Releases: gardener/gardener
Releases · gardener/gardener
v1.134.2
[github.com/gardener/gardener:v1.134.2]
🐛 Bug Fixes
[DEPENDENCY]extension library: An issue causing deletions ofextensions.BackupEntryto be stuck due to conflicts while removing the finalizer from the BackupEntry Secret is now fixed. This mostly affected the deletion of the sourceBackupEntryduring therestorephase of control plane migration. by @plkokanov [#13791][USER]Fix a bug that prevents updating expiration dates of overridden machine image versions inNamespacedCloudProfiles. by @LucaBernstein [#13769]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.134.2 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.134.2 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.134.2 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.134.2
Container (OCI) Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.134.2 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.134.2 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.134.2 - gardenadm:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.134.2 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.134.2 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.134.2 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.134.2 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.134.2 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.134.2
Contributors
LucaBernstein and plkokanov
Assets 9
v1.133.3
[github.com/gardener/gardener:v1.133.3]
🐛 Bug Fixes
[DEPENDENCY]extension library: An issue causing deletions ofextensions.BackupEntryto be stuck due to conflicts while removing the finalizer from the BackupEntry Secret is now fixed. This mostly affected the deletion of the sourceBackupEntryduring therestorephase of control plane migration. by @plkokanov [#13792][USER]Fix a bug that prevents updating expiration dates of overridden machine image versions inNamespacedCloudProfiles. by @LucaBernstein [#13770]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.133.3 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.133.3 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.133.3 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.133.3
Container (OCI) Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.133.3 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.133.3 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.133.3 - gardenadm:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.133.3 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.133.3 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.133.3 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.133.3 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.133.3 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.133.3
Contributors
LucaBernstein and plkokanov
Assets 9
v1.132.4
[github.com/gardener/gardener:v1.132.4]
🐛 Bug Fixes
[DEPENDENCY]extension library: An issue causing deletions ofextensions.BackupEntryto be stuck due to conflicts while removing the finalizer from the BackupEntry Secret is now fixed. This mostly affected the deletion of the sourceBackupEntryduring therestorephase of control plane migration. by @plkokanov [#13793][OPERATOR]Refactor the collectorjournaldreceiver to capture kernel logs via a more stable method. by @rrhubenov [#13736][OPERATOR]An issue causing credentials rotation for the Garden resource to fail is now fixed. by @ialidzhikov [#13740][USER]Fix a bug that prevents updating expiration dates of overridden machine image versions inNamespacedCloudProfiles. by @LucaBernstein [#13771]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.132.4 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.132.4 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.132.4 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.132.4
Container (OCI) Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.132.4 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.132.4 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.132.4 - gardenadm:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.132.4 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.132.4 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.132.4 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.132.4 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.132.4 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.132.4
Contributors
ialidzhikov, LucaBernstein, and 2 other contributors
Assets 9
v1.134.1
[github.com/gardener/gardener:v1.134.1]
⚠️ Breaking Changes
[DEVELOPER]Change the registry port in the local setup to:5001. by @LucaBernstein [#13672]
🐛 Bug Fixes
