[gardener]

Most notable changes

• [OPERATOR] Gardener can now support shoot clusters with Kubernetes version 1.19. In order to allow creation/update of 1.19 clusters you will have to update the version of your provider extension(s) to a version that supports 1.19 as well. Please consult the respective releases and notes in the provider extension's repository. (#2799, @rfranzke)
• [OPERATOR] Due to the fact that the Kubernetes community no longer builds hyperkube images on their own we have created gardener/hyperkube. It produces Docker images containing only the kubelet and kubectl binaries which are used to bootstrap the shoot worker nodes. Please note that this means that new Kubernetes versions are now only supported by Gardener if there is a corresponding release on the gardener/hyperkube repository. (#2799, @rfranzke)
• [OPERATOR] Introduces Certificate Rotation for the Gardenlet. (#2542, @danielfoehrKn)

Improvements

• [USER] Fixed an error in the KubeApiServerLatency alert (#2776, @wyb1)
• [USER] Workers that configure a kubelet data volume can now use gardenlinux OS (#2775, @guydaichs)
• [OPERATOR] extensions/pkg/predicate.Or has been deprecated in favor of sigs.k8s.io/controller-runtime/pkg/predicate.Or. (#2797, @timebertt)
• [OPERATOR] gardener.cloud:system:administrators are now allowed to list namespaces, manage RBACs, admission webhooks and apiservices. (#2793, @vpnachev)
• [OPERATOR] Loki is upgraded to version 1.6.0 (#2780, @Kristian-ZH)
• [OPERATOR] Improve alerting for operators. Alerts should fire less frequently and are now grouped by the service label instead of cluster which should also reduce the amount of alerts sent (#2776, @wyb1)
• [OPERATOR] There is new dashboard for fluent-bit in garden's Grafana (#2769, @Kristian-ZH)
• [OPERATOR] ContainerRuntimes are now annotated with gardener.cloud/operation=restore during the restore phase of Control Plane Migration and their state (if any) is copied from the ShootState to the CRs' status.state field. (#2762, @plkokanov)
• [OPERATOR] It is not possible a seed cluster to be deleted, directly or via removal of the shoot.gardener.cloud/use-as-seed annotation on the shoot, if the seed is still used by a BackupBucket or it is hosting the control plane of a shoot cluster. (#2732, @vpnachev)

[logging]

Action Required

• [OPERATOR] Because the dynamic host field contains only the namespace the flags DynamicHostPrefix and DynamicHostSuffix must be set to http://<loki-service> and .svc:3100/loki/api/v1/push (gardener/logging#64, @vlvasilev)

Improvements

• [OPERATOR] Upgrade fluent-bit version to 1.5.4. (gardener/logging#64, @vlvasilev)
• [OPERATOR] Implement buffered Loki client. (gardener/logging#64, @vlvasilev)
• [OPERATOR] A mitigation has been implemented for the out of order error in the fluent bit plugin. It can be enabled by setting the flag ReplaceOutOfOrderTS to true. (gardener/logging#64, @vlvasilev)
• [OPERATOR] The usage of mutex locks in the custom plugin dispatching the logs between the different loki instances have been improved (gardener/logging#64, @vlvasilev)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.10.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.10.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.10.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.10.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.10.0