Skip to main content

Release Notes v1.98

Yake release notes and upgrade guide

Related upstream release notes / changelogs

Update gardener-controlplane to 1.97.1

[gardener/gardener]

🐛 Bug Fixes

  • [USER] Fix false-positive PrometheusCantScrape etcd-druid alert. by @gardener-ci-robot [#10000]

Docker Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.97.1
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.97.1
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.97.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.97.1
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.97.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.97.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.97.1
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.97.1
Update gardener-controlplane to 1.97.1

[gardener/gardener]

🐛 Bug Fixes

  • [USER] Fix false-positive PrometheusCantScrape etcd-druid alert. by @gardener-ci-robot [#10000]

Docker Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.97.1
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.97.1
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.97.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.97.1
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.97.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.97.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.97.1
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.97.1
Update gardenlet to 1.97.1

[gardener/gardener]

🐛 Bug Fixes

  • [USER] Fix false-positive PrometheusCantScrape etcd-druid alert. by @gardener-ci-robot [#10000]

Docker Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.97.1
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.97.1
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.97.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.97.1
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.97.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.97.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.97.1
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.97.1
Update external-dns-management to 0.18.7

[gardener/external-dns-management]

🏃 Others

  • [OPERATOR] Update golang from 1.22.3 to 1.22.4 by @MartinWeindel [#372]

Docker Images

  • dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.18.7
Update gardener-controlplane to 1.97.2

[gardener/gardener]

🐛 Bug Fixes

  • [OPERATOR] Fix an issue with federation that causes garden-prometheus to consume excessive amounts of memory. by @rickardsjp [#10013]

Docker Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.97.2
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.97.2
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.97.2
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.97.2
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.97.2
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.97.2
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.97.2
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.97.2
Update gardener-controlplane to 1.97.2

[gardener/gardener]

🐛 Bug Fixes

  • [OPERATOR] Fix an issue with federation that causes garden-prometheus to consume excessive amounts of memory. by @rickardsjp [#10013]

Docker Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.97.2
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.97.2
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.97.2
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.97.2
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.97.2
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.97.2
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.97.2
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.97.2
Update gardenlet to 1.97.2

[gardener/gardener]

🐛 Bug Fixes

  • [OPERATOR] Fix an issue with federation that causes garden-prometheus to consume excessive amounts of memory. by @rickardsjp [#10013]

Docker Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.97.2
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.97.2
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.97.2
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.97.2
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.97.2
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.97.2
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.97.2
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.97.2
Update networking-cilium to 1.36.0

[gardener/gardener-extension-networking-cilium]

🏃 Others

  • [OPERATOR] This extension is now using the new way of providing monitoring configuration (ref GEP-19) in case a shoot cluster's Prometheus has been migrated to management via prometheus-operator. by @rfranzke [#307]
  • [OPERATOR] Update cilium to v1.15.6. by @DockToFuture [#351]

Docker Images

  • gardener-extension-admission-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.36.0
  • gardener-extension-networking-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.36.0
Update provider-aws to 1.56.0

[gardener/machine-controller-manager]

⚠️ Breaking Changes

  • [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references. by @ccwienk [gardener/machine-controller-manager#878]
  • [DEVELOPER] New provider method Driver.InitializeMachine added for Post-Creation VM Instance Initialization steps. by @elankath [gardener/machine-controller-manager#898]

🐛 Bug Fixes

  • [OPERATOR] Fix for edge case of Node object deletion missed during machine termination. by @elankath [gardener/machine-controller-manager#887]
  • [DEVELOPER] A bug in UpdateNodeToMachine which cause the IT to fail is fixed. by @elankath [gardener/machine-controller-manager#893]
  • [DEVELOPER] MCM restart happens properly in integration tests now. This fix will get activated, once this version is vendored in your mcm-provider by @sssash18 [gardener/machine-controller-manager#879]

