diff --git a/docs/404.html b/docs/404.html index 3ce4d06a1f0..7b8231126ae 100644 --- a/docs/404.html +++ b/docs/404.html @@ -2,5 +2,5 @@

Page Not Found

We dug around, but couldn't find the page that you were looking for.

You could go back to our home page or use the search bar to find what you were looking for.

  • Blogs
  • Community

    • Page Not Found

    We dug around, but couldn't find the page that you were looking for.

    You could go back to our home page or use the search bar to find what you were looking for.

    \ No newline at end of file diff --git a/docs/_print/adopter/index.html b/docs/_print/adopter/index.html index f31728c8df7..01c7a3c931c 100644 --- a/docs/_print/adopter/index.html +++ b/docs/_print/adopter/index.html @@ -2,5 +2,5 @@

    See who is using Gardener

    Gardener adopters in production environments that have publicly shared details of their usage.

    teaser

    SAPSAP BTP, Kubernetes environment (internal) uses Gardener to deploy and manage Kubernetes clusters at scale in a uniform way across infrastructures (AWS, Azure, GCP, Alicloud, as well as generic interfaces to OpenStack and vSphere). Workloads include Databases (SAP HANA Cloud), Big Data (SAP Data Intelligence), Kyma, many other cloud native applications, and diverse business workloads.
    OVHcloudGardener can now be run by customers on the Public Cloud Platform of the leading European Cloud Provider OVHcloud.
    ScaleUp TechnologiesScaleUp Technologies runs Gardener within their public Openstack Clouds (Hamburg, Berlin, Düsseldorf). Their clients run all kinds of workloads on top of Gardener maintained Kubernetes clusters ranging from databases to Software-as-a-Service applications.
    Finanz Informatik Technologie Services GmbHFinanz Informatik Technologie Services GmbH uses Gardener to offer k8s as a service for customers in the financial industry in Germany. It is built on top of a “metal as a service” infrastructure implemented from scratch for k8s workloads in mind. The result is k8s on top of bare metal in minutes.
    PingCAPPingCAP TiDB, is a cloud-native distributed SQL database with MySQL compatibility, and one of the most popular open-source database projects - with 23.5K+ stars and 400+ contributors. Its sister project TiKV is a Cloud Native Interactive Landscape project. PingCAP envisioned their managed TiDB service, known as TiDB Cloud, to be multi-tenant, secure, cost-efficient, and to be compatible with different cloud providers and they chose Gardener.
    BeezlabsBeezlabs uses Gardener to deliver Intelligent Process Automation platform, on multiple cloud providers and reduce costs and lock-in risks.
    b’nerdb’nerd uses Gardener as the core technology for its own managed Kubernetes as a Service solution and operates multiple Gardener installations for several cloud hosting service providers.
    STACKITSTACKIT is a digital brand of Europe’s biggest retailer, the Schwarz Group, which includes Lidl, Kaufland, but also production and recycling companies. It uses Gardener to offer public and private Kubernetes as a service in own data centers in Europe and targets to become the cloud provider for German and European small and mid-sized companies.
    T-SystemsSupporting and managing multiple application landscapes on-premises and across different hyperscaler infrastructures can be painful. At T-Systems we use Gardener both for internal usage and to manage clusters for our customers. We love the openness of the project, the flexibility and the architecture that allows us to manage clusters around the world with only one team from one single pane of glass and to meet industry specific certification standards. The sovereignty by design is another great value, the technology implicitly brings along.
    23 TechnologiesThe German-based company 23 Technologies uses Gardener to offer an enterprise-class Kubernetes engine for industrial use cases as well as cloud service providers and offers managed and professional services for it. 23T is also the team behind okeanos.dev, a public service that can be used by anyone to try out Gardener.
    B1 Systems GmbHB1 Systems GmbH is a international provider of Linux & Open Source consulting, training, managed service & support. We are founded in 2004 and based in Germany. Our team of 140 Linux experts offers tailor-made solutions based on cloud & container technologies, virtualization & high availability as well as monitoring, system & configuration management. B1 is using Gardener internally and also set up solutions/environments for customers.
    finleap connect GmbHfinleap connect GmbH is the leading independent Open Banking platform provider in Europe. It enables companies across a multitude of industries to provide the next generation of financial services by understanding how customers transact and interact. With its “full-stack” platform of solutions, finleap connect makes it possible for its clients to compliantly access the financial transactions data of customers, enrich said data with analytics tools, provide digital banking services and deliver high-quality, digital financial services products and services to customers. Gardener uniquly enables us to deploy our platform in Europe and across the globe in a uniform way on the providers preferred by our customers.
    CodesphereCodesphere is a Cloud IDE with integrated and automated deployment of web apps. It uses Gardener internally to manage clusters that host customer deployments and internal systems all over the world.
    plusserverplusserver combines its own cloud offerings with hyperscaler platforms to provide individually tailored multi-cloud solutions. The plusserver Kubernetes Engine (PSKE) based on Gardener reduces the complexity in managing multi-cloud environments and enables companies to orchestrate their containers and cloud-native applications across a variety of platforms such as plusserver’s pluscloud open or hyperscalers such as AWS, either by mouseclick or via an API. With PSKE, companies remain vendor-independent and profit from guaranteed data sovereignty and data security due to GDPR-compliant cloud platforms in the certified plusserver data centers in Germany.
    Fuga CloudFuga Cloud uses Gardener as the basis for its Enterprise Managed Kubernetes (EMK), a platform that simplifies the management of your k8s and provides insight into usage and performance. The other Fuga Cloud services can be added with a mouse click, and the choice of another cloud provider is a negotiable option. Fuga Cloud stands for Digital Sovereignty, Data Portability and GDPR compatibility.
    Metalstack Cloudmetalstack.cloud uses Gardener and is based on the open-source software metal-stack.io, which is developed for regulated financial institutions. The focus here is on the highest possible security and compliance conformity. This makes metalstack.cloud perfect for running enterprise-grade container applications and provides your workloads with the highest possible performance.
    CleuraCleura uses Gardener to power its Container Orchestration Engine for Cleura Public Cloud and Cleura Compliant Cloud. Cleura Container Orchestration Engine simplifies the creation and management of Kubernetes clusters through their user-friendly Cleura Cloud Management Panel or API, allowing users to focus on deploying applications instead of maintaining the underlying infrastructure.
    PITS Globale DatenrettungsdienstePITS Globale Datenrettungsdienste is a data recovery company located in Germany specializing in recovering lost or damaged files from hard drives, solid-state drives, flash drives, and other storage media. Gardener is used to handle highly-loaded internal infrastructure and provide reliable, fully-managed K8 cluster solutions.

    If you’re using Gardener and you aren’t on this list, submit a pull request!

  • Blogs
  • Community

    • See who is using Gardener

    Gardener adopters in production environments that have publicly shared details of their usage.

    teaser

    SAPSAP BTP, Kubernetes environment (internal) uses Gardener to deploy and manage Kubernetes clusters at scale in a uniform way across infrastructures (AWS, Azure, GCP, Alicloud, as well as generic interfaces to OpenStack and vSphere). Workloads include Databases (SAP HANA Cloud), Big Data (SAP Data Intelligence), Kyma, many other cloud native applications, and diverse business workloads.
    OVHcloudGardener can now be run by customers on the Public Cloud Platform of the leading European Cloud Provider OVHcloud.
    ScaleUp TechnologiesScaleUp Technologies runs Gardener within their public Openstack Clouds (Hamburg, Berlin, Düsseldorf). Their clients run all kinds of workloads on top of Gardener maintained Kubernetes clusters ranging from databases to Software-as-a-Service applications.
    Finanz Informatik Technologie Services GmbHFinanz Informatik Technologie Services GmbH uses Gardener to offer k8s as a service for customers in the financial industry in Germany. It is built on top of a “metal as a service” infrastructure implemented from scratch for k8s workloads in mind. The result is k8s on top of bare metal in minutes.
    PingCAPPingCAP TiDB, is a cloud-native distributed SQL database with MySQL compatibility, and one of the most popular open-source database projects - with 23.5K+ stars and 400+ contributors. Its sister project TiKV is a Cloud Native Interactive Landscape project. PingCAP envisioned their managed TiDB service, known as TiDB Cloud, to be multi-tenant, secure, cost-efficient, and to be compatible with different cloud providers and they chose Gardener.
    BeezlabsBeezlabs uses Gardener to deliver Intelligent Process Automation platform, on multiple cloud providers and reduce costs and lock-in risks.
    b’nerdb’nerd uses Gardener as the core technology for its own managed Kubernetes as a Service solution and operates multiple Gardener installations for several cloud hosting service providers.
    STACKITSTACKIT is a digital brand of Europe’s biggest retailer, the Schwarz Group, which includes Lidl, Kaufland, but also production and recycling companies. It uses Gardener to offer public and private Kubernetes as a service in own data centers in Europe and targets to become the cloud provider for German and European small and mid-sized companies.
    T-SystemsSupporting and managing multiple application landscapes on-premises and across different hyperscaler infrastructures can be painful. At T-Systems we use Gardener both for internal usage and to manage clusters for our customers. We love the openness of the project, the flexibility and the architecture that allows us to manage clusters around the world with only one team from one single pane of glass and to meet industry specific certification standards. The sovereignty by design is another great value, the technology implicitly brings along.
    23 TechnologiesThe German-based company 23 Technologies uses Gardener to offer an enterprise-class Kubernetes engine for industrial use cases as well as cloud service providers and offers managed and professional services for it. 23T is also the team behind okeanos.dev, a public service that can be used by anyone to try out Gardener.
    B1 Systems GmbHB1 Systems GmbH is a international provider of Linux & Open Source consulting, training, managed service & support. We are founded in 2004 and based in Germany. Our team of 140 Linux experts offers tailor-made solutions based on cloud & container technologies, virtualization & high availability as well as monitoring, system & configuration management. B1 is using Gardener internally and also set up solutions/environments for customers.
    finleap connect GmbHfinleap connect GmbH is the leading independent Open Banking platform provider in Europe. It enables companies across a multitude of industries to provide the next generation of financial services by understanding how customers transact and interact. With its “full-stack” platform of solutions, finleap connect makes it possible for its clients to compliantly access the financial transactions data of customers, enrich said data with analytics tools, provide digital banking services and deliver high-quality, digital financial services products and services to customers. Gardener uniquly enables us to deploy our platform in Europe and across the globe in a uniform way on the providers preferred by our customers.
    CodesphereCodesphere is a Cloud IDE with integrated and automated deployment of web apps. It uses Gardener internally to manage clusters that host customer deployments and internal systems all over the world.
    plusserverplusserver combines its own cloud offerings with hyperscaler platforms to provide individually tailored multi-cloud solutions. The plusserver Kubernetes Engine (PSKE) based on Gardener reduces the complexity in managing multi-cloud environments and enables companies to orchestrate their containers and cloud-native applications across a variety of platforms such as plusserver’s pluscloud open or hyperscalers such as AWS, either by mouseclick or via an API. With PSKE, companies remain vendor-independent and profit from guaranteed data sovereignty and data security due to GDPR-compliant cloud platforms in the certified plusserver data centers in Germany.
    Fuga CloudFuga Cloud uses Gardener as the basis for its Enterprise Managed Kubernetes (EMK), a platform that simplifies the management of your k8s and provides insight into usage and performance. The other Fuga Cloud services can be added with a mouse click, and the choice of another cloud provider is a negotiable option. Fuga Cloud stands for Digital Sovereignty, Data Portability and GDPR compatibility.
    Metalstack Cloudmetalstack.cloud uses Gardener and is based on the open-source software metal-stack.io, which is developed for regulated financial institutions. The focus here is on the highest possible security and compliance conformity. This makes metalstack.cloud perfect for running enterprise-grade container applications and provides your workloads with the highest possible performance.
    CleuraCleura uses Gardener to power its Container Orchestration Engine for Cleura Public Cloud and Cleura Compliant Cloud. Cleura Container Orchestration Engine simplifies the creation and management of Kubernetes clusters through their user-friendly Cleura Cloud Management Panel or API, allowing users to focus on deploying applications instead of maintaining the underlying infrastructure.
    PITS Globale DatenrettungsdienstePITS Globale Datenrettungsdienste is a data recovery company located in Germany specializing in recovering lost or damaged files from hard drives, solid-state drives, flash drives, and other storage media. Gardener is used to handle highly-loaded internal infrastructure and provide reliable, fully-managed K8 cluster solutions.

    If you’re using Gardener and you aren’t on this list, submit a pull request!

    \ No newline at end of file diff --git a/docs/_print/community/index.html b/docs/_print/community/index.html index cc639c26ba1..651ff61c055 100644 --- a/docs/_print/community/index.html +++ b/docs/_print/community/index.html @@ -2,11 +2,11 @@

    Gardener Community

    Follow - Engage - Contribute

    Gardener Review Meetings

    What Are the Gardener Review Meetings?

    The Gardener Review Meeting is a recurring meeting where we review the latest developments in the Gardener ecosystem. We discuss recent releases, highlight key changes, and showcase live demos of new features and improvements.

    This meeting is open to everyone interested in Gardener, from contributors and maintainers to users and community members. We focus on updates relevant to the open-source community while avoiding company-specific details.

    How to Participate

    • Join the Meeting: Meetings are usually held bi-weekly, typically in the week after a new Gardener version is released. If there are many topics, additional meetings may be scheduled.
    • Present a Topic: If you would like to showcase a feature, bug fix, or any other relevant topic, reach out to us! Each topic should ideally include a short live demo and last 5-10 minutes.
    • Setup for Demos: Use a local or remote setup for your demonstrations if applicable.

    📅 Meeting Invitations: If you are not already on the invite list and would like to join, message us in our #gardener Slack channel in the Kubernetes workspace, or get in touch with @rfranzke (Rafael Franzke).

    Recordings & Public Access

    If you do not consent to being recorded, please do not enable your microphone or camera, or do not join the meetings.

    Review Meetings in 2025

    Below, you’ll find the agendas of past meetings along with links to their recordings. Check back regularly for updates and upcoming topics!

    2025/02/19 - v1.112 Release

    📽️ Recording

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @domdom825m🛡️ Prevent Leaking kube-apiserver’s Service IP in Shoot#10949
    @rfranzke10m🤹‍♂️ Credentials Rotation Without Workers Rollout#11027
    @oliver-goetz5m🌯 Wrapper For OperatingSystemConfig Provisioning Script#11208
    @marc140410m💥 Cluster Autoscaler Priority Expander Config#11045
    @petersutter5m🗼 Structured Authentication With Dashboard#11080

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [USER] All Seeds are now automatically labeled with seed.gardener.cloud/<name>=true where <name> is their own name, and (if applicable) the name of their parent seed in case they are managed seeds. This label can be used as selector for requests. #11062
    • 📖 [OPERATOR] Rewrite Setup Gardener document #11260

    2025/02/12 - v1.111 Release

    📽️ Recording

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @marc14045m⚙️ Default Machine Image Version#10954
    @timuthy10m👨🏻‍🌾 Gardener Operator Manages Extension Resources#11192, #11001
    @dimityrmirchev5m🚫 Secret/ConfigMap Tampering Protection#11108
    @oliver-goetz5m🗑️ Improved Deletion Logic In gardener-node-agent#11015

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [USER] Expired versions from the NamespacedCloudProfile are always dropped, except for already applied versions. #10910
    • ✨ [OPERATOR] Now vali contains the managed control plane logs from the early stages of Shoot reconcile. #11082
    • 🐛 [OPERATOR] An issue was fixed in gardener-operator that prevented configuring OIDC for gardener-dashboard while using Structured Authentication. #11080

    Review Meetings in 2024

    Click here to expand the archived overview of the Review Meetings in 2024!

    2024/12/18 - v1.109 and v1.110 Releases

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @timuthy5m🫣 Virtual Cluster Watch In gardener-operator#10663
    @oliver-goetz10m💂 Node Agent Authorizer#10781
    @tobschli5m🐛 Fix Shoot SSH Keypair Rotation#10671
    @maboehm5m🪪 Support More Use-Cases For TokenRequestor#10988
    @axel7born5m🧑‍🧒 IPv4/IPv6 Dual Stack Shoots on AWS#10803

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] The deprecated and unconditionally disabled HVPA and HVPAForShootedSeed feature gates are removed. […] #10853

    • 🪓 [DEVELOPER] Extension webhooks need to remove the provider type Predicates and add an ObjectSelector against the object’s provider type label instead. #10896

    • 🐛 [OPERATOR] seed-authorizer and structured authorization webhooks of shoot kube-apiservers no longer use the default TTL for AuthorizedTTL and UnauthorizedTTL. #10703

    2024/12/11 - Hack The Garden Wrap Up

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @damyan5m🌐 IPv6 Support On IronCoreSummary
    @LucaBernstein5m💡 Gardener SLIs: Shoot Cluster Creation/Deletion TimesSummary
    @Gerrit915m🔁 Version Classification Lifecycle In CloudProfilesSummary
    @rfranzke5m🛡️ Enhanced Seed Authorizer With Label/Field SelectorsSummary
    @hown3d5m🔑 Bring Your Own ETCD Encryption Key Via Key Management SystemsSummary
    @MichaelEischer5m⚖️ Load Balancing For Calls To kube-apiserversSummary
    @Nuckal7775m🪴 Validate PoC For In-Place Node Updates Of Shoot ClustersSummary
    @ialidzhikov5m🚀 Prevent Pod Scheduling Issues Due To OverscalingSummary
    @maboehm5m💪🏻 Prevent Multiple systemd Unit Restarts On Reconciliation ErrorsSummary
    @rfranzke5m🤹‍♂️ Trigger Nodes Rollout Individually Per Worker Pool During Credentials RotationSummary
    @dergeberl5m🚏 Replace TopologyAwareHints with ServiceTrafficDistributionSummary
    @oliver-goetz5m⬆️ Deploy Prow Via FluxSummary
    @timebertt5m⛓️‍💥 E2E Test Skeleton For Autonomous Shoot ClustersSummary
    @tobschli5m🫄 cluster-autoscaler’s ProvisioningRequest APISummary
    @Gerrit915m🐢 Cluster API Provider For GardenerSummary

    No Demo, But Still Worth Celebrating 🎉

    • 🪪 Support More Use-Cases For TokenRequestor. Summary

    • 👀 Watch ManagedResources In Shoot Care Controller. Summary

    • 👨🏼‍💻 Make cluster-autoscaler Work In Local Setup. Summary

    • 🧹 Use Structured Authorization In Local KinD Cluster. Summary

    • 🧹 Drop Internal Versions From Component Configuration APIs. Summary

    • 🐛 Fix Non-Functional Shoot Node Logging In Local Setup. Summary

    • 🧹 No Longer Generate Empty Secret For reconcile OperatingSystemConfigs. Summary

    • 🖥️ Generic Monitoring Extension. Summary

    2024/11/20 - v1.108 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @LucaBernstein10m🖼️ Custom Machine Images For NamespacedCloudProfiles#10629, #10811
    @dimitar-kostadinov5m💳 TLS Between Registry Cache And containerd#10831, registry-cache#245
    @unmarshall10m🤖 ETCD Druid v0.23etcd-druid (release)
    @MartinWeindel10m👩‍🌾 Gardener Operator Deploys BackupBucket/DNSRecord#10645
    @istvanballok10m🛝 Gardener Demo Playgrounddemo (website)

