v1.16.2

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [OPERATOR] Fix a bug in servergroup creation when the Nova API is > 2.63 (#246, @kon-angelo)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.16.2
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.16.2

v1.16.1

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [USER] An issue has been resolved which prevented the CSI driver from properly functioning when the infrastructure credentials were changed. (#230, @ialidzhikov)

🏃 Others

• [OPERATOR] An issue causing github.com/gardener/gardener/pkg/utils/imagevector.FindImages to not give a higher score on exact matched targetVersion or runtimeVersion is now fixed. (#229, @ialidzhikov)
• [OPERATOR] An issue causing Shoots to be marked as Failed (and no longer retried) on transient not found error is now fixed. (#229, @ialidzhikov)

[terraformer]

🐛 Bug Fixes

• [OPERATOR] A bug was fixed that caused terraform to leak its finalizer on ConfigMaps and Secrets in case of an interrupt during terraform destroy. (gardener/terraformer#72, @timebertt)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.16.1
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.16.1

v1.16.0

[gardener-extension-provider-openstack]

⚠️ Breaking Changes

• [OPERATOR] The ValidatingWebhookConfiguration of the Openstack admission controller has been changed from version v1beta1 to v1. Please make sure to deploy the admission controller only to clusters with a Kubernetes version >= 1.16 (#210, @timuthy)

✨ New Features

• [OPERATOR] The secrets and configmaps used by the terraformer now have an owner reference to the Infrastructure resource. (#206, @vpnachev)
• [OPERATOR] The OpenStack extension now uses a new terraformer image only including the OpenStack terraform provider plugin (v2.1.0). (#203, @timebertt)

🐛 Bug Fixes

• [OPERATOR] The validator does now only validate the .spec.provider.{infrastructure,controlPlane}Config values of a Shoot against the constraints in the CloudProfile if the values were changed during a Shoot update. (#204, @rfranzke)

📖 Documentation

• [USER] Allow updating server group settings on existing worker groups. (#212, @kon-angelo)

🏃 Others

• [USER] provider-openstack is now using [email protected] for Kubernetes >= 1.20 clusters. (#205, @ialidzhikov)
• [OPERATOR] provider-openstack is now using openstack [email protected] for Kubernetes >= 1.20 clusters. (#208, @ialidzhikov)
• [OPERATOR] Alpine base image has been updated to 3.12.3. (#206, @vpnachev)
• [OPERATOR] provider-openstack is now using openstack [email protected] for Kubernetes >= 1.19 clusters. (#199, @ialidzhikov)

[machine-controller-manager]

⚠️ Breaking Changes

• [DEVELOPER] machine-controller-manager now checks for misconfigured PodDisruptionBudgets (ones that require zero voluntary evictions and make impossible the graceful Node drain) and sets better Machine .status.lastOperation.description for such Machines. This change is breaking as out-of-tree providers need new RBAC permissions - list and watch access for PodDisruptionBudgets in the target cluster. (gardener/machine-controller-manager#591, @ialidzhikov)

🏃 Others

• [OPERATOR] Avoid the deletion of the machines in CrashLoopBackoff state by the safety controller (gardener/machine-controller-manager#589, @AxiomSamarth)

[terraformer]

🏃 Others

• [OPERATOR] The configmaps and secrets used to contain terraform configuration, state and variables are now protected with a finalizer against accidental deletion. (gardener/terraformer#65, @vpnachev)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.16.0
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.16.0

v1.15.0

[gardener-extension-provider-openstack]

✨ New Features

• [USER] The OpenStack extension does now support shoot clusters with Kubernetes version 1.20. You should consider the Kubernetes release notes before upgrading to 1.20. (#192, @rfranzke)

🐛 Bug Fixes

• [OPERATOR] Fix a bug, where a missing "auth_url" field from the credentials secret would block the creation of a shoot. In case this field is now missing from the provided credentials, the auth_url is taken from the CloudProfile used instead. (#195, @kon-angelo)
• [OPERATOR] An issue causing provider-openstack to deploy wrong version of the cloud-controller-manager for Kubernetes >= 1.18 clusters is now fixed. (#194, @ialidzhikov)

🏃 Others

• [USER] The following images are updated to address CVE-2020-8569: (#193, @ialidzhikov)
  • k8s.gcr.io/sig-storage/csi-snapshotter: v2.1.1 -> v2.1.3
  • k8s.gcr.io/sig-storage/snapshot-controller: v2.1.1 -> v2.1.3
• [DEVELOPER] github.com/gardener/gardener dependency is now updated to v1.15.0. (#201, @ialidzhikov)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.15.0
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.15.0

v1.14.1

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [OPERATOR] Fix a bug, where a missing "auth_url" field from the credentials secret would block the creation of a shoot. In case this field is now missing from the provided credentials, the auth_url is taken from the CloudProfile used instead. (#196, @kon-angelo)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.14.1
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.14.1

v1.14.0

[gardener-extension-provider-openstack]

