8000 Releases · gardener/gardener · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Releases: gardener/gardener

v1.119.0

19 May 08:16
@gardener-robot-ci-1 gardener-robot-ci-1
v1.119.0
69fc069
Compare
Choose a tag to compare
v1.119.0 Latest
Latest

[gardener/gardener]

🛡️ Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2025-47284: Metadata injection for a project secret can lead to privilege escalation

A security vulnerability was discovered in the gardenlet component of Gardener. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed.

Affected Versions:

  • gardenlet < v1.116.4
  • gardenlet < v1.117.5
  • gardenlet < v1.118.2
  • gardenlet < v1.119.0

Fixed Versions:

  • gardenlet >= v1.116.4
  • gardenlet >= v1.117.5
  • gardenlet >= v1.118.2
  • gardenlet >= v1.119.0

CVSS Rating: Critical (9.9) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:L/MUI:N/MS:C/MC:H/MI:H/MA:H

CVE-2025-47283: Bypassing project secret validation can lead to privilege escalation

A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed.

Affected Versions:

  • Gardener < v1.116.4
  • Gardener < v1.117.5
  • Gardener < v1.118.2
  • Gardener < v1.119.0

Fixed Versions:

  • Gardener >= v1.116.4
  • Gardener >= v1.117.5
  • Gardener >= v1.118.2
  • Gardener >= v1.119.0

CVSS Rating: Critical (9.9) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/MA:H

⚠️ Breaking Changes

  • [OPERATOR] The already deprecated autoscaling.k8s.io/v1beta2 API version is no longer served. Before upgrading to this version of Gardener, make sure that all components use the autoscaling.k8s.io/v1 API version for managing VerticalPodAutoscaler resources. by @ialidzhikov [#11840]
  • [OPERATOR] The support for the already deprecated shoot.gardener.cloud/managed-seed-api-server annotation is now removed. Instead, consider enabling high availability for the ManagedSeed's Shoot control plane. by @ialidzhikov [#11838]
  • [USER] The already deprecated autoscaling.k8s.io/v1beta2 API version is no longer served. Instead, use the autoscaling.k8s.io/v1 API version for managing VerticalPodAutoscaler resources. by @ialidzhikov [#11840]

📰 Noteworthy

  • [USER] The spec.kubernetes.kubeAPIServer.enableAnonymousAuthentication field in the Shoot API is deprecated and will be removed in a future release. Before removal, it will be forbidden to set the field when using a future Kubernetes version that graduates the feature gate AnonymousAuthConfigurableEndpoints. by @marc1404 [#11984]
  • [OPERATOR] The RemoveAPIServerProxyLegacyPort feature gate has been promoted to beta and is now turned on by default. by @Wieneo [#11902]

✨ New Features

  • [OPERATOR] Garden.spec.virtualCluster.gardener.gardenerDashboard.ingress.enabled can now be used to control whether the gardener-operator should deploy a Ingress resource for the dashboard. by @Wieneo [#12002]
  • [OPERATOR] Garden.spec.virtualCluster.gardener.gardenerDashboard.oidcConfig.certificateAuthoritySecretRef can now be used to specify a secret containing a custom CA certificate for talking to the OIDC endpoint. The certificate must be stored under the ca.crt key. by @Wieneo [#11967]
  • [OPERATOR] Gardener supports gardener-node-agent images built by ko. by @timebertt [#12021]
  • [OPERATOR] It is now possible forcing gardener-operator to re-deploy gardenlets by annotating the responsible seedmanagement.gardener.cloud/v1alpha1.Gardenlet resource with gardener.cloud/operation=force-redeploy. Read all about it here. by @rfranzke [#11972]

🐛 Bug Fixes

  • [OPERATOR] gardenlet's shoot-care controller : An issue causing gardenlet to report a misleading reason (NodesScalingDown) during rolling update of Shoot Nodes is now fixed. by @RadaBDimitrova [#11869]
  • [DEVELOPER] Fix extension webhook registration for autonomous shoot clusters. by @ScheererJ [#12040]

