[gardener]
⚠️ Breaking Changes
- [USER] The
core/v1alpha1
API version is dropped. (gardener/gardener#7965, @ary1992) - [USER] The
alpha.featuregates.shoot.gardener.cloud/apiserver-sni-pod-injector
annotation has been dropped and is no longer available forShoot
s. It should be removed from all existingShoot
resources. (gardener/gardener#7980, @rfranzke) - [USER] Any resource with a kind other than
ConfigMap
orSecret
in.spec.resources
inShoot
s is now forcefully removed. New validation has been introduced to prevent adding other resources in the future. (gardener/gardener#7995, @acumino) - [USER] Webhooks remediator now sets the timeoutSeonds to 3 seconds for webhook affecting lease resources in
kube-system
namespace. (gardener/gardener#7902, @acumino) - [OPERATOR] ⚠️ Seeds'
.spec.settings.ownerChecks.enabled
field is locked tofalse
(i.e. if the field value is true a validation error will be returned). Before updating to this version of Gardener, set.spec.settings.ownerChecks.enabled
field tofalse
for you Seeds and ManagedSeeds. (gardener/gardener#7909, @dimitar-kostadinov) - [OPERATOR] It is required to have
ControllerRegistrations
s for KindsControlPlane
,Infrastructure
andWorker
with the same types used for seeds (seed.spec.provider.type
). This is already the case if seeds and shoots share the same cloud provider. The seed reconciliation flow waits for the associatedControllerInstallation
to be ready before continuing rolling out seed system components. It allows Gardener provider extensions to ship components that not only act on shoot control-plane but also on seed system components. (gardener/gardener#7928, @timuthy) - [DEPENDENCY] The
{github.com/gardener/gardener/pkg/apis/core/helper,github.com/gardener/gardener/pkg/apis/core/v1beta1/helper}.SeedSettingOwnerChecksEnabled
will now returnfalse
if the corresponding Seed setting isnil
. Previously, the func was returningtrue
when the Seed setting isnil
. (gardener/gardener#7909, @dimitar-kostadinov) - [DEPENDENCY] The unused
github.com/gardener/gardener/pkg/controllerutils/predicate.IsBeingMigratedPredicate
,github.com/gardener/gardener/pkg/controllerutils/predicate.IsObjectBeingMigrated
andgithub.com/gardener/gardener/pkg/utils/gardener.IsObjectBeingMigrated
funcs are now removed. (gardener/gardener#7909, @dimitar-kostadinov)
✨ New Features
- [USER] The certificate chains served by
kube-apiserver
s does now include the CA certificates used to sign their server certificates. (gardener/gardener#7961, @rfranzke) - [OPERATOR]
gardener-operator
configures SNI components in order to expose thevirtual-garden-kube-apiserver
via theistio-ingressgateway
in the Garden cluster. (gardener/gardener#7953, @timuthy)- With this change, operators can start to switch DNS records from the
virtual-garden-kube-apiserver
service to theistio-ingress
service endpoint. The type of thevirtual-garden-kube-apiserver
service will soon be switched fromLoadBalancer
toClusterIP
.
- With this change, operators can start to switch DNS records from the
- [DEVELOPER] When performing control plane migration with
provider-local
, the full migration and restoration logic implemented in the extensions library (genericWorker
actuator) is now executed (previously, it was skipped). This improves the accuracy of the e2e tests for control plane migration. (gardener/gardener#7981, @rfranzke)
🐛 Bug Fixes
- [USER] A bug that prevented referencing
ConfigMap
s in.spec.resources
inShoot
s has been fixed. (gardener/gardener#7995, @acumino) - [USER] A bug that prevented finalizers from being added to referenced
Secret
s orConfigMap
s in.spec.resources
inShoot
s has been fixed. (gardener/gardener#7995, @acumino) - [OPERATOR] The
NetworkPolicy
reconciler is only added togardener-operator
if the.spec.runtimeCluster.networking.{pods,services}
fields of theGarden
are set. (gardener/gardener#7983, @shafeeqes) - [OPERATOR] Several low timeouts (30s) that were introduced in v1.71.0 for several steps are now reverted as in some cases the Network/ControlPlane reconciliation cannot succeed for 30s. (gardener/gardener#8005, @ialidzhikov)
🏃 Others
- [OPERATOR] A configuration issue that resulted in a relatively slow startup and termination of the vali pods is fixed. (gardener/gardener#7979, @istvanballok)
- [OPERATOR] Add new grafana dashboard of seed deployment replicas (gardener/gardener#7896, @Sallyan)
[dependency-watchdog]
🏃 Others
- [OPERATOR] More categories are added to label a release note for a PR on DWD. (gardener/dependency-watchdog#75, @himanshu-kun)
- Release notifications would now be sent to
gardener-dwd
channel (private) on releases.
