Gardener Review Meetings 2024 โ
Overview โ
In case you couldn't participate and are interested in catching up, you can find the contents of the review meetings we have had in 2024 here.
Reviews โ
2024/12/18 - v1.109 and v1.110 Releases โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @timuthy | 5m | ๐ซฃ Virtual Cluster Watch In gardener-operator | #10663 |
| @oliver-goetz | 10m | ๐ Node Agent Authorizer | #10781 |
| @tobschli | 5m | ๐ Fix Shoot SSH Keypair Rotation | #10671 |
| @maboehm | 5m | ๐ชช Support More Use-Cases For TokenRequestor | #10988 |
| @axel7born | 5m | ๐งโ๐ง IPv4/IPv6 Dual Stack Shoots on AWS | #10803 |
No Demo, But Still Worth Celebrating ๐ โ
- ๐ช [OPERATOR] The deprecated and unconditionally disabled
HVPAandHVPAForShootedSeedfeature gates are removed. [...] #10853 - ๐ช [DEVELOPER] Extension webhooks need to remove the provider type
Predicatesand add anObjectSelectoragainst the object's provider type label instead. #10896 - ๐ [OPERATOR]
seed-authorizerand structured authorization webhooks of shootkube-apiservers no longer use the default TTL forAuthorizedTTLandUnauthorizedTTL. #10703
2024/12/11 - Hack The Garden Wrap Up โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @damyan | 5m | ๐ IPv6 Support On IronCore | Summary |
| @LucaBernstein | 5m | ๐ก Gardener SLIs: Shoot Cluster Creation/Deletion Times | Summary |
| @Gerrit91 | 5m | ๐ Version Classification Lifecycle In CloudProfiles | Summary |
| @rfranzke | 5m | ๐ก๏ธ Enhanced Seed Authorizer With Label/Field Selectors | Summary |
| @hown3d | 5m | ๐ Bring Your Own ETCD Encryption Key Via Key Management Systems | Summary |
| @MichaelEischer | 5m | โ๏ธ Load Balancing For Calls To kube-apiservers | Summary |
| @Nuckal777 | 5m | ๐ชด Validate PoC For In-Place Node Updates Of Shoot Clusters | Summary |
| @ialidzhikov | 5m | ๐ Prevent Pod Scheduling Issues Due To Overscaling | Summary |
| @maboehm | 5m | ๐ช๐ป Prevent Multiple systemd Unit Restarts On Reconciliation Errors | Summary |
| @rfranzke | 5m | ๐คนโโ๏ธ Trigger Nodes Rollout Individually Per Worker Pool During Credentials Rotation | Summary |
| @dergeberl | 5m | ๐ Replace TopologyAwareHints with ServiceTrafficDistribution | Summary |
| @oliver-goetz | 5m | โฌ๏ธ Deploy Prow Via Flux | Summary |
| @timebertt | 5m | โ๏ธโ๐ฅ E2E Test Skeleton For Autonomous Shoot Clusters | Summary |
| @tobschli | 5m | ๐ซ cluster-autoscaler's ProvisioningRequest API | Summary |
| @Gerrit91 | 5m | ๐ข Cluster API Provider For Gardener | Summary |
No Demo, But Still Worth Celebrating ๐ โ
- ๐ชช Support More Use-Cases For
TokenRequestor. Summary - ๐ Watch
ManagedResources InShootCare Controller. Summary - ๐จ๐ผโ๐ป Make
cluster-autoscalerWork In Local Setup. Summary - ๐งน Use Structured Authorization In Local KinD Cluster. Summary
- ๐งน Drop Internal Versions From Component Configuration APIs. Summary
- ๐ Fix Non-Functional Shoot Node Logging In Local Setup. Summary
- ๐งน No Longer Generate Empty
SecretForreconcileOperatingSystemConfigs. Summary - ๐ฅ๏ธ Generic Monitoring Extension. Summary
2024/11/20 - v1.108 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @LucaBernstein | 10m | ๐ผ๏ธ Custom Machine Images For NamespacedCloudProfiles | #10629, #10811 |
| @dimitar-kostadinov | 5m | ๐ณ TLS Between Registry Cache And containerd | #10831, registry-cache#245 |
| @unmarshall | 10m | ๐ค ETCD Druid v0.23 | etcd-druid (release) |
| @MartinWeindel | 10m | ๐ฉโ๐พ Gardener Operator Deploys BackupBucket/DNSRecord | #10645 |
| @istvanballok | 10m | ๐ Gardener Demo Playground | demo (website) |
No Demo, But Still Worth Celebrating ๐ โ
