[gardener-extension-provider-openstack]

⚠️ Breaking Changes

• [OPERATOR] The default leader election resource lock of gardener-extension-provider-openstack has been changed from configmapsleases to leases. (#302, @ialidzhikov)
  • Please make sure, that you had at least gardener-extension-provider-openstack@v1.16 running before upgrading to v1.20.0, so that it has successfully required leadership with the hybrid resource lock (configmapsleases) at least once.
• [OPERATOR] This version of provider-openstack requires at least Gardener v1.21.0. Before upgrading to this version of provider-openstack, make sure that you upgraded to at least Gardener v1.21.0. (#297, @ialidzhikov)

✨ New Features

• [USER] add support for application credentials (#300, @MartinWeindel)
• [OPERATOR] It is now possible to specify the leader election resource lock via the chart value leaderElection.resourceLock (defaults to leases). (#302, @ialidzhikov)
• [OPERATOR] The existing ValidatingWebhookConfiguration of admission-openstack for Shoot validation does now validate also the Shoot secret. admission-openstack does now feature also a new webhook that prevents Shoot secret to be updated with invalid keys. (#280, @vpnachev)

🐛 Bug Fixes

• [OPERATOR] Fixes an issue where removing server groups from a worker pool would not produce correct machineclasses. Prior to the fix, two shoot reconciliations would be necessary to reach the desired state. (#306, @kon-angelo)
• [OPERATOR] provider-openstack is now using a separate ManagedResource for ControlPlane CRDs (volumesnapshot related CRDs) that are installed in the Shoot cluster to separate the deletion of CRDs from the deletion of the RBAC for controller leader election. (#297, @ialidzhikov)

🏃 Others

• [USER] The following image is updated (see CHANGELOG for more details): (#287, @ialidzhikov)
  • k8s.gcr.io/sig-storage/livenessprobe: v2.2.0 -> v2.3.0
• [OPERATOR] When creating or updating shoots, any Kubernetes feature gates mentioned are validated against the Kubernetes version. If any feature gates are unknown or not supported in the Kubernetes version, the validation fails. (#296, @stoyanr)
• [OPERATOR] Validation of Openstack cloud provider secrets is enhanced to reject domainName, tenantName, and userName that contain leading or trailing whitespace, tenantName that is longer than 64 characters, password that contain leading or trailing new lines, and authURL that is not a valid URL. (#294, @stoyanr)
• [OPERATOR] The version constraints for floating-subnet and floating-subnet-tags field in the cloud-provider-config to select a floating subnet to pick the floating ip for a load balancer has been removed. (#290, @dkistner)
• [OPERATOR] Replace infrastructure's terraform helm chart with native go templates. (#282, @kon-angelo)

[machine-controller-manager-provider-openstack]

🏃 Others

• [USER] add support for authentication with application credentials (gardener/machine-controller-manager-provider-openstack#26, @MartinWeindel)

[terraformer]

🏃 Others

• [OPERATOR] The following terraform provider plugin is updated: (gardener/terraformer#95, @minchaow)
  • aliyun/terraform-provider-alicloud: 1.121.2 -> 1.124.0
• [OPERATOR] The terraform version for the alicloud, all, aws, azure, gcp, openstack, slim images is updated: (gardener/terraformer#94, @ialidzhikov)
  • hashicorp/terraform: 0.12.29 -> 0.12.31