Release Notes v1.74
23KE release notes and upgrade guideβ
Before upgradeβ
-
If
Kustomization
resources in your config repo containspec.validation
fields, remove them as they're no longer supported. -
The addons chart was moved to the top-level directory and is managed by its own
Kustomization
now. Moreover, the gardener dashboard is now part of the addons chart allowing to switch it off when not needed. Therefore, you shouldflux suspend ks pre-gardener
kubectl label -n flux-system hr dashboard-runtime kustomize.toolkit.fluxcd.io/name-
kubectl label -n flux-system hr dashboard-runtime kustomize.toolkit.fluxcd.io/namespace-
kubectl label -n flux-system hr dashboard-runtime app.kubernetes.io/managed-by=Helm
kubectl annotate -n flux-system hr dashboard-runtime meta.helm.sh/release-name=addons
kubectl annotate -n flux-system hr dashboard-runtime meta.helm.sh/release-namespace=flux-system
kubectl label -n flux-system hr dashboard-application kustomize.toolkit.fluxcd.io/name-
kubectl label -n flux-system hr dashboard-application kustomize.toolkit.fluxcd.io/namespace-
kubectl label -n flux-system hr dashboard-application app.kubernetes.io/managed-by=Helm
kubectl annotate -n flux-system hr dashboard-application meta.helm.sh/release-name=addons
kubectl annotate -n flux-system hr dashboard-application meta.helm.sh/release-namespace=flux-system
After upgradeβ
- Resume the pre-gardener
Kustomization
againflux resume ks pre-gardener
Related upstream release notes / changelogsβ
Update provider-alicloud to 1.46.1
[machine-controller-manager]
π Bug Fixesβ
- [USER] An edge case where outdated DesiredReplicas annotation blocked a rolling update is fixed. (gardener/machine-controller-manager#822, @rishabh-11)
- [OPERATOR] An issue causing nil pointer panic on scaleup of the machinedeployment along with trigger of rolling update, is fixed (gardener/machine-controller-manager#817, @himanshu-kun)
- [OPERATOR] Included
UnavailableReplicas
in determining if a machine deployment status update is needed (gardener/machine-controller-manager#834, @ialidzhikov)
Update provider-azure to 1.36.2
[machine-controller-manager]
π Bug Fixesβ
- [OPERATOR] Included
UnavailableReplicas
in determining if a machine deployment status update is needed (gardener/machine-controller-manager#834, @ialidzhikov)
Update provider-gcp to 1.30.2
[gardener-extension-provider-gcp]
π Othersβ
- [OPERATOR] This extension is now build with golang 1.20.5. (gardener/gardener-extension-provider-gcp#626, @vpnachev)
[machine-controller-manager]
π Bug Fixesβ
- [OPERATOR] Included
UnavailableReplicas
in determining if a machine deployment status update is needed (gardener/machine-controller-manager#834, @ialidzhikov)
Update provider-openstack to 1.35.1
[machine-controller-manager]
π Bug Fixesβ
- [OPERATOR] Included
UnavailableReplicas
in determining if a machine deployment status update is needed (gardener/machine-controller-manager#834, @ialidzhikov)
Update gardener-controlplane to 1.73.1
[gardener]
π Bug Fixesβ
- [OPERATOR] An issue causing deletion of a legacy (wrongly configured) Shoot cluster to be denied because of network ranges overlapping with the default VPN network is now fixed. (gardener/gardener#8137, @oliver-goetz)
- [OPERATOR] Missing permissions were added for the Gardenlet service account for
Machine
objects. This fix is relevant if feature gateMachineControllerManagerDeployment
is enabled in your landscape. (gardener/gardener#8123, @gardener-ci-robot)
π Othersβ
- [OPERATOR] Plutono is now updated to v7.5.22 (gardener/gardener#8100, @gardener-ci-robot)
- [OPERATOR] Fixed flaky operator behaviour with regards to istio deployment caused by concurrent update of garden object (gardener/gardener#8105, @gardener-ci-robot)
- [OPERATOR] The
Deploying Shoot namespace in Seed
step was slightly improved. Earlier it failed at some occasions when it tried to read zone information for volumes that have not been created yet. This was a transient error that dissolved in subsequent reconcile runs. (gardener/gardener#8118, @gardener-ci-robot) - [OPERATOR] The reconciliation time limit for the controller resource reconciliation, e.g. for
ManagedResource
, has been increased from1m
to3m
. (gardener/gardener#8090, @gardener-ci-robot)
Update gardener-controlplane to 1.73.1
[gardener]
π Bug Fixesβ
- [OPERATOR] An issue causing deletion of a legacy (wrongly configured) Shoot cluster to be denied because of network ranges overlapping with the default VPN network is now fixed. (gardener/gardener#8137, @oliver-goetz)
- [OPERATOR] Missing permissions were added for the Gardenlet service account for
Machine
objects. This fix is relevant if feature gateMachineControllerManagerDeployment
is enabled in your landscape. (gardener/gardener#8123, @gardener-ci-robot)
π Othersβ
- [OPERATOR] Plutono is now updated to v7.5.22 (gardener/gardener#8100, @gardener-ci-robot)
- [OPERATOR] Fixed flaky operator behaviour with regards to istio deployment caused by concurrent update of garden object (gardener/gardener#8105, @gardener-ci-robot)
- [OPERATOR] The
Deploying Shoot namespace in Seed
step was slightly improved. Earlier it failed at some occasions when it tried to read zone information for volumes that have not been created yet. This was a transient error that dissolved in subsequent reconcile runs. (gardener/gardener#8118, @gardener-ci-robot) - [OPERATOR] The reconciliation time limit for the controller resource reconciliation, e.g. for
ManagedResource
, has been increased from1m
to3m
. (gardener/gardener#8090, @gardener-ci-robot)
Update gardenlet to 1.73.1
[gardener]
π Bug Fixesβ
- [OPERATOR] An issue causing deletion of a legacy (wrongly configured) Shoot cluster to be denied because of network ranges overlapping with the default VPN network is now fixed. (gardener/gardener#8137, @oliver-goetz)
- [OPERATOR] Missing permissions were added for the Gardenlet service account for
Machine
objects. This fix is relevant if feature gateMachineControllerManagerDeployment
is enabled in your landscape. (gardener/gardener#8123, @gardener-ci-robot)
π Othersβ
- [OPERATOR] Plutono is now updated to v7.5.22 (gardener/gardener#8100, @gardener-ci-robot)
- [OPERATOR] Fixed flaky operator behaviour with regards to istio deployment caused by concurrent update of garden object (gardener/gardener#8105, @gardener-ci-robot)
- [OPERATOR] The
Deploying Shoot namespace in Seed
step was slightly improved. Earlier it failed at some occasions when it tried to read zone information for volumes that have not been created yet. This was a transient error that dissolved in subsequent reconcile runs. (gardener/gardener#8118, @gardener-ci-robot) - [OPERATOR] The reconciliation time limit for the controller resource reconciliation, e.g. for
ManagedResource
