Update dependencies (minor)

[gardener-ci-robot]

This PR contains the following updates:

Package	Type	Update	Change
github.com/gardener/gardener	require	minor	v1.110.4 -> v1.111.0
github.com/gardener/gardener-extension-provider-openstack	require	minor	v1.44.1 -> v1.46.0

---

Release Notes

gardener/gardener (github.com/gardener/gardener)

v1.111.0

Compare Source

[gardener/gardener]

⚠️ Breaking Changes

• [OPERATOR] The OperatorConfiguration changed incompatibly: extensionRequired was renamed to extensionRequiredRuntime. by @​timuthy [#​11001]

• [OPERATOR] The ShootManagedIssuer feature gate was removed. Enablement of the feature is now dependent on the existence of a secret in the garden namespace labeled with gardener.cloud/role: shoot-service-account-issuer. by @​dimityrmirchev [#​11078]

• [OPERATOR] The ShootForceDeletion feature gate has been graduated to GA and is locked to true. by @​shafeeqes [#​11107]

• [OPERATOR] This change applies to IPv4 clusters only.
  Gardener uses the CIDR range of 240.0.0.0/8 which is reserved as per IANA db to map the cluster ip of the kubernetes api-server in the seed to a different network range before exposing it to the shoot in the kubernetes service. This frees up address space in the shoot and removes potential clashes with shoot workload ips.

  Seed operators need to check if any of the following properties collide with the 240.0.0.0/8 range:

  spec:  
    networks:  
      pods: < check here >  
      nodes: < check here >  
      services: < check here >  
      shootDefaults:  
        pods: < check here >  
        nodes: < check here >  
        services: < check here >  
  

  by @​domdom82 [#​10949]

• [OPERATOR] The wildcard TLS certificate for the runtime cluster must now be labelled with gardener.cloud/role=garden-cert instead of gardener.cloud/role=controlplane-cert to avoid duplicate role assignments for runtime and seed certificate secrets if Gardener runtime and seed run on the same cluster.
  The old role name is deprecated for the runtime cluster. It will not be accepted anymore with the next Gardener release. by @​MartinWeindel [#​11113]

• [DEPENDENCY] Client-related functions have been adapted to use the external version of k8s.io/component-base/config.ClientConnectionConfiguration. If you need a helper function for transitioning to the external version, use pkg/client/kubernetes.ConvertClientConnectionConfigurationToExternal. by @​timebertt [#​11052]

• [DEPENDENCY] The package github.com/gardener/gardener/extensions/pkg/apis/config has been dropped. Use the versioned variant of the package instead: github.com/gardener/gardener/extensions/pkg/apis/config/v1alpha1. by @​timebertt [#​11056]

📰 Noteworthy

• [USER] Expired versions from the NamespacedCloudProfile are always dropped, except for already applied versions. by @​LucaBernstein [#​10910]
• [OPERATOR] The vpa field (ineffective since v1.102) has been removed from the ManagedSeed API. by @​rfranzke [#​11047]
• [OPERATOR] Now "vali" contains the managed control plane logs from the early stages of shoot reconcile. by @​nickytd [#​11082]

✨ New Features

• [OPERATOR] Gardener-Operator handles generic Gardener extensions in the Garden-Runtime cluster (type: Extension). Such extensions can be configured via spec.extensions in the Garden resource. by @​timuthy [#​11192]
• [OPERATOR] gardener-node-agent now persists its applied changes after each step when reconciling the OSC. This should avoid unnecessary work and systemd unit restarts. by @​maboehm [#​10969]
• [OPERATOR] Add vpa histogram decay half-life parameters to the Shoot spec. by @​voelzmo [#​10959]
• [OPERATOR] The Gardener Admission Controller now implements a handler that can prevent tampering with system Secrets and ConfigMaps if they are labeled with gardener.cloud/update-restriction=true. by @​dimityrmirchev [#​11108]
• [OPERATOR] Add flow and flow task metrics for timing duration, delay and result count to gardenlet metrics. by @​LucaBernstein [#​10967]
• [USER] Gardener now allows to omit or to only partially define the machine image version in shoot.Spec.Provider.Workers[].Machine.Image.Version. The version will automatically be defaulted to the latest minor/patch version found in the referenced CloudProfile. by @​LucaBernstein [#​10954]
• [DEVELOPER] The extension library now supports adding watches via WatchBuilder for other resources in the generic extension controller. by @​domdom82 [#​11064]
• [DEVELOPER] Add option to register flow metrics on monitoring registry. by @​LucaBernstein [#​10967]
• [DEVELOPER] A local setup for trying out, developing, and testing the autonomous shoot cluster functionality of gardenadm has been introduced. You can find the documentation here. by @​rfranzke [#​10977]

