Release Notes v1.85

23KE release notes and upgrade guide

Since 23technologies/23ke was moved to yakecloud/yake, later 1.85.x releases are no longer made available as buckets or oci images, but only as git tags. If you're not already using a GitRepository source, you'll need to switch to one.

Create new GitRepository source named 23ke.

cat <<EOF | kubectl apply -f -
apiVersion: source.toolkit.fluxcd.io/v1
kind: GitRepository
metadata:
  name: yake
  namespace: flux-system
spec:
  interval: 1m
  ref:
    tag: v1.85.x-y # add latest version here
  timeout: 60s
  url: https://github.com/yakecloud/yake
EOF

Update the main 23ke Kustomization's sourceRef to

spec:
  sourceRef:
    kind: GitRepository
    name: 23ke

Update shoot-rsyslog-relp to 0.2.2

[gardener/gardener-extension-shoot-rsyslog-relp]

🏃 Others

[OPERATOR] The following images are updated:
- eu.gcr.io/gardener-project/3rd/alpine: 3.15.8 -> 3.18.4
- registry.k8s.io/pause: 3.7 -> 3.9 by @plkokanov [#36]
[OPERATOR] Vulnerability scans are disabled for the alpine image as the corresponding container is not accessible from outside of the k8s clusters and not interacted with from other containers or other systems. by @plkokanov [#36]

Docker Images

gardener-extension-shoot-rsyslog-relp-admission: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp-admission:v0.2.2
gardener-extension-shoot-rsyslog-relp: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp:v0.2.2

Update networking-cilium to 1.31.0

[gardener/gardener-extension-networking-cilium]

🐛 Bug Fixes

[OPERATOR] The actuator.Delete doesn't wait for ManagedResources to get deleted in case of ForceDelete. by @shafeeqes [#227]
[OPERATOR] An issue in the charts missing versions for some resources is now fixed. by @shafeeqes [#225]
[OPERATOR] Fixes an error that occurs when running with iptables-nft. by @axel7born [#229]

🏃 Others

[OPERATOR] Reconciliation of hibernated cilium clusters now works again. by @ScheererJ [#226]

Docker Images

gardener-extension-admission-cilium: eu.gcr.io/gardener-project/gardener/extensions/admission-cilium:v1.31.0
gardener-extension-networking-cilium: eu.gcr.io/gardener-project/gardener/extensions/networking-cilium:v1.31.0

Update provider-azure to 1.39.3

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

[OPERATOR] A bug which caused an empty vmType under certain conditions has been fixed. Empty vmTypes prevent load balancers from being deleted on Kubernetes v1.28 shoots. by @oliver-goetz [#755]

Docker Images

gardener-extension-admission-azure: eu.gcr.io/gardener-project/gardener/extensions/admission-azure:v1.39.3
gardener-extension-provider-azure: eu.gcr.io/gardener-project/gardener/extensions/provider-azure:v1.39.3

Update gardener-controlplane to 1.84.1

[gardener/gardener]

🏃 Others

[OPERATOR] Updated alpine image to version 3.18.4. by @plkokanov [#8858]

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.84.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.84.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.84.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.84.1
node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.84.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.84.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.84.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.84.1

Update gardener-controlplane to 1.84.1

[gardener/gardener]

🏃 Others

[OPERATOR] Updated alpine image to version 3.18.4. by @plkokanov [#8858]

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.84.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.84.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.84.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.84.1
node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.84.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.84.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.84.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.84.1

Update gardenlet to 1.84.1

[gardener/gardener]

🏃 Others

[OPERATOR] Updated alpine image to version 3.18.4. by @plkokanov [#8858]

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.84.1
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.84.1
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.84.1
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.84.1
node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.84.1
operator: eu.gcr.io/gardener-project/gardener/operator:v1.84.1
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.84.1
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.84.1

Update shoot-networking-problemdetector to 0.19.0

[gardener/gardener-extension-shoot-networking-problemdetector]