🏃 Others

  • [OPERATOR] Removed vendor directory by @rishabh-11 [gardener/machine-controller-manager#903]
  • [OPERATOR] Updated k8s dependencies to v0.29.3 by @rishabh-11 [gardener/machine-controller-manager#907]
  • [OPERATOR] fixed IT for seed with k8s >= 1.27 as control cluster by @piyuagr [gardener/machine-controller-manager#869]
  • [OPERATOR] machine controller won't reconcile machine on non-spec update events by @himanshu-kun [gardener/machine-controller-manager#877]
  • [OPERATOR] Architecture field added in the nodetemplate. This will allow CA to pickup architecture from machine class and schedule pods on relevant arch nodes. by @sssash18 [gardener/machine-controller-manager#894]
  • [DEVELOPER] go-git now removed from dependencies due to CVE's. by @elankath [gardener/machine-controller-manager#896]
  • [DEVELOPER] Bump k8s.io/* deps to v0.28.2 by @afritzler [gardener/machine-controller-manager#858]

📖 Documentation

  • [DEVELOPER] Phase transition diagram for a machine object is added to FAQs by @himanshu-kun [gardener/machine-controller-manager#886]

[gardener/machine-controller-manager-provider-aws]

✨ New Features

  • [OPERATOR] Add Ipv6AddressCount and Ipv6PrefixCount to enable the assignment of an ipv6 address and an ipv6 prefix to instances. by @gardener-robot-ci-2 [gardener/machine-controller-manager-provider-aws#162]
  • [USER] It is now possible to specify CPU options for AWS instances. by @AndreasBurger [gardener/machine-controller-manager-provider-aws#161]
  • [USER] Implements the driver metrics added to MCM in version 0.50.0 such that duration of calls to AWS and any failed requests are recorded:
    • driver_request_duration_seconds
    • driver_requests_failed_total by @saley89 [gardener/machine-controller-manager-provider-aws#153]

🏃 Others

  • [OPERATOR] Vendor directory removed by @rishabh-11 [gardener/machine-controller-manager-provider-aws#160]

[gardener/gardener-extension-provider-aws]

📰 Noteworthy

  • [OPERATOR] Aws error code NoSuchHostedZone is now ignored on DNSRecord deletion by @Kostov6 [#971]

✨ New Features

  • [USER] CPU Options for AWS instances can now be set in the worker config. by @AndreasBurger [#924]

🏃 Others

  • [OPERATOR] A problem with deploying MachineClasses that reference an operating system image whose version contains a + character was fixed. by @MrBatschner [#983]
  • [OPERATOR] Validation of shoots now takes the CloudProfile into account to make sure that the configured images are defined. by @AndreasBurger [#979]

Docker Images

  • gardener-extension-admission-aws: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-aws:v1.56.0
  • gardener-extension-provider-aws: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-aws:v1.56.0
Update provider-azure to 1.45.0

[gardener/machine-controller-manager-provider-azure]

📰 Noteworthy

  • [USER] The cloud instance to connect to can now be configured via the provider spec by @AndreasBurger [gardener/machine-controller-manager-provider-azure#148]

🏃 Others

  • [USER] Machine-Controller-Manager Provider-Azure now supports enabling of vm boot diagnostics. by @hebelsan [gardener/machine-controller-manager-provider-azure#136]
  • [USER] Add support for ConfidentialVM types in Azure. by @kon-angelo [gardener/machine-controller-manager-provider-azure#146]
  • [USER] Error Code is now extracted from azcore.ResponseError.ErrorCode by @rishabh-11 [gardener/machine-controller-manager-provider-azure#153]
  • [USER] Fix passing data disk caching method by @hebelsan [gardener/machine-controller-manager-provider-azure#149]
  • [DEVELOPER] Removed vendor directory by @rishabh-11 [gardener/machine-controller-manager-provider-azure#140]
  • [DEVELOPER] Switch AzureDataDisk.Lun from pointer to value by @hebelsan [gardener/machine-controller-manager-provider-azure#150]

[gardener/gardener-extension-provider-azure]

✨ New Features

  • [USER] Extension-Provider-Azure now supports enabling of vm boot diagnostics in the worker providerConfig. by @hebelsan [#808]

🏃 Others

  • [OPERATOR] Add support for confidential VMs by @kon-angelo [#835]
  • [OPERATOR] The CIDR blocks used for shoot egress will now be provided via the status of the shoot's infrastructure-resource by @AndreasBurger [#852]
  • [OPERATOR] OverconstrainedZonalAllocationRequest is now classified as ERR_RETRYABLE_CONFIGURATION_PROBLEM by @Kostov6 [#881]
  • [OPERATOR] Improve flow shoot deletion with custom vnet by @hebelsan [#896]
  • [OPERATOR] A problem with deploying MachineClasses that reference an operating system image whose version contains a + character was fixed. by @AndreasBurger [#898]