🏃 Others

  • [OPERATOR] It is now ensured that extension admission webhooks have validated WorkloadIdentitys/Secrets referenced in Shoots. by @rfranzke [#12075]
  • [OPERATOR] Annotations and labels are now ignored when creating referenced resources in the shoot control plane namespaces in seed clusters. by @rfranzke [#12064]
  • [OPERATOR] Set minAllowed CPU to 150m for prometheus-shoot to avoid frequent evictions by @voelzmo [#12069]
  • [OPERATOR] A new check ensures that only owners and project members with a UAM role are allowed to modify the project owner. by @timuthy [#12082]
  • [OPERATOR] The utilization of the VPN containers running in the seed is now improved by adapting their initial/static requests and by changing the corresponding VPA configuration:
    • autoscaling is disabled for the vpn-seed-server and openvpn-exporter containers
    • initial/static resource requests are reduced
    • limits are removed
    • minAllowed for the envoy-proxy container is removed by @axel7born [#12023]
  • [OPERATOR] Remove sum for VPA Pod metrics in 'recommendations' dashboard by @voelzmo [#12057]
  • [OPERATOR] Spreading Istio ingress-gateway pods across hosts is enforced only for zonal Istio deployments now. by @oliver-goetz [#12007]
  • [OPERATOR] kube-proxy no longer fails its readiness probe in case the node is about to be deleted by cluster-autoscaler. by @ScheererJ [#12015]
  • [DEPENDENCY] The following dependencies have been updated:
    • gcr.io/istio-release/pilot from 1.25.2 to 1.25.3.
    • gcr.io/istio-release/proxyv2 from 1.25.2 to 1.25.3.
    • istio.io/api from v1.25.2 to v1.25.3. by @gardener-ci-robot [#12074]
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEVELOPER] The admission-local deployment was fixed to work with KinD based test setup. by @timuthy [#12106]

📖 Documentation

  • [USER] Dual-Stack Migration documentation now clearly states the precondition of overlay removal. by @ScheererJ [#12053]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.119.0
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.119.0
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.119.0
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.119.0

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.119.0
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.119.0
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.119.0
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.119.0
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.119.0
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.119.0
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.119.0
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.119.0

Contributors

marc1404, voelzmo, and 10 other contributors
Assets 10
Loading

v1.118.2

17 May 07:49
@gardener-robot-ci-1 gardener-robot-ci-1
v1.118.2
c6a60e3
Compare
Choose a tag to compare
v1.118.2

[gardener/gardener]

🛡️ Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2025-47284: Metadata injection for a project secret can lead to privilege escalation

A security vulnerability was discovered in the gardenlet component of Gardener. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed.

Affected Versions:

  • gardenlet < v1.116.4
  • gardenlet < v1.117.5
  • gardenlet < v1.118.2
  • gardenlet < v1.119.0

Fixed Versions:

  • gardenlet >= v1.116.4
  • gardenlet >= v1.117.5
  • gardenlet >= v1.118.2
  • gardenlet >= v1.119.0

CVSS Rating: Critical (9.9) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:L/MUI:N/MS:C/MC:H/MI:H/MA:H

CVE-2025-47283: Bypassing project secret validation can lead to privilege escalation

A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed.

Affected Versions:

  • Gardener < v1.116.4
  • Gardener < v1.117.5
  • Gardener < v1.118.2
  • Gardener < v1.119.0

Fixed Versions:

  • Gardener >= v1.116.4
  • Gardener >= v1.117.5
  • Gardener >= v1.118.2
  • Gardener >= v1.119.0

CVSS Rating: Critical (9.9) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/MA:H

🐛 Bug Fixes

  • [OPERATOR] A bug preventing the system:serviceaccount:kube-system:gardener-internal service account, used by gardener-operator, to label restricted resources was fixed. by @dimityrmirchev [#12063]