- ๐ [OPERATOR] Fixed an issue that that could occur during control plane migration causing the
core.gardener.cloud/v1beta1.BackupEntryto be reconciled after it was successfully migrated, but before it was restored. #10761 - โจ [USER] The URLs of Shoot
plutono,prometheusandalertmanagerare now stored as annotations in<shoot-name>.monitoringsecret in the project namespace. #10735
2024/11/06 - v1.107 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @timuthy | 10m | ๐ชช Structured Authorization Configuration | #10682 |
| @tobschli | 10m | โ Shoot Access Restrictions | #10654 |
| @petersutter | 5m | ๐น Recent Gardener Dashboard Features | 1.78.0 |
No Demo, But Still Worth Celebrating ๐ โ
- โจ [OPERATOR] A new required controller was added to gardener-operator. It maintains the RequiredRuntime condition for Extension resources to indicate that the extension deployment is required in the Garden-Runtime cluster. #10650
- โจ [USER] Gardener reports the cluster's egress CIDRs in Shoot.status.networking.egressCIDRs if supported by the used provider extension. #10240
- ๐ช [OPERATOR] The gardener/controlplane Helm chart has been deprecated and will be removed after v1.135 has been released (around beginning of 2026). We urge you to switch to a gardener-operator-based installation. Read all about it here. #10706
2024/10/23 - v1.106 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @plkokanov | 5m | ๐ซ vpa-recommender Metrics Collection | #10517 |
| @grolu | 5m | ๐ Dashboard Adaptations In gardener-operator | #10572 |
| @andrerun | 5m | ๐ GEP-29: Autoscaling Storage Volumes | #10690 |
| @DockToFuture, @axel7born | 10m | ๐ IPv6 Shoot Clusters on AWS | provider-aws#1024 |
| @ary1992 | 5m | ๐ฎ k8s.io/* + controller-runtime Upgrades | #10459 |
| @ialidzhikov | 10m | โ Kubernetes 1.31 Support | #10472 |
No Demo, But Still Worth Celebrating ๐ โ
- ๐ช [OPERATOR] The
HVPAandHVPAForShootedSeedfeature gates have been deprecated and locked to false. Disable theHVPAandHVPAForShootedSeedfeature gates if you have them enabled before upgrading to this version of Gardener. #10659 - โจ [OPERATOR] Gardener generated certificates are valid
1 minutebefore issuance to handle some amount of clock skew. #10603 - โจ [DEVELOPER] Allow
gosecto be consumed fromgardener/gardener. #10642
2024/10/16 - ApeiroRA Special Edition & v1.105 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @mkorbi, @phyrog | 25m | ๐ฒ CO2/Green Monitoring Via Kubecost | extension-shoot-kubecost (repo), extension-shoot-kepler (repo) |
| @rfranzke | 5m | ๐ฑ Support For 80+ Worker Pools | #10542 |
| @oliver-goetz | 10m | ๐จ๐ปโ๐พ gardener-operator Deploys Extension Resources | #10518 |
No Demo, But Still Worth Celebrating ๐ โ
- ๐ [OPERATOR] When checking whether a
Deploymentrollout is complete, stalePods are now ignored and no longer counted. #10548 - โจ [OPERATOR]
gardenletnow performs garbage collection of stalePods in all namespaces (exceptkube-system) in the seed cluster. #10548 - โจ [OPERATOR] The
TopologySpreadConstraintcalculation was improved for workload spread across multiple zones. This especially leads to a more balanced distribution ofkube-apiserverandistioreplicas in seed clusters. #10608
2024/09/25 - v1.104 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @LucaBernstein | 5m | ๐ชช Custom RBAC Verbs For NamespacedCloudProfiles | #10485 |
| @dimityrmirchev | 5m | โก๏ธ Migrating From SecretBinding to CredentialsBinding | #10365 |
| @ScheererJ | 10m | ๐น Golang-Based VPN Implementation | #9774 |
| @ScheererJ | 5m | ๐ GEP-28: Autonomous Shoot Clusters | #10536 |
