Release Notes v1.91
Yake release notes and upgrade guideβ
Related upstream release notes / changelogsβ
Update gardener-controlplane to 1.90.2
[gardener/gardener]
π Bug Fixesβ
[USER]
An issue has been fixed which causedShoot
reconciliation to get stuck because the API discovery used to generate the read-onlyClusterRole
forshoots/viewerkubeconfig
subresource failed. by @rfranzke [#9361]
Docker Imagesβ
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.2
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.2
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.2
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.2
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.2
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.2
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.2
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.2
Update gardener-controlplane to 1.90.2
[gardener/gardener]
π Bug Fixesβ
[USER]
An issue has been fixed which causedShoot
reconciliation to get stuck because the API discovery used to generate the read-onlyClusterRole
forshoots/viewerkubeconfig
subresource failed. by @rfranzke [#9361]
Docker Imagesβ
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.2
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.2
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.2
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.2
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.2
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.2
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.2
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.2
Update gardenlet to 1.90.2
[gardener/gardener]
π Bug Fixesβ
[USER]
An issue has been fixed which causedShoot
reconciliation to get stuck because the API discovery used to generate the read-onlyClusterRole
forshoots/viewerkubeconfig
subresource failed. by @rfranzke [#9361]
Docker Imagesβ
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.2
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.2
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.2
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.2
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.2
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.2
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.2
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.2
Update etcd to 6.1.0
What's Changedβ
- Pass through .values.backup.secretData by @j2L4e in https://github.com/gardener-community/etcd/pull/15
New Contributorsβ
- @j2L4e made their first contribution in https://github.com/gardener-community/etcd/pull/15
Full Changelog: https://github.com/gardener-community/etcd/compare/6.0.0...6.1.0
Update etcd to 6.1.0
What's Changedβ
- Pass through .values.backup.secretData by @j2L4e in https://github.com/gardener-community/etcd/pull/15
New Contributorsβ
- @j2L4e made their first contribution in https://github.com/gardener-community/etcd/pull/15
Full Changelog: https://github.com/gardener-community/etcd/compare/6.0.0...6.1.0
Update gardener-controlplane to 1.90.3
The release-notes for component github.com/gardener/gardener in version v1.90.3 exceeded the maximum length of 25000 characters allowed by GitHub for release-bodies. They have been uploaded as release-asset and can be found at https://github.com/gardener/gardener/releases/download/v1.90.3/release_notes.md.
Update gardener-controlplane to 1.90.3
The release-notes for component github.com/gardener/gardener in version v1.90.3 exceeded the maximum length of 25000 characters allowed by GitHub for release-bodies. They have been uploaded as release-asset and can be found at https://github.com/gardener/gardener/releases/download/v1.90.3/release_notes.md.
Update gardenlet to 1.90.3
The release-notes for component github.com/gardener/gardener in version v1.90.3 exceeded the maximum length of 25000 characters allowed by GitHub for release-bodies. They have been uploaded as release-asset and can be found at https://github.com/gardener/gardener/releases/download/v1.90.3/release_notes.md.