, has been increased from1m
to3m
. (gardener/gardener#8090, @gardener-ci-robot)
Update provider-aws to 1.44.3
[gardener-extension-provider-aws]
π Othersβ
- [OPERATOR] The following dependency is updated to adopt a fix for https://github.com/gardener/gardener/issues/8058: (gardener/gardener-extension-provider-aws#777, @ialidzhikov)
- github.com/gardener/gardener: v1.71.0 -> v1.71.5
[machine-controller-manager]
π Bug Fixesβ
- [OPERATOR] Included
UnavailableReplicas
in determining if a machine deployment status update is needed (gardener/machine-controller-manager#834, @ialidzhikov)
Update external-dns-management to 0.15.6
[external-dns-management]
π Bug Fixesβ
- [OPERATOR] Update controller-manager-library dependency to fix panic on api-resources discovery. (gardener/external-dns-management#310, @MartinWeindel)
Update provider-alicloud to 1.47.0
[gardener-extension-provider-alicloud]
β οΈ Breaking Changesβ
- [OPERATOR] With https://github.com/gardener/gardener-extension-provider-alicloud/pull/310 provider-alicloud migrated the volumesnapshot CRDs to a new dedicated ManagedResources. provider-alicloud does now remove the ignored CRDs. (gardener/gardener-extension-provider-alicloud#606, @ialidzhikov)
- Before updating to this version of provider-alicloud, make sure that the migration of the volumesnapshot CRDs from the
extension-controlplane-shoot
to theextension-controlplane-shoot-crds
ManagedResource completed. If the migration did not complete yet, GRM will interpret the removal of the CRDs as deletion and will delete the CRDs.
- Before updating to this version of provider-alicloud, make sure that the migration of the volumesnapshot CRDs from the
- [OPERATOR] The
.kubeAPIServer
field in the component config has been removed since it's no longer needed anywhere. (gardener/gardener-extension-provider-alicloud#619, @rfranzke)
β¨ New Featuresβ
- [USER] The provider-alicloud extension does now support shoot clusters with Kubernetes version 1.27. You should consider the Kubernetes release notes before upgrading to 1.27. (gardener/gardener-extension-provider-alicloud#609, @ary1992)
- [DEVELOPER] This extension is now compatible with the
MachineControllerManagerDeployment
feature gate ofgardenlet
. (gardener/gardener-extension-provider-alicloud#617, @rfranzke) - [DEVELOPER] This extension now uses the simplified
NetworkPolicy
approach for allowing traffic to its webhook server fromkube-apiserver
s of shoot clusters. (gardener/gardener-extension-provider-alicloud#618, @rfranzke)
π Othersβ
- [OPERATOR] Old and obsolete logging configurations are removed. (gardener/gardener-extension-provider-alicloud#610, @vlvasilev)
- [OPERATOR] The following images are updated: (gardener/gardener-extension-provider-alicloud#616, @ialidzhikov)
- k8s.gcr.io/sig-storage/csi-provisioner:v3.3.0 -> registry.k8s.io/sig-storage/csi-provisioner:v3.3.0
- k8s.gcr.io/sig-storage/csi-snapshotter:v6.1.0 -> registry.k8s.io/sig-storage/csi-snapshotter:v6.1.0
- k8s.gcr.io/sig-storage/snapshot-validation-webhook:v6.1.0 -> registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.1.0
- k8s.gcr.io/sig-storage/snapshot-controller:v6.1.0 -> registry.k8s.io/sig-storage/snapshot-controller:v6.1.0
- [DEVELOPER] All code related to the removed
APIServerSNI
feature gate ofgardenlet
has been removed from this extension. (gardener/gardener-extension-provider-alicloud#619, @rfranzke) - [DEPENDENCY] The following dependency is updated: (gardener/gardener-extension-provider-alicloud#604, @ary1992)
- github.com/gardener/gardener: v1.70.2 -> v1.71.2
- [DEPENDENCY] The following dependencies were updated: (gardener/gardener-extension-provider-alicloud#612, @dimityrmirchev)
- registry.k8s.io/sig-storage/csi-provisioner v3.2.1 -> v3.2.2
[machine-controller-manager]
π Bug Fixesβ
- [USER] An edge case where all the machineSets were scaled down to zero has been dealt with. (gardener/machine-controller-manager#804, @himanshu-kun)
- [USER] An edge case where outdated DesiredReplicas annotation blocked a rolling update is fixed. (gardener/machine-controller-manager#822, @rishabh-11)
- [OPERATOR] An issue causing nil pointer panic on scaleup of the machinedeployment along with trigger of rolling update, is fixed (gardener/machine-controller-manager#817, @himanshu-kun)
- [OPERATOR] Included
UnavailableReplicas
in determining if a machine deployment status update is needed (gardener/machine-controller-manager#834, @ialidzhikov)
[machine-controller-manager-provider-alicloud]
β οΈ Breaking Changesβ
- [OPERATOR] Support for migration of machineClass is dropped by the mcm-provider (gardener/machine-controller-manager-provider-alicloud#51, @himanshu-kun)
π Othersβ
- [USER] Updated golang version to 1.20.4 (gardener/machine-controller-manager-provider-alicloud#54, @rishabh-11)
- [DEPENDENCY] upgraded dependency: (gardener/machine-controller-manager-provider-alicloud#51, @himanshu-kun)
- github.com/gardener/machine-controller-manager -> v0.49.1
[terraformer]
π Othersβ
- [OPERATOR] Terrafomer base image has been updated from
alpine:3.17.2
toalpine:3.18.0
(gardener/terraformer#137, @MartinWeindel) - [OPERATOR] Builder base image has been updated from
golang:1.19.6
togolang:1.20.4
(gardener/terraformer#137, @MartinWeindel) - [OPERATOR] Gardener dependency has been updated from
v1.59.1
tov1.71.2
(gardener/terraformer#137, @MartinWeindel)
Docker Imagesβ
gardener-extension-provider-alicloud: eu.gcr.io/gardener-project/gardener/extensions/provider-alicloud:v1.47.0
gardener-extension-admission-alicloud: eu.gcr.io/gardener-project/gardener/extensions/admission-alicloud:v1.47.0
Update gardener-controlplane to 1.74.0
[gardener]
β οΈ Breaking Changesβ
- [USER] Annotation
alpha.featuregates.shoot.gardener.cloud/node-local-dns
is deprecated and will be removed in future releases. Use field.spec.systemComponents.nodeLocalDNS.enabled
inShoot
instead. Switching on node-local-dns via shoot specification will roll the nodes even if node-local-dns was enabled beforehand via annotation. (gardener/gardener#8067, @acumino) - [USER] Annotation
alpha.featuregates.shoot.gardener.cloud/node-local-dns-force-tcp-to-{cluster-dns, upstream-dns}
is deprecated and will be removed in future releases. Use field.spec.systemComponents.{nodeLocalDNSforceTCPToClusterDNS, nodeLocalDNSforceTCPToUpstreamDNS}
inShoot
instead. (gardener/gardener#8067, @acumino) - [OPERATOR] The Seed's
.spec.settings.ownerChecks
field is now no-op - thegardener-apiserver
no longer defaults this field and no longer validates it. The field will be set always tonil
on CREATE/UPDATE request. (gardener/gardener#7951, @dimitar-kostadinov)- Gardener landscape operators specifying this field should no longer specify it. The field will be removed in a future version of Gardener.