🏃 Others

[OPERATOR] Bump github.com/gardener/gardener from 1.82.0 to 1.82.1. by @dependabot[bot] [#100]
[OPERATOR] Bump github.com/gardener/gardener from 1.81.1 to 1.82.0. by @dependabot[bot] [#99]
[OPERATOR] Bumps golang from 1.21.3 to 1.21.4. by @dependabot[bot] [#103]
[OPERATOR] Bump github.com/gardener/gardener from 1.83.0 to 1.84.0. by @dependabot[bot] [#105]
[OPERATOR] Bump github.com/gardener/gardener from 1.82.1 to 1.83.0. by @dependabot[bot] [#102]
[OPERATOR] Bumps github.com/gardener/gardener from 1.80.1 to 1.81.1. by @dependabot[bot] [#97]

Docker Images

gardener-extension-shoot-networking-problemdetector: eu.gcr.io/gardener-project/gardener/extensions/shoot-networking-problemdetector:v0.19.0

Update shoot-networking-filter to 0.15.0

[gardener/gardener-extension-shoot-networking-filter]

⚠️ Breaking Changes

[OPERATOR] extension-shoot-networking-filter no longer supports Shoots with Кubernetes version < 1.22. by @shafeeqes [#71]
[OPERATOR] The security.gardener.cloud/pod-security-enforce annotation in the ControllerRegistration is set to baseline. With this, the pods running in the extension namespace should comply with baseline pod-security standard. by @shafeeqes [#73]

🏃 Others

[OPERATOR] Bump github.com/gardener/gardener from 1.83.0 to 1.84.0. by @dependabot[bot] [#99]
[OPERATOR] Bumps golang from 1.21.1 to 1.21.2. by @dependabot[bot] [#88]
[OPERATOR] Bumps github.com/gardener/gardener from 1.80.1 to 1.81.1. by @dependabot[bot] [#91]
[OPERATOR] Bump github.com/gardener/gardener from 1.82.0 to 1.82.1. by @dependabot[bot] [#94]
[OPERATOR] Bump github.com/gardener/gardener from 1.81.1 to 1.82.0. by @dependabot[bot] [#93]
[OPERATOR] Bump github.com/gardener/gardener from 1.82.1 to 1.83.0. by @dependabot[bot] [#96]
[OPERATOR] The following dependency is updated:
- github.com/gardener/gardener: v1.77.0-> v1.80.1
- k8s.io/* : v0.26.3 -> v0.28.2
- sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @acumino [#86]
[OPERATOR] Bumps github.com/gardener/gardener from 1.76.0 to 1.77.0. by @dependabot[bot] [#81]
[OPERATOR] Bumps golang from 1.21.2 to 1.21.3. by @dependabot[bot] [#90]
[OPERATOR] Bumps golang from 1.21.3 to 1.21.4. by @dependabot[bot] [#97]

Docker Images

gardener-extension-shoot-networking-filter: eu.gcr.io/gardener-project/gardener/extensions/shoot-networking-filter:v0.15.0

Update os-coreos to 1.19.0

[gardener/gardener-extension-os-coreos]

📰 Noteworthy

[OPERATOR] This extension is now prepared to run with an enabled UseGardenerNodeAgent feature gate. by @rfranzke [#80]

✨ New Features

[USER] os-coreos extension now supports Shoot Force Deletion. by @ary1992 [#79]

🏃 Others

[OPERATOR] The following dependency is updated:
- github.com/gardener/gardener: v1.77.1-> v1.80.0
- k8s.io/* : v0.26.3 -> v0.28.2
- sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @acumino [#76]
[OPERATOR] The following dependency is updated:
- github.com/gardener/gardener: v1.80.1-> v1.81.0 by @ary1992 [#79]

Docker Images

gardener-extension-os-coreos: eu.gcr.io/gardener-project/gardener/extensions/os-coreos:v1.19.0

Update os-gardenlinux to 0.22.0

[gardener/gardener-extension-os-gardenlinux]

📰 Noteworthy

[OPERATOR] This extension is now prepared to run with an enabled UseGardenerNodeAgent feature gate. by @rfranzke [#130]

✨ New Features

[USER] os-gardenlinux extension now supports Shoot Force Deletion. by @acumino [#131]

🏃 Others

[OPERATOR] The following dependency is updated:
- github.com/gardener/gardener: v1.77.1-> v1.80.0
- k8s.io/* : v0.26.3 -> v0.28.2
- sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @acumino [#127]

Docker Images

gardener-extension-os-gardenlinux: eu.gcr.io/gardener-project/gardener/extensions/os-gardenlinux:v0.22.0

Update external-dns-management to 0.16.0

[gardener/external-dns-management]

