v1.17.1
gardener-robot-ci-3
released this
02 Mar 12:13
·
453 commits
to master
since this release
[autoscaler]
π Others
- [USER] Support the latest zone label
topology.kubernetes.io/zone
in addition to the existingfailure-domain.beta.kubernetes.io/zone
while determining the zone for AWS machines. (gardener/autoscaler#70, @prashanth26) - [USER] Allow scaling up from zero using the latest stable zone, region, arch, OS, instanceType labels on node objects. (gardener/autoscaler#70, @prashanth26)
[gardener]
β οΈ Breaking Changes
- [USER] The already deprecated annotation keys
confirmation.garden.sapcloud.io/deletion
andshoot.garden.sapcloud.io/operation
are no longer respected by Gardener components. If you are still using the deprecated annotation keys, please switch the the equivalents from the new API group - respectivelyconfirmation.gardener.cloud/deletion
andgardener.cloud/operation
. (gardener/gardener#3375, @ialidzhikov) - [OPERATOR] The default leader election resource lock of
gardener-controller-manager
,gardener-scheduler
andgardenlet
has been changed toconfigmapsleases
. This is a preparation to eventually migrate toleases
after a few releases. Please make sure, that the components have permissions to create, get, watch and updateleases.coordination.k8s.io
in the respective clusters. (gardener/gardener#3535, @timebertt) - [OPERATOR] Gardener components now use the protobuf content type wherever possible when talking to the Gardener or Kubernetes APIs, if the content type fields are left empty in the respective component configs. (gardener/gardener#3467, @timebertt)
- Operators can override this behavior by explicitly specifying
application/json
as the content type in the respective component configs.
- Operators can override this behavior by explicitly specifying
- [OPERATOR] The check for stale extension health checks is now switched from
controllers.shootCare.staleExtensionHealthCheckThreshold
tocontrollers.shootCare.staleExtensionHealthChecks.{enabled,threshold}
in the GardenletConfiguration. It is now configurable and enabled by default. (gardener/gardener#3390, @ialidzhikov) - [OPERATOR] Deprecated ingress hostnames i.e., AlertManager -
au.<shoot-name>.<project-name>.<seed-ingress-domain>
, Grafana -gu.<shoot-name>.<project-name>.<seed-ingress-domain>
,go.<shoot-name>.<project-name>.<seed-ingress-domain>
, Prometheus -p.<shoot-name>.<project-name>.<seed-ingress-domain>
were removed and will not be reachable anymore. Please use the hostnames introduced with Gardener v0.34.0 instead. (gardener/gardener#3380, @timuthy) - [OPERATOR] gardenlet's shoot-care-control is now using the
gardener.cloud/role
label key (until now it wasgarden.sapcloud.io/role
) to perform health checks on controlplane components. Make sure you have first upgraded to at least Gardener v1.14 before you upgrade to this version of Gardener. (gardener/gardener#3350, @ialidzhikov) - [OPERATOR] With the activated
cluster-autoscaler
during roll-outs, following are the minimum versions required for different provider-extensions: gardener-extension-provider-awsv1.16.0
, gardener-extension-provider-openstackv1.12.0
, gardener-extension-provider-azurev1.14.0
, gardener-extension-provider-gcpv1.12.0
, gardener-extension-provider-alicloudv1.18.0
, gardener-extension-provider-vspherev0.1.0
. (gardener/gardener#3332, @hardikdr) - [OPERATOR] If the
nginx-ingress
addon for a shoot used as seed is disabled then you can no longer enable it anymore. Instead, use the new managed ingress controller feature. You can find more information about it here. Existing shoots used as seeds with.spec.addons.nginxIngress.enabled=true
will continue to work. (gardener/gardener#3131, @BeckerMax) - [DEVELOPER] The
CopyValues
function has been moved frompkg/utils/chart
topkg/utils
and was renamed toShallowCopyMapStringInterface
. (gardener/gardener#3454, @rfranzke) - [DEVELOPER] The
ImageMapToValues
function has been moved frompkg/utils/chart
topkg/utils/imagevector
. (gardener/gardener#3454, @rfranzke) - [DEVELOPER] A new mutating webhook for the
cloudprovider
secret has been added in the extensions library. With this change, theEnsurerContext
of thegenericmutator
package has been moved to a separatecontext
package. Please adapt your usage ofgenericmutator
