Overview
In case you couldnโt participate and are interested in catching up, you can find the contents of the review meetings we have had in 2023 here.
Reviews
2023/12/06 - v1.85 Release
Demo Agenda ๐
| Presenter(s) | Duration | Topic | Reference(s) |
|---|
| @timuthy | 10m | ๐ชช Auto-Registration + Certificate Management for Extension Admission Webhooks | #8725 |
| @acumino | 5m | ๐งน Orphaned Lease Garbage Collection | #8817 |
| @rfranzke | 10m | ๐ต๏ธ Introduction Of gardener-node-agent | #8023 (issue) |
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] All the functionality related to the deprecated field
.spec.secretRef in Seeds has been removed and subsequently .spec.secretRef will be dropped from the Seed API in a later release of Gardener. Please check your Seeds and remove any usage before upgrading to this Gardener version. #8833 - โจ [OPERATOR] The
gardener-resource-manager deployment procedure was improved. Earlier, GRM was unnecessarily rolled during shoot reconciliation if worker nodes contained custom taints. #8835
2023/11/29 - v1.84 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [USER] A validation rule was added that forbids changing the primary DNS provider in
.spec.dns.providers as soon as the Shoot was scheduled. #8761 - ๐ช [OPERATOR] โ ๏ธ The deprecated fields
spec.settings.dependencyWatchdog.endpoint and spec.settings.dependencyWatchdog.probe have been removed from the Seed API. Please check your Seeds and remove any usage before upgrading to this Gardener version. #8747 - ๐ [OPERATOR] During the restore phase of control plane migration, the
machine-controller-manager is deployed with 0 replicas if it did not exist before or if it existed and was not scaled up yet. This fixes an issue that could cause the Shootโs nodes to get recreated during control plane migration. #8742 - โจ [DEVELOPER] Vendoring has been removed from the project, i.e., there is no
vendor folder anymore. #8775
2023/11/22 - v1.83 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ [OPERATOR] A bug has been fixed which caused
ServiceAccounts related to garden access secrets for extensions to leak in the seed namespace in the garden cluster after uninstallation of said extensions. #8697 - โจ [OPERATOR] The
.status.lastOperation in core.gardener.cloud/v1beta1.Seed and operator.gardener.cloud/v1alpha1.Garden resources is now only updated each 5s during a reconciliation. Previously, it was updated immediately when a task was finished. #8705
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [USER] A discussion about air-gapped shoot clusters was conducted. Summary
- โจ [DEVELOPER] A new script
hack/update-skaffold-deps.sh has been added for automatically updating Skaffold dependencies for the binaries. Previously, you had to update them manually in the skaffold.yaml file. Summary
2023/10/25 - v1.82 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [DEPENDENCY] The
MachineClassKind(), MachineClass(), and MachineClassList() methods have been dropped from the generic Worker actuatorโs interface and do not need to be implemented anymore. #8559 - ๐ช [DEPENDENCY] The no longer required
--gardenlet-manages-mcm option has been removed. All code in provider extensions related to management/deployment of machine-controller-manager should be removed. #8596 - ๐ช [DEVELOPER] The
extensions/pkg/controller/operatingsystemconfig/oscommon package is deprecated and will be removed as soon as the UseGardenerNodeAgent feature gate has been promoted to GA. OS extension developers should start adapting to this new feature, see documentation and example based on provider-local. #8647
2023/10/11 - v1.81 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ [USER] Gardener refined the scope of the problematic webhook matcher for
Endpoints objects. Earlier, shoot clusters were assigned a constraint reporting a problem with a failurePolocy: Fail webhook acting on these objects. Now, only Endpoints in the kube-system and default namespaces are considered for this check. #8521 - โจ [OPERATOR] The
