsan [#1014]
[OPERATOR] Create bastion vm from the info provided in the cloud profile bastion section by @hebelsan [#948]
[OPERATOR] Fix an issue where the subnet name was not calculated correctly in the migration to multi-subnet setup by @kon-angelo [#1004]
[OPERATOR] Updating CSI driver provisioner ClusterRole rules by @hebelsan [#988]
[OPERATOR] Remove outdated "Basic" SKU loadbalancer migration documentation. by @kon-angelo [#1017]
[OPERATOR] Remove the duplicate provider type check from the admission webhooks. by @LucaBernstein [#998]
[OPERATOR] Add NamespacedCloudProfile admission mutation and validation to support custom machine images and types. by @LucaBernstein [#1016]
[OPERATOR] Added validation to prevent IPv6-only/dual-stack clusters as they are not supported, yet. by @ScheererJ [#993]
[DEVELOPER] Add gosec as sast makefile target by @hebelsan [#1006]
[DEVELOPER] Update gardener/gardener to v1.105.0 by @hebelsan [#989]

Helm Charts

admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.49.0
admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.49.0
provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.49.0

Docker Images

gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.49.0
gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.49.0

Update provider-openstack to 1.43.0

[gardener/gardener-extension-provider-openstack]

⚠️ Breaking Changes

[OPERATOR] Deprecated configuring bastion via helm chart config map by @hebelsan [#838]

📰 Noteworthy

[OPERATOR] Added support for configuring bastion vm from CloudProfile's bastion section by @hebelsan [#838]

🏃 Others

[DEPENDENCY] Add gosec as sast makefile target by @hebelsan [#902]
[DEPENDENCY] Update go to version 1.23.3 by @hebelsan [#900]
[OPERATOR] Fix an issue where provider-openstack required permissions for share network operations even when not required by the InfrastructureConfig. by @kon-angelo [#885]
[OPERATOR] Update gardener/gardener to v1.107.0 by @hebelsan [#896]
[OPERATOR] Fix an issue where the deletion with the flow reconciler would fail if the network was already deleted. by @kon-angelo [#898]
[OPERATOR] Added validation to prevent IPv6-only/dual-stack clusters as they are not supported, yet. by @ScheererJ [#886]
[OPERATOR] Remove the duplicate provider type check from the admission webhooks. by @LucaBernstein [#895]
[OPERATOR] Fix possible nil-pointer deref when looking for networks. during reconciliation by @AndreasBurger [#879]
[OPERATOR] subnet overlapping, missing expected router and Policy doesn't allow .* to be performed errors are now non-retryable user errors. by @RadaBDimitrova [#894]
[OPERATOR] Updating CSI driver provisioner ClusterRole rules by @hebelsan [#880]
[DEVELOPER] Update gardener/gardener to v1.105.0 by @hebelsan [#881]

Helm Charts

admission-openstack-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.43.0
admission-openstack-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.43.0
provider-openstack: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.43.0

Docker Images

gardener-extension-admission-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.43.0
gardener-extension-provider-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.43.0

Update os-ubuntu to 1.26.0

[gardener/gardener-extension-os-ubuntu]

⚠️ Breaking Changes

[OPERATOR] This extension is no longer able to run with Gardener versions lower than v1.90 when the UseGardenerNodeAgent feature gate is disabled. by @rfranzke [#126]

✨ New Features

[OPERATOR] Helm charts of extension and admission controller are published as OCI artifacts now. by @oliver-goetz [#143]

🏃 Others

[DEVELOPER] The vendor directory was removed in favor of the go mod cache. by @LucaBernstein [#133]
[DEVELOPER] Static Application Security Testing (sast) with gosec got enabled on this repository. by @MrBatschner [#163]

Helm Charts

os-ubuntu: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-ubuntu:v1.26.0

Docker Images

gardener-extension-os-ubuntu: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-ubuntu:v1.26.0

Update gardener-controlplane to 1.108.1

[gardener/gardener]

🐛 Bug Fixes

[OPERATOR] The seed.gardener.cloud/eu-access=true label (in CloudProfiles and Seeds) or seed selector (in Shoots) is no longer removed when the eu-access-only restriction is removed from the .spec.accessRestrictions[] field. Similarly, the support.gardener.cloud/eu-access-for-cluster-{addons,nodes} annotations in Shoots are no longer removed when they are removed from the .spec.accessRestrictions[].options field. by @rfranzke [#10885]

Helm Charts

controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.108.1
gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.108.1
operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.108.1
resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.108.1

Docker Images

admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.108.1
apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.108.1
controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.108.1
gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.108.1
node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.108.1
operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.108.1
resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.108.1
scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.108.1

Update gardener-controlplane to 1.108.1

[gardener/gardener]

🐛 Bug Fixes

[OPERATOR] The seed.gardener.cloud/eu-access=true label (in CloudProfiles and Seeds) or seed selector (in Shoots) is no longer removed when the eu-access-only restriction is removed from the .spec.accessRestrictions[] field. Similarly, the support.gardener.cloud/eu-access-for-cluster-{addons,nodes} annotations in Shoots are no longer removed when they are removed from the .spec.accessRestrictions[].options field. by @rfranzke [#10885]

Helm Charts

controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.108.1
gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.108.1
operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.108.1
resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.108.1

Docker Images

admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.108.1
apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.108.1
controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.108.1
gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.108.1
node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.108.1
operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.108.1
resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.108.1
scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.108.1

Update gardenlet to 1.108.1

[gardener/gardener]

🐛 Bug Fixes

[OPERATOR] The seed.gardener.cloud/eu-access=true label (in CloudProfiles and Seeds) or seed selector (in Shoots) is no longer removed when the eu-access-only restriction is removed from the .spec.accessRestrictions[] field. Similarly, the support.gardener.cloud/eu-access-for-cluster-{addons,nodes} annotations in Shoots are no longer removed when they are removed from the .spec.accessRestrictions[].options field. by @rfranzke [#10885]

Helm Charts

controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.108.1
gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.108.1
operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.108.1
resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.108.1

Docker Images

admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.108.1
apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.108.1
controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.108.1
gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.108.1
node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.108.1
operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.108.1
resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.108.1
scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.108.1

Update shoot-oidc-service to 0.29.0

[gardener/oidc-webhook-authenticator]

🏃 Others

[OPERATOR] OWA is now built using go version 1.23.3. by @dimityrmirchev [gardener/oidc-webhook-authenticator#167]
[DEVELOPER] gosec is made available for SAST(static application security testing), it can be run with make sast or make sast-report. by @vpnachev [gardener/oidc-webhook-authenticator#165]

[gardener/gardener-extension-shoot-oidc-service]

⚠️ Breaking Changes

[OPERATOR] The type of the imageVectorOverwrite helm chart value is changed from string to object. by @dimityrmirchev [#251]

🏃 Others

[OPERATOR] The following dependencies have been updated:
- github.com/gardener/gardener v1.105.0 -> v1.106.0
- k8s.io/api v0.29.8 -> v0.31.1
- k8s.io/apimachinery v0.29.9 -> v0.31.1
- k8s.io/client-go v0.29.9 -> v0.31.1
- k8s.io/code-generator v0.29.9 -> v0.31.1
- k8s.io/component-base v0.29.9 -> v0.31.1
- sigs.k8s.io/controller-runtime v0.17.6 -> v0.19.0 by @vpnachev [#248]
[DEVELOPER] gosec is made available for SAST(static application security testing), it can be run with make sast or make sast-report, but is also incorporated in the verify and verify-extended makefile targets. by @vpnachev [#248]