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [OPERATOR] Fixed an issue that that could occur during control plane migration causing the core.gardener.cloud/v1beta1.BackupEntry to be reconciled after it was successfully migrated, but before it was restored. #10761

    • ✨ [USER] The URLs of Shoot plutono, prometheus and alertmanager are now stored as annotations in <shoot-name>.monitoring secret in the project namespace. #10735

    2024/11/06 - v1.107 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @timuthy10m🪪 Structured Authorization Configuration#10682
    @tobschli10m⛔ Shoot Access Restrictions#10654
    @petersutter5m🕹 Recent Gardener Dashboard Features1.78.0

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] A new required controller was added to gardener-operator. It maintains the RequiredRuntime condition for Extension resources to indicate that the extension deployment is required in the Garden-Runtime cluster. #10650

    • ✨ [USER] Gardener reports the cluster’s egress CIDRs in Shoot.status.networking.egressCIDRs if supported by the used provider extension. #10240

    • 🪓 [OPERATOR] The gardener/controlplane Helm chart has been deprecated and will be removed after v1.135 has been released (around beginning of 2026). We urge you to switch to a gardener-operator-based installation. Read all about it here. #10706

    2024/10/23 - v1.106 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @plkokanov5m🫐 vpa-recommender Metrics Collection#10517
    @grolu5m📊 Dashboard Adaptations In gardener-operator#10572
    @andrerun5m📖 GEP-29: Autoscaling Storage Volumes#10690
    @DockToFuture, @axel7born10m🛜 IPv6 Shoot Clusters on AWSprovider-aws#1024
    @ary19925m🎮 k8s.io/* + controller-runtime Upgrades#10459
    @ialidzhikov10m⎈ Kubernetes 1.31 Support#10472

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] The HVPA and HVPAForShootedSeed feature gates have been deprecated and locked to false. Disable the HVPA and HVPAForShootedSeed feature gates if you have them enabled before upgrading to this version of Gardener. #10659

    • ✨ [OPERATOR] Gardener generated certificates are valid 1 minute before issuance to handle some amount of clock skew. #10603

    • ✨ [DEVELOPER] Allow gosec to be consumed from gardener/gardener. #10642

    2024/10/16 - ApeiroRA Special Edition & v1.105 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @mkorbi, @phyrog25m🌲 CO2/Green Monitoring Via Kubecostextension-shoot-kubecost (repo), extension-shoot-kepler (repo)
    @rfranzke5m🎱 Support For 80+ Worker Pools#10542
    @oliver-goetz10m👨🏻‍🌾 gardener-operator Deploys Extension Resources#10518

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [OPERATOR] When checking whether a Deployment rollout is complete, stale Pods are now ignored and no longer counted. #10548

    • ✨ [OPERATOR] gardenlet now performs garbage collection of stale Pods in all namespaces (except kube-system) in the seed cluster. #10548

    • ✨ [OPERATOR] The TopologySpreadConstraint calculation was improved for workload spread across multiple zones. This especially leads to a more balanced distribution of kube-apiserver and istio replicas in seed clusters. #10608

    2024/09/25 - v1.104 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @LucaBernstein5m🪪 Custom RBAC Verbs For NamespacedCloudProfiles#10485
    @dimityrmirchev5m➡️ Migrating From SecretBinding to CredentialsBinding#10365
    @ScheererJ10m🐹 Golang-Based VPN Implementation#9774
    @ScheererJ5m📖 GEP-28: Autonomous Shoot Clusters#10536

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] The gardener-operator metrics are now automatically scraped by the garden Prometheus. #10464

    • ✨ [OPERATOR] Alerts based on the proposals_failed_total metric of the etcd cluster are not raised anymore. #10524

    2024/09/11 - v1.103 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @dimityrmirchev10m🔑 Token Requestor Controller For WorkloadIdentitys#10298
    @LucaBernstein5m⚙️ New API: NamespacedCloudProfile#10266
    @timuthy10m👨🏻‍🌾 gardener-operator Deploys Extension Admission Components#10277

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] kube-proxy now has a readiness probe so that a Node will only become ready for workloads after kube-proxy was ready at least once. #10407

    • ✨ [OPERATOR] Host spread for shoots with failure tolerance node (.spec.controlPlane.highAvailability.failureTolerance.type) is now accomplished via minDomains. Earlier, this happened at a best effort basis only. If a seed was having less than 3 nodes at the time the control-plane pods were scheduled, the desired pod distribution was not possible. #10400

    2024/08/28 - v1.102 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @AleksandarSavchev10m🪪 Structured Authentication For Shoot and Garden#10244
    @ialidzhikov5m⚙️ VPA Recommender Configurability#10221
    @plkokanov10m🕴️ Cross-Provider Control Plane Migration#10323
    @vicwicker10m📊 Migrate VPA Metrics To CustomResourceState Metrics#9941

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] When the NewWorkerPoolHash feature gate is enabled, the calculation now also rolls worker nodes of Shoots when changing systemReserved in the kubelet configuration. Worker pools are not rolled if the sum of kubeReserved and systemReserved does not change. […] #10290

    • 🐛 [USER] Fixes a bug preventing shoot clusters with annotation shoot.gardener.cloud/skip-readiness: "true" to be created. #10317

    • ✨ [OPERATOR] The .spec.deployment.vpa field in the seedmanagement.gardener.cloud/v1alpha1.{Gardenlet,ManagedSeed} APIs is deprecated and has no effect anymore. It will be removed in a future version. Now, gardenlet deploys its own VPA as part of the Seed reconciliation (after it ensured the VPA CRD exists). #10299

    • 📖 [DEVELOPER] This document now contains a guide for developers how to handle deprecations and backwards-compatibility of changes. #10294

    2024/08/14 - v1.101 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @vpnachev10m🔑 token Subresource For WorkloadIdentity API#10042
    @nkraetzschmar5m🐧 Secure Boot On Gardenlinuxgardenlinux#2237
    @rfranzke10m🪴 gardenlet Management Via gardener-operator#10161, #10218
    @timuthy10m🪞 Registry Mirror Management Via OperatingSystemConfig#10050, #10167

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [DEVELOPER] The IPv4 addresses for the local Gardener setup was changed from 127.0.0.x to 172.18.255.x (default kind subnet) to resolve an issue on developer machines which can’t use additional IP addressed from the 127.0.0.0/8 space. […] #10019

    • 🪓 [DEVELOPER] The legacy method of providing monitoring configuration via ConfigMaps labeled with extensions.gardener.cloud/configuration=monitoring has been removed. See this instead. #10220

    • 🐛 [OPERATOR] Fixed a bug in the vpa-eviction-requirements controller causing etcds to be evicted for downscaling outside of their maintenance window. #10202

    2024/07/31 - v1.100 Release

    Demo Agenda 📋

    No topics available for presentation, hence, meeting was canceled.

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [USER] A bug causing sshd running in cluster pods to receive a SIGTERM when SSHAccess for worker nodes is disabled is now fixed. #10123

    • ✨ [USER] Added document in which we share our pod autoscaling best practices with end users. #10083

    • ✨ [OPERATOR] Scrape vpa-admission-controller metrics with prometheus. #10033

    2024/07/24 - v1.99 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @ScheererJ10m📡 Network Range Propagation From Extensions#9998
    @MartinWeindel5m👨🏻‍🌾 gardener-operator Manages Cert Management#9957

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [USER] Erroneous warnings for incomplete shoots credentials rotation has been fixed. #10059

    2024/07/17 - v1.98 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @LucaBernstein5m🥅 Object Selector For Extension Webhooks#9981, #10026
    @MichaelEischer10m🔄 New Worker Pool Hash Calculation For Rolling Updates#9865
    @dimityrmirchev5m🪢 CredentialsBinding: Successor Of SecretBinding#9853
    @istvanballok10m🪜 Renovated Remote Local Setup#9980
    @oliver-goetz5m🚔 Introduce gosec For Static Application Security Testing (SAST)#9959

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] The Resource Size Validator of the gardener-admission-controller ignores status subresource and metadata.managedFields for resource size limits. […] #10011

    • 🪓 [DEPENDENCY] The extensions/pkg/webhook/cloudprovider.Args#EnableObjectSelector field is now removed. The corresponding webhook’s object selector is now enforced unconditionally. #10027

    • ✨ [OPERATOR] kube-apiserver HPA’s max replicas count from 3 to 6 in VPAAndHPA autoscaling mode to support very large control planes. #9971

    • ✨ [OPERATOR] The data in ManagedResource secrets is now compressed with Brotli and stored under a single data key data.yaml.br. #9964

    2024/06/19 - v1.97 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @timuthy5m🚫 Register Node Tains With Kubelet#9872
    @acumino5m🧰 Update Shoot Maintenance State If Last Maintenance Failed#9945

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [DEVELOPER] gardener-operator local development setup supports creating seeds, shoots and managed-seeds now. #9763

    • ✨ [OPERATOR] gardenlet is now capable of keeping itself updated by pulling configuration and deployment values from the garden cluster. #9874

    • 🐛 [OPERATOR] Fix a regression where etcd alerts for the virtual Garden cluster did not work. #9973

    • 🪓 [DEVELOPER] The deprecated fields .spec.{reloadConfigFilePath,command} and .status.{units,files} have been removed from the extensions.gardener.cloud/v1alpha1.OperatingSystemConfig API. #9885

    2024/06/05 - v1.96 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @ScheererJ10m📢 Proxy Protocol Termination On Load Balancers In Seeds#9844
    @MichaelEischer5m📋 Improved OperatingSystemConfig Rollout Check For Nodes#9757
    @MartinWeindel5m🔄 Secrets Manager: Configurable Validity Percentage For Auto-Renewal#9819
    @dimityrmirchev10m👨🏻‍🌾 gardener-operator Manages Discovery Server#9746
    @marwinski10m👮 GEP-27: Falco Extension#9845

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [DEVELOPER] The allow-shoot-networks NetworkPolicy has been dropped entirely, hence, the networking.gardener.cloud/to-shoot-networks=allowed label has no effect anymore and should be removed. #9752

    • 🪓 [DEPENDENCY] The extensions/pkg/webhook/controlplane/genericmutator.Ensurer#EnsureKubeAPIServerService func is removed. This func was used before the introduction of ManagedIstio/APIServerSNI (when the kube-apiserver Service was of type LoadBalancer) to set cloud provider specific annotations to the Service. […] #9770

    • ✨ [OPERATOR] A new core.gardener.cloud/v1 API version is introduced which only includes the ControllerDeployment resource for now. The new version of the ControllerDeployment drops the type and providerConfig fields in favor of a well-structured section for helm-based ControllerDeployments. #9771

    • ✨ [OPERATOR] It is now possible to specify an OCI repository in ControllerDeployments describing from where the Helm chart can be pulled (instead of specifying a base64-encoded chart in the specification). #9823, Summary

    2024/05/29 - v1.95 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @shafeeqes5m⎈ Kubernetes 1.30 Support#9508
    @ialidzhikov10m🚀 VPA- and HPA-Based Autoscaling For kube-apiserver#9678
    @rfranzke10m👀 Four-Eyes Approval Concept For Shoot Deletion#9680
    @ScheererJ5m🧪 IPv6-Only E2E Tests In Prow#9693

    No Demo, But Still Worth Celebrating 🎉

    • ❗️ [DEVELOPER] The legacy method for extensions to provide observability configuration for shoot clusters (via ConfigMaps labelled with extensions.gardener.cloud/configuration=monitoring) is deprecated and will be removed in a future release. Please refer to this document to get information about the new, recommended way, and start migrating to it. #9695

    • ❗️ [DEVELOPER] The extensions.gardener.cloud/v1alpha1.Worker resource now has a new .spec.pools[].userDataSecretRef field which references a Secret containing the actual user data. The .spec.pools[].userData field is deprecated and will be removed in a future version. […] #9722

    • 🐛 [USER] A bug has has been fixed which caused unneeded gardener-node-agent reconciliations after each Shoot reconciliation even if the underlying OperatingSystemConfig did not contain relevant changes. #9723

    2024/05/22 - Hack The Garden Wrap Up

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @maboehm5m🗃️ OCI Helm Release Reference For ControllerDeploymentsSummary
    @oliver-goetz5m👨🏼‍💻 gardener-operator Local Development Setup With gardenletsSummary
    @kon-angelo5m👨🏻‍🌾 Extensions For Garden Cluster Via gardener-operatorSummary
    @rfranzke5m🪄 Gardenlet Self-Upgrades For Unmanaged SeedsSummary
    @Gerrit915m🦺 Type-Safe Configurability in OperatingSystemConfig For containerd, DNS, NTP, etc.Summary
    @majst015m👮 Expose Shoot API Server In Tailscale VPNSummary
    @hown3d5m⌨️ Rewrite gardener/vpn2 From Bash To GolangSummary
    @ScheererJ5m🕳️ Pure IPv6-Based VPN TunnelSummary
    @timebertt5m👐 Harmonize Local VPN Setup With Real-World ScenarioSummary
    @timuthy5m🍞 Compression For ManagedResource SecretsSummary
    @afritzler5m🚛 Making Shoot Flux Extension Production-ReadySummary

    No Demo, But Still Worth Celebrating 🎉

    • ✨ An approach for supporting Cilium v1.15+ for highly-available Shoots has been developed. Summary

    • ✨ The contents of the machine-controller-manager-provider-local repository have been merged into the gardener repository to improve development productivity. Summary

    • ✨ The vendor folder is going to be removed from OS extensions. Summary

    • ✨ Embedded files are now considered for local image builds with Skaffold. Summary

    2024/05/08 - v1.94 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @voelzmo10m🚀 VPA For ETCD Autoscaling#8984
    @oliver-goetz5m🔎 Worker Node Count Validation#9599
    @rfranzke10m📊 Dynamic Plutono Dashboard Reconciliation#9624
    @petersutter10m🎮 gardener-operator Manages Dashboard + Web Terminal Controller#9583, #9646

    No Demo, But Still Worth Celebrating 🎉

    • ❗️ [OPERATOR] Five minutes Infrastructure Cleanup Wait Period during shoot deletion was removed. Shoot annotation shoot.gardener.cloud/infrastructure-cleanup-wait-period-seconds which could be used to configure this period was removed, too. #9632

    • ✨ [OPERATOR] gardener-node-agent no longer watches all Nodes in the cluster but restricts to only the Node it is responsible for (with the help of label/field selectors). This should lead to a significant reduction of network I/O, especially for shoot clusters with many nodes. #9672

    • 🐛 [OPERATOR] gardener-operator is now capable of reconciling shoot cluster-specific NetworkPolicys in case the garden cluster is a seed cluster at the same time. #9658

    2024/04/24 - v1.93 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @maboehm10m🔄 New AfterWorker Extension Lifecycle Strategy#9472
    @MichaelEischer10m🏨 Machine Type Dependent Resource Reservations#9449
    @rfranzke5m🔎 Garden Prometheis Managed By prometheus-operator#9543, #9606
    @oliver-goetz10m🐛 Fix Kubelet Data Volume Usage#9609

    No Demo, But Still Worth Celebrating 🎉

    • ❗️ [OPERATOR] Set kube-apiserver maxReplicas=3 for all Shoots that are not annotated with alpha.control-plane.scaling.shoot.gardener.cloud/scale-down-disabled=true. #9605

    • ✨ [OPERATOR] A new gardenlet feature gate called ShootManagedIssuer was introduced. This feature gate guards the functionality described in GEP-24 until all of the components mentioned in the enhancement proposal are implemented by Gardener. #9489

    • 🐛 [OPERATOR] Istio-ingress gateway dashboard now shows the correct sent tcp traffic metric and the correct memory usage. #9596

    2024/04/10 - v1.92 Release

    Demo Agenda 📋

    No topics available for presentation, hence, meeting was canceled.

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] The graduated UseGardenerNodeAgent feature gate has been dropped. […]. #9477

    • 🪓 [DEVELOPER] The deprecated oscommon package has been removed. #9477

    • ✨ [OPERATOR] Secret openvpn-diffie-hellman-key in the garden namespace containing the Diffie-Hellmann key can be deleted from landscapes as it is no longer needed. #9386

    • ✨ [DEVELOPER] A new extension lifecycle strategy reconcile: AfterWorker is now available for Extensions to use in their ControllerRegistration. #9472

    2024/03/27 - v1.91 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @rfranzke5m🚨 Alertmanager For Garden Clusters#9301, #9065 (issue)
    @rfranzke5m🐶 Health Checks For Dependency Watchdog Actions#9376
    @ScheererJ10m🚦 Replace kube-apiserver Ingress Resources With Istio Exposure#9300
    @shafeeqes5m🧽 Force Kubernetes Upgrade Removes Unsupported Feature Gates + Admission Plugins#9365
    @dimityrmirchev10m🎫 Managed Shoot OIDC Issuer#9196, #9354, #9157 (issue)

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] Operators can create duplicate istio ingress gateways for migration if the zone names should be changed in the Seed specification. #9304

    • ✨ [DEVELOPER] The {garden,seed,shoot}-care controllers now incorporate ManagedResources into all relevant conditions, and it is possible to override the condition type into which a ManagedResource’s status gets incorporated via the care.gardener.cloud/condition-type label. […] #9313

    2024/03/13 - v1.90 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @rishabh-1110m🐶 Dependency Watchdog Considers Node Leasesdependency-watchdog#94, #9072
    @ScheererJ5m🌏 Add IP Stack To DNSRecords#9289
    @kon-angelo10m🗃️ AWS ECR Credentials Provider For Kubeletprovider-aws#854
    @rfranzke5m🩺 Health Checks For VerticalPodAutoscalers#9211
    @oliver-goetz10m🤖 Renovate Botci-infra#1163, #9197

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] ⚠️ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions == 1.24. Make sure to upgrade all existing clusters before upgrading to this Gardener version. #8989

    • 🐛 [DEPENDENCY] An issue was fixed that sometimes led to leaked extension-controlplane-shoot-webhooks which blocked the shoot deletion. #9209

    • ✨ [OPERATOR] The UseGardenerNodeAgent feature gate has been promoted to GA. It was already enabled by default and can now no longer be turned off. The feature gate will be removed in a future release. #9208

    2024/02/28 - v1.89 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @ScheererJ10m⚖️ Drop nginx-ingress Load Balancer In Favor Of Istio#9038
    @shafeeqes5m⎈ Skip Minor Kubernetes Version Upgrades#9185
    @rfranzke10m🔎 Seed Prometheis Managed By prometheus-operator#9128, #9159, #9200, #9163
    @petersutter5m📄 Read-Only Kubeconfigs For Shoots in Dashboard and CLIdashboard#1711 (issue)

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [USER] The shoot cluster CA bundle is now stored in a ConfigMap in the project namespace of the garden cluster, in addition to storing it in a Secret. This ConfigMap shares the same name as the pre-existing Secret, which is <shoot-name>.ca-cluster. The Secret will be removed in a future Gardener release. […] #9123

    • ✨ [OPERATOR] The UseGardenerNodeAgent feature gate has been promoted to beta and is now turned on by default. #9161

    • ✨ [OPERATOR] Add condition type ObservabilityComponentsHealthy for extension health check, it will allow extensions to register with this type. #9092

