Overview
In case you couldn’t participate and are interested in catching up, you can find the contents of the review meetings we have had in 2024 here.
Reviews
2024/12/18 - v1.109 and v1.110 Releases
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] The deprecated and unconditionally disabled
HVPA and HVPAForShootedSeed feature gates are removed. […] #10853 - ๐ช [DEVELOPER] Extension webhooks need to remove the provider type
Predicates and add an ObjectSelector against the object’s provider type label instead. #10896 - ๐ [OPERATOR]
seed-authorizer and structured authorization webhooks of shoot kube-apiservers no longer use the default TTL for AuthorizedTTL and UnauthorizedTTL. #10703
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ชช Support More Use-Cases For
TokenRequestor. Summary - ๐ Watch
ManagedResources In Shoot Care Controller. Summary - ๐จ๐ผโ๐ป Make
cluster-autoscaler Work In Local Setup. Summary - ๐งน Use Structured Authorization In Local KinD Cluster. Summary
- ๐งน Drop Internal Versions From Component Configuration APIs. Summary
- ๐ Fix Non-Functional Shoot Node Logging In Local Setup. Summary
- ๐งน No Longer Generate Empty
Secret For reconcile OperatingSystemConfigs. Summary - ๐ฅ๏ธ Generic Monitoring Extension. Summary
2024/11/20 - v1.108 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ [OPERATOR] Fixed an issue that that could occur during control plane migration causing the
core.gardener.cloud/v1beta1.BackupEntry to be reconciled after it was successfully migrated, but before it was restored. #10761 - โจ [USER] The URLs of Shoot
plutono, prometheus and alertmanager are now stored as annotations in <shoot-name>.monitoring secret in the project namespace. #10735
2024/11/06 - v1.107 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [OPERATOR] A new required controller was added to gardener-operator. It maintains the RequiredRuntime condition for Extension resources to indicate that the extension deployment is required in the Garden-Runtime cluster. #10650
- โจ [USER] Gardener reports the cluster’s egress CIDRs in Shoot.status.networking.egressCIDRs if supported by the used provider extension. #10240
- ๐ช [OPERATOR] The gardener/controlplane Helm chart has been deprecated and will be removed after v1.135 has been released (around beginning of 2026). We urge you to switch to a gardener-operator-based installation. Read all about it here. #10706
2024/10/23 - v1.106 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] The
HVPA and HVPAForShootedSeed feature gates have been deprecated and locked to false. Disable the HVPA and HVPAForShootedSeed feature gates if you have them enabled before upgrading to this version of Gardener. #10659 - โจ [OPERATOR] Gardener generated certificates are valid
1 minute before issuance to handle some amount of clock skew. #10603 - โจ [DEVELOPER] Allow
gosec to be consumed from gardener/gardener. #10642
2024/10/16 - ApeiroRA Special Edition & v1.105 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ [OPERATOR] When checking whether a
Deployment rollout is complete, stale Pods are now ignored and no longer counted. #10548 - โจ [OPERATOR]
gardenlet now performs garbage collection of stale Pods in all namespaces (except kube-system) in the seed cluster. #10548 - โจ [OPERATOR] The
TopologySpreadConstraint calculation was improved for workload spread across multiple zones. This especially leads to a more balanced distribution of kube-apiserver and istio replicas in seed clusters. #10608
2024/09/25 - v1.104 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [OPERATOR] The
gardener-operator metrics are now automatically scraped by the garden Prometheus. #10464 - โจ [OPERATOR] Alerts based on the
proposals_failed_total metric of the etcd cluster are not raised anymore. #10524
2024/09/11 - v1.103 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [OPERATOR]
kube-proxy now has a readiness probe so that a Node will only become ready for workloads after kube-proxy was ready at least once. #10407 - โจ [OPERATOR] Host spread for shoots with failure tolerance
