v1.35.0

[gardener-extension-provider-aws]

✨ New Features

• [USER] The provider-aws extension now installs the external-snapshotter's validating webhook server for VolumeSnapshot and VolumeSnapshotContent objects. For more details check the corresponding KEP. (gardener/gardener-extension-provider-aws#507, @acumino)
• [DEVELOPER] provider-aws and admission-aws components now support --version flag that prints the component version information and useful metadata. (gardener/gardener-extension-provider-aws#525, @ialidzhikov)

🐛 Bug Fixes

• [USER] An issue preventing load balancers from being functional for K8s 1.23 clusters has been fixed. (gardener/gardener-extension-provider-aws#515, @rfranzke)
• [OPERATOR] A race condition preventing shoot namespaces from being cleaned up due to orphaned resources has been fixed. (gardener/gardener-extension-provider-aws#516, @rfranzke)
• [OPERATOR] An issue has been fixed with the csi-driver-node PodSecurityPolicy which blocked the creation of new CSI-Driver pods because projected volumes are not permitted. (gardener/gardener-extension-provider-aws#510, @timuthy)

🏃 Others

• [OPERATOR] The following dependency is updated: (gardener/gardener-extension-provider-aws#523, @acumino)
  • github.com/gardener/gardener: v1.40.2 -> v1.42.3
• [OPERATOR] The terraformer pod deployed as part of shoot control planes is now using auto-rotated ServiceAccount tokens when communicating with the seed cluster. (gardener/gardener-extension-provider-aws#508, @rfranzke)
• [OPERATOR] The gardener-extension-admission-aws webhook now contains an object selector for provider type label. Please make sure you are running [email protected] or later before enabling this. (gardener/gardener-extension-provider-aws#506, @shafeeqes)

[machine-controller-manager]

🐛 Bug Fixes

• [USER] The value for key cluster-autoscaler.kubernetes.io/scale-down-disabled placed by MCM is now true and not True. This typo stopped MCM from disabling CA from scaling down during rolling update. (gardener/machine-controller-manager#685, @himanshu-kun)
• [USER] MCM now marks 1 machine per machineDeployment as Failed at a time in case of healthTimeout. This is introduced to deal with meltdown scenario (gardener/machine-controller-manager#683, @himanshu-kun)
• [USER] typo stopping scaleDown disabling during cluster rollout is fixed (gardener/machine-controller-manager#687, @himanshu-kun)

🏃 Others

• [OPERATOR] machine-controller-manager does now log the Node conditions when it considers Machine as unhealthy (and changes its state to Unknown). (gardener/machine-controller-manager#676, @ialidzhikov)

[machine-controller-manager-provider-aws]

🐛 Bug Fixes

• [USER] srcDestCheck enable/disable for a instance is done after confirming API consistency (gardener/machine-controller-manager-provider-aws#68, @himanshu-kun)
• [USER] srcDest check enable/disable done after confirming API consistency (gardener/machine-controller-manager-provider-aws#69, @himanshu-kun)
• [OPERATOR] An issue causing klog's --v flag to be not respected is now fixed. (gardener/machine-controller-manager-provider-aws#65, @ialidzhikov)
• [OPERATOR] An issue causing klog's --v flag to be not respected is now fixed. (gardener/machine-controller-manager-provider-aws#67, @ialidzhikov)

[terraformer]

🏃 Others

• [OPERATOR] terraform has been upgraded to 0.15.5 (gardener/terraformer#107, @stoyanr)

v1.34.4

[gardener-extension-provider-aws]

🐛 Bug Fixes

• [OPERATOR] An issue preventing ControlPlane exposure to be successfully reconciled is now fixed. (gardener/gardener-extension-provider-aws#533, @ialidzhikov)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.34.4
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.34.4

v1.34.3

[gardener-extension-provider-aws]

🐛 Bug Fixes

• [USER] An issue preventing load balancers from being functional for K8s 1.23 clusters has been fixed. (gardener/gardener-extension-provider-aws#520, @ialidzhikov)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.34.3
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.34.3

v1.34.2

[machine-controller-manager]

🐛 Bug Fixes

• [USER] typo stopping scaleDown disabling during cluster rollout is fixed (gardener/machine-controller-manager#687, @himanshu-kun)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.34.2
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.34.2

v1.34.1

[gardener-extension-provider-aws]

🐛 Bug Fixes

• [OPERATOR] An issue has been fixed with the csi-driver-node PodSecurityPolicy which blocked the creation of new CSI-Driver pods because projected volumes are not permitted. (gardener/gardener-extension-provider-aws#511, @ialidzhikov)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.34.1
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.34.1

v1.34.0

[gardener-extension-provider-aws]

