[TEST] Kube node lease webhook flag

.github/ISSUE_TEMPLATE/bug.md

@@ -4,6 +4,8 @@ about: Report a bug encountered while operating Gardener
 
 ---
 
+<!-- Please ensure that you do not include company internal information. -->
+
 **How to categorize this issue?**
 <!--
 Please select area, kind, and priority for this issue. This helps the community categorizing it.

.github/ISSUE_TEMPLATE/feature.md

@@ -4,6 +4,8 @@ about: Suggest an enhancement to the Gardener project
 
 ---
 
+<!-- Please ensure that you do not include company internal information. -->
+
 **How to categorize this issue?**
 <!--
 Please select area, kind, and priority for this issue. This helps the community categorizing it.

.github/ISSUE_TEMPLATE/flaking-test.md

@@ -5,6 +5,8 @@ title: "[Flaky Test] FLAKING TEST/SUITE"
 
 ---
 
+<!-- Please ensure that you do not include company internal information. -->
+
 <!-- Please only use this template for submitting reports about flaky tests or jobs (pass or fail with no underlying change in code) in Gardener CI -->
 
 **How to categorize this issue?**

.github/pull_request_template.md

@@ -1,3 +1,5 @@
+<!-- Please ensure that you do not include company internal information. -->
+
 **How to categorize this PR?**
 <!--
 Please select area, kind, and priority for this pull request. This helps the community categorizing it.

.github/workflows/build.yaml

@@ -97,6 +97,9 @@ jobs:
           - name: controller-manager
             target: controller-manager
             oci-repository: gardener/controller-manager
+          - name: gardenadm
+            target: gardenadm
+            oci-repository: gardener/gardenadm
           - name: gardenlet
             target: gardenlet
             oci-repository: gardener/gardenlet

.ocm/branch-info.yaml

@@ -0,0 +1,5 @@
+release-branch-template: release-v$major.$minor # e.g. release-v1.0
+branch-policy:
+  significant-part: minor # major, minor, patch
+  supported-versions-count: 3
+  release-cadence: 2w # d (days), w (weeks), y | yr (years)

.test-defs/CreateShoot.yaml

@@ -47,4 +47,4 @@ spec:
 #    -machine-type=$MACHINE_TYPE
 #    -external-domain=
 
-  image: golang:1.25.3
+  image: golang:1.25.4

.test-defs/DeleteShoot.yaml

@@ -16,4 +16,4 @@ spec:
     --shoot-name=$SHOOT_NAME
     --project-namespace=$PROJECT_NAMESPACE
     --kubecfg="$TM_KUBECONFIG_PATH/gardener.config"
-  image: golang:1.25.3
+  image: golang:1.25.4

.test-defs/HibernateShoot.yaml

@@ -17,4 +17,4 @@ spec:
     --project-namespace=$PROJECT_NAMESPACE
     --kubecfg="$TM_KUBECONFIG_PATH/gardener.config"
 
-  image: golang:1.25.3
+  image: golang:1.25.4

.test-defs/MigrateShoot.yaml

@@ -20,4 +20,4 @@ spec:
     -mr-exclude-list="$MR_EXCLUDE_LIST"
     -resources-with-generated-name="$RESOURCES_WITH_GENERATED_NAME"
     -add-test-run-taint="$ADD_TEST_RUN_TAINT"
-  image: golang:1.25.3
+  image: golang:1.25.4

.test-defs/ReconcileShoots.yaml

@@ -16,4 +16,4 @@ spec:
     -kubecfg=$TM_KUBECONFIG_PATH/gardener.config
     -version=$GARDENER_VERSION
 
-  image: golang:1.25.3
+  image: golang:1.25.4

.test-defs/ShootKubernetesUpdateTest.yaml

@@ -20,4 +20,4 @@ spec:
     -project-namespace=$PROJECT_NAMESPACE
     -version=$K8S_VERSION
     -version-worker-pools=$K8S_VERSION_WORKER_POOLS
-  image: golang:1.25.3
+  image: golang:1.25.4

