v1.52.3

[gardener/machine-controller-manager]

✨ New Features

• [OPERATOR] Machine Controller Manager now supports a new machine deployment strategy called InPlaceUpdate. by @acumino [gardener/machine-controller-manager#973]

🐛 Bug Fixes

• [OPERATOR] A new termination queue to handle machines scheduled for deletion introduced to separate creation requests from deletion by @takoverflow [gardener/machine-controller-manager#964]
• [OPERATOR] machine-controller-manager version, and build information are printed at startup. by @renormalize [gardener/machine-controller-manager#985]

🏃 Others

• [OPERATOR] Integration test framework enhancements for resource and process cleanup by @takoverflow [gardener/machine-controller-manager#968]
• [OPERATOR] Resource exhaustion on machine creation results in a longer retry period by @takoverflow [gardener/machine-controller-manager#981]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.52.3
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.52.3
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.52.3

Container (OCI) Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.52.3
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.52.3

v1.52.2

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [USER] Update CCM image from 1.32.0 to 1.32.4 to prevent crashes if cloud is set to AZURECHINACLOUD by @hebelsan [#1159]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.52.2
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.52.2
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.52.2

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.52.2
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.52.2

v1.52.1

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [USER] An issue causing csi-driver-controller to not have mounted a workload identity token when the feature is enabled is now fixed. by @ialidzhikov [#1144]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.52.1
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.52.1
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.52.1

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.52.1
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.52.1

v1.51.2

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [USER] An issue causing csi-driver-controller to not have mounted a workload identity token when the feature is enabled is now fixed. by @ialidzhikov [#1145]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.51.2
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.51.2
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.51.2

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.51.2
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.51.2

v1.52.0

[gardener/gardener-extension-provider-azure]

⚠️ Breaking Changes

• [OPERATOR] Enabling the immutable bucket feature is a breaking change, as it requires additional permissions. The permissions given to your credential are to be first modified before enabling the alpha feature. by @renormalize [#1098]

📰 Noteworthy

• [OPERATOR] Azure Blob Storage Containers can now be configured to be created with container-level immutability settings. by @renormalize [#1098]

✨ New Features

• [OPERATOR] The immutable bucket feature is currently in alpha state. The immutable bucket feature can be enabled by enabling config.featureGates.enableImmutableBuckets. More information can be found in docs/usage/usage.md. by @renormalize [#1098]

🏃 Others

• [OPERATOR] provider-azure no longer supports Shoots with Кubernetes version <= 1.26. by @RadaBDimitrova [#997]
• [OPERATOR] Implement etcd credential rotation by @kon-angelo [#1114]
• [USER] Update worker pool hash if diagnostic profile option is enabled by @hebelsan [#1122]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.52.0
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.52.0
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.52.0

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.52.0
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.52.0

v1.51.1

[gardener/gardener-extension-provider-azure]

🐛 Bug Fixes

• [OPERATOR] The admission webhook is now allowed to GET workload identities. by @dimityrmirchev [#1121]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.51.1
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.51.1
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.51.1

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.51.1
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.51.1

v1.51.0

[gardener/machine-controller-manager-provider-azure]

🏃 Others

• [OPERATOR] pipeline_integration_test now uses the control plane of a cluster to deploy objects part of its tests by @aaronfern [gardener/machine-controller-manager-provider-azure#175]
• [OPERATOR] vendored MCM version has been upgraded to v0.56.0 by @aaronfern [gardener/machine-controller-manager-provider-azure#175]

[gardener/gardener-extension-provider-azure]

✨ New Features

• [USER] The provider-azure extension does now support shoot clusters with Kubernetes version 1.32. You should consider the Kubernetes release notes before upgrading to 1.32. by @marc1404 [#1076]
• [USER] Allow users to disable the deployment of allow-* loadbalancers for outbound traffic. by @kon-angelo [#1099]
• [USER] The extension now supports Shoots using WorkloadIdentitys instead of cloud provider credentials. by @dimityrmirchev [#999]

🐛 Bug Fixes

• [OPERATOR] Fixed an issue that caused deployment issues with the gardener.cloud-fast storage class when the extension was deployed by gardener-operator in the garden runtime cluster. The deployment of this StorageClass object is now only done for Azure seeds. by @timuthy [#1105]
• [USER] This PR prevents the deletion of certain user managed public IPs during flow reconciliation after Terraform migration by @hebelsan [#1052]

🏃 Others

• [OPERATOR] Containers, which do not require privilege escalations, now forbid privilege escalations explicitly. by @georgibaltiev [#1082]
• [OPERATOR] The ports used by the extension can now be specified via helm values. by @ScheererJ [#1090]
• [DEVELOPER] Update Go to 1.24. by @marc1404 [#1102]
• [DEPENDENCY] Update gardener/gardener to v1.113.0. by @marc1404 [#1101]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.51.0
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.51.0
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.51.0

