Releases: gardener/gardener
Releases · gardener/gardener
v1.126.0
[github.com/gardener/gardener:v1.126.0]
⚠️ Breaking Changes
-
[OPERATOR]A separatenode-local-dnsDaemonSetis deployed for each worker pool such that eachDaemonSethas the namenode-local-dns-<worker-pool-name>.
If you are usinggardener-extension-networking-ciliumin your landscape, it is required to update it to a version which supports these new names for theDaemonSets.
Support is added with gardener/gardener-extension-networking-cilium#622 and included in versions starting from:v1.42.1,v1.41.3andv1.40.4by @DockToFuture [#12422] -
[OPERATOR]⚠️ TheNewWorkerPoolHashfeature gate has been promoted to beta and is now enabled by default. When the feature gate is enabled, changes tokubeReserved,systemReserved,evictionHardorcpuManagerPolicyin thekubeletof theShootwill trigger a node-roll. All provider extensions must be upgraded to a version which includes Gardenerv1.98.0first to support this feature. by @Duciwuci [#12550] -
[DEVELOPER]The local Gardener development setup has been restructured:- The location of key config files has changed. In particular,
project.yamlnow has to be created atexample/provider-extensions/garden/project/base/project.yaml. - The deprecated
SecretBindingresource has been removed from the local deployment. Developers should now useCredentialsBindingresources instead. - The template for credentials bindings is now located at:
- When referencing static credentials, update your configuration to use
CredentialsBindingreferencingSecretobjects, as shown in the new template file. The previoussecretbindings.yamlfile and template have been removed.
Action required:
If you use static credentials for your local setup, update your configuration to: - The location of key config files has changed. In particular,
-
[DEVELOPER]The constantgithub.com/gardener/gardener/pkg/apis/core/v1beta1/constants.ShootGroupViewershas been removed, please usegithub.com/gardener/gardener/pkg/apis/core/v1beta1/constants.ShootSystemViewersGroupNameby @vpnachev [#12673]
📰 Noteworthy
[USER]New ClusterRoleBindings are deployed in the shoot clusters, they will grant Admin and Viewer permissions that will be later leveraged by theAdminKubeconfigandViewerKubeconfigfeature of Gardener.gardener.cloud:system:admins- grants admin access to users that are Gardener System adminsgardener.cloud:system:viewers- grants viewer access to users that are Gardener System viewersgardener.cloud:project:admins- grants admin access to users that are Gardener Project adminsgardener.cloud:project:viewers- grants viewer access to users that are Gardener Project viewers by @vpnachev [#12673]
✨ New Features
[OPERATOR]Add annotationshoot.gardener.cloud/emergency-stop-reconciliations=truetoSeedresources to temporarily disableShootreconciliations. by @LucaBernstein [#12712]
🐛 Bug Fixes
[OPERATOR]An issue causing theplutono-datasourcesConfigMap to be reconciled by 2 ManagedResources when Seed is Garden managed bygardener-operatoris now fixed. Occasionally, the issue was preventing successful Seed deletion. by @gardener-ci-robot [#12798][OPERATOR]Fixed MachineImage and MachineType architecture defaulting forCloudProfiles supporting one architecture only. by @Roncossek [#12745][USER]Errors that occur duringWorkerreconciliation are now also propagated to theShootstatus. by @matthias-horne [#12769][USER]The status of constraintDualStackNodesMigrationReadyis nowprogressinginstead offalseat the start of a migration to dual-stack networking. by @axel7born [#12685][OPERATOR]Theplutono-datasourcesConfigMapis no longer wrongfully garbage collected while it is in use. by @timebertt [#12762]
🏃 Others
[DEPENDENCY]The following dependencies have been updated:gardener/dashboardfrom1.81.1to1.81.2. Release Notes by @gardener-ci-robot [#12691]
[OPERATOR]Starting from Kubernetes version 1.34, enabling or disabling node-local-dns will no longer trigger node rolling (except kube-proxy is running in IPVS mode). Instead, a cleanup job will be executed. Additionally, node-local-dns is deployed per WorkerPool and node-local-dns will use UDP as default protocol for DNS queries to the upstream DNS server. by @DockToFuture [#12422][DEPENDENCY]The following dependencies have been updated:registry.k8s.io/ingress-nginx/controller-chrootfromv1.13.0tov1.13.1. by @gardener-ci-robot [#12710]
[DEPENDENCY]The following dependencies have been updated:registry.k8s.io/ingress-nginx/controller-chrootfromv1.12.4tov1.12.5. by @gardener-ci-robot [#12713]
[DEPENDENCY]The following dependencies have been updated:gardener/vpn2from0.41.0to0.41.1. Release Notes by @gardener-ci-robot [#12722]
[USER]Collectapiserver_validating_admission_policy_check_totalmetric by shoot Prometheus. by @chrkl [#12716][OPERATOR]Thedevice-taint-eviction-controlleris disabled for workerless Shoots with Kubernetes v1.33+. by @RadaBDimitrova [#12757][DEPENDENCY]The following dependencies have been updated:gardener/autoscalerfromv1.32.0tov1.32.1. Release Notes by @gardener-ci-robot [#12715]
