v1.25.1

[gardener-extension-provider-aws]

🏃 Others

• [OPERATOR] Support for overwriting the CSI migration version was added. (#355, @rfranzke)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.25.1
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.25.1

v1.25.0

[gardener-extension-provider-aws]

⚠️ Breaking Changes

• [OPERATOR] This version of provider-aws requires at least Gardener v1.21.0. Before upgrading to this version of provider-aws, make sure that you upgraded to at least Gardener v1.21.0. (#337, @ialidzhikov)

✨ New Features

• [USER] It's now possible to specify which IAM instance profile should be used for the machines of a particular worker pool. The respective name or ARN can be set via the iamInstanceProfile.{name,arn} fields in the WorkerConfig. (#331, @rfranzke)
• [OPERATOR] The existing ValidatingWebhookConfiguration of admission-aws for Shoot validation does now validate also the Shoot secret. admission-aws does now feature also a new webhook that prevents Shoot secret to be updated with invalid keys. (#336, @vpnachev)

🐛 Bug Fixes

• [OPERATOR] provider-aws is now using a separate ManagedResource for ControlPlane CRDs (volumesnapshot related CRDs) that are installed in the Shoot cluster to separate the deletion of CRDs from the deletion of the RBAC for controller leader election. (#337, @ialidzhikov)

🏃 Others

• [USER] The following image is updated (see CHANGELOG for more details): (#347, @ialidzhikov)
  • k8s.gcr.io/sig-storage/livenessprobe: v2.2.0 -> v2.3.0
• [OPERATOR] Handle extensionsv1alpha1.Bastion resources for SSH access to worker instances (#318, @xrstf)

[machine-controller-manager]

✨ New Features

• [USER] Skip node drain on ReadOnlyFileSystem condition (gardener/machine-controller-manager#605, @himanshu-kun)
• [OPERATOR] Improved log details to include node name and provider-ID in addition to existing machine name (gardener/machine-controller-manager#607, @himanshu-kun)

🐛 Bug Fixes

• [OPERATOR] Fix panic when machineClass secretRef isn't found. (gardener/machine-controller-manager#609, @jsravn)
• [DEVELOPER] Adds finalizers on machines that are adopted by the machine controller. Without this change, it causes issues while migrating machine objects between clusters. (gardener/machine-controller-manager#611, @prashanth26)

[machine-controller-manager-provider-aws]

✨ New Features

• [OPERATOR] It's now possible to properly use the IAM.ARN field in the MachineClass specification. Earlier, it was only possible to use IAM.Name. (gardener/machine-controller-manager-provider-aws#32, @rfranzke)

🏃 Others

• [DEPENDENCY] Revendors MCM dependent libraries for v0.39.0 version. (gardener/machine-controller-manager-provider-aws#35, @prashanth26)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.25.0
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.25.0

v1.24.1

[machine-controller-manager]

✨ New Features

• [USER] Skip node drain on ReadOnlyFileSystem condition (gardener/machine-controller-manager#605, @himanshu-kun)
• [OPERATOR] Improved log details to include node name and provider-ID in addition to existing machine name (gardener/machine-controller-manager#607, @himanshu-kun)

🐛 Bug Fixes

• [OPERATOR] Fix panic when machineClass secretRef isn't found. (gardener/machine-controller-manager#609, @jsravn)
• [DEVELOPER] Adds finalizers on machines that are adopted by the machine controller. Without this change, it causes issues while migrating machine objects between clusters. (gardener/machine-controller-manager#611, @prashanth26)

[machine-controller-manager-provider-aws]

🏃 Others

• [DEPENDENCY] Revendors MCM dependent libraries for v0.39.0 version. (gardener/machine-controller-manager-provider-aws#35, @prashanth26)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.24.1
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.24.1

v1.24.0

[machine-controller-manager-provider-aws]

⚠️ Breaking Changes

• [DEVELOPER] Requires new RBAC permissions - list and watch access for PodDisruptionBudgets in the target cluster. (gardener/machine-controller-manager-provider-aws#23, @ialidzhikov)