    2024/02/14 - v1.88 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @rfranzke10m🛡️ Additional/Custom RBAC Permissions For Extensions#9079
    @oliver-goetz10m👨🏻‍🌾 gardener Linux User On Shoot Worker Nodes#9077
    @tobschli5m🩺 EveryNodeReady Considers gardener-node-agent Health#9073
    @MartinWeindel10m✍🏻 Istio Resources As Source Objects For DNS Recordsexternal-dns-management#354

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] The docker CRI is no longer supported for machine images in the CloudProfile. Docker CRI was already not supported for Shoots with Kubernetes versions >= v1.23, so adding this CRI is a no-op currently. Please remove all the usages of docker CRI from your CloudProfiles before upgrading to this version. #9135

    • 🐛 [OPERATOR] A bug has been fixed which was preventing valitail systemd services on shoot workers from starting when the UseGardenerNodeAgent feature gate is enabled. #9149

    • 🐛 [USER] The kube-apiserver deployment is annotated to mark the completion of labeling the resources for encrytion so that this step is not repeated in case the “label removal” step fails and resources are partially without the label. #9147

    • ✨ [OPERATOR] BackupEntrys and Shoots are now labelled with seed.gardener.cloud/<seed-name>=true where <seed-name> is the value of .spec.seedName or .status.seedName. This allows for server-side filtering when watching these resources by leveraging a label selector. #9089

    2024/01/31 - v1.87 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @timebertt10m🌏 IPv6 Single-Stack In Local Gardener#8574
    @axel7born10m👨🏼‍💻 Local Setup For Dual-Stack Seeds#8983
    @acumino5m⎈ Kubernetes 1.29 Support#8976
    @ScheererJ10m👨‍👨‍👦 Spread Istio Pods Across Hosts#8970
    @shafeeqes10m🔓 Custom Resource Encryption in ETCD#8842, #8966

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] The deprecated field seed.spec.secretRef has been removed from the Seed API. Please check your Seeds and remove any usage before upgrading to this Gardener version. #8896

    • 🪓 [OPERATOR] Migration code for Plutono and Vali is now removed. Consider manual cleanup for longterm broken Shoots as described in the PR to avoid leaking Loki’s PV. #8999

    • ✨ [OPERATOR] The components managed by gardener now use PDBs with unhealthyPodEvictionPolicy: AlwaysAllow for clusters with kubernetes version >= 1.26. […] #8969

    2024/01/24 - v1.86 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @grolu10m🕹 Recent Gardener Dashboard Featuresdashboard (repo)
    @holgerkoser10m📈 “All Projects” Dashboard Page Scalability Improvementsdashboard#1637
    @rfranzke5m📖 Read-Only Kubeconfigs For Shoots#8870
    @oliver-goetz5m💾 Registry Cache For E2E Tests In Prow#8880

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [DEVELOPER] Support for the deprecated NetworkPolicy annotations networking.resources.gardener.cloud/from-policy-allowed-ports and networking.resources.gardener.cloud/from-policy-pod-label-selector has been removed. Use networking.resources.gardener.cloud/from-<some-alias>-allowed-ports instead (documentation). #8883
    • 🐛 [OPERATOR] A bug causing the Shoot to use the wrong istio load balancer if the ExposureClass name and the exposureclass handler name are not the same is now fixed. #8926
    • ✨ [OPERATOR] Add egressCIDRs field to the infrastructureStatus resource. This allows provider-extensions to specify a list of stable CIDRs used as source IP for traffic generated by the shoot’s worker nodes. #8888

    Review Meetings in 2023

    Click here to expand the archived overview of the Review Meetings in 2023!

    2023/12/06 - v1.85 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @timuthy10m🪪 Auto-Registration + Certificate Management for Extension Admission Webhooks#8725
    @acumino5m🧹 Orphaned Lease Garbage Collection#8817
    @rfranzke10m🕵️ Introduction Of gardener-node-agent#8023 (issue)

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] All the functionality related to the deprecated field .spec.secretRef in Seeds has been removed and subsequently .spec.secretRef will be dropped from the Seed API in a later release of Gardener. Please check your Seeds and remove any usage before upgrading to this Gardener version. #8833

    • ✨ [OPERATOR] The gardener-resource-manager deployment procedure was improved. Earlier, GRM was unnecessarily rolled during shoot reconciliation if worker nodes contained custom taints. #8835

    2023/11/29 - v1.84 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @danielfoehrKn10m⬆️ Machine Image Version Update Strategies#8275
    @plkokanov5m🤲🏻 node-exporter’s Textfile Collector#8721
    @timuthy5m🔄 Improved Shoot Condition Handling#8736
    @shafeeqes5m🎮 kube-controller-manager Controller Enablement Based on APIs#8763
    @aaronfern5m🚥 cluster-autoscaler Metrics#8750

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [USER] A validation rule was added that forbids changing the primary DNS provider in .spec.dns.providers as soon as the Shoot was scheduled. #8761

    • 🪓 [OPERATOR] ⚠️ The deprecated fields spec.settings.dependencyWatchdog.endpoint and spec.settings.dependencyWatchdog.probe have been removed from the Seed API. Please check your Seeds and remove any usage before upgrading to this Gardener version. #8747

    • 🐛 [OPERATOR] During the restore phase of control plane migration, the machine-controller-manager is deployed with 0 replicas if it did not exist before or if it existed and was not scaled up yet. This fixes an issue that could cause the Shoot’s nodes to get recreated during control plane migration. #8742

    • ✨ [DEVELOPER] Vendoring has been removed from the project, i.e., there is no vendor folder anymore. #8775

    2023/11/22 - v1.83 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @Kostov610m🐛 Prevent Unintended etcd-backup Secret Deletions#8709
    @AleksandarSavchev10m📑 Diki - Gardener Compliance Checkerdiki (repo)
    @shafeeqes5m🔎 API Server Runtime Config Validation#8695
    @dimitar-kostadinov15m💾 Introduction To registry-cache Extensionregistry-cache (repo)

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [OPERATOR] A bug has been fixed which caused ServiceAccounts related to garden access secrets for extensions to leak in the seed namespace in the garden cluster after uninstallation of said extensions. #8697

    • ✨ [OPERATOR] The .status.lastOperation in core.gardener.cloud/v1beta1.Seed and operator.gardener.cloud/v1alpha1.Garden resources is now only updated each 5s during a reconciliation. Previously, it was updated immediately when a task was finished. #8705

    2023/11/15 - Hack The Garden Wrap Up

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @robinschneider5m🏛️ ARM Support For OpenStack ExtensionSummary
    @dergeberl10m🛡️ Make ACL Extension Production-ReadySummary
    @oliver-goetz5m🕵️ Continuation Of gardener-node-agentSummary
    @rfranzke5m🧑🏼‍🌾 Deploy gardenlets Through Custom Resource Via gardener-operatorSummary
    @Kumm-Kai5m🦅 Shoot Control Plane Live Migration (Without Downtime)Summary
    @afritzler10m🗄️ Stop Vendoring Third-Party Code In vendor FolderSummary
    @Gerrit915m🔍 Generic Extension For Shoot Cluster Audit LogsSummary
    @timebertt5m🚛 Rework Shoot Flux ExtensionSummary

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [USER] A discussion about air-gapped shoot clusters was conducted. Summary

    • ✨ [DEVELOPER] A new script hack/update-skaffold-deps.sh has been added for automatically updating Skaffold dependencies for the binaries. Previously, you had to update them manually in the skaffold.yaml file. Summary

    2023/10/25 - v1.82 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @rfranzke10m🌀 Improved Machine State Persistence For Shoot Control Plane Migrations#8559, #8618
    @acumino5m📝 No Longer Report Skipped Flow Tasks#8541
    @oliver-goetz5m🚤 Accelerated API Server Rollouts#8640
    @ScheererJ5m💥 Forceful Managed Resources Finalization#8584

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [DEPENDENCY] The MachineClassKind(), MachineClass(), and MachineClassList() methods have been dropped from the generic Worker actuator’s interface and do not need to be implemented anymore. #8559

    • 🪓 [DEPENDENCY] The no longer required --gardenlet-manages-mcm option has been removed. All code in provider extensions related to management/deployment of machine-controller-manager should be removed. #8596

    • 🪓 [DEVELOPER] The extensions/pkg/controller/operatingsystemconfig/oscommon package is deprecated and will be removed as soon as the UseGardenerNodeAgent feature gate has been promoted to GA. OS extension developers should start adapting to this new feature, see documentation and example based on provider-local. #8647

    2023/10/11 - v1.81 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @holgerkoser5m🎭 Dashboard Theming + Brandingdashboard#1568
    @seshachalam-yv5m📅 Delta Snapshot Retention Periodetcd-druid#651
    @shafeeqes10m🗑️ Forceful Shoot Deletion#8414, #8608
    @rfranzke5mℹ️ Shoot Scheduling Failure Reason Population#8527
    @himanshu-kun10m🔙 Autoscaler Early Abort/Backoffautoscaler#154

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [USER] Gardener refined the scope of the problematic webhook matcher for Endpoints objects. Earlier, shoot clusters were assigned a constraint reporting a problem with a failurePolocy: Fail webhook acting on these objects. Now, only Endpoints in the kube-system and default namespaces are considered for this check. #8521

    • ✨ [OPERATOR] The MachineControllerManagerDeployment has been promoted to beta and is now enabled by default. Make sure that all registered provider extensions support this feature gate before upgrading to this version of Gardener. #8526

    • ✨ [OPERATOR] The DisableScalingClassesForShoots feature gates has been promoted to GA (and is now always enabled). #8526

    2023/09/27 - v1.80 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @acumino5m💽 Enabled Target Cache In gardener-resource-manager#8483
    @grolu5m🕹️ Support For Workerless Shootsdashboard#1531
    @plkokanov10m📮 Introduction To rsyslog-relp Extensionshoot-rsyslog-relp (repo)
    @rfranzke10m🎮 gardener-operator Manages Gardener Control Plane#8309
    @oliver-goetz10m🔂 Seed Credentials Renewing On Garden Credentials Rotation#8396
    @oliver-goetz5m⎈ Kubernetes 1.28 Support#8479

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [USER] A bug has been fixed which was allowing users to specify an extension of the same type in .spec.extensions[].type more than once in the Shoot API. #8457

    • ✨ [USER] Gardener now reports nodes for which the checksum/cloud-config-data hasn’t been populated yet. This could point towards an error on the node and that not all Gardener related configuration happened successfully. #8448

    • ✨ [OPERATOR] gardener-operator now refuses to start if operators attempt to downgrade or skip minor Gardener versions. Please see this document for more information. #8413

    • ✨ [DEVELOPER] The following golang dependencies have been upgraded, please consult the upstream release notes and this issue for guidance on upgrading your golang dependencies when vendoring this gardener version: k8s.io/* to v0.28.2, sigs.k8s.io/controller-runtime to v0.16.2. #8464

    2023/09/13 - v1.79 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @ary199210m🎮 sigs.k8s.io/controller-runtime@v0.15 Upgrade#8245
    @oliver-goetz10m🫧 Additional Excess Capacity Reservation Configurations#8356
    @ScheererJ10m👨🏼‍💻 Extension Admission Controllers In Local Setup#8311

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [USER] When the Kubernetes control plane version is at least v1.28, it is now possible to set the worker pool Kubernetes version to be at most three versions behind the control plane version. Earlier, only a skew of at most two versions was allowed. Find more details here. #8402

    • ✨ [OPERATOR] The DisablingScalingClassesForShoots feature gate has been promoted to beta. #8428

    • ✨ [OPERATOR] The WorkerlessShoots feature gate has been promoted to beta and is now turned on by default. Before deploying this Gardener version, make sure that all your registered extensions support this feature gate. #8417

    2023/08/30 - v1.78 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @schrodit20m🌀 How Codesphere Uses Gardenercodesphere.com (website)
    @acumino5m🧑🏼‍🌾 Gardener Operator Manages Plutono#8301
    @aaronfern10m🥾 Golang-Based ETCD Bootstrappingetcd-wrapper#3

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] It is possible now to trigger a Seed reconciliation by annotating the Seed with gardener.cloud/operation=reconcile. #8347

    • ✨ [OPERATOR] Status of Garden now includes the ObservabilityComponentsHealthy condition which show the health of observability components in the garden runtime-cluster. #8346

    • ✨ [DEPENDENCY] BackupBucket/BackupEntry controllers: watch secret metadata only. #8348

    2023/08/16 - v1.77 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @dimityrmirchev10m🔒 Use immutable secrets in ManagedResource library#8116
    @ialidzhikov10m🗂️ Introduce the ContainerdRegistryHostsDir feature gate#8094
    @shafeeqes5m🪓 Split make generate targets#8289
    @oliver-goetz5m🚮 Remove secrets from gardener-controlplane helm chart#8308
    @timuthy10m🌎 Enhance minimal distance algorithm in gardener-scheduler#8277

    No Demo, But Still Worth Celebrating 🎉

    • 🔄 [OPERATOR] gardenlet no longer reports the Bootstrapped condition on Seeds. Instead, it now reports the progress in .status.lastOperation, similar to how it’s done for Shoots. #8290

    • 🔎 [OPERATOR] Operators can now view and manage dashboards for compaction jobs running in shoot control plane. #8206

    • 📈 [OPERATOR] gardener-operator now takes over management of fluent-operator and vali. #8240

    2023/08/02 - v1.76 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @oliver-goetz10m🩺 Garden Care Controller#8158, #8238
    @acumino5m🔢 Error Code Detection In Worker Controller#8242
    @dergeberl10m🔑 Garden Cluster Access For Extension Controllers In Seeds#8001 (issue)
    @timuthy5m📌 Support For Custom Gardener Schedulers#8261
    @DockToFuture, @axel7born10m🔀 AWS IPv4/6 Dual-Stack Supportprovider-aws#778

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] Removed service.beta.kubernetes.io/aws-load-balancer-type: nlb annotation from istio-ingressgateway service template. Set this annotation in Seed configuration. […] #8214

    • ✨ [USER] It is now possible to enable disabled APIs for workerless shoot clusters via spec.kubernetes.kubeAPIServer.runtimeConfig. #8258

    • 🐛 [USER] An issue has been fixed which caused CoreDNS to not rewrite CNAME values in DNS answers. #8231

    2023/07/19 - v1.75 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @StenlyTU10m🧑🏼‍🌾 Gardener Operator Deploys nginx-ingress-{controller,k8s-backend}#7945
    @AleksandarSavchev5m🚔 Pod Security Enforcements For Garden And Seed#8099
    @acumino10m⚙️ Kubeconfigs For Admission Plugin Configurations#8110
    @shafeeqes5m⚠️ New CRDsWithProblematicConversionWebhooks Constraint For Shoots#8159
    @ScheererJ10m🏎️ Race Mitigation For NetworkUnavailable Condition In Nodesprovider-gcp#631
    @timuthy5m🪄 Kubernetes Version Defaulting#8198

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [DEVELOPER] Shoot fields .spec.dns.providers[].domains and .spec.dns.providers[].zones are now deprecated and expected to be removed in version v1.87. Please plan ahead to drop using those fields in extensions. #8199

    • 🪓 [USER] Adding Gardener-managed finalizers (e.g., gardener or gardener.cloud/reference-protection) to the Shoot on creation is now forbidden. #8209

    • 🐛 [OPERATOR] A bug causing the gardenlet to panic when a ETCD encryption key rotation operation is triggered for a hibernated Shoot is now fixed. Now, triggering ETCD encryption key rotation or ServiceAccount signing key rotation is forbidden when the Shoot is in waking up phase. #8184

    2023/07/05 - v1.74 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @timuthy5m🏷️ Multiple Domains For Garden Clusters#8156
    @rfranzke10m📈 [GEP-22] Improved Usage of ShootState API#8073 (issue)
    @rfranzke5m💪 Keep kube-proxy VPA On Kubernetes Patch Updates#8071
    @oliver-goetz5m🧹 Removal Of Deprecated Development Setups#8075
    @timebertt5m🔐 Usage Of InternalSecret API#7999 (issue)

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] ⚠️ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions < 1.22. Make sure to upgrade all existing clusters before upgrading to this Gardener version. #8087

    • 🐛 [OPERATOR] gardener-resource-manager’s system-components-config webhook no longer adds the toleration for the ToBeDeletedByClusterAutoscaler taint to system components in shoot clusters. The ToBeDeletedByClusterAutoscaler taint is maintained by the cluster-autoscaler. This was breaking cluster-autoscaler’s drain mechanism when scaling down an under-utilized node. It was causing just evicted system components from to be deleted node to be scheduled again on the to be deleted node. #8172

    2023/06/21 - v1.73 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @voelzmo10m📈 Disabled Scaling Classes For kube-apiserver Resource Requirements#8003
    @dimitar-kostadinov10m🌍 Improved Robustness Of terraformer Executions#8059
    @rfranzke10m🤖 machine-controller-manager Managed By gardenlet#8015, #8018, #8056
    @shafeeqes5m🧹 Cleanup Secret Reference In ManagedSeeds#8039

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] The field .spec.secretRef in the Seed API has been deprecated and will be removed in a future release of Gardener. #8064

    • ✨ [OPERATOR] gardener-apiserver now exposes a new core.gardener.cloud/v1beta1.InternalSecret API, see the documentation for more information. #8025

    • ✨ [DEVELOPER] It is now easier to annotate Services related to extensions serving webhook handlers that must be reached by kube-apiservers running in separate namespaces such that the respective network traffic gets allowed. Please refer to this guide for all information. […]. #8076

    • ✨ [DEVELOPER] gardenlet’s ControllerInstallation controller now populates the feature gate of gardenlet via the Helm values to extensions when they are getting installed. The information is populated via the .gardener.gardenlet.featureGates key. It contains a map whose keys are feature gates names and whose values are booleans (depicting the enablement status). #8011

    2023/06/14 - v1.72 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @ScheererJ5m🔦 Virtual Garden API Server Exposure Via Istio#7953
    @axel7born5m🐹 Golang Implementation For Egress Network Filteringshoot-networking-filter#64
    @rfranzke5m📐 Improved Accuracy For Local Control Plane Migration E2E Tests#7981
    @ishan1669610m⬆️ Improved ETCD Cluster Scale-Upetcd-druid#584 (issue)
    @kon-angelo5m🔧 Live AWS EBS Volume Modificationsprovider-aws#754
    @elankath5m🔐 GCP Disk Encryption With Customer-Managed Keysprovider-gcp#607
    @MartinWeindel5m📀 OpenStack Manila CSI Driverprovider-openstack#572

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] It is required to have ControllerRegistrations for Kinds ControlPlane, Infrastructure and Worker with the same types used for seeds (.spec.provider.type). […]. #7928

    • ✨ [USER] The core/v1alpha1 API version is dropped. Make sure that you don’t use the core/v1alpha1 API version in your machinery. #7965

    • ✨ [USER] The certificate chains served by kube-apiservers does now include the CA certificates used to sign their server certificates. #7961

    • 🐛 [USER] A bug that prevented finalizers from being added to referenced Secrets or ConfigMaps in .spec.resources in Shoots has been fixed. #7995

