Skip to content

v1.4.0
Compare
Choose a tag to compare
@gardener-robot-ci-2 gardener-robot-ci-2 released this 07 May 16:18
v1.4.0
2fccc98

[gardener]

Most notable changes

  • [USER] There are two new error codes that help categorizing a problem occurred during a shoot reconciliation or health check: ERR_INFRA_RESOURCES_DEPLETED indicates that the underlying infrastructure does not have enough resources anymore, and ERR_CONFIGURATION_PROBLEM indicates that the user has misconfigured something and should double-check the specification. (#2237, @rfranzke)
  • [USER] It is now possible to confine rollouts of changes/updates to the Shoot specification to the individual maintenance time window. You can set .spec.maintenance.confineSpecUpdateRollout=true to achieve the desired behaviour. Please consult this document to get all information about it. (#2233, @rfranzke)
  • [USER] Shoot clusters can now receive forceful minor upgrades when using an expired Kubernetes version. Versions with preview classification are excluded from auto-update functionality for Kubernetes and machine image versions. (#2108, @danielfoehrKn)
  • [OPERATOR] Gardener's image vector does no longer contain etcd and etcd-backup-restore. If you want to overwrite these versions you must do it via the etcd-druid. Please consult this document for more information. (#2262, @rfranzke)
  • [OPERATOR] The Gardener API server now blocks the removal of Kubernetes and machine image versions from the CloudProfile which are still in use by shoot clusters. (#2106, @danielfoehrKn)
  • [DEVELOPER] Gardener will now respect the error codes presented in the extension CRDs' .status.lastError.codes[] field instead of recomputing them. (#2248, @rfranzke)

