🤖 Update module github.com/gardener/gardener to v1.107.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/gardener/gardener	v1.101.3 -> v1.107.0

---

Release Notes

gardener/gardener (github.com/gardener/gardener)

v1.107.0

Compare Source

[gardener/gardener]

⚠️ Breaking Changes

• [DEVELOPER] The unused method WithShootCredentials have been removed from github.com/gardener/gardener/pkg/gardenlet/operation/shoot.Builder. by @​vpnachev [#​10672]
• [DEVELOPER] In the local development setup, the images are pushed to garden.local.gardener.cloud:5001 instead of localhost:5001 now. Please add 127.0.0.1 garden.local.gardener.cloud to your /etc/hosts. by @​rrhubenov [#​10257]
• [OPERATOR] Feature gate IPv6SingleStack has been removed. Infrastructure-specific validations will be added in parallel to the corresponding provider extensions. by @​ScheererJ [#​10716]

📰 Noteworthy

• [OPERATOR] ManagedSeed's .spec.gardenlet.config.seedConfig.spec.ingress.controller.kind field is now defaulted to nginx when
  .spec.gardenlet.config.seedConfig or .spec.gardenlet.config.seedConfig.spec.ingress is nil.
  This allows the creation of ManagedSeed without specifying the .spec.gardenlet field. by @​RadaBDimitrova [#​10655]
• [OPERATOR] A new required controller was added to gardener-operator. It maintains the RequiredRuntime condition for Extension resources to indicate that the extension deployment is required in the Garden-Runtime cluster. by @​timuthy [#​10650]
• [OPERATOR] The gardener/controlplane Helm chart has been deprecated and will be removed after v1.135 has been released (around beginning of 2026). We urge you to switch to a gardener-operator-based installation. Read all about it here. by @​rfranzke [#​10706]
• [DEVELOPER] .spec.gardenlet of ManagedSeed is now a required field. This was already the case from an API perspective, enforced by validation. by @​RadaBDimitrova [#​10648]
• [USER] The spec.kubernetes.kubeAPIServer.oidcConfig field in the Shoot API is deprecated and will be removed after support for Kubernetes 1.31 is dropped. by @​AleksandarSavchev [#​10666]

✨ New Features

• [OPERATOR] If an admission webhook which was deployed via Extension resource by gardener-operator is deleted again, its webhook configuration in the virtual-cluster is cleaned up automatically. by @​oliver-goetz [#​10585]
• [OPERATOR] The CloudProfile, Seed, and Shoot APIs are now allowing to configure access restrictions (e.g., to enable "EU access"-only or similar policies). The legacy approach with the seed.gardener.cloud/eu-access labels is deprecated and will be removed in a future release. Make sure to adapt to the new APIs. Read all about it here. by @​rfranzke [#​10654]
• [USER] The viewer kubeconfigs for shoot clusters now allow the pods/log subresource. by @​rfranzke [#​10711]
• [USER] Service Account Managed Issuer can be now enabled for workerless shoot clusters. by @​dimityrmirchev [#​10689]
• [USER] Structured authorization configuration can now be set by creating a ConfigMap with the AuthorizationConfiguration file set in the config.yaml data key and referencing it (in the Shoot via .spec.kubernetes.kubeAPIServer.structuredAuthorization, in the Garden via .spec.virtualCluster.kubernetes.kubeAPIServer.structuredAuthorization for Kubernetes versions >= v1.30. Read all about it here. by @​rfranzke [#​10682]
• [USER] Gardener reports the cluster's egress CIDRs in Shoot.status.networking.egressCIDRs if supported by the used provider extension. by @​timebertt [#​10240]

🐛 Bug Fixes

• [OPERATOR] Fix Prometheus rule shoot-kube-proxy. by @​LucaBernstein [#​10757]
• [OPERATOR] The TopologySpreadConstraints calculation was improved for StatefulSets to always use a stable label selector. This led to issues in the past when shoots were upgraded to HA. by @​timuthy [#​10750]
• [OPERATOR] valitail version is now pinned to v2.2.15 (depends on glibc 2.32). by @​ialidzhikov [#​10776]

