v0.10.0

[gardener/gardener-extension-registry-cache]

⚠️ Breaking Changes

• [OPERATOR] The legacy method of providing monitoring configuration via ConfigMaps labeled with extensions.gardener.cloud/configuration=monitoring has been removed. The extension does now only uses the new contract for providing monitoring configuration. Before upgrading to this version of the extension, make sure that the deployed Gardener version supports the new monitoring contract. by @dimitar-kostadinov [#237]

📰 Noteworthy

• [DEVELOPER] The containerd registry configuration hosts.toml files are now created using the OpetingSystemConfig CRI API. by @dimitar-kostadinov [#227]

🏃 Others

• [OPERATOR] A priorityClassName can now be set for the admission deployment via the admission Helm chart. by @timuthy [#222]
• [OPERATOR] The registry-cache admission validation is skipped when no semantic change in providerConfig is detected. by @dimitar-kostadinov [#210]
• [OPERATOR] The following image is updated:
  • europe-docker.pkg.dev/gardener-project/releases/3rd/registry: 3.0.0-alpha.1 -> 3.0.0-beta.1 by @ialidzhikov [#224]

Docker Images

• gardener-extension-registry-cache-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache-admission:v0.10.0
• gardener-extension-registry-cache: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache:v0.10.0

v0.9.0

[gardener/gardener-extension-registry-cache]

⚠️ Breaking Changes

• [USER] The registry.extensions.gardener.cloud/v1alpha2 API version is removed. Use registry.extensions.gardener.cloud/v1alpha3 instead. by @ialidzhikov [#165]
• [OPERATOR] The registry.extensions.gardener.cloud/v1alpha2 API version is removed. Before upgrading to this version, make sure that there are no usages of the registry.extensions.gardener.cloud/v1alpha2 API version in the landscape. by @ialidzhikov [#165]

📰 Noteworthy

• [USER] The registry cache StatefulSets for registries with upstream host with more than 43 chars will be recreated. Only the StatefulSet will be recreated, the underlying PVC remains the same. by @dimitar-kostadinov [#186]

🏃 Others

• [OPERATOR] This extension is now using the new way of providing monitoring configuration (ref GEP-19) in case a shoot cluster's Prometheus has been migrated to management via prometheus-operator. by @ialidzhikov [#187]
• [OPERATOR] The upstream fields in the registry-mirror and registry-cache APIs now support optional port (e.g. example.io:5000). by @dimitar-kostadinov [#183]
• [OPERATOR] A new optional remoteURL field in the registry-cache API allows specifying the URL of the upstream registry (e.g. http://example.io:5000). by @dimitar-kostadinov [#183]
• [OPERATOR] The registry-cache extension does now support the Deploying Gardener Locally and Enabling Provider-Extensions local setup. by @dimitar-kostadinov [#193]

Docker Images

• gardener-extension-registry-cache-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache-admission:v0.9.0
• gardener-extension-registry-cache: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache:v0.9.0

v0.8.0

[gardener/gardener-extension-registry-cache]

⚠️ Breaking Changes

• [OPERATOR] registry-cache extension no longer supports Shoots with Кubernetes version == 1.24. by @shafeeqes [#121]

🐛 Bug Fixes

• [OPERATOR] Fixed an issue where the extension-registry-configuration-cleaner ManagedResource could block Shoot deletion if the registry-cache extension was disabled before the Shoot deletion was triggered, and disabling the extension failed while trying to deploy the said ManagedResource and wait for it to become ready. by @ialidzhikov [#173]

🏃 Others

• [OPERATOR] Registry configuration option http.draintimeout is set to 25 seconds to activate registry graceful shutdown. by @dimitar-kostadinov [#162]
• [OPERATOR] The registry-cache extension defines recording rules (shoot:registry_proxy_pushed_bytes_total:sum and shoot:registry_proxy_pulled_bytes_total:sum) that are federated in the Seed cluster's aggregate prometheus and also in the prometheus in the runtime cluster. These rules make possible to query registry-cache related metrics from the prometheus in the runtime cluster and in this way get an overview for given set of Shoot clusters. by @ialidzhikov [#169]

Docker Images

• gardener-extension-registry-cache-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache-admission:v0.8.0
• gardener-extension-registry-cache: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache:v0.8.0

v0.7.1

[gardener/gardener-extension-registry-cache]

🏃 Others

• [OPERATOR] An issue causing the test execution command in the TestDefinition to fail is now fixed. by @ialidzhikov [#161]

Docker Images

• gardener-extension-registry-cache-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache-admission:v0.7.1
• gardener-extension-registry-cache: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache:v0.7.1

v0.7.0

[gardener/gardener-extension-registry-cache]

