Bump github.com/gardener/gardener from 1.88.0 to 1.89.0

[dependabot[bot]]

Bumps github.com/gardener/gardener from 1.88.0 to 1.89.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.89.0

[gardener/gardener-metrics-exporter]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @​ccwienkgardener/gardener-metrics-exporter#92

🐛 Bug Fixes

• [OPERATOR] Helm chart upgrades no longer fail due to the immutable Deployment.spec.selector field. In order to upgrade to this version, the gardener-metrics-exporter Deployment needs to be deleted first. by @​timeberttgardener/gardener-metrics-exporter#94

🏃 Others

• [OPERATOR] Upgrade go to 1.22, update base image to distroless based on Debian 12, and exchange the linter. by @​rickardsjpgardener/gardener-metrics-exporter#97
• [OPERATOR] Upgrade dependencies
  Upgrade golang to 1.22 by @​rickardsjpgardener/gardener-metrics-exporter#96
• [OPERATOR] Adds: garden_shoot_worker_node_max_total and garden_shoot_worker_node_min_total. Also gives insight into the worker type (for example for OpenStack the Flavor name). by @​Sinscerlygardener/gardener-metrics-exporter#95

[gardener/gardener]

⚠️ Breaking Changes

• [DEVELOPER] The util function pkg/utils/gardener.ComputeShootProjectSecretName has been renamed to pkg/utils/gardener.ComputeShootProjectResourceName. by @​petersutter #9123
• [DEPENDENCY] There are several breaking changes in the github.com/gardener/gardener/extensions/pkg/webhook package:
  • EnsureNoStringWithPrefix, EnsureNoStringWithPrefixContains, EnsureNoEnvVarWithName, EnsureNoVolumeMountWithName, EnsureNoVolumeWithName, EnsureNoContainerWithName, EnsureNoPVCWithName now delete all matching entries. Previously they were deleting only the first occurrence.
  • EnsureStringWithPrefix, EnsureStringWithPrefixContains now act on all prefix matches.
  • StringIndex is removed. instead, use slices.Index. by @​Kostov6 #9007
• [OPERATOR] The UseGardenerNodeAgent feature gate has been promoted to beta and is now turned on by default. by @​rfranzke #9161

📰 Noteworthy

• [USER] The shoot cluster CA bundle is now stored in a ConfigMap in the project namespace of the garden cluster, in addition to storing it in a Secret. This ConfigMap shares the same name as the pre-existing Secret, which is <shoot-name>.ca-cluster. The Secret will be removed in a future Gardener release. Therefore, if your tooling relies on this Secret, you should update it to fetch the ConfigMap instead. by @​petersutter #9123
• [USER] It is now possible to skip a minor Kubernetes version for worker pool Kubernetes version upgrades as long as the version remains equal to or less than the control plane version. by @​shafeeqes #9185
• [OPERATOR] A new field .spec.runtimeCluster.ingress.domains was added to the Garden API. This field allows to use multiple ingress domains for components of the runtime cluster. All domains are assumed to be wildcard domains. Earlier, the API only accepted one domain name via .spec.runtimeCluster.ingress.domain.
  ⚠️ With this change .spec.runtimeCluster.ingress.domain is deprecated and will be removed in the next release. Please update your Garden resource to the new .spec.runtimeCluster.ingress.domains field by removing the existing domain configuration from ingress.domain and add it as the first entry of ingress.domains. by @​ScheererJ #9038

✨ New Features

• [OPERATOR] gardener-resource-manager now considers the health and the progressing status for Prometheus and Alertmanager resources managed via ManagedResources. by @​rfranzke #9163
• [DEVELOPER] It is now possible to provide configuration for the cache Prometheus running in seed clusters' garden namespaces. Read all about it here. by @​rfranzke #9128
• [DEVELOPER] It is now possible to provide configuration for the seed Prometheus running in seed clusters' garden namespaces. Read all about it here. by @​rfranzke #9180
• [DEVELOPER] The WaitUntilObjectReadyWithHealthFunction function was enhanced to log the object's kind. by @​timuthy #9177

🏃 Others

• [DEVELOPER] An issue with the FallbackClient was resolved. If used in external projects, the client threw scheme related errors belonging to GVKs that are not registered in the GardenScheme. by @​timuthy #9177
• [OPERATOR] Add Prometheus alert for unhealthy seed node. by @​adenitiu #9127
• [OPERATOR] Istio is now used as the single entry point on seed clusters. The load balancer of nginx-ingress is removed and traffic goes through istio before being handled by nginx if necessary. by @​ScheererJ #9038
• [OPERATOR] Add condition type ObservabilityComponentsHealthy for extension health check, it will allow extensions to register with this type. by @​Sallyan #9092
• [OPERATOR] Multiple ingress domains in .spec.runtimeCluster.ingress.domains can now overlap without triggering reconciliation issues. by @​ScheererJ #9183
• [OPERATOR] Update configure-admission.sh for extensions using gardener certificate management for webhooks by @​kon-angelo #9168
• [OPERATOR] The side car container of kube-apiserver for the HA VPN now have minimum memory resources that VPA will respect. by @​ScheererJ #9173

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.89.0

... (truncated)

Commits

• 4391f66 Release v1.89.0
• 8d7cac5 Remove memory limits from Prometheis (#9206)
• df63197 Update Plutono config for targeting seed Prometheus (#9203)
• 8fd7154 Fix seed-ingress not being updated properly (#9202)
• 9c4a50d Do no longer delete prometheus-seed ClusterRoleBinding (#9201)
• 1ae5dbe Remove catch-all containername matching from prometheus VPAs (#9199)
• a0af468 [GEP-19] Migrate seed Prometheus deployment and configuration (#9180)
• 4194786 Seed care controller incorporates health of prometheus-cache and `alertmana...
• 5d6d2cd Fix VPA for Prometheis managed by prometheus-operator (#9188)
• 224c33f Copy alerting SMTP secret from garden to seed cluster (#9190)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[gardener-robot]

@dependabot[bot] Thank you for your contribution.

[gardener-robot-ci-2]

Thank you @dependabot[bot] for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below.

[MrBatschner]

/add reviewed/ok-to-test