- [OPERATOR] The GA-ed feature gates
HAControlPlanes
andFullNetworkPoliciesInRuntimeCluster
have been removed. (gardener/gardener#8083, @rfranzke) - [OPERATOR] β οΈ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions < 1.22. Make sure to upgrade all existing clusters before upgrading to this Gardener version. (gardener/gardener#8087, @shafeeqes)
- [OPERATOR] The
shootstate-extensions
andshootstate-secret
controllers have been dropped. Thegardenlet
's component config file should be updated to no longer specify related configuration (.controllers.{shootSecret,shootStateSync}
). (gardener/gardener#8136, @rfranzke) - [OPERATOR]
gardener.cloud/operation
annotation was introduced toseeds
. This includes a verification of its value. Please check yourseeds
for this annotation and remove it if necessary prior to the update. (gardener/gardener#8152, @timebertt) - [OPERATOR] A new field
.spec.virtualCluster.dns.domains
was added to theGarden
API. This field allows to expose thekube-apiserver
of the virtual cluster via multiple domains. Earlier, the API only accepted one domain name via.spec.virtualCluster.dns.domain
. (gardener/gardener#8173, @gardener-ci-robot)- β οΈ With this change
.spec.virtualCluster.dns.domain
is deprecated and will be removed in the next release. Please update yourGarden
resource to the new.spec.virtualCluster.dns.domains
field by removing the existing domain configuration fromdns.domain
and add it as the first entry ofdns.domains
.
- β οΈ With this change
- [DEVELOPER] The deprecated local development setups have been removed. From now on, only the
kind
-based setups are supported. Please refer to this guide for all information. (gardener/gardener#8075, @oliver-goetz) - [DEVELOPER] The deprecated
allow-to-seed-apiserver
NetworkPolicy
is no longer available in garden or seed clusters. Useallow-to-runtime-apiserver
instead. (gardener/gardener#8083, @rfranzke)
β¨ New Featuresβ
- [USER] The
VerticalPodAutoscaler
resources forkube-proxy
s is no longer recreated when the Kubernetes patch version of theShoot
or the respective worker pools is updated. This ensures updatedkube-proxy
s keep the same CPU/memory resource requirements as before the patch version update. In order to put this change into effect, all existingVerticalPodAutoscaler
s forkube-proxy
s are getting recreated. (gardener/gardener#8071, @rfranzke) - [USER] Shoot addon
nginx-ingress-controller
image is updated tov1.8.0
for Kubernetesv1.24+
clusters, tov1.6.4
for Kubernetesv1.23
clusters, and tov1.4.0
for Kubernetesv1.22
clusters. (gardener/gardener#8096, @shafeeqes) - [OPERATOR] Gardener uses an
InternalSecret
per Shoot for syncing the client CA to the project namespace in the garden cluster (named<shoot-name>.ca-client
). Theshoots/adminkubeconfig
subresource signs short-lived client certificates by retrieving the CA from theInternalSecret
. (gardener/gardener#8088, @timebertt) - [OPERATOR] A new controller in
gardenlet
for periodically backing up theShootState
forShoot
s has been introduced. This controller is only activated whengardenlet
is responsible for an unmanagedSeed
(i.e., one not backed by aManagedSeed
object). By default, backups are taken roughly each6h
. (gardener/gardener#8112, @rfranzke) - [OPERATOR] If
gardenlet
is responsible for a managedSeed
, it will delete allShootState
resources for itsShoot
s that are not currently in migration. See also GEP-22 for further details about the motivation. (gardener/gardener#8144, @rfranzke)
π Bug Fixesβ
- [USER] A regression was fixed that prevented deletions for shoot clusters which were created with a wrong configuration (e.g. with an unavailable domain name). (gardener/gardener#8122, @timuthy)
- [OPERATOR] Missing permissions were added for the Gardenlet service account for
Machine
objects. This fix is relevant if feature gateMachineControllerManagerDeployment
is enabled in your landscape. (gardener/gardener#8121, @timuthy) - [OPERATOR] An issue causing deletion of a legacy (wrongly configured) Shoot cluster to be denied because of network ranges overlapping with the default VPN network is now fixed. (gardener/gardener#8129, @ialidzhikov)
- [OPERATOR]
gardener-resource-manager
'ssystem-components-config
webhook no longer adds the toleration for theToBeDeletedByClusterAutoscaler
taint to system components in shoot clusters. TheToBeDeletedByClusterAutoscaler
taint is maintained by thecluster-autoscaler
. This was breakingcluster-autoscaler
's drain mechanism when scaling down an under-utilized node. It was causing just evicted system components from to be deleted node to be scheduled again on the to be deleted node. (gardener/gardener#8172, @gardener-ci-robot) - [OPERATOR] A bug has been fixed for Istio-Ingress Gateways for seeds that use
ExposureClassHandler
s. Earlier, annotations inseed.spec.settings.loadBalancerServices
caused an override of the ones specified ingardenletConfiguration.exposureClassHandler[].loadBalancerService
for zonal Istios. Now, annotations ingardenletConfiguration.exposureClassHandler[].loadBalancerService
are given priority, like it was already the case of the global Istio. (gardener/gardener#8178, @gardener-ci-robot) - [DEVELOPER] On deletion, the generic
ControlPlane
actuator will now redeploy the cloud config chart to allow provider extensions update the content with the most up-to-date information. (gardener/gardener#8106, @kon-angelo)
π Othersβ
- [OPERATOR] Plutono is now updated to v7.5.22 (gardener/gardener#8081, @nickytd)
- [OPERATOR] The reconciliation time limit for the controller resource reconciliation, e.g. for