⚠️ Breaking Changes

[USER] NS records are not retrieved anymore for all accessible hosted zones to avoid reading all DNS record sets of all hosted zones periodically independently if they are used. Only hosted zones with active DNSProviders are synched, but without caring about consequences of NS records for subdomains. If there are many large hosted zones accessible for given credentials and there are only DNSProviders using a few of these zones (either by domain or zone include), the period synchronisation of the zone state for all other hosted zones is avoided. This can result in a significant reduction of requests to the provider backend. As a downside of this change, applying a DNSEntry for a forwarded subdomain now results in a DNS record set in the parent hosted zone, if the real hosted zone is unknown to the controller. Formerly, applying such a DNSEnty resulted in an error state. No action is necessary from the users, this is only a "heads up" for the changed behaviour if NS records are used for subdomains. by @MartinWeindel [#336]

🏃 Others

[OPERATOR] Bumps golang from 1.21.3 to 1.21.4. by @dependabot[bot] [#333]
[USER] Validate provider domain includes and excludes for forbidden wildcard domains. by @MartinWeindel [#335]

Docker Images

dns-controller-manager: eu.gcr.io/gardener-project/dns-controller-manager:v0.16.0

Update os-ubuntu to 1.24.0

[gardener/gardener-extension-os-ubuntu]

📰 Noteworthy

[OPERATOR] This extension is now prepared to run with an enabled UseGardenerNodeAgent feature gate. by @rfranzke [#99]

🏃 Others

[OPERATOR] The following dependency is updated:
- github.com/gardener/gardener: v1.77.1-> v1.80.3
- k8s.io/* : v0.26.3 -> v0.28.2
- sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @shafeeqes [#95]

Docker Images

gardener-extension-os-ubuntu: eu.gcr.io/gardener-project/gardener/extensions/os-ubuntu:v1.24.0

Update provider-alicloud to 1.50.0

[gardener/gardener-extension-provider-alicloud]

📰 Noteworthy

[DEVELOPER] Remove dependency to specific calico and cilium versions. by @axel7born [#659]

✨ New Features

[USER] provider-alicloud extension now supports Shoot Force Deletion for more details.). by @shafeeqes [#652]

🏃 Others

[OPERATOR] The following image is updated:
- registry.eu-central-1.aliyuncs.com/gardener-de/alibaba-cloud-controller-manager:v1.9.3-372 -> registry-eu-central-1.ack.aliyuncs.com/acs/cloud-controller-manager-amd64:v2.7.0 by @shaoyongfeng [#654]
[OPERATOR] Flow-based infrastructure reconciliation without Terraformer by @kevin-lacoo [#656]
[OPERATOR] The following golang dependencies have been upgraded :
- gardener/gardener: v1.81.0->v1.81.6
- k8s.io/*: v0.28.2-> v0.28.3
- sigs.k8s.io/controller-runtime: v0.16.2-> v0.16.3 by @shafeeqes [#660]
[DEVELOPER] Add new unit tests. by @axel7born [#664]

[gardener/machine-controller-manager]

🐛 Bug Fixes

[OPERATOR] Removes node.machine.sapcloud.io/not-managed-by-mcm annotation from nodes managed by the MCM. by @gardener-robot-ci-1 [gardener/machine-controller-manager#866]

Docker Images

gardener-extension-admission-alicloud: eu.gcr.io/gardener-project/gardener/extensions/admission-alicloud:v1.50.0
gardener-extension-provider-alicloud: eu.gcr.io/gardener-project/gardener/extensions/provider-alicloud:v1.50.0

Docker Images

gardener-extension-provider-alicloud: eu.gcr.io/gardener-project/gardener/extensions/provider-alicloud:v1.50.0 gardener-extension-admission-alicloud: eu.gcr.io/gardener-project/gardener/extensions/admission-alicloud:v1.50.0

Update shoot-oidc-service to 0.23.0

[gardener/gardener-extension-shoot-oidc-service]

✨ New Features

[USER] shoot-oidc-service extension now supports Shoot Force Deletion. by @acumino [#134]

🐛 Bug Fixes

[OPERATOR] A bug in the shoot-oidc-service controller that was causing the OIDC Webhook Authenticator CA secret for a shoot cluster to be recreated instead of restored during control plane migration has been fixed. by @vpnachev [#137]

[gardener/oidc-webhook-authenticator]

