This repository has been archived by the owner on Apr 7, 2020. It is now read-only.
Releases: gardener-attic/gardener-extensions
Releases · gardener-attic/gardener-extensions
0.14.0
[gardener-extensions]
Action Required
- [USER] CloudNAT is now used instead of ephemeral public IPs for GCP instances, please don't use the public IP directly to access the VMs, instead use LoadBalancers to access applications, or bastion hosts to SSH (opening firewall rules won't be enough). (#379, @zanetworker)
- [USER] It's recommended to modify calico's
IPPoolresource in Azure shoots by setting thespec.ipipModemode toNever. This is to ensure consistent configuration and to avoid side effects in the future. (#365, @zanetworker) - [OPERATOR] Azure: Shoot clusters with AvailabilitySet and standard sku load balancers need to migrated to use basic sku load balancers again, due to routing/nat issues of this combination. This works as the migration from basic to standard. See here: https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-azure/docs/migrate-loadbalancer.md (#361, @dkistner)
Most notable changes
- [USER] The configuration for the
networking-calicocontroller now allows to explicitly set.spec.ipip. It will be defaulted toAlways. (#374, @mkoynov) - [USER] Gardener Azure provider supports now deploying clusters in existing vNets which are located in a different resource group than the Shoot resources. (#371, @dkistner)
- [USER] Azure: Shoot clusters with AvailabilitySets need to use again basic sku load balancers due to routing/nat issues of this combination. Zoned clusters will still use the standard sku load balancers. (#361, @dkistner)
- [USER] The AWS extension does now provide a new
aws.provider.extensions.gardener.cloud/v1alpha1.WorkerConfigobject. It can be used to configure the IOPS forio1EBS volumes. (ddba59f) - [OPERATOR] Added support for the 1.16 version CCM for OpenStack (#351, @afritzler)
- [OPERATOR] The schedule for full snapshot for etcd backing shoot cluster will be randomised for new shoots. The default schedule will still be configurable via provider extension config, But if not specified it will randomised within last hour before shoot maintenance. If schedule is already set or maintenance window change later on, it won't change the backup schedule (#337, @swapnilgm)
- [DEVELOPER] It is now possible to shape pod traffic by using the
kubernetes.io/ingress-bandwidthandkubernetes.io/egress-bandwidthannotations. This is possible only for Calico versions >= 3.8. For lower versions of calico the annotations will have a no-op. (#360, @zanetworker) - [DEVELOPER] All extension controllers are now able to work either with
garden.sapcloud.io/v1beta1or withcore.gardener.cloud/v1alpha1resources. This functionality is only temporary. In the next release the support forgarden.sapcloud.io/v1beta1is dropped again as the API is deprecated. (#319, @rfranzke)
Improvements
- [USER] CSI Persistent Volume expansion is now supported from kuberenetes v1.14 on Alibaba Cloud (#375, @jia-jerry)
- [OPERATOR] Add VPA for cloud-controller-managers (#386, @RaphaelVogel)
- [OPERATOR] An issue with parallel LoadBalancer updates on Azure which caused inconsistencies in the LoadBalancer configuration is now fixed by disabling concurrent LoadBalancer operation executed by the Azure Cloud Controller Manager. Latest k8s version can be consumed again. (#383, @dkistner)
- [OPERATOR] The
Workercontroller of all provider extensions does now properly ensure clean-up of its createdClusterRoles for the machine-controller-manager after shoot deletion. (#378, @rfranzke) - [OPERATOR] The resource limits and requests have been increased for the
Cert-Managementcontroller. (#362, @timuthy) - [OPERATOR]
os-coreos-alicloudandos-ubuntu-alicloudcloud-inits are improved to handle multiple units. (#355, @ialidzhikov) - [OPERATOR] Azure infrastructure can now be properly reconciled. Terraform does no longer finds diff after successful apply. (#348, @ialidzhikov)
- [OPERATOR] Change monitoring ConfigMaps' syntax of provider-specific components (#344, @svetlinas)
- [OPERATOR] Allow nodes to join the Shoot when
