Release Notes v1.90
Yake release notes and upgrade guide
Related upstream release notes / changelogs
Update provider-openstack to 1.39.1
[gardener/gardener-extension-provider-openstack]
🏃 Others
[OPERATOR]Admission controller will be deployed with the LEADER_ELECTION_NAMESPACE set to the pod namespace by @AndreasBurger [#719]
Docker Images
- gardener-extension-admission-openstack:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.39.1 - gardener-extension-provider-openstack:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.39.1
Update external-dns-management to 0.18.2
[gardener/external-dns-management]
🏃 Others
[USER]Ignore empty targets for slave entries on update. More concretely, if an ingress resource lose their load balancer addresses during an update, the old targets are kept until new targets are set. by @MartinWeindel [#357]
Docker Images
- dns-controller-manager:
europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.18.2
Update gardener-metrics-exporter to 0.29.0
[gardener/gardener-metrics-exporter]
⚠️ Breaking Changes
[OPERATOR]Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
by @ccwienk [#92]
🐛 Bug Fixes
[OPERATOR]Helm chart upgrades no longer fail due to the immutableDeployment.spec.selectorfield. In order to upgrade to this version, thegardener-metrics-exporterDeployment needs to be deleted first. by @timebertt [#94]
🏃 Others
[OPERATOR]Upgrade dependencies
Upgrade golang to 1.22 by @rickardsjp [#96][OPERATOR]Upgrade go to 1.22, update base image to distroless based on Debian 12, and exchange the linter. by @rickardsjp [#97][OPERATOR]Adds: garden_shoot_worker_node_max_total and garden_shoot_worker_node_min_total. Also gives insight into the worker type (for example for OpenStack the Flavor name). by @Sinscerly [#95]
Docker Images
- metrics-exporter:
europe-docker.pkg.dev/gardener-project/releases/gardener/metrics-exporter:0.29.0
Update gardener-metrics-exporter to 0.29.0
[gardener/gardener-metrics-exporter]
⚠️ Breaking Changes
[OPERATOR]Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
by @ccwienk [#92]
🐛 Bug Fixes
[OPERATOR]Helm chart upgrades no longer fail due to the immutableDeployment.spec.selectorfield. In order to upgrade to this version, thegardener-metrics-exporterDeployment needs to be deleted first. by @timebertt [#94]
🏃 Others
[OPERATOR]Upgrade dependencies
Upgrade golang to 1.22 by @rickardsjp [#96][OPERATOR]Upgrade go to 1.22, update base image to distroless based on Debian 12, and exchange the linter. by @rickardsjp [#97][OPERATOR]Adds: garden_shoot_worker_node_max_total and garden_shoot_worker_node_min_total. Also gives insight into the worker type (for example for OpenStack the Flavor name). by @Sinscerly [#95]
Docker Images
- metrics-exporter:
europe-docker.pkg.dev/gardener-project/releases/gardener/metrics-exporter:0.29.0
Update provider-alicloud to 1.51.0
[gardener/gardener-extension-provider-alicloud]
⚠️ Breaking Changes
[OPERATOR]CA and server certificates for the admission component are managed automatically. Passing custom certificates via Helm values is not supported anymore. by @timuthy [#683][OPERATOR]Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
by @ccwienk [#673]
📰 Noteworthy
[DEVELOPER]Remove dependency to specific calico and cilium versions. by @axel7born [#659]
✨ New Features
[USER]The provider-alicloud extension does now support shoot clusters with Kubernetes version 1.29. You should consider the Kubernetes release notes before upgrading to 1.29. by @acumino [#688][USER]provider-alicloudextension now supports Shoot Force Deletion for more details.). by @shafeeqes [#652]
🏃 Others
[OPERATOR]The following image is updated:[OPERATOR]Enhance NatGateway availableZone validation is moved to ConfigValidator, If first zone user sets under network section doesn't support enhance natgateway, an error will occur during shoot reconcile process. by @kevin-lacoo [#681][OPERATOR]Bump github.com/gardener/gardener to 1.86.0. by @timuthy [#683][OPERATOR]Now user can change EIP after infrastructure created in flow based case. by @kevin-lacoo [#686][OPERATOR]Update terraformer to v2.24.0 by @kevin-lacoo [#685][DEVELOPER]Thevendordirectory was removed in favor of thego mod cache. by @timuthy [#683]
[gardener/machine-controller-manager]
🐛 Bug Fixes
[OPERATOR]Removesnode.machine.sapcloud.io/not-managed-by-mcmannotation from nodes managed by the MCM. by @gardener-robot-ci-1 [gardener/machine-controller-manager#866]
Docker Images
- gardener-extension-admission-alicloud:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-alicloud:v1.51.0 - gardener-extension-provider-alicloud:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-alicloud:v1.51.0
Update shoot-networking-filter to 0.17.1
no release notes available
Update gardener-controlplane to 1.89.0
[gardener/gardener-metrics-exporter]
⚠️ Breaking Changes
[OPERATOR]Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
by @ccwienk [gardener/gardener-metrics-exporter#92]
🐛 Bug Fixes
[OPERATOR]Helm chart upgrades no longer fail due to the immutableDeployment.spec.selectorfield. In order to upgrade to this version, thegardener-metrics-exporterDeployment needs to be deleted first. by @timebertt [gardener/gardener-metrics-exporter#94]
🏃 Others
[OPERATOR]Upgrade go to 1.22, update base image to distroless based on Debian 12, and exchange the linter. by @rickardsjp [gardener/gardener-metrics-exporter#97][OPERATOR]Upgrade dependencies
Upgrade golang to 1.22 by @rickardsjp [gardener/gardener-metrics-exporter#96][OPERATOR]Adds: garden_shoot_worker_node_max_total and garden_shoot_worker_node_min_total. Also gives insight into the worker type (for example for OpenStack the Flavor name). by @Sinscerly [gardener/gardener-metrics-exporter#95]
[gardener/gardener]
⚠️ Breaking Changes
[DEVELOPER]The util functionpkg/utils/gardener.ComputeShootProjectSecretNamehas been renamed topkg/utils/gardener.ComputeShootProjectResourceName. by @petersutter [#9123][DEPENDENCY]There are several breaking changes in thegithub.com/gardener/gardener/extensions/pkg/webhookpackage:EnsureNoStringWithPrefix,EnsureNoStringWithPrefixContains,EnsureNoEnvVarWithName,EnsureNoVolumeMountWithName,EnsureNoVolumeWithName,EnsureNoContainerWithName,EnsureNoPVCWithNamenow delete all matching entries. Previously they were deleting only the first occurrence.EnsureStringWithPrefix,EnsureStringWithPrefixContainsnow act on all prefix matches.StringIndexis removed. instead, useslices.Index. by @Kostov6 [#9007]
[OPERATOR]TheUseGardenerNodeAgentfeature gate has been promoted to beta and is now turned on by default. by @rfranzke [#9161]
📰 Noteworthy
[USER]The shoot cluster CA bundle is now stored in aConfigMapin the project namespace of the garden cluster, in addition to storing it in aSecret. ThisConfigMapshares the same name as the pre-existingSecret, which is<shoot-name>.ca-cluster. TheSecretwill be removed in a future Gardener release. Therefore, if your tooling relies on thisSecret, you should update it to fetch theConfigMapinstead. by @petersutter [#9123][USER]It is now possible to skip a minor Kubernetes version for worker pool Kubernetes version upgrades as long as the version remains equal to or less than the control plane version. by @shafeeqes [#9185][OPERATOR]A new field.spec.runtimeCluster.ingress.domainswas added to theGardenAPI. This field allows to use multiple ingress domains for components of the runtime cluster. All domains are assumed to be wildcard domains. Earlier, the API only accepted one domain name via.spec.runtimeCluster.ingress.domain.