No Demo, But Still Worth Celebrating ๐ โ
- โจ [OPERATOR] The
gardener-operatormetrics are now automatically scraped by thegardenPrometheus. #10464 - โจ [OPERATOR] Alerts based on the
proposals_failed_totalmetric of theetcdcluster are not raised anymore. #10524
2024/09/11 - v1.103 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @dimityrmirchev | 10m | ๐ Token Requestor Controller For WorkloadIdentitys | #10298 |
| @LucaBernstein | 5m | โ๏ธ New API: NamespacedCloudProfile | #10266 |
| @timuthy | 10m | ๐จ๐ปโ๐พ gardener-operator Deploys Extension Admission Components | #10277 |
No Demo, But Still Worth Celebrating ๐ โ
- โจ [OPERATOR]
kube-proxynow has a readiness probe so that aNodewill only become ready for workloads afterkube-proxywas ready at least once. #10407 - โจ [OPERATOR] Host spread for shoots with failure tolerance
node(.spec.controlPlane.highAvailability.failureTolerance.type) is now accomplished viaminDomains. Earlier, this happened at a best effort basis only. If a seed was having less than 3 nodes at the time the control-plane pods were scheduled, the desired pod distribution was not possible. #10400
2024/08/28 - v1.102 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @AleksandarSavchev | 10m | ๐ชช Structured Authentication For Shoot and Garden | #10244 |
| @ialidzhikov | 5m | โ๏ธ VPA Recommender Configurability | #10221 |
| @plkokanov | 10m | ๐ด๏ธ Cross-Provider Control Plane Migration | #10323 |
| @vicwicker | 10m | ๐ Migrate VPA Metrics To CustomResourceState Metrics | #9941 |
No Demo, But Still Worth Celebrating ๐ โ
- ๐ช [OPERATOR] When the
NewWorkerPoolHashfeature gate is enabled, the calculation now also rolls worker nodes ofShoots when changingsystemReservedin thekubeletconfiguration. Worker pools are not rolled if the sum ofkubeReservedandsystemReserveddoes not change. [...] #10290 - ๐ [USER] Fixes a bug preventing shoot clusters with annotation
shoot.gardener.cloud/skip-readiness: "true"to be created. #10317 - โจ [OPERATOR] The
.spec.deployment.vpafield in theseedmanagement.gardener.cloud/v1alpha1.{Gardenlet,ManagedSeed}APIs is deprecated and has no effect anymore. It will be removed in a future version. Now, gardenlet deploys its own VPA as part of theSeedreconciliation (after it ensured the VPA CRD exists). #10299 - ๐ [DEVELOPER] This document now contains a guide for developers how to handle deprecations and backwards-compatibility of changes. #10294
2024/08/14 - v1.101 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @vpnachev | 10m | ๐ token Subresource For WorkloadIdentity API | #10042 |
| @nkraetzschmar | 5m | ๐ง Secure Boot On Gardenlinux | gardenlinux#2237 |
| @rfranzke | 10m | ๐ชด gardenlet Management Via gardener-operator | #10161, #10218 |
| @timuthy | 10m | ๐ช Registry Mirror Management Via OperatingSystemConfig | #10050, #10167 |
No Demo, But Still Worth Celebrating ๐ โ
- ๐ช [DEVELOPER] The IPv4 addresses for the local Gardener setup was changed from
127.0.0.xto172.18.255.x(defaultkindsubnet) to resolve an issue on developer machines which can't use additional IP addressed from the127.0.0.0/8space. [...] #10019 - ๐ช [DEVELOPER] The legacy method of providing monitoring configuration via
ConfigMaps labeled withextensions.gardener.cloud/configuration=monitoringhas been removed. See this instead. #10220 - ๐ [OPERATOR] Fixed a bug in the
vpa-eviction-requirementscontroller causingetcds to be evicted for downscaling outside of their maintenance window. #10202
2024/07/31 - v1.100 Release โ
Demo Agenda ๐ โ
No topics available for presentation, hence, meeting was canceled.