📖 Documentation

[USER] Documentation now clarifies when Structured Authentication should be preferred over the Gardener OIDC extension. by @dimityrmirchev [#259]

Helm Charts

shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-oidc-service:v0.29.0

Docker Images

gardener-extension-shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-oidc-service:v0.29.0

Update os-gardenlinux to 0.25.0

[gardener/gardener-extension-os-gardenlinux]

⚠️ Breaking Changes

[OPERATOR] This extension is no longer able to run with Gardener versions lower than v1.90 when the UseGardenerNodeAgent feature gate is disabled. by @rfranzke [#161]

✨ New Features

[OPERATOR] Helm charts of extension and admission controller are published as OCI artifacts now. by @oliver-goetz [#188]

🏃 Others

[DEVELOPER] Static Application Security Testing (sast) with gosec got enabled on this repository. by @MrBatschner [#212]
[DEVELOPER] The vendor directory was removed in favor of the go mod cache. by @timuthy [#170]
[OPERATOR] The cgroup drivers for containerd and kubelet are no longer configured through scripts that are run through ExecStartPre but instead through a mutating webhook that modifies the cgroup driver in the OSC. The cgroup driver always gets set to systemd. by @MrBatschner [#169]

Helm Charts

os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-gardenlinux:v0.25.0

Docker Images

gardener-extension-os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.25.0

Update os-ubuntu to 1.27.0

no release notes available

Helm Charts

os-ubuntu: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-ubuntu:v1.27.0

Docker Images

gardener-extension-os-ubuntu: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-ubuntu:v1.27.0

Update runtime-gvisor to 0.16.0

[gardener/gardener-extension-runtime-gvisor]

🏃 Others

[OPERATOR] Introduce providerConfig.configFlags with net-raw as first supported flag to start gVisor with NET_RAW capability. by @Roncossek [#154]
[OPERATOR] Gardener libraries were updated to 1.103. by @MrBatschner [#150]
[DEVELOPER] Static Application Security Testing (sast) with gosec got enabled on this repository. by @MrBatschner [#155]

Helm Charts

runtime-gvisor: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/runtime-gvisor:v0.16.0

Docker Images

gardener-extension-runtime-gvisor-installation: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor-installation:v0.16.0
gardener-extension-runtime-gvisor: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor:v0.16.0

Update shoot-flux to 0.12.0

What's Changed

Do nothing when cluster is hibernated by @maboehm in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/122
🤖 Update module github.com/onsi/ginkgo/v2 to v2.22.0 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/120
🤖 Update module github.com/onsi/gomega to v1.36.0 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/121
🤖 Update k8s.io/utils digest to 6fe5fd8 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/111
🤖 Update dependency go to v1.23.3 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/118
🤖 Update module golang.org/x/tools to v0.27.0 by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/116
🤖 Update fluxcd (minor) by @renovate in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/107

Full Changelog: https://github.com/stackitcloud/gardener-extension-shoot-flux/compare/v0.11.0...v0.12.0

Update networking-calico to 1.44.0

[gardener/gardener-extension-networking-calico]

🏃 Others

[OPERATOR] gosec was introduced for Static Application Security Testing (SAST). by @ScheererJ [#503]
[OPERATOR] Correct iptable backend and iptable rule are set for IPv6 shoot clusters when running with node-local-dns. by @DockToFuture [#506]
[OPERATOR] Generate dual-stack configuration. by @axel7born [#512]

Helm Charts

admission-calico-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.44.0
admission-calico-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.44.0
networking-calico: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.44.0

Docker Images

gardener-extension-admission-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.44.0
gardener-extension-networking-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.44.0

Update gardener-metrics-exporter to 0.31.0

[gardener/gardener-metrics-exporter]

🏃 Others

[USER] Remove duplicated metrics from README by @Sinscerly [#110]
[OPERATOR] Add cost_object_type label to garden_shoot_info metric by @chrkl [#112]
[OPERATOR] Add is_hibernated to the garden_shoot_info metric by @Sinscerly [#107]
[OPERATOR] Add technical_id to garden_shoot_.+ metrics by @robinschneider [#111]

Update gardener-metrics-exporter to 0.31.0

[gardener/gardener-metrics-exporter]

🏃 Others

[USER] Remove duplicated metrics from README by @Sinscerly [#110]
[OPERATOR] Add cost_object_type label to garden_shoot_info metric by @chrkl [#112]
[OPERATOR] Add is_hibernated to the garden_shoot_info metric by @Sinscerly [#107]
[OPERATOR] Add technical_id to garden_shoot_.+ metrics by @robinschneider [#111]

Update gardener-controlplane to 1.109.0

[gardener/gardener]

⚠️ Breaking Changes

[OPERATOR] The HVPA autoscaling option (which is unconditionally disabled since v1.105.0) is removed from the etcd component. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10800]
[OPERATOR] The Baseline and HVPA autoscaling modes (which are unconditionally disabled since v1.105.0) are removed for {gardener,kube}-apiserver. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10796]
[OPERATOR] The deprecated and unconditionally disabled HVPA and HVPAForShootedSeed feature gates are removed. The GA-ed and unconditionally enabled VPAForETCD and VPAAndHPAForAPIServer features gates are removed. If you have references to the feature gates, clean them up before upgrading to this version of Gardener. by @ialidzhikov [#10853]
[DEVELOPER] Rename the controlplane exposure webhook (ExposureWebhookName) to seed provider webhook (SeedProviderWebhookName). by @LucaBernstein [#10788]

📰 Noteworthy

[OPERATOR] The gardener-scheduler was improved to consider reconciliation backoffs. In the past, unassigned shoots were affected by frequent scheduler reconciliations and status updates which potentially strained the scheduler and etcd. by @timuthy [#10821]
[DEVELOPER] extension library: Provider extensions should rename control plane exposure webhook related packages to seed provider to reflect the naming change on their side (for example rename pkg/webhook/controlplaneexposure to pkg/webhook/seedprovider). by @LucaBernstein [#10788]

✨ New Features

[OPERATOR] NodeAgentAuthorizer feature gate was introduced. It allows a webhook based authorization of gardener-node-agents with reduced permissions.
❗ This feature gate requires changes in machine-controller-manager-provider-*. Please check that you run a supported version before activating it. ❗ by @oliver-goetz [#10781]
[USER] Allow dual-stack shoots creation. by @axel7born [#10803]
[USER] shoot spec.kubernetes.clusterAutoscaler: Add support for startupTaints and statusTaints by @dhague [#10858]

🐛 Bug Fixes

[USER] Fixed a bug where SSH key rotations for Shoots did not properly update the authorized keys on the worker nodes (hence, the new key was unusable until a node restart or rollout). by @tobschli [#10671]
[USER] On Shoot deletion, Gardener now properly skips certain validation checks that are only relevant for creations or updates of Shoot resources. by @rfranzke [#10902]
[OPERATOR] Fixed an error in BackupBucket reconciliation by replacing StrategicMergePatch with MergePatch to properly handle runtime.RawExtension fields. by @seshachalam-yv [#10904]

