shoot-cert-service-1.44.1

[gardener/gardener-extension-shoot-cert-service]

🐛 Bug Fixes

• [OPERATOR] An issue causing the controlledValues: RequestsOnly field not to be set for the shoot-cert-management-seed-vpa VPA is now fixed. by @ialidzhikov [#285]

Docker Images

• gardener-extension-shoot-cert-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.44.1

runtime-gvisor-0.16.0

[gardener/gardener-extension-runtime-gvisor]

🏃 Others

• [OPERATOR] Introduce providerConfig.configFlags with net-raw as first supported flag to start gVisor with NET_RAW capability. by @Roncossek [#154]
• [OPERATOR] Gardener libraries were updated to 1.103. by @MrBatschner [#150]
• [DEVELOPER] Static Application Security Testing (sast) with gosec got enabled on this repository. by @MrBatschner [#155]

Helm Charts

• runtime-gvisor: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/runtime-gvisor:v0.16.0

Docker Images

• gardener-extension-runtime-gvisor-installation: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor-installation:v0.16.0
• gardener-extension-runtime-gvisor: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor:v0.16.0

runtime-gvisor-0.15.0

[gardener/gardener-extension-runtime-gvisor]

✨ New Features

• [OPERATOR] Helm charts of extension and admission controller are published as OCI artifacts now. by @oliver-goetz [#138]

🏃 Others

• [OPERATOR] This extension now deploys gVisor 20240930 to Shoot clusters. by @MrBatschner [#146]
• [USER] gVisor was updated to 20240603.0. by @MrBatschner [#127]
• [USER] Alpine in the gVisor installation container was updated to 3.18.6 to provide a fix for CVE-2024-0727. by @MrBatschner [#127]
• [DEPENDENCY] Update go version to v1.22.0 by @LucaBernstein [#126]
• [DEPENDENCY] Update gardener/gardener version to v1.96.1 by @LucaBernstein [#126]
• [DEVELOPER] The vendor directory was removed in favor of the go mod cache. by @LucaBernstein [#126]

Helm Charts

• runtime-gvisor: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/runtime-gvisor:v0.15.0

Docker Images

• gardener-extension-runtime-gvisor-installation: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor-installation:v0.15.0
• gardener-extension-runtime-gvisor: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor:v0.15.0

registry-cache-0.9.0

[gardener/gardener-extension-registry-cache]

⚠️ Breaking Changes

• [USER] The registry.extensions.gardener.cloud/v1alpha2 API version is removed. Use registry.extensions.gardener.cloud/v1alpha3 instead. by @ialidzhikov [#165]
• [OPERATOR] The registry.extensions.gardener.cloud/v1alpha2 API version is removed. Before upgrading to this version, make sure that there are no usages of the registry.extensions.gardener.cloud/v1alpha2 API version in the landscape. by @ialidzhikov [#165]

📰 Noteworthy

• [USER] The registry cache StatefulSets for registries with upstream host with more than 43 chars will be recreated. Only the StatefulSet will be recreated, the underlying PVC remains the same. by @dimitar-kostadinov [#186]

🏃 Others

• [OPERATOR] This extension is now using the new way of providing monitoring configuration (ref GEP-19) in case a shoot cluster's Prometheus has been migrated to management via prometheus-operator. by @ialidzhikov [#187]
• [OPERATOR] The upstream fields in the registry-mirror and registry-cache APIs now support optional port (e.g. example.io:5000). by @dimitar-kostadinov [#183]
• [OPERATOR] A new optional remoteURL field in the registry-cache API allows specifying the URL of the upstream registry (e.g. http://example.io:5000). by @dimitar-kostadinov [#183]
• [OPERATOR] The registry-cache extension does now support the Deploying Gardener Locally and Enabling Provider-Extensions local setup. by @dimitar-kostadinov [#193]

Docker Images

• gardener-extension-registry-cache-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache-admission:v0.9.0
• gardener-extension-registry-cache: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache:v0.9.0

registry-cache-0.12.0

[gardener/gardener-extension-registry-cache]