[gardener/machine-controller-manager]

⚠️ Breaking Changes

  • [DEVELOPER] New provider method Driver.InitializeMachine added for Post-Creation VM Instance Initialization steps. by @elankath [gardener/machine-controller-manager#898]

🏃 Others

  • [OPERATOR] Updated k8s dependencies to v0.29.3 by @rishabh-11 [gardener/machine-controller-manager#907]
  • [OPERATOR] Removed vendor directory by @rishabh-11 [gardener/machine-controller-manager#903]

Docker Images

  • gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.45.0
  • gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.45.0
Update provider-gcp to 1.37.0

[gardener/machine-controller-manager]

⚠️ Breaking Changes

  • [DEVELOPER] New provider method Driver.InitializeMachine added for Post-Creation VM Instance Initialization steps. by @elankath [gardener/machine-controller-manager#898]

🏃 Others

  • [OPERATOR] Updated k8s dependencies to v0.29.3 by @rishabh-11 [gardener/machine-controller-manager#907]
  • [OPERATOR] Removed vendor directory by @rishabh-11 [gardener/machine-controller-manager#903]

[gardener/machine-controller-manager-provider-gcp]

🏃 Others

  • [USER] The providerSpec validation has changed for the following driver calls:-
    • DeleteMachine, ListMachines, and GetMachineStatus validate only the zone field in the providerSpec. by @rishabh-11 [gardener/machine-controller-manager-provider-gcp#123]
  • [USER] Remove strict validation about disk types by @kon-angelo [gardener/machine-controller-manager-provider-gcp#108]
  • [DEVELOPER] Removed vendor directory by @rishabh-11 [gardener/machine-controller-manager-provider-gcp#112]
  • [DEVELOPER] Support for passing disk params provisioned-iops and provisioned-throughput by @hebelsan [gardener/machine-controller-manager-provider-gcp#122]

[gardener/gardener-extension-provider-gcp]

✨ New Features

  • [USER] Add support for specifying data volume sourceImage in the workerConfig by @hebelsan [#751]

🏃 Others

  • [OPERATOR] A problem with deploying MachineClasses that reference an operating system image whose version contains a + character was fixed. by @AndreasBurger [#787]
  • [OPERATOR] Support and validation of disk params provisioned-iops and provisioned-throughput by @hebelsan [#743]

Docker Images

  • gardener-extension-admission-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-gcp:v1.37.0
  • gardener-extension-provider-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-gcp:v1.37.0
Update provider-openstack to 1.41.0

[gardener/gardener-extension-provider-openstack]

🏃 Others

  • [OPERATOR] Add migration test for the infrastructure reconciler by @kon-angelo [#779]
  • [OPERATOR] QoL improvements to the infrastructure reconciler by @kon-angelo [#779]
  • [OPERATOR] A problem with deploying MachineClasses that reference an operating system image whose version contains a + character was fixed. by @AndreasBurger [#795]
  • [USER] When a missing router is being encountered during reconciliation/deletion it will now be classified as ERR_INFRA_DEPENDENCIES, enabling force deletion of the shoot via annotation. by @AndreasBurger [#794]

Docker Images

  • gardener-extension-admission-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.41.0
  • gardener-extension-provider-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.41.0
Update shoot-rsyslog-relp to 0.5.0

[gardener/gardener-extension-shoot-rsyslog-relp]

⚠️ Breaking Changes

  • [USER] When changing referenced TLS secret in shoot.spec.resources[] the user should provide only immutable secret by @Kostov6 [#76]

🐛 Bug Fixes

  • [OPERATOR] Fixed an issue that caused audit logs to be duplicated in journald if the system-journald-audit socket was enabled. Now if the system-journald-audit socket exists on the node, it is disabled and stopped when this extension is used. by @plkokanov [#104]
  • [USER] Rsyslog processes logs on nodes with os suse-chost 15 SP3 by @Kostov6 [#123]

