v1.87.1-2

Release Notes v1.87

YAKE release notes and upgrade guide

Related upstream release notes / changelogs

Update dashboard to 1.71.1

[gardener/dashboard]

🐛 Bug Fixes

• [USER] Fixed an issue where the error message _all is not a function was displayed on the ALL PROJECTS page. by @holgerkoser [#1663]

Docker Images

• dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.71.1

Update dashboard to 1.71.1

[gardener/dashboard]

🐛 Bug Fixes

• [USER] Fixed an issue where the error message _all is not a function was displayed on the ALL PROJECTS page. by @holgerkoser [#1663]

Docker Images

• dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.71.1

Update external-dns-management to 0.16.1

[gardener/external-dns-management]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [#342]
• [OPERATOR] rfc2136 provider expects TSIGSecret in base64 encoded format (previously base64 decoded was expected) by @Avarei [#347]

✨ New Features

• [USER] [AWS Route53] Create an additional alias AAAA record for load balancers (NLBs) if load balancer target domain name has an IPv6 address. by @MartinWeindel [#341]

🏃 Others

• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [#338]
• [DEVELOPER] Remove vendoring by @MartinWeindel [#345]

Docker Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.16.1

Update shoot-dns-service to 1.42.0

[gardener/external-dns-management]

⚠️ Breaking Changes

• [OPERATOR] rfc2136 provider expects TSIGSecret in base64 encoded format (previously base64 decoded was expected) by @Avarei [gardener/external-dns-management#347]
• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [gardener/external-dns-management#342]

✨ New Features

• [USER] [AWS Route53] Create an additional alias AAAA record for load balancers (NLBs) if load balancer target domain name has an IPv6 address. by @MartinWeindel [gardener/external-dns-management#341]

🏃 Others

• [DEVELOPER] Remove vendoring by @MartinWeindel [gardener/external-dns-management#345]
• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [gardener/external-dns-management#338]

[gardener/gardener-extension-shoot-dns-service]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.85.0 to 1.86.0. by @MartinWeindel [#268]
• [DEVELOPER] Remove vendoring from project by @MartinWeindel [#268]

Update cloudprofiles to 0.6.10

Full Changelog: gardener-community/cloudprofiles@0.6.9...0.6.10

Update provider-azure to 1.40.0

[gardener/gardener-extension-provider-azure]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [#762]

🐛 Bug Fixes

• [OPERATOR] A bug which caused an empty vmType under certain conditions has been fixed. Empty vmTypes prevent load balancers from being deleted on Kubernetes v1.28 shoots. by @oliver-goetz [#754]

🏃 Others

• [DEVELOPER] Add new unit tests. by @axel7born [#751]
• [OPERATOR] Updated azurecsi-file image -> v1.29.2 by @kon-angelo [#760]
• [OPERATOR] Set azurefile-csi CSIDriver object to support ephemeral disks. by @kon-angelo [#756]
• [OPERATOR] Add new flow-based infrastructure reconciler. by @kon-angelo [#739]
• [OPERATOR] Set azurefile-csi CSIDriver object with attachRequired to false. by @kon-angelo [#756]
• [DEPENDENCY] Vendor gardener v1.83.3 by @kon-angelo [#764]

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.40.0
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.40.0

Update shoot-dns-service to 1.42.1

[gardener/gardener-extension-shoot-dns-service]

🐛 Bug Fixes

• [OPERATOR] An issue has been fixed that led to invalid webhook configurations after the admission controller rotated the CA and server certificates. by @timuthy [#278]

Update shoot-dns-service to 1.42.2

[gardener/gardener-extension-shoot-dns-service]

🏃 Others

• [OPERATOR] Downgrade dns-controller-manager from v0.16.1 to v0.16.0 to disable newly introduced feature "Create alias AAAA records for load balancers if target domain name has an IPv6 address" because of leaking AAAA under some circumstances. by @MartinWeindel [#279]

Update provider-azure to 1.40.1

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [USER] Disk detachment step is skipped while terminating terminal state vms. Terminal state vms have provisioningState as Failed by @himanshu-kun [#773]

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.40.1
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.40.1

Update shoot-networking-problemdetector to 0.20.0

[gardener/network-problem-detector]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [gardener/network-problem-detector#53]

🏃 Others

• [OPERATOR] Bumps golang from 1.21.3 to 1.21.4. by @dependabot[bot] [gardener/network-problem-detector#51]
• [OPERATOR] Fix image repository for releases by @MartinWeindel [gardener/network-problem-detector#55]
• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [gardener/network-problem-detector#52]
• [DEVELOPER] remove vendoring by @MartinWeindel [gardener/network-problem-detector#54]

[gardener/gardener-extension-shoot-networking-problemdetector]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.84.0 to 1.84.1. by @dependabot[bot] [#106]
• [OPERATOR] Bump github.com/gardener/gardener from 1.81.1 to 1.82.0. by @dependabot[bot] [#99]
• [OPERATOR] Bump github.com/gardener/gardener from 1.83.0 to 1.84.0. by @dependabot[bot] [#105]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.0 to 1.82.1. by @dependabot[bot] [#100]
• [OPERATOR] Bump github.com/gardener/gardener from 1.85.0 to 1.86.0. by @dependabot[bot] [#111]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.1 to 1.83.0. by @dependabot[bot] [#102]
• [OPERATOR] Bumps github.com/gardener/gardener from 1.80.1 to 1.81.1. by @dependabot[bot] [#97]
• [OPERATOR] Bump github.com/gardener/gardener from 1.84.1 to 1.85.0. by @dependabot[bot] [#108]

Docker Images

• gardener-extension-shoot-networking-problemdetector: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-networking-problemdetector:v0.20.0

Update gardener-controlplane to 1.86.1

[gardener/etcd-druid]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references. by @shreyas-s-rao [gardener/etcd-druid#756]

[gardener/etcd-backup-restore]

🏃 Others

• [OPERATOR] Dynamic loading of IaaS credentials is now optimized to make use of file system information instead of calculating a hash of the credentials to detect changes. by @renormalize [gardener/etcd-backup-restore#670]
• [OPERATOR] A regression in chunk deletion behavior for openstack provider has now been fixed. by @shreyas-s-rao [gardener/etcd-backup-restore#703]
• [OPERATOR] Add unit tests for chunk deletion by @anveshreddy18 [gardener/etcd-backup-restore#685]
• [USER] Add support for overriding storage API endpoint for provider GCS, by setting environment variable GOOGLE_STORAGE_API_ENDPOINT, with the value in the format http[s]://host[:port]/storage/v1/. ⚠️ Note: GCS storage API endpoint will not be overridden for copy subcommand, since backup buckets may reside in different regions. by @shreyas-s-rao [gardener/etcd-backup-restore#691]

Docker Images

• admission-controller-linux-amd64: eu.gcr.io/gardener-project/gardener/admission-controller:v1.86.1
• apiserver-linux-amd64: eu.gcr.io/gardener-project/gardener/apiserver:v1.86.1
• controller-manager-linux-amd64: eu.gcr.io/gardener-project/gardener/controller-manager:v1.86.1
• gardenlet-linux-amd64: eu.gcr.io/gardener-project/gardener/gardenlet:v1.86.1
• node-agent-linux-amd64: eu.gcr.io/gardener-project/gardener/node-agent:v1.86.1
• operator-linux-amd64: eu.gcr.io/gardener-project/gardener/operator:v1.86.1
• resource-manager-linux-amd64: eu.gcr.io/gardener-project/gardener/resource-manager:v1.86.1
• scheduler-linux-amd64: `eu.gcr.io/gardener-project/gardener/schedul...

v1.86.3-1

Release Notes v1.86

Yake/23KE release notes and upgrade guide

:::danger

This update renames 23ke to yake. You need to rename the config secret and GitRepository resource as described.

:::

:::danger

This update definitely needs backups to be configured. If you are running a 23KE instance without backups, enable backups before performing this update.

:::

Prerequisites

etcd downgrade

In order to align the versions of etcd and etcd-backup-restore with gardener/etcd-druid, we perform a downgrade to etcd-3.4.26 and an upgrade to etcd-backup-restore-0.24.7. This is also expected to improve the stability of the backup process. For the upgrade, you need to

• Make sure you have an up-to-date backup of the virtual garden etcds. To perform a full backup you can use the following request:

  kubectl -n garden exec -it etcd-0 curl localhost:8080/snapshot/full

• Delete the statefulset etcd and etcd-events in the garden namespace

  kubectl delete statefulset -n garden etcd
  kubectl delete statefulset -n garden etcd-events

During the upgrade helm will create new persistentVolumes for the virtual garden's etcds. These volumes are prefixed by virtual-garden-.

Temporarily remove gardener-metrics-exporter

To workaround an issue with how yake uses gardener-metrics-exporter's chart, delete its deployment

kubectl delete -n garden deployment gardener-metrics-exporter

Upgrade

Perform the migration from 23ke to yake execute the following steps.

• Create copy of Secret 23ke-config named yake-config

  kubectl get secret -n flux-system 23ke-config -o yaml | kubectl-neat | yq '.metadata.name="yake-config"' | kubectl apply -f -

• Create new GitRepository source named yake.

  cat <<EOF | kubectl apply -f -
  apiVersion: source.toolkit.fluxcd.io/v1
  kind: GitRepository
  metadata:
    name: yake
    namespace: flux-system
  spec:
    interval: 1m
    ref:
      tag: v1.86.0-0
    timeout: 60s
    url: https://github.com/yakecloud/yake
  EOF

• Suspend 23ke Kustomization

  flux suspend ks 23ke

• Relabel Kustomizations created by the main 23ke Kustomization

  kubectl label ks -n flux-system -l kustomize.toolkit.fluxcd.io/name=23ke kustomize.toolkit.fluxcd.io/name=yake --overwrite

• Recreate the main Kustomization with name yake

  kubectl get ks -n flux-system 23ke -o yaml | kubectl-neat | yq '.metadata.name="yake" | .spec.sourceRef.name="yake"' | kubectl apply -f -

• Resume the yake Kustomization

  flux resume ks yake

Cleanup obsolete resources

Once you confirmed everything's working correctly you can remove obsolete resources.

