Releases: gardener/gardener-extension-provider-aws
Releases · gardener/gardener-extension-provider-aws
v1.38.1
[gardener-extension-provider-aws]
🏃 Others
- [OPERATOR] Correctly enable aws custom route controller if required to ensure overlay free cluster operation. (gardener/gardener-extension-provider-aws#613, @kon-angelo)
v1.38.0
[gardener-extension-provider-aws]
⚠️ Breaking Changes
- [OPERATOR] This version of provider-aws requires Gardener v1.51+. (gardener/gardener-extension-provider-aws#566, @istvanballok)
- [OPERATOR] Please make sure you're running gardener@v1.52 or above before upgrading to this version. (gardener/gardener-extension-provider-aws#587, @shafeeqes)
✨ New Features
- [OPERATOR] Add optional custom-route-controller (gardener/gardener-extension-provider-aws#591, @MartinWeindel)
🏃 Others
- [USER] The following image is updated: (gardener/gardener-extension-provider-aws#594, @kon-angelo)
- k8s.gcr.io/provider-aws/aws-ebs-csi-driver: v1.9.0 -> 1.11.2
- [OPERATOR] Adjust metric name due to upgrading the kube-state-metrics component (gardener/gardener-extension-provider-aws#566, @istvanballok)
- [OPERATOR] The following dependency is updated: (gardener/gardener-extension-provider-aws#585, @shafeeqes)
- github.com/gardener/gardener: v1.50.1 -> v1.52.0
- [OPERATOR] All new calico aws shoot clusters with kubernetes >= 1.22 will be created without an overlay if not explicitly specified in the shoot spec. (gardener/gardener-extension-provider-aws#589, @ScheererJ)
- [OPERATOR] The
csi-driver-nodedaemonset now have its seccomp profile set to "RuntimeDefault". (gardener/gardener-extension-provider-aws#592, @dimityrmirchev) - [OPERATOR] Enable custom aws route controller per default for kubernetes >= 1.22 unless explicitly disabled. (gardener/gardener-extension-provider-aws#596, @ScheererJ)
- [OPERATOR] The
gardener.cloud-faststorage class is now deployed withvolumeBindingMode: WaitForFirstConsumer. This change is required if stateful pods with volumes have a topology relatedpodAffinityorpodAntiAffinitydefined, e.g. when Gardener creates control-planes for HA shoot clusters. (gardener/gardener-extension-provider-aws#597, @timuthy) - [OPERATOR]
QPSandBurstare set in the HealthCheckConfig passed to the Controller. (gardener/gardener-extension-provider-aws#598, @shafeeqes) - [OPERATOR] The memory limits of the aws cloud-controller-manager has been removed. (gardener/gardener-extension-provider-aws#605, @dkistner)
- [DEPENDENCY] The following dependency is updated: (gardener/gardener-extension-provider-aws#588, @shafeeqes)
- github.com/gardener/gardener: v1.52.0 -> v1.53.0
- k8s.io/* : v0.24.2 -> v0.24.3
[aws-custom-route-controller]
🐛 Bug Fixes
- [OPERATOR] Delete orphaned routes for nodes whose deletion was missed. (gardener/aws-custom-route-controller#1, @MartinWeindel)
[machine-controller-manager]
✨ New Features
- [USER] Bootstrap token replacement by MCM is now supported for Ignition userData format (gardener/machine-controller-manager#743, @Gerrit91)
🐛 Bug Fixes
- [OPERATOR] resourceName
machine-controlleradded for leases in clusterrole. Updated version of Clusterroles and Clusterrolebindings to v1. (gardener/machine-controller-manager#739, @rishabh-11) - [OPERATOR] resourceName
machine-controlleradded for leases in clusterrole. Updated version of Clusterroles and Clusterrolebindings to v1. (gardener/machine-controller-manager#738, @rishabh-11)
🏃 Others
- [OPERATOR] Migrated clients to use
policy/v1PodDisruptionBudgetfor kubernetes versions >= 1.21.policy/v1beta1PDB is also supported but for k8s < 1.21 (gardener/machine-controller-manager#744, @shafeeqes)
[machine-controller-manager-provider-aws]
✨ New Features