Update provider-alicloud to 1.51.2
no release notes available
Docker Imagesβ
- gardener-extension-admission-alicloud:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-alicloud:v1.51.2
- gardener-extension-provider-alicloud:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-alicloud:v1.51.2
Update cloudprofiles to 0.7.1
Update etcd to 6.2.0
What's Changedβ
- Define images repository and tag as seperate keys, fallback to old style by @lotharbach in https://github.com/gardener-community/etcd/pull/16
- Switch to new upstream registry
Full Changelog: https://github.com/gardener-community/etcd/compare/6.1.0...6.2.0
Update etcd to 6.2.0
What's Changedβ
- Define images repository and tag as seperate keys, fallback to old style by @lotharbach in https://github.com/gardener-community/etcd/pull/16
- Switch to new upstream registry
Full Changelog: https://github.com/gardener-community/etcd/compare/6.1.0...6.2.0
Update gardener-controlplane to 1.90.4
[gardener/gardener]
π Bug Fixesβ
[OPERATOR]
A configuration issue of the prometheus-operator managed alertmanager instances is fixed. by @istvanballok [#9420][OPERATOR]
A bug has been fixed which prevented pods from starting on clusters of at least1.28
if they were using oldPersistentVolume
s created with the deprecatedfailure-domain.beta.kubernetes.io/{zone,region}
labels. by @rfranzke [#9413]
Docker Imagesβ
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.4
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.4
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.4
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.4
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.4
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.4
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.4
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.4
Update gardener-controlplane to 1.90.4
[gardener/gardener]
π Bug Fixesβ
[OPERATOR]
A configuration issue of the prometheus-operator managed alertmanager instances is fixed. by @istvanballok [#9420][OPERATOR]
A bug has been fixed which prevented pods from starting on clusters of at least1.28
if they were using oldPersistentVolume
s created with the deprecatedfailure-domain.beta.kubernetes.io/{zone,region}
labels. by @rfranzke [#9413]
Docker Imagesβ
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.4
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.4
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.4
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.4
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.4
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.4
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.4
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.4
Update gardenlet to 1.90.4
[gardener/gardener]
π Bug Fixesβ
[OPERATOR]
A configuration issue of the prometheus-operator managed alertmanager instances is fixed. by @istvanballok [#9420][OPERATOR]
A bug has been fixed which prevented pods from starting on clusters of at least1.28
if they were using oldPersistentVolume
s created with the deprecatedfailure-domain.beta.kubernetes.io/{zone,region}
labels. by @rfranzke [#9413]
Docker Imagesβ
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.4
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.4
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.4
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.4
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.4
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.4
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.4
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.4
Update provider-azure to 1.42.0
[gardener/machine-controller-manager]
β οΈ Breaking Changesβ
[OPERATOR]
Change OCI Image Registry from GCR (eu.gcr.io/gardener-project
) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases
). Users should update their references. by @ccwienk [gardener/machine-controller-manager#878]
π Bug Fixesβ
[OPERATOR]
Fix for edge case of Node object deletion missed during machine termination. by @elankath [gardener/machine-controller-manager#887][DEVELOPER]
MCM restart happens properly in integration tests now. This fix will get activated, once this version is vendored in your mcm-provider by @sssash18 [gardener/machine-controller-manager#879]
π Othersβ
[DEVELOPER]
Bumpk8s.io/*
deps tov0.28.2
by @afritzler [gardener/machine-controller-manager#858][DEVELOPER]
go-git now removed from dependencies due to CVE's. by @elankath [gardener/machine-controller-manager#896][OPERATOR]
fixed IT for seed with k8s >= 1.27 as control cluster by @piyuagr [gardener/machine-controller-manager#869][OPERATOR]
Architecture field added in the nodetemplate. This will allow CA to pickup architecture from machine class and schedule pods on relevant arch nodes. by @sssash18 [gardener/machine-controller-manager#894][OPERATOR]
machine controller won't reconcile machine on non-spec update events by @himanshu-kun [gardener/machine-controller-manager#877]
π Documentationβ
[DEVELOPER]
Phase transition diagram for a machine object is added to FAQs by @himanshu-kun [gardener/machine-controller-manager#886]
[gardener/gardener-extension-provider-azure]
β¨ New Featuresβ
[OPERATOR]
Updated the default storage account SKU from StandardLRS to StandardZRS to enhance data durability and availability. by @seshachalam-yv [#790]
π Bug Fixesβ
[DEVELOPER]
source-
prefix ofBackupEntry
name is being ignored when performing entry deletion by @Kostov6 [#805]
π Othersβ
[OPERATOR]
fix an issue where an empty infrastructure state would cause issues when picking the proper reconciler. by @kon-angelo [#787][OPERATOR]
Fix an issue where backupentry secrets would not be deleted due to incorrect credential format error. by @kon-angelo [#795]
[gardener/machine-controller-manager-provider-azure]
π Othersβ
[OPERATOR]
Fixed handling for data disk in ToBeDetached=true state during vm deletion by @unmarshall [gardener/machine-controller-manager-provider-azure#132][OPERATOR]
Fixed the gap where VM marketplace images with no plans were not handled properly. Now one can start VMs having marketplace image with no plan. by @unmarshall [gardener/machine-controller-manager-provider-azure#134][USER]
Fixed recording of erroneous metrics for driver and API requests by @unmarshall [gardener/machine-controller-manager-provider-azure#130][USER]
Uses new Azure SDK as the older go-autorest is out of support.
Adds 2 new metrics which compute driver API call duration and Azure API call duration for all successful API calls.
Recently introduced Azure fakes are used extensively for unit tests.
