Update k8s packages (minor) #65
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/k8s-go
branch
29 times, most recently
from
80e5f4e to
6632cbb
Compare
renovate
bot
force-pushed
the
renovate/k8s-go
branch
from
9752aae to
0add2af
Compare
renovate
bot
force-pushed
the
renovate/k8s-go
branch
3 times, most recently
from
0cf69dc to
4591193
Compare
renovate
bot
force-pushed
the
renovate/k8s-go
branch
2 times, most recently
from
9dbd775 to
fe2131e
Compare
|
renovate
bot
force-pushed
the
renovate/k8s-go
branch
3 times, most recently
from
ad849b3 to
1ec851a
Compare
renovate
bot
force-pushed
the
renovate/k8s-go
branch
2 times, most recently
from
c0cf111 to
140f16c
Compare
renovate
bot
force-pushed
the
renovate/k8s-go
branch
from
140f16c to
01d40ad
Compare
|
This PR is blocked by #112, as we need to update the go version first. |
renovate
bot
force-pushed
the
renovate/k8s-go
branch
from
01d40ad to
a4f0d39
Compare
timebertt
force-pushed
the
renovate/k8s-go
branch
from
a4f0d39 to
5d83666
Compare
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
Wieneo
approved these changes
Apr 17, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.112.0->v1.117.0v1.41.2->v1.47.0v0.31.5->v0.32.3v0.31.5->v0.32.3v0.31.5->v0.32.3v0.31.5->v0.32.3v0.31.5->v0.32.3v0.31.5->v0.32.3v0.19.5->v0.20.4Release Notes
gardener/gardener (github.com/gardener/gardener)
v1.117.0Compare Source
[gardener/gardener]
[USER]The VPA version is updated to 1.3.0. Upstream VPA 1.3.0 does no longer serve API versionautoscaling.k8s.io/v1beta2. Gardener's VPA installation will continue to serve API versionautoscaling.k8s.io/v1beta2until Gardener v1.119.In Gardener v1.119+, the API version
autoscaling.k8s.io/v1beta2will no longer be served.Migrate your VerticalPodAutoscaler manifests to use API version
autoscaling.k8s.io/v1. For more details, see Notice on switching to v1 version (0.4.X-1.2.X to >=1.3.X). by @ialidzhikov [#11774][DEVELOPER]Thehack/generate-crds.shscript no longer accepts an optional-r <reason>argument. Previously, this argument was used to add theapi-approved.kubernetes.io: "<reason>"annotation to the CRD. Instead, use the+kubebuilder:metadata:annotationskubebuilder tag to add this annotation natively with controller-gen. by @ialidzhikov [#11774][DEVELOPER]The extension heartbeat controller was changed so that the heartbeat lease it maintains is updated via thegithub.com/gardener/gardener/pkg/controllerutils.CreateOrGetAndMergePatchfunction. Extension controllers that enable the heartbeat controller must adapt the extension controller RBAC rules to allowpatchof thegardener-extension-heartbeatlease. by @Kostov6 [#11337][OPERATOR]An update validation was added forExtensions to ensure the immutability of the field.spec.resources[].primary. Previously, changing this value caused reconciliation errors, which are now prevented by this validation.In addition, the
.spec.resources[].primaryis now defaulted totrue. by @timuthy [#11824]✨ New Features
[OPERATOR]Add new monitoring dashboard panes for Etcd Compaction Job with detailed failure reasons and updated existing alerts and boards. by @anveshreddy18 [#11771][OPERATOR]The extension care controller has been introduced. It checks the status of controller installations, extension and extension admission deployments managed by theExtension. by @oliver-goetz [#11769][OPERATOR]L7 load balancing is supporting the SPDY protocol for streaming APIs too. by @oliver-goetz [#11807][OPERATOR]NamespacedCloudProfile.spec.limits.maxNodesTotalcan now also be used to override the limit defined in the parentCloudProfilewith an increased value. Increasing requires additional permissions granted by the custom verbraise-spec-limits. by @LucaBernstein [#11796][USER]L7 load balancing can now be enabled independently from the Kubernetes version of the shoot whenIstioTLSTerminationfeature gate is enabled on the seed. by @oliver-goetz [#11807][USER]IPv4 or dual-stack shoots can now define IPv4 pod, service and node networks overlapping with networks of their seed. Currently, this works only for non-HA shoots. by @domdom82 [#11582]🐛 Bug Fixes
[OPERATOR]WhenIstioTLSTerminationfeature gate is enabled the apiserver-proxy related EnvoyFilter is not deployed for the virtual-garden anymore. by @oliver-goetz [#11897]🏃 Others
[OPERATOR]Update istio to version1.25.1. by @DockToFuture [#11836][OPERATOR]gardener-operatorautomatically adds thenetworking.resources.gardener.cloud/to-virtual-garden-kube-apiserver-tcp-443: allowedlabel to the gardenlet deployment in case it is deployed to the garden runtime cluster.Thus, it is not required anymore to configure this label in the
