[OPERATOR] The obsolete addonsManagedResource is now properly cleaned up. by @gardener-ci-robot#8255
[OPERATOR] Now the vali ingress definition points to the shoot logging service. by @vpnachev#8254
v1.75.0
[gardener/gardener]
⚠️ Breaking Changes
[DEVELOPER] Added new option to ./hack/generate-controller-registration.sh script [-e, --pod-security-enforce[=pod-security-standard] which sets the security.gardener.cloud/pod-security-enforce annotation of the generated ControllerRegistration. When not set this option defaults to baseline. by @AleksandarSavchev#8099
[DEVELOPER] Shoot fields .spec.dns.providers[].domains and .spec.dns.providers[].zones are now deprecated and expected to be removed in version v1.87. Please plan ahead to drop using those fields in extensions. by @timuthy#8199
[DEVELOPER] Usage of the deprecated injection mechanisms in controller-runtime (like InjectScheme, InjectLogger, InjectConfig, InjectClient, InjectCache etc) as well as package extensions/pkg/controller/common are dropped in a preparation to upgrade to the next version where injection is removed entirely. With this, Inject* functions on controllers, predicates, actuators, delegates, and friends are not called anymore. When upgrading the gardener/gardener dependency to this version, all injection implementations need to be removed. As a replacement, you can get the needed clients and similar from the manager during initialisation of the component. by @ary1992#8217
[OPERATOR]gardener-operator is now managing the nginx-ingress-controller and nginx-ingress-k8s-backend components. Make sure that your Garden resource specifies the .spec.runtimeCluster.ingress section. by @StenlyTU#7945
[OPERATOR] Support for nip.io shoot domains is discontinued. by @timuthy#8199
[USER] Adding Gardener-managed finalizers (e.g., gardener or gardener.cloud/reference-protection) to the Shoot on creation is now forbidden. by @shafeeqes#8209
[USER] Shoot fields .spec.dns.providers[].domains and .spec.dns.providers[].zones are now deprecated and expected to be removed in version v1.87. Please use the extensions' configuration to configure providers with this ability. by @timuthy#8199
[DEPENDENCY]github.com/gardener/gardener/pkg/utils/gardener.ShootAccessSecret was renamed to AccessSecret. by @timebertt#8204
✨ New Features
[OPERATOR] Added pod security enforce level baseline label to Istio-related namespaces. The garden and shoot namespaces have the privileged level. For extension namespaces, the new security.gardener.cloud/pod-security-standard-enforce annotation on ControllerRegistration resources specifies the level. When set, the extension namespace is created with pod-security.kubernetes.io/enforce label set to security.gardener.cloud/pod-security-standard-enforce's value. by @AleksandarSavchev#8099
[USER] Gardener now allows to omit or to only partially define Kubernetes versions in Shoots. The version will automatically be defaulted to the latest minor and/or patch version found in the linked CloudProfile. by @timuthy#8198
[USER] A new optional constraint CRDsWithProblematicConversionWebhooks is introduced in the Shoot status. This constraint indicates that there is at least one CRD in the cluster which has multiple stored versions and a conversion webhook configured, which could break the reconciliation flow of a Shoot in some cases. by @shafeeqes#8159
[USER] It is now possible to reference Secrets containing kubeconfigs for admission plugins in Shoots. The referenced Secret must be referenced in.spec.resources as well as in .spec.kubernetes.kubeAPIServer.admissionPlugins[].kubeconfigSecretName. by @acumino#8110
🐛 Bug Fixes
[OPERATOR] Fix network annotations to allow fluent-bit connecting to shoot Valis. by @vlvasilev#8197
[OPERATOR] A bug causing the gardenlet to panic when a ETCD encryption key rotation operation is triggered for a hibernated Shoot is now fixed. Now, triggering ETCD encryption key rotation or ServiceAccount signing key rotation is forbidden when the Shoot is in waking up phase. by @shafeeqes#8184
🏃 Others
[OPERATOR]nginx-ingress-controller image is updated to v1.8.1 for Kubernetesv1.24+ clusters. by @shafeeqes#8205
[OPERATOR] The eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler image has been updated from v1.26.2 to v1.27.0 (for Kubernetes >= 1.27). by @rishabh-11#8187
[OPERATOR] The shoots/adminkubeconfig relies on the ca-clientInternalSecret only and does not use the ShootState object anymore. by @timebertt#8195
[OPERATOR] Update Prometheus job tunnel-probe-apiserver-proxy to fix for HA VPN mode by @Sallyan#7954
[OPERATOR] Update vertical-pod-autoscaler to v0.14.0. by @voelzmo#8166
[OPERATOR] :warning: etcd.Status.ClusterSize, etcd.Status.ServiceName, etcd.Status.UpdatedReplicas have been marked as deprecated and users should refrain from depending on these fields. by @shreyas-s-raogardener/etcd-druid#637
🐛 Bug Fixes
[OPERATOR]AllMembersReady condition has now been fixed to eventually show the correct overall readiness of an etcd cluster. by @shreyas-s-raogardener/etcd-druid#637
🏃 Others
[OPERATOR] Print build version and go runtime info. by @shreyas-s-raogardener/etcd-druid#637
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
1 year ago
Bumps github.com/gardener/gardener from 1.65.3 to 1.75.1.
Release notes
Sourced from github.com/gardener/gardener's releases.
... (truncated)
Commits
771d8f1Release v1.75.140d52ac[release-v1.75] Cleanup oldaddonsManagedResource(#8255)8c8196dfix(logging): fix vali ingress backend definition (#8254)ef07146Prepare next Dev Cycle v1.75.1-dev5c9bbe4Release v1.75.0072e4efUpgrade etcd-druid (#8225)a2bfe93Allow to use the pre-previous version for upgrade tests (#8223)49c0258Update to Go 1.20.6 (#8224)9e54720Installprotocin tools/bin dir (#8218)7333b8fFixed broken links (#8221)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)