v1.20.0

[gardener-extension-provider-aws]

⚠️ Breaking Changes

• [OPERATOR] The ValidatingWebhookConfiguration of the AWS admission controller has been changed from version v1beta1 to v1. Please make sure to deploy the admission controller only to clusters with a Kubernetes version >= 1.16 (#261, @timuthy)
• [OPERATOR] ⚠️ Before upgrading your gardener/gardener-extension-provider-aws to >= v1.20.0, please upgrade your gardener/gardener component version to >= v1.14.0 to avoid breaking of clusters that are using the scale from/to zero feature (clusters that allowing scaling from/to 0 worker pools). If used with an older gardener/gardener version, this would lead to failure of clusters making use of this feature. (#212, @prashanth26)

✨ New Features

• [USER] It is possible now to specify custom resource tags that should be ignored during infrastructure reconciliation (i.e. not removed) in the AWS infrastructureConfig. See the documentation for more details. (#260, @timebertt)
• [OPERATOR] The secrets and configmaps used by the terraformer now have an owner reference to the Infrastructure resource. (#254, @vpnachev)
• [OPERATOR] Add a validating webhook for the providerConfig section of CloudProfile. (#250, @kon-angelo)
• [OPERATOR] The AWS extension now uses a new terraformer image only including the AWS terraform provider plugin (v2.1.0). (#241, @timebertt)

🐛 Bug Fixes

• [USER] Volumes provisioned with CSI will now have the in-tree volume plugin tags. Until now the CSI volumes had no tags at all. This is required to keep CSI plugin backwards-compatible with the in-tree volume plugin. (#256, @ialidzhikov)
• [OPERATOR] It is now possible to remove zones from the CloudProfile without breaking the possibility of adding new, still allowed zones to the .spec.provider.infrastructureConfig of Shoots which are using the removed zone. (#253, @rfranzke)

🏃 Others

• [OPERATOR] Golang has been updated to 1.15.5 (#254, @vpnachev)
• [OPERATOR] Alpine base image has been updated to 3.12.3. (#254, @vpnachev)
• [OPERATOR] Reducing credential update complexity by all the machine classes using the new .{spec.}credentialsSecretRef field. (#238, @danielfoehrKn)
  • This means all worker pools use the same "cloudprovider" secret containing only the cloud provider credentials.
  • The existing MachineClass SecretReference only contains the user data that is different for each pool.
• [DEVELOPER] Migration of MCM provider from in-tree to out-of-tree. Refer - MCM provider AWS. (#212, @prashanth26)
• [DEVELOPER] Migration of AWSMachineClass to MachineClass. This migration occurs implicitly without causing rollouts of existing nodes/VMs. (#212, @prashanth26)

[terraformer]

🏃 Others

• [OPERATOR] The configmaps and secrets used to contain terraform configuration, state and variables are now protected with a finalizer against accidental deletion. (gardener/terraformer#65, @vpnachev)
• [OPERATOR] terraform-provider-aws is now updated to 3.18.0 (gardener/terraformer#63, @ialidzhikov)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.20.0
gardener-extension-admission-aws: eu.gcr.io/gardener-project/gardener/extensions/admission-aws:v1.20.0

v1.19.1

[gardener-extension-provider-aws]

🐛 Bug Fixes

• [USER] Volumes provisioned with CSI will now have the in-tree volume plugin tags. Until now the CSI volumes had no tags at all. This is required to keep CSI plugin backwards-compatible with the in-tree volume plugin. (#257, @ialidzhikov)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.19.1
gardener-extension-validator-aws: eu.gcr.io/gardener-project/gardener/extensions/validator-aws:v1.19.1

v1.19.0

[gardener-extension-provider-aws]

✨ New Features

• [USER] New storage.managedDefaultClass in ControlPlaneConfig controls if the default storage / volume snapshot classes are marked as default by Gardener. Set it to false to mark another storage / volume snapshot class as default without Gardener overwriting this change. If unset, this field defaults to true. (#247, @mvladev)
• [USER] The following image is updated: (#243, @ialidzhikov)
  • k8s.gcr.io/provider-aws/aws-ebs-csi-driver: v0.7.0 -> v0.8.0
  • [email protected] adds support for EBS gp3 volumes. For more details, see the CHANGELOG.
• [USER] The AWS extension does now support shoot clusters with Kubernetes version 1.20. You should consider the Kubernetes release notes before upgrading to 1.20. (#237, @rfranzke)