🏃 Others

[OPERATOR] update alpine to get latest security fixes by @DockToFuture [#10922]
[OPERATOR] Add support for node-local-dns in dual-stack cluster. by @axel7born [#10891]
[OPERATOR] Add dual stack support for VPN. by @DockToFuture [#10767]
[OPERATOR] Fix kubelet CSRs to allow IPv6 addresses to be used by @kron4eg [#10876]
[OPERATOR] Add dashboard for VPA admission-controller by @voelzmo [#10741]
[OPERATOR] The HVPA component is removed. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @ialidzhikov [#10851]
[OPERATOR] Added validation for issuerURL in the OIDC configuration to reject URLs containing fragments. by @acumino [#10888]
[OPERATOR] The gardener/dependency-watchdog image has been updated to v1.3.0. Release Notes by @rishabh-11 [#10930]
[OPERATOR] Adapt configure-admission.sh for new extension releases with changed value names for Helm charts. by @MartinWeindel [#10877]
[DEPENDENCY] The registry.k8s.io/cpa/cluster-proportional-autoscaler image has been updated to v1.9.0. by @gardener-ci-robot [#10898]
[DEPENDENCY] The gardener/autoscaler image has been updated to v1.30.1. Release Notes by @gardener-ci-robot [#10914]
[DEPENDENCY] The gardener/vpn2 image has been updated to 0.30.0. Release Notes by @gardener-ci-robot [#10872]
[DEPENDENCY] The registry.k8s.io/coredns/coredns image has been updated to v1.11.4. by @gardener-ci-robot [#10856]
[DEPENDENCY] The gardener/gardener-discovery-server image has been updated to v0.3.0. Release Notes by @gardener-ci-robot [#10849]
[DEPENDENCY] The gardener/etcd-druid image has been updated to v0.25.0. Release Notes by @gardener-ci-robot [#10932]
[DEPENDENCY] The gardener/machine-controller-manager image has been updated to v0.55.0. Release Notes by @rishabh-11 [#10908]

Helm Charts

controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.109.0
gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.109.0
operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.109.0
resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.109.0

Docker Images

admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.109.0
apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.109.0
controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.109.0
gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.109.0
node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.109.0
operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.109.0
resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.109.0
scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.109.0

Update gardener-controlplane to 1.109.0

[gardener/gardener]

⚠️ Breaking Changes

[OPERATOR] The HVPA autoscaling option (which is unconditionally disabled since v1.105.0) is removed from the etcd component. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10800]
[OPERATOR] The Baseline and HVPA autoscaling modes (which are unconditionally disabled since v1.105.0) are removed for {gardener,kube}-apiserver. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10796]
[OPERATOR] The deprecated and unconditionally disabled HVPA and HVPAForShootedSeed feature gates are removed. The GA-ed and unconditionally enabled VPAForETCD and VPAAndHPAForAPIServer features gates are removed. If you have references to the feature gates, clean them up before upgrading to this version of Gardener. by @ialidzhikov [#10853]
[DEVELOPER] Rename the controlplane exposure webhook (ExposureWebhookName) to seed provider webhook (SeedProviderWebhookName). by @LucaBernstein [#10788]

📰 Noteworthy

[OPERATOR] The gardener-scheduler was improved to consider reconciliation backoffs. In the past, unassigned shoots were affected by frequent scheduler reconciliations and status updates which potentially strained the scheduler and etcd. by @timuthy [#10821]
[DEVELOPER] extension library: Provider extensions should rename control plane exposure webhook related packages to seed provider to reflect the naming change on their side (for example rename pkg/webhook/controlplaneexposure to pkg/webhook/seedprovider). by @LucaBernstein [#10788]

✨ New Features

[OPERATOR] NodeAgentAuthorizer feature gate was introduced. It allows a webhook based authorization of gardener-node-agents with reduced permissions.
❗ This feature gate requires changes in machine-controller-manager-provider-*. Please check that you run a supported version before activating it. ❗ by @oliver-goetz [#10781]
[USER] Allow dual-stack shoots creation. by @axel7born [#10803]
[USER] shoot spec.kubernetes.clusterAutoscaler: Add support for startupTaints and statusTaints by @dhague [#10858]

🐛 Bug Fixes

[USER] Fixed a bug where SSH key rotations for Shoots did not properly update the authorized keys on the worker nodes (hence, the new key was unusable until a node restart or rollout). by @tobschli [#10671]
[USER] On Shoot deletion, Gardener now properly skips certain validation checks that are only relevant for creations or updates of Shoot resources. by @rfranzke [#10902]
[OPERATOR] Fixed an error in BackupBucket reconciliation by replacing StrategicMergePatch with MergePatch to properly handle runtime.RawExtension fields. by @seshachalam-yv [#10904]

🏃 Others

[OPERATOR] update alpine to get latest security fixes by @DockToFuture [#10922]
[OPERATOR] Add support for node-local-dns in dual-stack cluster. by @axel7born [#10891]
[OPERATOR] Add dual stack support for VPN. by @DockToFuture [#10767]
[OPERATOR] Fix kubelet CSRs to allow IPv6 addresses to be used by @kron4eg [#10876]
[OPERATOR] Add dashboard for VPA admission-controller by @voelzmo [#10741]
[OPERATOR] The HVPA component is removed. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @ialidzhikov [#10851]
[OPERATOR] Added validation for issuerURL in the OIDC configuration to reject URLs containing fragments. by @acumino [#10888]
[OPERATOR] The gardener/dependency-watchdog image has been updated to v1.3.0. Release Notes by @rishabh-11 [#10930]
[OPERATOR] Adapt configure-admission.sh for new extension releases with changed value names for Helm charts. by @MartinWeindel [#10877]
[DEPENDENCY] The registry.k8s.io/cpa/cluster-proportional-autoscaler image has been updated to v1.9.0. by @gardener-ci-robot [#10898]
[DEPENDENCY] The gardener/autoscaler image has been updated to v1.30.1. Release Notes by @gardener-ci-robot [#10914]
[DEPENDENCY] The gardener/vpn2 image has been updated to 0.30.0. Release Notes by @gardener-ci-robot [#10872]
[DEPENDENCY] The registry.k8s.io/coredns/coredns image has been updated to v1.11.4. by @gardener-ci-robot [#10856]
[DEPENDENCY] The gardener/gardener-discovery-server image has been updated to v0.3.0. Release Notes by @gardener-ci-robot [#10849]
[DEPENDENCY] The gardener/etcd-druid image has been updated to v0.25.0. Release Notes by @gardener-ci-robot [#10932]
[DEPENDENCY] The gardener/machine-controller-manager image has been updated to v0.55.0. Release Notes by @rishabh-11 [#10908]

Helm Charts

controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.109.0
gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.109.0
operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.109.0
resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.109.0

Docker Images

admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.109.0
apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.109.0
controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.109.0
gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.109.0
node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.109.0
operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.109.0
resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.109.0
scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.109.0

Update gardenlet to 1.109.0

[gardener/gardener]