🏃 Others

• [DEPENDENCY] The credativ/plutono image has been updated to v7.5.34. Release Notes by @​gardener-ci-robot [#​10732]
• [DEPENDENCY] The gardener/etcd-druid image has been updated to v0.23.2. Release Notes by @​gardener-ci-robot [#​10747]
• [DEPENDENCY] The gardener/cert-management image has been updated to v0.16.0. Release Notes by @​gardener-ci-robot [#​10684]
• [DEPENDENCY] The credativ/vali image has been updated to v2.2.19. Release Notes by @​gardener-ci-robot [#​10680]
• [DEPENDENCY] The gcr.io/istio-release/pilot image has been updated to 1.23.3. by @​gardener-ci-robot [#​10725]
• [DEPENDENCY] The quay.io/prometheus/prometheus image has been updated to v2.55.0. by @​gardener-ci-robot [#​10697]
• [DEPENDENCY] The quay.io/prometheus-operator/prometheus-config-reloader image has been updated to v0.77.2. by @​gardener-ci-robot [#​10692]
• [DEPENDENCY] The envoyproxy/envoy image has been updated to v1.32.1. Release Notes by @​gardener-ci-robot [#​10755]
• [DEPENDENCY] The gardener/dashboard image has been updated to 1.78.0. Release Notes by @​gardener-ci-robot [#​10731]
• [OPERATOR] The admission automatically adds the provider.extensions.gardener.cloud label to NamespacedCloudProfiles. by @​LucaBernstein [#​10742]
• [OPERATOR] Add dual-stack support for coredns. by @​DockToFuture [#​10733]
• [OPERATOR] Allow extensions to be scraped in garden runtime cluster even outside garden namespace by @​ScheererJ [#​10720]
• [OPERATOR] Add label selector to ShootResourceReservation plugin to control for which Shoots the ShootResourceReservation Plugin sets kubeReserved according to the GKE formula when useGKEFormula: true is set. by @​voelzmo [#​10492]
• [OPERATOR] Increase the readiness probe timeout for the gardener-metrics-exporter from 1s to 10s. by @​vicwicker [#​10771]
• [OPERATOR] The gardener/etcd-druid image has been updated to v0.23.1. Release Notes v0.23.1, Release Notes v0.23.0 by @​shreyas-s-rao [#​10526]
• [OPERATOR] The autoscaler/cluster-autoscaler image has been updated to v1.29.2 (for Kubernetes v1.29). Release Notes by @​rishabh-11 [#​10700]
• [OPERATOR] Gardener API Server feature gate ShootCredentialsBinding has been promoted to beta and is enabled by default. by @​dimityrmirchev [#​10662]
• [DEVELOPER] Add Make target make operator-seed-dev for local development of the gardenlet in the operator setup. by @​marc1404 [#​10710]
• [DEVELOPER] Fix /etc/hosts configuration in the remote local setup by @​vicwicker [#​10744]
• [DEVELOPER] The base image of the gardener-extension-provider-local-node image is now updated to kindest/[email protected]. by @​ialidzhikov [#​10688]
• [DEVELOPER] local setup: The kind cluster's node image is now updated to kindest/[email protected]. by @​ialidzhikov [#​10723]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.107.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.107.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.107.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.107.0

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.107.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.107.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.107.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.107.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.107.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.107.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.107.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.107.0

v1.106.2

Compare Source

[gardener/gardener]

🏃 Others

• [OPERATOR] Increase the readiness probe timeout for the gardener-metrics-exporter from 1s to 10s. by @​vicwicker [#​10769]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.106.2
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.106.2
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.106.2
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.106.2

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.106.2
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.106.2
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.106.2
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.106.2
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.106.2
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.106.2
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.106.2
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.106.2

v1.106.1

Compare Source

[gardener/gardener]

🐛 Bug Fixes

• [OPERATOR] The gardener-resource-manager does not mark Deployments as progressing when there are still completed Pods in the system. by @​timuthy [#​10727]