[OPERATOR]Remove the init container and annotation used for the Prometheus volume cleanup migration from Prometheus resources by @vicwicker [#12728][DEPENDENCY]The following dependencies have been updated:quay.io/kiwigrid/k8s-sidecarfrom1.30.7to1.30.8. by @gardener-ci-robot [#12727]
[OPERATOR]gardenlet now deploys aServiceMonitorresource for thevpa-updater. With this, thevpa-updatermetrics are scraped by prometheus. by @vitanovs [#12677][DEVELOPER]golang-testimages for Go 1.25 are built now. Those for Go 1.23 are not built anymore because it is out of maintenance. by @marc1404 [#12770][OPERATOR]Validations forspec.provider.worker[]andspec.kubernetes.clusterAutoscalerhave been improved. by @aaronfern [#12567][OPERATOR]The AdmissionConfiguration API resource has been migrated from version v1alpha1 to v1. by @georgibaltiev [#12615][OPERATOR]Update Setup Guide to include Cert Management for Garden by @hendrikKahl [#12706][DEPENDENCY]The following dependencies have been updated:quay.io/kiwigrid/k8s-sidecarfrom1.30.8to1.30.9. by @gardener-ci-robot [#12750]
Contributors
chrkl, marc1404, and 16 other contributors
Assets 9
v1.125.3
[github.com/gardener/gardener:v1.125.3]
🐛 Bug Fixes
[OPERATOR]An issue causing theplutono-datasourcesConfigMap to be reconciled by 2 ManagedResources when Seed is Garden managed bygardener-operatoris now fixed. Occasionally, the issue was preventing successful Seed deletion. by @gardener-ci-robot [#12796]
Contributors
gardener-ci-robot
Assets 9
v1.125.2
[github.com/gardener/gardener:v1.125.2]
🐛 Bug Fixes
[USER]Errors that occur duringWorkerreconciliation are now also propagated to theShootstatus. by @gardener-ci-robot [#12789][OPERATOR]Theplutono-datasourcesConfigMapis no longer wrongfully garbage collected while it is in use. by @gardener-ci-robot [#12765]
Contributors
gardener-ci-robot
Assets 9
v1.124.3
[github.com/gardener/gardener:v1.124.3]
🐛 Bug Fixes
[OPERATOR]Theplutono-datasourcesConfigMapis no longer wrongfully garbage collected while it is in use. by @gardener-ci-robot [#12766][OPERATOR]An issue causing theplutono-datasourcesConfigMap to be reconciled by 2 ManagedResources when Seed is Garden managed bygardener-operatoris now fixed. Occasionally, the issue was preventing successful Seed deletion. by @gardener-ci-robot [#12797][USER]Errors that occur duringWorkerreconciliation are now also propagated to theShootstatus. by @gardener-ci-robot [#12790]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.124.3 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.124.3 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.124.3 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.124.3
Container (OCI) Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.124.3 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.124.3 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.124.3 - gardenadm:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.124.3 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.124.3 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.124.3 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.124.3 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.124.3 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.124.3
Contributors
gardener-ci-robot
Assets 9
v1.123.5
[github.com/gardener/gardener:v1.123.5]
🐛 Bug Fixes
[USER]Errors that occur duringWorkerreconciliation are now also propagated to theShootstatus. by @gardener-ci-robot [#12791]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.123.5 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.123.5 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.123.5 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.123.5
Container (OCI) Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.123.5 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.123.5 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.123.5 - gardenadm:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.123.5 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.123.5 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.123.5 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.123.5 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.123.5 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.123.5
Contributors
gardener-ci-robot
Assets 9
v1.123.4
[github.com/gardener/gardener:v1.123.4]
🏃 Others
[DEPENDENCY]The following dependencies have been updated:gardener/autoscalerfromv1.32.0tov1.32.1. Release Notes by @gardener-ci-robot [#12718]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.123.4 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.123.4 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.123.4 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.123.4
Container (OCI) Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.123.4 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.123.4 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.123.4 - gardenadm:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.123.4 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.123.4 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.123.4 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.123.4 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.123.4 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.123.4