ManagedResource
, has been increased from1m
to3m
. (gardener/gardener#8085, @ScheererJ) - [OPERATOR] Fixed flaky operator behaviour with regards to istio deployment caused by concurrent update of garden object (gardener/gardener#8103, @ScheererJ)
- [OPERATOR] Vali is now updated to version v2.2.6 (gardener/gardener#8111, @nickytd)
- [OPERATOR] The
Deploying Shoot namespace in Seed
step was slightly improved. Earlier it failed at some occasions when it tried to read zone information for volumes that have not been created yet. This was a transient error that dissolved in subsequent reconcile runs. (gardener/gardener#8115, @timuthy) - [OPERATOR] All components in the gardener logging stack are now updated to the following respective versions. Fluent-bit to 2.1.4, Fluent-operator to 2.3.0 and logging to 0.55.3 (gardener/gardener#8133, @nickytd)
- [OPERATOR] Decouple progess update of gardener operator from task flow logic and thereby prevent concurrency bugs. (gardener/gardener#8145, @ScheererJ)
- [OPERATOR] Adapt vpa-updater QPS limits such that it doesn't get throttled on large clusters (gardener/gardener#8174, @gardener-ci-robot)
- [OPERATOR] The kind cluster used in local setup does now use the new way in containerd to configure registry mirrors. (gardener/gardener#8047, @ialidzhikov)
- [DEVELOPER]
extensions.gardener.cloud/v1alpha1.ControlPlane
is now deployed afterkube-apiserver
in the Shoot reconciliation flow. (gardener/gardener#8182, @gardener-ci-robot)
[etcd-druid]
π Othersβ
- [OPERATOR] Bumped up the custom image version to v3.4.13-bootstrap-11 (gardener/etcd-druid#624, @abdasgupta)
- [OPERATOR] Druid now exposes metrics related to snapshot compaction, on default port 8080. Please expose the desired metrics port via the etcd-druid service to allow metrics to be scraped by a Prometheus instance. (gardener/etcd-druid#625, @abdasgupta)
[logging]
π Othersβ
- [OPERATOR] The logging e2e event logger test is now adapted to vali logging stack. (gardener/logging#199, @nickytd)
- [OPERATOR] Now git revision and commit ids are properly propagated through build variables. These are showed in the fluent-bit plugin logs during start. (gardener/logging#200, @nickytd)
- [OPERATOR] Base image on
telegraf
andtune2fs
is upgraded from 3.17.2 to 3.18.0 (gardener/logging#201, @nickytd) - [OPERATOR] Gardener-based e2e test for the event-logger. (gardener/logging#191, @vlvasilev)
- [DEVELOPER] Introduces a skaffold local development pipeline to fluent-bit-vali-plugin (gardener/logging#202, @nickytd)
- [DEVELOPER] The project vendors the latest released gardener version - v1.73.0 (gardener/logging#204, @nickytd)
- [DEVELOPER] The
fluent-bit-vali-plugin
now supports fluent-bit v2.1.0 and above. (gardener/logging#205, @nickytd)
[machine-controller-manager]
π Bug Fixesβ
- [OPERATOR] Included
UnavailableReplicas
in determining if a machine deployment status update is needed (gardener/machine-controller-manager#834, @ialidzhikov)
Update gardener-controlplane to 1.74.0
[gardener]
β οΈ Breaking Changesβ
- [USER] Annotation
alpha.featuregates.shoot.gardener.cloud/node-local-dns
is deprecated and will be removed in future releases. Use field.spec.systemComponents.nodeLocalDNS.enabled
inShoot
instead. Switching on node-local-dns via shoot specification will roll the nodes even if node-local-dns was enabled beforehand via annotation. (gardener/gardener#8067, @acumino) - [USER] Annotation
alpha.featuregates.shoot.gardener.cloud/node-local-dns-force-tcp-to-{cluster-dns, upstream-dns}
is deprecated and will be removed in future releases. Use field.spec.systemComponents.{nodeLocalDNSforceTCPToClusterDNS, nodeLocalDNSforceTCPToUpstreamDNS}
inShoot
instead. (gardener/gardener#8067, @acumino) - [OPERATOR] The Seed's
.spec.settings.ownerChecks
field is now no-op - thegardener-apiserver
no longer defaults this field and no longer validates it. The field will be set always tonil
on CREATE/UPDATE request. (gardener/gardener#7951, @dimitar-kostadinov)- Gardener landscape operators specifying this field should no longer specify it. The field will be removed in a future version of Gardener.
- [OPERATOR] The GA-ed feature gates
HAControlPlanes
andFullNetworkPoliciesInRuntimeCluster
have been removed. (gardener/gardener#8083, @rfranzke) - [OPERATOR] β οΈ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions < 1.22. Make sure to upgrade all existing clusters before upgrading to this Gardener version. (gardener/gardener#8087, @shafeeqes)
- [OPERATOR] The
shootstate-extensions
andshootstate-secret
controllers have been dropped. Thegardenlet
's component config file should be updated to no longer specify related configuration (.controllers.{shootSecret,shootStateSync}
). (gardener/gardener#8136, @rfranzke) - [OPERATOR]
gardener.cloud/operation
annotation was introduced toseeds
. This includes a verification of its value. Please check yourseeds
for this annotation and remove it if necessary prior to the update. (gardener/gardener#8152, @timebertt) - [OPERATOR] A new field
.spec.virtualCluster.dns.domains
was added to theGarden
API. This field allows to expose thekube-apiserver
of the virtual cluster via multiple domains. Earlier, the API only accepted one domain name via.spec.virtualCluster.dns.domain
. (gardener/gardener#8173, @gardener-ci-robot)- β οΈ With this change
.spec.virtualCluster.dns.domain
is deprecated and will be removed in the next release. Please update yourGarden
resource to the new.spec.virtualCluster.dns.domains
field by removing the existing domain configuration fromdns.domain
and add it as the first entry ofdns.domains
.
