[gardener]
⚠️ Breaking Changes
- [OPERATOR] If the
nginx-ingress
addon for a shoot used as seed is disabled then you can no longer enable it anymore. Instead, use the new managed ingress controller feature. You can find more information about it here. Existing shoots used as seeds with.spec.addons.nginxIngress.enabled=true
will continue to work. (#3131, @BeckerMax)
✨ New Features
- [OPERATOR] It is now possible to specify the
spec.settings.loadBalancerServices.annotations
field for shooted seeds via the "shoot.gardener.cloud/use-as-seed" annotation. You can do this by specifying theloadBalancerServices.annotations.*
option - for exampleloadBalancerServices.annotations.service.beta.kubernetes.io/aws-load-balancer-type=nlb
. (#3344, @ialidzhikov) - [OPERATOR] The gardener admission controller now exposes metrics (#3293, @wyb1)
- [OPERATOR] Gardener now offers to manage a dedicated ingress controller for seed clusters (earlier, this was a manual operator task when registering seeds). You can find more information about it here. (#3131, @BeckerMax)
- [DEVELOPER] Gardener can now support shoot clusters with Kubernetes version 1.20. In order to allow creation/update of 1.20 clusters you will have to update the version of your provider extension(s) to a version that supports 1.20 as well. Please consult the respective releases and notes in the provider extension's repository. (#3296, @rfranzke)
🐛 Bug Fixes
- [USER] An race issue causing immediate wake up after hibernation to fail is now fixed. The hibernation is now waiting until the kube-apiserver Service is cleaned up. (#3289, @ialidzhikov)
- [OPERATOR] A bug that was renewing the bootstrap token secret on each reconciliation has been fixed. (#3323, @vpnachev)
- [OPERATOR] An issue has been fixed which did not enable VPA for the aggregate Prometheus Pod in new seed clusters. (#3312, @timuthy)
- [OPERATOR] By default, gardener-apiserver now invokes in-tree admission plugins before invoking the webhook plugins. (#3298, @timebertt)
- [OPERATOR] An issue has been fixed that prevented the execution of the Kube-API-Server's configured
preStop
hooks for>=1.19.x
clusters. (#3295, @timuthy) - [OPERATOR] Gardener health checks now take the effective Shoot specification into consideration if
.spec.maintenance.confineSpecRollout
is used. Earlier,EveryNodeReady
orControlPlaneHealthy
conditions reported an invalid state if the specification was changed but not yet effective due to a rollout during shoot maintenance (confineSpecRollout: true
). (#3286, @timuthy) - [DEPENDENCY] Ensure a stable order of self-registered webhooks in extensions to avoid unnecessary rollouts of control plane components. (#3320, @timebertt)
📖 Documentation
- [USER] API reference documentation for kubernetes types now points to version
v1.19
. (#3303, @mvladev) - [OPERATOR] Gardener's scheduler documentation has been enhanced. It concisely explains the algorithm used to determine seed candidates. (#3316, @timuthy)
🏃 Others
- [OPERATOR] The Loki
initialDelaySeconds
for thereadinessProbe
is reduces to 80 seconds. (#3333, @vlvasilev) - [OPERATOR] The
vpa-admission-controller
andvpa-updater
pods are now ensured with some minimal CPU and memory resources. (#3330, @vpnachev) - [OPERATOR] Gardener will now check seed clusters for VPA functionality as a prerequisite. (#3312, @timuthy)
- [OPERATOR] Upgrade Prometheus to v2.23.0 (#3297, @wyb1)
- [OPERATOR] Change pod anti-affinity to
preferredDuringSchedulingIgnoredDuringExecution
forgardener-seed-admission-controller
deployment in thegarden
namespaces of seed clusters. (#3294, @hardikdr) - [OPERATOR] The pre-delivered cluster role
gardener.cloud:admin
now contains full access permissions forEvents
andResourceQuotas
. (#3291, @timuthy) - [OPERATOR] Add panels to the
Kubernetes API Server Details
Dashboard for dropped requests. (#3284, @wyb1) - [OPERATOR] Alerts are added for the custom metrics for fluent-bit
GardenerLoki
plugin (#3283, @Kristian-ZH) - [OPERATOR] Required connections from Gardenlet to the Garden cluster has been reduced which will have positive effects on scalability and costs. (#3277, @timuthy)
- [DEPENDENCY] Guestbook integration test dependencies are now fetched from bitnami repo instead of deprecated/shutdown helm repo. (#3314, @dguendisch)
- [DEPENDENCY] Making the implementation of the function
GetMachineControllerManagerCloudCredentials
in theWorkerDelegate
optional. Alternatively, extensions can now use the field in the machine classspec.credentialsSecretRef
so that all machine classes refer to the same secret from theWorker
fieldspec.secretRef
. See here for more details. (#3308, @danielfoehrKn)
📰 Noteworthy
- [USER] The version for the
nginx-ingress
addon for shoots has been updated tov0.41.2
ONLY for Kubernetes 1.20 shoot clusters. All shoot clusters with Kubernetes < 1.20 will remain with the currentv0.22.0
version. Please be reminded that thenginx-ingress
addon is not recommended for production scenarios and that you should deploy (+ customize) your own ingress controller instead. Please use it only for development/evaluation purposes. (#3315, @rfranzke)
Docker Images
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.15.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.15.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.15.0
gardener-admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.15.0
gardener-seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.15.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.15.0