v1.23.1

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [OPERATOR] The following dependency is updated: (gardener/gardener-extension-provider-openstack#391, @ialidzhikov)
  • github.com/gardener/gardener: v1.39.0 -> v1.39.3

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.23.1
gardener-extension-admission-openstack: eu.gcr.io/gardener-project/gardener/extensions/admission-openstack:v1.23.1

v1.23.0

[gardener-extension-provider-openstack]

⚠️ Breaking Changes

• [OPERATOR] Removes deprecated OpenstackMachineClass removal logic. (gardener/gardener-extension-provider-openstack#361, @kon-angelo)
• [OPERATOR] Kubernetes versions >=1.18 and < 1.22 will get cloud-controller-manager with version v1.21.0 (gardener/gardener-extension-provider-openstack#355, @RaphaelVogel)

✨ New Features

• [USER] The OpenStack extension does now support shoot clusters with Kubernetes version 1.23. You should consider the Kubernetes release notes before upgrading to 1.23. (gardener/gardener-extension-provider-openstack#386, @rfranzke)
• [USER] In case gardener/gardener's WorkerPoolKubernetesVersion feature gate is enabled, it's possible having worker pools with overridden Kubernetes versions for Shoots whose .spec.kubernetes.version is greater or equal than the CSI migration version (1.19). (gardener/gardener-extension-provider-openstack#384, @rfranzke)
• [OPERATOR] This extension does now support gardener/gardener's WorkerPoolKubernetesVersion feature gate, i.e., having worker pools with overridden Kubernetes versions. (gardener/gardener-extension-provider-openstack#384, @rfranzke)

🏃 Others

• [OPERATOR] New check-docforge step will be executed on each PR (gardener/gardener-extension-provider-openstack#377, @Kristian-ZH)
• [OPERATOR] Use separate resolv.conf for kubelet (optionally patched with resolvConfOptions from the cloud profile) (gardener/gardener-extension-provider-openstack#375, @MartinWeindel)
• [OPERATOR] Add internalNetworkName to cloud-provider-config (gardener/gardener-extension-provider-openstack#373, @jkmw)
• [OPERATOR] Provider now supports specifying the volume type for the root disk of nodes. (gardener/gardener-extension-provider-openstack#371, @kon-angelo)
• [DEVELOPER] The rewrite_tag filter in the logging configuration is replaced by modify one (gardener/gardener-extension-provider-openstack#346, @vlvasilev)

📰 Noteworthy

• [USER] Since go1.17 both net.ParseIP and net.ParseCIDR reject leading zeros in the dot-decimal notation of IPv4 addresses. With the update to go1.17, admission-openstack now rejects Shoot objects with CIDR ranges that have such leading zeros in the dot-decimal notation. Before updating to this version of admission-openstack, make sure that there are no Shoot objects with leading zeros in the dot-decimal notation of an IPv4 address. For reference: https://nvd.nist.gov/vuln/detail/CVE-2021-29923 (gardener/gardener-extension-provider-openstack#364, @rfranzke)
• [DEVELOPER] The Golang version has been updated to 1.17.5. (gardener/gardener-extension-provider-openstack#364, @rfranzke)

[machine-controller-manager]

⚠️ Breaking Changes

• [OPERATOR] Components that deploy the machine-controller-manager will now have to adapt the RBAC rules to allow machine-controller-manager to maintain its leader election resource lock in leases as well. (gardener/machine-controller-manager#662, @acumino)

✨ New Features

• [USER] End User can now delete the backing machine object of the node instantly by annotating the desired node with 'node.machine.sapcloud.io/trigger-deletion-by-mcm="true"` (gardener/machine-controller-manager#648, @AxiomSamarth)
• [OPERATOR] orphan collection is also triggered if machine obj is updated with having multiple backing VMs (gardener/machine-controller-manager#667, @himanshu-kun)

🏃 Others

• [USER] Updated golang version to v1.17 (gardener/machine-controller-manager#664, @AxiomSamarth)
• [OPERATOR] The default leader election resource lock of machine-controller-manager has been changed from endpoints to endpointsleases. (gardener/machine-controller-manager#662, @acumino)

[machine-controller-manager-provider-openstack]