🐛 Bug Fixes

• [OPERATOR] Gardener can now delete and migrate shoots that use dynamic node network allocation, even if the infrastructure creation has never been successfully completed. by @​timebertt [#​11038]
• [OPERATOR] An issue was fixed in gardener-operator that prevented configuring OIDC for gardener-dashboard while using Structured Authentication. by @​timuthy [#​11080]
• [OPERATOR] gardener-node-agent does not restart containerd.service on every OSC reconciliation anymore. by @​oliver-goetz [#​11120]
• [USER] Fix the NamespacedCloudProfile status mutation. by @​LucaBernstein [#​11036]
• [DEVELOPER] Avoid calling GetCluster for non-shoot namespaces in shootNotFailedPredicate and dnsrecord controller. by @​MartinWeindel [#​11123]
• [DEVELOPER] gardener-node-agent deletes unit files and drop-ins only if it created them previously. by @​oliver-goetz [#​11015]

🏃 Others

• [USER] Custom machine images and machine types in NamespacedCloudProfile are not interfered by later added conflicting entries in the parent CloudProfile. by @​LucaBernstein [#​11093]
• [DEPENDENCY] The quay.io/kiwigrid/k8s-sidecar image has been updated to 1.29.0. by @​gardener-ci-robot [#​11138]
• [DEPENDENCY] The gardener/etcd-druid image has been updated to v0.26.1. Release Notes by @​gardener-ci-robot [#​11202]
• [DEPENDENCY] The gcr.io/istio-release/pilot image has been updated to 1.23.4. by @​gardener-ci-robot [#​11071]
• [DEPENDENCY] The envoyproxy/envoy image has been updated to v1.33.0. Release Notes by @​gardener-ci-robot [#​11167]
• [DEPENDENCY] The registry.k8s.io/ingress-nginx/controller-chroot image has been updated to v1.12.0. by @​gardener-ci-robot [#​11087]
• [DEPENDENCY] The quay.io/kiwigrid/k8s-sidecar image has been updated to 1.28.4. by @​gardener-ci-robot [#​11053]
• [DEPENDENCY] The gardener/logging image has been updated to v0.63.0. Release Notes by @​gardener-ci-robot [#​11195]
• [DEPENDENCY] The registry.k8s.io/dns/k8s-dns-node-cache image has been updated to 1.24.0. by @​gardener-ci-robot [#​11032]
• [DEPENDENCY] The gardener/alpine-conntrack image has been updated to 3.21.0. Release Notes by @​gardener-ci-robot [#​11023]
• [DEPENDENCY] The gardener/dashboard image has been updated to 1.79.0. Release Notes by @​gardener-ci-robot [#​11199]
• [DEPENDENCY] The quay.io/prometheus/alertmanager image has been updated to v0.28.0. by @​gardener-ci-robot [#​11176]
• [DEPENDENCY] The envoyproxy/envoy image has been updated to v1.32.3. Release Notes by @​gardener-ci-robot [#​11068]
• [DEPENDENCY] The gardener/ingress-default-backend image has been updated to 0.21.0. Release Notes by @​gardener-ci-robot [#​11046]
• [DEPENDENCY] The gardener/terminal-controller-manager image has been updated to v0.34.0. Release Notes by @​gardener-ci-robot [#​11212]
• [DEPENDENCY] The gardener/alpine-conntrack image has been updated to 3.21.1. Release Notes by @​gardener-ci-robot [#​11151]
• [DEVELOPER] Fix malformed file path error on go get github.com/gardener/gardener@master by @​MartinWeindel [#​11145]
• [DEVELOPER] drop unused codepath from component_descriptor creation script. by @​ccwienk [#​11124]
• [DEVELOPER] The images of the registry caches used in the extensions local setup are now updated to distribution/[email protected] rc.2. by @​ialidzhikov [#​11079]
• [OPERATOR] Add additional context to shoot admission DNS errors so that it is more obvious what should be changed. by @​ScheererJ [#​11022]
• [OPERATOR] Allow specifying the IP families for the shoot creation tests. by @​ScheererJ [#​11135]
• [OPERATOR] Switch vpa-recommender back to the image built from the vertical-pod-autoscaler upstream repo . by @​plkokanov [#​11122]
• [OPERATOR] The gardener-dashboard configuration was enhanced in the garden API with fields gardenerDashboard.oidcConfig.clientIDPublic and gardenerDashboard.oidcConfig.issuerURL.
  Those are required to switch from the deprecated kubeAPIServer.oidcConfig to kubeAPIServer.structuredAuthentication. by @​timuthy [#​11080]
• [OPERATOR] gardener-operator now maintains a new condition RequiredVirtual for Extension resources. The new condition indicates whether the extension is related to required ControllerInstallations in the virtual garden cluster. by @​timuthy [#​11001]
• [OPERATOR] Add alerts for capped VPA recommendations by @​vicwicker [#​11136]
• [OPERATOR] Retry failed Cluster resource sync after otherwise successful Shoot reconciliation. by @​LucaBernstein [#​11144]
• [OPERATOR] gardener-operator restarts itself when the garden resource is deleted. This is required to stop controllers gracefully that depend on the existence of a virtual garden cluster. by @​timuthy [#​11058]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.111.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.111.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.111.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.111.0