🏃 Others

• [USER] The following images are updated to address CVE-2020-8569: (#239, @ialidzhikov)
  • quay.io/k8scsi/csi-snapshotter: v2.1.1 -> v2.1.3
  • quay.io/k8scsi/snapshot-controller: v2.1.1 -> v2.1.3
• [DEVELOPER] github.com/gardener/gardener dependency is now updated to v1.15.0. (#248, @ialidzhikov)

[cloud-provider-aws]

✨ New Features

• [DEPENDENCY] k8s.io/legacy-cloud-providers is now updated to v0.17.15. (gardener-attic/cloud-provider-aws@0277e22)
• [DEPENDENCY] k8s.io/legacy-cloud-providers is now updated to v0.18.13. (gardener-attic/cloud-provider-aws@cbe641f)
• [DEPENDENCY] k8s.io/legacy-cloud-providers is now updated to v0.19.5. (gardener-attic/cloud-provider-aws@0588717)
• [DEPENDENCY] k8s.io/legacy-cloud-providers is now updated to v0.20.0. (gardener-attic/cloud-provider-aws@0da256f)

🏃 Others

• [DEVELOPER] The alpine version has been updated to v3.12.1. (gardener-attic/cloud-provider-aws@db48eaf)
• [DEVELOPER] The Golang version has been updated to v1.15.5. (gardener-attic/cloud-provider-aws@db48eaf)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.19.0
gardener-extension-validator-aws: eu.gcr.io/gardener-project/gardener/extensions/validator-aws:v1.19.0

v1.18.0

[gardener-extension-provider-aws]

🏃 Others

• [USER] New dashboards which expose logs for cloud-controller-manager and csi-driver-controller. (#226, @Kristian-ZH)
• [OPERATOR] A bug that was preventing the deletion of machines with outdated credentials is now fixed. (#223, @vpnachev)

📰 Noteworthy

• [OPERATOR] The terraformer version has been upgraded to version v2.0.0. (#235, @dkistner)
• [OPERATOR] Logging in the infrastructure actuator has been improved to make it consistent in the logging format and more readable/helpful. (#223, @vpnachev)
• [DEVELOPER] The infrastructure integration test can now be triggered on a PR by commenting /test instead of /test-single. (#229, @timebertt)

[machine-controller-manager]

✨ New Features

• [OPERATOR] All machine classes do now support an optional .{spec.}credentialsSecretRef field in addition to today's .{spec.}secretRef field. If .{spec.}credentialsSecretRef is non-nil then the provider credentials will be read out of this secret. The user-data for the machine bring-up is still required to be part of the secret referenced by .{spec.}secretRef. (gardener/machine-controller-manager#578, @rfranzke)
• [OPERATOR] Some machine class secrets are now supporting alternative data keys: (gardener/machine-controller-manager#578, @rfranzke)
  • The machine class secret for Alicloud machines does now also accept the data keys accessKeyID and accessKeySecret as alternatives for today's keys.
  • The machine class secret for AWS machines does now also accept the data keys accessKeyID and secretAccessKey as alternatives for today's keys.
  • The machine class secret for Azure machines does now also accept the data keys clientID, clientSecret, subscriptionID and tenantID as alternatives for today's keys.
  • The machine class secret for GCP machines does now also accept the data key serviceaccount.json as alternatives for today's key.

🏃 Others

• [OPERATOR] Bumped AWS SDK version to v1.23.13 (gardener/machine-controller-manager#580, @zjj2wry)
• [OPERATOR] An issue causing panic when the encoded machine template hash length is less than expect limit is now fixed. (gardener/machine-controller-manager#575, @ialidzhikov)
• [OPERATOR] MCM will delete Azure machines even if the underlying resource group is already deleted. (gardener/machine-controller-manager#566, @dkistner)
• [OPERATOR] Set Machine Phase to Terminating before draining. (gardener/machine-controller-manager#564, @prashanth26)
• [OPERATOR] Update docker images to use gcr copy (gardener/machine-controller-manager#574, @prashanth26)
• [OPERATOR] Update docker image versions to golang:1.15.5 & alpine:3.12.1 (gardener/machine-controller-manager#574, @prashanth26)
• [OPERATOR] An issue causing panic when the encoded machine template hash length is less than expect limit is now fixed. (gardener/machine-controller-manager#577, @AxiomSamarth)
• [OPERATOR] Set Machine Phase to Terminating before draining. (gardener/machine-controller-manager#564, @prashanth26)

