v1.22.0

[gardener-extension-provider-openstack]

🏃 Others

• [OPERATOR] Added optional field resolvConfOptions to the provider config of the cloud profile to allow to add options to /etc/resolv.conf on worker nodes (gardener/gardener-extension-provider-openstack#342, @MartinWeindel)
• [OPERATOR] Allow configuration of request timeout for control plane components (CCM, CSI) via cloudprofile (gardener/gardener-extension-provider-openstack#338, @kon-angelo)
• [OPERATOR] Change the security group rules cluster_tcp_all and cluster_udp_all to use nil port ranges. (gardener/gardener-extension-provider-openstack#336, @kon-angelo)

[machine-controller-manager]

✨ New Features

• [USER] Added *expectedNodeDetails field to the MachineClass API (gardener/machine-controller-manager#644, @AxiomSamarth)

🐛 Bug Fixes

• [OPERATOR] A bug has been fixed in the pre-delivered CRD manifests for MCM (/kubernetes/crds). It caused data to be pruned from MCM related resources and led to reconciliation issues. (gardener/machine-controller-manager#641, @timuthy)

📖 Documentation

• [DEVELOPER] make generate now generates v1 version of CRDs by default instead of v1beta1. (gardener/machine-controller-manager#640, @himanshu-kun)

🏃 Others

• [USER] Update Kubernetes dependency versions to v1.20.6 (gardener/machine-controller-manager#601, @AxiomSamarth)

[machine-controller-manager-provider-openstack]

🏃 Others

• [USER] Fix a bug where orphan ports would be left during a failed create attempt. (gardener/machine-controller-manager-provider-openstack#35, @kon-angelo)
  • Fix a bug where orphan ports would be left when a machine was deleted using the Openstack API.
• [USER] Update machine-controller-manager to v0.40.0 (gardener/machine-controller-manager-provider-openstack#33, @kon-angelo)

v1.21.0

[gardener-extension-provider-openstack]

✨ New Features

• [USER] The OpenStack extension does now support shoot clusters with Kubernetes version 1.22. You should consider the Kubernetes release notes before upgrading to 1.22. (#330, @timuthy)
• [OPERATOR] Floating pool names in infrastructure config are now checked if they exist, and if not the issue is properly reported as ERR_CONFIGURATION_PROBLEM with a clear error message. (#329, @stoyanr)
• [OPERATOR] Add option ignoreVolumeAZ to allow for differences between volume and compute AZ names. (#322, @gesslein)

🐛 Bug Fixes

• [USER] Do not trigger a node rollout when switching from CRI.Name==nil to CRI.Name==docker. (#308, @BeckerMax)

🏃 Others

• [USER] It is now allowed to change the name and purpose of load balancer classes in .controlPlaneConfig.loadBalancerClasses[]. The load balancer classes configuration need still to be semantically equal with the load balancer classes from the CloudProfile. (#310, @dkistner)
• [OPERATOR] machine-controller-manager logs are exposed to the end-users (#319, @vlvasilev)
• [OPERATOR] Shoots can now be deployed in existing Neutron networks. The network can be specified by its ID in the respective shoot's infrastructure configuration. (#317, @kon-angelo)
• [OPERATOR] Openstack Kubernetes cluster >= v1.22 use now the Openstack cloud-controller-manager v1.22. (79d7412)
• [OPERATOR] Openstack Kubernetes cluster >= v1.22 now use cinder csi v1.22. (79d7412)
• [DEVELOPER] Missing or wrong doc comments and a few other common style errors will now be reported by the linter. (#334, @stoyanr)

[machine-controller-manager]

⚠️ Breaking Changes

• [OPERATOR] Draining of pods with PVs (Persistent Volume) now waits for re-attachment of PV on a different node when volumeAttachments support is enabled on the cluster. Else it falls back to the default PV reattachment timeout value configured. The default value is 90s and this can be overwritten via the machine-pv-reattach-timeout flag. Please enable permissions to allow listing of volumeAttachments resource while importing these changes. (gardener/machine-controller-manager#608, @prashanth26)