🏃 Others

• [USER] Allow setting of placement parameters on AWS EC2 instances using a specific key on machine annotations. For setting the annotation refer to the doc provided here. (gardener/machine-controller-manager-provider-aws#32, @himanshu-kun)
• [OPERATOR] Support for targeting an AWS Resource Group containing capacity reservations. Refer AWS documentation here. (gardener/machine-controller-manager-provider-aws#29, @shin-nien)
• [OPERATOR] Improved documentation to add sample deployment files. (gardener/machine-controller-manager-provider-aws#28, @prashanth26)
• [OPERATOR] Allow deletion of machine whose providerID is empty. (gardener/machine-controller-manager-provider-aws#26, @prashanth26)
• [OPERATOR] Check for misconfigured PodDisruptionBudgets when Pod eviction fails during Node drain. (gardener/machine-controller-manager-provider-aws#23, @ialidzhikov)

[terraformer]

✨ New Features

• [OPERATOR] Terraformer now copies Terraform's error outputs to /terraform-termination-log to make it available in the containers termination message for better analyzing and more readable error messages (e.g. in the Shoot status). (gardener/terraformer#93, @timebertt)

🏃 Others

• [USER] Terraform provider of Alicloud is upgraded to 1.121.2. (gardener/terraformer#91, @minchaow)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.24.0
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.24.0

v1.23.0

[gardener-extension-provider-aws]

⚠️ Breaking Changes

• [USER] Extension resource configs (InfrastructureConfig, ControlPlaneConfigs, WorkerConfig) are now deserialized in "strict" mode, including during validation by the admission webhook. This means that resources with fields that are not allowed by the API schema will be rejected by validation. Creating new shoots containing such resources will not be possible, and reconciling existing shoots will fail with an appropriate error until you manually update the shoot to make sure any extension resource configs contained in it are valid. (#307, @stoyanr)

✨ New Features

• [USER] The AWS extension does now support shoot clusters with Kubernetes version 1.21. You should consider the Kubernetes release notes before upgrading to 1.21. (#315, @rfranzke)

🐛 Bug Fixes

• [USER] An issue causing provider-aws to fail to delete Infrastructure when there are more than 20 LBs associated to the VPC is now fixed. (#304, @ialidzhikov)
• [USER] An issue causing Infrastructure reconciliation to fail because of insufficient privileges is now fixed. (#301, @ialidzhikov)
• [OPERATOR] When deleting an Infrastructure, the explicit load balancer and security group deletion is now properly retried in case an existing VPC is used. (#321, @rfranzke)

🏃 Others

• [USER] The recommended AWS IAM policy does now contain additional permission (action) iam:ListRolePolicies. The addition of the new permission is a preparation for an upcoming breaking change that will require this permission (action) to be present. For more details, see the corresponding announcement Upcoming change to AWS IAM policy. (#322, @ialidzhikov)
• [USER] The following image is updated: (#320, @ialidzhikov)
  • k8s.gcr.io/provider-aws/aws-ebs-csi-driver: v0.9.0 -> v0.10.1 (see CHANGELOG)
• [USER] The following images are updated: (#309, @ialidzhikov)
  • k8s.gcr.io/sig-storage/csi-snapshotter: v2.1.4 -> v2.1.5
  • k8s.gcr.io/sig-storage/snapshot-controller: v2.1.4 -> v2.1.5
  • k8s.gcr.io/sig-storage/livenessprobe: v2.0.0 -> v2.2.0
• [OPERATOR] The few CSI sidecar containers that didn't specify any resource requests and limits do now specify appropriate requests and limits. (#313, @ialidzhikov)
• [OPERATOR] The revisionHistoryLimit of different Deployments was increased. (#312, @timebertt)
• [DEPENDENCY] Update AWS SDK to v1.38.19 (#317, @xrstf)

[cloud-provider-aws]

✨ New Features

• [DEPENDENCY] k8s.io/legacy-cloud-providers is now updated to v0.21.0. (gardener-attic/cloud-provider-aws@2a03316)

🏃 Others

• [DEVELOPER] The alpine version has been updated to v3.13.4. (gardener-attic/cloud-provider-aws@bc3da69)
• [DEVELOPER] The Golang version has been updated to v1.16.3. (gardener-attic/cloud-provider-aws@bc3da69)