Gardenletresource. by @timuthy [#11855][OPERATOR]The images of the registry caches used in the local setups are now updated to distribution/[email protected]. by @dimitar-kostadinov [#11775][OPERATOR]WhenIstioTLSTerminationfeature gate is enabled, istio-ingress gateway pods request500mCPUs now. by @oliver-goetz [#11866][OPERATOR]Remove wildcards*from RBAC roles for thekubelet,admin,administrators,viewerandviewersclusterRoles. by @AleksandarSavchev [#11754][OPERATOR]Fix an error message during the startup of the node exporter by @vicwicker [#11817][OPERATOR]Add support for single-stack to dual-stack networking migration. by @axel7born [#11893][OPERATOR]Deploy MCM with higherconcurrent-syncs,kube-api-qpsandkube-api-burst. by @hendrikKahl [#11879][DEPENDENCY]The following dependencies have been updated:gardener/etcd-druidfromv0.28.0tov0.29.0. Release Notesgithub.com/gardener/etcd-druid/apifromv0.28.0tov0.29.0. by @gardener-ci-robot [#11867][DEPENDENCY]The following dependencies have been updated:gardener/machine-controller-managerfromv0.57.1tov0.57.2. Release Notesgithub.com/gardener/machine-controller-managerfromv0.57.1tov0.57.2. by @gardener-ci-robot [#11857][DEPENDENCY]The following dependencies have been updated:gcr.io/istio-release/pilotfrom1.25.1to1.25.2.gcr.io/istio-release/proxyv2from1.25.1to1.25.2.istio.io/apifromv1.25.1tov1.25.2. by @gardener-ci-robot [#11868][DEPENDENCY]The following dependencies have been updated:gcr.io/istio-release/pilotfrom1.23.5to1.23.6.gcr.io/istio-release/proxyv2from1.23.5to1.23.6. by @gardener-ci-robot [#11829][DEPENDENCY]The following images have been updated:registry.k8s.io/autoscaling/vpa-admission-controller: 1.2.2 -> 1.3.0registry.k8s.io/autoscaling/vpa-recommender: 1.2.2 -> 1.3.0registry.k8s.io/autoscaling/vpa-updater: 1.2.2 -> 1.3.0VPA 1.3.0 Release Notes by @ialidzhikov [#11774]
Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.117.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.117.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.117.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.117.0Docker Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.117.0europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.117.0europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.117.0europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.117.0europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.117.0europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.117.0europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.117.0europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.117.0v1.116.2Compare Source
[gardener/gardener]
🐛 Bug Fixes
[OPERATOR]WhenIstioTLSTerminationfeature gate is enabled the apiserver-proxy related EnvoyFilter is not deployed for the virtual-garden anymore. by @oliver-goetz [#11896]🏃 Others
[OPERATOR]Shoots that are currently in deletion now get ignored by theRemoveAPIServerProxyLegacyPortfeature gate validation. by @Wieneo [#11887][OPERATOR]Deploy MCM with higherconcurrent-syncs,kube-api-qpsandkube-api-burst. by @hendrikKahl [#11880]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.116.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.116.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.116.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.116.2Docker Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.116.2europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.116.2europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.116.2europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.116.2europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.116.2europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.116.2europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.116.2europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.116.2v1.116.1Compare Source
[gardener/gardener]
🐛 Bug Fixes
[USER]An issue causing thecloudproviderSecret to contain both static credentials and workload identity config, which are mutually exclusive, when migrating to workload identity is now fixed. by @dimityrmirchev [#11847][DEVELOPER]Fix malformed file path error ongo get github.com/gardener/[email protected]by @MartinWeindel [#11820]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.116.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.116.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.116.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.116.1Docker Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.116.1europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.116.1europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.116.1europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.116.1europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.116.1europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.116.1europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.116.1europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.116.1v1.116.0Compare Source
[gardener/gardener]