[OPERATOR]Refactor the collectorjournaldreceiver to capture kernel logs via a more stable method. by @rrhubenov [#13730][OPERATOR]An issue causing credentials rotation for the Garden resource to fail is now fixed. by @ialidzhikov [#13738]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.134.1 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.134.1 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.134.1 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.134.1
Container (OCI) Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.134.1 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.134.1 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.134.1 - gardenadm:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.134.1 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.134.1 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.134.1 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.134.1 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.134.1 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.134.1
Contributors
ialidzhikov, LucaBernstein, and rrhubenov
Assets 9
v1.133.2
[github.com/gardener/gardener:v1.133.2]
🐛 Bug Fixes
[OPERATOR]Refactor the collectorjournaldreceiver to capture kernel logs via a more stable method. by @rrhubenov [#13731][OPERATOR]An issue causing credentials rotation for the Garden resource to fail is now fixed. by @ialidzhikov [#13739]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.133.2 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.133.2 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.133.2 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.133.2
Container (OCI) Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.133.2 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.133.2 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.133.2 - gardenadm:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.133.2 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.133.2 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.133.2 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.133.2 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.133.2 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.133.2
Contributors
ialidzhikov and rrhubenov
Assets 9
v1.134.0
[github.com/gardener/gardener:v1.134.0]
⚠️ Breaking Changes
-
[OPERATOR]TheDoNotCopyBackupCredentialsfeature gate has been promoted to GA and can no longer be disabled. TheSeedbackup secret is no longer copied from theShootinfrastructure credentials in case an operator does not provide an existing backup secret. If you configureseed.spec.backup.credentialsRef, make sure that the referred credential already exists. For production setups, it is advised that operators configure a separate set of credentials forSeedbackup andShootinfrastructure. by @dimityrmirchev [#13564] -
[OPERATOR]Several fields and configurations ofoperator.gardener.cloud/v1alpha1.Extensionresources are now validated:- At least an extension or admission deployment must be specified (
spec.deployment.{extension,admission}) - A Helm deployment configuration must be in place (
spec.deployment.extension.helmorspec.deployment.admission.{runtimeCluster,virtualCluster}.helm) - A valid OCI repository configuration is required (
helm.ociRepository)
Please check your
Extensionresources and rectify them accordingly, before upgrading to this version. by @timuthy [#13528] - At least an extension or admission deployment must be specified (
-
[OPERATOR]The GA-ed and unconditionally enabledShootCredentialsBindingfeature gate is removed. If you have references to this feature gate, clean them up before upgrading to this version of Gardener. by @ialidzhikov [#13576] -
[DEVELOPER]Ensure you have thedocker composeplugin installed for starting the local setup. by @timebertt [#13551] -
[DEVELOPER]The registry for the local development setup is now exposed underregistry.local.gardener.cloudinstead ofgarden.local.gardener.cloud. Make sure to update your/etc/hostsfile by replacing the existing127.0.0.1 garden.local.gardener.cloudentries with127.0.0.1 registry.local.gardener.cloud. by @timebertt [#13551] -
[DEVELOPER]To support self-hosted shoots with managed infrastructure, theWorkerextension (controller/delegate) needs to use the technical ID fromCluster.shoot.status.technicalIDfor prefixing the names of machine-related objects. TheWorkernamespace iskube-systemfor self-hosted shoots. Read the docs. by @timebertt [#13485]
📰 Noteworthy
[OPERATOR]As theDoNotCopyBackupCredentialsfeature gate cannot be disabled, backup secrets that were copied fromShootinfrastructure credentials in previous reconciliations are labeled withgardener.cloud/secret-status=previously-managedand Gardener no longer takes care of them. Operators are responsible to delete those if unused for other scenarios. by @dimityrmirchev [#13564][OPERATOR]Introduced GEP-35 that outlines a migration strategy fromValitoVictoriaLogsas a database for Garden, Seed & Shoot clusters. by @rrhubenov [#13242]
