[OPERATOR] This extension is now using the new way of providing monitoring configuration (ref GEP-19) in case a shoot cluster's Prometheus has been migrated to management via prometheus-operator. by @rfranzke [#307]
[OPERATOR] Update cilium to v1.15.6. by @DockToFuture [#351]
[OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references. by @ccwienk [gardener/machine-controller-manager#878]
[DEVELOPER] New provider method Driver.InitializeMachine added for Post-Creation VM Instance Initialization steps. by @elankath [gardener/machine-controller-manager#898]
[OPERATOR] Fix for edge case of Node object deletion missed during machine termination. by @elankath [gardener/machine-controller-manager#887]
[DEVELOPER] A bug in UpdateNodeToMachine which cause the IT to fail is fixed. by @elankath [gardener/machine-controller-manager#893]
[DEVELOPER] MCM restart happens properly in integration tests now. This fix will get activated, once this version is vendored in your mcm-provider by @sssash18 [gardener/machine-controller-manager#879]
[OPERATOR] Removed vendor directory by @rishabh-11 [gardener/machine-controller-manager#903]
[OPERATOR] Updated k8s dependencies to v0.29.3 by @rishabh-11 [gardener/machine-controller-manager#907]
[OPERATOR] fixed IT for seed with k8s >= 1.27 as control cluster by @piyuagr [gardener/machine-controller-manager#869]
[OPERATOR] machine controller won't reconcile machine on non-spec update events by @himanshu-kun [gardener/machine-controller-manager#877]
[OPERATOR] Architecture field added in the nodetemplate. This will allow CA to pickup architecture from machine class and schedule pods on relevant arch nodes. by @sssash18 [gardener/machine-controller-manager#894]
[DEVELOPER] go-git now removed from dependencies due to CVE's. by @elankath [gardener/machine-controller-manager#896]
[DEVELOPER] Bump k8s.io/* deps to v0.28.2 by @afritzler [gardener/machine-controller-manager#858]
[OPERATOR] Add Ipv6AddressCount and Ipv6PrefixCount to enable the assignment of an ipv6 address and an ipv6 prefix to instances. by @gardener-robot-ci-2 [gardener/machine-controller-manager-provider-aws#162]
[USER] It is now possible to specify CPU options for AWS instances. by @AndreasBurger [gardener/machine-controller-manager-provider-aws#161]
[USER] Implements the driver metrics added to MCM in version 0.50.0 such that duration of calls to AWS and any failed requests are recorded:
driver_request_duration_seconds
driver_requests_failed_total by @saley89 [gardener/machine-controller-manager-provider-aws#153]
[OPERATOR] A problem with deploying MachineClasses that reference an operating system image whose version contains a + character was fixed. by @MrBatschner [#983]
[OPERATOR] Validation of shoots now takes the CloudProfile into account to make sure that the configured images are defined. by @AndreasBurger [#979]
[USER] The cloud instance to connect to can now be configured via the provider spec by @AndreasBurger [gardener/machine-controller-manager-provider-azure#148]
[USER] Machine-Controller-Manager Provider-Azure now supports enabling of vm boot diagnostics. by @hebelsan [gardener/machine-controller-manager-provider-azure#136]
[USER] Add support for ConfidentialVM types in Azure. by @kon-angelo [gardener/machine-controller-manager-provider-azure#146]
[USER] Error Code is now extracted from azcore.ResponseError.ErrorCode by @rishabh-11 [gardener/machine-controller-manager-provider-azure#153]
[USER] Fix passing data disk caching method by @hebelsan [gardener/machine-controller-manager-provider-azure#149]
[DEVELOPER] Removed vendor directory by @rishabh-11 [gardener/machine-controller-manager-provider-azure#140]
