Skip to content

v1.0.0-1

Rollout

  • FFM:
  • MDB:

PaaS Release v1.0.0-1

This release introduces numerous improvements across various areas. It updates several components to newer versions, including MinIO, cert-manager extensions, and SSO components.

Key highlights include support for Kubernetes versions up to 1.31 and the introduction of the new OSC Dashboard (beta). The new dashboard, based on the original Gardener Dashboard, offers multiple enhancements (details below). Additionally, this release upgrades to upstream Gardener version 1.108.x.

New features include the ability for customers to extend volumes, perform online Shoot node subnet extensions (up to CIDR /23), and provision block devices (without filesystems) via the new CSI driver.

Key Features and Improvements

  • Support for Kubernetes versions up to 1.31 for Shoots: Kubernetes versions up to 1.31 are now supported for Shoot clusters. See the full list of supported versions here.
  • Gardener Upgrade: The upstream Gardener version in this release is 1.108.1.
  • GardenLinux: GardenLinux versions 1510, 1569, and 1605 are supported and upgrades tested successfully.
  • Multi-Realm Support: The SSO controller now supports multiple realms, including a managed realm for TSI.
  • Live Node CIDR Upgrade up to /23: This release enables online resizing of Shoot node subnets up to a netmask size of CIDR /23. Detailed documentation is available here.
  • CSI Volume Extension: The new CSI driver allows customers to extend persistent volumes online without requiring OSC team intervention. Detailed documentation is available here.
  • CSI Volume as Block Device: The CSI storage driver now supports provisioning Persistent Volumes as bare block devices (without filesystems) on Shoot clusters. Detailed documentation is available here.
  • New OSC Dashboard: A completely redesigned and improved customer dashboard console. More details are provided in a separate section.
  • Bug Fixes and Stability Improvements: Component upgrades bring security enhancements, including updates to Go (CVE-2024-24789, CVE-2024-24790), MinIO, Cert Manager, Keycloak (CVE-2024-1597, CVE-2024-3656, CVE-2024-4540), and Dex (CVE-2022-48174, CVE-2024-24791). Internal components now use dedicated service accounts instead of the admin service account during reconciliation. The S3 extension now correctly handles scenarios where user policies reference non-existent policies or users.
  • Fix for IngressNightmare Vulnerability: The ingress-nginx controller used for publishing the Gardener Dashboard and Keycloak portal has been upgraded to version 1.11.5, addressing vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974). More details are available here.
  • Machine Controller Advanced Settings: This release introduces configurable timeouts for node eviction, draining, and creation. Detailed documentation is available here.

OSC Dashboard v2.0.0 (beta)

The new OSC Dashboard will be deployed alongside the existing Gardener Dashboard. Both dashboards will coexist until the next release, after which the Gardener Dashboard will be deprecated, allowing customers to transition naturally.

Key Features and Improvements

  • A new color scheme aligned with T-Systems corporate standards.
  • A dedicated dashboard displaying clusters with issues, visible immediately after login.
  • The ability for customers to select the Seed for their Shoot directly in the dashboard, eliminating the need for YAML configuration.
  • Automatic default values for node CIDR with reasonable subnet sizes to prevent overly large subnets.
  • A help menu with information about available extensions, Gardener versions, and dashboard versions.
  • Contact information for IaaS and PaaS support included in the dashboard's help section.
  • Error messages when the Seed's Shoot limit is reached, preventing deployment attempts that would exceed the limit.
  • Resource consumption views for CPU, RAM, and SGX RAM for Shoots.
  • Localization support for German, French, Spanish, Italian, and Slovak.
  • Rebased OSC Console from Gardener release 1.108.1.
  • Fixed permission issues related to Seed specification.

Upgrade Notes

Prerequisites before starting the upgrade process:

  • The OSC Catalog (part of older OSC releases) must be completely removed, and all related objects (e.g., CRDs) must be cleaned up.
  • Upgrade to at least GardenLinux version 1510.
  • All Kubernetes Shoot node subnets must have a maximum CIDR of /23.