[dashboard]
⚠️ Breaking Changes
- [OPERATOR] The
gardener-dashboard
Helm chart has been split into two different subcharts (runtime
andapplication
). This change required that all chart values that previously were on top-level have now moved under the.global
key. However, the structure/types of all existing keys has not changed. Please check thevalues.yaml
. (gardener/dashboard#1283, @petersutter)
✨ New Features
- [USER] Configure Worker Improvements (gardener/dashboard#1290, @grolu)
- Added yaml editor to configure worker dialog that allows to validate changes and configure values not exposed on the UI
- Redesigned worker group popup
- Only propose zones that are already used in shoot for new worker groups
- More resilient to invalid worker yaml when switching from
yaml
tab tooverview
- [USER] Added a tooltip in case the confirm button is disabled on dialogs. The tooltip explains why the button is disabled and provides information on how to resolve the issue (gardener/dashboard#1290, @grolu)
- [USER] OpenStack: Improved Secret Dialog authentication method selection (gardener/dashboard#1295, @grolu)
- [USER] The connection status of real-time server updates is now shown in the top toolbar. If the client is reloading data or reconnecting a spinner is shown. (gardener/dashboard#1297, @holgerkoser)
- [USER] The gardenctl
Target Cluster
command is now shown for users withcreate
shoots/adminkubeconfig
permission (e.g. for users having theadmin
project role). Previously this was only shown for gardener admins. (gardener/dashboard#1300, @petersutter) - [USER] OpenStack: Improved Floating IP wildcard configuration (gardener/dashboard#1304, @grolu)
- [OPERATOR] The
gardener-dashboard
Helm chart now supports configuration for enabling service account token volume projection. It is exposed through the.Values.global.serviceAccountTokenVolumeProjection
section in thevalues.yaml
file. (gardener/dashboard#1283, @petersutter) - [OPERATOR] It is now possible to configure a
User
instead of aServiceAccount
subject in theClusterRoleBinding
for the Gardener Dashboard when using virtual garden setup by setting.Values.global.virtualGarden.userName
in thevalues.yaml
file. (gardener/dashboard#1283, @petersutter) - [OPERATOR] Extension version can be specified for each
controllerregistration
resource using theapp.kubernetes.io/version
label. The dashboard will show the defined version in the about dialog (gardener/dashboard#1291, @grolu) - [OPERATOR] Added support for OIDC refresh tokens. This allows an operator to configure short
id_token
lifetimes. (gardener/dashboard#1297, @holgerkoser) - [OPERATOR] Added support for PKCE flow to the internal and the public OIDC client. This allows an operator to configure the public client without a
client_secret
. (gardener/dashboard#1297, @holgerkoser)
🐛 Bug Fixes
- [USER] OpenStack: Fixed a bug when replacing OpenStack secrets with different authentication method (gardener/dashboard#1295, @grolu)
- [USER] Fixed a problem with the heartbeat of
kube-apiserver
watches. Due to this bug the list did not get any realtime updates and the dashboard pod had to be manually restarted. (gardener/dashboard#1326, @holgerkoser) - [USER] Fixed initial "auto choose theme based on system settings" not working (gardener/dashboard#1328, @sven-petersen)
- [OPERATOR] When the upstream server responds with content-type
text/plain
whereapplication/json
is expected an error message likeUnexpected token x in JSON at position y
could be seen in the logs. You are now able to see what the actual server response was (gardener/dashboard#1330, @holgerkoser)
🏃 Others
- [USER] The
gardenctl
version selection now moved to the newly introducedSettings
page which can be found in the menu of your avatar. (gardener/dashboard#1297, @holgerkoser) - [USER] When updating a service account project member the service account will be created in case the service account is listed as project member but does not actually exist (gardener/dashboard#1302, @petersutter)
- [USER] Members page: The delete button for service accounts is now disabled in case the service account was already marked for deletion (
deletionTimestamp
is set) (gardener/dashboard#1307, @petersutter) - [OPERATOR] The
gardener-dashboard
user is no longer bound to thecluster-admin
ClusterRole
. Instead, it is bound to the newly introducedgardener.cloud:system:dashboard
ClusterRole
, which grants only those permissions that are required for the dashboard user. (gardener/dashboard#1283, @petersutter) - [OPERATOR] Terminal:
spec.secretRef
is not required anymore ifSeed
is aManagedSeed
(gardener/dashboard#1312, @petersutter) - [OPERATOR] Identity chart: bumped version of dex to
v2.35.3-distroless
(gardener/dashboard#1317, @petersutter)