[DEVELOPER] Switch AzureDataDisk.Lun from pointer to value by @hebelsan [gardener/machine-controller-manager-provider-azure#150]
[OPERATOR] Add support for confidential VMs by @kon-angelo [#835]
[OPERATOR] The CIDR blocks used for shoot egress will now be provided via the status of the shoot's infrastructure-resource by @AndreasBurger [#852]
[OPERATOR]OverconstrainedZonalAllocationRequest is now classified as ERR_RETRYABLE_CONFIGURATION_PROBLEM by @Kostov6 [#881]
[OPERATOR] Improve flow shoot deletion with custom vnet by @hebelsan [#896]
[OPERATOR] A problem with deploying MachineClasses that reference an operating system image whose version contains a + character was fixed. by @AndreasBurger [#898]
[DEVELOPER] New provider method Driver.InitializeMachine added for Post-Creation VM Instance Initialization steps. by @elankath [gardener/machine-controller-manager#898]
[DEVELOPER] New provider method Driver.InitializeMachine added for Post-Creation VM Instance Initialization steps. by @elankath [gardener/machine-controller-manager#898]
[USER] The providerSpec validation has changed for the following driver calls:-
DeleteMachine, ListMachines, and GetMachineStatus validate only the zone field in the providerSpec. by @rishabh-11 [gardener/machine-controller-manager-provider-gcp#123]
[USER] Remove strict validation about disk types by @kon-angelo [gardener/machine-controller-manager-provider-gcp#108]
[DEVELOPER] Removed vendor directory by @rishabh-11 [gardener/machine-controller-manager-provider-gcp#112]
[DEVELOPER] Support for passing disk params provisioned-iops and provisioned-throughput by @hebelsan [gardener/machine-controller-manager-provider-gcp#122]
[OPERATOR] A problem with deploying MachineClasses that reference an operating system image whose version contains a + character was fixed. by @AndreasBurger [#787]
[OPERATOR] Support and validation of disk params provisioned-iops and provisioned-throughput by @hebelsan [#743]
[OPERATOR] Add migration test for the infrastructure reconciler by @kon-angelo [#779]
[OPERATOR] QoL improvements to the infrastructure reconciler by @kon-angelo [#779]
[OPERATOR] A problem with deploying MachineClasses that reference an operating system image whose version contains a + character was fixed. by @AndreasBurger [#795]
[USER] When a missing router is being encountered during reconciliation/deletion it will now be classified as ERR_INFRA_DEPENDENCIES, enabling force deletion of the shoot via annotation. by @AndreasBurger [#794]
[OPERATOR] Fixed an issue that caused audit logs to be duplicated in journald if the system-journald-audit socket was enabled. Now if the system-journald-audit socket exists on the node, it is disabled and stopped when this extension is used. by @plkokanov [#104]
[USER] Rsyslog processes logs on nodes with os suse-chost 15 SP3 by @Kostov6 [#123]
[OPERATOR] Errors that can occur when loading audit rules are now ignored and reported as warnings. This allows all correct audit rules to be loaded. by @plkokanov [#128]
[OPERATOR] The rsyslog-relp action which is used to forward logs to a RELP server now uses a separate in-memory queue of 100000 messages. Additionally, it also uses a disk queue of max 48 MiB which is used to store messages after the in-memory queue is exhausted or to save the current messages in the in-memory queue when the rsyslog service is restarted. by @plkokanov [#115]
[OPERATOR] This extension is now using the new way of providing monitoring configuration (ref GEP-19) in case a shoot cluster's Prometheus has been migrated to management via prometheus-operator. by @rfranzke [#99]
[DEPENDENCY] The Registry in pkg/utils/managedresources/registry.go was changed to return all objects as a compressed data chunk.