🏃 Others

  • [OPERATOR] Annotations and labels are now ignored when creating referenced resources in the shoot control plane namespaces in seed clusters. by @rfranzke [#12064]
  • [OPERATOR] Set minAllowed CPU to 150m for prometheus-shoot to avoid frequent evictions by @voelzmo [#12069]
  • [OPERATOR] A new check ensures that only owners and project members with a UAM role are allowed to modify the project owner. by @timuthy [#12082]
  • [OPERATOR] It is now ensured that extension admission webhooks have validated WorkloadIdentitys/Secrets referenced in Shoots. by @rfranzke [#12075]
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEVELOPER] The admission-local deployment was fixed to work with KinD based test setup. by @timuthy [#12106]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.118.2
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.118.2
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.118.2
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.118.2

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.118.2
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.118.2
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.118.2
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.118.2
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.118.2
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.118.2
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.118.2
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.118.2

Contributors

voelzmo, rfranzke, and 3 other contributors
Loading

v1.117.5

17 May 07:48
@gardener-robot-ci-1 gardener-robot-ci-1
v1.117.5
9824a8e
Compare
Choose a tag to compare
v1.117.5

[gardener/gardener]

🛡️ Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2025-47284: Metadata injection for a project secret can lead to privilege escalation

A security vulnerability was discovered in the gardenlet component of Gardener. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed.

Affected Versions:

  • gardenlet < v1.116.4
  • gardenlet < v1.117.5
  • gardenlet < v1.118.2
  • gardenlet < v1.119.0

Fixed Versions:

  • gardenlet >= v1.116.4
  • gardenlet >= v1.117.5
  • gardenlet >= v1.118.2
  • gardenlet >= v1.119.0

CVSS Rating: Critical (9.9) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:L/MUI:N/MS:C/MC:H/MI:H/MA:H

CVE-2025-47283: Bypassing project secret validation can lead to privilege escalation

A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed.

Affected Versions:

  • Gardener < v1.116.4
  • Gardener < v1.117.5
  • Gardener < v1.118.2
  • Gardener < v1.119.0

Fixed Versions:

  • Gardener >= v1.116.4
  • Gardener >= v1.117.5
  • Gardener >= v1.118.2
  • Gardener >= v1.119.0

CVSS Rating: Critical (9.9) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/MA:H

🐛 Bug Fixes

  • [OPERATOR] A bug preventing the system:serviceaccount:kube-system:gardener-internal service account, used by gardener-operator, to label restricted resources was fixed. by @dimityrmirchev [#12065]

🏃 Others

  • [OPERATOR] It is now ensured that extension admission webhooks have validated WorkloadIdentitys/Secrets referenced in Shoots. by @rfranzke [#12076]
  • [OPERATOR] Set minAllowed CPU to 150m for prometheus-shoot to avoid frequent evictions by @voelzmo [#12079]
  • [OPERATOR] Annotations and labels are now ignored when creating referenced resources in the shoot control plane namespaces in seed clusters. by @rfranzke [#12066]
  • [OPERATOR] A new check ensures that only owners and project members with a UAM role are allowed to modify the project owner. by @timuthy [#12083]
  • [DEVELOPER] The admission-local deployment was fixed to work with KinD based test setup. by @timuthy [#12107]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.117.5
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.117.5
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.117.5
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.117.5

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.117.5
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.117.5
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.117.5
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.117.5
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.117.5
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.117.5
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.117.5
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.117.5

Contributors

voelzmo, rfranzke, and 2 other contributors
Loading

v1.116.4

17 May 07:47
@gardener-robot-ci-2 gardener-robot-ci-2
v1.116.4
c533412
Compare
Choose a tag to compare
v1.116.4

[gardener/gardener]

🛡️ Important Security Information

This release contains changes that address the following vulnerabilities:

CVE-2025-47284: Metadata injection for a project secret can lead to privilege escalation

A security vulnerability was discovered in the gardenlet component of Gardener. It could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed.