MachineControllerManagerDeployment has been promoted to beta and is now enabled by default. Make sure that all registered provider extensions support this feature gate before upgrading to this version of Gardener. #8526 - โจ [OPERATOR] The
DisableScalingClassesForShoots feature gates has been promoted to GA (and is now always enabled). #8526
2023/09/27 - v1.80 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ [USER] A bug has been fixed which was allowing users to specify an extension of the same type in
.spec.extensions[].type more than once in the Shoot API. #8457 - โจ [USER] Gardener now reports nodes for which the
checksum/cloud-config-data hasnโt been populated yet. This could point towards an error on the node and that not all Gardener related configuration happened successfully. #8448 - โจ [OPERATOR]
gardener-operator now refuses to start if operators attempt to downgrade or skip minor Gardener versions. Please see this document for more information. #8413 - โจ [DEVELOPER] The following golang dependencies have been upgraded, please consult the upstream release notes and this issue for guidance on upgrading your golang dependencies when vendoring this gardener version:
k8s.io/* to v0.28.2, sigs.k8s.io/controller-runtime to v0.16.2. #8464
2023/09/13 - v1.79 Release
Demo Agenda ๐
| Presenter(s) | Duration | Topic | Reference(s) |
|---|
| @ary1992 | 10m | ๐ฎ sigs.k8s.io/controller-runtime@v0.15 Upgrade | #8245 |
| @oliver-goetz | 10m | ๐ซง Additional Excess Capacity Reservation Configurations | #8356 |
| @ScheererJ | 10m | ๐จ๐ผโ๐ป Extension Admission Controllers In Local Setup | #8311 |
No Demo, But Still Worth Celebrating ๐
- โจ [USER] When the Kubernetes control plane version is at least
v1.28, it is now possible to set the worker pool Kubernetes version to be at most three versions behind the control plane version. Earlier, only a skew of at most two versions was allowed. Find more details here. #8402 - โจ [OPERATOR] The
DisablingScalingClassesForShoots feature gate has been promoted to beta. #8428 - โจ [OPERATOR] The
WorkerlessShoots feature gate has been promoted to beta and is now turned on by default. Before deploying this Gardener version, make sure that all your registered extensions support this feature gate. #8417
2023/08/30 - v1.78 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [OPERATOR] It is possible now to trigger a
Seed reconciliation by annotating the Seed with gardener.cloud/operation=reconcile. #8347 - โจ [OPERATOR] Status of
Garden now includes the ObservabilityComponentsHealthy condition which show the health of observability components in the garden runtime-cluster. #8346 - โจ [DEPENDENCY]
BackupBucket/BackupEntry controllers: watch secret metadata only. #8348
2023/08/16 - v1.77 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ [OPERATOR]
gardenlet no longer reports the Bootstrapped condition on Seeds. Instead, it now reports the progress in .status.lastOperation, similar to how itโs done for Shoots. #8290 - ๐ [OPERATOR] Operators can now view and manage dashboards for compaction jobs running in shoot control plane. #8206
- ๐ [OPERATOR] gardener-operator now takes over management of
fluent-operator and vali. #8240
2023/08/02 - v1.76 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] Removed
service.beta.kubernetes.io/aws-load-balancer-type: nlb annotation from istio-ingressgateway service template. Set this annotation in Seed configuration. [โฆ] #8214 - โจ [USER] It is now possible to enable disabled APIs for workerless shoot clusters via
spec.kubernetes.kubeAPIServer.runtimeConfig. #8258 - ๐ [USER] An issue has been fixed which caused CoreDNS to not rewrite CNAME values in DNS answers. #8231
2023/07/19 - v1.75 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [DEVELOPER]
Shoot fields .spec.dns.providers[].domains and .spec.dns.providers[].zones are now deprecated and expected to be removed in version v1.87. Please plan ahead to drop using those fields in extensions. #8199 - ๐ช [USER] Adding Gardener-managed finalizers (e.g.,
gardener or gardener.cloud/reference-protection) to the Shoot on creation is now forbidden. #8209 - ๐ [OPERATOR] A bug causing the