⚠️ Breaking Changes

[OPERATOR] The HVPA autoscaling option (which is unconditionally disabled since v1.105.0) is removed from the etcd component. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10800]
[OPERATOR] The Baseline and HVPA autoscaling modes (which are unconditionally disabled since v1.105.0) are removed for {gardener,kube}-apiserver. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @plkokanov [#10796]
[OPERATOR] The deprecated and unconditionally disabled HVPA and HVPAForShootedSeed feature gates are removed. The GA-ed and unconditionally enabled VPAForETCD and VPAAndHPAForAPIServer features gates are removed. If you have references to the feature gates, clean them up before upgrading to this version of Gardener. by @ialidzhikov [#10853]
[DEVELOPER] Rename the controlplane exposure webhook (ExposureWebhookName) to seed provider webhook (SeedProviderWebhookName). by @LucaBernstein [#10788]

📰 Noteworthy

[OPERATOR] The gardener-scheduler was improved to consider reconciliation backoffs. In the past, unassigned shoots were affected by frequent scheduler reconciliations and status updates which potentially strained the scheduler and etcd. by @timuthy [#10821]
[DEVELOPER] extension library: Provider extensions should rename control plane exposure webhook related packages to seed provider to reflect the naming change on their side (for example rename pkg/webhook/controlplaneexposure to pkg/webhook/seedprovider). by @LucaBernstein [#10788]

✨ New Features

[OPERATOR] NodeAgentAuthorizer feature gate was introduced. It allows a webhook based authorization of gardener-node-agents with reduced permissions.
❗ This feature gate requires changes in machine-controller-manager-provider-*. Please check that you run a supported version before activating it. ❗ by @oliver-goetz [#10781]
[USER] Allow dual-stack shoots creation. by @axel7born [#10803]
[USER] shoot spec.kubernetes.clusterAutoscaler: Add support for startupTaints and statusTaints by @dhague [#10858]

🐛 Bug Fixes

[USER] Fixed a bug where SSH key rotations for Shoots did not properly update the authorized keys on the worker nodes (hence, the new key was unusable until a node restart or rollout). by @tobschli [#10671]
[USER] On Shoot deletion, Gardener now properly skips certain validation checks that are only relevant for creations or updates of Shoot resources. by @rfranzke [#10902]
[OPERATOR] Fixed an error in BackupBucket reconciliation by replacing StrategicMergePatch with MergePatch to properly handle runtime.RawExtension fields. by @seshachalam-yv [#10904]

🏃 Others

[OPERATOR] update alpine to get latest security fixes by @DockToFuture [#10922]
[OPERATOR] Add support for node-local-dns in dual-stack cluster. by @axel7born [#10891]
[OPERATOR] Add dual stack support for VPN. by @DockToFuture [#10767]
[OPERATOR] Fix kubelet CSRs to allow IPv6 addresses to be used by @kron4eg [#10876]
[OPERATOR] Add dashboard for VPA admission-controller by @voelzmo [#10741]
[OPERATOR] The HVPA component is removed. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @ialidzhikov [#10851]
[OPERATOR] Added validation for issuerURL in the OIDC configuration to reject URLs containing fragments. by @acumino [#10888]
[OPERATOR] The gardener/dependency-watchdog image has been updated to v1.3.0. Release Notes by @rishabh-11 [#10930]
[OPERATOR] Adapt configure-admission.sh for new extension releases with changed value names for Helm charts. by @MartinWeindel [#10877]
[DEPENDENCY] The registry.k8s.io/cpa/cluster-proportional-autoscaler image has been updated to v1.9.0. by @gardener-ci-robot [#10898]
[DEPENDENCY] The gardener/autoscaler image has been updated to v1.30.1. Release Notes by @gardener-ci-robot [#10914]
[DEPENDENCY] The gardener/vpn2 image has been updated to 0.30.0. Release Notes by @gardener-ci-robot [#10872]
[DEPENDENCY] The registry.k8s.io/coredns/coredns image has been updated to v1.11.4. by @gardener-ci-robot [#10856]
[DEPENDENCY] The gardener/gardener-discovery-server image has been updated to v0.3.0. Release Notes by @gardener-ci-robot [#10849]
[DEPENDENCY] The gardener/etcd-druid image has been updated to v0.25.0. Release Notes by @gardener-ci-robot [#10932]
[DEPENDENCY] The gardener/machine-controller-manager image has been updated to v0.55.0. Release Notes by @rishabh-11 [#10908]

Helm Charts

controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.109.0
gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.109.0
operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.109.0
resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.109.0

Docker Images

admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.109.0
apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.109.0
controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.109.0
gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.109.0
node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.109.0
operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.109.0
resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.109.0
scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.109.0

Update gardener-metrics-exporter to 0.32.0

no release notes available

Update gardener-metrics-exporter to 0.32.0

no release notes available

Update provider-aws to 1.59.0

[gardener/gardener-extension-provider-aws]

⚠️ Breaking Changes

[OPERATOR] The Helm charts for the application and runtime parts of the gardener-extension-admission-aws admission controller have been separated into standalone charts. These charts now assume a Garden setup with a virtual garden. Both charts must be deployed individually: the runtime chart on the Garden runtime cluster, and the application chart on the virtual garden. Additionally, the intermediate global level in the Helm values has been removed, so you may need to adjust your provided values accordingly. by @MartinWeindel [#1100]

📰 Noteworthy

[DEVELOPER] Updated AWS SDK from v1 to v2 by @AndreasBurger [#1060]

✨ New Features

[OPERATOR] Adjustments for additional deployment of extension and admission controller on Garden runtime cluster by gardener-operator. by @MartinWeindel [#1100]
[OPERATOR] Support specification of extended resources in provider config node template without re-specifying core resources. by @elankath [#1010]

🏃 Others

[OPERATOR] Fixed terraform deploy and integration tests for IPv6. by @axel7born [#1112]
[OPERATOR] update images of pause and alpine container by @hebelsan [#1101]
[OPERATOR] Add IPv4 ranges from Spec.Networking to Status.Networking. by @axel7born [#1094]
[OPERATOR] Filter pod ranges for IPv4 CIDRs to configure Custom-Route-Controller. by @axel7born [#1138]
[OPERATOR] Create bastion vm from the info provided in the cloud profile bastion section by @hebelsan [#1040]
[OPERATOR] Added validation to allow only IPv6-only shoot clusters, but not dual-stack as it is not supported, yet. by @ScheererJ [#1095]
[OPERATOR] Fixed an issue preventing the deployment of internal load balancers in IPv6-only shoots. by @axel7born [#1108]
[OPERATOR] Add NamespacedCloudProfile admission mutation and validation to support custom machine images and types. by @LucaBernstein [#1136]
[OPERATOR] Remove the duplicate provider type check from the admission webhooks. by @LucaBernstein [#1117]
[OPERATOR] Fix an issue where the "0.0.0.0/0" route creation would fail if the nat-gateway was previously deleted. by @kon-angelo [#1111]
[OPERATOR] Update gardener to v1.106.1 by @hebelsan [#1110]
[OPERATOR] Dual-stack networking, i.e. networks with IPv4 and IPv6, are allowed now. by @ScheererJ [#1139]
[OPERATOR] AWS load balancers controller is always enabled for IPv6-only and dual-stack shoot clusters. by @ScheererJ [#1099]
[OPERATOR] Harmonize logging output from controller-runtime logger and kubernetes logger. by @DockToFuture [#1105]
[OPERATOR] gosec was introduced for Static Application Security Testing (SAST). by @DockToFuture [#1105]
[DEPENDENCY] Update go to version 1.23.3 by @hebelsan [#1121]
[DEVELOPER] Add gosec as sast makefile target by @hebelsan [#1123]

