Skip to content

3.8.0
Compare
Choose a tag to compare
@gardener-robot-ci-1 gardener-robot-ci-1 released this 12 Apr 13:11
· 313 commits to master since this release
3.8.0
a3a2e03

[garden-setup]

🐛 Bug Fixes

🏃 Others

  • [OPERATOR] Upgrade Gardener extension provider-openstack to v1.16.2 (#435, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener dns-controller-manager to v0.8.1 (#435, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-aws to v1.22.2 (#435, @Diaphteiros)
  • [OPERATOR] Upgrade Gardener extension provider-gcp to v1.15.0 (#435, @Diaphteiros)

📰 Noteworthy

[cloud-provider-aws]

🏃 Others

[cloud-provider-gcp]

🏃 Others

[external-dns-management]

🐛 Bug Fixes

🏃 Others

[gardener]

⚠️ Breaking Changes

  • [OPERATOR] The default leader election resource lock of gardener-controller-manager, gardener-scheduler and gardenlet has been changed to leases. (gardener/gardener#3719, @timebertt)
    • Please make sure, that the components have permissions to create, get, watch and update leases.coordination.k8s.io in the respective clusters.
    • And please make sure, that you had at least [email protected] running before upgrading to v1.19, so that all components have successfully required leadership with the hybrid resource lock (configmapsleases) at least once.
  • [OPERATOR] The ManagedIstio and APIServerSNI feature gates in the gardenlet have been promoted to beta and are now enabled by default. If you run your own istio installation then you have to disable the ManagedIstio feature gate (and probably also the APIServerSNI) in your gardenlet configurations. (gardener/gardener#3633, @rfranzke)

🐛 Bug Fixes

  • [USER] An issue causing causing the deletion of hibernated Shoot to fail is now fixed. (gardener/gardener#3791, @ialidzhikov)
  • [USER] A transient error which may occur when a hibernated shoot cluster is woken up again right away has been fixed. (gardener/gardener#3749, @vpnachev)
  • [OPERATOR] Fix a bug where the gardenlet was not updating the allow-to-seed-apiserver network policy with the IP address of the seed's API server when the APIServerSNI feature gate is just enabled. (gardener/gardener#3743, @vpnachev)
  • [OPERATOR] The istiod deployment in the istio-system namespace now has replicas set to 2 and can be properly scaled by its corresponding VPA. (gardener/gardener#3691, @plkokanov)
  • [OPERATOR] Added resource requests and limits to the apiserver-proxy-pod-mutator container which should allow the corresponding HPA to properly read CPU metrics from the kube-apiserver when SNI is enabled. (gardener/gardener#3691, @plkokanov)
  • [OPERATOR] A bug preventing seed deletion to hang due to already deleted CRD etcds.druid.gardener.cloud is now fixed. (gardener/gardener#3686, @stoyanr)
  • [OPERATOR] An issue preventing kube-controller-manager to approve the CSR for kubelet certificate renewal is now fixed. (gardener/gardener#3684, @majst01)
  • [OPERATOR] An issue causing gardenlet to fail to remove the finalizer of the Seed Secret (.spec.secretRef) is now fixed. (gardener/gardener#3677, @ialidzhikov)
  • [OPERATOR] Increase CoreDNS memory limits to avoid OOMKill. (gardener/gardener#3675, @amshuman-kr)
  • [OPERATOR] An issue preventing the status of the BackupBucket to be properly updated is now fixed. (gardener/gardener#3673, @MartinWeindel)
  • [OPERATOR] Some issues with hanging ControllerInstallations have been resolved, that caused the Seed deletion to deadlock and required manual cleanup. (gardener/gardener#3653, @timebertt)
  • [OPERATOR] extensions/pkg/controller/controlplane/genericactuator.Actuator can now use a separate ManagedResource for ControlPlane CRDs that are installed in the Shoot cluster to separate the deletion of CRDs from the deletion of the RBAC for controller leader election. (gardener/gardener#3562, @ialidzhikov)
  • [DEPENDENCY] An issue causing nil pointer dereference in the extension library is now fixed. (gardener/gardener#3730, @ialidzhikov)

