Open
Conversation
Contributor
Author
|
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
gardener-prow
bot
added
cla: yes
gardener-ci-robot
changed the title
Contributor
Author
|
/label skip-review |
gardener-prow
bot
added
the
skip-review
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
force-pushed
the
renovate/gardener
branch
from
e03b7ee to
f7ed133
Compare
gardener-ci-robot
changed the title
gardener-ci-robot
force-pushed
the
renovate/gardener
branch
from
f7ed133 to
3040ec6
Compare
gardener-ci-robot
changed the title
gardener-ci-robot
force-pushed
the
renovate/gardener
branch
from
3040ec6 to
bce395b
Compare
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
force-pushed
the
renovate/gardener
branch
3 times, most recently
from
2ce7dac to
f712c85
Compare
gardener-prow
bot
added
cla: no
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
force-pushed
the
renovate/gardener
branch
2 times, most recently
from
f712c85 to
7d160ca
Compare
gardener-ci-robot
force-pushed
the
renovate/gardener
branch
from
7d160ca to
202be82
Compare
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
gardener-ci-robot
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.135.4→v1.140.1v1.138.2→v1.140.1v1.139.2→v1.140.1Release Notes
gardener/gardener (github.com/gardener/gardener)
v1.140.1Compare Source
[github.com/gardener/gardener:v1.140.1]
🐛 Bug Fixes
[DEPENDENCY]Thegolangci-lintmakefile install recipe can be used in Gardener extensions again. by @timebertt [#14564]🏃 Others
[DEPENDENCY]The following dependencies have been updated:gardener/etcd-druidfromv0.36.1tov0.36.2. Release Notesgithub.com/gardener/etcd-druid/apifromv0.36.1tov0.36.2. by @gardener-ci-robot [#14581]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.140.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.140.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.140.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.140.1Container (OCI) Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.140.1europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.140.1europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.140.1europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.140.1europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.140.1europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.140.1europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.140.1europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.140.1europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.140.1v1.140.0Compare Source
[github.com/gardener/gardener:v1.140.0]
[OPERATOR]TheUseUnifiedHTTPProxyPortfeature gate has been promoted to Beta and is enabled by default. If using the Gardener ACL Extension you need make sure that at least versionv1.15.0is installed and allShootsare reconciled before the upgrade. by @jamand [#14422][DEVELOPER]Thegenerate-admin-kubeconf.shscript has been renamed togenerate-kubeconfig.sh. It now supports generating both admin (default) and viewer kubeconfigs. by @timuthy [#14464][DEVELOPER]Thegardenadmmachine pods have their state persisted in a unified PVC. Existing localgardenadmsetups need to be recreated. To reset a local machine pod, delete both the pod and its corresponding PVC. by @LucaBernstein [#14359][DEVELOPER]GEN_CRD_API_REFERENCE_DOCSmake command has been replaced withCRD_REF_DOCS. by @acumino [#14324][DEPENDENCY]Thepkg/utils/timepackage is now removed. Usek8s.io/utils/clock.Clockinstead. by @shafeeqes [#14515]📰 Noteworthy
[OPERATOR]TheSeedAuthorizernow enforces field/label selectors forgardenletlist/watchrequests onControllerInstallation,Bastion,Gardenlet,Seed,Shoot, andManagedSeedresources, restricting each gardenlet to only observe resources belonging to its own seed. by @rfranzke [#14452][OPERATOR]Thegardener-resource-manager'sNetworkPolicycontroller now only creates policies in namespaces that have pods with matchingto-*labels, significantly reducing the number ofNetworkPolicyobjects on seeds. by @rfranzke [#14410][OPERATOR]RemoveValiFeatureGate has been introduced. When enabled, everyValiinstance will be removed. This feature gate is available for both thegardenletand thegardener-operator. by @rrhubenov [#14279][DEVELOPER]Thesastandsast-reportchecks have been removed fromverifyandverify-extendedmake targets. Please call them explicitly when required. by @oliver-goetz [#14443]✨ New Features