    2023/06/07 - v1.71 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @shafeeqes5m💡 Improved Validation For Shoot Worker Pool Config#7855
    @ScheererJ10m🧑🏼‍🌾 Gardener Operator Updates#7881, #7931
    @ialidzhikov5m⏱️ Configurable Toleration Seconds For Unready Nodes#7861
    @acumino10m🕹️ Workerless Shoot Clusters#7635 (issue)
    @ary19925m⎈ Kubernetes 1.27 Support#7883
    @istvanballok10m📊 Replace Grafana With Plutono, Loki With Vali#7318

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [DEVELOPER] Extensions vendoring this gardener/gardener version need to provide RBAC privileges for PATCH apps/depoyments/scale. #7868

    • ✨ [OPERATOR] The HAControlPlanes feature gate has been promoted to beta and is now turned on by default. #7867

    • ✨ [OPERATOR] It is now possible to provide namespace selectors for additional namespaces which should be covered by the NetworkPolicy controllers of gardener-operator or gardenlet. […] #7929

    • ✨ [DEVELOPER] In order to allow kube-apiserver pods of shoot or garden clusters to reach webhook servers, they must no longer be explicitly labeled with networking.resources.gardener.cloud/to-<service-name>-<protocol>-<port>=allowed. Instead, it is enough to annotate the Service of the webhook server with networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports=<ports>. #7907

    • 📖 [DEVELOPER] A guideline for developers regarding TODO statements has been introduced. #7939

    2023/05/31 - Hack The Garden Wrap Up

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @majst01, @Gerrit9110m🕵️ Introduction Of gardener-node-agentSummary
    @einfachnuralex10m🌐 IPv6 Shoot Clusters On Cloud ProvidersSummary
    @JensAc10m🌱 Experimenting With Masterful Shoot ClustersSummary
    @timebertt10m🔑 Garden Cluster Access For Extension Controllers In SeedsSummary
    @rfranzke10m💾 Replacing ShootStates With Backups in Backup BucketsSummary
    @timebertt10m🔐 New InternalSecrets API In GardenerSummary

    No Demo, But Still Worth Celebrating 🎉

    • ✨ The machine-controller-manager deployment procedure has been moved from the generic Worker actuator used in extensions controllers into gardenlet. Summary

    • ✨ The accuracy for local control plane migration e2e tests has been increased as much as possible. Summary

    • ✨ A few of the necessary steps for supporting ETCD encryption for custom resources have been addressed. Summary

    • 🧹 The apiserver-proxy-pod-mutator webhook has been moved into gardener-resource-manager. Summary

    2023/05/10 - v1.70 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @Kristian-ZH10m🪵 Introduction Of Fluent Operator#7568
    @danielfoehrKn10m🧱 Move Prow E2E Tests To cgroup-v2 Nodes#7780, #7797
    @ScheererJ5m🌽 User-Defined Kernel Settings Per Worker Pool#7825
    @rfranzke10m🧑🏼‍🌾 Gardener Operator Manages Istio and kube-state-metrics#7817, #7836
    @plkokanov10m🔄 Control Plane Migration For HA Shoots#7626, #7742

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] Gardener now supports seed clusters with Kubernetes versions up to v1.26. #7831

    • ✨ [OPERATOR] The highavailabilityconfig webhook configures topology spread constraints with minDomains=<number-of- zones>. […]. #7826

    • ✨ [OPERATOR] Annotations in seed.spec.settings.loadBalancerServices.annotations are now applied to the nginx-ingress load balancer service in the seed cluster. #7835

    • 🧹 [OPERATOR] The promoted or deprecated feature gates ManagedIstio and ReversedVPN have been removed. #7830

    2023/04/26 - v1.69 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @oliver-goetz10m🐞 Skaffold-Based Debugging Experience#7755
    @plkokanov10m🔄 Control Plane Migration For HA Shoots#7626
    @DockToFuture10m🔗 E2E Tests For Networking Extensionsnetworking-calico#257, networking-cilium#261
    @breuerfelix10m🌱 Local IPv6-Based Seed Clusters#7561

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] The SeedChange and CopyEtcdBackupsDuringControlPlaneMigration feature gates have been promoted to GA and are now locked to true. #7763

    • 🐛 [OPERATOR] Fixed potential leaks of ShootStates that could happen when a Shoot cluster is deleted. This is achieved by no longer exiting early from the deletion flow if the shoot’s seed Namespace has been deleted. The same logic has been applied to the migration flow for consistency. #7789

    • 🐛 [OPERATOR] A bug causing kube-controller-manager to fail to clean up ShootState resources is now fixed. #7793

    • 🧹 [OPERATOR] The .spec.settings.ownerChecks field of the Seed configuration is deprecated. The “bad-case” control plane migration is being removed in favor of the HA Shoot control planes […]. #7748

    2023/04/12 - v1.68 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @ialidzhikov5m🚦 Toplogy-Aware-Routing in Garden Cluster#7729
    @ary199210m⏳ Restrict Duration Of Reconciliations#7147
    @robinschneider5m🔃 Copy Docker Hub Images To Gardener GCR#7698
    @timuthy10m🧑🏼‍🌾 Gardener Operator Manages kube-apiserver#7693, #7730
    @timuthy5m📸 Trigger ETCD Snapshots Via API Server Proxy Endpoint#7714

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] Enable memory-saver mode for the VPA recommender. It stops tracking resource consumption for Containers without matching VPAs and frees up memory. #7746

    • ✨ [DEVELOPER] The server certificate of the kube-apiserver deployment now contains the <service-name>.<namespace>.svc.cluster.local SAN. #7735

    • 🐛 [OPERATOR] A bug causing the gardenlet to be unable to access the BackupBucket generated secret in garden namespace is now fixed. #7708

    • 🐛 [OPERATOR] A bug has been fixed for the Gardener Operator that occasionally caused “404 not-found” errors when garden resources where applied and the operator ran with multiple replicas. #7739

    2023/04/05 - Special Edition

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @vlerenc25m🤪 Gardener Chaos Engineeringchaos-engineering (repo)

    2023/03/29 - v1.67 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @himanshu-kun10m🐶 Dependency Watchdog v1dependency-watchdog (repo), #6693
    @SimonKienzler10m🫀 Ensure CSINode Readiness Before Scheduling Pods#7621
    @timebertt5m🔄 Skaffold-Based Development Experience#7659
    @grolu10m🕹 Recent Gardener Dashboard Featuresdashboard (repo)
    @timuthy10m💿 Single Object Cache#7632, #7681

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [OPERATOR] An issue has been fixed which caused undesired PATCH requests when updating the state in the Worker or ShootState resources. #7637

    • 🐛 [DEVELOPER] A bug in managedresources.NewRegistry that was leading to excessive memory usage when this function is called multiple times has been fixed. #7694

    • ✨ [DEVELOPER] Shoot clusters using provider-local can now have multiple worker nodes with calico as CNI. #7684

    • ✨ [DEVELOPER] The local deployment of Gardener with extensions can now deal with multiple seeds. Additional seeds can be added and removed again. #7673

    2023/03/15 - v1.66 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @shafeeqes5m👻 Dropped Support For Self-Managed Ingress Controllers In Seeds#7529
    @timuthy10m🧑🏻‍⚖️ Adapted NetworkPolicys For Istio Namespaces#7570
    @ScheererJ10m🧑🏻‍⚖️ Adapted NetworkPolicys For Extension Namespaces#7589
    @ialidzhikov10m🚦 Routing Network Traffic Toplogy-Aware#7191

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [USER] Updates to the AuditPolicy referenced by Shoots are now also validated against the Kubernetes versions of those shoot clusters. This fixes an issue where it was possible to specify an unsupported audit.k8s.io version when updating the ConfigMap which contains the AuditPolicy. #7563

    • 🐛 [USER] Fixes control-plane migration of hibernated shoot being stuck if shoot was hibernated for 24h. #7608

    • 🪓 [OPERATOR] The ForceRestore feature gate has been removed. #7543

    • ✨ [OPERATOR] The ManagedSeed controller does no longer try to sync the Seed kubeconfig Secret when Shoot’s static token kubeconfig is not enabled. #7546

    2023/03/01 - v1.65 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @axel7born5m🥸 Response Rewrite For DNS Search Path Optimization#7478
    @shafeeqes5m🔍 Validation For Admission Plugin Configurations#7472
    @shafeeqes5m🥷🏻 Recreation For Immutable ConfigMaps/Secrets#7516
    @acumino5m🩺 Shoot System Components Health Checks#7462
    @rfranzke5m🧑🏻‍⚖️ Adapted NetworkPolicys For Shoot Control Plane Components#7484, #7515
    @Kumm-Kai10m🫀 Schedule Node-Critical Pods First#7406

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [USER] The core.gardener.cloud/v1alpha1 API is deprecated and will be removed soon. The core.gardener.cloud/v1beta1 API is already available since a very long time and should be used instead. #7443

    • 🪓 [OPERATOR] Before upgrading to this Gardener version, Seeds using .spec.dns.ingressDomain must now finally be switched to using .spec.ingress and .spec.dns.provider […]. #7515

    • 🐛 [OPERATOR] Fix a bug in the etcd deploy flow that erroneously unsets etcd.spec.etcd.peerUrlTls in the Etcd CRs of high available shoots when marked for hibernation. #7514

    2023/02/15 - v1.64 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @rfranzke10m🧑🏻‍⚖️ NetworkPolicy Controller In gardener-resource-manager#7392, #7412, #7437
    @himanshu-kun5m🏗️ Progressing Condition In MachineDeploymentsmachine-controller-manager#762
    @kon-angelo10m🤸🏼‍♂️ Nodes CIDR Expansion For Shoots#7368
    @timebertt5m🐛 Simplified Debugging Experience For Integration Tests#7431
    @rickardsjp10m⛙ Unification Of Grafana Deployments#7007

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] The istio-system namespace in seed clusters is now labeled with gardener.cloud/role=istio-system. All istio-ingress* namespaces are now labeled with gardener.cloud/role=istio-ingress. #7389

    • 🐛 [OPERATOR] When deleting a seed the cluster-identity config map in kube-system namespace is not deleted anymore if it was already existing on seed creation. #7436

    • 🐛 [OPERATOR] A bug has been fixed which caused the conditions of Shoots to be set to Unknown too fast in case the responsible gardenlet is no longer posting its heartbeat. #7404

    • ✨ [DEVELOPER] Add bootstrapping a local IPv6 KinD cluster with make kind-up IPFAMILY=ipv6. #7388

    2023/02/08 - v1.63 Release (Part III)

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @einfachnuralex10m🛠️ Development Box On GCP#7319
    @acumino10m⚙️ New SystemComponentsConfig Webhook#7204, #7304
    @rfranzke5m🚅 Skip Readiness Checks In Shoot Flow#7268
    @ialidzhikov10m⎈ Kubernetes 1.26 Support#7275
    @SimonKienzler, @breuerfelix10m👮 Access Control For Shoot Clustersextension-acl (repo)

    2023/02/01 - v1.63 Release (Part II)

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @AleksandarSavchev10m🔒 Disable SSH Access To Worker Nodes#7188
    @ary19925m🎮 controller-runtime Refactoring#4251 (issue)
    @shafeeqes10m📊 Dashboards For controller-runtime Metrics#7180
    @ialidzhikov5m⛓️ Kubelet Versions Constraints For Machine Image Versions#7265
    @timebertt10m🚦 [GEP-21] IPv6 Single-Stack Support in Local Gardener#7050, #7246, #7288
    @plkokanov5m🏗 Control Plane Migration Status Update#5620, #5587, dashboard#1262

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [USER] The ServiceAccount signing key rotation procedure has been improved and should work better for clusters with lots of ServiceAccounts or intermittent creations/deletions of new/old ServiceAccount secrets. #7313

    • 🐛 [USER] A bug in the kubelet-monitor script running on all shoot worker nodes has been fixed which was causing to also kill processes other than kubelet only. #7278

    • ✨ [OPERATOR] The legacy VPN solution has been removed. The feature gates ReversedVPN, ManagedIstio and APIServerSNI are unconditionally enabled (locked to their default values) now. #7167

    • ✨ [OPERATOR] gardener-operator is now managing the load balancer Service for exposing the virtual-garden-kube-apiserver as part of the virtual garden cluster control plane. It is possible to specify annotations for it via .spec.runtimeCluster.settings.loadBalancerServices.annotations in the Garden resource. #7238

    • 🐛 [OPERATOR] When deploying kube-apiserver version v1.24, Gardener will add the --shutdown-send-retry-after=true command line flag to the kube-apiserver command. […]. #7250

    • ✨ [DEVELOPER] The HighAvailabilityConfig webhook now also mutates replica settings of HPA and HVPA resources. To make use of this handling, please label respective resources with the well known high-availability-config.resource.gardener.cloud/type label […]. #7226

    • ✨ [DEVELOPER] It is now possible to make secrets manager adopt existing secrets. Find out more in this document. #7243

    • 📖 [DEVELOPER] The Gardener project has introduced a policy for the number of supported Kubernetes versions read it here. #7300

    2023/01/25 - v1.63 Release (Part I)

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @rgroemmer5m💿 OpenStack StorageClasses Via CloudProfilesprovider-openstack#408
    @ScheererJ10m👨‍👩‍👧 Highly Available Istio Deployment#6997
    @shafeeqes5m👀 New ObservabilityComponentsHealthy Condition For Shoots#7325
    @acumino5m🛵 Catching Long-Running Stuck Rollouts#7241

    2023/01/18 - v1.62 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @dimityrmirchev10m🪐 Extension Lifecycle Strategies#6999
    @rfranzke10m🧑‍💻 [operator] ETCD Management, Credentials Rotation, Validation#7067, #7144, #7225
    @acumino5m🧰 Tracking Last Maintenance Operation#7035
    @oliver-goetz10m💻 kind-Based Local Setup For Extensions#6678
    @MartinWeindel10m👨‍👩‍👦 Highly Available VPN Deployment#6978

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [USER] gardener-admission-controller now validates Shoot Kubernetes version compatibility with Audit Policy API version on Shoot update request. #7205
    • ✨ [USER] It is now possible to configure the general log verbosity and the verbosity for HTTP access logs for the kube-apiserver via the Shoot specification. #7094
    • 🐛 [OPERATOR] Prevent updating Shoots which are scheduled to a Seed with less then 3 zones to spec.controlPlane.failureTolerance.type: zone #7195
    • 📖 [DEVELOPER] A new document for developers has been added with a checklist for what to pay attention to when adding new components to garden, seed, or shoot clusters. Read it here. #7125

    Community Calls (2022 and before)

    Click here to expand the archived overview of the Community Calls in 2022 and before!
    TopicSpeakerDate and TimeLink
    Get more computing power in Gardener by overcoming Kubelet limitations with CRI-resource-managerPawel Palucki, Alexander D. KanevskiyOctober 20, 2022Recording
    Summary
    Cilium / Isovalent PresentationRaymond de JongOctober 6, 2022Recording
    Summary
    Gardener Extension Development - From scratch to the gardener-extension-shoot-fluxJens Schneider, Lothar GessleinJune 9, 2022Recording
    Summary
    Deploying and Developing Gardener Locally (Without Any External Infrastructure!)Tim Ebert, Rafael FranzkeMarch 17, 2022Recording
    Summary
    Gardenctl-v2Holger Koser, Lukas Gross, Peter SutterFebruary 17, 2022Recording
    Summary

    Get in Touch

    +All
  • Blogs
  • Community

    • Gardener Community

    Follow - Engage - Contribute

    Gardener Review Meetings

    What Are the Gardener Review Meetings?

    The Gardener Review Meeting is a recurring meeting where we review the latest developments in the Gardener ecosystem. We discuss recent releases, highlight key changes, and showcase live demos of new features and improvements.

    This meeting is open to everyone interested in Gardener, from contributors and maintainers to users and community members. We focus on updates relevant to the open-source community while avoiding company-specific details.

    How to Participate

    • Join the Meeting: Meetings are usually held bi-weekly, typically in the week after a new Gardener version is released. If there are many topics, additional meetings may be scheduled.
    • Present a Topic: If you would like to showcase a feature, bug fix, or any other relevant topic, reach out to us! Each topic should ideally include a short live demo and last 5-10 minutes.
    • Setup for Demos: Use a local or remote setup for your demonstrations if applicable.

    📅 Meeting Invitations: If you are not already on the invite list and would like to join, message us in our #gardener Slack channel in the Kubernetes workspace, or get in touch with @rfranzke (Rafael Franzke).

    Recordings & Public Access

    If you do not consent to being recorded, please do not enable your microphone or camera, or do not join the meetings.

    Review Meetings in 2025

    Below, you’ll find the agendas of past meetings along with links to their recordings. Check back regularly for updates and upcoming topics!

    2025/02/26 - v1.113 Release

    📽️ Recording

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @domdom825m👀 ACL Reconciliation On Infrastructure Changesextension-acl#105
    @Wieneo5m🎭 GEP-30: Rework API Server Proxy#11214 (issue)
    @ishan1669610m🐛 Fix Failing ETCD Restorationsetcd-backup-restore#778 (issue)
    @timebertt5m🪜 Refactor E2E Tests To Ordered Its#11379 (issue)
    @maboehm5m👷 Maximum Node Count For Shoots#11279
    @vpnachev5m📢 Public Gardener Information Discovery#11238

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [USER] The ETCD encryption config now properly configures a 32-byte key. #11150
    • ✨ [OPERATOR] Enhance the gardener-operator to allow specification of more than a single network range for .spec.runtimeCluster.networking.{nodes,pods,services}, and .spec.virtualCluster.networking.services, which also allows dual-stack configurations. #11251
    • ✨ [OPERATOR] Shoot system and Shoot control plane containers, which do not require privilege escalations, now forbid privilege escalation explicitly. There is an issue in Kubernetes about the privilege escalation configuration being true by default. #11241

    2025/02/19 - v1.112 Release

    📽️ Recording

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @domdom825m🛡️ Prevent Leaking kube-apiserver’s Service IP in Shoot#10949
    @rfranzke10m🤹‍♂️ Credentials Rotation Without Workers Rollout#11027
    @oliver-goetz5m🌯 Wrapper For OperatingSystemConfig Provisioning Script#11208
    @marc140410m💥 Cluster Autoscaler Priority Expander Config#11045
    @petersutter5m🗼 Structured Authentication With Dashboard#11080

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [USER] All Seeds are now automatically labeled with seed.gardener.cloud/<name>=true where <name> is their own name, and (if applicable) the name of their parent seed in case they are managed seeds. This label can be used as selector for requests. #11062
    • 📖 [OPERATOR] Rewrite Setup Gardener document #11260

    2025/02/12 - v1.111 Release

    📽️ Recording

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @marc14045m⚙️ Default Machine Image Version#10954
    @timuthy10m👨🏻‍🌾 Gardener Operator Manages Extension Resources#11192, #11001
    @dimityrmirchev5m🚫 Secret/ConfigMap Tampering Protection#11108
    @oliver-goetz5m🗑️ Improved Deletion Logic In gardener-node-agent#11015

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [USER] Expired versions from the NamespacedCloudProfile are always dropped, except for already applied versions. #10910
    • ✨ [OPERATOR] Now vali contains the managed control plane logs from the early stages of Shoot reconcile. #11082
    • 🐛 [OPERATOR] An issue was fixed in gardener-operator that prevented configuring OIDC for gardener-dashboard while using Structured Authentication. #11080

    Review Meetings in 2024

    Click here to expand the archived overview of the Review Meetings in 2024!

