v0.25.0

[gardener/etcd-druid]

📰 Noteworthy

• [OPERATOR] Etcd ConfigMap Naming Update: The naming convention has changed to {etcd.Name}-config for consistency, replacing etcd-bootstrap-. Unused old ConfigMaps will be removed in v0.27.0 by @anveshreddy18 [#812]
• [USER] The UseEtcdWrapper feature gate has been promoted to GA and locked to true. by @shreyas-s-rao [#936]

🏃 Others

• [DEVELOPER] Enhanced the check make target to ensure the Go version adheres to x.y.0. by @renormalize [#930]
• [OPERATOR] Upgrade the alpine image version to 3.20.3 by @renormalize [#916]
• [OPERATOR] Enhances Etcd configuration by organizing ConfigMap naming convention, enabling snapshot-count configuration, and rectifying URL issues for improved functionality and consistency by @anveshreddy18 [#812]

[gardener/etcd-backup-restore]

⚠️ Breaking Changes

• [USER] The etcd configuration parameters initial-advertise-peer-urls and advertise-client-urls now accept a structured YAML format where URLs are listed per etcd instance. This replaces the previous unstructured string format with @ as a separator. Existing configurations must be updated to match this new format. To know the new format in detail, check the example config file at pkg/miscellaneous/testdata/valid_config.yaml by @anveshreddy18 [gardener/etcd-backup-restore#715]

📰 Noteworthy

• [OPERATOR] Snapshots garbage collection performed by etcd-backup-restore (if enabled) for ABS is performed only when the objects' immutability period expires. by @renormalize [gardener/etcd-backup-restore#781]
• [OPERATOR] etcd-backup-restore now supports immutable objects for storage provider: Azure Blob Storage, provided by the Container Level WORM feature. by @renormalize [gardener/etcd-backup-restore#781]
• [OPERATOR] Support for Container level WORM (ABS) in etcd-backup-restore is backward compatible. For more info please refer to this doc: https://github.com/gardener/etcd-backup-restore/blob/master/docs/usage/immutable_snapshots.md by @renormalize [gardener/etcd-backup-restore#781]

🏃 Others

• [DEVELOPER] Enhanced the check make target to ensure the Go version adheres to x.y.0. by @renormalize [gardener/etcd-backup-restore#803]
• [OPERATOR] Don't skip full snapshot, always trigger a full snapshot independent of new updates to etcd, preventing prometheus alerts of not taking a scheduled full snapshot. by @Shreyas-s14 [gardener/etcd-backup-restore#804]

Docker Images

• etcd-druid: europe-docker.pkg.dev/gardener-project/releases/gardener/etcd-druid:v0.25.0

v0.24.1

[gardener/etcd-druid]

📰 Noteworthy

• [DEVELOPER] Upgraded github.com/gardener/etcd-backup-restore dependency from 0.31.0 to 0.31.1. by @renormalize [#928]
• [DEVELOPER] etcd-druid will henceforth stick to Go versions x.y.0 only to be in line with gardener/gardener, kubernetes, controller-runtime. by @renormalize [#929]
• [OPERATOR] Upgraded etcd-backup-restore image version to v0.31.1. by @renormalize [#928]

Docker Images

• etcd-druid: europe-docker.pkg.dev/gardener-project/releases/gardener/etcd-druid:v0.24.1

v0.24.0

[gardener/etcd-druid]

📰 Noteworthy

• [OPERATOR] Upgraded etcd-backup-restore image version to v0.31.0. by @renormalize [#924]
• [OPERATOR] Upgraded etcd-wrapper image version to v0.3.0. by @gardener-robot-ci-3 [#921]
• [DEVELOPER] Upgraded github.com/gardener/etcd-backup-restore dependency from 0.29.0 to 0.31.0. by @renormalize [#924]

🏃 Others

• [OPERATOR] Introduced github pages to host the etcd-druid documentation by @unmarshall [#909]
• [OPERATOR] Fix a minor bug in wrongly assuming 24hr as full snapshot interval to compute backup ready condition by getting it from full snapshot schedule. by @anveshreddy18 [#906]
• [OPERATOR] Added a doc detailing on how to contribute to existing documentation. by @unmarshall [#920]
• [OPERATOR] add additional latest tag to released images. by @anveshreddy18 [#888]
• [OPERATOR] Fixes github pages links by @unmarshall [#919]
• [OPERATOR] Minor fixes to the docs, changed the images to reflect the new logo. by @Shreyas-s14 [#901]

