Skip to main content

Release Notes v1.122

Yake release notes and upgrade guide​

Related upstream release notes / changelogs​

Update os-coreos to 1.25.0

[gardener/gardener-extension-os-coreos]

πŸ“° Noteworthy​

  • [OPERATOR] It should be noted that this will NOT work for nodes already created with a default time sync service provided by this extension by @nschad [#190]

✨ New Features​

  • [OPERATOR] Added option to opt-out of the default ntp configuration provided by this extension. by @nschad [#190]
  • [OPERATOR] Allow on shoot by shoot basis to override global extension options by @nschad [#192]

πŸ› Bug Fixes​

  • [OPERATOR] Fixed an RBAC issue when deploying this extension through the Gardener operator. by @Wieneo [#196]
  • [OPERATOR] Restart ntpd if ntp.conf changes. by @dergeberl [#194]
  • [OPERATOR] The provision OSC script does not run anymore when the node is rebooting. by @oliver-goetz [#166]

πŸƒ Others​

  • [OPERATOR] The image repository in the Helm-Chart is updated to point to the current location in Google Artefact Repository (GAR). by @MrBatschner [#168]
  • [OPERATOR] extension-os-coreos no longer supports Shoots with Кubernetes version <= 1.26. by @RadaBDimitrova [#139]

Helm Charts​

  • os-coreos: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-coreos:v1.25.0

Container (OCI) Images​

  • gardener-extension-os-coreos: europe-docker.pkg.dev/gardener-project/releases/extensions/os-coreos:v1.25.0
Update provider-hcloud to 0.6.41

[gardener-extension-provider-hcloud] v0.6.41

Update cloudprofiles to 0.7.27
Update external-dns-management to 0.25.2

[gardener/external-dns-management]

πŸ› Bug Fixes​

  • [USER] Fix sporadic failing updates on switching entries between simple and weighted routing policy. by @MartinWeindel [#524]

Helm Charts​

  • dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.25.2

Container (OCI) Images​

  • dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.25.2
Update shoot-flux to 0.20.1
Update runtime-gvisor to 0.22.0

[gardener/gardener-extension-runtime-gvisor]

πŸƒ Others​

  • [OPERATOR] The gVisor binaries were updated to release 20250505.0. by @Roncossek [#223]

Helm Charts​

  • runtime-gvisor: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/runtime-gvisor:v0.22.0

Container (OCI) Images​

  • gardener-extension-runtime-gvisor-installation: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor-installation:v0.22.0
  • gardener-extension-runtime-gvisor: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor:v0.22.0
Update shoot-dns-service to 1.66.0

[gardener/gardener-extension-shoot-dns-service]

πŸ› Bug Fixes​

  • [OPERATOR] Patch dnsowners CRD with annotation confirmation.gardener.cloud/deletion=true before deleting it by @MartinWeindel [#504]

Helm Charts​

  • admission-shoot-dns-service-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-application:v1.66.0
  • admission-shoot-dns-service-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-runtime:v1.66.0
  • shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-dns-service:v1.66.0

Container (OCI) Images​

  • gardener-extension-admission-shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-shoot-dns-service:v1.66.0
  • gardener-extension-shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-dns-service:v1.66.0
Update cert-management to 0.17.7

[gardener/cert-management]

✨ New Features​

  • [USER] Added cert.gardener.cloud/not-before annotation and IssuanceDate field to Certificate. by @marc1404 [#489]

πŸƒ Others​

  • [OPERATOR] Support cert.gardener.cloud/class annotation for issuers by @MartinWeindel [#512]

πŸ“– Documentation​

  • [USER] Documented the correct minimum duration of Certificates assuming the default renewal window of 30 days. by @marc1404 [#495]

Helm Charts​

  • cert-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/cert-controller-manager:v0.17.7

Container (OCI) Images​

  • cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.17.7
Update gardener-metrics-exporter to 0.40.0

[gardener/gardener-metrics-exporter]

πŸ“° Noteworthy​

  • [OPERATOR] Update Go module dependencies by @chrkl [#128]

πŸƒ Others​

  • [OPERATOR] Add support for CredentialsBinding to identify shoot cost objects by @vicwicker [#129]

