Overview
In case you couldn’t participate and are interested in catching up, you can find the contents of the review meetings we have had in 2022 here.
Note that all review meetings in 2022 were SAP-internal meetings back then. Despite those, we also had a few Community Meetings in the open.
Reviews
2022/12/07 - v1.61 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- πͺ [USER] Gardener does no longer support shoot clusters with Kubernetes versions
< 1.20
. […] #6987 - β¨ [USER] The
kube-apiserver
is now verifying the server certificates presented by kubelet
s. #7047 - πͺ [OPERATOR] The already deprecated
SeedKubeScheduler
feature gate is now removed. […] Instead, use the bin-packing
scheduling profile. #7052 - β¨ [OPERATOR] The
gardener-seed-admission-controller
binary has been dropped from the code. Its logic has been merged into gardener-resource-manager
. #7053
2022/11/23 - v1.60 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [OPERATOR] The field
ManagedSeed.spec.seedTemplate
has been deprecated and will be removed very soon in a future release of Gardener. […] #7006 - β¨ [OPERATOR] The seed
vpa-recommender
is no longer scaled by VPA. Instead, fixed resource request values are used. #7001 - π [OPERATOR] A bug was fixed where sometimes the
kube-apiserver
was deleted during shoot deletion flow even though there were still shoot managed resources present. #7008 - β¨ [DEPENDENCY]
Deployment
s or StatefulSet
s deployed by extensions in seed or shoot clusters can now benefit from the new high-availability-config
webhook for automatically mutating the HA-related configuration of these resources. Please refer to this document. #6967 - β¨ [DEPENDENCY] Extension controllers no longer perform owner checks based on the owner
DNSRecord
at the start of their reconciliations. #6973
2022/11/09 - v1.59 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [USER] The rotation procedure of the
ServiceAccount
token signing key has been improved. #6943 - β¨ [OPERATOR] The
ManagedResource
s related to seed system components are now labeled with gardener.cloud/role=system-component
. #6836 - β¨ [DEPENDENCY] Extensions can now use the
extensions/pkg/util.{DetermineError,DetermineErrorCodes}
functions for conveniently handling errors with codes. #6912 - β¨ [DEPENDENCY]
gardener-extensions-controller
package includes CLI parameter for --log-level
and --log-format
now. #6875 - β¨ [DEVELOPER] The
gardener-resource-manager
component has been reworked entirely. It now uses a component config instead of CLI flags. Also, its Helm chart has been reworked entirely. #6865
2022/11/02 - v1.58 Release (Part II)
Demo Agenda π
2022/10/26 - v1.58 Release (Part I)
Demo Agenda π
No Demo, But Still Worth Celebrating π
- πͺ [USER]
Shoot
s with failure tolerance type node
can be scheduled on Seed
s with .spec.highAvailability != nil
only. #6833 - π [USER] Shoot worker definitions are now validated using
.spec.kubernetes.kubelet
when .spec.provider.workers[].kubernetes.kubelet
is not specified. #6741 - πͺ [OPERATOR]
HAControlPlanes
feature flag is removed from gardener-scheduler
. #6833 - πͺ [OPERATOR] Remove
DNSProvider
from supported extension kinds. #6840 - π [OPERATOR] Remove
/scale
subresource from Etcd
CRD. #6850 - β¨ [OPERATOR] Short names for
Machine
(mc
), MachineClass
(mcc
), MachineDeployment
(mcd
), and MachineSet
(mcs
) resources are now added. #6787 - β¨ [OPERATOR] Gardenlet will not start in case the seed configuration is incorrect, i.e. if the node, pod or service network specified in the Seed resource do not match to the cluster reality. #6782
2022/10/12 - v1.57 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [USER] The create/modify/delete permissions for
ServiceAccount
s assigned to Project
members with the admin role are now removed. Read permissions are preserved. […] #6740 - πͺ [OPERATOR] Deprecated functions
DeprecatedDetermineError
and DeprecatedDetermineErrorCodes
will be dropped in the upcoming releases, extensions using these functions now need to use their own methods to get the error code from the errors. #6677 - β¨ [OPERATOR] Logs from pods managed by
garden-resource-manager
will be scraped and stored in the shoot’s Loki. #6748 - β¨ [OPERATOR] The
ShootCARotation
and ShootSARotation
feature gates have been promoted to beta and are now enabled by default. […] #6734
2022/10/06 - v1.56 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [USER] Introduce shoot spec field
spec.controlPlane
to allow enabling HA control planes with failure tolerance type of node
or zone
. […] #6530 - β¨ [OPERATOR] gardenlet is now using