As soon as you update the github.com/gardener/gardener dependency to this version, ManagedResource secrets will be rewritten in a Brotli compressed format (combined under data key data.yaml.br). by @timuthy [#9964]
[DEPENDENCY] The github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider.Args#EnableObjectSelector field is now removed. The corresponding webhook's object selector is now enforced unconditionally. by @ialidzhikov [#10027]
[OPERATOR] Provider extensions specifying a "controlplane" mutating webhook ObjectSelector are incompatible with gardenlet < v1.98.0. by @LucaBernstein [#9981]
[OPERATOR] The Resource Size Validator of the gardener-admission-controller ignores status subresource and metadata.managedFields for resource size limits. Please consider adjusting your configuration if you already increased the limits because of these now ignored sections. by @LucaBernstein [#10011]
[USER] Separately configuring resource reservations for system processes via shoot.spec.kubernetes.kubelet.systemReserved or spec.provider.workers[].kubernetes.kubelet.systemReserved is deprecated in Gardener and will be removed in a future release. Please merge existing resource reservations into the corresponding kubeReserved field. by @MichaelEischer [#9985]
[DEVELOPER] The function github.com/gardener/gardener/extensions/pkg/controller/worker/WorkerPoolHash now expects separate additional data for version 1 and 2 of the hash calculation. Version 2 does not include extension provider specific fields by default. Add those to the additional data for version 2 if necessary. by @MichaelEischer [#9865]
[DEVELOPER] The resources mutated by the "controlplane" mutating webhooks are labeled with provider.extensions.gardener.cloud/mutated-by-controlplane-webhook: true by gardenlet. The provider extensions can add an object selector to their "controlplane" mutating webhooks to do not intercept requests for unrelated objects. by @LucaBernstein [#9981]
[OPERATOR] Version 2 of the WorkerPoolHash calculation now takes the current name of the OperatingSystemConfig into account. Its usage is controlled by the gardenlet feature gate NewWorkerPoolHash. All provider extension must be upgraded before enabling this feature gate. The new calculation also ensures that changes of the fields kubeReserved, evictionHard and cpuManagerPolicy in the kubelet config of a worker pool result in node rolls. by @MichaelEischer [#9865]
[OPERATOR] Failure of snapshot compaction jobs at a rate greater than 10% of shoots in a seed will raise alerts now. by @renormalize [#9739]
[DEVELOPER]gosec was introduced for Static Application Security Testing (SAST). by @oliver-goetz [#9959]
[USER] A new field .spec.CredentialsBindingName referencing a CredentialsBinding was introduced to shoot specification. It is meant to replace the existing SecretBindingName. As of now the field is guarded by a feature gate called AllowCredentialsBinding. by @dimityrmirchev [#9853]
[DEPENDENCY] The envoyproxy/envoy image has been updated to v1.30.3. Release Notes by @gardener-ci-robot [#10031]
[DEPENDENCY] The gardener/alpine-conntrack image has been updated to 3.20.1. Release Notes by @gardener-ci-robot [#10010]
[DEPENDENCY] The gcr.io/istio-release/pilot image has been updated to 1.21.3. by @gardener-ci-robot [#9914]
[DEPENDENCY] extensions lib: The shoot webhook does now support specifying an object selector. by @ialidzhikov [#10026]
[DEPENDENCY] The credativ/vali image has been updated to v2.2.16. Release Notes by @gardener-ci-robot [#9976]
[DEPENDENCY] The credativ/plutono image has been updated to v7.5.31. Release Notes by @gardener-ci-robot [#9978]
[DEVELOPER] The "remote local setup" is enhanced e.g. to support multiple scenarios. by @istvanballok [#9980]
[OPERATOR]machine-controller-manager-provider-xxx container now exposes metrics that prometheus can scrapes by @aaronfern [#9933]
[OPERATOR] kube-apiserver HPA's max replicas count from 3 to 6 in VPAAndHPA autoscaling mode to support very large control planes. by @ialidzhikov [#9971]
[OPERATOR] Gardener Enhancement Proposal for a bastion section in the CloudProfile by @hebelsan [#9935]
[OPERATOR] Introduce the operator Extension type. An Extension is responsible for installing the ControllerRegistration and ControllerRuntime in the garden cluster and also install any extensions necessary to manage infrastructure resources in the runtime cluster. This release contains the API only, further functionality will be released in future Gardener versions. by @kon-angelo [#9924]
[OPERATOR] The data in ManagedResource secrets is now compressed with Brotli and stored under a single data key data.yaml.br. by @timuthy [#9964]
[DEPENDENCY] The Registry in pkg/utils/managedresources/registry.go was changed to return all objects as a compressed data chunk.