Container (OCI) Images​

  • metrics-exporter: europe-docker.pkg.dev/gardener-project/releases/gardener/metrics-exporter:0.40.0
Update gardener-metrics-exporter to 0.40.0

[gardener/gardener-metrics-exporter]

πŸ“° Noteworthy​

  • [OPERATOR] Update Go module dependencies by @chrkl [#128]

πŸƒ Others​

  • [OPERATOR] Add support for CredentialsBinding to identify shoot cost objects by @vicwicker [#129]

Container (OCI) Images​

  • metrics-exporter: europe-docker.pkg.dev/gardener-project/releases/gardener/metrics-exporter:0.40.0
Update networking-calico to 1.49.0

[gardener/gardener-extension-networking-calico]

πŸƒ Others​

  • [DEVELOPER] migrate CICD-Pipelines to GitHub-Actions by @ccwienk [#668]
  • [OPERATOR] The healthcheck controller is now removed. by @axel7born [#649]
Update backup-s3 to 0.7.3

General Changes​

  • Fix extension runtime RBAC (#17) @Wieneo
  • include sbom in container image (#16) @mac641
Update provider-alicloud to 1.63.0

[gardener/gardener-extension-provider-alicloud]

πŸ› Bug Fixes​

  • [OPERATOR] Admission controller will be deployed with the LEADER_ELECTION_NAMESPACE environment variable set to the pod namespace by @plkokanov [#801]

πŸƒ Others​

  • [OPERATOR] The provider-alicloud extension does now support shoot clusters with Kubernetes version 1.33. You should consider the Kubernetes release notes before upgrading to 1.33. by @plkokanov [#800]
  • [OPERATOR] Memory and CPU resource limits have been removed from provider-alicloud extension chart templates. by @kevin-lacoo [#799]
  • [OPERATOR] Fixed an issue that caused a field.Path{...} structure to be displayed in the error message shown when the CIDR validation of shoot.spec.networking.{nodes,pods,services} fields fails, instead of the actual incorrect value. by @plkokanov [#802]

Helm Charts​

  • admission-alicloud-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-application:v1.63.0
  • admission-alicloud-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-runtime:v1.63.0
  • provider-alicloud: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-alicloud:v1.63.0

Container (OCI) Images​

  • gardener-extension-admission-alicloud: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-alicloud:v1.63.0
  • gardener-extension-provider-alicloud: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-alicloud:v1.63.0
Update gardener-controlplane to 1.122.1

[gardener/gardener]

πŸ› Bug Fixes​

  • [USER] An issue causing gardenlet to panic during the migration from single-stack IPv4 to dual-stack IPv4, IPv6 when the Shoot is hibernated is now fixed. by @DockToFuture [#12435]
  • [USER] A bug causing the maxSurge and maxUnavailable fields for worker pools with update strategy ManualInPlaceUpdate always getting overwritten is now fixed. by @shafeeqes [#12454]
  • [DEVELOPER] An issue causing reporting data generated by the testframework to be incompatible with recent elasticsearch/opensearch versions is now fixed. by @dguendisch [#12462]
  • [OPERATOR] Fixed an error in BackupBucket reconciliation by replacing StrategicMergePatch with MergePatch to properly handle runtime.RawExtension fields. by @shafeeqes [#12461]

Helm Charts​

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.122.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.122.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.122.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.122.1

Container (OCI) Images​

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.122.1
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.122.1
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.122.1
  • gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.122.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.122.1
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.122.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.122.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.122.1
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.122.1
Update gardener-controlplane to 1.122.1

[gardener/gardener]

πŸ› Bug Fixes​

  • [USER] An issue causing gardenlet to panic during the migration from single-stack IPv4 to dual-stack IPv4, IPv6 when the Shoot is hibernated is now fixed. by @DockToFuture [#12435]
  • [USER] A bug causing the maxSurge and maxUnavailable fields for worker pools with update strategy ManualInPlaceUpdate always getting overwritten is now fixed. by @shafeeqes [#12454]
  • [DEVELOPER] An issue causing reporting data generated by the testframework to be incompatible with recent elasticsearch/opensearch versions is now fixed. by @dguendisch [#12462]
  • [OPERATOR] Fixed an error in BackupBucket reconciliation by replacing StrategicMergePatch with MergePatch to properly handle runtime.RawExtension fields. by @shafeeqes [#12461]

