[gardener]
⚠️ Breaking Changes
- [USER] Earlier, Gardener created certificates with
Common Name: system:apiserver
for the Kube-Apiserver. In order to be DNS-1123 compliant, this certificate field is changed toCommon Name: kube-apiserver
for new shoot clusters. (#4467, @timuthy) - [OPERATOR] Kubernetes will remove the built-in dockershim, which means eventually all Gardener Shoots will need to switch to containerd. Operators of Gardener and Shoot owners need to take action, please continue reading our detailed guide about the why, what, and when! (#4452, @voelzmo)
- [OPERATOR] The following changes have been made incompatibly to the
GardenerSchedulerConfiguration
: (#4320, @xrstf)- The configuration key
server
has been refined intohealthProbes
andmetrics
. Note that both cannot be listening on the same port. - The
CachedRuntimeClients
feature gate has been removed, objects are now always cached. lockObjectName
was removed in favor ofresourceName
.lockObjectNamespace
was removed in favor ofresourceNamespace
.
- The configuration key
- [OPERATOR] If you deploy Gardener with the provided Helm charts, note that the metrics endpoint for the Gardener-Scheduler is now exposed via a service on port
9090
. (#4320, @xrstf)
🐛 Bug Fixes
- [USER] The symmetric keys
HS256
,HS384
andHS512
are now removed from the valid OIDC Signing algorithms as they are not supported by the kubernetes API server. (#4470, @plkokanov) - [OPERATOR] Keep the already available replicas of kube-controller-manager (if any) during Create operations regardless of whether hibernation is enabled or not. (#4479, @plkokanov)
- [OPERATOR] Keep kube-apiserver HPA scale down mode
Auto
even when scale down is disabled. The scale down is naturally disabled becauseminReplicas
andmaxReplicas
are set to be equal. (#4451, @amshuman-kr)
🏃 Others
- [OPERATOR] A bug has been fixed which prevented the CSR auto-approval process for Gardenlet certificates when the
SeedAuthorizer
is enabled. Hence, the user certificate used by Gardenlet to connect to the Garden cluster was not renewed successfully. (#4502, @timuthy) - [OPERATOR] Azure errors with OverconstrainedZonalAllocationRequest error code are now classified as configuration problems. (#4482, @plkokanov)
- [OPERATOR] Improved handling of the shoot resource in the shoot controller to ensure that data races are avoided as much as possible. (#4459, @stoyanr)
- [OPERATOR] Ensured that the backup entry name is generated only once using non-empty strings to prevent issues with backup entry names generated as
--
. (#4454, @stoyanr) - [OPERATOR] Projects are now reconciled every time a shoot is created. (#4447, @kris94)
- [OPERATOR] Grafana discovers available logging components at runtime for "Controlplane Logs Dashboard" (#4387, @vlvasilev)
- [DEVELOPER] Added new staticchecks by bumping
golangci-lint
. Please make sure to update your local installation ofgolangci-lint
, e.g. by runningmake install-requirements
(#4475, @voelzmo)
[logging]
🏃 Others
- [DEVELOPER] Add Telegraf image to the ci pipeline (gardener/logging#104, @vlvasilev)
Docker Images
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.29.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.29.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.29.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.29.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.29.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.29.0
landscaper-gardenlet: eu.gcr.io/gardener-project/gardener/landscaper-gardenlet:v1.29.0