v1.26.1

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [USER] An issue preventing ControlPlane resource to be successfully reconciled for K8s 1.24 Shoots is now fixed. (gardener/gardener-extension-provider-openstack#460, @ialidzhikov)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.26.1
gardener-extension-admission-openstack: eu.gcr.io/gardener-project/gardener/extensions/admission-openstack:v1.26.1

v1.26.0

[gardener-extension-provider-openstack]

⚠️ Breaking Changes

• [OPERATOR] This version of admission-openstack requires the SecretBinding provider controller to be enabled - enabled by default for gardener-controller-manager >= 1.42 or can be enabled via the gardener-controller-manager component config. (gardener/gardener-extension-provider-openstack#452, @ialidzhikov)
• [OPERATOR] This extension is only compatible with Gardener versions >= v1.37. (gardener/gardener-extension-provider-openstack#443, @rfranzke)

✨ New Features

• [USER] The OpenStack extension does now support shoot clusters with Kubernetes version 1.24. You should consider the Kubernetes release notes before upgrading to 1.24. (gardener/gardener-extension-provider-openstack#453, @acumino)
• [OPERATOR] The extension does now automatically rotate its webhook CA and server certificates each 30d. (gardener/gardener-extension-provider-openstack#451, @rfranzke)
• [OPERATOR] This extension is prepared to support the Shoot ServiceAccount signing key rotation feature (see documentation). (gardener/gardener-extension-provider-openstack#451, @rfranzke)
• [OPERATOR] This extension is prepared to support the Shoot CA rotation feature (GEP-18). (gardener/gardener-extension-provider-openstack#443, @rfranzke)

🐛 Bug Fixes

• [OPERATOR] Fixes missing quotes in the generated cloud-provider-config file (gardener/gardener-extension-provider-openstack#440, @breuerfelix)

📖 Documentation

• [USER] add link to K8s v1.23 conformance tests (gardener/gardener-extension-provider-openstack#436, @hendrikKahl)
• [DEPENDENCY] Paths transformations in .docforge/manifest.yaml for simplification (gardener/gardener-extension-provider-openstack#412, @Kostov6)

🏃 Others

• [USER] The dashboards: Cloud Controller Manager and CSI Driver are removed from Grafana (gardener/gardener-extension-provider-openstack#434, @Kristian-ZH)
• [OPERATOR] The following images are updated: (gardener/gardener-extension-provider-openstack#453, @acumino)
  • k8scloudprovider/openstack-cloud-controller-manager: 1.23.1 -> 1.24.0(For shoots using Kubernetes version 1.24)
  • docker.io/k8scloudprovider/cinder-csi-plugin: 1.23.0 -> 1.24.0(For shoots using Kubernetes version 1.24)
• [OPERATOR] The Secrets webhook of admission-openstack: (gardener/gardener-extension-provider-openstack#452, @ialidzhikov)
  • no longer intercepts every Secret UPDATE request but only requests for Secrets that are associated with a SecretBinding with provider.type=openstack.
  • no longer needs to list Shoots (hence, no cache for Shoots)
• [OPERATOR] The admission-openstack component introduces a new SecretBinding validator. It validates requests for SecretBindings and checks whether the SecretBinding refers to a valid OpenStack Secret. (gardener/gardener-extension-provider-openstack#452, @ialidzhikov)
• [OPERATOR] The following image is updated: (gardener/gardener-extension-provider-openstack#446, @kon-angelo)
  • k8scloudprovider/openstack-cloud-controller-manager: v1.23.0 -> v1.23.1
• [OPERATOR] The resource requests and limits for components (seed and shoot) managed by the provider-openstack extension has been adapted based on a production environment analysis. This is done to avoid OOMKills and cpu throttling situations. Furthermore the vpa minAllowed settings are now aligned with the cpu and memory request of the respective component` (gardener/gardener-extension-provider-openstack#442, @kon-angelo)

[machine-controller-manager]

📖 Documentation

• [USER] upgraded k8s dependecy to v1.22.9 (revendor in providers required to see effects) (gardener/machine-controller-manager#721, @Mkmittal)
• [DEPENDENCY] Paths transformations in .docforge/manifest.yaml for simplification (gardener/machine-controller-manager#689, @Kostov6)

🏃 Others

• [OPERATOR] Base image updated to alpine v3.15.4 and build image to golang 1.17.9. (gardener/machine-controller-manager#713, @himanshu-kun)
• [DEPENDENCY] K8s dependency upgraded to 1.21.12 (gardener/machine-controller-manager#719, @Mkmittal)