accordingly. (gardener/gardener#3348, @kon-angelo) - [DEPENDENCY] Some helper functions and interface types have been changed to accept
client.{Object,ObjectList}
instead ofruntime.Object
where applicable to have a clearer contract of what is expected from passed parameters. (gardener/gardener#3476, @timebertt) - [DEPENDENCY] The
kubernetes.Interface.RESTMapper
func has been removed in favor of theclient.RESTMapper
func. Please adapt your usage accordingly. (gardener/gardener#3473, @timebertt) - [DEPENDENCY] Several deprecated / duplicated helper funcs were removed: (gardener/gardener#3463, @timebertt)
kutils.KeyFromObject
in favor ofclient.ObjectKeyFromObject
controllerutils.HasFinalizer
in favor ofcontrollerutil.ContainsFinalizer
extensionscontroller.HasFinalizer
in favor ofcontrollerutil.ContainsFinalizer
controllerutils.BoolPtrDerefOr
in favor ofpointer.BoolPtrDerefOr
flow.SimpleTaskFn
- [DEPENDENCY] The
FileContentInlineCodec
andUnitSerializer
interfaces have been moved fromextensions/pkg/webhook/controlplane
topkg/operation/botanist/extensions/operatingsystemconfig/utils
. (gardener/gardener#3454, @rfranzke) - [DEPENDENCY] The
KubeletConfigCodec
interface has been moved fromextensions/pkg/webhook/controlplane
topkg/operation/botanist/extensions/operatingsystemconfig/original/components/kubelet
and was renamed toConfigCodec
. (gardener/gardener#3454, @rfranzke) - [DEPENDENCY]
β οΈ Go dependencies tokubernetes/*
andkubernetes-sigs/controller-runtime
were updated tov0.19.6
andv0.7.0
respectively. This imposes a lot of consequent breaking changes to go projects vendoring gardener/gardener. If your project/extension vendors gardener/gardener, please read the dedicated section in this issue carefully when upgrading your dependencies. (gardener/gardener#3393, @timebertt) - [DEPENDENCY]
pkg/utils/secrets.BasicAuthSecretConfig
does no longer allow generating bcrypt password hash. The corresponding functionality is now removed. (gardener/gardener#3365, @ialidzhikov)
β¨ New Features
- [USER] Logs from
VerticalPodAutoscaler
are accessible via theVertical Pod Autoscaler
dashboard in Grafana. (gardener/gardener#3456, @Kristian-ZH) - [USER] The shoot reconciliation flow is now waiting until all worker nodes have executed the most recent cloud-config user data. Similarly, the shoot care controller checks if the last successfully applied cloud-config user data on all nodes is outdated or not (and reports this in the
EveryNodeReady
condition). Please note that both features are only available for new nodes. (gardener/gardener#3396, @rfranzke) - [USER] The
cluster-autoscaler
is now activated even during rolling-update of the shoot clusters. The change inmachine-controller-manager
of adding thecluster-autoscaler.kubernetes.io/scale-down-disabled
annotation during rolling-update is required, in order for autoscaler to not scale-down worker-pools (coming with machine-controller-manager0.34.0
). (gardener/gardener#3332, @hardikdr) - [OPERATOR] An additional change detection mechanism for the file
download-cloud-config.sh
is now used to ensure the file is up-to-date even after VM reboot. (gardener/gardener#3603, @rfranzke) - [OPERATOR] Enabling the usage of internal load balancers for the kube-api servers of the shoots. (gardener/gardener#3507, @hassbert)
- [OPERATOR] The new
ShootVPAEnabledByDefault
admission plugin of thegardener-apiserver
(disabled by default) controls whether the.spec.kubernetes.verticalPodAutoscaler.enabled
field for newly createdShoot
resources is defaulted totrue
. ExistingShoot
s are not modified, i.e., if VPA shall be enabled then it needs to be explicitly set. Also Shoot's can still explicitly disable the VPA by setting.spec.kubernetes.verticalPodAutoscaler.enabled=false
. See this document. (gardener/gardener#3468, @timebertt) - [OPERATOR] The specification and the configuration files of the
cloud-config-downloader.service
systemd service are now updated regularly with the originalOperatingSystemConfig
. (gardener/gardener#3449, @vpnachev) - [OPERATOR]
konnectivity-server
is no longer a sidecar tokube-apiserver
whenAPIServerSNI
andKonnectivityTunnel
feature gates are enabled. This allows for existing opened tunnel connections fromkonnectivity-agents
to not be interrupted whenkube-apiserver
