v1.16.4

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [OPERATOR] No longer print secret data into error messages. (#275, @vpnachev)

v1.18.0

[gardener-extension-provider-openstack]

⚠️ Breaking Changes

• [USER] Extension resource configs (InfrastructureConfig, ControlPlaneConfigs, WorkerConfig) are now deserialized in "strict" mode, including during validation by the admission webhook. This means that resources with fields that are not allowed by the API schema will be rejected by validation. Creating new shoots containing such resources will not be possible, and reconciling existing shoots will fail with an appropriate error until you manually update the shoot to make sure any extension resource configs contained in it are valid. (#253, @stoyanr)
• [OPERATOR] The gardener-extension-validator-openstack Helm chart as well as different assets inside have been renamed to the more general term gardener-extension-admission-openstack. Please consider to take corresponding action if you don't use Helm to manage your deployment in the Garden cluster. (#265, @ialidzhikov)
• [OPERATOR] The Docker image eu.gcr.io/gardener-project/gardener/extensions/validator-openstack will no longer be maintained as of this release in favor of the successor eu.gcr.io/gardener-project/gardener/extensions/admission-openstack. Please consider replacing any references to the image eu.gcr.io/gardener-project/gardener/extensions/validator-openstack by eu.gcr.io/gardener-project/gardener/extensions/admission-openstack. (#265, @ialidzhikov)

✨ New Features

• [USER] The OpenStack extension does now support shoot clusters with Kubernetes version 1.21. You should consider the Kubernetes release notes before upgrading to 1.21. (#260, @rfranzke)

🐛 Bug Fixes

• [USER] The following image is updated (see CHANGELOG for more details): (#256, @ialidzhikov)
  • k8s.gcr.io/sig-storage/livenessprobe: v2.1.0 -> v2.2.0

🏃 Others

• [USER] The following images are updated: (#255, @ialidzhikov)
  • k8s.gcr.io/sig-storage/csi-snapshotter: v2.1.4 -> v2.1.5
  • k8s.gcr.io/sig-storage/snapshot-controller: v2.1.4 -> v2.1.5
• [OPERATOR] Cloud specific settings of OpenStack CloudProfiles are now being validated. (#265, @ialidzhikov)
• [OPERATOR] The few CSI sidecar containers that didn't specify any resource requests and limits do now specify appropriate requests and limits. (#259, @ialidzhikov)

[machine-controller-manager-provider-openstack]

🏃 Others

• [USER] Openstack provider now uses strict deserialisation for API resources (gardener/machine-controller-manager-provider-openstack#21, @kon-angelo)
• [DEVELOPER] Upgrade go version to 1.16.2 and revendor gardener v1.21.0 (gardener/machine-controller-manager-provider-openstack#20, @kon-angelo)

[terraformer]

🐛 Bug Fixes

• [OPERATOR] The aws provider has been downgraded from 3.32.0 to 3.18.0 due to issue with additionally required permission for the AWS accounts. (gardener/terraformer#87, @vpnachev)

🏃 Others

• [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#88, @ialidzhikov)
  • hashicorp/terraform-provider-google: 3.59.0 -> 3.62.0
  • hashicorp/terraform-provider-google-beta: 3.59.0 -> 3.62.0
• [DEVELOPER] The golang has been updated to 1.16.2, the alpine has been updated to 3.13.2. (gardener/terraformer#85, @vpnachev)

v1.16.3

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [USER] The following image is updated (see CHANGELOG for more details): (#258, @ialidzhikov)
  • k8s.gcr.io/sig-storage/livenessprobe: v2.1.0 -> v2.2.0

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.16.3
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.16.3

v1.17.1

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [USER] The following image is updated (see CHANGELOG for more details): (#257, @ialidzhikov)
  • k8s.gcr.io/sig-storage/livenessprobe: v2.1.0 -> v2.2.0

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.17.1
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.17.1

v1.17.0

[gardener-extension-provider-openstack]

✨ New Features

• [USER] The selection of the subnet in floating pool network via InfrastructureConfig.floatingPoolSubnetName can now be also done via a name pattern matching. (#237, @dkistner)
• [OPERATOR] Allow to configure a default subnet for floating pools configuration in the CloudProfile and enable the selection of floating pool subnet via a name pattern. (#237, @dkistner)

🐛 Bug Fixes

• [USER] The following images are updated (see CHANGELOG for more details): (#233, @ialidzhikov)
  • k8s.gcr.io/sig-storage/csi-snapshotter: v2.1.3 -> v2.1.4
  • k8s.gcr.io/sig-storage/snapshot-controller: v2.1.3 -> v2.1.4
• [USER] An issue has been resolved which prevented the CSI driver from properly functioning when the infrastructure credentials were changed. (#226, @rfranzke)
• [OPERATOR] Fix a bug in servergroup creation when the Nova API is > 2.63 (#245, @kon-angelo)