Affected Versions:

  • gardenlet < v1.116.4
  • gardenlet < v1.117.5
  • gardenlet < v1.118.2
  • gardenlet < v1.119.0

Fixed Versions:

  • gardenlet >= v1.116.4
  • gardenlet >= v1.117.5
  • gardenlet >= v1.118.2
  • gardenlet >= v1.119.0

CVSS Rating: Critical (9.9) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:F/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:L/MUI:N/MS:C/MC:H/MI:H/MA:H

CVE-2025-47283: Bypassing project secret validation can lead to privilege escalation

A security vulnerability was discovered in Gardener that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed.

Affected Versions:

  • Gardener < v1.116.4
  • Gardener < v1.117.5
  • Gardener < v1.118.2
  • Gardener < v1.119.0

Fixed Versions:

  • Gardener >= v1.116.4
  • Gardener >= v1.117.5
  • Gardener >= v1.118.2
  • Gardener >= v1.119.0

CVSS Rating: Critical (9.9) CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/MA:H

🐛 Bug Fixes

  • [OPERATOR] A bug preventing the system:serviceaccount:kube-system:gardener-internal service account, used by gardener-operator, to label restricted resources was fixed. by @dimityrmirchev [#12067]

🏃 Others

  • [DEVELOPER] The admission-local deployment was fixed to work with KinD based test setup. by @timuthy [#12108]
  • [OPERATOR] Set minAllowed CPU to 150m for prometheus-shoot to avoid frequent evictions by @voelzmo [#12080]
  • [OPERATOR] A new check ensures that only owners and project members with a UAM role are allowed to modify the project owner. by @timuthy [#12081]
  • [OPERATOR] Annotations and labels are now ignored when creating referenced resources in the shoot control plane namespaces in seed clusters. by @rfranzke [#12068]
  • [OPERATOR] It is now ensured that extension admission webhooks have validated WorkloadIdentitys/Secrets referenced in Shoots. by @rfranzke [#12077]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.116.4
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.116.4
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.116.4
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.116.4

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.116.4
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.116.4
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.116.4
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.116.4
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.116.4
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.116.4
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.116.4
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.116.4

Contributors

voelzmo, rfranzke, and 2 other contributors
Loading

v1.118.1

12 May 13:41
@gardener-robot-ci-3 gardener-robot-ci-3
v1.118.1
8f26e1e
Compare
Choose a tag to compare
v1.118.1

[gardener/gardener]

🐛 Bug Fixes

  • [OPERATOR] Fix a regression that prevented the cache Prometheus in a Gardener managed seed from scraping the cadvisor and kubelet metrics of the seed nodes, and hence the shoot control plane Plutono dashboards could not show e.g. the CPU usage of the control plane components. (part 2) by @istvanballok [#12049]
  • [OPERATOR] An issue preventing vpa-updater to patch events when recording eviction event on VerticalPodAutoscaler resource is now fixed. by @ialidzhikov [#12035]

🏃 Others

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.118.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.118.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.118.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.118.1

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.118.1
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.118.1
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.118.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.118.1
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.118.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.118.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.118.1
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.118.1

Contributors

ialidzhikov, istvanballok, and gardener-ci-robot
Loading

v1.117.4

12 May 13:39
@gardener-robot-ci-2 gardener-robot-ci-2
v1.117.4
eda7aaa
Compare
Choose a tag to compare
v1.117.4

[gardener/gardener]

🐛 Bug Fixes

  • [OPERATOR] Fix a regression that prevented the cache Prometheus in a Gardener managed seed from scraping the cadvisor and kubelet metrics of the seed nodes, and hence the shoot control plane Plutono dashboards could not show e.g. the CPU usage of the control plane components. (part 2) by @istvanballok [#12048]
  • [OPERATOR] An issue preventing vpa-updater to patch events when recording eviction event on VerticalPodAutoscaler resource is now fixed. by @ialidzhikov [#12036]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.117.4
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.117.4
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.117.4
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.117.4

