1.63.0

[dashboard]

✨ New Features

• [USER] Terminal: The dashboard-webterminal service account is now cleaned up for new terminals if it is not referenced anymore by any webterminal session. (gardener/dashboard#1309, @petersutter)

🐛 Bug Fixes

• [USER] Terminal: Fixed an issue where the garden cluster terminal could not be successfully started if the dashboard-webterminal does not have the required permissions (ref #1268) (gardener/dashboard#1309, @petersutter)

1.62.0

[dashboard]

⚠️ Breaking Changes

• [OPERATOR] The gardener-dashboard Helm chart has been split into two different subcharts (runtime and application). This change required that all chart values that previously were on top-level have now moved under the .global key. However, the structure/types of all existing keys has not changed. Please check the values.yaml. (gardener/dashboard#1283, @petersutter)

✨ New Features

• [USER] Configure Worker Improvements (gardener/dashboard#1290, @grolu)
  • Added yaml editor to configure worker dialog that allows to validate changes and configure values not exposed on the UI
  • Redesigned worker group popup
  • Only propose zones that are already used in shoot for new worker groups
  • More resilient to invalid worker yaml when switching from yaml tab to overview
• [USER] Added a tooltip in case the confirm button is disabled on dialogs. The tooltip explains why the button is disabled and provides information on how to resolve the issue (gardener/dashboard#1290, @grolu)
• [USER] OpenStack: Improved Secret Dialog authentication method selection (gardener/dashboard#1295, @grolu)
• [USER] The connection status of real-time server updates is now shown in the top toolbar. If the client is reloading data or reconnecting a spinner is shown. (gardener/dashboard#1297, @holgerkoser)
• [USER] The gardenctl Target Cluster command is now shown for users with create shoots/adminkubeconfig permission (e.g. for users having the admin project role). Previously this was only shown for gardener admins. (gardener/dashboard#1300, @petersutter)
• [USER] OpenStack: Improved Floating IP wildcard configuration (gardener/dashboard#1304, @grolu)
• [OPERATOR] The gardener-dashboard Helm chart now supports configuration for enabling service account token volume projection. It is exposed through the .Values.global.serviceAccountTokenVolumeProjection section in the values.yaml file. (gardener/dashboard#1283, @petersutter)
• [OPERATOR] It is now possible to configure a User instead of a ServiceAccount subject in the ClusterRoleBinding for the Gardener Dashboard when using virtual garden setup by setting .Values.global.virtualGarden.userName in the values.yaml file. (gardener/dashboard#1283, @petersutter)
• [OPERATOR] Extension version can be specified for each controllerregistration resource using the app.kubernetes.io/version label. The dashboard will show the defined version in the about dialog (gardener/dashboard#1291, @grolu)
• [OPERATOR] Added support for OIDC refresh tokens. This allows an operator to configure short id_token lifetimes. (gardener/dashboard#1297, @holgerkoser)
• [OPERATOR] Added support for PKCE flow to the internal and the public OIDC client. This allows an operator to configure the public client without a client_secret. (gardener/dashboard#1297, @holgerkoser)

🐛 Bug Fixes

• [USER] OpenStack: Fixed a bug when replacing OpenStack secrets with different authentication method (gardener/dashboard#1295, @grolu)
• [USER] Fixed a problem with the heartbeat of kube-apiserver watches. Due to this bug the list did not get any realtime updates and the dashboard pod had to be manually restarted. (gardener/dashboard#1326, @holgerkoser)
• [USER] Fixed initial "auto choose theme based on system settings" not working (gardener/dashboard#1328, @sven-petersen)
• [OPERATOR] When the upstream server responds with content-type text/plain where application/json is expected an error message like Unexpected token x in JSON at position y could be seen in the logs. You are now able to see what the actual server response was (gardener/dashboard#1330, @holgerkoser)

🏃 Others

• [USER] The gardenctl version selection now moved to the newly introduced Settings page which can be found in the menu of your avatar. (gardener/dashboard#1297, @holgerkoser)
• [USER] When updating a service account project member the service account will be created in case the service account is listed as project member but does not actually exist (gardener/dashboard#1302, @petersutter)
• [USER] Members page: The delete button for service accounts is now disabled in case the service account was already marked for deletion (deletionTimestamp is set) (gardener/dashboard#1307, @petersutter)
• [OPERATOR] The gardener-dashboard user is no longer bound to the cluster-admin ClusterRole. Instead, it is bound to the newly introduced gardener.cloud:system:dashboard ClusterRole, which grants only those permissions that are required for the dashboard user. (gardener/dashboard#1283, @petersutter)
• [OPERATOR] Terminal: spec.secretRef is not required anymore if Seed is a ManagedSeed (gardener/dashboard#1312, @petersutter)
• [OPERATOR] Identity chart: bumped version of dex to v2.35.3-distroless (gardener/dashboard#1317, @petersutter)

1.61.3

[dashboard]

🐛 Bug Fixes

• [USER] Fixed DNS Provider List not visible for regular users (non-operators) (gardener/dashboard#1337, @grolu)

1.61.2

[dashboard]

⚠️ Breaking Changes

• [OPERATOR] This Dashboard version is not compatible with Gardener versions prior v1.54.x (gardener/dashboard#1323, @grolu)

🐛 Bug Fixes

• [USER] Fixed: The Dashboard displayed false expiration warnings for worker groups when additional machine image providerConfig values are configured (gardener/dashboard#1322, @grolu)
• [USER] Fixed: Empty DNSProvider list for Gardener versions > 1.54.0 (gardener/dashboard#1323, @grolu)

1.61.1

[dashboard]