🏃 Others

• [OPERATOR] IPv6 support for node-local-dns. by @​DockToFuture [#​10707]
• [OPERATOR] Fixed an issue that would cause the entry for the machine-state in the ShootState to be overwritten with nil data during control plane migration, if the migrate phase errored and was retried after the MachineDeployment, MachineSet and Machine objects were deleted, which would result in the Shoot's nodes to be recreated during Control Plane Migration. by @​plkokanov [#​10695]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.106.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.106.1
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.106.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.106.1

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.106.1
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.106.1
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.106.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.106.1
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.106.1
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.106.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.106.1
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.106.1

v1.106.0

Compare Source

[gardener/gardener]

⚠️ Breaking Changes

• [OPERATOR] kubeletCSRApprover controller in gardener-resource-manager Helm chart has been renamed to csrApprover. by @​oliver-goetz [#​10549]
• [OPERATOR] The HVPA and HVPAForShootedSeed feature gates have been deprecated and locked to false. Disable the HVPA and HVPAForShootedSeed feature gates if you have them enabled before upgrading to this version of Gardener. by @​plkokanov [#​10659]

📰 Noteworthy

• [USER] For Kubernetes 1.31+ Shoot clusters, the kubelet and containerd cgroup driver is set to systemd. Previously, the used cgroup driver was cgroupfs. Find more details in the cgroup driver section. by @​ialidzhikov [#​10472]
• [OPERATOR] The gardener operator chart (charts/gardener/operator) does no longer enable the HVPA feature gate in its default values.yaml. by @​ialidzhikov [#​10566]

✨ New Features

• [DEVELOPER] Allow gosec to be consumed from gardener/gardener by @​ScheererJ [#​10642]
• [DEVELOPER] Gardener can now support clusters with Kubernetes version 1.31. Extension developers have to prepare individual extensions as well to work with 1.31. by @​ialidzhikov [#​10472]
• [OPERATOR] Adds CloudProfile validation for the recently introduced .spec.bastion section. by @​hebelsan [#​10318]
• [OPERATOR] Gardener can now support clusters with Kubernetes version 1.31. To allow creation/update of 1.31 clusters you will have to update the version of your provider extension(s) to a version that supports 1.31 as well. Please consult the respective releases and notes in the provider extension's repository. by @​ialidzhikov [#​10472]
• [OPERATOR] Added an alert for the Garden resource's conditions, along with a dashboard that also displays the resource's last operation. by @​rickardsjp [#​10562]

🐛 Bug Fixes

• [OPERATOR] Fixes an issue with the network metrics relabeling config that caused the Node Details dashboard to not display data for AWS nodes. by @​rickardsjp [#​10625]

🏃 Others

• [DEPENDENCY] The registry.k8s.io/ingress-nginx/controller-chroot image has been updated to v1.11.3. by @​gardener-ci-robot [#​10626]
• [DEPENDENCY] The gardener/vpn2 image has been updated to 0.28.0. Release Notes by @​gardener-ci-robot [#​10640]
• [DEPENDENCY] The quay.io/cortexproject/cortex image has been updated to v1.18.1. by @​gardener-ci-robot [#​10657]
• [DEPENDENCY] The registry.k8s.io/node-problem-detector/node-problem-detector image has been updated to v0.8.20. by @​gardener-ci-robot [#​10661]
• [DEPENDENCY] The envoyproxy/envoy image has been updated to v1.32.0. Release Notes by @​gardener-ci-robot [#​10656]
• [OPERATOR] HA-VPN works if seed and shoot have different IPFamilies. by @​DockToFuture [#​10622]
• [OPERATOR] Update istio to version 1.23.2 by @​axel7born [#​10558]
• [OPERATOR] [NewVPN] Enable IPv6 for HA if needed. by @​MartinWeindel [#​10641]
• [OPERATOR] Gardener generated certificates are valid 1 minute before issuance to handle some amount of clock skew. by @​ScheererJ [#​10603]
• [OPERATOR] Metrics for vpa-recommenders are now collected in separate prometheus instances depending on where the vpa-recommender pods are deployed. Metrics for the vpa-recommender in the garden namespace are collected in prometheus-seed. Metrics for the vpa-recommender in the shoot control plane namespaces are collected in the corresponding prometheus-shoot. Additionally, the VPA Recommender plutono dashboard is separately deployed for seeds in the garden namespace and shoots in their control plane namespaces. by @​plkokanov [#​10517]
• [OPERATOR] Clean up migration code from the monitoring component by @​vicwicker [#​10597]
• [DEVELOPER] The following dependencies are updated:
  • k8s.io/* : v0.29.8 -> v0.31.0
  • sigs.k8s.io/controller-runtime: v0.17.5 -> v0.19.0 by @​ary1992 [#​10459]
• [DEVELOPER] The HVPA features gates (HVPA and HVPAForShootedSeed) are no longer enabled in local setups. by @​ialidzhikov [#​10566]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.106.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.106.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.106.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.106.0

