shoot-dns-service-1.59.0

[gardener/gardener-extension-shoot-dns-service]

⚠️ Breaking Changes

• [OPERATOR] The Helm charts for the application and runtime parts of the gardener-extension-admission-shoot-dns-service admission controller have been separated into standalone charts. These charts now assume a Garden setup with a virtual garden. Both charts must be deployed individually: the runtime chart on the Garden runtime cluster, and the application chart on the virtual garden. Additionally, the intermediate global level in the Helm values has been removed, so you may need to adjust your provided values accordingly. by @MartinWeindel [#429]

🏃 Others

• [OPERATOR] Containers, which do not require privilege escalations, now forbid privilege escalations explicitly. by @georgibaltiev [#427]
• [OPERATOR] Prepare for deployment of admission controller by gardener-operator by @MartinWeindel [#429]

Helm Charts

• admission-shoot-dns-service-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-application:v1.59.0
• admission-shoot-dns-service-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-runtime:v1.59.0
• shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-dns-service:v1.59.0

Docker Images

• gardener-extension-admission-shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-shoot-dns-service:v1.59.0
• gardener-extension-shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-dns-service:v1.59.0

shoot-dns-service-1.58.0

[gardener/gardener-extension-shoot-dns-service]

🏃 Others

• [OPERATOR] Select dns-controller-manager image by seed-label service.dns.extensions.gardener.cloud/drop-metadata-records by @MartinWeindel [#426]

Helm Charts

• admission-shoot-dns-service-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-application:v1.58.0
• admission-shoot-dns-service-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-runtime:v1.58.0
• shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-dns-service:v1.58.0

Docker Images

• gardener-extension-admission-shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-shoot-dns-service:v1.58.0
• gardener-extension-shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-dns-service:v1.58.0

registry-cache-0.13.1

[gardener/gardener-extension-registry-cache]

🐛 Bug Fixes

• [OPERATOR] A corner case causing the registry-cache Service to be deleted (and later on recreated again) during the non-TLS to TLS migration (from [email protected] to [email protected]) is now mitigated. by @ialidzhikov [#327]

Helm Charts

• admission-registry-cache-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-registry-cache-application:v0.13.1
• admission-registry-cache-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-registry-cache-runtime:v0.13.1
• registry-cache: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/registry-cache:v0.13.1

Docker Images

• gardener-extension-registry-cache-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache-admission:v0.13.1
• gardener-extension-registry-cache: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache:v0.13.1

provider-openstack-1.46.0

no release notes available

Helm Charts

• admission-openstack-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.46.0
• admission-openstack-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.46.0
• provider-openstack: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.46.0

Docker Images

• gardener-extension-admission-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.46.0
• gardener-extension-provider-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.46.0

provider-openstack-1.45.1

[gardener/gardener-extension-provider-openstack]

🏃 Others

• [OPERATOR] Add max-entries to the csi-attacher arguments. by @AndreasBurger [#975]

Helm Charts

• admission-openstack-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.45.1
• admission-openstack-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.45.1
• provider-openstack: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.45.1

Docker Images

• gardener-extension-admission-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.45.1
• gardener-extension-provider-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.45.1

provider-gcp-1.42.1

[gardener/gardener-extension-provider-gcp]

🏃 Others

• [OPERATOR] Fix an issue where the node-cidr-mask-size was not respected by the IPAM controller of the cloud-controller-manager by @kon-angelo [#955]

Helm Charts

• admission-gcp-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-application:v1.42.1
• admission-gcp-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-runtime:v1.42.1
• provider-gcp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-gcp:v1.42.1

Docker Images

• gardener-extension-admission-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-gcp:v1.42.1
• gardener-extension-provider-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-gcp:v1.42.1

provider-gcp-1.42.0

[gardener/gardener-extension-provider-gcp]

📰 Noteworthy

• [USER] The kube-system/csi-driver-node DaemonSet is no longer scaled by a VerticalPodAutoscaler as it does not really benefit from it. Removing VerticalPodAutoscaler for that component will reduce unnecessary evictions by VPA and will be a mitigation for https://issues.k8s.io/126921. by @ialidzhikov [#929]
• [OPERATOR] Added support for immutable backup buckets in the GCP provider extension. Operators can configure immutability settings to enhance backup data security by preventing data alteration or deletion before the specified retention period. by @seshachalam-yv [#906]