Driver.GetMachineStatus now only gets the status from the Machine and not from associated NIC(s).
Deletion of a machine now cascade deletes NIC(s) and Disk(s) (OSDisk and DataDisk(s)) as well. Previously it was a 2 step process of detatch followed by a delete.
In the API following have been marked as deprecated:- Constants: [api.AzureClientID, api.AzureClientSecret, api.AzureSubscriptionID, api.AzureTenantID, api.AzureAlternativeClientID, api.AzureAlternativeClientSecret, api.AzureAlternativeSubscriptionID, api.AzureAlternativeTenantID, api.MachineSetKindVMO and api.MachineSetKindAvailabilitySet]
- AzureVirtualMachineProperties.MachineSet has been marked as deprecated by @unmarshall [gardener/machine-controller-manager-provider-azure#105]
-
[USER]
Updated the following dependencies:β- github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 [v5.3.0-beta.2 to v5.3.0]
- github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/marketplaceordering/armmarketplaceordering [v1.2.0-beta.3 to v1.2.0]
- github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 [v4.3.0-beta.1 to v4.3.0]
- github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources [v1.2.0-beta.3 to v1.2.0] by @unmarshall [gardener/machine-controller-manager-provider-azure#117]
[gardener/terraformer]
π Othersβ
[OPERATOR]
Update go -> v1.21.5 by @kon-angelo [gardener/terraformer#146][OPERATOR]
Update alpine -> v1.29.0 by @kon-angelo [gardener/terraformer#146]
Docker Imagesβ
- gardener-extension-admission-azure:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.42.0
- gardener-extension-provider-azure:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.42.0
Update gardener-controlplane to 1.91.0
[gardener/gardener]
β οΈ Breaking Changesβ
[USER]
Deprecated.spec.kubernetes.allowPrivilegedContainers
field in the Shoot API is now removed. by @shafeeqes [#9274][USER]
The.status.advertisedAddresses[]
list in aShoot
's status now includes theShoot
's service account issuer under the nameservice-account-issuer
. Please revisit any logic that might depend on all advertised addresses being used for communication with thekube-apiserver
of a shoot cluster. by @dimityrmirchev [#9196][OPERATOR]
TheShootForceDeletion
feature gate has been promoted to beta and is turned on by default. by @acumino [#9325]
β¨ New Featuresβ
[DEVELOPER]
The{garden,seed,shoot}-care
controllers now incorporateManagedResource
s into all relevant conditions, and it is possible to override the condition type into which aManagedResource
's status gets incorporated via thecare.gardener.cloud/condition-type
label. Please consult the respective documentation for more information (garden-care
,seed-care
,shoot-care
). by @rfranzke [#9313][OPERATOR]
The gardenlet now synchronizes the service account public keys of shoot clusters that have managed issuer enabled. The public keys are stored in a dedicatedgardener-system-shoot-issuer
namespace in the Garden cluster. by @dimityrmirchev [#9354][OPERATOR]
gardener-resource-manager
now considers the health and the progressing status forCertificate
andIssuer
resources (see cert-management) managed viaManagedResource
s. by @timuthy [#9326][OPERATOR]
The Shoot maintenance controller now removes unsupported feature gates and admission plugins from the Shoot during force upgrades. by @shafeeqes [#9365][OPERATOR]
gardener-operator
now deploys two Alertmanager replicas into thegarden
namespace. They don't come with any configuration by default. It is in the responsibility of the human operators to createmonitoring.coreos.com/v1alpha1.AlertmanagerConfig
resources with the proper configuration suitable for their needs. Read more about it here. by @rfranzke [#9301][OPERATOR]
TheControlPlaneHealthy
condition inShoot
s now reports an issue when{kube,machine}-controller-manager
orcluster-autoscaler
are scaled down to0
replicas. TheEveryNodeReady
condition inShoot
s now reports an issue when at least20%
of theLease
s related to nodes in thekube-node-lease
namespace are expired. by @rfranzke [#9376]
π Bug Fixesβ
[DEVELOPER]
FunctionNewClientFromBytes
in packagepkg/client/kubernetes/client.go
was fixed to considerAllowedUserFields
. Earlier, it failed when creating a Kubernetes client with a special but allowed fields in the Kubeconfig (e.g.auth-provider
). by @timuthy [#9333]
π Othersβ
[OPERATOR]
Update CoreDNS to v1.11.1. by @DockToFuture [#8945][OPERATOR]
The gardener operator documentation now closes resembles the reality of the coding. by @ScheererJ [#9342][OPERATOR]
The istio ingress gateway orphan namespace detection no longer interferes with the istio ingress gateway zone migration in case the target zone names are unknown and there is no active usage. by @ScheererJ [#9460][OPERATOR]