📖 Documentation

[USER] Add overview documentation for IPv6 by @ScheererJ [#1143]

[gardener/aws-custom-route-controller]

✨ New Features

[USER] gosec was introduced for Static Application Security Testing (SAST). by @ScheererJ [gardener/aws-custom-route-controller#34]
[USER] Update sdk version to v2 by @kon-angelo [gardener/aws-custom-route-controller#48]
[USER] The aws-custom-route-controller only adds node routes for IPv4 pod CIDR ranges and does not interfere with IPv6 routes. by @DockToFuture [gardener/aws-custom-route-controller#43]

🏃 Others

[OPERATOR] Bumps golang from 1.23.2 to 1.23.3. by @dependabot[bot] [gardener/aws-custom-route-controller#44]
[OPERATOR] Bumps golang from 1.23.1 to 1.23.2. by @dependabot[bot] [gardener/aws-custom-route-controller#33]

Update gardener-metrics-exporter to 0.33.0

no release notes available

Docker Images

metrics-exporter: europe-docker.pkg.dev/gardener-project/releases/gardener/metrics-exporter:0.33.0

Update gardener-metrics-exporter to 0.33.0

no release notes available

Docker Images

metrics-exporter: europe-docker.pkg.dev/gardener-project/releases/gardener/metrics-exporter:0.33.0

Update cert-management to 0.17.0

[gardener/cert-management]

✨ New Features

[USER] Introduce the new Issuer type SelfSigned for creating self-signed certificates. by @RaphaelVogel [#228]
[USER] The certificate resource can now define a duration (the lifetime of the certificate). The issuer (especially Let's Encrypt) may ignore this field. by @marc1404 [#354]

🐛 Bug Fixes

[OPERATOR] Cleanup status for orphan pending certificate resources by @MartinWeindel [#367]

🏃 Others

[DEVELOPER] Use Pebble as an ACME server in the integration tests. by @marc1404 [#339]

Helm Charts

cert-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/cert-controller-manager:v0.17.0

Docker Images

cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.17.0

Update os-gardenlinux to 0.26.0

[gardener/gardener-extension-os-gardenlinux]

🏃 Others

[OPERATOR] Adds an override.conf containerd dropin file to set LimitMEMLOCK and LimitNOFILE by @Roncossek [#214]

Helm Charts

os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-gardenlinux:v0.26.0

Docker Images

gardener-extension-os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.26.0

Update networking-cilium to 1.38.0

[gardener/gardener-extension-networking-cilium]

🏃 Others

[OPERATOR] IPv6 support is added to cilium extension for gardener shoot clusters. by @DockToFuture [#421]
[OPERATOR] gosec was introduced for Static Application Security Testing (SAST). by @ScheererJ [#420]

Helm Charts

admission-cilium-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.38.0
admission-cilium-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.38.0
networking-cilium: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.38.0

Docker Images

gardener-extension-admission-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.38.0
gardener-extension-networking-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.38.0

Update cert-management to 0.17.1

[gardener/cert-management]

🐛 Bug Fixes

[OPERATOR] Fix panic if target issuer referenced but not allowed by @MartinWeindel [#371]

Helm Charts

cert-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/cert-controller-manager:v0.17.1

Docker Images

cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.17.1

Update shoot-cert-service to 1.47.0

[gardener/cert-management]

✨ New Features

[USER] Introduce the new Issuer type SelfSigned for creating self-signed certificates. by @RaphaelVogel [gardener/cert-management#228]
[USER] The certificate resource can now define a duration (the lifetime of the certificate). The issuer (especially Let's Encrypt) may ignore this field. by @marc1404 [gardener/cert-management#354]

🐛 Bug Fixes

[OPERATOR] Fix panic if target issuer referenced but not allowed by @MartinWeindel [gardener/cert-management#371]
[OPERATOR] Cleanup status for orphan pending certificate resources by @MartinWeindel [gardener/cert-management#367]

🏃 Others

[DEVELOPER] Use Pebble as an ACME server in the integration tests. by @marc1404 [gardener/cert-management#339]

[gardener/gardener-extension-shoot-cert-service]

🏃 Others

[OPERATOR] Bumps github.com/gardener/gardener from 1.108.0 to 1.109.0. by @dependabot[bot] [#320]
[OPERATOR] Vertical scaling on CPU dropped in VPA resource by @MartinWeindel [#318]

Helm Charts

shoot-cert-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-cert-service:v1.47.0

Docker Images

gardener-extension-shoot-cert-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.47.0

Update shoot-rsyslog-relp to 0.7.0

[gardener/gardener-extension-shoot-rsyslog-relp]

📰 Noteworthy

[DEVELOPER] gosec is made available for SAST(static application security testing), it can be run with make sast or make sast-report, but is also incorporated in the verify and verify-extended makefile targets. by @Kostov6 [#189]

🐛 Bug Fixes

[DEVELOPER] An issue causing make extension-up to fail to patch the ControllerDeployment is now mitigated. by @ialidzhikov [#194]
[DEVELOPER] An issue causing make extension-up to do NOT generate a new tag for local source code changes is now fixed. by @ialidzhikov [#194]

Helm Charts

shoot-rsyslog-relp-admission-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-application:v0.7.0
shoot-rsyslog-relp-admission-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-runtime:v0.7.0
shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp:v0.7.0

Docker Images

gardener-extension-shoot-rsyslog-relp-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.7.0
gardener-extension-shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.7.0

Update provider-openstack to 1.43.1

[gardener/gardener-extension-provider-openstack]

🏃 Others

[OPERATOR] Fix an issue where the CSI-Provisioner was missing 'patch' permissions on PVs by @AndreasBurger [#924]

Helm Charts

admission-openstack-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.43.1
admission-openstack-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.43.1
provider-openstack: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.43.1

Docker Images

gardener-extension-admission-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.43.1
gardener-extension-provider-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.43.1

Update provider-aws to 1.59.1

[gardener/gardener-extension-provider-aws]

🐛 Bug Fixes

[USER] Use ipv6 CIDR in ID string only for IPv6 only subnets. by @AndreasBurger [#1163]

Helm Charts

admission-aws-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-aws-application:v1.59.1
admission-aws-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-aws-runtime:v1.59.1
provider-aws: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-aws:v1.59.1

Docker Images

gardener-extension-admission-aws: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-aws:v1.59.1
gardener-extension-provider-aws: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-aws:v1.59.1

Update os-gardenlinux to 0.27.0

[gardener/gardener-extension-os-gardenlinux]

🏃 Others

[OPERATOR] Container images for the gardenlinux extension are now built with Docker buildx to enable cross-platform builds and default to the linux/amd64 architecture. by @MrBatschner [#217]
[OPERATOR] add delete to rbac for secret, secret/finalizer and mutatingwebhookcofigurations by @Roncossek [#219]

