v1.95.1-0
Release Notes v1.95
Yake release notes and upgrade guide
Related upstream release notes / changelogs
Update external-dns-management to 0.18.5
[gardener/external-dns-management]
π Bug Fixes
[OPERATOR]
As AWS "us-gov" zones do not support alias target records, they are excluded from the list of canonical hosted zones used to decide ifALIAS
records are created instead ofCNAME
records. by @MartinWeindel [#365][USER]
Keep stale entries of other providers of the same zone untouched if all providers but one have invalid credentials and last valid provider is removed. by @MartinWeindel [#364]
π Others
[OPERATOR]
Update golang from1.21.6
to1.22.2
by @MartinWeindel [#366]
Docker Images
- dns-controller-manager:
europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.18.5
Update shoot-dns-service to 1.47.0
[gardener/external-dns-management]
π Bug Fixes
[USER]
Keep stale entries of other providers of the same zone untouched if all providers but one have invalid credentials and last valid provider is removed. by @MartinWeindel [gardener/external-dns-management#364][OPERATOR]
As AWS "us-gov" zones do not support alias target records, they are excluded from the list of canonical hosted zones used to decide ifALIAS
records are created instead ofCNAME
records. by @MartinWeindel [gardener/external-dns-management#365]
π Others
[OPERATOR]
Update golang from1.21.6
to1.22.2
by @MartinWeindel [gardener/external-dns-management#366]
[gardener/gardener-extension-shoot-dns-service]
π Others
[OPERATOR]
Bumps github.com/gardener/gardener from 1.91.0 to 1.92.0. by @dependabot[bot] [#318]
Docker Images
- gardener-extension-admission-shoot-dns-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-shoot-dns-service:v1.47.0
- gardener-extension-shoot-dns-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-dns-service:v1.47.0
Update shoot-dns-service to 1.47.1
[gardener/gardener-extension-shoot-dns-service]
π Bug Fixes
[OPERATOR]
fix regression bug "secret name is not defined as named resource references at 'spec.resources'" introduced with #320 byMartin Weindel <martin.weindel@sap.com>
[$490d837737a4f524b83b8997a18f31e860f23fc3]
Docker Images
- gardener-extension-admission-shoot-dns-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-shoot-dns-service:v1.47.1
- gardener-extension-shoot-dns-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-dns-service:v1.47.1
Update gardener-metrics-exporter to 0.30.0
[gardener/gardener-metrics-exporter]
π Others
[OPERATOR]
The costObject for workerless shoots is now determined correctly. by @vicwicker [#103][OPERATOR]
Add garden_version to the garden_shoot_info metric by @Kumm-Kai [#101][OPERATOR]
Renamegarden_version
label togardener_version
ongarden_shoot_info
metric. by @rickardsjp [#102]
Docker Images
- metrics-exporter:
europe-docker.pkg.dev/gardener-project/releases/gardener/metrics-exporter:0.30.0
Update gardener-metrics-exporter to 0.30.0
[gardener/gardener-metrics-exporter]
π Others
[OPERATOR]
The costObject for workerless shoots is now determined correctly. by @vicwicker [#103][OPERATOR]
Add garden_version to the garden_shoot_info metric by @Kumm-Kai [#101][OPERATOR]
Renamegarden_version
label togardener_version
ongarden_shoot_info
metric. by @rickardsjp [#102]
Docker Images
- metrics-exporter:
europe-docker.pkg.dev/gardener-project/releases/gardener/metrics-exporter:0.30.0
Update provider-aws to 1.54.1
[gardener/gardener-extension-provider-aws]
π Bug Fixes
[OPERATOR]
DNSRecord controller will not create ALIAS DNS records for AWS "us-gov" zones anymore. by @AndreasBurger [#930]
π Others
[OPERATOR]
Bump github.com/gardener/external-dns-management from 0.18.4 to 0.18.5. by @AndreasBurger [#930]
Docker Images
- gardener-extension-admission-aws:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-aws:v1.54.1
- gardener-extension-provider-aws:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-aws:v1.54.1
Update cert-management to 0.14.1
[gardener/cert-management]
π Others
[OPERATOR]
Fix cluster configuration for new source controllersistio-gateways-dns
andk8s-gateways-dns
. by @MartinWeindel [#175]
Docker Images
- cert-management:
europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.14.1
Update shoot-cert-service to 1.43.0
[gardener/gardener-extension-shoot-cert-service]
π Others
[OPERATOR]
Bumps github.com/gardener/gardener from 1.91.0 to 1.92.0. by @dependabot[bot] [#249][OPERATOR]
Bumps golang from 1.22.1 to 1.22.2. by @dependabot[bot] [#247][OPERATOR]
Bumps github.com/gardener/gardener from 1.92.0 to 1.93.0. by @dependabot[bot] [#251][USER]
The defaults for the private key of new certificates have been changed fromRSA 2048bit
toRSA 3072bit
. Existing certificates will make use of these new defaults when they are renewed. by @gardener-robot-ci-3 [#253]
[gardener/cert-management]
β¨ New Features
[USER]
The Istio resourceGateway
can now be annotated withcert.gardener.cloud/purpose=managed
to enable the automatic creation ofCertificate
resources for domain names extracted from hosts fields in this resource or relatedVirtualServices
resources.