🐛 Bug Fixes

• [USER] Removed loadBalancerProvider property from hcloud controlPlaneConfig (gardener/dashboard#1310, @JensAc)

1.61.0

[dashboard]

✨ New Features

• [USER] Static token kubeconfig cluster access can be disabled for new and existing clusters (gardener/dashboard#1249, @grolu)
• [USER] Projects are now also visible if the phase is not Ready. In this case the project has a warning icon next to the name (gardener/dashboard#1252, @grolu)
• [USER] Added architecture selection to worker group configuration (gardener/dashboard#1261, @grolu)
• [OPERATOR] Operators can now trigger control plane migration via a configuration dialog. The configuration button is hidden for regular users, unless they have been granted permission to trigger a control plane migration for their shoots (gardener/dashboard#1262, @grolu)
• [OPERATOR] Automatically reload referenced data of the dashboards kubeconfig. This is necessary for the Service Account Token Volume Projection feature (gardener/dashboard#1232, @holgerkoser)
• [OPERATOR] Clusters that have the dashboard.gardener.cloud/ignore-issues annotation are filtered on the All Projects page in case the Hide no operator action required issues filter is checked (gardener/dashboard#1271, @petersutter)

🐛 Bug Fixes

• [USER] Fixed the broken theming of logos and icons. (gardener/dashboard#1266, @holgerkoser)
• [OPERATOR] Fixed an issue where the OIDC login was not hidden on the login screen if it was not configured by the gardener dashboard administrator (gardener/dashboard#1263, @petersutter)

🏃 Others

• [OPERATOR] Identity chart: bumped version of dex to v2.33.0-distroless (gardener/dashboard#1272, @petersutter)
• [DEVELOPER] The frontend config is now split into an authenticated (/api/config) and unauthenticated endpoint (/login-config.json) (gardener/dashboard#1267, @petersutter)

1.60.0

[dashboard]

🐛 Bug Fixes

• [USER] Fixed an issue where the webterminal feature did not work if .spec.kubernetes.enableStaticTokenKubeconfig is set to false on the Shoot (gardener/dashboard#1222, @petersutter)
• [USER] Use scratch as base image (gardener/dashboard#1254, @holgerkoser)
• [USER] The table menu is now scrollable in case the content does not fit on the window (gardener/dashboard#1258, @petersutter)

🏃 Others

• [OPERATOR] The Azure secret dialog hints now to use more fine-grained Azure permissions for Shoots on Azure. (gardener/dashboard#1255, @dkistner)

1.59.0

[dashboard]

⚠️ Breaking Changes

• [USER] The feature to rotate the service account secrets was removed. Instead you now have to delete the service account if you want to invalidate all tokens that were issued for your service account (gardener/dashboard#1234, @petersutter)
• [USER] Downloaded kubeconfigs for service accounts on the project Members page now have tokens that will expire by default in 90 days, except if the kube-apiserver is configured with a shorter maximum validity duration or the dashboard's default was changed by your landscape administrator (gardener/dashboard#1234, @petersutter)
• [OPERATOR] This Dashboard version is not compatible with Gardener versions prior v1.48.x (gardener/dashboard#1216, @petersutter)
• [OPERATOR] Downloaded kubeconfigs for service accounts on the project Members page have tokens that will expire by default in 90 days, except the kube-apiserver is configured with a shorter maximum validity duration (--service-account-max-token-expiration). (gardener/dashboard#1234, @petersutter)
  • You can change the default token expiration with .frontendConfig.serviceAccountDefaultTokenExpiration in the values.yaml file of the gardener-dashboard chart
  • You can change the list of the intended audiences of the service account token with .tokenRequestAudiences in the values.yaml file of the gardener-dashboard chart

✨ New Features

• [USER] You can now assign the Service Account Manager role to project members. (gardener/dashboard#1216, @petersutter)
• [USER] Added support to enter application credentials for OpenStack as an alternative for the use of a technical user with password (gardener/dashboard#1230, @NotTheEvilOne)
• [USER] Sort supported versions up within same patch group, use colors to highlight supported / deprecated versions (gardener/dashboard#1238, @grolu)
• [OPERATOR] Garden cluster with kubernetes version v1.24 are now supported (gardener/dashboard#1234, @petersutter)
  • Tokens for service accounts are now fetched using the TokenRequest API
• [OPERATOR] Added dedicated icon for user errors in shoot status so that the underlying shoot status is still visible (gardener/dashboard#1239, @grolu)

🐛 Bug Fixes

• [OPERATOR] Fixed a bug that caused seeds with empty label section not to be mapped to cloud profiles with empty matchLabels (gardener/dashboard#1236, @grolu)

🏃 Others

• [OPERATOR] Identity chart: bumped version of dex to v2.32.0-distroless (gardener/dashboard#1245, @petersutter)

1.58.0

[dashboard]

🐛 Bug Fixes

• [USER] Improved the startup time of the dashboard especially in environments with slow network connection (gardener/dashboard#1215, @holgerkoser)

1.57.0

[dashboard]

⚠️ Breaking Changes

• [OPERATOR] This dashboard version requires terminal-controller-manager v0.19.0 or higher, in case the terminal feature is enabled (gardener/dashboard#1207, @petersutter)

✨ New Features

• [USER] The cluster status now shows if a cluster has been marked for deletion (gardener/dashboard#1206, @grolu)

🐛 Bug Fixes

• [OPERATOR] Terminal: Fixed issue Unable to connect to the server: x509: certificate signed by unknown authority when running a kubectl command within the terminal pod (gardener/dashboard#1207, @petersutter)

🏃 Others

• [OPERATOR] Updated dexipd image tag to v2.31.1 (gardener/dashboard#1214, @petersutter)