📰 Noteworthy

• [OPERATOR] Machine force deletion computation is based on deletionTimestamp instead of LastUpdatedTimestamp. (gardener/machine-controller-manager#564, @prashanth26)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.18.0
gardener-extension-validator-aws: eu.gcr.io/gardener-project/gardener/extensions/validator-aws:v1.18.0

v1.17.2

[machine-controller-manager]

🏃 Others

• [OPERATOR] An issue causing panic when the encoded machine template hash length is less than expect limit is now fixed. (gardener/machine-controller-manager#577, @AxiomSamarth)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.17.2
gardener-extension-validator-aws: eu.gcr.io/gardener-project/gardener/extensions/validator-aws:v1.17.2

v1.16.1

[gardener-extension-provider-aws]

📰 Noteworthy

• [USER] Fixes issues where machines were force deleted during normal deletion due to a race condition. (#222, @prashanth26)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.16.1
gardener-extension-validator-aws: eu.gcr.io/gardener-project/gardener/extensions/validator-aws:v1.16.1

v1.17.1

[gardener-extension-provider-aws]

Most notable changes

• [USER] Fixes issues where machines were force deleted during normal deletion due to a race condition. (#220, @prashanth26)

[machine-controller-manager]

Most notable changes

• [OPERATOR] Machine force deletion computation is based on deletionTimestamp instead of LastUpdatedTimestamp. (gardener/machine-controller-manager#564, @prashanth26)

Improvements

• [OPERATOR] Set Machine Phase to Terminating before draining. (gardener/machine-controller-manager#564, @prashanth26)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.17.1
gardener-extension-validator-aws: eu.gcr.io/gardener-project/gardener/extensions/validator-aws:v1.17.1

v1.17.0

[gardener-extension-provider-aws]

Most notable changes

• [OPERATOR] The infrastructure actuator is now injecting infrastructure credentials into the terraformer PodSpec via secret references instead of plain env var values. (#216, @timebertt)

Improvements

• [OPERATOR] Golang version is updated to 1.15 and alpine image version is updated to 3.12.1. (#205, @rfranzke)
• [OPERATOR] Adds priority class for extension pods to prevent preemption. (#202, @danielfoehrKn)
• [DEVELOPER] An issue causing make test to fail on macOS is now fixed. (#206, @ialidzhikov)

[aws-lb-readvertiser]

Most notable changes

• [DEVELOPER] License and copyright information is now specified in REUSE format. (gardener-attic/aws-lb-readvertiser#14, @msohn)

Improvements

• [OPERATOR] Fix a bug which could cause occasional unavailability of shoot api servers on AWS (gardener-attic/aws-lb-readvertiser#16, @BeckerMax)

[machine-controller-manager]

Most notable changes

• [USER] NetworkUnavailable node condition is also considered by default while considering the machine's to be unhealthy. (gardener/machine-controller-manager#543, @rewiko)
• [USER] AWS: Allows deletion of machines even on modify instance call failure (gardener/machine-controller-manager#515, @prashanth26)
• [OPERATOR] OOT: Introduced a backoff in re-enqueuing machines on creation/deletion failures. Avoids throttling APIServer & provider calls. (gardener/machine-controller-manager#557, @prashanth26)
• [OPERATOR] Introduced a backoff in re-enqueuing machines on creation/deletion failures. Avoids throttling APIServer & provider calls. (gardener/machine-controller-manager#525, @hardikdr)

