Overview
In case you couldn’t participate and are interested in catching up, you can find the contents of the review meetings we have had in 2022 here.
Note that all review meetings in 2022 were SAP-internal meetings back then. Despite those, we also had a few Community Meetings in the open.
Reviews
2022/12/07 - v1.61 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- πͺ [USER] Gardener does no longer support shoot clusters with Kubernetes versions
< 1.20. […] #6987 - β¨ [USER] The
kube-apiserver is now verifying the server certificates presented by kubelets. #7047 - πͺ [OPERATOR] The already deprecated
SeedKubeScheduler feature gate is now removed. […] Instead, use the bin-packing scheduling profile. #7052 - β¨ [OPERATOR] The
gardener-seed-admission-controller binary has been dropped from the code. Its logic has been merged into gardener-resource-manager. #7053
2022/11/23 - v1.60 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [OPERATOR] The field
ManagedSeed.spec.seedTemplate has been deprecated and will be removed very soon in a future release of Gardener. […] #7006 - β¨ [OPERATOR] The seed
vpa-recommender is no longer scaled by VPA. Instead, fixed resource request values are used. #7001 - π [OPERATOR] A bug was fixed where sometimes the
kube-apiserver was deleted during shoot deletion flow even though there were still shoot managed resources present. #7008 - β¨ [DEPENDENCY]
Deployments or StatefulSets deployed by extensions in seed or shoot clusters can now benefit from the new high-availability-config webhook for automatically mutating the HA-related configuration of these resources. Please refer to this document. #6967 - β¨ [DEPENDENCY] Extension controllers no longer perform owner checks based on the owner
DNSRecord at the start of their reconciliations. #6973
2022/11/09 - v1.59 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [USER] The rotation procedure of the
ServiceAccount token signing key has been improved. #6943 - β¨ [OPERATOR] The
ManagedResources related to seed system components are now labeled with gardener.cloud/role=system-component. #6836 - β¨ [DEPENDENCY] Extensions can now use the
extensions/pkg/util.{DetermineError,DetermineErrorCodes} functions for conveniently handling errors with codes. #6912 - β¨ [DEPENDENCY]
gardener-extensions-controller package includes CLI parameter for --log-level and --log-format now. #6875 - β¨ [DEVELOPER] The
gardener-resource-manager component has been reworked entirely. It now uses a component config instead of CLI flags. Also, its Helm chart has been reworked entirely. #6865
2022/11/02 - v1.58 Release (Part II)
Demo Agenda π
2022/10/26 - v1.58 Release (Part I)
Demo Agenda π
No Demo, But Still Worth Celebrating π
- πͺ [USER]
Shoots with failure tolerance type node can be scheduled on Seeds with .spec.highAvailability != nil only. #6833 - π [USER] Shoot worker definitions are now validated using
.spec.kubernetes.kubelet when .spec.provider.workers[].kubernetes.kubelet is not specified. #6741 - πͺ [OPERATOR]
HAControlPlanes feature flag is removed from gardener-scheduler. #6833 - πͺ [OPERATOR] Remove
DNSProvider from supported extension kinds. #6840 - π [OPERATOR] Remove
/scale subresource from Etcd CRD. #6850 - β¨ [OPERATOR] Short names for
Machine (mc), MachineClass (mcc), MachineDeployment (mcd), and MachineSet (mcs) resources are now added. #6787 - β¨ [OPERATOR] Gardenlet will not start in case the seed configuration is incorrect, i.e. if the node, pod or service network specified in the Seed resource do not match to the cluster reality. #6782
2022/10/12 - v1.57 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [USER] The create/modify/delete permissions for
ServiceAccounts assigned to Project members with the admin role are now removed. Read permissions are preserved. […] #6740 - πͺ [OPERATOR] Deprecated functions
DeprecatedDetermineError and DeprecatedDetermineErrorCodes will be dropped in the upcoming releases, extensions using these functions now need to use their own methods to get the error code from the errors. #6677 - β¨ [OPERATOR] Logs from pods managed by
garden-resource-manager will be scraped and stored in the shoot’s Loki. #6748 - β¨ [OPERATOR] The
ShootCARotation and ShootSARotation feature gates have been promoted to beta and are now enabled by default. […] #6734
2022/10/06 - v1.56 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [USER] Introduce shoot spec field
spec.controlPlane to allow enabling HA control planes with failure tolerance type of node or zone. […] #6530 - β¨ [OPERATOR] gardenlet is now using