[OPERATOR]TheProjectAPI now has a.status.conditionsfield for allowing controllers to report conditions onProjectobjects. by @jamand [#14403][DEVELOPER]The local setup has been augmented to make the self-hosted shoot's API server directly accessible from the host machine withoutkubectl port-forward. A new unifiedhack/usage/generate-admin-kubeconfig-local.shscript supports generating kubeconfigs for both the virtual garden and the self-hosted shoot. by @rfranzke [#14370]🐛 Bug Fixes
[OPERATOR]The formatting of event-logger logs when theOpenTelemetryCollectorfeature gate is enabled is now partially fixed. The event-logger logs are now properly structured with fields as attributes, but to make them searchable with theunpackfeature a change in the fluent-bit output plugin is required. by @iypetrov [#14423][OPERATOR]Thegardenletreconciler in thegardener-operatornow uses the virtual cluster client to fetch the pull secret and CA bundle secret. It was wrongly using the runtime cluster client earlier. by @shafeeqes [#14331][OPERATOR]Fix a bug where theshoot-carecontroller cannot reconcile shoots withspec.maintenance.confineSpecUpdateRollout=trueand updated DNS credentials, i.e.shoot.spec.dns.providers[].credentialsRef, until the shoot is reconciled. by @vpnachev [#14397][USER]FixedEveryNodeReadyshoot condition incorrectly reportingNodeAgentUnhealthyfor nodes not managed by MCM. by @acumino [#14509][DEVELOPER]Pull secrets in the remote setup are labeled correctly to be automatically propagated by @matthias-horne [#14502][DEPENDENCY]Extension shoot webhook configs are now always produced even whenmergeShootWebhooksIntoSeedWebhooksistrue, so that a self-hostedShootpromoted to aSeedhas the correct shoot webhooks registered. by @rfranzke [#14389]🏃 Others
[OPERATOR]FixKubePodNotReadyControlPlanealert to not trigger for pods inCompletedstate. by @adenitiu [#14404][OPERATOR]Create pull secret in garden namespace of virtual garden for remote setup. by @DockToFuture [#14449][OPERATOR]Introduce seed reconciliation alerts. by @adenitiu [#14441][OPERATOR]Enable notification flexibility ofEtcdDbSizeLimitApproachingandEtcdDbSizeLimitCrossedalert for seeds by @adenitiu [#14384][OPERATOR]The following dependencies have been updated:gardener/autoscalerfromv1.34.0tov1.34.1. Release Notesgardener/autoscalerfromv1.33.0tov1.33.1. Release Notesgardener/autoscalerfromv1.32.2tov1.32.3. Release Notesgardener/autoscalerfromv1.31.0tov1.31.1. Release Notesgardener/autoscalerfromv1.30.2tov1.30.3. Release Notes by @aaronfern [#14479][OPERATOR]There is nowmaxConnectionDurationof 1 day for connections to kube-apiserver endpoints. TheirmaxConnectionslimit has been removed. by @oliver-goetz [#14463][DEVELOPER]The default shoot for test machinery tests was adjusted to work with Kubernetes 1.35. by @timuthy [#14439][DEVELOPER]In the remote setup Kyverno now always adds imagePullSecret for images in the remote registry. by @matthias-horne [#14478][DEPENDENCY]The following dependencies have been updated:registry.k8s.io/autoscaling/vpa-admission-controllerfrom1.5.1to1.6.0.registry.k8s.io/autoscaling/vpa-recommenderfrom1.5.1to1.6.0.registry.k8s.io/autoscaling/vpa-updaterfrom1.5.1to1.6.0. by @gardener-ci-robot [#14036][DEPENDENCY]The following dependencies have been updated:gardener/machine-controller-managerfromv0.61.2tov0.61.3. Release Notesgithub.com/gardener/machine-controller-managerfromv0.61.2tov0.61.3. by @gardener-ci-robot [#14453][DEPENDENCY]Istio charts and images are updated to v1.29.1 by @axel7born [#14454][DEPENDENCY]The following dependencies have been updated:gardener/gardener-metrics-exporterfrom0.43.0to0.44.0. Release Notes by @gardener-ci-robot [#14486][DEPENDENCY]The following dependencies have been updated:quay.io/kiwigrid/k8s-sidecarfrom2.5.0to2.5.5. by @gardener-ci-robot [#14480][DEPENDENCY]The following dependencies have been updated:gardener/coredns-config-adapterfromv0.4.0tov0.5.0. Release Notes by @DockToFuture [#14490]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.140.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.140.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.140.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.140.0Container (OCI) Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.140.0europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.140.0europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.140.0europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.140.0europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.140.0europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.140.0europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.140.0europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.140.0europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.140.0v1.139.2Compare Source