🏃 Others

[DEPENDENCY] The following dependencies were updated:
- github.com/go-logr/logr v1.2.4 -> v1.3.0
- k8s.io/* v0.27.6 -> v0.27.6
- sigs.k8s.io/controller-runtime v0.15.2 -> v0.15.3 by @dimityrmirchev [gardener/oidc-webhook-authenticator#141]
[DEPENDENCY] OWA is now built using go version 1.21.4. by @dimityrmirchev [gardener/oidc-webhook-authenticator#141]

Docker Images

gardener-extension-shoot-oidc-service: eu.gcr.io/gardener-project/gardener/extensions/shoot-oidc-service:v0.23.0

Update gardener-controlplane to 1.85.0

[gardener/etcd-backup-restore]

📰 Noteworthy

[OPERATOR] Fix a restoration failure which can occurs due to an etcd database space exceeds during restoration. by @ishan16696 [gardener/etcd-backup-restore#668]
[OPERATOR] Making etcd-backup-restore restart tolerant while scaling-up an etcd cluster. by @ishan16696 [gardener/etcd-backup-restore#661]

🏃 Others

[OPERATOR] Enhanced Garbage Collector to garbage collect the chunks for cloud providers like GCP and OpenStack which does not automatically delete snapshot chunks after the formation of a composite object. by @anveshreddy18 [gardener/etcd-backup-restore#673]
[USER] The snapshots are fetched from the actual backend store when queried for latest snapshots on /snapshot/latest endpoint. by @abdasgupta [gardener/etcd-backup-restore#675]

[gardener/gardener]

⚠️ Breaking Changes

[DEPENDENCY] The webhookcmd.NewAddToManagerSimpleOptions function was removed, please use webhookcmd.NewAddToManagerOptions instead. by @timuthy [#8725]
[DEPENDENCY] The extensionswebhook.New forbids to pass mutators and validators at the same time. Please use separate webhooks for validating and mutating actions if required. by @timuthy [#8725]
[OPERATOR] All the functionality related to the deprecated field seed.spec.secretRef has been removed and subsequently seed.spec.secretRef will be dropped from the Seed API in a later release of Gardener. Please check your Seeds and remove any usage before upgrading to this Gardener version. by @acumino [#8833]
[USER] With this PR, the plutono UI will be able to fetch newer logs only. The older logs, which are submitted via the tenant operator will not be visible in the UI. To access the older logs, for the standard log retention period , either set the --org-id parameter for valicli or the X-Scope-Org http request header for curl or wget needs to be supplied to fetch them, using the port-forwarded service to the vali target. by @nickytd [#8800]

📰 Noteworthy

[DEVELOPER] The extension webhook registration does now differentiate between mutating and validating actions and creates matching ValidatingWebhookConfigration or MutatingWebhookConfiguration objects. Earlier, only MutatingWebhookConfigurations were created. by @timuthy [#8725]
[DEVELOPER] The UseGardenerNodeAgent feature gate is now enabled for the local development scenario. You can read more about gardener-node-agent here. by @rfranzke [#8847]

✨ New Features

[DEVELOPER] Add full single-stack IPv6 support for gardener provider-local by @nschad [#8574]
[DEPENDENCY] Webhook registration webhookcmd.NewAddToManagerOptions can now be used for admission controllers performing validation and mutation in the Garden cluster. This option automatically creates and maintains required {Mutating,Validating}WebhookConfiguration objects as well as comes with an automated management for CA and server certificates. by @timuthy [#8725]
[OPERATOR] gardenlet's Shoot care controller now garbage-collects orphaned Lease objects related to no longer existing Nodes - see this upstream issue for more details. by @rfranzke [#8817]

🐛 Bug Fixes

[OPERATOR] A bug has been fixed which prevented shoot reconciliations in case the old system:machine-controller-manager-seed ClusterRole was still referenced in the RoleBinding for machine-controller-manager`. by @himanshu-kun [#8816]
[OPERATOR] A bug causing EveryNodeReady condition to be added in workerless shoot status if gardenlet of the given shoot's seed becomes unhealthy is fixed. by @gardener-ci-robot [#8889]
[OPERATOR] A bug in the Seed care controller has been fixed which caused the Seed to remain in NotReady state when vali was disabled in gardenlet's component config (via .logging.vali.enabled=false) while logging was enabled (.logging.enabled=true). by @rfranzke [#8840]