⚠️ With this change.spec.runtimeCluster.ingress.domainis deprecated and will be removed in the next release. Please update yourGardenresource to the new.spec.runtimeCluster.ingress.domainsfield by removing the existing domain configuration fromingress.domainand add it as the first entry ofingress.domains. by @ScheererJ [#9038]
✨ New Features
[OPERATOR]gardener-resource-managernow considers the health and the progressing status forPrometheusandAlertmanagerresources managed viaManagedResources. by @rfranzke [#9163][DEVELOPER]It is now possible to provide configuration for the cache Prometheus running in seed clusters'gardennamespaces. Read all about it here. by @rfranzke [#9128][DEVELOPER]It is now possible to provide configuration for the seed Prometheus running in seed clusters'gardennamespaces. Read all about it here. by @rfranzke [#9180][DEVELOPER]TheWaitUntilObjectReadyWithHealthFunctionfunction was enhanced to log the object's kind. by @timuthy [#9177]
🏃 Others
[DEVELOPER]An issue with theFallbackClientwas resolved. If used in external projects, the client threw scheme related errors belonging to GVKs that are not registered in theGardenScheme. by @timuthy [#9177][OPERATOR]Add Prometheus alert for unhealthy seed node. by @adenitiu [#9127][OPERATOR]Istio is now used as the single entry point on seed clusters. The load balancer of nginx-ingress is removed and traffic goes through istio before being handled by nginx if necessary. by @ScheererJ [#9038][OPERATOR]Add condition typeObservabilityComponentsHealthyfor extension health check, it will allow extensions to register with this type. by @Sallyan [#9092][OPERATOR]Multiple ingress domains in.spec.runtimeCluster.ingress.domainscan now overlap without triggering reconciliation issues. by @ScheererJ [#9183][OPERATOR]Update configure-admission.sh for extensions using gardener certificate management for webhooks by @kon-angelo [#9168][OPERATOR]The side car container of kube-apiserver for the HA VPN now have minimum memory resources that VPA will respect. by @ScheererJ [#9173]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.89.0 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.89.0 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.89.0 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.89.0 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.89.0 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.89.0 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.89.0 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.89.0
Update gardener-controlplane to 1.89.0
[gardener/gardener-metrics-exporter]
⚠️ Breaking Changes
[OPERATOR]Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
by @ccwienk [gardener/gardener-metrics-exporter#92]
🐛 Bug Fixes
[OPERATOR]Helm chart upgrades no longer fail due to the immutableDeployment.spec.selectorfield. In order to upgrade to this version, thegardener-metrics-exporterDeployment needs to be deleted first. by @timebertt [gardener/gardener-metrics-exporter#94]
🏃 Others
[OPERATOR]Upgrade go to 1.22, update base image to distroless based on Debian 12, and exchange the linter. by @rickardsjp [gardener/gardener-metrics-exporter#97][OPERATOR]Upgrade dependencies
Upgrade golang to 1.22 by @rickardsjp [gardener/gardener-metrics-exporter#96][OPERATOR]Adds: garden_shoot_worker_node_max_total and garden_shoot_worker_node_min_total. Also gives insight into the worker type (for example for OpenStack the Flavor name). by @Sinscerly [gardener/gardener-metrics-exporter#95]
[gardener/gardener]
⚠️ Breaking Changes
[DEVELOPER]The util functionpkg/utils/gardener.ComputeShootProjectSecretNamehas been renamed topkg/utils/gardener.ComputeShootProjectResourceName. by @petersutter [#9123][DEPENDENCY]There are several breaking changes in thegithub.com/gardener/gardener/extensions/pkg/webhookpackage:EnsureNoStringWithPrefix,EnsureNoStringWithPrefixContains,EnsureNoEnvVarWithName,EnsureNoVolumeMountWithName,EnsureNoVolumeWithName,EnsureNoContainerWithName,EnsureNoPVCWithNamenow delete all matching entries. Previously they were deleting only the first occurrence.EnsureStringWithPrefix,EnsureStringWithPrefixContainsnow act on all prefix matches.StringIndexis removed. instead, useslices.Index. by @Kostov6 [#9007]
[OPERATOR]TheUseGardenerNodeAgentfeature gate has been promoted to beta and is now turned on by default. by @rfranzke [#9161]
📰 Noteworthy
[USER]The shoot cluster CA bundle is now stored in aConfigMapin the project namespace of the garden cluster, in addition to storing it in aSecret. ThisConfigMapshares the same name as the pre-existingSecret, which is<shoot-name>.ca-cluster. TheSecretwill be removed in a future Gardener release. Therefore, if your tooling relies on thisSecret, you should update it to fetch theConfigMapinstead. by @petersutter [#9123][USER]It is now possible to skip a minor Kubernetes version for worker pool Kubernetes version upgrades as long as the version remains equal to or less than the control plane version. by @shafeeqes [#9185][OPERATOR]A new field.spec.runtimeCluster.ingress.domainswas added to theGardenAPI. This field allows to use multiple ingress domains for components of the runtime cluster. All domains are assumed to be wildcard domains. Earlier, the API only accepted one domain name via.spec.runtimeCluster.ingress.domain.