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.111.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.111.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.111.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.111.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.111.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.111.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.111.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.111.0

gardener/gardener-extension-provider-openstack (github.com/gardener/gardener-extension-provider-openstack)

v1.46.0

no release notes available

Helm Charts

• admission-openstack-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.46.0
• admission-openstack-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.46.0
• provider-openstack: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.46.0

Docker Images

• gardener-extension-admission-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.46.0
• gardener-extension-provider-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.46.0

v1.45.0

Compare Source

[gardener/gardener-extension-provider-openstack]

📰 Noteworthy

• [USER] The kube-system/csi-driver-node and kube-system/csi-driver-manila-node DaemonSets are no longer scaled by a VerticalPodAutoscaler as they do not really benefit from it. Removing VerticalPodAutoscaler for these components will reduce unnecessary evictions by VPA and will be a mitigation for https://issues.k8s.io/126921. by @​ialidzhikov [#​938]

🐛 Bug Fixes

• [USER] Fix the NamespacedCloudProfile status mutation. by @​LucaBernstein [#​930]

🏃 Others

• [DEPENDENCY] Update gardener to v1.110.0 by @​hebelsan [#​933]
• [OPERATOR] The EgressCIDRS are now properly calculated for IPv6 addresses of the router. by @​kon-angelo [#​958]
• [OPERATOR] The EgressCIDRS are now properly calculated for multiple external fixed IPs of the router. by @​kon-angelo [#​958]
• [OPERATOR] Ignore not found errors on resource deletion during infrastructure reconciliation. by @​kon-angelo [#​948]

[gardener/machine-controller-manager-provider-openstack]

🏃 Others

• [DEVELOPER] The gardener/machine-controller-manager dependency has been updated to v0.55.1. Release Notes v0.55.0
  Release Notes v0.55.1 by @​gardener-robot-ci-3 [gardener/machine-controller-manager-provider-openstack#204]
• [DEVELOPER] Add gosec as sast makefile target by @​hebelsan [gardener/machine-controller-manager-provider-openstack#199]
• [DEPENDENCY] Update gardener/gardener to v1.108.1 by @​hebelsan [gardener/machine-controller-manager-provider-openstack#200]
• [OPERATOR] Increase VM status check timeout to 1200 seconds. by @​kon-angelo [gardener/machine-controller-manager-provider-openstack#212]

[gardener/terraformer]

🐛 Bug Fixes

• [DEVELOPER] Provider azurerm was updated to version 3.47.0 and is now properly recognising the ARM_OIDC_TOKEN_FILE_PATH env variable. by @​dimityrmirchev [gardener/terraformer#156]