🏃 Others

  • [OPERATOR] Errors that can occur when loading audit rules are now ignored and reported as warnings. This allows all correct audit rules to be loaded. by @plkokanov [#128]
  • [OPERATOR] The rsyslog-relp action which is used to forward logs to a RELP server now uses a separate in-memory queue of 100000 messages. Additionally, it also uses a disk queue of max 48 MiB which is used to store messages after the in-memory queue is exhausted or to save the current messages in the in-memory queue when the rsyslog service is restarted. by @plkokanov [#115]
  • [OPERATOR] This extension is now using the new way of providing monitoring configuration (ref GEP-19) in case a shoot cluster's Prometheus has been migrated to management via prometheus-operator. by @rfranzke [#99]

Docker Images

  • gardener-extension-shoot-rsyslog-relp-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.5.0
  • gardener-extension-shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.5.0
Update os-coreos to 1.22.1

[gardener/gardener-extension-os-coreos]

🐛 Bug Fixes

  • [OPERATOR] Fixing the deactivation of the units responsible for automatic updates. by @Duciwuci [#114]

Docker Images

  • gardener-extension-os-coreos: europe-docker.pkg.dev/gardener-project/releases/extensions/os-coreos:v1.22.1
Update gardener-controlplane to 1.98.0

[gardener/gardener]

⚠️ Breaking Changes

  • [DEPENDENCY] The Registry in pkg/utils/managedresources/registry.go was changed to return all objects as a compressed data chunk.
    As soon as you update the github.com/gardener/gardener dependency to this version, ManagedResource secrets will be rewritten in a Brotli compressed format (combined under data key data.yaml.br). by @timuthy [#9964]
  • [DEPENDENCY] The github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider.Args#EnableObjectSelector field is now removed. The corresponding webhook's object selector is now enforced unconditionally. by @ialidzhikov [#10027]
  • [OPERATOR] Provider extensions specifying a "controlplane" mutating webhook ObjectSelector are incompatible with gardenlet < v1.98.0. by @LucaBernstein [#9981]
  • [OPERATOR] The Resource Size Validator of the gardener-admission-controller ignores status subresource and metadata.managedFields for resource size limits. Please consider adjusting your configuration if you already increased the limits because of these now ignored sections. by @LucaBernstein [#10011]
  • [USER] Separately configuring resource reservations for system processes via shoot.spec.kubernetes.kubelet.systemReserved or spec.provider.workers[].kubernetes.kubelet.systemReserved is deprecated in Gardener and will be removed in a future release. Please merge existing resource reservations into the corresponding kubeReserved field. by @MichaelEischer [#9985]
  • [DEVELOPER] The function github.com/gardener/gardener/extensions/pkg/controller/worker/WorkerPoolHash now expects separate additional data for version 1 and 2 of the hash calculation. Version 2 does not include extension provider specific fields by default. Add those to the additional data for version 2 if necessary. by @MichaelEischer [#9865]

📰 Noteworthy

  • [DEVELOPER] The resources mutated by the "controlplane" mutating webhooks are labeled with provider.extensions.gardener.cloud/mutated-by-controlplane-webhook: true by gardenlet. The provider extensions can add an object selector to their "controlplane" mutating webhooks to do not intercept requests for unrelated objects. by @LucaBernstein [#9981]

✨ New Features

  • [OPERATOR] Version 2 of the WorkerPoolHash calculation now takes the current name of the OperatingSystemConfig into account. Its usage is controlled by the gardenlet feature gate NewWorkerPoolHash. All provider extension must be upgraded before enabling this feature gate. The new calculation also ensures that changes of the fields kubeReserved, evictionHard and cpuManagerPolicy in the kubelet config of a worker pool result in node rolls. by @MichaelEischer [#9865]
  • [OPERATOR] Failure of snapshot compaction jobs at a rate greater than 10% of shoots in a seed will raise alerts now. by @renormalize [#9739]
  • [DEVELOPER] gosec was introduced for Static Application Security Testing (SAST). by @oliver-goetz [#9959]
  • [USER] A new field .spec.CredentialsBindingName referencing a CredentialsBinding was introduced to shoot specification. It is meant to replace the existing SecretBindingName. As of now the field is guarded by a feature gate called AllowCredentialsBinding. by @dimityrmirchev [#9853]

🐛 Bug Fixes

  • [OPERATOR] Fix a bug where the Reversed VPN OpenVPN Server (HA) doesn't display any data. by @axel7born [#10035]