No Demo, But Still Worth Celebrating ๐ โ
- ๐ [USER] A bug causing
sshdrunning in cluster pods to receive aSIGTERMwhenSSHAccessfor worker nodes is disabled is now fixed. #10123 - โจ [USER] Added document in which we share our pod autoscaling best practices with end users. #10083
- โจ [OPERATOR] Scrape vpa-admission-controller metrics with prometheus. #10033
2024/07/24 - v1.99 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @ScheererJ | 10m | ๐ก Network Range Propagation From Extensions | #9998 |
| @MartinWeindel | 5m | ๐จ๐ปโ๐พ gardener-operator Manages Cert Management | #9957 |
No Demo, But Still Worth Celebrating ๐ โ
- ๐ [USER] Erroneous warnings for incomplete shoots credentials rotation has been fixed. #10059
2024/07/17 - v1.98 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @LucaBernstein | 5m | ๐ฅ Object Selector For Extension Webhooks | #9981, #10026 |
| @MichaelEischer | 10m | ๐ New Worker Pool Hash Calculation For Rolling Updates | #9865 |
| @dimityrmirchev | 5m | ๐ชข CredentialsBinding: Successor Of SecretBinding | #9853 |
| @istvanballok | 10m | ๐ช Renovated Remote Local Setup | #9980 |
| @oliver-goetz | 5m | ๐ Introduce gosec For Static Application Security Testing (SAST) | #9959 |
No Demo, But Still Worth Celebrating ๐ โ
- ๐ช [OPERATOR] The Resource Size Validator of the
gardener-admission-controllerignoresstatussubresource andmetadata.managedFieldsfor resource size limits. [...] #10011 - ๐ช [DEPENDENCY] The
extensions/pkg/webhook/cloudprovider.Args#EnableObjectSelectorfield is now removed. The corresponding webhook's object selector is now enforced unconditionally. #10027 - โจ [OPERATOR]
kube-apiserverHPA's max replicas count from 3 to 6 inVPAAndHPAautoscaling mode to support very large control planes. #9971 - โจ [OPERATOR] The
datainManagedResourcesecrets is now compressed with Brotli and stored under a single data keydata.yaml.br. #9964
2024/06/19 - v1.97 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @timuthy | 5m | ๐ซ Register Node Tains With Kubelet | #9872 |
| @acumino | 5m | ๐งฐ Update Shoot Maintenance State If Last Maintenance Failed | #9945 |
No Demo, But Still Worth Celebrating ๐ โ
- โจ [DEVELOPER]
gardener-operatorlocal development setup supports creating seeds, shoots and managed-seeds now. #9763 - โจ [OPERATOR]
gardenletis now capable of keeping itself updated by pulling configuration and deployment values from the garden cluster. #9874 - ๐ [OPERATOR] Fix a regression where
etcdalerts for the virtual Garden cluster did not work. #9973 - ๐ช [DEVELOPER] The deprecated fields
.spec.{reloadConfigFilePath,command}and.status.{units,files}have been removed from theextensions.gardener.cloud/v1alpha1.OperatingSystemConfigAPI. #9885
2024/06/05 - v1.96 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @ScheererJ | 10m | ๐ข Proxy Protocol Termination On Load Balancers In Seeds | #9844 |
| @MichaelEischer | 5m | ๐ Improved OperatingSystemConfig Rollout Check For Nodes | #9757 |
| @MartinWeindel | 5m | ๐ Secrets Manager: Configurable Validity Percentage For Auto-Renewal | #9819 |