- [USER] Throughput is now configurable for volume types. Its validation i.e. whether it is allowed or not for the particular volume type and is within the range, is done on the provider(AWS) side. Currently only gp3 volume have configurable throughput. (gardener/machine-controller-manager-provider-aws#95, @rishabh-11)
[terraformer]
🏃 Others
- [OPERATOR] The golang base image is now updated to 1.16.15. The alpine base image is updated to 3.16.2. (gardener/terraformer#125, @kon-angelo)
v1.37.0
[gardener-extension-provider-aws]
⚠️ Breaking Changes
- [USER] The
gp2StorageClass is now removed. (gardener/gardener-extension-provider-aws#576, @StenlyTU) - [OPERATOR] This version of provider-aws requires Gardener v1.50.0. (gardener/gardener-extension-provider-aws#562, @ialidzhikov)
- [OPERATOR] This version of provider-aws requires Gardener v1.50+. (gardener/gardener-extension-provider-aws#571, @kris94)
✨ New Features
- [OPERATOR]
CloudProfileConfignow supports a new field.machineImages[].versions[].regions[].architecture. It specifies the supported CPU architecture of the given machine image AMI. (gardener/gardener-extension-provider-aws#565, @acumino) - [OPERATOR]
WorkerStatusnow supports a new field.machineImage[].architecture. It specifies the supported CPU architecture of the given worker pool. (gardener/gardener-extension-provider-aws#565, @acumino)
🐛 Bug Fixes
- [USER] Users can now set IOPS for a GP3 volume type. Validation of IOPS (i.e. whether it is allowed and is in the specified range for a volume type) is done on the AWS side, so feedback will arrive once the volume is created. (gardener/gardener-extension-provider-aws#561, @rishabh-11)
- [OPERATOR] provider-aws now mutates the
cluster-autoscalerDeployment by implementing theEnsureClusterAutoscalerDeploymentfunction. This is required in the context of kubernetes/autoscaler#4517 - cluster-autoscaler supports--feature-gatesflag and provider extensions have to mutate the cluster-autoscaler Deployment to add the CSI related feature gates to it. (gardener/gardener-extension-provider-aws#562, @ialidzhikov)
🏃 Others
- [USER] The following images are updated: (gardener/gardener-extension-provider-aws#540, @acumino)
- k8s.gcr.io/sig-storage/csi-provisioner: v2.1.2 -> v2.2.2 (for kubernetes < 1.20)
- k8s.gcr.io/sig-storage/csi-provisioner: v2.1.2 -> v3.2.0 (for kubernetes >= 1.20)
- k8s.gcr.io/sig-storage/csi-attacher: v3.3.0 -> v3.4.0
- k8s.gcr.io/sig-storage/csi-resizer: v0.5.0 -> v1.5.0
- k8s.gcr.io/sig-storage/csi-snapshotter: v3.0.3 -> v4.2.1 (for kubernetes >= 1.20)
- k8s.gcr.io/sig-storage/snapshot-validation-webhook: v3.0.3 -> v4.2.1 (for kubernetes >= 1.20)
- k8s.gcr.io/sig-storage/snapshot-controller: v3.0.3 -> v4.2.1 (for kubernetes >= 1.20)
- k8s.gcr.io/sig-storage/csi-node-driver-registrar: v1.3.0 -> v2.5.1
- k8s.gcr.io/sig-storage/livenessprobe: v2.3.0 -> v2.7.0
- [USER] The following image is updated: (gardener/gardener-extension-provider-aws#574, @ialidzhikov)
- k8s.gcr.io/provider-aws/aws-ebs-csi-driver: v1.5.3 -> v1.9.0
- [OPERATOR] The extension now uses
distrolessinstead ofalpineas a base image. (gardener/gardener-extension-provider-aws#564, @dimityrmirchev) - [OPERATOR] The following dependency is updated: (gardener/gardener-extension-provider-aws#568, @acumino)
- github.com/gardener/gardener: v1.48.0 -> v1.50.0
- [OPERATOR] Update golang version used to 1.18 (gardener/gardener-extension-provider-aws#569, @kon-angelo)
- [OPERATOR] Update MTU-resizer alpine image (gardener/gardener-extension-provider-aws#579, @kon-angelo)
[aws-lb-readvertiser]
🏃 Others
- [OPERATOR] Use
go modinstead ofdep(gardener/aws-lb-readvertiser#21, @kon-angelo)- Update golang version used.