Contributors
gardener-ci-robot
Assets 9
v1.125.1
[github.com/gardener/gardener:v1.125.1]
🏃 Others
[DEPENDENCY]The following dependencies have been updated:gardener/vpn2from0.41.0to0.41.1. Release Notes by @gardener-ci-robot [#12726]
[DEPENDENCY]The following dependencies have been updated:gardener/autoscalerfromv1.32.0tov1.32.1. Release Notes by @gardener-ci-robot [#12720]
Contributors
gardener-ci-robot
Assets 9
v1.124.2
[github.com/gardener/gardener:v1.124.2]
🏃 Others
[OPERATOR]The following dependencies have been updated:gardener/vpn2from0.40.0to0.40.1. Release Notes by @axel7born [#12725]
[DEPENDENCY]The following dependencies have been updated:gardener/autoscalerfromv1.32.0tov1.32.1. Release Notes by @gardener-ci-robot [#12719]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.124.2 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.124.2 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.124.2 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.124.2
Container (OCI) Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.124.2 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.124.2 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.124.2 - gardenadm:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.124.2 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.124.2 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.124.2 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.124.2 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.124.2 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.124.2
Contributors
axel7born and gardener-ci-robot
Assets 9
v1.125.0
[gardener/gardener]
⚠️ Breaking Changes
[OPERATOR]spec.addons.nginxIngress.loadBalancerSourceRangesare now validated as CIDRs. by @ScheererJ [#12539][OPERATOR]spec.addons.nginxIngress.configis now validated as conforming to config map data rules. by @ScheererJ [#12539][OPERATOR]spec.systemComponents.coreDNS.rewriting.commonSuffixesare now validated against DNS rules. by @ScheererJ [#12539][OPERATOR]TheUseNamespacedCloudProfilefeature gate has been graduated to GA and is locked totrue. by @LucaBernstein [#12620][OPERATOR]spec.networking.typeis now validated as being a label name. by @ScheererJ [#12539][OPERATOR]All annotations ofkube-apiserverservice in the shoot control planes will be replaced by the minimum required set of annotations. Manually added annotations will be removed. by @ScheererJ [#12630][OPERATOR]The name ofExposureClassresources is now properly checked to be compliant to the DNS label rules. by @ScheererJ [#12539][USER]Setting shoot's.spec.providers.workers[].{maxSurge, maxUnavailable}will be denied in future versions of Gardener for workers with updateStrategyManualInPlaceUpdate. Users should unset these values with this version of Gardener. by @acumino [#12607]
✨ New Features
[USER]The Shoot resource does now support configuring the global maximum allowed resources the vpa-recommender can recommend for a container. The corresponding upstream configuration option solves a known limitation of vpa-recommender where it can make a Pod unschedulable by recommending resource requests more than largest Node's allocatable. For more details, see Specifying global maximum allowed resources to prevent pods from being unschedulable. by @ialidzhikov [#12481][OPERATOR]The Seed and Garden resources do now support configuring the global maximum allowed resources the vpa-recommender can recommend for a container. The corresponding upstream configuration option solves a known limitation of vpa-recommender where it can make a Pod unschedulable by recommending resource requests more than largest Node's allocatable. For more details, see Specifying global maximum allowed resources to prevent pods from being unschedulable. by @ialidzhikov [#12481]
🐛 Bug Fixes
[OPERATOR]Fixed localgardenadmdevelopment setup for non-amd64 systems. by @ScheererJ [#12619][OPERATOR]A bug which could cause istio service and workload dashboards to show "many-to-many matching errors" after kube-apiserver pods were rolling has been fixed. by @oliver-goetz [#12635][OPERATOR]Fix cluster-autoscaler specific annotations on machine deployment upon update in worker specific cluster autoscaler options. by @takoverflow [#12548][OPERATOR]Seed registration was fixed forManagedSeeds with seed templates configuringspec.resources. by @timuthy [#12652][OPERATOR]Fixed a bug in the cluster overview dashboard that showedcluster-autoscaleras down when not deployed. by @rickardsjp [#12654][OPERATOR]A bug which was causing thegardener-node-agentto enter crash-loop when its config was updated with breaking changes was fixed. by @AleksandarSavchev [#12589][USER]The Kubernetes feature gateValidatingAdmissionPolicyis now marked as removed in Kubernetes 1.32. Previously, it was possible to upgrade a Shoot cluster to Kubernetes 1.32 with this feature gate enabled, which resulted in kube-apiserver failing to start due to an unrecognized feature gate. by @marc1404 [#12643]