.spec.kubernetes.allowPrivilegedContainers=false. (#342, @ialidzhikov) - [DEVELOPER] Refactored Webhook Ensurer API (#376, @afritzler)
- [DEVELOPER] Reference API documentation can now be generated with
go generate ./...(#354, @mvladev)
[cert-management]
Improvements
- [OPERATOR] restrict watching issuer and secrets on default cluster to issuer namespace (gardener/cert-management@51247dd)
- [OPERATOR] metrics on ACME obtains and DNS challenges (gardener/cert-management@51247dd)
- [OPERATOR] email is not stored in issuer secret anymore (gardener/cert-management@51247dd)
[external-dns-management]
Improvements
- [OPERATOR] dealing with owner conflict caused by stale cache from external changes, e.g. for DNSEntries moved between two dns-controller-managers working on the same hosted zone. (gardener/external-dns-management#42, @MartinWeindel)
- [OPERATOR] Added addional OpenStack credential flags (domainID, tenantID, userDomainName, userDomainID) (gardener/external-dns-management#38, @afritzler)
- [OPERATOR] Added additional OpenStack credential flags. It now support the following properties: (gardener/external-dns-management@634b5af)
- userDomanName, OS_USER_DOMAIN_NAME
- userDomainID, OS_USER_DOMAIN_ID
- tenantID, OS_PROJECT_ID
- domainID, OS_DOMAIN_ID
[machine-controller-manager]
Most notable changes
- [OPERATOR]
⚠️ GCP VM's Public IP attachment is now optional. Default behaviour is that public IP attachment is enabled. To disable this, refer to this example here (gardener/machine-controller-manager#340, @prashanth26)
Improvements
- [USER] Create and manage Azure virtual machines assigned to a virtual network (vNet), which is located in a different resource group than the machines. (gardener/machine-controller-manager#344, @dkistner)
- [OPERATOR] Updated Integration Tests kubectl to
v1.16.0(gardener/machine-controller-manager#342, @prashanth26) - [OPERATOR] Fixes leaks in Go Routines leading to CPU wastage (gardener/machine-controller-manager#341, @prashanth26)
- [DEVELOPER] Added multi stage docker build (gardener/machine-controller-manager#343, @afritzler)
[terraformer]
Most notable changes
- [OPERATOR] Terraform version has been upgraded to
0.12.9. (gardener/terraformer#27, @ialidzhikov)
Docker Images
gardener-extension-hyper: eu.gcr.io/gardener-project/gardener/gardener-extension-hyper:0.14.0
0.13.4
[gardener-extensions]
Improvements
- [OPERATOR] terraformer resource limits are increased. (#391, @ialidzhikov)
Docker Images
gardener-extension-hyper: eu.gcr.io/gardener-project/gardener/gardener-extension-hyper:0.13.4
0.13.3
[gardener-extensions]
Action Required
- [OPERATOR] Azure: Shoot clusters with AvailabilitySet and standard sku load balancers need to migrated to use basic sku load balancers again, due to routing/nat issues of this combination. This works as the migration from basic to standard. See here: https://github.com/gardener/gardener-extensions/blob/master/controllers/provider-azure/docs/migrate-loadbalancer.md (5326fc2)
Improvements
- [USER] Azure: Shoot clusters with AvailabilitySets need to use again basic sku load balancers due to routing/nat issues of this combination. Zoned clusters will still use the standard sku load balancers. (5326fc2)
- [OPERATOR] The resource limits and requests have been increased for the
Cert-Managementcontroller. (30777b2)
Docker Images
gardener-extension-hyper: eu.gcr.io/gardener-project/gardener/gardener-extension-hyper:0.13.3
0.13.2
0.13.1
0.13.0
[gardener-extensions]
Action Required
- [USER] Gardener supports now load balancers with standard sku. To migrate the LoadBalancer from the basic sku to standard sku follow the instructions in https://github.com/gardener/gardener-extensions/tree/master/controllers/provider-azure/docs/migrate-loadbalancer.md (#246, @dkistner)
- [OPERATOR] From this version, for AliCloud provider extensions, you need to configure available image ID for each region. Please refer to the example configuration used by AliCloud provider extensions. If you are using a customised image: It is required to to make sure that the customised image exists in supported regions and that the customised images is accessible by Shoot cluster account. (#310, @jia-jerry)