TheGateway
andHTTPRoute
resources from the Gateway API are supported in a similar way. by @MartinWeindel [gardener/cert-management#174]
π Others
[OPERATOR]
Fix cluster configuration for new source controllersistio-gateways-dns
andk8s-gateways-dns
. by @MartinWeindel [gardener/cert-management#175][OPERATOR]
Support deployment specific default values for private key algorithm and size with the new command line options--default-private-key-algorithm
,--default-rsa-private-key-size
,--default-ecdsa-private-key-size
by @MartinWeindel [gardener/cert-management#171]
Docker Images
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.43.0
Update dashboard to 1.74.1
[gardener/dashboard]
π Bug Fixes
[USER]
Ticket titles start with[<projectName>/<shootName>]
, unless overridden by a Gardener administrator's configuration. by @petersutter [#1830]
Docker Images
- dashboard:
europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.74.1
Update dashboard to 1.74.1
[gardener/dashboard]
π Bug Fixes
[USER]
Ticket titles start with[<projectName>/<shootName>]
, unless overridden by a Gardener administrator's configuration. by @petersutter [#1830]
Docker Images
- dashboard:
europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.74.1
Update provider-alicloud to 1.52.0
[gardener/gardener-extension-provider-alicloud]
β οΈ Breaking Changes
[OPERATOR]
provider-alicloud
no longer supports Shoots with Πubernetes version == 1.24. by @shafeeqes [#678]
π Bug Fixes
[DEVELOPER]
source-
prefix ofBackupEntry
name is being ignored when performing entry deletion by @Kostov6 [#698]
π Others
[OPERATOR]
Update csi-plugin-alicloud to v1.30.1-242df8a-aliyun by @kevin-lacoo [#709][OPERATOR]
The code related tomachine-controller-manager
management has been cleaned up becausegardenlet
is responsible for it sincegardener/gardener@v1.83
. by @kevin-lacoo [#706][OPERATOR]
add os information as labels in machine class objects. by @tedteng [#703][DEVELOPER]
Add GetBucketInfo to OSS client interface. by @MartinWeindel [#694][DEPENDENCY]
The following golang dependencies have been upgraded :gardener/gardener
:v1.86.0
->v1.91.1
- k8s.io/* : v0.28.3 -> v0.29.3
- sigs.k8s.io/controller-runtime: v0.16.3-> v0.17.2 by @shafeeqes [#704]
[gardener/terraformer]
π Others
[OPERATOR]
Update go -> v1.21.5 by @kon-angelo [gardener/terraformer#146][OPERATOR]
Update alpine -> v1.29.0 by @kon-angelo [gardener/terraformer#146]
Docker Images
- gardener-extension-admission-alicloud:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-alicloud:v1.52.0
- gardener-extension-provider-alicloud:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-alicloud:v1.52.0
Update provider-gcp to 1.35.0
[gardener/gardener-extension-provider-gcp]
β οΈ Breaking Changes
[USER]
[csi-snapshotter] Enable prevent-volume-mode-conversion feature flag by default. Volume mode change can still be triggered with the respective annotations. You can read more in the KEP by @kon-angelo [#719][OPERATOR]
provider-gcp
no longer supports Shoots with Πubernetes version == 1.24. by @shafeeqes [#677]
π° Noteworthy
[USER]
Added support for theEnableDynamicPortAllocation
flag and the related configuration of the relatedMaxPortsPerVM
value on cloudNATs.