    2024/12/18 - v1.109 and v1.110 Releases

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @timuthy5m🫣 Virtual Cluster Watch In gardener-operator#10663
    @oliver-goetz10m💂 Node Agent Authorizer#10781
    @tobschli5m🐛 Fix Shoot SSH Keypair Rotation#10671
    @maboehm5m🪪 Support More Use-Cases For TokenRequestor#10988
    @axel7born5m🧑‍🧒 IPv4/IPv6 Dual Stack Shoots on AWS#10803

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] The deprecated and unconditionally disabled HVPA and HVPAForShootedSeed feature gates are removed. […] #10853

    • 🪓 [DEVELOPER] Extension webhooks need to remove the provider type Predicates and add an ObjectSelector against the object’s provider type label instead. #10896

    • 🐛 [OPERATOR] seed-authorizer and structured authorization webhooks of shoot kube-apiservers no longer use the default TTL for AuthorizedTTL and UnauthorizedTTL. #10703

    2024/12/11 - Hack The Garden Wrap Up

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @damyan5m🌐 IPv6 Support On IronCoreSummary
    @LucaBernstein5m💡 Gardener SLIs: Shoot Cluster Creation/Deletion TimesSummary
    @Gerrit915m🔁 Version Classification Lifecycle In CloudProfilesSummary
    @rfranzke5m🛡️ Enhanced Seed Authorizer With Label/Field SelectorsSummary
    @hown3d5m🔑 Bring Your Own ETCD Encryption Key Via Key Management SystemsSummary
    @MichaelEischer5m⚖️ Load Balancing For Calls To kube-apiserversSummary
    @Nuckal7775m🪴 Validate PoC For In-Place Node Updates Of Shoot ClustersSummary
    @ialidzhikov5m🚀 Prevent Pod Scheduling Issues Due To OverscalingSummary
    @maboehm5m💪🏻 Prevent Multiple systemd Unit Restarts On Reconciliation ErrorsSummary
    @rfranzke5m🤹‍♂️ Trigger Nodes Rollout Individually Per Worker Pool During Credentials RotationSummary
    @dergeberl5m🚏 Replace TopologyAwareHints with ServiceTrafficDistributionSummary
    @oliver-goetz5m⬆️ Deploy Prow Via FluxSummary
    @timebertt5m⛓️‍💥 E2E Test Skeleton For Autonomous Shoot ClustersSummary
    @tobschli5m🫄 cluster-autoscaler’s ProvisioningRequest APISummary
    @Gerrit915m🐢 Cluster API Provider For GardenerSummary

    No Demo, But Still Worth Celebrating 🎉

    • 🪪 Support More Use-Cases For TokenRequestor. Summary

    • 👀 Watch ManagedResources In Shoot Care Controller. Summary

    • 👨🏼‍💻 Make cluster-autoscaler Work In Local Setup. Summary

    • 🧹 Use Structured Authorization In Local KinD Cluster. Summary

    • 🧹 Drop Internal Versions From Component Configuration APIs. Summary

    • 🐛 Fix Non-Functional Shoot Node Logging In Local Setup. Summary

    • 🧹 No Longer Generate Empty Secret For reconcile OperatingSystemConfigs. Summary

    • 🖥️ Generic Monitoring Extension. Summary

    2024/11/20 - v1.108 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @LucaBernstein10m🖼️ Custom Machine Images For NamespacedCloudProfiles#10629, #10811
    @dimitar-kostadinov5m💳 TLS Between Registry Cache And containerd#10831, registry-cache#245
    @unmarshall10m🤖 ETCD Druid v0.23etcd-druid (release)
    @MartinWeindel10m👩‍🌾 Gardener Operator Deploys BackupBucket/DNSRecord#10645
    @istvanballok10m🛝 Gardener Demo Playgrounddemo (website)

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [OPERATOR] Fixed an issue that that could occur during control plane migration causing the core.gardener.cloud/v1beta1.BackupEntry to be reconciled after it was successfully migrated, but before it was restored. #10761

    • ✨ [USER] The URLs of Shoot plutono, prometheus and alertmanager are now stored as annotations in <shoot-name>.monitoring secret in the project namespace. #10735

    2024/11/06 - v1.107 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @timuthy10m🪪 Structured Authorization Configuration#10682
    @tobschli10m⛔ Shoot Access Restrictions#10654
    @petersutter5m🕹 Recent Gardener Dashboard Features1.78.0

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] A new required controller was added to gardener-operator. It maintains the RequiredRuntime condition for Extension resources to indicate that the extension deployment is required in the Garden-Runtime cluster. #10650

    • ✨ [USER] Gardener reports the cluster’s egress CIDRs in Shoot.status.networking.egressCIDRs if supported by the used provider extension. #10240

    • 🪓 [OPERATOR] The gardener/controlplane Helm chart has been deprecated and will be removed after v1.135 has been released (around beginning of 2026). We urge you to switch to a gardener-operator-based installation. Read all about it here. #10706

    2024/10/23 - v1.106 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @plkokanov5m🫐 vpa-recommender Metrics Collection#10517
    @grolu5m📊 Dashboard Adaptations In gardener-operator#10572
    @andrerun5m📖 GEP-29: Autoscaling Storage Volumes#10690
    @DockToFuture, @axel7born10m🛜 IPv6 Shoot Clusters on AWSprovider-aws#1024
    @ary19925m🎮 k8s.io/* + controller-runtime Upgrades#10459
    @ialidzhikov10m⎈ Kubernetes 1.31 Support#10472

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] The HVPA and HVPAForShootedSeed feature gates have been deprecated and locked to false. Disable the HVPA and HVPAForShootedSeed feature gates if you have them enabled before upgrading to this version of Gardener. #10659

    • ✨ [OPERATOR] Gardener generated certificates are valid 1 minute before issuance to handle some amount of clock skew. #10603

    • ✨ [DEVELOPER] Allow gosec to be consumed from gardener/gardener. #10642

    2024/10/16 - ApeiroRA Special Edition & v1.105 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @mkorbi, @phyrog25m🌲 CO2/Green Monitoring Via Kubecostextension-shoot-kubecost (repo), extension-shoot-kepler (repo)
    @rfranzke5m🎱 Support For 80+ Worker Pools#10542
    @oliver-goetz10m👨🏻‍🌾 gardener-operator Deploys Extension Resources#10518

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [OPERATOR] When checking whether a Deployment rollout is complete, stale Pods are now ignored and no longer counted. #10548

    • ✨ [OPERATOR] gardenlet now performs garbage collection of stale Pods in all namespaces (except kube-system) in the seed cluster. #10548

    • ✨ [OPERATOR] The TopologySpreadConstraint calculation was improved for workload spread across multiple zones. This especially leads to a more balanced distribution of kube-apiserver and istio replicas in seed clusters. #10608

    2024/09/25 - v1.104 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @LucaBernstein5m🪪 Custom RBAC Verbs For NamespacedCloudProfiles#10485
    @dimityrmirchev5m➡️ Migrating From SecretBinding to CredentialsBinding#10365
    @ScheererJ10m🐹 Golang-Based VPN Implementation#9774
    @ScheererJ5m📖 GEP-28: Autonomous Shoot Clusters#10536

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] The gardener-operator metrics are now automatically scraped by the garden Prometheus. #10464

    • ✨ [OPERATOR] Alerts based on the proposals_failed_total metric of the etcd cluster are not raised anymore. #10524

    2024/09/11 - v1.103 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @dimityrmirchev10m🔑 Token Requestor Controller For WorkloadIdentitys#10298
    @LucaBernstein5m⚙️ New API: NamespacedCloudProfile#10266
    @timuthy10m👨🏻‍🌾 gardener-operator Deploys Extension Admission Components#10277

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] kube-proxy now has a readiness probe so that a Node will only become ready for workloads after kube-proxy was ready at least once. #10407

    • ✨ [OPERATOR] Host spread for shoots with failure tolerance node (.spec.controlPlane.highAvailability.failureTolerance.type) is now accomplished via minDomains. Earlier, this happened at a best effort basis only. If a seed was having less than 3 nodes at the time the control-plane pods were scheduled, the desired pod distribution was not possible. #10400

    2024/08/28 - v1.102 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @AleksandarSavchev10m🪪 Structured Authentication For Shoot and Garden#10244
    @ialidzhikov5m⚙️ VPA Recommender Configurability#10221
    @plkokanov10m🕴️ Cross-Provider Control Plane Migration#10323
    @vicwicker10m📊 Migrate VPA Metrics To CustomResourceState Metrics#9941

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] When the NewWorkerPoolHash feature gate is enabled, the calculation now also rolls worker nodes of Shoots when changing systemReserved in the kubelet configuration. Worker pools are not rolled if the sum of kubeReserved and systemReserved does not change. […] #10290

    • 🐛 [USER] Fixes a bug preventing shoot clusters with annotation shoot.gardener.cloud/skip-readiness: "true" to be created. #10317

    • ✨ [OPERATOR] The .spec.deployment.vpa field in the seedmanagement.gardener.cloud/v1alpha1.{Gardenlet,ManagedSeed} APIs is deprecated and has no effect anymore. It will be removed in a future version. Now, gardenlet deploys its own VPA as part of the Seed reconciliation (after it ensured the VPA CRD exists). #10299

    • 📖 [DEVELOPER] This document now contains a guide for developers how to handle deprecations and backwards-compatibility of changes. #10294

    2024/08/14 - v1.101 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @vpnachev10m🔑 token Subresource For WorkloadIdentity API#10042
    @nkraetzschmar5m🐧 Secure Boot On Gardenlinuxgardenlinux#2237
    @rfranzke10m🪴 gardenlet Management Via gardener-operator#10161, #10218
    @timuthy10m🪞 Registry Mirror Management Via OperatingSystemConfig#10050, #10167

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [DEVELOPER] The IPv4 addresses for the local Gardener setup was changed from 127.0.0.x to 172.18.255.x (default kind subnet) to resolve an issue on developer machines which can’t use additional IP addressed from the 127.0.0.0/8 space. […] #10019

    • 🪓 [DEVELOPER] The legacy method of providing monitoring configuration via ConfigMaps labeled with extensions.gardener.cloud/configuration=monitoring has been removed. See this instead. #10220

    • 🐛 [OPERATOR] Fixed a bug in the vpa-eviction-requirements controller causing etcds to be evicted for downscaling outside of their maintenance window. #10202

    2024/07/31 - v1.100 Release

    Demo Agenda 📋

    No topics available for presentation, hence, meeting was canceled.

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [USER] A bug causing sshd running in cluster pods to receive a SIGTERM when SSHAccess for worker nodes is disabled is now fixed. #10123

    • ✨ [USER] Added document in which we share our pod autoscaling best practices with end users. #10083

    • ✨ [OPERATOR] Scrape vpa-admission-controller metrics with prometheus. #10033

    2024/07/24 - v1.99 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @ScheererJ10m📡 Network Range Propagation From Extensions#9998
    @MartinWeindel5m👨🏻‍🌾 gardener-operator Manages Cert Management#9957

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [USER] Erroneous warnings for incomplete shoots credentials rotation has been fixed. #10059

    2024/07/17 - v1.98 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @LucaBernstein5m🥅 Object Selector For Extension Webhooks#9981, #10026
    @MichaelEischer10m🔄 New Worker Pool Hash Calculation For Rolling Updates#9865
    @dimityrmirchev5m🪢 CredentialsBinding: Successor Of SecretBinding#9853
    @istvanballok10m🪜 Renovated Remote Local Setup#9980
    @oliver-goetz5m🚔 Introduce gosec For Static Application Security Testing (SAST)#9959

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] The Resource Size Validator of the gardener-admission-controller ignores status subresource and metadata.managedFields for resource size limits. […] #10011

    • 🪓 [DEPENDENCY] The extensions/pkg/webhook/cloudprovider.Args#EnableObjectSelector field is now removed. The corresponding webhook’s object selector is now enforced unconditionally. #10027

    • ✨ [OPERATOR] kube-apiserver HPA’s max replicas count from 3 to 6 in VPAAndHPA autoscaling mode to support very large control planes. #9971

    • ✨ [OPERATOR] The data in ManagedResource secrets is now compressed with Brotli and stored under a single data key data.yaml.br. #9964

    2024/06/19 - v1.97 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @timuthy5m🚫 Register Node Tains With Kubelet#9872
    @acumino5m🧰 Update Shoot Maintenance State If Last Maintenance Failed#9945

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [DEVELOPER] gardener-operator local development setup supports creating seeds, shoots and managed-seeds now. #9763

    • ✨ [OPERATOR] gardenlet is now capable of keeping itself updated by pulling configuration and deployment values from the garden cluster. #9874

    • 🐛 [OPERATOR] Fix a regression where etcd alerts for the virtual Garden cluster did not work. #9973

    • 🪓 [DEVELOPER] The deprecated fields .spec.{reloadConfigFilePath,command} and .status.{units,files} have been removed from the extensions.gardener.cloud/v1alpha1.OperatingSystemConfig API. #9885

    2024/06/05 - v1.96 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @ScheererJ10m📢 Proxy Protocol Termination On Load Balancers In Seeds#9844
    @MichaelEischer5m📋 Improved OperatingSystemConfig Rollout Check For Nodes#9757
    @MartinWeindel5m🔄 Secrets Manager: Configurable Validity Percentage For Auto-Renewal#9819
    @dimityrmirchev10m👨🏻‍🌾 gardener-operator Manages Discovery Server#9746
    @marwinski10m👮 GEP-27: Falco Extension#9845

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [DEVELOPER] The allow-shoot-networks NetworkPolicy has been dropped entirely, hence, the networking.gardener.cloud/to-shoot-networks=allowed label has no effect anymore and should be removed. #9752

    • 🪓 [DEPENDENCY] The extensions/pkg/webhook/controlplane/genericmutator.Ensurer#EnsureKubeAPIServerService func is removed. This func was used before the introduction of ManagedIstio/APIServerSNI (when the kube-apiserver Service was of type LoadBalancer) to set cloud provider specific annotations to the Service. […] #9770

    • ✨ [OPERATOR] A new core.gardener.cloud/v1 API version is introduced which only includes the ControllerDeployment resource for now. The new version of the ControllerDeployment drops the type and providerConfig fields in favor of a well-structured section for helm-based ControllerDeployments. #9771

    • ✨ [OPERATOR] It is now possible to specify an OCI repository in ControllerDeployments describing from where the Helm chart can be pulled (instead of specifying a base64-encoded chart in the specification). #9823, Summary

    2024/05/29 - v1.95 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @shafeeqes5m⎈ Kubernetes 1.30 Support#9508
    @ialidzhikov10m🚀 VPA- and HPA-Based Autoscaling For kube-apiserver#9678
    @rfranzke10m👀 Four-Eyes Approval Concept For Shoot Deletion#9680
    @ScheererJ5m🧪 IPv6-Only E2E Tests In Prow#9693

    No Demo, But Still Worth Celebrating 🎉

    • ❗️ [DEVELOPER] The legacy method for extensions to provide observability configuration for shoot clusters (via ConfigMaps labelled with extensions.gardener.cloud/configuration=monitoring) is deprecated and will be removed in a future release. Please refer to this document to get information about the new, recommended way, and start migrating to it. #9695

    • ❗️ [DEVELOPER] The extensions.gardener.cloud/v1alpha1.Worker resource now has a new .spec.pools[].userDataSecretRef field which references a Secret containing the actual user data. The .spec.pools[].userData field is deprecated and will be removed in a future version. […] #9722

    • 🐛 [USER] A bug has has been fixed which caused unneeded gardener-node-agent reconciliations after each Shoot reconciliation even if the underlying OperatingSystemConfig did not contain relevant changes. #9723

    2024/05/22 - Hack The Garden Wrap Up

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @maboehm5m🗃️ OCI Helm Release Reference For ControllerDeploymentsSummary
    @oliver-goetz5m👨🏼‍💻 gardener-operator Local Development Setup With gardenletsSummary
    @kon-angelo5m👨🏻‍🌾 Extensions For Garden Cluster Via gardener-operatorSummary
    @rfranzke5m🪄 Gardenlet Self-Upgrades For Unmanaged SeedsSummary
    @Gerrit915m🦺 Type-Safe Configurability in OperatingSystemConfig For containerd, DNS, NTP, etc.Summary
    @majst015m👮 Expose Shoot API Server In Tailscale VPNSummary
    @hown3d5m⌨️ Rewrite gardener/vpn2 From Bash To GolangSummary
    @ScheererJ5m🕳️ Pure IPv6-Based VPN TunnelSummary
    @timebertt5m👐 Harmonize Local VPN Setup With Real-World ScenarioSummary
    @timuthy5m🍞 Compression For ManagedResource SecretsSummary
    @afritzler5m🚛 Making Shoot Flux Extension Production-ReadySummary

    No Demo, But Still Worth Celebrating 🎉

    • ✨ An approach for supporting Cilium v1.15+ for highly-available Shoots has been developed. Summary

    • ✨ The contents of the machine-controller-manager-provider-local repository have been merged into the gardener repository to improve development productivity. Summary

    • ✨ The vendor folder is going to be removed from OS extensions. Summary

    • ✨ Embedded files are now considered for local image builds with Skaffold. Summary

    2024/05/08 - v1.94 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @voelzmo10m🚀 VPA For ETCD Autoscaling#8984
    @oliver-goetz5m🔎 Worker Node Count Validation#9599
    @rfranzke10m📊 Dynamic Plutono Dashboard Reconciliation#9624
    @petersutter10m🎮 gardener-operator Manages Dashboard + Web Terminal Controller#9583, #9646

    No Demo, But Still Worth Celebrating 🎉

    • ❗️ [OPERATOR] Five minutes Infrastructure Cleanup Wait Period during shoot deletion was removed. Shoot annotation shoot.gardener.cloud/infrastructure-cleanup-wait-period-seconds which could be used to configure this period was removed, too. #9632

    • ✨ [OPERATOR] gardener-node-agent no longer watches all Nodes in the cluster but restricts to only the Node it is responsible for (with the help of label/field selectors). This should lead to a significant reduction of network I/O, especially for shoot clusters with many nodes. #9672

    • 🐛 [OPERATOR] gardener-operator is now capable of reconciling shoot cluster-specific NetworkPolicys in case the garden cluster is a seed cluster at the same time. #9658

    2024/04/24 - v1.93 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @maboehm10m🔄 New AfterWorker Extension Lifecycle Strategy#9472
    @MichaelEischer10m🏨 Machine Type Dependent Resource Reservations#9449
    @rfranzke5m🔎 Garden Prometheis Managed By prometheus-operator#9543, #9606
    @oliver-goetz10m🐛 Fix Kubelet Data Volume Usage#9609

    No Demo, But Still Worth Celebrating 🎉

    • ❗️ [OPERATOR] Set kube-apiserver maxReplicas=3 for all Shoots that are not annotated with alpha.control-plane.scaling.shoot.gardener.cloud/scale-down-disabled=true. #9605

    • ✨ [OPERATOR] A new gardenlet feature gate called ShootManagedIssuer was introduced. This feature gate guards the functionality described in GEP-24 until all of the components mentioned in the enhancement proposal are implemented by Gardener. #9489

    • 🐛 [OPERATOR] Istio-ingress gateway dashboard now shows the correct sent tcp traffic metric and the correct memory usage. #9596

    2024/04/10 - v1.92 Release

    Demo Agenda 📋

    No topics available for presentation, hence, meeting was canceled.