🏃 Others

• [USER] Update vendored machine-controller-manager to v0.43.0 (gardener/machine-controller-manager-provider-openstack#45, @shafeeqes)
• [USER] Updated golang version to v1.17 (gardener/machine-controller-manager-provider-openstack#44, @kon-angelo)
• [USER] The volume type of the root disk can now be specified in the MachineClass (gardener/machine-controller-manager-provider-openstack#43, @kon-angelo)
• [USER] Added local integration tests. (gardener/machine-controller-manager-provider-openstack#42, @kon-angelo)
• [USER] Created Neutron ports will now be tagged with the shoot tags. (gardener/machine-controller-manager-provider-openstack#41, @kon-angelo)
• [DEVELOPER] Missing or wrong doc comments and a few other common style errors will now be reported by the linter. (gardener/machine-controller-manager-provider-openstack#36, @kon-angelo)

[terraformer]

🐛 Bug Fixes

• [DEVELOPER] A bug has been fixed preventing to use Terraformer with a Terraform version >= 0.13. (gardener/terraformer#102, @rfranzke)

🏃 Others

• [OPERATOR] terraform has been upgraded to 0.13.7 (gardener/terraformer#105, @stoyanr)
• [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#104, @ialidzhikov)
  • hashicorp/terraform-provider-aws: 3.54.0 -> 3.63.0
• [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#101, @ialidzhikov)
  • hashicorp/terraform-provider-aws: 3.32.0 -> 3.54.0

📰 Noteworthy

• [DEVELOPER] The version for the equinixmetal Terraform provider plugin has been updated to 3.1.0. (gardener/terraformer#103, @rfranzke)

v1.22.0

[gardener-extension-provider-openstack]

🏃 Others

• [OPERATOR] Added optional field resolvConfOptions to the provider config of the cloud profile to allow to add options to /etc/resolv.conf on worker nodes (gardener/gardener-extension-provider-openstack#342, @MartinWeindel)
• [OPERATOR] Allow configuration of request timeout for control plane components (CCM, CSI) via cloudprofile (gardener/gardener-extension-provider-openstack#338, @kon-angelo)
• [OPERATOR] Change the security group rules cluster_tcp_all and cluster_udp_all to use nil port ranges. (gardener/gardener-extension-provider-openstack#336, @kon-angelo)

[machine-controller-manager]

✨ New Features

• [USER] Added *expectedNodeDetails field to the MachineClass API (gardener/machine-controller-manager#644, @AxiomSamarth)

🐛 Bug Fixes

• [OPERATOR] A bug has been fixed in the pre-delivered CRD manifests for MCM (/kubernetes/crds). It caused data to be pruned from MCM related resources and led to reconciliation issues. (gardener/machine-controller-manager#641, @timuthy)

📖 Documentation

• [DEVELOPER] make generate now generates v1 version of CRDs by default instead of v1beta1. (gardener/machine-controller-manager#640, @himanshu-kun)

🏃 Others

• [USER] Update Kubernetes dependency versions to v1.20.6 (gardener/machine-controller-manager#601, @AxiomSamarth)

[machine-controller-manager-provider-openstack]

🏃 Others

• [USER] Fix a bug where orphan ports would be left during a failed create attempt. (gardener/machine-controller-manager-provider-openstack#35, @kon-angelo)
  • Fix a bug where orphan ports would be left when a machine was deleted using the Openstack API.
• [USER] Update machine-controller-manager to v0.40.0 (gardener/machine-controller-manager-provider-openstack#33, @kon-angelo)

v1.21.0

[gardener-extension-provider-openstack]

✨ New Features

• [USER] The OpenStack extension does now support shoot clusters with Kubernetes version 1.22. You should consider the Kubernetes release notes before upgrading to 1.22. (#330, @timuthy)
• [OPERATOR] Floating pool names in infrastructure config are now checked if they exist, and if not the issue is properly reported as ERR_CONFIGURATION_PROBLEM with a clear error message. (#329, @stoyanr)
• [OPERATOR] Add option ignoreVolumeAZ to allow for differences between volume and compute AZ names. (#322, @gesslein)

🐛 Bug Fixes

• [USER] Do not trigger a node rollout when switching from CRI.Name==nil to CRI.Name==docker. (#308, @BeckerMax)

🏃 Others

• [USER] It is now allowed to change the name and purpose of load balancer classes in .controlPlaneConfig.loadBalancerClasses[]. The load balancer classes configuration need still to be semantically equal with the load balancer classes from the CloudProfile. (#310, @dkistner)
• [OPERATOR] machine-controller-manager logs are exposed to the end-users (#319, @vlvasilev)
• [OPERATOR] Shoots can now be deployed in existing Neutron networks. The network can be specified by its ID in the respective shoot's infrastructure configuration. (#317, @kon-angelo)
• [OPERATOR] Openstack Kubernetes cluster >= v1.22 use now the Openstack cloud-controller-manager v1.22. (79d7412)
• [OPERATOR] Openstack Kubernetes cluster >= v1.22 now use cinder csi v1.22. (79d7412)
• [DEVELOPER] Missing or wrong doc comments and a few other common style errors will now be reported by the linter. (#334, @stoyanr)