IcmpIdleTimeoutSec
,TcpEstablishedIdleTimeoutSec
,TcpTimeWaitTimeoutSec
,TcpTransitoryIdleTimeoutSec
, andUdpIdleTimeoutSec
can now be configured on cloudNATs. by @AndreasBurger [#706][USER]
DisableGardenerServiceAccountCreation
feature gate has been promoted to beta and therefore is enabled by default. by @AndreasBurger [#711]
β¨ New Features
[DEVELOPER]
Dependency update togithub.com/gardener/gardener@v1.90.4
. by @oliver-goetz [#714]
π Bug Fixes
[DEVELOPER]
source-
prefix ofBackupEntry
name is being ignored when performing entry deletion by @Kostov6 [#710]
π Others
[OPERATOR]
[infrastructure] General stability flow reconciliation improvements. by @kon-angelo [#715][OPERATOR]
add os information as labels in machine class objects. by @tedteng [#689][OPERATOR]
NodeGroupAutoscalingOptions can now be specified per worker group via the worker through the fieldworker.spec.pools.clusterAutoscaler
by @aaronfern [#733][USER]
An error text which better indicates the reason for the failure is displayed when a user tries to create aSecretBinding
resource which references aSecret
with aserviceaccount.json
field in invalid json format. by @plkokanov [#723]
[gardener/terraformer]
π Others
[OPERATOR]
Update go -> v1.21.5 by @kon-angelo [gardener/terraformer#146][OPERATOR]
Update alpine -> v1.29.0 by @kon-angelo [gardener/terraformer#146]
Docker Images
- gardener-extension-admission-gcp:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-gcp:v1.35.0
- gardener-extension-provider-gcp:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-gcp:v1.35.0
Update provider-azure to 1.42.3
[gardener/gardener-extension-provider-azure]
π Others
[OPERATOR]
Fix a bug where the terraform-provider-azure would not properly delete shoot resource groups. The infrastructure-controller will issue an additional delete operation for the shoot's resource group. by @kon-angelo [#842][OPERATOR]
The extension will now try to delete empty resource groups on infrastructure creation after an unsuccessful terraform-apply operation.
A resource group may not be ready for some time after a successful create call returns. The azurerm terraform-provider on resource group does not respect that and the GET call may result in a NotFound error creating a deadlock. The extension will try to workaround this by deleting empty resource groups under the condition that this is a Create operation. by @AndreasBurger [#844]
Docker Images
- gardener-extension-admission-azure:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.42.3
- gardener-extension-provider-azure:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.42.3
Update cert-management to 0.14.2
[gardener/cert-management]
π Bug Fixes
[USER]
Fix regression for annotations on ingress resources:dns.gardener.cloud/dnsnames
annotation must be ignored. by @MartinWeindel [#176]
Docker Images
- cert-management:
europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.14.2
Update shoot-cert-service to 1.43.1
[gardener/cert-management]
π Bug Fixes
[USER]
Fix regression for annotations on ingress resources:dns.gardener.cloud/dnsnames
annotation must be ignored. by @MartinWeindel [gardener/cert-management@1dafe3a]
Docker Images
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.43.1
Update provider-azure to 1.43.0
[gardener/gardener-extension-provider-azure]
β οΈ Breaking Changes
[USER]
[csi-snapshotter] Enable prevent-volume-mode-conversion feature flag by default. Volume mode change can still be triggered with the respective annotations. You can read more in the KEP by @hebelsan [#809][OPERATOR]
provider-azure
no longer supports Shoots with Πubernetes version == 1.24. by @shafeeqes [#769]
π Others
[OPERATOR]
Update clients for dns, storage, compute, and msi to use the new Azure SDK libraries by @AndreasBurger [#833][OPERATOR]
add os information as labels in machine class objects. by @tedteng [#816][OPERATOR]
Deployment of the Remedy Controller can now additionally be controlled using theDisableRemedyController
feature gate. by @AndreasBurger [#806][OPERATOR]
The Azure instance to connect to can now be configured in the CloudProfile and BackupBucket/BackupEntry. by @AndreasBurger [#815][OPERATOR]
NodeGroupAutoscalingOptions can now be specified per worker group via the worker through the fieldworker.spec.pools.clusterAutoscaler
by @aaronfern [#831][DEPENDENCY]
The following golang dependencies have been upgraded :
[gardener/machine-controller-manager-provider-azure]
π Others
[USER]
Bugfix:- During VM deletion, the cascade delete option is set only for the resources part of VM creation. by @rishabh-11 [gardener/machine-controller-manager-provider-azure#143]
Docker Images
- gardener-extension-admission-azure:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.43.0
- gardener-extension-provider-azure:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.43.0
Update gardener-controlplane to 1.94.1
[gardener/gardener]
π Bug Fixes
[OPERATOR]
Fix an issue in the etcd component which caused Shoot deletion to fail when theVPAForETCD
feature gate was enabled by @voelzmo [#9703]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.94.1
