0.30.0
[gardener]
Action Required
- [USER] As the Kubernetes community is in the process of deprecating basic authentication for the kube-apiserver newly created 1.16 shoot clusters don't enable it by default anymore. Similarly, the default authentication mode for the
kubernetes-dashboard
addon istoken
instead ofbasic
. You can still enable it manually, but you should consider migrating away from it. We will drop basic authentication support in a future release when Kubernetes doesn't support it anymore. (#1443, @rfranzke) - [USER] The subdomain for the the user monitoring has changed from
g-users
togu
. (#1417, @wyb1) - [OPERATOR] In order to support Kubernetes 1.16 you must use at least v
0.13.0
of the provider extension controllers. (#1443, @rfranzke) - [OPERATOR] The old
garden.sapcloud.io/v1beta1.BackupInfrastructure
resources are deprecated and will be removed in the next release. Thecore.gardener.cloud/v1alpha1.BackupBucket
andcore.gardener.cloud/v1alpha1
are the replacement. (#1427, @swapnilgm) - [OPERATOR] The subdomain for the the operator monitoring has changed from
g-operators
togo
. (#1417, @wyb1) - [OPERATOR] The false positive
KubeEtcdFullBackupFailed
alert has been fixed. This requires at least version 0.12.0 of thegardener-extensions
(containing 0.7.3 ofetcd-backup-restore
). (#1381, @wyb1)
Most notable changes
- [USER] Gardener does now support shoot clusters with Kubernetes version 1.16. You should consider the Kubernetes release notes before upgrading to 1.16. (#1443, @rfranzke)
- [USER] The CoreDNS version for all shoots has been upgraded from
1.4.0
to1.6.3
. (#1443, @rfranzke) - [USER] The deprecated
.spec.backup
section in thegarden.sapcloud.io/v1beta1.Shoot
resource has been removed. (#1430, @rfranzke) - [USER] It is now possible to specify a CA certificate bundle per worker pool. Gardener will automatically install the CA certificates on every worker node of this pool. (#1430, @rfranzke)
- [USER] Gardener does now feature a new
Shoot
resource which is part of thecore.gardener.cloud/v1alpha1
API group. It is fully forwards and backwards compatible to the oldShoot
resource in thegarden.sapcloud.io/v1beta1
API group. It will be the new default, and the oldgarden.sapcloud.io/v1beta1.Shoot
resource are deprecated now. It will be removed in a future version. Consider switching to using the newcore.gardener.cloud/v1alpha1.Shoot
resource. Theexample
directory contains proper example manifests. (#1430, @rfranzke) - [USER] Gardener does now feature a new
CloudProfile
resource which is part of thecore.gardener.cloud/v1alpha1
API group. It is fully forwards and backwards compatible to the oldCloudProfile
resource in thegarden.sapcloud.io/v1beta1
API group. It will be the new default, and the oldgarden.sapcloud.io/v1beta1.CloudProfile
resource are deprecated now. It will be removed in a future version. Consider switching to using the newcore.gardener.cloud/v1alpha1.CloudProfile
resource. Theexample
directory contains proper example manifests. (#1403, @rfranzke) - [USER] Cluster Autoscaler now balances similar worker-groups while scaling-up. Similar worker-groups are defined as those having nodes with the same resource capacities and exactly the same labels. Refer doc for more info. (#1401, @hardikdr)
- [USER] The new
OpenIDConnectPreset
resource allows for specifying OpenID Connect configurations which are applied toShoot
namespace-wide. (#1394, @mvladev) - [USER] A new optional field in
Shoot
specification has been addedspec.kubernetes.kubeAPIServer.oidcConfig.clientAuthentication
. It can specify OpenID Connect settings used forkubeconfig
generation. (#1394, @mvladev) - [OPERATOR] It is now possible to configure which domains shall be included or excluded for DNS providers. If you are using a custom domain for your shoot then you can use
.spec.dns.includeDomains
,.spec.dns.excludeDomains
. (#1430, @rfranzke) - [OPERATOR] The orphaned
BackupInfrastructure
resources post reconciliation of shoots using Gardener 0.29+ are now getting deleted. (#1427, @swapnilgm)⚠️ For hibernated cluster it now guarantees only latest snapshot will be there on shared bucket. It doesn't migrate the old snapshots and hence break the policy of the configured deletion grace period. If you want to keep the old data you would need to download it manually from the buckets before upgrading to this Gardener version.
