Skip to main content

Release Notes v1.74

23KE release notes and upgrade guide​

Before upgrade​

  • If Kustomization resources in your config repo contain spec.validation fields, remove them as they're no longer supported.

  • The addons chart was moved to the top-level directory and is managed by its own Kustomization now. Moreover, the gardener dashboard is now part of the addons chart allowing to switch it off when not needed. Therefore, you should

    flux suspend ks pre-gardener
    kubectl label -n flux-system hr dashboard-runtime kustomize.toolkit.fluxcd.io/name-
    kubectl label -n flux-system hr dashboard-runtime kustomize.toolkit.fluxcd.io/namespace-
    kubectl label -n flux-system hr dashboard-runtime app.kubernetes.io/managed-by=Helm
    kubectl annotate -n flux-system hr dashboard-runtime meta.helm.sh/release-name=addons
    kubectl annotate -n flux-system hr dashboard-runtime meta.helm.sh/release-namespace=flux-system

    kubectl label -n flux-system hr dashboard-application kustomize.toolkit.fluxcd.io/name-
    kubectl label -n flux-system hr dashboard-application kustomize.toolkit.fluxcd.io/namespace-
    kubectl label -n flux-system hr dashboard-application app.kubernetes.io/managed-by=Helm
    kubectl annotate -n flux-system hr dashboard-application meta.helm.sh/release-name=addons
    kubectl annotate -n flux-system hr dashboard-application meta.helm.sh/release-namespace=flux-system

After upgrade​

  • Resume the pre-gardener Kustomization again 
    flux resume ks pre-gardener

Related upstream release notes / changelogs​

Update provider-alicloud to 1.46.1

[machine-controller-manager]

πŸ› Bug Fixes​

Update provider-azure to 1.36.2

[machine-controller-manager]

πŸ› Bug Fixes​

Update provider-gcp to 1.30.2

[gardener-extension-provider-gcp]

πŸƒ Others​

[machine-controller-manager]

πŸ› Bug Fixes​

Update provider-openstack to 1.35.1

[machine-controller-manager]

πŸ› Bug Fixes​

Update gardener-controlplane to 1.73.1

[gardener]

πŸ› Bug Fixes​

  • [OPERATOR] An issue causing deletion of a legacy (wrongly configured) Shoot cluster to be denied because of network ranges overlapping with the default VPN network is now fixed. (gardener/gardener#8137, @oliver-goetz)
  • [OPERATOR] Missing permissions were added for the Gardenlet service account for Machine objects. This fix is relevant if feature gate MachineControllerManagerDeployment is enabled in your landscape. (gardener/gardener#8123, @gardener-ci-robot)

πŸƒ Others​

Update gardener-controlplane to 1.73.1

[gardener]

πŸ› Bug Fixes​

  • [OPERATOR] An issue causing deletion of a legacy (wrongly configured) Shoot cluster to be denied because of network ranges overlapping with the default VPN network is now fixed. (gardener/gardener#8137, @oliver-goetz)
  • [OPERATOR] Missing permissions were added for the Gardenlet service account for Machine objects. This fix is relevant if feature gate MachineControllerManagerDeployment is enabled in your landscape. (gardener/gardener#8123, @gardener-ci-robot)

πŸƒ Others​

Update gardenlet to 1.73.1

[gardener]

πŸ› Bug Fixes​

  • [OPERATOR] An issue causing deletion of a legacy (wrongly configured) Shoot cluster to be denied because of network ranges overlapping with the default VPN network is now fixed. (gardener/gardener#8137, @oliver-goetz)
  • [OPERATOR] Missing permissions were added for the Gardenlet service account for Machine objects. This fix is relevant if feature gate MachineControllerManagerDeployment is enabled in your landscape. (gardener/gardener#8123, @gardener-ci-robot)

πŸƒ Others​

Update provider-aws to 1.44.3

[gardener-extension-provider-aws]

πŸƒ Others​

[machine-controller-manager]

πŸ› Bug Fixes​

Update external-dns-management to 0.15.6

[external-dns-management]

πŸ› Bug Fixes​

Update provider-alicloud to 1.47.0

[gardener-extension-provider-alicloud]

⚠️ Breaking Changes​

✨ New Features​

πŸƒ Others​

[machine-controller-manager]