[DEVELOPER]/hack/generate-crds.shwill no longer generate any CRDs withgroup=druid.gardener.cloud. One must use etcd-druid API to get the CRDs that serve as a single source of truth for all etcd-druid CRDs. by @unmarshall [#11545][DEVELOPER]The extensionclassfield in the generic extension controller was removed. Please use the new fieldclassesinstead. by @timuthy [#11764][OPERATOR]The etcd-druid's GA-edUseEtcdWrapperfeature gate is removed. It is now unconditionally enabled. It should no longer be passed in gardenlet configuration. Before upgrading to this version of Gardener, check your gardenlet configuration and make sure that it does not specify the etcd-druid'sUseEtcdWrapperfeature gate. by @unmarshall [#11545][OPERATOR]The default etcd-main storage is increased from10Gito25Gi. The etcd-main storage capacity is mutated by provider extensions. Before upgrading to this version of Gardener, make sure the provider extensions which you use mutate the etcd-main capacity. Otherwise, the default storage capacity change in Gardener could be unexpected or breaking. by @unmarshall [#11545][OPERATOR]Please note, if you configurespec.extensionsin yourGardenresource:gardener-operatoradds agarden-prefix to all extension resources configured via theGarden. Existing extension resources (not prefixed) will be deleted automatically at the end of the reconciliation. Another, manually triggeredGardenreconciliation might be required to reach the desired state of the extension again. by @timuthy [#11764]📰 Noteworthy
[OPERATOR]NodeAgentAuthorizerfeature gate has been promoted to beta and is now enabled by default. by @oliver-goetz [#11757][OPERATOR]The feature gateNewVPNhas been graduated toGA. It was already enabled by default and can now no longer be turned off. The feature gate will be removed in a future release. by @domdom82 [#11714]✨ New Features
[OPERATOR]Extensions can be configured forSeeds viaspec.extensionsto deploy extensions for the seed cluster. Before activating this configuration, please first confirm that the corresponding extension is compatible with the seed use-case. by @timuthy [#11764]🐛 Bug Fixes
[OPERATOR]TheNetworkPolicycontroller part ofgardener-resource-managerdoes no longer attempt to create resources in terminating namespaces. by @rfranzke [#11808][OPERATOR]An issue causing Shoot reconciliation to fail withno relationship foundwhen the referenced SecretBinding/CredentialsBinding is forcefully deleted (its finalizer is removed by the end user) and then recreated with the same name is now fixed. gardener-admission-controller's authorisation graph is now updated for a Shoot after forceful deletion and recreation of the referenced Secretbinding/CredentialsBinding. by @MartinWeindel [#11461][OPERATOR]If the computed pod label selector contains keys exceeding 63 characters, theNetworkPolicycontroller part ofgardener-resource-managerdoes now shorten them to make sure they can actually get created. Previously, it failed trying to create them infinitely, resulting in high CPU load in large clusters. by @rfranzke [#11808][OPERATOR]Keepoperator.gardener.cloud.ExtensionconditionRequiredRuntime=trueuntil deletion ofextensions.gardener.cloud.Extensions has completed. by @MartinWeindel [#11696][OPERATOR]Fix a bug that appears when migrating aShootbetweenSeeds by introducing a new controller, which manages aShootStatefinalizer preventing early object deletions. by @vitanovs [#11491]🏃 Others
[DEVELOPER]Remove the double maintenance of CRDs defined in etcd-druid. Now, gardenlet is using the etcd-druid CRD APIs to get the CRDs ensuring one single source of truth. by @unmarshall [#11545][DEVELOPER]Remove the dependency on thegithub.com/gardener/etcd-druidmodule and instead introduce dependency ongithub.com/gardener/etcd-druid/apimodule. by @unmarshall [#11545][OPERATOR]Add optional argument--custom-package <group>=<package>togenerate-crds.shscript. by @MartinWeindel [#11702][OPERATOR]Remove unnecessary istio loadbalancer annotations from the ClusterIP kube-apiserver service. by @kon-angelo [#11728][OPERATOR]Increase VPA client-side rate limits to200qps and250burst. by @voelzmo [#11748][DEPENDENCY]The following dependencies have been updated:envoyproxy/envoyfromv1.33.1tov1.33.2. Release Notes by @gardener-ci-robot [#11751][DEPENDENCY]The following dependencies have been updated:quay.io/prometheus/node-exporterfromv1.9.0tov1.9.1. by @gardener-ci-robot [#11784][DEPENDENCY]The following dependencies have been updated:gardener/etcd-druidfromv0.27.0tov0.28.0. Release Notesgithub.com/gardener/etcd-druidfromv0.27.0tov0.28.0. by @unmarshall [#11545][DEPENDENCY]The following dependencies have been updated:quay.io/kiwigrid/k8s-sidecarfrom1.30.2to1.30.3. by @gardener-ci-robot [#11766][DEPENDENCY]The following dependencies have been updated:envoyproxy/envoyfromv1.33.0tov1.33.1. Release Notes by @gardener-ci-robot [#11720][DEPENDENCY]The following dependencies have been updated:quay.io/coreos/etcdfromv3.4.36tov3.5.20. by @gardener-ci-robot [#11756][DEPENDENCY]The following dependencies have been updated:quay.io/coreos/etcdfromv3.4.34tov3.4.36. by @gardener-ci-robot [#11755]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.116.