🏃 Others

[OPERATOR] Federate non-namespaced metrics, e.g. kube_node_spec_taint, kube_node_spec_unschedulable. by @adenitiu [#8850]
[OPERATOR] The Version of Istio is up-dated to 1.19.3 by @axel7born [#8723]
[OPERATOR] showing kubelet version and OS image version in Plutono Node/Worker Pool overview dashboard by @tedteng [#8757]
[OPERATOR] The gardener-resource-manager deployment procedure was improved. Earlier, GRM was unnecessarily rolled during shoot reconciliation if worker nodes contained custom taints. by @timuthy [#8835]
[OPERATOR] Update vertical-pod-autoscaler to 1.0.0. This introduces the /status subresource on VPA objects. by @voelzmo [#8852]

📖 Documentation

[USER] Document whether is an error in the shoot.status is a user error or not. by @hendrikKahl [#8758]

[gardener/etcd-druid]

📰 Noteworthy

[DEVELOPER] Added e2e test for compaction. by @abdasgupta [gardener/etcd-druid#723]
[OPERATOR] Compaction job now reconciles on Job Status changes along with the holder identity changes in snapshot leases. by @abdasgupta [gardener/etcd-druid#711]

✨ New Features

[DEVELOPER] Added documentation and sample configurations for simplifying Localstack setup, making it easier for developers to create a local testing environment using a Kind cluster. by @seshachalam-yv [gardener/etcd-druid#713]

🐛 Bug Fixes

[OPERATOR] Local storage provider for backups is now supported for snapshot compaction jobs. by @abdasgupta [gardener/etcd-druid#682]

🏃 Others

[OPERATOR] Update alpine image version to 3.18.4. by @shreyas-s-rao [gardener/etcd-druid#724]

📖 Documentation

[OPERATOR] Updated the recovery from permanent quorum loss ops guide. by @ishan16696 [gardener/etcd-druid#697]

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.85.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.85.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.85.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.85.0
node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.85.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.85.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.85.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.85.0

Update gardener-controlplane to 1.85.0

[gardener/etcd-backup-restore]

📰 Noteworthy

[OPERATOR] Fix a restoration failure which can occurs due to an etcd database space exceeds during restoration. by @ishan16696 [gardener/etcd-backup-restore#668]
[OPERATOR] Making etcd-backup-restore restart tolerant while scaling-up an etcd cluster. by @ishan16696 [gardener/etcd-backup-restore#661]

🏃 Others

[OPERATOR] Enhanced Garbage Collector to garbage collect the chunks for cloud providers like GCP and OpenStack which does not automatically delete snapshot chunks after the formation of a composite object. by @anveshreddy18 [gardener/etcd-backup-restore#673]
[USER] The snapshots are fetched from the actual backend store when queried for latest snapshots on /snapshot/latest endpoint. by @abdasgupta [gardener/etcd-backup-restore#675]

[gardener/gardener]

⚠️ Breaking Changes

[DEPENDENCY] The webhookcmd.NewAddToManagerSimpleOptions function was removed, please use webhookcmd.NewAddToManagerOptions instead. by @timuthy [#8725]
[DEPENDENCY] The extensionswebhook.New forbids to pass mutators and validators at the same time. Please use separate webhooks for validating and mutating actions if required. by @timuthy [#8725]
[OPERATOR] All the functionality related to the deprecated field seed.spec.secretRef has been removed and subsequently seed.spec.secretRef will be dropped from the Seed API in a later release of Gardener. Please check your Seeds and remove any usage before upgrading to this Gardener version. by @acumino [#8833]
[USER] With this PR, the plutono UI will be able to fetch newer logs only. The older logs, which are submitted via the tenant operator will not be visible in the UI. To access the older logs, for the standard log retention period , either set the --org-id parameter for valicli or the X-Scope-Org http request header for curl or wget needs to be supplied to fetch them, using the port-forwarded service to the vali target. by @nickytd [#8800]

📰 Noteworthy

[DEVELOPER] The extension webhook registration does now differentiate between mutating and validating actions and creates matching ValidatingWebhookConfigration or MutatingWebhookConfiguration objects. Earlier, only MutatingWebhookConfigurations were created. by @timuthy [#8725]
[DEVELOPER] The UseGardenerNodeAgent feature gate is now enabled for the local development scenario. You can read more about gardener-node-agent here. by @rfranzke [#8847]