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.106.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.106.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.106.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.106.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.106.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.106.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.106.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.106.0

v1.105.3

Compare Source

[gardener/gardener]

🏃 Others

• [OPERATOR] Increase the readiness probe timeout for the gardener-metrics-exporter from 1s to 10s. by @​vicwicker [#​10770]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.105.3
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.105.3
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.105.3
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.105.3

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.105.3
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.105.3
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.105.3
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.105.3
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.105.3
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.105.3
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.105.3
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.105.3

v1.105.2

Compare Source

[gardener/gardener]

🐛 Bug Fixes

• [OPERATOR] The gardener-resource-manager does not mark Deployments as progressing when there are still completed Pods in the system. by @​timuthy [#​10728]

🏃 Others

• [OPERATOR] Fixed an issue that would cause the entry for the machine-state in the ShootState to be overwritten with nil data during control plane migration, if the migrate phase errored and was retried after the MachineDeployment, MachineSet and Machine objects were deleted, which would result in the Shoot's nodes to be recreated during Control Plane Migration. by @​plkokanov [#​10696]
• [OPERATOR] IPv6 support for node-local-dns. by @​DockToFuture [#​10708]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.105.2
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.105.2
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.105.2
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.105.2

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.105.2
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.105.2
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.105.2
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.105.2
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.105.2
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.105.2
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.105.2
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.105.2

v1.105.1

Compare Source

[gardener/gardener]

🐛 Bug Fixes

• [OPERATOR] An issue was fixed that cause gardener-operator to deploy the gardenlet into the runtime cluster instead of another intended remote cluster. by @​timuthy [#​10631]
• [OPERATOR] Fix a bug where the shoot care controller cannot reconcile shoots with spec.maintenance.confineSpecUpdateRollout=true and migrated between secretBindingName and credentialsBindingName until the shoot is reconciled.. by @​vpnachev [#​10674]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.105.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.105.1
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.105.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.105.1

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.105.1
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.105.1
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.105.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.105.1
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.105.1
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.105.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.105.1
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.105.1

v1.105.0

Compare Source

[gardener/gardener]

📰 Noteworthy

• [OPERATOR] The VPAForETCD and VPAAndHPAForAPIServer feature gates have been promoted to GA and locked to true. by @​plkokanov [#​10599]
• [USER] The limitation of having at maximum ~80 worker pools in Shoots has been lifted. Much higher numbers should be possible now (concrete limit depends on the amount of configuration within the pools (e.g., labels, taints, annotations, etc.)). by @​rfranzke [#​10542]

✨ New Features

• [DEVELOPER] Add functionality for the determination of bastion VM parameters used by the extensions by @​hebelsan [#​10537]
• [OPERATOR] gardener-operator is now capable of deploying extension controllers to the garden runtime cluster via operator.gardener.cloud/v1alpha1.Extension resources. Please visit this document for more information. by @​timuthy [#​10518]
• [OPERATOR] gardenlet now performs garbage collection of stale Pods in all namespaces (except kube-system) in the seed cluster. by @​rfranzke [#​10548]

🐛 Bug Fixes

• [OPERATOR] When checking whether a Deployment rollout is complete, stale Pods are now ignored and no longer counted. by @​rfranzke [#​10548]