Improvements

• [USER] The default drainTimeout value has been updated from 12hours to 2hours. (gardener/machine-controller-manager#554, @prashanth26)
• [USER] OOT: Fixed regression with maxEvictRetries (gardener/machine-controller-manager#554, @prashanth26)
• [USER] Adds the ability to specify an already existing OpenStack Neutron network in the subnetID of an OpenStackMachineClass. MCM will deploy new machines into the given subnet by pre-allocating Neutron ports and pass them to the Nova server object. (gardener/machine-controller-manager#545, @MrBatschner)
• [USER] The machine-controller-manager supports now machines attached to Azure VirtualMachineScaleSet Orchestration Mode VM (VMO). (gardener/machine-controller-manager#519, @dkistner)
• [USER] Restored tag verification in the Azure driver to filter VMs/disks/NICs based on tags (gardener/machine-controller-manager#507, @zuzzas)
• [OPERATOR] Allow migration to continue when ProviderMachineClass is missing but MachineClass with the same name as ProviderMachineClass is found. Updates Machine object references to the MachineClass. (gardener/machine-controller-manager#559, @prashanth26)
• [OPERATOR] Use cache-based listers to GET the machine-object while reconciling. (gardener/machine-controller-manager#558, @hardikdr)
• [OPERATOR] OOT: Enqueue machine only when node conditions have changed. (gardener/machine-controller-manager#557, @prashanth26)
• [OPERATOR] Adapted integration tests to handle possibly orphaned resources. (gardener/machine-controller-manager#550, @hardikdr)
• [OPERATOR] OOT: Fixes drain timeout issues on retires (gardener/machine-controller-manager#548, @prashanth26)
• [OPERATOR] NetworkUnavailable nodeCondition added to the example, some CNI will update this condition depending on the state of the CNI or the network availability. (gardener/machine-controller-manager#543, @rewiko)
• [OPERATOR] Added a more comprehensive set of events to trigger machine class reconciliations. (gardener/machine-controller-manager#531, @prashanth26)
• [OPERATOR] Finalizers are added by default for all machine class objects. (gardener/machine-controller-manager#531, @prashanth26)
• [OPERATOR] Bootstrap token injection now works in the new OOT Machine controller (gardener/machine-controller-manager#521, @zuzzas)
• [OPERATOR] Add support for ServerGroups in the Openstack driver. VMs can now be created in the ServerGroup specified in the respective MachineClass. (gardener/machine-controller-manager#511, @kon-angelo)
• [OPERATOR] Bugfix: Consider CSI PersistentVolumes during the eviction of Pods with PersistentVolumes. (gardener/machine-controller-manager#509, @ialidzhikov)
• [DEVELOPER] Adds a new phase CrashLoopBackOff that is set due to machine creation failures. (gardener/machine-controller-manager#525, @hardikdr)
• [DEVELOPER] The field availabilitySets in the AzureMachineClass is now deprecated in favour of the field machineSet, which allow to configure AvailabilitySets and VirtualMachineScaleSet Orchestration Mode VM (VMO). The field will be removed in the future. (gardener/machine-controller-manager#519, @dkistner)

[terraformer]

Improvements

• [OPERATOR] Terraformer uses now the azurerm provider in version v2.36.0 (gardener/terraformer#54, @dkistner)
• [OPERATOR] Alicloud Terraform Provider version is updated to 1.103.0. (gardener/terraformer#50, @minchaow)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.17.0
gardener-extension-validator-aws: eu.gcr.io/gardener-project/gardener/extensions/validator-aws:v1.17.0

v1.16.0

[gardener-extension-provider-aws]

Most notable changes

• [OPERATOR] Adding known compatibility issue for AWS extension <= v1.15.0 and Gardenlet >v1.10.0. (#183, @danielfoehrKn)
  • Please check the document under /docs/compatibilty.

Improvements

• [USER] amazon/aws-ebs-csi-driver is now updated to v0.7.0. (#192, @ialidzhikov)
• [OPERATOR] github.com/gardener/gardener dependency is now updated to v1.11.1. (#198, @ialidzhikov)
• [OPERATOR] The following options can now be configured through the extension's Helm chart values charts/gardener-extension-provider-aws/values.yaml: (#196, @timuthy)
  • Health check worker count
  • minAllowed values for VPA
• [OPERATOR] The Webhook ensurer does not remove or add the /etc/ssl directory for kube apiserver deployments any more. This is done by the Gardenlet for version >= 1.10.0. (#182, @danielfoehrKn)

[cloud-provider-aws]