[machine-controller-manager]

⚠️ Breaking Changes

• [OPERATOR] Draining of pods with PVs (Persistent Volume) now waits for re-attachment of PV on a different node when volumeAttachments support is enabled on the cluster. Else it falls back to the default PV reattachment timeout value configured. The default value is 90s and this can be overwritten via the machine-pv-reattach-timeout flag. Please enable permissions to allow listing of volumeAttachments resource while importing these changes. (gardener/machine-controller-manager#608, @prashanth26)

✨ New Features

• [USER] Increase default concurrent object syncs to 50 to allow more concurrent reconciles to occur. (gardener/machine-controller-manager#629, @prashanth26)
• [USER] Machine rollouts are now more as desired with the number of replicas always maintained to desired + maxSurge. Earlier machines in termination were left out of this calculation but now is considered with this change. (gardener/machine-controller-manager#627, @prashanth26)
• [OPERATOR] Finalizers will be added to the MachineClass which is used by at least one machine. Machines whose backing MachineClass does not have finalizers shall not be reconciled. (gardener/machine-controller-manager#593, @AxiomSamarth)
• [DEVELOPER] Replace integration test with unit test to test the functionality to freeze MachineSet (gardener/machine-controller-manager#620, @AxiomSamarth)

🐛 Bug Fixes

• [OPERATOR] Avoids blocking of drain call when the buffer is full for the volumeAttachmentHandlers. (gardener/machine-controller-manager#627, @prashanth26)
• [DEVELOPER] Test framework now fetches secrets from the correct (control) APIServer while running tests. (gardener/machine-controller-manager#617, @himanshu-kun)

🏃 Others

• [OPERATOR] Nodes attached to the cluster without MCM support are now annotated with "node.machine.sapcloud.io/notManagedByMCM": "1". This is then ignored by the MCM for further processing. (gardener/machine-controller-manager#612, @himanshu-kun)

[terraformer]

⚠️ Breaking Changes

• [DEVELOPER] Once the azurerm provider plugin is updated from v2.36.0 to v2.68.0 the skip_provider_registration flag in the provider section need to be set to true. (gardener/terraformer#99, @dkistner)

🏃 Others

• [OPERATOR] The terraform azurerm provider plugin is updated from v2.36.0 to v2.68.0. (gardener/terraformer#99, @dkistner)
• [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#98, @ialidzhikov)
  • hashicorp/terraform-provider-aws: 3.18.0 -> 3.32.0
• [OPERATOR] The following terraform provider plugin is updated: (gardener/terraformer#96, @minchaow)
  • aliyun/terraform-provider-alicloud: 1.124.0 -> 1.124.2

v1.20.0

[gardener-extension-provider-openstack]

⚠️ Breaking Changes

• [OPERATOR] The default leader election resource lock of gardener-extension-provider-openstack has been changed from configmapsleases to leases. (#302, @ialidzhikov)
  • Please make sure, that you had at least [email protected] running before upgrading to v1.20.0, so that it has successfully required leadership with the hybrid resource lock (configmapsleases) at least once.
• [OPERATOR] This version of provider-openstack requires at least Gardener v1.21.0. Before upgrading to this version of provider-openstack, make sure that you upgraded to at least Gardener v1.21.0. (#297, @ialidzhikov)

✨ New Features

• [USER] add support for application credentials (#300, @MartinWeindel)
• [OPERATOR] It is now possible to specify the leader election resource lock via the chart value leaderElection.resourceLock (defaults to leases). (#302, @ialidzhikov)
• [OPERATOR] The existing ValidatingWebhookConfiguration of admission-openstack for Shoot validation does now validate also the Shoot secret. admission-openstack does now feature also a new webhook that prevents Shoot secret to be updated with invalid keys. (#280, @vpnachev)

🐛 Bug Fixes

• [OPERATOR] Fixes an issue where removing server groups from a worker pool would not produce correct machineclasses. Prior to the fix, two shoot reconciliations would be necessary to reach the desired state. (#306, @kon-angelo)
• [OPERATOR] provider-openstack is now using a separate ManagedResource for ControlPlane CRDs (volumesnapshot related CRDs) that are installed in the Shoot cluster to separate the deletion of CRDs from the deletion of the RBAC for controller leader election. (#297, @ialidzhikov)

