Bump github.com/gardener/gardener from 1.76.2 to 1.77.0

[dependabot]

Bumps github.com/gardener/gardener from 1.76.2 to 1.77.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.77.0

[gardener/etcd-backup-restore]

📰 Noteworthy

• [OPERATOR] Etcd-backup-restore now uses a distroless image as its base image. It is no longer compatible with etcd-custom-image, and must be used with etcd-wrapper instead. by @​aaronferngardener/etcd-backup-restore#637
• [OPERATOR] Etcd-backup-restore now uses the user home directory to create files. by @​aaronferngardener/etcd-backup-restore#637

🏃 Others

• [OPERATOR] While scaling up a non-HA etcd cluster to HA skipping the scale-up checks for first member of etcd cluster as first member can never be a part of scale-up scenarios. by @​ishan16696gardener/etcd-backup-restore#649
• [OPERATOR] Backup-restore waits for its etcd to be ready before attempting to update peerUrl by @​aaronferngardener/etcd-backup-restore#628
• [DEVELOPER] Add CVE categorization for etcd-backup-restore. by @​shreyas-s-raogardener/etcd-backup-restore#644

[gardener/gardener]

⚠️ Breaking Changes

• [DEVELOPER] If you are using provider-extension setup you should adapt your files in example/provider-extensions/garden/controlplane because default-domain and internal-domain secrets are removed from gardener-controlplane Helm chart. by @​oliver-goetz #8308
• [DEVELOPER] Package pkg/utils/managedresources now works with immutable secrets for managed resources under the hood. Existing secrets will be marked for garbage collection and replaced with immutable ones during the first reconciliation of the managed resource. by @​dimityrmirchev #8116
• [DEVELOPER] The Secrets type as well as the Delete functions for secrets were removed from pkg/utils/managedresources/builder since their usage was prone to errors. The higher level package pkg/utils/managedresources should be used instead. by @​dimityrmirchev #8116
• [DEPENDENCY] hack/generate.sh has been renamed to hack/generate-sequential.sh. by @​shafeeqes #8289
• [DEPENDENCY] The deprecated extensions/pkg/controller/worker.{Options,ApplyMachineResources{ForConfig}} symbols have been dropped since gardenlet takes over management of the machine.gardener.cloud/v1alpha1 API CRDs since gardener/gardener@v1.73. by @​rfranzke #8280
• [OPERATOR] The virtual-garden-kube-apiserver service (for the virtual-garden cluster) was switched from type LoadBalancer to ClusterIP. Please make sure to migrate all DNS records from the virtual-garden-kube-apiserver to the istio-ingressgateway endpoint before upgrading to this Gardener version. by @​timuthy #8302
• [OPERATOR] gardenlet no longer reports the Bootstrapped condition on Seeds. Instead, it now reports the progress in .status.lastOperation, similar to how it's done for Shoots. by @​rfranzke #8290
• [OPERATOR] default-domain, internal-domain, alerting and openvpn-diffie-hellman secrets are removed from gardener-controlplane Helm chart. Please ensure to update them in a different way before upgrading Gardener. If you would like to prevent Helm from deleting these secret during the upgrade, you could annotate them with "helm.sh/resource-policy": keep. by @​oliver-goetz #8308

📰 Noteworthy

• [DEVELOPER] The charts/images.yaml file was moved to imagevector/images.yaml. by @​rfranzke #8250
• [DEPENDENCY] pkg/utils/chart does now support embedded charts. The already deprecated methods in the ChartApplier and ChartRenderer will be removed in a few releases, so extensions should adapt to embedded charts. by @​rfranzke #8250
• [OPERATOR] Gardenlet can now set feature gates for etcd-druid. They can be specified via the gardenlet configuration GardenletConfiguration.EtcdConfig.FeatureGates by @​gardener-ci-robot #8335

