[DEPENDENCY] The deprecated ChartRenderer.Render and ChartApplier.{Apply,Delete} methods have been dropped. Use ChartRendere.RenderEmbeddedFS and ChartApplier.{Apply,Delete}FromEmbeddedFS instead. by @rfranzke#8540
[DEPENDENCY] The hack/generate-crds.sh script now receives the file name prefix via the -p option (previously, the prefix was the first argument to the script). by @rfranzke#8560
[DEPENDENCY] The no longer required --gardenlet-manages-mcm option has been removed. All code in provider extensions related to management/deployment of machine-controller-manager should be removed. by @rfranzke#8596
[DEPENDENCY] The deprecated core.gardener.cloud/apiserver-exposure label and handling has been dropped. by @rfranzke#8540
[DEPENDENCY] Provider extensions must now pass the cluster.Cluster object for the garden cluster to the genericactuator.NewActuator function. See this for an example how to create such a cluster.Cluster object. by @rfranzke#8559
[OPERATOR] Before upgrading to this Gardener versions, you must make sure that the Services of all registered provider extensions serving webhooks for the shoot cluster are annotated with networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports=[{"protocol":"TCP","port":<port>}], networking.resources.gardener.cloud/namespace-selectors=[{"matchLabels":{"gardener.cloud/role":"shoot"}}], and networking.resources.gardener.cloud/pod-label-selector-namespace-alias=extensions. by @rfranzke#8540
[DEVELOPER] Methods SkipIf and DoIf for TaskFn have been dropped. A new field SkipIf is introduced in Task, If set to true the task will be skipped and will also not be reported by the progress reporter. by @acumino#8541
📰 Noteworthy
[DEVELOPER] The pkg/utils/secrets package now signs certificates with 3072 bit RSA keys. by @dimityrmirchev#8635
[DEVELOPER] During the Migrate phase of a control plane migration of a Shoot, the state is now only persisted after all extension resources have been migrated. Consequently, make sure that you have added all state to the .status.state field of the respective extension object when running Migrate(). by @rfranzke#8559
[DEVELOPER] A generate-admin-kubeconf.sh script which can be used to generate an admin kubeconfig for a local shoot cluster was added in the hack/usage directory. by @dimityrmirchev#8636
[DEVELOPER] The extensions/pkg/controller/operatingsystemconfig/oscommon package is deprecated and will be removed as soon as the UseGardenerNodeAgent feature gate has been promoted to GA. OS extension developers should start adapting to this new feature, see documentation and example based on provider-local. by @rfranzke#8647
[OPERATOR] The Worker state reconciler has been dropped, i.e., updated provider extensions will no longer populate the machine state to the .status.state field of Worker resources. For a few releases, gardenlet will no longer persist any still existing data in the .status.state field of Worker resources during a control plane migration of a Shoot, and it will set .status.state to nil after a successful reconciliation or restore operation. by @rfranzke#8559
[OPERATOR] Configure the value for the flag metrics-scrape-wait-duration for compaction controller to set a wait duration at the end of every compaction job, to allow for metrics to be scraped by a Prometheus instance. by @abdasgupta#8607
[OPERATOR] The MachineControllerManagerDeployment has been promoted to GA and is now locked to "enabled by default". Make sure that all registered provider extensions support this feature gate before upgrading to this version of Gardener. by @rfranzke#8596
[OPERATOR] The GA-ed DisableScalingClassesForShoots feature gate has been removed. by @rfranzke#8596
[OPERATOR]maxSurge for kube-apiserver and gardener-apiserver of the virtual garden cluster is set to 100%. by @oliver-goetz#8640
[OPERATOR] The kube-apiserver no longer mounts root CA bundles from the underlying host. by @dimityrmirchev#8645
[USER] Gardener now uses 3072 bit RSA keys in order to generate TLS certificates. by @dimityrmirchev#8635
[USER]nginx-ingress-controller now enables annotation validation. by @dimityrmirchev#8644
[DEPENDENCY] The MachineClassKind(), MachineClass(), and MachineClassList() methods have been dropped from the generic Worker actuator's interface and do not need to be implemented anymore. by @rfranzke#8559
✨ New Features
[OPERATOR]gardener-operator maintains the two most recent generic-token-kubeconfig secrets in the runtime-cluster. In addition the latest secret name is published to the garden resource in .metadata.annotations[generic-token-kubeconfig.secret.gardener.cloud/name]. Third-party components referring to this secret should check this annotation value after a credentials or CA rotation for the virtual-garden cluster took place. by @timuthy#8657
[OPERATOR] Feature gate APIServerFastRollout for gardenlet is introduced and enabled by default. When enabled, maxSurge for kube-apiservers of Shoots is set to 100%. by @oliver-goetz#8640
[DEVELOPER] It is now possible to annotate managed resources part of ManagedResource objects with resources.gardener.cloud/finalize-deletion-after=<duration>, e.g., resources.gardener.cloud/finalize-deletion-after=1h. After this time, gardener-resource-manager will forcefully delete the resource by removing their finalizers. by @rfranzke#8584
[DEVELOPER] Change port of ssh reverse tunnel to 443 by @axel7born#8606
[USER] Machine scale-up delay for new pods can now be configured for cluster-autoscaler via the field .spec.kubernetes.clusterAutoscaler.newPodScaleupDelay in the Shoot API . by @aaronfern#8590
[USER] Concurrent empty machines bulk deletion can now be configured for cluster-autoscaler via the field .spec.kubernetes.clusterAutoscaler.maxEmptyBulkDelete in the Shoot API . by @aaronfern#8590
🐛 Bug Fixes
[DEVELOPER] Use cgroupv2 fix for local-setup on macOS too. by @oliver-goetz#8633
🏃 Others
[DEVELOPER] Gardener base image is updated to gcr.io/distroless/static-debian12:nonroot. by @oliver-goetz#8628
[DEPENDENCY]nginx-ingress-controller image is updated to v1.9.1. by @dimityrmirchev#8644
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/gardener/gardener from 1.80.3 to 1.82.0.
Release notes
Sourced from github.com/gardener/gardener's releases.
... (truncated)
Commits
b35c672
Release v1.82.0d6c2bd7
[release-v1.82] Updatek8s.io/*
,sigs.k8s.io/controller-runtime
dependenc...1f1c021
Make machine state computation backwards-compatible (#8674)1ae0c41
Add feature gateUnauthenticatedHTTP2DOSMitigation
(#8670)50211ea
Fixes and enhancements in the local provider with extensions (#8631)7e856cb
Improvegeneric-token-kubeconfig
handling (#8657)6754cd0
Upgrade ext-authz-server (#8643)97b0438
Enable kube_node_spec_taint metric (#8653)289cd20
Upgrade apiserver-proxy-sidecar (#8642)d2dcd7d
PrepareOperatingSystemConfig
API for changes needed for `gardener-node-age...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show