chore(deps): bump github.com/gardener/gardener from 1.108.1 to 1.109.0

[dependabot[bot]]

Bumps github.com/gardener/gardener from 1.108.1 to 1.109.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.109.0

[gardener/gardener]

⚠️ Breaking Changes

• [OPERATOR] The HVPA autoscaling option (which is unconditionally disabled since v1.105.0) is removed from the etcd component. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @​plkokanov #10800
• [OPERATOR] The Baseline and HVPA autoscaling modes (which are unconditionally disabled since v1.105.0) are removed for {gardener,kube}-apiserver. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @​plkokanov #10796
• [OPERATOR] The deprecated and unconditionally disabled HVPA and HVPAForShootedSeed feature gates are removed. The GA-ed and unconditionally enabled VPAForETCD and VPAAndHPAForAPIServer features gates are removed. If you have references to the feature gates, clean them up before upgrading to this version of Gardener. by @​ialidzhikov #10853
• [DEVELOPER] Rename the controlplane exposure webhook (ExposureWebhookName) to seed provider webhook (SeedProviderWebhookName). by @​LucaBernstein #10788

📰 Noteworthy

• [OPERATOR] The gardener-scheduler was improved to consider reconciliation backoffs. In the past, unassigned shoots were affected by frequent scheduler reconciliations and status updates which potentially strained the scheduler and etcd. by @​timuthy #10821
• [DEVELOPER] extension library: Provider extensions should rename control plane exposure webhook related packages to seed provider to reflect the naming change on their side (for example rename pkg/webhook/controlplaneexposure to pkg/webhook/seedprovider). by @​LucaBernstein #10788

✨ New Features

• [OPERATOR] NodeAgentAuthorizer feature gate was introduced. It allows a webhook based authorization of gardener-node-agents with reduced permissions.
  ❗ This feature gate requires changes in machine-controller-manager-provider-*. Please check that you run a supported version before activating it. ❗ by @​oliver-goetz #10781
• [USER] Allow dual-stack shoots creation. by @​axel7born #10803
• [USER] shoot spec.kubernetes.clusterAutoscaler: Add support for startupTaints and statusTaints by @​dhague #10858

🐛 Bug Fixes

• [USER] Fixed a bug where SSH key rotations for Shoots did not properly update the authorized keys on the worker nodes (hence, the new key was unusable until a node restart or rollout). by @​tobschli #10671
• [USER] On Shoot deletion, Gardener now properly skips certain validation checks that are only relevant for creations or updates of Shoot resources. by @​rfranzke #10902
• [OPERATOR] Fixed an error in BackupBucket reconciliation by replacing StrategicMergePatch with MergePatch to properly handle runtime.RawExtension fields. by @​seshachalam-yv #10904

🏃 Others

• [OPERATOR] update alpine to get latest security fixes by @​DockToFuture #10922
• [OPERATOR] Add support for node-local-dns in dual-stack cluster. by @​axel7born #10891
• [OPERATOR] Add dual stack support for VPN. by @​DockToFuture #10767
• [OPERATOR] Fix kubelet CSRs to allow IPv6 addresses to be used by @​kron4eg #10876
• [OPERATOR] Add dashboard for VPA admission-controller by @​voelzmo #10741
• [OPERATOR] The HVPA component is removed. Before updating to this version of Gardener, make sure that you upgraded to v1.106.0 and all Seed and Garden resources reconciled with that version. This is required to ensure that the HVPA component and its CRD were properly cleaned up. by @​ialidzhikov #10851
• [OPERATOR] Added validation for issuerURL in the OIDC configuration to reject URLs containing fragments. by @​acumino #10888
• [OPERATOR] The gardener/dependency-watchdog image has been updated to v1.3.0. Release Notes by @​rishabh-11 #10930
• [OPERATOR] Adapt configure-admission.sh for new extension releases with changed value names for Helm charts. by @​MartinWeindel #10877
• [DEPENDENCY] The registry.k8s.io/cpa/cluster-proportional-autoscaler image has been updated to v1.9.0. by @​gardener-ci-robot #10898
• [DEPENDENCY] The gardener/autoscaler image has been updated to v1.30.1. Release Notes by @​gardener-ci-robot #10914
• [DEPENDENCY] The gardener/vpn2 image has been updated to 0.30.0. Release Notes by @​gardener-ci-robot #10872
• [DEPENDENCY] The registry.k8s.io/coredns/coredns image has been updated to v1.11.4. by @​gardener-ci-robot #10856
• [DEPENDENCY] The gardener/gardener-discovery-server image has been updated to v0.3.0. Release Notes by @​gardener-ci-robot #10849
• [DEPENDENCY] The gardener/etcd-druid image has been updated to v0.25.0. Release Notes by @​gardener-ci-robot #10932
• [DEPENDENCY] The gardener/machine-controller-manager image has been updated to v0.55.0. Release Notes by @​rishabh-11 #10908

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.109.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.109.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.109.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.109.0

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.109.0

... (truncated)

Commits

• d0adcfc Release v1.109.0
• 65476b3 [release-v1.109] chore(deps): update etcd-druid to v0.25.0 (minor) (#10932)
• 298f379 upgrade dwd to 1.3.0 (#10930)
• fb6c0d9 Add support for node-local-dns in dual-stack cluster. (#10891)
• 77c14bb chore(deps): update dependency gardener/gardener-extension-networking-calico ...
• 592fec2 update alpine to fix openssh vulnerabilities (#10922)
• 5aaaa4d [node-agent-authorizer] Introduce webhook based authorization to `gardener-no...
• 4ac6d01 Update Kubernetes 1.31 conformance test coverage (#10829)
• 8a975e6 Make determineSeed public (#10917)
• c8b90f5 Correctly update the value in list (#10920)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[gardener-robot]

@dependabot[bot] Thank you for your contribution.

[gardener-robot-ci-2]

Thank you @dependabot[bot] for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below.