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.94.1
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.94.1
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.94.1
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.94.1
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.94.1
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.94.1
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.94.1
Update gardener-controlplane to 1.94.1
[gardener/gardener]
π Bug Fixes
[OPERATOR]
Fix an issue in the etcd component which caused Shoot deletion to fail when theVPAForETCD
feature gate was enabled by @voelzmo [#9703]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.94.1
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.94.1
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.94.1
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.94.1
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.94.1
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.94.1
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.94.1
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.94.1
Update gardenlet to 1.94.1
[gardener/gardener]
π Bug Fixes
[OPERATOR]
Fix an issue in the etcd component which caused Shoot deletion to fail when theVPAForETCD
feature gate was enabled by @voelzmo [#9703]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.94.1
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.94.1
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.94.1
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.94.1
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.94.1
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.94.1
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.94.1
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.94.1
Update shoot-networking-problemdetector to 0.21.0
[gardener/network-problem-detector]
π Others
[OPERATOR]
Drop support for obsolete PodSecurityPolicy by @MartinWeindel [gardener/network-problem-detector#60][OPERATOR]
Bumps golang from 1.22.0 to 1.22.1. by @dependabot[bot] [gardener/network-problem-detector#59][OPERATOR]
Bumps golang from 1.21.5 to 1.21.6. by @dependabot[bot] [gardener/network-problem-detector#56][OPERATOR]
Bumps golang from 1.22.1 to 1.22.2. by @dependabot[bot] [gardener/network-problem-detector#61][OPERATOR]
Bumps golang from 1.21.6 to 1.22.0. by @dependabot[bot] [gardener/network-problem-detector#57][OPERATOR]
Drop CPU limit for agents by @MartinWeindel [gardener/network-problem-detector#63]
[gardener/gardener-extension-shoot-networking-problemdetector]
β οΈ Breaking Changes
[OPERATOR]
extension-shoot-networking-filter
no longer supports Shoots with Πubernetes version == 1.24. by @shafeeqes [#113]
π Others
[OPERATOR]
Bumps github.com/gardener/gardener from 1.88.0 to 1.89.0. by @dependabot[bot] [#123][OPERATOR]
Drop CPU limit for controller by @gardener-robot-ci-3 [#140][OPERATOR]
Bumps github.com/gardener/gardener from 1.91.0 to 1.92.0. by @dependabot[bot] [#136][OPERATOR]
Bumps github.com/gardener/gardener from 1.89.0 to 1.90.0. by @dependabot[bot] [#126][OPERATOR]
Bumps github.com/gardener/gardener from 1.92.0 to 1.93.0. by @dependabot[bot] [#138][OPERATOR]
Bumps github.com/gardener/gardener from 1.87.2 to 1.88.0. by @dependabot[bot] [#122][OPERATOR]
Bump github.com/gardener/gardener from 1.86.0 to 1.87.0. by @dependabot[bot] [#117][OPERATOR]
Bumps github.com/gardener/gardener from 1.90.0 to 1.91.0. by @dependabot[bot] [#132][OPERATOR]
Bumps github.com/gardener/gardener from 1.93.0 to 1.94.0. by @dependabot[bot] [#139]
Docker Images
- gardener-extension-shoot-networking-problemdetector:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-networking-problemdetector:v0.21.0
Update shoot-flux to 0.5.0
β¨ New Features
- Allow setting controller image repository and tag independently by @j2L4e in stackitcloud/gardener-extension-shoot-flux#66
βΉοΈ Other Changes
- π€ Update ghcr.io/stackitcloud/gardener-extension-shoot-flux Docker tag to v0.4.0 by @renovate in stackitcloud/gardener-extension-shoot-flux#54
- π€ Update module github.com/onsi/ginkgo/v2 to v2.17.1 by @renovate in stackitcloud/gardener-extension-shoot-flux#56
- π€ Update k8s and gardener packages (patch) by @renovate in stackitcloud/gardener-extension-shoot-flux#58
- π€ Update module golang.org/x/tools to v0.21.0 by @renovate in stackitcloud/gardener-extension-shoot-flux#57
- π€ Update module github.com/onsi/gomega to v1.33.1 by @renovate in stackitcloud/gardener-extension-shoot-flux#60
- π€ Update module github.com/fluxcd/source-controller/api to v1.2.5 by @renovate in stackitcloud/gardener-extension-shoot-flux#63
- π€ Update module k8s.io/utils to v0.0.0-20240502163921-fe8a2dddb1d0 by @renovate in stackitcloud/gardener-extension-shoot-flux#65
- π€ Update module github.com/onsi/ginkgo/v2 to v2.17.3 by @renovate in stackitcloud/gardener-extension-shoot-flux#64
- π€ Update k8s and gardener packages (patch) by @renovate in stackitcloud/gardener-extension-shoot-flux#61
New Contributors
- @j2L4e made their first contribution in stackitcloud/gardener-extension-shoot-flux#66
