Release Notes v1.83
23KE release notes and upgrade guide
Related upstream release notes / changelogs
Update networking-cilium to 1.30.0
[gardener/gardener-extension-networking-cilium]
✨ New Features
[USER]
networking-cilium
extension now supports Shoot Force Deletion. by @shafeeqes [#218]
🏃 Others
[OPERATOR]
Egress gateway validation is fixed in case kube-proxy is disabled. by @DockToFuture [#220][OPERATOR]
Update cilium tov1.14.3
. by @DockToFuture [#222][OPERATOR]
The following dependency is updated:- github.com/gardener/gardener: v1.76.0 -> v1.80.1
- k8s.io/* : v0.26.3 -> v0.28.2
- sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @shafeeqes [#213]
Docker Images
gardener-extension-admission-cilium: eu.gcr.io/gardener-project/gardener/extensions/admission-cilium:v1.30.0
gardener-extension-networking-cilium: eu.gcr.io/gardener-project/gardener/extensions/networking-cilium:v1.30.0
Update networking-cilium to 1.30.1
no release notes available
Docker Images
gardener-extension-admission-cilium: eu.gcr.io/gardener-project/gardener/extensions/admission-cilium:v1.30.1
gardener-extension-networking-cilium: eu.gcr.io/gardener-project/gardener/extensions/networking-cilium:v1.30.1
Update gardener-controlplane to 1.82.1
[gardener/gardener]
🐛 Bug Fixes
[OPERATOR]
A bug causing the managedseed controller to error if the controller restarts and the seed secret is already deleted is now fixed. by @shafeeqes [#8699][OPERATOR]
A bug has been fixed which causedServiceAccount
s related to garden access secrets for extensions to leak in the seed namespace in the garden cluster after uninstallation of said extensions. by @rfranzke [#8697]
🏃 Others
[OPERATOR]
github.com/gardener/etcd-druid #714 @aaronfern
Alpine image used in init containers is now part of the IMAGEVECTOR_OVERWRITE by @gardener-ci-robot [#8684][OPERATOR]
The testmachinery tests now useAdminKubeconfig
of theShoot
s ofManagedSeed
s to create seed client. by @shafeeqes [#8698]
Docker Images
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.82.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.82.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.82.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.82.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.82.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.82.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.82.1
Update gardener-controlplane to 1.82.1
[gardener/gardener]
🐛 Bug Fixes
[OPERATOR]
A bug causing the managedseed controller to error if the controller restarts and the seed secret is already deleted is now fixed. by @shafeeqes [#8699][OPERATOR]
A bug has been fixed which causedServiceAccount
s related to garden access secrets for extensions to leak in the seed namespace in the garden cluster after uninstallation of said extensions. by @rfranzke [#8697]
🏃 Others
[OPERATOR]
github.com/gardener/etcd-druid #714 @aaronfern
Alpine image used in init containers is now part of the IMAGEVECTOR_OVERWRITE by @gardener-ci-robot [#8684][OPERATOR]
The testmachinery tests now useAdminKubeconfig
of theShoot
s ofManagedSeed
s to create seed client. by @shafeeqes [#8698]
Docker Images
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.82.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.82.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.82.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.82.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.82.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.82.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.82.1
Update gardenlet to 1.82.1
[gardener/gardener]
🐛 Bug Fixes
[OPERATOR]
A bug causing the managedseed controller to error if the controller restarts and the seed secret is already deleted is now fixed. by @shafeeqes [#8699][OPERATOR]
A bug has been fixed which causedServiceAccount
s related to garden access secrets for extensions to leak in the seed namespace in the garden cluster after uninstallation of said extensions. by @rfranzke [#8697]
🏃 Others
[OPERATOR]
github.com/gardener/etcd-druid #714 @aaronfern
Alpine image used in init containers is now part of the IMAGEVECTOR_OVERWRITE by @gardener-ci-robot [#8684][OPERATOR]
The testmachinery tests now useAdminKubeconfig
of theShoot
s ofManagedSeed
s to create seed client. by @shafeeqes [#8698]
Docker Images
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.82.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.82.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.82.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.82.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.82.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.82.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.82.1