is auto-scaled. (gardener/gardener#3399, @mvladev) - [OPERATOR] It is now possible to trigger a restart of systemd services on particular shoot worker nodes by annotating the corresponding
Node
object withworker.gardener.cloud/restart-systemd-services=kubelet
, for example. (gardener/gardener#3396, @rfranzke) - [OPERATOR] The
.spec.revisionHistoryLimit
is now set to1
forDeployment
s. (gardener/gardener#3374, @rfranzke) - [OPERATOR] It is now possible to specify the
spec.settings.loadBalancerServices.annotations
field for shooted seeds via the "shoot.gardener.cloud/use-as-seed" annotation. You can do this by specifying theloadBalancerServices.annotations.*
option - for exampleloadBalancerServices.annotations.service.beta.kubernetes.io/aws-load-balancer-type=nlb
. (gardener/gardener#3344, @ialidzhikov) - [OPERATOR] The gardener admission controller now exposes metrics (gardener/gardener#3293, @wyb1)
- [OPERATOR] New
SeedKubeScheduler
feature gate is added to gardenlet. When enabled, it deploys a customkube-scheduler
ingardener-kube-scheduler
namespace of Seed clusters with Kubernetes version1.17
or greater. The scheduler assigns Shoot control plane Pods to Nodes with higher resource utilization, resulting in better bin-packing of control planes. (gardener/gardener#3243, @mvladev) - [OPERATOR] Gardener now offers to manage a dedicated ingress controller for seed clusters (earlier, this was a manual operator task when registering seeds). You can find more information about it here. (gardener/gardener#3131, @BeckerMax)
- [DEVELOPER] The
pkg/utils/kubernetes
does now have a newDeleteObjectsFromListConditionally
utility function. (gardener/gardener#3454, @rfranzke) - [DEVELOPER] Nodeless local dev setups now run with
etcd v3.4.14
andK8s v1.20.2
. (gardener/gardener#3426, @timuthy) - [DEVELOPER] Gardener can now support shoot clusters with Kubernetes version 1.20. In order to allow creation/update of 1.20 clusters you will have to update the version of your provider extension(s) to a version that supports 1.20 as well. Please consult the respective releases and notes in the provider extension's repository. (gardener/gardener#3296, @rfranzke)
- [DEPENDENCY] The extensions library now allows to specify the leader election resource lock (currently defaulted to
configmapsleases
). Please read through the doc string of the respective field (ManagerOptions.LeaderElectionResourceLock
) carefully before changing the default resource lock. (gardener/gardener#3479, @timebertt) - [DEPENDENCY] The
ConfigMaps
andSecrets
used to store the config and state of terraform now have owner reference to the Infrastructure resource. (gardener/gardener#3275, @vpnachev)
π Bug Fixes
- [USER] metrics-server's version is updated from v0.4.1 to v0.4.2 to adopt upstream fix that was causing metrics-server to be unavailable for a while after rolling update of Nodes. (gardener/gardener#3515, @ialidzhikov)
- [USER] Fixed a bug where service, pod or node CIDRs that are private network (RFC1918) or carrier-grade NAT (RFC6598) IPv4 blocks would produce an invalid
allow-to-private-networks
networkpolicy. (gardener/gardener#3462, @mvladev) - [USER] A bug has been fixed that prevented shoot clusters from coming up in case
.spec.kubernetes.allowPrivilegedContainers=false
. (gardener/gardener#3409, @rfranzke) - [USER] An race issue causing immediate wake up after hibernation to fail is now fixed. The hibernation is now waiting until the kube-apiserver Service is cleaned up. (gardener/gardener#3289, @ialidzhikov)
- [OPERATOR] Fix a bug where
cloud-config-downloder
systemd service is set toFailed
with statusstart-limit-hit
if it is requested to be restarted via the node annotationworker.gardener.cloud/restart-systemd-services
. (gardener/gardener#3616, @rfranzke) - [OPERATOR]
gardener-controller-manager
now waits for a project's namespace to be empty before continuing with releasing the namespace and deleting the project. (gardener/gardener#3606, @rfranzke) - [OPERATOR] Fix a bug where
cloud-config-downloder
systemd service is set toFailed
with statusstart-limit-hit
if it is requested to be restarted via the node annotationworker.gardener.cloud/restart-systemd-services
. (gardener/gardener#3593, @vpnachev) - [OPERATOR] Fixed a bug causing
