v1.20.0

[gardener-extension-provider-aws]

⚠️ Breaking Changes

• [OPERATOR] The ValidatingWebhookConfiguration of the AWS admission controller has been changed from version v1beta1 to v1. Please make sure to deploy the admission controller only to clusters with a Kubernetes version >= 1.16 (#261, @timuthy)
• [OPERATOR] ⚠️ Before upgrading your gardener/gardener-extension-provider-aws to >= v1.20.0, please upgrade your gardener/gardener component version to >= v1.14.0 to avoid breaking of clusters that are using the scale from/to zero feature (clusters that allowing scaling from/to 0 worker pools). If used with an older gardener/gardener version, this would lead to failure of clusters making use of this feature. (#212, @prashanth26)

✨ New Features

• [USER] It is possible now to specify custom resource tags that should be ignored during infrastructure reconciliation (i.e. not removed) in the AWS infrastructureConfig. See the documentation for more details. (#260, @timebertt)
• [OPERATOR] The secrets and configmaps used by the terraformer now have an owner reference to the Infrastructure resource. (#254, @vpnachev)
• [OPERATOR] Add a validating webhook for the providerConfig section of CloudProfile. (#250, @kon-angelo)
• [OPERATOR] The AWS extension now uses a new terraformer image only including the AWS terraform provider plugin (v2.1.0). (#241, @timebertt)

🐛 Bug Fixes

• [USER] Volumes provisioned with CSI will now have the in-tree volume plugin tags. Until now the CSI volumes had no tags at all. This is required to keep CSI plugin backwards-compatible with the in-tree volume plugin. (#256, @ialidzhikov)
• [OPERATOR] It is now possible to remove zones from the CloudProfile without breaking the possibility of adding new, still allowed zones to the .spec.provider.infrastructureConfig of Shoots which are using the removed zone. (#253, @rfranzke)

🏃 Others

• [OPERATOR] Golang has been updated to 1.15.5 (#254, @vpnachev)
• [OPERATOR] Alpine base image has been updated to 3.12.3. (#254, @vpnachev)
• [OPERATOR] Reducing credential update complexity by all the machine classes using the new .{spec.}credentialsSecretRef field. (#238, @danielfoehrKn)
  • This means all worker pools use the same "cloudprovider" secret containing only the cloud provider credentials.
  • The existing MachineClass SecretReference only contains the user data that is different for each pool.
• [DEVELOPER] Migration of MCM provider from in-tree to out-of-tree. Refer - MCM provider AWS. (#212, @prashanth26)
• [DEVELOPER] Migration of AWSMachineClass to MachineClass. This migration occurs implicitly without causing rollouts of existing nodes/VMs. (#212, @prashanth26)

[terraformer]

🏃 Others

• [OPERATOR] The configmaps and secrets used to contain terraform configuration, state and variables are now protected with a finalizer against accidental deletion. (gardener/terraformer#65, @vpnachev)
• [OPERATOR] terraform-provider-aws is now updated to 3.18.0 (gardener/terraformer#63, @ialidzhikov)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.20.0
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.20.0