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.116.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.116.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.116.0Docker Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.116.0europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.116.0europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.116.0europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.116.0europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.116.0europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.116.0europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.116.0europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.116.0v1.115.3Compare Source
[gardener/gardener]
🐛 Bug Fixes
[OPERATOR]WhenIstioTLSTerminationfeature gate is enabled the apiserver-proxy related EnvoyFilter is not deployed for the virtual-garden anymore. by @oliver-goetz [#11895][USER]An issue causing thecloudproviderSecret to contain both static credentials and workload identity config, which are mutually exclusive, when migrating to workload identity is now fixed. by @dimityrmirchev [#11848]🏃 Others
[OPERATOR]Shoots that are currently in deletion now get ignored by theRemoveAPIServerProxyLegacyPortfeature gate validation. by @Wieneo [#11888][OPERATOR]Deploy MCM with higherconcurrent-syncs,kube-api-qpsandkube-api-burst. by @hendrikKahl [#11881]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.115.3europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.115.3europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.115.3europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.115.3Docker Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.115.3europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.115.3europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.115.3europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.115.3europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.115.3europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.115.3europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.115.3europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.115.3v1.115.2Compare Source
[gardener/gardener]
🐛 Bug Fixes
[DEVELOPER]An issue causing the Shoot logging test-machinery integration tests to fail is now fixed. by @ialidzhikov [#11798][OPERATOR]The step which deploys the sourceBackupEntryduring therestorephase of control plane migration now depends on the successful deployment of theShoot's control plane namespace. This fixes a potential race condition which could cause thesource-etcd-backupSecret to not be deployed in theShoot's control plane namespace and the subsequent step which copies etcd backups to time out. by @plkokanov [#11812]🏃 Others
[DEVELOPER]An issue causing theshould copy data to podVPN tunnel test-machinery integration test to fail is now fixed. by @ialidzhikov [#11804]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.115.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.115.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.115.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.115.2Docker Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.115.2europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.115.2europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.115.2europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.115.2europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.115.2europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.115.2europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.115.2europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.115.2v1.115.1Compare Source
[gardener/gardener]
🏃 Others
[DEPENDENCY]The following dependencies have been updated:registry.k8s.io/ingress-nginx/controller-chrootfromv1.12.0tov1.12.1. by @gardener-ci-robot [#11739][DEPENDENCY]The following dependencies have been updated:registry.k8s.io/ingress-nginx/controller-chrootfromv1.11.4tov1.11.5. by @gardener-ci-robot [#11737][DEPENDENCY]The following dependencies have been updated:gardener/machine-controller-managerfromv0.57.0tov0.57.1. Release Notesgithub.com/gardener/machine-controller-managerfromv0.57.0tov0.57.1. by @gardener-ci-robot [#11725]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.115.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.115.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.115.1europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.115.1Docker Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.115.1europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.115.1europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.115.1europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.115.1europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.115.1europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.115.1europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.115.1europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.115.1v1.115.0Compare Source
