[gardener]
⚠️ Breaking Changes
- [OPERATOR] The
.spec.highAvailabilityfield in theSeedis deprecated and no longer respected. It will be removed in a future release. Theseed.gardener.cloud/multi-zonallabel is removed and no longer respected. Instead, theSeedAPI now has.spec.provider.zones. Operators should enter the names of all availability zones the seed worker nodes run in. (gardener/gardener#6914, @rfranzke) - [OPERATOR]
HAControlPlanesfeature gate is added togardener-apiserverand removed fromgardenlet. (gardener/gardener#6915, @oliver-goetz) - [OPERATOR] The values for the
gardenletHelm chart are no longer put below.global.gardenlet. For example, before this PR the replica count was controlled via theglobal.gardenlet.replicaCountvalue while it's now controlled viareplicaCountdirectly. Please adapt your values files accordingly. (gardener/gardener#6876, @rfranzke) - [OPERATOR] The
validate-namespace-deletionValidatingWebhookConfigurationis renamed togardener-admission-controller. You might need to cleanup the existingvalidate-namespace-deletionValidatingWebhookConfiguration. (gardener/gardener#6894, @AleksandarSavchev) - [OPERATOR] The
gardener-shoot-controlplanePriorityClassis now deleted bygardenlet. Before updating to this version of Gardener, make sure that there are no extensions or external components still using thisPriorityClass. Refer to this documentation to find out whichPriorityClassshould be used instead. (gardener/gardener#6899, @ialidzhikov) - [DEVELOPER] The
gardener-resource-managercomponent has been reworked entirely. It now uses a component config instead of CLI flags. Also, its Helm chart has been reworked entirely. (gardener/gardener#6865, @rfranzke)
✨ New Features
- [USER] It is now possible to configure the
protectKernelDefaultsfield for the kubelet configuration in theShootAPI via.spec.{provider.workers[]}.kubernetes.kubelet.protectKernelDefaults. This will be unset by default for shoots with k8s version < 1.26 and will be defaulted totruefor shoots with k8s version >= 1.26 once Gardener releases support for these versions. (gardener/gardener#6919, @dimityrmirchev) - [USER] It is now possible to configure the
streamingConnectionIdleTimeoutfield for the kubelet configuration in theShootAPI via.spec.{provider.workers[]}.kubernetes.kubelet.streamingConnectionIdleTimeout. This is implicitly defaulted to4hfor shoots with k8s version < 1.26 and will be defaulted to5mfor shoots with k8s version >= 1.26 once Gardener releases support for these versions. (gardener/gardener#6937, @dimityrmirchev) - [USER] Kubelet configurations
containerLogMaxSizeandcontainerLogMaxFilesare now supported in the correspondingShootresource. Those properties manage rotation policy of the container logs. Under heavy load the default values may result in frequent log rotations. (gardener/gardener#6702, @nickytd) - [OPERATOR]
HAControlPlanesfeature gate controls if it is possible to create shoots with aHighAvailabilityconfiguration in the landscape. (gardener/gardener#6915, @oliver-goetz) - [DEVELOPER] log-level and log-format of
provider-localcan now be configured. (gardener/gardener#6875, @oliver-goetz) - [DEPENDENCY] Extensions can now use the
extensions/pkg/util.{DetermineError,DetermineErrorCodes}functions for conveniently handling errors with codes. (gardener/gardener#6912, @acumino) - [DEPENDENCY]
gardener-extensions-controllerpackage includes CLI parameter for--log-leveland--log-formatnow. (gardener/gardener#6875, @oliver-goetz)
🐛 Bug Fixes
- [OPERATOR] An issue has been fixed for shoot clusters on multi-zonal seeds that prevented control-plane pods from being scheduled, e.g. after hibernation. With this version of Gardener, zone-pinning for shoot control-planes will be suspended until a new version of the feature will be rolled out in a future release. (gardener/gardener#6934, @timuthy)
- [OPERATOR] A bug has been fixed which could prevent
gardenletpods from coming up in case theseccomp-profilewebhook served bygardener-resource-manageris unavailable or broken. (gardener/gardener#6953, @dimityrmirchev) - [OPERATOR] The