Improvements
- [USER] The Gardener Azure provider extension support now subnets configured with Azure Service Endpoints. (#332, @dkistner)
- [USER] Gardener supports now Azure Shoot clusters distributed across zones. Shoot cluster with AvailabilitySet as HA concept are still supported as zones are not available in every Azure region. (#327, @dkistner)
- [USER] Gardener supports now load balancers with standard sku. New cluster use automatically standard sku load balancers. Existing clusters remain with basic sku load balancers until they are manually migrated. (#246, @dkistner)
- [OPERATOR] It is now possible to set-up and deploy Cert-Management for shoot clusters. Extension resources of type
shoot-cert-serviceare required to enable this component. Please take a look at the documentation for more information. (#329, @timuthy) - [OPERATOR] The
networking-calico,extension-shoot-dns-service,extension-certificate-service, and the genericWorkeractuator now wait for their created ManagedResources to be deleted during their deletion flows. This is so that they don't accidentally remove their finalizers although created artefacts still exist. (#328, @rfranzke) - [OPERATOR] The
ControlPlanegeneric actuator now waits for its createdManagedResources to be deleted during its deletion flow. This is so that it doesn't accidentally remove its finalizer although created artefacts still exist. (#322, @rfranzke) - [OPERATOR] The
BackupEntrygeneric actuator no longer tries to create the etcd secret in case the namespace is already terminating. (#321, @rfranzke) - [OPERATOR] Calico now runs on version 3.8.2 and enables typha with proportional autoscaling. (#312, @zanetworker)
- [OPERATOR]
provider-azureis now using URN to specify machine images. (#290, @vpnachev)
[machine-controller-manager]
Most notable changes
- [OPERATOR]
⚠️ TheAzureMachineClassnow has a fieldSpec.Properties.StorageProfile.ImageReference.URNthat is used to define the OS image for the VMs. This field is replacing the fieldsSpec.Properties.StorageProfile.ImageReference.[Publisher|Offer|Sku|Version]- they are marked asDEPRECATEDand will be removed soon. (gardener/machine-controller-manager#326, @vpnachev)
Improvements
- [USER] MCM supports now Azure machines deployed into availability zones. You can either deploy a machine into a zone or an AvailabilitySet. (gardener/machine-controller-manager#335, @dkistner)
- [OPERATOR]
tzdatapackage is now used instead ofassets/zoneinfo.zipto make all timezones available. (gardener/machine-controller-manager#331, @ialidzhikov) - [OPERATOR] Base docker image is updated to
alpine:3.10. (gardener/machine-controller-manager#331, @ialidzhikov) - [OPERATOR] On failure to GET machine object, machine creation continues to retry instead of returning failure (gardener/machine-controller-manager#330, @prashanth26)
- [OPERATOR] MCM differentiates between cloud-config and script as user-data (gardener/machine-controller-manager#329, @vlvasilev)
- [OPERATOR] Added missing user_domain_id secret field for OpenStack driver (gardener/machine-controller-manager#328, @afritzler)
- [OPERATOR] Negative tests for taints, annotations and labels support (gardener/machine-controller-manager#327, @hardikdr)
- [OPERATOR] Bugfix: Delete node only if nodeName isn't empty (gardener/machine-controller-manager#324, @prashanth26)
[terraformer]
Most notable changes
- [OPERATOR] Provider versions are upgraded: (gardener/terraformer#23, @mvladev)
- aws
1.60.0->2.26.0 - google
1.20.0->2.14.0 - azurerm
1.22.1->1.33.1 - openstack
1.16.0->1.21.1 - alicloud
1.31.0->1.55.2 - packet
1.7.2->2.3.0
- aws
Improvements
- [OPERATOR] Provider versions are upgraded: (gardener/terraformer#26, @ialidzhikov)
- template
1.0.0->2.1.2 - null
1.0.0->2.1.2
- template
- [OPERATOR] Added google beta provider (gardener/terraformer#25, @DockToFuture)
- [OPERATOR]
tzdatapackage is now used instead ofassets/zoneinfo.zipto make all timezones available. (gardener/terraformer#24, @ialidzhikov)
Docker Images
gardener-extension-hyper: eu.gcr.io/gardener-project/gardener/gardener-extension-hyper:0.13.0
0.12.0
[gardener-extensions]
Improvements
