search

gardener / diki

Diki is a compliance checker that aims to enhance the security posture of your Kubernetes clusters.
Apache License 2.0
7 stars 8 forks source link

Update module github.com/gardener/gardener to v1.107.0 #339

Closed gardener-ci-robot closed 2 weeks ago

gardener-ci-robot commented 2 weeks ago

This PR contains the following updates:

Package Type Update Change
github.com/gardener/gardener require minor v1.106.1 -> v1.107.0

Release Notes

gardener/gardener (github.com/gardener/gardener) ### [`v1.107.0`](https://redirect.github.com/gardener/gardener/releases/tag/v1.107.0) [Compare Source](https://redirect.github.com/gardener/gardener/compare/v1.106.2...v1.107.0) ### \[gardener/gardener] #### ⚠️ Breaking Changes - `[DEVELOPER]` The unused method `WithShootCredentials` have been removed from `github.com/gardener/gardener/pkg/gardenlet/operation/shoot.Builder`. by [@​vpnachev](https://redirect.github.com/vpnachev) \[[#​10672](https://redirect.github.com/gardener/gardener/issues/10672)] - `[DEVELOPER]` In the local development setup, the images are pushed to `garden.local.gardener.cloud:5001` instead of `localhost:5001` now. Please add `127.0.0.1 garden.local.gardener.cloud` to your `/etc/hosts`. by [@​rrhubenov](https://redirect.github.com/rrhubenov) \[[#​10257](https://redirect.github.com/gardener/gardener/issues/10257)] - `[OPERATOR]` Feature gate `IPv6SingleStack` has been removed. Infrastructure-specific validations will be added in parallel to the corresponding provider extensions. by [@​ScheererJ](https://redirect.github.com/ScheererJ) \[[#​10716](https://redirect.github.com/gardener/gardener/issues/10716)] #### 📰 Noteworthy - `[OPERATOR]` ManagedSeed's `.spec.gardenlet.config.seedConfig.spec.ingress.controller.kind` field is now defaulted to `nginx` when\ `.spec.gardenlet.config.seedConfig` or `.spec.gardenlet.config.seedConfig.spec.ingress` is nil.\ This allows the creation of ManagedSeed without specifying the `.spec.gardenlet` field. by [@​RadaBDimitrova](https://redirect.github.com/RadaBDimitrova) \[[#​10655](https://redirect.github.com/gardener/gardener/issues/10655)] - `[OPERATOR]` A new `required` controller was added to `gardener-operator`. It maintains the `RequiredRuntime` condition for `Extension` resources to indicate that the extension deployment is required in the Garden-Runtime cluster. by [@​timuthy](https://redirect.github.com/timuthy) \[[#​10650](https://redirect.github.com/gardener/gardener/issues/10650)] - `[OPERATOR]` The `gardener/controlplane` Helm chart has been deprecated and will be removed after `v1.135` has been released (around beginning of 2026). We urge you to switch to a [`gardener-operator`](https://redirect.github.com/gardener/gardener/blob/master/docs/concepts/operator.md)-based installation. Read all about it [here](https://redirect.github.com/gardener/gardener/blob/master/docs/concepts/operator.md#migrating-an-existing-gardener-landscape-to-gardener-operator). by [@​rfranzke](https://redirect.github.com/rfranzke) \[[#​10706](https://redirect.github.com/gardener/gardener/issues/10706)] - `[DEVELOPER]` `.spec.gardenlet` of ManagedSeed is now a required field. This was already the case from an API perspective, enforced by validation. by [@​RadaBDimitrova](https://redirect.github.com/RadaBDimitrova) \[[#​10648](https://redirect.github.com/gardener/gardener/issues/10648)] - `[USER]` The `spec.kubernetes.kubeAPIServer.oidcConfig` field in the `Shoot` API is deprecated and will be removed after support for Kubernetes 1.31 is dropped. by [@​AleksandarSavchev](https://redirect.github.com/AleksandarSavchev) \[[#​10666](https://redirect.github.com/gardener/gardener/issues/10666)] #### ✨ New Features - `[OPERATOR]` If an admission webhook which was deployed via `Extension` resource by `gardener-operator` is deleted again, its webhook configuration in the virtual-cluster is cleaned up automatically. by [@​oliver-goetz](https://redirect.github.com/oliver-goetz) \[[#​10585](https://redirect.github.com/gardener/gardener/issues/10585)] - `[OPERATOR]` The `CloudProfile`, `Seed`, and `Shoot` APIs are now allowing to configure access restrictions (e.g., to enable "EU access"-only or similar policies). The legacy approach with the `seed.gardener.cloud/eu-access` labels is deprecated and will be removed in a future release. Make sure to adapt to the new APIs. Read all about it [here](https://redirect.github.com/gardener/gardener/tree/master/docs/usage/shoot/access_restrictions.md). by [@​rfranzke](https://redirect.github.com/rfranzke) \[[#​10654](https://redirect.github.com/gardener/gardener/issues/10654)] - `[USER]` The viewer kubeconfigs for shoot clusters now allow the `pods/log` subresource. by [@​rfranzke](https://redirect.github.com/rfranzke) \[[#​10711](https://redirect.github.com/gardener/gardener/issues/10711)] - `[USER]` Service Account Managed Issuer can be now enabled for workerless shoot