🏃 Others

• [USER] The following images are updated: (gardener/gardener-extension-provider-openstack#189, @ialidzhikov)
  • docker.io/k8scloudprovider/cinder-csi-plugin: v1.18.0 -> v1.19.0
  • k8s.gcr.io/sig-storage/csi-provisioner: v2.0.0 -> v2.0.4
  • k8s.gcr.io/sig-storage/csi-attacher: v3.0.0 -> v3.0.2
  • k8s.gcr.io/sig-storage/csi-node-driver-registrar: v2.0.0 -> v2.0.1
• [USER] New dashboards which expose logs for cloud-controller-manager and csi-driver-controller. (#187, @vlvasilev)
• [OPERATOR] A bug that was preventing the deletion of machines with outdated credentials is now fixed. (#186, @vpnachev)
• [OPERATOR] Adds an additional option for the worker pools to specify a server group policy. If this option is set, a new server group with the defined policy will be created and nodes managed by the worker pool will become members. Allowed policy values can be defined in the provider's CloudProfile. (#170, @kon-angelo)

📰 Noteworthy

• [OPERATOR] The terraformer version has been upgraded to version v2.0.0. (#190, @dkistner)
• [OPERATOR] Logging in the infrastructure actuator has been improved to make it consistent in the logging format and more readable/helpful. (#186, @vpnachev)

[machine-controller-manager]

✨ New Features

• [OPERATOR] All machine classes do now support an optional .{spec.}credentialsSecretRef field in addition to today's .{spec.}secretRef field. If .{spec.}credentialsSecretRef is non-nil then the provider credentials will be read out of this secret. The user-data for the machine bring-up is still required to be part of the secret referenced by .{spec.}secretRef. (gardener/machine-controller-manager#578, @rfranzke)
• [OPERATOR] Some machine class secrets are now supporting alternative data keys: (gardener/machine-controller-manager#578, @rfranzke)
  • The machine class secret for Alicloud machines does now also accept the data keys accessKeyID and accessKeySecret as alternatives for today's keys.
  • The machine class secret for AWS machines does now also accept the data keys accessKeyID and secretAccessKey as alternatives for today's keys.
  • The machine class secret for Azure machines does now also accept the data keys clientID, clientSecret, subscriptionID and tenantID as alternatives for today's keys.
  • The machine class secret for GCP machines does now also accept the data key serviceaccount.json as alternatives for today's key.

🏃 Others

• [OPERATOR] Bumped AWS SDK version to v1.23.13 (gardener/machine-controller-manager#580, @zjj2wry)
• [OPERATOR] An issue causing panic when the encoded machine template hash length is less than expect limit is now fixed. (gardener/machine-controller-manager#575, @ialidzhikov)
• [OPERATOR] MCM will delete Azure machines even if the underlying resource group is already deleted. (gardener/machine-controller-manager#566, @dkistner)
• [OPERATOR] Set Machine Phase to Terminating before draining. (gardener/machine-controller-manager#564, @prashanth26)
• [OPERATOR] Update docker images to use gcr copy (gardener/machine-controller-manager#574, @prashanth26)
• [OPERATOR] Update docker image versions to golang:1.15.5 & alpine:3.12.1 (gardener/machine-controller-manager#574, @prashanth26)

📰 Noteworthy

• [OPERATOR] Machine force deletion computation is based on deletionTimestamp instead of LastUpdatedTimestamp. (gardener/machine-controller-manager#564, @prashanth26)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.14.0
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.14.0

v1.13.0

[gardener-extension-provider-openstack]

🏃 Others

• [OPERATOR] Golang version is updated to 1.15 and alpine image version is updated to 3.12.1. (#171, @kon-angelo)
• [OPERATOR] Adds priority class for extension pods to prevent preemption. (#166, @danielfoehrKn)
• [OPERATOR] The OpenStack extension now created OpenStack routers with enable_snat if the corresponding option .useSNAT is set to true in the provider's CloudProfileConfig. (#165, @timuthy)
• [OPERATOR] Added possibility to set nodeVolumeAttachLimit within the cloud profile. (#160, @mganter)
• [DEVELOPER] An issue causing make test to fail on macOS is now fixed. (#173, @ialidzhikov)
• [DEVELOPER] A new integration test for infrastructure creation and deletion has been added. (#154, @prashanth26)

📰 Noteworthy

• [OPERATOR] The infrastructure actuator is now injecting infrastructure credentials into the terraformer PodSpec via secret references instead of plain env var values. (#179, @timebertt)

[machine-controller-manager]