- β οΈ With this change
- [DEVELOPER] The deprecated local development setups have been removed. From now on, only the
kind
-based setups are supported. Please refer to this guide for all information. (gardener/gardener#8075, @oliver-goetz) - [DEVELOPER] The deprecated
allow-to-seed-apiserver
NetworkPolicy
is no longer available in garden or seed clusters. Useallow-to-runtime-apiserver
instead. (gardener/gardener#8083, @rfranzke)
β¨ New Featuresβ
- [USER] The
VerticalPodAutoscaler
resources forkube-proxy
s is no longer recreated when the Kubernetes patch version of theShoot
or the respective worker pools is updated. This ensures updatedkube-proxy
s keep the same CPU/memory resource requirements as before the patch version update. In order to put this change into effect, all existingVerticalPodAutoscaler
s forkube-proxy
s are getting recreated. (gardener/gardener#8071, @rfranzke) - [USER] Shoot addon
nginx-ingress-controller
image is updated tov1.8.0
for Kubernetesv1.24+
clusters, tov1.6.4
for Kubernetesv1.23
clusters, and tov1.4.0
for Kubernetesv1.22
clusters. (gardener/gardener#8096, @shafeeqes) - [OPERATOR] Gardener uses an
InternalSecret
per Shoot for syncing the client CA to the project namespace in the garden cluster (named<shoot-name>.ca-client
). Theshoots/adminkubeconfig
subresource signs short-lived client certificates by retrieving the CA from theInternalSecret
. (gardener/gardener#8088, @timebertt) - [OPERATOR] A new controller in
gardenlet
for periodically backing up theShootState
forShoot
s has been introduced. This controller is only activated whengardenlet
is responsible for an unmanagedSeed
(i.e., one not backed by aManagedSeed
object). By default, backups are taken roughly each6h
. (gardener/gardener#8112, @rfranzke) - [OPERATOR] If
gardenlet
is responsible for a managedSeed
, it will delete allShootState
resources for itsShoot
s that are not currently in migration. See also GEP-22 for further details about the motivation. (gardener/gardener#8144, @rfranzke)
π Bug Fixesβ
- [USER] A regression was fixed that prevented deletions for shoot clusters which were created with a wrong configuration (e.g. with an unavailable domain name). (gardener/gardener#8122, @timuthy)
- [OPERATOR] Missing permissions were added for the Gardenlet service account for
Machine
objects. This fix is relevant if feature gateMachineControllerManagerDeployment
is enabled in your landscape. (gardener/gardener#8121, @timuthy) - [OPERATOR] An issue causing deletion of a legacy (wrongly configured) Shoot cluster to be denied because of network ranges overlapping with the default VPN network is now fixed. (gardener/gardener#8129, @ialidzhikov)
- [OPERATOR]
gardener-resource-manager
'ssystem-components-config
webhook no longer adds the toleration for theToBeDeletedByClusterAutoscaler
taint to system components in shoot clusters. TheToBeDeletedByClusterAutoscaler
taint is maintained by thecluster-autoscaler
. This was breakingcluster-autoscaler
's drain mechanism when scaling down an under-utilized node. It was causing just evicted system components from to be deleted node to be scheduled again on the to be deleted node. (gardener/gardener#8172, @gardener-ci-robot) - [OPERATOR] A bug has been fixed for Istio-Ingress Gateways for seeds that use
ExposureClassHandler
s. Earlier, annotations inseed.spec.settings.loadBalancerServices
caused an override of the ones specified ingardenletConfiguration.exposureClassHandler[].loadBalancerService
for zonal Istios. Now, annotations ingardenletConfiguration.exposureClassHandler[].loadBalancerService
are given priority, like it was already the case of the global Istio. (gardener/gardener#8178, @gardener-ci-robot) - [DEVELOPER] On deletion, the generic
ControlPlane
actuator will now redeploy the cloud config chart to allow provider extensions update the content with the most up-to-date information. (gardener/gardener#8106, @kon-angelo)
π Othersβ
- [OPERATOR] Plutono is now updated to v7.5.22 (gardener/gardener#8081, @nickytd)
- [OPERATOR] The reconciliation time limit for the controller resource reconciliation, e.g. for
ManagedResource
, has been increased from1m
to3m
. (gardener/gardener#8085, @ScheererJ) - [OPERATOR] Fixed flaky operator behaviour with regards to istio deployment caused by concurrent update of garden object (gardener/gardener#8103, @ScheererJ)
- [OPERATOR] Vali is now updated to version v2.2.6 (gardener/gardener#8111, @nickytd)
- [OPERATOR] The
Deploying Shoot namespace in Seed
step was slightly improved. Earlier it failed at some occasions when it tried to read zone information for volumes that have not been created yet. This was a transient error that dissolved in subsequent reconcile runs. (gardener/gardener#8115, @timuthy) - [OPERATOR] All components in the gardener logging stack are now updated to the following respective versions. Fluent-bit to 2.1.4, Fluent-operator to 2.3.0 and logging to 0.55.3 (gardener/gardener#8133, @nickytd)
- [OPERATOR] Decouple progess update of gardener operator from task flow logic and thereby prevent concurrency bugs. (gardener/gardener#8145, @ScheererJ)
- [OPERATOR] Adapt vpa-updater QPS limits such that it doesn't get throttled on large clusters (gardener/gardener#8174, @gardener-ci-robot)
- [OPERATOR] The kind cluster used in local setup does now use the new way in containerd to configure registry mirrors. (gardener/gardener#8047, @ialidzhikov)
- [DEVELOPER]
extensions.gardener.cloud/v1alpha1.ControlPlane
is now deployed afterkube-apiserver
in the Shoot reconciliation flow. (gardener/gardener#8182, @gardener-ci-robot)
[etcd-druid]
π Othersβ
- [OPERATOR] Bumped up the custom image version to v3.4.13-bootstrap-11 (gardener/etcd-druid#624, @abdasgupta)
- [OPERATOR] Druid now exposes metrics related to snapshot compaction, on default port 8080. Please expose the desired metrics port via the etcd-druid service to allow metrics to be scraped by a Prometheus instance. (gardener/etcd-druid#625, @abdasgupta)
[logging]
π Othersβ
- [OPERATOR] The logging e2e event logger test is now adapted to vali logging stack. (gardener/logging#199, @nickytd)
