Support for Kubernetes v1.26 #7275

… K8s 1.26

$ ./hack/compare-k8s-feature-gates.sh 1.25 1.26 Feature gates added in 1.26 compared to 1.25: APISelfSubjectReview AggregatedDiscoveryEndpoint ConsistentHTTPGetHandlers CrossNamespaceVolumeDataSource DynamicResourceAllocation EventedPLEG LegacyServiceAccountTokenTracking MinimizeIPTablesRestore PDBUnhealthyPodEvictionPolicy PodSchedulingReadiness StatefulSetStartOrdinal TopologyManagerPolicyAlphaOptions TopologyManagerPolicyBetaOptions TopologyManagerPolicyOptions ValidatingAdmissionPolicy WindowsHostNetwork Feature gates removed in 1.26 compared to 1.25: CSIMigrationOpenStack CSRDuration DefaultPodTopologySpread DynamicKubeletConfig IndexedJob NonPreemptingPriority PodAffinityNamespaceSelector PodOverhead PreferNominatedNode ServiceLBNodePortControl ServiceLoadBalancerClass SuspendJob Feature gates locked to default in 1.26 compared to 1.25: CPUManager CSIMigrationvSphere DelegateFSGroupToCSIDriver DevicePlugins DryRun EndpointSliceTerminatingCondition JobTrackingWithFinalizers KubeletCredentialProviders MixedProtocolLBService ServerSideApply ServiceIPStaticSubrange ServiceInternalTrafficPolicy WindowsHostProcessContainers

$ ./hack/compare-k8s-admission-plugins.sh 1.25 1.26 Admission plugins added in 1.26 compared to 1.25: ValidatingAdmissionPolicy Admission plugins removed in 1.26 compared to 1.25:

…troller-manager` $ ./hack/compare-k8s-controllers.sh 1.25 1.26 kube-controller-manager controllers added in 1.26 compared to 1.25: resource-claim-controller kube-controller-manager controllers removed in 1.26 compared to 1.25:

… kube-apiserver fields The kube-controller-manager flag `--pod-eviction-timeout` is deprecated in favor of the kube-apiserver flags `--default-not-ready-toleration-seconds` and `--default-unreachable-toleration-seconds`. The `--pod-eviction-timeout` flag does not have effect when the taint besed eviction is enabled. The taint based eviction is beta (enabled by default) since Kubernetes 1.13 and GA since Kubernetes 1.18. For more details, see kubernetes/kubernetes#74651. This commit allows configuring the kube-apiserver flags `--default-not-ready-toleration-seconds` and `--default-unreachable-toleration-seconds`. The `podEvictionTimeout` field is deprecated in favor of the newly introduced fields. gardener-apiserver no longer defaults the `podEvictionTimeout` field. gardener-apiserver also returns a warning when the `podEvictionTimeout` field is set.

…server_storage_db_total_size_in_bytes` The metric `etcd_db_total_size_in_bytes` is renamed to `apiserver_storage_db_total_size_in_bytes`. Ref kubernetes/kubernetes#113310.

Test runs of the integration test that uses this template prints the following warning about the issue in the template: ``` {"level":"info","ts":"2022-12-28T19:36:29.043+0200","logger":"KubeAPIWarningLogger","msg":"unknown field \"spec.template.spec.containers[0].nodeName\""} ```

After the removal of support for Kubernetes < 1.20 Shoot clusters (ref #6987), the kubeconfig Secret no longer has the `token` field. Basic auth cannot be enabled for K8s 1.19+ clusters, hence the kubeconfig Secret cannot contain the `username`/`password` fields anymore.

…rsion >= 1.26 This commit also adapts most of the testmachinery integration tests to use the `shoots/adminkubeconfig` subresource instead of the static kubeconfig. The Shoot creation intergration is still using the static kubeconfig and it is downloading it to `$TM_KUBECONFIG_PATH/shoot.config`. This commit sets `enableStaticTokenKubeconfig=true` until we figure out which tests/components are using this downloaded kubeconfig.

The constraint `ConstraintK8sLess126` is currently not used by gardener/gardener but it is introduced for usage from the extensions.

…rkube` image

For the reasoning, see #7275 (comment)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support for Kubernetes v1.26 #7275

Support for Kubernetes v1.26 #7275

Commits on Jan 13, 2023