gcr.io/distroless/static-debian11:nonroot instead of versions of alpine as a base image. #6641 - β¨ [DEVELOPER] The e2e tests do now also tear down the Gardener environment, effectively verifying whether the
Seed deletion works as expected. #6664
2022/09/21 - v1.55 Release (Part II)
Demo Agenda π
2022/09/14 - v1.55 Release (Part I)
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [DEVELOPER] The existing
ManagedSeed e2e test has been enhanced with verifications for the three gardenlet kubeconfig rotation scenarios. #6568 - β¨ [OPERATOR] gardenlet’s
SeedKubeScheduler feature gate is now deprecated in favor of the bin-packing scheduling profile that can be configured for a Shoot referred by a ManagedSeed. #6599 - β¨ [OPERATOR] Gardenlet now checks that the seed network configuration conforms to the reality in the seed cluster in case the seed is a shoot itself. #6576
- π [OPERATOR] A bug has been fixed which caused the
EveryNodeReady condition on Shoots to become False and complaining about outdated cloud configs on nodes during rolling updates. #6555
2022/08/31 - v1.54 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [DEVELOPER] Gardener envtest now supports running against an existing gardener setup via
USE_EXISTING_GARDENER, see doc #6497 (will be presented in the next review meeting) - β¨ [DEVELOPER] A new
gomegacheck linter is now executed on make check. […] #6455 - β¨ [OPERATOR]
Plant API has been dropped, operators need to clean up Plant resources before upgrading the Gardener version to v1.54. #6472 - β¨ [OPERATOR] The
DNSProvider extension kind was removed. Please make sure to remove any ControllerRegistrations that include the DNSProvider kind. […] #6479 - π [OPERATOR] Shoots are correctly labeled for globally enabled extensions now. #6534
2022/08/17 - v1.53 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ Enforce that Shoot nginx-ingress addon and Seed VPA are not enabled for ManagedSeeds. #6388
- β¨ Promote the
SecretBindingProviderValidation feature gate to GA. #6429 - β¨ Promote
SeedChange and CopyEtcdBackupsDuringControlPlaneMigration feature gates to beta. #6452
2022/08/03 - v1.52 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ Promote
DisableDNSProviderManagement to GA. #6341 - β¨ Drop support for the
shoot.gardener.cloud/use-as-seed annotation. #6379 - π Fix tools download for aarch64 (arm64) π§. #6314
2022/07/20 - v1.51 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- π [DEVELOPER] A new testing strategy and developer guideline has been added. Make sure to check out the document if you want to learn more about the different kinds of tests we use and how to best write them! #6245
- π [OPERATOR] Health checks of ManagedResources are more reliable now when updating resources in the referenced secrets. #6136
- β¨ [OPERATOR] The new
ShootNodeLocalDNSEnabledByDefault admission plugin of the gardener-apiserver (disabled by default) controls whether the .spec.systemComponents.nodeLocalDNS.enabled field for newly created Shoot resources is defaulted to true. […] #6279 - β¨ [OPERATOR] Several feature gate changes:
SecretBindingProviderValidation -> beta (#6240), ShootMaxTokenExpiration{Overwrite,Validation} and RotateSSHKeypairOnMaintenance -> removed (#6241), Shoot{C,S}ARotation -> beta (#6252)
2022/07/06 - v1.50 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [DEVELOPER]
gardener-{apiserver,controller-manager,scheduler,admission-controller,seed-admission-controller,resource-manager} are now using gcr.io/distroless/static-debian11:nonroot instead of versions of alpine as a base image. #6159 - β¨ [DEVELOPER] It is now possible to render charts from embedded file systems (
embed.FS). The Render method of the chartrenderer.Interface in favour of RenderEmbeddedFS. […] #6165 - β¨ [DEPENDENCY] Gardenlet now manages fine-granular
PriorityClasses that are supposed to be used by all components in order to improve the overall robustness of the system. Find out more in the related documentation. […] #6186 - β¨ [OPERATOR] The
WorkerPoolKubernetesVersion and DisableDNSProviderManagement feature gates have been promoted. #6166, #6142 - β¨ [DEVELOPER]
k8s.io/* is now upgraded to v0.24.1 and sigs.k8s.io/controller-runtime is now upgraded to v0.12.1. #6101 - π [OPERATOR] A disruption free CA rotation is now being supported for HA shoot clusters. #6099
2022/06/22 - v1.49 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [OPERATOR] A full snapshot of
etcd-main is now triggered after all Secret were encrypted with the new key after ETCD encryption key rotation. #6064 - β¨ [OPERATOR] Making