- [OPERATOR] Fix the backupEntry deletion logic for Alicloud implementation. (#308, @swapnilgm)
[etcd-backup-restore]
Improvements
- [DEVELOPER] Expose new metric
etcdbr_snapshot_required. (gardener/etcd-backup-restore#199, @shreyas-s-rao)
Docker Images
gardener-extension-hyper: eu.gcr.io/gardener-project/gardener/gardener-extension-hyper:0.12.0
0.11.0
[gardener-extensions]
Most notable changes
- [USER] The new
shoot-dns-serviceextension controller is now available. It reacts onExtensionresources of typeshoot-dns-serviceand deploys a deploys a DNS controller next to the shoot's control plane. This DNS controller manages DNS records forServiceandIngresses annotated withdns.gardener.cloud/class=gardenanddns.gardener.cloud/dnsnames=<dnsname>. The<dnsname>must be part of the shoot's base domain. (#255, @mandelsoft) - [OPERATOR] All provider extension controllers are now deploying their logging configuration via a
ConfigMap. (#286, @svetlinas)
Improvements
- [USER] The time the
WorkerandInfrastructureextension controllers are waiting for their operations to finish has been decreased in order to allow a faster error propagation to end-users. (#294, @rfranzke) - [OPERATOR] All provider extension controllers are now deploying their monitoring configuration via a
ConfigMap. (#299, @svetlinas) - [OPERATOR] The
networking-calicoextension chart does now allow image vector overriding. (#295, @jia-jerry) - [DEVELOPER] e2e network policy tests are moved to individual providers. (#203, @mvladev)
[etcd-backup-restore]
Improvements
- [OPERATOR] Fix the object listing for OSS snapstore. (gardener/etcd-backup-restore#198, @swapnilgm)
Docker Images
gardener-extension-hyper: eu.gcr.io/gardener-project/gardener/gardener-extension-hyper:0.11.0
0.10.1
0.10.0
[gardener-extensions]
Most notable changes
- [OPERATOR] The
os-ubuntucontroller now explicitly adds thelogrotateandjqpackages. Also, thecloud-initmodule is now disabled. (#267, @vlvasilev) - [DEVELOPER] The webhook package does now provide means to register webhooks for shoot clusters. (#235, @rfranzke)
- [DEVELOPER] The webhook package does now provide means to register webhooks for the
Networkextension resources. (#162, @zanetworker)
Improvements
- [USER] Fix the backup entry extension bucketName propagation logic (#250, @swapnilgm)
- [USER] An issue that caused AWS infrastructure controller to not properly clean up remaining Kubernetes load balancers and security groups has been fixed (only occurred when the AWS account had over 400 load balancers). (#245, @rfranzke)
- [USER] Gardener now supports Calico as a networking extension. (#162, @zanetworker)
- [USER] The CSI controllers of Alicloud and Packet are now correctly hibernated and woken up during deletion of hibernated and non-hibernated shoots. (4f6236a)
- [OPERATOR] Reduced maximum drain timeout for a machine in MCM to 2hrs (#285, @prashanth26)
- [OPERATOR] The generic control plane actuator does now ignore
NotFounderrors during deletion. (#278, @rfranzke) - [OPERATOR] The AWS extension controller now properly cleans up machine class secrets that are no longer used. (#277, @ialidzhikov)
- [OPERATOR] Add support for Ubuntu OS for Ali cloud (#273, @vlvasilev)
- [OPERATOR] Fix AWS ControlPlane controller shoot delete flow (#266, @svetlinas)
- [OPERATOR] Add aws-lb-readvertiser-vpa to provider-aws (#265, @svetlinas)
- [OPERATOR] The extension controllers now deploy also machine-controller-manager VPA. (#264, @ialidzhikov)
- [OPERATOR] Encrypted flag is added to Flex Volume Storage Class on AliCloud (#261, @jia-jerry)
- [OPERATOR] The generic control plane actuator does now correctly wake up provider-specific control plane components when a hibernated shoot is deleted. (#260, @rfranzke)
- [OPERATOR] The OpenStack control plane actuator is no longer wrapped because the deletion problem is fixed more generally with gardener/gardener#1317. (#259, @rfranzke)
- [OPERATOR] All webhooks don't mutate any object anymore if the respective deletion timestamp is already set. (#258, @rfranzke)
- [OPERATOR]
depis replaced bygo mod.github.com/gardener/gardener-extensionsnow publishes go module files containing dependency version information. (#249, @ialidzhikov) - [OPERATOR] Upgrade AliCloud CSI diskplugin to latest version v1.13.2-3 (#247, @jia-jerry)