⚠️ With this change.spec.runtimeCluster.ingress.domainis deprecated and will be removed in the next release. Please update yourGardenresource to the new.spec.runtimeCluster.ingress.domainsfield by removing the existing domain configuration fromingress.domainand add it as the first entry ofingress.domains. by @ScheererJ [#9038]
✨ New Features
[OPERATOR]gardener-resource-managernow considers the health and the progressing status forPrometheusandAlertmanagerresources managed viaManagedResources. by @rfranzke [#9163][DEVELOPER]It is now possible to provide configuration for the cache Prometheus running in seed clusters'gardennamespaces. Read all about it here. by @rfranzke [#9128][DEVELOPER]It is now possible to provide configuration for the seed Prometheus running in seed clusters'gardennamespaces. Read all about it here. by @rfranzke [#9180][DEVELOPER]TheWaitUntilObjectReadyWithHealthFunctionfunction was enhanced to log the object's kind. by @timuthy [#9177]
🏃 Others
[DEVELOPER]An issue with theFallbackClientwas resolved. If used in external projects, the client threw scheme related errors belonging to GVKs that are not registered in theGardenScheme. by @timuthy [#9177][OPERATOR]Add Prometheus alert for unhealthy seed node. by @adenitiu [#9127][OPERATOR]Istio is now used as the single entry point on seed clusters. The load balancer of nginx-ingress is removed and traffic goes through istio before being handled by nginx if necessary. by @ScheererJ [#9038][OPERATOR]Add condition typeObservabilityComponentsHealthyfor extension health check, it will allow extensions to register with this type. by @Sallyan [#9092][OPERATOR]Multiple ingress domains in.spec.runtimeCluster.ingress.domainscan now overlap without triggering reconciliation issues. by @ScheererJ [#9183][OPERATOR]Update configure-admission.sh for extensions using gardener certificate management for webhooks by @kon-angelo [#9168][OPERATOR]The side car container of kube-apiserver for the HA VPN now have minimum memory resources that VPA will respect. by @ScheererJ [#9173]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.89.0 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.89.0 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.89.0 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.89.0 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.89.0 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.89.0 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.89.0 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.89.0
Update gardenlet to 1.89.0
[gardener/gardener-metrics-exporter]
⚠️ Breaking Changes
[OPERATOR]Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
by @ccwienk [gardener/gardener-metrics-exporter#92]
🐛 Bug Fixes
[OPERATOR]Helm chart upgrades no longer fail due to the immutableDeployment.spec.selectorfield. In order to upgrade to this version, thegardener-metrics-exporterDeployment needs to be deleted first. by @timebertt [gardener/gardener-metrics-exporter#94]
🏃 Others
[OPERATOR]Upgrade go to 1.22, update base image to distroless based on Debian 12, and exchange the linter. by @rickardsjp [gardener/gardener-metrics-exporter#97][OPERATOR]Upgrade dependencies
Upgrade golang to 1.22 by @rickardsjp [gardener/gardener-metrics-exporter#96][OPERATOR]Adds: garden_shoot_worker_node_max_total and garden_shoot_worker_node_min_total. Also gives insight into the worker type (for example for OpenStack the Flavor name). by @Sinscerly [gardener/gardener-metrics-exporter#95]
[gardener/gardener]
⚠️ Breaking Changes
[DEVELOPER]The util functionpkg/utils/gardener.ComputeShootProjectSecretNamehas been renamed topkg/utils/gardener.ComputeShootProjectResourceName. by @petersutter [#9123][DEPENDENCY]There are several breaking changes in thegithub.com/gardener/gardener/extensions/pkg/webhookpackage:EnsureNoStringWithPrefix,EnsureNoStringWithPrefixContains,EnsureNoEnvVarWithName,EnsureNoVolumeMountWithName,EnsureNoVolumeWithName,EnsureNoContainerWithName,EnsureNoPVCWithNamenow delete all matching entries. Previously they were deleting only the first occurrence.EnsureStringWithPrefix,EnsureStringWithPrefixContainsnow act on all prefix matches.StringIndexis removed. instead, useslices.Index. by @Kostov6 [#9007]
[OPERATOR]TheUseGardenerNodeAgentfeature gate has been promoted to beta and is now turned on by default. by @rfranzke [#9161]
📰 Noteworthy
[USER]The shoot cluster CA bundle is now stored in aConfigMapin the project namespace of the garden cluster, in addition to storing it in aSecret. ThisConfigMapshares the same name as the pre-existingSecret, which is<shoot-name>.ca-cluster. TheSecretwill be removed in a future Gardener release. Therefore, if your tooling relies on thisSecret, you should update it to fetch theConfigMapinstead. by @petersutter [#9123][USER]It is now possible to skip a minor Kubernetes version for worker pool Kubernetes version upgrades as long as the version remains equal to or less than the control plane version. by @shafeeqes [#9185][OPERATOR]A new field.spec.runtimeCluster.ingress.domainswas added to theGardenAPI. This field allows to use multiple ingress domains for components of the runtime cluster. All domains are assumed to be wildcard domains. Earlier, the API only accepted one domain name via.spec.runtimeCluster.ingress.domain.