Helm Charts

os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-gardenlinux:v0.27.0

Docker Images

gardener-extension-os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.27.0

Update provider-azure to 1.49.1

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

[USER] Support legacy CCM service tag key in flow reconciliation by @hebelsan [#1037]

Helm Charts

admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.49.1
admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.49.1
provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.49.1

Docker Images

gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.49.1
gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.49.1

Update cloudprofiles to 0.7.21

Full Changelog: https://github.com/gardener-community/cloudprofiles/compare/0.7.20...0.7.21

Update gardener-controlplane to 1.110.0

[gardener/gardener]

⚠️ Breaking Changes

[DEVELOPER] The autoscaling.k8s.io/v1alpha1.Hvpa and autoscaling.k8s.io/v1alpha1.HvpaList resources were removed from the pkg/client/kubernetes.SeedScheme and pkg/operator/client.RuntimeScheme by @plkokanov [#10921]
[DEVELOPER] Extension webhooks need to remove the provider type Predicates and add an ObjectSelector against the object's provider type label instead. by @LucaBernstein [#10896]

✨ New Features

[OPERATOR] Secrets for the TokenRequestor can be additionally annotated with serviceaccount.resources.gardener.cloud/inject-ca-bundle=true to get the current CA bundle injected as well by @maboehm [#10988]

🐛 Bug Fixes

[OPERATOR] seed-authorizer and structured authorization webhooks of shoot kube-apiservers no longer use the default TTL for AuthorizedTTL and UnauthorizedTTL. by @oliver-goetz [#10703]
[OPERATOR] An issue was fixed in gardener-operator that led to an inactive Gardenlet controller after a certain period. Thus, the operator needed a restart to react on Gardenlet resources. by @timuthy [#10663]
[OPERATOR] Fixes the bug where ManagedResource were still in progressing phase because of Completed pods by @ary1992 [#10961]

🏃 Others

[OPERATOR] Fixes the calculation of the maximum number of nodes for cluster autoscaling for dual-stack shoots. by @axel7born [#10994]
[OPERATOR] RBAC rules related to HVPA resources have been removed from gardenlet and gardener-operator - they are no longer necessary. by @plkokanov [#10921]
[OPERATOR] The resource-manager is no longer HVPA-aware. by @ialidzhikov [#10860]
[OPERATOR] [NewVPN] Enable IPv6 for non-HA if needed. by @MartinWeindel [#10997]
[OPERATOR] Custom CAs are updated on existing nodes too. by @oliver-goetz [#10923]
[OPERATOR] Set env variables for dual-stack in kube-apiserver. by @axel7born [#10970]
[DEPENDENCY] The gardener/machine-controller-manager image has been updated to v0.55.1. Release Notes by @gardener-ci-robot [#10956]
[DEPENDENCY] The quay.io/brancz/kube-rbac-proxy image has been updated to v0.18.2. by @gardener-ci-robot [#10953]
[DEPENDENCY] The credativ/vali image has been updated to v2.2.20. Release Notes by @gardener-ci-robot [#10993]
[DEPENDENCY] The credativ/plutono image has been updated to v7.5.35. Release Notes by @gardener-ci-robot [#10995]
[DEPENDENCY] The quay.io/kiwigrid/k8s-sidecar image has been updated to 1.28.1. by @gardener-ci-robot [#10981]
[DEPENDENCY] The gardener/apiserver-proxy image has been updated to v0.18.0. Release Notes by @gardener-ci-robot [#10933]
[DEPENDENCY] The registry.k8s.io/coredns/coredns image has been updated to v1.12.0. by @gardener-ci-robot [#10909]
[DEPENDENCY] The gardener/vpn2 image has been updated to 0.33.0. Release Notes by @gardener-ci-robot [#10996]
[DEPENDENCY] The envoyproxy/envoy image has been updated to v1.32.2. Release Notes by @gardener-ci-robot [#11000]
[DEPENDENCY] The gardener/gardener-metrics-exporter image has been updated to 0.31.0. Release Notes by @gardener-ci-robot [#10941]
[DEPENDENCY] The gardener/gardener-metrics-exporter image has been updated to 0.33.0. Release Notes by @gardener-ci-robot [#10952]
[DEPENDENCY] The gardener/ext-authz-server image has been updated to 0.11.0. Release Notes by @gardener-ci-robot [#10935]
[DEVELOPER] The HVPA CRD has been removed from the codebase and is no longer generated. by @plkokanov [#10921]

📖 Documentation

[OPERATOR] Improve shoot credential rotation documentation. by @marc1404 [#10998]

Helm Charts

controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.0
gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.0
operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.0
resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.0

Docker Images

admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.0
apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.0
controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.0
gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.0
node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.0
operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.0
resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.0
scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.0

Update gardener-controlplane to 1.110.0

[gardener/gardener]

⚠️ Breaking Changes

[DEVELOPER] The autoscaling.k8s.io/v1alpha1.Hvpa and autoscaling.k8s.io/v1alpha1.HvpaList resources were removed from the pkg/client/kubernetes.SeedScheme and pkg/operator/client.RuntimeScheme by @plkokanov [#10921]
[DEVELOPER] Extension webhooks need to remove the provider type Predicates and add an ObjectSelector against the object's provider type label instead. by @LucaBernstein [#10896]

✨ New Features

[OPERATOR] Secrets for the TokenRequestor can be additionally annotated with serviceaccount.resources.gardener.cloud/inject-ca-bundle=true to get the current CA bundle injected as well by @maboehm [#10988]

🐛 Bug Fixes

[OPERATOR] seed-authorizer and structured authorization webhooks of shoot kube-apiservers no longer use the default TTL for AuthorizedTTL and UnauthorizedTTL. by @oliver-goetz [#10703]
[OPERATOR] An issue was fixed in gardener-operator that led to an inactive Gardenlet controller after a certain period. Thus, the operator needed a restart to react on Gardenlet resources. by @timuthy [#10663]
[OPERATOR] Fixes the bug where ManagedResource were still in progressing phase because of Completed pods by @ary1992 [#10961]

