v1.22.1

[gardener-extension-provider-aws]

🐛 Bug Fixes

• [USER] An issue causing Infrastructure reconciliation to fail because of insufficient privileges is now fixed. (#302, @ialidzhikov)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.22.1
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.22.1

v1.22.0

[gardener-extension-provider-aws]

🏃 Others

• [USER] The load balancers and security groups are again explicitly deleted by the AWS provider extension (independent of the Kubernetes version used by the shoot cluster). The number of API calls have been reduced to the absolute minimum. (#295, @rfranzke)
• [DEVELOPER] github.com/gardener/gardener dependency is now updated to v1.19.0. For the complete list of changes, see the release notes. (#297, @ialidzhikov)

[cloud-provider-aws]

🏃 Others

• [OPERATOR] k8s.io/legacy-cloud-providers is now updated to v0.17.17. (gardener-attic/cloud-provider-aws@badfa8d)
• [OPERATOR] k8s.io/legacy-cloud-providers is now updated to v0.18.17. (gardener-attic/cloud-provider-aws@b9e0026)
• [OPERATOR] k8s.io/legacy-cloud-providers is now updated to v0.19.9. (gardener-attic/cloud-provider-aws@9f9e093)
• [OPERATOR] k8s.io/legacy-cloud-providers is now updated to v0.20.5. (gardener-attic/cloud-provider-aws@adf069c)

[machine-controller-manager]

🐛 Bug Fixes

• [DEVELOPER] Azure: Improved NIC creation and deletion logic to handle NIC creation and deletions more gracefully. (gardener/machine-controller-manager#594, @prashanth26)

[terraformer]

🏃 Others

• [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#84, @ialidzhikov)
  • hashicorp/terraform-provider-aws: 3.18.0 -> 3.32.0
  • hashicorp/terraform-provider-google: 3.27.0 -> 3.59.0
  • hashicorp/terraform-provider-google-beta: 3.27.0 -> 3.59.0

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.22.0
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.22.0

v1.21.0

[gardener-extension-provider-aws]

✨ New Features

• [OPERATOR] It is now possible to specify the leader election resource lock via the command line flag --leader-election-resource-lock (defaults to configmapsleases) and the chart value leaderElection.resourceLock. Please be careful when changing the resource lock and always migrate via multilocks in order to prevent situations where multiple instances of the controller are running with leader election and thus acting on the same resources. (#263, @timebertt)

🐛 Bug Fixes

• [USER] The following images are updated (see CHANGELOG for more details): (#278, @ialidzhikov)
  • quay.io/k8scsi/csi-snapshotter: v2.1.3 -> v2.1.4
  • quay.io/k8scsi/snapshot-controller: v2.1.3 -> v2.1.4
• [OPERATOR] The Pods of the mtu-customizer DaemonSet now use the same PriorityClass like provider-aws Pods, to ensure the Pods are always scheduled on all Nodes. (#286, @timebertt)
• [OPERATOR] Allow deletion of machine whose providerID is empty. (#274, @gardener-robot-ci-3)
• [OPERATOR] An issue causing the generic Worker actuator to not wait until the finalizer of the out-of-tree machine controller provider is removed from the credentials secret is now fixed. (#269, @ialidzhikov)

🏃 Others

• [USER] The following image is updated: (#292, @ialidzhikov)
  • k8s.gcr.io/provider-aws/aws-ebs-csi-driver: v0.8.0 -> v0.9.0 (see CHANGELOG)
• [USER] The load balancers and security groups are no longer explicitly deleted by the AWS provider extension when a shoot cluster of at least Kubernetes v1.16 is being deleted. Instead, it now relies on the service-controller in the cloud-controller-manager to properly clean up. (#290, @rfranzke)
• [OPERATOR] The cloud-controller-manager VPA does now specify minAllowed values to prevent too low resource recommendations from VPA that lead to OOM. (#288, @MartinWeindel)
• [OPERATOR] An issue causing Shoots to be marked as Failed (and no longer retried) on transient not found error is now fixed. (#273, @prashanth26)