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] The graduated UseGardenerNodeAgent feature gate has been dropped. […]. #9477

    • 🪓 [DEVELOPER] The deprecated oscommon package has been removed. #9477

    • ✨ [OPERATOR] Secret openvpn-diffie-hellman-key in the garden namespace containing the Diffie-Hellmann key can be deleted from landscapes as it is no longer needed. #9386

    • ✨ [DEVELOPER] A new extension lifecycle strategy reconcile: AfterWorker is now available for Extensions to use in their ControllerRegistration. #9472

    2024/03/27 - v1.91 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @rfranzke5m🚨 Alertmanager For Garden Clusters#9301, #9065 (issue)
    @rfranzke5m🐶 Health Checks For Dependency Watchdog Actions#9376
    @ScheererJ10m🚦 Replace kube-apiserver Ingress Resources With Istio Exposure#9300
    @shafeeqes5m🧽 Force Kubernetes Upgrade Removes Unsupported Feature Gates + Admission Plugins#9365
    @dimityrmirchev10m🎫 Managed Shoot OIDC Issuer#9196, #9354, #9157 (issue)

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] Operators can create duplicate istio ingress gateways for migration if the zone names should be changed in the Seed specification. #9304

    • ✨ [DEVELOPER] The {garden,seed,shoot}-care controllers now incorporate ManagedResources into all relevant conditions, and it is possible to override the condition type into which a ManagedResource’s status gets incorporated via the care.gardener.cloud/condition-type label. […] #9313

    2024/03/13 - v1.90 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @rishabh-1110m🐶 Dependency Watchdog Considers Node Leasesdependency-watchdog#94, #9072
    @ScheererJ5m🌏 Add IP Stack To DNSRecords#9289
    @kon-angelo10m🗃️ AWS ECR Credentials Provider For Kubeletprovider-aws#854
    @rfranzke5m🩺 Health Checks For VerticalPodAutoscalers#9211
    @oliver-goetz10m🤖 Renovate Botci-infra#1163, #9197

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] ⚠️ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions == 1.24. Make sure to upgrade all existing clusters before upgrading to this Gardener version. #8989

    • 🐛 [DEPENDENCY] An issue was fixed that sometimes led to leaked extension-controlplane-shoot-webhooks which blocked the shoot deletion. #9209

    • ✨ [OPERATOR] The UseGardenerNodeAgent feature gate has been promoted to GA. It was already enabled by default and can now no longer be turned off. The feature gate will be removed in a future release. #9208

    2024/02/28 - v1.89 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @ScheererJ10m⚖️ Drop nginx-ingress Load Balancer In Favor Of Istio#9038
    @shafeeqes5m⎈ Skip Minor Kubernetes Version Upgrades#9185
    @rfranzke10m🔎 Seed Prometheis Managed By prometheus-operator#9128, #9159, #9200, #9163
    @petersutter5m📄 Read-Only Kubeconfigs For Shoots in Dashboard and CLIdashboard#1711 (issue)

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [USER] The shoot cluster CA bundle is now stored in a ConfigMap in the project namespace of the garden cluster, in addition to storing it in a Secret. This ConfigMap shares the same name as the pre-existing Secret, which is <shoot-name>.ca-cluster. The Secret will be removed in a future Gardener release. […] #9123

    • ✨ [OPERATOR] The UseGardenerNodeAgent feature gate has been promoted to beta and is now turned on by default. #9161

    • ✨ [OPERATOR] Add condition type ObservabilityComponentsHealthy for extension health check, it will allow extensions to register with this type. #9092

    2024/02/14 - v1.88 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @rfranzke10m🛡️ Additional/Custom RBAC Permissions For Extensions#9079
    @oliver-goetz10m👨🏻‍🌾 gardener Linux User On Shoot Worker Nodes#9077
    @tobschli5m🩺 EveryNodeReady Considers gardener-node-agent Health#9073
    @MartinWeindel10m✍🏻 Istio Resources As Source Objects For DNS Recordsexternal-dns-management#354

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] The docker CRI is no longer supported for machine images in the CloudProfile. Docker CRI was already not supported for Shoots with Kubernetes versions >= v1.23, so adding this CRI is a no-op currently. Please remove all the usages of docker CRI from your CloudProfiles before upgrading to this version. #9135

    • 🐛 [OPERATOR] A bug has been fixed which was preventing valitail systemd services on shoot workers from starting when the UseGardenerNodeAgent feature gate is enabled. #9149

    • 🐛 [USER] The kube-apiserver deployment is annotated to mark the completion of labeling the resources for encrytion so that this step is not repeated in case the “label removal” step fails and resources are partially without the label. #9147

    • ✨ [OPERATOR] BackupEntrys and Shoots are now labelled with seed.gardener.cloud/<seed-name>=true where <seed-name> is the value of .spec.seedName or .status.seedName. This allows for server-side filtering when watching these resources by leveraging a label selector. #9089

    2024/01/31 - v1.87 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @timebertt10m🌏 IPv6 Single-Stack In Local Gardener#8574
    @axel7born10m👨🏼‍💻 Local Setup For Dual-Stack Seeds#8983
    @acumino5m⎈ Kubernetes 1.29 Support#8976
    @ScheererJ10m👨‍👨‍👦 Spread Istio Pods Across Hosts#8970
    @shafeeqes10m🔓 Custom Resource Encryption in ETCD#8842, #8966

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] The deprecated field seed.spec.secretRef has been removed from the Seed API. Please check your Seeds and remove any usage before upgrading to this Gardener version. #8896

    • 🪓 [OPERATOR] Migration code for Plutono and Vali is now removed. Consider manual cleanup for longterm broken Shoots as described in the PR to avoid leaking Loki’s PV. #8999

    • ✨ [OPERATOR] The components managed by gardener now use PDBs with unhealthyPodEvictionPolicy: AlwaysAllow for clusters with kubernetes version >= 1.26. […] #8969

    2024/01/24 - v1.86 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @grolu10m🕹 Recent Gardener Dashboard Featuresdashboard (repo)
    @holgerkoser10m📈 “All Projects” Dashboard Page Scalability Improvementsdashboard#1637
    @rfranzke5m📖 Read-Only Kubeconfigs For Shoots#8870
    @oliver-goetz5m💾 Registry Cache For E2E Tests In Prow#8880

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [DEVELOPER] Support for the deprecated NetworkPolicy annotations networking.resources.gardener.cloud/from-policy-allowed-ports and networking.resources.gardener.cloud/from-policy-pod-label-selector has been removed. Use networking.resources.gardener.cloud/from-<some-alias>-allowed-ports instead (documentation). #8883
    • 🐛 [OPERATOR] A bug causing the Shoot to use the wrong istio load balancer if the ExposureClass name and the exposureclass handler name are not the same is now fixed. #8926
    • ✨ [OPERATOR] Add egressCIDRs field to the infrastructureStatus resource. This allows provider-extensions to specify a list of stable CIDRs used as source IP for traffic generated by the shoot’s worker nodes. #8888

    Review Meetings in 2023

    Click here to expand the archived overview of the Review Meetings in 2023!

    2023/12/06 - v1.85 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @timuthy10m🪪 Auto-Registration + Certificate Management for Extension Admission Webhooks#8725
    @acumino5m🧹 Orphaned Lease Garbage Collection#8817
    @rfranzke10m🕵️ Introduction Of gardener-node-agent#8023 (issue)

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] All the functionality related to the deprecated field .spec.secretRef in Seeds has been removed and subsequently .spec.secretRef will be dropped from the Seed API in a later release of Gardener. Please check your Seeds and remove any usage before upgrading to this Gardener version. #8833

    • ✨ [OPERATOR] The gardener-resource-manager deployment procedure was improved. Earlier, GRM was unnecessarily rolled during shoot reconciliation if worker nodes contained custom taints. #8835

    2023/11/29 - v1.84 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @danielfoehrKn10m⬆️ Machine Image Version Update Strategies#8275
    @plkokanov5m🤲🏻 node-exporter’s Textfile Collector#8721
    @timuthy5m🔄 Improved Shoot Condition Handling#8736
    @shafeeqes5m🎮 kube-controller-manager Controller Enablement Based on APIs#8763
    @aaronfern5m🚥 cluster-autoscaler Metrics#8750

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [USER] A validation rule was added that forbids changing the primary DNS provider in .spec.dns.providers as soon as the Shoot was scheduled. #8761

    • 🪓 [OPERATOR] ⚠️ The deprecated fields spec.settings.dependencyWatchdog.endpoint and spec.settings.dependencyWatchdog.probe have been removed from the Seed API. Please check your Seeds and remove any usage before upgrading to this Gardener version. #8747

    • 🐛 [OPERATOR] During the restore phase of control plane migration, the machine-controller-manager is deployed with 0 replicas if it did not exist before or if it existed and was not scaled up yet. This fixes an issue that could cause the Shoot’s nodes to get recreated during control plane migration. #8742

    • ✨ [DEVELOPER] Vendoring has been removed from the project, i.e., there is no vendor folder anymore. #8775

    2023/11/22 - v1.83 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @Kostov610m🐛 Prevent Unintended etcd-backup Secret Deletions#8709
    @AleksandarSavchev10m📑 Diki - Gardener Compliance Checkerdiki (repo)
    @shafeeqes5m🔎 API Server Runtime Config Validation#8695
    @dimitar-kostadinov15m💾 Introduction To registry-cache Extensionregistry-cache (repo)

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [OPERATOR] A bug has been fixed which caused ServiceAccounts related to garden access secrets for extensions to leak in the seed namespace in the garden cluster after uninstallation of said extensions. #8697

    • ✨ [OPERATOR] The .status.lastOperation in core.gardener.cloud/v1beta1.Seed and operator.gardener.cloud/v1alpha1.Garden resources is now only updated each 5s during a reconciliation. Previously, it was updated immediately when a task was finished. #8705

    2023/11/15 - Hack The Garden Wrap Up

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @robinschneider5m🏛️ ARM Support For OpenStack ExtensionSummary
    @dergeberl10m🛡️ Make ACL Extension Production-ReadySummary
    @oliver-goetz5m🕵️ Continuation Of gardener-node-agentSummary
    @rfranzke5m🧑🏼‍🌾 Deploy gardenlets Through Custom Resource Via gardener-operatorSummary
    @Kumm-Kai5m🦅 Shoot Control Plane Live Migration (Without Downtime)Summary
    @afritzler10m🗄️ Stop Vendoring Third-Party Code In vendor FolderSummary
    @Gerrit915m🔍 Generic Extension For Shoot Cluster Audit LogsSummary
    @timebertt5m🚛 Rework Shoot Flux ExtensionSummary

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [USER] A discussion about air-gapped shoot clusters was conducted. Summary

    • ✨ [DEVELOPER] A new script hack/update-skaffold-deps.sh has been added for automatically updating Skaffold dependencies for the binaries. Previously, you had to update them manually in the skaffold.yaml file. Summary

    2023/10/25 - v1.82 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @rfranzke10m🌀 Improved Machine State Persistence For Shoot Control Plane Migrations#8559, #8618
    @acumino5m📝 No Longer Report Skipped Flow Tasks#8541
    @oliver-goetz5m🚤 Accelerated API Server Rollouts#8640
    @ScheererJ5m💥 Forceful Managed Resources Finalization#8584

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [DEPENDENCY] The MachineClassKind(), MachineClass(), and MachineClassList() methods have been dropped from the generic Worker actuator’s interface and do not need to be implemented anymore. #8559

    • 🪓 [DEPENDENCY] The no longer required --gardenlet-manages-mcm option has been removed. All code in provider extensions related to management/deployment of machine-controller-manager should be removed. #8596

    • 🪓 [DEVELOPER] The extensions/pkg/controller/operatingsystemconfig/oscommon package is deprecated and will be removed as soon as the UseGardenerNodeAgent feature gate has been promoted to GA. OS extension developers should start adapting to this new feature, see documentation and example based on provider-local. #8647

    2023/10/11 - v1.81 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @holgerkoser5m🎭 Dashboard Theming + Brandingdashboard#1568
    @seshachalam-yv5m📅 Delta Snapshot Retention Periodetcd-druid#651
    @shafeeqes10m🗑️ Forceful Shoot Deletion#8414, #8608
    @rfranzke5mℹ️ Shoot Scheduling Failure Reason Population#8527
    @himanshu-kun10m🔙 Autoscaler Early Abort/Backoffautoscaler#154

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [USER] Gardener refined the scope of the problematic webhook matcher for Endpoints objects. Earlier, shoot clusters were assigned a constraint reporting a problem with a failurePolocy: Fail webhook acting on these objects. Now, only Endpoints in the kube-system and default namespaces are considered for this check. #8521

    • ✨ [OPERATOR] The MachineControllerManagerDeployment has been promoted to beta and is now enabled by default. Make sure that all registered provider extensions support this feature gate before upgrading to this version of Gardener. #8526

    • ✨ [OPERATOR] The DisableScalingClassesForShoots feature gates has been promoted to GA (and is now always enabled). #8526

    2023/09/27 - v1.80 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @acumino5m💽 Enabled Target Cache In gardener-resource-manager#8483
    @grolu5m🕹️ Support For Workerless Shootsdashboard#1531
    @plkokanov10m📮 Introduction To rsyslog-relp Extensionshoot-rsyslog-relp (repo)
    @rfranzke10m🎮 gardener-operator Manages Gardener Control Plane#8309
    @oliver-goetz10m🔂 Seed Credentials Renewing On Garden Credentials Rotation#8396
    @oliver-goetz5m⎈ Kubernetes 1.28 Support#8479

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [USER] A bug has been fixed which was allowing users to specify an extension of the same type in .spec.extensions[].type more than once in the Shoot API. #8457

    • ✨ [USER] Gardener now reports nodes for which the checksum/cloud-config-data hasn’t been populated yet. This could point towards an error on the node and that not all Gardener related configuration happened successfully. #8448

    • ✨ [OPERATOR] gardener-operator now refuses to start if operators attempt to downgrade or skip minor Gardener versions. Please see this document for more information. #8413

    • ✨ [DEVELOPER] The following golang dependencies have been upgraded, please consult the upstream release notes and this issue for guidance on upgrading your golang dependencies when vendoring this gardener version: k8s.io/* to v0.28.2, sigs.k8s.io/controller-runtime to v0.16.2. #8464

    2023/09/13 - v1.79 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @ary199210m🎮 sigs.k8s.io/controller-runtime@v0.15 Upgrade#8245
    @oliver-goetz10m🫧 Additional Excess Capacity Reservation Configurations#8356
    @ScheererJ10m👨🏼‍💻 Extension Admission Controllers In Local Setup#8311

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [USER] When the Kubernetes control plane version is at least v1.28, it is now possible to set the worker pool Kubernetes version to be at most three versions behind the control plane version. Earlier, only a skew of at most two versions was allowed. Find more details here. #8402

    • ✨ [OPERATOR] The DisablingScalingClassesForShoots feature gate has been promoted to beta. #8428

    • ✨ [OPERATOR] The WorkerlessShoots feature gate has been promoted to beta and is now turned on by default. Before deploying this Gardener version, make sure that all your registered extensions support this feature gate. #8417

    2023/08/30 - v1.78 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @schrodit20m🌀 How Codesphere Uses Gardenercodesphere.com (website)
    @acumino5m🧑🏼‍🌾 Gardener Operator Manages Plutono#8301
    @aaronfern10m🥾 Golang-Based ETCD Bootstrappingetcd-wrapper#3

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] It is possible now to trigger a Seed reconciliation by annotating the Seed with gardener.cloud/operation=reconcile. #8347

    • ✨ [OPERATOR] Status of Garden now includes the ObservabilityComponentsHealthy condition which show the health of observability components in the garden runtime-cluster. #8346

    • ✨ [DEPENDENCY] BackupBucket/BackupEntry controllers: watch secret metadata only. #8348

    2023/08/16 - v1.77 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @dimityrmirchev10m🔒 Use immutable secrets in ManagedResource library#8116
    @ialidzhikov10m🗂️ Introduce the ContainerdRegistryHostsDir feature gate#8094
    @shafeeqes5m🪓 Split make generate targets#8289
    @oliver-goetz5m🚮 Remove secrets from gardener-controlplane helm chart#8308
    @timuthy10m🌎 Enhance minimal distance algorithm in gardener-scheduler#8277

    No Demo, But Still Worth Celebrating 🎉

    • 🔄 [OPERATOR] gardenlet no longer reports the Bootstrapped condition on Seeds. Instead, it now reports the progress in .status.lastOperation, similar to how it’s done for Shoots. #8290

    • 🔎 [OPERATOR] Operators can now view and manage dashboards for compaction jobs running in shoot control plane. #8206

    • 📈 [OPERATOR] gardener-operator now takes over management of fluent-operator and vali. #8240

    2023/08/02 - v1.76 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @oliver-goetz10m🩺 Garden Care Controller#8158, #8238
    @acumino5m🔢 Error Code Detection In Worker Controller#8242
    @dergeberl10m🔑 Garden Cluster Access For Extension Controllers In Seeds#8001 (issue)
    @timuthy5m📌 Support For Custom Gardener Schedulers#8261
    @DockToFuture, @axel7born10m🔀 AWS IPv4/6 Dual-Stack Supportprovider-aws#778

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] Removed service.beta.kubernetes.io/aws-load-balancer-type: nlb annotation from istio-ingressgateway service template. Set this annotation in Seed configuration. […] #8214

    • ✨ [USER] It is now possible to enable disabled APIs for workerless shoot clusters via spec.kubernetes.kubeAPIServer.runtimeConfig. #8258

    • 🐛 [USER] An issue has been fixed which caused CoreDNS to not rewrite CNAME values in DNS answers. #8231

    2023/07/19 - v1.75 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @StenlyTU10m🧑🏼‍🌾 Gardener Operator Deploys nginx-ingress-{controller,k8s-backend}#7945
    @AleksandarSavchev5m🚔 Pod Security Enforcements For Garden And Seed#8099
    @acumino10m⚙️ Kubeconfigs For Admission Plugin Configurations#8110
    @shafeeqes5m⚠️ New CRDsWithProblematicConversionWebhooks Constraint For Shoots#8159
    @ScheererJ10m🏎️ Race Mitigation For NetworkUnavailable Condition In Nodesprovider-gcp#631
    @timuthy5m🪄 Kubernetes Version Defaulting#8198

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [DEVELOPER] Shoot fields .spec.dns.providers[].domains and .spec.dns.providers[].zones are now deprecated and expected to be removed in version v1.87. Please plan ahead to drop using those fields in extensions. #8199

    • 🪓 [USER] Adding Gardener-managed finalizers (e.g., gardener or gardener.cloud/reference-protection) to the Shoot on creation is now forbidden. #8209

    • 🐛 [OPERATOR] A bug causing the gardenlet to panic when a ETCD encryption key rotation operation is triggered for a hibernated Shoot is now fixed. Now, triggering ETCD encryption key rotation or ServiceAccount signing key rotation is forbidden when the Shoot is in waking up phase. #8184