| @dimityrmirchev | 10m | ๐จ๐ปโ๐พ gardener-operator Manages Discovery Server | #9746 |
| @marwinski | 10m | ๐ฎ GEP-27: Falco Extension | #9845 |
No Demo, But Still Worth Celebrating ๐ โ
- ๐ช [DEVELOPER] The
allow-shoot-networksNetworkPolicyhas been dropped entirely, hence, thenetworking.gardener.cloud/to-shoot-networks=allowedlabel has no effect anymore and should be removed. #9752 - ๐ช [DEPENDENCY] The
extensions/pkg/webhook/controlplane/genericmutator.Ensurer#EnsureKubeAPIServerServicefunc is removed. This func was used before the introduction ofManagedIstio/APIServerSNI(when thekube-apiserverServicewas of typeLoadBalancer) to set cloud provider specific annotations to theService. [...] #9770 - โจ [OPERATOR] A new
core.gardener.cloud/v1API version is introduced which only includes theControllerDeploymentresource for now. The new version of theControllerDeploymentdrops the type andproviderConfigfields in favor of a well-structured section for helm-basedControllerDeployments. #9771 - โจ [OPERATOR] It is now possible to specify an OCI repository in
ControllerDeployments describing from where the Helm chart can be pulled (instead of specifying abase64-encoded chart in the specification). #9823, Summary
2024/05/29 - v1.95 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @shafeeqes | 5m | โ Kubernetes 1.30 Support | #9508 |
| @ialidzhikov | 10m | ๐ VPA- and HPA-Based Autoscaling For kube-apiserver | #9678 |
| @rfranzke | 10m | ๐ Four-Eyes Approval Concept For Shoot Deletion | #9680 |
| @ScheererJ | 5m | ๐งช IPv6-Only E2E Tests In Prow | #9693 |
No Demo, But Still Worth Celebrating ๐ โ
- โ๏ธ [DEVELOPER] The legacy method for extensions to provide observability configuration for shoot clusters (via
ConfigMaps labelled withextensions.gardener.cloud/configuration=monitoring) is deprecated and will be removed in a future release. Please refer to this document to get information about the new, recommended way, and start migrating to it. #9695 - โ๏ธ [DEVELOPER] The
extensions.gardener.cloud/v1alpha1.Workerresource now has a new.spec.pools[].userDataSecretReffield which references aSecretcontaining the actual user data. The.spec.pools[].userDatafield is deprecated and will be removed in a future version. [...] #9722 - ๐ [USER] A bug has has been fixed which caused unneeded
gardener-node-agentreconciliations after eachShootreconciliation even if the underlyingOperatingSystemConfigdid not contain relevant changes. #9723
2024/05/22 - Hack The Garden Wrap Up โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @maboehm | 5m | ๐๏ธ OCI Helm Release Reference For ControllerDeployments | Summary |
| @oliver-goetz | 5m | ๐จ๐ผโ๐ป gardener-operator Local Development Setup With gardenlets | Summary |
| @kon-angelo | 5m | ๐จ๐ปโ๐พ Extensions For Garden Cluster Via gardener-operator | Summary |
| @rfranzke | 5m | ๐ช Gardenlet Self-Upgrades For Unmanaged Seeds | Summary |
| @Gerrit91 | 5m | ๐ฆบ Type-Safe Configurability in OperatingSystemConfig For containerd, DNS, NTP, etc. | Summary |
| @majst01 | 5m | ๐ฎ Expose Shoot API Server In Tailscale VPN | Summary |