🏃 Others

  • [DEPENDENCY] The envoyproxy/envoy image has been updated to v1.30.3. Release Notes by @gardener-ci-robot [#10031]
  • [DEPENDENCY] The gardener/alpine-conntrack image has been updated to 3.20.1. Release Notes by @gardener-ci-robot [#10010]
  • [DEPENDENCY] The gcr.io/istio-release/pilot image has been updated to 1.21.3. by @gardener-ci-robot [#9914]
  • [DEPENDENCY] extensions lib: The shoot webhook does now support specifying an object selector. by @ialidzhikov [#10026]
  • [DEPENDENCY] The credativ/vali image has been updated to v2.2.16. Release Notes by @gardener-ci-robot [#9976]
  • [DEPENDENCY] The credativ/plutono image has been updated to v7.5.31. Release Notes by @gardener-ci-robot [#9978]
  • [DEVELOPER] The "remote local setup" is enhanced e.g. to support multiple scenarios. by @istvanballok [#9980]
  • [OPERATOR] machine-controller-manager-provider-xxx container now exposes metrics that prometheus can scrapes by @aaronfern [#9933]
  • [OPERATOR] kube-apiserver HPA's max replicas count from 3 to 6 in VPAAndHPA autoscaling mode to support very large control planes. by @ialidzhikov [#9971]
  • [OPERATOR] Gardener Enhancement Proposal for a bastion section in the CloudProfile by @hebelsan [#9935]
  • [OPERATOR] Introduce the operator Extension type. An Extension is responsible for installing the ControllerRegistration and ControllerRuntime in the garden cluster and also install any extensions necessary to manage infrastructure resources in the runtime cluster. This release contains the API only, further functionality will be released in future Gardener versions. by @kon-angelo [#9924]
  • [OPERATOR] The data in ManagedResource secrets is now compressed with Brotli and stored under a single data key data.yaml.br. by @timuthy [#9964]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.98.0
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.98.0
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.98.0
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.98.0

Docker Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.98.0
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.98.0
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.98.0
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.98.0
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.98.0
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.98.0
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.98.0
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.98.0
Update gardener-controlplane to 1.98.0

[gardener/gardener]

⚠️ Breaking Changes

  • [DEPENDENCY] The Registry in pkg/utils/managedresources/registry.go was changed to return all objects as a compressed data chunk.
    As soon as you update the github.com/gardener/gardener dependency to this version, ManagedResource secrets will be rewritten in a Brotli compressed format (combined under data key data.yaml.br). by @timuthy [#9964]
  • [DEPENDENCY] The github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider.Args#EnableObjectSelector field is now removed. The corresponding webhook's object selector is now enforced unconditionally. by @ialidzhikov [#10027]
  • [OPERATOR] Provider extensions specifying a "controlplane" mutating webhook ObjectSelector are incompatible with gardenlet < v1.98.0. by @LucaBernstein [#9981]
  • [OPERATOR] The Resource Size Validator of the gardener-admission-controller ignores status subresource and metadata.managedFields for resource size limits. Please consider adjusting your configuration if you already increased the limits because of these now ignored sections. by @LucaBernstein [#10011]
  • [USER] Separately configuring resource reservations for system processes via shoot.spec.kubernetes.kubelet.systemReserved or spec.provider.workers[].kubernetes.kubelet.systemReserved is deprecated in Gardener and will be removed in a future release. Please merge existing resource reservations into the corresponding kubeReserved field. by @MichaelEischer [#9985]
  • [DEVELOPER] The function github.com/gardener/gardener/extensions/pkg/controller/worker/WorkerPoolHash now expects separate additional data for version 1 and 2 of the hash calculation. Version 2 does not include extension provider specific fields by default. Add those to the additional data for version 2 if necessary. by @MichaelEischer [#9865]

📰 Noteworthy

  • [DEVELOPER] The resources mutated by the "controlplane" mutating webhooks are labeled with provider.extensions.gardener.cloud/mutated-by-controlplane-webhook: true by gardenlet. The provider extensions can add an object selector to their "controlplane" mutating webhooks to do not intercept requests for unrelated objects. by @LucaBernstein [#9981]