🏃 Others

• [OPERATOR] The timeout seconds for the validating admission webhook is now set to 10s. (#252, @vpnachev)
• [OPERATOR] Add ingress rule to allow UDP. (#244, @DockToFuture)
• [OPERATOR] The cloud-controller-manager VPA does now specify minAllowed values to prevent too low resource recommendations from VPA that lead to OOM. (#238, @ialidzhikov)
• [OPERATOR] All resources are now deleted from the shoot namespace during migration. Also, during restore the MCM is now scaled down to 0 and not deleted. (#236, @kris94)
• [OPERATOR] An issue causing github.com/gardener/gardener/pkg/utils/imagevector.FindImages to not give a higher score on exact matched targetVersion or runtimeVersion is now fixed. (#228, @ialidzhikov)
• [OPERATOR] An issue causing Shoots to be marked as Failed (and no longer retried) on transient not found error is now fixed. (#228, @ialidzhikov)
• [OPERATOR] Openstack extension now uses the new Out-Of-Tree MCM implementation. (#224, @kon-angelo)
• [OPERATOR] The name of the Openstack domain, tenant/project name and the technical name of the respective Shoot will be added as http headers for the API call which the Openstack Cloud Controller Manager and CSI driver run against Openstack APIs. (#218, @dkistner)
• [OPERATOR] Reducing credential update complexity by all the machine classes using the new .{spec.}credentialsSecretRef field. (#207, @kon-angelo)
  • This means all worker pools use the same "cloudprovider" secret containing only the cloud provider credentials.
  • The existing MachineClass SecretReference only contains the user data that is different for each pool.
• [DEVELOPER] github.com/gardener/gardener dependency is now updated to v1.19.0. For the complete list of changes, see the release notes. (#243, @ialidzhikov)

📰 Noteworthy

• [OPERATOR] The validator/admission component's Helm chart is now deploying a VerticalPodAutoscaler resource by default. If undesired or no VPA is available in the garden cluster then it can be turned of via .Values.global.vpa.enabled=false. (#223, @rfranzke)

[machine-controller-manager]

🐛 Bug Fixes

• [DEVELOPER] Azure: Improved NIC creation and deletion logic to handle NIC creation and deletions more gracefully. (gardener/machine-controller-manager#594, @prashanth26)

[terraformer]

🐛 Bug Fixes

• [OPERATOR] A bug was fixed that caused terraform to leak its finalizer on ConfigMaps and Secrets in case of an interrupt during terraform destroy. (gardener/terraformer#71, @timebertt)
• [OPERATOR] A bug was fixed that caused terraform to leak its finalizer on ConfigMaps and Secrets in case of an interrupt during terraform destroy. (gardener/terraformer#72, @timebertt)

🏃 Others

• [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#84, @ialidzhikov)
  • hashicorp/terraform-provider-aws: 3.18.0 -> 3.32.0
  • hashicorp/terraform-provider-google: 3.27.0 -> 3.59.0
  • hashicorp/terraform-provider-google-beta: 3.27.0 -> 3.59.0
• [OPERATOR] The Terraformer now instantly removes its finalizer from the state ConfigMap if the state is empty and destroy is called. A separate Terraform destroy is not executed. (gardener/terraformer#80, @timuthy)
• [OPERATOR] Terraformer will now publish an additional image without any pre-installed terraform plugins. (gardener/terraformer#77, @Diaphteiros)
• [OPERATOR] Provides support for the Equinix Metal provider, which replaces the Packet one (gardener/terraformer#73, @deitch)
• [OPERATOR] The terraformer-openstack use now the openstack provider in version v1.37.0 (gardener/terraformer#70, @kon-angelo)
• [OPERATOR] The terraformer-openstack use now the openstack provider in version v1.36.0 (gardener/terraformer#68, @dkistner)

📰 Noteworthy

• [OPERATOR] Curl has been removed from the Terraformer image. (gardener/terraformer#69, @timuthy)

v1.16.2

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [OPERATOR] Fix a bug in servergroup creation when the Nova API is > 2.63 (#246, @kon-angelo)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.16.2
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.16.2

v1.16.1

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [USER] An issue has been resolved which prevented the CSI driver from properly functioning when the infrastructure credentials were changed. (#230, @ialidzhikov)

