Release Notes v1.71
23KE release notes and upgrade guide
- Before upgrade
- The 23KE configuration chart was unified and moved, so resources need to be annotated to get adopted by the new chart name. To prevent the old charts from deleting resources when they get removed, they need to get suspended first.
If something goes wrong or the charts weren't suspended, other charts might complain about their -base-values Secret missing. To remedy,suspend and then resume the newflux suspend hr pre-gardener-configuration
flux suspend hr gardener-configuration
kubectl -n flux-system annotate Secret -l helm.toolkit.fluxcd.io/name=pre-gardener-configuration meta.helm.sh/release-name=configuration --overwrite
kubectl -n flux-system annotate Secret -l helm.toolkit.fluxcd.io/name=gardener-configuration meta.helm.sh/release-name=configuration --overwrite
kubectl -n garden annotate Secret -l helm.toolkit.fluxcd.io/name=gardener-configuration meta.helm.sh/release-name=certificates --overwrite
kubectl -n garden annotate certificates.cert.gardener.cloud -l helm.toolkit.fluxcd.io/name=gardener-configuration meta.helm.sh/release-name=certificates --overwrite
kubectl -n flux-system annotate Certificate -l helm.toolkit.fluxcd.io/name=gardener-configuration meta.helm.sh/release-name=certificates --overwrite
kubectl -n flux-system annotate Issuer -l helm.toolkit.fluxcd.io/name=gardener-configuration meta.helm.sh/release-name=certificates --overwriteconfiguration
HelmRelease so it re-generates those Secrets.
Related upstream release notes / changelogs
Update provider-azure to 1.35.3
[gardener-extension-provider-azure]
🏃 Others
- [OPERATOR] Remove the error code check from
NodesChecker
to prevent nil pointer panic. (gardener/gardener-extension-provider-azure#684, @acumino)
Update provider-aws to 1.43.2
[gardener-extension-provider-aws]
🏃 Others
- [OPERATOR] Remove the error code check from
NodesChecker
to prevent nil pointer panic. (gardener/gardener-extension-provider-aws#748, @acumino)
Update provider-gcp to 1.29.3
[gardener-extension-provider-gcp]
🏃 Others
- [OPERATOR] Remove the error code check from
NodesChecker
to prevent nil pointer panic. (gardener/gardener-extension-provider-gcp#595, @acumino)
Update provider-openstack to 1.33.3
[gardener-extension-provider-openstack]
🏃 Others
- [OPERATOR] Remove the error code check from
NodesChecker
to prevent nil pointer panic. (gardener/gardener-extension-provider-openstack#622, @acumino)
Update gardener-controlplane to 1.70.2
[gardener]
⚠️ Breaking Changes
- [USER] Gardener denies setting
Shoot.Spec.ControlPlane.HighAvailability.FailureTolerance.Type
if shoot is hibernated. (gardener/gardener#7920, @gardener-ci-robot)
🐛 Bug Fixes
- [USER] A bug has been fixed which could cause
kube-proxy
s from being missing after aShoot
has been woken up from hibernation. (gardener/gardener#7917, @gardener-ci-robot) - [OPERATOR] An issue has been fixed that caused traffic from outside of the cluster to
Istio-Ingress
being blocked. This is only relevant if seed(s) specify additional load balancer annotations viaseed.spec.settings.loadBalancerServices.annotations
. (gardener/gardener#7911, @gardener-ci-robot)
🏃 Others
- [OPERATOR] An issue causing panic in the health check for extension is fixed. (gardener/gardener#7914, @gardener-ci-robot)
Update cloudprofiles to 0.6.2
What's Changed
- Regiocloud: Change regiocloud-a to RegionA by @JensAc in https://github.com/gardener-community/cloudprofiles/pull/23
Full Changelog: https://github.com/gardener-community/cloudprofiles/compare/0.6.1...0.6.2
Update provider-alicloud to 1.46.0
[gardener-extension-provider-alicloud]
📖 Documentation
- [DEPENDENCY] The flags which went out-of-support in MCM v0.49.0 have been cleaned up from MCM deployment yaml. (gardener/gardener-extension-provider-alicloud#595, @himanshu-kun)
🏃 Others
- [OPERATOR] The
gardener-extension-admission-alicloud
Service in thegardener-extension-admission-alicloud
chart can now be configured to be topology-aware. (gardener/gardener-extension-provider-alicloud#591, @ialidzhikov) - [OPERATOR] The admission/validation component is now adapted such that it works well in garden cluster with enabled
NetworkPolicy
protection (default sincegardener/gardener@v1.71
when garden cluster is managed bygardener-operator
). (gardener/gardener-extension-provider-alicloud#599, @rfranzke) - [OPERATOR] The following dependency has been updated: (gardener/gardener-extension-provider-alicloud#600, @acumino)
- github.com/gardener/gardener 1.67.1 -> 1.70.2
[machine-controller-manager]
⚠️ Breaking Changes