📰 Noteworthy

• [OPERATOR] The validator/admission component's Helm chart is now deploying a VerticalPodAutoscaler resource by default. If undesired or no VPA is available in the garden cluster then it can be turned of via .Values.global.vpa.enabled=false. (#271, @rfranzke)

[machine-controller-manager]

⚠️ Breaking Changes

• [DEVELOPER] machine-controller-manager now checks for misconfigured PodDisruptionBudgets (ones that require zero voluntary evictions and make impossible the graceful Node drain) and sets better Machine .status.lastOperation.description for such Machines. This change is breaking as out-of-tree providers need new RBAC permissions - list and watch access for PodDisruptionBudgets in the target cluster. (gardener/machine-controller-manager#591, @ialidzhikov)

🏃 Others

• [OPERATOR] Avoid the deletion of the machines in CrashLoopBackoff state by the safety controller (gardener/machine-controller-manager#589, @AxiomSamarth)

[machine-controller-manager-provider-aws]

🏃 Others

• [USER] Validation for block devices is now improved (gardener/machine-controller-manager-provider-aws#21, @prashanth26)

📰 Noteworthy

• [USER] Fixes regressions while supporting multiple volumes support for EC2 instances (gardener/machine-controller-manager-provider-aws#21, @prashanth26)

[terraformer]

🐛 Bug Fixes

• [OPERATOR] A bug was fixed that caused terraform to leak its finalizer on ConfigMaps and Secrets in case of an interrupt during terraform destroy. (gardener/terraformer#71, @timebertt)
• [OPERATOR] A bug was fixed that caused terraform to leak its finalizer on ConfigMaps and Secrets in case of an interrupt during terraform destroy. (gardener/terraformer#72, @timebertt)

🏃 Others

• [OPERATOR] The Terraformer now instantly removes its finalizer from the state ConfigMap if the state is empty and destroy is called. A separate Terraform destroy is not executed. (gardener/terraformer#80, @timuthy)
• [OPERATOR] Terraformer will now publish an additional image without any pre-installed terraform plugins. (gardener/terraformer#77, @Diaphteiros)
• [OPERATOR] Provides support for the Equinix Metal provider, which replaces the Packet one (gardener/terraformer#73, @deitch)
• [OPERATOR] The terraformer-openstack use now the openstack provider in version v1.37.0 (gardener/terraformer#70, @kon-angelo)
• [OPERATOR] The terraformer-openstack use now the openstack provider in version v1.36.0 (gardener/terraformer#68, @dkistner)

📰 Noteworthy

• [OPERATOR] Curl has been removed from the Terraformer image. (gardener/terraformer#69, @timuthy)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.21.0
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.21.0

v1.20.5

[gardener-extension-provider-aws]

🏃 Others

• [USER] The load balancers and security groups are no longer explicitly deleted by the AWS provider extension when a shoot cluster of at least Kubernetes v1.16 is being deleted. Instead, it now relies on the service-controller in the cloud-controller-manager to properly clean up. (#291, @rfranzke)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.20.5
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.20.5

v1.20.4

[gardener-extension-provider-aws]

🐛 Bug Fixes

• [OPERATOR] The Pods of the mtu-customizer DaemonSet now use the same PriorityClass like provider-aws Pods, to ensure the Pods are always scheduled on all Nodes. (#287, @timebertt)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.20.4
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.20.4

v1.20.3

[gardener-extension-provider-aws]

🐛 Bug Fixes

• [OPERATOR] Allow deletion of machine whose providerID is empty. (#276, @prashanth26)

🏃 Others

• [OPERATOR] An issue causing Shoots to be marked as Failed (and no longer retried) on transient not found error is now fixed. (#275, @prashanth26)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.20.3
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.20.3

v1.20.2

[gardener-extension-provider-aws]