clusters. by [@​dimityrmirchev](https://redirect.github.com/dimityrmirchev) \[[#​10689](https://redirect.github.com/gardener/gardener/issues/10689)] - `[USER]` Structured authorization configuration can now be set by creating a `ConfigMap` with the `AuthorizationConfiguration` file set in the `config.yaml` data key and referencing it (in the `Shoot` via `.spec.kubernetes.kubeAPIServer.structuredAuthorization`, in the `Garden` via `.spec.virtualCluster.kubernetes.kubeAPIServer.structuredAuthorization` for Kubernetes versions `>= v1.30`. Read all about it [here](https://redirect.github.com/gardener/gardener/tree/master/docs/usage/shoot/shoot_access.md#structured-authorization). by [@​rfranzke](https://redirect.github.com/rfranzke) \[[#​10682](https://redirect.github.com/gardener/gardener/issues/10682)] - `[USER]` Gardener reports the cluster's egress CIDRs in `Shoot.status.networking.egressCIDRs` if supported by the used provider extension. by [@​timebertt](https://redirect.github.com/timebertt) \[[#​10240](https://redirect.github.com/gardener/gardener/issues/10240)] #### 🐛 Bug Fixes - `[OPERATOR]` Fix Prometheus rule `shoot-kube-proxy`. by [@​LucaBernstein](https://redirect.github.com/LucaBernstein) \[[#​10757](https://redirect.github.com/gardener/gardener/issues/10757)] - `[OPERATOR]` The TopologySpreadConstraints calculation was improved for `StatefulSet`s to always use a stable label selector. This led to issues in the past when shoots were upgraded to HA. by [@​timuthy](https://redirect.github.com/timuthy) \[[#​10750](https://redirect.github.com/gardener/gardener/issues/10750)] - `[OPERATOR]` valitail version is now pinned to v2.2.15 (depends on glibc 2.32). by [@​ialidzhikov](https://redirect.github.com/ialidzhikov) \[[#​10776](https://redirect.github.com/gardener/gardener/issues/10776)] #### 🏃 Others - `[DEPENDENCY]` The `credativ/plutono` image has been updated to `v7.5.34`. [Release Notes](https://redirect.github.com/credativ/plutono/releases/tag/v7.5.34) by [@​gardener-ci-robot](https://redirect.github.com/gardener-ci-robot) \[[#​10732](https://redirect.github.com/gardener/gardener/issues/10732)] - `[DEPENDENCY]` The `gardener/etcd-druid` image has been updated to `v0.23.2`. [Release Notes](https://redirect.github.com/gardener/etcd-druid/releases/tag/v0.23.2) by [@​gardener-ci-robot](https://redirect.github.com/gardener-ci-robot) \[[#​10747](https://redirect.github.com/gardener/gardener/issues/10747)] - `[DEPENDENCY]` The `gardener/cert-management` image has been updated to `v0.16.0`. [Release Notes](https://redirect.github.com/gardener/cert-management/releases/tag/v0.16.0) by [@​gardener-ci-robot](https://redirect.github.com/gardener-ci-robot) \[[#​10684](https://redirect.github.com/gardener/gardener/issues/10684)] - `[DEPENDENCY]` The `credativ/vali` image has been updated to `v2.2.19`. [Release Notes](https://redirect.github.com/credativ/vali/releases/tag/v2.2.19) by [@​gardener-ci-robot](https://redirect.github.com/gardener-ci-robot) \[[#​10680](https://redirect.github.com/gardener/gardener/issues/10680)] - `[DEPENDENCY]` The `gcr.io/istio-release/pilot` image has been updated to `1.23.3`. by [@​gardener-ci-robot](https://redirect.github.com/gardener-ci-robot) \[[#​10725](https://redirect.github.com/gardener/gardener/issues/10725)] - `[DEPENDENCY]` The `quay.io/prometheus/prometheus` image has been updated to `v2.55.0`. by [@​gardener-ci-robot](https://redirect.github.com/gardener-ci-robot) \[[#​10697](https://redirect.github.com/gardener/gardener/issues/10697)] - `[DEPENDENCY]` The `quay.io/prometheus-operator/prometheus-config-reloader` image has been updated to `v0.77.2`. by [@​gardener-ci-robot](https://redirect.github.com/gardener-ci-robot) \[[#​10692](https://redirect.github.com/gardener/gardener/issues/10692)] - `[DEPENDENCY]` The `envoyproxy/envoy` image has been updated to `v1.32.1`. [Release Notes](https://redirect.github.com/envoyproxy/envoy/releases/tag/v1.32.1) by [@​gardener-ci-robot](https://redirect.github.com/gardener-ci-robot) \[[#​10755](https://redirect.github.com/gardener/gardener/issues/10755)] - `[DEPENDENCY]` The `gardener/dashboard` image has been updated to `1.78.0`. [Release Notes](https://redirect.github.com/gardener/dashboard/releases/tag/1.78.0) by [@​gardener-ci-robot](https://redirect.github.com/gardener-ci-robot) \[[#​10731](https://redirect.github.com/gardener/gardener/issues/10731)] - `[OPERATOR]` The admission automatically adds the `provider.extensions.gardener.cloud` label to `NamespacedCloudProfile`s. by [@​LucaBernstein](https://redirect.github.com/LucaBernstein) \[[#​10742](https://redirect.github.com/gardener/gardener/issues/10742)] - `[OPERATOR]` Add dual-stack support for coredns. by [@​DockToFuture](https://redirect.github.com/DockToFuture) \[[#​10733](https://redirect.github.com/gardener/gardener/issues/10733)] - `[OPERATOR]` Allow extensions to be scraped in garden runtime cluster even outside