⚠️ With this change.spec.runtimeCluster.ingress.domainis deprecated and will be removed in the next release. Please update yourGardenresource to the new.spec.runtimeCluster.ingress.domainsfield by removing the existing domain configuration fromingress.domainand add it as the first entry ofingress.domains. by @ScheererJ [#9038]
✨ New Features
[OPERATOR]gardener-resource-managernow considers the health and the progressing status forPrometheusandAlertmanagerresources managed viaManagedResources. by @rfranzke [#9163][DEVELOPER]It is now possible to provide configuration for the cache Prometheus running in seed clusters'gardennamespaces. Read all about it here. by @rfranzke [#9128][DEVELOPER]It is now possible to provide configuration for the seed Prometheus running in seed clusters'gardennamespaces. Read all about it here. by @rfranzke [#9180][DEVELOPER]TheWaitUntilObjectReadyWithHealthFunctionfunction was enhanced to log the object's kind. by @timuthy [#9177]
🏃 Others
[DEVELOPER]An issue with theFallbackClientwas resolved. If used in external projects, the client threw scheme related errors belonging to GVKs that are not registered in theGardenScheme. by @timuthy [#9177][OPERATOR]Add Prometheus alert for unhealthy seed node. by @adenitiu [#9127][OPERATOR]Istio is now used as the single entry point on seed clusters. The load balancer of nginx-ingress is removed and traffic goes through istio before being handled by nginx if necessary. by @ScheererJ [#9038][OPERATOR]Add condition typeObservabilityComponentsHealthyfor extension health check, it will allow extensions to register with this type. by @Sallyan [#9092][OPERATOR]Multiple ingress domains in.spec.runtimeCluster.ingress.domainscan now overlap without triggering reconciliation issues. by @ScheererJ [#9183][OPERATOR]Update configure-admission.sh for extensions using gardener certificate management for webhooks by @kon-angelo [#9168][OPERATOR]The side car container of kube-apiserver for the HA VPN now have minimum memory resources that VPA will respect. by @ScheererJ [#9173]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.89.0 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.89.0 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.89.0 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.89.0 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.89.0 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.89.0 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.89.0 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.89.0
Update cert-management to 0.12.0
[gardener/cert-management]
✨ New Features
[USER]Allow certificates without common name. As the common name is restricted to 64 characters, this means it is now possible to create certificates for domains longer than 64 characters without needing to set the common name to a shorter domain name. by @MartinWeindel [#150]
🏃 Others
[OPERATOR]Bumps golang from 1.21.6 to 1.22.0. by @dependabot[bot] [#161][OPERATOR]Bumps golang from 1.21.5 to 1.21.6. by @dependabot[bot] [#159][OPERATOR]Bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot[bot] [#158]
Docker Images
- cert-management:
europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.12.0
Update shoot-cert-service to 1.40.0
[gardener/gardener-extension-shoot-cert-service]
🏃 Others
[OPERATOR]Bump github.com/gardener/gardener from 1.84.0 to 1.84.1. by @dependabot[bot] [#216][OPERATOR]Bump github.com/gardener/gardener from 1.85.0 to 1.86.0. by @dependabot[bot] [#222][OPERATOR]Bump github.com/gardener/gardener from 1.86.0 to 1.87.0. by @dependabot[bot] [#228][OPERATOR]Bumps github.com/gardener/gardener from 1.87.0 to 1.88.0. by @dependabot[bot] [#232][OPERATOR]Bumps github.com/gardener/gardener from 1.88.0 to 1.89.0. by @dependabot[bot] [#233][OPERATOR]Bump github.com/gardener/gardener from 1.83.0 to 1.84.0. by @dependabot[bot] [#215][OPERATOR]Bump github.com/gardener/gardener from 1.84.1 to 1.85.0. by @dependabot[bot] [#218][OPERATOR]Bump github.com/gardener/gardener from 1.82.1 to 1.83.0. by @dependabot[bot] [#212][DEVELOPER]Remove vendoring from project by @MartinWeindel [#227]
[gardener/cert-management]
⚠️ Breaking Changes
[OPERATOR]Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
by @ccwienk [gardener/cert-management#156]
✨ New Features
[USER]Allow certificates without common name. As the common name is restricted to 64 characters, this means it is now possible to create certificates for domains longer than 64 characters without needing to set the common name to a shorter domain name. by @MartinWeindel [gardener/cert-management#150]
🏃 Others
[DEVELOPER]Remove vendoring by @MartinWeindel [gardener/cert-management#157][OPERATOR]Bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot[bot] [gardener/cert-management#158][OPERATOR]Update expirationDate if secret is shared between certs by @MartinWeindel [gardener/cert-management#152][OPERATOR]Bumps golang from 1.21.5 to 1.21.6. by @dependabot[bot] [gardener/cert-management#159][OPERATOR]Bumps golang from 1.21.3 to 1.21.4. by @dependabot[bot] [gardener/cert-management#148][OPERATOR]Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [gardener/cert-management#154][OPERATOR]Updated dependencies controller-manager-library and kubernetes fromv1.28.2tov1.28.3by @MartinWeindel [gardener/cert-management#149][OPERATOR]Bumps golang from 1.21.6 to 1.22.0. by @dependabot[bot] [gardener/cert-management#161][USER]Improve message if DNS entry is not getting ready. by @MartinWeindel [gardener/cert-management#151]
Docker Images
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.40.0
Update shoot-dns-service to 1.45.0
[gardener/gardener-extension-shoot-dns-service]
🏃 Others
[OPERATOR]Bumps github.com/gardener/gardener from 1.88.0 to 1.89.0. by @dependabot[bot] [#297][OPERATOR]Bumps golang from 1.21.6 to 1.22.0. by @dependabot[bot] [#291][OPERATOR]Bumps github.com/gardener/gardener from 1.87.0 to 1.88.0. by @dependabot[bot] [#292]
[gardener/external-dns-management]
✨ New Features
[USER]The Istio resourceGatewaycan now be annotated withdns.gardener.cloud/dnsnames='*'to enable the automatic creation ofDNSEntriesfor domain names extracted from hosts fields in this resource or relatedVirtualServicesresources.
TheGatewayandHTTPRouteresources from the Gateway API are supported in a similar way. by @MartinWeindel [gardener/external-dns-management#354]
🐛 Bug Fixes
[OPERATOR]Uncached listing of virtual services and httproutes by @MartinWeindel [gardener/external-dns-management#355][OPERATOR]Ignore generated load balancer services of gateways. by @MartinWeindel [gardener/external-dns-management#355]
🏃 Others
[USER]Ignore empty targets for slave entries on update. More concretely, if an ingress resource lose their load balancer addresses during an update, the old targets are kept until new targets are set. by @MartinWeindel [gardener/external-dns-management#357]
Docker Images
- gardener-extension-admission-shoot-dns-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-shoot-dns-service:v1.45.0 - gardener-extension-shoot-dns-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-dns-service:v1.45.0
Update cloudprofiles to 0.7.0
What's Changed
- Remove "Docker" CRI by @j2L4e in https://github.com/gardener-community/cloudprofiles/pull/26
New Contributors