KonnectivityTunnel
to break when kubeconfig rotation occurs. (gardener/gardener#3538, @mvladev) - [OPERATOR] The affinity section is removed from the Loki StatefulSet for the integration tests (gardener/gardener#3524, @vlvasilev)
- [OPERATOR] An issue causing the generic Worker actuator to not wait until the finalizer of the out-of-tree machine controller provider is removed from the credentials secret is now fixed. (gardener/gardener#3497, @ialidzhikov)
- [OPERATOR] Keep VPA namespace env variable in sync in all cases. If they are out of sync between the admission controller and the updater, the updater might become inactive and stop actively scaling targets that have update mode
Auto
orRecreate
. (gardener/gardener#3474, @amshuman-kr) - [OPERATOR] An issue in the API validation has been fixed which prevented the managed ingress feature for seeds being enabled. (gardener/gardener#3448, @BeckerMax)
- [OPERATOR] A bug has been fixed which prevented proper auto-scaling of components under control of HVPA. (gardener/gardener#3446, @rfranzke)
- [OPERATOR] Fix gardener-seed-admission controller, etcd backup-restore and extension parsers time format (gardener/gardener#3429, @vlvasilev)
- [OPERATOR] The generic Worker actuator does now wait until the machine-controller-manager finalizer is removed from the credentials secret that is referenced from the machine classes. (gardener/gardener#3425, @ialidzhikov)
- [OPERATOR] Node Problem Detector is now matched by
gardener.cloud--allow-to-dns
andgardener.cloud--allow-to-apiserver
networkpolicies can run with deny-all networkpolicy inkube-system
namespace. (gardener/gardener#3424, @mvladev) - [OPERATOR] fix CRD for extension types to allow storing anything in
status.state
. (gardener/gardener#3422, @MartinWeindel) - [OPERATOR] Fixes a bug causing newly created Seeds to fail during bootstrap (gardener/gardener#3400, @BeckerMax)
- [OPERATOR] A side-car container is added to
kube-proxy
that deletes the incorrect conntrack table entries which sometime occur after restart ofkube-proxy
and prevent the establishment of a tcp connection to theapi-server
. (gardener/gardener#3395, @DockToFuture) - [OPERATOR] Fixed a bug of the managed istio feature flag where the istio rolebinding was created in the wrong namespace. (gardener/gardener#3382, @danielfoehrKn)
- [OPERATOR] An issue has been fixed which caused unwanted restarts for Grafana instances. (gardener/gardener#3379, @timuthy)
- [OPERATOR] A bug has been fixed in
gardener-controller-manager
'sProject
controller that can lead to a continuous reconciliation ofProject
resources if they are stuck inTerminating
state. (gardener/gardener#3371, @rfranzke) - [OPERATOR] An issue causing a NetworkPolicy to do not allow egress from prometheus Pod to alertmanager and vpa-exporter Pods is now fixed. (gardener/gardener#3370, @ialidzhikov)
- [OPERATOR] An issue causing gardenlet to do not properly compute the
.status.clusterIdentity
field is now fixed. (gardener/gardener#3366, @ialidzhikov) - [OPERATOR] A bug that was renewing the bootstrap token secret on each reconciliation has been fixed. (gardener/gardener#3323, @vpnachev)
- [OPERATOR] An issue has been fixed which did not enable VPA for the aggregate Prometheus Pod in new seed clusters. (gardener/gardener#3312, @timuthy)
- [OPERATOR] By default, gardener-apiserver now invokes in-tree admission plugins before invoking the webhook plugins. (gardener/gardener#3298, @timebertt)
- [OPERATOR] An issue has been fixed that prevented the execution of the Kube-API-Server's configured
preStop
hooks for>=1.19.x
clusters. (gardener/gardener#3295, @timuthy) - [OPERATOR] Gardener health checks now take the effective Shoot specification into consideration if
.spec.maintenance.confineSpecRollout
is used. Earlier,EveryNodeReady
orControlPlaneHealthy
conditions reported an invalid state if the specification was changed but not yet effective due to a rollout during shoot maintenance (confineSpecRollout: true
). (gardener/gardener#3286, @timuthy) - [OPERATOR]
KonnectivityTunnel
's stability is improved and now handleskube-apiserver
autoscaling. It properly sets--server-count
ofkonnectivity-server