πŸ› Bug Fixes​

[machine-controller-manager-provider-alicloud]

⚠️ Breaking Changes​

πŸƒ Others​

[terraformer]

πŸƒ Others​

Docker Images​

gardener-extension-provider-alicloud: eu.gcr.io/gardener-project/gardener/extensions/provider-alicloud:v1.47.0 gardener-extension-admission-alicloud: eu.gcr.io/gardener-project/gardener/extensions/admission-alicloud:v1.47.0

Update gardener-controlplane to 1.74.0

[gardener]

⚠️ Breaking Changes​

  • [USER] Annotation alpha.featuregates.shoot.gardener.cloud/node-local-dns is deprecated and will be removed in future releases. Use field .spec.systemComponents.nodeLocalDNS.enabled in Shoot instead. Switching on node-local-dns via shoot specification will roll the nodes even if node-local-dns was enabled beforehand via annotation. (gardener/gardener#8067, @acumino)
  • [USER] Annotation alpha.featuregates.shoot.gardener.cloud/node-local-dns-force-tcp-to-{cluster-dns, upstream-dns} is deprecated and will be removed in future releases. Use field .spec.systemComponents.{nodeLocalDNSforceTCPToClusterDNS, nodeLocalDNSforceTCPToUpstreamDNS} in Shoot instead. (gardener/gardener#8067, @acumino)
  • [OPERATOR] The Seed's .spec.settings.ownerChecks field is now no-op - the gardener-apiserver no longer defaults this field and no longer validates it. The field will be set always to nil on CREATE/UPDATE request. (gardener/gardener#7951, @dimitar-kostadinov)
    • Gardener landscape operators specifying this field should no longer specify it. The field will be removed in a future version of Gardener.
  • [OPERATOR] The GA-ed feature gates HAControlPlanes and FullNetworkPoliciesInRuntimeCluster have been removed. (gardener/gardener#8083, @rfranzke)
  • [OPERATOR] ⚠️ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions < 1.22. Make sure to upgrade all existing clusters before upgrading to this Gardener version. (gardener/gardener#8087, @shafeeqes)
  • [OPERATOR] The shootstate-extensions and shootstate-secret controllers have been dropped. The gardenlet's component config file should be updated to no longer specify related configuration (.controllers.{shootSecret,shootStateSync}). (gardener/gardener#8136, @rfranzke)
  • [OPERATOR] gardener.cloud/operation annotation was introduced to seeds. This includes a verification of its value. Please check your seeds for this annotation and remove it if necessary prior to the update. (gardener/gardener#8152, @timebertt)
  • [OPERATOR] A new field .spec.virtualCluster.dns.domains was added to the Garden API. This field allows to expose the kube-apiserver of the virtual cluster via multiple domains. Earlier, the API only accepted one domain name via .spec.virtualCluster.dns.domain. (gardener/gardener#8173, @gardener-ci-robot)
    • ⚠️ With this change .spec.virtualCluster.dns.domain is deprecated and will be removed in the next release. Please update your Garden resource to the new .spec.virtualCluster.dns.domains field by removing the existing domain configuration from dns.domain and add it as the first entry of dns.domains.
  • [DEVELOPER] The deprecated local development setups have been removed. From now on, only the kind-based setups are supported. Please refer to this guide for all information. (gardener/gardener#8075, @oliver-goetz)
  • [DEVELOPER] The deprecated allow-to-seed-apiserver NetworkPolicy is no longer available in garden or seed clusters. Use allow-to-runtime-apiserver instead. (gardener/gardener#8083, @rfranzke)

