Overview
In case you couldn’t participate and are interested in catching up, you can find the contents of the review meetings we have had in 2025 here.
Check back regularly for updates and upcoming topics!
Reviews
2025/05/07 - v1.118 Release
๐ฝ๏ธ Recording
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ [OPERATOR] Gardener core components are automatically restarted (due to a failing liveness probe) in case their Kubernetes API server watch caches do not sync for
3m
. #11966 - โจ [USER] The CA bundle of the kubelet is now available via a
ConfigMap
the project’s namespace, called <shoot-name>.ca-kubelet
. #11916 - โจ [OPERATOR] The
Seed
API feature new field spec.backup.credentialsRef
, it is of type corev1.ObjectReference
and is allowed to refer to a Secret
. #11583
2025/04/23 - v1.117 Release
๐ฝ๏ธ Recording
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [USER] The VPA version is updated to 1.3.0. Upstream VPA 1.3.0 does no longer serve API version
autoscaling.k8s.io/v1beta2
. Gardener’s VPA installation will continue to serve API version autoscaling.k8s.io/v1beta2
until Gardener v1.119. […] #11774 - โจ [OPERATOR]
NamespacedCloudProfile.spec.limits.maxNodesTotal
can now also be used to override the limit defined in the parent CloudProfile
with an increased value. Increasing requires additional permissions granted by the custom verb raise-spec-limits
. #11796 - โจ [OPERATOR]
gardener-operator
automatically adds the networking.resources.gardener.cloud/to-virtual-garden-kube-apiserver-tcp-443: allowed
label to the gardenlet deployment in case it is deployed to the garden runtime cluster. Thus, it is not required anymore to configure this label in the Gardenlet
resource. #11855
2025/04/09 - v1.116 Release
๐ฝ๏ธ Recording
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] Please note, if you configure
spec.extensions
in your Garden
resource: gardener-operator
adds a garden-
prefix to all extension resources configured via the Garden
. Existing extension resources (not prefixed) will be deleted automatically at the end of the reconciliation. […]. #11764 - ๐ช [DEVELOPER] The extension
class
field in the generic extension controller was removed. Please use the new field classes
instead. #11764 - โจ [OPERATOR] The feature gate
NewVPN
has been graduated to GA. It was already enabled by default and can now no longer be turned off. The feature gate will be removed in a future release. #11714
2025/03/26 - v1.115 Release
๐ฝ๏ธ Recording
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [USER] If the Gardener operator has defined a control plane wildcard certificate, the
.status.advertisedAddresses
of the Shoot
contain an entry with an endpoint secured by this certificate. Note that this endpoint is specific to the seed cluster the Shoot is scheduled to. Read all about it in this document. #11612 - โจ [OPERATOR] The
injectGardenKubeconfig
field is defaulted to true
for extensions responsible for Worker
resources when registered via the operator.gardener.cloud/v1alpha1.Extension
API. #11658
2025/03/12 - v1.114 Release
๐ฝ๏ธ Recording
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ช [OPERATOR] โ ๏ธ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions <= 1.26. Make sure to upgrade all existing clusters before upgrading to this Gardener version. #10664
- ๐ช [USER] All
Seed
s are now automatically labeled with name.seed.gardener.cloud/<name>=true
(โ no longer seed.gardener.cloud/<name>=true
) where <name>
is their own name, and (if applicable) the name of their parent seed in case they are managed seeds. This label can be used as selector for requests. #11479 - โจ [OPERATOR]
gardener-operator
now waits for required Extension
s to get ready early in the reconcile flow. It addresses use-cases where extensions run mutating webhooks in the garden runtime cluster that must be present when Garden components are deployed. #11523
2025/03/05 - Kubernetes v1.32 Special Edition
๐ฝ๏ธ Recording
Demo Agenda ๐
Presenters: @marc1404, @LucaBernstein
Duration | Topic | Reference(s) |
---|
10m | ๐ Graduation Ceremony Graduated Features | KEP-4358, KEP-1967, KEP-4193, KEP-3221, KEP-1847 |
10m | ๐ธ Beta Bloom Alpha -> Beta Promotions | KEP-4368, KEP-4633, KEP-4247, KEP-1790, KEP-3476, KEP-4381, KEP-4601, KEP-3157 |
10m | ๐๏ธ Fresh Off The Press New Alpha Features | KEP-4832, KEP-3962, KEP-2837, KEP-4818, KEP-4817, KEP-4827 & KEP-4828, KEP-4802 & KEP-4885 |
5m | ๐งผ Security, Deprecations & Removals | CVE-2025-0426, CVE-2024-9042, KEP-4381, kubernetes/kubernetes#127017 |
5m | ๐ชด What’s Changing In Gardener | #11020, #10666, #10858 |
2025/02/26 - v1.113 Release
๐ฝ๏ธ Recording
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- ๐ [USER] The ETCD encryption config now properly configures a 32-byte key. #11150
- โจ [OPERATOR] Enhance the
gardener-operator
to allow specification of more than a single network range for .spec.runtimeCluster.networking.{nodes,pods,services}
, and .spec.virtualCluster.networking.services
, which also allows dual-stack configurations. #11251 - โจ [OPERATOR] Shoot system and Shoot control plane containers, which do not require privilege escalations, now forbid privilege escalation explicitly. There is an issue in Kubernetes about the privilege escalation configuration being true by default. #11241
2025/02/19 - v1.112 Release
๐ฝ๏ธ Recording
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [USER] All
Seed
s are now automatically labeled with seed.gardener.cloud/<name>=true
where <name>
is their own name, and (if applicable) the name of their parent seed in case they are managed seeds. This label can be used as selector for requests. #11062 - ๐ [OPERATOR] Rewrite Setup Gardener document #11260
2025/02/12 - v1.111 Release
๐ฝ๏ธ Recording
Demo Agenda ๐
No Demo, But Still Worth Celebrating ๐
- โจ [USER] Expired versions from the
NamespacedCloudProfile
are always dropped, except for already applied versions. #10910 - โจ [OPERATOR] Now
vali
contains the managed control plane logs from the early stages of Shoot
reconcile. #11082 - ๐ [OPERATOR] An issue was fixed in
gardener-operator
that prevented configuring OIDC for gardener-dashboard
while using Structured Authentication. #11080