[gardener/etcd-backup-restore]

🏃 Others

• [OPERATOR] Improved error handling in deletion of delta snapshots during snapshot garbage collection. by @Shreyas-s14 [gardener/etcd-backup-restore#793]
• [OPERATOR] Improves the renewTime of full snapshot lease when the lease is updated as part of retry mechanism by @anveshreddy18 [gardener/etcd-backup-restore#753]
• [DEVELOPER] Azure Blob Storage client Go module upgraded to github.com/Azure/azure-sdk-for-go/sdk/storage/azblob from the deprecated github.com/Azure/azure-storage-blob-go by @renormalize [gardener/etcd-backup-restore#751]
• [DEVELOPER] Builds for non-native platforms can now be done using the docker-build make target instead of having to invoke the docker buildx command. The platform can be specified using the PLATFORM variable which is passed while invoking make. by @renormalize [gardener/etcd-backup-restore#780]
• [DEVELOPER] Standardize the yaml dependency to sigs.k8s.io/yaml. Replace deprecated k8s.io/utils/pointer with k8s.io/utils/ptr. Bump all direct dependencies to newer versions. by @renormalize [gardener/etcd-backup-restore#796]
• [DEVELOPER] etcd-backup-restore now uses the Restore API exposed by go.etcd.io/etcd/clientv3/snapshot to perform restoration of the etcd data directory, moving away from performing restoration of the data directory manually. by @renormalize [gardener/etcd-backup-restore#795]
• [DEVELOPER] Upgrade the Go dependency to go1.23.2. by @renormalize [gardener/etcd-backup-restore#786]
• [USER] etcd-backup-restore now uses etcd version v3.4.34 for the embedded etcd during restoration. by @renormalize [gardener/etcd-backup-restore#795]

[gardener/etcd-wrapper]

✨ New Features

• [USER] etcd-wrapper has been updated to start etcd version v3.4.34. by @renormalize [gardener/etcd-wrapper#30]

🏃 Others

• [DEVELOPER] All dependencies upgraded to the newer versions for enhanced security and support. by @renormalize [gardener/etcd-wrapper#30]

Docker Images

• etcd-druid: europe-docker.pkg.dev/gardener-project/releases/gardener/etcd-druid:v0.24.0

v0.23.3

[gardener/etcd-druid]

🐛 Bug Fixes

• [OPERATOR] etcd controller now differentiates between TLS configuration change and peer TLS enablement. Only if peer TLS has been enabled and not yet reflected it will wait for all pods to come up else it will allow patching of statefulset. by @unmarshall [#918]
• [OPERATOR] Fixes etcd client and peer service label selector, ensuring that only Etcd statefulset pods are selected. by @unmarshall [#918]

Docker Images

• etcd-druid: europe-docker.pkg.dev/gardener-project/releases/gardener/etcd-druid:v0.23.3

v0.23.2

[gardener/etcd-druid]

📰 Noteworthy

• [DEVELOPER] * If you use make kind-up to bring up a local kind cluster then please note that the kubeconfig is now written to hack/kind/kubeconfig. by @unmarshall [#903]

🏃 Others

• [OPERATOR] Fixes the predicate to allow update events for existing Etcd resource that never got reconciled before. by @anveshreddy18 [#904]
• [OPERATOR] Etcd components webhook now allows druid to always update its managed resources, to tackle issues with stale informer cache. by @unmarshall [#902]
• [OPERATOR] * Updates etcd-druid documentation
  • Enhances hack/kind-up.sh script with additional capability to set feature-gates and launch local docker container registry. by @unmarshall [#903]

Docker Images

• etcd-druid: europe-docker.pkg.dev/gardener-project/releases/gardener/etcd-druid:v0.23.2

v0.23.1

[gardener/etcd-druid]

⚠️ Breaking Changes

• [OPERATOR] If you wish to downgrade from druid v0.23.x to versions =<v0.22.7, please ensure that you change the CLI flags for the druid command to remove the new CLI flags introduced in v0.23.0. If you are using the provided helm charts to deploy druid, you may ignore this and simply deploy the helm chart, which takes care of the CLI flag changes for you. by @shreyas-s-rao [#894]