🐛 Bug Fixes

• [DEVELOPER] An issue causing make extension-up to fail to patch the ControllerDeployment is now mitigated. by @ialidzhikov [#277]
• [DEVELOPER] An issue causing make extension-up to do NOT generate a new tag for local source code changes is now fixed. by @ialidzhikov [#279]

🏃 Others

• [OPERATOR] The following Distribution issue distribution/distribution#4478 is now mitigated. by @dimitar-kostadinov [#292]
• [OPERATOR] The extension and admission charts do no longer specify VPA maxAllowed values by default. You can still configure maxAllowed values, if needed. by @ialidzhikov [#296]
• [DEVELOPER] The parallel execution of e2e tests is increase from 2 to 3 to speed up the e2e test execution times. by @ialidzhikov [#280]
• [DEVELOPER] gosec is made available for SAST(static application security testing). It can be run with make sast or make sast-report, but is also incorporated in the verify and verify-extended makefile targets. by @Kostov6 [#272]

Helm Charts

• admission-registry-cache-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-registry-cache-application:v0.12.0
• admission-registry-cache-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-registry-cache-runtime:v0.12.0
• registry-cache: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/registry-cache:v0.12.0

Docker Images

• gardener-extension-registry-cache-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache-admission:v0.12.0
• gardener-extension-registry-cache: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache:v0.12.0

registry-cache-0.11.0

[gardener/gardener-extension-registry-cache]

⚠️ Breaking Changes

• [OPERATOR] The specification of the image in gardener-extension-registry-cache Helm chart has been changed. by @oliver-goetz [#229]

✨ New Features

• [OPERATOR] Helm charts of extension and admission controller are published as OCI artifacts now. by @oliver-goetz [#229]
• [OPERATOR] All container images are built for linux/amd64 and linux/arm64 now. by @oliver-goetz [#229]

🐛 Bug Fixes

• [OPERATOR] The monitoring resources (dashboards ConfigMap, PrometheusRule, ScrapeConfig) are now deleted when the Extension is deleted. by @ialidzhikov [#268]

🏃 Others

• [DEVELOPER] e2e tests are no longer using test images from public ECR as the Distribution project cannot pull blobs from it. by @dimitar-kostadinov [#254]
• [DEVELOPER] The verification in the e2e test is enhanced to check that all image layers of an image are present in the registry cache storage. by @dimitar-kostadinov [#255]
• [DEVELOPER] A new e2e test that covers upstream registries with credentials is now added. by @dimitar-kostadinov [#184]
• [DEVELOPER] The golang version is updated to 1.23.0. by @dependabot[bot] [#239]

Helm Charts

• admission-registry-cache-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-registry-cache-application:v0.11.0
• admission-registry-cache-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-registry-cache-runtime:v0.11.0
• registry-cache: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/registry-cache:v0.11.0

Docker Images

• gardener-extension-registry-cache-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache-admission:v0.11.0
• gardener-extension-registry-cache: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache:v0.11.0

registry-cache-0.10.0

[gardener/gardener-extension-registry-cache]

⚠️ Breaking Changes

• [OPERATOR] The legacy method of providing monitoring configuration via ConfigMaps labeled with extensions.gardener.cloud/configuration=monitoring has been removed. The extension does now only uses the new contract for providing monitoring configuration. Before upgrading to this version of the extension, make sure that the deployed Gardener version supports the new monitoring contract. by @dimitar-kostadinov [#237]

📰 Noteworthy

• [DEVELOPER] The containerd registry configuration hosts.toml files are now created using the OpetingSystemConfig CRI API. by @dimitar-kostadinov [#227]

🏃 Others

• [OPERATOR] A priorityClassName can now be set for the admission deployment via the admission Helm chart. by @timuthy [#222]
• [OPERATOR] The registry-cache admission validation is skipped when no semantic change in providerConfig is detected. by @dimitar-kostadinov [#210]
• [OPERATOR] The following image is updated:
  • europe-docker.pkg.dev/gardener-project/releases/3rd/registry: 3.0.0-alpha.1 -> 3.0.0-beta.1 by @ialidzhikov [#224]

Docker Images

• gardener-extension-registry-cache-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache-admission:v0.10.0
• gardener-extension-registry-cache: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache:v0.10.0

provider-openstack-1.44.0

[gardener/gardener-extension-provider-openstack]