🏃 Others
[DEPENDENCY]The following dependencies have been updated:gardener/vpn2from0.40.0to0.41.0. Release Notes by @gardener-ci-robot [#12675]
[DEPENDENCY]The following dependencies have been updated:gardener/dashboardfrom1.81.0to1.81.1. Release Notes by @gardener-ci-robot [#12616]
[DEPENDENCY]The following dependencies have been updated:gcr.io/istio-release/pilotfrom1.25.3to1.25.4.gcr.io/istio-release/proxyv2from1.25.3to1.25.4.istio.io/apifromv1.25.3tov1.25.4. by @gardener-ci-robot [#12655]
[DEPENDENCY]The following dependencies have been updated:envoyproxy/envoyfromv1.34.3tov1.35.0. Release Notes by @gardener-ci-robot [#12598]
[USER]Updates tospec.networking.ipFamilesare now validated. by @axel7born [#12523][DEVELOPER]migrate CICD-Pipeline to GitHub-Actions by @ccwienk [#12592][DEVELOPER]The hostname of provider-localMachines/Nodescan be resolved via DNS, similar to typical cloud infrastructure environments. This allows connecting from aBastionto aNodevia its hostname. by @timebertt [#12657][DEVELOPER]DNSRecordmay now use non-canonical IPv6 addresses. by @ScheererJ [#12667][OPERATOR]Adds machine capability based image defaulting to Shoots created with Cloudprofiles using Capabilities. by @Roncossek [#12529][OPERATOR]The Shoot Prometheus RBAC is now restricted to the control-plane and the garden namespace. by @chrkl [#12264][OPERATOR]A new validation for the following(Namespaced)CloudProfilefields has been added, ensuring qualified names:.spec.machineImages[].name.spec.machineImages[].versions[].cri[].containerRuntimes[].type.spec.machineTypes[].name.spec.capabilities.name.spec.capabilities.values.spec.volumeTypes[].class.spec.volumeTypes[].nameby @LucaBernstein [#12666]
[OPERATOR]Thegardener-node-agentnow has a--config-dirflag that is used to find the config file instead of a--configflag. by @AleksandarSavchev [#12589][OPERATOR]Unique usernames are generated for {Admin,Viewer}KubeconfigRequests by prefixing the original/requesting username with a random string. This approach prevents conflicts with existing RBAC rules in the cluster while still preserving the identity of the requesting user. by @timuthy [#12597][OPERATOR]Gardener administrators are now allowed to inspect and manage Services and Endpoints in the garden cluster. by @ialidzhikov [#12211][OPERATOR]A bug ingardener-node-agentthat prevented the location for the sandbox image to be configurable to a custom value on worker nodes with containerd 2.x was fixed. by @MrBatschner [#12665]
📖 Documentation
Contributors
chrkl, marc1404, and 16 other contributors
Assets 9
v1.124.1
[gardener/gardener]
🐛 Bug Fixes
[OPERATOR]A bug which could cause istio service and workload dashboards to show "many-to-many matching errors" after kube-apiserver pods were rolling has been fixed. by @oliver-goetz [#12638][OPERATOR]Fix cluster-autoscaler specific annotations on machine deployment upon update in worker specific cluster autoscaler options. by @takoverflow [#12680][USER]The Kubernetes feature gateValidatingAdmissionPolicyis now marked as removed in Kubernetes 1.32. Previously, it was possible to upgrade a Shoot cluster to Kubernetes 1.32 with this feature gate enabled, which resulted in kube-apiserver failing to start due to an unrecognized feature gate. by @marc1404 [#12645]
🏃 Others
[DEPENDENCY]The following dependencies have been updated:gardener/dashboardfrom1.81.0to1.81.1. Release Notes by @gardener-ci-robot [#12621]
[OPERATOR]A bug in Gardener Node Agent that prevented the location for the sandbox image to be configurable to a custom value on worker nodes with containerd 2.x was fixed. by @MrBatschner [#12672]
[github.com/gardener/dashboard:1.81.1]
[gardener/dashboard]
🐛 Bug Fixes
[USER]Fixed issue where wrong dashboard version (with -dev tag) was displayed in the UI by @gardener-github-actions[bot] [#2527]
Helm Charts
- controlplane:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.124.1 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.124.1 - operator:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.124.1 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.124.1
Container (OCI) Images
- admission-controller:
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.124.1 - apiserver:
europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.124.1 - controller-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.124.1 - gardenadm:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.124.1 - gardenlet:
europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.124.1 - node-agent:
europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.124.1 - operator:
europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.124.1 - resource-manager:
europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.124.1 - scheduler:
europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.124.1
Contributors
marc1404, MrBatschner, and 3 other contributors