✨ New Features

• [USER] Increase default concurrent object syncs to 50 to allow more concurrent reconciles to occur. (gardener/machine-controller-manager#629, @prashanth26)
• [USER] Machine rollouts are now more as desired with the number of replicas always maintained to desired + maxSurge. Earlier machines in termination were left out of this calculation but now is considered with this change. (gardener/machine-controller-manager#627, @prashanth26)
• [OPERATOR] Finalizers will be added to the MachineClass which is used by at least one machine. Machines whose backing MachineClass does not have finalizers shall not be reconciled. (gardener/machine-controller-manager#593, @AxiomSamarth)
• [DEVELOPER] Replace integration test with unit test to test the functionality to freeze MachineSet (gardener/machine-controller-manager#620, @AxiomSamarth)

🐛 Bug Fixes

• [OPERATOR] Avoids blocking of drain call when the buffer is full for the volumeAttachmentHandlers. (gardener/machine-controller-manager#627, @prashanth26)
• [DEVELOPER] Test framework now fetches secrets from the correct (control) APIServer while running tests. (gardener/machine-controller-manager#617, @himanshu-kun)

🏃 Others

• [OPERATOR] Nodes attached to the cluster without MCM support are now annotated with "node.machine.sapcloud.io/notManagedByMCM": "1". This is then ignored by the MCM for further processing. (gardener/machine-controller-manager#612, @himanshu-kun)

[terraformer]

⚠️ Breaking Changes

• [DEVELOPER] Once the azurerm provider plugin is updated from v2.36.0 to v2.68.0 the skip_provider_registration flag in the provider section need to be set to true. (gardener/terraformer#99, @dkistner)

🏃 Others

• [OPERATOR] The terraform azurerm provider plugin is updated from v2.36.0 to v2.68.0. (gardener/terraformer#99, @dkistner)
• [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#98, @ialidzhikov)
  • hashicorp/terraform-provider-aws: 3.18.0 -> 3.32.0
• [OPERATOR] The following terraform provider plugin is updated: (gardener/terraformer#96, @minchaow)
  • aliyun/terraform-provider-alicloud: 1.124.0 -> 1.124.2

v1.20.0

[gardener-extension-provider-openstack]

⚠️ Breaking Changes

• [OPERATOR] The default leader election resource lock of gardener-extension-provider-openstack has been changed from configmapsleases to leases. (#302, @ialidzhikov)
  • Please make sure, that you had at least gardener-extension-provider-openstack@v1.16 running before upgrading to v1.20.0, so that it has successfully required leadership with the hybrid resource lock (configmapsleases) at least once.
• [OPERATOR] This version of provider-openstack requires at least Gardener v1.21.0. Before upgrading to this version of provider-openstack, make sure that you upgraded to at least Gardener v1.21.0. (#297, @ialidzhikov)

✨ New Features

• [USER] add support for application credentials (#300, @MartinWeindel)
• [OPERATOR] It is now possible to specify the leader election resource lock via the chart value leaderElection.resourceLock (defaults to leases). (#302, @ialidzhikov)
• [OPERATOR] The existing ValidatingWebhookConfiguration of admission-openstack for Shoot validation does now validate also the Shoot secret. admission-openstack does now feature also a new webhook that prevents Shoot secret to be updated with invalid keys. (#280, @vpnachev)

🐛 Bug Fixes

• [OPERATOR] Fixes an issue where removing server groups from a worker pool would not produce correct machineclasses. Prior to the fix, two shoot reconciliations would be necessary to reach the desired state. (#306, @kon-angelo)
• [OPERATOR] provider-openstack is now using a separate ManagedResource for ControlPlane CRDs (volumesnapshot related CRDs) that are installed in the Shoot cluster to separate the deletion of CRDs from the deletion of the RBAC for controller leader election. (#297, @ialidzhikov)