Improvements

  • [USER] A dashboard for CoreDNS is now available in grafana. (#2291, @wyb1)
  • [USER] The infrastructure reconciliation for hibernated shoots is now skipped. (#2258, @rfranzke)
  • [USER] The shoot health check controller has been improved to produce error codes (if applicable) to the .status.conditions[].codes that help categorizing observed problems. (#2242, @rfranzke)
  • [USER] The version of the Kubernetes Dashboard addon has been bumped to v2.0.0. (#2221, @rfranzke)
  • [USER] An issue that caused the Shoot's .status.lastOperation.state to be set to Error although no actual reconciliation operation is executed for the Shoot has been fixed. (#2217, @rfranzke)
  • [USER] Shoot conditions may now also specify a list of error codes, similar to .status.lastError.codes. (#2212, @rfranzke)
  • [USER] Gardener does not block hibernation of a Shoot Cluster anymore, in case it contains Endpoints objects that are reconciled by a custom operator (e.g. knative). (#2205, @tim-ebert)
  • [USER] The CPU and memory limits for the metrics-server have been slightly increased to support large clusters. (#2198, @rfranzke)
  • [OPERATOR] The validating webhook for the Gardener Seed Admission controller is now exposed at port 443, allowing it to function properly in GKE clusters. (#2300, @rfranzke)
  • [OPERATOR] An issue preventing gardenlet to properly reflect the Shoot condition as false for newly created Shoots is now fixed. (#2299, @ialidzhikov)
  • [OPERATOR] The CPU limits for the coredns and blackbox-exporter deployments in the shoot have been slightly increased to prevent false negative API server availability reports. (#2286, @rfranzke)
  • [OPERATOR] Gardener now validates that the Pod(/Service) network of a shoot cluster does not intersect with the Service(/Pod) network of the assigned seed. (#2282, @timuthy)
  • [OPERATOR] blackbox exporter sidecar is removed from the kube apiserver (#2267, @wyb1)
  • [OPERATOR] For backwards-compatibility reasons, the gardenlet does not check for stale extension reports per default. To enable, the field controllers.shootCare.staleExtensionHealthCheckThreshold in the Gardenlet configuration file (https://github.com/gardener/gardener/blob/master/example/20-componentconfig-gardenlet.yaml)can be set. (#2266, @danielfoehrKn)
  • [OPERATOR] The ShootState synchronization controller does now properly respect ContainerRuntime resources. (#2259, @rfranzke)
  • [OPERATOR] Fixed a bug in the healthcheck library that prevents checks after a Shoot has been woken up from hibernation. Gardener extensions require a minor change during the healthcheck registration. (#2249, @danielfoehrKn)
  • [OPERATOR] Fix bug that prevented the Shoot reconciliation to wait for the deletion of Extension CRDs. (#2240, @danielfoehrKn)
  • [OPERATOR] Issues for Shoot with metadata.generateName are fixed. Shoot name length limit restriction is applied on generateName with random suffix length fixed to 5 as in the kubernetes. Default DNS name is generated using same name generator for shoot. ⚠️ But it will differ from generated shoot name. (#2236, @swapnilgm)
  • [OPERATOR] Fixes a bug that prevented proper labeling of worker pool-nodes that have CRI enabled. (#2231, @danielfoehrKn)
  • [OPERATOR] A race condition that led to incomplete maintenance operations for shoot clusters has been fixed. (#2229, @rfranzke)
  • [OPERATOR] The gardenlet detects outdated health check reports on extension CRDs with a default threshold of 5 minutes in case Gardener extensions stop performing health checks. The threshold can be configured in the Gardenlet configuration. (#2215, @danielfoehrKn)
  • [OPERATOR] Remove unused RetrySyncPeriod field (controllers.shoot.retrySyncPeriod) from the Gardenlet configuration. (#2215, @danielfoehrKn)
  • [OPERATOR] The kubelet-monitor script running on every worker node is now fixed and properly monitors the kubelet again. (#2214, @rfranzke)
  • [OPERATOR] The podAntiAffinity of the fluentd statefulset deployed in the seed clusters is now a soft requirement. (#2213, @Kristian-ZH)
  • [OPERATOR] Fix a bug that limits the workers count of a single shoot. (#2210, @aylei)
  • [OPERATOR] Edited VPA specific RBAC roles to include get,list and watch for etcd resources by VPA actors (#2204, @georgekuruvillak)
  • [OPERATOR] Grafana dashboards for the seed are updated. Removed the cluster overview dashboard since metrics used in this dashboard were removed. Other dashboards are changed to no longer show data on a "Pod level" since pod level metrics have a high cardinality and have been mostly removed from the aggregate-prometheus. (#2202, @wyb1)
  • [OPERATOR] The terminationGracePeriodSeconds setting for the Prometheus instance in shoot control planes has been lowered from 300 to 60. (#2199, @wyb1)
  • [OPERATOR] Added a test to validate if systemctl on the node's operating system runs without errors. (#2192, @schrodit)
  • [OPERATOR] ETCD encryption data is persisted in the ShootState (#2084, @plkokanov)
  • [DEVELOPER] The ShootNotFailed predicate in the extensions library does now work as expected. (#2265, @rfranzke)
  • [DEVELOPER] ControlPlane, BackupEntry and OperatingSystemConfig controllers support operations for migrate and restore. (#2247, @swilen-iwanow)
  • [DEVELOPER] The extensionsv1alpha1.Last{Operation,Error} interfaces were removed - the respective GetLast{Operation,Error}() functions do now return the objects directly instead of the old interfaces. (#2244, @rfranzke)
  • [DEVELOPER] The Golang version has been upgraded to 1.14.2. (#2234, @rfranzke)
  • [DEVELOPER] A bug in the CSI migration controller has been fixed that may cause the CSIMigration<Provider>Complete feature gate to be set to early. (#2223, @rfranzke)
  • [DEVELOPER] The extension library can now be used to create simple validating or mutating webhooks for different K8s types with different handlers. (#2219, @timuthy)
  • [DEVELOPER] Extension resource conditions may now also specify a list of error codes, similar to .status.lastError.codes. Gardener will pick them up and merge them into the shoot conditions. (#2212, @rfranzke)
  • [DEVELOPER] The containerd test is now skipped for worker pools that are not using the ubuntu operating system. (#2201, @ialidzhikov)
  • [DEVELOPER] Extend the infrastructure actuator interface with Migrate and Restore (#2167, @vlvasilev)

[autoscaler]

Improvements

[etcd-backup-restore]

Most notable changes

Improvements

[etcd-druid]

Improvements

  • [OPERATOR] Removed owner reference from etcd StatefulSet so that HVPA can recommend resource recommendations. VPA does not support StatefulSet having ownerReferences set to another top-level controller . (gardener/etcd-druid#48, @georgekuruvillak)
  • [OPERATOR] Updated the etcd resource manifest with priorityClassName to specify the priority of etcd pods. (gardener/etcd-druid#36, @georgekuruvillak)

Docker Images

gardener-apiserver: eu.gcr.io/gardener-project/gardener/apiserver:v1.4.0
gardener-controller-manager: eu.gcr.io/gardener-project/gardener/controller-manager:v1.4.0
gardener-scheduler: eu.gcr.io/gardener-project/gardener/scheduler:v1.4.0
seed-admission-controller: eu.gcr.io/gardener-project/gardener/seed-admission-controller:v1.4.0
gardenlet: eu.gcr.io/gardener-project/gardener/gardenlet:v1.4.0

Assets 3
Loading