🏃 Others

• [USER] The default drainTimeout value has been updated from 12hours to 2hours. (gardener/machine-controller-manager#554, @prashanth26)
• [USER] OOT: Fixed regression with maxEvictRetries (gardener/machine-controller-manager#554, @prashanth26)
• [USER] Adds the ability to specify an already existing OpenStack Neutron network in the subnetID of an OpenStackMachineClass. MCM will deploy new machines into the given subnet by pre-allocating Neutron ports and pass them to the Nova server object. (gardener/machine-controller-manager#545, @MrBatschner)
• [USER] The machine-controller-manager supports now machines attached to Azure VirtualMachineScaleSet Orchestration Mode VM (VMO). (gardener/machine-controller-manager#519, @dkistner)
• [USER] Restored tag verification in the Azure driver to filter VMs/disks/NICs based on tags (gardener/machine-controller-manager#507, @zuzzas)
• [OPERATOR] An issue causing panic when the encoded machine template hash length is less than expect limit is now fixed. (gardener/machine-controller-manager#577, @AxiomSamarth)
• [OPERATOR] Set Machine Phase to Terminating before draining. (gardener/machine-controller-manager#564, @prashanth26)
• [OPERATOR] Allow migration to continue when ProviderMachineClass is missing but MachineClass with the same name as ProviderMachineClass is found. Updates Machine object references to the MachineClass. (gardener/machine-controller-manager#559, @prashanth26)
• [OPERATOR] Use cache-based listers to GET the machine-object while reconciling. (gardener/machine-controller-manager#558, @hardikdr)
• [OPERATOR] OOT: Enqueue machine only when node conditions have changed. (gardener/machine-controller-manager#557, @prashanth26)
• [OPERATOR] Adapted integration tests to handle possibly orphaned resources. (gardener/machine-controller-manager#550, @hardikdr)
• [OPERATOR] OOT: Fixes drain timeout issues on retires (gardener/machine-controller-manager#548, @prashanth26)
• [OPERATOR] NetworkUnavailable nodeCondition added to the example, some CNI will update this condition depending on the state of the CNI or the network availability. (gardener/machine-controller-manager#543, @rewiko)
• [OPERATOR] Added a more comprehensive set of events to trigger machine class reconciliations. (gardener/machine-controller-manager#531, @prashanth26)
• [OPERATOR] Finalizers are added by default for all machine class objects. (gardener/machine-controller-manager#531, @prashanth26)
• [OPERATOR] Bootstrap token injection now works in the new OOT Machine controller (gardener/machine-controller-manager#521, @zuzzas)
• [OPERATOR] Add support for ServerGroups in the Openstack driver. VMs can now be created in the ServerGroup specified in the respective MachineClass. (gardener/machine-controller-manager#511, @kon-angelo)
• [OPERATOR] Bugfix: Consider CSI PersistentVolumes during the eviction of Pods with PersistentVolumes. (gardener/machine-controller-manager#509, @ialidzhikov)
• [DEVELOPER] Adds a new phase CrashLoopBackOff that is set due to machine creation failures. (gardener/machine-controller-manager#525, @hardikdr)
• [DEVELOPER] The field availabilitySets in the AzureMachineClass is now deprecated in favour of the field machineSet, which allow to configure AvailabilitySets and VirtualMachineScaleSet Orchestration Mode VM (VMO). The field will be removed in the future. (gardener/machine-controller-manager#519, @dkistner)

📰 Noteworthy

• [USER] NetworkUnavailable node condition is also considered by default while considering the machine's to be unhealthy. (gardener/machine-controller-manager#543, @rewiko)
• [USER] AWS: Allows deletion of machines even on modify instance call failure (gardener/machine-controller-manager#515, @prashanth26)
• [OPERATOR] Machine force deletion computation is based on deletionTimestamp instead of LastUpdatedTimestamp. (gardener/machine-controller-manager#564, @prashanth26)
• [OPERATOR] OOT: Introduced a backoff in re-enqueuing machines on creation/deletion failures. Avoids throttling APIServer & provider calls. (gardener/machine-controller-manager#557, @prashanth26)
• [OPERATOR] Introduced a backoff in re-enqueuing machines on creation/deletion failures. Avoids throttling APIServer & provider calls. (gardener/machine-controller-manager#525, @hardikdr)

[terraformer]

🏃 Others

• [OPERATOR] Terraformer uses now the azurerm provider in version v2.36.0 (gardener/terraformer#54, @dkistner)
• [OPERATOR] Alicloud Terraform Provider version is updated to 1.103.0. (gardener/terraformer#50, @minchaow)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.13.0
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.13.0

v1.12.0

[gardener-extension-provider-openstack]