🏃 Others

• [USER] The following image is updated (see CHANGELOG for more details): (#287, @ialidzhikov)
  • k8s.gcr.io/sig-storage/livenessprobe: v2.2.0 -> v2.3.0
• [OPERATOR] When creating or updating shoots, any Kubernetes feature gates mentioned are validated against the Kubernetes version. If any feature gates are unknown or not supported in the Kubernetes version, the validation fails. (#296, @stoyanr)
• [OPERATOR] Validation of Openstack cloud provider secrets is enhanced to reject domainName, tenantName, and userName that contain leading or trailing whitespace, tenantName that is longer than 64 characters, password that contain leading or trailing new lines, and authURL that is not a valid URL. (#294, @stoyanr)
• [OPERATOR] The version constraints for floating-subnet and floating-subnet-tags field in the cloud-provider-config to select a floating subnet to pick the floating ip for a load balancer has been removed. (#290, @dkistner)
• [OPERATOR] Replace infrastructure's terraform helm chart with native go templates. (#282, @kon-angelo)

[machine-controller-manager-provider-openstack]

🏃 Others

• [USER] add support for authentication with application credentials (gardener/machine-controller-manager-provider-openstack#26, @MartinWeindel)

[terraformer]

🏃 Others

• [OPERATOR] The following terraform provider plugin is updated: (gardener/terraformer#95, @minchaow)
  • aliyun/terraform-provider-alicloud: 1.121.2 -> 1.124.0
• [OPERATOR] The terraform version for the alicloud, all, aws, azure, gcp, openstack, slim images is updated: (gardener/terraformer#94, @ialidzhikov)
  • hashicorp/terraform: 0.12.29 -> 0.12.31

v1.19.1

[gardener-extension-provider-openstack]

🏃 Others

• [OPERATOR] The version constraints for floating-subnet and floating-subnet-tags field in the cloud-provider-config to select a floating subnet to pick the floating ip for a load balancer has been removed. (#292, @dkistner)

v1.19.0

[gardener-extension-provider-openstack]

✨ New Features

• [USER] The floating subnet for LoadBalancerClasses config(s) can now be also selected by a name, a name pattern (regex/glob) or tags and not only by id. (#248, @dkistner)
• [OPERATOR] The floating subnet for the LoadBalancer config and the LoadBalancerClass config(s) can now be also selected by a name, a name pattern (regex/glob) or tags and not only by id. (#248, @dkistner)

🐛 Bug Fixes

• [OPERATOR] No longer print secret data into error messages. (#274, @vpnachev)

🏃 Others

• [OPERATOR] Openstack Kubernetes cluster >= v1.21 use now the Openstack cloud-controller-manager v1.21 and cinder csi v1.21. (#272, @dkistner)

[machine-controller-manager]

✨ New Features

• [USER] Skip node drain on ReadOnlyFileSystem condition (gardener/machine-controller-manager#605, @himanshu-kun)
• [OPERATOR] Improved log details to include node name and provider-ID in addition to existing machine name (gardener/machine-controller-manager#607, @himanshu-kun)

🐛 Bug Fixes

• [OPERATOR] Fix panic when machineClass secretRef isn't found. (gardener/machine-controller-manager#609, @jsravn)
• [DEVELOPER] Adds finalizers on machines that are adopted by the machine controller. Without this change, it causes issues while migrating machine objects between clusters. (gardener/machine-controller-manager#611, @prashanth26)

[machine-controller-manager-provider-openstack]

🏃 Others

• [OPERATOR] An issue has been fixed which prevented ports from being patched properly after machine creations. (gardener/machine-controller-manager-provider-openstack#22, @timuthy)
• [DEPENDENCY] Revendors MCM dependent libraries for v0.39.0 version. (gardener/machine-controller-manager-provider-openstack#24, @AxiomSamarth)

[terraformer]

✨ New Features

• [OPERATOR] Terraformer now copies Terraform's error outputs to /terraform-termination-log to make it available in the containers termination message for better analyzing and more readable error messages (e.g. in the Shoot status). (gardener/terraformer#93, @timebertt)

