Closed gardener-ci-robot closed 7 months ago
@gardener-ci-robot Thank you for your contribution.
Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.
You can manually request rebase by checking the rebase/retry box above.
⚠ Warning: custom changes will be lost.
This PR contains the following updates:
v1.90.4
->v1.91.0
Release Notes
gardener/gardener (github.com/gardener/gardener)
### [`v1.91.0`](https://togithub.com/gardener/gardener/releases/tag/v1.91.0) [Compare Source](https://togithub.com/gardener/gardener/compare/v1.90.4...v1.91.0) ### \[gardener/gardener] #### ⚠️ Breaking Changes - `[USER]` Deprecated `.spec.kubernetes.allowPrivilegedContainers` field in the Shoot API is now removed. by [@shafeeqes](https://togithub.com/shafeeqes) \[[#9274](https://togithub.com/gardener/gardener/issues/9274)] - `[USER]` The `.status.advertisedAddresses[]` list in a `Shoot`'s status now includes the `Shoot`'s service account issuer under the name `service-account-issuer`. Please revisit any logic that might depend on all advertised addresses being used for communication with the `kube-apiserver` of a shoot cluster. by [@dimityrmirchev](https://togithub.com/dimityrmirchev) \[[#9196](https://togithub.com/gardener/gardener/issues/9196)] - `[OPERATOR]` The `ShootForceDeletion` feature gate has been promoted to beta and is turned on by default. by [@acumino](https://togithub.com/acumino) \[[#9325](https://togithub.com/gardener/gardener/issues/9325)] #### ✨ New Features - `[DEVELOPER]` The `{garden,seed,shoot}-care` controllers now incorporate `ManagedResource`s into all relevant conditions, and it is possible to override the condition type into which a `ManagedResource`'s status gets incorporated via the `care.gardener.cloud/condition-type` label. Please consult the respective documentation for more information ([`garden-care`](https://togithub.com/gardener/gardener/blob/master/docs/concepts/operator.md#care-reconciler), [`seed-care`](https://togithub.com/gardener/gardener/blob/master/docs/concepts/gardenlet.md#care-reconciler-1), [`shoot-care`](https://togithub.com/gardener/gardener/blob/master/docs/concepts/gardenlet.md#care-reconciler-2)). by [@rfranzke](https://togithub.com/rfranzke) \[[#9313](https://togithub.com/gardener/gardener/issues/9313)] - `[OPERATOR]` The gardenlet now synchronizes the service account public keys of shoot clusters that have managed issuer enabled. The public keys are stored in a dedicated `gardener-system-shoot-issuer` namespace in the Garden cluster. by [@dimityrmirchev](https://togithub.com/dimityrmirchev) \[[#9354](https://togithub.com/gardener/gardener/issues/9354)] - `[OPERATOR]` `gardener-resource-manager` now considers the health and the progressing status for `Certificate` and `Issuer` resources (see [cert-management](https://togithub.com/gardener/cert-management/)) managed via `ManagedResource`s. by [@timuthy](https://togithub.com/timuthy) \[[#9326](https://togithub.com/gardener/gardener/issues/9326)] - `[OPERATOR]` The Shoot maintenance controller now removes unsupported feature gates and admission plugins from the Shoot during force upgrades. by [@shafeeqes](https://togithub.com/shafeeqes) \[[#9365](https://togithub.com/gardener/gardener/issues/9365)] - `[OPERATOR]` `gardener-operator` now deploys two Alertmanager replicas into the `garden` namespace. They don't come with any configuration by default. It is in the responsibility of the human operators to create `monitoring.coreos.com/v1alpha1.AlertmanagerConfig` resources with the proper configuration suitable for their needs. Read more about it [here](https://togithub.com/gardener/gardener/blob/master/docs/concepts/operator.md#observability). by [@rfranzke](https://togithub.com/rfranzke) \[[#9301](https://togithub.com/gardener/gardener/issues/9301)] - `[OPERATOR]` The `ControlPlaneHealthy` condition in `Shoot`s now reports an issue when `{kube,machine}-controller-manager` or `cluster-autoscaler` are scaled down to `0` replicas. The `EveryNodeReady` condition in `Shoot`s now reports an issue when at least `20%` of the `Lease`s related to nodes in the `kube-node-lease` namespace are expired. by [@rfranzke](https://togithub.com/rfranzke) \[[#9376](https://togithub.com/gardener/gardener/issues/9376)] #### 🐛 Bug Fixes - `[DEVELOPER]` Function `NewClientFromBytes` in package `pkg/client/kubernetes/client.go` was fixed to consider `AllowedUserFields`. Earlier, it failed when creating a Kubernetes client with a special but allowed fields in the Kubeconfig (e.g. `auth-provider`). by [@timuthy](https://togithub.com/timuthy) \[[#9333](https://togithub.com/gardener/gardener/issues/9333)] #### 🏃 Others - `[OPERATOR]` Update CoreDNS to v1.11.1. by [@DockToFuture](https://togithub.com/DockToFuture) \[[#8945](https://togithub.com/gardener/gardener/issues/8945)] - `[OPERATOR]` The gardener operator documentation now closes resembles the reality of the coding. by [@ScheererJ](https://togithub.com/ScheererJ) \[[#9342](https://togithub.com/gardener/gardener/issues/9342)] - `[OPERATOR]` The istio ingress gateway orphan namespace detection no longer interferes with the istio ingress gateway zone migration in case the target zone names are unknown and there is no active usage. by [@ScheererJ](https://togithub.com/ScheererJ) \[[#9460](https://togithub.com/gardener/gardener/issues/9460)] - `[OPERATOR]` The ingress domain of kube-apiserver should work again for single-zonal shoot control planes. by [@ScheererJ](https://togithub.com/ScheererJ) \[[#9393](https://togithub.com/gardener/gardener/issues/9393)] - `[OPERATOR]` There is a new plutono dashboard named `Container Images` that currently contains 2 panels for image pull durations. by [@ialidzhikov](https://togithub.com/ialidzhikov) \[[#9422](https://togithub.com/gardener/gardener/issues/9422)] - `[OPERATOR]` Port 8132 of istio ingress gateway will respond to all ordinary http requests with a redirect (301) to the https port by [@ScheererJ](https://togithub.com/ScheererJ) \[[#9332](https://togithub.com/gardener/gardener/issues/9332)] - `[OPERATOR]` The operating system config reconciler of the `gardener-node-agent` now creates directories with `0755` permissions when it creates files listed in the corresponding `OperatingSystemConfig` on the node. Previously these directories were created with no permissions. by [@plkokanov](https://togithub.com/plkokanov) \[[#9443](https://togithub.com/gardener/gardener/issues/9443)] - `[OPERATOR]` Seed clusters with a wildcard certificate no longer use `Ingress` resources to expose `kube-apiserver`. Instead, `Istio` resources are directly used now. by [@ScheererJ](https://togithub.com/ScheererJ) \[[#9300](https://togithub.com/gardener/gardener/issues/9300)] - `[OPERATOR]` Shoot clusters should stay accessible after istio ingress gateway migration via annotation alpha.istio-ingress.gardener.cloud/migrate-to was triggered. by [@ScheererJ](https://togithub.com/ScheererJ) \[[#9423](https://togithub.com/gardener/gardener/issues/9423)] - `[OPERATOR]` Operators can create duplicate istio ingress gateways for migration if the zone names should be changed in the seed specification by [@ScheererJ](https://togithub.com/ScheererJ) \[[#9304](https://togithub.com/gardener/gardener/issues/9304)] - `[DEVELOPER]` Now the observability applications which are also targets of the authentication & authorization proxies share common label. by [@nickytd](https://togithub.com/nickytd) \[[#9385](https://togithub.com/gardener/gardener/issues/9385)] - `[DEVELOPER]` Local dev setup can now deploy a cluster with volume resize support. by [@dnaeon](https://togithub.com/dnaeon) \[[#9363](https://togithub.com/gardener/gardener/issues/9363)] #### Docker Images - admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.91.0` - apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.91.0` - controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.91.0` - gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.91.0` - node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.91.0` - operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.91.0` - resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.91.0` - scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.91.0`Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.