Helm Charts​

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.122.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.122.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.122.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.122.1

Container (OCI) Images​

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.122.1
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.122.1
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.122.1
  • gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.122.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.122.1
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.122.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.122.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.122.1
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.122.1
Update gardenlet to 1.122.1

[gardener/gardener]

πŸ› Bug Fixes​

  • [USER] An issue causing gardenlet to panic during the migration from single-stack IPv4 to dual-stack IPv4, IPv6 when the Shoot is hibernated is now fixed. by @DockToFuture [#12435]
  • [USER] A bug causing the maxSurge and maxUnavailable fields for worker pools with update strategy ManualInPlaceUpdate always getting overwritten is now fixed. by @shafeeqes [#12454]
  • [DEVELOPER] An issue causing reporting data generated by the testframework to be incompatible with recent elasticsearch/opensearch versions is now fixed. by @dguendisch [#12462]
  • [OPERATOR] Fixed an error in BackupBucket reconciliation by replacing StrategicMergePatch with MergePatch to properly handle runtime.RawExtension fields. by @shafeeqes [#12461]

Helm Charts​

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.122.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.122.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.122.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.122.1

Container (OCI) Images​

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.122.1
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.122.1
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.122.1
  • gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.122.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.122.1
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.122.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.122.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.122.1
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.122.1
Update provider-alicloud to 1.63.1

[gardener/gardener-extension-provider-alicloud]

πŸƒ Others​

  • [OPERATOR] Update csi-plugin-alicloud to v1.30.3-90b225e-aliyun by @kevin-lacoo [#808]

Helm Charts​

  • admission-alicloud-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-application:v1.63.1
  • admission-alicloud-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-runtime:v1.63.1
  • provider-alicloud: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-alicloud:v1.63.1

Container (OCI) Images​

  • gardener-extension-admission-alicloud: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-alicloud:v1.63.1
  • gardener-extension-provider-alicloud: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-alicloud:v1.63.1
Update os-gardenlinux to 0.31.0

[gardener/gardener-extension-os-gardenlinux]

Helm Charts​

  • os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-gardenlinux:v0.31.0

Container (OCI) Images​

  • gardener-extension-os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.31.0
Update shoot-oidc-service to 0.32.0

[gardener/gardener-extension-shoot-oidc-service]

πŸƒ Others​

  • [OPERATOR] The extension is now built using go version 1.24.5. by @dependabot[bot] [#335]
  • [DEPENDENCY] The following third party dependencies have been updated:
    • github.com/gardener/gardener v1.121.2 -> v1.122.1
    • k8s.io/api v0.32.5 -> v0.33.2
    • k8s.io/apimachinery v0.32.5 -> v0.33.2
    • k8s.io/autoscaler/vertical-pod-autoscaler v1.3.1 -> v1.4.1
    • k8s.io/client-go v0.32.5 -> v0.33.2
    • k8s.io/code-generator v0.32.5 -> v0.33.2
    • k8s.io/component-base v0.32.5 -> v0.33.2
    • k8s.io/apiserver v0.32.5 -> v0.33.2
    • sigs.k8s.io/controller-runtime v0.20.4 -> v0.21.0
    • sigs.k8s.io/controller-tools v0.17.3 -> v0.18.0
    • helm.sh/helm/v3 v3.17.3 -> v3.18.3 by @dependabot[bot] [#334]

[gardener/oidc-webhook-authenticator]

✨ New Features​

  • [USER] Containers, which do not require privilege escalations, now forbid privilege escalations explicitly. by @georgibaltiev [gardener/oidc-webhook-authenticator#179]