🏃 Others

[OPERATOR] Fixes the calculation of the maximum number of nodes for cluster autoscaling for dual-stack shoots. by @axel7born [#10994]
[OPERATOR] RBAC rules related to HVPA resources have been removed from gardenlet and gardener-operator - they are no longer necessary. by @plkokanov [#10921]
[OPERATOR] The resource-manager is no longer HVPA-aware. by @ialidzhikov [#10860]
[OPERATOR] [NewVPN] Enable IPv6 for non-HA if needed. by @MartinWeindel [#10997]
[OPERATOR] Custom CAs are updated on existing nodes too. by @oliver-goetz [#10923]
[OPERATOR] Set env variables for dual-stack in kube-apiserver. by @axel7born [#10970]
[DEPENDENCY] The gardener/machine-controller-manager image has been updated to v0.55.1. Release Notes by @gardener-ci-robot [#10956]
[DEPENDENCY] The quay.io/brancz/kube-rbac-proxy image has been updated to v0.18.2. by @gardener-ci-robot [#10953]
[DEPENDENCY] The credativ/vali image has been updated to v2.2.20. Release Notes by @gardener-ci-robot [#10993]
[DEPENDENCY] The credativ/plutono image has been updated to v7.5.35. Release Notes by @gardener-ci-robot [#10995]
[DEPENDENCY] The quay.io/kiwigrid/k8s-sidecar image has been updated to 1.28.1. by @gardener-ci-robot [#10981]
[DEPENDENCY] The gardener/apiserver-proxy image has been updated to v0.18.0. Release Notes by @gardener-ci-robot [#10933]
[DEPENDENCY] The registry.k8s.io/coredns/coredns image has been updated to v1.12.0. by @gardener-ci-robot [#10909]
[DEPENDENCY] The gardener/vpn2 image has been updated to 0.33.0. Release Notes by @gardener-ci-robot [#10996]
[DEPENDENCY] The envoyproxy/envoy image has been updated to v1.32.2. Release Notes by @gardener-ci-robot [#11000]
[DEPENDENCY] The gardener/gardener-metrics-exporter image has been updated to 0.31.0. Release Notes by @gardener-ci-robot [#10941]
[DEPENDENCY] The gardener/gardener-metrics-exporter image has been updated to 0.33.0. Release Notes by @gardener-ci-robot [#10952]
[DEPENDENCY] The gardener/ext-authz-server image has been updated to 0.11.0. Release Notes by @gardener-ci-robot [#10935]
[DEVELOPER] The HVPA CRD has been removed from the codebase and is no longer generated. by @plkokanov [#10921]

📖 Documentation

[OPERATOR] Improve shoot credential rotation documentation. by @marc1404 [#10998]

Helm Charts

controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.0
gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.0
operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.0
resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.0

Docker Images

admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.0
apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.0
controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.0
gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.0
node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.0
operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.0
resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.0
scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.0

Update gardenlet to 1.110.0

[gardener/gardener]

⚠️ Breaking Changes

[DEVELOPER] The autoscaling.k8s.io/v1alpha1.Hvpa and autoscaling.k8s.io/v1alpha1.HvpaList resources were removed from the pkg/client/kubernetes.SeedScheme and pkg/operator/client.RuntimeScheme by @plkokanov [#10921]
[DEVELOPER] Extension webhooks need to remove the provider type Predicates and add an ObjectSelector against the object's provider type label instead. by @LucaBernstein [#10896]

✨ New Features

[OPERATOR] Secrets for the TokenRequestor can be additionally annotated with serviceaccount.resources.gardener.cloud/inject-ca-bundle=true to get the current CA bundle injected as well by @maboehm [#10988]

🐛 Bug Fixes

[OPERATOR] seed-authorizer and structured authorization webhooks of shoot kube-apiservers no longer use the default TTL for AuthorizedTTL and UnauthorizedTTL. by @oliver-goetz [#10703]
[OPERATOR] An issue was fixed in gardener-operator that led to an inactive Gardenlet controller after a certain period. Thus, the operator needed a restart to react on Gardenlet resources. by @timuthy [#10663]
[OPERATOR] Fixes the bug where ManagedResource were still in progressing phase because of Completed pods by @ary1992 [#10961]

🏃 Others

[OPERATOR] Fixes the calculation of the maximum number of nodes for cluster autoscaling for dual-stack shoots. by @axel7born [#10994]
[OPERATOR] RBAC rules related to HVPA resources have been removed from gardenlet and gardener-operator - they are no longer necessary. by @plkokanov [#10921]
[OPERATOR] The resource-manager is no longer HVPA-aware. by @ialidzhikov [#10860]
[OPERATOR] [NewVPN] Enable IPv6 for non-HA if needed. by @MartinWeindel [#10997]
[OPERATOR] Custom CAs are updated on existing nodes too. by @oliver-goetz [#10923]
[OPERATOR] Set env variables for dual-stack in kube-apiserver. by @axel7born [#10970]
[DEPENDENCY] The gardener/machine-controller-manager image has been updated to v0.55.1. Release Notes by @gardener-ci-robot [#10956]
[DEPENDENCY] The quay.io/brancz/kube-rbac-proxy image has been updated to v0.18.2. by @gardener-ci-robot [#10953]
[DEPENDENCY] The credativ/vali image has been updated to v2.2.20. Release Notes by @gardener-ci-robot [#10993]
[DEPENDENCY] The credativ/plutono image has been updated to v7.5.35. Release Notes by @gardener-ci-robot [#10995]
[DEPENDENCY] The quay.io/kiwigrid/k8s-sidecar image has been updated to 1.28.1. by @gardener-ci-robot [#10981]
[DEPENDENCY] The gardener/apiserver-proxy image has been updated to v0.18.0. Release Notes by @gardener-ci-robot [#10933]
[DEPENDENCY] The registry.k8s.io/coredns/coredns image has been updated to v1.12.0. by @gardener-ci-robot [#10909]
[DEPENDENCY] The gardener/vpn2 image has been updated to 0.33.0. Release Notes by @gardener-ci-robot [#10996]
[DEPENDENCY] The envoyproxy/envoy image has been updated to v1.32.2. Release Notes by @gardener-ci-robot [#11000]
[DEPENDENCY] The gardener/gardener-metrics-exporter image has been updated to 0.31.0. Release Notes by @gardener-ci-robot [#10941]
[DEPENDENCY] The gardener/gardener-metrics-exporter image has been updated to 0.33.0. Release Notes by @gardener-ci-robot [#10952]
[DEPENDENCY] The gardener/ext-authz-server image has been updated to 0.11.0. Release Notes by @gardener-ci-robot [#10935]
[DEVELOPER] The HVPA CRD has been removed from the codebase and is no longer generated. by @plkokanov [#10921]

📖 Documentation

[OPERATOR] Improve shoot credential rotation documentation. by @marc1404 [#10998]

Helm Charts

controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.110.0
gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.110.0
operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.110.0
resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.110.0

Docker Images

admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.110.0
apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.110.0
controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.110.0
gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.110.0
node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.110.0
operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.110.0
resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.110.0
scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.110.0

Update provider-openstack to 1.44.0

[gardener/gardener-extension-provider-openstack]

⚠️ Breaking Changes

[OPERATOR] The Helm charts for the application and runtime parts of the gardener-extension-admission-openstack admission controller have been separated into standalone charts. These charts now assume a Garden setup with a virtual garden. Both charts must be deployed individually: the runtime chart on the Garden runtime cluster, and the application chart on the virtual garden. Additionally, the intermediate global level in the Helm values has been removed, so you may need to adjust your provided values accordingly. by @MartinWeindel [#901]

✨ New Features

[OPERATOR] Adjustments for additional deployment of extension and admission controller on Garden runtime cluster by gardener-operator. by @MartinWeindel [#901]

🐛 Bug Fixes

[OPERATOR] management of the router interface missed some of openstack's owner labels assigned to the routers network interface causing the infrastructure conciliation to fail due to dublicated router network interfaces by @crigertg [#917]

🏃 Others

[OPERATOR] Update Cinder CSI v1.30.1 -> v1.31.2 for shoots on v1.31.x by @kon-angelo [#915]
[OPERATOR] Add NamespacedCloudProfile admission mutation and validation to support custom machine images and types. by @LucaBernstein [#911]
[OPERATOR] Update Cinder CSI v1.30.1 -> v1.30.2 for shoots on v1.30.x by @kon-angelo [#915]
[USER] Shoots with NodeLocalDNS enabled will use UDP instead of TCP for upstream DNS queries by default to avoid performance issues on OpenStack. by @domdom82 [#925]

