Skip to content

v1.0.2-0

Rollout

  • FFM:
  • MDB:

PaaS Release v1.0.2

Release v1.0.2 delivers platform stability, security and compatibility improvements. The release upgrades Gardener to upstream v1.118.3 and updates several core components - cert-manager (and extensions), SSO components (Keycloak, Dex), MinIO, and OpenTofu — bringing bug fixes and security patches.

Key highlights

  • Gardener upgraded to upstream v1.118.3.
  • Platform compatibility extended to support Kubernetes Shoots up to v1.32.
  • Component updates include cert-manager, cert-manager extensions, SSO components, MinIO and OpenTofu, improving security and operational stability.
  • Deprecation: Shoots running Kubernetes versions older than v1.30 are no longer supported; customers must migrate these clusters before performing upgrades.
  • Ensure all clusters are upgraded to Kubernetes v1.30 or later prior to this platform upgrade.
  • Ensure GardenLinux version 1605.x or later is installed on all worker nodes prior to initiating the Kubernetes Cluster upgrade.

Key features and improvements

  • Deprecation for Kubernetes version lower than v1.30 in Shoots: Starting with this release we only support Kubernetes v1.30 or later. Please upgrade your clusters prior to this platform upgrade time communicated to you in the change announcement.
  • Upgrade of Gardener: Gardener upgraded to upstream release 1.118.3
  • Bug Fixes and Stability Improvements: Upgrades of different components bring security improvements, such as the upgrade of MinIO (CVE-2025-62506,CVE-2025-31489,CVE-2024-55949,CVE-2025-27414, CVE-2025-31489), NRI plugin, cert-manager (CVE-2025-27144, CVE-2025-22868, CVE-2025-22870, CVE-2025-22870), Dex (CVE-2025-22872), Keycloak (CVE-2024-0232, CVE-2025-12110, CVE-2025-8419).
  • Update OSC Dashboard to 2.2.0: The new version of the OSC Dashboard brings numerous improvements (see bellow for details).
  • Memory limit for Shoot API server: Starting with this release, a strict memory limit will be applied to kube-apiserver deployments on Shoots to prevent a single Shoot's API server from consuming excessive memory on the Seed node.

OSC Dashboard v2.2.0

  • Added OSC release version in info dialog.
  • New Shoot manifest is now by default extended with providerConfig in spec -> networking
  • Add home icon link to breadcrumbs
  • Add quota usage view for shoots in "New Shoot" and "Shoot detail" views
  • Add back Plutono and Prometheus access for monitoring
  • In "New Shoot" view, initial randomly generated Shoot name now takes project name length into consideration, so no invalid names will be generated on page load.