v1.53.0

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [USER] Fixed a bug which was causing the remedy-controller to not be able to create and patch events by @AleksandarSavchev [#1196]

🏃 Others

• [DEPENDENCY] Update csi-driver-disk from v1.31.2 to v1.32.4 by @hebelsan [#1158]
• [DEPENDENCY] Patch csi-resizer, csi-snapshot-controller, csi-snapshotter and csi-attacher by @hebelsan [#1158]
• [DEPENDENCY] Patch versions of cloud-controller-manager by @hebelsan [#1158]
• [DEPENDENCY] Patch versions of cloud-node-manager by @hebelsan [#1158]
• [DEPENDENCY] Update csi-driver-file from v1.31.2 to v1.32.1 by @hebelsan [#1158]
• [OPERATOR] Obsolete ClusterRoles and ClusterRoleBindings that were leftovers from the machine-controller-manager component are now cleaned up. by @georgibaltiev [#1176]
• [OPERATOR] The images built by the Azure provider-extension are now multiarch-images, supporting x86_64 and arm64 by @AndreasBurger [#1118]
• [OPERATOR] Update base image from debian11 to debian12. by @MartinWeindel [#1140]
• [OPERATOR] Update gardener/gardener to v1.118.0. by @ScheererJ [#1170]
• [OPERATOR] Remove the podAntiAffinity in the deployment in favor of only TopologySpreadConstraints. by @LucaBernstein [#1165]
• [OPERATOR] The csi-snapshot-webhook-vpa VerticalPodAutoscaler and the csi-snapshot-validation PodDisruptionBudget are now also cleaned up during the deletion of the legacy csi-snapshot-validation resources. by @ialidzhikov [#1177]
• [OPERATOR] The ServiceTrafficDistribution feature is being used on to make Services topology-aware when the runtime Kubernetes version is 1.31+. by @ialidzhikov [#1070]
• [OPERATOR] RBAC resources now explicitly state resources and verbs, replaced use of wildcards *. by @georgibaltiev [#1108]
• [OPERATOR] The legacy method of providing monitoring configuration via ConfigMaps labeled with extensions.gardener.cloud/configuration=monitoring has been removed. The extension does now only uses the new contract for providing monitoring configuration. Before upgrading to this version of the extension, make sure that the deployed Gardener version supports the new monitoring contract. by @RadaBDimitrova [#1142]
• [OPERATOR] Update gardener/gardener to v1.117.0 Release Notes. by @acumino [#1150]
• [DEVELOPER] replace/remove github.com/Azure/go-autorest/autorest by @hebelsan [#1160]

[gardener/terraformer]

🏃 Others

• [OPERATOR] Update gardener to v1.117.0 by @hebelsan [gardener/terraformer#162]
• [OPERATOR] Update aws-sdk-go to v1.55.7 by @hebelsan [gardener/terraformer#162]
• [OPERATOR] Update fsnotify to v1.9.0 by @hebelsan [gardener/terraformer#162]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.53.0
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.53.0
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.53.0

Container (OCI) Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.53.0
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.53.0

v1.52.3

[gardener/machine-controller-manager]

✨ New Features

• [OPERATOR] Machine Controller Manager now supports a new machine deployment strategy called InPlaceUpdate. by @acumino [gardener/machine-controller-manager#973]

🐛 Bug Fixes

• [OPERATOR] A new termination queue to handle machines scheduled for deletion introduced to separate creation requests from deletion by @takoverflow [gardener/machine-controller-manager#964]
• [OPERATOR] machine-controller-manager version, and build information are printed at startup. by @renormalize [gardener/machine-controller-manager#985]

🏃 Others

• [OPERATOR] Integration test framework enhancements for resource and process cleanup by @takoverflow [gardener/machine-controller-manager#968]
• [OPERATOR] Resource exhaustion on machine creation results in a longer retry period by @takoverflow [gardener/machine-controller-manager#981]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.52.3
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.52.3
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.52.3

Container (OCI) Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.52.3
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.52.3

v1.52.2

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [USER] Update CCM image from 1.32.0 to 1.32.4 to prevent crashes if cloud is set to AZURECHINACLOUD by @hebelsan [#1159]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.52.2
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.52.2
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.52.2

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.52.2
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.52.2

v1.52.1

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [USER] An issue causing csi-driver-controller to not have mounted a workload identity token when the feature is enabled is now fixed. by @ialidzhikov [#1144]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.52.1
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.52.1
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.52.1

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.52.1
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.52.1

v1.51.2

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [USER] An issue causing csi-driver-controller to not have mounted a workload identity token when the feature is enabled is now fixed. by @ialidzhikov [#1145]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.51.2
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.51.2
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.51.2

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.51.2
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.51.2

v1.52.0

[gardener/gardener-extension-provider-azure]

⚠️ Breaking Changes

• [OPERATOR] Enabling the immutable bucket feature is a breaking change, as it requires additional permissions. The permissions given to your credential are to be first modified before enabling the alpha feature. by @renormalize [#1098]

📰 Noteworthy

• [OPERATOR] Azure Blob Storage Containers can now be configured to be created with container-level immutability settings. by @renormalize [#1098]

✨ New Features

• [OPERATOR] The immutable bucket feature is currently in alpha state. The immutable bucket feature can be enabled by enabling config.featureGates.enableImmutableBuckets. More information can be found in docs/usage/usage.md. by @renormalize [#1098]