🏃 Others

📰 Noteworthy

  • [USER] Every shoot worker node now randomly delays the execution of the cloud-config user data by up to 5m (earlier, the maximum delay was ~30s). This is to prevent too many systemd unit restarts (e.g., kubelet restarts) at the ~same time when there is a change (e.g., a Kubernetes patch version update). (gardener/gardener#3715, @rfranzke)
  • [USER] When a shoot is erroring with ERR_INFRA_INSUFFICIENT_PRIVILEGES, ERR_INFRA_QUOTA_EXCEEDED or ERR_INFRA_DEPENDENCIES then it is now immediately set to the Failed status (this already happens also for ERR_INFRA_UNAUTHORIZED or ERR_CONFIGURATION_PROBLEM). This prevents Gardener from automatically retrying the operation. If you are hit by it, please manually retry the operation once you have resolved the issue. (gardener/gardener#3662, @rfranzke)
  • [DEPENDENCY] ⚠️ Go dependencies to kubernetes/* and kubernetes-sigs/controller-runtime were updated to v0.20.2 and v0.8.3 respectively. (gardener/gardener#3651, @rfranzke)

[gardener-extension-provider-aws]

🐛 Bug Fixes

🏃 Others

[gardener-extension-provider-gcp]

⚠️ Breaking Changes

  • [OPERATOR] The ValidatingWebhookConfiguration of the GCP admission controller has been changed from version v1beta1 to v1. Please make sure to deploy the admission controller only to clusters with a Kubernetes version >= 1.16 (gardener/gardener-extension-provider-gcp#230, @timuthy)

✨ New Features

🐛 Bug Fixes

🏃 Others

📰 Noteworthy

  • [OPERATOR] The validator/admission component's Helm chart is now deploying a VerticalPodAutoscaler resource by default. If undesired or no VPA is available in the garden cluster then it can be turned of via .Values.global.vpa.enabled=false. (gardener/gardener-extension-provider-gcp#234, @rfranzke)

[gardener-extension-provider-openstack]

🐛 Bug Fixes

[machine-controller-manager]

⚠️ Breaking Changes

  • [DEVELOPER] machine-controller-manager now checks for misconfigured PodDisruptionBudgets (ones that require zero voluntary evictions and make impossible the graceful Node drain) and sets better Machine .status.lastOperation.description for such Machines. This change is breaking as out-of-tree providers need new RBAC permissions - list and watch access for PodDisruptionBudgets in the target cluster. (gardener/machine-controller-manager#591, @ialidzhikov)

🐛 Bug Fixes

🏃 Others

[terraformer]

🐛 Bug Fixes

  • [OPERATOR] A bug was fixed that caused terraform to leak its finalizer on ConfigMaps and Secrets in case of an interrupt during terraform destroy. (gardener/terraformer#71, @timebertt)
  • [OPERATOR] A bug was fixed that caused terraform to leak its finalizer on ConfigMaps and Secrets in case of an interrupt during terraform destroy. (gardener/terraformer#72, @timebertt)

🏃 Others

  • [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#84, @ialidzhikov)
    • hashicorp/terraform-provider-aws: 3.18.0 -> 3.32.0
    • hashicorp/terraform-provider-google: 3.27.0 -> 3.59.0
    • hashicorp/terraform-provider-google-beta: 3.27.0 -> 3.59.0
  • [OPERATOR] The Terraformer now instantly removes its finalizer from the state ConfigMap if the state is empty and destroy is called. A separate Terraform destroy is not executed. (gardener/terraformer#80, @timuthy)
  • [OPERATOR] Terraformer will now publish an additional image without any pre-installed terraform plugins. (gardener/terraformer#77, @Diaphteiros)
  • [OPERATOR] Provides support for the Equinix Metal provider, which replaces the Packet one (gardener/terraformer#73, @deitch)
  • [OPERATOR] The terraformer-openstack use now the openstack provider in version v1.37.0 (gardener/terraformer#70, @kon-angelo)
  • [OPERATOR] The terraformer-openstack use now the openstack provider in version v1.36.0 (gardener/terraformer#68, @dkistner)
  • [OPERATOR] The configmaps and secrets used to contain terraform configuration, state and variables are now protected with a finalizer against accidental deletion. (gardener/terraformer#65, @vpnachev)

📰 Noteworthy

Assets 3
Loading