github gardener/gardener v1.42.0
on GitHub

latest releases: v1.92.2, v1.90.8, v1.91.4...
2 years ago

[gardener]

⚠️ Breaking Changes

  • [OPERATOR] It is no longer possible to disable the audit policy configmap protection of the Shoot reference controller of gardener-controller-manager. The audit policy configmap protection is enabled by default since v1.41 and was mainly introduced for backwards-compatibility reasons related to the Shoot deletion. (gardener/gardener#5525, @ialidzhikov)
  • [OPERATOR] The AdminKubeconfigRequest feature gate in the gardener-apiserver has been promoted to GA. (gardener/gardener#5511, @acumino)
  • [OPERATOR] The deprecated error code ERR_INFRA_INSUFFICIENT_PRIVILEGES is removed in favour of ERR_INFRA_UNAUTHORIZED. (gardener/gardener#5501, @shafeeqes)
  • [OPERATOR] Switch default leader election resource lock for dependency-watchdog from endpoints to endpointsleases (gardener/gardener#5497, @ashwani2k)
  • [DEPENDENCY] Use ginkgo v2 Report structures and drop usage of deprecated custom reporter. To adapt, replace the call of reporters.ReportViaDeprecatedReporter within any ReportAfterSuite node with reporter.ReportResults(*reportFilePath, *esIndex, report) (gardener/gardener#5504, @hendrikKahl)
  • [DEPENDENCY] The packages test/ and extensions/test/ have been restructured. You might need to adapt your imports accordingly. (gardener/gardener#5469, @timebertt)

✨ New Features

  • [USER] It is now possible to configure multiple accepted issuers for a shoot's kube-apiserver by setting .kubernetes.kubeAPIServer.serviceAccountConfig.acceptedIssuers in the shoot spec. This list of issuers will not be used to generate new service account tokens but will be used to determine if a service account token is accepted by asserting the value in the iss claim. This also allows a non-disruptive change of the current issuer of a kube-apiserver. (gardener/gardener#5498, @dimityrmirchev)
  • [OPERATOR] Operators can now provide a scaleUpDelaySeconds or|and scaleDownDelaySeconds for individual dependent resources for dependency-watchdog probe to consider while scaling. (gardener/gardener#5497, @ashwani2k)
    • In addition to the delay, for each resource managed by dependency-watchdog probe one can also specify additional dependent resources via a new field scaleRefDependsOn. This ensures that dependency-watchdog probe applies scaling operation on a resource only if the dependents for this resource defined under scaleRefDependsOn are available in the desired state as per the applicable scaling operation.
  • [OPERATOR] Add VPA-recommender scrape config to seed-prometheus (gardener/gardener#5467, @voelzmo)
  • [DEVELOPER] Enhance package structure to isolate APIs (gardener/gardener#5497, @ashwani2k)
    • Export types in pkg/restarter and pkg/scaler to make them reusable for other packages.

🐛 Bug Fixes

🏃 Others

  • [OPERATOR] The proxy container of the apiserver-proxy now has a liveness probe ensuring that failing containers get restarted. (gardener/gardener#5544, @ScheererJ)
  • [OPERATOR] Adds a new label to the cloudprovider secret so that it can be filtered by controllers. (gardener/gardener#5527, @kon-angelo)
    • The cloudprovider webhook now filters secrets using the new label of the cloudprovider secret.
  • [OPERATOR] A bug has been fixed causing gardenlet to panic when a Shoot with multiple worker pools specifies eviction settings for the kubelet configuration in .spec.kubernetes.kubelet while .spec.provider.workers[].kubernetes.kubelet=nil. (gardener/gardener#5516, @rfranzke)
  • [OPERATOR] Promote gardenlet feature gate ReversedVPN to beta. (gardener/gardener#5515, @ScheererJ)
  • [OPERATOR] The DenyInvalidExtensionResources feature gate in the seed-admission-controller has been promoted to beta and is now enabled by default. (gardener/gardener#5512, @ary1992)
  • [OPERATOR] gardener-controller-manager's SecretBinding provider controller is now enabled by default. (gardener/gardener#5499, @ialidzhikov)
  • [OPERATOR] ManagedSeeds can now specify whether updates to the ManagedSeed spec are applied with a jitter. It can configured via the flag jitterUpdates in the managed seed controller configuration. (gardener/gardener#5483, @ary1992)
  • [OPERATOR] Improve Grafana panels regarding Request latency (gardener/gardener#5477, @istvanballok)
  • [OPERATOR] The Golang version was bumped to 1.17.7. (gardener/gardener#5476, @ialidzhikov)
  • [OPERATOR] A mutating admission plugin is added which adds labels for the extension types specified in the spec of the objects (Seeds, Shoots, CloudProfiles, BackupBuckets, BackupEntrys). Extensions can make use of this label as object selector in their admission webhooks to filter out the resources, which they are responsible for. (gardener/gardener#5472, @shafeeqes)
  • [OPERATOR] The gardener-resource-manager is now destroyed early in the deletion flow. In this way there will not be a failing deployment with PDB that prevents graceful termination of seed nodes. (gardener/gardener#5466, @vpnachev)
  • [DEVELOPER] License and copyright information is now specified in REUSE format. (gardener/gardener#5497, @ashwani2k)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.42.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.42.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.42.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.42.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.42.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.42.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.42.0

Check out latest releases or
releases around gardener/gardener v1.42.0

Don't miss a new gardener release

NewReleases is sending notifications on new releases.

Get notifications