Update provider-openstack to 1.37.1
[gardener/gardener-extension-provider-openstack]
🏃 Others
[OPERATOR]
Update external-snapshotter to v6.3.1 by @kon-angelo [#683]
Docker Images
gardener-extension-admission-openstack: eu.gcr.io/gardener-project/gardener/extensions/admission-openstack:v1.37.1
gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.37.1
Update networking-calico to 1.37.0
[gardener/gardener-extension-networking-calico]
✨ New Features
[USER]
networking-calico
extension now supports Shoot Force Deletion. by @shafeeqes [#302]
🏃 Others
[OPERATOR]
Update calico to version3.26.2
and make sure that tyhpa gets scheduled on all nodes. by @DockToFuture [#304][OPERATOR]
Update calico tov3.26.3
. by @DockToFuture [#308][OPERATOR]
The following dependency is updated:- github.com/gardener/gardener: v1.76.0 -> v1.77.2 by @shafeeqes [#293]
[OPERATOR]
Add autoscaling mode for calico node/typha, for vpa mode (autoScaling.mode: vpa), for cluster-proportional mode (autoScaling.mode: cluster-proportional) by @jfortin-sap [#286][OPERATOR]
The following dependency is updated:- github.com/gardener/gardener: v1.79.1 -> v1.80.1
- k8s.io/* : v0.27.5 -> v0.28.2
- sigs.k8s.io/controller-runtime: v0.15.2-> v0.16.2 by @shafeeqes [#300]
[OPERATOR]
The following dependency is updated:- github.com/gardener/gardener: v1.77.2 -> v1.79.1
- k8s.io/* : v0.26.3 -> v0.27.5
- sigs.k8s.io/controller-runtime: v0.14.6-> v0.15.2 by @shafeeqes [#296]
[OPERATOR]
Vertical and horizontal cluster-proportional autoscalers for calico-typha now use different label selectors. by @ScheererJ [#297]
Docker Images
gardener-extension-admission-calico: eu.gcr.io/gardener-project/gardener/extensions/admission-calico:v1.37.0
gardener-extension-networking-calico: eu.gcr.io/gardener-project/gardener/extensions/networking-calico:v1.37.0
Update cert-management to 0.11.3
[gardener/cert-management]
🏃 Others
[USER]
Support PKCS8 private keys for CA issuers by @MartinWeindel [#146][OPERATOR]
Bumps golang from 1.21.2 to 1.21.3. by @dependabot[bot] [#143][OPERATOR]
Removeissuer
short name for issuer CustomResourceDefinition as it is the same as the singular. by @MartinWeindel [#147]
Docker Images
cert-management: eu.gcr.io/gardener-project/cert-controller-manager:v0.11.3
Update networking-cilium to 1.30.2
no release notes available
Docker Images
gardener-extension-admission-cilium: eu.gcr.io/gardener-project/gardener/extensions/admission-cilium:v1.30.2
gardener-extension-networking-cilium: eu.gcr.io/gardener-project/gardener/extensions/networking-cilium:v1.30.2
Update runtime-gvisor to 0.12.0
[gardener/gardener-extension-runtime-gvisor]
📰 Noteworthy
[OPERATOR]
Thesecurity.gardener.cloud/pod-security-enforce
annotation in the ControllerRegistration is set tobaseline
. With this, the pods running in the extension namespace should comply withbaseline
pod-security standard. by @dimityrmirchev [#94]
✨ New Features
[USER]
runtime-gvisor
extension now supports Shoot Force Deletion. by @shafeeqes [#101]
🏃 Others
[DEPENDENCY]
The following dependency were updated:- github.com/gardener/gardener: v1.75.0-> v1.80.1
- k8s.io/* : v0.26.3 -> v0.28.2
- sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @dimityrmirchev [#96]
[DEPENDENCY]
The go version was updated to1.21.3
. by @dimityrmirchev [#96]
Docker Images
gardener-extension-runtime-gvisor-installation: eu.gcr.io/gardener-project/gardener/extensions/runtime-gvisor-installation:v0.12.0
gardener-extension-runtime-gvisor: eu.gcr.io/gardener-project/gardener/extensions/runtime-gvisor:v0.12.0
Update shoot-cert-service to 1.39.0
[gardener/gardener-extension-shoot-cert-service]
✨ New Features
[USER]
shoot-cert-service
extension now supports Shoot Force Deletion. by @acumino [#204]
🏃 Others
[OPERATOR]
Remove redundant short name forissuer
CustomResourceDefinition. by @MartinWeindel [#211][OPERATOR]
Bump github.com/gardener/gardener from 1.82.0 to 1.82.1. by @dependabot[bot] [#207][OPERATOR]
Bump github.com/gardener/gardener from 1.81.1 to 1.82.0. by @dependabot[bot] [#206]
[gardener/cert-management]
🏃 Others
[OPERATOR]
Bumps golang from 1.21.2 to 1.21.3. by @dependabot[bot] [gardener/cert-management#143][OPERATOR]
Removeissuer
short name for issuer CustomResourceDefinition as it is the same as the singular. by @MartinWeindel [gardener/cert-management#147][USER]
Support PKCS8 private keys for CA issuers by @MartinWeindel [gardener/cert-management#146]
Docker Images
gardener-extension-shoot-cert-service: eu.gcr.io/gardener-project/gardener/extensions/shoot-cert-service:v1.39.0
Update gardener-controlplane to 1.83.0
[gardener/gardener]
⚠️ Breaking Changes
[DEPENDENCY]
Thehack/check-docforge.sh