🏃 Others

• [USER] Terraform provider of Alicloud is upgraded to 1.121.2. (gardener/terraformer#91, @minchaow)

v1.18.2

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [USER] An issue has been fixed which prevented ports from being patched properly after machine creations. (#281, @kon-angelo)

v1.18.1

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [OPERATOR] No longer print secret data into error messages. (#278, @vpnachev)

v1.17.2

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [OPERATOR] No longer print secret data into error messages. (#276, @vpnachev)

Docker Images

gardener-extension-provider-openstack: eu.gcr.io/gardener-project/gardener/extensions/provider-openstack:v1.17.2
gardener-extension-validator-openstack: eu.gcr.io/gardener-project/gardener/extensions/validator-openstack:v1.17.2

v1.16.4

[gardener-extension-provider-openstack]

🐛 Bug Fixes

• [OPERATOR] No longer print secret data into error messages. (#275, @vpnachev)

v1.18.0

[gardener-extension-provider-openstack]

⚠️ Breaking Changes

• [USER] Extension resource configs (InfrastructureConfig, ControlPlaneConfigs, WorkerConfig) are now deserialized in "strict" mode, including during validation by the admission webhook. This means that resources with fields that are not allowed by the API schema will be rejected by validation. Creating new shoots containing such resources will not be possible, and reconciling existing shoots will fail with an appropriate error until you manually update the shoot to make sure any extension resource configs contained in it are valid. (#253, @stoyanr)
• [OPERATOR] The gardener-extension-validator-openstack Helm chart as well as different assets inside have been renamed to the more general term gardener-extension-admission-openstack. Please consider to take corresponding action if you don't use Helm to manage your deployment in the Garden cluster. (#265, @ialidzhikov)
• [OPERATOR] The Docker image eu.gcr.io/gardener-project/gardener/extensions/validator-openstack will no longer be maintained as of this release in favor of the successor eu.gcr.io/gardener-project/gardener/extensions/admission-openstack. Please consider replacing any references to the image eu.gcr.io/gardener-project/gardener/extensions/validator-openstack by eu.gcr.io/gardener-project/gardener/extensions/admission-openstack. (#265, @ialidzhikov)

✨ New Features

• [USER] The OpenStack extension does now support shoot clusters with Kubernetes version 1.21. You should consider the Kubernetes release notes before upgrading to 1.21. (#260, @rfranzke)

🐛 Bug Fixes

• [USER] The following image is updated (see CHANGELOG for more details): (#256, @ialidzhikov)
  • k8s.gcr.io/sig-storage/livenessprobe: v2.1.0 -> v2.2.0

🏃 Others

• [USER] The following images are updated: (#255, @ialidzhikov)
  • k8s.gcr.io/sig-storage/csi-snapshotter: v2.1.4 -> v2.1.5
  • k8s.gcr.io/sig-storage/snapshot-controller: v2.1.4 -> v2.1.5
• [OPERATOR] Cloud specific settings of OpenStack CloudProfiles are now being validated. (#265, @ialidzhikov)
• [OPERATOR] The few CSI sidecar containers that didn't specify any resource requests and limits do now specify appropriate requests and limits. (#259, @ialidzhikov)

[machine-controller-manager-provider-openstack]

🏃 Others

• [USER] Openstack provider now uses strict deserialisation for API resources (gardener/machine-controller-manager-provider-openstack#21, @kon-angelo)
• [DEVELOPER] Upgrade go version to 1.16.2 and revendor gardener v1.21.0 (gardener/machine-controller-manager-provider-openstack#20, @kon-angelo)

[terraformer]

🐛 Bug Fixes

• [OPERATOR] The aws provider has been downgraded from 3.32.0 to 3.18.0 due to issue with additionally required permission for the AWS accounts. (gardener/terraformer#87, @vpnachev)

🏃 Others

• [OPERATOR] The following terraform provider plugins are updated: (gardener/terraformer#88, @ialidzhikov)
  • hashicorp/terraform-provider-google: 3.59.0 -> 3.62.0
  • hashicorp/terraform-provider-google-beta: 3.59.0 -> 3.62.0
• [DEVELOPER] The golang has been updated to 1.16.2, the alpine has been updated to 3.13.2. (gardener/terraformer#85, @vpnachev)