✨ New Features​

  • [USER] The VerticalPodAutoscaler resources for kube-proxys is no longer recreated when the Kubernetes patch version of the Shoot or the respective worker pools is updated. This ensures updated kube-proxys keep the same CPU/memory resource requirements as before the patch version update. In order to put this change into effect, all existing VerticalPodAutoscalers for kube-proxys are getting recreated. (gardener/gardener#8071, @rfranzke)
  • [USER] Shoot addon nginx-ingress-controller image is updated to v1.8.0 for Kubernetes v1.24+ clusters, to v1.6.4 for Kubernetes v1.23 clusters, and to v1.4.0 for Kubernetes v1.22 clusters. (gardener/gardener#8096, @shafeeqes)
  • [OPERATOR] Gardener uses an InternalSecret per Shoot for syncing the client CA to the project namespace in the garden cluster (named <shoot-name>.ca-client). The shoots/adminkubeconfig subresource signs short-lived client certificates by retrieving the CA from the InternalSecret. (gardener/gardener#8088, @timebertt)
  • [OPERATOR] A new controller in gardenlet for periodically backing up the ShootState for Shoots has been introduced. This controller is only activated when gardenlet is responsible for an unmanaged Seed (i.e., one not backed by a ManagedSeed object). By default, backups are taken roughly each 6h. (gardener/gardener#8112, @rfranzke)
  • [OPERATOR] If gardenlet is responsible for a managed Seed, it will delete all ShootState resources for its Shoots that are not currently in migration. See also GEP-22 for further details about the motivation. (gardener/gardener#8144, @rfranzke)

πŸ› Bug Fixes​

  • [USER] A regression was fixed that prevented deletions for shoot clusters which were created with a wrong configuration (e.g. with an unavailable domain name). (gardener/gardener#8122, @timuthy)
  • [OPERATOR] Missing permissions were added for the Gardenlet service account for Machine objects. This fix is relevant if feature gate MachineControllerManagerDeployment is enabled in your landscape. (gardener/gardener#8121, @timuthy)
  • [OPERATOR] An issue causing deletion of a legacy (wrongly configured) Shoot cluster to be denied because of network ranges overlapping with the default VPN network is now fixed. (gardener/gardener#8129, @ialidzhikov)
  • [OPERATOR] gardener-resource-manager's system-components-config webhook no longer adds the toleration for the ToBeDeletedByClusterAutoscaler taint to system components in shoot clusters. The ToBeDeletedByClusterAutoscaler taint is maintained by the cluster-autoscaler. This was breaking cluster-autoscaler's drain mechanism when scaling down an under-utilized node. It was causing just evicted system components from to be deleted node to be scheduled again on the to be deleted node. (gardener/gardener#8172, @gardener-ci-robot)
  • [OPERATOR] A bug has been fixed for Istio-Ingress Gateways for seeds that use ExposureClassHandlers. Earlier, annotations in seed.spec.settings.loadBalancerServices caused an override of the ones specified in gardenletConfiguration.exposureClassHandler[].loadBalancerService for zonal Istios. Now, annotations in gardenletConfiguration.exposureClassHandler[].loadBalancerService are given priority, like it was already the case of the global Istio. (gardener/gardener#8178, @gardener-ci-robot)
  • [DEVELOPER] On deletion, the generic ControlPlane actuator will now redeploy the cloud config chart to allow provider extensions update the content with the most up-to-date information. (gardener/gardener#8106, @kon-angelo)

πŸƒ Others​

[etcd-druid]

πŸƒ Others​

  • [OPERATOR] Bumped up the custom image version to v3.4.13-bootstrap-11 (gardener/etcd-druid#624, @abdasgupta)
  • [OPERATOR] Druid now exposes metrics related to snapshot compaction, on default port 8080. Please expose the desired metrics port via the etcd-druid service to allow metrics to be scraped by a Prometheus instance. (gardener/etcd-druid#625, @abdasgupta)

[logging]

πŸƒ Others​

[machine-controller-manager]

πŸ› Bug Fixes​

Update gardener-controlplane to 1.74.0

[gardener]