[github.com/gardener/gardener:v1.139.2]
🐛 Bug Fixes
[DEPENDENCY]Thegolangci-lintmakefile install recipe can be used in Gardener extensions again. by @timebertt [#14565]🏃 Others
[DEPENDENCY]The following dependencies have been updated:gardener/etcd-druidfromv0.36.1tov0.36.2. Release Notesgithub.com/gardener/etcd-druid/apifromv0.36.1tov0.36.2. by @gardener-ci-robot [#14584]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.139.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.139.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.139.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.139.2Container (OCI) Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.139.2europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.139.2europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.139.2europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.139.2europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.139.2europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.139.2europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.139.2europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.139.2europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.139.2v1.139.1Compare Source
[github.com/gardener/gardener:v1.139.1]
🐛 Bug Fixes
[OPERATOR]Fix a bug where theshoot-carecontroller cannot reconcile shoots withspec.maintenance.confineSpecUpdateRollout=trueand updated DNS credentials, i.e.shoot.spec.dns.providers[].credentialsRef, until the shoot is reconciled. by @vpnachev [#14444]🏃 Others
[OPERATOR]There is nowmaxConnectionDurationof 1 day for connections to kube-apiserver endpoints. TheirmaxConnectionslimit has been removed. by @oliver-goetz [#14471][OPERATOR]The following dependencies have been updated:gardener/autoscalerfromv1.34.0tov1.34.1. Release Notesgardener/autoscalerfromv1.33.0tov1.33.1. Release Notesgardener/autoscalerfromv1.32.2tov1.32.3. Release Notesgardener/autoscalerfromv1.31.0tov1.31.1. Release Notesgardener/autoscalerfromv1.30.2tov1.30.3. Release Notes by @aaronfern [#14500][DEPENDENCY]The following dependencies have been updated:gardener/machine-controller-managerfromv0.61.2tov0.61.3. Release Notesgithub.com/gardener/machine-controller-managerfromv0.61.2tov0.61.3. by @gardener-ci-robot [#14485]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.139.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.139.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.139.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.139.1Container (OCI) Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.139.1europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.139.1europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.139.1europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.139.1europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.139.1europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.139.1europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.139.1europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.139.1europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.139.1v1.139.0Compare Source
[github.com/gardener/gardener:v1.139.0]
[OPERATOR]The type of the Gardenlet's configuration field.controllers.tokenRequestorWorkloadIdentity.tokenExpirationDurationhas been changed fromtime.Durationtok8s.io/apimachinery/pkg/apis/meta/v1.Duration. by @vpnachev [#14333][OPERATOR]Garden.status.encryptedResourcesfield is removed, use Garden.status.credentials.encryptionAtRest.resourcesinstead. by @iypetrov [#14354][OPERATOR]Theraise-spec-limitsverb has been removed forNamespacedCloudProfiles because it is no-longer needed. by @mimiteto [#14344][USER].spec.dns.providers[].secretNamehas been forbidden for clusters running on Kubernetes version v1.35.0 or higher. Please, use.spec.dns.providers[].credentialsRefinstead. by @vpnachev [#14309][USER]Shoot.status.encryptedResourcesfield is removed, use Shoot.status.credentials.encryptionAtRest.resourcesinstead. by @iypetrov [#14354][DEVELOPER]A default reconciliation timeout of 20 minutes has been set for the extension controllers:
Extension developers can define own reconciliation timeout via the
sigs.k8s.io/controller-runtime/pkg/controller.Optionsprovided to the respective controller. by @vpnachev [#14105][DEVELOPER]secretRefinspec.dns.providerhas been removed, usecredentialsRefinstead. by @vpnachev [#14308]📰 Noteworthy
[OPERATOR]AdminKubeconfigRequestnow uses the static username prefixgardener.cloud:admin:, andViewerKubeconfigRequestusesgardener.cloud:viewer:to generate the username for the resulting kubeconfig. Previously, this prefix was randomized." by @timuthy [#14252][DEVELOPER]gardenadmbootstrap etcd version is updated fromv3.4.34tov3.5.27. by @LucaBernstein [#14352][DEPENDENCY]During theShootreconciliation, control plane and extension readiness is waited for before further system components are reconciled. by @LucaBernstein [#14338]✨ New Features
[OPERATOR]Deletion of theGardenCRD installed via the gardener-operator Helm chart is now prevented unless annotated withconfirmation.gardener.cloud/deletion=trueby @maboehm [#14373][OPERATOR]A newspec.settings.zoneSelectionfield onSeedresources allows operators to configure whether the control plane namespace of non-HAShoots (or those with failure tolerance typenode) is placed in the same availability zone as the shoot's worker nodes (Prefer) or strictly required to match (Enforce). by @rfranzke [#14238][OPERATOR]Theistio-ingressgatewaynow uses a dual autoscaling approach with bothVPA(VerticalPodAutoscaler) andHPA(HorizontalPodAutoscaler) working together without causing pod-thrashing. by @oliver-goetz [#14313][OPERATOR]The Gardener Dashboard RBAC now allows listing and watching ManagedSeeds to support newer dashboard functionality around ManagedSeed-related Shoot information. by @petersutter [#14321][DEVELOPER]gardener-node-agentcan now resolve.spec.files[].content.secretReffromSecrets inkube-system, enablingOperatingSystemConfigfiles to reference secrets instead of requiring inlined content. by @rfranzke [#14319]🐛 Bug Fixes
[OPERATOR]A bug causing the nil pointer panic in gardenlet config validation whenstaleExtensionHealthChecks.thresholdis nil is fixed. by @acumino [#14317][OPERATOR]An issue preventing theshootstate-controllerof gardenlet to populate all required states to the ShootState for a self-hosted Shoot is now fixed. by @ialidzhikov [#14339][OPERATOR]An issue causinggardener-operatorto fail to create resourceeventsin API groupevents.k8s.iois now fixed. by @shafeeqes [#14327][OPERATOR]A bug causing thegardenletto crash during startup was fixed. Earlier, the startup procedure occasionally failed on large-scale seed clusters due to cache sync timeouts. by @timuthy [#14408][DEVELOPER]ThenodePortauto-remediation in the local setup service controller no longer incorrectly targetsClusterIPservices. by @rfranzke [#14390]🏃 Others
[OPERATOR]The.spec.trafficDistributionfield of the topology-awareetcd-{events,main}-clientServices will be automatically switched from the deprecatedPreferCloseto the newPreferSameZoneoption for Kubernetes 1.34+. by @ialidzhikov [#14278][OPERATOR]The following dependencies have been updated:gardener/etcd-druidfromv0.35.1tov0.36.1. Release Notesgithub.com/gardener/etcd-druid/apifromv0.35.1tov0.36.1. by @Shreyas-s14 [#14341][OPERATOR]Status updates forShootresources during reconciliation are now minimized when the associatedSeedis not ready. Previously, this could lead to excessive growth of the gardener's etcd key space. by @timuthy [#14377][OPERATOR]Opentelemetry collector migration implemented in gardener - v1.136.0 is no longer needed. by @nickytd [#14138][OPERATOR]During therestorephase of control plane migration,MachinesandMachineSetsare now deployed in parallel across 10 go routines. Additionally, the restoration logic now checks if aMachineorMachineSetalready exists, and if that is the case, it does not attempt to create it. This should speed up the restoration of theWorkerresource. by @plkokanov [#14219][OPERATOR]Now victorialogs streams follow opentelemetry semantic convention fields. by @nickytd [#14381][OPERATOR]victoria-logspods are now labeled according oidc-apps semantic. by @nickytd [#14325][OPERATOR]Unused bootstrap secrets from thegardener-resource-managerare cleaned up properly. Earlier, the shoot reconciliation left a considerable amount of unused secrets in the control-plane, if the GRM bootstrap procedure was stuck. by @timuthy [#14343][OPERATOR]Fix Istio Gateway metric retention and reenable metric scraping. by @Bobi-Wan [#14337][OPERATOR]apiserver-proxy connection for shoots with legacy single-dash namespace format has been fixed. by @axel7born [#14406][OPERATOR]Timeout for credentials renewal during rotation ofGardensecrets was increased to 10 minutes. by @dimityrmirchev [#14433][OPERATOR]Thev1alpha1perses CRDs are deleted and replaced withv1alpha2versions during reconciliation. by @rickardsjp [#14264][USER]VPN Dashboard now displays the pod name in the legend for the VPN Shoot Network I/O panel by @domdom82 [#14393][DEVELOPER]The remote local setup has been updated to the latest changes in Gardener. by @vicwicker [#14289][DEVELOPER]Addedhack/generate-renovate-ignore-deps.shto generate the renovateignoreDepssection from the intersection of a downstream repo'sgo.modandgardener/gardener'sgo.mod. Downstream repos can now remove their local copies and call the script from$GARDENER_HACK_DIR. by @LucaBernstein [#14425][DEVELOPER]Remote setup garden template has been updated with gardenerDiscoveryServer configuration by @domdom82 [#14306][DEPENDENCY]The following dependencies have been updated:registry.k8s.io/ingress-nginx/controller-chrootfromv1.15.0tov1.15.1. by @gardener-ci-robot [#14363][DEPENDENCY]The following dependencies have been updated:registry.k8s.io/ingress-nginx/controller-chrootfromv1.14.3tov1.15.0. by @gardener-ci-robot [#14267][DEPENDENCY]The following dependencies have been updated:registry.k8s.io/coredns/corednsfromv1.14.1tov1.14.2. by @gardener-ci-robot [#14290][DEPENDENCY]The following dependencies have been updated:gardener/dashboardfrom1.83.8to1.83.9. Release Notes by @gardener-ci-robot [#14312][DEPENDENCY]The following dependencies have been updated:quay.io/brancz/kube-rbac-proxyfromv0.21.0tov0.21.1. by @gardener-ci-robot [#14332][DEPENDENCY]The following dependencies have been updated:gardener/dashboardfrom1.83.9to1.83.10. Release Notes by @gardener-ci-robot [#14380][DEPENDENCY]The following dependencies have been updated:europe-docker.pkg.dev/gardener-project/releases/gardener/fluent-bit-pluginfromv1.2.0tov1.4.0. by @nickytd [#14357][DEPENDENCY]The following dependencies have been updated:quay.io/brancz/kube-rbac-proxyfromv0.21.1tov0.21.2. by @gardener-ci-robot [#14382][DEPENDENCY]The following dependencies have been updated:registry.k8s.io/ingress-nginx/controller-chrootfromv1.14.4tov1.14.5. by @gardener-ci-robot [#14362][DEPENDENCY]The following dependencies have been updated:gardener/vpn2from0.47.0to0.48.0. Release Notes by @gardener-ci-robot [#14374][DEPENDENCY]The following dependencies have been updated:perses/persesfromv0.53.0tov0.53.1. Release Notes by @gardener-ci-robot [#14307][DEPENDENCY]The following dependencies have been updated:gardener/dashboardfrom1.83.10to1.83.11. Release Notes by @gardener-ci-robot [#14438][DEPENDENCY]The following dependencies have been updated:gcr.io/istio-release/pilotfrom1.27.7to1.27.8.gcr.io/istio-release/proxyv2from1.27.7to1.27.8.istio.io/apifromv1.27.7tov1.27.8. by @gardener-ci-robot [#14280]📖 Documentation
[DEPENDENCY]Extension admission components deployed viagardener-operatorshould set the--webhook-config-owner-namespaceflag to preventValidatingWebhookConfigurationresources from leaking in the virtual garden cluster upon uninstall. by @theoddora [#14360]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.139.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.139.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.139.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.139.0Container (OCI) Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.139.0europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.139.0europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.139.0europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.139.0europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.139.0europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.139.0europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.139.0europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.139.0europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.139.0v1.138.2Compare Source
[github.com/gardener/gardener:v1.138.2]
🐛 Bug Fixes
[OPERATOR]Fix a bug where theshoot-carecontroller cannot reconcile shoots withspec.maintenance.confineSpecUpdateRollout=trueand updated DNS credentials, i.e.shoot.spec.dns.providers[].credentialsRef, until the shoot is reconciled. by @vpnachev [#14446]🏃 Others