πŸƒ Others​

  • [OPERATOR] oidc-webhook-authenticator is now built with go 1.24.5. by @vpnachev [gardener/oidc-webhook-authenticator#185]
  • [OPERATOR] OWA is now built using go version 1.24.4. by @dimityrmirchev [gardener/oidc-webhook-authenticator#180]
  • [DEPENDENCY] The following 3rd party dependencies have been updated:
    • k8s.io/api v0.31.1 -> v0.33.2
    • k8s.io/apiextensions-apiserver v0.31.0 -> v0.33.2
    • k8s.io/apimachinery v0.31.1 -> v0.33.2
    • k8s.io/apiserver v0.31.0 -> v0.33.2
    • k8s.io/client-go v0.31.1 -> v0.33.2
    • k8s.io/component-base v0.31.1 -> v0.33.2
    • sigs.k8s.io/controller-runtime v0.19.0 -> v0.21.0
    • golang.org/x/crypto v0.36.0 -> v0.39.0
    • golang.org/x/net v0.38.0 -> v0.41.0
    • golang.org/x/oauth2 v0.21.0 -> v0.30.0
    • golang.org/x/sync v0.12.0 -> v0.15.0
    • golang.org/x/sys v0.31.0 -> v0.33.0
    • golang.org/x/term v0.30.0 -> v0.32.0
    • golang.org/x/text v0.23.0 -> v0.26.0
    • golang.org/x/time v0.6.0 -> v0.12.0 by @vpnachev [gardener/oidc-webhook-authenticator#182]

Helm Charts​

  • shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-oidc-service:v0.32.0

Container (OCI) Images​

  • gardener-extension-shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-oidc-service:v0.32.0
Update acl to 1.10.0

What's Changed​

⚠️ Breaking​

πŸ€– Dependencies​

Full Changelog: https://github.com/stackitcloud/gardener-extension-acl/compare/v1.9.0...v1.10.0

Update dashboard to 1.81.0

[gardener/dashboard]

⚠️ Breaking Changes​

  • [OPERATOR] The temporary mapping from accessRestriction.items[@key="seed.gardener.cloud/eu-access"] to accessRestriction.items[@key="eu-access-only"] has been removed as previously announced (ref). by @petersutter [#2452]

✨ New Features​

  • [USER] The dashboard now supports Shoot.spec.cloudProfile. Previously, Shoot.spec.cloudProfileName was used. by @petersutter [#2427]

πŸ› Bug Fixes​

  • [USER] update of dependent autoscaler value will only be triggered after the ui element is not focused anymore by @klocke-io [#2490]
  • [USER] Fixed Alertmanager URL by @petersutter [#2483]
  • [DEVELOPER] install dependencies prior to running sast-lint by @ccwienk [#2510]

πŸƒ Others​

  • [USER] Added description for constraint DualStackNodesMigrationReady by @axel7born [#2502]
  • [OPERATOR] Removed the logic that filters cloud profiles without a matching seed in the backend. All cloud profiles will now show up in the frontend. If a cloud profile without a matching seed is selected for a new cluster, a hint will be shown to the user by @grolu [#2454]
  • [DEVELOPER] adapt server entry point from server.mjs to server.js in dashboard deployment template by @klocke-io [#2507]
  • [DEVELOPER] migrade CICD-Pipelines to GitHub-Actions by @ccwienk [#2505]
Update dashboard to 1.81.0

[gardener/dashboard]

⚠️ Breaking Changes​

  • [OPERATOR] The temporary mapping from accessRestriction.items[@key="seed.gardener.cloud/eu-access"] to accessRestriction.items[@key="eu-access-only"] has been removed as previously announced (ref). by @petersutter [#2452]

✨ New Features​

  • [USER] The dashboard now supports Shoot.spec.cloudProfile. Previously, Shoot.spec.cloudProfileName was used. by @petersutter [#2427]

πŸ› Bug Fixes​

  • [USER] update of dependent autoscaler value will only be triggered after the ui element is not focused anymore by @klocke-io [#2490]
  • [USER] Fixed Alertmanager URL by @petersutter [#2483]
  • [DEVELOPER] install dependencies prior to running sast-lint by @ccwienk [#2510]

πŸƒ Others​

  • [USER] Added description for constraint DualStackNodesMigrationReady by @axel7born [#2502]
  • [OPERATOR] Removed the logic that filters cloud profiles without a matching seed in the backend. All cloud profiles will now show up in the frontend. If a cloud profile without a matching seed is selected for a new cluster, a hint will be shown to the user by @grolu [#2454]
  • [DEVELOPER] adapt server entry point from server.mjs to server.js in dashboard deployment template by @klocke-io [#2507]
  • [DEVELOPER] migrade CICD-Pipelines to GitHub-Actions by @ccwienk [#2505]