on such event. (gardener/gardener#3267, @mvladev) - [DEVELOPER] The Seed and Shoot logging stack deletion is separated in two functions to avoid accidental deletion of cluster scoped resources. (gardener/gardener#3436, @vlvasilev)
- [DEPENDENCY] A bug in the extension library that was preventing the deletion of TF secret and configmaps with empty state is now fixed. (gardener/gardener#3423, @vpnachev)
- [DEPENDENCY] Go dependency
kubernetes-sigs/controller-runtime
was updated tov0.7.1
. (gardener/gardener#3408, @timuthy) - [DEPENDENCY] Ensure a stable order of self-registered webhooks in extensions to avoid unnecessary rollouts of control plane components. (gardener/gardener#3320, @timebertt)
π Documentation
- [USER] API reference documentation for kubernetes types now points to version
v1.19
. (gardener/gardener#3303, @mvladev) - [OPERATOR] Enhance documentation for Gardenlet's /healthz endpoint. (gardener/gardener#3359, @danielfoehrKn)
- [OPERATOR] Gardener's scheduler documentation has been enhanced. It concisely explains the algorithm used to determine seed candidates. (gardener/gardener#3316, @timuthy)
- [OPERATOR] AWS-specific annotations set on the
istio-ingressgateway
Service are now deprecated and are going to be removed in the next release. Please use theSeed
'sspec.settings.loadBalancerServices.annotations
field to set or overwrite those annotations. Forshoot.gardener.cloud/use-as-seed
annotatedShoot
clusters, see this PR. (gardener/gardener#3185, @mvladev)
π Others
- [USER] A few metrics about ReplicaSets have been added to the Shoot monitoring stack. (gardener/gardener#3503, @timebertt)
- [USER]
Component
andContainer
fields are added in the logging dashboards for more flexible log queries. (gardener/gardener#3456, @Kristian-ZH) - [USER] Webhooks acting on
configmaps
in thekube-system
namespace and webhooks with aTimeoutSeconds>15
for problematic resources are now also blockingMaintenance
andHibernation
operations. Please consult this doc for more details. (gardener/gardener#3413, @timebertt) - [OPERATOR]
istiod
is now scaled automatically byVerticalPodAutoscaler
instead ofHorizontalPodAutoscaler
. This fixes OOMKilled issues on big Seed clusters. (gardener/gardener#3620, @mvladev) - [OPERATOR] An issue causing gardener-controller-manager to not be able to delete a Plant when the Plant Secret is not found is now fixed. (gardener/gardener#3615, @rfranzke)
- [OPERATOR] Fixed an issue with enabling
KonnectivtyTunnel
via annotation (alpha.featuregates.shoot.gardener.cloud/konnectivity-tunnel: "false"
) onAPIServerSNI
-enabled Seed cluster causing the tunnel to not be opened. (gardener/gardener#3605, @rfranzke) - [OPERATOR] An issue has been fixed which caused Gardener to incorrectly label shoot clusters as unhealthy (
shoot.gardener.cloud/status: unhealthy
) for a short period of time. (gardener/gardener#3564, @timuthy) - [OPERATOR] An issue causing
github.com/gardener/gardener/pkg/utils/imagevector.FindImages
to not give a higher score on exact matched targetVersion or runtimeVersion is now fixed. (gardener/gardener#3555, @ialidzhikov) - [OPERATOR] Konnectivity components are upgraded to
v0.0.15
(gardener/gardener#3542, @mvladev) - [OPERATOR] Deploy the Gardener Resource Manager after the KCM to prevent edge case during cluster deletion. (gardener/gardener#3539, @danielfoehrKn)
- [OPERATOR]
incoming_logs_with_endpoint_total
metric is added to count the number of logs with endpoints which are going to be forwarded to Promtail client. (gardener/gardener#3532, @Kristian-ZH) - [OPERATOR] Loki curator will ensure that Loki's Inodes and Storage limits are not reached (gardener/gardener#3532, @Kristian-ZH)
- [OPERATOR] LokiDown alert is triggered after Loki is not in running state for 30 minutes (gardener/gardener#3514, @vlvasilev)
- [OPERATOR] An issue causing Shoots to be marked as
Failed
(and no longer retried) on transientnot found
error is now fixed. (gardener/gardener#3500, @ialidzhikov) - [OPERATOR] MaintenanceTimeWindow for scale-down is added to Loki's hvpa in garden namespace (gardener/gardener#3482, @Kristian-ZH)
- [OPERATOR]
gardener-seed-admission-controller
's webhooks now also accept reviews in versionadmission/v1
. (gardener/gardener#3459, @timebertt)- Also, webhook timeouts have been lowered to
10s
for the extension deletion protection webhooks.