Helm Charts

admission-openstack-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.44.0
admission-openstack-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.44.0
provider-openstack: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.44.0

Docker Images

gardener-extension-admission-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.44.0
gardener-extension-provider-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.44.0

Update provider-gcp to 1.41.0

[gardener/gardener-extension-provider-gcp]

⚠️ Breaking Changes

[OPERATOR] gardener-extension-admission-gcp Helm chart has been removed. The admission can be deployed by applying admission-gcp-application and admission-gcp-runtime charts separately. With this change the global structure in Helm values of these charts has been removed. Still supported settings have been moved to other sections. by @oliver-goetz [#905]

✨ New Features

[OPERATOR] The extension can now be deployed via extensions.operator.gardener.cloud CRD. by @oliver-goetz [#905]

🏃 Others

[DEPENDENCY] Update go to version 1.23.3 by @hebelsan [#890]
[DEPENDENCY] Update csi-driver from v.15.0 to v.15.1 by @hebelsan [#907]
[OPERATOR] Add NamespacedCloudProfile admission mutation and validation to support custom machine images and types. by @LucaBernstein [#918]
[OPERATOR] Remove the duplicate provider type check from the admission webhooks. by @LucaBernstein [#885]
[OPERATOR] Create bastion vm from the info provided in the cloud profile bastion section by @hebelsan [#826]
[DEVELOPER] Add gosec as sast makefile target by @hebelsan [#892]

Helm Charts

admission-gcp-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-application:v1.41.0
admission-gcp-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-runtime:v1.41.0
provider-gcp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-gcp:v1.41.0

Docker Images

gardener-extension-admission-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-gcp:v1.41.0
gardener-extension-provider-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-gcp:v1.41.0

Update provider-alicloud to 1.56.0

[gardener/gardener-extension-provider-alicloud]

🏃 Others

[OPERATOR] Alicloud Cloud Controller Manager is updated to v2.10.0 by @kevin-lacoo [#745]
[OPERATOR] The CIDR blocks used for shoot egress will now be provided via the status of the shoot's infrastructure-resource by @kevin-lacoo [#740]

Helm Charts

admission-alicloud-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-application:v1.56.0
admission-alicloud-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-runtime:v1.56.0
provider-alicloud: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-alicloud:v1.56.0

Docker Images

gardener-extension-admission-alicloud: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-alicloud:v1.56.0
gardener-extension-provider-alicloud: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-alicloud:v1.56.0

Update gardener-webterminal to 0.33.0

[gardener/terminal-controller-manager]

🏃 Others

[OPERATOR] The component name is changed from terminal to terminal-controller-manager. by @ialidzhikov [#294]
[OPERATOR] Helm Chart: The terminal-controller-manager-config volumeMount is set to readOnly on the deployment by @petersutter [#289]

Docker Images

terminal-controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/terminal-controller-manager:v0.33.0

Update gardener-webterminal to 0.33.0

[gardener/terminal-controller-manager]

🏃 Others

[OPERATOR] The component name is changed from terminal to terminal-controller-manager. by @ialidzhikov [#294]
[OPERATOR] Helm Chart: The terminal-controller-manager-config volumeMount is set to readOnly on the deployment by @petersutter [#289]

Docker Images

terminal-controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/terminal-controller-manager:v0.33.0

Yake release notes and upgrade guide​

Related upstream release notes / changelogs​

[gardener/external-dns-management]

📰 Noteworthy​

🏃 Others​

Helm Charts​

Docker Images​

[gardener/gardener-extension-shoot-dns-service]

🏃 Others​

[gardener/external-dns-management]

📰 Noteworthy​

🏃 Others​

Helm Charts​

Docker Images​

What's Changed​

[gardener/gardener-extension-shoot-cert-service]

🏃 Others​

Helm Charts​

Docker Images​

General Changes​

[gardener/gardener-extension-provider-azure]

⚠️ Breaking Changes​

✨ New Features​

🏃 Others​

Helm Charts​

Docker Images​

[gardener/gardener-extension-provider-openstack]

⚠️ Breaking Changes​

📰 Noteworthy​

🏃 Others​

Helm Charts​

Docker Images​

[gardener/gardener-extension-os-ubuntu]

⚠️ Breaking Changes​

✨ New Features​

🏃 Others​

Helm Charts​

Docker Images​

[gardener/gardener]

🐛 Bug Fixes​

Helm Charts​

Docker Images​

[gardener/gardener]

🐛 Bug Fixes​

Helm Charts​

Docker Images​

[gardener/gardener]

🐛 Bug Fixes​

Helm Charts​

Docker Images​

[gardener/oidc-webhook-authenticator]

🏃 Others​

[gardener/gardener-extension-shoot-oidc-service]

⚠️ Breaking Changes​

🏃 Others​

📖 Documentation​

Helm Charts​

Docker Images​

[gardener/gardener-extension-os-gardenlinux]

⚠️ Breaking Changes​

✨ New Features​

🏃 Others​

Helm Charts​

Docker Images​

Helm Charts​

Docker Images​

[gardener/gardener-extension-runtime-gvisor]

🏃 Others​

Helm Charts​

Docker Images​

What's Changed​

[gardener/gardener-extension-networking-calico]

🏃 Others​

Helm Charts​

Docker Images​

[gardener/gardener-metrics-exporter]

🏃 Others​

[gardener/gardener-metrics-exporter]

🏃 Others​

[gardener/gardener]

Yake release notes and upgrade guide

Related upstream release notes / changelogs

📰 Noteworthy

🏃 Others

Helm Charts

Docker Images

🏃 Others

📰 Noteworthy

🏃 Others

Helm Charts

Docker Images

What's Changed

🏃 Others

Helm Charts

Docker Images

General Changes

⚠️ Breaking Changes

✨ New Features

🏃 Others

Helm Charts

Docker Images

⚠️ Breaking Changes

📰 Noteworthy

🏃 Others

Helm Charts

Docker Images

⚠️ Breaking Changes

✨ New Features

🏃 Others

Helm Charts

Docker Images

🐛 Bug Fixes

Helm Charts

Docker Images

🐛 Bug Fixes

Helm Charts

Docker Images

🐛 Bug Fixes

Helm Charts

Docker Images

🏃 Others

⚠️ Breaking Changes

🏃 Others

📖 Documentation

Helm Charts

Docker Images

⚠️ Breaking Changes

✨ New Features

🏃 Others

Helm Charts

Docker Images

Helm Charts

Docker Images

🏃 Others

Helm Charts

Docker Images

What's Changed

🏃 Others

Helm Charts

Docker Images

🏃 Others

🏃 Others

⚠️ Breaking Changes

📰 Noteworthy

✨ New Features

🐛 Bug Fixes

🏃 Others

Helm Charts

Docker Images

⚠️ Breaking Changes

📰 Noteworthy

✨ New Features

🐛 Bug Fixes

🏃 Others

Helm Charts

Docker Images

⚠️ Breaking Changes

📰 Noteworthy

✨ New Features

🐛 Bug Fixes