garden namespace by [@​ScheererJ](https://redirect.github.com/ScheererJ) \[[#​10720](https://redirect.github.com/gardener/gardener/issues/10720)] - `[OPERATOR]` Add label selector to ShootResourceReservation plugin to control for which Shoots the ShootResourceReservation Plugin sets `kubeReserved` according to the GKE formula when `useGKEFormula: true` is set. by [@​voelzmo](https://redirect.github.com/voelzmo) \[[#​10492](https://redirect.github.com/gardener/gardener/issues/10492)] - `[OPERATOR]` Increase the readiness probe timeout for the `gardener-metrics-exporter` from 1s to 10s. by [@​vicwicker](https://redirect.github.com/vicwicker) \[[#​10771](https://redirect.github.com/gardener/gardener/issues/10771)] - `[OPERATOR]` The `gardener/etcd-druid` image has been updated to `v0.23.1`. [Release Notes v0.23.1](https://redirect.github.com/gardener/etcd-druid/releases/tag/v0.23.1), [Release Notes v0.23.0](https://redirect.github.com/gardener/etcd-druid/releases/tag/v0.23.0) by [@​shreyas-s-rao](https://redirect.github.com/shreyas-s-rao) \[[#​10526](https://redirect.github.com/gardener/gardener/issues/10526)] - `[OPERATOR]` The `autoscaler/cluster-autoscaler` image has been updated to `v1.29.2` (for Kubernetes v1.29). [Release Notes](https://redirect.github.com/gardener/autoscaler/releases/tag/v1.29.2) by [@​rishabh-11](https://redirect.github.com/rishabh-11) \[[#​10700](https://redirect.github.com/gardener/gardener/issues/10700)] - `[OPERATOR]` Gardener API Server feature gate `ShootCredentialsBinding` has been promoted to beta and is enabled by default. by [@​dimityrmirchev](https://redirect.github.com/dimityrmirchev) \[[#​10662](https://redirect.github.com/gardener/gardener/issues/10662)] - `[DEVELOPER]` Add Make target `make operator-seed-dev` for local development of the `gardenlet` in the operator setup. by [@​marc1404](https://redirect.github.com/marc1404) \[[#​10710](https://redirect.github.com/gardener/gardener/issues/10710)] - `[DEVELOPER]` Fix `/etc/hosts` configuration in the remote local setup by [@​vicwicker](https://redirect.github.com/vicwicker) \[[#​10744](https://redirect.github.com/gardener/gardener/issues/10744)] - `[DEVELOPER]` The base image of the `gardener-extension-provider-local-node` image is now updated to `kindest/node@v1.31.1`. by [@​ialidzhikov](https://redirect.github.com/ialidzhikov) \[[#​10688](https://redirect.github.com/gardener/gardener/issues/10688)] - `[DEVELOPER]` local setup: The kind cluster's node image is now updated to `kindest/node@v1.31.1`. by [@​ialidzhikov](https://redirect.github.com/ialidzhikov) \[[#​10723](https://redirect.github.com/gardener/gardener/issues/10723)] #### Helm Charts - controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.107.0` - gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.107.0` - operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.107.0` - resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.107.0` #### Docker Images - admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.107.0` - apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.107.0` - controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.107.0` - gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.107.0` - node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.107.0` - operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.107.0` - resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.107.0` - scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.107.0` ### [`v1.106.2`](https://redirect.github.com/gardener/gardener/releases/tag/v1.106.2) [Compare Source](https://redirect.github.com/gardener/gardener/compare/v1.106.1...v1.106.2) ### \[gardener/gardener] #### 🏃 Others - `[OPERATOR]` Increase the readiness probe timeout for the `gardener-metrics-exporter` from 1s to 10s. by [@​vicwicker](https://redirect.github.com/vicwicker) \[[#​10769](https://redirect.github.com/gardener/gardener/issues/10769)] #### Helm Charts - controlplane: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.106.2` - gardenlet: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.106.2` - operator: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.106.2` - resource-manager: `europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.106.2` #### Docker Images - admission-controller: `europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.106.2` - apiserver: `europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.106.2` - controller-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.106.2` - gardenlet: `europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.106.2` - node-agent: `europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.106.2` - operator: `europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.106.2` - resource-manager: `europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.106.2` - scheduler: `europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.106.2`