🏃 Others

• [OPERATOR] Update golang to v1.23.5 by @​kon-angelo [gardener/terraformer#157]
• [OPERATOR] Update alpine to v3.21.2 by @​kon-angelo [gardener/terraformer#157]

Helm Charts

• admission-openstack-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-application:v1.45.0
• admission-openstack-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-openstack-runtime:v1.45.0
• provider-openstack: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-openstack:v1.45.0

Docker Images

• gardener-extension-admission-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-openstack:v1.45.0
• gardener-extension-provider-openstack: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-openstack:v1.45.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[gardener-ci-robot]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 41 additional dependencies were updated

Details:

Package	Change
github.com/onsi/ginkgo/v2	v2.22.0 -> v2.22.2
github.com/onsi/gomega	v1.36.0 -> v1.36.2
k8s.io/api	v0.31.3 -> v0.32.0
k8s.io/apimachinery	v0.31.3 -> v0.32.0
k8s.io/cli-runtime	v0.31.3 -> v0.31.5
k8s.io/client-go	v0.31.3 -> v0.32.0
k8s.io/component-base	v0.31.3 -> v0.32.0
sigs.k8s.io/controller-runtime	v0.19.3 -> v0.19.4
github.com/Azure/go-ansiterm	v0.0.0-20210617225240-d185dfc1b5a1 -> v0.0.0-20230124172434-306776ec8161
github.com/cyphar/filepath-securejoin	v0.3.4 -> v0.3.5
github.com/fsnotify/fsnotify	v1.7.0 -> v1.8.0
github.com/gardener/cert-management	v0.17.1 -> v0.17.2
github.com/gardener/etcd-druid	v0.25.0 -> v0.26.1
github.com/go-openapi/errors	v0.20.4 -> v0.22.0
github.com/google/gnostic-models	v0.6.8 -> v0.6.9
github.com/google/pprof	v0.0.0-20241029153458-d1b30febd7db -> v0.0.0-20241210010833-40e02aabc2ad
github.com/gorilla/websocket	v1.5.1 -> v1.5.3
github.com/gregjones/httpcache	v0.0.0-20180305231024-9cad4c3443a7 -> v0.0.0-20190611155906-901d90724c79
github.com/klauspost/compress	v1.17.9 -> v1.17.11
github.com/moby/spdystream	v0.4.0 -> v0.5.0
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring	v0.78.2 -> v0.79.2
github.com/prometheus/common	v0.61.0 -> v0.62.0
github.com/spf13/afero	v1.11.0 -> v1.12.0
golang.org/x/exp	v0.0.0-20241204233417-43b7b7cde48d -> v0.0.0-20250106191152-7588d65b2ba8
golang.org/x/net	v0.33.0 -> v0.34.0
golang.org/x/oauth2	v0.24.0 -> v0.25.0
golang.org/x/time	v0.8.0 -> v0.9.0
golang.org/x/tools	v0.28.0 -> v0.29.0
google.golang.org/genproto/googleapis/api	v0.0.0-20241015192408-796eee8c2d53 -> v0.0.0-20241209162323-e6fa225c2576
google.golang.org/protobuf	v1.35.2 -> v1.36.1
helm.sh/helm/v3	v3.16.3 -> v3.16.4
istio.io/api	v1.23.3 -> v1.24.2
istio.io/client-go	v1.23.3 -> v1.24.1
k8s.io/apiextensions-apiserver	v0.31.3 -> v0.32.0
k8s.io/autoscaler/vertical-pod-autoscaler	v1.2.1 -> v1.2.2
k8s.io/kube-aggregator	v0.31.3 -> v0.31.5
k8s.io/kube-openapi	v0.0.0-20240903163716-9e1beecbcb38 -> v0.0.0-20241127205056-99599406b04f
k8s.io/kubelet	v0.31.3 -> v0.32.0
k8s.io/metrics	v0.31.3 -> v0.31.5
sigs.k8s.io/json	v0.0.0-20221116044647-bc3834ca7abd -> v0.0.0-20241014173422-cfa47c3a1cc8
sigs.k8s.io/structured-merge-diff/v4	v4.4.3 -> v4.5.0

[gardener-robot]

@gardener-ci-robot Thank you for your contribution.