- [OPERATOR] The new
ClusterOpenIDConnectPreset
resource allows for specifying OpenID Connect configurations which are applied toProjects
andShoot
cluster-wide. (#1394, @mvladev) - [OPERATOR] Two new mutation admission controllers are introduced -
ClusterOpenIDConnectPreset
andOpenIDConnectPreset
. Those controllers can are enabled by default and can be disabled with--disable-admission-plugins
flag on gardener-apiserver. (#1394, @mvladev) - [OPERATOR] The client configuration for the Kubernetes clients for the garden cluster, seed clusters, and shoot clusters has been separated. You can configure them individually in the
gardener-controller-manager
's componentconfig. (ddfdc74) - [OPERATOR] The memory limits for the kube-controller-manager have been significantly increased. Also, the kube-apiserver CPU and memory requests and limits have been increased for shooted seeds. The same happened for the nginx-ingress-controller. (5d5a890)
- [DEVELOPER] The
gardener-scheduler
is now working only withcore.gardener.cloud/v1alpha1
instead ofgarden.sapcloud.io/v1beta1
resources. (#1435, @rfranzke) - [DEVELOPER] The
garden.sapcloud.io.CIDR
andgarden.sapcloud.io/v1beta1.CIDR
type has been replaced withstring
type. (#1430, @rfranzke) - [DEVELOPER] The
.spec.kubernetes.kubeAPIServer.admissionPlugins[].config
type has been changed from*string
to*ProviderConfig
(which effectively is a*runtime.RawExtension
). (#1430, @rfranzke) - [DEVELOPER]
./hack/dev-setup-register-gardener
must be ran to register the newsettings.gardener.cloud
API group. (#1394, @mvladev)
Improvements
- [USER] Users can now use an
Alertmanager
if they configured their shoot to receive alerts. (#1417, @wyb1) - [OPERATOR] Increase shoot prometheus retention to 30d. Retention is guaranteed if prometheus exceeds 15GB of storage. (#1444, @wyb1)
- [OPERATOR] Vertical pod autoscaling can be enabled for the
gardener-apiserver
,gardener-controller-manager
andgardener-scheduler
. To enable VPA for each componentglobal.apiserver.vpa
,global.controller.vpa
andglobal.scheduler.vpa
must be set to true respectively. (#1440, @wyb1) - [OPERATOR] Fix bug in maintenance-controller not respecting
spec.maintenance.autoUpdate.kubernetesVersion: false
in the Shoot when the Kubernetes version does not exist in the CloudProfile. (#1423, @danielfoehrKn) - [OPERATOR] Volume plugin directory on the kubelet is now statically configured to /var/lib/kubelet/volumeplugins, this is to support Calico versions >= 3.8 on CoreOS which does not have write access to the defaule volume-plugin-dir. (#1414, @zanetworker)
- [OPERATOR] Prometheus image is upgraded to
2.12.0
(#1410, @wyb1) - [OPERATOR] Upgraded monitoring images. Some metrics have changed or were removed. (#1406, @wyb1)
- [OPERATOR] Operators can now access all aggregate monitoring components using one set of basic auth credentials. The basic auth credentials are stored in the garden cluster in the secret
garden/seed-monitoring-ingress-credentials
. (#1405, @wyb1) - [OPERATOR] A bug that prevented managed resources from getting properly labeled has been fixed. (ea72650)
- [OPERATOR] The admission plugins inside the
gardener-apiserver
now also react for resources migrated to the newcore.gardener.cloud/v1alpha1
API. (9b73a90) - [OPERATOR] Shooted seeds default backup provider is now correctly set to the shoot provider (instead of the seed provider). (e821852)
- [OPERATOR] The
Seed
object for shooted seeds does no longer have an owner reference to the respectiveShoot
becauseSeed
is cluster-scoped whileShoot
is namespaced, and according to https://kubernetes.io/docs/concepts/workloads/controllers/garbage-collection/ this is not supported. (0dc122c) - [DEVELOPER] Add alert rule for failed etcd restorations. (#1426, @shreyas-s-rao)
- [DEVELOPER] The golang version has been updated to 1.13. Please upgrade your local go installation to 1.13. (#1425, @ialidzhikov)
[gardener-resource-manager]
Improvements
- [OPERATOR] The resource manager now observes version updates for objects and supports configurable api group migrations. (gardener-attic/gardener-resource-manager#16, @mandelsoft)
- [OPERATOR] An issue has been resolved which caused the Gardener-Resource-Manage to throw errors for
Kinds
belonging to a recently deployed CRD. (gardener-attic/gardener-resource-manager#14, @timuthy) - [OPERATOR] ManagedResource status is now enriched with two conditions -
ResourcesApplied
andResourcesHealthy
. (gardener-attic/gardener-resource-manager#11, @ialidzhikov) - [OPERATOR] Fixes an issue which left resources in the
target
cluster even though they were supposed to be deleted through a change or removal of theManagedResource
. (gardener-attic/gardener-resource-manager#8, @timuthy) - [DEVELOPER] The golang version has been updated to 1.13. Please upgrade your local go installation to 1.13. (gardener-attic/gardener-resource-manager#12, @ialidzhikov)
[terraformer]
Most notable changes
- [OPERATOR] Provider versions are upgraded: (gardener/terraformer#23, @mvladev)
- aws
1.60.0
->2.26.0
- google
1.20.0
->2.14.0
- azurerm
1.22.1
->1.33.1
- openstack
1.16.0
->1.21.1
- alicloud
1.31.0
->1.55.2
- packet
1.7.2
->2.3.0
- aws
Improvements
- [OPERATOR] Provider versions are upgraded: (gardener/terraformer#26, @ialidzhikov)
- template
1.0.0
->2.1.2
- null
1.0.0
->2.1.2
- template
- [OPERATOR] Added google beta provider (gardener/terraformer#25, @DockToFuture)
- [OPERATOR]
tzdata
package is now used instead ofassets/zoneinfo.zip
to make all timezones available. (gardener/terraformer#24, @ialidzhikov)
Docker Images
gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:0.30.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:0.30.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:0.30.0