[gardener]

Improvements

• [OPERATOR] The shoot controller inside the gardenlet has been adapted to cater with large Gardener landscapes:
  1. When the gardenlet has already reconciled a shoot cluster during its maintenance time window then it doesn't reconcile it again. Instead, it computes a random duration for the next time window and requeues the shoot. Already reconciled shoots are those whose last reconciliation was less then 24h ago.
  2. When the gardenlet is (re)started then it does no longer reconcile all shoots immediately whose maintenance time windows are met. Instead, it computes a random time for the current time window and requeues the shoot ("jittering", i.e., spreading the load). This will have the effect that not all shoots are getting reconciled at the same time right after startup. (98ddb67)
• [USER] The KUBERNETES_SERVICE_HOST environment variable injected when APIServerSNI is enabled no longer includes a trailing dot (being a Fully Qualified Domain Name) due to several Homebrew Kubernetes clients not properly handling it and sending wrong server name when initiating a TLS connection. (#3236, @mvladev)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.13.2
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.13.2
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.13.2
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.13.2
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.13.2
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.13.2