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.51.0
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.51.0

v1.50.1

no release notes available

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.50.1
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.50.1
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.50.1

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.50.1
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.50.1

v1.50.0

[gardener/gardener-extension-provider-azure]

⚠️ Breaking Changes

• [USER] VMSS-Flex based shoots are not the default deployment for non-zonal shoots. by @kon-angelo [#1025]
• [USER] Disable the creation of Availability-Set-based shoots. by @kon-angelo [#1025]
• [OPERATOR] The Helm charts for the application and runtime parts of the gardener-extension-admission-azure admission controller have been separated into standalone charts. These charts now assume a Garden setup with a virtual garden. Both charts must be deployed individually: the runtime chart on the Garden runtime cluster, and the application chart on the virtual garden. Additionally, the intermediate global level in the Helm values has been removed, so you may need to adjust your provided values accordingly. by @MartinWeindel [#1030]

📰 Noteworthy

• [USER] The kube-system/csi-driver-node-disk and kube-system/csi-driver-node-file DaemonSet are no longer scaled by a VerticalPodAutoscaler as they do not really benefit from it. Removing VerticalPodAutoscaler for these components will reduce unnecessary evictions by VPA and will be a mitigation for https://issues.k8s.io/126921. by @ialidzhikov [#1046]

✨ New Features

• [USER] Introduce an annotation to migrate the availability-set shoots to VMSS-Flex shoots. by @kon-angelo [#1025]
• [OPERATOR] Adjustments for additional deployment of extension and admission controller on Garden runtime cluster by gardener-operator. by @MartinWeindel [#1030]

🏃 Others

• [OPERATOR] Fix an issue where the provider-extension would delete a route table because of a location mismatch by @kon-angelo [#1068]
• [OPERATOR] Fixed an issue that prevented the Infrastructure resource to be correctly restored during control plane migration, if the Infrastructure was previously migrated from a single subnet network layout to a multiple subnet network layout. by @plkokanov [#907]
• [OPERATOR] Validate that all images in cloudProfile are valid images in the cloudProfileConfig by @hebelsan [#1020]
• [USER] Shoots with NodeLocalDNS enabled will use UDP instead of TCP for upstream DNS queries by default to avoid performance issues on Azure. by @domdom82 [#1032]
• [USER] Update CSI images by @AndreasBurger [#1063]
• [DEPENDENCY] Update gardener to v1.110.0 by @hebelsan [#1044]

[gardener/machine-controller-manager-provider-azure]

🏃 Others

• [DEVELOPER] The gardener/machine-controller-manager dependency has been updated to v0.55.1. Release Notes by @thiyyakat [gardener/machine-controller-manager-provider-azure#169]
• [DEVELOPER] Added gosec for Static Application Security Testing (SAST). by @thiyyakat [gardener/machine-controller-manager-provider-azure#169]
• [DEVELOPER] Updated go lang version to 1.23 by @thiyyakat [gardener/machine-controller-manager-provider-azure#169]
• [USER] It is now possible to use a workload identity token instead of a client secret when authenticating to Azure. The path to the file containing the federated token can be configured via the "workloadIdentityTokenFile" field in the secret config. by @dimityrmirchev [gardener/machine-controller-manager-provider-azure#167]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.50.0
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.50.0
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.50.0

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.50.0
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.50.0

v1.49.4

[gardener/remedy-controller]

✨ New Features

• [OPERATOR] The remedy controller now supports authentication via federated token. The file containing the token can be specified via the "aadFederatedTokenFile" field. by @dimityrmirchev [gardener/remedy-controller#64]

🏃 Others

• [OPERATOR] Update golang to v1.23.5 by @kon-angelo [gardener/remedy-controller#66]
• [DEPENDENCY] Introduce SAST checking by @kon-angelo [gardener/remedy-controller#66]
• [DEPENDENCY] Update gardener to v1.110.4 by @kon-angelo [gardener/remedy-controller#66]
• [DEPENDENCY] Update go version to v1.22.0 by @LucaBernstein [gardener/remedy-controller#63]
• [DEPENDENCY] Update gardener/gardener version to v1.96.2 by @LucaBernstein [gardener/remedy-controller#63]
• [DEVELOPER] The vendor directory was removed in favor of the go mod cache. by @LucaBernstein [gardener/remedy-controller#63]

[gardener/terraformer]

🐛 Bug Fixes

• [DEVELOPER] Provider azurerm was updated to version 3.47.0 and is now properly recognising the ARM_OIDC_TOKEN_FILE_PATH env variable. by @dimityrmirchev [gardener/terraformer#156]

🏃 Others

• [OPERATOR] Update golang to v1.23.5 by @kon-angelo [gardener/terraformer#157]
• [OPERATOR] Update alpine to v3.21.2 by @kon-angelo [gardener/terraformer#157]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.49.4
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.49.4
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.49.4

Docker Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.49.4
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.49.4