- Also, webhook timeouts have been lowered to
- [OPERATOR] Gardener now considers the
seed.spec.ingress.domain
field when passing the value viagradener.seed.ingressDomain
toControllerRegistration
charts. (gardener/gardener#3441, @timuthy) - [OPERATOR] Add CPU throttling to the "Kubernetes Pods" Grafana dashboard (gardener/gardener#3432, @istvanballok)
- [OPERATOR] TestDefinitions have been added that contains disruptive tests (gardener/gardener#3411, @schrodit)
- [OPERATOR]
NumberOfBatchIDs
for the fluent-bit-to-loki plugin is set to 5 numbers. (gardener/gardener#3402, @vlvasilev) - [OPERATOR] Enable fluent-bit privileged escalation for the integration test via "gardener.privileged" PodSecurityPolicy (gardener/gardener#3357, @vlvasilev)
- [OPERATOR] The Loki
initialDelaySeconds
for thereadinessProbe
is reduces to 80 seconds. (gardener/gardener#3333, @vlvasilev) - [OPERATOR] The
vpa-admission-controller
andvpa-updater
pods are now ensured with some minimal CPU and memory resources. (gardener/gardener#3330, @vpnachev) - [OPERATOR] Gardener will now check seed clusters for VPA functionality as a prerequisite. (gardener/gardener#3312, @timuthy)
- [OPERATOR] Upgrade Prometheus to v2.23.0 (gardener/gardener#3297, @wyb1)
- [OPERATOR] Change pod anti-affinity to
preferredDuringSchedulingIgnoredDuringExecution
forgardener-seed-admission-controller
deployment in thegarden
namespaces of seed clusters. (gardener/gardener#3294, @hardikdr) - [OPERATOR] The pre-delivered cluster role
gardener.cloud:admin
now contains full access permissions forEvents
andResourceQuotas
. (gardener/gardener#3291, @timuthy) - [OPERATOR] Add panels to the
Kubernetes API Server Details
Dashboard for dropped requests. (gardener/gardener#3284, @wyb1) - [OPERATOR] Alerts are added for the custom metrics for fluent-bit
GardenerLoki
plugin (gardener/gardener#3283, @Kristian-ZH) - [OPERATOR] Required connections from Gardenlet to the Garden cluster has been reduced which will have positive effects on scalability and costs. (gardener/gardener#3277, @timuthy)
- [DEVELOPER] The golang version is updated to
1.15.7
. (gardener/gardener#3442, @ialidzhikov) - [DEVELOPER] Certain insensitive terms were removed from the source code and inline documentation to follow inclusive language best practices. (gardener/gardener#3368, @timuthy)
- [DEVELOPER] Unit tests are now limited to a timeout of 2 minutes per test suite. (gardener/gardener#3363, @timebertt)
- [DEPENDENCY] The packages
github.com/gardener/gardener/pkg/version
andgithub.com/gardener/gardener/pkg/version/verflag
are now deprecated in favour ofk8s.io/component-base/version
andk8s.io/component-base/version/verflag
. (gardener/gardener#3472, @ialidzhikov) - [DEPENDENCY] The extensions library is now registering webhooks for both seeds and shoots with a
10s
timeout. (gardener/gardener#3440, @rfranzke) - [DEPENDENCY] Guestbook integration test dependencies are now fetched from bitnami repo instead of deprecated/shutdown helm repo. (gardener/gardener#3314, @dguendisch)
- [DEPENDENCY] Making the implementation of the function
GetMachineControllerManagerCloudCredentials
in theWorkerDelegate
optional. Alternatively, extensions can now use the field in the machine classspec.credentialsSecretRef
so that all machine classes refer to the same secret from theWorker
fieldspec.secretRef
. See here for more details. (gardener/gardener#3308, @danielfoehrKn)
π° Noteworthy
- [USER] The Grafana dashboards for the
kube-apiserver
have been enhanced and are now providing more information for the various metrics. (gardener/gardener#3502, @rfranzke) - [USER] The
kubectl get shoot
table view was adapted and does no longer show theDOMAIN
column. Instead, it shows the provider type as well as the last operation type. (gardener/gardener#3460, @rfranzke) - [USER] If the