- [OPERATOR] The
aws-lb-readvertisernow usesdistrolessinstead ofalpineas a base image. (gardener/aws-lb-readvertiser#23, @dimityrmirchev)
[machine-controller-manager]
⚠️ Breaking Changes
- [OPERATOR] The default leader election resource lock of
machine-controller-managerhas been changed fromendpointsleasestoleases. (gardener/machine-controller-manager#711, @acumino)- Please make sure, that you had at least
machine-controller-manager@v0.43.0running before upgrading tov0.46.0, so that it has successfully acquired leadership with the hybrid resource lock (endpointsleases) at least once.
- Please make sure, that you had at least
🐛 Bug Fixes
- [USER] Rollout freeze won't happen due to
Unknownmachines now. (gardener/machine-controller-manager#733, @himanshu-kun)
🏃 Others
- [OPERATOR] Published docker images for Machine-Controller-Manager are now multi-arch ready. They support
linux/amd64andlinux/arm64. (gardener/machine-controller-manager#732, @timuthy) - [OPERATOR] The
machine-controller-managercontainer now usesdistrolessinstead ofalpineas a base image. (gardener/machine-controller-manager#734, @dimityrmirchev)
[machine-controller-manager-provider-aws]
🏃 Others
- [OPERATOR] machine-controller-manager-provider-aws now uses
distrolessinstead ofalpineas a base image. (gardener/machine-controller-manager-provider-aws#90, @ialidzhikov) - [DEVELOPER] probeResources() now doesn't try to delete orphan resources but only lists them. (gardener/machine-controller-manager-provider-aws#85, @Mkmittal)
- The beforeSuite for IT test now calls for cleanup of orphan resources separately.
- The Integration Test, which looks for orphan resources, now doesn't try to delete the orphan resources and just waits for them to be done automatically.
[terraformer]
🏃 Others
- [OPERATOR] Terraform google provider is updated to v4.19.0 (gardener/terraformer#119, @bd3lage)
v1.36.0
[gardener-extension-provider-aws]
⚠️ Breaking Changes
- [OPERATOR] This version of admission-aws requires the SecretBinding provider controller to be enabled - enabled by default for gardener-controller-manager >= 1.42 or can be enabled via the gardener-controller-manager component config. (gardener/gardener-extension-provider-aws#551, @ialidzhikov)
- [OPERATOR] This extension is only compatible with Gardener versions
>= v1.37. (gardener/gardener-extension-provider-aws#538, @timebertt)
✨ New Features
- [USER] The AWS extension does now support shoot clusters with Kubernetes version 1.24. You should consider the Kubernetes release notes before upgrading to 1.24. (gardener/gardener-extension-provider-aws#553, @acumino)
- [OPERATOR] The extension does now automatically rotate its webhook CA and server certificates each
30d. (gardener/gardener-extension-provider-aws#550, @rfranzke) - [OPERATOR] This extension is prepared to support the Shoot
ServiceAccountsigning key rotation feature (see documentation). (gardener/gardener-extension-provider-aws#550, @rfranzke) - [OPERATOR] This extension is prepared to support the Shoot CA rotation feature (GEP-18). (gardener/gardener-extension-provider-aws#538, @timebertt)
🐛 Bug Fixes
- [OPERATOR] An issue causing admission-aws to fail a Shoot creation request with
.spec.provider.infrastructureConfig=nilwith 500 Internal server error is now fixed. admission-aws now properly indicates in the response that the corresponding field is required. (gardener/gardener-extension-provider-aws#549, @ialidzhikov)
📖 Documentation
- [USER] add link to K8s v1.23 conformance tests (gardener/gardener-extension-provider-aws#537, @hendrikKahl)