⚠️ Breaking Changes

• [USER] The registry.extensions.gardener.cloud/v1alpha2API version is deprecated. See Migration from v1alpha2 to v1alpha3 on how to migrate from registry.extensions.gardener.cloud/v1alpha2 to registry.extensions.gardener.cloud/v1alpha3. by @ialidzhikov [#144]
• [USER] The registry.extensions.gardener.cloud/v1alpha1 API version is removed. Use registry.extensions.gardener.cloud/v1alpha2 instead. by @ialidzhikov [#141]
• [OPERATOR] The registry.extensions.gardener.cloud/v1alpha1 API version is removed. Before upgrading to this version, make sure that there are no usages of the registry.extensions.gardener.cloud/v1alpha1 API version in the landscape. by @ialidzhikov [#141]

✨ New Features

• [USER] The registry-cache extension introduces a new API version registry.extensions.gardener.cloud/v1alpha3. In the new API version the garbage collection TTL is configurable. Previously, the TTL was hard-coded internally in the Distribution project to 168h (7 days). In the latest version (3.0.0) of Distribution project it is configurable. by @ialidzhikov [#144]
• [OPERATOR] Panels for the registry caches are now available in Registry Caches plutono dashboard. by @dimitar-kostadinov [#110]

🏃 Others

• [DEVELOPER] The vendor directory was removed in favor of the go mod cache. by @ialidzhikov [#147]
• [DEVELOPER] The repository is now using REUSE license format. by @ialidzhikov [#146]
• [DEVELOPER] The golang version is updated to 1.22.0. by @dependabot[bot] [#139]

Docker Images

• gardener-extension-registry-cache-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache-admission:v0.7.0
• gardener-extension-registry-cache: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache:v0.7.0

v0.6.0

[gardener/gardener-extension-registry-cache]

✨ New Features

• [USER] The registry-cache extension now supports an API to configure containerd registry mirrors. For more details, see Configuring the Registry Mirror Extension. by @ialidzhikov [#134]

🏃 Others

• [OPERATOR] The following image is updated:
  • europe-docker.pkg.dev/gardener-project/releases/3rd/registry: 2.8.3 -> 3.0.0-alpha.1 by @ialidzhikov [#138]
• [OPERATOR] The configure-containerd-registries unit combines linear and exponential backoff retry strategies to configure containerd registry hosts as early as possible. This way, the deployed registry cache is ready for use, eventually before the Node status is Ready. by @dimitar-kostadinov [#137]
• [DEPENDENCY] The following dependency is updated:
  • github.com/gardener/gardener: v1.86.0 -> v1.87.0 by @dependabot[bot] [#132]
• [DEPENDENCY] The following dependency is updated:
  • github.com/gardener/gardener: v1.87.2 -> v1.88.0 by @dependabot[bot] [#145]

Docker Images

• gardener-extension-registry-cache-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache-admission:v0.6.0
• gardener-extension-registry-cache: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache:v0.6.0

v0.5.0

[gardener/gardener-extension-registry-cache]

⚠️ Breaking Changes

• [USER] It is now forbidden to enable garbage collection for a cache once it is disabled. This constraint is added to mitigate distribution/distribution#4249. by @ialidzhikov [#131]
• [OPERATOR] CA and server certificates for the admission component are managed automatically. Passing custom certificates via Helm values is not supported anymore. by @ialidzhikov [#122]
• [OPERATOR] The OCI Image Registry is changed from GCR (eu.gcr.io/gardener-project/gardener/extensions/{registry-cache,registry-cache-admission}) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/{registry-cache,registry-cache-admission}). Users should update their references. by @ccwienk [#113]

📰 Noteworthy

• [USER] The cache upstream is now required to be a a valid DNS subdomain (RFC 1123). by @ialidzhikov [#130]

🐛 Bug Fixes

• [OPERATOR] An issue in the Distribution project that causes in-used blob to be wrongly deleted during GC of an image layer which later on causes the images that reference this blob to fail to be pulled is now mitigated. by @ialidzhikov [#128]
• [USER] An issue causing the registry StatefulSet to fail to create Pods for registry caches with long upstreams is now mitigated. by @ialidzhikov [#129]

🏃 Others

• [DEPENDENCY] The following dependency is updated:
  • github.com/gardener/gardener: v1.85.1 -> v1.86.0 by @dependabot[bot] [#115]
• [DEPENDENCY] The following dependency is updated:
  • github.com/gardener/gardener: v1.84.2 -> v1.85.1 by @ialidzhikov [#122]
• [OPERATOR] A flake in the should enable and disable the registry-cache extension testmachinery test is now fixed. by @ialidzhikov [#123]

Docker Images

• gardener-extension-registry-cache-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache-admission:v0.5.0
• gardener-extension-registry-cache: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/registry-cache:v0.5.0

v0.4.0

[gardener/gardener-extension-registry-cache]