🏃 Others

• [DEPENDENCY] The quay.io/prometheus-operator/prometheus-config-reloader image has been updated to v0.77.0. by @​gardener-ci-robot [#​10547]
• [DEPENDENCY] The gardener/ingress-default-backend image has been updated to 0.20.0. Release Notes by @​gardener-ci-robot [#​10560]
• [DEPENDENCY] The gardener/etcd-druid image has been updated to v0.22.7. Release Notes by @​gardener-ci-robot [#​10570]
• [DEPENDENCY] The gardener/etcd-druid image has been updated to v0.22.6. Release Notes by @​gardener-ci-robot [#​10556]
• [DEPENDENCY] The gardener/gardener-discovery-server image has been updated to v0.2.0. Release Notes by @​gardener-ci-robot [#​10546]
• [DEPENDENCY] The quay.io/prometheus-operator/prometheus-config-reloader image has been updated to v0.77.1. by @​gardener-ci-robot [#​10573]
• [DEPENDENCY] The quay.io/kiwigrid/k8s-sidecar image has been updated to 1.28.0. by @​gardener-ci-robot [#​10591]
• [DEPENDENCY] The envoyproxy/envoy image has been updated to v1.31.2. Release Notes by @​gardener-ci-robot [#​10553]
• [DEPENDENCY] The gcr.io/istio-release/pilot image has been updated to 1.21.6. by @​gardener-ci-robot [#​10564]
• [DEVELOPER] provider-extensions setup: Seed VPA is disabled by default to avoid two VPA deployments to act on the same cluster causing endless eviction loops. by @​ialidzhikov [#​10593]
• [DEVELOPER] Correctly extract and install the go binaries in the remote local setup by @​vicwicker [#​10605]
• [OPERATOR] Allow overlapping network ranges in case of single stack IPv6. by @​axel7born [#​10584]
• [OPERATOR] Allow empty pod and service ranges in shoot spec for IPv6 single stack. by @​axel7born [#​10541]
• [OPERATOR] The TopologySpreadConstraint calculation was improved for workload spread across multiple zones. This especially leads to a more balanced distribution of kube-apiserver and istio replicas in seed clusters. by @​timuthy [#​10608]
• [OPERATOR] VPA resource settings are now adapted - memory limits are removed and initial resource requests are lowered. by @​voelzmo [#​10568]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.105.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.105.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.105.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.105.0

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.105.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.105.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.105.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.105.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.105.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.105.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.105.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.105.0

v1.104.3

Compare Source

[gardener/gardener]

🏃 Others

• [OPERATOR] IPv6 support for node-local-dns. by @​DockToFuture [#​10709]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.104.3
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.104.3
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.104.3
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.104.3

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.104.3
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.104.3
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.104.3
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.104.3
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.104.3
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.104.3
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.104.3
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.104.3

v1.104.2

Compare Source

[gardener/gardener]

🐛 Bug Fixes

• [OPERATOR] Fix a bug where the shoot care controller cannot reconcile shoots with spec.maintenance.confineSpecUpdateRollout=true and migrated between secretBindingName and credentialsBindingName until the shoot is reconciled.. by @​vpnachev [#​10675]
• [OPERATOR] An issue was fixed that cause gardener-operator to deploy the gardenlet into the runtime cluster instead of another intended remote cluster. by @​timuthy [#​10628]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.104.2
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.104.2
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.104.2
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.104.2

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.104.2
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.104.2
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.104.2
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.104.2
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.104.2
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.104.2
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.104.2
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.104.2

v1.104.1

Compare Source

[gardener/gardener]

🐛 Bug Fixes

• [OPERATOR] Fix a regression that caused gardenlet to not be able to migrate deprecated failure-domain.beta.kubernetes.io labels to topology.kubernetes.io due to a removed RBAC rule required to patch PersistentVolumes. by @​plkokanov [#​10578]

🏃 Others

• [OPERATOR] The gardener/etcd-druid image has been updated to v0.22.7. Release Notes by @​ishan16696 [#​10592]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.104.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.104.1
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.104.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.104.1

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.104.1
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.104.1
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.104.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.104.1
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.104.1
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.104.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.104.1
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.104.1

v1.104.0

Compare Source

[gardener/gardener]