[gardener/gardener]
[OPERATOR]PodTopologySpreadConstraintswebhook in thegardener-resource-manageris disabled for seeds unconditionally and for shoots which doesn't disable kubernetes feature gateMatchLabelKeysInPodTopologySpreadexplicitly. by @shafeeqes [#11497][OPERATOR]TokenInvalidatorcontroller and webhook in thegardener-resource-managerare removed. by @shafeeqes [#11497][DEVELOPER]Thegithub.com/gardener/gardener/pkg/utils/gardener.ReconcileTopologyAwareRoutingMetadatafunc in deperecated in favor ofgithub.com/gardener/gardener/pkg/utils/gardener.ReconcileTopologyAwareRoutingSettings. by @ialidzhikov [#11178]📰 Noteworthy
[OPERATOR]TheServiceTrafficDistributionfeature is being used on to make Services topology-aware when the runtime Kubernetes version is 1.31+. by @ialidzhikov [#11178][DEVELOPER]fluent-operatorAPIs and CRDs are updated from v2 to v3 by @nickytd [#11673][USER]TheupdateStrategyof existing machine images in aCloudProfilecan now be overridden in aNamespacedCloudProfile. by @LucaBernstein [#11550]✨ New Features
[OPERATOR]TheinjectGardenKubeconfigfield is defaulted totruefor extensions responsible forWorkerresources when registered via theoperator.gardener.cloud/v1alpha1.ExtensionAPI. by @rfranzke [#11658][OPERATOR]You can use.spec.virtualCluster.gardener.gardenerAPIServer.goAwayChancein theGardenAPI to specify the probability for randomly closing a connection (GOAWAY) in order to prevent HTTP/2 clients from getting stuck on a singlegardener-apiserver. by @rfranzke [#11551][USER]NamespacedCloudProfile.spec.limits.maxNodesTotalcan be used to override the limit of the maximum number of nodes a shoot can have during runtime, as defined in the parentCloudProfile. See the documentation for more details. by @LucaBernstein [#11647][USER]If the Gardener operator has defined a control plane wildcard certificate, the.status.advertisedAddressesof theShootcontain an entry with an endpoint secured by this certificate. Note that this endpoint is specific to the seed cluster theShootis scheduled to. Read all about it in this document. by @rfranzke [#11612][USER]The feature gateNewVPNhas been graduated toBetaand is now enabled by default. by @ScheererJ [#11693]🐛 Bug Fixes
[USER]A bug causing race condition in thekube-proxypod related to concurrent modifications of iptables rules was fixed. by @AleksandarSavchev [#11668][USER]Fix authentication panel in API server Plutono dashboard for Shoot clusters by @chrkl [#11667]🏃 Others
[DEPENDENCY]The following dependencies have been updated:quay.io/kiwigrid/k8s-sidecarfrom1.30.1to1.30.2. by @gardener-ci-robot [#11628][DEPENDENCY]The following dependencies have been updated:gardener/machine-controller-managerfromv0.56.1tov0.57.0. Release Notesgithub.com/gardener/machine-controller-managerfromv0.56.1tov0.57.0. by @gardener-ci-robot [#11620][DEPENDENCY]The following dependencies have been updated:credativ/valifromv2.2.21tov2.2.22. Release Notes by @gardener-ci-robot [#11664][DEPENDENCY]The following dependencies have been updated:gardener/gardener-metrics-exporterfrom0.36.0to0.37.0. Release Notes by @gardener-ci-robot [#11677][DEPENDENCY]The following dependencies have been updated:credativ/plutonofromv7.5.36tov7.5.37. Release Notes by @gardener-ci-robot [#11663][DEPENDENCY]The following dependencies have been updated:quay.io/prometheus/alertmanagerfromv0.28.0tov0.28.1. by @gardener-ci-robot [#11625][OPERATOR]Added fieldOCIRepository.PullSecretReffor pulling helm charts from repositories with access restrictions. by @MartinWeindel [#11324][OPERATOR]The ports used by provider-local can now be specified via helm values. by @ScheererJ [#11700][OPERATOR]CreateShoottestdefinition exposesminAllowedoptions for control plane by @hendrikKahl [#11637][OPERATOR]The gardener-node-agent is now able to deal with the new version v3 of containerd's configuration file/etc/containerd/config.toml. As this new version of the configuration file comes with a new structure of certain configuration options, gardener-node-agent must be able to write configuration changes to different locations within the file based on its version. If it detects this config file to be version 3, it will write all relevant configuration changes to the new config keys. In addition, for any plugins inserted through an OSCPluginConfiguration, it will check if its path matches a typical v2 compliant path prefix and will translate it to the equivalent v3 compliant path prefix. by @MrBatschner [#11623][OPERATOR]Upgrade Prometheus to v3.2 by @vicwicker [#11552][OPERATOR]Garden and Seed cluster component containers, which do not require privilege escalations, now forbid privilege escalation explicitly. by @georgibaltiev [#11519][OPERATOR]Thegardener/autoscalerimage has been updated tov1.31.0. Release Notes by @aaronfern [#11646][OPERATOR]Enable