The ingress domain of kube-apiserver should work again for single-zonal shoot control planes. by @ScheererJ [#9393][OPERATOR]
There is a new plutono dashboard namedContainer Images
that currently contains 2 panels for image pull durations. by @ialidzhikov [#9422][OPERATOR]
Port 8132 of istio ingress gateway will respond to all ordinary http requests with a redirect (301) to the https port by @ScheererJ [#9332][OPERATOR]
The operating system config reconciler of thegardener-node-agent
now creates directories with0755
permissions when it creates files listed in the correspondingOperatingSystemConfig
on the node. Previously these directories were created with no permissions. by @plkokanov [#9443][OPERATOR]
Seed clusters with a wildcard certificate no longer useIngress
resources to exposekube-apiserver
. Instead,Istio
resources are directly used now. by @ScheererJ [#9300][OPERATOR]
Shoot clusters should stay accessible after istio ingress gateway migration via annotation alpha.istio-ingress.gardener.cloud/migrate-to was triggered. by @ScheererJ [#9423][OPERATOR]
Operators can create duplicate istio ingress gateways for migration if the zone names should be changed in the seed specification by @ScheererJ [#9304][DEVELOPER]
Now the observability applications which are also targets of the authentication & authorization proxies share common label. by @nickytd [#9385][DEVELOPER]
Local dev setup can now deploy a cluster with volume resize support. by @dnaeon [#9363]
Docker Imagesβ
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.91.0
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.91.0
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.91.0
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.91.0
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.91.0
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.91.0
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.91.0
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.91.0
Update gardener-controlplane to 1.91.0
[gardener/gardener]
β οΈ Breaking Changesβ
[USER]
Deprecated.spec.kubernetes.allowPrivilegedContainers
field in the Shoot API is now removed. by @shafeeqes [#9274][USER]
The.status.advertisedAddresses[]
list in aShoot
's status now includes theShoot
's service account issuer under the nameservice-account-issuer
. Please revisit any logic that might depend on all advertised addresses being used for communication with thekube-apiserver
of a shoot cluster. by @dimityrmirchev [#9196][OPERATOR]
TheShootForceDeletion
feature gate has been promoted to beta and is turned on by default. by @acumino [#9325]
β¨ New Featuresβ
[DEVELOPER]
The{garden,seed,shoot}-care
controllers now incorporateManagedResource
s into all relevant conditions, and it is possible to override the condition type into which aManagedResource
's status gets incorporated via thecare.gardener.cloud/condition-type
label. Please consult the respective documentation for more information (garden-care
,seed-care
,shoot-care
). by @rfranzke [#9313][OPERATOR]
The gardenlet now synchronizes the service account public keys of shoot clusters that have managed issuer enabled. The public keys are stored in a dedicatedgardener-system-shoot-issuer
namespace in the Garden cluster. by @dimityrmirchev [#9354][OPERATOR]
gardener-resource-manager
now considers the health and the progressing status forCertificate
andIssuer
resources (see cert-management) managed viaManagedResource
s. by @timuthy [#9326][OPERATOR]
The Shoot maintenance controller now removes unsupported feature gates and admission plugins from the Shoot during force upgrades. by @shafeeqes [#9365][OPERATOR]
gardener-operator
now deploys two Alertmanager replicas into thegarden
namespace. They don't come with any configuration by default. It is in the responsibility of the human operators to createmonitoring.coreos.com/v1alpha1.AlertmanagerConfig
resources with the proper configuration suitable for their needs. Read more about it here. by @rfranzke [#9301][OPERATOR]
TheControlPlaneHealthy
condition inShoot
s now reports an issue when{kube,machine}-controller-manager
orcluster-autoscaler
are scaled down to0
replicas. TheEveryNodeReady
condition inShoot
s now reports an issue when at least20%
of theLease
s related to nodes in thekube-node-lease
namespace are expired. by @rfranzke [#9376]
π Bug Fixesβ
[DEVELOPER]
FunctionNewClientFromBytes
in packagepkg/client/kubernetes/client.go
was fixed to considerAllowedUserFields
. Earlier, it failed when creating a Kubernetes client with a special but allowed fields in the Kubeconfig (e.g.auth-provider