node (.spec.controlPlane.highAvailability.failureTolerance.type) is now accomplished via minDomains. Earlier, this happened at a best effort basis only. If a seed was having less than 3 nodes at the time the control-plane pods were scheduled, the desired pod distribution was not possible. #10400
2024/08/28 - v1.102 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] When the
NewWorkerPoolHash feature gate is enabled, the calculation now also rolls worker nodes of Shoots when changing systemReserved in the kubelet configuration. Worker pools are not rolled if the sum of kubeReserved and systemReserved does not change. […] #10290 - ๐ [USER] Fixes a bug preventing shoot clusters with annotation
shoot.gardener.cloud/skip-readiness: "true" to be created. #10317 - โจ [OPERATOR] The
.spec.deployment.vpa field in the seedmanagement.gardener.cloud/v1alpha1.{Gardenlet,ManagedSeed} APIs is deprecated and has no effect anymore. It will be removed in a future version. Now, gardenlet deploys its own VPA as part of the Seed reconciliation (after it ensured the VPA CRD exists). #10299 - ๐ [DEVELOPER] This document now contains a guide for developers how to handle deprecations and backwards-compatibility of changes. #10294
2024/08/14 - v1.101 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [DEVELOPER] The IPv4 addresses for the local Gardener setup was changed from
127.0.0.x to 172.18.255.x (default kind subnet) to resolve an issue on developer machines which can’t use additional IP addressed from the 127.0.0.0/8 space. […] #10019 - ๐ช [DEVELOPER] The legacy method of providing monitoring configuration via
ConfigMaps labeled with extensions.gardener.cloud/configuration=monitoring has been removed. See this instead. #10220 - ๐ [OPERATOR] Fixed a bug in the
vpa-eviction-requirements controller causing etcds to be evicted for downscaling outside of their maintenance window. #10202
2024/07/31 - v1.100 Release
Demo Agenda ๐
No topics available for presentation, hence, meeting was canceled.
No Demo, But Still Worth Celebrating ๐
- ๐ [USER] A bug causing
sshd running in cluster pods to receive a SIGTERM when SSHAccess for worker nodes is disabled is now fixed. #10123 - โจ [USER] Added document in which we share our pod autoscaling best practices with end users. #10083
- โจ [OPERATOR] Scrape vpa-admission-controller metrics with prometheus. #10033
2024/07/24 - v1.99 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ [USER] Erroneous warnings for incomplete shoots credentials rotation has been fixed. #10059
2024/07/17 - v1.98 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] The Resource Size Validator of the
gardener-admission-controller ignores status subresource and metadata.managedFields for resource size limits. […] #10011 - ๐ช [DEPENDENCY] The
extensions/pkg/webhook/cloudprovider.Args#EnableObjectSelector field is now removed. The corresponding webhook’s object selector is now enforced unconditionally. #10027 - โจ [OPERATOR]
kube-apiserver HPA’s max replicas count from 3 to 6 in VPAAndHPA autoscaling mode to support very large control planes. #9971 - โจ [OPERATOR] The
data in ManagedResource secrets is now compressed with Brotli and stored under a single data key data.yaml.br. #9964
2024/06/19 - v1.97 Release
Demo Agenda ๐
| Presenter(s) | Duration | Topic | Reference(s) |
|---|
| @timuthy | 5m | ๐ซ Register Node Tains With Kubelet | #9872 |
| @acumino | 5m | ๐งฐ Update Shoot Maintenance State If Last Maintenance Failed | #9945 |
No Demo, But Still Worth Celebrating ๐
- โจ [DEVELOPER]
gardener-operator local development setup supports creating seeds, shoots and managed-seeds now. #9763 - โจ [OPERATOR]
gardenlet is now capable of keeping itself updated by pulling configuration and deployment values from the garden cluster. #9874 - ๐ [OPERATOR] Fix a regression where
etcd alerts for the virtual Garden cluster did not work. #9973 - ๐ช [DEVELOPER] The deprecated fields
.spec.{reloadConfigFilePath,command} and .status.{units,files} have been removed from the extensions.gardener.cloud/v1alpha1.OperatingSystemConfig API. #9885