gardenlet to panic when a ETCD encryption key rotation operation is triggered for a hibernated Shoot is now fixed. Now, triggering ETCD encryption key rotation or ServiceAccount signing key rotation is forbidden when the Shoot is in waking up phase. #8184
2023/07/05 - v1.74 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] โ ๏ธ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions
< 1.22. Make sure to upgrade all existing clusters before upgrading to this Gardener version. #8087 - ๐ [OPERATOR]
gardener-resource-managerโs system-components-config webhook no longer adds the toleration for the ToBeDeletedByClusterAutoscaler taint to system components in shoot clusters. The ToBeDeletedByClusterAutoscaler taint is maintained by the cluster-autoscaler. This was breaking cluster-autoscalerโs drain mechanism when scaling down an under-utilized node. It was causing just evicted system components from to be deleted node to be scheduled again on the to be deleted node. #8172
2023/06/21 - v1.73 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] The field
.spec.secretRef in the Seed API has been deprecated and will be removed in a future release of Gardener. #8064 - โจ [OPERATOR]
gardener-apiserver now exposes a new core.gardener.cloud/v1beta1.InternalSecret API, see the documentation for more information. #8025 - โจ [DEVELOPER] It is now easier to annotate
Services related to extensions serving webhook handlers that must be reached by kube-apiservers running in separate namespaces such that the respective network traffic gets allowed. Please refer to this guide for all information. [โฆ]. #8076 - โจ [DEVELOPER]
gardenletโs ControllerInstallation controller now populates the feature gate of gardenlet via the Helm values to extensions when they are getting installed. The information is populated via the .gardener.gardenlet.featureGates key. It contains a map whose keys are feature gates names and whose values are booleans (depicting the enablement status). #8011
2023/06/14 - v1.72 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] It is required to have
ControllerRegistrations for Kinds ControlPlane, Infrastructure and Worker with the same types used for seeds (.spec.provider.type). [โฆ]. #7928 - โจ [USER] The
core/v1alpha1 API version is dropped. Make sure that you donโt use the core/v1alpha1 API version in your machinery. #7965 - โจ [USER] The certificate chains served by
kube-apiservers does now include the CA certificates used to sign their server certificates. #7961 - ๐ [USER] A bug that prevented finalizers from being added to referenced
Secrets or ConfigMaps in .spec.resources in Shoots has been fixed. #7995
2023/06/07 - v1.71 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [DEVELOPER] Extensions vendoring this
gardener/gardener version need to provide RBAC privileges for PATCH apps/depoyments/scale. #7868 - โจ [OPERATOR] The
HAControlPlanes feature gate has been promoted to beta and is now turned on by default. #7867 - โจ [OPERATOR] It is now possible to provide namespace selectors for additional namespaces which should be covered by the
NetworkPolicy controllers of gardener-operator or gardenlet. [โฆ] #7929 - โจ [DEVELOPER] In order to allow
kube-apiserver pods of shoot or garden clusters to reach webhook servers, they must no longer be explicitly labeled with networking.resources.gardener.cloud/to-<service-name>-<protocol>-<port>=allowed. Instead, it is enough to annotate the Service of the webhook server with networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports=<ports>. #7907 - ๐ [DEVELOPER] A guideline for developers regarding
TODO statements has been introduced. #7939
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ The
machine-controller-manager deployment procedure has been moved from the generic Worker actuator used in extensions controllers into gardenlet. Summary - โจ The accuracy for local control plane migration e2e tests has been increased as much as possible. Summary
- โจ A few of the necessary steps for supporting ETCD encryption for custom resources have been addressed. Summary
- ๐งน The
apiserver-proxy-pod-mutator webhook has been moved into gardener-resource-manager. Summary