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.

gardener-ci-robot commented 2 weeks ago

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

Details:

Package Change
github.com/onsi/gomega v1.34.2 -> v1.35.0
k8s.io/api v0.31.1 -> v0.31.2
k8s.io/apimachinery v0.31.1 -> v0.31.2
k8s.io/apiserver v0.31.1 -> v0.31.2
k8s.io/client-go v0.31.1 -> v0.31.2
k8s.io/component-base v0.31.1 -> v0.31.2
k8s.io/pod-security-admission v0.31.1 -> v0.31.2
sigs.k8s.io/controller-runtime v0.19.0 -> v0.19.1
github.com/BurntSushi/toml v1.3.2 -> v1.4.0
github.com/emicklei/go-restful/v3 v3.11.0 -> v3.12.1
github.com/fatih/color v1.17.0 -> v1.18.0
github.com/gardener/cert-management v0.15.0 -> v0.16.0
github.com/gardener/etcd-druid v0.22.7 -> v0.23.2
github.com/go-openapi/jsonpointer v0.20.0 -> v0.21.0
github.com/go-openapi/jsonreference v0.20.2 -> v0.21.0
github.com/go-openapi/swag v0.22.4 -> v0.23.0
github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.74.0 -> v0.77.2
github.com/prometheus/client_golang v1.20.4 -> v1.20.5
github.com/prometheus/common v0.60.0 -> v0.60.1
go.uber.org/mock v0.4.0 -> v0.5.0
google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 -> v0.0.0-20240827150818-7e3bb234dfed
istio.io/api v1.23.2 -> v1.23.3
k8s.io/apiextensions-apiserver v0.31.1 -> v0.31.2
k8s.io/cli-runtime v0.31.1 -> v0.31.2
k8s.io/code-generator v0.31.1 -> v0.31.2
k8s.io/kube-aggregator v0.31.1 -> v0.31.2
k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 -> v0.0.0-20240808142205-8e686545bdb8
k8s.io/metrics v0.31.1 -> v0.31.2
sigs.k8s.io/controller-tools v0.16.4 -> v0.16.5
gardener-robot commented 2 weeks ago

@gardener-ci-robot Thank you for your contribution.