✨ New Features

[DEVELOPER] Add full single-stack IPv6 support for gardener provider-local by @nschad [#8574]
[DEPENDENCY] Webhook registration webhookcmd.NewAddToManagerOptions can now be used for admission controllers performing validation and mutation in the Garden cluster. This option automatically creates and maintains required {Mutating,Validating}WebhookConfiguration objects as well as comes with an automated management for CA and server certificates. by @timuthy [#8725]
[OPERATOR] gardenlet's Shoot care controller now garbage-collects orphaned Lease objects related to no longer existing Nodes - see this upstream issue for more details. by @rfranzke [#8817]

🐛 Bug Fixes

[OPERATOR] A bug has been fixed which prevented shoot reconciliations in case the old system:machine-controller-manager-seed ClusterRole was still referenced in the RoleBinding for machine-controller-manager`. by @himanshu-kun [#8816]
[OPERATOR] A bug causing EveryNodeReady condition to be added in workerless shoot status if gardenlet of the given shoot's seed becomes unhealthy is fixed. by @gardener-ci-robot [#8889]
[OPERATOR] A bug in the Seed care controller has been fixed which caused the Seed to remain in NotReady state when vali was disabled in gardenlet's component config (via .logging.vali.enabled=false) while logging was enabled (.logging.enabled=true). by @rfranzke [#8840]

🏃 Others

[OPERATOR] Federate non-namespaced metrics, e.g. kube_node_spec_taint, kube_node_spec_unschedulable. by @adenitiu [#8850]
[OPERATOR] The Version of Istio is up-dated to 1.19.3 by @axel7born [#8723]
[OPERATOR] showing kubelet version and OS image version in Plutono Node/Worker Pool overview dashboard by @tedteng [#8757]
[OPERATOR] The gardener-resource-manager deployment procedure was improved. Earlier, GRM was unnecessarily rolled during shoot reconciliation if worker nodes contained custom taints. by @timuthy [#8835]
[OPERATOR] Update vertical-pod-autoscaler to 1.0.0. This introduces the /status subresource on VPA objects. by @voelzmo [#8852]

📖 Documentation

[USER] Document whether is an error in the shoot.status is a user error or not. by @hendrikKahl [#8758]

[gardener/etcd-druid]

📰 Noteworthy

[DEVELOPER] Added e2e test for compaction. by @abdasgupta [gardener/etcd-druid#723]
[OPERATOR] Compaction job now reconciles on Job Status changes along with the holder identity changes in snapshot leases. by @abdasgupta [gardener/etcd-druid#711]

✨ New Features

[DEVELOPER] Added documentation and sample configurations for simplifying Localstack setup, making it easier for developers to create a local testing environment using a Kind cluster. by @seshachalam-yv [gardener/etcd-druid#713]

🐛 Bug Fixes

[OPERATOR] Local storage provider for backups is now supported for snapshot compaction jobs. by @abdasgupta [gardener/etcd-druid#682]

🏃 Others

[OPERATOR] Update alpine image version to 3.18.4. by @shreyas-s-rao [gardener/etcd-druid#724]

📖 Documentation

[OPERATOR] Updated the recovery from permanent quorum loss ops guide. by @ishan16696 [gardener/etcd-druid#697]

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.85.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.85.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.85.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.85.0
node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.85.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.85.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.85.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.85.0

Update gardenlet to 1.85.0

[gardener/etcd-backup-restore]

📰 Noteworthy

[OPERATOR] Fix a restoration failure which can occurs due to an etcd database space exceeds during restoration. by @ishan16696 [gardener/etcd-backup-restore#668]
[OPERATOR] Making etcd-backup-restore restart tolerant while scaling-up an etcd cluster. by @ishan16696 [gardener/etcd-backup-restore#661]

🏃 Others

[OPERATOR] Enhanced Garbage Collector to garbage collect the chunks for cloud providers like GCP and OpenStack which does not automatically delete snapshot chunks after the formation of a composite object. by @anveshreddy18 [gardener/etcd-backup-restore#673]
[USER] The snapshots are fetched from the actual backend store when queried for latest snapshots on /snapshot/latest endpoint. by @abdasgupta [gardener/etcd-backup-restore#675]

[gardener/gardener]