[OPERATOR]The following dependencies have been updated:gardener/autoscalerfromv1.34.0tov1.34.1. Release Notesgardener/autoscalerfromv1.33.0tov1.33.1. Release Notesgardener/autoscalerfromv1.32.2tov1.32.3. Release Notesgardener/autoscalerfromv1.31.0tov1.31.1. Release Notesgardener/autoscalerfromv1.30.2tov1.30.3. Release Notes by @aaronfern [#14499][OPERATOR]There is nowmaxConnectionDurationof 1 day for connections to kube-apiserver endpoints. TheirmaxConnectionslimit has been removed. by @oliver-goetz [#14470][DEPENDENCY]The following dependencies have been updated:gardener/machine-controller-managerfromv0.61.2tov0.61.3. Release Notesgithub.com/gardener/machine-controller-managerfromv0.61.2tov0.61.3. by @gardener-ci-robot [#14489]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.138.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.138.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.138.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.138.2Container (OCI) Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.138.2europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.138.2europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.138.2europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.138.2europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.138.2europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.138.2europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.138.2europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.138.2europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.138.2v1.138.1Compare Source
[github.com/gardener/gardener:v1.138.1]
🐛 Bug Fixes
[OPERATOR]A bug causing thegardenletto crash during startup was fixed. Earlier, the startup procedure occasionally failed on large-scale seed clusters due to cache sync timeouts. by @timuthy [#14416][OPERATOR]An issue causinggardener-operatorto fail to create resourceeventsin API groupevents.k8s.iois now fixed. by @shafeeqes [#14356]🏃 Others
[OPERATOR]Timeout for credentials renewal during rotation ofGardensecrets was increased to 10 minutes. by @dimityrmirchev [#14432][DEPENDENCY]The following dependencies have been updated:registry.k8s.io/ingress-nginx/controller-chrootfromv1.14.3tov1.14.5. by @oliver-goetz [#14398][DEPENDENCY]The following dependencies have been updated:gardener/dashboardfrom1.83.10to1.83.11. Release Notes by @gardener-ci-robot [#14437][DEPENDENCY]The following dependencies have been updated:gardener/dashboardfrom1.83.8to1.83.10. Release Notes by @oliver-goetz [#14386]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.138.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.138.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.138.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.138.1Container (OCI) Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.138.1europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.138.1europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.138.1europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.138.1europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.138.1europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.138.1europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.138.1europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.138.1europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.138.1v1.138.0Compare Source
[github.com/gardener/gardener:v1.138.0]
[DEVELOPER]provider-extensionssetup has been replaced byremotesetup which isgardener-operatorbased. by @oliver-goetz [#13994][DEVELOPER]Makefile targetmake check-vulnerabilitiesandGO_VULN_CHECKhas been removed. by @acumino [#14143][DEVELOPER]The local setup no longer requires manipulating the /etc/hosts file manually. Instead, a bind9 hosts thelocal.gardener.cloudDNS zone (accessible via 172.18.255.53 or fd00:ff::53).Manual actions:
local.gardener.cloudlocal.gardener.cloudDNS zone via the local bind9 server. by @timebertt [#14062][DEVELOPER]The kubeconfig of the runtime cluster in local setup was moved from./example/gardener-local/kind/multi-zone/kubeconfigto./dev-setup/kubeconfigs/runtime/kubeconfig. by @oliver-goetz [#13994]📰 Noteworthy