⚠️ Breaking Changes

• [USER] A bug has been fixed which was allowing users to set Shoot oidc configurations for the kube-apiserver without setting the clientID and issuerURL fields in spec.kubernetes.kubeAPIServer.oidcConfig, which would lead to the kube-apiserver stuck in a Error state. gardener-apiserver now requires both clientID and issuerURL fields to be set when the spec.kubernetes.kubeAPIServer.oidcConfig field is specified. by @​AleksandarSavchev [#​10461]
• [OPERATOR] credentialsBinding.credentialsRef is now an immutable field. by @​dimityrmirchev [#​10365]

📰 Noteworthy

• [USER] Users are allowed to change shoot.spec.credentialsBindingName and reference another CredentialsBinding only if they have the permissions to read both the old and newly referenced credential. by @​dimityrmirchev [#​10365]
• [USER] Users can migrate from shoot.spec.secretBindingName to shoot.spec.credentialsBindingName only if the referenced credential remains the same and is not changed during the process. by @​dimityrmirchev [#​10365]
• [OPERATOR] Allow project users to read NamespacedCloudProfiles and for project admins to make adjustments to machine types and volume types. by @​LucaBernstein [#​10485]
• [OPERATOR] Alerts based on the proposals_failed_total metric of the etcd cluster are not raised anymore. by @​renormalize [#​10524]
• [DEVELOPER] A new predicate extensions/pkg/predicate.GardenSecurityProviderType can be used to select resources from the security.gardener.cloud group that are related to the passed provider type. by @​dimityrmirchev [#​10499]

✨ New Features

• [OPERATOR] The gardener-operator metrics are now automatically scraped by the garden Prometheus. by @​maboehm [#​10464]
• [OPERATOR] Introduce custom RBAC verbs to allow for modification of .spec.{kubernetes,machineImages} in NamespacedCloudProfiles. by @​LucaBernstein [#​10485]
• [OPERATOR] The feature gate NewVPN is introduced for the gardenlet component. If enabled, the new VPN implementation (Golang rewrite) is used for all Shoots of the respective Seed. In this case, the old implementation can be disabled for a single Shoot by annotating the shoot resource with alpha.control-plane.shoot.gardener.cloud/disable-new-vpn=true. For Seeds with disabled feature gate, the new implementation can be enabled for a single shoot by annotating it with alpha.control-plane.shoot.gardener.cloud/disable-new-vpn=false. by @​MartinWeindel [#​9774]

🐛 Bug Fixes

• [USER] Fixed disk read/write panel in the shoot's etcd dashboards by @​rickardsjp [#​10493]
• [DEVELOPER] An issue was fixed that rejected the creation of workerless shoots in the local setup. by @​timuthy [#​10498]

🏃 Others

• [DEPENDENCY] The gardener/hvpa-controller image has been updated to v0.17.0. Release Notes by @​gardener-ci-robot [#​10508]
• [DEPENDENCY] The quay.io/prometheus-operator/prometheus-config-reloader image has been updated to v0.76.2. by @​gardener-ci-robot [#​10500]
• [DEPENDENCY] The gardener/machine-controller-manager image has been updated to v0.54.0. Release Notes by @​gardener-ci-robot [#​10528]
• [DEPENDENCY] The gardener/alpine-conntrack image has been updated to 3.20.3. Release Notes by @​gardener-ci-robot [#​10487]
• [DEPENDENCY] The envoyproxy/envoy image has been updated to v1.31.1. Release Notes by @​gardener-ci-robot [#​10531]
• [OPERATOR] Federate apiserver_total_request metric to the Prometheus longterm instance by @​jguipi [#​10457]
• [OPERATOR] Allow empty networking.nodes in case of IPv6 only shoots. by @​axel7born [#​10533]
• [OPERATOR] Improved node utilisation by reducing requests for etcd-druid managed pods. by @​unmarshall [#​10540]
• [DEVELOPER] Install go in the remote local setup from the go download site instead of using the apk package manager. by @​vicwicker [#​10502]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.104.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.104.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.104.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.104.0

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.104.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.104.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.104.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.104.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.104.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.104.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.104.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.104.0

v1.103.2

Compare Source

[gardener/gardener]

