v1.2.0

[gardener-extensions]

Action Required

• [USER] The networks.zones[].worker field in the alicloud.provider.extensions.gardener.cloud/v1alpha1.InfrastructureConfig resource is deprecated in favour of the new networks.zones[].workers field. Please switch to the new field as the old one will be removed in a future version. Also, please note that this field is exclusively usable with Gardener's core.gardener.cloud API group. (#521, @rfranzke)
• [USER] The networks.worker field in the gcp.provider.extensions.gardener.cloud/v1alpha1.InfrastructureConfig resource is deprecated in favour of the new networks.workers field. Please switch to the new field as the old one will be removed in a future version. Also, please note that this field is exclusively usable with Gardener's core.gardener.cloud API group. (#521, @rfranzke)
• [USER] The networks.worker field in the openstack.provider.extensions.gardener.cloud/v1alpha1.InfrastructureConfig resource is deprecated in favour of the new networks.workers field. Please switch to the new field as the old one will be removed in a future version. Also, please note that this field is exclusively usable with Gardener's core.gardener.cloud API group. (#521, @rfranzke)
• [OPERATOR] A breaking change has been introduced to all provider Helm charts: The .config.vpa field is now moved to top-level (.vpa). Please adapt your ControllerRegistration resources accordingly. (#549, @rfranzke)
• [OPERATOR] The Validatingwebhookconfiguration for gardener-extensions-validator-aws now requires a minimum Kubernetes version of 1.15.x. (#525, @timuthy)
• [OPERATOR] The image mappings in the provider configuration section of the cloud profiles are now taken into account as mapping source. The mappings in the configuration of the extension controllers are not used anymore. (#455, @mandelsoft)
• [OPERATOR] The image mappings in the provider configuration section of the cloud profiles were not used so far. Instead a controller configuration described as part of the extension registration was used. Now this configuration is not used anymore and the image mappings must be configured as part of the provider configuration section of the cloud profile. All the image mappings must have been added to the cloud profile configuration in advance before deploying this version. (#455, @mandelsoft)

Most notable changes

• [USER] It is now possible to remove the ECR permission that is part of the AWS IAM role policy attached to all shoot worker nodes by specifying aws.provider.extensions.gardener.cloud/v1alpha1.InfrastructureConfig.enableECRAccess=false. If the field is not provided then it is defaulted to true, preserving the old behaviour where ECR access is always granted. (#520, @rfranzke)
• [OPERATOR] The OpenStack CloudProfileConfig now features a new keyStoneURLs field. It is a mapping of regions to keystone URLs. Also, the constraints.loadBalancerProviders and constraints.floatingPools fields now can optionally have a region property. This allows to only have one CloudProfile for an OpenStack environment in which the keystone URL, floating pools, and/or load balancer providers differ per region. See this document for an example resource. :important: Please note that these fields will only be usable with gardener/gardener once the deprecated garden.sapcloud.io/v1beta1 API group has been removed. (#482, @rfranzke)
• [DEVELOPER] The deprecated certificate-service extension has been removed (it was replaced some months back by the shoot-cert-service extension). (#518, @rfranzke)
• [DEVELOPER] Developers need to set the ignoreResources variable of the extension chart to true in their extension controller-registration. (#509, @zanetworker)
• [DEVELOPER] Developers need to point their local kubeconfig to a target development seed cluster. (#509, @zanetworker)

Improvements

• [OPERATOR] The networking-calico extension now defines a log filter and parser for fluentd via a ConfigMap in every seed's garden namespace. (#550, @rfranzke)
• [OPERATOR] Azure cloud-controller-manager is now able to create Service events which are helpful to easily identify the underground errors of Azure API. (#533, @ialidzhikov)
• [OPERATOR] An issue where cloud controller manager was self-rate-limited for azure shoot clusters with more than 10 nodes has been fixed. (#532, @vpnachev)
• [OPERATOR] The AWS validation webhook now requires a specified .spec.networking.nodes field for AWS shotos. (#530, @rfranzke)
• [OPERATOR] Alicloud, AWS, Azure, GCP and OpenStack providers are now capable of managing hibernated shoots which don't have a Kube-Apiserver service. (#529, @timuthy)
• [OPERATOR] Validating AWS shoots of version v1beta1 as well as v1alpha1 (group core.gardener.cloud) is now supported by the webhook gardener-extensions-validator-aws. (#525, @timuthy)
• [OPERATOR] Kubernetes dependencies are updated to kubernetes-1.16.0. (#512, @ialidzhikov)
• [OPERATOR] Infrastructure creation and deletion are optimized for Azure. (#499, @dkistner)
• [OPERATOR] extension providers write health check conditions into extension resources. Extensions can contribute to the Health of the Shoot. The gardener watches conditions with type SystemComponentsHealthy, EveryNodeReady, ControlPlaneHealthy on the extension resource. (#472, @danielfoehrKn)
• [OPERATOR] It is possible now to specify regional image IDs in the OpenStack CloudProfile configuration. (#455, @mandelsoft)
• [DEVELOPER] Documentation for the networking-calico extensions has been added. (#526, @zanetworker)

[cert-management]

Improvements

• [OPERATOR] keep existing labels and annotations in certificate secret (gardener/cert-management#14, @MartinWeindel)
• [OPERATOR] Minor improvement for handling concurrent pending challenges. (gardener/cert-management#13, @MartinWeindel)
  • More logging for troubleshooting.

[external-dns-management]

Improvements

• [OPERATOR] DNS entry with empty target is recognised as invalid. (gardener/external-dns-management#52, @MartinWeindel)

Docker Images

gardener-extension-hyper: eu.gcr.io/gardener-project/gardener/gardener-extension-hyper:v1.2.0