Kubernetes-native system managing the full lifecycle of conformant Kubernetes clusters as a service on Alicloud, AWS, Azure, GCP, OpenStack, vSphere, KubeVirt, Hetzner, EquinixMetal, MetalStack, and OnMetal with minimal TCO.
[OPERATOR]
A bug has been fixed which caused PersistentVolume
s without .spec.nodeAffinity
to become unusable in case they still had the old, deprecated topology labels. by @rfranzke [#9544]europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.89.4
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.89.4
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.89.4
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.89.4
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.89.4
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.89.4
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.89.4
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.89.4
[OPERATOR]
Fix bug where dependency watchdog is missing permissions to read nodes in the shoot clusters. by @vpnachev [#9503]europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.91.2
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.91.2
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.91.2
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.91.2
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.91.2
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.91.2
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.91.2
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.91.2
[OPERATOR]
Fix bug where dependency watchdog is missing permissions to read nodes in the shoot clusters. by @vpnachev [#9502]europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.6
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.6
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.6
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.6
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.6
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.6
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.6
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.6
[OPERATOR]
dependency-watchdog-prober
now skips Lease
s in the kube-node-lease
namespace in case the corresponding Node
does not exist (anymore). by @rfranzke [gardener/dependency-watchdog#108]europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.91.1
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.91.1
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.91.1
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.91.1
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.91.1
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.91.1
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.91.1
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.91.1
[OPERATOR]
dependency-watchdog-prober
now skips Lease
s in the kube-node-lease
namespace in case the corresponding Node
does not exist (anymore). by @rfranzke [gardener/dependency-watchdog#108]europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.5
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.5
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.5
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.5
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.5
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.5
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.5
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.5
[OPERATOR]
A bug has been fixed which prevented pods from starting on clusters of at least 1.28
if they were using old PersistentVolume
s created with the deprecated failure-domain.beta.kubernetes.io/{zone,region}
labels. by @rfranzke [#9415]europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.88.3
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.88.3
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.88.3
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.88.3
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.88.3
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.88.3
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.88.3
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.88.3
[USER]
Deprecated .spec.kubernetes.allowPrivilegedContainers
field in the Shoot API is now removed. by @shafeeqes [#9274][USER]
The .status.advertisedAddresses[]
list in a Shoot
's status now includes the Shoot
's service account issuer under the name service-account-issuer
. Please revisit any logic that might depend on all advertised addresses being used for communication with the kube-apiserver
of a shoot cluster. by @dimityrmirchev [#9196][OPERATOR]
The ShootForceDeletion
feature gate has been promoted to beta and is turned on by default. by @acumino [#9325][DEVELOPER]
The {garden,seed,shoot}-care
controllers now incorporate ManagedResource
s into all relevant conditions, and it is possible to override the condition type into which a ManagedResource
's status gets incorporated via the care.gardener.cloud/condition-type
label. Please consult the respective documentation for more information (garden-care
, seed-care
, shoot-care
). by @rfranzke [#9313][OPERATOR]
The gardenlet now synchronizes the service account public keys of shoot clusters that have managed issuer enabled. The public keys are stored in a dedicated gardener-system-shoot-issuer
namespace in the Garden cluster. by @dimityrmirchev [#9354][OPERATOR]
gardener-resource-manager
now considers the health and the progressing status for Certificate
and Issuer
resources (see cert-management) managed via ManagedResource
s. by @timuthy [#9326][OPERATOR]