✨ New Features
[OPERATOR]Istio-gateways now provide access logs for requests to kube-apiservers via theapiserver-proxyendpoint whenIstioTLSTerminationfeature gate is active. by @oliver-goetz [#13569][OPERATOR]Seed clusters are now labelled with a specific extension labelextensions.extensions.gardener.cloud/<extension-type>: truewhenever such an extension is activated for the seed. by @timuthy [#13509][USER]Istio access logs are now visible for users in the shoot plutono. by @majst01 [#13548][DEVELOPER]TheWorkerextension no longer needs to fetch the machine state from theShootStateobject in the garden cluster. Instead, Gardener populates the machine state directly in theWorker.status.statefield on restoration of the shoot. Read the docs. by @timebertt [#13485]
🐛 Bug Fixes
[OPERATOR]A bug which caused kube-apiserver metrics to be scraped thrice whenIstioTLSTerminationfeature gate is active has been fixed. by @oliver-goetz [#13590][OPERATOR]Fixed a bug where operators could not exclusively specifycountlimits in the Garden'sspec.virtualCluster.gardener.gardenerAdmissionController.resourceAdmissionConfiguration.limitfield. by @tobschli [#13577][USER]A bug which prevented the wildcard certificate endpoints to be advertised in the shoot status has been fixed. by @oliver-goetz [#13644][USER]Fixed DNS resolution issues during dual-stack migration by ensuring/etc/resolv.confonly contains the IPv4 DNS server address until thekube-dnsservice is fully migrated. by @axel7born [#13601]
🏃 Others
[OPERATOR]Seeds are now labeled withseed.gardener.cloud/provider=<seed.spec.provider.type>andseed.gardener.cloud/region=<seed.spec.provider.region>. by @georgibaltiev [#12623][OPERATOR]apiserver-proxyendpoints now using the same keep alive settings and connection timeout as default kube-apiserver endpoints whenIstioTLSTerminationfeature gate is active. by @oliver-goetz [#13569][OPERATOR]Projects are no-longer requeued with back-off when they have adeletionTimestampand still existingShootsin the corresponding namespaces. Instead they are now automatically requeued onShootdeletion events if they no-longer contain anyShoots so that the deletion of theProjectcan finish. by @plkokanov [#13052][OPERATOR]ManagedResourcesare no-longer requeued with back-off, if their responsibility was transferred from onegardener-resource-managerto another, while waiting for the originalgardener-resource-managerto finish cleaning up the deployed resources. Instead,ManagedResourcesare automatically requeued when the cleanup of resources by the originalgardener-resource-managerhas finished. by @plkokanov [#13052][DEVELOPER]TheVPAInPlaceUpdatesfeature gate is enabled in local setups forgardenletandgardener-operator. by @vitanovs [#13508][DEVELOPER]Update remote local setup with most recent hosts for end-to-end tests and instructions for an IPv6 setup by @vicwicker [#13436][DEVELOPER]Usages ofcontroller-runtime's deprecatedreconcile.Result{Requeue: true}have been removed. by @plkokanov [#13052][DEVELOPER]Ignore whitespace-only YAML chunks when parsingManagedResourcesecrets. This prevents decoder errors from trailing---separators. by @DockToFuture [#13622][DEPENDENCY]The following dependencies have been updated:quay.io/kiwigrid/k8s-sidecarfrom2.1.3to2.1.4. by @gardener-ci-robot [#13567]
[DEPENDENCY]Thegardener/autoscalerimage for Shoots with Kubernetes version 1.34 has been updated tov1.34.0. Release Notes by @takoverflow [#13554][DEPENDENCY]The following dependencies have been updated:gardener/etcd-druidfromv0.33.0tov0.34.0. Release Notesgithub.com/gardener/etcd-druid/apifromv0.33.0tov0.34.0. by @Shreyas-s14 [#13617]
[DEPENDENCY]The following dependencies have been updated:gardener/dashboardfrom1.82.6to1.83.0. Release Notes by @gardener-ci-robot [#13620]
[DEPENDENCY]The following dependencies have been updated:gardener/dashboardfrom1.82.5to1.82.6. Release Notes by @gardener-ci-robot [#13619]
[DEPENDENCY]The following dependencies have been updated:registry.k8s.io/ingress-nginx/controller-chrootfromv1.14.0tov1.14.1. by @gardener-ci-robot [#13599]
[DEPENDENCY]The following dependencies have been updated:gcr.io/istio-release/pilotfrom1.27.3to1.27.4.gcr.io/istio-release/proxyv2from1.27.3to1.27.4.istio.io/apifromv1.27.3tov1.27.4. by @gardener-ci-robot [#13595]
[DEPENDENCY]The following dependencies have been updated:envoyproxy/envoyfromdistroless-v1.36.2tov1.36.3. Release Notes by @gardener-ci-robot [#13598...