⚠️ Breaking Changes​

  • [USER] Annotation alpha.featuregates.shoot.gardener.cloud/node-local-dns is deprecated and will be removed in future releases. Use field .spec.systemComponents.nodeLocalDNS.enabled in Shoot instead. Switching on node-local-dns via shoot specification will roll the nodes even if node-local-dns was enabled beforehand via annotation. (gardener/gardener#8067, @acumino)
  • [USER] Annotation alpha.featuregates.shoot.gardener.cloud/node-local-dns-force-tcp-to-{cluster-dns, upstream-dns} is deprecated and will be removed in future releases. Use field .spec.systemComponents.{nodeLocalDNSforceTCPToClusterDNS, nodeLocalDNSforceTCPToUpstreamDNS} in Shoot instead. (gardener/gardener#8067, @acumino)
  • [OPERATOR] The Seed's .spec.settings.ownerChecks field is now no-op - the gardener-apiserver no longer defaults this field and no longer validates it. The field will be set always to nil on CREATE/UPDATE request. (gardener/gardener#7951, @dimitar-kostadinov)
    • Gardener landscape operators specifying this field should no longer specify it. The field will be removed in a future version of Gardener.
  • [OPERATOR] The GA-ed feature gates HAControlPlanes and FullNetworkPoliciesInRuntimeCluster have been removed. (gardener/gardener#8083, @rfranzke)
  • [OPERATOR] ⚠️ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions < 1.22. Make sure to upgrade all existing clusters before upgrading to this Gardener version. (gardener/gardener#8087, @shafeeqes)
  • [OPERATOR] The shootstate-extensions and shootstate-secret controllers have been dropped. The gardenlet's component config file should be updated to no longer specify related configuration (.controllers.{shootSecret,shootStateSync}). (gardener/gardener#8136, @rfranzke)
  • [OPERATOR] gardener.cloud/operation annotation was introduced to seeds. This includes a verification of its value. Please check your seeds for this annotation and remove it if necessary prior to the update. (gardener/gardener#8152, @timebertt)
  • [OPERATOR] A new field .spec.virtualCluster.dns.domains was added to the Garden API. This field allows to expose the kube-apiserver of the virtual cluster via multiple domains. Earlier, the API only accepted one domain name via .spec.virtualCluster.dns.domain. (gardener/gardener#8173, @gardener-ci-robot)
    • ⚠️ With this change .spec.virtualCluster.dns.domain is deprecated and will be removed in the next release. Please update your Garden resource to the new .spec.virtualCluster.dns.domains field by removing the existing domain configuration from dns.domain and add it as the first entry of dns.domains.
  • [DEVELOPER] The deprecated local development setups have been removed. From now on, only the kind-based setups are supported. Please refer to this guide for all information. (gardener/gardener#8075, @oliver-goetz)
  • [DEVELOPER] The deprecated allow-to-seed-apiserver NetworkPolicy is no longer available in garden or seed clusters. Use allow-to-runtime-apiserver instead. (gardener/gardener#8083, @rfranzke)

✨ New Features​

  • [USER] The VerticalPodAutoscaler resources for kube-proxys is no longer recreated when the Kubernetes patch version of the Shoot or the respective worker pools is updated. This ensures updated kube-proxys keep the same CPU/memory resource requirements as before the patch version update. In order to put this change into effect, all existing VerticalPodAutoscalers for kube-proxys are getting recreated. (gardener/gardener#8071, @rfranzke)
  • [USER] Shoot addon nginx-ingress-controller image is updated to v1.8.0 for Kubernetes v1.24+ clusters, to v1.6.4 for Kubernetes v1.23 clusters, and to v1.4.0 for Kubernetes v1.22 clusters. (gardener/gardener#8096, @shafeeqes)
  • [OPERATOR] Gardener uses an InternalSecret per Shoot for syncing the client CA to the project namespace in the garden cluster (named <shoot-name>.ca-client). The shoots/adminkubeconfig subresource signs short-lived client certificates by retrieving the CA from the InternalSecret. (gardener/gardener#8088, @timebertt)
  • [OPERATOR] A new controller in gardenlet for periodically backing up the ShootState for Shoots has been introduced. This controller is only activated when gardenlet is responsible for an unmanaged Seed (i.e., one not backed by a ManagedSeed object). By default, backups are taken roughly each 6h. (gardener/gardener#8112, @rfranzke)
  • [OPERATOR] If gardenlet is responsible for a managed Seed, it will delete all ShootState resources for its Shoots that are not currently in migration. See also GEP-22 for further details about the motivation. (gardener/gardener#8144, @rfranzke)

