Bump github.com/gardener/gardener from 1.74.2 to 1.82.0

[dependabot[bot]]

Bumps github.com/gardener/gardener from 1.74.2 to 1.82.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.82.0

[gardener/gardener]

⚠️ Breaking Changes

• [DEPENDENCY] The deprecated ChartRenderer.Render and ChartApplier.{Apply,Delete} methods have been dropped. Use ChartRendere.RenderEmbeddedFS and ChartApplier.{Apply,Delete}FromEmbeddedFS instead. by @​rfranzke #8540
• [DEPENDENCY] The hack/generate-crds.sh script now receives the file name prefix via the -p option (previously, the prefix was the first argument to the script). by @​rfranzke #8560
• [DEPENDENCY] The no longer required --gardenlet-manages-mcm option has been removed. All code in provider extensions related to management/deployment of machine-controller-manager should be removed. by @​rfranzke #8596
• [DEPENDENCY] The deprecated core.gardener.cloud/apiserver-exposure label and handling has been dropped. by @​rfranzke #8540
• [DEPENDENCY] Provider extensions must now pass the cluster.Cluster object for the garden cluster to the genericactuator.NewActuator function. See this for an example how to create such a cluster.Cluster object. by @​rfranzke #8559
• [OPERATOR] Before upgrading to this Gardener versions, you must make sure that the Services of all registered provider extensions serving webhooks for the shoot cluster are annotated with networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports=[{"protocol":"TCP","port":<port>}], networking.resources.gardener.cloud/namespace-selectors=[{"matchLabels":{"gardener.cloud/role":"shoot"}}], and networking.resources.gardener.cloud/pod-label-selector-namespace-alias=extensions. by @​rfranzke #8540
• [DEVELOPER] Methods SkipIf and DoIf for TaskFn have been dropped. A new field SkipIf is introduced in Task, If set to true the task will be skipped and will also not be reported by the progress reporter. by @​acumino #8541

📰 Noteworthy

• [DEVELOPER] The pkg/utils/secrets package now signs certificates with 3072 bit RSA keys. by @​dimityrmirchev #8635
• [DEVELOPER] During the Migrate phase of a control plane migration of a Shoot, the state is now only persisted after all extension resources have been migrated. Consequently, make sure that you have added all state to the .status.state field of the respective extension object when running Migrate(). by @​rfranzke #8559
• [DEVELOPER] A generate-admin-kubeconf.sh script which can be used to generate an admin kubeconfig for a local shoot cluster was added in the hack/usage directory. by @​dimityrmirchev #8636
• [DEVELOPER] The extensions/pkg/controller/operatingsystemconfig/oscommon package is deprecated and will be removed as soon as the UseGardenerNodeAgent feature gate has been promoted to GA. OS extension developers should start adapting to this new feature, see documentation and example based on provider-local. by @​rfranzke #8647
• [OPERATOR] The Worker state reconciler has been dropped, i.e., updated provider extensions will no longer populate the machine state to the .status.state field of Worker resources. For a few releases, gardenlet will no longer persist any still existing data in the .status.state field of Worker resources during a control plane migration of a Shoot, and it will set .status.state to nil after a successful reconciliation or restore operation. by @​rfranzke #8559
• [OPERATOR] Configure the value for the flag metrics-scrape-wait-duration for compaction controller to set a wait duration at the end of every compaction job, to allow for metrics to be scraped by a Prometheus instance. by @​abdasgupta #8607
• [OPERATOR] The MachineControllerManagerDeployment has been promoted to GA and is now locked to "enabled by default". Make sure that all registered provider extensions support this feature gate before upgrading to this version of Gardener. by @​rfranzke #8596
• [OPERATOR] The GA-ed DisableScalingClassesForShoots feature gate has been removed. by @​rfranzke #8596
• [OPERATOR] maxSurge for kube-apiserver and gardener-apiserver of the virtual garden cluster is set to 100%. by @​oliver-goetz #8640
• [OPERATOR] The kube-apiserver no longer mounts root CA bundles from the underlying host. by @​dimityrmirchev #8645
• [USER] Gardener now uses 3072 bit RSA keys in order to generate TLS certificates. by @​dimityrmirchev #8635
• [USER] nginx-ingress-controller now enables annotation validation. by @​dimityrmirchev #8644
• [DEPENDENCY] The MachineClassKind(), MachineClass(), and MachineClassList() methods have been dropped from the generic Worker actuator's interface and do not need to be implemented anymore. by @​rfranzke #8559