| @hown3d | 5m | โจ๏ธ Rewrite gardener/vpn2 From Bash To Golang | Summary |
| @ScheererJ | 5m | ๐ณ๏ธ Pure IPv6-Based VPN Tunnel | Summary |
| @timebertt | 5m | ๐ Harmonize Local VPN Setup With Real-World Scenario | Summary |
| @timuthy | 5m | ๐ Compression For ManagedResource Secrets | Summary |
| @afritzler | 5m | ๐ Making Shoot Flux Extension Production-Ready | Summary |
No Demo, But Still Worth Celebrating ๐ โ
- โจ An approach for supporting Cilium
v1.15+for highly-availableShoots has been developed. Summary - โจ The contents of the
machine-controller-manager-provider-localrepository have been merged into thegardenerrepository to improve development productivity. Summary - โจ The
vendorfolder is going to be removed from OS extensions. Summary - โจ Embedded files are now considered for local image builds with Skaffold. Summary
2024/05/08 - v1.94 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @voelzmo | 10m | ๐ VPA For ETCD Autoscaling | #8984 |
| @oliver-goetz | 5m | ๐ Worker Node Count Validation | #9599 |
| @rfranzke | 10m | ๐ Dynamic Plutono Dashboard Reconciliation | #9624 |
| @petersutter | 10m | ๐ฎ gardener-operator Manages Dashboard + Web Terminal Controller | #9583, #9646 |
No Demo, But Still Worth Celebrating ๐ โ
- โ๏ธ [OPERATOR] Five minutes Infrastructure Cleanup Wait Period during shoot deletion was removed. Shoot annotation
shoot.gardener.cloud/infrastructure-cleanup-wait-period-secondswhich could be used to configure this period was removed, too. #9632 - โจ [OPERATOR]
gardener-node-agentno longer watches allNodes in the cluster but restricts to only theNodeit is responsible for (with the help of label/field selectors). This should lead to a significant reduction of network I/O, especially for shoot clusters with many nodes. #9672 - ๐ [OPERATOR]
gardener-operatoris now capable of reconciling shoot cluster-specificNetworkPolicys in case the garden cluster is a seed cluster at the same time. #9658
2024/04/24 - v1.93 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @maboehm | 10m | ๐ New AfterWorker Extension Lifecycle Strategy | #9472 |
| @MichaelEischer | 10m | ๐จ Machine Type Dependent Resource Reservations | #9449 |
| @rfranzke | 5m | ๐ Garden Prometheis Managed By prometheus-operator | #9543, #9606 |
| @oliver-goetz | 10m | ๐ Fix Kubelet Data Volume Usage | #9609 |
No Demo, But Still Worth Celebrating ๐ โ
- โ๏ธ [OPERATOR] Set
kube-apiservermaxReplicas=3for all Shoots that are not annotated withalpha.control-plane.scaling.shoot.gardener.cloud/scale-down-disabled=true. #9605 - โจ [OPERATOR] A new gardenlet feature gate called
ShootManagedIssuerwas introduced. This feature gate guards the functionality described in GEP-24 until all of the components mentioned in the enhancement proposal are implemented by Gardener. #9489 - ๐ [OPERATOR] Istio-ingress gateway dashboard now shows the correct sent tcp traffic metric and the correct memory usage. #9596
2024/04/10 - v1.92 Release โ
Demo Agenda ๐ โ
No topics available for presentation, hence, meeting was canceled.
