Bump github.com/gardener/gardener from 1.133.0 to 1.134.0

[dependabot]

Bumps github.com/gardener/gardener from 1.133.0 to 1.134.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.134.0

[github.com/gardener/gardener:v1.134.0]

⚠️ Breaking Changes

• [OPERATOR] The DoNotCopyBackupCredentials feature gate has been promoted to GA and can no longer be disabled. The Seed backup secret is no longer copied from the Shoot infrastructure credentials in case an operator does not provide an existing backup secret. If you configure seed.spec.backup.credentialsRef, make sure that the referred credential already exists. For production setups, it is advised that operators configure a separate set of credentials for Seed backup and Shoot infrastructure. by @​dimityrmirchev [#13564]

• [OPERATOR] Several fields and configurations of operator.gardener.cloud/v1alpha1.Extension resources are now validated:

  • Either an extension or admission deployment must be specified (spec.deployment.{extension,admission})
  • One of spec.deployment.admission.runtimeCluster or spec.deployment.admission.virtualCluster must be specified
  • A Helm deployment configuration must be in place (spec.deployment.extension.helm or spec.deployment.admission.{runtimeCluster,virtualCluster}.helm)
  • A valid OCI repository configuration is required (helm.ociRepository)

  Please check your Extension resources and rectify them accordingly, before upgrading to this version. by @​timuthy [#13528]

• [OPERATOR] The GA-ed and unconditionally enabled ShootCredentialsBinding feature gate is removed. If you have references to this feature gate, clean them up before upgrading to this version of Gardener. by @​ialidzhikov [#13576]

• [DEVELOPER] Ensure you have the docker compose plugin installed for starting the local setup. by @​timebertt [#13551]

• [DEVELOPER] The registry for the local development setup is now exposed under registry.local.gardener.cloud instead of garden.local.gardener.cloud. Make sure to update your /etc/hosts file by replacing the existing 127.0.0.1 garden.local.gardener.cloud entries with 127.0.0.1 registry.local.gardener.cloud. by @​timebertt [#13551]

• [DEVELOPER] To support self-hosted shoots with managed infrastructure, the Worker extension (controller/delegate) needs to use the technical ID from Cluster.shoot.status.technicalID for prefixing the names of machine-related objects. The Worker namespace is kube-system for self-hosted shoots. Read the docs. by @​timebertt [#13485]

📰 Noteworthy

• [OPERATOR] As the DoNotCopyBackupCredentials feature gate cannot be disabled, backup secrets that were copied from Shoot infrastructure credentials in previous reconciliations are labeled with gardener.cloud/secret-status=previously-managed and Gardener no longer takes care of them. Operators are responsible to delete those if unused for other scenarios. by @​dimityrmirchev [#13564]
• [OPERATOR] Introduced GEP-35 that outlines a migration strategy from Vali to VictoriaLogs as a database for Garden, Seed & Shoot clusters. by @​rrhubenov [#13242]

✨ New Features

• [OPERATOR] Istio-gateways now provide access logs for requests to kube-apiservers via the apiserver-proxy endpoint when IstioTLSTermination feature gate is active. by @​oliver-goetz [#13569]
• [OPERATOR] Seed clusters are now labelled with a specific extension label extensions.extensions.gardener.cloud/<extension-type>: true whenever such an extension is activated for the seed. by @​timuthy [#13509]
• [USER] Istio access logs are now visible for users in the shoot plutono. by @​majst01 [#13548]
• [DEVELOPER] The Worker extension no longer needs to fetch the machine state from the ShootState object in the garden cluster. Instead, Gardener populates the machine state directly in the Worker.status.state field on restoration of the shoot. Read the docs. by @​timebertt [#13485]

🐛 Bug Fixes

• [OPERATOR] A bug which caused kube-apiserver metrics to be scraped thrice when IstioTLSTermination feature gate is active has been fixed. by @​oliver-goetz [#13590]
• [OPERATOR] Fixed a bug where operators could not exclusively specify count limits in the Garden's spec.virtualCluster.gardener.gardenerAdmissionController.resourceAdmissionConfiguration.limit field. by @​tobschli [#13577]
• [USER] A bug which prevented the wildcard certificate endpoints to be advertised in the shoot status has been fixed. by @​oliver-goetz [#13644]
• [USER] Fixed DNS resolution issues during dual-stack migration by ensuring /etc/resolv.conf only contains the IPv4 DNS server address until the kube-dns service is fully migrated. by @​axel7born [#13601]

🏃 Others

• [OPERATOR] Seeds are now labeled with seed.gardener.cloud/provider=<seed.spec.provider.type> and seed.gardener.cloud/region=<seed.spec.provider.region>. by @​georgibaltiev [#12623]
• [OPERATOR] apiserver-proxy endpoints now using the same keep alive settings and connection timeout as default kube-apiserver endpoints when IstioTLSTermination feature gate is active. by @​oliver-goetz [#13569]
• [OPERATOR] Projects are no-longer requeued with back-off when they have a deletionTimestamp and still existing Shoots in the corresponding namespaces. Instead they are now automatically requeued on Shoot deletion events if they no-longer contain any Shoots so that the deletion of the Project can finish. by @​plkokanov [#13052]
• [OPERATOR] ManagedResources are no-longer requeued with back-off, if their responsibility was transferred from one gardener-resource-manager to another, while waiting for the original gardener-resource-manager to finish cleaning up the deployed resources. Instead, ManagedResources are automatically requeued when the cleanup of resources by the original gardener-resource-manager has finished. by @​plkokanov [#13052]
• [DEVELOPER] The VPAInPlaceUpdates feature gate is enabled in local setups for gardenlet and gardener-operator. by @​vitanovs [#13508]
• [DEVELOPER] Update remote local setup with most recent hosts for end-to-end tests and instructions for an IPv6 setup by @​vicwicker [#13436]
• [DEVELOPER] Usages of controller-runtime's deprecated reconcile.Result{Requeue: true} have been removed. by @​plkokanov [#13052]
• [DEVELOPER] Ignore whitespace-only YAML chunks when parsing ManagedResource secrets. This prevents decoder errors from trailing --- separators. by @​DockToFuture [#13622]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/kiwigrid/k8s-sidecar from 2.1.3 to 2.1.4. by @​gardener-ci-robot [#13567]
• [DEPENDENCY] The gardener/autoscaler image for Shoots with Kubernetes version 1.34 has been updated to v1.34.0. Release Notes by @​takoverflow [#13554]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/etcd-druid from v0.33.0 to v0.34.0. Release Notes
  • github.com/gardener/etcd-druid/api from v0.33.0 to v0.34.0. by @​Shreyas-s14 [#13617]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/dashboard from 1.82.6 to 1.83.0. Release Notes by @​gardener-ci-robot [#13620]

... (truncated)

Commits

• 1eab8d4 release v1.134.0
• 2cab34b Ensure secrets management is initialized before updating advertised addresses...
• c8fd090 Improve extractObjectsFromSecret function to ignore whitespaces (#13622)
• 50a6fd7 Update kubernetes packages to v0.34.3 (#13627)
• 1d4af10 Update dependency kubernetes/kubernetes to v1.34.3 (#13626)
• 4712b71 Update nginx Docker tag to v1.29.4 (#13625)
• c9c2cab Update golang.org/x/exp digest to 8475f28 (#13623)
• c0cb963 Update dependency gardener/dashboard to v1.83.0 (#13620)
• 41bddd8 Configure clusterDNSAddresses for kublet as (#13601)
• 7d0b1a6 Run registry and caches in docker containers instead of in kind pods (#13551)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)