The Shoot maintenance controller now removes unsupported feature gates and admission plugins from the Shoot during force upgrades. by @shafeeqes [#9365][OPERATOR]
gardener-operator
now deploys two Alertmanager replicas into the garden
namespace. They don't come with any configuration by default. It is in the responsibility of the human operators to create monitoring.coreos.com/v1alpha1.AlertmanagerConfig
resources with the proper configuration suitable for their needs. Read more about it here. by @rfranzke [#9301][OPERATOR]
The ControlPlaneHealthy
condition in Shoot
s now reports an issue when {kube,machine}-controller-manager
or cluster-autoscaler
are scaled down to 0
replicas. The EveryNodeReady
condition in Shoot
s now reports an issue when at least 20%
of the Lease
s related to nodes in the kube-node-lease
namespace are expired. by @rfranzke [#9376][DEVELOPER]
Function NewClientFromBytes
in package pkg/client/kubernetes/client.go
was fixed to consider AllowedUserFields
. Earlier, it failed when creating a Kubernetes client with a special but allowed fields in the Kubeconfig (e.g. auth-provider
). by @timuthy [#9333][OPERATOR]
Update CoreDNS to v1.11.1. by @DockToFuture [#8945][OPERATOR]
The gardener operator documentation now closes resembles the reality of the coding. by @ScheererJ [#9342][OPERATOR]
The istio ingress gateway orphan namespace detection no longer interferes with the istio ingress gateway zone migration in case the target zone names are unknown and there is no active usage. by @ScheererJ [#9460][OPERATOR]
The ingress domain of kube-apiserver should work again for single-zonal shoot control planes. by @ScheererJ [#9393][OPERATOR]
There is a new plutono dashboard named Container Images
that currently contains 2 panels for image pull durations. by @ialidzhikov [#9422][OPERATOR]
Port 8132 of istio ingress gateway will respond to all ordinary http requests with a redirect (301) to the https port by @ScheererJ [#9332][OPERATOR]
The operating system config reconciler of the gardener-node-agent
now creates directories with 0755
permissions when it creates files listed in the corresponding OperatingSystemConfig
on the node. Previously these directories were created with no permissions. by @plkokanov [#9443][OPERATOR]
Seed clusters with a wildcard certificate no longer use Ingress
resources to expose kube-apiserver
. Instead, Istio
resources are directly used now. by @ScheererJ [#9300][OPERATOR]
Shoot clusters should stay accessible after istio ingress gateway migration via annotation alpha.istio-ingress.gardener.cloud/migrate-to was triggered. by @ScheererJ [#9423][OPERATOR]
Operators can create duplicate istio ingress gateways for migration if the zone names should be changed in the seed specification by @ScheererJ [#9304][DEVELOPER]
Now the observability applications which are also targets of the authentication & authorization proxies share common label. by @nickytd [#9385][DEVELOPER]
Local dev setup can now deploy a cluster with volume resize support. by @dnaeon [#9363]europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.91.0
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.91.0
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.91.0
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.91.0
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.91.0
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.91.0
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.91.0
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.91.0
[OPERATOR]
A bug has been fixed which prevented pods from starting on clusters of at least 1.28
if they were using old PersistentVolume
s created with the deprecated failure-domain.beta.kubernetes.io/{zone,region}
labels. by @rfranzke [#9414][OPERATOR]
A configuration issue of the prometheus-operator managed alertmanager instances is fixed. by @istvanballok [#9419]europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.89.3
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.89.3
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.89.3
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.89.3
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.89.3
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.89.3
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.89.3
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.89.3
[OPERATOR]
A configuration issue of the prometheus-operator managed alertmanager instances is fixed. by @istvanballok [#9420][OPERATOR]
A bug has been fixed which prevented pods from starting on clusters of at least 1.28
if they were using old PersistentVolume
s created with the deprecated failure-domain.beta.kubernetes.io/{zone,region}
labels. by @rfranzke [#9413]europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.90.4
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.90.4
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.90.4
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.90.4
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.90.4
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.90.4
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.90.4
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.90.4
The release-notes for component github.com/gardener/gardener in version v1.90.3 exceeded the maximum length of 25000 characters allowed by GitHub for release-bodies. They have been uploaded as release-asset and can be found at https://github.com/gardener/gardener/releases/download/v1.90.3/release_notes.md.