- [OPERATOR] Now git revision and commit ids are properly propagated through build variables. These are showed in the fluent-bit plugin logs during start. (gardener/logging#200, @nickytd)
- [OPERATOR] Base image on
telegraf
andtune2fs
is upgraded from 3.17.2 to 3.18.0 (gardener/logging#201, @nickytd) - [OPERATOR] Gardener-based e2e test for the event-logger. (gardener/logging#191, @vlvasilev)
- [DEVELOPER] Introduces a skaffold local development pipeline to fluent-bit-vali-plugin (gardener/logging#202, @nickytd)
- [DEVELOPER] The project vendors the latest released gardener version - v1.73.0 (gardener/logging#204, @nickytd)
- [DEVELOPER] The
fluent-bit-vali-plugin
now supports fluent-bit v2.1.0 and above. (gardener/logging#205, @nickytd)
[machine-controller-manager]
π Bug Fixesβ
- [OPERATOR] Included
UnavailableReplicas
in determining if a machine deployment status update is needed (gardener/machine-controller-manager#834, @ialidzhikov)
Update gardenlet to 1.74.0
[gardener]
β οΈ Breaking Changesβ
- [USER] Annotation
alpha.featuregates.shoot.gardener.cloud/node-local-dns
is deprecated and will be removed in future releases. Use field.spec.systemComponents.nodeLocalDNS.enabled
inShoot
instead. Switching on node-local-dns via shoot specification will roll the nodes even if node-local-dns was enabled beforehand via annotation. (gardener/gardener#8067, @acumino) - [USER] Annotation
alpha.featuregates.shoot.gardener.cloud/node-local-dns-force-tcp-to-{cluster-dns, upstream-dns}
is deprecated and will be removed in future releases. Use field.spec.systemComponents.{nodeLocalDNSforceTCPToClusterDNS, nodeLocalDNSforceTCPToUpstreamDNS}
inShoot
instead. (gardener/gardener#8067, @acumino) - [OPERATOR] The Seed's
.spec.settings.ownerChecks
field is now no-op - thegardener-apiserver
no longer defaults this field and no longer validates it. The field will be set always tonil
on CREATE/UPDATE request. (gardener/gardener#7951, @dimitar-kostadinov)- Gardener landscape operators specifying this field should no longer specify it. The field will be removed in a future version of Gardener.
- [OPERATOR] The GA-ed feature gates
HAControlPlanes
andFullNetworkPoliciesInRuntimeCluster
have been removed. (gardener/gardener#8083, @rfranzke) - [OPERATOR] β οΈ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions < 1.22. Make sure to upgrade all existing clusters before upgrading to this Gardener version. (gardener/gardener#8087, @shafeeqes)
- [OPERATOR] The
shootstate-extensions
andshootstate-secret
controllers have been dropped. Thegardenlet
's component config file should be updated to no longer specify related configuration (.controllers.{shootSecret,shootStateSync}
). (gardener/gardener#8136, @rfranzke) - [OPERATOR]
gardener.cloud/operation
annotation was introduced toseeds
. This includes a verification of its value. Please check yourseeds
for this annotation and remove it if necessary prior to the update. (gardener/gardener#8152, @timebertt) - [OPERATOR] A new field
.spec.virtualCluster.dns.domains
was added to theGarden
API. This field allows to expose thekube-apiserver
of the virtual cluster via multiple domains. Earlier, the API only accepted one domain name via.spec.virtualCluster.dns.domain
. (gardener/gardener#8173, @gardener-ci-robot)- β οΈ With this change
.spec.virtualCluster.dns.domain
is deprecated and will be removed in the next release. Please update yourGarden
resource to the new.spec.virtualCluster.dns.domains
field by removing the existing domain configuration fromdns.domain
and add it as the first entry ofdns.domains
.
- β οΈ With this change
- [DEVELOPER] The deprecated local development setups have been removed. From now on, only the
kind
-based setups are supported. Please refer to this guide for all information. (gardener/gardener#8075, @oliver-goetz) - [DEVELOPER] The deprecated
allow-to-seed-apiserver
NetworkPolicy
is no longer available in garden or seed clusters. Useallow-to-runtime-apiserver
instead. (gardener/gardener#8083, @rfranzke)
β¨ New Featuresβ
- [USER] The
VerticalPodAutoscaler
resources forkube-proxy
s is no longer recreated when the Kubernetes patch version of theShoot
or the respective worker pools is updated. This ensures updatedkube-proxy
s keep the same CPU/memory resource requirements as before the patch version update. In order to put this change into effect, all existingVerticalPodAutoscaler
s forkube-proxy
s are getting recreated. (gardener/gardener#8071, @rfranzke) - [USER] Shoot addon
nginx-ingress-controller
image is updated tov1.8.0
for Kubernetesv1.24+
clusters, tov1.6.4
for Kubernetesv1.23
clusters, and tov1.4.0
for Kubernetesv1.22
clusters. (gardener/gardener#8096, @shafeeqes) - [OPERATOR] Gardener uses an
InternalSecret
per Shoot for syncing the client CA to the project namespace in the garden cluster (named<shoot-name>.ca-client
). Theshoots/adminkubeconfig
subresource signs short-lived client certificates by retrieving the CA from theInternalSecret
. (gardener/gardener#8088, @timebertt) - [OPERATOR] A new controller in
gardenlet
for periodically backing up theShootState
forShoot
s has been introduced. This controller is only activated whengardenlet
is responsible for an unmanagedSeed
(i.e., one not backed by aManagedSeed
object). By default, backups are taken roughly each6h
. (gardener/gardener#8112, @rfranzke) - [OPERATOR] If
gardenlet
is responsible for a managedSeed
, it will delete allShootState
resources for itsShoot
s that are not currently in migration. See also GEP-22 for further details about the motivation. (gardener/gardener#8144, @rfranzke)
π Bug Fixesβ
- [USER] A regression was fixed that prevented deletions for shoot clusters which were created with a wrong configuration (e.g. with an unavailable domain name). (gardener/gardener#8122, @timuthy)
- [OPERATOR] Missing permissions were added for the Gardenlet service account for
Machine
objects. This fix is relevant if feature gateMachineControllerManagerDeployment
is enabled in your landscape. (gardener/gardener#8121, @timuthy) - [OPERATOR] An issue causing deletion of a legacy (wrongly configured) Shoot cluster to be denied because of network ranges overlapping with the default VPN network is now fixed. (gardener/gardener#8129, @ialidzhikov)