2024/06/05 - v1.96 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [DEVELOPER] The
allow-shoot-networks NetworkPolicy has been dropped entirely, hence, the networking.gardener.cloud/to-shoot-networks=allowed label has no effect anymore and should be removed. #9752 - ๐ช [DEPENDENCY] The
extensions/pkg/webhook/controlplane/genericmutator.Ensurer#EnsureKubeAPIServerService func is removed. This func was used before the introduction of ManagedIstio/APIServerSNI (when the kube-apiserver Service was of type LoadBalancer) to set cloud provider specific annotations to the Service. […] #9770 - โจ [OPERATOR] A new
core.gardener.cloud/v1 API version is introduced which only includes the ControllerDeployment resource for now. The new version of the ControllerDeployment drops the type and providerConfig fields in favor of a well-structured section for helm-based ControllerDeployments. #9771 - โจ [OPERATOR] It is now possible to specify an OCI repository in
ControllerDeployments describing from where the Helm chart can be pulled (instead of specifying a base64-encoded chart in the specification). #9823, Summary
2024/05/29 - v1.95 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โ๏ธ [DEVELOPER] The legacy method for extensions to provide observability configuration for shoot clusters (via
ConfigMaps labelled with extensions.gardener.cloud/configuration=monitoring) is deprecated and will be removed in a future release. Please refer to this document to get information about the new, recommended way, and start migrating to it. #9695 - โ๏ธ [DEVELOPER] The
extensions.gardener.cloud/v1alpha1.Worker resource now has a new .spec.pools[].userDataSecretRef field which references a Secret containing the actual user data. The .spec.pools[].userData field is deprecated and will be removed in a future version. […] #9722 - ๐ [USER] A bug has has been fixed which caused unneeded
gardener-node-agent reconciliations after each Shoot reconciliation even if the underlying OperatingSystemConfig did not contain relevant changes. #9723
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ An approach for supporting Cilium
v1.15+ for highly-available Shoots has been developed. Summary - โจ The contents of the
machine-controller-manager-provider-local repository have been merged into the gardener repository to improve development productivity. Summary - โจ The
vendor folder is going to be removed from OS extensions. Summary - โจ Embedded files are now considered for local image builds with Skaffold. Summary
2024/05/08 - v1.94 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โ๏ธ [OPERATOR] Five minutes Infrastructure Cleanup Wait Period during shoot deletion was removed. Shoot annotation
shoot.gardener.cloud/infrastructure-cleanup-wait-period-seconds which could be used to configure this period was removed, too. #9632 - โจ [OPERATOR]
gardener-node-agent no longer watches all Nodes in the cluster but restricts to only the Node it is responsible for (with the help of label/field selectors). This should lead to a significant reduction of network I/O, especially for shoot clusters with many nodes. #9672 - ๐ [OPERATOR]
gardener-operator is now capable of reconciling shoot cluster-specific NetworkPolicys in case the garden cluster is a seed cluster at the same time. #9658
2024/04/24 - v1.93 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โ๏ธ [OPERATOR] Set
kube-apiserver maxReplicas=3 for all Shoots that are not annotated with alpha.control-plane.scaling.shoot.gardener.cloud/scale-down-disabled=true. #9605 - โจ [OPERATOR] A new gardenlet feature gate called
ShootManagedIssuer was introduced. This feature gate guards the functionality described in GEP-24 until all of the components mentioned in the enhancement proposal are implemented by Gardener. #9489 - ๐ [OPERATOR] Istio-ingress gateway dashboard now shows the correct sent tcp traffic metric and the correct memory usage. #9596
2024/04/10 - v1.92 Release
Demo Agenda ๐
No topics available for presentation, hence, meeting was canceled.