gcr.io/distroless/static-debian11:nonroot
instead of versions of alpine
as a base image. #6641 - β¨ [DEVELOPER] The e2e tests do now also tear down the Gardener environment, effectively verifying whether the
Seed
deletion works as expected. #6664
2022/09/21 - v1.55 Release (Part II)
Demo Agenda π
2022/09/14 - v1.55 Release (Part I)
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [DEVELOPER] The existing
ManagedSeed
e2e test has been enhanced with verifications for the three gardenlet kubeconfig rotation scenarios. #6568 - β¨ [OPERATOR] gardenlet’s
SeedKubeScheduler
feature gate is now deprecated in favor of the bin-packing scheduling profile that can be configured for a Shoot
referred by a ManagedSeed
. #6599 - β¨ [OPERATOR] Gardenlet now checks that the seed network configuration conforms to the reality in the seed cluster in case the seed is a shoot itself. #6576
- π [OPERATOR] A bug has been fixed which caused the
EveryNodeReady
condition on Shoots to become False
and complaining about outdated cloud configs on nodes during rolling updates. #6555
2022/08/31 - v1.54 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [DEVELOPER] Gardener envtest now supports running against an existing gardener setup via
USE_EXISTING_GARDENER
, see doc #6497 (will be presented in the next review meeting) - β¨ [DEVELOPER] A new
gomegacheck
linter is now executed on make check. […] #6455 - β¨ [OPERATOR]
Plant
API has been dropped, operators need to clean up Plant
resources before upgrading the Gardener version to v1.54. #6472 - β¨ [OPERATOR] The
DNSProvider
extension kind was removed. Please make sure to remove any ControllerRegistration
s that include the DNSProvider kind. […] #6479 - π [OPERATOR] Shoots are correctly labeled for globally enabled extensions now. #6534
2022/08/17 - v1.53 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ Enforce that Shoot nginx-ingress addon and Seed VPA are not enabled for ManagedSeeds. #6388
- β¨ Promote the
SecretBindingProviderValidation
feature gate to GA. #6429 - β¨ Promote
SeedChange
and CopyEtcdBackupsDuringControlPlaneMigration
feature gates to beta. #6452
2022/08/03 - v1.52 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ Promote
DisableDNSProviderManagement
to GA. #6341 - β¨ Drop support for the
shoot.gardener.cloud/use-as-seed
annotation. #6379 - π Fix tools download for aarch64 (arm64) π§. #6314
2022/07/20 - v1.51 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- π [DEVELOPER] A new testing strategy and developer guideline has been added. Make sure to check out the document if you want to learn more about the different kinds of tests we use and how to best write them! #6245
- π [OPERATOR] Health checks of ManagedResources are more reliable now when updating resources in the referenced secrets. #6136
- β¨ [OPERATOR] The new
ShootNodeLocalDNSEnabledByDefault
admission plugin of the gardener-apiserver
(disabled by default) controls whether the .spec.systemComponents.nodeLocalDNS.enabled
field for newly created Shoot resources is defaulted to true. […] #6279 - β¨ [OPERATOR] Several feature gate changes:
SecretBindingProviderValidation
-> beta (#6240), ShootMaxTokenExpiration{Overwrite,Validation}
and RotateSSHKeypairOnMaintenance
-> removed (#6241), Shoot{C,S}ARotation
-> beta (#6252)
2022/07/06 - v1.50 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [DEVELOPER]
gardener-{apiserver,controller-manager,scheduler,admission-controller,seed-admission-controller,resource-manager}
are now using gcr.io/distroless/static-debian11:nonroot
instead of versions of alpine
as a base image. #6159 - β¨ [DEVELOPER] It is now possible to render charts from embedded file systems (
embed.FS
). The Render
method of the chartrenderer.Interface
in favour of RenderEmbeddedFS
. […] #6165 - β¨ [DEPENDENCY] Gardenlet now manages fine-granular
PriorityClasses
that are supposed to be used by all components in order to improve the overall robustness of the system. Find out more in the related documentation. […] #6186 - β¨ [OPERATOR] The
WorkerPoolKubernetesVersion
and DisableDNSProviderManagement
feature gates have been promoted. #6166, #6142 - β¨ [DEVELOPER]
k8s.io/*
is now upgraded to v0.24.1
and sigs.k8s.io/controller-runtime
is now upgraded to v0.12.1
. #6101 - π [OPERATOR] A disruption free CA rotation is now being supported for HA shoot clusters. #6099
2022/06/22 - v1.49 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [OPERATOR] A full snapshot of
etcd-main
is now triggered after all Secret were encrypted with the new key after ETCD encryption key rotation. #6064 - β¨ [OPERATOR] Making