- [OPERATOR] A bug in the OS controllers that resulted in wrongly generated cloud-init scripts has been fixed. The Ubuntu and the SUSE-JeOS controllers are now generating the correct config again. (#244, @vpnachev)
- [OPERATOR] All provider extensions now support
ControlPlaneCRDs of with.spec.type=exposure. (#243, @svetlinas) - [OPERATOR] The certificate secrets stored by webhooks are no longer updated if they have not been found. This prevents that multiple pods are mutually overwritten each others freshly generated certificates and start serving an different ones. (6c19df4)
- [DEVELOPER] TLS ciphers suites TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 are now removed from provider-{aws,azure,gcp,openstack} cloud-controller-manager. (#256, @ialidzhikov)
[etcd-backup-restore]
Most notable changes
- [USER] Updated etcd vendoring version to 3.3.13. (gardener/etcd-backup-restore#155, @shreyas-s-rao)
- [USER] Full snapshot on etcd startup will now be deferred in favour of an initial delta snapshot, followed by a full snapshot and subsequent delta snapshots. (gardener/etcd-backup-restore#154, @shreyas-s-rao)
- [USER] Added functionality to trigger on-demand full snapshots via the HTTP endpoint
/snapshot/full. (gardener/etcd-backup-restore#143, @shreyas-s-rao)
Improvements
- [USER] All exposed metrics are initialised to zero values. (gardener/etcd-backup-restore#180, @shreyas-s-rao)
- [USER] In the case that initial delta snapshot fails, a full snapshot is tried instead. (gardener/etcd-backup-restore#165, @shreyas-s-rao)
- [USER] Fixed the sorting of snapshots. (gardener/etcd-backup-restore#161, @swapnilgm)
- [OPERATOR] [Fix] Cleanup in-memory events before stopping snapshotter. (gardener/etcd-backup-restore#191, @swapnilgm)
- [OPERATOR] Added new flag
experimental-fail-below-revisionflag for initializer and/initialization/starthttp call (gardener/etcd-backup-restore#184, @swapnilgm) - [OPERATOR] The health status changes are now logged at
INFOlevel to help debug issues with etcd readiness. (gardener/etcd-backup-restore#182, @amshuman-kr) - [OPERATOR] Etcd-backup-restore now uses the go modules for its dependecy management. (gardener/etcd-backup-restore#176, @kayrus)
- [OPERATOR] Fixed liveness probe command in helm chart. (gardener/etcd-backup-restore#172, @shreyas-s-rao)
- [OPERATOR] Optimized WAL verification memory usage. (gardener/etcd-backup-restore#155, @shreyas-s-rao)
- [OPERATOR] Reduced etcd downtime by optimizing readiness probe. (gardener/etcd-backup-restore#151, @shreyas-s-rao)
- [OPERATOR] Updated the base image of alpine in docker container to 3.9.3. (gardener/etcd-backup-restore#146, @swapnilgm)
[machine-controller-manager]
Most notable changes
- [USER] Fixes issues while draining nodes in unknown state. (gardener/machine-controller-manager#320, @prashanth26)
- [OPERATOR] Fixes consistency issues with machine-deployments, machine-classes, and secrets. (gardener/machine-controller-manager#319, @hardikdr)
Improvements
- [USER] Fixes issues while overriding termination grace periods for pods with larger values. (gardener/machine-controller-manager#320, @prashanth26)
- [USER] Deletes nodes object on machine (object) deletion (gardener/machine-controller-manager#316, @prashanth26)
- [OPERATOR] Bugfix: Delete node object only if nodeName isn't empty (gardener/machine-controller-manager#323, @prashanth26)
- [OPERATOR] Better error handling while adding/removing the finalizers on machine classes & secrets. (gardener/machine-controller-manager#319, @hardikdr)
- [OPERATOR] Re-enqueues the machine classes and secrets periodically(~10mins). (gardener/machine-controller-manager#319, @hardikdr)
- [OPERATOR] Bugfix: Eliminates creation of orphan NICs when VM creation fails on Azure (gardener/machine-controller-manager#313, @prashanth26)
- [OPERATOR] Bugfix: Allows force deletion of pods who have no controllers backing them (gardener/machine-controller-manager#300, @prashanth26)
Docker Images
gardener-extension-hyper: eu.gcr.io/gardener-project/gardener/gardener-extension-hyper:0.10.0