- [OPERATOR]
gardener-resource-manager
'ssystem-components-config
webhook no longer adds the toleration for theToBeDeletedByClusterAutoscaler
taint to system components in shoot clusters. TheToBeDeletedByClusterAutoscaler
taint is maintained by thecluster-autoscaler
. This was breakingcluster-autoscaler
's drain mechanism when scaling down an under-utilized node. It was causing just evicted system components from to be deleted node to be scheduled again on the to be deleted node. (gardener/gardener#8172, @gardener-ci-robot) - [OPERATOR] A bug has been fixed for Istio-Ingress Gateways for seeds that use
ExposureClassHandler
s. Earlier, annotations inseed.spec.settings.loadBalancerServices
caused an override of the ones specified ingardenletConfiguration.exposureClassHandler[].loadBalancerService
for zonal Istios. Now, annotations ingardenletConfiguration.exposureClassHandler[].loadBalancerService
are given priority, like it was already the case of the global Istio. (gardener/gardener#8178, @gardener-ci-robot) - [DEVELOPER] On deletion, the generic
ControlPlane
actuator will now redeploy the cloud config chart to allow provider extensions update the content with the most up-to-date information. (gardener/gardener#8106, @kon-angelo)
π Othersβ
- [OPERATOR] Plutono is now updated to v7.5.22 (gardener/gardener#8081, @nickytd)
- [OPERATOR] The reconciliation time limit for the controller resource reconciliation, e.g. for
ManagedResource
, has been increased from1m
to3m
. (gardener/gardener#8085, @ScheererJ) - [OPERATOR] Fixed flaky operator behaviour with regards to istio deployment caused by concurrent update of garden object (gardener/gardener#8103, @ScheererJ)
- [OPERATOR] Vali is now updated to version v2.2.6 (gardener/gardener#8111, @nickytd)
- [OPERATOR] The
Deploying Shoot namespace in Seed
step was slightly improved. Earlier it failed at some occasions when it tried to read zone information for volumes that have not been created yet. This was a transient error that dissolved in subsequent reconcile runs. (gardener/gardener#8115, @timuthy) - [OPERATOR] All components in the gardener logging stack are now updated to the following respective versions. Fluent-bit to 2.1.4, Fluent-operator to 2.3.0 and logging to 0.55.3 (gardener/gardener#8133, @nickytd)
- [OPERATOR] Decouple progess update of gardener operator from task flow logic and thereby prevent concurrency bugs. (gardener/gardener#8145, @ScheererJ)
- [OPERATOR] Adapt vpa-updater QPS limits such that it doesn't get throttled on large clusters (gardener/gardener#8174, @gardener-ci-robot)
- [OPERATOR] The kind cluster used in local setup does now use the new way in containerd to configure registry mirrors. (gardener/gardener#8047, @ialidzhikov)
- [DEVELOPER]
extensions.gardener.cloud/v1alpha1.ControlPlane
is now deployed afterkube-apiserver
in the Shoot reconciliation flow. (gardener/gardener#8182, @gardener-ci-robot)
[etcd-druid]
π Othersβ
- [OPERATOR] Bumped up the custom image version to v3.4.13-bootstrap-11 (gardener/etcd-druid#624, @abdasgupta)
- [OPERATOR] Druid now exposes metrics related to snapshot compaction, on default port 8080. Please expose the desired metrics port via the etcd-druid service to allow metrics to be scraped by a Prometheus instance. (gardener/etcd-druid#625, @abdasgupta)
[logging]
π Othersβ
- [OPERATOR] The logging e2e event logger test is now adapted to vali logging stack. (gardener/logging#199, @nickytd)
- [OPERATOR] Now git revision and commit ids are properly propagated through build variables. These are showed in the fluent-bit plugin logs during start. (gardener/logging#200, @nickytd)
- [OPERATOR] Base image on
telegraf
andtune2fs
is upgraded from 3.17.2 to 3.18.0 (gardener/logging#201, @nickytd) - [OPERATOR] Gardener-based e2e test for the event-logger. (gardener/logging#191, @vlvasilev)
- [DEVELOPER] Introduces a skaffold local development pipeline to fluent-bit-vali-plugin (gardener/logging#202, @nickytd)
- [DEVELOPER] The project vendors the latest released gardener version - v1.73.0 (gardener/logging#204, @nickytd)
- [DEVELOPER] The
fluent-bit-vali-plugin
now supports fluent-bit v2.1.0 and above. (gardener/logging#205, @nickytd)
[machine-controller-manager]
π Bug Fixesβ
- [OPERATOR] Included
UnavailableReplicas
in determining if a machine deployment status update is needed (gardener/machine-controller-manager#834, @ialidzhikov)
Update gardener-controlplane to 1.74.1
[gardener]
π Bug Fixesβ
- [OPERATOR] Fix network annotations to allow fluent-bit connecting to shoot Valis. (gardener/gardener#8200, @gardener-ci-robot)
Update gardener-controlplane to 1.74.1
[gardener]
π Bug Fixesβ
- [OPERATOR] Fix network annotations to allow fluent-bit connecting to shoot Valis. (gardener/gardener#8200, @gardener-ci-robot)
Update gardenlet to 1.74.1
[gardener]
π Bug Fixesβ
- [OPERATOR] Fix network annotations to allow fluent-bit connecting to shoot Valis. (gardener/gardener#8200, @gardener-ci-robot)
Update provider-alicloud to 1.47.1
no release notes available
Update provider-aws to 1.45.0
[gardener/gardener-extension-provider-aws]
β¨ New Featuresβ
[DEVELOPER]
This extension now uses the simplifiedNetworkPolicy
approach for allowing traffic to its webhook server fromkube-apiserver
s of shoot clusters. by @rfranzke [#772][USER]
The provider-aws extension does now support shoot clusters with Kubernetes version 1.27. You should consider the Kubernetes release notes before upgrading to 1.27. by @ary1992 [#759]
β οΈ Breaking Changesβ
[OPERATOR]
With https://github.com/gardener/gardener-extension-provider-aws/pull/337 provider-aws migrated the volumesnapshot CRDs to a new dedicated ManagedResources. provider-aws does now remove the ignored CRDs. by @ialidzhikov [#752]- Before updating to this version of provider-aws, make sure that the migration of the volumesnapshot CRDs from the
extension-controlplane-shoot
to theextension-controlplane-shoot-crds
ManagedResource completed. If the migration did not complete yet, GRM will interpret the removal of the CRDs as deletion and will delete the CRDs.