2023/05/10 - v1.70 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [OPERATOR] Gardener now supports seed clusters with Kubernetes versions up to
v1.26. #7831 - โจ [OPERATOR] The
highavailabilityconfig webhook configures topology spread constraints with minDomains=<number-of- zones>. [โฆ]. #7826 - โจ [OPERATOR] Annotations in
seed.spec.settings.loadBalancerServices.annotations are now applied to the nginx-ingress load balancer service in the seed cluster. #7835 - ๐งน [OPERATOR] The promoted or deprecated feature gates
ManagedIstio and ReversedVPN have been removed. #7830
2023/04/26 - v1.69 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [OPERATOR] The
SeedChange and CopyEtcdBackupsDuringControlPlaneMigration feature gates have been promoted to GA and are now locked to true. #7763 - ๐ [OPERATOR] Fixed potential leaks of
ShootStates that could happen when a Shoot cluster is deleted. This is achieved by no longer exiting early from the deletion flow if the shootโs seed Namespace has been deleted. The same logic has been applied to the migration flow for consistency. #7789 - ๐ [OPERATOR] A bug causing kube-controller-manager to fail to clean up ShootState resources is now fixed. #7793
- ๐งน [OPERATOR] The
.spec.settings.ownerChecks field of the Seed configuration is deprecated. The โbad-caseโ control plane migration is being removed in favor of the HA Shoot control planes [โฆ]. #7748
2023/04/12 - v1.68 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [OPERATOR] Enable memory-saver mode for the VPA recommender. It stops tracking resource consumption for Containers without matching VPAs and frees up memory. #7746
- โจ [DEVELOPER] The server certificate of the kube-apiserver deployment now contains the
<service-name>.<namespace>.svc.cluster.local SAN. #7735 - ๐ [OPERATOR] A bug causing the gardenlet to be unable to access the BackupBucket generated secret in garden namespace is now fixed. #7708
- ๐ [OPERATOR] A bug has been fixed for the Gardener Operator that occasionally caused โ404 not-foundโ errors when garden resources where applied and the operator ran with multiple replicas. #7739
2023/04/05 - Special Edition
Demo Agenda ๐
2023/03/29 - v1.67 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ [OPERATOR] An issue has been fixed which caused undesired PATCH requests when updating the state in the Worker or ShootState resources. #7637
- ๐ [DEVELOPER] A bug in
managedresources.NewRegistry that was leading to excessive memory usage when this function is called multiple times has been fixed. #7694 - โจ [DEVELOPER] Shoot clusters using
provider-local can now have multiple worker nodes with calico as CNI. #7684 - โจ [DEVELOPER] The local deployment of Gardener with extensions can now deal with multiple seeds. Additional seeds can be added and removed again. #7673
2023/03/15 - v1.66 Release
Demo Agenda ๐
| Presenter(s) | Duration | Topic | Reference(s) |
|---|
| @shafeeqes | 5m | ๐ป Dropped Support For Self-Managed Ingress Controllers In Seeds | #7529 |
| @timuthy | 10m | ๐ง๐ปโโ๏ธ Adapted NetworkPolicys For Istio Namespaces | #7570 |
| @ScheererJ | 10m | ๐ง๐ปโโ๏ธ Adapted NetworkPolicys For Extension Namespaces | #7589 |
| @ialidzhikov | 10m | ๐ฆ Routing Network Traffic Toplogy-Aware | #7191 |
No Demo, But Still Worth Celebrating ๐
- ๐ [USER] Updates to the
AuditPolicy referenced by Shoots are now also validated against the Kubernetes versions of those shoot clusters. This fixes an issue where it was possible to specify an unsupported audit.k8s.io version when updating the ConfigMap which contains the AuditPolicy. #7563 - ๐ [USER] Fixes control-plane migration of hibernated shoot being stuck if shoot was hibernated for
24h. #7608 - ๐ช [OPERATOR] The
ForceRestore feature gate has been removed. #7543 - โจ [OPERATOR] The
ManagedSeed controller does no longer try to sync the Seed kubeconfig Secret when Shootโs static token kubeconfig is not enabled. #7546
2023/03/01 - v1.65 Release
Demo Agenda ๐
| Presenter(s) | Duration | Topic | Reference(s) |
|---|
| @axel7born | 5m | ๐ฅธ Response Rewrite For DNS Search Path Optimization | #7478 |
| @shafeeqes | 5m | ๐ Validation For Admission Plugin Configurations | #7472 |