🐛 Bug Fixes

• [OPERATOR] An issue causing the generic Worker actuator to not wait until the finalizer of the out-of-tree machine controller provider is removed from the credentials secret is now fixed. (#270, @ialidzhikov)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.20.2
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.20.2

v1.20.1

[gardener-extension-provider-aws]

🐛 Bug Fixes

• [USER] Fixes regressions while supporting multiple volumes for EC2 instances (#266, @prashanth26)

🏃 Others

• [DEVELOPER] Validation for block devices is now improved (#266, @prashanth26)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.20.1
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.20.1

v1.20.0

[gardener-extension-provider-aws]

⚠️ Breaking Changes

• [OPERATOR] The ValidatingWebhookConfiguration of the AWS admission controller has been changed from version v1beta1 to v1. Please make sure to deploy the admission controller only to clusters with a Kubernetes version >= 1.16 (#261, @timuthy)
• [OPERATOR] ⚠️ Before upgrading your gardener/gardener-extension-provider-aws to >= v1.20.0, please upgrade your gardener/gardener component version to >= v1.14.0 to avoid breaking of clusters that are using the scale from/to zero feature (clusters that allowing scaling from/to 0 worker pools). If used with an older gardener/gardener version, this would lead to failure of clusters making use of this feature. (#212, @prashanth26)

✨ New Features

• [USER] It is possible now to specify custom resource tags that should be ignored during infrastructure reconciliation (i.e. not removed) in the AWS infrastructureConfig. See the documentation for more details. (#260, @timebertt)
• [OPERATOR] The secrets and configmaps used by the terraformer now have an owner reference to the Infrastructure resource. (#254, @vpnachev)
• [OPERATOR] Add a validating webhook for the providerConfig section of CloudProfile. (#250, @kon-angelo)
• [OPERATOR] The AWS extension now uses a new terraformer image only including the AWS terraform provider plugin (v2.1.0). (#241, @timebertt)

🐛 Bug Fixes

• [USER] Volumes provisioned with CSI will now have the in-tree volume plugin tags. Until now the CSI volumes had no tags at all. This is required to keep CSI plugin backwards-compatible with the in-tree volume plugin. (#256, @ialidzhikov)
• [OPERATOR] It is now possible to remove zones from the CloudProfile without breaking the possibility of adding new, still allowed zones to the .spec.provider.infrastructureConfig of Shoots which are using the removed zone. (#253, @rfranzke)

🏃 Others

• [OPERATOR] Golang has been updated to 1.15.5 (#254, @vpnachev)
• [OPERATOR] Alpine base image has been updated to 3.12.3. (#254, @vpnachev)
• [OPERATOR] Reducing credential update complexity by all the machine classes using the new .{spec.}credentialsSecretRef field. (#238, @danielfoehrKn)
  • This means all worker pools use the same "cloudprovider" secret containing only the cloud provider credentials.
  • The existing MachineClass SecretReference only contains the user data that is different for each pool.
• [DEVELOPER] Migration of MCM provider from in-tree to out-of-tree. Refer - MCM provider AWS. (#212, @prashanth26)
• [DEVELOPER] Migration of AWSMachineClass to MachineClass. This migration occurs implicitly without causing rollouts of existing nodes/VMs. (#212, @prashanth26)

[terraformer]

🏃 Others

• [OPERATOR] The configmaps and secrets used to contain terraform configuration, state and variables are now protected with a finalizer against accidental deletion. (gardener/terraformer#65, @vpnachev)
• [OPERATOR] terraform-provider-aws is now updated to 3.18.0 (gardener/terraformer#63, @ialidzhikov)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.20.0
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.20.0

v1.19.1

[gardener-extension-provider-aws]

🐛 Bug Fixes

• [USER] Volumes provisioned with CSI will now have the in-tree volume plugin tags. Until now the CSI volumes had no tags at all. This is required to keep CSI plugin backwards-compatible with the in-tree volume plugin. (#257, @ialidzhikov)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.19.1
gardener-extension-validator-aws: eu.gcr.io/gardener-project/gardener/extensions/validator-aws:v1.19.1