[machine-controller-manager-provider-openstack]

🏃 Others

• [USER] Update golang image to v1.17.9 (gardener/machine-controller-manager-provider-openstack#57, @kon-angelo)
  • Update alpine image to v3.15.4
• [DEPENDENCY] Updated machine-controller-manager dependency to v0.45.0 (gardener/machine-controller-manager-provider-openstack#59, @kon-angelo)

[terraformer]

🏃 Others

• [OPERATOR] Update alpine to 3.15.4 (gardener/terraformer#117, @rfranzke)

v1.25.1

[gardener-extension-provider-openstack]

🏃 Others

• [OPERATOR] The following image is updated: (gardener/gardener-extension-provider-openstack#448, @kon-angelo)
  • k8scloudprovider/openstack-cloud-controller-manager: v1.23.0 -> v1.23.1

v1.25.0

[gardener-extension-provider-openstack]

⚠️ Breaking Changes

• [OPERATOR] A failing Kubernetes conformance test when ManagedIstio and APIServerSNI feature gates are disabled is now fixed. (gardener/gardener-extension-provider-openstack#425, @dergeberl)

✨ New Features

• [USER] The provider-openstack extension now installs the external-snapshotter's validating webhook server for VolumeSnapshot and VolumeSnapshotContent objects. For more details check the corresponding KEP. (gardener/gardener-extension-provider-openstack#427, @acumino)
• [USER] The following images are updated (see CHANGELOG for more details): (gardener/gardener-extension-provider-openstack#405, @ialidzhikov)
  • k8s.gcr.io/sig-storage/csi-snapshotter: v2.1.5 -> v3.0.3
  • k8s.gcr.io/sig-storage/snapshot-controller: v2.1.5 -> v3.0.3
• [DEVELOPER] provider-openstack and admission-openstack components now support --version flag that prints the component version information and useful metadata. (gardener/gardener-extension-provider-openstack#426, @ialidzhikov)

🐛 Bug Fixes

• [USER] An issue preventing load balancers from being functional for K8s 1.23 clusters has been fixed. (gardener/gardener-extension-provider-openstack#415, @rfranzke)

🏃 Others

• [OPERATOR] The cloudprovider webhook will now use objectSelector to filter secrets when gardener-version >=1.42. (gardener/gardener-extension-provider-openstack#424, @kon-angelo)
• [OPERATOR] Parameters of the etcd StorageClass can now be set (gardener/gardener-extension-provider-openstack#423, @Kumm-Kai)
• [OPERATOR] Vendor gardener/gardener v1.42.3. (gardener/gardener-extension-provider-openstack#419, @kon-angelo)
• [OPERATOR] The monitoring dashboards provided by this extension: (gardener/gardener-extension-provider-openstack#409, @ialidzhikov)
  • are now using UTC by default (instead of the browser time)
  • do no longer auto refresh by default
• [OPERATOR] The gardener-extension-admission-openstack webhook now contains an object selector for provider type label. Please make sure you are running [email protected] or later before enabling this. (gardener/gardener-extension-provider-openstack#407, @shafeeqes)
• [OPERATOR] The terraformer pod deployed as part of shoot control planes is now using auto-rotated ServiceAccount tokens when communicating with the seed cluster. (gardener/gardener-extension-provider-openstack#406, @rfranzke)

[machine-controller-manager]

🐛 Bug Fixes

• [USER] The value for key cluster-autoscaler.kubernetes.io/scale-down-disabled placed by MCM is now true and not True. This typo stopped MCM from disabling CA from scaling down during rolling update. (gardener/machine-controller-manager#685, @himanshu-kun)
• [USER] MCM now marks 1 machine per machineDeployment as Failed at a time in case of healthTimeout. This is introduced to deal with meltdown scenario (gardener/machine-controller-manager#683, @himanshu-kun)
• [USER] typo stopping scaleDown disabling during cluster rollout is fixed (gardener/machine-controller-manager#687, @himanshu-kun)

🏃 Others

• [OPERATOR] machine-controller-manager does now log the Node conditions when it considers Machine as unhealthy (and changes its state to Unknown). (gardener/machine-controller-manager#676, @ialidzhikov)

[machine-controller-manager-provider-openstack]