⚠️ Breaking Changes

[DEPENDENCY] The webhookcmd.NewAddToManagerSimpleOptions function was removed, please use webhookcmd.NewAddToManagerOptions instead. by @timuthy [#8725]
[DEPENDENCY] The extensionswebhook.New forbids to pass mutators and validators at the same time. Please use separate webhooks for validating and mutating actions if required. by @timuthy [#8725]
[OPERATOR] All the functionality related to the deprecated field seed.spec.secretRef has been removed and subsequently seed.spec.secretRef will be dropped from the Seed API in a later release of Gardener. Please check your Seeds and remove any usage before upgrading to this Gardener version. by @acumino [#8833]
[USER] With this PR, the plutono UI will be able to fetch newer logs only. The older logs, which are submitted via the tenant operator will not be visible in the UI. To access the older logs, for the standard log retention period , either set the --org-id parameter for valicli or the X-Scope-Org http request header for curl or wget needs to be supplied to fetch them, using the port-forwarded service to the vali target. by @nickytd [#8800]

📰 Noteworthy

[DEVELOPER] The extension webhook registration does now differentiate between mutating and validating actions and creates matching ValidatingWebhookConfigration or MutatingWebhookConfiguration objects. Earlier, only MutatingWebhookConfigurations were created. by @timuthy [#8725]
[DEVELOPER] The UseGardenerNodeAgent feature gate is now enabled for the local development scenario. You can read more about gardener-node-agent here. by @rfranzke [#8847]

✨ New Features

[DEVELOPER] Add full single-stack IPv6 support for gardener provider-local by @nschad [#8574]
[DEPENDENCY] Webhook registration webhookcmd.NewAddToManagerOptions can now be used for admission controllers performing validation and mutation in the Garden cluster. This option automatically creates and maintains required {Mutating,Validating}WebhookConfiguration objects as well as comes with an automated management for CA and server certificates. by @timuthy [#8725]
[OPERATOR] gardenlet's Shoot care controller now garbage-collects orphaned Lease objects related to no longer existing Nodes - see this upstream issue for more details. by @rfranzke [#8817]

🐛 Bug Fixes

[OPERATOR] A bug has been fixed which prevented shoot reconciliations in case the old system:machine-controller-manager-seed ClusterRole was still referenced in the RoleBinding for machine-controller-manager`. by @himanshu-kun [#8816]
[OPERATOR] A bug causing EveryNodeReady condition to be added in workerless shoot status if gardenlet of the given shoot's seed becomes unhealthy is fixed. by @gardener-ci-robot [#8889]
[OPERATOR] A bug in the Seed care controller has been fixed which caused the Seed to remain in NotReady state when vali was disabled in gardenlet's component config (via .logging.vali.enabled=false) while logging was enabled (.logging.enabled=true). by @rfranzke [#8840]

🏃 Others

[OPERATOR] Federate non-namespaced metrics, e.g. kube_node_spec_taint, kube_node_spec_unschedulable. by @adenitiu [#8850]
[OPERATOR] The Version of Istio is up-dated to 1.19.3 by @axel7born [#8723]
[OPERATOR] showing kubelet version and OS image version in Plutono Node/Worker Pool overview dashboard by @tedteng [#8757]
[OPERATOR] The gardener-resource-manager deployment procedure was improved. Earlier, GRM was unnecessarily rolled during shoot reconciliation if worker nodes contained custom taints. by @timuthy [#8835]
[OPERATOR] Update vertical-pod-autoscaler to 1.0.0. This introduces the /status subresource on VPA objects. by @voelzmo [#8852]

📖 Documentation

[USER] Document whether is an error in the shoot.status is a user error or not. by @hendrikKahl [#8758]

[gardener/etcd-druid]

📰 Noteworthy

[DEVELOPER] Added e2e test for compaction. by @abdasgupta [gardener/etcd-druid#723]
[OPERATOR] Compaction job now reconciles on Job Status changes along with the holder identity changes in snapshot leases. by @abdasgupta [gardener/etcd-druid#711]

✨ New Features

[DEVELOPER] Added documentation and sample configurations for simplifying Localstack setup, making it easier for developers to create a local testing environment using a Kind cluster. by @seshachalam-yv [gardener/etcd-druid#713]

🐛 Bug Fixes

[OPERATOR] Local storage provider for backups is now supported for snapshot compaction jobs. by @abdasgupta [gardener/etcd-druid#682]