script is now removed. The repo based manifest are removed in favor of a centrally managed manifests. See https://github.com/gardener/documentation/issues/431. The manifests are now maintained centrally in https://github.com/gardener/documentation/tree/master/.docforge. by @Kostov6 [#8692][USER]
Validation has been added forspec.kubernetes.kubeAPIServer.runtimeConfig
field in the Shoot API. Disabling APIs marked as "Required" by gardener is not permitted. by @shafeeqes [#8695]
✨ New Features
[OPERATOR]
CloudProfiles allow configuring update strategies {patch, minor, major} for machine images that affect update behavior during auto and force update. by @danielfoehrKn [#8275]
🐛 Bug Fixes
[OPERATOR]
A bug has been fixed which causedServiceAccount
s related to garden access secrets for extensions to leak in the seed namespace in the garden cluster after uninstallation of said extensions. by @rfranzke [#8697][OPERATOR]
A bug causing the managedseed controller to error if the controller restarts and the seed secret is already deleted is now fixed. by @shafeeqes [#8699][OPERATOR]
An issue causing theetcd-backup
Secret to be wrongly deleted for a Shoot cluster due to stale BackupEntry deletion from a previous Shoot creation with the same name is now fixed. by @Kostov6 [#8709][OPERATOR]
An issue has been fixed that prevented setting theUnauthenticatedHTTP2DOSMitigation
feature gate. by @timuthy [#8732][OPERATOR]
Add memory and cpu limits (maxAllowed) to Prometheus (H)VPAs. by @rickardsjp [#8694]
🏃 Others
[OPERATOR]
nginx-ingress-controller
image is updated tov1.9.4
. by @shafeeqes [#8727][OPERATOR]
Partial Shoot maintenance errors are now reported as events on the Shoot and in the Shoot'sLastMaintenance
status. by @danielfoehrKn [#8275][OPERATOR]
With this release the obervability compoents are updated to the latest release versions. Plutono is now at v2.5.25 and Vali is now at v2.2.9 by @nickytd [#8689][OPERATOR]
The.status.lastOperation
incore.gardener.cloud/v1beta1.Seed
andoperator.gardener.cloud/v1alpha1.Garden
resources is now only updated each5s
during a reconciliation. Previously, it was updated immediately when a task was finished. by @rfranzke [#8705][OPERATOR]
The testmachinery tests now useAdminKubeconfig
of theShoot
s ofManagedSeed
s to create seed client. by @shafeeqes [#8698][OPERATOR]
APIServer validation allows updating to expired Kubernetes and machine image versions. by @danielfoehrKn [#8275]
[gardener/etcd-druid]
🏃 Others
[OPERATOR]
Alpine image used in init containers is now part of the IMAGEVECTOR_OVERWRITE by @aaronfern [gardener/etcd-druid#714]
Docker Images
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.83.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.83.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.83.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.83.0
node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.83.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.83.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.83.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.83.0
Update gardener-controlplane to 1.83.0
[gardener/gardener]
⚠️ Breaking Changes
[DEPENDENCY]
Thehack/check-docforge.sh
script is now removed. The repo based manifest are removed in favor of a centrally managed manifests. See https://github.com/gardener/documentation/issues/431. The manifests are now maintained centrally in https://github.com/gardener/documentation/tree/master/.docforge. by @Kostov6 [#8692][USER]
Validation has been added forspec.kubernetes.kubeAPIServer.runtimeConfig
field in the Shoot API. Disabling APIs marked as "Required" by gardener is not permitted. by @shafeeqes [#8695]
✨ New Features
[OPERATOR]
CloudProfiles allow configuring update strategies {patch, minor, major} for machine images that affect update behavior during auto and force update. by @danielfoehrKn [#8275]
🐛 Bug Fixes
[OPERATOR]
A bug has been fixed which causedServiceAccount
s related to garden access secrets for extensions to leak in the seed namespace in the garden cluster after uninstallation of said extensions. by @rfranzke [#8697][OPERATOR]
A bug causing the managedseed controller to error if the controller restarts and the seed secret is already deleted is now fixed. by @shafeeqes [#8699][OPERATOR]
An issue causing theetcd-backup
Secret to be wrongly deleted for a Shoot cluster due to stale BackupEntry deletion from a previous Shoot creation with the same name is now fixed. by @Kostov6 [#8709][OPERATOR]
An issue has been fixed that prevented setting theUnauthenticatedHTTP2DOSMitigation
feature gate. by @timuthy [#8732][OPERATOR]
Add memory and cpu limits (maxAllowed) to Prometheus (H)VPAs. by @rickardsjp [#8694]
🏃 Others
[OPERATOR]
nginx-ingress-controller