πŸ› Bug Fixes​

  • [USER] A regression was fixed that prevented deletions for shoot clusters which were created with a wrong configuration (e.g. with an unavailable domain name). (gardener/gardener#8122, @timuthy)
  • [OPERATOR] Missing permissions were added for the Gardenlet service account for Machine objects. This fix is relevant if feature gate MachineControllerManagerDeployment is enabled in your landscape. (gardener/gardener#8121, @timuthy)
  • [OPERATOR] An issue causing deletion of a legacy (wrongly configured) Shoot cluster to be denied because of network ranges overlapping with the default VPN network is now fixed. (gardener/gardener#8129, @ialidzhikov)
  • [OPERATOR] gardener-resource-manager's system-components-config webhook no longer adds the toleration for the ToBeDeletedByClusterAutoscaler taint to system components in shoot clusters. The ToBeDeletedByClusterAutoscaler taint is maintained by the cluster-autoscaler. This was breaking cluster-autoscaler's drain mechanism when scaling down an under-utilized node. It was causing just evicted system components from to be deleted node to be scheduled again on the to be deleted node. (gardener/gardener#8172, @gardener-ci-robot)
  • [OPERATOR] A bug has been fixed for Istio-Ingress Gateways for seeds that use ExposureClassHandlers. Earlier, annotations in seed.spec.settings.loadBalancerServices caused an override of the ones specified in gardenletConfiguration.exposureClassHandler[].loadBalancerService for zonal Istios. Now, annotations in gardenletConfiguration.exposureClassHandler[].loadBalancerService are given priority, like it was already the case of the global Istio. (gardener/gardener#8178, @gardener-ci-robot)
  • [DEVELOPER] On deletion, the generic ControlPlane actuator will now redeploy the cloud config chart to allow provider extensions update the content with the most up-to-date information. (gardener/gardener#8106, @kon-angelo)

πŸƒ Others​

[etcd-druid]

πŸƒ Others​

  • [OPERATOR] Bumped up the custom image version to v3.4.13-bootstrap-11 (gardener/etcd-druid#624, @abdasgupta)
  • [OPERATOR] Druid now exposes metrics related to snapshot compaction, on default port 8080. Please expose the desired metrics port via the etcd-druid service to allow metrics to be scraped by a Prometheus instance. (gardener/etcd-druid#625, @abdasgupta)

[logging]

πŸƒ Others​

[machine-controller-manager]

πŸ› Bug Fixes​

Update gardenlet to 1.74.0

[gardener]

⚠️ Breaking Changes​

  • [USER] Annotation alpha.featuregates.shoot.gardener.cloud/node-local-dns is deprecated and will be removed in future releases. Use field .spec.systemComponents.nodeLocalDNS.enabled in Shoot instead. Switching on node-local-dns via shoot specification will roll the nodes even if node-local-dns was enabled beforehand via annotation. (gardener/gardener#8067, @acumino)
  • [USER] Annotation alpha.featuregates.shoot.gardener.cloud/node-local-dns-force-tcp-to-{cluster-dns, upstream-dns} is deprecated and will be removed in future releases. Use field .spec.systemComponents.{nodeLocalDNSforceTCPToClusterDNS, nodeLocalDNSforceTCPToUpstreamDNS} in Shoot instead. (gardener/gardener#8067, @acumino)
  • [OPERATOR] The Seed's .spec.settings.ownerChecks field is now no-op - the gardener-apiserver no longer defaults this field and no longer validates it. The field will be set always to nil on CREATE/UPDATE request. (gardener/gardener#7951, @dimitar-kostadinov)
    • Gardener landscape operators specifying this field should no longer specify it. The field will be removed in a future version of Gardener.
  • [OPERATOR] The GA-ed feature gates HAControlPlanes and FullNetworkPoliciesInRuntimeCluster have been removed. (gardener/gardener#8083, @rfranzke)
  • [OPERATOR] ⚠️ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions < 1.22. Make sure to upgrade all existing clusters before upgrading to this Gardener version. (gardener/gardener#8087, @shafeeqes)
  • [OPERATOR] The shootstate-extensions and shootstate-secret controllers have been dropped. The gardenlet's component config file should be updated to no longer specify related configuration (.controllers.{shootSecret,shootStateSync}). (gardener/gardener#8136, @rfranzke)
  • [OPERATOR] gardener.cloud/operation annotation was introduced to seeds. This includes a verification of its value. Please check your seeds for this annotation and remove it if necessary prior to the update. (gardener/gardener#8152, @timebertt)
  • [OPERATOR] A new field .spec.virtualCluster.dns.domains was added to the Garden API. This field allows to expose the kube-apiserver of the virtual cluster via multiple domains. Earlier, the API only accepted one domain name via .spec.virtualCluster.dns.domain. (gardener/gardener#8173, @gardener-ci-robot)
    • ⚠️ With this change .spec.virtualCluster.dns.domain is deprecated and will be removed in the next release. Please update your Garden resource to the new .spec.virtualCluster.dns.domains field by removing the existing domain configuration from dns.domain and add it as the first entry of dns.domains.
  • [DEVELOPER] The deprecated local development setups have been removed. From now on, only the kind-based setups are supported. Please refer to this guide for all information. (gardener/gardener#8075, @oliver-goetz)
  • [DEVELOPER] The deprecated allow-to-seed-apiserver NetworkPolicy is no longer available in garden or seed clusters. Use allow-to-runtime-apiserver instead. (gardener/gardener#8083, @rfranzke)

