Bump github.com/gardener/gardener from 1.87.2 to 1.90.0

[dependabot]

Bumps github.com/gardener/gardener from 1.87.2 to 1.90.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.90.0

[gardener/gardener]

⚠️ Breaking Changes

• [OPERATOR] The UseGardenerNodeAgent feature gate has been promoted to GA. It was already enabled by default and can now no longer be turned off. The feature gate will be removed in a future release. by @​rfranzke #9208
• [OPERATOR] ⚠️ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions == 1.24. Make sure to upgrade all existing clusters before upgrading to this Gardener version. by @​shafeeqes #8989
• [OPERATOR] The APIServerFastRollout feature gate has been promoted to GA. It was already enabled by default and can now no longer be turned off. The feature gate will be removed in a future release. by @​oliver-goetz #9214
• [DEVELOPER] The pkg/envtest package has been moved to test/envtest. Most component packages in pkg/component have been moved. The pkg/openapi and pkg/registry packages have been moved to pkg/apiserver/*. by @​rfranzke #9217
• [DEVELOPER] Function signature of infrastructure controller NewReconciler has changed from NewReconciler(manager.Manager, Actuator, ConfigValidator) to NewReconciler(manager.Manager, Actuator, ConfigValidator, map[gardencorev1beta1.ErrorCode]func(string) bool). by @​acumino #9321
• [USER] The spec.kubernetes.allowPrivilegedContainers field in the Shoot API is deprecated and will be removed in a future version. This field is not relevant to Shoots with kubernetes versions >= 1.25. Please adapt your controllers accordingly. by @​shafeeqes #8989

📰 Noteworthy

• [USER] It is no longer possible to add or change the .spec.seedSelector field in Shoots when spec.seedName is already set. by @​rfranzke #9212

✨ New Features

• [OPERATOR] DNSRecord resources for seed and shoot clusters now have an annotation indicating their target ip stack (dns.gardener.cloud/ip-stack set to either ipv4, ipv6, or dual-stack). by @​ScheererJ #9289
• [OPERATOR] gardener-resource-manager's health check controller now checks whether VerticalPodAutoscalers report the ConfigUnsupported condition. by @​rfranzke #9211
• [USER] It is now possibleto specify some cluster-autoscaler related options per worker pool in Shoots via spec.provider.workers[].clusterAutoscaler. Read more about it here. by @​aaronfern #9245
• [USER] In order to fine-tune VPA CPU recommendations, the CPU target percentile parameter for vpa-recommender can now be configured in the Shoot specification via the .spec.kubernetes.verticalPodAutoscaler.targetCPUPercentile field. by @​voelzmo #9279
• [DEVELOPER] It is now possible to provide configuration for the aggregate Prometheus running in seed clusters' garden namespaces. Read all about it here. by @​rfranzke #9200

🐛 Bug Fixes

• [DEPENDENCY] An issue was fixed that sometimes led to leaked extension-controlplane-shoot-webhooks which blocked the shoot deletion. by @​timuthy #9209
• [DEPENDENCY] hack/hook-me.sh now ensures the required network connectivity so that the quic tunnel can be successfully established. by @​vpnachev #8909
• [USER] A bug causing shoot force-deletion to get stuck in case the secrets referred by the DNS Records are outdated is now fixed. by @​acumino #9324

🏃 Others

• [OPERATOR] Update Istio to v1.19.7 by @​axel7born #9215
• [OPERATOR] Bump alpine to 3.19.1 by @​ary1992 #9315
• [OPERATOR] Enhance NodeNotHealthy Prometheus alert to fire immediately. by @​adenitiu #9314
• [OPERATOR] gardener-node-agent now terminates itself (leading to a restart of its systemd unit) in case it determines that the hostname of its node has changed. by @​rfranzke #9280
• [OPERATOR] Resource requests of istio ingress gateway are reduced and its horizontal autoscaling behaviour specified in more detail, including scale-up under memory pressure by @​ScheererJ #9250
• [OPERATOR] The VerticalPodAutoscaler object for the shoot Prometheus is now labeled with app=prometheus,role=monitoring, similar to the corresponding StatefulSet. by @​nickytd #9244
• [OPERATOR] Set reinvocationPolicy: IfNeeded for VPA admission-controller webhook to ensure that webhooks injecting sidecar containers will not trigger and endless eviction loop. by @​voelzmo #9191
• [DEPENDENCY] The following dependencies are updated:
  • k8s.io/* : v0.28.4 -> v0.29.2
  • sigs.k8s.io/controller-runtime: v0.16.3 -> v0.17.2 by @​shafeeqes #9174
• [USER] The validation error shown when a user tries to change the .spec.seedName field of a Shoot will now also display the old and new values to better indicate that a change was attempted. by @​plkokanov #9294

[gardener/dependency-watchdog]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references. by @​ccwienkgardener/dependency-watchdog#93
• [OPERATOR] DWD no longer depends on checking the reachability of Kube-API server via external load-balancer as kube-proxy path optimizations makes that impossible on infrastructures which have a static IP for the LB. Instead it now depends on node leases that are periodically renewed by each node running in the shoot cluster to determine its scaling action (scale-down/up). by @​rishabh-11gardener/dependency-watchdog#94

🏃 Others

• [OPERATOR] Make kcmNodeMonitorGraceDuration optional in the prober config and use a default value of 40s if not specified in the shoot and the config. by @​rishabh-11gardener/dependency-watchdog#101
• [DEVELOPER] Use ginkgolinter instead of self baked gomegacheck by @​himanshu-kungardener/dependency-watchdog#95

... (truncated)

Commits

• 37ce1ed Release v1.90.0
• aa5567f Destroy DNSRecords separately (#9324)
• acf1c59 Consider errors from configValidator for ErrorCodes (#9321)
• 49adb9e [release-v1.90] NodeNotHealthy prometheus alert (#9314)
• 4eb86e4 [release-v1.90] Update module github.com/prometheus-operator/prometheus-opera...
• bf2dd5e Bump alpine to 3.19.1 (#9315)
• c2d8945 upgrade mcm to 0.52.0 in go.mod (#9310)
• 07052b5 Remove redundant doc for autoscaling configuration (#9303)
• 39700af Delete networkingv1.Ingress instead of networkingv1beta1.Ingress (#9299)
• db31dd7 Add cpu target percentile parameter to VPA options in Shoot spec (#9279)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[gardener-robot]

@dependabot[bot] Thank you for your contribution.

[gardener-robot-ci-2]

Thank you @dependabot[bot] for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below.

[DockToFuture]

/lgtm

[DockToFuture]

/retest

[gardener-prow]

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-extension-networking-calico	0189364	link	true	/test pull-extension-networking-calico
pull-extension-networking-calico-e2e-kind	0189364	link	true	/test pull-extension-networking-calico-e2e-kind

Full PR test history. Your PR dashboard. Command help for this repository.
Please help us cut down on flakes by linking this test failure to an open flake report or filing a new flake report if you can't find an existing one. Also see our testing guideline for how to avoid and hunt flakes.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.