Full Changelog: stackitcloud/gardener-extension-shoot-flux@v0.4.0...v0.5.0
Update provider-azure to 1.43.1
[gardener/gardener-extension-provider-azure]
π Others
[OPERATOR]
Fix a bug causing nil pointer exceptions on the backupbucket reconciliation when no BackupBucket providerConfig was provided. by @ialidzhikov [#856]
Docker Images
- gardener-extension-admission-azure:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.43.1
- gardener-extension-provider-azure:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.43.1
Update runtime-gvisor to 0.14.0
[gardener/gardener-extension-runtime-gvisor]
β οΈ Breaking Changes
[OPERATOR]
runtime-gvisor
extension no longer supports Shoots with Πubernetes version == 1.24. by @shafeeqes [#110]
π Others
[OPERATOR]
Fix CVE-2024-0727 by @marwinski [#124]
Docker Images
- gardener-extension-runtime-gvisor-installation:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor-installation:v0.14.0
- gardener-extension-runtime-gvisor:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor:v0.14.0
Update provider-alicloud to 1.52.1
no release notes available
Docker Images
- gardener-extension-admission-alicloud:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-alicloud:v1.52.1
- gardener-extension-provider-alicloud:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-alicloud:v1.52.1
Update cloudprofiles to 0.7.7
Full Changelog: gardener-community/cloudprofiles@0.7.6...0.7.7
Update cloudprofiles to 0.7.8
Full Changelog: gardener-community/cloudprofiles@0.7.7...0.7.8
Update dashboard to 1.75.0
[gardener/dashboard]
β¨ New Features
[USER]
The Dashboard now recognizes and displays automatic update notifications according to the configuredupdate strategy
for machine image vendors by @grolu [#1807][OPERATOR]
PromotingexperimentalUseWatchCacheForListShoots
to Stable- The
experimentalUseWatchCacheForListShoots
feature flag in the gardener-dashboard Helm chart, which was introduced with #1637, has now been promoted to stable and removed. Previously, this feature was gated behind theValues.global.dashboard.experimentalUseWatchCacheForListShoots
Helm chart value. With this release, the feature is now enabled by default, which is equivalent to settingValues.global.dashboard.experimentalUseWatchCacheForListShoots: always
by @petersutter [#1822]
- The
[OPERATOR]
The dashboard supports a previous session secret. It allows for a seamless rotation of the session secret by supporting both the current and previous secrets. When installed using the helm chart, provideValues.global.dashboard.sessionSecretPrevious
. Set this value to the previous sessionSecret during secret rotation, and leave it empty otherwise. by @petersutter [#1856]
π Bug Fixes
[USER]
Fixed: Addressed an issue where the Dashboard incorrectly reported no available update paths to a Kubernetes version when no immediate supported minor version updates were available by @grolu [#1848][USER]
During session secret rotation, an unexpected error with code 500 could occur, requiring manual deletion of session cookies to resolve. This situation is now properly handled, and the user will be redirected to the login page accordingly. by @holgerkoser [#1869]
π Others
[USER]
The last error description of theTerminal
resource is shown on timeout. by @petersutter [#1810][OPERATOR]
Terminal:terminal-controller-manager
v0.32.0
required in order to display the last error description of theTerminal
resource. by @petersutter [#1810][OPERATOR]
The component name is changed fromdashboard
togardener-dashboard
. by @ialidzhikov [#1857][OPERATOR]
The Helm chart was adapted to mount Kubernetes secrets as read-only files instead of storing them as environment variables, in order to comply with DISA STIG V-242415. by @petersutter [#1842][OPERATOR]
Values.global.dashboard.oidc.clientSecret
is now optional. The dashboard can now also use a public OIDC client. by @petersutter [#1835][DEVELOPER]
TheLease
object is no longer included in the Helm chart. Instead, it is now created dynamically during runtime if it does not already exist by @petersutter [#1823]
Docker Images
- gardener-dashboard:
europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.75.0
Update dashboard to 1.75.0
[gardener/dashboard]
β¨ New Features
[USER]
The Dashboard now recognizes and displays automatic update notifications according to the configuredupdate strategy
for machine image vendors by @grolu [#1807][OPERATOR]
PromotingexperimentalUseWatchCacheForListShoots
to Stable- The
experimentalUseWatchCacheForListShoots
feature flag in the gardener-dashboard Helm chart, which was introduced with #1637, has now been promoted to stable and removed. Previously, this feature was gated behind theValues.global.dashboard.experimentalUseWatchCacheForListShoots
Helm chart value. With this release, the feature is now enabled by default, which is equivalent to settingValues.global.dashboard.experimentalUseWatchCacheForListShoots: always
by @petersutter [#1822]
- The
[OPERATOR]