Contributors
majst01, vicwicker, and 15 other contributors
Assets 9
v1.133.1
[github.com/gardener/gardener:v1.133.1]
🐛 Bug Fixes
[OPERATOR]Fixed a bug where operators could not exclusively specifycountlimits in the Garden'sspec.virtualCluster.gardener.gardenerAdmissionController.resourceAdmissionConfiguration.limitfield. by @tobschli [#13581][USER]A bug which prevented the wildcard certificate endpoints to be advertised in the shoot status has been fixed. by @oliver-goetz [#13641]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.133.1 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.133.1 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.133.1 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.133.1
Container (OCI) Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.133.1 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.133.1 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.133.1 - gardenadm:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.133.1 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.133.1 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.133.1 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.133.1 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.133.1 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.133.1
Contributors
oliver-goetz and tobschli
Assets 9
v1.132.3
[github.com/gardener/gardener:v1.132.3]
🐛 Bug Fixes
[OPERATOR]Fixed a bug where operators could not exclusively specifycountlimits in the Garden'sspec.virtualCluster.gardener.gardenerAdmissionController.resourceAdmissionConfiguration.limitfield. by @tobschli [#13582][USER]A bug which prevented the wildcard certificate endpoints to be advertised in the shoot status has been fixed. by @oliver-goetz [#13642]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.132.3 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.132.3 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.132.3 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.132.3
Container (OCI) Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.132.3 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.132.3 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.132.3 - gardenadm:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.132.3 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.132.3 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.132.3 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.132.3 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.132.3 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.132.3
Contributors
oliver-goetz and tobschli
Assets 9
v1.131.5
[github.com/gardener/gardener:v1.131.5]
🐛 Bug Fixes
[USER]A bug which prevented the wildcard certificate endpoints to be advertised in the shoot status has been fixed. by @oliver-goetz [#13643]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.131.5 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.131.5 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.131.5 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.131.5
Container (OCI) Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.131.5 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.131.5 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.131.5 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.131.5 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.131.5 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.131.5 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.131.5 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.131.5
Contributors
oliver-goetz
Assets 9
v1.133.0
[github.com/gardener/gardener:v1.133.0]
⚠️ Breaking Changes
[OPERATOR]⚠️ Gardener does no longer support Garden, Seed, or Shoot clusters with Kubernetes versions <= 1.29. Make sure to upgrade all existing clusters before upgrading to this Gardener version. by @ScheererJ [#13487][USER]The Shoot.spec.provider.workers[].sysctlsfield is now validated for valid sysctl keys and non-empty values. by @MrBatschner [#13435][DEVELOPER]Thegithub.com/prometheus-operator/prometheus-operator/pkg/apis/monitoringmodule is updated from v0.86.2 to v0.87.0. In the new version the type of the ServiceMonitor's.spec.endpoints[].schemefield is changed fromstringto*monitoringv1.Scheme. by @gardener-ci-robot [#13512][DEVELOPER]The types from the extension healthcheck package which perform health checks on Deployments, StatefulSets and DaemonSets have been renamed. The respective constructor functions now return the concrete types instead of an interface. The types still implement the interface that was returned before. We do not expect this change to affect existing code in the majority of cases. by @dimityrmirchev [#13329]
📰 Noteworthy
[OPERATOR]TheShootCredentialsBindingfeature gate ofgardenletis promoted to GA and is unconditionally enabled. by @dimityrmirchev [#13530][OPERATOR]The.status.encryptedResourcesfield for Shoot and Garden resources has been deprecated in favour of the new.status.credentials.encryptionAtRest.resourcesfield. by @AleksandarSavchev [#12894][DEVELOPER]TheValidatingAdmissionPolicyadmission plugin is now enabled by default for the Gardener API server. If you already have the admission plugin enabled, you can remove the explicit enablement after upgrading to this version of Gardener as the plugin is now enabled by default. by @ScheererJ [#13487]