- @j2L4e made their first contribution in https://github.com/gardener-community/cloudprofiles/pull/26
Full Changelog: https://github.com/gardener-community/cloudprofiles/compare/0.6.12...0.7.0
Update external-dns-management to 0.18.3
Update shoot-dns-service to 1.45.1
[gardener/external-dns-management]
🐛 Bug Fixes
[OPERATOR]Registergateway.networking.k8s.ioin version v1beta1 by @MartinWeindel [gardener/external-dns-management@6557e2a96a5aa690fe8ead58b90ae785370b9c78]
Docker Images
- gardener-extension-admission-shoot-dns-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-shoot-dns-service:v1.45.1 - gardener-extension-shoot-dns-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-dns-service:v1.45.1
Update os-coreos to 1.20.0
[gardener/gardener-extension-os-coreos]
⚠️ Breaking Changes
[OPERATOR]Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
by @ccwienk [#82]
📰 Noteworthy
[OPERATOR]It is assumed thatgardenlet'sUseGardenerNodeAgentis turned on by default if the feature gate is not explicitly set. Hence, make sure to use at least Gardenerv1.82when using this extension version. by @rfranzke [#91][OPERATOR]This extension is now prepared to run with an enabledUseGardenerNodeAgentfeature gate. by @rfranzke [#80]
✨ New Features
[USER]os-coreosextension now supports Shoot Force Deletion. by @ary1992 [#79]
🏃 Others
[OPERATOR]The following dependency is updated:- github.com/gardener/gardener: v1.80.1-> v1.81.0 by @ary1992 [#79]
[OPERATOR]The following dependency is updated:- github.com/gardener/gardener: v1.77.1-> v1.80.0
- k8s.io/* : v0.26.3 -> v0.28.2
- sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @acumino [#76]
Docker Images
- gardener-extension-os-coreos:
europe-docker.pkg.dev/gardener-project/releases/extensions/os-coreos:v1.20.0
Update os-gardenlinux to 0.24.0
[gardener/gardener-extension-os-gardenlinux]
📰 Noteworthy
[OPERATOR]It is assumed thatgardenlet'sUseGardenerNodeAgentis turned on by default if the feature gate is not explicitly set. Hence, make sure to use at least Gardenerv1.82when using this extension version. by @rfranzke [#148]
🏃 Others
[OPERATOR]reverts commit 37251573e5225c2f4ed6afa4a61f674a8efec245 by @danatsap [#144]
Docker Images
- gardener-extension-os-gardenlinux:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.24.0
Update os-ubuntu to 1.25.0
[gardener/gardener-extension-os-ubuntu]
⚠️ Breaking Changes
[OPERATOR]Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases) by @ccwienk [#101]
📰 Noteworthy
[OPERATOR]It is assumed thatgardenlet'sUseGardenerNodeAgentis turned on by default if the feature gate is not explicitly set. Hence, make sure to use at least Gardenerv1.82when using this extension version. by @rfranzke [#111][OPERATOR]This extension is now prepared to run with an enabledUseGardenerNodeAgentfeature gate. by @rfranzke [#99]
🏃 Others
[OPERATOR]The following dependency is updated:- github.com/gardener/gardener: v1.77.1-> v1.80.3
- k8s.io/* : v0.26.3 -> v0.28.2
- sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @shafeeqes [#95]
Docker Images
- gardener-extension-os-ubuntu:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-ubuntu:v1.25.0
Update provider-hcloud to 0.6.24
[gardener-extension-provider-hcloud] v0.6.24
Update provider-aws to 1.53.0
[gardener/gardener-extension-provider-aws]
✨ New Features
[USER]Adapt Kubelet to use ecr-credential-provider on k8s >=v1.27 by @kon-angelo [#854]
🏃 Others
[OPERATOR][dnsrecords] AAAA alias targets for load balancers with IPv6 addresses with annotationdns.gardener.cloud/ip-stack=dual-stackby @MartinWeindel [#847]
Docker Images
- gardener-extension-admission-aws:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-aws:v1.53.0 - gardener-extension-provider-aws:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-aws:v1.53.0
Update provider-gcp to 1.34.2
[gardener/gardener-extension-provider-gcp]
🏃 Others
[OPERATOR]Update terraformer to v2.25.0 by @AndreasBurger [#709]
Docker Images
- gardener-extension-admission-gcp:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-gcp:v1.34.2 - gardener-extension-provider-gcp:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-gcp:v1.34.2
Update provider-azure to 1.41.2
[gardener/gardener-extension-provider-azure]
🏃 Others
[OPERATOR]Update terraformer to v2.25.0 by @AndreasBurger [#804]
Docker Images
- gardener-extension-admission-azure:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.41.2 - gardener-extension-provider-azure:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.41.2
Update provider-openstack to 1.39.2
[gardener/gardener-extension-provider-openstack]
🏃 Others
[OPERATOR]Update terraformer to v2.25.0 by @AndreasBurger [#724]
Docker Images
- gardener-extension-admission-openstack:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.39.2 - gardener-extension-provider-openstack:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.39.2
Update garden-kube-apiserver to 5.0.0
Update gardener-controlplane to 1.90.0
[gardener/gardener]
⚠️ Breaking Changes
[OPERATOR]TheUseGardenerNodeAgentfeature gate has been promoted to GA. It was already enabled by default and can now no longer be turned off. The feature gate will be removed in a future release. by @rfranzke [#9208][OPERATOR]⚠️ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions == 1.24. Make sure to upgrade all existing clusters before upgrading to this Gardener version. by @shafeeqes [#8989][OPERATOR]TheAPIServerFastRolloutfeature gate has been promoted to GA. It was already enabled by default and can now no longer be turned off. The feature gate will be removed in a future release. by @oliver-goetz [#9214][DEVELOPER]Thepkg/envtestpackage has been moved totest/envtest. Most component packages inpkg/componenthave been moved. Thepkg/openapiandpkg/registrypackages have been moved topkg/apiserver/*. by @rfranzke [#9217][DEVELOPER]Function signature of infrastructure controllerNewReconcilerhas changed fromNewReconciler(manager.Manager, Actuator, ConfigValidator)to NewReconciler(manager.Manager, Actuator, ConfigValidator, map[gardencorev1beta1.ErrorCode]func(string) bool). by @acumino [#9321][USER]Thespec.kubernetes.allowPrivilegedContainersfield in the Shoot API is deprecated and will be removed in a future version. This field is not relevant to Shoots with kubernetes versions >= 1.25. Please adapt your controllers accordingly. by @shafeeqes [#8989]
📰 Noteworthy
[USER]It is no longer possible to add or change the.spec.seedSelectorfield inShoots whenspec.seedNameis already set. by @rfranzke [#9212]
✨ New Features
[OPERATOR]DNSRecordresources for seed and shoot clusters now have an annotation indicating their target ip stack (dns.gardener.cloud/ip-stackset to eitheripv4,ipv6, ordual-stack). by @ScheererJ [#9289][OPERATOR]gardener-resource-manager's health check controller now checks whetherVerticalPodAutoscalers report theConfigUnsupportedcondition. by @rfranzke [#9211][USER]It is now possibleto specify somecluster-autoscalerrelated options per worker poolin Shoots viaspec.provider.workers[].clusterAutoscaler. Read more about it here. by @aaronfern [#9245][USER]In order to fine-tune VPA CPU recommendations, the CPU target percentile parameter forvpa-recommendercan now be configured in theShootspecification via the.spec.kubernetes.verticalPodAutoscaler.targetCPUPercentilefield. by @voelzmo [#9279][DEVELOPER]It is now possible to provide configuration for the aggregate Prometheus running in seed clusters'gardennamespaces. Read all about it here. by @rfranzke [#9200]