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] The graduated
UseGardenerNodeAgent feature gate has been dropped. […]. #9477 - ๐ช [DEVELOPER] The deprecated oscommon package has been removed. #9477
- โจ [OPERATOR] Secret
openvpn-diffie-hellman-key in the garden namespace containing the Diffie-Hellmann key can be deleted from landscapes as it is no longer needed. #9386 - โจ [DEVELOPER] A new extension lifecycle strategy
reconcile: AfterWorker is now available for Extensions to use in their ControllerRegistration. #9472
2024/03/27 - v1.91 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [OPERATOR] Operators can create duplicate istio ingress gateways for migration if the zone names should be changed in the
Seed specification. #9304 - โจ [DEVELOPER] The
{garden,seed,shoot}-care controllers now incorporate ManagedResources into all relevant conditions, and it is possible to override the condition type into which a ManagedResource’s status gets incorporated via the care.gardener.cloud/condition-type label. […] #9313
2024/03/13 - v1.90 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] โ ๏ธ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions
== 1.24. Make sure to upgrade all existing clusters before upgrading to this Gardener version. #8989 - ๐ [DEPENDENCY] An issue was fixed that sometimes led to leaked
extension-controlplane-shoot-webhooks which blocked the shoot deletion. #9209 - โจ [OPERATOR] The
UseGardenerNodeAgent feature gate has been promoted to GA. It was already enabled by default and can now no longer be turned off. The feature gate will be removed in a future release. #9208
2024/02/28 - v1.89 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [USER] The shoot cluster CA bundle is now stored in a
ConfigMap in the project namespace of the garden cluster, in addition to storing it in a Secret. This ConfigMap shares the same name as the pre-existing Secret, which is <shoot-name>.ca-cluster. The Secret will be removed in a future Gardener release. […] #9123 - โจ [OPERATOR] The
UseGardenerNodeAgent feature gate has been promoted to beta and is now turned on by default. #9161 - โจ [OPERATOR] Add condition type
ObservabilityComponentsHealthy for extension health check, it will allow extensions to register with this type. #9092
2024/02/14 - v1.88 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] The
docker CRI is no longer supported for machine images in the CloudProfile. Docker CRI was already not supported for Shoots with Kubernetes versions >= v1.23, so adding this CRI is a no-op currently. Please remove all the usages of docker CRI from your CloudProfiles before upgrading to this version. #9135 - ๐ [OPERATOR] A bug has been fixed which was preventing
valitail systemd services on shoot workers from starting when the UseGardenerNodeAgent feature gate is enabled. #9149 - ๐ [USER] The
kube-apiserver deployment is annotated to mark the completion of labeling the resources for encrytion so that this step is not repeated in case the “label removal” step fails and resources are partially without the label. #9147 - โจ [OPERATOR]
BackupEntrys and Shoots are now labelled with seed.gardener.cloud/<seed-name>=true where <seed-name> is the value of .spec.seedName or .status.seedName. This allows for server-side filtering when watching these resources by leveraging a label selector. #9089
2024/01/31 - v1.87 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] The deprecated field
seed.spec.secretRef has been removed from the Seed API. Please check your Seeds and remove any usage before upgrading to this Gardener version. #8896 - ๐ช [OPERATOR] Migration code for Plutono and Vali is now removed. Consider manual cleanup for longterm broken
Shoots as described in the PR to avoid leaking Loki’s PV. #8999 - โจ [OPERATOR] The components managed by gardener now use PDBs with
unhealthyPodEvictionPolicy: AlwaysAllow for clusters with kubernetes version >= 1.26. […] #8969
2024/01/24 - v1.86 Release
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [DEVELOPER] Support for the deprecated NetworkPolicy annotations
networking.resources.gardener.cloud/from-policy-allowed-ports and networking.resources.gardener.cloud/from-policy-pod-label-selector has been removed. Use networking.resources.gardener.cloud/from-<some-alias>-allowed-ports instead (documentation). #8883 - ๐ [OPERATOR] A bug causing the
Shoot to use the wrong istio load balancer if the ExposureClass name and the exposureclass handler name are not the same is now fixed. #8926 - โจ [OPERATOR] Add
egressCIDRs field to the infrastructureStatus resource. This allows provider-extensions to specify a list of stable CIDRs used as source IP for traffic generated by the shoot’s worker nodes. #8888