[terraformer]

🐛 Bug Fixes

• [OPERATOR] The aws provider has been downgraded from 3.32.0 to 3.18.0 due to issue with additionally required permission for the AWS accounts. (gardener/terraformer#87, @vpnachev)

🏃 Others

• [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#88, @ialidzhikov)
  • hashicorp/terraform-provider-google: 3.59.0 -> 3.62.0
  • hashicorp/terraform-provider-google-beta: 3.59.0 -> 3.62.0
• [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#84, @ialidzhikov)
  • hashicorp/terraform-provider-aws: 3.18.0 -> 3.32.0
  • hashicorp/terraform-provider-google: 3.27.0 -> 3.59.0
  • hashicorp/terraform-provider-google-beta: 3.27.0 -> 3.59.0
• [DEVELOPER] The golang has been updated to 1.16.2, the alpine has been updated to 3.13.2. (gardener/terraformer#85, @vpnachev)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.23.0
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.23.0

v1.22.2

[gardener-extension-provider-aws]

🐛 Bug Fixes

• [USER] An issue causing provider-aws to fail to delete Infrastructure when there are more than 20 LBs associated to the VPC is now fixed. (#305, @ialidzhikov)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.22.2
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.22.2

v1.22.1

[gardener-extension-provider-aws]

🐛 Bug Fixes

• [USER] An issue causing Infrastructure reconciliation to fail because of insufficient privileges is now fixed. (#302, @ialidzhikov)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.22.1
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.22.1

v1.22.0

[gardener-extension-provider-aws]

🏃 Others

• [USER] The load balancers and security groups are again explicitly deleted by the AWS provider extension (independent of the Kubernetes version used by the shoot cluster). The number of API calls have been reduced to the absolute minimum. (#295, @rfranzke)
• [DEVELOPER] github.com/gardener/gardener dependency is now updated to v1.19.0. For the complete list of changes, see the release notes. (#297, @ialidzhikov)

[cloud-provider-aws]

🏃 Others

• [OPERATOR] k8s.io/legacy-cloud-providers is now updated to v0.17.17. (gardener-attic/cloud-provider-aws@badfa8d)
• [OPERATOR] k8s.io/legacy-cloud-providers is now updated to v0.18.17. (gardener-attic/cloud-provider-aws@b9e0026)
• [OPERATOR] k8s.io/legacy-cloud-providers is now updated to v0.19.9. (gardener-attic/cloud-provider-aws@9f9e093)
• [OPERATOR] k8s.io/legacy-cloud-providers is now updated to v0.20.5. (gardener-attic/cloud-provider-aws@adf069c)

[machine-controller-manager]

🐛 Bug Fixes

• [DEVELOPER] Azure: Improved NIC creation and deletion logic to handle NIC creation and deletions more gracefully. (gardener/machine-controller-manager#594, @prashanth26)

[terraformer]

🏃 Others

• [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#84, @ialidzhikov)
  • hashicorp/terraform-provider-aws: 3.18.0 -> 3.32.0
  • hashicorp/terraform-provider-google: 3.27.0 -> 3.59.0
  • hashicorp/terraform-provider-google-beta: 3.27.0 -> 3.59.0

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.22.0
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.22.0

v1.21.0

[gardener-extension-provider-aws]

✨ New Features

• [OPERATOR] It is now possible to specify the leader election resource lock via the command line flag --leader-election-resource-lock (defaults to configmapsleases) and the chart value leaderElection.resourceLock. Please be careful when changing the resource lock and always migrate via multilocks in order to prevent situations where multiple instances of the controller are running with leader election and thus acting on the same resources. (#263, @timebertt)

🐛 Bug Fixes

• [USER] The following images are updated (see CHANGELOG for more details): (#278, @ialidzhikov)
  • quay.io/k8scsi/csi-snapshotter: v2.1.3 -> v2.1.4
  • quay.io/k8scsi/snapshot-controller: v2.1.3 -> v2.1.4
• [OPERATOR] The Pods of the mtu-customizer DaemonSet now use the same PriorityClass like provider-aws Pods, to ensure the Pods are always scheduled on all Nodes. (#286, @timebertt)
• [OPERATOR] Allow deletion of machine whose providerID is empty. (#274, @gardener-robot-ci-3)
• [OPERATOR] An issue causing the generic Worker actuator to not wait until the finalizer of the out-of-tree machine controller provider is removed from the credentials secret is now fixed. (#269, @ialidzhikov)