🐛 Bug Fixes
[DEPENDENCY]An issue was fixed that sometimes led to leakedextension-controlplane-shoot-webhookswhich blocked the shoot deletion. by @timuthy [#9209][DEPENDENCY]hack/hook-me.shnow ensures the required network connectivity so that the quic tunnel can be successfully established. by @vpnachev [#8909][USER]A bug causing shoot force-deletion to get stuck in case the secrets referred by the DNS Records are outdated is now fixed. by @acumino [#9324]
🏃 Others
[OPERATOR]Update Istio to v1.19.7 by @axel7born [#9215][OPERATOR]Bump alpine to 3.19.1 by @ary1992 [#9315][OPERATOR]EnhanceNodeNotHealthyPrometheus alert to fire immediately. by @adenitiu [#9314][OPERATOR]gardener-node-agentnow terminates itself (leading to a restart of itssystemdunit) in case it determines that the hostname of its node has changed. by @rfranzke [#9280][OPERATOR]Resource requests of istio ingress gateway are reduced and its horizontal autoscaling behaviour specified in more detail, including scale-up under memory pressure by @ScheererJ [#9250][OPERATOR]TheVerticalPodAutoscalerobject for the shoot Prometheus is now labeled withapp=prometheus,role=monitoring, similar to the correspondingStatefulSet. by @nickytd [#9244][OPERATOR]SetreinvocationPolicy: IfNeededfor VPA admission-controller webhook to ensure that webhooks injecting sidecar containers will not trigger and endless eviction loop. by @voelzmo [#9191][DEPENDENCY]The following dependencies are updated:k8s.io/*:v0.28.4->v0.29.2sigs.k8s.io/controller-runtime:v0.16.3->v0.17.2by @shafeeqes [#9174]
[USER]The validation error shown when a user tries to change the.spec.seedNamefield of a Shoot will now also display the old and new values to better indicate that a change was attempted. by @plkokanov [#9294]
[gardener/dependency-watchdog]
⚠️ Breaking Changes
[OPERATOR]Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references. by @ccwienk [gardener/dependency-watchdog#93][OPERATOR]DWD no longer depends on checking the reachability of Kube-API server via external load-balancer as kube-proxy path optimizations makes that impossible on infrastructures which have a static IP for the LB. Instead it now depends on node leases that are periodically renewed by each node running in the shoot cluster to determine its scaling action (scale-down/up). by @rishabh-11 [gardener/dependency-watchdog#94]
🏃 Others
[OPERATOR]MakekcmNodeMonitorGraceDurationoptional in the prober config and use a default value of40sif not specified in the shoot and the config. by @rishabh-11 [gardener/dependency-watchdog#101][DEVELOPER]Useginkgolinterinstead of self bakedgomegacheckby @himanshu-kun [gardener/dependency-watchdog#95]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.0 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.0 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.0 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.0 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.0 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.0 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.0 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.0
Update gardener-controlplane to 1.90.0
[gardener/gardener]
⚠️ Breaking Changes
[OPERATOR]TheUseGardenerNodeAgentfeature gate has been promoted to GA. It was already enabled by default and can now no longer be turned off. The feature gate will be removed in a future release. by @rfranzke [#9208][OPERATOR]⚠️ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions == 1.24. Make sure to upgrade all existing clusters before upgrading to this Gardener version. by @shafeeqes [#8989][OPERATOR]TheAPIServerFastRolloutfeature gate has been promoted to GA. It was already enabled by default and can now no longer be turned off. The feature gate will be removed in a future release. by @oliver-goetz [#9214][DEVELOPER]Thepkg/envtestpackage has been moved totest/envtest. Most component packages inpkg/componenthave been moved. Thepkg/openapiandpkg/registrypackages have been moved topkg/apiserver/*. by @rfranzke [#9217][DEVELOPER]Function signature of infrastructure controllerNewReconcilerhas changed fromNewReconciler(manager.Manager, Actuator, ConfigValidator)to NewReconciler(manager.Manager, Actuator, ConfigValidator, map[gardencorev1beta1.ErrorCode]func(string) bool). by @acumino [#9321][USER]Thespec.kubernetes.allowPrivilegedContainersfield in the Shoot API is deprecated and will be removed in a future version. This field is not relevant to Shoots with kubernetes versions >= 1.25. Please adapt your controllers accordingly. by @shafeeqes [#8989]
📰 Noteworthy
[USER]It is no longer possible to add or change the.spec.seedSelectorfield inShoots whenspec.seedNameis already set. by @rfranzke [#9212]
✨ New Features
[OPERATOR]DNSRecordresources for seed and shoot clusters now have an annotation indicating their target ip stack (dns.gardener.cloud/ip-stackset to eitheripv4,ipv6, ordual-stack). by @ScheererJ [#9289][OPERATOR]gardener-resource-manager's health check controller now checks whetherVerticalPodAutoscalers report theConfigUnsupportedcondition. by @rfranzke [#9211][USER]It is now possibleto specify somecluster-autoscalerrelated options per worker poolin Shoots viaspec.provider.workers[].clusterAutoscaler. Read more about it here. by @aaronfern [#9245][USER]In order to fine-tune VPA CPU recommendations, the CPU target percentile parameter forvpa-recommendercan now be configured in theShootspecification via the.spec.kubernetes.verticalPodAutoscaler.targetCPUPercentilefield. by @voelzmo [#9279][DEVELOPER]It is now possible to provide configuration for the aggregate Prometheus running in seed clusters'gardennamespaces. Read all about it here. by @rfranzke [#9200]
🐛 Bug Fixes
[DEPENDENCY]An issue was fixed that sometimes led to leakedextension-controlplane-shoot-webhookswhich blocked the shoot deletion. by @timuthy [#9209][DEPENDENCY]hack/hook-me.shnow ensures the required network connectivity so that the quic tunnel can be successfully established. by @vpnachev [#8909][USER]A bug causing shoot force-deletion to get stuck in case the secrets referred by the DNS Records are outdated is now fixed. by @acumino [#9324]
🏃 Others
[OPERATOR]Update Istio to v1.19.7 by @axel7born [#9215][OPERATOR]Bump alpine to 3.19.1 by @ary1992 [#9315][OPERATOR]EnhanceNodeNotHealthyPrometheus alert to fire immediately. by @adenitiu [#9314][OPERATOR]gardener-node-agentnow terminates itself (leading to a restart of itssystemdunit) in case it determines that the hostname of its node has changed. by @rfranzke [#9280][OPERATOR]Resource requests of istio ingress gateway are reduced and its horizontal autoscaling behaviour specified in more detail, including scale-up under memory pressure by @ScheererJ [#9250][OPERATOR]TheVerticalPodAutoscalerobject for the shoot Prometheus is now labeled withapp=prometheus,role=monitoring, similar to the correspondingStatefulSet. by @nickytd [#9244][OPERATOR]SetreinvocationPolicy: IfNeededfor VPA admission-controller webhook to ensure that webhooks injecting sidecar containers will not trigger and endless eviction loop. by @voelzmo [#9191][DEPENDENCY]The following dependencies are updated:k8s.io/*:v0.28.4->v0.29.2sigs.k8s.io/controller-runtime:v0.16.3->v0.17.2by @shafeeqes [#9174]