). by @timuthy [#9333]
π Othersβ
[OPERATOR]
Update CoreDNS to v1.11.1. by @DockToFuture [#8945][OPERATOR]
The gardener operator documentation now closes resembles the reality of the coding. by @ScheererJ [#9342][OPERATOR]
The istio ingress gateway orphan namespace detection no longer interferes with the istio ingress gateway zone migration in case the target zone names are unknown and there is no active usage. by @ScheererJ [#9460][OPERATOR]
The ingress domain of kube-apiserver should work again for single-zonal shoot control planes. by @ScheererJ [#9393][OPERATOR]
There is a new plutono dashboard namedContainer Images
that currently contains 2 panels for image pull durations. by @ialidzhikov [#9422][OPERATOR]
Port 8132 of istio ingress gateway will respond to all ordinary http requests with a redirect (301) to the https port by @ScheererJ [#9332][OPERATOR]
The operating system config reconciler of thegardener-node-agent
now creates directories with0755
permissions when it creates files listed in the correspondingOperatingSystemConfig
on the node. Previously these directories were created with no permissions. by @plkokanov [#9443][OPERATOR]
Seed clusters with a wildcard certificate no longer useIngress
resources to exposekube-apiserver
. Instead,Istio
resources are directly used now. by @ScheererJ [#9300][OPERATOR]
Shoot clusters should stay accessible after istio ingress gateway migration via annotation alpha.istio-ingress.gardener.cloud/migrate-to was triggered. by @ScheererJ [#9423][OPERATOR]
Operators can create duplicate istio ingress gateways for migration if the zone names should be changed in the seed specification by @ScheererJ [#9304][DEVELOPER]
Now the observability applications which are also targets of the authentication & authorization proxies share common label. by @nickytd [#9385][DEVELOPER]
Local dev setup can now deploy a cluster with volume resize support. by @dnaeon [#9363]
Docker Imagesβ
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.91.0
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.91.0
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.91.0
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.91.0
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.91.0
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.91.0
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.91.0
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.91.0
Update gardenlet to 1.91.0
[gardener/gardener]
β οΈ Breaking Changesβ
[USER]
Deprecated.spec.kubernetes.allowPrivilegedContainers
field in the Shoot API is now removed. by @shafeeqes [#9274][USER]
The.status.advertisedAddresses[]
list in aShoot
's status now includes theShoot
's service account issuer under the nameservice-account-issuer
. Please revisit any logic that might depend on all advertised addresses being used for communication with thekube-apiserver
of a shoot cluster. by @dimityrmirchev [#9196][OPERATOR]
TheShootForceDeletion
feature gate has been promoted to beta and is turned on by default. by @acumino [#9325]
β¨ New Featuresβ
[DEVELOPER]
The{garden,seed,shoot}-care
controllers now incorporateManagedResource
s into all relevant conditions, and it is possible to override the condition type into which aManagedResource
's status gets incorporated via thecare.gardener.cloud/condition-type
label. Please consult the respective documentation for more information (garden-care
,seed-care
,shoot-care
). by @rfranzke [#9313][OPERATOR]
The gardenlet now synchronizes the service account public keys of shoot clusters that have managed issuer enabled. The public keys are stored in a dedicatedgardener-system-shoot-issuer
namespace in the Garden cluster. by @dimityrmirchev [#9354][OPERATOR]
gardener-resource-manager
now considers the health and the progressing status forCertificate
andIssuer
resources (see cert-management) managed viaManagedResource
s. by @timuthy [#9326][OPERATOR]
The Shoot maintenance controller now removes unsupported feature gates and admission plugins from the Shoot during force upgrades. by @shafeeqes [#9365][OPERATOR]
gardener-operator
now deploys two Alertmanager replicas into thegarden
namespace. They don't come with any configuration by default. It is in the responsibility of the human operators to createmonitoring.coreos.com/v1alpha1.AlertmanagerConfig
resources with the proper configuration suitable for their needs. Read more about it here. by @rfranzke [#9301][OPERATOR]
TheControlPlaneHealthy
condition inShoot
s now reports an issue when{kube,machine}-controller-manager
orcluster-autoscaler
are scaled down to0
replicas. TheEveryNodeReady
condition inShoot