Action Required

• [OPERATOR] The openstack provider extension is incompatible with Gardener version > v1.10.0 (if feature flag MountHostCADirectories is enabled on the Gardenlet) for Openstack Shoots with certain Kubernetes versions (>= 1.17.x, 1.18.x, 1.19.x without CSI migration complete). Please consult the compatibility notes under /docs/compatibility.md (#147, @danielfoehrKn)

Improvements

• [USER] An issue causing kube-controller-manager to panic when upgrading an OpenStack cluster from v1.18 to v1.19 is now fixed. (#145, @ialidzhikov)
• [USER] An issue preventing csi-driver-node Pods to be created when Shoot specifies .spec.kubernetes.allowPrivilegedContainers=false is now fixed. (#143, @ialidzhikov)
• [USER] The CSI StorageClasses (with provisioner cinder.csi.openstack.org) do now also specify WaitForFirstConsumer for volumeBindingMode. (#140, @ialidzhikov)
• [OPERATOR] The following options can now be configured through the extension's Helm chart values charts/gardener-extension-provider-openstack/values.yaml: (#159, @timuthy)
  • Health check worker count
  • minAllowed values for VPA
• [OPERATOR] CSI sidecar containers timeout is now increased to 3m. (#158, @kayrus)
• [OPERATOR] An issue causing CSI PV to do not have set spec.csi.fsType is now fixed. The csi-provisioner is now started with --default-fstype=ext4 which is the default fstype to be used when there is no fstype specified in the StorageClass. (#142, @ialidzhikov)
• [OPERATOR] The Webhook ensurer does not remove or add the /etc/ssl directory for kube apiserver deployments any more. This is done by the Gardenlet for version >= 1.10.0. (#141, @danielfoehrKn)

[machine-controller-manager]

Most notable changes

• [USER] Support for Spot Instances is available in AWS driver. If the spotPrice is empty, price is automatically set to the on-demand price so that Spot instance can launch immediately. (gardener/machine-controller-manager#481, @zuzzas)
• [OPERATOR] Introduced a backoff in re-enqueuing machines on creation/deletion failures. Avoids throttling APIServer & provider calls. (gardener/machine-controller-manager#523, @hardikdr)
• [OPERATOR] RBAC policies have to be updated to allow updating of node/status resources. (gardener/machine-controller-manager#492, @guydaichs)
• [OPERATOR] New flag delete-migrated-machine-class is introduced. When set to true (defaulted to false), deletes any provider-specific machine class (e.g. AWSMachineClass) that has the machine.sapcloud.io/migrated annotation set on it. (gardener/machine-controller-manager#484, @prashanth26)
• [DEVELOPER] Added migration logic for moving from provider-specific machine class to generic machine classes in out of tree code path. On migration, the machine.sapcloud.io/migrated annotation set on the old machine class. (gardener/machine-controller-manager#484, @prashanth26)
• [DEVELOPER] The machine controller adds finalizer only when machine reference is present, deletes it otherwise. (gardener/machine-controller-manager#484, @prashanth26)

Improvements

• [USER] Retry when secret is referred by machineClass is missing (gardener/machine-controller-manager#495, @AxiomSamarth)
• [USER] Node condition is added to the status of terminating nodes indicating the termination start time and reason (Unhealthy|ScaleDown) (gardener/machine-controller-manager#492, @guydaichs)
• [OPERATOR] Added a more comprehensive set of events to trigger machine class reconciliations. (gardener/machine-controller-manager#532, @prashanth26)
• [OPERATOR] Finalizers are added by default for all machine class objects. (gardener/machine-controller-manager#532, @prashanth26)
• [OPERATOR] AWS: Allow deletion of VMs even on list image or modify instance failure (gardener/machine-controller-manager#516, @prashanth26)
• [OPERATOR] All nodes under machine deployments being rolled-out are annotated with cluster-autoscaler.kubernetes.io/scale-down-disabled: "True" during the period of rolling-update. (gardener/machine-controller-manager#496, @hardikdr)
• [OPERATOR] A new command line flag autoscaler-scaldown-annotation-during-rollout is introduced to disable annotating the nodes with cluster-autoscaler annotation cluster-autoscaler.kubernetes.io/scale-down-disabled during rollout. (gardener/machine-controller-manager#496, @hardikdr)
• [DEVELOPER] Adds a new phase CrashLoopBackOff that is set due to machine creation failures. (gardener/machine-controller-manager#523, @hardikdr)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.12.0
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.12.0

v1.11.4

[gardener-extension-provider-openstack]

Improvements

• [OPERATOR] CSI sidecar containers timeout is now increased to 3m. (f2b780d)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.11.4
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.11.4

v1.11.3

[gardener-extension-provider-openstack]

Improvements

• [USER] An issue causing kube-controller-manager to panic when upgrading an OpenStack cluster from v1.18 to v1.19 is now fixed. (2f9be52)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.11.3
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.11.3