shoot-flux-0.15.0

What's Changed

• 🤖 Update module github.com/spf13/pflag to v1.0.6 by @renovate in stackitcloud/gardener-extension-shoot-flux#131
• 🤖 Update module github.com/onsi/gomega to v1.36.2 by @renovate in stackitcloud/gardener-extension-shoot-flux#129
• 🤖 Update k8s and gardener packages (patch) by @renovate in stackitcloud/gardener-extension-shoot-flux#106
• 🤖 Update k8s.io/utils digest to 24370be by @renovate in stackitcloud/gardener-extension-shoot-flux#126
• 🤖 Update module golang.org/x/tools to v0.29.0 by @renovate in stackitcloud/gardener-extension-shoot-flux#124
• 🤖 Update dependency go to v1.23.5 by @renovate in stackitcloud/gardener-extension-shoot-flux#123
• 🤖 Update module github.com/onsi/ginkgo/v2 to v2.22.2 by @renovate in stackitcloud/gardener-extension-shoot-flux#128
• 🤖 Update dependency go to v1.23.6 by @renovate in stackitcloud/gardener-extension-shoot-flux#132
• 🤖 Update module github.com/gardener/gardener to v1.111.2 by @renovate in stackitcloud/gardener-extension-shoot-flux#112

Full Changelog: stackitcloud/gardener-extension-shoot-flux@v0.14.0...v0.15.0

shoot-dns-service-1.59.0

[gardener/gardener-extension-shoot-dns-service]

⚠️ Breaking Changes

• [OPERATOR] The Helm charts for the application and runtime parts of the gardener-extension-admission-shoot-dns-service admission controller have been separated into standalone charts. These charts now assume a Garden setup with a virtual garden. Both charts must be deployed individually: the runtime chart on the Garden runtime cluster, and the application chart on the virtual garden. Additionally, the intermediate global level in the Helm values has been removed, so you may need to adjust your provided values accordingly. by @MartinWeindel [#429]

🏃 Others

• [OPERATOR] Containers, which do not require privilege escalations, now forbid privilege escalations explicitly. by @georgibaltiev [#427]
• [OPERATOR] Prepare for deployment of admission controller by gardener-operator by @MartinWeindel [#429]

Helm Charts

• admission-shoot-dns-service-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-application:v1.59.0
• admission-shoot-dns-service-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-runtime:v1.59.0
• shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-dns-service:v1.59.0

Docker Images

• gardener-extension-admission-shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-shoot-dns-service:v1.59.0
• gardener-extension-shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-dns-service:v1.59.0

shoot-dns-service-1.58.0

[gardener/gardener-extension-shoot-dns-service]

🏃 Others

• [OPERATOR] Select dns-controller-manager image by seed-label service.dns.extensions.gardener.cloud/drop-metadata-records by @MartinWeindel [#426]

Helm Charts

• admission-shoot-dns-service-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-application:v1.58.0
• admission-shoot-dns-service-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-shoot-dns-service-runtime:v1.58.0
• shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-dns-service:v1.58.0

Docker Images

• gardener-extension-admission-shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-shoot-dns-service:v1.58.0
• gardener-extension-shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-dns-service:v1.58.0

shoot-cert-service-1.48.0

[gardener/cert-management]

🐛 Bug Fixes

• [USER] Fix exhaustion of request quotas on concurrent certificates with same domain name by @MartinWeindel [gardener/cert-management#399]

🏃 Others

• [OPERATOR] Support DNSRecord.spec.class by annotation cert.gardener.cloud/dnsrecord-class by @MartinWeindel [gardener/cert-management#384]
• [DEPENDENCY] Update module gardener/gardener to v1.111.1. by @gardener-ci-robot [gardener/cert-management#398]

📖 Documentation

• [DEVELOPER] Document gaps between the community cert-manager and Gardener's cert-management. by @marc1404 [gardener/cert-management#379]

[gardener/gardener-extension-shoot-cert-service]

🏃 Others

• [OPERATOR] Bumps github.com/gardener/gardener from 1.109.0 to 1.110.0. by @dependabot[bot] [#324]
• [OPERATOR] Containers, which do not require privilege escalations, now forbid privilege escalations explicitly. by @georgibaltiev [#335]

Helm Charts

• shoot-cert-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-cert-service:v1.48.0

Docker Images

• gardener-extension-shoot-cert-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.48.0

registry-cache-0.13.1

[gardener/gardener-extension-registry-cache]

🐛 Bug Fixes

• [OPERATOR] A corner case causing the registry-cache Service to be deleted (and later on recreated again) during the non-TLS to TLS migration (from [email protected] to [email protected]) is now mitigated. by @ialidzhikov [#327]

Helm Charts

• admission-registry-cache-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-registry-cache-application:v0.13.1
• admission-registry-cache-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-registry-cache-runtime:v0.13.1
• registry-cache: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/registry-cache:v0.13.1

Docker Images

• gardener-extension-registry-cache-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache-admission:v0.13.1
• gardener-extension-registry-cache: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache:v0.13.1

provider-openstack-1.46.0

no release notes available

Helm Charts

• admission-openstack-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.46.0
• admission-openstack-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.46.0
• provider-openstack: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.46.0