• Delete the old 23ke Kustomization

  kubectl delete ks -n flux-system 23ke

• Delete the old GitRepository resource

  kubectl delete gitrepo -n flux-system 23ke

• Delete Secret 23ke-config

  kubectl delete secret -n flux-system 23ke-config

• (Optional) Delete the old persistentVolumeClaims and their persistentVolumes belonging to the already deleted statefulsets of etcd and etcd-events.

  kubectl get pvc -n garden | grep '^etcd'
  kubectl get pv | grep garden/etcd

Related upstream release notes / changelogs

Update shoot-networking-filter to 0.16.0

[gardener/gardener-extension-shoot-networking-filter]

✨ New Features

• [USER] Update image of egress-filter to 0.14.0 by @axel7born [#107]
• [USER] Mount /run/xtables.lock to prevent concurrent modifications of iptables rules. by @axel7born [#106]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.84.0 to 1.84.1. by @dependabot[bot] [#102]
• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [#105]
• [OPERATOR] Bump github.com/gardener/gardener from 1.84.1 to 1.85.0. by @dependabot[bot] [#104]

Docker Images

• gardener-extension-shoot-networking-filter: eu.gcr.io/gardener-project/gardener/extensions/shoot-networking-filter:v0.16.0

Update provider-aws to 1.51.0

[gardener/gardener-extension-provider-aws]

🏃 Others

• [OPERATOR] The following golang dependencies have been upgraded :
  • gardener/gardener: v1.81.6->v1.83.2 by @shafeeqes [#828]
• [OPERATOR] Add documentation for the "flow" infrastructure reconciler. by @kon-angelo [#827]
• [DEVELOPER] Add new unit tests. by @axel7born [#829]

Docker Images

• gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.51.0
• gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.51.0

Update shoot-rsyslog-relp to 0.3.0

[gardener/gardener-extension-shoot-rsyslog-relp]

⚠️ Breaking Changes

• [OPERATOR] The security.gardener.cloud/pod-security-enforce annotation in the ControllerRegistration is set to baseline. With this, the pods running in the extension namespace should comply with baseline pod-security standard. by @AleksandarSavchev [#17]

✨ New Features

• [USER] The shoot-rsyslog-relp configuration now allows users to specify which tls library should be used by librerlp when tls communication is enabled via the tls.tlsLib optional field. The possible options are gnutls and openssl. When the field is omitted, librelp uses its default tls library which in most cases is gnutls. More information can be found here: https://www.rsyslog.com/doc/v8-stable/configuration/modules/imrelp.html#tls-tlslib by @plkokanov [#27]
• [USER] shoot-rsyslog-relp extension now supports Shoot Force Deletion. by @acumino [#24]

🏃 Others

• [OPERATOR] Metrics for the rsyslog service running on the shoot nodes are now exposed and collected according to the following:
  • The metrics are available on the node-exporter's /metrics endpoint.
  • The names of the new metrics match the rsyslog_pstat_.+ regex.
  • The metrics are scraped and collected in the shoot's prometheus instance.
  • A dedicated plutono dashboard is added which displays the rsyslog metrics. by @plkokanov [#32]
• [OPERATOR] Fixed an issue where the rsyslog systemd unit could become stuck in a failed state immediately after it is installed on the shoot's nodes, if the shoot-rsyslog-relp extension was enabled on the shoot before that. The configure-rsyslog.sh script which is responsible for configuring and restarting the rsyslog systemd unit will now wait for the syslog.service symlink to be created before attempting to configure and restart the rsyslog systemd unit. by @plkokanov [#34]
• [OPERATOR] The shoot-rsyslog-relp extension is now aligned with Gardener's component checklist:
  • RBAC for the shoot-rsyslog-relp extension controller have been drastically reduced to only the required ones.
  • The deployment for the shoot-rsyslog-relp extension controller now contains the proper label for HA - high-availability-config.resources.gardener.cloud/type: controller
  • The shoot-rsyslog-relp admission pod no longer has a SecurityContext. This will be automatically added by the seccomp-profile webhook of the gardener-resource-manager
  • The rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner pods now use the RuntimeDefault seccomp profile.
  • The init containers of the rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner pods no longer run in privileged mode.
  • The rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner now specify resource requests and limits.
  • PodSecurityPolicys for the rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner are now deployed in the shoot cluster, if its kubernetes version is 1.24.x. by @plkokanov [#29]
• [OPERATOR] The healthcheck controller is now removed. Starting v1.65.0, gardenlet perform health checks for all ManagedResources in the Shoot control plane in the Seed. There is no longer need of the custom healthcheck controller in the shoot-rsyslog-relp extension as it was doing the same job. It was performing health check for the ManagedResource it deploys. by @plkokanov [#28]
• [OPERATOR] The rsyslog-relp-configuration-cleaner is no longer deployed on Shoot deletion with shoot-rsyslog-relp extension enabled. The Extension deletion occurs after the Worker deletion. There are no Nodes, hence there is no need to clean up registry configuration. by @plkokanov [#30]

Docker Images

• gardener-extension-shoot-rsyslog-relp-admission: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp-admission:v0.3.0
• gardener-extension-shoot-rsyslog-relp: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp:v0.3.0

Update etcd to 6.0.0

What's Changed

• Downgrade to etcd 3.4.26, Upgrade to etcd-backup-restore 0.24.7 by @JensAc in gardener-community/etcd#13

New Contributors

• @JensAc made their first contribution in gardener-community/etcd#13

Full Changelog: gardener-community/etcd@5.3.2...6.0.0

Update etcd to 6.0.0

What's Changed

• Downgrade to etcd 3.4.26, Upgrade to etcd-backup-restore 0.24.7 by @JensAc in gardener-community/etcd#13

New Contributors

• @JensAc made their first contribution in gardener-community/etcd#13

Full Changelog: https://github.com/gardener-community...

v1.87.1-1

Release Notes v1.87

YAKE release notes and upgrade guide

Related upstream release notes / changelogs

Update dashboard to 1.71.1

[gardener/dashboard]

🐛 Bug Fixes

• [USER] Fixed an issue where the error message _all is not a function was displayed on the ALL PROJECTS page. by @holgerkoser [#1663]

Docker Images

• dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.71.1

Update dashboard to 1.71.1

[gardener/dashboard]

🐛 Bug Fixes

• [USER] Fixed an issue where the error message _all is not a function was displayed on the ALL PROJECTS page. by @holgerkoser [#1663]

Docker Images

• dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.71.1

Update external-dns-management to 0.16.1

[gardener/external-dns-management]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [#342]
• [OPERATOR] rfc2136 provider expects TSIGSecret in base64 encoded format (previously base64 decoded was expected) by @Avarei [#347]

✨ New Features

• [USER] [AWS Route53] Create an additional alias AAAA record for load balancers (NLBs) if load balancer target domain name has an IPv6 address. by @MartinWeindel [#341]

🏃 Others

• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [#338]
• [DEVELOPER] Remove vendoring by @MartinWeindel [#345]

Docker Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.16.1

Update shoot-dns-service to 1.42.0

[gardener/external-dns-management]

⚠️ Breaking Changes

• [OPERATOR] rfc2136 provider expects TSIGSecret in base64 encoded format (previously base64 decoded was expected) by @Avarei [gardener/external-dns-management#347]
• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [gardener/external-dns-management#342]

✨ New Features

• [USER] [AWS Route53] Create an additional alias AAAA record for load balancers (NLBs) if load balancer target domain name has an IPv6 address. by @MartinWeindel [gardener/external-dns-management#341]

🏃 Others

• [DEVELOPER] Remove vendoring by @MartinWeindel [gardener/external-dns-management#345]
• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [gardener/external-dns-management#338]

[gardener/gardener-extension-shoot-dns-service]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.85.0 to 1.86.0. by @MartinWeindel [#268]
• [DEVELOPER] Remove vendoring from project by @MartinWeindel [#268]

Update cloudprofiles to 0.6.10

Full Changelog: gardener-community/cloudprofiles@0.6.9...0.6.10

Update provider-azure to 1.40.0

[gardener/gardener-extension-provider-azure]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [#762]

🐛 Bug Fixes

• [OPERATOR] A bug which caused an empty vmType under certain conditions has been fixed. Empty vmTypes prevent load balancers from being deleted on Kubernetes v1.28 shoots. by @oliver-goetz [#754]

🏃 Others

• [DEVELOPER] Add new unit tests. by @axel7born [#751]
• [OPERATOR] Updated azurecsi-file image -> v1.29.2 by @kon-angelo [#760]
• [OPERATOR] Set azurefile-csi CSIDriver object to support ephemeral disks. by @kon-angelo [#756]
• [OPERATOR] Add new flow-based infrastructure reconciler. by @kon-angelo [#739]
• [OPERATOR] Set azurefile-csi CSIDriver object with attachRequired to false. by @kon-angelo [#756]
• [DEPENDENCY] Vendor gardener v1.83.3 by @kon-angelo [#764]

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.40.0
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.40.0

Update shoot-dns-service to 1.42.1

[gardener/gardener-extension-shoot-dns-service]

🐛 Bug Fixes

• [OPERATOR] An issue has been fixed that led to invalid webhook configurations after the admission controller rotated the CA and server certificates. by @timuthy [#278]

Update shoot-dns-service to 1.42.2

[gardener/gardener-extension-shoot-dns-service]