- [DEPENDENCY] Paths transformations in .docforge/manifest.yaml for simplification (gardener/gardener-extension-provider-aws#517, @Kostov6)
🏃 Others
- [USER] The following image is updated: (gardener/gardener-extension-provider-aws#541, @kon-angelo)
- k8s.gcr.io/provider-aws/aws-ebs-csi-driver: v1.5.0 -> v1.5.3
- [OPERATOR] The following image is updated: (gardener/gardener-extension-provider-aws#553, @acumino)
- eu.gcr.io/gardener-project/kubernetes/cloud-provider-aws: 1.23.6 -> 1.24.0(For shoots with Kubernetes version 1.24)
- [OPERATOR] The Secrets webhook of admission-aws: (gardener/gardener-extension-provider-aws#551, @ialidzhikov)
- no longer intercepts every Secret UPDATE request but only requests for Secrets that are associated with a SecretBinding with
provider.type=aws. - no longer needs to list Shoots (hence, no cache for Shoots)
- no longer intercepts every Secret UPDATE request but only requests for Secrets that are associated with a SecretBinding with
- [OPERATOR] The admission-aws component introduces a new SecretBinding validator. It validates requests for SecretBindings and checks whether the SecretBinding refers to a valid AWS Secret. (gardener/gardener-extension-provider-aws#551, @ialidzhikov)
- [OPERATOR] The following images used by the mtu-customizer DaemonSet are updated: (gardener/gardener-extension-provider-aws#548, @ialidzhikov)
- alpine: 3.12.1 -> 3.15.4
- k8s.gcr.io/pause: 3.1 -> 3.7
- [OPERATOR] The dashboards: Cloud Controller Manager and CSI Driver are removed from Grafana (gardener/gardener-extension-provider-aws#534, @Kristian-ZH)
- [OPERATOR] The resource requests and limits for components (seed and shoot) managed by the
provider-awsextension has been adapted based on a production environment analysis. This is done to avoid OOMKills and cpu throttling situations. Furthermore the vpaminAllowedsettings are now aligned with the cpu and memory request of the respective component` (gardener/gardener-extension-provider-aws#527, @dkistner)
[aws-lb-readvertiser]
🏃 Others
- [OPERATOR] Updated alpine base image to
v3.15.4(gardener/aws-lb-readvertiser#20, @kon-angelo) - [OPERATOR] The release tags from now are prefixed with
v. (gardener/aws-lb-readvertiser#18, @ialidzhikov)
[cloud-provider-aws]
✨ New Features
- [DEPENDENCY]
k8s.io/legacy-cloud-providersis now updated tov1.21.12. (gardener/cloud-provider-aws@6e0c40b2ccad) - [DEPENDENCY]
k8s.io/legacy-cloud-providersis now updated tov1.22.9. (gardener/cloud-provider-aws@a8cb9b6b1aba) - [DEPENDENCY]
k8s.io/legacy-cloud-providersis now updated tov1.23.6. (gardener/cloud-provider-aws@47e83c698b7b)
🏃 Others
- [DEVELOPER] The alpine version has been updated to
v3.15.4. (gardener/cloud-provider-aws@d451e4ca38fc) - [DEVELOPER] The Golang version has been updated to
v1.16.15. (gardener/cloud-provider-aws@d451e4ca38fc) - [DEVELOPER] The alpine version has been updated to
v3.15.4. (gardener/cloud-provider-aws@9a33c6496ef4) - [DEVELOPER] The Golang version has been updated to
v1.16.15. (gardener/cloud-provider-aws@9a33c6496ef4) - [DEVELOPER] The alpine version has been updated to
v3.15.4. (gardener/cloud-provider-aws@c8f610c5c43f) - [DEVELOPER] The Golang version has been updated to
v1.17.9. (gardener/cloud-provider-aws@c8f610c5c43f)
[machine-controller-manager]
📖 Documentation
- [USER] upgraded k8s dependecy to v1.22.9 (revendor in providers required to see effects) (gardener/machine-controller-manager#721, @Mkmittal)
