[USER] A bug has been fixed which was allowing users to set Shoot oidc configurations for the kube-apiserver without setting the clientID and issuerURL fields in spec.kubernetes.kubeAPIServer.oidcConfig, which would lead to the kube-apiserver stuck in a Error state. gardener-apiserver now requires both clientID and issuerURL fields to be set when the spec.kubernetes.kubeAPIServer.oidcConfig field is specified. by @AleksandarSavchev#10461
[OPERATOR]credentialsBinding.credentialsRef is now an immutable field. by @dimityrmirchev#10365
📰 Noteworthy
[USER] Users are allowed to change shoot.spec.credentialsBindingName and reference another CredentialsBinding only if they have the permissions to read both the old and newly referenced credential. by @dimityrmirchev#10365
[USER] Users can migrate from shoot.spec.secretBindingName to shoot.spec.credentialsBindingName only if the referenced credential remains the same and is not changed during the process. by @dimityrmirchev#10365
[OPERATOR] Allow project users to read NamespacedCloudProfiles and for project admins to make adjustments to machine types and volume types. by @LucaBernstein#10485
[OPERATOR] Alerts based on the proposals_failed_total metric of the etcd cluster are not raised anymore. by @renormalize#10524
[DEVELOPER] A new predicate extensions/pkg/predicate.GardenSecurityProviderType can be used to select resources from the security.gardener.cloud group that are related to the passed provider type. by @dimityrmirchev#10499
✨ New Features
[OPERATOR] The gardener-operator metrics are now automatically scraped by the garden Prometheus. by @maboehm#10464
[OPERATOR] Introduce custom RBAC verbs to allow for modification of .spec.{kubernetes,machineImages} in NamespacedCloudProfiles. by @LucaBernstein#10485
[OPERATOR] The feature gate NewVPN is introduced for the gardenlet component. If enabled, the new VPN implementation (Golang rewrite) is used for all Shoots of the respective Seed. In this case, the old implementation can be disabled for a single Shoot by annotating the shoot resource with alpha.control-plane.shoot.gardener.cloud/disable-new-vpn=true. For Seeds with disabled feature gate, the new implementation can be enabled for a single shoot by annotating it with alpha.control-plane.shoot.gardener.cloud/disable-new-vpn=false. by @MartinWeindel#9774
🐛 Bug Fixes
[USER] Fixed disk read/write panel in the shoot's etcd dashboards by @rickardsjp#10493
[DEVELOPER] An issue was fixed that rejected the creation of workerless shoots in the local setup. by @timuthy#10498
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps github.com/gardener/gardener from 1.99.1 to 1.104.0.
Release notes
Sourced from github.com/gardener/gardener's releases.
... (truncated)
Commits
6a71cf9
Release v1.104.0aed268d
reduced etcd container requests and VPA minAllowed as per gardener/etcd-druid...53bbb47
Remove etcd proposal alerts. (#10524)affd0b9
chore(deps): update dependency gardener/machine-controller-manager to v0.54.0...571f721
Clean up unused--seed-kubecfg-path
flag from the Shoot creation framework ...c3e8770
Allow emptynetworking.nodes
in case of IPv6 only shoots. (#10533)d326380
chore(deps): update dependency envoyproxy/envoy to v1.31.1 (#10531)be8aced
Enhancecompare-k8s-feature-gates.sh
script (#10532)029dd81
fix(deps): update kubernetes packages to v0.29.9 (#10515)3abeb31
Harden Project controller integration tests with NamespacedCloudProfiles (#10...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show