✨ New Features

• [OPERATOR] Support specification of extended resources in provider config node template without re-specifying core resources. by @elankath [#889]

🐛 Bug Fixes

• [USER] Fix the NamespacedCloudProfile status mutation. by @LucaBernstein [#942]

🏃 Others

• [DEPENDENCY] Update gardener to v1.110.0 by @hebelsan [#927]
• [OPERATOR] Validate that all images in cloudProfile map to a valid image in the cloudProfileConfig by @hebelsan [#932]

[gardener/machine-controller-manager-provider-gcp]

🏃 Others

• [USER] MCM provider GCP is able to provide the values for a shieldedInstanceConfiguration from a machineClass to the GCP API. by @MrBatschner [gardener/machine-controller-manager-provider-gcp#135]
• [DEVELOPER] The gardener/machine-controller-manager dependency has been updated to v0.55.1. Release Notes by @thiyyakat [gardener/machine-controller-manager-provider-gcp#134]
• [DEVELOPER] Added gosec for Static Application Security Testing (SAST). by @thiyyakat [gardener/machine-controller-manager-provider-gcp#134]
• [DEVELOPER] Updated go lang version to 1.23.3 by @thiyyakat [gardener/machine-controller-manager-provider-gcp#134]

[gardener/terraformer]

🐛 Bug Fixes

• [DEVELOPER] Provider azurerm was updated to version 3.47.0 and is now properly recognising the ARM_OIDC_TOKEN_FILE_PATH env variable. by @dimityrmirchev [gardener/terraformer#156]

🏃 Others

• [OPERATOR] Update golang to v1.23.5 by @kon-angelo [gardener/terraformer#157]
• [OPERATOR] Update alpine to v3.21.2 by @kon-angelo [gardener/terraformer#157]

Helm Charts

• admission-gcp-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-application:v1.42.0
• admission-gcp-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-runtime:v1.42.0
• provider-gcp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-gcp:v1.42.0

Docker Images

• gardener-extension-admission-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-gcp:v1.42.0
• gardener-extension-provider-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-gcp:v1.42.0

provider-azure-1.49.4

[gardener/remedy-controller]

✨ New Features

• [OPERATOR] The remedy controller now supports authentication via federated token. The file containing the token can be specified via the "aadFederatedTokenFile" field. by @dimityrmirchev [gardener/remedy-controller#64]

🏃 Others

• [OPERATOR] Update golang to v1.23.5 by @kon-angelo [gardener/remedy-controller#66]
• [DEPENDENCY] Introduce SAST checking by @kon-angelo [gardener/remedy-controller#66]
• [DEPENDENCY] Update gardener to v1.110.4 by @kon-angelo [gardener/remedy-controller#66]
• [DEPENDENCY] Update go version to v1.22.0 by @LucaBernstein [gardener/remedy-controller#63]
• [DEPENDENCY] Update gardener/gardener version to v1.96.2 by @LucaBernstein [gardener/remedy-controller#63]
• [DEVELOPER] The vendor directory was removed in favor of the go mod cache. by @LucaBernstein [gardener/remedy-controller#63]

[gardener/terraformer]

🐛 Bug Fixes

• [DEVELOPER] Provider azurerm was updated to version 3.47.0 and is now properly recognising the ARM_OIDC_TOKEN_FILE_PATH env variable. by @dimityrmirchev [gardener/terraformer#156]

🏃 Others

• [OPERATOR] Update golang to v1.23.5 by @kon-angelo [gardener/terraformer#157]
• [OPERATOR] Update alpine to v3.21.2 by @kon-angelo [gardener/terraformer#157]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.49.4
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.49.4
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.49.4

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.49.4
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.49.4

provider-aws-1.60.0

[gardener/gardener-extension-provider-aws]

📰 Noteworthy

• [USER] The kube-system/csi-driver-node DaemonSet is no longer scaled by a VerticalPodAutoscaler as it does not really benefit from it. Removing VerticalPodAutoscaler for that component will reduce unnecessary evictions by VPA and will be a mitigation for https://issues.k8s.io/126921. by @ialidzhikov [#1179]