- [DEPENDENCY] Paths transformations in .docforge/manifest.yaml for simplification (gardener/machine-controller-manager#689, @Kostov6)
🏃 Others
- [OPERATOR] Base image updated to alpine
v3.15.4and build image to golang1.17.9. (gardener/machine-controller-manager#713, @himanshu-kun) - [DEPENDENCY] K8s dependency upgraded to 1.21.12 (gardener/machine-controller-manager#719, @Mkmittal)
[machine-controller-manager-provider-aws]
📰 Noteworthy
- [OPERATOR] upgraded to mcm version 0.45.0 (gardener/machine-controller-manager-provider-aws#88, @rfranzke)
[terraformer]
🏃 Others
- [OPERATOR] Update alpine to 3.15.4 (gardener/terraformer#117, @rfranzke)
v1.35.0
[gardener-extension-provider-aws]
✨ New Features
- [USER] The provider-aws extension now installs the external-snapshotter's validating webhook server for VolumeSnapshot and VolumeSnapshotContent objects. For more details check the corresponding KEP. (gardener/gardener-extension-provider-aws#507, @acumino)
- [DEVELOPER] provider-aws and admission-aws components now support
--versionflag that prints the component version information and useful metadata. (gardener/gardener-extension-provider-aws#525, @ialidzhikov)
🐛 Bug Fixes
- [USER] An issue preventing load balancers from being functional for K8s 1.23 clusters has been fixed. (gardener/gardener-extension-provider-aws#515, @rfranzke)
- [OPERATOR] A race condition preventing shoot namespaces from being cleaned up due to orphaned resources has been fixed. (gardener/gardener-extension-provider-aws#516, @rfranzke)
- [OPERATOR] An issue has been fixed with the
csi-driver-nodePodSecurityPolicy which blocked the creation of new CSI-Driver pods becauseprojectedvolumes are not permitted. (gardener/gardener-extension-provider-aws#510, @timuthy)
🏃 Others
- [OPERATOR] The following dependency is updated: (gardener/gardener-extension-provider-aws#523, @acumino)
- github.com/gardener/gardener: v1.40.2 -> v1.42.3
- [OPERATOR] The
terraformerpod deployed as part of shoot control planes is now using auto-rotatedServiceAccounttokens when communicating with the seed cluster. (gardener/gardener-extension-provider-aws#508, @rfranzke) - [OPERATOR] The
gardener-extension-admission-awswebhook now contains an object selector for provider type label. Please make sure you are runninggardener@v1.42or later before enabling this. (gardener/gardener-extension-provider-aws#506, @shafeeqes)
[machine-controller-manager]
🐛 Bug Fixes
- [USER] The value for key
cluster-autoscaler.kubernetes.io/scale-down-disabledplaced by MCM is nowtrueand notTrue. This typo stopped MCM from disabling CA from scaling down during rolling update. (gardener/machine-controller-manager#685, @himanshu-kun) - [USER] MCM now marks 1 machine per machineDeployment as Failed at a time in case of healthTimeout. This is introduced to deal with meltdown scenario (gardener/machine-controller-manager#683, @himanshu-kun)
- [USER] typo stopping scaleDown disabling during cluster rollout is fixed (gardener/machine-controller-manager#687, @himanshu-kun)
🏃 Others
- [OPERATOR] machine-controller-manager does now log the Node conditions when it considers Machine as unhealthy (and changes its state to
Unknown). (gardener/machine-controller-manager#676, @ialidzhikov)
[machine-controller-manager-provider-aws]
🐛 Bug Fixes
- [USER] srcDestCheck enable/disable for a instance is done after confirming API consistency (gardener/machine-controller-manager-provider-aws#68, @himanshu-kun)
- [USER] srcDest check enable/disable done after confirming API consistency (gardener/machine-controller-manager-provider-aws#69, @himanshu-kun)