.test-defs/ShootMachineImageUpdateTest.yaml

@@ -19,4 +19,4 @@ spec:
     -shoot-name=$SHOOT_NAME
     -project-namespace=$PROJECT_NAMESPACE
     -machine-image-version=$MACHINE_IMAGE_VERSION
-  image: golang:1.25.3
+  image: golang:1.25.4

.test-defs/TestSuiteGardenerRelease.yaml

@@ -20,4 +20,4 @@ spec:
       -ginkgo.focus="\[RELEASE\]"
       -ginkgo.skip="\[SERIAL\]"
 
-  image: golang:1.25.3
+  image: golang:1.25.4

.test-defs/TestSuiteShootBeta.yaml

@@ -22,4 +22,4 @@ spec:
       -ginkgo.focus="\[BETA\]"
       -ginkgo.skip="\[SERIAL\]"
 
-  image: golang:1.25.3
+  image: golang:1.25.4

.test-defs/TestSuiteShootBetaSerial.yaml

@@ -23,4 +23,4 @@ spec:
       -fenced=$FENCED
       -ginkgo.focus="\[BETA\].*\[SERIAL\]"
 
-  image: golang:1.25.3
+  image: golang:1.25.4

.test-defs/TestSuiteShootDefault.yaml

@@ -23,4 +23,4 @@ spec:
       -ginkgo.skip="\[SERIAL\]"
       -ginkgo.timeout=2h
 
-  image: golang:1.25.3
+  image: golang:1.25.4

.test-defs/TestSuiteShootDefaultSerial.yaml

@@ -24,4 +24,4 @@ spec:
       -ginkgo.focus="\[DEFAULT\].*\[SERIAL\]"
       -ginkgo.timeout=2h
 
-  image: golang:1.25.3
+  image: golang:1.25.4

.test-defs/TestSuiteShootRelease.yaml

@@ -22,4 +22,4 @@ spec:
       -ginkgo.focus="\[RELEASE\]"
       -ginkgo.skip="\[SERIAL\]"
 
-  image: golang:1.25.3
+  image: golang:1.25.4

.test-defs/WakeUpShoot.yaml

@@ -17,4 +17,4 @@ spec:
     --project-namespace=$PROJECT_NAMESPACE
     --kubecfg="$TM_KUBECONFIG_PATH/gardener.config"
 
-  image: golang:1.25.3
+  image: golang:1.25.4

Dockerfile

@@ -1,77 +1,79 @@
 # builder
-FROM golang:1.25.3 AS builder
+FROM --platform=$BUILDPLATFORM golang:1.25.4 AS builder
 ARG GOPROXY=https://proxy.golang.org,direct
 ENV GOPROXY=$GOPROXY
 WORKDIR /go/src/github.com/gardener/gardener
 COPY . .
 ARG EFFECTIVE_VERSION
-RUN make install EFFECTIVE_VERSION=$EFFECTIVE_VERSION
+ARG TARGETOS
+ARG TARGETARCH
+RUN make build EFFECTIVE_VERSION=$EFFECTIVE_VERSION GOOS=$TARGETOS GOARCH=$TARGETARCH BUILD_OUTPUT_FILE="/output/bin/"
 
 # distroless-static
 FROM gcr.io/distroless/static-debian12:nonroot AS distroless-static
 
 # apiserver
 FROM distroless-static AS apiserver
-COPY --from=builder /go/bin/gardener-apiserver /gardener-apiserver
+COPY --from=builder /output/bin/gardener-apiserver /gardener-apiserver
 WORKDIR /
 ENTRYPOINT ["/gardener-apiserver"]
 
 # controller-manager
 FROM distroless-static AS controller-manager
-COPY --from=builder /go/bin/gardener-controller-manager /gardener-controller-manager
+COPY --from=builder /output/bin/gardener-controller-manager /gardener-controller-manager
 WORKDIR /
 ENTRYPOINT ["/gardener-controller-manager"]
 
 # scheduler
 FROM distroless-static AS scheduler
-COPY --from=builder /go/bin/gardener-scheduler /gardener-scheduler
+COPY --from=builder /output/bin/gardener-scheduler /gardener-scheduler
 WORKDIR /
 ENTRYPOINT ["/gardener-scheduler"]
 