| @shafeeqes | 5m | ๐ฅท๐ป Recreation For Immutable ConfigMaps/Secrets | #7516 |
| @acumino | 5m | ๐ฉบ Shoot System Components Health Checks | #7462 |
| @rfranzke | 5m | ๐ง๐ปโโ๏ธ Adapted NetworkPolicys For Shoot Control Plane Components | #7484, #7515 |
| @Kumm-Kai | 10m | ๐ซ Schedule Node-Critical Pods First | #7406 |
No Demo, But Still Worth Celebrating ๐
- ๐ช [USER] The
core.gardener.cloud/v1alpha1 API is deprecated and will be removed soon. The core.gardener.cloud/v1beta1 API is already available since a very long time and should be used instead. #7443 - ๐ช [OPERATOR] Before upgrading to this Gardener version,
Seeds using .spec.dns.ingressDomain must now finally be switched to using .spec.ingress and .spec.dns.provider [โฆ]. #7515 - ๐ [OPERATOR] Fix a bug in the etcd deploy flow that erroneously unsets
etcd.spec.etcd.peerUrlTls in the Etcd CRs of high available shoots when marked for hibernation. #7514
2023/02/15 - v1.64 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [OPERATOR] The
istio-system namespace in seed clusters is now labeled with gardener.cloud/role=istio-system. All istio-ingress* namespaces are now labeled with gardener.cloud/role=istio-ingress. #7389 - ๐ [OPERATOR] When deleting a seed the
cluster-identity config map in kube-system namespace is not deleted anymore if it was already existing on seed creation. #7436 - ๐ [OPERATOR] A bug has been fixed which caused the conditions of
Shoots to be set to Unknown too fast in case the responsible gardenlet is no longer posting its heartbeat. #7404 - โจ [DEVELOPER] Add bootstrapping a local IPv6 KinD cluster with
make kind-up IPFAMILY=ipv6. #7388
2023/02/08 - v1.63 Release (Part III)
Demo Agenda ๐
2023/02/01 - v1.63 Release (Part II)
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [USER] The
ServiceAccount signing key rotation procedure has been improved and should work better for clusters with lots of ServiceAccounts or intermittent creations/deletions of new/old ServiceAccount secrets. #7313 - ๐ [USER] A bug in the kubelet-monitor script running on all shoot worker nodes has been fixed which was causing to also kill processes other than kubelet only. #7278
- โจ [OPERATOR] The legacy VPN solution has been removed. The feature gates
ReversedVPN, ManagedIstio and APIServerSNI are unconditionally enabled (locked to their default values) now. #7167 - โจ [OPERATOR]
gardener-operator is now managing the load balancer Service for exposing the virtual-garden-kube-apiserver as part of the virtual garden cluster control plane. It is possible to specify annotations for it via .spec.runtimeCluster.settings.loadBalancerServices.annotations in the Garden resource. #7238 - ๐ [OPERATOR] When deploying
kube-apiserver version v1.24, Gardener will add the --shutdown-send-retry-after=true command line flag to the kube-apiserver command. [โฆ]. #7250 - โจ [DEVELOPER] The
HighAvailabilityConfig webhook now also mutates replica settings of HPA and HVPA resources. To make use of this handling, please label respective resources with the well known high-availability-config.resource.gardener.cloud/type label [โฆ]. #7226 - โจ [DEVELOPER] It is now possible to make secrets manager adopt existing secrets. Find out more in this document. #7243
- ๐ [DEVELOPER] The Gardener project has introduced a policy for the number of supported Kubernetes versions read it here. #7300
2023/01/25 - v1.63 Release (Part I)
Demo Agenda ๐
2023/01/18 - v1.62 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [USER]
gardener-admission-controller now validates Shoot Kubernetes version compatibility with Audit Policy API version on Shoot update request. #7205 - โจ [USER] It is now possible to configure the general log verbosity and the verbosity for HTTP access logs for the
kube-apiserver via the Shoot specification. #7094 - ๐ [OPERATOR] Prevent updating
Shoots which are scheduled to a Seed with less then 3 zones to spec.controlPlane.failureTolerance.type: zone #7195 - ๐ [DEVELOPER] A new document for developers has been added with a checklist for what to pay attention to when adding new components to garden, seed, or shoot clusters. Read it here. #7125