- [OPERATOR] An issue causing klog's
--vflag to be not respected is now fixed. (gardener/machine-controller-manager-provider-aws#65, @ialidzhikov) - [OPERATOR] An issue causing klog's
--vflag to be not respected is now fixed. (gardener/machine-controller-manager-provider-aws#67, @ialidzhikov)
[terraformer]
🏃 Others
- [OPERATOR] terraform has been upgraded to 0.15.5 (gardener/terraformer#107, @stoyanr)
v1.34.4
[gardener-extension-provider-aws]
🐛 Bug Fixes
- [OPERATOR] An issue preventing ControlPlane exposure to be successfully reconciled is now fixed. (gardener/gardener-extension-provider-aws#533, @ialidzhikov)
Docker Images
gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.34.4
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.34.4
v1.34.3
[gardener-extension-provider-aws]
🐛 Bug Fixes
- [USER] An issue preventing load balancers from being functional for K8s 1.23 clusters has been fixed. (gardener/gardener-extension-provider-aws#520, @ialidzhikov)
Docker Images
gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.34.3
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.34.3
v1.34.2
[machine-controller-manager]
🐛 Bug Fixes
- [USER] typo stopping scaleDown disabling during cluster rollout is fixed (gardener/machine-controller-manager#687, @himanshu-kun)
Docker Images
gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.34.2
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.34.2
v1.34.1
[gardener-extension-provider-aws]
🐛 Bug Fixes
- [OPERATOR] An issue has been fixed with the
csi-driver-nodePodSecurityPolicy which blocked the creation of new CSI-Driver pods becauseprojectedvolumes are not permitted. (gardener/gardener-extension-provider-aws#511, @ialidzhikov)
Docker Images
gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.34.1
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.34.1
v1.34.0
[gardener-extension-provider-aws]
✨ New Features
- [USER] Allow defining VPC Gateway Endpoints for subdomains with dots, e.g. com.amazonaws.eu-central-1.codeartifact.api (gardener/gardener-extension-provider-aws#472, @tareqhs)
- [OPERATOR]
gardener-extension-admission-awsnow supports configuration for enabling service account token volume projection. It is exposed through the.Values.global.serviceAccountTokenVolumeProjectionsection in the respective chart's values. (gardener/gardener-extension-provider-aws#487, @dimityrmirchev) - [OPERATOR] It is now possible to configure a
userinstead of aserviceaccountsubject in theclusterrolebindingfor thegardener-extension-admission-awswhen using virtual garden setup by setting.Values.global.virtualGarden.user.name. (gardener/gardener-extension-provider-aws#487, @dimityrmirchev)
🏃 Others
- [OPERATOR] The monitoring dashboards provided by this extension: (gardener/gardener-extension-provider-aws#503, @ialidzhikov)
- are now using UTC by default (instead of the browser time)
- do no longer auto refresh by default
- [OPERATOR] The etcd storage class is now using
gp3disk type instead ofgp2as this offers higher iops capabilities. This will affect only newly created etcd disks. (gardener/gardener-extension-provider-aws#502, @dkistner)
📰 Noteworthy
- [OPERATOR] The extension controller uses a projected
ServiceAccounttoken in case it runs on a seed with a gardenlet of at leastv1.37or higher. Similarly, the components deployed into shoot namespaces will no longer use a client certificate but an auto-rotatedServiceAccounttoken which is only valid for12h. (gardener/gardener-extension-provider-aws#467, @rfranzke)