✨ New Features

• [OPERATOR] gardener-operator maintains the two most recent generic-token-kubeconfig secrets in the runtime-cluster. In addition the latest secret name is published to the garden resource in .metadata.annotations[generic-token-kubeconfig.secret.gardener.cloud/name]. Third-party components referring to this secret should check this annotation value after a credentials or CA rotation for the virtual-garden cluster took place. by @​timuthy #8657
• [OPERATOR] Feature gate APIServerFastRollout for gardenlet is introduced and enabled by default. When enabled, maxSurge for kube-apiservers of Shoots is set to 100%. by @​oliver-goetz #8640
• [DEVELOPER] It is now possible to annotate managed resources part of ManagedResource objects with resources.gardener.cloud/finalize-deletion-after=<duration>, e.g., resources.gardener.cloud/finalize-deletion-after=1h. After this time, gardener-resource-manager will forcefully delete the resource by removing their finalizers. by @​rfranzke #8584
• [DEVELOPER] Change port of ssh reverse tunnel to 443 by @​axel7born #8606
• [USER] Machine scale-up delay for new pods can now be configured for cluster-autoscaler via the field .spec.kubernetes.clusterAutoscaler.newPodScaleupDelay in the Shoot API . by @​aaronfern #8590
• [USER] Concurrent empty machines bulk deletion can now be configured for cluster-autoscaler via the field .spec.kubernetes.clusterAutoscaler.maxEmptyBulkDelete in the Shoot API . by @​aaronfern #8590

🐛 Bug Fixes

• [DEVELOPER] Use cgroupv2 fix for local-setup on macOS too. by @​oliver-goetz #8633

🏃 Others

• [DEVELOPER] Gardener base image is updated to gcr.io/distroless/static-debian12:nonroot. by @​oliver-goetz #8628
• [DEPENDENCY] nginx-ingress-controller image is updated to v1.9.1. by @​dimityrmirchev #8644
• [DEPENDENCY] The skaffold version is updated from v2.7.0 to v2.8.0. by @​dimitar-kostadinov #8634
• [DEPENDENCY] nginx-ingress-controller image is updated to v1.9.3. by @​dimityrmirchev #8650
• [OPERATOR] Kubernetes feature gate UnauthenticatedHTTP2DOSMitigation is considered valid for versions >= 1.25. by @​gardener-ci-robot #8670
• [OPERATOR] The regression is now fixed and the control plane logs shall be visible in the Plutono dashboards. by @​nickytd #8655
• [OPERATOR] The following Golang dependencies have been updated:
  • k8s.io/* from v0.28.2 to v0.28.3
  • sigs.k8s.io/controller-runtime from v0.16.2 to v0.16.3 by @​gardener-ci-robot #8677

📖 Documentation

... (truncated)

Commits

• b35c672 Release v1.82.0
• d6c2bd7 [release-v1.82] Update k8s.io/*, sigs.k8s.io/controller-runtime dependenc...
• 1f1c021 Make machine state computation backwards-compatible (#8674)
• 1ae0c41 Add feature gate UnauthenticatedHTTP2DOSMitigation (#8670)
• 50211ea Fixes and enhancements in the local provider with extensions (#8631)
• 7e856cb Improve generic-token-kubeconfig handling (#8657)
• 6754cd0 Upgrade ext-authz-server (#8643)
• 97b0438 Enable kube_node_spec_taint metric (#8653)
• 289cd20 Upgrade apiserver-proxy-sidecar (#8642)
• d2dcd7d Prepare OperatingSystemConfig API for changes needed for `gardener-node-age...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot[bot]]

Superseded by #206.