theVerticalPodAutoscalerCappedRecommendationalerts by @vicwicker [#11622][OPERATOR]gardener-apiserveris now deployed with a fixed number of replicas (HA configuration: 3, non-HA configuration: 2). It does not useHPAanymore. by @oliver-goetz [#11684][OPERATOR]gardener-operatorrejects deletion requests forExtensions deemed required for the landscape. by @timuthy [#11606][DEVELOPER]TheObjectNames()function ofgithub.com/gardener/gardener/test/utils/matcherscan be used to modifyobject.Objectlists to a[]stringwith their name. This is useful in tests to avoid usinggstructmatchers that bloat the test output. by @tobschli [#11616][DEVELOPER]The component checklist now recommends settingrevisionHistoryLimit=2forDaemonSets as well. by @rfranzke [#11659][DEVELOPER]Allow to configure bootstrapping control plane nodes with controller installations by settinghostNetwork,replicas,tolerationsand usable ports. by @ScheererJ [#11527][DEVELOPER]An issue causing the VPN tunnel test-machinery integration test to fail is now fixed. by @ialidzhikov [#11716]📖 Documentation
[USER]Add documentation on how to federate metrics from the shoot Prometheus into an external Prometheus instance by @vicwicker [#11609]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.115.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.115.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.115.0europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.115.0Docker Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.115.0europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.115.0europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.115.0europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.115.0europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.115.0europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.115.0europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.115.0europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.115.0v1.114.3Compare Source
[gardener/gardener]
🐛 Bug Fixes
[OPERATOR]WhenIstioTLSTerminationfeature gate is enabled the apiserver-proxy related EnvoyFilter is not deployed for the virtual-garden anymore. by @oliver-goetz [#11894][USER]An issue causing thecloudproviderSecret to contain both static credentials and workload identity config, which are mutually exclusive, when migrating to workload identity is now fixed. by @dimityrmirchev [#11849]🏃 Others
[OPERATOR]Shoots that are currently in deletion now get ignored by theRemoveAPIServerProxyLegacyPortfeature gate validation. by @Wieneo [#11889][OPERATOR]Deploy MCM with higherconcurrent-syncs,kube-api-qpsandkube-api-burst. by @hendrikKahl [#11884]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.114.3europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.114.3europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.114.3europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.114.3Docker Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.114.3europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.114.3europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.114.3europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.114.3europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.114.3europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.114.3europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.114.3europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.114.3v1.114.2Compare Source
[gardener/gardener]
🐛 Bug Fixes
[OPERATOR]The step which deploys the sourceBackupEntryduring therestorephase of control plane migration now depends on the successful deployment of theShoot's control plane namespace. This fixes a potential race condition which could cause thesource-etcd-backupSecret to not be deployed in theShoot's control plane namespace and the subsequent step which copies etcd backups to time out. by @plkokanov [#11813]🏃 Others
[DEVELOPER]An issue causing theshould copy data to podVPN tunnel test-machinery integration test to fail is now fixed. by @ialidzhikov [#11805][DEPENDENCY]The following dependencies have been updated:quay.io/kiwigrid/k8s-sidecarfrom1.30.1to1.30.2. by @gardener-ci-robot [#11752][DEPENDENCY]The following dependencies have been updated:registry.k8s.io/ingress-nginx/controller-chrootfromv1.12.0tov1.12.1. by @gardener-ci-robot [#11740][DEPENDENCY]The following dependencies have been updated:registry.k8s.io/ingress-nginx/controller-chrootfromv1.11.4tov1.11.5. by @gardener-ci-robot [#11738]Helm Charts
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.114.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.114.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.114.2europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.114.2Docker Images
europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.114.2europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.114.2Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.