image is updated tov1.9.4
. by @shafeeqes [#8727][OPERATOR]
Partial Shoot maintenance errors are now reported as events on the Shoot and in the Shoot'sLastMaintenance
status. by @danielfoehrKn [#8275][OPERATOR]
With this release the obervability compoents are updated to the latest release versions. Plutono is now at v2.5.25 and Vali is now at v2.2.9 by @nickytd [#8689][OPERATOR]
The.status.lastOperation
incore.gardener.cloud/v1beta1.Seed
andoperator.gardener.cloud/v1alpha1.Garden
resources is now only updated each5s
during a reconciliation. Previously, it was updated immediately when a task was finished. by @rfranzke [#8705][OPERATOR]
The testmachinery tests now useAdminKubeconfig
of theShoot
s ofManagedSeed
s to create seed client. by @shafeeqes [#8698][OPERATOR]
APIServer validation allows updating to expired Kubernetes and machine image versions. by @danielfoehrKn [#8275]
[gardener/etcd-druid]
🏃 Others
[OPERATOR]
Alpine image used in init containers is now part of the IMAGEVECTOR_OVERWRITE by @aaronfern [gardener/etcd-druid#714]
Docker Images
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.83.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.83.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.83.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.83.0
node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.83.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.83.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.83.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.83.0
Update gardenlet to 1.83.0
[gardener/gardener]
⚠️ Breaking Changes
[DEPENDENCY]
Thehack/check-docforge.sh
script is now removed. The repo based manifest are removed in favor of a centrally managed manifests. See https://github.com/gardener/documentation/issues/431. The manifests are now maintained centrally in https://github.com/gardener/documentation/tree/master/.docforge. by @Kostov6 [#8692][USER]
Validation has been added forspec.kubernetes.kubeAPIServer.runtimeConfig
field in the Shoot API. Disabling APIs marked as "Required" by gardener is not permitted. by @shafeeqes [#8695]
✨ New Features
[OPERATOR]
CloudProfiles allow configuring update strategies {patch, minor, major} for machine images that affect update behavior during auto and force update. by @danielfoehrKn [#8275]
🐛 Bug Fixes
[OPERATOR]
A bug has been fixed which causedServiceAccount
s related to garden access secrets for extensions to leak in the seed namespace in the garden cluster after uninstallation of said extensions. by @rfranzke [#8697][OPERATOR]
A bug causing the managedseed controller to error if the controller restarts and the seed secret is already deleted is now fixed. by @shafeeqes [#8699][OPERATOR]
An issue causing theetcd-backup
Secret to be wrongly deleted for a Shoot cluster due to stale BackupEntry deletion from a previous Shoot creation with the same name is now fixed. by @Kostov6 [#8709][OPERATOR]
An issue has been fixed that prevented setting theUnauthenticatedHTTP2DOSMitigation
feature gate. by @timuthy [#8732][OPERATOR]
Add memory and cpu limits (maxAllowed) to Prometheus (H)VPAs. by @rickardsjp [#8694]
🏃 Others
[OPERATOR]
nginx-ingress-controller
image is updated tov1.9.4
. by @shafeeqes [#8727][OPERATOR]
Partial Shoot maintenance errors are now reported as events on the Shoot and in the Shoot'sLastMaintenance
status. by @danielfoehrKn [#8275][OPERATOR]
With this release the obervability compoents are updated to the latest release versions. Plutono is now at v2.5.25 and Vali is now at v2.2.9 by @nickytd [#8689][OPERATOR]
The.status.lastOperation
incore.gardener.cloud/v1beta1.Seed
andoperator.gardener.cloud/v1alpha1.Garden
resources is now only updated each5s
during a reconciliation. Previously, it was updated immediately when a task was finished. by @rfranzke [#8705][OPERATOR]
The testmachinery tests now useAdminKubeconfig
of theShoot
s ofManagedSeed
s to create seed client. by @shafeeqes [#8698][OPERATOR]
APIServer validation allows updating to expired Kubernetes and machine image versions. by @danielfoehrKn [#8275]
[gardener/etcd-druid]
🏃 Others
[OPERATOR]
Alpine image used in init containers is now part of the IMAGEVECTOR_OVERWRITE by @aaronfern [gardener/etcd-druid#714]
Docker Images
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.83.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.83.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.83.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.83.0
node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.83.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.83.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.83.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.83.0