✨ New Features​

  • [USER] The VerticalPodAutoscaler resources for kube-proxys is no longer recreated when the Kubernetes patch version of the Shoot or the respective worker pools is updated. This ensures updated kube-proxys keep the same CPU/memory resource requirements as before the patch version update. In order to put this change into effect, all existing VerticalPodAutoscalers for kube-proxys are getting recreated. (gardener/gardener#8071, @rfranzke)
  • [USER] Shoot addon nginx-ingress-controller image is updated to v1.8.0 for Kubernetes v1.24+ clusters, to v1.6.4 for Kubernetes v1.23 clusters, and to v1.4.0 for Kubernetes v1.22 clusters. (gardener/gardener#8096, @shafeeqes)
  • [OPERATOR] Gardener uses an InternalSecret per Shoot for syncing the client CA to the project namespace in the garden cluster (named <shoot-name>.ca-client). The shoots/adminkubeconfig subresource signs short-lived client certificates by retrieving the CA from the InternalSecret. (gardener/gardener#8088, @timebertt)
  • [OPERATOR] A new controller in gardenlet for periodically backing up the ShootState for Shoots has been introduced. This controller is only activated when gardenlet is responsible for an unmanaged Seed (i.e., one not backed by a ManagedSeed object). By default, backups are taken roughly each 6h. (gardener/gardener#8112, @rfranzke)
  • [OPERATOR] If gardenlet is responsible for a managed Seed, it will delete all ShootState resources for its Shoots that are not currently in migration. See also GEP-22 for further details about the motivation. (gardener/gardener#8144, @rfranzke)

πŸ› Bug Fixes​

  • [USER] A regression was fixed that prevented deletions for shoot clusters which were created with a wrong configuration (e.g. with an unavailable domain name). (gardener/gardener#8122, @timuthy)
  • [OPERATOR] Missing permissions were added for the Gardenlet service account for Machine objects. This fix is relevant if feature gate MachineControllerManagerDeployment is enabled in your landscape. (gardener/gardener#8121, @timuthy)
  • [OPERATOR] An issue causing deletion of a legacy (wrongly configured) Shoot cluster to be denied because of network ranges overlapping with the default VPN network is now fixed. (gardener/gardener#8129, @ialidzhikov)
  • [OPERATOR] gardener-resource-manager's system-components-config webhook no longer adds the toleration for the ToBeDeletedByClusterAutoscaler taint to system components in shoot clusters. The ToBeDeletedByClusterAutoscaler taint is maintained by the cluster-autoscaler. This was breaking cluster-autoscaler's drain mechanism when scaling down an under-utilized node. It was causing just evicted system components from to be deleted node to be scheduled again on the to be deleted node. (gardener/gardener#8172, @gardener-ci-robot)
  • [OPERATOR] A bug has been fixed for Istio-Ingress Gateways for seeds that use ExposureClassHandlers. Earlier, annotations in seed.spec.settings.loadBalancerServices caused an override of the ones specified in gardenletConfiguration.exposureClassHandler[].loadBalancerService for zonal Istios. Now, annotations in gardenletConfiguration.exposureClassHandler[].loadBalancerService are given priority, like it was already the case of the global Istio. (gardener/gardener#8178, @gardener-ci-robot)
  • [DEVELOPER] On deletion, the generic ControlPlane actuator will now redeploy the cloud config chart to allow provider extensions update the content with the most up-to-date information. (gardener/gardener#8106, @kon-angelo)