✨ New Features

• [USER] Allow defining VPC Gateway Endpoints for subdomains with dots, e.g. com.amazonaws.eu-central-1.codeartifact.api (gardener/gardener-extension-provider-aws#472, @tareqhs)
• [OPERATOR] gardener-extension-admission-aws now supports configuration for enabling service account token volume projection. It is exposed through the .Values.global.serviceAccountTokenVolumeProjection section in the respective chart's values. (gardener/gardener-extension-provider-aws#487, @dimityrmirchev)
• [OPERATOR] It is now possible to configure a user instead of a serviceaccount subject in the clusterrolebinding for the gardener-extension-admission-aws when using virtual garden setup by setting .Values.global.virtualGarden.user.name. (gardener/gardener-extension-provider-aws#487, @dimityrmirchev)

🏃 Others

• [OPERATOR] The monitoring dashboards provided by this extension: (gardener/gardener-extension-provider-aws#503, @ialidzhikov)
  • are now using UTC by default (instead of the browser time)
  • do no longer auto refresh by default
• [OPERATOR] The etcd storage class is now using gp3 disk type instead of gp2 as this offers higher iops capabilities. This will affect only newly created etcd disks. (gardener/gardener-extension-provider-aws#502, @dkistner)

📰 Noteworthy

• [OPERATOR] The extension controller uses a projected ServiceAccount token in case it runs on a seed with a gardenlet of at least v1.37 or higher. Similarly, the components deployed into shoot namespaces will no longer use a client certificate but an auto-rotated ServiceAccount token which is only valid for 12h. (gardener/gardener-extension-provider-aws#467, @rfranzke)

v1.33.1

[gardener-extension-provider-aws]

🐛 Bug Fixes

• [OPERATOR] The following dependency is updated: (gardener/gardener-extension-provider-aws#495, @ialidzhikov)
  • github.com/gardener/gardener: v1.39.4 -> v1.39.5

v1.33.0

[gardener-extension-provider-aws]

⚠️ Breaking Changes

• [OPERATOR] Removes the cleanup for the older AWSMachineclasses during worker reconciliation. (gardener/gardener-extension-provider-aws#456, @kon-angelo)

✨ New Features

• [USER] The AWS extension does now support shoot clusters with Kubernetes version 1.23. You should consider the Kubernetes release notes before upgrading to 1.23. (gardener/gardener-extension-provider-aws#480, @rfranzke)
• [USER] In case gardener/gardener's WorkerPoolKubernetesVersion feature gate is enabled, it's possible having worker pools with overridden Kubernetes versions for Shoots whose .spec.kubernetes.version is greater or equal than the CSI migration version (1.18). (gardener/gardener-extension-provider-aws#479, @rfranzke)
• [USER] Extension aws now can read nodeTemplate from worker resource and fill it in machineClass. It prioritizes nodeTemplate provided by user in providerConfig (under worker section in shoot yaml) over worker resource's nodeTemplate, if user provides it. (gardener/gardener-extension-provider-aws#461, @AxiomSamarth)
• [OPERATOR] This extension does now support gardener/gardener's WorkerPoolKubernetesVersion feature gate, i.e., having worker pools with overridden Kubernetes versions. (gardener/gardener-extension-provider-aws#479, @rfranzke)

🐛 Bug Fixes

• [OPERATOR] The following dependency is updated: (gardener/gardener-extension-provider-aws#490, @ialidzhikov)
  • github.com/gardener/gardener: v1.39.0 -> v1.39.4
• [OPERATOR] The creation timeouts of aws_route_tables are now increased from 2m to 5m. (gardener/gardener-extension-provider-aws#473, @ialidzhikov)

🏃 Others

• [OPERATOR] The following image is updated: (gardener/gardener-extension-provider-aws#471, @shafeeqes)
  • k8s.gcr.io/provider-aws/aws-ebs-csi-driver: v1.1.4 -> v1.5.0 (see CHANGELOG)
• [OPERATOR] New check-docforge step will be executed on each PR (gardener/gardener-extension-provider-aws#459, @Kristian-ZH)
• [OPERATOR] It is now possible to configure the route53 rate limiter wait timeout via the --dnsrecord-provider-client-wait-timeout command line option. (gardener/gardener-extension-provider-aws#458, @stoyanr)