Docker Images

• gardener-extension-admission-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.46.0
• gardener-extension-provider-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.46.0

provider-openstack-1.45.1

[gardener/gardener-extension-provider-openstack]

🏃 Others

• [OPERATOR] Add max-entries to the csi-attacher arguments. by @AndreasBurger [#975]

Helm Charts

• admission-openstack-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.45.1
• admission-openstack-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.45.1
• provider-openstack: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.45.1

Docker Images

• gardener-extension-admission-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.45.1
• gardener-extension-provider-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.45.1

provider-gcp-1.42.1

[gardener/gardener-extension-provider-gcp]

🏃 Others

• [OPERATOR] Fix an issue where the node-cidr-mask-size was not respected by the IPAM controller of the cloud-controller-manager by @kon-angelo [#955]

Helm Charts

• admission-gcp-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-application:v1.42.1
• admission-gcp-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-runtime:v1.42.1
• provider-gcp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-gcp:v1.42.1

Docker Images

• gardener-extension-admission-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-gcp:v1.42.1
• gardener-extension-provider-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-gcp:v1.42.1

provider-gcp-1.42.0

[gardener/gardener-extension-provider-gcp]

📰 Noteworthy

• [USER] The kube-system/csi-driver-node DaemonSet is no longer scaled by a VerticalPodAutoscaler as it does not really benefit from it. Removing VerticalPodAutoscaler for that component will reduce unnecessary evictions by VPA and will be a mitigation for https://issues.k8s.io/126921. by @ialidzhikov [#929]
• [OPERATOR] Added support for immutable backup buckets in the GCP provider extension. Operators can configure immutability settings to enhance backup data security by preventing data alteration or deletion before the specified retention period. by @seshachalam-yv [#906]

✨ New Features

• [OPERATOR] Support specification of extended resources in provider config node template without re-specifying core resources. by @elankath [#889]

🐛 Bug Fixes

• [USER] Fix the NamespacedCloudProfile status mutation. by @LucaBernstein [#942]

🏃 Others

• [DEPENDENCY] Update gardener to v1.110.0 by @hebelsan [#927]
• [OPERATOR] Validate that all images in cloudProfile map to a valid image in the cloudProfileConfig by @hebelsan [#932]

[gardener/machine-controller-manager-provider-gcp]

🏃 Others

• [USER] MCM provider GCP is able to provide the values for a shieldedInstanceConfiguration from a machineClass to the GCP API. by @MrBatschner [gardener/machine-controller-manager-provider-gcp#135]
• [DEVELOPER] The gardener/machine-controller-manager dependency has been updated to v0.55.1. Release Notes by @thiyyakat [gardener/machine-controller-manager-provider-gcp#134]
• [DEVELOPER] Added gosec for Static Application Security Testing (SAST). by @thiyyakat [gardener/machine-controller-manager-provider-gcp#134]
• [DEVELOPER] Updated go lang version to 1.23.3 by @thiyyakat [gardener/machine-controller-manager-provider-gcp#134]

[gardener/terraformer]

🐛 Bug Fixes

• [DEVELOPER] Provider azurerm was updated to version 3.47.0 and is now properly recognising the ARM_OIDC_TOKEN_FILE_PATH env variable. by @dimityrmirchev [gardener/terraformer#156]

🏃 Others

• [OPERATOR] Update golang to v1.23.5 by @kon-angelo [gardener/terraformer#157]
• [OPERATOR] Update alpine to v3.21.2 by @kon-angelo [gardener/terraformer#157]

Helm Charts

• admission-gcp-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-application:v1.42.0
• admission-gcp-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-runtime:v1.42.0
• provider-gcp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-gcp:v1.42.0

Docker Images

• gardener-extension-admission-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-gcp:v1.42.0
• gardener-extension-provider-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-gcp:v1.42.0

provider-azure-1.49.4

[gardener/remedy-controller]

✨ New Features

• [OPERATOR] The remedy controller now supports authentication via federated token. The file containing the token can be specified via the "aadFederatedTokenFile" field. by @dimityrmirchev [gardener/remedy-controller#64]

🏃 Others

• [OPERATOR] Update golang to v1.23.5 by @kon-angelo [gardener/remedy-controller#66]
• [DEPENDENCY] Introduce SAST checking by @kon-angelo [gardener/remedy-controller#66]
• [DEPENDENCY] Update gardener to v1.110.4 by @kon-angelo [gardener/remedy-controller#66]
• [DEPENDENCY] Update go version to v1.22.0 by @LucaBernstein [gardener/remedy-controller#63]
• [DEPENDENCY] Update gardener/gardener version to v1.96.2 by @LucaBernstein [gardener/remedy-controller#63]
• [DEVELOPER] The vendor directory was removed in favor of the go mod cache. by @LucaBernstein [gardener/remedy-controller#63]

[gardener/terraformer]

🐛 Bug Fixes

• [DEVELOPER] Provider azurerm was updated to version 3.47.0 and is now properly recognising the ARM_OIDC_TOKEN_FILE_PATH env variable. by @dimityrmirchev [gardener/terraformer#156]

🏃 Others

• [OPERATOR] Update golang to v1.23.5 by @kon-angelo [gardener/terraformer#157]
• [OPERATOR] Update alpine to v3.21.2 by @kon-angelo [gardener/terraformer#157]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.49.4
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.49.4
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.49.4

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.49.4
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.49.4