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.117.4
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.117.4
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.117.4
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.117.4
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.117.4
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.117.4
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.117.4
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.117.4

Contributors

ialidzhikov and istvanballok
Loading

v1.118.0

02 May 18:13
@gardener-robot-ci-2 gardener-robot-ci-2
v1.118.0
4f7855e
Compare
Choose a tag to compare
v1.118.0

[gardener/gardener]

⚠️ Breaking Changes

  • [OPERATOR] The Seed API field spec.backup.secretRef has been deprecated and will be removed in a future version of Gardener in favor of spec.backup.credentialsRef, please adapt your seed manifests to use the new credentialsRef field. by @vpnachev [#11583]
  • [OPERATOR] Gardener no longer sets the flags --audit-log-(path|maxsize|maxbackups) on shoot kube-apiservers, gardener-apiserver or Garden's virtual-garden-kube-apiserver. If you rely on the audit logs being available in the file /tmp/audit/audit.log in the container's file system, please follow controlplane-webhooks and set the required flags via mutating webhook. by @vpnachev [#11935]
  • [OPERATOR] The ManagedSeed API field spec.gardenlet.config.seedConfig.spec.backup.secretRef has been deprecated and will be removed in a future version of Gardener in favor of spec.gardenlet.config.seedConfig.spec.backup.credentialsRef, please adapt your managedseed manifests to use the new credentialsRef field. by @vpnachev [#11583]
  • [OPERATOR] The legacy support.gardener.cloud/eu-access* labels and annotations on CloudProfiles and Seeds are no longer synced automatically. You have to use the new API established in Gardener v1.107 (released in 11/2024). Read more about it here. Please make sure to manually remove these labels and annotations from your CloudProfiles and Seeds! by @rfranzke [#11913]
  • [OPERATOR] The Gardenlet API field spec.config.seedConfig.spec.backup.secretRef has been deprecated and will be removed in a future version of Gardener in favor of spec.config.seedConfig.spec.backup.credentialsRef, please adapt your gardenlet manifests to use the new credentialsRef field. by @vpnachev [#11583]
  • [OPERATOR] The GardenletConfiguration configuration file field seedConfig.spec.backup.secretRef has been deprecated and will be removed in future version of Gardener in favor of seedConfig.spec.backup.credentialsRef, please adapt your GardenletConfiguration configuration files to use the new credentialsRef field. by @vpnachev [#11583]
  • [USER] The legacy support.gardener.cloud/eu-access* labels and annotations on Shoots are no longer synced automatically. You have to use the new API established in Gardener v1.107 (released in 11/2024). Read more about it here. Please make sure to manually remove these labels and annotations from your Shoots! by @rfranzke [#11913]

📰 Noteworthy

  • [USER] The CA bundle of the kubelet is now available via a ConfigMap the project's namespace, called <shoot-name>.ca-kubelet. by @tobschli [#11916]

✨ New Features

  • [USER] The Stale Project Controller now also considers WorkloadIdentity resources when deciding if a Project is stale or not. by @dimityrmirchev [#11962]
  • [OPERATOR] Gardener core components are automatically restarted (due to a failing liveness probe) in case their Kubernetes API server watch caches do not sync for 3m. by @rfranzke [#11966]
  • [OPERATOR] The Seed API feature new field spec.backup.credentialsRef, it is of type corev1.ObjectReference and is allowed to refer to a Secret. by @vpnachev [#11583]
  • [OPERATOR] Add alpha feature gate CloudProfileCapabilities to enable usage of architecture capability instead of current architecture fields in machine images and types. by @LucaBernstein [#11736]
  • [OPERATOR] The GardenletConfiguration configuration file feature new field seedConfig.spec.backup.credentialsRef, it is of type corev1.ObjectReference and is allowed to refer to a Secret. by @vpnachev [#11583]
  • [OPERATOR] The ManagedSeed API feature new field spec.gardenlet.config.seedConfig.spec.backup.credentialsRef, it is of type corev1.ObjectReference and is allowed to refer to a Secret. by @vpnachev [#11583]
  • [OPERATOR] The Gardenlet API feature new field spec.config.seedConfig.spec.backup.credentialsRef, it is of type corev1.ObjectReference and is allowed to refer to a Secret. by @vpnachev [#11583]