blackbox-exporter on shoots highly-available, to prevent false positive alerts during rollouts of blackbox-exporter, apiserver-proxy and worker nodes. #6025 - β¨ [DEPENDENCY] The generic
Worker actuator now scales up machine-controller-manager Deployment when Shoot is hibernating (or waking up) and machine-controller-manager Deployment is already scaled down by external actor (dependency-watchdog). #6054
2022/06/08 - v1.48 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [USER] With the new
maintenance.gardener.cloud/operation annotation for Shoots it is now possible to confine the execution of the respective operation to the shoot cluster’s maintenance time window. #6039 - β¨ [USER] There are two new
rotate-credentials-{start,complete} operation annotations for Shoots which can be used to start or complete the rotation of all Gardener-provided/Gardener-generated credentials. #6038 - π [USER] It is now possible again to migrate the CRIs for existing worker pools in shoot clusters. #6004
- π [OPERATOR] The
ManagedIstio and APIServerSNI feature gates are now deprecated. They are already turned on by default and will be removed in a future version of Gardener. #6007
2022/05/25 - v1.47 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- π [USER] A new document related to the rotation of the CA certificate rotation has been added. #5939
- β¨ [DEVELOPER]
provider-local now allows to enable the dependency-watchdog-probe in the seed cluster. #5937 - β¨ [DEVELOPER]
provider-local now supports Ingress objects in the Seed cluster and now enables using the shoot node logging feature. #5924 - β¨ [OPERATOR] The
lastActivityTimestamp of the Project is now updated every time a Plant, BackupEntry or Shoot is created, or a Quota or Secret in the project namespace is referred by a SecretBinding. The timestamp is also updated when these resources are updated or deleted. #5821
2022/05/11 - v1.46 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- π [USER] Documentation for accessing the shoot cluster is added here. #5849
- π [USER] There is a new document explaining the various configurations (and caveats) regarding the ServiceAccount configuration for shoot clusters. #5888
- β¨ [OPERATOR] The
WorkerPoolKubernetesVersion feature gate has been promoted to beta and is now enabled by default. #5857
2022/04/27 - v1.45 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- π [OPERATOR] Fixed an issue that could cause the
cloud-config-downloader to invalidate its credentials token if the node that it is currently running on has issues with the file system where the credentials token is stored (for example when the node runs out of disk space). #5719 - π [OPERATOR] Increase the QPS and burst value for
kube-apiserver requests for the vpa-recommender of Seed and Shoot clusters to better cope with large cluster sizes. #5743 - π [OPERATOR] VPA binaries and dependency have been upgraded to 0.10.0. #5716
- β¨ Several Feature Gate Promotions:
DenyInvalidExtensionResources (#5793) and CachedRuntimeClients (#5752) are now GA, RotateSSHKeypairOnMaintenance (#5740) and ShootMaxTokenExpirationOverwrite (#5726) are now beta.
2022/04/13 - v1.44 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- π [OPERATOR] CPU limits from all gardener components have been removed to prevent CPU throttling due to reaching limits. #5627
- π [OPERATOR] Memory limits of all shoot control plane or system components have been removed or adjusted according to measured usage to prevent OOMKills due to reaching the limits. #5689
- π [OPERATOR] VPA resources now use
controlledValues: RequestsOnly to prevent the VPA mechanism from proportionally changing the limits, which doesn’t make sense. #5638 - π‘ [OPERATOR]
dependency-watchdog-probe does no longer use a client certificate but an auto-rotated ServiceAccount token which is only valid for 12h. #5685
2022/03/30 - v1.43 Release
Demo Agenda π
No Demo, But Still Worth Celebrating π
- β¨ [USER] There is a new Secret for each Shoot in the corresponding Project Namespace (
<shoot-name>.ca-cluster) which contains the current CA bundle for establishing trust to the Shoot’s API server. #5612 - π [OPERATOR] An issue causing Shoot deletion to fail in a rare case when the corresponding Shoot Namespace in the Seed is already terminating is now fixed. #5555
- π [USER] A race condition has been fixed which can lead to pods without any projected token volumes for newly created shoots. #5549
- π [USER] A bug causing shoot reconciliations or deletions to fail with “no matches for kind” errors has been fixed. #5539