    2023/07/05 - v1.74 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @timuthy5m🏷️ Multiple Domains For Garden Clusters#8156
    @rfranzke10m📈 [GEP-22] Improved Usage of ShootState API#8073 (issue)
    @rfranzke5m💪 Keep kube-proxy VPA On Kubernetes Patch Updates#8071
    @oliver-goetz5m🧹 Removal Of Deprecated Development Setups#8075
    @timebertt5m🔐 Usage Of InternalSecret API#7999 (issue)

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] ⚠️ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions < 1.22. Make sure to upgrade all existing clusters before upgrading to this Gardener version. #8087

    • 🐛 [OPERATOR] gardener-resource-manager’s system-components-config webhook no longer adds the toleration for the ToBeDeletedByClusterAutoscaler taint to system components in shoot clusters. The ToBeDeletedByClusterAutoscaler taint is maintained by the cluster-autoscaler. This was breaking cluster-autoscaler’s drain mechanism when scaling down an under-utilized node. It was causing just evicted system components from to be deleted node to be scheduled again on the to be deleted node. #8172

    2023/06/21 - v1.73 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @voelzmo10m📈 Disabled Scaling Classes For kube-apiserver Resource Requirements#8003
    @dimitar-kostadinov10m🌍 Improved Robustness Of terraformer Executions#8059
    @rfranzke10m🤖 machine-controller-manager Managed By gardenlet#8015, #8018, #8056
    @shafeeqes5m🧹 Cleanup Secret Reference In ManagedSeeds#8039

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] The field .spec.secretRef in the Seed API has been deprecated and will be removed in a future release of Gardener. #8064

    • ✨ [OPERATOR] gardener-apiserver now exposes a new core.gardener.cloud/v1beta1.InternalSecret API, see the documentation for more information. #8025

    • ✨ [DEVELOPER] It is now easier to annotate Services related to extensions serving webhook handlers that must be reached by kube-apiservers running in separate namespaces such that the respective network traffic gets allowed. Please refer to this guide for all information. […]. #8076

    • ✨ [DEVELOPER] gardenlet’s ControllerInstallation controller now populates the feature gate of gardenlet via the Helm values to extensions when they are getting installed. The information is populated via the .gardener.gardenlet.featureGates key. It contains a map whose keys are feature gates names and whose values are booleans (depicting the enablement status). #8011

    2023/06/14 - v1.72 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @ScheererJ5m🔦 Virtual Garden API Server Exposure Via Istio#7953
    @axel7born5m🐹 Golang Implementation For Egress Network Filteringshoot-networking-filter#64
    @rfranzke5m📐 Improved Accuracy For Local Control Plane Migration E2E Tests#7981
    @ishan1669610m⬆️ Improved ETCD Cluster Scale-Upetcd-druid#584 (issue)
    @kon-angelo5m🔧 Live AWS EBS Volume Modificationsprovider-aws#754
    @elankath5m🔐 GCP Disk Encryption With Customer-Managed Keysprovider-gcp#607
    @MartinWeindel5m📀 OpenStack Manila CSI Driverprovider-openstack#572

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [OPERATOR] It is required to have ControllerRegistrations for Kinds ControlPlane, Infrastructure and Worker with the same types used for seeds (.spec.provider.type). […]. #7928

    • ✨ [USER] The core/v1alpha1 API version is dropped. Make sure that you don’t use the core/v1alpha1 API version in your machinery. #7965

    • ✨ [USER] The certificate chains served by kube-apiservers does now include the CA certificates used to sign their server certificates. #7961

    • 🐛 [USER] A bug that prevented finalizers from being added to referenced Secrets or ConfigMaps in .spec.resources in Shoots has been fixed. #7995

    2023/06/07 - v1.71 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @shafeeqes5m💡 Improved Validation For Shoot Worker Pool Config#7855
    @ScheererJ10m🧑🏼‍🌾 Gardener Operator Updates#7881, #7931
    @ialidzhikov5m⏱️ Configurable Toleration Seconds For Unready Nodes#7861
    @acumino10m🕹️ Workerless Shoot Clusters#7635 (issue)
    @ary19925m⎈ Kubernetes 1.27 Support#7883
    @istvanballok10m📊 Replace Grafana With Plutono, Loki With Vali#7318

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [DEVELOPER] Extensions vendoring this gardener/gardener version need to provide RBAC privileges for PATCH apps/depoyments/scale. #7868

    • ✨ [OPERATOR] The HAControlPlanes feature gate has been promoted to beta and is now turned on by default. #7867

    • ✨ [OPERATOR] It is now possible to provide namespace selectors for additional namespaces which should be covered by the NetworkPolicy controllers of gardener-operator or gardenlet. […] #7929

    • ✨ [DEVELOPER] In order to allow kube-apiserver pods of shoot or garden clusters to reach webhook servers, they must no longer be explicitly labeled with networking.resources.gardener.cloud/to-<service-name>-<protocol>-<port>=allowed. Instead, it is enough to annotate the Service of the webhook server with networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports=<ports>. #7907

    • 📖 [DEVELOPER] A guideline for developers regarding TODO statements has been introduced. #7939

    2023/05/31 - Hack The Garden Wrap Up

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @majst01, @Gerrit9110m🕵️ Introduction Of gardener-node-agentSummary
    @einfachnuralex10m🌐 IPv6 Shoot Clusters On Cloud ProvidersSummary
    @JensAc10m🌱 Experimenting With Masterful Shoot ClustersSummary
    @timebertt10m🔑 Garden Cluster Access For Extension Controllers In SeedsSummary
    @rfranzke10m💾 Replacing ShootStates With Backups in Backup BucketsSummary
    @timebertt10m🔐 New InternalSecrets API In GardenerSummary

    No Demo, But Still Worth Celebrating 🎉

    • ✨ The machine-controller-manager deployment procedure has been moved from the generic Worker actuator used in extensions controllers into gardenlet. Summary

    • ✨ The accuracy for local control plane migration e2e tests has been increased as much as possible. Summary

    • ✨ A few of the necessary steps for supporting ETCD encryption for custom resources have been addressed. Summary

    • 🧹 The apiserver-proxy-pod-mutator webhook has been moved into gardener-resource-manager. Summary

    2023/05/10 - v1.70 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @Kristian-ZH10m🪵 Introduction Of Fluent Operator#7568
    @danielfoehrKn10m🧱 Move Prow E2E Tests To cgroup-v2 Nodes#7780, #7797
    @ScheererJ5m🌽 User-Defined Kernel Settings Per Worker Pool#7825
    @rfranzke10m🧑🏼‍🌾 Gardener Operator Manages Istio and kube-state-metrics#7817, #7836
    @plkokanov10m🔄 Control Plane Migration For HA Shoots#7626, #7742

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] Gardener now supports seed clusters with Kubernetes versions up to v1.26. #7831

    • ✨ [OPERATOR] The highavailabilityconfig webhook configures topology spread constraints with minDomains=<number-of- zones>. […]. #7826

    • ✨ [OPERATOR] Annotations in seed.spec.settings.loadBalancerServices.annotations are now applied to the nginx-ingress load balancer service in the seed cluster. #7835

    • 🧹 [OPERATOR] The promoted or deprecated feature gates ManagedIstio and ReversedVPN have been removed. #7830

    2023/04/26 - v1.69 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @oliver-goetz10m🐞 Skaffold-Based Debugging Experience#7755
    @plkokanov10m🔄 Control Plane Migration For HA Shoots#7626
    @DockToFuture10m🔗 E2E Tests For Networking Extensionsnetworking-calico#257, networking-cilium#261
    @breuerfelix10m🌱 Local IPv6-Based Seed Clusters#7561

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] The SeedChange and CopyEtcdBackupsDuringControlPlaneMigration feature gates have been promoted to GA and are now locked to true. #7763

    • 🐛 [OPERATOR] Fixed potential leaks of ShootStates that could happen when a Shoot cluster is deleted. This is achieved by no longer exiting early from the deletion flow if the shoot’s seed Namespace has been deleted. The same logic has been applied to the migration flow for consistency. #7789

    • 🐛 [OPERATOR] A bug causing kube-controller-manager to fail to clean up ShootState resources is now fixed. #7793

    • 🧹 [OPERATOR] The .spec.settings.ownerChecks field of the Seed configuration is deprecated. The “bad-case” control plane migration is being removed in favor of the HA Shoot control planes […]. #7748

    2023/04/12 - v1.68 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @ialidzhikov5m🚦 Toplogy-Aware-Routing in Garden Cluster#7729
    @ary199210m⏳ Restrict Duration Of Reconciliations#7147
    @robinschneider5m🔃 Copy Docker Hub Images To Gardener GCR#7698
    @timuthy10m🧑🏼‍🌾 Gardener Operator Manages kube-apiserver#7693, #7730
    @timuthy5m📸 Trigger ETCD Snapshots Via API Server Proxy Endpoint#7714

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] Enable memory-saver mode for the VPA recommender. It stops tracking resource consumption for Containers without matching VPAs and frees up memory. #7746

    • ✨ [DEVELOPER] The server certificate of the kube-apiserver deployment now contains the <service-name>.<namespace>.svc.cluster.local SAN. #7735

    • 🐛 [OPERATOR] A bug causing the gardenlet to be unable to access the BackupBucket generated secret in garden namespace is now fixed. #7708

    • 🐛 [OPERATOR] A bug has been fixed for the Gardener Operator that occasionally caused “404 not-found” errors when garden resources where applied and the operator ran with multiple replicas. #7739

    2023/04/05 - Special Edition

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @vlerenc25m🤪 Gardener Chaos Engineeringchaos-engineering (repo)

    2023/03/29 - v1.67 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @himanshu-kun10m🐶 Dependency Watchdog v1dependency-watchdog (repo), #6693
    @SimonKienzler10m🫀 Ensure CSINode Readiness Before Scheduling Pods#7621
    @timebertt5m🔄 Skaffold-Based Development Experience#7659
    @grolu10m🕹 Recent Gardener Dashboard Featuresdashboard (repo)
    @timuthy10m💿 Single Object Cache#7632, #7681

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [OPERATOR] An issue has been fixed which caused undesired PATCH requests when updating the state in the Worker or ShootState resources. #7637

    • 🐛 [DEVELOPER] A bug in managedresources.NewRegistry that was leading to excessive memory usage when this function is called multiple times has been fixed. #7694

    • ✨ [DEVELOPER] Shoot clusters using provider-local can now have multiple worker nodes with calico as CNI. #7684

    • ✨ [DEVELOPER] The local deployment of Gardener with extensions can now deal with multiple seeds. Additional seeds can be added and removed again. #7673

    2023/03/15 - v1.66 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @shafeeqes5m👻 Dropped Support For Self-Managed Ingress Controllers In Seeds#7529
    @timuthy10m🧑🏻‍⚖️ Adapted NetworkPolicys For Istio Namespaces#7570
    @ScheererJ10m🧑🏻‍⚖️ Adapted NetworkPolicys For Extension Namespaces#7589
    @ialidzhikov10m🚦 Routing Network Traffic Toplogy-Aware#7191

    No Demo, But Still Worth Celebrating 🎉

    • 🐛 [USER] Updates to the AuditPolicy referenced by Shoots are now also validated against the Kubernetes versions of those shoot clusters. This fixes an issue where it was possible to specify an unsupported audit.k8s.io version when updating the ConfigMap which contains the AuditPolicy. #7563

    • 🐛 [USER] Fixes control-plane migration of hibernated shoot being stuck if shoot was hibernated for 24h. #7608

    • 🪓 [OPERATOR] The ForceRestore feature gate has been removed. #7543

    • ✨ [OPERATOR] The ManagedSeed controller does no longer try to sync the Seed kubeconfig Secret when Shoot’s static token kubeconfig is not enabled. #7546

    2023/03/01 - v1.65 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @axel7born5m🥸 Response Rewrite For DNS Search Path Optimization#7478
    @shafeeqes5m🔍 Validation For Admission Plugin Configurations#7472
    @shafeeqes5m🥷🏻 Recreation For Immutable ConfigMaps/Secrets#7516
    @acumino5m🩺 Shoot System Components Health Checks#7462
    @rfranzke5m🧑🏻‍⚖️ Adapted NetworkPolicys For Shoot Control Plane Components#7484, #7515
    @Kumm-Kai10m🫀 Schedule Node-Critical Pods First#7406

    No Demo, But Still Worth Celebrating 🎉

    • 🪓 [USER] The core.gardener.cloud/v1alpha1 API is deprecated and will be removed soon. The core.gardener.cloud/v1beta1 API is already available since a very long time and should be used instead. #7443

    • 🪓 [OPERATOR] Before upgrading to this Gardener version, Seeds using .spec.dns.ingressDomain must now finally be switched to using .spec.ingress and .spec.dns.provider […]. #7515

    • 🐛 [OPERATOR] Fix a bug in the etcd deploy flow that erroneously unsets etcd.spec.etcd.peerUrlTls in the Etcd CRs of high available shoots when marked for hibernation. #7514

    2023/02/15 - v1.64 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @rfranzke10m🧑🏻‍⚖️ NetworkPolicy Controller In gardener-resource-manager#7392, #7412, #7437
    @himanshu-kun5m🏗️ Progressing Condition In MachineDeploymentsmachine-controller-manager#762
    @kon-angelo10m🤸🏼‍♂️ Nodes CIDR Expansion For Shoots#7368
    @timebertt5m🐛 Simplified Debugging Experience For Integration Tests#7431
    @rickardsjp10m⛙ Unification Of Grafana Deployments#7007

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [OPERATOR] The istio-system namespace in seed clusters is now labeled with gardener.cloud/role=istio-system. All istio-ingress* namespaces are now labeled with gardener.cloud/role=istio-ingress. #7389

    • 🐛 [OPERATOR] When deleting a seed the cluster-identity config map in kube-system namespace is not deleted anymore if it was already existing on seed creation. #7436

    • 🐛 [OPERATOR] A bug has been fixed which caused the conditions of Shoots to be set to Unknown too fast in case the responsible gardenlet is no longer posting its heartbeat. #7404

    • ✨ [DEVELOPER] Add bootstrapping a local IPv6 KinD cluster with make kind-up IPFAMILY=ipv6. #7388

    2023/02/08 - v1.63 Release (Part III)

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @einfachnuralex10m🛠️ Development Box On GCP#7319
    @acumino10m⚙️ New SystemComponentsConfig Webhook#7204, #7304
    @rfranzke5m🚅 Skip Readiness Checks In Shoot Flow#7268
    @ialidzhikov10m⎈ Kubernetes 1.26 Support#7275
    @SimonKienzler, @breuerfelix10m👮 Access Control For Shoot Clustersextension-acl (repo)

    2023/02/01 - v1.63 Release (Part II)

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @AleksandarSavchev10m🔒 Disable SSH Access To Worker Nodes#7188
    @ary19925m🎮 controller-runtime Refactoring#4251 (issue)
    @shafeeqes10m📊 Dashboards For controller-runtime Metrics#7180
    @ialidzhikov5m⛓️ Kubelet Versions Constraints For Machine Image Versions#7265
    @timebertt10m🚦 [GEP-21] IPv6 Single-Stack Support in Local Gardener#7050, #7246, #7288
    @plkokanov5m🏗 Control Plane Migration Status Update#5620, #5587, dashboard#1262

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [USER] The ServiceAccount signing key rotation procedure has been improved and should work better for clusters with lots of ServiceAccounts or intermittent creations/deletions of new/old ServiceAccount secrets. #7313

    • 🐛 [USER] A bug in the kubelet-monitor script running on all shoot worker nodes has been fixed which was causing to also kill processes other than kubelet only. #7278

    • ✨ [OPERATOR] The legacy VPN solution has been removed. The feature gates ReversedVPN, ManagedIstio and APIServerSNI are unconditionally enabled (locked to their default values) now. #7167

    • ✨ [OPERATOR] gardener-operator is now managing the load balancer Service for exposing the virtual-garden-kube-apiserver as part of the virtual garden cluster control plane. It is possible to specify annotations for it via .spec.runtimeCluster.settings.loadBalancerServices.annotations in the Garden resource. #7238

    • 🐛 [OPERATOR] When deploying kube-apiserver version v1.24, Gardener will add the --shutdown-send-retry-after=true command line flag to the kube-apiserver command. […]. #7250

    • ✨ [DEVELOPER] The HighAvailabilityConfig webhook now also mutates replica settings of HPA and HVPA resources. To make use of this handling, please label respective resources with the well known high-availability-config.resource.gardener.cloud/type label […]. #7226

    • ✨ [DEVELOPER] It is now possible to make secrets manager adopt existing secrets. Find out more in this document. #7243

    • 📖 [DEVELOPER] The Gardener project has introduced a policy for the number of supported Kubernetes versions read it here. #7300

    2023/01/25 - v1.63 Release (Part I)

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @rgroemmer5m💿 OpenStack StorageClasses Via CloudProfilesprovider-openstack#408
    @ScheererJ10m👨‍👩‍👧 Highly Available Istio Deployment#6997
    @shafeeqes5m👀 New ObservabilityComponentsHealthy Condition For Shoots#7325
    @acumino5m🛵 Catching Long-Running Stuck Rollouts#7241

    2023/01/18 - v1.62 Release

    Demo Agenda 📋

    Presenter(s)DurationTopicReference(s)
    @dimityrmirchev10m🪐 Extension Lifecycle Strategies#6999
    @rfranzke10m🧑‍💻 [operator] ETCD Management, Credentials Rotation, Validation#7067, #7144, #7225
    @acumino5m🧰 Tracking Last Maintenance Operation#7035
    @oliver-goetz10m💻 kind-Based Local Setup For Extensions#6678
    @MartinWeindel10m👨‍👩‍👦 Highly Available VPN Deployment#6978

    No Demo, But Still Worth Celebrating 🎉

    • ✨ [USER] gardener-admission-controller now validates Shoot Kubernetes version compatibility with Audit Policy API version on Shoot update request. #7205
    • ✨ [USER] It is now possible to configure the general log verbosity and the verbosity for HTTP access logs for the kube-apiserver via the Shoot specification. #7094
    • 🐛 [OPERATOR] Prevent updating Shoots which are scheduled to a Seed with less then 3 zones to spec.controlPlane.failureTolerance.type: zone #7195
    • 📖 [DEVELOPER] A new document for developers has been added with a checklist for what to pay attention to when adding new components to garden, seed, or shoot clusters. Read it here. #7125

    Community Calls (2022 and before)

    Click here to expand the archived overview of the Community Calls in 2022 and before!
    TopicSpeakerDate and TimeLink
    Get more computing power in Gardener by overcoming Kubelet limitations with CRI-resource-managerPawel Palucki, Alexander D. KanevskiyOctober 20, 2022Recording
    Summary
    Cilium / Isovalent PresentationRaymond de JongOctober 6, 2022Recording
    Summary
    Gardener Extension Development - From scratch to the gardener-extension-shoot-fluxJens Schneider, Lothar GessleinJune 9, 2022Recording
    Summary
    Deploying and Developing Gardener Locally (Without Any External Infrastructure!)Tim Ebert, Rafael FranzkeMarch 17, 2022Recording
    Summary
    Gardenctl-v2Holger Koser, Lukas Gross, Peter SutterFebruary 17, 2022Recording
    Summary

    Get in Touch

    @GardenerProject Follow the latest project updates on Twitter
    GitHub diff --git a/docs/_print/contribute/docs/index.html b/docs/_print/contribute/docs/index.html index cd3a8817be0..ed0fb90c7dd 100644 --- a/docs/_print/contribute/docs/index.html +++ b/docs/_print/contribute/docs/index.html @@ -10,7 +10,7 @@ Contributions must be licensed under the Creative Commons Attribution 4.0 International License You need to sign the Contributor License Agreement. We are using CLA assistant providing a click-through workflow for accepting the CLA. For company contributors additionally the company needs to sign a corporate license agreement. See the following sections for details.">

    This is the multi-page printable view of this section. +All

  • Blogs
  • Community

    • This is the multi-page printable view of this section. Click here to print.