- [OPERATOR] Removal of the following flags (and corresponding fields in associated structs): 'machine-creation-timeout' 'machine-drain-timeout', 'machine-pv-detach-timeout', 'machine-health-timeout=10m', 'machine-safety-apiserver-statuscheck-timeout', 'machine-safety-apiserver-statuscheck-period', 'machine-safety-orphan-vms-period', 'machine-max-evict-retries', 'node-conditions', 'bootstrap-token-auth-extra-groups', 'delete-migrated-machine-class'. The MCM no longer accepts these flags since these are options handled by the Machine Controller invoked by platform specific provider launchers. (gardener/machine-controller-manager#769, @elankath)
- [DEVELOPER] Deletion of 'Driver.GenerateMachineClassForMigration'. Providers need to adapt to this. (gardener/machine-controller-manager#769, @elankath)
✨ New Features
- [USER] Machine object won't turn from
Pending
toRunning
state ifnode.gardener.cloud/critical-components-not-ready
taint is there on the corresponding node. (gardener/machine-controller-manager#778, @SimonKienzler)
🐛 Bug Fixes
- [USER] An edge case where all the machineSets were scaled down to zero has been dealt with. (gardener/machine-controller-manager#803, @himanshu-kun)
- [USER] Fix a bug in the bootstrap token creation that caused node to not be able to join the cluster due to an expired bootstrap token. (gardener/machine-controller-manager#773, @schrodit)
📖 Documentation
- [DEVELOPER] Added proposal for hot-update of resources (instance/Nic/Disk) (gardener/machine-controller-manager#761, @himanshu-kun)
🏃 Others
- [OPERATOR]
CrashloopBackoff
machines will turn toRunning
quicker (gardener/machine-controller-manager#806, @rishabh-11) - [OPERATOR] CVE categorization for MCM has been added. (gardener/machine-controller-manager#791, @dkistner)
- [DEVELOPER] The API generation now works again. Previously the API docs was generated to a location that was ignored by git and other API docs file was maintained. (gardener/machine-controller-manager#800, @ialidzhikov)
- [DEVELOPER] Bump
k8s.io/*
dependencies to v1.26.2 (gardener/machine-controller-manager#792, @afritzler)
[terraformer]
🏃 Others
- [OPERATOR] Update alpine base image to
v3.17.3
(gardener/terraformer#136, @kon-angelo)
Docker Images
gardener-extension-provider-alicloud: eu.gcr.io/gardener-project/gardener/extensions/provider-alicloud:v1.46.0
gardener-extension-admission-alicloud: eu.gcr.io/gardener-project/gardener/extensions/admission-alicloud:v1.46.0
Update shoot-dns-service to 1.34.0
[gardener-extension-shoot-dns-service]
🏃 Others
- [OPERATOR] The admission/validation component is now adapted such that it works well in garden cluster with enabled
NetworkPolicy
protection (default sincegardener/gardener@v1.71
when garden cluster is managed bygardener-operator
). (gardener/gardener-extension-shoot-dns-service#210, @rfranzke) - [OPERATOR] Exclude external kube-apiserver domain from the
external
DNSProvider (gardener/gardener-extension-shoot-dns-service#213, @MartinWeindel) - [DEPENDENCY] The following dependency is updated: (gardener/gardener-extension-shoot-dns-service#212, @shafeeqes)
- github.com/gardener/gardener: v1.65.3 -> v1.71.0
- k8s.io/* : v0.26.1 -> v0.26.3
- sigs.k8s.io/controller-runtime: v0.14.4-> v0.14.6
Update os-gardenlinux to 0.20.0
[gardener-extension-os-gardenlinux]
🏃 Others
- [OPERATOR] golang version is now updated to 1.20.4. (gardener/gardener-extension-os-gardenlinux#97, @dependabot[bot])
- [OPERATOR] Update go.mod to golang 1.20. (gardener/gardener-extension-os-gardenlinux#100, @danielfoehrKn)
- [OPERATOR] The following dependency is updated: (gardener/gardener-extension-os-gardenlinux#94, @dependabot[bot])
- github.com/gardener/gardener: v1.66.0 -> v1.70.2
Update provider-hcloud to 0.6.17
[gardener-extension-provider-hcloud] v0.6.17
Update dashboard to 1.69.1
[dashboard]
⚠️ Breaking Changes
- [OPERATOR] The default ingress class annotation under
Values.global.dashboard.ingress.annotations['kubernetes.io/ingress.class']
will not be set anymore. Instead, the ingress class name will be set usingValues.global.dashboard.ingress.ingressClassName
(gardener/dashboard#1499, @petersutter)
🐛 Bug Fixes
- [OPERATOR] Fixed an issue where the helm deployment failed with the error
annotations.kubernetes.io/ingress.class: Invalid value: "nginx": can not be set when the class field is also set
(gardener/dashboard#1499, @petersutter)
Update gardener-controlplane to 1.71.3
[gardener]
🐛 Bug Fixes
- [OPERATOR] A bug causing
gardenlet
to panic whenadmission-controller
is upgraded tov1.71
but gardenlet is still onv1.70
. (gardener/gardener#7989, @acumino) - [OPERATOR] Several low timeouts (30s) that were introduced in v1.71.0 for several steps are now reverted as in some cases the Network/ControlPlane reconciliation cannot succeed for 30s. (gardener/gardener#8006, @gardener-ci-robot)