The dashboard supports a previous session secret. It allows for a seamless rotation of the session secret by supporting both the current and previous secrets. When installed using the helm chart, provideValues.global.dashboard.sessionSecretPrevious
. Set this value to the previous sessionSecret during secret rotation, and leave it empty otherwise. by @petersutter [#1856]
π Bug Fixes
[USER]
Fixed: Addressed an issue where the Dashboard incorrectly reported no available update paths to a Kubernetes version when no immediate supported minor version updates were available by @grolu [#1848][USER]
During session secret rotation, an unexpected error with code 500 could occur, requiring manual deletion of session cookies to resolve. This situation is now properly handled, and the user will be redirected to the login page accordingly. by @holgerkoser [#1869]
π Others
[USER]
The last error description of theTerminal
resource is shown on timeout. by @petersutter [#1810][OPERATOR]
Terminal:terminal-controller-manager
v0.32.0
required in order to display the last error description of theTerminal
resource. by @petersutter [#1810][OPERATOR]
The component name is changed fromdashboard
togardener-dashboard
. by @ialidzhikov [#1857][OPERATOR]
The Helm chart was adapted to mount Kubernetes secrets as read-only files instead of storing them as environment variables, in order to comply with DISA STIG V-242415. by @petersutter [#1842][OPERATOR]
Values.global.dashboard.oidc.clientSecret
is now optional. The dashboard can now also use a public OIDC client. by @petersutter [#1835][DEVELOPER]
TheLease
object is no longer included in the Helm chart. Instead, it is now created dynamically during runtime if it does not already exist by @petersutter [#1823]
Docker Images
- gardener-dashboard:
europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.75.0
Update gardener-controlplane to 1.95.0
[gardener/gardener]
β οΈ Breaking Changes
[OPERATOR]
The.monitoring.shoot.remoteWrite.queueConfig
field is no longer available in thegardenlet
component configuration. If needed, you have to register a webhook for themonitoring.coreos.com/v1.Prometheus
object namedshoot
in the shoot namespaces. The webhook can inject the needed configuration in.spec.remoteWrite[0].queueConfig
. by @rfranzke [#9695]
π° Noteworthy
[DEVELOPER]
Theextensions.gardener.cloud/v1alpha1.Worker
resource now has a new.spec.pools[].userDataSecretRef
field which references aSecret
containing the actual user data. the.spec.pools[].userData
field is deprecated and will be removed in a future version.Worker
extensions should fetch the user data from the secret and can use theextensions/pkg/controller/worker.FetchUserData
helper function for it. by @rfranzke [#9722][DEVELOPER]
The legacy method for extensions to provide observability configuration for shoot clusters (viaConfigMap
s labelled withextensions.gardener.cloud/configuration=monitoring
) is deprecated and will be removed in a future release. Please refer to this document to get information about the new, recommended way, and start migrating to it. by @rfranzke [#9695]
β¨ New Features
[OPERATOR]
Gardener can now support clusters with Kubernetes version 1.30. To allow creation/update of 1.30 clusters you will have to update the version of your provider extension(s) to a version that supports 1.30 as well. Please consult the respective releases and notes in the provider extension's repository. by @shafeeqes [#9689][OPERATOR]
A new feature gate namedVPAAndHPAForAPIServer
is introduced to gardenlet. When enabled, the Shoot Kubernetes API Server is scaled simultaneously by VPA and HPA on the same metric (CPU and memory usage). The new feature aims to replace the existing HVPA autoscaling mechanism for the Shoot Kubernetes API server. by @ialidzhikov [#9678][USER]
It is now possible to configureProject
s with the "four-π approval concept for deletion" concept. For now, this can only be applied toShoot
s. If configured, the user confirming aShoot
deletion (via theconfirmation.gardener.cloud/deletion
annotation) must not be the same user who is sending the DELETE request. This can help preventing accidental/unintentionalShoot
deletion. Find all information about the feature in this document. by @rfranzke [#9680][DEVELOPER]
Gardener can now support clusters with Kubernetes version 1.30. Extension developers have to prepare individual extensions as well to work with 1.30. by @shafeeqes [#9689]
π Bug Fixes
[OPERATOR]
A bug has been fixed which caused regeneration ofmanagedresource-shoot-core-system-*
Secret
s on eachShoot
reconciliation. by @rfranzke [#9718][USER]
A bug has has been fixed which caused unneededgardener-node-agent
reconciliations after eachShoot
reconciliation even if the underlyingOperatingSystemConfig
did not contain relevant changes. by @rfranzke [#9723]
π Others
[OPERATOR]
e2e-kind tests can now run successfully in an IPv4-only environment by @ScheererJ [#9693][OPERATOR]
Validation of DNSRecords: allow domain names starting with an underscore "_" by @MartinWeindel [#9714][OPERATOR]
