github gardener/gardener v1.27.0
on GitHub

latest releases: v1.92.2, v1.90.8, v1.91.4...
2 years ago

[gardener]

⚠️ Breaking Changes

  • [OPERATOR] Gardenlet does not support seedSelectors anymore; configure an explicit seedConfig in the GardenletConfiguration instead (#4306, @xrstf)
  • [OPERATOR] The KonnectivityTunnel feature gate in gardenlet has been dropped and removed from the code. If you upgrade to this Gardener version make sure that the feature gate is disabled and that all shoots were reconciled after you disabled it. (#4247, @rfranzke)

✨ New Features

  • [USER] It's now possible to configure the imageGC{High,Low}ThresholdPercent fields for the kubelet configuration (defaults: 50 for the high threshold, 40 for the low threshold) in the Shoot API via .spec.{provider.workers[].}kubernetes.kubelet.imageGC{High,Low}ThresholdPercent. (#4282, @rfranzke)
  • [USER] Shoot clusters can now reference an ExposureClass to expose their control plane in various network environments via the .spec.exposureClassName. Find more information in this document. (#4244, @dkistner)
  • [OPERATOR] Similar to the NodeAuthorizer and NodeRestriction features in Kubernetes (preventing kubelets from accessing resources which aren't associated with their responsible Nodes), Gardener does now have a SeedAuthorizer and SeedRestriction feature (preventing gardenlets from accessing resources which aren't associated with their Seeds). If you want to enable it for your landscapes then please consult this document. (#4326, @rfranzke)
  • [OPERATOR] The external ip attached to the load balancer service belonging to a Seed ingress gateway can now be defined in the configuration for the Gardenlet. This is possible for the default ingress gateway and for the ExposureClass handler ingress gateways. For ExposureClass handler ingress gateways this will only work in combination with the APIServerSNI feature flag (default). (#4319, @dkistner)
  • [OPERATOR] Shoot clusters can now use ExposureClasses to expose the control plane in various network environments. The Gardenlet needs to realize the exposure strategy and is therefore required to have the ExposureClass handler configuration in its own config. This can be maintained in the .exposureClassHandlers list of the Gardenlet configuration. Find more information in this document. (#4244, @dkistner)

🐛 Bug Fixes

  • [USER] Additional DNS provider Secret is now updated on Shoot deletion. This will allow users to update their invalid Secret data with valid one and now this change will be reflected to the Secret maintained in the Shoot namespace in the Seed. (#4337, @ialidzhikov)
  • [USER] Updating to a MachineImageVersion which doesn't support the chosen CRI configuration will now result in a validation error. (#4332, @voelzmo)
  • [OPERATOR] A bug that the shoot maintenance controller was upgrading the OS version to higher but deprecated version instead of using lower and supported has been fixed. (#4327, @vpnachev)
  • [OPERATOR] A bug that the OS version of worker pool is defaulted to higher and deprecated version instead of lower and supported is now fixed. (#4327, @vpnachev)

🏃 Others

  • [USER] Authenticated users can now read/list/watch ExposureClass resources. (#4334, @dkistner)
  • [OPERATOR] Envoy used apiserver-proxy and sidecar are upgraded to distroless 1.18.3 version. (#4304, @mvladev)
  • [OPERATOR] ManagedIstio now uses distroless images. (#4301, @mvladev)
  • [OPERATOR] ManagedIstio is now upgraded to 1.10.2 (#4301, @mvladev)
  • [OPERATOR] The MountHostCADirectories feature gate in the gardenlet has been promoted to GA. (#4279, @ialidzhikov)
  • [OPERATOR] Optional logging agent can be installed on the shoot nodes (#3813, @vlvasilev)
  • [DEVELOPER] Envtests are now run in a dedicated make target (make test-integration). (#4265, @timebertt)
  • [DEPENDENCY] Envtests that require the control plane binaries now have to be run using hack/test-integration.sh. Please consult gardener's Makefile as a reference usage. (#4265, @timebertt)

📰 Noteworthy

  • [USER] ⚠️ The kubelets on the shoot worker nodes will be restarted in the respective maintenance time windows of the shoot clusters. (#4321, @rfranzke)
  • [OPERATOR] The hyperkube image is now only downloaded exactly once per shoot worker node to prevent repetitive, undesired downloads in case the kubelet garbage-collects the image due to excessive root disk usage. (#4321, @rfranzke)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.27.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.27.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.27.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.27.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.27.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.27.0
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.27.0

Check out latest releases or
releases around gardener/gardener v1.27.0

Don't miss a new gardener release

NewReleases is sending notifications on new releases.

Get notifications