    Return to the regular view of this page.

    Contributing Documentation

    You are welcome to contribute documentation to Gardener.

    The following rules govern documentation contributions:

    • Contributions must be licensed under the Creative Commons Attribution 4.0 International License
    • You need to sign the Contributor License Agreement. We are using CLA assistant providing a click-through workflow for accepting the CLA. For company contributors additionally the company needs to sign a corporate license agreement. See the following sections for details.

    1 - Working with Images

    Using images on the website has to contribute to the aesthetics and comprehensibility of the materials, with uncompromised experience when loading and browsing pages. That concerns crisp clear images, their consistent layout and color scheme, dimensions and aspect ratios, flicker-free and fast loading or the feeling of it, even on unreliable mobile networks and devices.

    Image Production Guidelines

    A good, detailed reference for optimal use of images for the web can be found at web.dev’s Fast Load Times topic. The following summarizes some key points plus suggestions for tools support.

    You are strongly encouraged to use vector images (SVG) as much as possible. They scale seamlessly without compromising the quality and are easier to maintain.

    If you are just now starting with SVG authoring, here are some tools suggestions: Figma (online/Win/Mac), Sketch (Mac only).

    For raster images (JPG, PNG, GIF), consider the following requirements and choose a tool that enables you to conform to them:

    • Be mindful about image size, the total page size and loading times.
    • Larger images (>10K) need to support progressive rendering. Consult with your favorite authoring tool’s documentation to find out if and how it supports that.
    • The site delivers the optimal media content format and size depending on the device screen size. You need to provide several variants (large screen, laptop, tablet, phone). Your authoring tool should be able to resize and resample images. Always save the largest size first and then downscale from it to avoid image quality loss.

    If you are looking for a tool that conforms to those guidelines, IrfanView is a very good option.

    Screenshots can be taken with whatever tool you have available. A simple Alt+PrtSc (Win) and paste into an image processing tool to save it does the job. If you need to add emphasized steps (1,2,3) when you describe a process on a screeshot, you can use Snaggit. Use red color and numbers. Mind the requirements for raster images laid out above.

    Diagrams can be exported as PNG/JPG from a diagraming tool such as Visio or even PowerPoint. Pick whichever you are comfortable with to design the diagram and make sure you comply with the requirements for the raster images production above. Diagrams produced as SVG are welcome too if your authoring tool supports exporting in that format. In any case, ensure that your diagrams “blend” with the content on the site - use the same color scheme and geometry style. Do not complicate diagrams too much. The site also supports Mermaid diagrams produced with markdown and rendered as SVG. You don’t need special tools for them, but for more complex ones you might want to prototype your diagram wth Mermaid’s online live editor, before encoding it in your markdown. More tips on using Mermaid can be found in the Shortcodes documentation.

    Using Images in Markdown

    The standard for adding images to a topic is to use markdown’s ![caption](image-path). If the image is not showing properly, or if you wish to serve images close to their natural size and avoid scaling, then you can use HTML5’s <picture> tag.

    Example:

    <picture>
     <!-- default, laptop-width-L max 1200px -->
     <source srcset="image-link"
diff --git a/docs/_print/docs/contribute/code/index.html b/docs/_print/docs/contribute/code/index.html
index 1d2b8c359f0..5eeb5a6cfac 100644
--- a/docs/_print/docs/contribute/code/index.html
+++ b/docs/_print/docs/contribute/code/index.html
@@ -10,7 +10,7 @@
 Contributions must be licensed under the Apache 2.0 License You need to sign the Contributor License Agreement. We are using CLA assistant providing a click-through workflow for accepting the CLA. For company contributors additionally the company needs to sign a corporate license agreement. See the following sections for details.">
    This is the multi-page printable view of this section.
+All
  • Blogs
  • Community
    • This is the multi-page printable view of this section.
 Click here to print.
    Return to the regular view of this page.
    Contributing Code
    You are welcome to contribute code to Gardener in order to fix a bug or to implement a new feature.
    The following rules govern code contributions:
    • Contributions must be licensed under the Apache 2.0 License
    • You need to sign the Contributor License Agreement. We are using CLA assistant providing a click-through workflow for accepting the CLA. For company contributors additionally the company needs to sign a corporate license agreement. See the following sections for details.
    1 - Contributing Bigger Changes
    Contributing Bigger Changes
    Here are the guidelines you should follow when contributing larger changes to Gardener:
    • We strongly recommend to write a Gardener Enhancement Proposal (GEP) to get a common understanding what you want to achieve. This makes it easier for reviewers to understand the big picture.
    • Avoid proposing a big change in one single PR. Instead, split your work into multiple stages which are independently mergeable and create one PR for each stage. For example, if introducing a new API resource and its controller, these stages could be:
      • API resource types, including defaults and generated code.
      • API resource validation.
      • API server storage.
      • Admission plugin(s), if any.
      • Controller(s), including changes to existing controllers. Split this phase further into different functional subsets if appropriate.
    • If you realize later that changes to artifacts introduced in a previous stage are required, by all means make them and explain in the PR why they were needed.
    • Consider splitting a big PR further into multiple commits to allow for more focused reviews. For example, you could add unit tests / documentation in separate commits from the rest of the code. If you have to adapt your PR to review feedback, prefer doing that also in a separate commit to make it easier for reviewers to check how their feedback has been addressed.
    • To make the review process more efficient and avoid too many long discussions in the PR itself, ask for a “main reviewer” to be assigned to your change, then work with this person to make sure he or she understands it in detail, and agree together on any improvements that may be needed. If you can’t reach an agreement on certain topics, comment on the PR and invite other people to join the discussion.
    • Even if you have a “main reviewer” assigned, you may still get feedback from other reviewers. In general, these “non-main reviewers” are advised to focus more on the design and overall approach rather than the implementation details. Make sure that you address any concerns on this level appropriately.
    2 - CI/CD
    CI/CD
    As an execution environment for CI/CD workloads, we use Concourse.
 We however abstract from the underlying “build executor” and instead offer a
 Pipeline Definition Contract, through which components declare their build pipelines as
diff --git a/docs/adopter/index.html b/docs/adopter/index.html
index 6c449973fef..e9b595d5621 100644
--- a/docs/adopter/index.html
+++ b/docs/adopter/index.html
@@ -2,5 +2,5 @@
 
    See who is using Gardener
    Gardener adopters in production environments that have publicly shared details of their usage.
    teaser
    SAPSAP BTP, Kubernetes environment (internal) uses Gardener to deploy and manage Kubernetes clusters at scale in a uniform way across infrastructures (AWS, Azure, GCP, Alicloud, as well as generic interfaces to OpenStack and vSphere). Workloads include Databases (SAP HANA Cloud), Big Data (SAP Data Intelligence), Kyma, many other cloud native applications, and diverse business workloads.
    OVHcloudGardener can now be run by customers on the Public Cloud Platform of the leading European Cloud Provider OVHcloud.
    ScaleUp TechnologiesScaleUp Technologies runs Gardener within their public Openstack Clouds (Hamburg, Berlin, Düsseldorf). Their clients run all kinds of workloads on top of Gardener maintained Kubernetes clusters ranging from databases to Software-as-a-Service applications.
    Finanz Informatik Technologie Services GmbHFinanz Informatik Technologie Services GmbH uses Gardener to offer k8s as a service for customers in the financial industry in Germany. It is built on top of a “metal as a service” infrastructure implemented from scratch for k8s workloads in mind. The result is k8s on top of bare metal in minutes.
    PingCAPPingCAP TiDB, is a cloud-native distributed SQL database with MySQL compatibility, and one of the most popular open-source database projects - with 23.5K+ stars and 400+ contributors. Its sister project TiKV is a Cloud Native Interactive Landscape project. PingCAP envisioned their managed TiDB service, known as TiDB Cloud, to be multi-tenant, secure, cost-efficient, and to be compatible with different cloud providers and they chose Gardener.
    BeezlabsBeezlabs uses Gardener to deliver Intelligent Process Automation platform, on multiple cloud providers and reduce costs and lock-in risks.
    b’nerdb’nerd uses Gardener as the core technology for its own managed Kubernetes as a Service solution and operates multiple Gardener installations for several cloud hosting service providers.
    STACKITSTACKIT is a digital brand of Europe’s biggest retailer, the Schwarz Group, which includes Lidl, Kaufland, but also production and recycling companies. It uses Gardener to offer public and private Kubernetes as a service in own data centers in Europe and targets to become the cloud provider for German and European small and mid-sized companies.
    T-SystemsSupporting and managing multiple application landscapes on-premises and across different hyperscaler infrastructures can be painful. At T-Systems we use Gardener both for internal usage and to manage clusters for our customers. We love the openness of the project, the flexibility and the architecture that allows us to manage clusters around the world with only one team from one single pane of glass and to meet industry specific certification standards. The sovereignty by design is another great value, the technology implicitly brings along.
    23 TechnologiesThe German-based company 23 Technologies uses Gardener to offer an enterprise-class Kubernetes engine for industrial use cases as well as cloud service providers and offers managed and professional services for it. 23T is also the team behind okeanos.dev, a public service that can be used by anyone to try out Gardener.
    B1 Systems GmbHB1 Systems GmbH is a international provider of Linux & Open Source consulting, training, managed service & support. We are founded in 2004 and based in Germany. Our team of 140 Linux experts offers tailor-made solutions based on cloud & container technologies, virtualization & high availability as well as monitoring, system & configuration management. B1 is using Gardener internally and also set up solutions/environments for customers.
    finleap connect GmbHfinleap connect GmbH is the leading independent Open Banking platform provider in Europe. It enables companies across a multitude of industries to provide the next generation of financial services by understanding how customers transact and interact. With its “full-stack” platform of solutions, finleap connect makes it possible for its clients to compliantly access the financial transactions data of customers, enrich said data with analytics tools, provide digital banking services and deliver high-quality, digital financial services products and services to customers. Gardener uniquly enables us to deploy our platform in Europe and across the globe in a uniform way on the providers preferred by our customers.
    CodesphereCodesphere is a Cloud IDE with integrated and automated deployment of web apps. It uses Gardener internally to manage clusters that host customer deployments and internal systems all over the world.
    plusserverplusserver combines its own cloud offerings with hyperscaler platforms to provide individually tailored multi-cloud solutions. The plusserver Kubernetes Engine (PSKE) based on Gardener reduces the complexity in managing multi-cloud environments and enables companies to orchestrate their containers and cloud-native applications across a variety of platforms such as plusserver’s pluscloud open or hyperscalers such as AWS, either by mouseclick or via an API. With PSKE, companies remain vendor-independent and profit from guaranteed data sovereignty and data security due to GDPR-compliant cloud platforms in the certified plusserver data centers in Germany.
    Fuga CloudFuga Cloud uses Gardener as the basis for its Enterprise Managed Kubernetes (EMK), a platform that simplifies the management of your k8s and provides insight into usage and performance. The other Fuga Cloud services can be added with a mouse click, and the choice of another cloud provider is a negotiable option. Fuga Cloud stands for Digital Sovereignty, Data Portability and GDPR compatibility.
    Metalstack Cloudmetalstack.cloud uses Gardener and is based on the open-source software metal-stack.io, which is developed for regulated financial institutions. The focus here is on the highest possible security and compliance conformity. This makes metalstack.cloud perfect for running enterprise-grade container applications and provides your workloads with the highest possible performance.
    CleuraCleura uses Gardener to power its Container Orchestration Engine for Cleura Public Cloud and Cleura Compliant Cloud. Cleura Container Orchestration Engine simplifies the creation and management of Kubernetes clusters through their user-friendly Cleura Cloud Management Panel or API, allowing users to focus on deploying applications instead of maintaining the underlying infrastructure.
    PITS Globale DatenrettungsdienstePITS Globale Datenrettungsdienste is a data recovery company located in Germany specializing in recovering lost or damaged files from hard drives, solid-state drives, flash drives, and other storage media. Gardener is used to handle highly-loaded internal infrastructure and provide reliable, fully-managed K8 cluster solutions.
    If you’re using Gardener and you aren’t on this list, submit a pull request!
  • Blogs
  • Community
    • See who is using Gardener
    Gardener adopters in production environments that have publicly shared details of their usage.
    teaser
    SAPSAP BTP, Kubernetes environment (internal) uses Gardener to deploy and manage Kubernetes clusters at scale in a uniform way across infrastructures (AWS, Azure, GCP, Alicloud, as well as generic interfaces to OpenStack and vSphere). Workloads include Databases (SAP HANA Cloud), Big Data (SAP Data Intelligence), Kyma, many other cloud native applications, and diverse business workloads.
    OVHcloudGardener can now be run by customers on the Public Cloud Platform of the leading European Cloud Provider OVHcloud.
    ScaleUp TechnologiesScaleUp Technologies runs Gardener within their public Openstack Clouds (Hamburg, Berlin, Düsseldorf). Their clients run all kinds of workloads on top of Gardener maintained Kubernetes clusters ranging from databases to Software-as-a-Service applications.
    Finanz Informatik Technologie Services GmbHFinanz Informatik Technologie Services GmbH uses Gardener to offer k8s as a service for customers in the financial industry in Germany. It is built on top of a “metal as a service” infrastructure implemented from scratch for k8s workloads in mind. The result is k8s on top of bare metal in minutes.
    PingCAPPingCAP TiDB, is a cloud-native distributed SQL database with MySQL compatibility, and one of the most popular open-source database projects - with 23.5K+ stars and 400+ contributors. Its sister project TiKV is a Cloud Native Interactive Landscape project. PingCAP envisioned their managed TiDB service, known as TiDB Cloud, to be multi-tenant, secure, cost-efficient, and to be compatible with different cloud providers and they chose Gardener.
    BeezlabsBeezlabs uses Gardener to deliver Intelligent Process Automation platform, on multiple cloud providers and reduce costs and lock-in risks.
    b’nerdb’nerd uses Gardener as the core technology for its own managed Kubernetes as a Service solution and operates multiple Gardener installations for several cloud hosting service providers.
    STACKITSTACKIT is a digital brand of Europe’s biggest retailer, the Schwarz Group, which includes Lidl, Kaufland, but also production and recycling companies. It uses Gardener to offer public and private Kubernetes as a service in own data centers in Europe and targets to become the cloud provider for German and European small and mid-sized companies.
    T-SystemsSupporting and managing multiple application landscapes on-premises and across different hyperscaler infrastructures can be painful. At T-Systems we use Gardener both for internal usage and to manage clusters for our customers. We love the openness of the project, the flexibility and the architecture that allows us to manage clusters around the world with only one team from one single pane of glass and to meet industry specific certification standards. The sovereignty by design is another great value, the technology implicitly brings along.
    23 TechnologiesThe German-based company 23 Technologies uses Gardener to offer an enterprise-class Kubernetes engine for industrial use cases as well as cloud service providers and offers managed and professional services for it. 23T is also the team behind okeanos.dev, a public service that can be used by anyone to try out Gardener.
    B1 Systems GmbHB1 Systems GmbH is a international provider of Linux & Open Source consulting, training, managed service & support. We are founded in 2004 and based in Germany. Our team of 140 Linux experts offers tailor-made solutions based on cloud & container technologies, virtualization & high availability as well as monitoring, system & configuration management. B1 is using Gardener internally and also set up solutions/environments for customers.
    finleap connect GmbHfinleap connect GmbH is the leading independent Open Banking platform provider in Europe. It enables companies across a multitude of industries to provide the next generation of financial services by understanding how customers transact and interact. With its “full-stack” platform of solutions, finleap connect makes it possible for its clients to compliantly access the financial transactions data of customers, enrich said data with analytics tools, provide digital banking services and deliver high-quality, digital financial services products and services to customers. Gardener uniquly enables us to deploy our platform in Europe and across the globe in a uniform way on the providers preferred by our customers.
    CodesphereCodesphere is a Cloud IDE with integrated and automated deployment of web apps. It uses Gardener internally to manage clusters that host customer deployments and internal systems all over the world.
    plusserverplusserver combines its own cloud offerings with hyperscaler platforms to provide individually tailored multi-cloud solutions. The plusserver Kubernetes Engine (PSKE) based on Gardener reduces the complexity in managing multi-cloud environments and enables companies to orchestrate their containers and cloud-native applications across a variety of platforms such as plusserver’s pluscloud open or hyperscalers such as AWS, either by mouseclick or via an API. With PSKE, companies remain vendor-independent and profit from guaranteed data sovereignty and data security due to GDPR-compliant cloud platforms in the certified plusserver data centers in Germany.
    Fuga CloudFuga Cloud uses Gardener as the basis for its Enterprise Managed Kubernetes (EMK), a platform that simplifies the management of your k8s and provides insight into usage and performance. The other Fuga Cloud services can be added with a mouse click, and the choice of another cloud provider is a negotiable option. Fuga Cloud stands for Digital Sovereignty, Data Portability and GDPR compatibility.
    Metalstack Cloudmetalstack.cloud uses Gardener and is based on the open-source software metal-stack.io, which is developed for regulated financial institutions. The focus here is on the highest possible security and compliance conformity. This makes metalstack.cloud perfect for running enterprise-grade container applications and provides your workloads with the highest possible performance.
    CleuraCleura uses Gardener to power its Container Orchestration Engine for Cleura Public Cloud and Cleura Compliant Cloud. Cleura Container Orchestration Engine simplifies the creation and management of Kubernetes clusters through their user-friendly Cleura Cloud Management Panel or API, allowing users to focus on deploying applications instead of maintaining the underlying infrastructure.
    PITS Globale DatenrettungsdienstePITS Globale Datenrettungsdienste is a data recovery company located in Germany specializing in recovering lost or damaged files from hard drives, solid-state drives, flash drives, and other storage media. Gardener is used to handle highly-loaded internal infrastructure and provide reliable, fully-managed K8 cluster solutions.
    If you’re using Gardener and you aren’t on this list, submit a pull request!
    
\ No newline at end of file
diff --git a/docs/blog/2018/06.11-anti-patterns/index.html b/docs/blog/2018/06.11-anti-patterns/index.html
index 8262f578010..7e9a4d59180 100644
--- a/docs/blog/2018/06.11-anti-patterns/index.html
+++ b/docs/blog/2018/06.11-anti-patterns/index.html
@@ -6,7 +6,7 @@
 Instead of running a root user, use RUN groupadd -r anygroup && useradd -r -g anygroup myuser to create a group and a user in it. Use the USER command to switch to this user.">
  • Blogs
  • Community