✨ New Features

• [OPERATOR] The garbage collection controller now also considers managed resources when deciding if secrets/configmaps should be garbage collected. by @​dimityrmirchev #8116
• [OPERATOR] Gardener Scheduler's Minimal Distance strategy can take scheduling decisions based on region distances configured by operators. This especially improves the allocation for shoots of providers regions for which the standard Levenshtein distance is inappropriate. Please see docs/concepts/scheduler.md for more information. by @​timuthy #8277
• [OPERATOR] Operators can now view and manage dashboards for compaction jobs running in shoot control plane. by @​abdasgupta #8206
• [OPERATOR] maintenance-controller now disables PodSecurityPolicy admission controller when forcefully upgrading the Kubernetes version of a Shoot to v1.25. It also ensures maximum workers of each for group is greater or equal to its number of zone for forceful upgrades to v1.27. by @​oliver-goetz #8281
• [OPERATOR] kubectl get garden now features additional printer columns providing more information about the substantial configuration values and statuses. by @​rfranzke #8279
• [OPERATOR] The gardener-apiserver now drops expired Kubernetes and MachineImage versions from Cloudprofiles during creation. by @​shafeeqes #8297
• [OPERATOR] gardener-operator now takes over management of fluent-operator and vali. by @​vlvasilev #8240
• [USER] Two additional labels worker.gardener.cloud/image-name and worker.gardener.cloud/image-version are attached to worker nodes to identify which operating system they are running. This can then be used in selectors that target only workers with a specific operating system and is helpful for e.g. driver deployment. by @​MrBatschner #8295
• [USER] A new feature gate named ContainerdRegistryHostsDir is introduced to gardenlet. When enabled, the /etc/containerd/certs.d directory is created on the Node and containerd is configured to look up for registries/mirrors configuration in this directory (if there is any configuration applied). In future, the registry-cache extension will add such registries/mirrors configuration under this directory (via OperatingSystemConfig mutation). by @​ialidzhikov #8094
• [USER] The Shoot maintenance controller now updates the CRI of worker pools from docker to containerd when force-upgrading from Kubernetes v1.22 to v1.23. by @​oliver-goetz #8272
• [DEVELOPER] Extensions running on seed clusters can get access to the garden cluster by using the injected kubeconfig specified by the GARDEN_KUBECONFIG environment variable. You can read about the details in this doc. by @​timebertt #8264

🐛 Bug Fixes

• [OPERATOR] When Shoots were updated from non high-availability to zone high-availability, it could happen that the control-plane was scheduled to two instead of three zones. This issue is relevant for cloud providers with an inconsistent zone naming (Azure is currently the only candidate to our knowledge).
  Existing shoots with the before mentioned problem must be fixed manually be operators if required. An automatic move of etcds and their volumes is not part of this fix due to availability reasons. by @​gardener-ci-robot #8345
• [OPERATOR] gardenlet: A regression causing metering related recording rules for the aggregate-prometheus not to be applied is now fixed. by @​istvanballok #8284
• [USER] An issue has been fixed for highly-available Shoots whose etcd clusters didn't get ready in the Completing phase of a CA credentials rotation. by @​timuthy #8303

🏃 Others

... (truncated)

Commits

• b4429cf Release v1.77.0
• 015b9fc [release-v1.77] Fix failureTolerance update scenario (#8345)
• c952a35 [release-v1.77] Allow feature gates to be added to etcd-druid and vendor `e...
• 13a7db5 Upgrade etcd-druid (#8332)
• 9ffd362 Remove secrets from gardener-controlplane helm chart (#8308)
• 59174d6 Upgrade hvpa-controller (#8322)
• 58149a3 Fix prometheus ingress secret for shoot cluster (#8319)
• b6dd3db Split make generate targets (#8289)
• 6d3c34d Fix plutono ingress secret for shoot cluster (#8317)
• 2a6f538 Remove validation for expired Kubernetes and MachineImage versions in the...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Release note:

Bumps [github.com/gardener/gardener](https://github.com/gardener/gardener) from 1.76.2 to 1.77.0.

[gardener-robot]

@dependabot[bot] Thank you for your contribution.

[gardener-robot-ci-2]

Thank you @dependabot[bot] for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below.

[MartinWeindel]

/lgtm

[MartinWeindel]

/hold
see gardener/gardener-extension-shoot-dns-service#230 (comment)

[shafeeqes]

/unhold

[MartinWeindel]

/lgtm