The istio ingress gateway access log now includes the connections initiated via apiserver-proxy, i.e. cluster-internal communication via kubernetes.default.svc.cluster.local. by @ScheererJ [#9686][OPERATOR]
Replaced HVPA for thevali
StatefulSet with VPA. Additionally, thecurator
kube-rbac-proxy
andtelegraf
containers of thevali
StatefulSet now specify CPU resource requests of5m
each. by @plkokanov [#9611][OPERATOR]
UpdatedMCM
metrics list used to configure prometheus by @rishabh-11 [#9684][OPERATOR]
Thekube-controller-manager
component is now scaled by VPA, instead of HVPA. by @andrerun [#9698][OPERATOR]
Modified the CPU and memory resource requests for theplutono
container to5m
and45Mi
, respectively. Additionally, reduced thevali
container CPU resource requests to20m
. by @plkokanov [#9754]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.95.0
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.95.0
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.95.0
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.95.0
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.95.0
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.95.0
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.95.0
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.95.0
Update gardener-controlplane to 1.95.0
[gardener/gardener]
β οΈ Breaking Changes
[OPERATOR]
The.monitoring.shoot.remoteWrite.queueConfig
field is no longer available in thegardenlet
component configuration. If needed, you have to register a webhook for themonitoring.coreos.com/v1.Prometheus
object namedshoot
in the shoot namespaces. The webhook can inject the needed configuration in.spec.remoteWrite[0].queueConfig
. by @rfranzke [#9695]
π° Noteworthy
[DEVELOPER]
Theextensions.gardener.cloud/v1alpha1.Worker
resource now has a new.spec.pools[].userDataSecretRef
field which references aSecret
containing the actual user data. the.spec.pools[].userData
field is deprecated and will be removed in a future version.Worker
extensions should fetch the user data from the secret and can use theextensions/pkg/controller/worker.FetchUserData
helper function for it. by @rfranzke [#9722][DEVELOPER]
The legacy method for extensions to provide observability configuration for shoot clusters (viaConfigMap
s labelled withextensions.gardener.cloud/configuration=monitoring
) is deprecated and will be removed in a future release. Please refer to this document to get information about the new, recommended way, and start migrating to it. by @rfranzke [#9695]
β¨ New Features
[OPERATOR]
Gardener can now support clusters with Kubernetes version 1.30. To allow creation/update of 1.30 clusters you will have to update the version of your provider extension(s) to a version that supports 1.30 as well. Please consult the respective releases and notes in the provider extension's repository. by @shafeeqes [#9689][OPERATOR]
A new feature gate namedVPAAndHPAForAPIServer
is introduced to gardenlet. When enabled, the Shoot Kubernetes API Server is scaled simultaneously by VPA and HPA on the same metric (CPU and memory usage). The new feature aims to replace the existing HVPA autoscaling mechanism for the Shoot Kubernetes API server. by @ialidzhikov [#9678][USER]
It is now possible to configureProject
s with the "four-π approval concept for deletion" concept. For now, this can only be applied toShoot
s. If configured, the user confirming aShoot
deletion (via theconfirmation.gardener.cloud/deletion
annotation) must not be the same user who is sending the DELETE request. This can help preventing accidental/unintentionalShoot
deletion. Find all information about the feature in this document. by @rfranzke [#9680][DEVELOPER]
Gardener can now support clusters with Kubernetes version 1.30. Extension developers have to prepare individual extensions as well to work with 1.30. by @shafeeqes [#9689]
π Bug Fixes
[OPERATOR]
A bug has been fixed which caused regeneration ofmanagedresource-shoot-core-system-*
Secret
s on eachShoot
reconciliation. by @rfranzke [#9718][USER]
A bug has has been fixed which caused unneededgardener-node-agent
reconciliations after eachShoot
reconciliation even if the underlyingOperatingSystemConfig
did not contain relevant changes. by @rfranzke [#9723]
π Others
[OPERATOR]
e2e-kind tests can now run successfully in an IPv4-only environment by @ScheererJ [#9693][OPERATOR]
Validation of DNSRecords: allow domain names starting with an underscore "_" by @MartinWeindel [#9714][OPERATOR]
The istio ingress gateway access log now includes the connections initiated via apiserver-proxy, i.e. cluster-internal communication via kubernetes.default.svc.cluster.local. by @ScheererJ [#9686][OPERATOR]
Replaced HVPA for thevali
StatefulSet with VPA. Additionally, thecurator
kube-rbac-proxy
andtelegraf
containers of thevali
StatefulSet now specify CPU resource requests of5m
each. by @plkokanov [#9611][OPERATOR]
UpdatedMCM
metrics list used to configure prometheus by @rishabh-11 [#9684][OPERATOR]
Thekube-controller-manager
component is now scaled by VPA, instead of HVPA. by @andrerun [#9698][OPERATOR]
Modified the CPU and memory resource requests for theplutono
container to5m
and45Mi