blackbox-exporter
on shoots highly-available, to prevent false positive alerts during rollouts of blackbox-exporter
, apiserver-proxy
and worker nodes. #6025 - β¨ [DEPENDENCY] The generic
Worker
actuator now scales up machine-controller-manager
Deployment when Shoot
is hibernating (or waking up) and machine-controller-manager
Deployment is already scaled down by external actor (dependency-watchdog
). #6054
2022/06/08 - v1.48 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [USER] With the new
maintenance.gardener.cloud/operation
annotation for Shoot
s it is now possible to confine the execution of the respective operation to the shoot cluster’s maintenance time window. #6039 - β¨ [USER] There are two new
rotate-credentials-{start,complete}
operation annotations for Shoot
s which can be used to start or complete the rotation of all Gardener-provided/Gardener-generated credentials. #6038 - π [USER] It is now possible again to migrate the CRIs for existing worker pools in shoot clusters. #6004
- π [OPERATOR] The
ManagedIstio
and APIServerSNI
feature gates are now deprecated. They are already turned on by default and will be removed in a future version of Gardener. #6007
2022/05/25 - v1.47 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- π [USER] A new document related to the rotation of the CA certificate rotation has been added. #5939
- β¨ [DEVELOPER]
provider-local
now allows to enable the dependency-watchdog-probe
in the seed cluster. #5937 - β¨ [DEVELOPER]
provider-local
now supports Ingress objects in the Seed
cluster and now enables using the shoot node logging feature. #5924 - β¨ [OPERATOR] The
lastActivityTimestamp
of the Project
is now updated every time a Plant
, BackupEntry
or Shoot
is created, or a Quota
or Secret
in the project namespace is referred by a SecretBinding
. The timestamp is also updated when these resources are updated or deleted. #5821
2022/05/11 - v1.46 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- π [USER] Documentation for accessing the shoot cluster is added here. #5849
- π [USER] There is a new document explaining the various configurations (and caveats) regarding the ServiceAccount configuration for shoot clusters. #5888
- β¨ [OPERATOR] The
WorkerPoolKubernetesVersion
feature gate has been promoted to beta and is now enabled by default. #5857
2022/04/27 - v1.45 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- π [OPERATOR] Fixed an issue that could cause the
cloud-config-downloader
to invalidate its credentials token if the node that it is currently running on has issues with the file system where the credentials token is stored (for example when the node runs out of disk space). #5719 - π [OPERATOR] Increase the QPS and burst value for
kube-apiserver
requests for the vpa-recommender
of Seed and Shoot clusters to better cope with large cluster sizes. #5743 - π [OPERATOR] VPA binaries and dependency have been upgraded to 0.10.0. #5716
- β¨ Several Feature Gate Promotions:
DenyInvalidExtensionResources
(#5793) and CachedRuntimeClients
(#5752) are now GA, RotateSSHKeypairOnMaintenance
(#5740) and ShootMaxTokenExpirationOverwrite
(#5726) are now beta.
2022/04/13 - v1.44 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- π [OPERATOR] CPU limits from all gardener components have been removed to prevent CPU throttling due to reaching limits. #5627
- π [OPERATOR] Memory limits of all shoot control plane or system components have been removed or adjusted according to measured usage to prevent OOMKills due to reaching the limits. #5689
- π [OPERATOR] VPA resources now use
controlledValues: RequestsOnly
to prevent the VPA mechanism from proportionally changing the limits, which doesn’t make sense. #5638 - π‘ [OPERATOR]
dependency-watchdog-probe
does no longer use a client certificate but an auto-rotated ServiceAccount
token which is only valid for 12h
. #5685
2022/03/30 - v1.43 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [USER] There is a new Secret for each Shoot in the corresponding Project Namespace (
<shoot-name>.ca-cluster
) which contains the current CA bundle for establishing trust to the Shoot’s API server. #5612 - π [OPERATOR] An issue causing Shoot deletion to fail in a rare case when the corresponding Shoot Namespace in the Seed is already terminating is now fixed. #5555
- π [USER] A race condition has been fixed which can lead to pods without any projected token volumes for newly created shoots. #5549
- π [USER] A bug causing shoot reconciliations or deletions to fail with “no matches for kind” errors has been fixed. #5539