🏃 Others

• [OPERATOR] Downgrade dns-controller-manager from v0.16.1 to v0.16.0 to disable newly introduced feature "Create alias AAAA records for load balancers if target domain name has an IPv6 address" because of leaking AAAA under some circumstances. by @MartinWeindel [#279]

Update provider-azure to 1.40.1

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [USER] Disk detachment step is skipped while terminating terminal state vms. Terminal state vms have provisioningState as Failed by @himanshu-kun [#773]

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.40.1
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.40.1

Update shoot-networking-problemdetector to 0.20.0

[gardener/network-problem-detector]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [gardener/network-problem-detector#53]

🏃 Others

• [OPERATOR] Bumps golang from 1.21.3 to 1.21.4. by @dependabot[bot] [gardener/network-problem-detector#51]
• [OPERATOR] Fix image repository for releases by @MartinWeindel [gardener/network-problem-detector#55]
• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [gardener/network-problem-detector#52]
• [DEVELOPER] remove vendoring by @MartinWeindel [gardener/network-problem-detector#54]

[gardener/gardener-extension-shoot-networking-problemdetector]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.84.0 to 1.84.1. by @dependabot[bot] [#106]
• [OPERATOR] Bump github.com/gardener/gardener from 1.81.1 to 1.82.0. by @dependabot[bot] [#99]
• [OPERATOR] Bump github.com/gardener/gardener from 1.83.0 to 1.84.0. by @dependabot[bot] [#105]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.0 to 1.82.1. by @dependabot[bot] [#100]
• [OPERATOR] Bump github.com/gardener/gardener from 1.85.0 to 1.86.0. by @dependabot[bot] [#111]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.1 to 1.83.0. by @dependabot[bot] [#102]
• [OPERATOR] Bumps github.com/gardener/gardener from 1.80.1 to 1.81.1. by @dependabot[bot] [#97]
• [OPERATOR] Bump github.com/gardener/gardener from 1.84.1 to 1.85.0. by @dependabot[bot] [#108]

Docker Images

• gardener-extension-shoot-networking-problemdetector: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-networking-problemdetector:v0.20.0

Update gardener-controlplane to 1.86.1

[gardener/etcd-druid]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references. by @shreyas-s-rao [gardener/etcd-druid#756]

[gardener/etcd-backup-restore]

🏃 Others

• [OPERATOR] Dynamic loading of IaaS credentials is now optimized to make use of file system information instead of calculating a hash of the credentials to detect changes. by @renormalize [gardener/etcd-backup-restore#670]
• [OPERATOR] A regression in chunk deletion behavior for openstack provider has now been fixed. by @shreyas-s-rao [gardener/etcd-backup-restore#703]
• [OPERATOR] Add unit tests for chunk deletion by @anveshreddy18 [gardener/etcd-backup-restore#685]
• [USER] Add support for overriding storage API endpoint for provider GCS, by setting environment variable GOOGLE_STORAGE_API_ENDPOINT, with the value in the format http[s]://host[:port]/storage/v1/. ⚠️ Note: GCS storage API endpoint will not be overridden for copy subcommand, since backup buckets may reside in different regions. by @shreyas-s-rao [gardener/etcd-backup-restore#691]

Docker Images

• admission-controller-linux-amd64: eu.gcr.io/gardener-project/gardener/admission-controller:v1.86.1
• apiserver-linux-amd64: eu.gcr.io/gardener-project/gardener/apiserver:v1.86.1
• controller-manager-linux-amd64: eu.gcr.io/gardener-project/gardener/controller-manager:v1.86.1
• gardenlet-linux-amd64: eu.gcr.io/gardener-project/gardener/gardenlet:v1.86.1
• node-agent-linux-amd64: eu.gcr.io/gardener-project/gardener/node-agent:v1.86.1
• operator-linux-amd64: eu.gcr.io/gardener-project/gardener/operator:v1.86.1
• resource-manager-linux-amd64: eu.gcr.io/gardener-project/gardener/resource-manager:v1.86.1
• scheduler-linux-amd64: `eu.gcr.io/gardener-project/gardener/schedul...

v1.87.1-0

Release Notes v1.87

YAKE release notes and upgrade guide

Related upstream release notes / changelogs

Update dashboard to 1.71.1

[gardener/dashboard]

🐛 Bug Fixes

• [USER] Fixed an issue where the error message _all is not a function was displayed on the ALL PROJECTS page. by @holgerkoser [#1663]

Docker Images

• dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.71.1

Update dashboard to 1.71.1

[gardener/dashboard]

🐛 Bug Fixes

• [USER] Fixed an issue where the error message _all is not a function was displayed on the ALL PROJECTS page. by @holgerkoser [#1663]

Docker Images

• dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.71.1

Update external-dns-management to 0.16.1

[gardener/external-dns-management]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [#342]
• [OPERATOR] rfc2136 provider expects TSIGSecret in base64 encoded format (previously base64 decoded was expected) by @Avarei [#347]

✨ New Features

• [USER] [AWS Route53] Create an additional alias AAAA record for load balancers (NLBs) if load balancer target domain name has an IPv6 address. by @MartinWeindel [#341]

🏃 Others

• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [#338]
• [DEVELOPER] Remove vendoring by @MartinWeindel [#345]

Docker Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.16.1

Update shoot-dns-service to 1.42.0

[gardener/external-dns-management]

⚠️ Breaking Changes

• [OPERATOR] rfc2136 provider expects TSIGSecret in base64 encoded format (previously base64 decoded was expected) by @Avarei [gardener/external-dns-management#347]
• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [gardener/external-dns-management#342]

✨ New Features

• [USER] [AWS Route53] Create an additional alias AAAA record for load balancers (NLBs) if load balancer target domain name has an IPv6 address. by @MartinWeindel [gardener/external-dns-management#341]

🏃 Others

• [DEVELOPER] Remove vendoring by @MartinWeindel [gardener/external-dns-management#345]
• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [gardener/external-dns-management#338]

[gardener/gardener-extension-shoot-dns-service]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.85.0 to 1.86.0. by @MartinWeindel [#268]
• [DEVELOPER] Remove vendoring from project by @MartinWeindel [#268]

Update cloudprofiles to 0.6.10

Full Changelog: gardener-community/cloudprofiles@0.6.9...0.6.10

Update provider-azure to 1.40.0

[gardener/gardener-extension-provider-azure]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [#762]

🐛 Bug Fixes

• [OPERATOR] A bug which caused an empty vmType under certain conditions has been fixed. Empty vmTypes prevent load balancers from being deleted on Kubernetes v1.28 shoots. by @oliver-goetz [#754]

🏃 Others

• [DEVELOPER] Add new unit tests. by @axel7born [#751]
• [OPERATOR] Updated azurecsi-file image -> v1.29.2 by @kon-angelo [#760]
• [OPERATOR] Set azurefile-csi CSIDriver object to support ephemeral disks. by @kon-angelo [#756]
• [OPERATOR] Add new flow-based infrastructure reconciler. by @kon-angelo [#739]
• [OPERATOR] Set azurefile-csi CSIDriver object with attachRequired to false. by @kon-angelo [#756]
• [DEPENDENCY] Vendor gardener v1.83.3 by @kon-angelo [#764]

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.40.0
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.40.0

Update os-gardenlinux to 0.23.0

[gardener/gardener-extension-os-gardenlinux]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases) by @ccwienk [#134]
• [OPERATOR] hardcoded cgroup driver for containerd and kubelet to systemd for ALL new nodes. Requires the Gardener installation to only have Gardenlinux versions with cgroups-v2 only. This includes GL 934 and up. by @danielfoehrKn [#133]

📰 Noteworthy

• [OPERATOR] This extension is now prepared to run with an enabled UseGardenerNodeAgent feature gate. by @rfranzke [#130]

✨ New Features

• [USER] os-gardenlinux extension now supports Shoot Force Deletion. by @acumino [#131]

🏃 Others

• [OPERATOR] The following dependency is updated:
  • github.com/gardener/gardener: v1.77.1-> v1.80.0
  • k8s.io/* : v0.26.3 -> v0.28.2
  • sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @acumino [#127]

Docker Images

• gardener-extension-os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.23.0

Update shoot-dns-service to 1.42.1

[gardener/gardener-extension-shoot-dns-service]

🐛 Bug Fixes

• [OPERATOR] An issue has been fixed that led to invalid webhook configurations after the admission controller rotated the CA and server certificates. by @timuthy [#278]

Update shoot-dns-service to 1.42.2

[gardener/gardener-extension-shoot-dns-service]

🏃 Others

• [OPERATOR] Downgrade dns-controller-manager from v0.16.1 to v0.16.0 to disable newly introduced feature "Create alias AAAA records for load balancers if target domain name has an IPv6 address" because of leaking AAAA under some circumstances. by @MartinWeindel [#279]

Update provider-azure to 1.40.1

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [USER] Disk detachment step is skipped while terminating terminal state vms. Terminal state vms have provisioningState as Failed by @himanshu-kun [#773]

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.40.1
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.40.1

Update shoot-networking-problemdetector to 0.20.0

[gardener/network-problem-detector]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [gardener/network-problem-detector#53]

🏃 Others

• [OPERATOR] Bumps golang from 1.21.3 to 1.21.4. by @dependabot[bot] [gardener/network-problem-detector#51]
• [OPERATOR] Fix image repository for releases by @MartinWeindel [gardener/network-problem-detector#55]
• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [gardener/network-problem-detector#52]
• [DEVELOPER] remove vendoring by @MartinWeindel [gardener/network-problem-detector#54]

[gardener/gardener-extension-shoot-networking-problemdetector]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.84.0 to 1.84.1. by @dependabot[bot] [#106]
• [OPERATOR] Bump github.com/gardener/gardener from 1.81.1 to 1.82.0. by @dependabot[bot] [#99]
• [OPERATOR] Bump github.com/gardener/gardener from 1.83.0 to 1.84.0. by @dependabot[bot] [#105]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.0 to 1.82.1. by @dependabot[bot] [#100]
• [OPERATOR] Bump github.com/gardener/gardener from 1.85.0 to 1.86.0. by @dependabot[bot] [#111]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.1 to 1.83.0. by @dependabot[bot] [#102]
• [OPERATOR] Bumps github.com/gardener/gardener from 1.80.1 to 1.81.1. by @dependabot[bot] [#97]
• [OPERATOR] Bump github.com/gardener/gardener from 1.84.1 to 1.85.0. by @dependabot[bot] [#108]

Docker Images

• gardener-extension-shoot-networking-problemdetector: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-networking-problemdetector:v0.20.0

Update gardener-controlplane to 1.86.1

[gardener/etcd-druid]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references. by @shreyas-s-rao [gardener/etcd-druid#756]

[gardener/etcd-backup-restore]

🏃 Others

• [OPERATOR] Dynamic loading of IaaS ...

v1.86.3-0

Release Notes v1.86

Yake/23KE release notes and upgrade guide

:::danger

This update renames 23ke to yake. You need to rename the config secret and GitRepository resource as described.