KubeApiServerTooManyAuditlogFailuresalert is now fixed to fire also when the audit pluginsbufferedandtruncateare failing to process an audit event. (gardener/gardener#6871, @vpnachev) - [OPERATOR] An issue causing the
nginx-ingress-controllerinstalled via the shoot'snginx-ingressaddon to fail to start when cluster-wide seccomp defaulting is enabled is now fixed. (gardener/gardener#6895, @dimityrmirchev)
🏃 Others
- [USER] The rotation procedure of the
ServiceAccounttoken signing key has been improved. (gardener/gardener#6943, @rfranzke) - [OPERATOR] Profiling is now disabled for
kube-controller-managerfor shoots that have Kubernetes version >= 1.19. (gardener/gardener#6922, @dimityrmirchev) - [OPERATOR] You should make sure that all
Shoots are getting reconciled successfully or deleted in case they still have either theetcd-encryption-secretorservice-account-keysecrets in their namespaces in the seed cluster. (gardener/gardener#6929, @rfranzke) - [OPERATOR] The zone-pinning feature for control-planes on multi-zonal seeds (introduced by #6579) has been removed. There will be a new version of the feature soon, that takes a different approach and fixes some bug and flaws along the way. (gardener/gardener#6934, @timuthy)
- [OPERATOR] Revert removal
DNSProviderfrom supported extension kinds untilv1.60.0or later. (gardener/gardener#6951, @MartinWeindel) - [OPERATOR] The
ManagedResources related to seed system components are now labeled withgardener.cloud/role=system-component. (gardener/gardener#6836, @rfranzke) - [OPERATOR] The
gardenletnow waits for all managed resources referring the shoot to be deleted before continuing with the deletion of the shoot'skube-apiserverduring shoot deletion or controlplane migration. (gardener/gardener#6853, @dimityrmirchev) - [OPERATOR] Add new Prometheus alert
ApiserverRequestsFailureRatefor API Server failure rate. (gardener/gardener#6736, @cathyzhang05) - [OPERATOR]
gardenletno longer tries to deleteIngressresources for aSeedvia theextensions/v1beta1API (no longer served as of K8s 1.22). As Gardener supports onlySeedclusters with K8s >= 1.20, it is enough to delete theIngressresources via thenetworking.k8s.io/v1API (available since v1.19). (gardener/gardener#6866, @ialidzhikov) - [OPERATOR] The
Kubernetes Control Plane Statusdashboard has been updated to show correct values forkube-controller-managerandkube-scheduleronce they are deployed with multiple replicas for HA shoots. (gardener/gardener#6874, @timuthy) - [DEVELOPER] Update
golangcitov1.50.1. (gardener/gardener#6916, @oliver-goetz) - [DEVELOPER] Go is updated to
1.19.3(gardener/gardener#6941, @oliver-goetz)
[apiserver-proxy]
⚠️ Breaking Changes
- [DEVELOPER]
bazelis no longer used for builds ands tests. As alternative a Makefile with equivalent targets is now provided. (gardener/apiserver-proxy#25, @ialidzhikov)
🐛 Bug Fixes
- [USER] An issue causing the
apiserver-proxy-pod-webhookto wrongly remove thegrpcfield fromlivenessProbes,readinessProbes andstartupProbes when defaulting a Pod is now fixed. (gardener/apiserver-proxy#24, @ialidzhikov) - [OPERATOR] Native arm64 builds (builds on arm hosts) are now supported. Previously only arm64 builds with qemu were supported. (gardener/apiserver-proxy#25, @ialidzhikov)
🏃 Others
- [OPERATOR] Updated base image of apiserver-proxy to alpine 3.16.2 (gardener/apiserver-proxy#21, @ScheererJ)
- [OPERATOR] The golang version is updated to
1.19.2. (gardener/apiserver-proxy#22, @ialidzhikov) - [OPERATOR] The following dependencies are updated: (gardener/apiserver-proxy#24, @ialidzhikov)
- k8s.io/api: v0.19.2 -> v0.23.5
- k8s.io/apimachinery: v0.19.2 -> v0.23.5
- k8s.io/apiserver: v0.19.2 -> v0.23.5
- k8s.io/client-go: v0.19.2 -> v0.23.5
- sigs.k8s.io/controller-runtime: v0.7.0-alpha.4 -> v0.11.2
[logging]
🏃 Others
- [OPERATOR] The Telegraf image used by Loki pod is built from scratch with static binary. (gardener/logging#158, @vlvasilev)