📰 Noteworthy

• [OPERATOR] etcd-backup-restore has been bumped to v0.30.2 and etcd-wrapper has been bumped to v0.2.0. by @shreyas-s-rao [#894]

🏃 Others

• [USER] Fixed the ready condition for the Etcd resource. by @shreyas-s-rao [#894]
• [OPERATOR] Fixes for handling of pod template labels, label-selector, replicas and TLS changes to Etcd resource. StatefulSet does not allow update of label-selector. v0.23.x changes the label-selector, to get that reflected in the STS, it will be orphan deleted and subsequently created. Similarly for peer TLS and pod label changes an update of pods will be done. For single member etcd clusters this will cause a transient downtime. If replicas, TLS, label-selector are changed together then it will also cause transient quorum loss in multi-node etcd clusters. by @shreyas-s-rao [#894]

[gardener/etcd-wrapper]

🏃 Others

• [DEVELOPER] Upgrade the Go dependency to go1.23.1. by @renormalize [gardener/etcd-wrapper#32]
• [OPERATOR] Added a capability to stop the etcd-wrapper container by exposing an endpoint /stop. by @ishan16696 [gardener/etcd-wrapper#31]
• [OPERATOR] ops/print-etcd-cert-paths.sh has been removed and is now replaced with ops/print-etcd-cheatsheet.sh by @unmarshall [gardener/etcd-wrapper#18]

[gardener/etcd-backup-restore]

📰 Noteworthy

• [USER] Introduced a CLI flag --use-etcd-wrapper (default: false) to enable/disable the backup-restore to use etcd-wrapper related functionality. Note: enable this flag only if etcd-wrapper is deployed. by @ishan16696 [gardener/etcd-backup-restore#794]
• [OPERATOR] etcd-backup-restore now triggers a restart of the etcd member after updating etcd's advertise peer URLs if found updated. by @ishan16696 [gardener/etcd-backup-restore#794]

Docker Images

• etcd-druid: europe-docker.pkg.dev/gardener-project/releases/gardener/etcd-druid:v0.23.1

v0.22.7

[gardener/etcd-druid]

🏃 Others

• [OPERATOR] switch to etcd-custom-image v3.4.26-6 (hosted in google-artifact-registry, rather than - deprecated GCR) by @ccwienk [#880]

Docker Images

• etcd-druid: europe-docker.pkg.dev/gardener-project/releases/gardener/etcd-druid:v0.22.7

v0.22.6

[gardener/etcd-druid]

🏃 Others

• [OPERATOR] set cpu and memory requests for compaction pods by @anveshreddy18 [#853]

Docker Images

• etcd-druid: europe-docker.pkg.dev/gardener-project/releases/gardener/etcd-druid:v0.22.6

v0.23.0

[gardener/etcd-druid]

⚠️ Breaking Changes

• [OPERATOR] Custodian controller has now been removed in favour of etcd status reconciliation handled by etcd controller. CLI flags --custodian-workers and --custodian-sync-period have now been removed, and are no longer recognised by etcd-druid. by @unmarshall [#777]
• [OPERATOR] Labels on druid-managed resources are now streamlined, and no longer include name and instance. Instead, these are now standard labels app.kubernetes.io/managed-by and app.kubernetes.io/part-of, as recommended by Kubernetes. Additionally, app.kubernetes.io/component label is also used to set the type of the component for an etcd cluster. by @unmarshall [#777]
• [OPERATOR] Creation of Etcd resource no longer requires annotation gardener.cloud/operation: reconcile to be set on it for etcd-druid to reconcile it. In other words, creation of Etcd resource is immediate, irrespective of whether etcd-spec-auto-reconciliation is enabled or not. by @unmarshall [#777]
• [OPERATOR] CLI flag --workers has now been renamed to --etcd-workers. Additionally, etcd controller also accepts new CLI flags enable-etcd-spec-auto-reconcile to control how and when the etcd spec is reconciled, and etcd-status-sync-period to specify the duration after which an event will be re-queued to ensure etcd status reconciliation. CLI flag ignore-operation-annotation has been deprecated, and will be removed in an upcoming release. by @unmarshall [#777]
• [OPERATOR] Volume mounts for the etcd StatefulSet have now been fixed, to allow individually specifying TLS secrets for the etcd and backup-restore servers. CA and TLS certificates used for etcd client-server communication, relevant to the container that they are mounted on, can be found at /var/etcd/ssl/. CA and TLS certificates used for etcd peer communication, relevant to the container that they are mounted on, can be found at /var/etcd/ssl/peer. CA and TLS certificates used for etcd-backup-restore client-server communication, relevant to the container that they are mounted on, can be found at /var/etcdbr/ssl. by @unmarshall [#777]
• [DEVELOPER] Vendor directory has now been removed from the project. Please run make tidy to pull dependencies into go mod cache initially, and whenever required. by @shreyas-s-rao [#748]
• [USER] Before upgrading druid to v0.23.0+, please ensure that druid is running with at least v0.22.3+. This is required to avoid any downtime during the upgrade of the etcds by the new druid version, as well as to ensure backward compatibility of your etcds, in case you wish to downgrade back to v0.22.3+. by @shreyas-s-rao [#823]