✨ New Features
[OPERATOR]A newVPAInPlaceUpdatesfeature gate is introduced for gardenlet and gardener-operator. When enabled, the corresponding VerticalPodAutoscaler resources are mutated to perform in-place updates, (i.e mutated with.spec.updatePolicy.updateMode=InPlaceOrRecreate). For more information, see Enabling In-Place Updates of Pod Resources. by @vitanovs [#12940][OPERATOR]Thegardener.cloud/operationannotation for the Garden resource has been extended to allow specifying multiple operations to be run in parallel. by @AleksandarSavchev [#12717][USER]Thegardener.cloud/operationandmaintenance.gardener.cloud/operationShoot annotations have been extended to allow specifying multiple operations to be run in parallel. by @AleksandarSavchev [#12717]
🐛 Bug Fixes
[OPERATOR]A bug where the Shoot relevant ClusterRoleBindings responsible for theAdminKubeconfigandViewerKubeconfigpermissions were deployed into the virtual Garden cluster has been fixed. by @vpnachev [#13492][OPERATOR]Add--skip-metadataflag toctr images pullin the node-agent init script for better container registry compatibility. by @Nuckal777 [#13265][OPERATOR]An issue wherePlutonowould not detect all fields when theOpenTelemetryCollectorfeature gate is enabled is now fixed. by @rrhubenov [#13531][OPERATOR]A bug which made istio-ingressgateway forwarding requests via HTTP1.1 only to kube-apiserver whenIstioTLSTerminationfeature gate is active has been fixed. Exhausted connection limits between istio-ingressgateway and kube-apiserver could be a consequence of this bug. by @oliver-goetz [#13459][OPERATOR]Gardener generally prefers thesshd.serviceunit when trying to enable/disable the SSH server on worker nodes and bastions. If thesshd.serviceunit doesn't exist, it falls back tossh.service. by @timebertt [#13456][OPERATOR]The server block import feature for node-local-dns is now behind a feature gate (CustomDNSServerInNodeLocalDNS). by @DockToFuture [#13511][USER]An issue causing vpa-updater RBAC resources for in-place updates not to be deployed when the VPAInPlaceOrRecreatefeature gate is not explicitly enabled is now fixed. The VPAInPlaceOrRecreatefeature gate is enabled by default with the VPA 1.5.1 version which is used by Gardener. That's why the needed in-place updates RBAC resources are now deployed unconditionally. by @vitanovs [#13499][DEVELOPER]Fixed a bug causing types part of the extension healthcheck package to be injected with clients that they do not actually use. by @dimityrmirchev [#13329]
🏃 Others
[OPERATOR]Valican now ingest logs through the standard ingress in theShootcontrol plane even when theOpenTelemetryCollectorfeature gate is enabled. This allows other parties that rely on it to migrate at their pace while it matures. by @rrhubenov [#13446][OPERATOR]gardener-apiserver: TheShootValidatoradmission plugin's type is now changed from mutating to validating. All mutations that were previously performed by theShootValidatorwere extracted over time to the newShootMutatoradmission plugin. by @ialidzhikov [#13352][OPERATOR]Defaulting of the Shoot machine image version (.spec.provider.workers[].machine.image.{name,version}) is moved from theShootValidatorto theShootMutatoradmission plugin. by @ialidzhikov [#13351][OPERATOR]Logging stack components are updated from v0.69.0 to v0.70.0. Along the way, performance optimizations are applied. by @nickytd [#13563][OPERATOR]gardener-apiserver: The Shoot.spec.provider.workers[].machine.imagefield is now a required field. This change has impact only when theShootMutatoradmission plugin (which defaults the machine image) is disabled. The admission plugin is enabled by default. by @ialidzhikov [#13399][OPERATOR]A new fieldspec.resourceswas added to the Garden API. The field can be used by extensions to referenceSecrets andConfigMaps. See this documentation for more details. by @timuthy [#13464][OPERATOR]The Shoot.spec.kubernetes.kubeAPIServer.oidcConfigfield is now validated only in the storage layer. Previously, the required.spec.kubernetes.kubeAPIServer.{oidcConfig,issuerURL}fields were validated in theShootValidatoradmission plugin due to backwards-compatibility reasons. by @dimitar-kostadinov [#13505][DEPENDENCY]The following dependencies have been updated:registry.k8s.io/dns/k8s-dns-node-cachefrom1.26.5to1.26.7. by @gardener-ci-robot [#13474]
[DEPENDENCY]The following dependencies have been updated:credativ/valifromv2.2.28tov2.2.29. Release Notes by @gardener-ci-robot [#13501]
[DEPENDENCY]The following dependencies have been updated:gardener/gardener-metrics-exporterfrom0.41.0to0.42.0. Release Notes by @gardener-ci-robot [#13455]
[DEPENDENCY]The following dependencies have been updated:quay.io/brancz/kube-rbac-proxyfromv0.20.0tov0.20.1. by @gardener-ci-robot [#13533]
[DEPENDENCY]The following dependencies have been updated:gardener/loggingfromv0.68.0tov0.69.0. Release Notes by @gardener-ci-robot [#13450]
[DEPENDENCY]The following dependencies have been updated:credativ/plutonofromv7.5.43tov7.5.44. Release Notes by @gardener-ci-robot [#13504]
[DEPENDENCY]The following dependencies have been updated:quay.io/cortexproject/cortexfromv1.19.1tov1.20.0. by @gardener-c...
Contributors
nickytd, vpnachev, and 15 other contributors