🐛 Bug Fixes

• [USER] A regression in Machine creation from imageName is now fixed. (gardener/machine-controller-manager-provider-openstack#49, @ialidzhikov)
• [OPERATOR] An issue causing klog's --v flag to be not respected is now fixed. (gardener/machine-controller-manager-provider-openstack#47, @ialidzhikov)

🏃 Others

• [USER] Revendor MCM dependency to v0.44.1 (gardener/machine-controller-manager-provider-openstack#55, @kon-angelo)

[terraformer]

🏃 Others

• [OPERATOR] terraform has been upgraded to 0.15.5 (gardener/terraformer#107, @stoyanr)

v1.24.2

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [USER] An issue preventing load balancers from being functional for K8s 1.23 clusters has been fixed. (gardener/gardener-extension-provider-openstack#417, @ialidzhikov)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.24.2
gardener-extension-admission-openstack: eu.gcr.io/gardener-project/gardener/extensions/admission-openstack:v1.24.2

v1.24.1

[machine-controller-manager]

🐛 Bug Fixes

• [USER] typo stopping scaleDown disabling during cluster rollout is fixed (gardener/machine-controller-manager#687, @himanshu-kun)

v1.24.0

[gardener-extension-provider-openstack]

✨ New Features

• [OPERATOR] gardener-extension-admission-openstack now supports configuration for enabling service account token volume projection. It is exposed through the .Values.global.serviceAccountTokenVolumeProjection section in the respective chart's values. (gardener/gardener-extension-provider-openstack#387, @dimityrmirchev)
• [OPERATOR] It is now possible to configure a user instead of a serviceaccount subject in the clusterrolebinding for the gardener-extension-admission-openstack when using virtual garden setup by setting .Values.global.virtualGarden.user.name. (gardener/gardener-extension-provider-openstack#387, @dimityrmirchev)

🏃 Others

• [OPERATOR] The CPU limit of csi-driver-node/csi-driver is increased from 50m to 100m to allow bigger bursts. (gardener/gardener-extension-provider-openstack#402, @vpnachev)

📰 Noteworthy

• [OPERATOR] The extension controller uses a projected ServiceAccount token in case it runs on a seed with a gardenlet of at least v1.37 or higher. Similarly, the components deployed into shoot namespaces will no longer use a client certificate but an auto-rotated ServiceAccount token which is only valid for 12h. (gardener/gardener-extension-provider-openstack#369, @rfranzke)

[machine-controller-manager-provider-openstack]

🐛 Bug Fixes

• [USER] A regression in Machine creation from imageName is now fixed. (gardener/machine-controller-manager-provider-openstack#51, @ialidzhikov)
• [OPERATOR] An issue causing klog's --v flag to be not respected is now fixed. (gardener/machine-controller-manager-provider-openstack#50, @ialidzhikov)

[terraformer]

🏃 Others

• [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#108, @ialidzhikov)
  • hashicorp/terraform-provider-aws: 3.63.0 -> 3.66.0
• [OPERATOR] terraform has been upgraded to 0.14.11 (gardener/terraformer#106, @stoyanr)

📰 Noteworthy

• [OPERATOR] The following terraform provider plugin is updated: (gardener/terraformer#116, @molecule-z)
  • aliyun/terraform-provider-alicloud: 1.124.2 -> 1.149.0

v1.23.4

[gardener-extension-provider-openstack]

🏃 Others

• [OPERATOR] The CPU limit of csi-driver-node/csi-driver is increased from 50m to 100m to allow bigger bursts. (gardener/gardener-extension-provider-openstack#403, @vpnachev)

v1.23.3

[machine-controller-manager-provider-openstack]

🐛 Bug Fixes

• [USER] A regression in Machine creation from imageName is now fixed. (gardener/machine-controller-manager-provider-openstack#51, @ialidzhikov)
• [OPERATOR] An issue causing klog's --v flag to be not respected is now fixed. (gardener/machine-controller-manager-provider-openstack#50, @ialidzhikov)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.23.3
gardener-extension-admission-openstack: eu.gcr.io/gardener-project/gardener/extensions/admission-openstack:v1.23.3

v1.23.2

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [OPERATOR] The following dependency is updated: (gardener/gardener-extension-provider-openstack#394, @ialidzhikov)
  • github.com/gardener/gardener: v1.39.3 -> v1.39.5

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.23.2
gardener-extension-admission-openstack: eu.gcr.io/gardener-project/gardener/extensions/admission-openstack:v1.23.2