Bump github.com/gardener/gardener from 1.74.1 to 1.75.0

[dependabot[bot]]

Bumps github.com/gardener/gardener from 1.74.1 to 1.75.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.75.0

[gardener/gardener]

⚠️ Breaking Changes

• [DEVELOPER] Added new option to ./hack/generate-controller-registration.sh script [-e, --pod-security-enforce[=pod-security-standard] which sets the security.gardener.cloud/pod-security-enforce annotation of the generated ControllerRegistration. When not set this option defaults to baseline. by @​AleksandarSavchev #8099
• [DEVELOPER] Shoot fields .spec.dns.providers[].domains and .spec.dns.providers[].zones are now deprecated and expected to be removed in version v1.87. Please plan ahead to drop using those fields in extensions. by @​timuthy #8199
• [DEVELOPER] Usage of the deprecated injection mechanisms in controller-runtime (like InjectScheme, InjectLogger, InjectConfig, InjectClient, InjectCache etc) as well as package extensions/pkg/controller/common are dropped in a preparation to upgrade to the next version where injection is removed entirely. With this, Inject* functions on controllers, predicates, actuators, delegates, and friends are not called anymore. When upgrading the gardener/gardener dependency to this version, all injection implementations need to be removed. As a replacement, you can get the needed clients and similar from the manager during initialisation of the component. by @​ary1992 #8217
• [OPERATOR] gardener-operator is now managing the nginx-ingress-controller and nginx-ingress-k8s-backend components. Make sure that your Garden resource specifies the .spec.runtimeCluster.ingress section. by @​StenlyTU #7945
• [OPERATOR] Support for nip.io shoot domains is discontinued. by @​timuthy #8199
• [USER] Adding Gardener-managed finalizers (e.g., gardener or gardener.cloud/reference-protection) to the Shoot on creation is now forbidden. by @​shafeeqes #8209
• [USER] Shoot fields .spec.dns.providers[].domains and .spec.dns.providers[].zones are now deprecated and expected to be removed in version v1.87. Please use the extensions' configuration to configure providers with this ability. by @​timuthy #8199
• [DEPENDENCY] github.com/gardener/gardener/pkg/utils/gardener.ShootAccessSecret was renamed to AccessSecret. by @​timebertt #8204

✨ New Features

• [OPERATOR] Added pod security enforce level baseline label to Istio-related namespaces. The garden and shoot namespaces have the privileged level. For extension namespaces, the new security.gardener.cloud/pod-security-standard-enforce annotation on ControllerRegistration resources specifies the level. When set, the extension namespace is created with pod-security.kubernetes.io/enforce label set to security.gardener.cloud/pod-security-standard-enforce's value. by @​AleksandarSavchev #8099
• [USER] Gardener now allows to omit or to only partially define Kubernetes versions in Shoots. The version will automatically be defaulted to the latest minor and/or patch version found in the linked CloudProfile. by @​timuthy #8198
• [USER] A new optional constraint CRDsWithProblematicConversionWebhooks is introduced in the Shoot status. This constraint indicates that there is at least one CRD in the cluster which has multiple stored versions and a conversion webhook configured, which could break the reconciliation flow of a Shoot in some cases. by @​shafeeqes #8159
• [USER] It is now possible to reference Secrets containing kubeconfigs for admission plugins in Shoots. The referenced Secret must be referenced in.spec.resources as well as in .spec.kubernetes.kubeAPIServer.admissionPlugins[].kubeconfigSecretName. by @​acumino #8110

🐛 Bug Fixes

• [OPERATOR] Fix network annotations to allow fluent-bit connecting to shoot Valis. by @​vlvasilev #8197
• [OPERATOR] A bug causing the gardenlet to panic when a ETCD encryption key rotation operation is triggered for a hibernated Shoot is now fixed. Now, triggering ETCD encryption key rotation or ServiceAccount signing key rotation is forbidden when the Shoot is in waking up phase. by @​shafeeqes #8184

🏃 Others

• [OPERATOR] nginx-ingress-controller image is updated to v1.8.1 for Kubernetesv1.24+ clusters. by @​shafeeqes #8205
• [OPERATOR] The eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler image has been updated from v1.26.2 to v1.27.0 (for Kubernetes >= 1.27). by @​rishabh-11 #8187
• [OPERATOR] The shoots/adminkubeconfig relies on the ca-client InternalSecret only and does not use the ShootState object anymore. by @​timebertt #8195
• [OPERATOR] Update Prometheus job tunnel-probe-apiserver-proxy to fix for HA VPN mode by @​Sallyan #7954
• [OPERATOR] Update vertical-pod-autoscaler to v0.14.0. by @​voelzmo #8166
• [DEVELOPER] Go version is updated to 1.20.6. by @​oliver-goetz #8224

[gardener/etcd-druid]

⚠️ Breaking Changes

• [OPERATOR] :warning: etcd.Status.ClusterSize, etcd.Status.ServiceName, etcd.Status.UpdatedReplicas have been marked as deprecated and users should refrain from depending on these fields. by @​shreyas-s-raogardener/etcd-druid#637

🐛 Bug Fixes

• [OPERATOR] AllMembersReady condition has now been fixed to eventually show the correct overall readiness of an etcd cluster. by @​shreyas-s-raogardener/etcd-druid#637

🏃 Others

• [OPERATOR] Print build version and go runtime info. by @​shreyas-s-raogardener/etcd-druid#637
• [DEVELOPER] Add CVE categorization for etcd-druid. by @​shreyas-s-raogardener/etcd-druid#637

[gardener/etcd-backup-restore]

🏃 Others

• [OPERATOR] Bump alpine base version for Docker build to 3.18.2. by @​shreyas-s-raogardener/etcd-backup-restore#638
• [DEVELOPER] Add CVE categorization for etcd-backup-restore. by @​shreyas-s-raogardener/etcd-backup-restore#644

... (truncated)

Commits

• 5c9bbe4 Release v1.75.0
• 072e4ef Upgrade etcd-druid (#8225)
• a2bfe93 Allow to use the pre-previous version for upgrade tests (#8223)
• 49c0258 Update to Go 1.20.6 (#8224)
• 9e54720 Install protoc in tools/bin dir (#8218)
• 7333b8f Fixed broken links (#8221)
• 9b963d4 Remove dependency injection functions (#8217)
• 7543219 Update images.yaml (#8220)
• f1b225a Use alpine testing image in remote local setup (#8219)
• 6d27e31 Move content of kuberbacproxy into vali component (#8216)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[gardener-robot]

@dependabot[bot] Thank you for your contribution.

[gardener-robot-ci-1]

Thank you @dependabot[bot] for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below.

[MrBatschner]

/add reviewed/ok-to-test