🏃 Others

• [USER] The following image is updated: (#292, @ialidzhikov)
  • k8s.gcr.io/provider-aws/aws-ebs-csi-driver: v0.8.0 -> v0.9.0 (see CHANGELOG)
• [USER] The load balancers and security groups are no longer explicitly deleted by the AWS provider extension when a shoot cluster of at least Kubernetes v1.16 is being deleted. Instead, it now relies on the service-controller in the cloud-controller-manager to properly clean up. (#290, @rfranzke)
• [OPERATOR] The cloud-controller-manager VPA does now specify minAllowed values to prevent too low resource recommendations from VPA that lead to OOM. (#288, @MartinWeindel)
• [OPERATOR] An issue causing Shoots to be marked as Failed (and no longer retried) on transient not found error is now fixed. (#273, @prashanth26)

📰 Noteworthy

• [OPERATOR] The validator/admission component's Helm chart is now deploying a VerticalPodAutoscaler resource by default. If undesired or no VPA is available in the garden cluster then it can be turned of via .Values.global.vpa.enabled=false. (#271, @rfranzke)

[machine-controller-manager]

⚠️ Breaking Changes

• [DEVELOPER] machine-controller-manager now checks for misconfigured PodDisruptionBudgets (ones that require zero voluntary evictions and make impossible the graceful Node drain) and sets better Machine .status.lastOperation.description for such Machines. This change is breaking as out-of-tree providers need new RBAC permissions - list and watch access for PodDisruptionBudgets in the target cluster. (gardener/machine-controller-manager#591, @ialidzhikov)

🏃 Others

• [OPERATOR] Avoid the deletion of the machines in CrashLoopBackoff state by the safety controller (gardener/machine-controller-manager#589, @AxiomSamarth)

[machine-controller-manager-provider-aws]

🏃 Others

• [USER] Validation for block devices is now improved (gardener/machine-controller-manager-provider-aws#21, @prashanth26)

📰 Noteworthy

• [USER] Fixes regressions while supporting multiple volumes support for EC2 instances (gardener/machine-controller-manager-provider-aws#21, @prashanth26)

[terraformer]

🐛 Bug Fixes

• [OPERATOR] A bug was fixed that caused terraform to leak its finalizer on ConfigMaps and Secrets in case of an interrupt during terraform destroy. (gardener/terraformer#71, @timebertt)
• [OPERATOR] A bug was fixed that caused terraform to leak its finalizer on ConfigMaps and Secrets in case of an interrupt during terraform destroy. (gardener/terraformer#72, @timebertt)

🏃 Others

• [OPERATOR] The Terraformer now instantly removes its finalizer from the state ConfigMap if the state is empty and destroy is called. A separate Terraform destroy is not executed. (gardener/terraformer#80, @timuthy)
• [OPERATOR] Terraformer will now publish an additional image without any pre-installed terraform plugins. (gardener/terraformer#77, @Diaphteiros)
• [OPERATOR] Provides support for the Equinix Metal provider, which replaces the Packet one (gardener/terraformer#73, @deitch)
• [OPERATOR] The terraformer-openstack use now the openstack provider in version v1.37.0 (gardener/terraformer#70, @kon-angelo)
• [OPERATOR] The terraformer-openstack use now the openstack provider in version v1.36.0 (gardener/terraformer#68, @dkistner)

📰 Noteworthy

• [OPERATOR] Curl has been removed from the Terraformer image. (gardener/terraformer#69, @timuthy)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.21.0
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.21.0

v1.20.5

[gardener-extension-provider-aws]

🏃 Others

• [USER] The load balancers and security groups are no longer explicitly deleted by the AWS provider extension when a shoot cluster of at least Kubernetes v1.16 is being deleted. Instead, it now relies on the service-controller in the cloud-controller-manager to properly clean up. (#291, @rfranzke)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.20.5
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.20.5