No Demo, But Still Worth Celebrating ๐ โ
- ๐ช [OPERATOR] The graduated
UseGardenerNodeAgentfeature gate has been dropped. [...]. #9477 - ๐ช [DEVELOPER] The deprecated oscommon package has been removed. #9477
- โจ [OPERATOR] Secret
openvpn-diffie-hellman-keyin thegardennamespace containing the Diffie-Hellmann key can be deleted from landscapes as it is no longer needed. #9386 - โจ [DEVELOPER] A new extension lifecycle strategy
reconcile: AfterWorkeris now available for Extensions to use in theirControllerRegistration. #9472
2024/03/27 - v1.91 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @rfranzke | 5m | ๐จ Alertmanager For Garden Clusters | #9301, #9065 (issue) |
| @rfranzke | 5m | ๐ถ Health Checks For Dependency Watchdog Actions | #9376 |
| @ScheererJ | 10m | ๐ฆ Replace kube-apiserver Ingress Resources With Istio Exposure | #9300 |
| @shafeeqes | 5m | ๐งฝ Force Kubernetes Upgrade Removes Unsupported Feature Gates + Admission Plugins | #9365 |
| @dimityrmirchev | 10m | ๐ซ Managed Shoot OIDC Issuer | #9196, #9354, #9157 (issue) |
No Demo, But Still Worth Celebrating ๐ โ
- โจ [OPERATOR] Operators can create duplicate istio ingress gateways for migration if the zone names should be changed in the
Seedspecification. #9304 - โจ [DEVELOPER] The
{garden,seed,shoot}-carecontrollers now incorporateManagedResourcesinto all relevant conditions, and it is possible to override the condition type into which aManagedResource's status gets incorporated via thecare.gardener.cloud/condition-type label. [...] #9313
2024/03/13 - v1.90 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @rishabh-11 | 10m | ๐ถ Dependency Watchdog Considers Node Leases | dependency-watchdog#94, #9072 |
| @ScheererJ | 5m | ๐ Add IP Stack To DNSRecords | #9289 |
| @kon-angelo | 10m | ๐๏ธ AWS ECR Credentials Provider For Kubelet | provider-aws#854 |
| @rfranzke | 5m | ๐ฉบ Health Checks For VerticalPodAutoscalers | #9211 |
| @oliver-goetz | 10m | ๐ค Renovate Bot | ci-infra#1163, #9197 |
No Demo, But Still Worth Celebrating ๐ โ
- ๐ช [OPERATOR] โ ๏ธ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions
== 1.24. Make sure to upgrade all existing clusters before upgrading to this Gardener version. #8989 - ๐ [DEPENDENCY] An issue was fixed that sometimes led to leaked
extension-controlplane-shoot-webhookswhich blocked the shoot deletion. #9209 - โจ [OPERATOR] The
UseGardenerNodeAgentfeature gate has been promoted to GA. It was already enabled by default and can now no longer be turned off. The feature gate will be removed in a future release. #9208
2024/02/28 - v1.89 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @ScheererJ | 10m | โ๏ธ Drop nginx-ingress Load Balancer In Favor Of Istio | #9038 |
| @shafeeqes | 5m | โ Skip Minor Kubernetes Version Upgrades | #9185 |
| @rfranzke | 10m | ๐ Seed Prometheis Managed By prometheus-operator | #9128, #9159, #9200, #9163 |
| @petersutter | 5m | ๐ Read-Only Kubeconfigs For Shoots in Dashboard and CLI | dashboard#1711 (issue) |
No Demo, But Still Worth Celebrating ๐ โ
- โจ [USER] The shoot cluster CA bundle is now stored in a
ConfigMapin the project namespace of the garden cluster, in addition to storing it in aSecret. ThisConfigMapshares the same name as the pre-existing Secret, which is<shoot-name>.ca-cluster. TheSecretwill be removed in a future Gardener release. [...] #9123 - โจ [OPERATOR] The
UseGardenerNodeAgentfeature gate has been promoted to beta and is now turned on by default. #9161 - โจ [OPERATOR] Add condition type
ObservabilityComponentsHealthyfor extension health check, it will allow extensions to register with this type. #9092
