[gardener]

⚠️ Breaking Changes

• [USER] Earlier, Gardener created certificates with Common Name: system:apiserver for the Kube-Apiserver. In order to be DNS-1123 compliant, this certificate field is changed to Common Name: kube-apiserver for new shoot clusters. (#4467, @timuthy)
• [OPERATOR] Kubernetes will remove the built-in dockershim, which means eventually all Gardener Shoots will need to switch to containerd. Operators of Gardener and Shoot owners need to take action, please continue reading our detailed guide about the why, what, and when! (#4452, @voelzmo)
• [OPERATOR] The following changes have been made incompatibly to the GardenerSchedulerConfiguration: (#4320, @xrstf)
  • The configuration key server has been refined into healthProbes and metrics. Note that both cannot be listening on the same port.
  • The CachedRuntimeClients feature gate has been removed, objects are now always cached.
  • lockObjectName was removed in favor of resourceName.
  • lockObjectNamespace was removed in favor of resourceNamespace.
• [OPERATOR] If you deploy Gardener with the provided Helm charts, note that the metrics endpoint for the Gardener-Scheduler is now exposed via a service on port 9090. (#4320, @xrstf)

🐛 Bug Fixes

• [USER] The symmetric keys HS256, HS384 and HS512 are now removed from the valid OIDC Signing algorithms as they are not supported by the kubernetes API server. (#4470, @plkokanov)
• [OPERATOR] Keep the already available replicas of kube-controller-manager (if any) during Create operations regardless of whether hibernation is enabled or not. (#4479, @plkokanov)
• [OPERATOR] Keep kube-apiserver HPA scale down mode Auto even when scale down is disabled. The scale down is naturally disabled because minReplicas and maxReplicas are set to be equal. (#4451, @amshuman-kr)

🏃 Others

• [OPERATOR] A bug has been fixed which prevented the CSR auto-approval process for Gardenlet certificates when the SeedAuthorizer is enabled. Hence, the user certificate used by Gardenlet to connect to the Garden cluster was not renewed successfully. (#4502, @timuthy)
• [OPERATOR] Azure errors with OverconstrainedZonalAllocationRequest error code are now classified as configuration problems. (#4482, @plkokanov)
• [OPERATOR] Improved handling of the shoot resource in the shoot controller to ensure that data races are avoided as much as possible. (#4459, @stoyanr)
• [OPERATOR] Ensured that the backup entry name is generated only once using non-empty strings to prevent issues with backup entry names generated as --. (#4454, @stoyanr)
• [OPERATOR] Projects are now reconciled every time a shoot is created. (#4447, @kris94)
• [OPERATOR] Grafana discovers available logging components at runtime for "Controlplane Logs Dashboard" (#4387, @vlvasilev)
• [DEVELOPER] Added new staticchecks by bumping golangci-lint. Please make sure to update your local installation of golangci-lint, e.g. by running make install-requirements (#4475, @voelzmo)

[logging]

🏃 Others

• [DEVELOPER] Add Telegraf image to the ci pipeline (gardener/logging#104, @vlvasilev)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.29.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.29.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.29.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.29.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.29.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.29.0
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.29.0