πŸƒ Others​

[etcd-druid]

πŸƒ Others​

  • [OPERATOR] Bumped up the custom image version to v3.4.13-bootstrap-11 (gardener/etcd-druid#624, @abdasgupta)
  • [OPERATOR] Druid now exposes metrics related to snapshot compaction, on default port 8080. Please expose the desired metrics port via the etcd-druid service to allow metrics to be scraped by a Prometheus instance. (gardener/etcd-druid#625, @abdasgupta)

[logging]

πŸƒ Others​

[machine-controller-manager]

πŸ› Bug Fixes​

Update gardener-controlplane to 1.74.1

[gardener]

πŸ› Bug Fixes​

Update gardener-controlplane to 1.74.1

[gardener]

πŸ› Bug Fixes​

Update gardenlet to 1.74.1

[gardener]

πŸ› Bug Fixes​

Update provider-alicloud to 1.47.1

no release notes available

Update provider-aws to 1.45.0

[gardener/gardener-extension-provider-aws]

✨ New Features​

  • [DEVELOPER] This extension now uses the simplified NetworkPolicy approach for allowing traffic to its webhook server from kube-apiservers of shoot clusters. by @rfranzke [#772]
  • [USER] The provider-aws extension does now support shoot clusters with Kubernetes version 1.27. You should consider the Kubernetes release notes before upgrading to 1.27. by @ary1992 [#759]

⚠️ Breaking Changes​

  • [OPERATOR] With https://github.com/gardener/gardener-extension-provider-aws/pull/337 provider-aws migrated the volumesnapshot CRDs to a new dedicated ManagedResources. provider-aws does now remove the ignored CRDs. by @ialidzhikov [#752]
  • Before updating to this version of provider-aws, make sure that the migration of the volumesnapshot CRDs from the extension-controlplane-shoot to the extension-controlplane-shoot-crds ManagedResource completed. If the migration did not complete yet, GRM will interpret the removal of the CRDs as deletion and will delete the CRDs.

πŸƒ Others​

  • [OPERATOR] Old and obsolete logging configurations are removed. by @vlvasilev [#765]
  • [DEPENDENCY] The following dependencies were updated: by @dimityrmirchev [#768]
    • registry.k8s.io/sig-storage/csi-provisioner v3.4.0 -> v3.4.1
  • [DEVELOPER] All code related to the removed APIServerSNI feature gate of gardenlet has been removed from this extension. by @rfranzke [#773]

πŸ› Bug Fixes​

  • [OPERATOR] Fix the name of the aws-csi-volume-modifier container the in the respective VPA resource. by @bd3lage [#763]
  • [OPERATOR] Handle S3 bucket policy IAM ARN for China and GovCloud (US) regions. by @shreyas-s-rao [#766]

[gardener/machine-controller-manager]

πŸ› Bug Fixes​

  • [OPERATOR] Included UnavailableReplicas in determining if a machine deployment status update is needed by @ialidzhikov [gardener/machine-controller-manager#834]
Update provider-gcp to 1.31.0

[gardener/machine-controller-manager]

πŸ› Bug Fixes​

  • [OPERATOR] Included UnavailableReplicas in determining if a machine deployment status update is needed by @ialidzhikov [gardener/machine-controller-manager#834]

[gardener/gardener-extension-provider-gcp]

✨ New Features​

  • [USER] The GCP extension does now support shoot clusters with Kubernetes version 1.27. You should consider the Kubernetes release notes before upgrading to 1.27. by @ary1992 [#615]

πŸƒ Others​

  • [DEPENDENCY] The following dependencies were updated: by @dimityrmirchev [#618]
    • registry.k8s.io/sig-storage/csi-provisioner v3.4.0 -> v3.4.1
  • [DEPENDENCY] The following dependency is updated: by @ary1992 [#604]
  • github.com/gardener/gardener: v1.70.2 -> v1.73.0
  • [OPERATOR] Old and obsolete logging configurations are removed. by @vlvasilev [#616]
  • [OPERATOR] This extension is now build with golang 1.20.5. by @vpnachev [#622]
  • [DEVELOPER] All code related to the removed APIServerSNI feature gate of gardenlet has been removed from this extension. by @rfranzke [#623]

