feat: release v0.35.2

Taskfile.yaml

@@ -57,5 +57,6 @@ tasks:
     sources:
     - hack/external-apis/*
     cmds:
-    - 'go run {{.ROOT_DIR}}/hack/external-apis/main.go'
+    # - 'go run {{.ROOT_DIR}}/hack/external-apis/main.go'
+      - 'echo "TODO: Temporarily disabled due to github problems."'
     internal: true

VERSION

@@ -1 +1 @@
-v0.35.1-dev
+v0.35.2

api/external/gardener-extension-provider-aws/pkg/apis/aws/v1alpha1/register.go

@@ -45,8 +45,6 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&ControlPlaneConfig{},
 		&WorkerConfig{},
 		&WorkerStatus{},
-		&WorkloadIdentityConfig{},
-		&BackupBucketConfig{},
 	)
 	return nil
 }

api/external/gardener/pkg/apis/core/v1beta1/constants/types_constants.go

@@ -802,13 +802,30 @@ const (
 	// SeedUserNamePrefix is the identity user name prefix for gardenlets when authenticating to the API server.
 	SeedUserNamePrefix = "gardener.cloud:system:seed:"
 
-	// ShootGroupViewers is a constant for a group name in shoot clusters whose users get read-only privileges (except
-	// for core/v1.Secrets).
-	ShootGroupViewers = "gardener.cloud:system:viewers"
 	// ClusterRoleNameGardenerAdministrators is the name of a cluster role in the garden cluster defining privileges
 	// for administrators.
 	ClusterRoleNameGardenerAdministrators = "gardener.cloud:system:administrators"
 
+	// ShootReadOnlyClusterRoleName is the name of a cluster role allowing read-only access to resources
+	// in a shoot cluster, except core/v1.Secrets and those that are encrypted in the ETCD.
+	ShootReadOnlyClusterRoleName = "gardener.cloud:system:read-only"
+	// ShootSystemAdminsGroupName is a group assigned to gardener system administrators
+	// when they request an AdminKubeconfig to access a shoot cluster.
+	ShootSystemAdminsGroupName = "gardener.cloud:system:admins"
+	// ShootSystemViewersGroupName is a group assigned to gardener system viewers
+	// when they request a ViewerKubeconfig to access a shoot cluster.
+	ShootSystemViewersGroupName = "gardener.cloud:system:viewers"
+	// ShootProjectAdminsGroupName is a group assigned during AdminKubeconfig generation to
+	// gardener project administrators or other users allowed to request an AdminKubeconfig.
+	// System administrators do not get assigned to this group when requesting an AdminKubeconfig.
+	// Instead, they are assigned to the group "gardener.cloud:system:admins".
+	ShootProjectAdminsGroupName = "gardener.cloud:project:admins"
+	// ShootProjectViewersGroupName is a group assigned during ViewerKubeconfig generation to
+	// gardener project viewers or other users allowed to request a ViewerKubeconfig.
+	// System viewers do not get assigned to this group when requesting a ViewerKubeconfig.
+	// Instead, they are assigned to the group "gardener.cloud:system:viewers".
+	ShootProjectViewersGroupName = "gardener.cloud:project:viewers"
+
 	// ProjectName is the key of a label on namespaces whose value holds the project name.
 	ProjectName = "project.gardener.cloud/name"
 	// ProjectSkipStaleCheck is the key of an annotation on a project namespace that marks the associated Project to be

api/external/gardener/pkg/apis/core/v1beta1/types_seed.go

@@ -362,6 +362,13 @@ type SeedSettingVerticalPodAutoscaler struct {
 	// FeatureGates contains information about enabled feature gates.
 	// +optional
 	FeatureGates map[string]bool `json:"featureGates,omitempty" protobuf:"bytes,2,opt,name=featureGates"`
+	// MaxAllowed specifies the global maximum allowed (maximum amount of resources) that vpa-recommender can recommend for a container.
+	// The VerticalPodAutoscaler-level maximum allowed takes precedence over the global maximum allowed.
+	// For more information, see https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/docs/examples.md#specifying-global-maximum-allowed-resources-to-prevent-pods-from-being-unschedulable.
+	//
+	// Defaults to nil (no maximum).
+	// +optional
+	MaxAllowed corev1.ResourceList `json:"maxAllowed,omitempty" protobuf:"bytes,3,rep,name=maxAllowed,casttype=k8s.io/api/core/v1.ResourceList,castkey=k8s.io/api/core/v1.ResourceName"`
 }
 
 // SeedSettingDependencyWatchdog controls the dependency-watchdog settings for the seed.

api/external/gardener/pkg/apis/core/v1beta1/types_shoot.go

@@ -814,6 +814,13 @@ type VerticalPodAutoscaler struct {
 	// FeatureGates contains information about enabled feature gates.
 	// +optional
 	FeatureGates map[string]bool `json:"featureGates,omitempty" protobuf:"bytes,19,rep,name=featureGates"`
+	// MaxAllowed specifies the global maximum allowed (maximum amount of resources) that vpa-recommender can recommend for a container.
+	// The VerticalPodAutoscaler-level maximum allowed takes precedence over the global maximum allowed.
+	// For more information, see https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/docs/examples.md#specifying-global-maximum-allowed-resources-to-prevent-pods-from-being-unschedulable.
+	//
+	// Defaults to nil (no maximum).
+	// +optional
+	MaxAllowed corev1.ResourceList `json:"maxAllowed,omitempty" protobuf:"bytes,20,rep,name=maxAllowed,casttype=k8s.io/api/core/v1.ResourceList,castkey=k8s.io/api/core/v1.ResourceName"`
 }
 
 const (
@@ -857,10 +864,11 @@ var (
 )
 