[USER]The validation error shown when a user tries to change the.spec.seedNamefield of a Shoot will now also display the old and new values to better indicate that a change was attempted. by @plkokanov [#9294]
[gardener/dependency-watchdog]
⚠️ Breaking Changes
[OPERATOR]Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references. by @ccwienk [gardener/dependency-watchdog#93][OPERATOR]DWD no longer depends on checking the reachability of Kube-API server via external load-balancer as kube-proxy path optimizations makes that impossible on infrastructures which have a static IP for the LB. Instead it now depends on node leases that are periodically renewed by each node running in the shoot cluster to determine its scaling action (scale-down/up). by @rishabh-11 [gardener/dependency-watchdog#94]
🏃 Others
[OPERATOR]MakekcmNodeMonitorGraceDurationoptional in the prober config and use a default value of40sif not specified in the shoot and the config. by @rishabh-11 [gardener/dependency-watchdog#101][DEVELOPER]Useginkgolinterinstead of self bakedgomegacheckby @himanshu-kun [gardener/dependency-watchdog#95]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.0 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.0 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.0 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.0 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.0 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.0 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.0 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.0
Update gardenlet to 1.90.0
[gardener/gardener]
⚠️ Breaking Changes
[OPERATOR]TheUseGardenerNodeAgentfeature gate has been promoted to GA. It was already enabled by default and can now no longer be turned off. The feature gate will be removed in a future release. by @rfranzke [#9208][OPERATOR]⚠️ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions == 1.24. Make sure to upgrade all existing clusters before upgrading to this Gardener version. by @shafeeqes [#8989][OPERATOR]TheAPIServerFastRolloutfeature gate has been promoted to GA. It was already enabled by default and can now no longer be turned off. The feature gate will be removed in a future release. by @oliver-goetz [#9214][DEVELOPER]Thepkg/envtestpackage has been moved totest/envtest. Most component packages inpkg/componenthave been moved. Thepkg/openapiandpkg/registrypackages have been moved topkg/apiserver/*. by @rfranzke [#9217][DEVELOPER]Function signature of infrastructure controllerNewReconcilerhas changed fromNewReconciler(manager.Manager, Actuator, ConfigValidator)to NewReconciler(manager.Manager, Actuator, ConfigValidator, map[gardencorev1beta1.ErrorCode]func(string) bool). by @acumino [#9321][USER]Thespec.kubernetes.allowPrivilegedContainersfield in the Shoot API is deprecated and will be removed in a future version. This field is not relevant to Shoots with kubernetes versions >= 1.25. Please adapt your controllers accordingly. by @shafeeqes [#8989]
📰 Noteworthy
[USER]It is no longer possible to add or change the.spec.seedSelectorfield inShoots whenspec.seedNameis already set. by @rfranzke [#9212]
✨ New Features
[OPERATOR]DNSRecordresources for seed and shoot clusters now have an annotation indicating their target ip stack (dns.gardener.cloud/ip-stackset to eitheripv4,ipv6, ordual-stack). by @ScheererJ [#9289][OPERATOR]gardener-resource-manager's health check controller now checks whetherVerticalPodAutoscalers report theConfigUnsupportedcondition. by @rfranzke [#9211][USER]It is now possibleto specify somecluster-autoscalerrelated options per worker poolin Shoots viaspec.provider.workers[].clusterAutoscaler. Read more about it here. by @aaronfern [#9245][USER]In order to fine-tune VPA CPU recommendations, the CPU target percentile parameter forvpa-recommendercan now be configured in theShootspecification via the.spec.kubernetes.verticalPodAutoscaler.targetCPUPercentilefield. by @voelzmo [#9279][DEVELOPER]It is now possible to provide configuration for the aggregate Prometheus running in seed clusters'gardennamespaces. Read all about it here. by @rfranzke [#9200]
🐛 Bug Fixes
[DEPENDENCY]An issue was fixed that sometimes led to leakedextension-controlplane-shoot-webhookswhich blocked the shoot deletion. by @timuthy [#9209][DEPENDENCY]hack/hook-me.shnow ensures the required network connectivity so that the quic tunnel can be successfully established. by @vpnachev [#8909][USER]A bug causing shoot force-deletion to get stuck in case the secrets referred by the DNS Records are outdated is now fixed. by @acumino [#9324]
🏃 Others
[OPERATOR]Update Istio to v1.19.7 by @axel7born [#9215][OPERATOR]Bump alpine to 3.19.1 by @ary1992 [#9315][OPERATOR]EnhanceNodeNotHealthyPrometheus alert to fire immediately. by @adenitiu [#9314][OPERATOR]gardener-node-agentnow terminates itself (leading to a restart of itssystemdunit) in case it determines that the hostname of its node has changed. by @rfranzke [#9280][OPERATOR]Resource requests of istio ingress gateway are reduced and its horizontal autoscaling behaviour specified in more detail, including scale-up under memory pressure by @ScheererJ [#9250][OPERATOR]TheVerticalPodAutoscalerobject for the shoot Prometheus is now labeled withapp=prometheus,role=monitoring, similar to the correspondingStatefulSet. by @nickytd [#9244][OPERATOR]SetreinvocationPolicy: IfNeededfor VPA admission-controller webhook to ensure that webhooks injecting sidecar containers will not trigger and endless eviction loop. by @voelzmo [#9191][DEPENDENCY]The following dependencies are updated:k8s.io/*:v0.28.4->v0.29.2sigs.k8s.io/controller-runtime:v0.16.3->v0.17.2by @shafeeqes [#9174]
[USER]The validation error shown when a user tries to change the.spec.seedNamefield of a Shoot will now also display the old and new values to better indicate that a change was attempted. by @plkokanov [#9294]
[gardener/dependency-watchdog]
⚠️ Breaking Changes
[OPERATOR]Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references. by @ccwienk [gardener/dependency-watchdog#93][OPERATOR]DWD no longer depends on checking the reachability of Kube-API server via external load-balancer as kube-proxy path optimizations makes that impossible on infrastructures which have a static IP for the LB. Instead it now depends on node leases that are periodically renewed by each node running in the shoot cluster to determine its scaling action (scale-down/up). by @rishabh-11 [gardener/dependency-watchdog#94]
🏃 Others
[OPERATOR]MakekcmNodeMonitorGraceDurationoptional in the prober config and use a default value of40sif not specified in the shoot and the config. by @rishabh-11 [gardener/dependency-watchdog#101][DEVELOPER]Useginkgolinterinstead of self bakedgomegacheckby @himanshu-kun [gardener/dependency-watchdog#95]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.0 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.0 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.0 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.0 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.0 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.0 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.0 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.0
Update cert-management to 0.12.1