As soon as you update the github.com/gardener/gardener dependency to this version, ManagedResource secrets will be rewritten in a Brotli compressed format (combined under data key data.yaml.br). by @timuthy [#9964]
[DEPENDENCY] The github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider.Args#EnableObjectSelector field is now removed. The corresponding webhook's object selector is now enforced unconditionally. by @ialidzhikov [#10027]
[OPERATOR] Provider extensions specifying a "controlplane" mutating webhook ObjectSelector are incompatible with gardenlet < v1.98.0. by @LucaBernstein [#9981]
[OPERATOR] The Resource Size Validator of the gardener-admission-controller ignores status subresource and metadata.managedFields for resource size limits. Please consider adjusting your configuration if you already increased the limits because of these now ignored sections. by @LucaBernstein [#10011]
[USER] Separately configuring resource reservations for system processes via shoot.spec.kubernetes.kubelet.systemReserved or spec.provider.workers[].kubernetes.kubelet.systemReserved is deprecated in Gardener and will be removed in a future release. Please merge existing resource reservations into the corresponding kubeReserved field. by @MichaelEischer [#9985]
[DEVELOPER] The function github.com/gardener/gardener/extensions/pkg/controller/worker/WorkerPoolHash now expects separate additional data for version 1 and 2 of the hash calculation. Version 2 does not include extension provider specific fields by default. Add those to the additional data for version 2 if necessary. by @MichaelEischer [#9865]
[DEVELOPER] The resources mutated by the "controlplane" mutating webhooks are labeled with provider.extensions.gardener.cloud/mutated-by-controlplane-webhook: true by gardenlet. The provider extensions can add an object selector to their "controlplane" mutating webhooks to do not intercept requests for unrelated objects. by @LucaBernstein [#9981]
[OPERATOR] Version 2 of the WorkerPoolHash calculation now takes the current name of the OperatingSystemConfig into account. Its usage is controlled by the gardenlet feature gate NewWorkerPoolHash. All provider extension must be upgraded before enabling this feature gate. The new calculation also ensures that changes of the fields kubeReserved, evictionHard and cpuManagerPolicy in the kubelet config of a worker pool result in node rolls. by @MichaelEischer [#9865]
[OPERATOR] Failure of snapshot compaction jobs at a rate greater than 10% of shoots in a seed will raise alerts now. by @renormalize [#9739]
[DEVELOPER]gosec was introduced for Static Application Security Testing (SAST). by @oliver-goetz [#9959]
[USER] A new field .spec.CredentialsBindingName referencing a CredentialsBinding was introduced to shoot specification. It is meant to replace the existing SecretBindingName. As of now the field is guarded by a feature gate called AllowCredentialsBinding. by @dimityrmirchev [#9853]
[DEPENDENCY] The envoyproxy/envoy image has been updated to v1.30.3. Release Notes by @gardener-ci-robot [#10031]
[DEPENDENCY] The gardener/alpine-conntrack image has been updated to 3.20.1. Release Notes by @gardener-ci-robot [#10010]
[DEPENDENCY] The gcr.io/istio-release/pilot image has been updated to 1.21.3. by @gardener-ci-robot [#9914]
[DEPENDENCY] extensions lib: The shoot webhook does now support specifying an object selector. by @ialidzhikov [#10026]
[DEPENDENCY] The credativ/vali image has been updated to v2.2.16. Release Notes by @gardener-ci-robot [#9976]
[DEPENDENCY] The credativ/plutono image has been updated to v7.5.31. Release Notes by @gardener-ci-robot [#9978]
[DEVELOPER] The "remote local setup" is enhanced e.g. to support multiple scenarios. by @istvanballok [#9980]
[OPERATOR]machine-controller-manager-provider-xxx container now exposes metrics that prometheus can scrapes by @aaronfern [#9933]
[OPERATOR] kube-apiserver HPA's max replicas count from 3 to 6 in VPAAndHPA autoscaling mode to support very large control planes. by @ialidzhikov [#9971]
[OPERATOR] Gardener Enhancement Proposal for a bastion section in the CloudProfile by @hebelsan [#9935]
[OPERATOR] Introduce the operator Extension type. An Extension is responsible for installing the ControllerRegistration and ControllerRuntime in the garden cluster and also install any extensions necessary to manage infrastructure resources in the runtime cluster. This release contains the API only, further functionality will be released in future Gardener versions. by @kon-angelo [#9924]
[OPERATOR] The data in ManagedResource secrets is now compressed with Brotli and stored under a single data key data.yaml.br. by @timuthy [#9964]
[DEPENDENCY] The Registry in pkg/utils/managedresources/registry.go was changed to return all objects as a compressed data chunk.