 // KubernetesConfig contains common configuration fields for the control plane components.
+//
+// This is a legacy type that should not be used in new API fields or resources.
+// Instead of embedding this type, consider using inline map for feature gates definitions.
 type KubernetesConfig struct {
 	// FeatureGates contains information about enabled feature gates.
-	//
-	// This is a legacy field that should no longer be used. Instead, consider using inline map for feature gates definitions.
 	// +optional
 	FeatureGates map[string]bool `json:"featureGates,omitempty" protobuf:"bytes,1,rep,name=featureGates"`
 }
@@ -1532,7 +1540,7 @@ type Networking struct {
 	// Services is the CIDR of the service network. This field is immutable.
 	// +optional
 	Services *string `json:"services,omitempty" protobuf:"bytes,5,opt,name=services"`
-	// IPFamilies specifies the IP protocol versions to use for shoot networking. This field is immutable.
+	// IPFamilies specifies the IP protocol versions to use for shoot networking.
 	// See https://github.com/gardener/gardener/blob/master/docs/development/ipv6.md.
 	// Defaults to ["IPv4"].
 	// +optional
@@ -1900,12 +1908,12 @@ type SSHAccess struct {
 var (
 	// DefaultWorkerMaxSurge is the default value for Worker MaxSurge.
 	DefaultWorkerMaxSurge = intstr.FromInt32(1)
-	// DefaultInPlaceWorkerMaxSurge is the default value for In-Place Worker MaxSurge.
-	DefaultInPlaceWorkerMaxSurge = intstr.FromInt32(0)
+	// DefaultAutoInPlaceWorkerMaxSurge is the default value for AutoInPlaceUpdate Worker MaxSurge.
+	DefaultAutoInPlaceWorkerMaxSurge = intstr.FromInt32(0)
 	// DefaultWorkerMaxUnavailable is the default value for Worker MaxUnavailable.
 	DefaultWorkerMaxUnavailable = intstr.FromInt32(0)
-	// DefaultInPlaceWorkerMaxUnavailable is the default value for In-Place Worker MaxUnavailable.
-	DefaultInPlaceWorkerMaxUnavailable = intstr.FromInt32(1)
+	// DefaultAutoInPlaceWorkerMaxUnavailable is the default value for AutoInPlaceUpdate Worker MaxUnavailable.
+	DefaultAutoInPlaceWorkerMaxUnavailable = intstr.FromInt32(1)
 	// DefaultWorkerSystemComponentsAllow is the default value for Worker AllowSystemComponents
 	DefaultWorkerSystemComponentsAllow = true
 )

charts/mcp-operator/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: mcp-operator
 description: A Helm chart for the mcp-operator
 type: application
-version: v0.35.1
-appVersion: v0.35.1
+version: v0.35.2
+appVersion: v0.35.2
 home: https://github.com/openmcp-project/mcp-operator
 sources:
   - https://github.com/openmcp-project/mcp-operator

charts/mcp-operator/values.yaml

@@ -14,7 +14,7 @@ deployment:
 
 image:
   repository: ghcr.io/openmcp-project/images/mcp-operator
-  tag: v0.35.1
+  tag: v0.35.2
   pullPolicy: IfNotPresent
 
 imagePullSecrets: []

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/openmcp-project/cluster-provider-gardener/api v0.3.0
 	github.com/openmcp-project/control-plane-operator v0.1.12
 	github.com/openmcp-project/controller-utils v0.16.0
-	github.com/openmcp-project/mcp-operator/api v0.35.1
+	github.com/openmcp-project/mcp-operator/api v0.35.2
 	github.com/openmcp-project/openmcp-operator/api v0.10.0
 	github.com/openmcp-project/openmcp-operator/lib v0.10.0
 	github.com/openmcp-project/service-provider-landscaper v0.4.0

hack/external-apis/apis.yaml

@@ -66,7 +66,7 @@ apis:
     - name: pkg/apis/extensions/v1alpha1/zz_generated.deepcopy.go
   gardener-extension-provider-aws:
     # renovate: datasource=github-releases
-    base: https://raw.githubusercontent.com/gardener/gardener-extension-provider-aws/v1.60.0
+    base: https://raw.githubusercontent.com/gardener/gardener-extension-provider-aws/v1.62.3
     vendor: github.com/gardener/gardener-extension-provider-aws
     patches:
     - replace: "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"

hack/external-apis/main.go

@@ -81,6 +81,8 @@ func downloadFile(url, destination string) error {
 		return err
 	}
 
+	//fmt.Println("Downloading", url, "to", destination)
+
 	resp, err := http.Get(url)
 	if resp != nil {
 		defer resp.Body.Close()