[gardener]

⚠️ Breaking Changes

• [USER] The core/v1alpha1 API version is dropped. (gardener/gardener#7965, @ary1992)
• [USER] The alpha.featuregates.shoot.gardener.cloud/apiserver-sni-pod-injector annotation has been dropped and is no longer available for Shoots. It should be removed from all existing Shoot resources. (gardener/gardener#7980, @rfranzke)
• [USER] Any resource with a kind other than ConfigMap or Secret in .spec.resources in Shoots is now forcefully removed. New validation has been introduced to prevent adding other resources in the future. (gardener/gardener#7995, @acumino)
• [USER] Webhooks remediator now sets the timeoutSeonds to 3 seconds for webhook affecting lease resources in kube-system namespace. (gardener/gardener#7902, @acumino)
• [OPERATOR] ⚠️ Seeds' .spec.settings.ownerChecks.enabled field is locked to false (i.e. if the field value is true a validation error will be returned). Before updating to this version of Gardener, set .spec.settings.ownerChecks.enabled field to false for you Seeds and ManagedSeeds. (gardener/gardener#7909, @dimitar-kostadinov)
• [OPERATOR] It is required to have ControllerRegistrationss for Kinds ControlPlane, Infrastructure and Worker with the same types used for seeds (seed.spec.provider.type). This is already the case if seeds and shoots share the same cloud provider. The seed reconciliation flow waits for the associated ControllerInstallation to be ready before continuing rolling out seed system components. It allows Gardener provider extensions to ship components that not only act on shoot control-plane but also on seed system components. (gardener/gardener#7928, @timuthy)
• [DEPENDENCY] The {github.com/gardener/gardener/pkg/apis/core/helper,github.com/gardener/gardener/pkg/apis/core/v1beta1/helper}.SeedSettingOwnerChecksEnabled will now return false if the corresponding Seed setting is nil. Previously, the func was returning true when the Seed setting is nil. (gardener/gardener#7909, @dimitar-kostadinov)
• [DEPENDENCY] The unused github.com/gardener/gardener/pkg/controllerutils/predicate.IsBeingMigratedPredicate, github.com/gardener/gardener/pkg/controllerutils/predicate.IsObjectBeingMigrated and github.com/gardener/gardener/pkg/utils/gardener.IsObjectBeingMigrated funcs are now removed. (gardener/gardener#7909, @dimitar-kostadinov)

✨ New Features

• [USER] The certificate chains served by kube-apiservers does now include the CA certificates used to sign their server certificates. (gardener/gardener#7961, @rfranzke)
• [OPERATOR] gardener-operator configures SNI components in order to expose the virtual-garden-kube-apiserver via the istio-ingressgateway in the Garden cluster. (gardener/gardener#7953, @timuthy)
  • With this change, operators can start to switch DNS records from the virtual-garden-kube-apiserver service to the istio-ingress service endpoint. The type of the virtual-garden-kube-apiserver service will soon be switched from LoadBalancer to ClusterIP.
• [DEVELOPER] When performing control plane migration with provider-local, the full migration and restoration logic implemented in the extensions library (generic Worker actuator) is now executed (previously, it was skipped). This improves the accuracy of the e2e tests for control plane migration. (gardener/gardener#7981, @rfranzke)

🐛 Bug Fixes

• [USER] A bug that prevented referencing ConfigMaps in .spec.resources in Shoots has been fixed. (gardener/gardener#7995, @acumino)
• [USER] A bug that prevented finalizers from being added to referenced Secrets or ConfigMaps in .spec.resources in Shoots has been fixed. (gardener/gardener#7995, @acumino)
• [OPERATOR] The NetworkPolicy reconciler is only added to gardener-operator if the .spec.runtimeCluster.networking.{pods,services} fields of the Garden are set. (gardener/gardener#7983, @shafeeqes)
• [OPERATOR] Several low timeouts (30s) that were introduced in v1.71.0 for several steps are now reverted as in some cases the Network/ControlPlane reconciliation cannot succeed for 30s. (gardener/gardener#8005, @ialidzhikov)

🏃 Others

• [OPERATOR] A configuration issue that resulted in a relatively slow startup and termination of the vali pods is fixed. (gardener/gardener#7979, @istvanballok)
• [OPERATOR] Add new grafana dashboard of seed deployment replicas (gardener/gardener#7896, @Sallyan)