[OPERATOR]Garden.spec.virtualCluster.gardener.gardenerDiscoveryServernow accepts optionaldomainandtlsSecretNamefields. Operators can use these to expose the OIDC discovery endpoint under a custom domain and optionally with a non-wildcard certificate. Additionally, validation now prevents disabling the discovery server once it is enabled, protecting already-issued tokens. The default behaviour is unchanged. by @jamand [#14126][OPERATOR]prometheus-garden aggregates volume usage metrics from all seeds by @Kostov6 [#13818][OPERATOR]Hard limits on nodelocaldns node cache have been removed. by @domdom82 [#14200][OPERATOR]Hard memory limit on istio-ingress has been removed. Memory is managed by VPA in all cases now. by @domdom82 [#14197][OPERATOR]TheVPAInPlaceUpdatesfeature gate has been promoted to Beta and is enabled by default. by @vitanovs [#14145]✨ New Features
[USER]gardenadm init/joinnow supports--zone/-zflag to specify the node's availability zone. by @acumino [#14081][DEVELOPER]Added optional DisplayName field to ShootAdvertisedAddress allowing UI friendly names for advertised endpoints via the endpoint.shoot.gardener.cloud/displayName Ingress label. by @nickytd [#14140][DEVELOPER]gardener-node-agentcan optionally coordinateOperatingSystemConfigreconciliation amongst other instances. This is helpful if you want to ensure that only one instance reconciles at a time. Read all about it here. by @rfranzke [#14129]🐛 Bug Fixes
[OPERATOR]Fixed a race condition in theControllerInstallationreconciler that could create duplicate installations due to reading from a stale informer cache instead of the API server. by @rickardsjp [#14274][OPERATOR]Add a network policy label for allowing communication from the OpenTelemetryCollector in the control plane to the Shoot Kubernetes API Server. by @rrhubenov [#14196][OPERATOR]The per-worker-poolnode-local-dnsDaemonsets now also include the name of the worker in their label selector and in their Pods' labels. This resolves an issue where each of the correspondingVPAs targeted allnode-cachecontainers from all of theseDaemonsetsresulting in incorrect resource recommendations. by @plkokanov [#14294][OPERATOR]An issues has been fixed causinggardener-resource-managercrash loops in large clusters. by @timuthy [#14212][USER]The machines of a deleted worker pool are able to join back cluster in healthy state. by @aniruddha2000 [#13715][DEVELOPER]The healthcheck controller now supports the seed extension class. by @hown3d [#14162][DEPENDENCY]Fixing an issue where CA scale-downs were getting stuck when MCD replicas was updated with stale cache value of worker-controller by @r4mek [#14291]🏃 Others
[OPERATOR]The dependency-watchdog component no longer defines resource limits. by @ashwani2k [#14193][OPERATOR]Fluent-bit resource limits are increased. by @nickytd [#14205][OPERATOR]CoreDNS memory limit has been removed. by @domdom82 [#14163][OPERATOR]The following dependency has been updated:golang.org/x/netfromv0.50.0tov0.51.0. by @ScheererJ [#14234][OPERATOR]Fix CRD conversion webhook metric name by @chrkl [#14209][OPERATOR]Following logging stack components are updatedfluent-bitto v4.2.3,fluent-bit-pluginto v1.2.0 andfluent-operatorto v3.7.0 by @nickytd [#14256][OPERATOR]A regression in Gardener Node Agent that can occur on Debian based OS images and that prevents it to successfully reconcile nodes that run a containerd version that contains - according to semver - invalid characters in its version number was fixed. by @MrBatschner [#14177][OPERATOR]TheUseUnifiedHTTPProxyPort(part of GEP-30) can be disabled without disruption to shoots already using the unified HTTP proxy port. by @maboehm [#14169][OPERATOR]Add startup probe to gardener-metrics-exporter by @chrkl [#14207][OPERATOR]AddednodeCIDRMaskSizeIPv6field toKubeControllerManagerConfigto allow configuring the IPv6 node CIDR mask size (defaults to 64). This enables more flexible IPv6 network configurations in both dual-stack and IPv6-only clusters. by @axel7born [#13955][DEVELOPER]A newsupported-kubernetes-versions.yamlfile is introduced in the root of the project. It describes the supported Kubernetes versions by Gardener in a machine-readable format. A machinery can use this file to build automation for the supported Kubernetes versions in a CloudProfile. by @ialidzhikov [#14191][DEVELOPER]The RBAC for fluent-operator is allowing watching pods and namespaces resources, required bygardener-otelcol-extensionscenario. by [@nickytd](https://redirect.githubConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Renovate Bot.