:::

:::danger

This update definitely needs backups to be configured. If you are running a 23KE instance without backups, enable backups before performing this update.

:::

Prerequisites

etcd downgrade

In order to align the versions of etcd and etcd-backup-restore with gardener/etcd-druid, we perform a downgrade to etcd-3.4.26 and an upgrade to etcd-backup-restore-0.24.7. This is also expected to improve the stability of the backup process. For the upgrade, you need to

• Make sure you have an up-to-date backup of the virtual garden etcds. To perform a full backup you can use the following request:

  kubectl -n garden exec -it etcd-0 curl localhost:8080/snapshot/full

• Delete the statefulset etcd and etcd-events in the garden namespace

  kubectl delete statefulset -n garden etcd
  kubectl delete statefulset -n garden etcd-events

During the upgrade helm will create new persistentVolumes for the virtual garden's etcds. These volumes are prefixed by virtual-garden-.

Temporarily remove gardener-metrics-exporter

To workaround an issue with how yake uses gardener-metrics-exporter's chart, delete its deployment

kubectl delete -n garden deployment gardener-metrics-exporter

Upgrade

Perform the migration from 23ke to yake execute the following steps.

• Create copy of Secret 23ke-config named yake-config

  kubectl get secret -n flux-system 23ke-config -o yaml | kubectl-neat | yq '.metadata.name="yake-config"' | kubectl apply -f -

• Create new GitRepository source named yake.

  cat <<EOF | kubectl apply -f -
  apiVersion: source.toolkit.fluxcd.io/v1
  kind: GitRepository
  metadata:
    name: yake
    namespace: flux-system
  spec:
    interval: 1m
    ref:
      tag: v1.86.0-0
    timeout: 60s
    url: https://github.com/yakecloud/yake
  EOF

• Suspend 23ke Kustomization

  flux suspend ks 23ke

• Relabel Kustomizations created by the main 23ke Kustomization

  kubectl label ks -n flux-system -l kustomize.toolkit.fluxcd.io/name=23ke kustomize.toolkit.fluxcd.io/name=yake --overwrite

• Recreate the main Kustomization with name yake

  kubectl get ks -n flux-system 23ke -o yaml | kubectl-neat | yq '.metadata.name="yake" | .spec.sourceRef.name="yake"' | kubectl apply -f -

• Resume the yake Kustomization

  flux resume ks yake

Cleanup obsolete resources

Once you confirmed everything's working correctly you can remove obsolete resources.

• Delete the old 23ke Kustomization

  kubectl delete ks -n flux-system 23ke

• Delete the old GitRepository resource

  kubectl delete gitrepo -n flux-system 23ke

• Delete Secret 23ke-config

  kubectl delete secret -n flux-system 23ke-config

• (Optional) Delete the old persistentVolumeClaims and their persistentVolumes belonging to the already deleted statefulsets of etcd and etcd-events.

  kubectl get pvc -n garden | grep '^etcd'
  kubectl get pv | grep garden/etcd

Related upstream release notes / changelogs

Update shoot-networking-filter to 0.16.0

[gardener/gardener-extension-shoot-networking-filter]

✨ New Features

• [USER] Update image of egress-filter to 0.14.0 by @axel7born [#107]
• [USER] Mount /run/xtables.lock to prevent concurrent modifications of iptables rules. by @axel7born [#106]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.84.0 to 1.84.1. by @dependabot[bot] [#102]
• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [#105]
• [OPERATOR] Bump github.com/gardener/gardener from 1.84.1 to 1.85.0. by @dependabot[bot] [#104]

Docker Images

• gardener-extension-shoot-networking-filter: eu.gcr.io/gardener-project/gardener/extensions/shoot-networking-filter:v0.16.0

Update provider-aws to 1.51.0

[gardener/gardener-extension-provider-aws]

🏃 Others

• [OPERATOR] The following golang dependencies have been upgraded :
  • gardener/gardener: v1.81.6->v1.83.2 by @shafeeqes [#828]
• [OPERATOR] Add documentation for the "flow" infrastructure reconciler. by @kon-angelo [#827]
• [DEVELOPER] Add new unit tests. by @axel7born [#829]

Docker Images

• gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.51.0
• gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.51.0

Update shoot-rsyslog-relp to 0.3.0

[gardener/gardener-extension-shoot-rsyslog-relp]

⚠️ Breaking Changes

• [OPERATOR] The security.gardener.cloud/pod-security-enforce annotation in the ControllerRegistration is set to baseline. With this, the pods running in the extension namespace should comply with baseline pod-security standard. by @AleksandarSavchev [#17]

✨ New Features

• [USER] The shoot-rsyslog-relp configuration now allows users to specify which tls library should be used by librerlp when tls communication is enabled via the tls.tlsLib optional field. The possible options are gnutls and openssl. When the field is omitted, librelp uses its default tls library which in most cases is gnutls. More information can be found here: https://www.rsyslog.com/doc/v8-stable/configuration/modules/imrelp.html#tls-tlslib by @plkokanov [#27]
• [USER] shoot-rsyslog-relp extension now supports Shoot Force Deletion. by @acumino [#24]

🏃 Others

• [OPERATOR] Metrics for the rsyslog service running on the shoot nodes are now exposed and collected according to the following:
  • The metrics are available on the node-exporter's /metrics endpoint.
  • The names of the new metrics match the rsyslog_pstat_.+ regex.
  • The metrics are scraped and collected in the shoot's prometheus instance.
  • A dedicated plutono dashboard is added which displays the rsyslog metrics. by @plkokanov [#32]
• [OPERATOR] Fixed an issue where the rsyslog systemd unit could become stuck in a failed state immediately after it is installed on the shoot's nodes, if the shoot-rsyslog-relp extension was enabled on the shoot before that. The configure-rsyslog.sh script which is responsible for configuring and restarting the rsyslog systemd unit will now wait for the syslog.service symlink to be created before attempting to configure and restart the rsyslog systemd unit. by @plkokanov [#34]
• [OPERATOR] The shoot-rsyslog-relp extension is now aligned with Gardener's component checklist:
  • RBAC for the shoot-rsyslog-relp extension controller have been drastically reduced to only the required ones.
  • The deployment for the shoot-rsyslog-relp extension controller now contains the proper label for HA - high-availability-config.resources.gardener.cloud/type: controller
  • The shoot-rsyslog-relp admission pod no longer has a SecurityContext. This will be automatically added by the seccomp-profile webhook of the gardener-resource-manager
  • The rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner pods now use the RuntimeDefault seccomp profile.
  • The init containers of the rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner pods no longer run in privileged mode.
  • The rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner now specify resource requests and limits.
  • PodSecurityPolicys for the rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner are now deployed in the shoot cluster, if its kubernetes version is 1.24.x. by @plkokanov [#29]
• [OPERATOR] The healthcheck controller is now removed. Starting v1.65.0, gardenlet perform health checks for all ManagedResources in the Shoot control plane in the Seed. There is no longer need of the custom healthcheck controller in the shoot-rsyslog-relp extension as it was doing the same job. It was performing health check for the ManagedResource it deploys. by @plkokanov [#28]
• [OPERATOR] The rsyslog-relp-configuration-cleaner is no longer deployed on Shoot deletion with shoot-rsyslog-relp extension enabled. The Extension deletion occurs after the Worker deletion. There are no Nodes, hence there is no need to clean up registry configuration. by @plkokanov [#30]

Docker Images

• gardener-extension-shoot-rsyslog-relp-admission: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp-admission:v0.3.0
• gardener-extension-shoot-rsyslog-relp: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp:v0.3.0

Update etcd to 6.0.0

What's Changed

• Downgrade to etcd 3.4.26, Upgrade to etcd-backup-restore 0.24.7 by @JensAc in gardener-community/etcd#13

New Contributors

• @JensAc made their first contribution in gardener-community/etcd#13

Full Changelog: gardener-community/etcd@5.3.2...6.0.0

Update etcd to 6.0.0

What's Changed

• Downgrade to etcd 3.4.26, Upgrade to etcd-backup-restore 0.24.7 by @JensAc in gardener-community/etcd#13

New Contributors

• @JensAc made their first contribution in gardener-community/etcd#13

Full Changelog: https://github.com/gardener-community...

v1.85.3-0

Release Notes v1.85

23KE release notes and upgrade guide

Related upstream release notes / changelogs

Update shoot-rsyslog-relp to 0.2.2

[gardener/gardener-extension-shoot-rsyslog-relp]