⚠️ Breaking Changes

• [OPERATOR] The Helm charts for the application and runtime parts of the gardener-extension-admission-openstack admission controller have been separated into standalone charts. These charts now assume a Garden setup with a virtual garden. Both charts must be deployed individually: the runtime chart on the Garden runtime cluster, and the application chart on the virtual garden. Additionally, the intermediate global level in the Helm values has been removed, so you may need to adjust your provided values accordingly. by @MartinWeindel [#901]

✨ New Features

• [OPERATOR] Adjustments for additional deployment of extension and admission controller on Garden runtime cluster by gardener-operator. by @MartinWeindel [#901]

🐛 Bug Fixes

• [OPERATOR] management of the router interface missed some of openstack's owner labels assigned to the routers network interface causing the infrastructure conciliation to fail due to dublicated router network interfaces by @crigertg [#917]

🏃 Others

• [OPERATOR] Update Cinder CSI v1.30.1 -> v1.31.2 for shoots on v1.31.x by @kon-angelo [#915]
• [OPERATOR] Add NamespacedCloudProfile admission mutation and validation to support custom machine images and types. by @LucaBernstein [#911]
• [OPERATOR] Update Cinder CSI v1.30.1 -> v1.30.2 for shoots on v1.30.x by @kon-angelo [#915]
• [USER] Shoots with NodeLocalDNS enabled will use UDP instead of TCP for upstream DNS queries by default to avoid performance issues on OpenStack. by @domdom82 [#925]

Helm Charts

• admission-openstack-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.44.0
• admission-openstack-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.44.0
• provider-openstack: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.44.0

Docker Images

• gardener-extension-admission-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.44.0
• gardener-extension-provider-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.44.0

provider-openstack-1.43.1

[gardener/gardener-extension-provider-openstack]

🏃 Others

• [OPERATOR] Fix an issue where the CSI-Provisioner was missing 'patch' permissions on PVs by @AndreasBurger [#924]

Helm Charts

• admission-openstack-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.43.1
• admission-openstack-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.43.1
• provider-openstack: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.43.1

Docker Images

• gardener-extension-admission-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.43.1
• gardener-extension-provider-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.43.1

provider-openstack-1.43.0

[gardener/gardener-extension-provider-openstack]

⚠️ Breaking Changes

• [OPERATOR] Deprecated configuring bastion via helm chart config map by @hebelsan [#838]

📰 Noteworthy

• [OPERATOR] Added support for configuring bastion vm from CloudProfile's bastion section by @hebelsan [#838]

🏃 Others

• [DEPENDENCY] Add gosec as sast makefile target by @hebelsan [#902]
• [DEPENDENCY] Update go to version 1.23.3 by @hebelsan [#900]
• [OPERATOR] Fix an issue where provider-openstack required permissions for share network operations even when not required by the InfrastructureConfig. by @kon-angelo [#885]
• [OPERATOR] Update gardener/gardener to v1.107.0 by @hebelsan [#896]
• [OPERATOR] Fix an issue where the deletion with the flow reconciler would fail if the network was already deleted. by @kon-angelo [#898]
• [OPERATOR] Added validation to prevent IPv6-only/dual-stack clusters as they are not supported, yet. by @ScheererJ [#886]
• [OPERATOR] Remove the duplicate provider type check from the admission webhooks. by @LucaBernstein [#895]
• [OPERATOR] Fix possible nil-pointer deref when looking for networks. during reconciliation by @AndreasBurger [#879]
• [OPERATOR] subnet overlapping, missing expected router and Policy doesn't allow .* to be performed errors are now non-retryable user errors. by @RadaBDimitrova [#894]
• [OPERATOR] Updating CSI driver provisioner ClusterRole rules by @hebelsan [#880]
• [DEVELOPER] Update gardener/gardener to v1.105.0 by @hebelsan [#881]

Helm Charts

• admission-openstack-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.43.0
• admission-openstack-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.43.0
• provider-openstack: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.43.0

Docker Images

• gardener-extension-admission-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.43.0
• gardener-extension-provider-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.43.0