kube-apiserver
deployment of a shoot cluster does not become ready then Gardener does now evaluate and return the most recent complete logs of the newest pod. It will be part of the.status.last{Operation,Errors}
. As a consequence, start-up failures due to invalid feature gate or runtime config settings is being treated as configuration problem error. (gardener/gardener#3353, @rfranzke) - [USER] The version for the
nginx-ingress
addon for shoots has been updated tov0.41.2
ONLY for Kubernetes 1.20 shoot clusters. All shoot clusters with Kubernetes < 1.20 will remain with the currentv0.22.0
version. Please be reminded that thenginx-ingress
addon is not recommended for production scenarios and that you should deploy (+ customize) your own ingress controller instead. Please use it only for development/evaluation purposes. (gardener/gardener#3315, @rfranzke) - [OPERATOR] The ingress domain configuration for Seeds is now immutable. (gardener/gardener#3394, @BeckerMax)
- [OPERATOR] The gardenlet does not fail the liveness probe when the seed resource configured in the Gardenlet's config has been deleted. (gardener/gardener#2925, @danielfoehrKn)
- [DEPENDENCY] In the generic worker actuator's migration flow, the MCM finalizer of the secret that is referenced by the
Worker
is not removed. We have now added functionality that checks that secret and removes only the MCM finalizers if necessary. (gardener/gardener#3607, @rfranzke) - [DEPENDENCY] The
Terraformer
interface has now a new functionRemoveTerraformerFinalizerFromConfig
which will remove the "terraformer" finalizer from theSecret
/ConfigMap
resources. (gardener/gardener#3604, @rfranzke) - [DEPENDENCY] The
terraformer
library inextensions/pkg/terraformer
does now adopt still running pods instead of deleting them and waiting for their deletion. This enables a faster and more reliable status/result propagation and prevents unhelpful error messages.Infrastructure
extension developers do not need to wait for a clean Terraform environment in theirDelete()
function anymore as the library is now handling this case out-of-the-box. (gardener/gardener#3349, @rfranzke) - [DEPENDENCY] During the extension webhook registration, when a namespace is provided via the
--webhook-config-namespace
flag, the webhook config is enhanced with an owner reference pointing to the provided namespace. This will lead to auto-cleanup of the webhook config when the extension is uninstalled from a seed (earlier, the webhook config was orphaned even after uninstallation from a seed). (gardener/gardener#3341, @rfranzke)
[gardener-resource-manager]
π Bug Fixes
- [OPERATOR] A problem with long running ManagedResource reconciliations caused by unavailable
APIServices
was fixed. (gardener-attic/gardener-resource-manager#116, @rfranzke) - [OPERATOR] The
.spec.loadBalancerIP
value forService
s is now preserved. (gardener-attic/gardener-resource-manager#114, @rfranzke)
π Others
- [OPERATOR] The
CheckDaemonSet
function does now lead to more accurate results. (gardener-attic/gardener-resource-manager#113, @rfranzke)
[ingress-default-backend]
π Others
- [OPERATOR] The health endpoint is now configurable by setting the env var
HEALTH_ENDPOINT
. The default (/healthy
) has not been changed. (gardener/ingress-default-backend#13, @Diaphteiros)
[logging]
π Others
- [OPERATOR] Batch IDs are configurable via
NumberOfBatchIDs
. (gardener/logging#83, @vlvasilev) - [OPERATOR] Add
ControllerSyncTimeout
to control the informer sync period. Prior it was infinity time. (gardener/logging#83, @vlvasilev) - [OPERATOR]
ReplaceOutOfOrderTS
is replaces bySortByTimestamp
. The timestamp is no longer replaced. Instead the logs are sorted by their timestamp. (gardener/logging#83, @vlvasilev)