📰 Noteworthy

• [OPERATOR] A new condition DataVolumesReady has been introduced in etcd.Status to capture and report PVC warnings. by @unmarshall [#777]

• [OPERATOR] Annotation druid.gardener.cloud/ignore-reconciliation has been marked as deprecated. Please use druid.gardener.cloud/suspend-etcd-spec-reconcile instead, which provides the same behavior. by @unmarshall [#777]

• [OPERATOR] Scale-up logic for single-node etcd clusters with peerTLS disabled to multi-node etcd clusters with peerTLS enabled, has been improved by making it deterministic and eliminates an unnecessary restart of the first etcd member, thus making this process faster and error-free. by @unmarshall [#777]

• [OPERATOR] CLI flag --leader-election-resource-lock is now deprecated, and will be set to leases from a future release onwards. by @unmarshall [#777]

• [OPERATOR] A new validating webhook named sentinel has been introduced to safeguard resources created by etcd-druid. A new annotation druid.gardener.cloud/disable-etcd-component-protection has been introduced, which if set, tells sentinel webhook to allow manual changes by an operator on any resource managed by etcd-druid.

  This webhook is disabled by default, and can be enabled as follows:

  • If deploying druid via the binary, please pass CLI flag --enable-sentinel-webhook to it. Additionally, CLI flags --webhook-server-bind-address, --webhook-server-port and --webhook-server-tls-server-cert-dir need to be passed when enabling the webhook, which enforces TLS communication using the given certs.
  • If deploying druid via the Helm charts, please set chart value webhooks.sentinel.enabled: true.
  • If deploying druid via Skaffold, please set environment variable DRUID_ENABLE_SENTINEL_WEBHOOK=true. This is also applicable when running Make targets such as deploy, deploy-dev, deploy-debug, test-e2e, etc, except for ci-e2e-kind. by @unmarshall [#777]

• [OPERATOR] The component model used for deploying resources has now been replaced with a simplified ResourceOperator model, found under /internal/operator. by @unmarshall [#777]

• [OPERATOR] CLI flag --metrics-addr is now deprecated. Please use --metrics-bind-address and --metrics-port instead. by @unmarshall [#777]

• [USER] Remove usage of *_STORAGE_API_ENDPOINT` environment variables for Google and Azure providers. Storage API endpoint / domain will instead be directly consumed by etcd-backup-restore from the mounted backup secret. by @shreyas-s-rao [#856]

• [DEVELOPER] We are moving towards using golang native tests. This also allowed us to relook at the unit and integration tests that we have. In this PR we have only partially introduced comprehensive golang native tests for specific packages (internal/operator, internal/webhook, internal/controller/etcd/ and internal/utils/). We have also added comprehensive integration tests for etcd controller and the new IT tests are present at test/it/controller/etcd. In future PRs we will replace the ginkgo based tests and replace it with native golang tests for rest of the packages as well. by @unmarshall [#777]

• [DEVELOPER] All packages under /pkg and /controllers directories have now been moved to new parent /internal directory. by @unmarshall [#777]