[gardener/cert-management]
🐛 Bug Fixes
[USER]Updating certificates from source objects (like Ingress or Service) with first domain name longer than 64 character failed, as the commonName field was filled. It must be left empty in this case. by @MartinWeindel [#164]
🏃 Others
[OPERATOR]Bump golang from 1.22.0 to 1.22.1 by @MartinWeindel [#165]
Docker Images
- cert-management:
europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.12.1
Update provider-alicloud to 1.51.1
[gardener/gardener-extension-provider-alicloud]
🏃 Others
[OPERATOR]upadte terraformer to 2.25.0 by @kevin-lacoo [#697]
Docker Images
- gardener-extension-admission-alicloud:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-alicloud:v1.51.1 - gardener-extension-provider-alicloud:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-alicloud:v1.51.1
Update provider-aws to 1.53.1
[gardener/terraformer]
🏃 Others
[OPERATOR]Update go -> v1.21.5 by @kon-angelo [gardener/terraformer#146][OPERATOR]Update alpine -> v1.29.0 by @kon-angelo [gardener/terraformer#146]
Docker Images
- gardener-extension-admission-aws:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-aws:v1.53.1 - gardener-extension-provider-aws:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-aws:v1.53.1
Update shoot-cert-service to 1.41.0
[gardener/cert-management]
🐛 Bug Fixes
[USER]Updating certificates from source objects (like Ingress or Service) with first domain name longer than 64 character failed, as the commonName field was filled. It must be left empty in this case. by @MartinWeindel [gardener/cert-management#164]
🏃 Others
[OPERATOR]Bump golang from 1.22.0 to 1.22.1 by @MartinWeindel [gardener/cert-management#165]
[gardener/gardener-extension-shoot-cert-service]
🏃 Others
[OPERATOR]Bumps golang from 1.22.0 to 1.22.1. by @dependabot[bot] [#236]
Docker Images
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.41.0
Update gardener-controlplane to 1.90.1
[gardener/gardener]
🐛 Bug Fixes
[USER]A bug has been fixed which preventedShoots using Alertmanager from getting stuck in reconciliation with errorlast error: more than one PV found with label disk-migration.monitoring.gardener.cloud/pvc-name=alertmanager-db-alertmanager-0. by @rfranzke [#9341][USER]A bug has been fixed which reported false negative health checks for theObservabilityComponentsHealthycondition onShoots using Alertmanager if they have been reconciled with Gardener>= 1.90. by @rfranzke [#9340][USER]An issue has been fixed which was causing scale-downs ofkube-controller-managerand similar controllers due to prevented deletion of orphaned nodeLeases. by @rfranzke [#9351][OPERATOR]A bug causing thegardener-resource-managerconfigmap to be garbage collected because of missing reference annotation is now fixed. by @aaronfern [#9347][OPERATOR]An issue causing the reconciliation of backupentries to be stuck when the extension fails to populate the status is now fixed. by @shafeeqes [#9336]
🏃 Others
[OPERATOR]The skaffold version is downgraded from v2.10.1 to v2.9.0 to fix an issue with skaffold not detecting code changes onmake gardener-up. by @dimityrmirchev [#9328][OPERATOR]NodeNotHealthy prometheus alert disregards nodes withdeployment.machine.sapcloud.io/prefer-no-scheduletaint by @adenitiu [#9346]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.1 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.1 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.1 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.1 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.1 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.1 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.1 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.1
Update gardener-controlplane to 1.90.1
[gardener/gardener]
🐛 Bug Fixes
[USER]A bug has been fixed which preventedShoots using Alertmanager from getting stuck in reconciliation with errorlast error: more than one PV found with label disk-migration.monitoring.gardener.cloud/pvc-name=alertmanager-db-alertmanager-0. by @rfranzke [#9341][USER]A bug has been fixed which reported false negative health checks for theObservabilityComponentsHealthycondition onShoots using Alertmanager if they have been reconciled with Gardener>= 1.90. by @rfranzke [#9340][USER]An issue has been fixed which was causing scale-downs ofkube-controller-managerand similar controllers due to prevented deletion of orphaned nodeLeases. by @rfranzke [#9351][OPERATOR]A bug causing thegardener-resource-managerconfigmap to be garbage collected because of missing reference annotation is now fixed. by @aaronfern [#9347][OPERATOR]An issue causing the reconciliation of backupentries to be stuck when the extension fails to populate the status is now fixed. by @shafeeqes [#9336]
🏃 Others
[OPERATOR]The skaffold version is downgraded from v2.10.1 to v2.9.0 to fix an issue with skaffold not detecting code changes onmake gardener-up. by @dimityrmirchev [#9328][OPERATOR]NodeNotHealthy prometheus alert disregards nodes withdeployment.machine.sapcloud.io/prefer-no-scheduletaint by @adenitiu [#9346]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.1 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.1 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.1 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.1 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.1 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.1 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.1 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.1
Update gardenlet to 1.90.1
[gardener/gardener]
🐛 Bug Fixes
[USER]A bug has been fixed which preventedShoots using Alertmanager from getting stuck in reconciliation with errorlast error: more than one PV found with label disk-migration.monitoring.gardener.cloud/pvc-name=alertmanager-db-alertmanager-0. by @rfranzke [#9341][USER]A bug has been fixed which reported false negative health checks for theObservabilityComponentsHealthycondition onShoots using Alertmanager if they have been reconciled with Gardener>= 1.90. by @rfranzke [#9340][USER]An issue has been fixed which was causing scale-downs ofkube-controller-managerand similar controllers due to prevented deletion of orphaned nodeLeases. by @rfranzke [#9351][OPERATOR]A bug causing thegardener-resource-managerconfigmap to be garbage collected because of missing reference annotation is now fixed. by @aaronfern [#9347][OPERATOR]An issue causing the reconciliation of backupentries to be stuck when the extension fails to populate the status is now fixed. by @shafeeqes [#9336]
🏃 Others
[OPERATOR]The skaffold version is downgraded from v2.10.1 to v2.9.0 to fix an issue with skaffold not detecting code changes onmake gardener-up. by @dimityrmirchev [#9328][OPERATOR]NodeNotHealthy prometheus alert disregards nodes withdeployment.machine.sapcloud.io/prefer-no-scheduletaint by @adenitiu [#9346]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.1 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.1 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.1 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.1 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.1 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.1 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.1 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.1