🏃 Others

• [OPERATOR] An issue causing github.com/gardener/gardener/pkg/utils/imagevector.FindImages to not give a higher score on exact matched targetVersion or runtimeVersion is now fixed. (#229, @ialidzhikov)
• [OPERATOR] An issue causing Shoots to be marked as Failed (and no longer retried) on transient not found error is now fixed. (#229, @ialidzhikov)

[terraformer]

🐛 Bug Fixes

• [OPERATOR] A bug was fixed that caused terraform to leak its finalizer on ConfigMaps and Secrets in case of an interrupt during terraform destroy. (gardener/terraformer#72, @timebertt)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.16.1
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.16.1

v1.16.0

[gardener-extension-provider-openstack]

⚠️ Breaking Changes

• [OPERATOR] The ValidatingWebhookConfiguration of the Openstack admission controller has been changed from version v1beta1 to v1. Please make sure to deploy the admission controller only to clusters with a Kubernetes version >= 1.16 (#210, @timuthy)

✨ New Features

• [OPERATOR] The secrets and configmaps used by the terraformer now have an owner reference to the Infrastructure resource. (#206, @vpnachev)
• [OPERATOR] The OpenStack extension now uses a new terraformer image only including the OpenStack terraform provider plugin (v2.1.0). (#203, @timebertt)

🐛 Bug Fixes

• [OPERATOR] The validator does now only validate the .spec.provider.{infrastructure,controlPlane}Config values of a Shoot against the constraints in the CloudProfile if the values were changed during a Shoot update. (#204, @rfranzke)

📖 Documentation

• [USER] Allow updating server group settings on existing worker groups. (#212, @kon-angelo)

🏃 Others

• [USER] provider-openstack is now using cinder-csi-plugin@v1.20 for Kubernetes >= 1.20 clusters. (#205, @ialidzhikov)
• [OPERATOR] provider-openstack is now using openstack cloud-controller-manager@v1.20 for Kubernetes >= 1.20 clusters. (#208, @ialidzhikov)
• [OPERATOR] Alpine base image has been updated to 3.12.3. (#206, @vpnachev)
• [OPERATOR] provider-openstack is now using openstack cloud-controller-manager@v1.19 for Kubernetes >= 1.19 clusters. (#199, @ialidzhikov)

[machine-controller-manager]

⚠️ Breaking Changes

• [DEVELOPER] machine-controller-manager now checks for misconfigured PodDisruptionBudgets (ones that require zero voluntary evictions and make impossible the graceful Node drain) and sets better Machine .status.lastOperation.description for such Machines. This change is breaking as out-of-tree providers need new RBAC permissions - list and watch access for PodDisruptionBudgets in the target cluster. (gardener/machine-controller-manager#591, @ialidzhikov)

🏃 Others

• [OPERATOR] Avoid the deletion of the machines in CrashLoopBackoff state by the safety controller (gardener/machine-controller-manager#589, @AxiomSamarth)

[terraformer]

🏃 Others

• [OPERATOR] The configmaps and secrets used to contain terraform configuration, state and variables are now protected with a finalizer against accidental deletion. (gardener/terraformer#65, @vpnachev)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.16.0
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.16.0

v1.15.0

[gardener-extension-provider-openstack]

✨ New Features

• [USER] The OpenStack extension does now support shoot clusters with Kubernetes version 1.20. You should consider the Kubernetes release notes before upgrading to 1.20. (#192, @rfranzke)

🐛 Bug Fixes

• [OPERATOR] Fix a bug, where a missing "auth_url" field from the credentials secret would block the creation of a shoot. In case this field is now missing from the provided credentials, the auth_url is taken from the CloudProfile used instead. (#195, @kon-angelo)
• [OPERATOR] An issue causing provider-openstack to deploy wrong version of the cloud-controller-manager for Kubernetes >= 1.18 clusters is now fixed. (#194, @ialidzhikov)

🏃 Others

• [USER] The following images are updated to address CVE-2020-8569: (#193, @ialidzhikov)
  • k8s.gcr.io/sig-storage/csi-snapshotter: v2.1.1 -> v2.1.3
  • k8s.gcr.io/sig-storage/snapshot-controller: v2.1.1 -> v2.1.3
• [DEVELOPER] github.com/gardener/gardener dependency is now updated to v1.15.0. (#201, @ialidzhikov)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.15.0
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.15.0

v1.14.1

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [OPERATOR] Fix a bug, where a missing "auth_url" field from the credentials secret would block the creation of a shoot. In case this field is now missing from the provided credentials, the auth_url is taken from the CloudProfile used instead. (#196, @kon-angelo)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.14.1
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.14.1