🏃 Others

[OPERATOR] Update alpine image version to 3.18.4. by @shreyas-s-rao [gardener/etcd-druid#724]

📖 Documentation

[OPERATOR] Updated the recovery from permanent quorum loss ops guide. by @ishan16696 [gardener/etcd-druid#697]

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.85.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.85.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.85.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.85.0
node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.85.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.85.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.85.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.85.0

Release Notes v1.85

23KE release notes and upgrade guide​

Related upstream release notes / changelogs​

[gardener/gardener-extension-shoot-rsyslog-relp]

🏃 Others​

Docker Images​

[gardener/gardener-extension-networking-cilium]

🐛 Bug Fixes​

🏃 Others​

Docker Images​

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes​

Docker Images​

[gardener/gardener]

🏃 Others​

Docker Images​

[gardener/gardener]

🏃 Others​

Docker Images​

[gardener/gardener]

🏃 Others​

Docker Images​

[gardener/gardener-extension-shoot-networking-problemdetector]

🏃 Others​

Docker Images​

[gardener/gardener-extension-shoot-networking-filter]

⚠️ Breaking Changes​

🏃 Others​

Docker Images​

[gardener/gardener-extension-os-coreos]

📰 Noteworthy​

✨ New Features​

🏃 Others​

Docker Images​

[gardener/gardener-extension-os-gardenlinux]

📰 Noteworthy​

✨ New Features​

🏃 Others​

Docker Images​

[gardener/external-dns-management]

⚠️ Breaking Changes​

🏃 Others​

Docker Images​

[gardener/gardener-extension-os-ubuntu]

📰 Noteworthy​

🏃 Others​

Docker Images​

[gardener/gardener-extension-provider-alicloud]

📰 Noteworthy​

✨ New Features​

🏃 Others​

[gardener/machine-controller-manager]

🐛 Bug Fixes​

Docker Images​

Docker Images​

[gardener/gardener-extension-shoot-oidc-service]

✨ New Features​

🐛 Bug Fixes​

[gardener/oidc-webhook-authenticator]

🏃 Others​

Docker Images​

[gardener/etcd-backup-restore]

📰 Noteworthy​

🏃 Others​

[gardener/gardener]

⚠️ Breaking Changes​

📰 Noteworthy​

✨ New Features​

🐛 Bug Fixes​

🏃 Others​

📖 Documentation​

[gardener/etcd-druid]

📰 Noteworthy​

✨ New Features​

🐛 Bug Fixes​

🏃 Others​

📖 Documentation​

Docker Images​

[gardener/etcd-backup-restore]

📰 Noteworthy​

23KE release notes and upgrade guide

Related upstream release notes / changelogs

🏃 Others

Docker Images

🐛 Bug Fixes

🏃 Others

Docker Images

🐛 Bug Fixes

Docker Images

🏃 Others

Docker Images

🏃 Others

Docker Images

🏃 Others

Docker Images

🏃 Others

Docker Images

⚠️ Breaking Changes

🏃 Others

Docker Images

📰 Noteworthy

✨ New Features

🏃 Others

Docker Images

📰 Noteworthy

✨ New Features

🏃 Others

Docker Images

⚠️ Breaking Changes

🏃 Others

Docker Images

📰 Noteworthy

🏃 Others

Docker Images

📰 Noteworthy

✨ New Features

🏃 Others

🐛 Bug Fixes

Docker Images

Docker Images

✨ New Features

🐛 Bug Fixes

🏃 Others

Docker Images

📰 Noteworthy

🏃 Others

⚠️ Breaking Changes

📰 Noteworthy

✨ New Features

🐛 Bug Fixes

🏃 Others

📖 Documentation

📰 Noteworthy

✨ New Features

🐛 Bug Fixes

🏃 Others

📖 Documentation

Docker Images

📰 Noteworthy

🏃 Others

⚠️ Breaking Changes

📰 Noteworthy

✨ New Features

🐛 Bug Fixes

🏃 Others

📖 Documentation

📰 Noteworthy

✨ New Features

🐛 Bug Fixes

🏃 Others

📖 Documentation

Docker Images

📰 Noteworthy

🏃 Others

⚠️ Breaking Changes

📰 Noteworthy

✨ New Features

🐛 Bug Fixes

🏃 Others

📖 Documentation