📰 Noteworthy

• [USER] Since go1.17 both net.ParseIP and net.ParseCIDR reject leading zeros in the dot-decimal notation of IPv4 addresses. With the update to go1.17, admission-aws now rejects Shoot objects with CIDR ranges that have such leading zeros in the dot-decimal notation. Before updating to this version of admission-aws, make sure that there are no Shoot objects with leading zeros in the dot-decimal notation of an IPv4 address. For reference: https://nvd.nist.gov/vuln/detail/CVE-2021-29923 (gardener/gardener-extension-provider-aws#463, @rfranzke)
• [DEVELOPER] The Golang version has been updated to 1.17.5. (gardener/gardener-extension-provider-aws#463, @rfranzke)

[cloud-provider-aws]

✨ New Features

• [DEPENDENCY] k8s.io/legacy-cloud-providers is now updated to v1.23.2. (gardener/cloud-provider-aws@d3fd5b0532b6)
• [DEPENDENCY] k8s.io/legacy-cloud-providers is now updated to v0.22.6. (gardener/cloud-provider-aws@d2b414faa94c)
• [DEPENDENCY] k8s.io/legacy-cloud-providers is now updated to v0.21.9. (gardener/cloud-provider-aws@234a445f1961)
• [DEPENDENCY] k8s.io/legacy-cloud-providers is now updated to v0.20.15. (gardener/cloud-provider-aws@6b6e8acb12a9)

🏃 Others

• [DEVELOPER] The alpine version has been updated to v3.13.7. (gardener/cloud-provider-aws@a238662f9b18)

[machine-controller-manager]

⚠️ Breaking Changes

• [OPERATOR] Components that deploy the machine-controller-manager will now have to adapt the RBAC rules to allow machine-controller-manager to maintain its leader election resource lock in leases as well. (gardener/machine-controller-manager#662, @acumino)

✨ New Features

• [OPERATOR] orphan collection is also triggered if machine obj is updated with having multiple backing VMs (gardener/machine-controller-manager#667, @himanshu-kun)

🏃 Others

• [USER] Updated golang version to v1.17 (gardener/machine-controller-manager#664, @AxiomSamarth)
• [OPERATOR] The default leader election resource lock of machine-controller-manager has been changed from endpoints to endpointsleases. (gardener/machine-controller-manager#662, @acumino)

[machine-controller-manager-provider-aws]

🐛 Bug Fixes

• [USER] The machine obj will be deleted if the AWS API indicate absence of backing instance. Earlier retrying used to happen, which led to cases where machine obj never got deleted. (gardener/machine-controller-manager-provider-aws#59, @himanshu-kun)
• [USER] A problem is resolved where multiple VMs were created by the driver in case the APIs on the AWS are not consistent for some time. (gardener/machine-controller-manager-provider-aws#58, @himanshu-kun)

📖 Documentation

• [DEVELOPER] Ginkgo version 1.16.5 is used for tests until changes compatible with v2.0.0 are made. (gardener/machine-controller-manager-provider-aws#62, @himanshu-kun)

🏃 Others

• [USER] Updated golang version to v1.17 (gardener/machine-controller-manager-provider-aws#60, @AxiomSamarth)

[terraformer]

🏃 Others

• [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#108, @ialidzhikov)
  • hashicorp/terraform-provider-aws: 3.63.0 -> 3.66.0
• [OPERATOR] terraform has been upgraded to 0.14.11 (gardener/terraformer#106, @stoyanr)
• [OPERATOR] terraform has been upgraded to 0.13.7 (gardener/terraformer#105, @stoyanr)

📰 Noteworthy

• [OPERATOR] The following terraform provider plugin is updated: (gardener/terraformer#116, @molecule-z)
  • aliyun/terraform-provider-alicloud: 1.124.2 -> 1.149.0

v1.32.1

[gardener-extension-provider-aws]

🐛 Bug Fixes

• [OPERATOR] The creation timeouts of aws_route_tables are now increased from 2m to 5m. (gardener/gardener-extension-provider-aws#475, @ialidzhikov)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.32.1
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.32.1

v1.32.0

[gardener-extension-provider-aws]

⚠️ Breaking Changes

• [USER] The Gardener managed storage classes for AWS Shoot clusters will now produce encrypted volumes by default. Existing volumes will not be changed, only new volumes will be encrypted by default. In case non-encrypted volumes are still required a storage class needs to be deployed by the user. (gardener/gardener-extension-provider-aws#453, @dkistner)

[machine-controller-manager]

✨ New Features

• [USER] End User can now delete the backing machine object of the node instantly by annotating the desired node with 'node.machine.sapcloud.io/trigger-deletion-by-mcm="true"` (gardener/machine-controller-manager#648, @AxiomSamarth)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.32.0
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.32.0