🐛 Bug Fixes

  • [OPERATOR] The gardenlet deployer would not try to copy the shoot infrastructure secret for seed backup credentials if the shoot uses workload identity. by @dimityrmirchev [#11983]
  • [DEVELOPER] The DumpLogsForPodsWithLabelsInNamespace function in the test framework now supports dumping pods with multiple containers. by @domdom82 [#11878]

🏃 Others

  • [OPERATOR] Virtual extended resources can now be set on the NodeTemplate without triggering rollout by @elankath [#11809]
  • [OPERATOR] The gardener/autoscaler image has been updated to v1.32.0. Release Notes by @marc1404 [#11903]
  • [OPERATOR] The etcd-druid component no longer defines resource limits. by @ialidzhikov [#11973]
  • [OPERATOR] Fixed an issue, where IPv6 shoots without configured pod and service ranges can't be scheduled on seeds without configured shootDefaults. by @axel7born [#11955]
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
    • registry.k8s.io/autoscaling/vpa-admission-controller from 1.3.0 to 1.3.1.
    • registry.k8s.io/autoscaling/vpa-recommender from 1.3.0 to 1.3.1.
    • registry.k8s.io/autoscaling/vpa-updater from 1.3.0 to 1.3.1. by @gardener-ci-robot [#11985]
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEVELOPER] The hack/tools/extension-generator tool now automatically sets the .spec.deployment.extension.injectGardenKubeconfig: true field in the generated provider Extension resources . by @plkokanov [#11837]
  • [DEVELOPER] A new flag -i|--inject-garden-kubeconfig was added to the hack/generate-controller-registration.sh script. When the flag is set, the injectGardenKubeconfig: true field is added to the generated ControllerDeployment. by @plkokanov [#11837]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.118.0
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.118.0
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.118.0
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.118.0

Docker Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.118.0
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.118.0
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.118.0
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.118.0
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.118.0
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.118.0
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.118.0
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.118.0

Contributors

marc1404, domdom82, and 10 other contributors
Loading

v1.117.3

02 May 18:09
@gardener-robot-ci-3 gardener-robot-ci-3
v1.117.3
6c99ec6
Compare
Choose a tag to compare
v1.117.3

no release notes available

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.117.3
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.117.3
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.117.3
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.117.3

Docker Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.117.3
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.117.3
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.117.3
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.117.3
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.117.3
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.117.3
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.117.3
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.117.3
Loading

v1.116.3

02 May 18:07
@gardener-robot-ci-1 gardener-robot-ci-1
v1.116.3
41368fb
Compare
Choose a tag to compare
v1.116.3

[gardener/gardener]

🏃 Others

  • [OPERATOR] Fix an issue where envoy filters to handle proxy-protocol are not deployed, even if configured for istio load-balancers. by @axel7born [#11920]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.116.3
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.116.3
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.116.3
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.116.3

Docker Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.116.3
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.116.3
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.116.3
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.116.3
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.116.3
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.116.3
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.116.3
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.116.3

Contributors

axel7born
Loading

v1.115.4

02 May 18:11
@gardener-robot-ci-1 gardener-robot-ci-1
v1.115.4
ef4c18a
Compare
Choose a tag to compare
v1.115.4

[gardener/gardener]

🏃 Others

  • 498A [OPERATOR] Fix an issue where envoy filters to handle proxy-protocol are not deployed, even if configured for istio load-balancers. by @axel7born [#11921]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.115.4
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.115.4
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.115.4
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.115.4

Docker Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.115.4
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.115.4
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.115.4
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.115.4
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.115.4
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.115.4
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.115.4
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.115.4

Contributors

axel7born
Loading
0