🏃 Others

• [OPERATOR] provider-azure no longer supports Shoots with Кubernetes version <= 1.26. by @RadaBDimitrova [#997]
• [OPERATOR] Implement etcd credential rotation by @kon-angelo [#1114]
• [USER] Update worker pool hash if diagnostic profile option is enabled by @hebelsan [#1122]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.52.0
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.52.0
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.52.0

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.52.0
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.52.0

v1.51.1

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [OPERATOR] The admission webhook is now allowed to GET workload identities. by @dimityrmirchev [#1121]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.51.1
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.51.1
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.51.1

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.51.1
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.51.1

v1.51.0

[gardener/machine-controller-manager-provider-azure]

🏃 Others

• [OPERATOR] pipeline_integration_test now uses the control plane of a cluster to deploy objects part of its tests by @aaronfern [gardener/machine-controller-manager-provider-azure#175]
• [OPERATOR] vendored MCM version has been upgraded to v0.56.0 by @aaronfern [gardener/machine-controller-manager-provider-azure#175]

[gardener/gardener-extension-provider-azure]

✨ New Features

• [USER] The provider-azure extension does now support shoot clusters with Kubernetes version 1.32. You should consider the Kubernetes release notes before upgrading to 1.32. by @marc1404 [#1076]
• [USER] Allow users to disable the deployment of allow-* loadbalancers for outbound traffic. by @kon-angelo [#1099]
• [USER] The extension now supports Shoots using WorkloadIdentitys instead of cloud provider credentials. by @dimityrmirchev [#999]

🐛 Bug Fixes

• [OPERATOR] Fixed an issue that caused deployment issues with the gardener.cloud-fast storage class when the extension was deployed by gardener-operator in the garden runtime cluster. The deployment of this StorageClass object is now only done for Azure seeds. by @timuthy [#1105]
• [USER] This PR prevents the deletion of certain user managed public IPs during flow reconciliation after Terraform migration by @hebelsan [#1052]

🏃 Others

• [OPERATOR] Containers, which do not require privilege escalations, now forbid privilege escalations explicitly. by @georgibaltiev [#1082]
• [OPERATOR] The ports used by the extension can now be specified via helm values. by @ScheererJ [#1090]
• [DEVELOPER] Update Go to 1.24. by @marc1404 [#1102]
• [DEPENDENCY] Update gardener/gardener to v1.113.0. by @marc1404 [#1101]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.51.0
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.51.0
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.51.0

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.51.0
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.51.0

v1.50.1

no release notes available

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.50.1
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.50.1
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.50.1

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.50.1
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.50.1

v1.50.0

[gardener/gardener-extension-provider-azure]

⚠️ Breaking Changes

• [USER] VMSS-Flex based shoots are not the default deployment for non-zonal shoots. by @kon-angelo [#1025]
• [USER] Disable the creation of Availability-Set-based shoots. by @kon-angelo [#1025]
• [OPERATOR] The Helm charts for the application and runtime parts of the gardener-extension-admission-azure admission controller have been separated into standalone charts. These charts now assume a Garden setup with a virtual garden. Both charts must be deployed individually: the runtime chart on the Garden runtime cluster, and the application chart on the virtual garden. Additionally, the intermediate global level in the Helm values has been removed, so you may need to adjust your provided values accordingly. by @MartinWeindel [#1030]

📰 Noteworthy

• [USER] The kube-system/csi-driver-node-disk and kube-system/csi-driver-node-file DaemonSet are no longer scaled by a VerticalPodAutoscaler as they do not really benefit from it. Removing VerticalPodAutoscaler for these components will reduce unnecessary evictions by VPA and will be a mitigation for https://issues.k8s.io/126921. by @ialidzhikov [#1046]

✨ New Features

• [USER] Introduce an annotation to migrate the availability-set shoots to VMSS-Flex shoots. by @kon-angelo [#1025]
• [OPERATOR] Adjustments for additional deployment of extension and admission controller on Garden runtime cluster by gardener-operator. by @MartinWeindel [#1030]

🏃 Others

• [OPERATOR] Fix an issue where the provider-extension would delete a route table because of a location mismatch by @kon-angelo [#1068]
• [OPERATOR] Fixed an issue that prevented the Infrastructure resource to be correctly restored during control plane migration, if the Infrastructure was previously migrated from a single subnet network layout to a multiple subnet network layout. by @plkokanov [#907]
• [OPERATOR] Validate that all images in cloudProfile are valid images in the cloudProfileConfig by @hebelsan [#1020]
• [USER] Shoots with NodeLocalDNS enabled will use UDP instead of TCP for upstream DNS queries by default to avoid performance issues on Azure. by @domdom82 [#1032]
• [USER] Update CSI images by @AndreasBurger [#1063]
• [DEPENDENCY] Update gardener to v1.110.0 by @hebelsan [#1044]

[gardener/machine-controller-manager-provider-azure]

🏃 Others

• [DEVELOPER] The gardener/machine-controller-manager dependency has been updated to v0.55.1. Release Notes by @thiyyakat [gardener/machine-controller-manager-provider-azure#169]
• [DEVELOPER] Added gosec for Static Application Security Testing (SAST). by @thiyyakat [gardener/machine-controller-manager-provider-azure#169]
• [DEVELOPER] Updated go lang version to 1.23 by @thiyyakat [gardener/machine-controller-manager-provider-azure#169]
• [USER] It is now possible to use a workload identity token instead of a client secret when authenticating to Azure. The path to the file containing the federated token can be configured via the "workloadIdentityTokenFile" field in the secret config. by @dimityrmirchev [gardener/machine-controller-manager-provider-azure#167]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.50.0
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.50.0
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.50.0

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.50.0
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.50.0