s now reports an issue when at least20%
of theLease
s related to nodes in thekube-node-lease
namespace are expired. by @rfranzke [#9376]
π Bug Fixesβ
[DEVELOPER]
FunctionNewClientFromBytes
in packagepkg/client/kubernetes/client.go
was fixed to considerAllowedUserFields
. Earlier, it failed when creating a Kubernetes client with a special but allowed fields in the Kubeconfig (e.g.auth-provider
). by @timuthy [#9333]
π Othersβ
[OPERATOR]
Update CoreDNS to v1.11.1. by @DockToFuture [#8945][OPERATOR]
The gardener operator documentation now closes resembles the reality of the coding. by @ScheererJ [#9342][OPERATOR]
The istio ingress gateway orphan namespace detection no longer interferes with the istio ingress gateway zone migration in case the target zone names are unknown and there is no active usage. by @ScheererJ [#9460][OPERATOR]
The ingress domain of kube-apiserver should work again for single-zonal shoot control planes. by @ScheererJ [#9393][OPERATOR]
There is a new plutono dashboard namedContainer Images
that currently contains 2 panels for image pull durations. by @ialidzhikov [#9422][OPERATOR]
Port 8132 of istio ingress gateway will respond to all ordinary http requests with a redirect (301) to the https port by @ScheererJ [#9332][OPERATOR]
The operating system config reconciler of thegardener-node-agent
now creates directories with0755
permissions when it creates files listed in the correspondingOperatingSystemConfig
on the node. Previously these directories were created with no permissions. by @plkokanov [#9443][OPERATOR]
Seed clusters with a wildcard certificate no longer useIngress
resources to exposekube-apiserver
. Instead,Istio
resources are directly used now. by @ScheererJ [#9300][OPERATOR]
Shoot clusters should stay accessible after istio ingress gateway migration via annotation alpha.istio-ingress.gardener.cloud/migrate-to was triggered. by @ScheererJ [#9423][OPERATOR]
Operators can create duplicate istio ingress gateways for migration if the zone names should be changed in the seed specification by @ScheererJ [#9304][DEVELOPER]
Now the observability applications which are also targets of the authentication & authorization proxies share common label. by @nickytd [#9385][DEVELOPER]
Local dev setup can now deploy a cluster with volume resize support. by @dnaeon [#9363]
Docker Imagesβ
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.91.0
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.91.0
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.91.0
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.91.0
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.91.0
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.91.0
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.91.0
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.91.0
Update cert-management to 0.13.0
[gardener/cert-management]
β¨ New Featuresβ
[USER]
The algorithm and size for the private key can now be specified in the certificate spec section to override the default algorithmRSA
with key size 2048.
Supported algorithms areRSA
andECDSA
. ForRSA
the allowed key sizes are2048
,3072
, and4096
with2048
as default is not specified explicitly. ForECDSA
the allowed key sizes are256
and384
with256
as default.
These algorithms and key sizes are supported by Let's Encrypt. For other ACME servers please check their documentation for information about supported combinations. by @MartinWeindel [#168]
Docker Imagesβ
- cert-management:
europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.13.0
Update shoot-cert-service to 1.42.0
[gardener/gardener-extension-shoot-cert-service]
β οΈ Breaking Changesβ
[OPERATOR]
extension-shoot-cert-service
no longer supports Shoots with Πubernetes version == 1.24. by @shafeeqes [#223]
π Othersβ
[OPERATOR]
Bumps github.com/gardener/gardener from 1.90.0 to 1.91.0. by @dependabot[bot] [#244][OPERATOR]
Bumps github.com/gardener/gardener from 1.89.0 to 1.90.0. by @dependabot[bot] [#238]
[gardener/cert-management]
β¨ New Featuresβ
[USER]
The algorithm and size for the private key can now be specified in the certificate spec section to override the default algorithmRSA
with key size 2048.
Supported algorithms areRSA
andECDSA
. ForRSA
the allowed key sizes are2048
,3072
, and4096
with2048
as default is not specified explicitly. ForECDSA
the allowed key sizes are256
and384
with256
as default.
These algorithms and key sizes are supported by Let's Encrypt. For other ACME servers please check their documentation for information about supported combinations. by @MartinWeindel [gardener/cert-management#168]
Docker Imagesβ
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.42.0