🏃 Others

• [OPERATOR] The following images are updated:
  • eu.gcr.io/gardener-project/3rd/alpine: 3.15.8 -> 3.18.4
  • registry.k8s.io/pause: 3.7 -> 3.9 by @plkokanov [#36]
• [OPERATOR] Vulnerability scans are disabled for the alpine image as the corresponding container is not accessible from outside of the k8s clusters and not interacted with from other containers or other systems. by @plkokanov [#36]

Docker Images

• gardener-extension-shoot-rsyslog-relp-admission: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp-admission:v0.2.2
• gardener-extension-shoot-rsyslog-relp: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp:v0.2.2

Update networking-cilium to 1.31.0

[gardener/gardener-extension-networking-cilium]

🐛 Bug Fixes

• [OPERATOR] The actuator.Delete doesn't wait for ManagedResources to get deleted in case of ForceDelete. by @shafeeqes [#227]
• [OPERATOR] An issue in the charts missing versions for some resources is now fixed. by @shafeeqes [#225]
• [OPERATOR] Fixes an error that occurs when running with iptables-nft. by @axel7born [#229]

🏃 Others

• [OPERATOR] Reconciliation of hibernated cilium clusters now works again. by @ScheererJ [#226]

Docker Images

• gardener-extension-admission-cilium: eu.gcr.io/gardener-project/gardener/extensions/admission-cilium:v1.31.0
• gardener-extension-networking-cilium: eu.gcr.io/gardener-project/gardener/extensions/networking-cilium:v1.31.0

Update provider-azure to 1.39.3

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [OPERATOR] A bug which caused an empty vmType under certain conditions has been fixed. Empty vmTypes prevent load balancers from being deleted on Kubernetes v1.28 shoots. by @oliver-goetz [#755]

Docker Images

• gardener-extension-admission-azure: eu.gcr.io/gardener-project/gardener/extensions/admission-azure:v1.39.3
• gardener-extension-provider-azure: eu.gcr.io/gardener-project/gardener/extensions/provider-azure:v1.39.3

Update gardener-controlplane to 1.84.1

[gardener/gardener]

🏃 Others

• [OPERATOR] Updated alpine image to version 3.18.4. by @plkokanov [#8858]

Docker Images

• admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.84.1
• apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.84.1
• controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.84.1
• gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.84.1
• node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.84.1
• operator: eu.gcr.io/gardener-project/gardener/operator:v1.84.1
• resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.84.1
• scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.84.1

Update gardener-controlplane to 1.84.1

[gardener/gardener]

🏃 Others

• [OPERATOR] Updated alpine image to version 3.18.4. by @plkokanov [#8858]

Docker Images

• admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.84.1
• apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.84.1
• controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.84.1
• gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.84.1
• node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.84.1
• operator: eu.gcr.io/gardener-project/gardener/operator:v1.84.1
• resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.84.1
• scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.84.1

Update gardenlet to 1.84.1

[gardener/gardener]

🏃 Others

• [OPERATOR] Updated alpine image to version 3.18.4. by @plkokanov [#8858]

Docker Images

• admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.84.1
• apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.84.1
• controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.84.1
• gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.84.1
• node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.84.1
• operator: eu.gcr.io/gardener-project/gardener/operator:v1.84.1
• resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.84.1
• scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.84.1

Update shoot-networking-problemdetector to 0.19.0

[gardener/gardener-extension-shoot-networking-problemdetector]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.82.0 to 1.82.1. by @dependabot[bot] [#100]
• [OPERATOR] Bump github.com/gardener/gardener from 1.81.1 to 1.82.0. by @dependabot[bot] [#99]
• [OPERATOR] Bumps golang from 1.21.3 to 1.21.4. by @dependabot[bot] [#103]
• [OPERATOR] Bump github.com/gardener/gardener from 1.83.0 to 1.84.0. by @dependabot[bot] [#105]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.1 to 1.83.0. by @dependabot[bot] [#102]
• [OPERATOR] Bumps github.com/gardener/gardener from 1.80.1 to 1.81.1. by @dependabot[bot] [#97]

Docker Images

• gardener-extension-shoot-networking-problemdetector: eu.gcr.io/gardener-project/gardener/extensions/shoot-networking-problemdetector:v0.19.0

Update shoot-networking-filter to 0.15.0

[gardener/gardener-extension-shoot-networking-filter]

⚠️ Breaking Changes

• [OPERATOR] extension-shoot-networking-filter no longer supports Shoots with Кubernetes version < 1.22. by @shafeeqes [#71]
• [OPERATOR] The security.gardener.cloud/pod-security-enforce annotation in the ControllerRegistration is set to baseline. With this, the pods running in the extension namespace should comply with baseline pod-security standard. by @shafeeqes [#73]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.83.0 to 1.84.0. by @dependabot[bot] [#99]
• [OPERATOR] Bumps golang from 1.21.1 to 1.21.2. by @dependabot[bot] [#88]
• [OPERATOR] Bumps github.com/gardener/gardener from 1.80.1 to 1.81.1. by @dependabot[bot] [#91]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.0 to 1.82.1. by @dependabot[bot] [#94]
• [OPERATOR] Bump github.com/gardener/gardener from 1.81.1 to 1.82.0. by @dependabot[bot] [#93]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.1 to 1.83.0. by @dependabot[bot] [#96]
• [OPERATOR] The following dependency is updated:
  • github.com/gardener/gardener: v1.77.0-> v1.80.1
  • k8s.io/* : v0.26.3 -> v0.28.2
  • sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @acumino [#86]
• [OPERATOR] Bumps github.com/gardener/gardener from 1.76.0 to 1.77.0. by @dependabot[bot] [#81]
• [OPERATOR] Bumps golang from 1.21.2 to 1.21.3. by @dependabot[bot] [#90]
• [OPERATOR] Bumps golang from 1.21.3 to 1.21.4. by @dependabot[bot] [#97]

Docker Images

• gardener-extension-shoot-networking-filter: eu.gcr.io/gardener-project/gardener/extensions/shoot-networking-filter:v0.15.0

Update os-coreos to 1.19.0

[gardener/gardener-extension-os-coreos]

📰 Noteworthy

• [OPERATOR] This extension is now prepared to run with an enabled UseGardenerNodeAgent feature gate. by @rfranzke [#80]

✨ New Features

• [USER] os-coreos extension now supports Shoot Force Deletion. by @ary1992 [#79]

🏃 Others

• [OPERATOR] The following dependency is updated:
  • github.com/gardener/gardener: v1.77.1-> v1.80.0
  • k8s.io/* : v0.26.3 -> v0.28.2
  • sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @acumino [#76]
• [OPERATOR] The following dependency is updated:
  • github.com/gardener/gardener: v1.80.1-> v1.81.0 by @ary1992 [#79]

Docker Images

• gardener-extension-os-coreos: eu.gcr.io/gardener-project/gardener/extensions/os-coreos:v1.19.0

Update os-gardenlinux to 0.22.0

[gardener/gardener-extension-os-gardenlinux]

📰 Noteworthy

• [OPERATOR] This extension is now prepared to run with an enabled UseGardenerNodeAgent feature gate. by @rfranzke [#130]

✨ New Features

• [USER] os-gardenlinux extension now supports Shoot Force Deletion. by @acumino [#131]

🏃 Others

• [OPERATOR] The following dependency is updated:
  • github.com/gardener/gardener: v1.77.1-> v1.80.0
  • k8s.io/* : v0.26.3 -> v0.28.2
  • sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @acumino [#127]

Docker Images

• gardener-extension-os-gardenlinux: eu.gcr.io/gardener-project/gardener/extensions/os-gardenlinux:v0.22.0

Update external-dns-management to 0.16.0

[gardener/external-dns-management]

⚠️ Breaking Changes

• [USER] NS records are not retrieved anymore for all accessible hosted zones to avoid reading all DNS record sets of all hosted zones periodically independently if they are used. Only hosted zones with active DNSProviders are synched, but without caring about consequences of NS recor...

v1.87.0-1

Release Notes v1.87

YAKE release notes and upgrade guide

Related upstream release notes / changelogs

Update dashboard to 1.71.1

[gardener/dashboard]

🐛 Bug Fixes

• [USER] Fixed an issue where the error message _all is not a function was displayed on the ALL PROJECTS page. by @holgerkoser [#1663]

Docker Images

• dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.71.1

Update dashboard to 1.71.1

[gardener/dashboard]

🐛 Bug Fixes

• [USER] Fixed an issue where the error message _all is not a function was displayed on the ALL PROJECTS page. by @holgerkoser [#1663]

Docker Images

• dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.71.1

Update external-dns-management to 0.16.1

[gardener/external-dns-management]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [#342]
• [OPERATOR] rfc2136 provider expects TSIGSecret in base64 encoded format (previously base64 decoded was expected) by @Avarei [#347]

✨ New Features

• [USER] [AWS Route53] Create an additional alias AAAA record for load balancers (NLBs) if load balancer target domain name has an IPv6 address. by @MartinWeindel [#341]

🏃 Others

• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [#338]
• [DEVELOPER] Remove vendoring by @MartinWeindel [#345]

Docker Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.16.1

Update shoot-dns-service to 1.42.0

[gardener/external-dns-management]

⚠️ Breaking Changes

• [OPERATOR] rfc2136 provider expects TSIGSecret in base64 encoded format (previously base64 decoded was expected) by @Avarei [gardener/external-dns-management#347]
• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [gardener/external-dns-management#342]

✨ New Features

• [USER] [AWS Route53] Create an additional alias AAAA record for load balancers (NLBs) if load balancer target domain name has an IPv6 address. by @MartinWeindel [gardener/external-dns-management#341]

