[gardener]
⚠️ Breaking Changes
- [OPERATOR] It is no longer possible to disable the audit policy configmap protection of the Shoot reference controller of gardener-controller-manager. The audit policy configmap protection is enabled by default since v1.41 and was mainly introduced for backwards-compatibility reasons related to the Shoot deletion. (gardener/gardener#5525, @ialidzhikov)
- [OPERATOR] The
AdminKubeconfigRequest
feature gate in thegardener-apiserver
has been promoted to GA. (gardener/gardener#5511, @acumino) - [OPERATOR] The deprecated error code
ERR_INFRA_INSUFFICIENT_PRIVILEGES
is removed in favour ofERR_INFRA_UNAUTHORIZED
. (gardener/gardener#5501, @shafeeqes) - [OPERATOR] Switch default leader election resource lock for
dependency-watchdog
fromendpoints
toendpointsleases
(gardener/gardener#5497, @ashwani2k) - [DEPENDENCY] Use ginkgo v2
Report
structures and drop usage of deprecated custom reporter. To adapt, replace the call ofreporters.ReportViaDeprecatedReporter
within anyReportAfterSuite
node withreporter.ReportResults(*reportFilePath, *esIndex, report)
(gardener/gardener#5504, @hendrikKahl) - [DEPENDENCY] The packages
test/
andextensions/test/
have been restructured. You might need to adapt your imports accordingly. (gardener/gardener#5469, @timebertt)
✨ New Features
- [USER] It is now possible to configure multiple accepted issuers for a shoot's
kube-apiserver
by setting.kubernetes.kubeAPIServer.serviceAccountConfig.acceptedIssuers
in the shoot spec. This list of issuers will not be used to generate new service account tokens but will be used to determine if a service account token is accepted by asserting the value in theiss
claim. This also allows a non-disruptive change of the current issuer of akube-apiserver
. (gardener/gardener#5498, @dimityrmirchev) - [OPERATOR] Operators can now provide a
scaleUpDelaySeconds
or|andscaleDownDelaySeconds
for individual dependent resources for dependency-watchdog probe to consider while scaling. (gardener/gardener#5497, @ashwani2k)- In addition to the delay, for each resource managed by dependency-watchdog probe one can also specify additional dependent resources via a new field
scaleRefDependsOn
. This ensures that dependency-watchdog probe applies scaling operation on a resource only if the dependents for this resource defined underscaleRefDependsOn
are available in the desired state as per the applicable scaling operation.
- In addition to the delay, for each resource managed by dependency-watchdog probe one can also specify additional dependent resources via a new field
- [OPERATOR] Add VPA-recommender scrape config to seed-prometheus (gardener/gardener#5467, @voelzmo)
- [DEVELOPER] Enhance package structure to isolate APIs (gardener/gardener#5497, @ashwani2k)
- Export types in
pkg/restarter
andpkg/scaler
to make them reusable for other packages.
- Export types in
🐛 Bug Fixes
- [OPERATOR] A bug has been fixed that caused the monitoring data to falsely display the API server as unavailable from shoots. (gardener/gardener#5543, @timebertt)
- [OPERATOR] Fix panic during shoot spec and status check. (gardener/gardener#5497, @ashwani2k)
- [OPERATOR] An error has been fixed that sporadically occurred during shoot deletion and was related to
volumesnapshots
,volumesnapshotcontents
not being found. (gardener/gardener#5484, @timuthy) - [OPERATOR] An issue preventing the nginx-ingress addon to be disabled is now fixed. (gardener/gardener#5482, @ialidzhikov)
- [OPERATOR] When SUSE OS node is restarted and "/run/log/journal" the promtail service continue to read from "/var/log/journal". (gardener/gardener#5470, @vlvasilev)
🏃 Others
- [OPERATOR] The proxy container of the apiserver-proxy now has a liveness probe ensuring that failing containers get restarted. (gardener/gardener#5544, @ScheererJ)
- [OPERATOR] Adds a new label to the
cloudprovider
secret so that it can be filtered by controllers. (gardener/gardener#5527, @kon-angelo)- The
cloudprovider
webhook now filters secrets using the new label of thecloudprovider
secret.
- The
- [OPERATOR] A bug has been fixed causing gardenlet to panic when a
Shoot
with multiple worker pools specifies eviction settings for the kubelet configuration in.spec.kubernetes.kubelet
while.spec.provider.workers[].kubernetes.kubelet=nil
. (gardener/gardener#5516, @rfranzke) - [OPERATOR] Promote gardenlet feature gate
ReversedVPN
to beta. (gardener/gardener#5515, @ScheererJ) - [OPERATOR] The
DenyInvalidExtensionResources
feature gate in theseed-admission-controller
has been promoted to beta and is now enabled by default. (gardener/gardener#5512, @ary1992) - [OPERATOR] gardener-controller-manager's SecretBinding provider controller is now enabled by default. (gardener/gardener#5499, @ialidzhikov)
- [OPERATOR] ManagedSeeds can now specify whether updates to the ManagedSeed spec are applied with a jitter. It can configured via the flag
jitterUpdates
in the managed seed controller configuration. (gardener/gardener#5483, @ary1992) - [OPERATOR] Improve Grafana panels regarding Request latency (gardener/gardener#5477, @istvanballok)
- [OPERATOR] The Golang version was bumped to
1.17.7
. (gardener/gardener#5476, @ialidzhikov) - [OPERATOR] A mutating admission plugin is added which adds labels for the extension types specified in the spec of the objects (
Seed
s,Shoot
s,CloudProfile
s,BackupBucket
s,BackupEntry
s). Extensions can make use of this label as object selector in their admission webhooks to filter out the resources, which they are responsible for. (gardener/gardener#5472, @shafeeqes) - [OPERATOR] The
gardener-resource-manager
is now destroyed early in the deletion flow. In this way there will not be a failing deployment with PDB that prevents graceful termination of seed nodes. (gardener/gardener#5466, @vpnachev) - [DEVELOPER] License and copyright information is now specified in REUSE format. (gardener/gardener#5497, @ashwani2k)
Docker Images
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.42.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.42.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.42.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.42.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.42.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.42.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.42.0