✨ New Features

  • [OPERATOR] Version 2 of the WorkerPoolHash calculation now takes the current name of the OperatingSystemConfig into account. Its usage is controlled by the gardenlet feature gate NewWorkerPoolHash. All provider extension must be upgraded before enabling this feature gate. The new calculation also ensures that changes of the fields kubeReserved, evictionHard and cpuManagerPolicy in the kubelet config of a worker pool result in node rolls. by @MichaelEischer [#9865]
  • [OPERATOR] Failure of snapshot compaction jobs at a rate greater than 10% of shoots in a seed will raise alerts now. by @renormalize [#9739]
  • [DEVELOPER] gosec was introduced for Static Application Security Testing (SAST). by @oliver-goetz [#9959]
  • [USER] A new field .spec.CredentialsBindingName referencing a CredentialsBinding was introduced to shoot specification. It is meant to replace the existing SecretBindingName. As of now the field is guarded by a feature gate called AllowCredentialsBinding. by @dimityrmirchev [#9853]

🐛 Bug Fixes

  • [OPERATOR] Fix a bug where the Reversed VPN OpenVPN Server (HA) doesn't display any data. by @axel7born [#10035]

🏃 Others

  • [DEPENDENCY] The envoyproxy/envoy image has been updated to v1.30.3. Release Notes by @gardener-ci-robot [#10031]
  • [DEPENDENCY] The gardener/alpine-conntrack image has been updated to 3.20.1. Release Notes by @gardener-ci-robot [#10010]
  • [DEPENDENCY] The gcr.io/istio-release/pilot image has been updated to 1.21.3. by @gardener-ci-robot [#9914]
  • [DEPENDENCY] extensions lib: The shoot webhook does now support specifying an object selector. by @ialidzhikov [#10026]
  • [DEPENDENCY] The credativ/vali image has been updated to v2.2.16. Release Notes by @gardener-ci-robot [#9976]
  • [DEPENDENCY] The credativ/plutono image has been updated to v7.5.31. Release Notes by @gardener-ci-robot [#9978]
  • [DEVELOPER] The "remote local setup" is enhanced e.g. to support multiple scenarios. by @istvanballok [#9980]
  • [OPERATOR] machine-controller-manager-provider-xxx container now exposes metrics that prometheus can scrapes by @aaronfern [#9933]
  • [OPERATOR] kube-apiserver HPA's max replicas count from 3 to 6 in VPAAndHPA autoscaling mode to support very large control planes. by @ialidzhikov [#9971]
  • [OPERATOR] Gardener Enhancement Proposal for a bastion section in the CloudProfile by @hebelsan [#9935]
  • [OPERATOR] Introduce the operator Extension type. An Extension is responsible for installing the ControllerRegistration and ControllerRuntime in the garden cluster and also install any extensions necessary to manage infrastructure resources in the runtime cluster. This release contains the API only, further functionality will be released in future Gardener versions. by @kon-angelo [#9924]
  • [OPERATOR] The data in ManagedResource secrets is now compressed with Brotli and stored under a single data key data.yaml.br. by @timuthy [#9964]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.98.0
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.98.0
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.98.0
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.98.0

Docker Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.98.0
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.98.0
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.98.0
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.98.0
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.98.0
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.98.0
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.98.0
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.98.0
Update gardenlet to 1.98.0

[gardener/gardener]

⚠️ Breaking Changes

  • [DEPENDENCY] The Registry in pkg/utils/managedresources/registry.go was changed to return all objects as a compressed data chunk.
    As soon as you update the github.com/gardener/gardener dependency to this version, ManagedResource secrets will be rewritten in a Brotli compressed format (combined under data key data.yaml.br). by @timuthy [#9964]
  • [DEPENDENCY] The github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider.Args#EnableObjectSelector field is now removed. The corresponding webhook's object selector is now enforced unconditionally. by @ialidzhikov [#10027]
  • [OPERATOR] Provider extensions specifying a "controlplane" mutating webhook ObjectSelector are incompatible with gardenlet < v1.98.0. by @LucaBernstein [#9981]
  • [OPERATOR] The Resource Size Validator of the gardener-admission-controller ignores status subresource and metadata.managedFields for resource size limits. Please consider adjusting your configuration if you already increased the limits because of these now ignored sections. by @LucaBernstein [#10011]
  • [USER] Separately configuring resource reservations for system processes via shoot.spec.kubernetes.kubelet.systemReserved or spec.provider.workers[].kubernetes.kubelet.systemReserved is deprecated in Gardener and will be removed in a future release. Please merge existing resource reservations into the corresponding kubeReserved field. by @MichaelEischer [#9985]
  • [DEVELOPER] The function github.com/gardener/gardener/extensions/pkg/controller/worker/WorkerPoolHash now expects separate additional data for version 1 and 2 of the hash calculation. Version 2 does not include extension provider specific fields by default. Add those to the additional data for version 2 if necessary. by @MichaelEischer [#9865]