✨ New Features

• [OPERATOR] Etcd resource status now includes field LastErrors to indicate any errors encountered in the last reconciliation of the etcd resource. Custom error codes have been introduced to help capture contextual information from the reconciliation run. by @unmarshall [#777]
• [OPERATOR] Etcd resource status now includes field LastOperation to indicate the last operation performed on the etcd resource. This includes a unique RunID to help sift through logs containing the specific RunID, improving debuggability. Every reconciler run generates a unique RunID. by @unmarshall [#777]
• [DEVELOPER] etcd-druid now supports end-to-end testing with Azurite - the Azure Blob Storage Emulator by @renormalize [#753]
• [DEVELOPER] Builds for non-native platforms can now be done using the docker-build make target instead of having to invoke the docker buildx command. The platform can be specified using the PLATFORM variable which is passed while invoking make. by @renormalize [#873]
• [USER] Added support for new backup store provider stackit which is an alias for S3. by @unmarshall [#777]

🏃 Others

• [OPERATOR] etcd-backup-restore container was started with SYS_PTRACE linux capability. This prevented creating etcd cluster with Pod Security Standards. This linux capability has now been removed as it is no longer required. by @unmarshall [#777]

• [OPERATOR] set cpu and memory requests for compaction pods by @anveshreddy18 [#853]

• [OPERATOR] Etcd pods now mount files with DefaultMode set to 0640. by @unmarshall [#777]

• [OPERATOR] Upgrade github.com/gardener/etcd-backup-restore dependency from 0.26.0 to 0.29.0 by @anveshreddy18 [#830]

• [OPERATOR] 1. Dependency version upgrades done to gardener/gardener, controller-runtime, controller-tools, k8s.io/*, logr, zap, ginkgo, uber mock, uuid dependencies.
  2. Adapted golanglint-ci recommendations.
  3. Removed dependency on gardener/gardener hack/scripts.
  by @unmarshall [#834]

• [OPERATOR] Enhanced parallel execution support in e2e tests, reducing time and improving test suite robustness. by @seshachalam-yv [#833]

• [OPERATOR] Upgrades to golang version 1.22.4 by @unmarshall [#826]

• [OPERATOR] Updated e2e tests to support label changes during HA upgrades, preventing the reconciliation process from getting stuck and ensuring smooth transitions in deployment scenarios.

  by @seshachalam-yv [#838]

• [OPERATOR] Introduced new Makefile targets:
  deploy-dev - starts skaffold in dev mode allowing reloading druid upon change.
  deploy-debug - starts skaffold in debug mode allowing using breakpoints to interrupt the control-flow.
  undeploy - uses skaffold delete to delete all resources that are installed via skaffold. by @unmarshall [#777]

• [OPERATOR] Enabling the configurability of --max-backups for LimitBasedGC through the etcd resource spec .spec.backup.maxBackupsLimitBasedGC. by @anveshreddy18 [#755]

• [OPERATOR] Updated README.md by @unmarshall [#851]

• [DEVELOPER] Introduced testing guidelines, added developer productivity scripts and make targets to stress test, debug integration tests, formatting and detecting incompatible api changes. by @unmarshall [#857]

• [DEVELOPER] Fixes unit tests for internal/health package, includes missing tests in the Makefile test target and minor refactoring of test utility functions. by @unmarshall [#822]

• [DEVELOPER] Add Make target make docker-clean for cleaning up all docker builds related to etcd-druid. by @shreyas-s-rao [#842]

• [DEVELOPER] Add Make targets make clean-build-cache and make clean-mod-cache for cleaning up Go build and mod caches respectively. by @shreyas-s-rao [#842]

• `[DE...

v0.22.5

[gardener/etcd-backup-restore]

🐛 Bug Fixes

• [OPERATOR] Fixed a bug in detecting single member restoration scenario for the zeroth pod and when no storage provider for backups is configured. by @ishan16696 [gardener/etcd-backup-restore#761]

🏃 Others

• [OPERATOR] Retry to take full snapshot if the previous full snapshot operation fails. by @ishan16696 [gardener/etcd-backup-restore#765]

Docker Images

• etcd-druid: europe-docker.pkg.dev/gardener-project/releases/gardener/etcd-druid:v0.22.5