✨ New Features

• [USER] Support for VolumeAttributesClasses can now be enabled via shoot annotation. by @AndreasBurger [#1152]

🏃 Others

• [OPERATOR] In IPv6 and dual stack shoot cluster external load balancers will get the aws dual stack load balancer annotations in order to work properly. by @DockToFuture [#1160]
• [OPERATOR] Add validation of internal-subnet CIDR for IPv6 shoots by @AndreasBurger [#1186]
• [OPERATOR] Set primary-ip-family flag for aws-ipam-controller by @DockToFuture [#1168]
• [USER] Shoots with NodeLocalDNS enabled will use UDP instead of TCP for upstream DNS queries by default to avoid performance issues on AWS. by @domdom82 [#1161]
• [DEPENDENCY] Update gardener to v1.110.0 by @hebelsan [#1176]

[gardener/machine-controller-manager-provider-aws]

🐛 Bug Fixes

• [OPERATOR] Fixed a panic that occurs while fetching the status of a VM backing a machine from the provider. by @renormalize [gardener/machine-controller-manager-provider-aws#180]

🏃 Others

• [OPERATOR] Added gosec for Static Application Security Testing (SAST). by @thiyyakat [gardener/machine-controller-manager-provider-aws#179]
• [DEVELOPER] Updated go lang version to 1.23.3 by @thiyyakat [gardener/machine-controller-manager-provider-aws#179]
• [DEVELOPER] The gardener/machine-controller-manager dependency has been updated to v0.55.1. Release Notes by @thiyyakat [gardener/machine-controller-manager-provider-aws#179]

[gardener/terraformer]

🐛 Bug Fixes

• [DEVELOPER] Provider azurerm was updated to version 3.47.0 and is now properly recognising the ARM_OIDC_TOKEN_FILE_PATH env variable. by @dimityrmirchev [gardener/terraformer#156]

🏃 Others

• [OPERATOR] Update alpine to v3.21.2 by @kon-angelo [gardener/terraformer#157]
• [OPERATOR] Update golang to v1.23.5 by @kon-angelo [gardener/terraformer#157]

Helm Charts

• admission-aws-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-aws-application:v1.60.0
• admission-aws-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-aws-runtime:v1.60.0
• provider-aws: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-aws:v1.60.0

Docker Images

• gardener-extension-admission-aws: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-aws:v1.60.0
• gardener-extension-provider-aws: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-aws:v1.60.0

provider-alicloud-1.58.0

[gardener/terraformer]

🐛 Bug Fixes

• [DEVELOPER] Provider azurerm was updated to version 3.47.0 and is now properly recognising the ARM_OIDC_TOKEN_FILE_PATH env variable. by @dimityrmirchev [gardener/terraformer#156]

🏃 Others

• [OPERATOR] Update alpine to v3.21.2 by @kon-angelo [gardener/terraformer#157]
• [OPERATOR] Update golang to v1.23.5 by @kon-angelo [gardener/terraformer#157]

[gardener/gardener-extension-provider-alicloud]

📰 Noteworthy

• [USER] The kube-system/csi-disk-plugin-alicloud DaemonSet is no longer scaled by a VerticalPodAutoscaler as it does not really benefit from it. Removing VerticalPodAutoscaler for that component will reduce unnecessary evictions by VPA and will be a mitigation for https://issues.k8s.io/126921. by @ialidzhikov [#750]

🏃 Others

• [OPERATOR] Update CSI image version by @kevin-lacoo [#757]
• [OPERATOR] Update gardener/gardener dependency to v1.110.4 by @MartinWeindel [#756]
• [OPERATOR] The kube-system/csi-disk-plugin-alicloud DaemonSet does no longer specify resource limits. by @ialidzhikov [#750]

Helm Charts

• admission-alicloud-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-application:v1.58.0
• admission-alicloud-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-runtime:v1.58.0
• provider-alicloud: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-alicloud:v1.58.0

Docker Images

• gardener-extension-admission-alicloud: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-alicloud:v1.58.0
• gardener-extension-provider-alicloud: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-alicloud:v1.58.0