📰 Noteworthy

  • [DEVELOPER] The resources mutated by the "controlplane" mutating webhooks are labeled with provider.extensions.gardener.cloud/mutated-by-controlplane-webhook: true by gardenlet. The provider extensions can add an object selector to their "controlplane" mutating webhooks to do not intercept requests for unrelated objects. by @LucaBernstein [#9981]

✨ New Features

  • [OPERATOR] Version 2 of the WorkerPoolHash calculation now takes the current name of the OperatingSystemConfig into account. Its usage is controlled by the gardenlet feature gate NewWorkerPoolHash. All provider extension must be upgraded before enabling this feature gate. The new calculation also ensures that changes of the fields kubeReserved, evictionHard and cpuManagerPolicy in the kubelet config of a worker pool result in node rolls. by @MichaelEischer [#9865]
  • [OPERATOR] Failure of snapshot compaction jobs at a rate greater than 10% of shoots in a seed will raise alerts now. by @renormalize [#9739]
  • [DEVELOPER] gosec was introduced for Static Application Security Testing (SAST). by @oliver-goetz [#9959]
  • [USER] A new field .spec.CredentialsBindingName referencing a CredentialsBinding was introduced to shoot specification. It is meant to replace the existing SecretBindingName. As of now the field is guarded by a feature gate called AllowCredentialsBinding. by @dimityrmirchev [#9853]

🐛 Bug Fixes

  • [OPERATOR] Fix a bug where the Reversed VPN OpenVPN Server (HA) doesn't display any data. by @axel7born [#10035]

🏃 Others

  • [DEPENDENCY] The envoyproxy/envoy image has been updated to v1.30.3. Release Notes by @gardener-ci-robot [#10031]
  • [DEPENDENCY] The gardener/alpine-conntrack image has been updated to 3.20.1. Release Notes by @gardener-ci-robot [#10010]
  • [DEPENDENCY] The gcr.io/istio-release/pilot image has been updated to 1.21.3. by @gardener-ci-robot [#9914]
  • [DEPENDENCY] extensions lib: The shoot webhook does now support specifying an object selector. by @ialidzhikov [#10026]
  • [DEPENDENCY] The credativ/vali image has been updated to v2.2.16. Release Notes by @gardener-ci-robot [#9976]
  • [DEPENDENCY] The credativ/plutono image has been updated to v7.5.31. Release Notes by @gardener-ci-robot [#9978]
  • [DEVELOPER] The "remote local setup" is enhanced e.g. to support multiple scenarios. by @istvanballok [#9980]
  • [OPERATOR] machine-controller-manager-provider-xxx container now exposes metrics that prometheus can scrapes by @aaronfern [#9933]
  • [OPERATOR] kube-apiserver HPA's max replicas count from 3 to 6 in VPAAndHPA autoscaling mode to support very large control planes. by @ialidzhikov [#9971]
  • [OPERATOR] Gardener Enhancement Proposal for a bastion section in the CloudProfile by @hebelsan [#9935]
  • [OPERATOR] Introduce the operator Extension type. An Extension is responsible for installing the ControllerRegistration and ControllerRuntime in the garden cluster and also install any extensions necessary to manage infrastructure resources in the runtime cluster. This release contains the API only, further functionality will be released in future Gardener versions. by @kon-angelo [#9924]
  • [OPERATOR] The data in ManagedResource secrets is now compressed with Brotli and stored under a single data key data.yaml.br. by @timuthy [#9964]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.98.0
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.98.0
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.98.0
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.98.0

Docker Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.98.0
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.98.0
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.98.0
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.98.0
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.98.0
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.98.0
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.98.0
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.98.0