2024/02/14 - v1.88 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @rfranzke | 10m | ๐ก๏ธ Additional/Custom RBAC Permissions For Extensions | #9079 |
| @oliver-goetz | 10m | ๐จ๐ปโ๐พ gardener Linux User On Shoot Worker Nodes | #9077 |
| @tobschli | 5m | ๐ฉบ EveryNodeReady Considers gardener-node-agent Health | #9073 |
| @MartinWeindel | 10m | โ๐ป Istio Resources As Source Objects For DNS Records | external-dns-management#354 |
No Demo, But Still Worth Celebrating ๐ โ
- ๐ช [OPERATOR] The
dockerCRI is no longer supported for machine images in theCloudProfile. Docker CRI was already not supported forShoots with Kubernetes versions>= v1.23, so adding this CRI is a no-op currently. Please remove all the usages ofdockerCRI from yourCloudProfiles before upgrading to this version. #9135 - ๐ [OPERATOR] A bug has been fixed which was preventing
valitailsystemd services on shoot workers from starting when theUseGardenerNodeAgentfeature gate is enabled. #9149 - ๐ [USER] The
kube-apiserverdeployment is annotated to mark the completion of labeling the resources for encrytion so that this step is not repeated in case the "label removal" step fails and resources are partially without the label. #9147 - โจ [OPERATOR]
BackupEntrys andShoots are now labelled withseed.gardener.cloud/<seed-name>=truewhere<seed-name>is the value of.spec.seedNameor.status.seedName. This allows for server-side filtering when watching these resources by leveraging a label selector. #9089
2024/01/31 - v1.87 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @timebertt | 10m | ๐ IPv6 Single-Stack In Local Gardener | #8574 |
| @axel7born | 10m | ๐จ๐ผโ๐ป Local Setup For Dual-Stack Seeds | #8983 |
| @acumino | 5m | โ Kubernetes 1.29 Support | #8976 |
| @ScheererJ | 10m | ๐จโ๐จโ๐ฆ Spread Istio Pods Across Hosts | #8970 |
| @shafeeqes | 10m | ๐ Custom Resource Encryption in ETCD | #8842, #8966 |
No Demo, But Still Worth Celebrating ๐ โ
- ๐ช [OPERATOR] The deprecated field
seed.spec.secretRefhas been removed from theSeedAPI. Please check yourSeeds and remove any usage before upgrading to this Gardener version. #8896 - ๐ช [OPERATOR] Migration code for Plutono and Vali is now removed. Consider manual cleanup for longterm broken
Shoots as described in the PR to avoid leaking Loki's PV. #8999 - โจ [OPERATOR] The components managed by gardener now use PDBs with
unhealthyPodEvictionPolicy: AlwaysAllowfor clusters with kubernetes version >= 1.26. [...] #8969
2024/01/24 - v1.86 Release โ
Demo Agenda ๐ โ
| Presenter(s) | Duration | Topic | Reference(s) |
|---|---|---|---|
| @grolu | 10m | ๐น Recent Gardener Dashboard Features | dashboard (repo) |
| @holgerkoser | 10m | ๐ "All Projects" Dashboard Page Scalability Improvements | dashboard#1637 |
| @rfranzke | 5m | ๐ Read-Only Kubeconfigs For Shoots | #8870 |
| @oliver-goetz | 5m | ๐พ Registry Cache For E2E Tests In Prow | #8880 |
No Demo, But Still Worth Celebrating ๐ โ
- ๐ช [DEVELOPER] Support for the deprecated NetworkPolicy annotations
networking.resources.gardener.cloud/from-policy-allowed-portsandnetworking.resources.gardener.cloud/from-policy-pod-label-selectorhas been removed. Usenetworking.resources.gardener.cloud/from-<some-alias>-allowed-portsinstead (documentation). #8883 - ๐ [OPERATOR] A bug causing the
Shootto use the wrong istio load balancer if theExposureClassname and the exposureclass handler name are not the same is now fixed. #8926 - โจ [OPERATOR] Add
egressCIDRsfield to theinfrastructureStatusresource. This allows provider-extensions to specify a list of stable CIDRs used as source IP for traffic generated by the shoot's worker nodes. #8888