🐛 Bug Fixes

• [OPERATOR] An issue was fixed that cause gardener-operator to deploy the gardenlet into the runtime cluster instead of another intended remote cluster. by @​timuthy [#​10624]
• [OPERATOR] Fix a bug where the shoot care controller cannot reconcile shoots with spec.maintenance.confineSpecUpdateRollout=true and migrated between secretBindingName and credentialsBindingName until the shoot is reconciled.. by @​vpnachev [#​10676]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.103.2
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.103.2
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.103.2
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.103.2

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.103.2
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.103.2
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.103.2
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.103.2
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.103.2
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.103.2
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.103.2
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.103.2

v1.103.1

Compare Source

[gardener/gardener]

🐛 Bug Fixes

• [DEVELOPER] An issue was fixed that rejected the creation of workerless shoots in the local setup. by @​timuthy [#​10503]
• [OPERATOR] Fix a regression that caused gardenlet to not be able to migrate deprecated failure-domain.beta.kubernetes.io labels to topology.kubernetes.io due to a removed RBAC rule required to patch PersistentVolumes. by @​plkokanov [[#​10581](https://redirect.github.com/gardener

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -d -t ./...
go: -d flag is deprecated. -d=true is a no-op
go: downloading github.com/gardener/gardener v1.107.0
go: downloading k8s.io/api v0.31.2
go: downloading k8s.io/apiextensions-apiserver v0.31.2
go: downloading k8s.io/apimachinery v0.31.2
go: downloading k8s.io/component-base v0.31.2
go: downloading k8s.io/utils v0.0.0-20240921022957-49e7df575cb6
go: downloading github.com/Masterminds/semver/v3 v3.3.0
go: downloading k8s.io/autoscaler/vertical-pod-autoscaler v1.2.1
go: downloading k8s.io/klog/v2 v2.130.1
go: downloading github.com/evanphx/json-patch v5.9.0+incompatible
go: downloading golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c
go: downloading github.com/cyphar/filepath-securejoin v0.3.1
go: downloading github.com/gardener/cert-management v0.16.0
go: downloading github.com/gardener/etcd-druid v0.23.2
go: downloading github.com/gardener/hvpa-controller/api v0.17.0
go: downloading github.com/gardener/machine-controller-manager v0.54.0
go: downloading github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.77.2
go: downloading istio.io/client-go v1.23.2
go: downloading k8s.io/kube-aggregator v0.31.2
go: downloading k8s.io/metrics v0.31.2
go: downloading github.com/prometheus/client_golang v1.20.5
go: downloading helm.sh/helm/v3 v3.16.2
go: downloading k8s.io/kubelet v0.31.2
go: downloading golang.org/x/oauth2 v0.23.0
go: downloading golang.org/x/time v0.7.0
go: downloading k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8
go: downloading github.com/andybalholm/brotli v1.1.1
go: downloading sigs.k8s.io/kustomize/api v0.17.2
go: downloading sigs.k8s.io/kustomize/kyaml v0.17.1
go: downloading istio.io/api v1.23.3
go: downloading github.com/klauspost/compress v1.17.9
go: downloading github.com/prometheus/common v0.60.1
go: downloading github.com/BurntSushi/toml v1.4.0
go: downloading github.com/Masterminds/sprig/v3 v3.3.0
go: downloading github.com/fxamacker/cbor/v2 v2.7.0
go: downloading github.com/moby/spdystream v0.4.0
go: downloading github.com/prometheus/procfs v0.15.1
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed
go: downloading dario.cat/mergo v1.0.1
go: downloading github.com/huandu/xstrings v1.5.0
go: downloading github.com/shopspring/decimal v1.4.0
go: downloading github.com/spf13/cast v1.7.0
go: downloading github.com/x448/float16 v0.8.4
go: downloading github.com/emicklei/go-restful/v3 v3.12.1
go: github.com/stackitcloud/gardener-extension-shoot-flux/cmd/gardener-extension-shoot-flux/app imports
	github.com/gardener/gardener/extensions/pkg/controller imports
	k8s.io/client-go/kubernetes/scheme imports
	k8s.io/api/resource/v1alpha2: cannot find module providing package k8s.io/api/resource/v1alpha2