As soon as you update the github.com/gardener/gardener dependency to this version, ManagedResource secrets will be rewritten in a Brotli compressed format (combined under data key data.yaml.br). by @timuthy [#9964]
[DEPENDENCY] The github.com/gardener/gardener/extensions/pkg/webhook/cloudprovider.Args#EnableObjectSelector field is now removed. The corresponding webhook's object selector is now enforced unconditionally. by @ialidzhikov [#10027]
[OPERATOR] Provider extensions specifying a "controlplane" mutating webhook ObjectSelector are incompatible with gardenlet < v1.98.0. by @LucaBernstein [#9981]
[OPERATOR] The Resource Size Validator of the gardener-admission-controller ignores status subresource and metadata.managedFields for resource size limits. Please consider adjusting your configuration if you already increased the limits because of these now ignored sections. by @LucaBernstein [#10011]
[USER] Separately configuring resource reservations for system processes via shoot.spec.kubernetes.kubelet.systemReserved or spec.provider.workers[].kubernetes.kubelet.systemReserved is deprecated in Gardener and will be removed in a future release. Please merge existing resource reservations into the corresponding kubeReserved field. by @MichaelEischer [#9985]
[DEVELOPER] The function github.com/gardener/gardener/extensions/pkg/controller/worker/WorkerPoolHash now expects separate additional data for version 1 and 2 of the hash calculation. Version 2 does not include extension provider specific fields by default. Add those to the additional data for version 2 if necessary. by @MichaelEischer [#9865]
[DEVELOPER] The resources mutated by the "controlplane" mutating webhooks are labeled with provider.extensions.gardener.cloud/mutated-by-controlplane-webhook: true by gardenlet. The provider extensions can add an object selector to their "controlplane" mutating webhooks to do not intercept requests for unrelated objects. by @LucaBernstein [#9981]
[OPERATOR] Version 2 of the WorkerPoolHash calculation now takes the current name of the OperatingSystemConfig into account. Its usage is controlled by the gardenlet feature gate NewWorkerPoolHash. All provider extension must be upgraded before enabling this feature gate. The new calculation also ensures that changes of the fields kubeReserved, evictionHard and cpuManagerPolicy in the kubelet config of a worker pool result in node rolls. by @MichaelEischer [#9865]
[OPERATOR] Failure of snapshot compaction jobs at a rate greater than 10% of shoots in a seed will raise alerts now. by @renormalize [#9739]
[DEVELOPER]gosec was introduced for Static Application Security Testing (SAST). by @oliver-goetz [#9959]
[USER] A new field .spec.CredentialsBindingName referencing a CredentialsBinding was introduced to shoot specification. It is meant to replace the existing SecretBindingName. As of now the field is guarded by a feature gate called AllowCredentialsBinding. by @dimityrmirchev [#9853]
[DEPENDENCY] The envoyproxy/envoy image has been updated to v1.30.3. Release Notes by @gardener-ci-robot [#10031]
[DEPENDENCY] The gardener/alpine-conntrack image has been updated to 3.20.1. Release Notes by @gardener-ci-robot [#10010]
[DEPENDENCY] The gcr.io/istio-release/pilot image has been updated to 1.21.3. by @gardener-ci-robot [#9914]
[DEPENDENCY] extensions lib: The shoot webhook does now support specifying an object selector. by @ialidzhikov [#10026]
[DEPENDENCY] The credativ/vali image has been updated to v2.2.16. Release Notes by @gardener-ci-robot [#9976]
[DEPENDENCY] The credativ/plutono image has been updated to v7.5.31. Release Notes by @gardener-ci-robot [#9978]
[DEVELOPER] The "remote local setup" is enhanced e.g. to support multiple scenarios. by @istvanballok [#9980]
[OPERATOR]machine-controller-manager-provider-xxx container now exposes metrics that prometheus can scrapes by @aaronfern [#9933]
[OPERATOR] kube-apiserver HPA's max replicas count from 3 to 6 in VPAAndHPA autoscaling mode to support very large control planes. by @ialidzhikov [#9971]
[OPERATOR] Gardener Enhancement Proposal for a bastion section in the CloudProfile by @hebelsan [#9935]
[OPERATOR] Introduce the operator Extension type. An Extension is responsible for installing the ControllerRegistration and ControllerRuntime in the garden cluster and also install any extensions necessary to manage infrastructure resources in the runtime cluster. This release contains the API only, further functionality will be released in future Gardener versions. by @kon-angelo [#9924]
[OPERATOR] The data in ManagedResource secrets is now compressed with Brotli and stored under a single data key data.yaml.br. by @timuthy [#9964]