Improvements

• [OPERATOR] k8s.io/legacy-cloud-providers is now updated to v0.17.13. (gardener-attic/cloud-provider-aws@ff3f6e5)
• [OPERATOR] k8s.io/legacy-cloud-providers is now updated to v0.18.10. (gardener-attic/cloud-provider-aws@c4b0081)
• [OPERATOR] k8s.io/legacy-cloud-providers is now updated to v0.19.3. (gardener-attic/cloud-provider-aws@b9aeadd)

[gardener]

Most notable changes

• [OPERATOR] Machines without .spec.providerID or .status.node will no longer be persisted in the Worker' .status.state field. This is to prevent unnecessary updates to the ShootState resources. (gardener/gardener#2909, @rfranzke)

[machine-controller-manager]

Most notable changes

• [USER] Support for Spot Instances is available in AWS driver. If the spotPrice is empty, price is automatically set to the on-demand price so that Spot instance can launch immediately. (gardener/machine-controller-manager#481, @zuzzas)
• [OPERATOR] Introduced a backoff in re-enqueuing machines on creation/deletion failures. Avoids throttling APIServer & provider calls. (gardener/machine-controller-manager#523, @hardikdr)
• [OPERATOR] RBAC policies have to be updated to allow updating of node/status resources. (gardener/machine-controller-manager#492, @guydaichs)
• [OPERATOR] New flag delete-migrated-machine-class is introduced. When set to true (defaulted to false), deletes any provider-specific machine class (e.g. AWSMachineClass) that has the machine.sapcloud.io/migrated annotation set on it. (gardener/machine-controller-manager#484, @prashanth26)
• [DEVELOPER] Added migration logic for moving from provider-specific machine class to generic machine classes in out of tree code path. On migration, the machine.sapcloud.io/migrated annotation set on the old machine class. (gardener/machine-controller-manager#484, @prashanth26)
• [DEVELOPER] The machine controller adds finalizer only when machine reference is present, deletes it otherwise. (gardener/machine-controller-manager#484, @prashanth26)

Improvements

• [USER] Retry when secret is referred by machineClass is missing (gardener/machine-controller-manager#495, @AxiomSamarth)
• [USER] Node condition is added to the status of terminating nodes indicating the termination start time and reason (Unhealthy|ScaleDown) (gardener/machine-controller-manager#492, @guydaichs)
• [OPERATOR] Added a more comprehensive set of events to trigger machine class reconciliations. (gardener/machine-controller-manager#532, @prashanth26)
• [OPERATOR] Finalizers are added by default for all machine class objects. (gardener/machine-controller-manager#532, @prashanth26)
• [OPERATOR] AWS: Allow deletion of VMs even on list image or modify instance failure (gardener/machine-controller-manager#516, @prashanth26)
• [OPERATOR] All nodes under machine deployments being rolled-out are annotated with cluster-autoscaler.kubernetes.io/scale-down-disabled: "True" during the period of rolling-update. (gardener/machine-controller-manager#496, @hardikdr)
• [OPERATOR] A new command line flag autoscaler-scaldown-annotation-during-rollout is introduced to disable annotating the nodes with cluster-autoscaler annotation cluster-autoscaler.kubernetes.io/scale-down-disabled during rollout. (gardener/machine-controller-manager#496, @hardikdr)
• [DEVELOPER] Adds a new phase CrashLoopBackOff that is set due to machine creation failures. (gardener/machine-controller-manager#523, @hardikdr)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.16.0
gardener-extension-validator-aws: eu.gcr.io/gardener-project/gardener/extensions/validator-aws:v1.16.0

v1.15.3

[gardener-extension-provider-aws]

Most notable changes

• [OPERATOR] Introduced a backoff in re-enqueuing machines on creation/deletion failures. Avoids throttling APIServer & provider calls. (#195, @prashanth26)

Improvements

• [DEVELOPER] Adds a new phase CrashLoopBackOff that is set due to machine creation failures. (#195, @prashanth26)

Docker Images

gardener-extension-provider-aws: eu.gcr.io/gardener-project/gardener/extensions/provider-aws:v1.15.3
gardener-extension-validator-aws: eu.gcr.io/gardener-project/gardener/extensions/validator-aws:v1.15.3