, respectively. Additionally, reduced thevali
container CPU resource requests to20m
. by @plkokanov [#9754]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.95.0
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.95.0
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.95.0
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.95.0
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.95.0
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.95.0
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.95.0
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.95.0
Update gardenlet to 1.95.0
[gardener/gardener]
β οΈ Breaking Changes
[OPERATOR]
The.monitoring.shoot.remoteWrite.queueConfig
field is no longer available in thegardenlet
component configuration. If needed, you have to register a webhook for themonitoring.coreos.com/v1.Prometheus
object namedshoot
in the shoot namespaces. The webhook can inject the needed configuration in.spec.remoteWrite[0].queueConfig
. by @rfranzke [#9695]
π° Noteworthy
[DEVELOPER]
Theextensions.gardener.cloud/v1alpha1.Worker
resource now has a new.spec.pools[].userDataSecretRef
field which references aSecret
containing the actual user data. the.spec.pools[].userData
field is deprecated and will be removed in a future version.Worker
extensions should fetch the user data from the secret and can use theextensions/pkg/controller/worker.FetchUserData
helper function for it. by @rfranzke [#9722][DEVELOPER]
The legacy method for extensions to provide observability configuration for shoot clusters (viaConfigMap
s labelled withextensions.gardener.cloud/configuration=monitoring
) is deprecated and will be removed in a future release. Please refer to this document to get information about the new, recommended way, and start migrating to it. by @rfranzke [#9695]
β¨ New Features
[OPERATOR]
Gardener can now support clusters with Kubernetes version 1.30. To allow creation/update of 1.30 clusters you will have to update the version of your provider extension(s) to a version that supports 1.30 as well. Please consult the respective releases and notes in the provider extension's repository. by @shafeeqes [#9689][OPERATOR]
A new feature gate namedVPAAndHPAForAPIServer
is introduced to gardenlet. When enabled, the Shoot Kubernetes API Server is scaled simultaneously by VPA and HPA on the same metric (CPU and memory usage). The new feature aims to replace the existing HVPA autoscaling mechanism for the Shoot Kubernetes API server. by @ialidzhikov [#9678][USER]
It is now possible to configureProject
s with the "four-π approval concept for deletion" concept. For now, this can only be applied toShoot
s. If configured, the user confirming aShoot
deletion (via theconfirmation.gardener.cloud/deletion
annotation) must not be the same user who is sending the DELETE request. This can help preventing accidental/unintentionalShoot
deletion. Find all information about the feature in this document. by @rfranzke [#9680][DEVELOPER]
Gardener can now support clusters with Kubernetes version 1.30. Extension developers have to prepare individual extensions as well to work with 1.30. by @shafeeqes [#9689]
π Bug Fixes
[OPERATOR]
A bug has been fixed which caused regeneration ofmanagedresource-shoot-core-system-*
Secret
s on eachShoot
reconciliation. by @rfranzke [#9718][USER]
A bug has has been fixed which caused unneededgardener-node-agent
reconciliations after eachShoot
reconciliation even if the underlyingOperatingSystemConfig
did not contain relevant changes. by @rfranzke [#9723]
π Others
[OPERATOR]
e2e-kind tests can now run successfully in an IPv4-only environment by @ScheererJ [#9693][OPERATOR]
Validation of DNSRecords: allow domain names starting with an underscore "_" by @MartinWeindel [#9714][OPERATOR]
The istio ingress gateway access log now includes the connections initiated via apiserver-proxy, i.e. cluster-internal communication via kubernetes.default.svc.cluster.local. by @ScheererJ [#9686][OPERATOR]
Replaced HVPA for thevali
StatefulSet with VPA. Additionally, thecurator
kube-rbac-proxy
andtelegraf
containers of thevali
StatefulSet now specify CPU resource requests of5m
each. by @plkokanov [#9611][OPERATOR]
UpdatedMCM
metrics list used to configure prometheus by @rishabh-11 [#9684][OPERATOR]
Thekube-controller-manager
component is now scaled by VPA, instead of HVPA. by @andrerun [#9698][OPERATOR]
Modified the CPU and memory resource requests for theplutono
container to5m
and45Mi
, respectively. Additionally, reduced thevali
container CPU resource requests to20m
. by @plkokanov [#9754]
Docker Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.95.0
- apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.95.0
- controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.95.0
- gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.95.0
- node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.95.0
- operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.95.0
- resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.95.0
- scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.95.0