π Othersβ
[OPERATOR]
Old and obsolete logging configurations are removed. by @vlvasilev [#765][DEPENDENCY]
The following dependencies were updated: by @dimityrmirchev [#768]- registry.k8s.io/sig-storage/csi-provisioner v3.4.0 -> v3.4.1
[DEVELOPER]
All code related to the removedAPIServerSNI
feature gate ofgardenlet
has been removed from this extension. by @rfranzke [#773]
π Bug Fixesβ
[OPERATOR]
Fix the name of the aws-csi-volume-modifier container the in the respective VPA resource. by @bd3lage [#763][OPERATOR]
Handle S3 bucket policy IAM ARN for China and GovCloud (US) regions. by @shreyas-s-rao [#766]
[gardener/machine-controller-manager]
π Bug Fixesβ
[OPERATOR]
IncludedUnavailableReplicas
in determining if a machine deployment status update is needed by @ialidzhikov [gardener/machine-controller-manager#834]
Update provider-gcp to 1.31.0
[gardener/machine-controller-manager]
π Bug Fixesβ
[OPERATOR]
IncludedUnavailableReplicas
in determining if a machine deployment status update is needed by @ialidzhikov [gardener/machine-controller-manager#834]
[gardener/gardener-extension-provider-gcp]
β¨ New Featuresβ
[USER]
The GCP extension does now support shoot clusters with Kubernetes version 1.27. You should consider the Kubernetes release notes before upgrading to 1.27. by @ary1992 [#615]
π Othersβ
[DEPENDENCY]
The following dependencies were updated: by @dimityrmirchev [#618]- registry.k8s.io/sig-storage/csi-provisioner v3.4.0 -> v3.4.1
[DEPENDENCY]
The following dependency is updated: by @ary1992 [#604]- github.com/gardener/gardener: v1.70.2 -> v1.73.0
[OPERATOR]
Old and obsolete logging configurations are removed. by @vlvasilev [#616][OPERATOR]
This extension is now build with golang 1.20.5. by @vpnachev [#622][DEVELOPER]
All code related to the removedAPIServerSNI
feature gate ofgardenlet
has been removed from this extension. by @rfranzke [#623]
β οΈ Breaking Changesβ
[OPERATOR]
With https://github.com/gardener/gardener-extension-provider-gcp/pull/283 provider-gcp migrated the volumesnapshot CRDs to a new dedicated ManagedResources. provider-gcp does now remove the ignored CRDs. by @ialidzhikov [#606]- Before updating to this version of provider-gcp, make sure that the migration of the volumesnapshot CRDs from the
extension-controlplane-shoot
to theextension-controlplane-shoot-crds
ManagedResource completed. If the migration did not complete yet, GRM will interpret the removal of the CRDs as deletion and will delete the CRDs.
Update provider-azure to 1.37.0
[gardener/gardener-extension-provider-azure]
β¨ New Featuresβ
[USER]
The Azure extension does now support shoot clusters with Kubernetes version 1.27. You should consider the Kubernetes release notes before upgrading to 1.27. by @ary1992 [#699]
π Othersβ
[OPERATOR]
Fix an issue with the bastion integration testing panicking on cleanup due to the security group having being deleted. by @kon-angelo [#709][OPERATOR]
Old and obsolete logging configurations are removed. by @vlvasilev [#700][OPERATOR]
Add calico scheme to azure-validator. by @kon-angelo [#696][OPERATOR]
The following images are updated:- mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager: v1.24.20 -> v1.24.21 (for Kubernetes 1.24)
- mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager: v1.25.14 -> v1.25.15 (for Kubernetes 1.25)
- mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager: v1.23.25 -> v1.23.30 (for Kubernetes 1.23)
- mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager: v1.24.14 -> v1.24.21 (for Kubernetes 1.24)
- mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager: v1.25.6 -> v1.25.15 (for Kubernetes 1.25)
- mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager: v1.26.2 -> v1.26.11 (for Kubernetes 1.26) by @ary1992 [#699]
[OPERATOR]
Update azure-validator to use the lenient decoder for Calico resources. by @kon-angelo [#698][DEPENDENCY]
The following dependency is updated:- github.com/gardener/gardener: v1.70.2 -> v1.71.2 by @ary1992 [#693]
[DEPENDENCY]
The following dependencies were updated:- registry.k8s.io/sig-storage/csi-provisioner v3.4.0 -> v3.4.1 by @dimityrmirchev [#702]
[DEVELOPER]
All code related to the removedAPIServerSNI
feature gate ofgardenlet
has been removed from this extension. by @rfranzke [#704]
[gardener/machine-controller-manager]
π Bug Fixesβ
[OPERATOR]
IncludedUnavailableReplicas
in determining if a machine deployment status update is needed by @ialidzhikov [gardener/machine-controller-manager#834]
Update networking-calico to 1.35.0
[gardener/gardener-extension-networking-calico]
β οΈ Breaking Changesβ
[OPERATOR]
networking-calico
no longer supports Shoots with Πubernetes version < 1.22. by @shafeeqes [#278]
π Othersβ
[OPERATOR]
Updated calico to v3.26.1 by @ScheererJ [#273][OPERATOR]
The obsolete logging configuration is cleaned up. by @vlvasilev [#276][OPERATOR]
networking-calico does no longer use Gardener GCR copies for the calico images. Instead, the upstream quay.io container images are used (quay.io/calico/node
,quay.io/calico/cni
,quay.io/calico/typha
,quay.io/calico/kube-controllers
). by @ialidzhikov [#275]
Update networking-cilium to 1.26.0
[gardener/gardener-extension-networking-cilium]
β οΈ Breaking Changesβ
[OPERATOR]
networking-cilium
no longer supports Shoots with Πubernetes version < 1.22. by @shafeeqes [#194]
β¨ New Featuresβ
[DEVELOPER]
This extension now uses the simplifiedNetworkPolicy
approach for allowing traffic to its webhook server fromkube-apiserver
s of shoot clusters. by @rfranzke [#193]
π Othersβ
[OPERATOR]
bpf-policy-map-max value is increased to 65536. by @DockToFuture [#197][OPERATOR]
Update to ciliumv1.13.4
. by @DockToFuture [#196]