🏃 Others

• [DEVELOPER] Remove vendoring by @MartinWeindel [gardener/external-dns-management#345]
• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [gardener/external-dns-management#338]

[gardener/gardener-extension-shoot-dns-service]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.85.0 to 1.86.0. by @MartinWeindel [#268]
• [DEVELOPER] Remove vendoring from project by @MartinWeindel [#268]

Update cloudprofiles to 0.6.10

Full Changelog: gardener-community/cloudprofiles@0.6.9...0.6.10

Update provider-azure to 1.40.0

[gardener/gardener-extension-provider-azure]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [#762]

🐛 Bug Fixes

• [OPERATOR] A bug which caused an empty vmType under certain conditions has been fixed. Empty vmTypes prevent load balancers from being deleted on Kubernetes v1.28 shoots. by @oliver-goetz [#754]

🏃 Others

• [DEVELOPER] Add new unit tests. by @axel7born [#751]
• [OPERATOR] Updated azurecsi-file image -> v1.29.2 by @kon-angelo [#760]
• [OPERATOR] Set azurefile-csi CSIDriver object to support ephemeral disks. by @kon-angelo [#756]
• [OPERATOR] Add new flow-based infrastructure reconciler. by @kon-angelo [#739]
• [OPERATOR] Set azurefile-csi CSIDriver object with attachRequired to false. by @kon-angelo [#756]
• [DEPENDENCY] Vendor gardener v1.83.3 by @kon-angelo [#764]

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.40.0
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.40.0

Update os-gardenlinux to 0.23.0

[gardener/gardener-extension-os-gardenlinux]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases) by @ccwienk [#134]
• [OPERATOR] hardcoded cgroup driver for containerd and kubelet to systemd for ALL new nodes. Requires the Gardener installation to only have Gardenlinux versions with cgroups-v2 only. This includes GL 934 and up. by @danielfoehrKn [#133]

📰 Noteworthy

• [OPERATOR] This extension is now prepared to run with an enabled UseGardenerNodeAgent feature gate. by @rfranzke [#130]

✨ New Features

• [USER] os-gardenlinux extension now supports Shoot Force Deletion. by @acumino [#131]

🏃 Others

• [OPERATOR] The following dependency is updated:
  • github.com/gardener/gardener: v1.77.1-> v1.80.0
  • k8s.io/* : v0.26.3 -> v0.28.2
  • sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @acumino [#127]

Docker Images

• gardener-extension-os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.23.0

Update shoot-dns-service to 1.42.1

[gardener/gardener-extension-shoot-dns-service]

🐛 Bug Fixes

• [OPERATOR] An issue has been fixed that led to invalid webhook configurations after the admission controller rotated the CA and server certificates. by @timuthy [#278]

Update shoot-dns-service to 1.42.2

[gardener/gardener-extension-shoot-dns-service]

🏃 Others

• [OPERATOR] Downgrade dns-controller-manager from v0.16.1 to v0.16.0 to disable newly introduced feature "Create alias AAAA records for load balancers if target domain name has an IPv6 address" because of leaking AAAA under some circumstances. by @MartinWeindel [#279]

Update provider-azure to 1.40.1

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [USER] Disk detachment step is skipped while terminating terminal state vms. Terminal state vms have provisioningState as Failed by @himanshu-kun [#773]

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.40.1
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.40.1

Update shoot-networking-problemdetector to 0.20.0

[gardener/network-problem-detector]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [gardener/network-problem-detector#53]

🏃 Others

• [OPERATOR] Bumps golang from 1.21.3 to 1.21.4. by @dependabot[bot] [gardener/network-problem-detector#51]
• [OPERATOR] Fix image repository for releases by @MartinWeindel [gardener/network-problem-detector#55]
• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [gardener/network-problem-detector#52]
• [DEVELOPER] remove vendoring by @MartinWeindel [gardener/network-problem-detector#54]

[gardener/gardener-extension-shoot-networking-problemdetector]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.84.0 to 1.84.1. by @dependabot[bot] [#106]
• [OPERATOR] Bump github.com/gardener/gardener from 1.81.1 to 1.82.0. by @dependabot[bot] [#99]
• [OPERATOR] Bump github.com/gardener/gardener from 1.83.0 to 1.84.0. by @dependabot[bot] [#105]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.0 to 1.82.1. by @dependabot[bot] [#100]
• [OPERATOR] Bump github.com/gardener/gardener from 1.85.0 to 1.86.0. by @dependabot[bot] [#111]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.1 to 1.83.0. by @dependabot[bot] [#102]
• [OPERATOR] Bumps github.com/gardener/gardener from 1.80.1 to 1.81.1. by @dependabot[bot] [#97]
• [OPERATOR] Bump github.com/gardener/gardener from 1.84.1 to 1.85.0. by @dependabot[bot] [#108]

Docker Images

• gardener-extension-shoot-networking-problemdetector: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-networking-problemdetector:v0.20.0

Update gardener-controlplane to 1.86.1

[gardener/etcd-druid]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references. by @shreyas-s-rao [gardener/etcd-druid#756]

[gardener/etcd-backup-restore]

🏃 Others

• [OPERATOR] Dynamic loading of IaaS credentials is now optimized to make use of file system information instead of calculating a hash of the credentials to detect changes. by @renormalize [gardener/etcd-backup-restore#670]
• [OPERATOR] A regression in chunk deletion b...

v1.87.0-0

Release Notes v1.87

YAKE release notes and upgrade guide

Related upstream release notes / changelogs

Update dashboard to 1.71.1

[gardener/dashboard]

🐛 Bug Fixes

• [USER] Fixed an issue where the error message _all is not a function was displayed on the ALL PROJECTS page. by @holgerkoser [#1663]

Docker Images

• dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.71.1

Update dashboard to 1.71.1

[gardener/dashboard]

🐛 Bug Fixes

• [USER] Fixed an issue where the error message _all is not a function was displayed on the ALL PROJECTS page. by @holgerkoser [#1663]

Docker Images

• dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.71.1

Update external-dns-management to 0.16.1

[gardener/external-dns-management]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [#342]
• [OPERATOR] rfc2136 provider expects TSIGSecret in base64 encoded format (previously base64 decoded was expected) by @Avarei [#347]

✨ New Features

• [USER] [AWS Route53] Create an additional alias AAAA record for load balancers (NLBs) if load balancer target domain name has an IPv6 address. by @MartinWeindel [#341]

🏃 Others

• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [#338]
• [DEVELOPER] Remove vendoring by @MartinWeindel [#345]

Docker Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.16.1

Update shoot-dns-service to 1.42.0

[gardener/external-dns-management]

⚠️ Breaking Changes

• [OPERATOR] rfc2136 provider expects TSIGSecret in base64 encoded format (previously base64 decoded was expected) by @Avarei [gardener/external-dns-management#347]
• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [gardener/external-dns-management#342]

✨ New Features

• [USER] [AWS Route53] Create an additional alias AAAA record for load balancers (NLBs) if load balancer target domain name has an IPv6 address. by @MartinWeindel [gardener/external-dns-management#341]

🏃 Others

• [DEVELOPER] Remove vendoring by @MartinWeindel [gardener/external-dns-management#345]
• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [gardener/external-dns-management#338]

[gardener/gardener-extension-shoot-dns-service]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.85.0 to 1.86.0. by @MartinWeindel [#268]
• [DEVELOPER] Remove vendoring from project by @MartinWeindel [#268]

Update cloudprofiles to 0.6.10

Full Changelog: gardener-community/cloudprofiles@0.6.9...0.6.10

Update provider-azure to 1.40.0

[gardener/gardener-extension-provider-azure]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [#762]

🐛 Bug Fixes

• [OPERATOR] A bug which caused an empty vmType under certain conditions has been fixed. Empty vmTypes prevent load balancers from being deleted on Kubernetes v1.28 shoots. by @oliver-goetz [#754]

🏃 Others

• [DEVELOPER] Add new unit tests. by @axel7born [#751]
• [OPERATOR] Updated azurecsi-file image -> v1.29.2 by @kon-angelo [#760]
• [OPERATOR] Set azurefile-csi CSIDriver object to support ephemeral disks. by @kon-angelo [#756]
• [OPERATOR] Add new flow-based infrastructure reconciler. by @kon-angelo [#739]
• [OPERATOR] Set azurefile-csi CSIDriver object with attachRequired to false. by @kon-angelo [#756]
• [DEPENDENCY] Vendor gardener v1.83.3 by @kon-angelo [#764]

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.40.0
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.40.0

Update os-gardenlinux to 0.23.0

[gardener/gardener-extension-os-gardenlinux]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases) by @ccwienk [#134]
• [OPERATOR] hardcoded cgroup driver for containerd and kubelet to systemd for ALL new nodes. Requires the Gardener installation to only have Gardenlinux versions with cgroups-v2 only. This includes GL 934 and up. by @danielfoehrKn [#133]

📰 Noteworthy

• [OPERATOR] This extension is now prepared to run with an enabled UseGardenerNodeAgent feature gate. by @rfranzke [#130]

✨ New Features

• [USER] os-gardenlinux extension now supports Shoot Force Deletion. by @acumino [#131]

🏃 Others

• [OPERATOR] The following dependency is updated:
  • github.com/gardener/gardener: v1.77.1-> v1.80.0
  • k8s.io/* : v0.26.3 -> v0.28.2
  • sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @acumino [#127]

Docker Images

• gardener-extension-os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.23.0

Update shoot-dns-service to 1.42.1

[gardener/gardener-extension-shoot-dns-service]

🐛 Bug Fixes

• [OPERATOR] An issue has been fixed that led to invalid webhook configurations after the admission controller rotated the CA and server certificates. by @timuthy [#278]

Update shoot-dns-service to 1.42.2

[gardener/gardener-extension-shoot-dns-service]