- Release notifications would now be sent to
- [OPERATOR] Probes will not be created for shoots with no workers. (gardener/dependency-watchdog#82, @unmarshall)
- [OPERATOR] Fixes for
make check
target (gardener/dependency-watchdog#87, @unmarshall) - [DEPENDENCY] Following dependencies are updated: (gardener/dependency-watchdog#84, @unmarshall)
- Go - 1.20.3
- client-go - v0.26.2
- controller-runtime - v0.14.5
- gomega - v1.27.1
- zap - v1.24.0
- gardener/gardener v1.69.0
- k8s (api and apimachinery) - v0.26.2
[etcd-backup-restore]
🐛 Bug Fixes
- [OPERATOR] Fixes a bug in backup-restore which falsely detects scale-up scenario incase of rolling update of statefulset. (gardener/etcd-backup-restore#614, @ishan16696)
🏃 Others
- [OPERATOR] Base alpine image upgraded from
3.15.7
to3.15.8
(gardener/etcd-backup-restore#612, @aaronfern) - [OPERATOR] Add a learner with backoff in case of scale-up feature is triggered. (gardener/etcd-backup-restore#617, @ishan16696)
- [OPERATOR] Added a safety check before adding a learner(non-voting) member in etcd cluster. (gardener/etcd-backup-restore#605, @ishan16696)
- [DEVELOPER] Upgrade to go 1.20.3 (gardener/etcd-backup-restore#613, @shreyas-s-rao)
- [DEVELOPER] Block public access for S3 buckets created by integration tests. (gardener/etcd-backup-restore#615, @shreyas-s-rao)
[etcd-custom-image]
🏃 Others
- [OPERATOR] Base alpine image for etcd-custom-image upgraded from
3.15.7
to3.15.8
(gardener/etcd-custom-image#32, @aaronfern)
[etcd-druid]
✨ New Features
- [DEVELOPER] Run
make ci-e2e-kind
to run the e2e tests on local machine (gardener/etcd-druid#547, @abdasgupta) - [DEVELOPER] Eliminated
Role
helm charts and converted into Golang component with added unit tests. (gardener/etcd-druid#538, @seshachalam-yv) - [DEVELOPER] Eliminated
RoleBinding
helm charts and converted into Golang component with added unit tests. (gardener/etcd-druid#539, @seshachalam-yv)
🐛 Bug Fixes
- [OPERATOR] Added check to ensure that the scale up annotation is removed from the etcd statefulset only when scale-up succeeds (gardener/etcd-druid#587, @ishan16696)
🏃 Others
- [OPERATOR] When scaling from single-node to multi-node etcd cluster, Etcd Druid will now first ensure that any change to the peer URL (e.g TLS enablement) is seen by the existing etcd process running within the etcd member pod. Once that is confirmed then it will scale up the Etcd StatefulSet and add relevant annotations. (gardener/etcd-druid#598, @unmarshall)
- [OPERATOR] Backup-restore waits for its etcd to be ready before attempting to update peerUrl (gardener/etcd-druid#602, @abdasgupta)
- [OPERATOR] When scaling from single-node to multi-node etcd cluster, Etcd Druid will now first ensure that any change to the peer URL (e.g TLS enablement) is seen by the existing etcd process running within the etcd member pod. Once that is confirmed then it will scale up the Etcd StatefulSet and add relevant annotations. (gardener/etcd-druid#602, @abdasgupta)
- [OPERATOR] etcd-custom-image updates from
v3.4.13-bootstrap-9
tov3.4.13-bootstrap-10
(gardener/etcd-druid#575, @aaronfern) - [DEVELOPER] Upgrade to go 1.20.3. (gardener/etcd-druid#579, @shreyas-s-rao)
- [DEVELOPER] Block public access for S3 buckets created by e2e tests. (gardener/etcd-druid#581, @shreyas-s-rao)
[logging]
🐛 Bug Fixes
- [OPERATOR] Remove lastOperation check in fluent-bit-to-vali plugin. (gardener/logging#197, @vlvasilev)
Docker Images
admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.72.0
apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.72.0
controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.72.0
scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.72.0
operator: eu.gcr.io/gardener-project/gardener/operator:v1.72.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.72.0
resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.72.0