v0.35.0

[github.com/gardener/terminal-controller-manager:v0.35.0]

🐛 Bug Fixes

• [OPERATOR] Handle terminal deletion when namespace (of garden project) is deleted by @petersutter [#408]

🏃 Others

• [OPERATOR] Dropped obsolete permission to read secrets from the (virtual) garden cluster. by @petersutter [#394]
• [OPERATOR] Terminal webhook: stricter validation for namespaces/names, RBAC RoleRefs, apiServer URL/CA data, and pod labels. by @petersutter [#452]
• [DEVELOPER] migrate CICD-Pipeline to GitHub-Actions by @ccwienk [#404]

Container (OCI) Images

• terminal-controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/terminal-controller-manager:v0.35.0

v0.34.0

[gardener/terminal-controller-manager]

⚠️ Breaking Changes

• [OPERATOR] The credential.secretRef property has been removed from the terminal host and target properties:
  • For Seed resources, spec.secretRef was removed from the API without replacement, eliminating the need for credential.secretRef.
  • For Shoot resources, credential.shootRef now replaces the previously used credential.secretRef for static token kubeconfigs. by @petersutter [#320]

✨ New Features

• [OPERATOR] Enhance terminal pods with service account token projection when the terminal host and target are in the same cluster and namespace by @petersutter [#322]
• [DEVELOPER] gosec was introduced for Static Application Security Testing (SAST). by @petersutter [#328]

Docker Images

• terminal-controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/terminal-controller-manager:v0.34.0

v0.33.0

[gardener/terminal-controller-manager]

🏃 Others

• [OPERATOR] The component name is changed from terminal to terminal-controller-manager. by @ialidzhikov [#294]
• [OPERATOR] Helm Chart: The terminal-controller-manager-config volumeMount is set to readOnly on the deployment by @petersutter [#289]

Docker Images

• terminal-controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/terminal-controller-manager:v0.33.0

v0.32.0

[gardener/terminal-controller-manager]

🏃 Others

• [USER] When reconciling the Terminal resource, Terminal.status.lastError and Terminal.status.lastOperation is now updated. by @petersutter [#281]

Docker Images

• terminal: europe-docker.pkg.dev/gardener-project/releases/gardener/terminal-controller-manager:v0.32.0

v0.31.0

[gardener/terminal-controller-manager]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [#231]
• [OPERATOR] The kube-rbac-proxy dependency was removed. The /metrics endpoint is now protected by controller-runtime's metrics authN and authZ filter.
  • The client's token for the /metrics endpoint is validated against the (virtual) garden cluster
  • The .Values.global.controller.controller.kubeRBACProxy has been removed
  • Added optional .Values.global.controller.manager.config.server.metrics.tlsSecretName
  • Added optional .Values.global.controller.manager.config.server.metrics.tls.crt and .Values.global.controller.manager.config.server.metrics.tls.key
  • The default value of .Values.global.controller.manager.config.server.metrics.bindAddress has changed to "", indicating that the metrics server is listening on all addresses.
  • The default value of .Values.global.controller.manager.config.server.metrics.port has changed to 8443, which replaces the .Values.global.controller.controller.kubeRBACProxy.config.server.proxy.port configuration. by @petersutter [#246]

🏃 Others

• [DEVELOPER] Configured CVSS Rescoring by @petersutter [#214]

Docker Images

• terminal: europe-docker.pkg.dev/gardener-project/releases/gardener/terminal-controller-manager:v0.31.0

v0.30.0

[gardener/terminal-controller-manager]

🐛 Bug Fixes

• [OPERATOR] An issue has been fixed that caused leader election configuration being ignored in the ControllerManagerConfiguration API. by @timuthy [#210]

Docker Images

terminal: eu.gcr.io/gardener-project/gardener/terminal-controller-manager:v0.30.0

v0.29.0

[gardener/terminal-controller-manager]

✨ New Features

• [OPERATOR] The terminal chart allows to optionally configure a projected volume based kubeconfig. by @timuthy [#202]

🏃 Others

• [OPERATOR] The Golang version has been updated to 1.21.3 by @dependabot[bot] [#207]

v0.28.0

[terminal-controller-manager]

🐛 Bug Fixes

• [OPERATOR] A bug has been fixed which prevented the webhook handler from being reached by kube-apiservers in case the terminal-controller-manager was deployed in a namespace different than garden. (gardener/terminal-controller-manager#183, @rfranzke)

v0.27.0

[terminal-controller-manager]

🏃 Others

• [OPERATOR] The Helm charts are now adapted such that they work well in garden cluster with enabled NetworkPolicy protection (default since gardener/gardener@v1.71 when garden cluster is managed by gardener-operator). (gardener/terminal-controller-manager#172, @rfranzke)

v0.26.0

[terminal-controller-manager]

🏃 Others

• [OPERATOR] Adds toleration to allow scheduling terminal pod on any node by default. (gardener/terminal-controller-manager#163, @lizzzcai)