⚠️ Breaking Changes​

  • [OPERATOR] With https://github.com/gardener/gardener-extension-provider-gcp/pull/283 provider-gcp migrated the volumesnapshot CRDs to a new dedicated ManagedResources. provider-gcp does now remove the ignored CRDs. by @ialidzhikov [#606]
  • Before updating to this version of provider-gcp, make sure that the migration of the volumesnapshot CRDs from the extension-controlplane-shoot to the extension-controlplane-shoot-crds ManagedResource completed. If the migration did not complete yet, GRM will interpret the removal of the CRDs as deletion and will delete the CRDs.
Update provider-azure to 1.37.0

[gardener/gardener-extension-provider-azure]

✨ New Features​

  • [USER] The Azure extension does now support shoot clusters with Kubernetes version 1.27. You should consider the Kubernetes release notes before upgrading to 1.27. by @ary1992 [#699]

πŸƒ Others​

  • [OPERATOR] Fix an issue with the bastion integration testing panicking on cleanup due to the security group having being deleted. by @kon-angelo [#709]
  • [OPERATOR] Old and obsolete logging configurations are removed. by @vlvasilev [#700]
  • [OPERATOR] Add calico scheme to azure-validator. by @kon-angelo [#696]
  • [OPERATOR] The following images are updated:
    • mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager: v1.24.20 -> v1.24.21 (for Kubernetes 1.24)
    • mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager: v1.25.14 -> v1.25.15 (for Kubernetes 1.25)
    • mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager: v1.23.25 -> v1.23.30 (for Kubernetes 1.23)
    • mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager: v1.24.14 -> v1.24.21 (for Kubernetes 1.24)
    • mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager: v1.25.6 -> v1.25.15 (for Kubernetes 1.25)
    • mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager: v1.26.2 -> v1.26.11 (for Kubernetes 1.26) by @ary1992 [#699]
  • [OPERATOR] Update azure-validator to use the lenient decoder for Calico resources. by @kon-angelo [#698]
  • [DEPENDENCY] The following dependency is updated:
    • github.com/gardener/gardener: v1.70.2 -> v1.71.2 by @ary1992 [#693]
  • [DEPENDENCY] The following dependencies were updated:
    • registry.k8s.io/sig-storage/csi-provisioner v3.4.0 -> v3.4.1 by @dimityrmirchev [#702]
  • [DEVELOPER] All code related to the removed APIServerSNI feature gate of gardenlet has been removed from this extension. by @rfranzke [#704]

[gardener/machine-controller-manager]

πŸ› Bug Fixes​

  • [OPERATOR] Included UnavailableReplicas in determining if a machine deployment status update is needed by @ialidzhikov [gardener/machine-controller-manager#834]
Update networking-calico to 1.35.0

[gardener/gardener-extension-networking-calico]

⚠️ Breaking Changes​

  • [OPERATOR] networking-calico no longer supports Shoots with Кubernetes version < 1.22. by @shafeeqes [#278]

πŸƒ Others​

  • [OPERATOR] Updated calico to v3.26.1 by @ScheererJ [#273]
  • [OPERATOR] The obsolete logging configuration is cleaned up. by @vlvasilev [#276]
  • [OPERATOR] networking-calico does no longer use Gardener GCR copies for the calico images. Instead, the upstream quay.io container images are used (quay.io/calico/node, quay.io/calico/cni, quay.io/calico/typha, quay.io/calico/kube-controllers). by @ialidzhikov [#275]
Update networking-cilium to 1.26.0

[gardener/gardener-extension-networking-cilium]

⚠️ Breaking Changes​

  • [OPERATOR] networking-cilium no longer supports Shoots with Кubernetes version < 1.22. by @shafeeqes [#194]

✨ New Features​

  • [DEVELOPER] This extension now uses the simplified NetworkPolicy approach for allowing traffic to its webhook server from kube-apiservers of shoot clusters. by @rfranzke [#193]

πŸƒ Others​

  • [OPERATOR] bpf-policy-map-max value is increased to 65536. by @DockToFuture [#197]
  • [OPERATOR] Update to cilium v1.13.4. by @DockToFuture [#196]
Update provider-hcloud to 0.6.18

[gardener-extension-provider-hcloud] v0.6.18