[dependency-watchdog]

🏃 Others

• [OPERATOR] More categories are added to label a release note for a PR on DWD. (gardener/dependency-watchdog#75, @himanshu-kun)
  • Release notifications would now be sent to gardener-dwd channel (private) on releases.
• [OPERATOR] Probes will not be created for shoots with no workers. (gardener/dependency-watchdog#82, @unmarshall)
• [OPERATOR] Fixes for make check target (gardener/dependency-watchdog#87, @unmarshall)
• [DEPENDENCY] Following dependencies are updated: (gardener/dependency-watchdog#84, @unmarshall)
  • Go - 1.20.3
  • client-go - v0.26.2
  • controller-runtime - v0.14.5
  • gomega - v1.27.1
  • zap - v1.24.0
  • gardener/gardener v1.69.0
  • k8s (api and apimachinery) - v0.26.2

[etcd-backup-restore]

🐛 Bug Fixes

• [OPERATOR] Fixes a bug in backup-restore which falsely detects scale-up scenario incase of rolling update of statefulset. (gardener/etcd-backup-restore#614, @ishan16696)

🏃 Others

• [OPERATOR] Base alpine image upgraded from 3.15.7 to 3.15.8 (gardener/etcd-backup-restore#612, @aaronfern)
• [OPERATOR] Add a learner with backoff in case of scale-up feature is triggered. (gardener/etcd-backup-restore#617, @ishan16696)
• [OPERATOR] Added a safety check before adding a learner(non-voting) member in etcd cluster. (gardener/etcd-backup-restore#605, @ishan16696)
• [DEVELOPER] Upgrade to go 1.20.3 (gardener/etcd-backup-restore#613, @shreyas-s-rao)
• [DEVELOPER] Block public access for S3 buckets created by integration tests. (gardener/etcd-backup-restore#615, @shreyas-s-rao)

[etcd-custom-image]

🏃 Others

• [OPERATOR] Base alpine image for etcd-custom-image upgraded from 3.15.7 to 3.15.8 (gardener/etcd-custom-image#32, @aaronfern)

[etcd-druid]

✨ New Features

• [DEVELOPER] Run make ci-e2e-kind to run the e2e tests on local machine (gardener/etcd-druid#547, @abdasgupta)
• [DEVELOPER] Eliminated Role helm charts and converted into Golang component with added unit tests. (gardener/etcd-druid#538, @seshachalam-yv)
• [DEVELOPER] Eliminated RoleBinding helm charts and converted into Golang component with added unit tests. (gardener/etcd-druid#539, @seshachalam-yv)

🐛 Bug Fixes

• [OPERATOR] Added check to ensure that the scale up annotation is removed from the etcd statefulset only when scale-up succeeds (gardener/etcd-druid#587, @ishan16696)

🏃 Others

• [OPERATOR] When scaling from single-node to multi-node etcd cluster, Etcd Druid will now first ensure that any change to the peer URL (e.g TLS enablement) is seen by the existing etcd process running within the etcd member pod. Once that is confirmed then it will scale up the Etcd StatefulSet and add relevant annotations. (gardener/etcd-druid#598, @unmarshall)
• [OPERATOR] Backup-restore waits for its etcd to be ready before attempting to update peerUrl (gardener/etcd-druid#602, @abdasgupta)
• [OPERATOR] When scaling from single-node to multi-node etcd cluster, Etcd Druid will now first ensure that any change to the peer URL (e.g TLS enablement) is seen by the existing etcd process running within the etcd member pod. Once that is confirmed then it will scale up the Etcd StatefulSet and add relevant annotations. (gardener/etcd-druid#602, @abdasgupta)
• [OPERATOR] etcd-custom-image updates from v3.4.13-bootstrap-9 to v3.4.13-bootstrap-10 (gardener/etcd-druid#575, @aaronfern)
• [DEVELOPER] Upgrade to go 1.20.3. (gardener/etcd-druid#579, @shreyas-s-rao)
• [DEVELOPER] Block public access for S3 buckets created by e2e tests. (gardener/etcd-druid#581, @shreyas-s-rao)

[logging]

🐛 Bug Fixes

• [OPERATOR] Remove lastOperation check in fluent-bit-to-vali plugin. (gardener/logging#197, @vlvasilev)

Docker Images

admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.72.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.72.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.72.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.72.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.72.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.72.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.72.0