⚠️ Breaking Changes

• [USER] The registry.extensions.gardener.cloud/v1alpha1API version is deprecated. See Migration from v1alpha1 to v1alpha2 on how to migrate from registry.extensions.gardener.cloud/v1alpha1 to registry.extensions.gardener.cloud/v1alpha2. by @ialidzhikov [#101]

✨ New Features

• [USER] The registry-cache extension introduces a new API version registry.extensions.gardener.cloud/v1alpha2. In the new API version the StorageClass name of the registry cache volume is configurable. Previously, it was hard-coded to the StorageClass named default. by @ialidzhikov [#101]
• [OPERATOR] Metrics for registry cache persistent volumes are exposed in the Registry Caches plutono dashboard. by @dimitar-kostadinov [#112]

🐛 Bug Fixes

• [OPERATOR] An issue causing control plane migration for a Shoot with registry-cache extension enabled to fail is now fixed. by @ialidzhikov [#114]
• [DEVELOPER] An issue causing the testmachinery test to fail against an arm64 Shoot is now resolved. by @ialidzhikov [#118]
• [DEVELOPER] An issue causing the testmachinery test to fail against an alicloud Shoot is now resolved. by @ialidzhikov [#117]

🏃 Others

• [OPERATOR] The type of the configure-containerd-registries.service units is changed from oneshot to simple. by @ialidzhikov [#109]

Docker Images

• gardener-extension-registry-cache-admission: eu.gcr.io/gardener-project/gardener/extensions/registry-cache-admission:v0.4.0
• gardener-extension-registry-cache: eu.gcr.io/gardener-project/gardener/extensions/registry-cache:v0.4.0

v0.3.1

[gardener/gardener-extension-registry-cache]

🐛 Bug Fixes

• [USER] admission: An issue preventing the admission Pod to perform DNS resolutions is now fixed. Previously, the admission was denying requests when the providerConfig.caches[].secretReferenceName field is specified because it was not able to resolve the virtual kube-apiserver DNS name. by @ialidzhikov [#108]

Docker Images

• gardener-extension-registry-cache-admission: eu.gcr.io/gardener-project/gardener/extensions/registry-cache-admission:v0.3.1
• gardener-extension-registry-cache: eu.gcr.io/gardener-project/gardener/extensions/registry-cache:v0.3.1

v0.3.0

[gardener/gardener-extension-registry-cache]

⚠️ Breaking Changes

• [OPERATOR] The type of the imageVectorOverwrite value is changed from string to object. by @ialidzhikov [#80]

✨ New Features

• [USER] The registry-cache now supports providing credentials for private upstreams. For more details, see How to provide credentials for upstream registry?. by @dimitar-kostadinov [#94]
• [USER] registry-cache extension now supports Shoot Force Deletion. by @acumino [#59]

🏃 Others

• [OPERATOR] The registry-cache extension does now contribute alerts for the registry caches' volumes to the Shoot control plane prometheus. by @ialidzhikov [#96]
• [OPERATOR] The registry-configuration-cleaner is no longer deployed on Shoot deletion with registry-cache extension enabled. The Extension deletion occurs after the Worker deletion. There are no Nodes, hence there is no need to clean up registry configuration. by @ialidzhikov [#83]
• [OPERATOR] The following image is updated:
  • eu.gcr.io/gardener-project/3rd/alpine: 3.15.8 -> 3.18.4 by @ialidzhikov [#89]
• [OPERATOR] Vulnerability scans are disabled for the alpine and pause images as the corresponding containers are not accessible from outside of the K8s clusters and not interacted with from other containers or other systems. by @ialidzhikov [#89]
• [OPERATOR] The registry-cache extension is now aligned with the Gardener's component checklist:
  • The RBAC rules for the extension Pod are reduced to only the required ones. Some of the rules are moved from the ClusterRole to a new Role in the extension namespace.
  • The registry cache and registry-configuration-cleaner Pods now run with the RuntimeDefault seccomp profile.
  • The registry-configuration-cleaner Pods no longer run in privileged mode.
  • The registry cache Pods now define the needed NetworkPolicy labels if a deny-all NetworkPolicy is applied to the kube-system Namespace.
  • The registry cache and registry-configuration-cleaner components do now have appropriate PodSecurityPolicies.
  • The registry-configuration-cleaner Pods do now run with PriorityClass gardener-shoot-system-700.
  • The registry-configuration-cleaner Pods do now have resource requests and limits. by @ialidzhikov [#85]
• [DEVELOPER] registyr-cache's base image is updated to gcr.io/distroless/static-debian12:nonroot. by @ialidzhikov [#91]

Docker Images

• gardener-extension-registry-cache-admission: eu.gcr.io/gardener-project/gardener/extensions/registry-cache-admission:v0.3.0
• gardener-extension-registry-cache: eu.gcr.io/gardener-project/gardener/extensions/registry-cache:v0.3.0