Overview
In case you couldnβt participate and are interested in catching up, you can find the contents of the review meetings we have had in 2024 here.
Check back regularly for updates and upcoming topics!
Reviews
2025/03/26 - v1.115 Release
Demo Agenda π
Presenter(s) | Duration | Topic | Reference(s) |
---|---|---|---|
@shafeeqes | 10m | ποΈ Drop TokenInvalidator Controller And Webhook | #11497 |
@LucaBernstein | 5m | π Latest NamespacedCloudProfile s Features | #11647, #11550 |
@ialidzhikov | 10m | π Replace TopologyAwareHints With ServiceTrafficDistribution | #11178 |
@ScheererJ | 5m | βοΈ Better CoreDNS Configurability | #11526 |
@oliver-goetz | 10m | π
Drop HorizontalPodAutoscaler For gardener-apiserver | #11684 |
@hendrikKahl | 5m | π GOAWAY Chance For gardener-apiserver | #11551 |
No Demo, But Still Worth Celebrating π
- β¨ [USER] If the Gardener operator has defined a control plane wildcard certificate, the
.status.advertisedAddresses
of theShoot
contain an entry with an endpoint secured by this certificate. Note that this endpoint is specific to the seed cluster the Shoot is scheduled to. Read all about it in this document. #11612 - β¨ [OPERATOR] The
injectGardenKubeconfig
field is defaulted totrue
for extensions responsible forWorker
resources when registered via theoperator.gardener.cloud/v1alpha1.Extension
API. #11658
2025/03/12 - v1.114 Release
Demo Agenda π
Presenter(s) | Duration | Topic | Reference(s) |
---|---|---|---|
@AleksandarSavchev | 5m | βοΈ Deny-All NetworkPolicy In kube-system Namespace For Shoot s | #11502 |
@timuthy | 10m | π Minimum Resource Requirements For Shoot ETCD + API Server | #11252 |
@timuthy | 5m | π¨ Extension Example Manifest Generator | #11329 |
@Wieneo | 5m | ποΈ Dropping Reserved VPN Authz Server | #11338 |
@oliver-goetz | 10m | βοΈ L7 Load-Balancing For Requests To kube-apiserver s | #11085 |
@rfranzke | 5m | π Garden Access For Extensions No Longer By Default | #11593 |
No Demo, But Still Worth Celebrating π
- πͺ [OPERATOR] β οΈ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions <= 1.26. Make sure to upgrade all existing clusters before upgrading to this Gardener version. #10664
- πͺ [USER] All
Seed
s are now automatically labeled withname.seed.gardener.cloud/<name>=true
(β no longerseed.gardener.cloud/<name>=true
) where<name>
is their own name, and (if applicable) the name of their parent seed in case they are managed seeds. This label can be used as selector for requests. #11479 - β¨ [OPERATOR]
gardener-operator
now waits for requiredExtension
s to get ready early in the reconcile flow. It addresses use-cases where extensions run mutating webhooks in the garden runtime cluster that must be present when Garden components are deployed. #11523
2025/03/05 - Kubernetes v1.32 Special Edition
Demo Agenda π
Presenters: @marc1404, @LucaBernstein
Duration | Topic | Reference(s) |
---|---|---|
10m | π Graduation Ceremony Graduated Features | KEP-4358, KEP-1967, KEP-4193, KEP-3221, KEP-1847 |
10m | πΈ Beta Bloom Alpha -> Beta Promotions | KEP-4368, KEP-4633, KEP-4247, KEP-1790, KEP-3476, KEP-4381, KEP-4601, KEP-3157 |
10m | ποΈ Fresh Off The Press New Alpha Features | KEP-4832, KEP-3962, KEP-2837, KEP-4818, KEP-4817, KEP-4827 & KEP-4828, KEP-4802 & KEP-4885 |
5m | π§Ό Security, Deprecations & Removals | CVE-2025-0426, CVE-2024-9042, KEP-4381, kubernetes/kubernetes#127017 |
5m | πͺ΄ Whatβs Changing In Gardener | #11020, #10666, #10858 |
2025/02/26 - v1.113 Release
Demo Agenda π
Presenter(s) | Duration | Topic | Reference(s) |
---|---|---|---|
@maboehm | 5m | π· Maximum Node Count For Shoot s | #11279 |
@domdom82 | 5m | π ACL Reconciliation On Infrastructure Changes | extension-acl#105 |
@Wieneo | 5m | π GEP-30: Rework API Server Proxy | #11214 (issue) |
@ishan16696 | 10m | π Fix Failing ETCD Restorations | etcd-backup-restore#778 (issue) |
@timebertt | 5m | πͺ Refactor E2E Tests To Ordered It s | #11379 (issue) |
@vpnachev | 5m | π’ Public Gardener Information Discovery | #11238 |
No Demo, But Still Worth Celebrating π
- π [USER] The ETCD encryption config now properly configures a 32-byte key. #11150
- β¨ [OPERATOR] Enhance the
gardener-operator
to allow specification of more than a single network range for.spec.runtimeCluster.networking.{nodes,pods,services}
, and.spec.virtualCluster.networking.services
, which also allows dual-stack configurations. #11251 - β¨ [OPERATOR] Shoot system and Shoot control plane containers, which do not require privilege escalations, now forbid privilege escalation explicitly. There is an issue in Kubernetes about the privilege escalation configuration being true by default. #11241
2025/02/19 - v1.112 Release
Demo Agenda π
Presenter(s) | Duration | Topic | Reference(s) |
---|---|---|---|
@domdom82 | 5m | π‘οΈ Prevent Leaking kube-apiserver βs Service IP in Shoot | #10949 |
@rfranzke | 10m | π€ΉββοΈ Credentials Rotation Without Workers Rollout | #11027 |
@oliver-goetz | 5m | π― Wrapper For OperatingSystemConfig Provisioning Script | #11208 |
@marc1404 | 10m | π₯ Cluster Autoscaler Priority Expander Config | #11045 |
@petersutter | 5m | πΌ Structured Authentication With Dashboard | #11080 |
No Demo, But Still Worth Celebrating π
- β¨ [USER] All
Seed
s are now automatically labeled withseed.gardener.cloud/<name>=true
where<name>
is their own name, and (if applicable) the name of their parent seed in case they are managed seeds. This label can be used as selector for requests. #11062 - π [OPERATOR] Rewrite Setup Gardener document #11260
2025/02/12 - v1.111 Release
Demo Agenda π
Presenter(s) | Duration | Topic | Reference(s) |
---|---|---|---|
@marc1404 | 5m | βοΈ Default Machine Image Version | #10954 |
@timuthy | 10m | π¨π»βπΎ Gardener Operator Manages Extension Resources | #11192, #11001 |
@dimityrmirchev | 5m | π« Secret /ConfigMap Tampering Protection | #11108 |
@oliver-goetz | 5m | ποΈ Improved Deletion Logic In gardener-node-agent | #11015 |
No Demo, But Still Worth Celebrating π
- β¨ [USER] Expired versions from the
NamespacedCloudProfile
are always dropped, except for already applied versions. #10910 - β¨ [OPERATOR] Now
vali
contains the managed control plane logs from the early stages ofShoot
reconcile. #11082 - π [OPERATOR] An issue was fixed in
gardener-operator
that prevented configuring OIDC forgardener-dashboard
while using Structured Authentication. #11080