🏃 Others

• [OPERATOR] Downgrade dns-controller-manager from v0.16.1 to v0.16.0 to disable newly introduced feature "Create alias AAAA records for load balancers if target domain name has an IPv6 address" because of leaking AAAA under some circumstances. by @MartinWeindel [#279]

Update provider-azure to 1.40.1

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [USER] Disk detachment step is skipped while terminating terminal state vms. Terminal state vms have provisioningState as Failed by @himanshu-kun [#773]

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.40.1
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.40.1

Update shoot-networking-problemdetector to 0.20.0

[gardener/network-problem-detector]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [gardener/network-problem-detector#53]

🏃 Others

• [OPERATOR] Bumps golang from 1.21.3 to 1.21.4. by @dependabot[bot] [gardener/network-problem-detector#51]
• [OPERATOR] Fix image repository for releases by @MartinWeindel [gardener/network-problem-detector#55]
• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [gardener/network-problem-detector#52]
• [DEVELOPER] remove vendoring by @MartinWeindel [gardener/network-problem-detector#54]

[gardener/gardener-extension-shoot-networking-problemdetector]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.84.0 to 1.84.1. by @dependabot[bot] [#106]
• [OPERATOR] Bump github.com/gardener/gardener from 1.81.1 to 1.82.0. by @dependabot[bot] [#99]
• [OPERATOR] Bump github.com/gardener/gardener from 1.83.0 to 1.84.0. by @dependabot[bot] [#105]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.0 to 1.82.1. by @dependabot[bot] [#100]
• [OPERATOR] Bump github.com/gardener/gardener from 1.85.0 to 1.86.0. by @dependabot[bot] [#111]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.1 to 1.83.0. by @dependabot[bot] [#102]
• [OPERATOR] Bumps github.com/gardener/gardener from 1.80.1 to 1.81.1. by @dependabot[bot] [#97]
• [OPERATOR] Bump github.com/gardener/gardener from 1.84.1 to 1.85.0. by @dependabot[bot] [#108]

Docker Images

• gardener-extension-shoot-networking-problemdetector: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-networking-problemdetector:v0.20.0

Update gardener-controlplane to 1.86.1

[gardener/etcd-druid]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references. by @shreyas-s-rao [gardener/etcd-druid#756]

[gardener/etcd-backup-restore]

🏃 Others

• [OPERATOR] Dynamic loading of IaaS ...

v1.86.2-0

Release Notes v1.86

Yake/23KE release notes and upgrade guide

:::danger

This update renames 23ke to yake. You need to rename the config secret and GitRepository resource as described.

:::

:::danger

This update definitely needs backups to be configured. If you are running a 23KE instance without backups, enable backups before performing this update.

:::

Prerequisites

etcd downgrade

In order to align the versions of etcd and etcd-backup-restore with gardener/etcd-druid, we perform a downgrade to etcd-3.4.26 and an upgrade to etcd-backup-restore-0.24.7. This is also expected to improve the stability of the backup process. For the upgrade, you need to

• Make sure you have an up-to-date backup of the virtual garden etcds. To perform a full backup you can use the following request:

  kubectl -n garden exec -it etcd-0 curl localhost:8080/snapshot/full

• Delete the statefulset etcd and etcd-events in the garden namespace

  kubectl delete statefulset -n garden etcd
  kubectl delete statefulset -n garden etcd-events

During the upgrade helm will create new persistentVolumes for the virtual garden's etcds. These volumes are prefixed by virtual-garden-.

Temporarily remove gardener-metrics-exporter

To workaround an issue with how yake uses gardener-metrics-exporter's chart, delete its deployment

kubectl delete -n garden deployment gardener-metrics-exporter

Upgrade

Perform the migration from 23ke to yake execute the following steps.

• Create copy of Secret 23ke-config named yake-config

  kubectl get secret -n flux-system 23ke-config -o yaml | kubectl-neat | yq '.metadata.name="yake-config"' | kubectl apply -f -

• Create new GitRepository source named yake.

  cat <<EOF | kubectl apply -f -
  apiVersion: source.toolkit.fluxcd.io/v1
  kind: GitRepository
  metadata:
    name: yake
    namespace: flux-system
  spec:
    interval: 1m
    ref:
      tag: v1.86.0-0
    timeout: 60s
    url: https://github.com/yakecloud/yake
  EOF

• Suspend 23ke Kustomization

  flux suspend ks 23ke

• Relabel Kustomizations created by the main 23ke Kustomization

  kubectl label ks -n flux-system -l kustomize.toolkit.fluxcd.io/name=23ke kustomize.toolkit.fluxcd.io/name=yake --overwrite

• Recreate the main Kustomization with name yake

  kubectl get ks -n flux-system 23ke -o yaml | kubectl-neat | yq '.metadata.name="yake" | .spec.sourceRef.name="yake"' | kubectl apply -f -

• Resume the yake Kustomization

  flux resume ks yake

Cleanup obsolete resources

Once you confirmed everything's working correctly you can remove obsolete resources.

• Delete the old 23ke Kustomization

  kubectl delete ks -n flux-system 23ke

• Delete the old GitRepository resource

  kubectl delete gitrepo -n flux-system 23ke

• Delete Secret 23ke-config

  kubectl delete secret -n flux-system 23ke-config

• (Optional) Delete the old persistentVolumeClaims and their persistentVolumes belonging to the already deleted statefulsets of etcd and etcd-events.

  kubectl get pvc -n garden | grep '^etcd'
  kubectl get pv | grep garden/etcd

Related upstream release notes / changelogs

Update shoot-networking-filter to 0.16.0

[gardener/gardener-extension-shoot-networking-filter]

✨ New Features

• [USER] Update image of egress-filter to 0.14.0 by @axel7born [#107]
• [USER] Mount /run/xtables.lock to prevent concurrent modifications of iptables rules. by @axel7born [#106]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.84.0 to 1.84.1. by @dependabot[bot] [#102]
• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [#105]
• [OPERATOR] Bump github.com/gardener/gardener from 1.84.1 to 1.85.0. by @dependabot[bot] [#104]

Docker Images

• gardener-extension-shoot-networking-filter: eu.gcr.io/gardener-project/gardener/extensions/shoot-networking-filter:v0.16.0

Update provider-aws to 1.51.0

[gardener/gardener-extension-provider-aws]

🏃 Others

• [OPERATOR] The following golang dependencies have been upgraded :
  • gardener/gardener: v1.81.6->v1.83.2 by @shafeeqes [#828]
• [OPERATOR] Add documentation for the "flow" infrastructure reconciler. by @kon-angelo [#827]
• [DEVELOPER] Add new unit tests. by @axel7born [#829]

Docker Images

• gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.51.0
• gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.51.0

Update shoot-rsyslog-relp to 0.3.0

[gardener/gardener-extension-shoot-rsyslog-relp]

⚠️ Breaking Changes

• [OPERATOR] The security.gardener.cloud/pod-security-enforce annotation in the ControllerRegistration is set to baseline. With this, the pods running in the extension namespace should comply with baseline pod-security standard. by @AleksandarSavchev [#17]

✨ New Features

• [USER] The shoot-rsyslog-relp configuration now allows users to specify which tls library should be used by librerlp when tls communication is enabled via the tls.tlsLib optional field. The possible options are gnutls and openssl. When the field is omitted, librelp uses its default tls library which in most cases is gnutls. More information can be found here: https://www.rsyslog.com/doc/v8-stable/configuration/modules/imrelp.html#tls-tlslib by @plkokanov [#27]
• [USER] shoot-rsyslog-relp extension now supports Shoot Force Deletion. by @acumino [#24]

🏃 Others

• [OPERATOR] Metrics for the rsyslog service running on the shoot nodes are now exposed and collected according to the following:
  • The metrics are available on the node-exporter's /metrics endpoint.
  • The names of the new metrics match the rsyslog_pstat_.+ regex.
  • The metrics are scraped and collected in the shoot's prometheus instance.
  • A dedicated plutono dashboard is added which displays the rsyslog metrics. by @plkokanov [#32]
• [OPERATOR] Fixed an issue where the rsyslog systemd unit could become stuck in a failed state immediately after it is installed on the shoot's nodes, if the shoot-rsyslog-relp extension was enabled on the shoot before that. The configure-rsyslog.sh script which is responsible for configuring and restarting the rsyslog systemd unit will now wait for the syslog.service symlink to be created before attempting to configure and restart the rsyslog systemd unit. by @plkokanov [#34]
• [OPERATOR] The shoot-rsyslog-relp extension is now aligned with Gardener's component checklist:
  • RBAC for the shoot-rsyslog-relp extension controller have been drastically reduced to only the required ones.
  • The deployment for the shoot-rsyslog-relp extension controller now contains the proper label for HA - high-availability-config.resources.gardener.cloud/type: controller
  • The shoot-rsyslog-relp admission pod no longer has a SecurityContext. This will be automatically added by the seccomp-profile webhook of the gardener-resource-manager
  • The rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner pods now use the RuntimeDefault seccomp profile.
  • The init containers of the rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner pods no longer run in privileged mode.
  • The rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner now specify resource requests and limits.
  • PodSecurityPolicys for the rsyslog-relp-configurator and rsyslog-relp-configuration-cleaner are now deployed in the shoot cluster, if its kubernetes version is 1.24.x. by @plkokanov [#29]
• [OPERATOR] The healthcheck controller is now removed. Starting v1.65.0, gardenlet perform health checks for all ManagedResources in the Shoot control plane in the Seed. There is no longer need of the custom healthcheck controller in the shoot-rsyslog-relp extension as it was doing the same job. It was performing health check for the ManagedResource it deploys. by @plkokanov [#28]
• [OPERATOR] The rsyslog-relp-configuration-cleaner is no longer deployed on Shoot deletion with shoot-rsyslog-relp extension enabled. The Extension deletion occurs after the Worker deletion. There are no Nodes, hence there is no need to clean up registry configuration. by @plkokanov [#30]