🏃 Others

• [USER] The following image is updated (see CHANGELOG for more details): (#287, @ialidzhikov)
  • k8s.gcr.io/sig-storage/livenessprobe: v2.2.0 -> v2.3.0
• [OPERATOR] When creating or updating shoots, any Kubernetes feature gates mentioned are validated against the Kubernetes version. If any feature gates are unknown or not supported in the Kubernetes version, the validation fails. (#296, @stoyanr)
• [OPERATOR] Validation of Openstack cloud provider secrets is enhanced to reject domainName, tenantName, and userName that contain leading or trailing whitespace, tenantName that is longer than 64 characters, password that contain leading or trailing new lines, and authURL that is not a valid URL. (#294, @stoyanr)
• [OPERATOR] The version constraints for floating-subnet and floating-subnet-tags field in the cloud-provider-config to select a floating subnet to pick the floating ip for a load balancer has been removed. (#290, @dkistner)
• [OPERATOR] Replace infrastructure's terraform helm chart with native go templates. (#282, @kon-angelo)

[machine-controller-manager-provider-openstack]

🏃 Others

• [USER] add support for authentication with application credentials (gardener/machine-controller-manager-provider-openstack#26, @MartinWeindel)

[terraformer]

🏃 Others

• [OPERATOR] The following terraform provider plugin is updated: (gardener/terraformer#95, @minchaow)
  • aliyun/terraform-provider-alicloud: 1.121.2 -> 1.124.0
• [OPERATOR] The terraform version for the alicloud, all, aws, azure, gcp, openstack, slim images is updated: (gardener/terraformer#94, @ialidzhikov)
  • hashicorp/terraform: 0.12.29 -> 0.12.31

v1.19.1

[gardener-extension-provider-openstack]

🏃 Others

• [OPERATOR] The version constraints for floating-subnet and floating-subnet-tags field in the cloud-provider-config to select a floating subnet to pick the floating ip for a load balancer has been removed. (#292, @dkistner)

v1.19.0

[gardener-extension-provider-openstack]

✨ New Features

• [USER] The floating subnet for LoadBalancerClasses config(s) can now be also selected by a name, a name pattern (regex/glob) or tags and not only by id. (#248, @dkistner)
• [OPERATOR] The floating subnet for the LoadBalancer config and the LoadBalancerClass config(s) can now be also selected by a name, a name pattern (regex/glob) or tags and not only by id. (#248, @dkistner)

🐛 Bug Fixes

• [OPERATOR] No longer print secret data into error messages. (#274, @vpnachev)

🏃 Others

• [OPERATOR] Openstack Kubernetes cluster >= v1.21 use now the Openstack cloud-controller-manager v1.21 and cinder csi v1.21. (#272, @dkistner)

[machine-controller-manager]

✨ New Features

• [USER] Skip node drain on ReadOnlyFileSystem condition (gardener/machine-controller-manager#605, @himanshu-kun)
• [OPERATOR] Improved log details to include node name and provider-ID in addition to existing machine name (gardener/machine-controller-manager#607, @himanshu-kun)

🐛 Bug Fixes

• [OPERATOR] Fix panic when machineClass secretRef isn't found. (gardener/machine-controller-manager#609, @jsravn)
• [DEVELOPER] Adds finalizers on machines that are adopted by the machine controller. Without this change, it causes issues while migrating machine objects between clusters. (gardener/machine-controller-manager#611, @prashanth26)

[machine-controller-manager-provider-openstack]

🏃 Others

• [OPERATOR] An issue has been fixed which prevented ports from being patched properly after machine creations. (gardener/machine-controller-manager-provider-openstack#22, @timuthy)
• [DEPENDENCY] Revendors MCM dependent libraries for v0.39.0 version. (gardener/machine-controller-manager-provider-openstack#24, @AxiomSamarth)

[terraformer]

✨ New Features

• [OPERATOR] Terraformer now copies Terraform's error outputs to /terraform-termination-log to make it available in the containers termination message for better analyzing and more readable error messages (e.g. in the Shoot status). (gardener/terraformer#93, @timebertt)

🏃 Others

• [USER] Terraform provider of Alicloud is upgraded to 1.121.2. (gardener/terraformer#91, @minchaow)

v1.18.2

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [USER] An issue has been fixed which prevented ports from being patched properly after machine creations. (#281, @kon-angelo)

v1.18.1

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [OPERATOR] No longer print secret data into error messages. (#278, @vpnachev)

v1.17.2

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [OPERATOR] No longer print secret data into error messages. (#276, @vpnachev)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.17.2
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.17.2