Docker Images

• gardener-extension-shoot-rsyslog-relp-admission: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp-admission:v0.3.0
• gardener-extension-shoot-rsyslog-relp: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp:v0.3.0

Update etcd to 6.0.0

What's Changed

• Downgrade to etcd 3.4.26, Upgrade to etcd-backup-restore 0.24.7 by @JensAc in gardener-community/etcd#13

New Contributors

• @JensAc made their first contribution in gardener-community/etcd#13

Full Changelog: gardener-community/etcd@5.3.2...6.0.0

Update etcd to 6.0.0

What's Changed

• Downgrade to etcd 3.4.26, Upgrade to etcd-backup-restore 0.24.7 by @JensAc in gardener-community/etcd#13

New Contributors

• @JensAc made their first contribution in gardener-community/etcd#13

Full Changelog: https://github.com/gardener-community...

v1.85.2-0

Release Notes v1.85

23KE release notes and upgrade guide

Related upstream release notes / changelogs

Update shoot-rsyslog-relp to 0.2.2

[gardener/gardener-extension-shoot-rsyslog-relp]

🏃 Others

• [OPERATOR] The following images are updated:
  • eu.gcr.io/gardener-project/3rd/alpine: 3.15.8 -> 3.18.4
  • registry.k8s.io/pause: 3.7 -> 3.9 by @plkokanov [#36]
• [OPERATOR] Vulnerability scans are disabled for the alpine image as the corresponding container is not accessible from outside of the k8s clusters and not interacted with from other containers or other systems. by @plkokanov [#36]

Docker Images

• gardener-extension-shoot-rsyslog-relp-admission: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp-admission:v0.2.2
• gardener-extension-shoot-rsyslog-relp: eu.gcr.io/gardener-project/gardener/extensions/shoot-rsyslog-relp:v0.2.2

Update networking-cilium to 1.31.0

[gardener/gardener-extension-networking-cilium]

🐛 Bug Fixes

• [OPERATOR] The actuator.Delete doesn't wait for ManagedResources to get deleted in case of ForceDelete. by @shafeeqes [#227]
• [OPERATOR] An issue in the charts missing versions for some resources is now fixed. by @shafeeqes [#225]
• [OPERATOR] Fixes an error that occurs when running with iptables-nft. by @axel7born [#229]

🏃 Others

• [OPERATOR] Reconciliation of hibernated cilium clusters now works again. by @ScheererJ [#226]

Docker Images

• gardener-extension-admission-cilium: eu.gcr.io/gardener-project/gardener/extensions/admission-cilium:v1.31.0
• gardener-extension-networking-cilium: eu.gcr.io/gardener-project/gardener/extensions/networking-cilium:v1.31.0

Update provider-azure to 1.39.3

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [OPERATOR] A bug which caused an empty vmType under certain conditions has been fixed. Empty vmTypes prevent load balancers from being deleted on Kubernetes v1.28 shoots. by @oliver-goetz [#755]

Docker Images

• gardener-extension-admission-azure: eu.gcr.io/gardener-project/gardener/extensions/admission-azure:v1.39.3
• gardener-extension-provider-azure: eu.gcr.io/gardener-project/gardener/extensions/provider-azure:v1.39.3

Update gardener-controlplane to 1.84.1

[gardener/gardener]

🏃 Others

• [OPERATOR] Updated alpine image to version 3.18.4. by @plkokanov [#8858]

Docker Images

• admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.84.1
• apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.84.1
• controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.84.1
• gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.84.1
• node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.84.1
• operator: eu.gcr.io/gardener-project/gardener/operator:v1.84.1
• resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.84.1
• scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.84.1

Update gardener-controlplane to 1.84.1

[gardener/gardener]

🏃 Others

• [OPERATOR] Updated alpine image to version 3.18.4. by @plkokanov [#8858]

Docker Images

• admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.84.1
• apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.84.1
• controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.84.1
• gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.84.1
• node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.84.1
• operator: eu.gcr.io/gardener-project/gardener/operator:v1.84.1
• resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.84.1
• scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.84.1

Update gardenlet to 1.84.1

[gardener/gardener]

🏃 Others

• [OPERATOR] Updated alpine image to version 3.18.4. by @plkokanov [#8858]

Docker Images

• admission-controller: eu.gcr.io/gardener-project/gardener/admission-controller:v1.84.1
• apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.84.1
• controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.84.1
• gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.84.1
• node-agent: eu.gcr.io/gardener-project/gardener/node-agent:v1.84.1
• operator: eu.gcr.io/gardener-project/gardener/operator:v1.84.1
• resource-manager: eu.gcr.io/gardener-project/gardener/resource-manager:v1.84.1
• scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.84.1

Update shoot-networking-problemdetector to 0.19.0

[gardener/gardener-extension-shoot-networking-problemdetector]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.82.0 to 1.82.1. by @dependabot[bot] [#100]
• [OPERATOR] Bump github.com/gardener/gardener from 1.81.1 to 1.82.0. by @dependabot[bot] [#99]
• [OPERATOR] Bumps golang from 1.21.3 to 1.21.4. by @dependabot[bot] [#103]
• [OPERATOR] Bump github.com/gardener/gardener from 1.83.0 to 1.84.0. by @dependabot[bot] [#105]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.1 to 1.83.0. by @dependabot[bot] [#102]
• [OPERATOR] Bumps github.com/gardener/gardener from 1.80.1 to 1.81.1. by @dependabot[bot] [#97]

Docker Images

• gardener-extension-shoot-networking-problemdetector: eu.gcr.io/gardener-project/gardener/extensions/shoot-networking-problemdetector:v0.19.0

Update shoot-networking-filter to 0.15.0

[gardener/gardener-extension-shoot-networking-filter]

⚠️ Breaking Changes

• [OPERATOR] extension-shoot-networking-filter no longer supports Shoots with Кubernetes version < 1.22. by @shafeeqes [#71]
• [OPERATOR] The security.gardener.cloud/pod-security-enforce annotation in the ControllerRegistration is set to baseline. With this, the pods running in the extension namespace should comply with baseline pod-security standard. by @shafeeqes [#73]

🏃 Others

• [OPERATOR] Bump github.com/gardener/gardener from 1.83.0 to 1.84.0. by @dependabot[bot] [#99]
• [OPERATOR] Bumps golang from 1.21.1 to 1.21.2. by @dependabot[bot] [#88]
• [OPERATOR] Bumps github.com/gardener/gardener from 1.80.1 to 1.81.1. by @dependabot[bot] [#91]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.0 to 1.82.1. by @dependabot[bot] [#94]
• [OPERATOR] Bump github.com/gardener/gardener from 1.81.1 to 1.82.0. by @dependabot[bot] [#93]
• [OPERATOR] Bump github.com/gardener/gardener from 1.82.1 to 1.83.0. by @dependabot[bot] [#96]
• [OPERATOR] The following dependency is updated:
  • github.com/gardener/gardener: v1.77.0-> v1.80.1
  • k8s.io/* : v0.26.3 -> v0.28.2
  • sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @acumino [#86]
• [OPERATOR] Bumps github.com/gardener/gardener from 1.76.0 to 1.77.0. by @dependabot[bot] [#81]
• [OPERATOR] Bumps golang from 1.21.2 to 1.21.3. by @dependabot[bot] [#90]
• [OPERATOR] Bumps golang from 1.21.3 to 1.21.4. by @dependabot[bot] [#97]

Docker Images

• gardener-extension-shoot-networking-filter: eu.gcr.io/gardener-project/gardener/extensions/shoot-networking-filter:v0.15.0

Update os-coreos to 1.19.0

[gardener/gardener-extension-os-coreos]

📰 Noteworthy

• [OPERATOR] This extension is now prepared to run with an enabled UseGardenerNodeAgent feature gate. by @rfranzke [#80]

✨ New Features

• [USER] os-coreos extension now supports Shoot Force Deletion. by @ary1992 [#79]

🏃 Others

• [OPERATOR] The following dependency is updated:
  • github.com/gardener/gardener: v1.77.1-> v1.80.0
  • k8s.io/* : v0.26.3 -> v0.28.2
  • sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @acumino [#76]
• [OPERATOR] The following dependency is updated:
  • github.com/gardener/gardener: v1.80.1-> v1.81.0 by @ary1992 [#79]

Docker Images

• gardener-extension-os-coreos: eu.gcr.io/gardener-project/gardener/extensions/os-coreos:v1.19.0

Update os-gardenlinux to 0.22.0

[gardener/gardener-extension-os-gardenlinux]

📰 Noteworthy

• [OPERATOR] This extension is now prepared to run with an enabled UseGardenerNodeAgent feature gate. by @rfranzke [#130]

✨ New Features

• [USER] os-gardenlinux extension now supports Shoot Force Deletion. by @acumino [#131]

🏃 Others

• [OPERATOR] The following dependency is updated:
  • github.com/gardener/gardener: v1.77.1-> v1.80.0
  • k8s.io/* : v0.26.3 -> v0.28.2
  • sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @acumino [#127]

Docker Images

• gardener-extension-os-gardenlinux: eu.gcr.io/gardener-project/gardener/extensions/os-gardenlinux:v0.22.0

Update external-dns-management to 0.16.0

[gardener/external-dns-management]

⚠️ Breaking Changes

• [USER] NS records are not retrieved anymore for all accessible hosted zones to avoid reading all DNS record sets of all hosted zones periodically independently if they are used. Only hosted zones with active DNSProviders are synched, but without caring about consequences of NS recor...