 # gardenlet
 FROM distroless-static AS gardenlet
-COPY --from=builder /go/bin/gardenlet /gardenlet
+COPY --from=builder /output/bin/gardenlet /gardenlet
 WORKDIR /
 ENTRYPOINT ["/gardenlet"]
 
 # gardenadm
 FROM distroless-static AS gardenadm
-COPY --from=builder /go/bin/gardenadm /gardenadm
+COPY --from=builder /output/bin/gardenadm /gardenadm
 WORKDIR /
 ENTRYPOINT ["/gardenadm"]
 
 # admission-controller
 FROM distroless-static AS admission-controller
-COPY --from=builder /go/bin/gardener-admission-controller /gardener-admission-controller
+COPY --from=builder /output/bin/gardener-admission-controller /gardener-admission-controller
 WORKDIR /
 ENTRYPOINT ["/gardener-admission-controller"]
 
 # resource-manager
 FROM distroless-static AS resource-manager
-COPY --from=builder /go/bin/gardener-resource-manager /gardener-resource-manager
+COPY --from=builder /output/bin/gardener-resource-manager /gardener-resource-manager
 WORKDIR /
 ENTRYPOINT ["/gardener-resource-manager"]
 
 # node-agent
 FROM distroless-static AS node-agent
-COPY --from=builder /go/bin/gardener-node-agent /gardener-node-agent
+COPY --from=builder /output/bin/gardener-node-agent /gardener-node-agent
 WORKDIR /
 ENTRYPOINT ["/gardener-node-agent"]
 
 # operator
 FROM distroless-static AS operator
-COPY --from=builder /go/bin/gardener-operator /gardener-operator
+COPY --from=builder /output/bin/gardener-operator /gardener-operator
 WORKDIR /
 ENTRYPOINT ["/gardener-operator"]
 
 # gardener-extension-provider-local
 FROM distroless-static AS gardener-extension-provider-local
-COPY --from=builder /go/bin/gardener-extension-provider-local /gardener-extension-provider-local
+COPY --from=builder /output/bin/gardener-extension-provider-local /gardener-extension-provider-local
 WORKDIR /
 ENTRYPOINT ["/gardener-extension-provider-local"]
 
 # gardener-extension-admission-local
 FROM distroless-static AS gardener-extension-admission-local
-COPY --from=builder /go/bin/gardener-extension-admission-local /gardener-extension-admission-local
+COPY --from=builder /output/bin/gardener-extension-admission-local /gardener-extension-admission-local
 WORKDIR /
 ENTRYPOINT ["/gardener-extension-admission-local"]

Makefile

@@ -36,6 +36,7 @@ PARALLEL_E2E_TESTS                         ?= 5
 GARDENER_RELEASE_DOWNLOAD_PATH             := $(REPO_ROOT)/dev
 DEV_SETUP_WITH_LPP_RESIZE_SUPPORT          ?= false
 DEV_SETUP_WITH_WORKLOAD_IDENTITY_SUPPORT   ?= false
+TARGET_PLATFORMS                           ?= linux/$(shell go env GOARCH)
 PRINT_HELP ?=
 
 ifneq ($(SEED_NAME),provider-extensions)
@@ -91,18 +92,18 @@ build:
 
 .PHONY: docker-images
 docker-images:
-	@echo "Building docker images with version and tag $(EFFECTIVE_VERSION)"
-	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION)  -t $(APISERVER_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)                 -t $(APISERVER_IMAGE_REPOSITORY):latest                 -f Dockerfile --target apiserver .
-	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION)  -t $(CONTROLLER_MANAGER_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)        -t $(CONTROLLER_MANAGER_IMAGE_REPOSITORY):latest        -f Dockerfile --target controller-manager .
-	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION)  -t $(SCHEDULER_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)                 -t $(SCHEDULER_IMAGE_REPOSITORY):latest                 -f Dockerfile --target scheduler .
-	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION)  -t $(ADMISSION_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)                 -t $(ADMISSION_IMAGE_REPOSITORY):latest                 -f Dockerfile --target admission-controller .
-	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION)  -t $(RESOURCE_MANAGER_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)          -t $(RESOURCE_MANAGER_IMAGE_REPOSITORY):latest          -f Dockerfile --target resource-manager .
-	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION)  -t $(NODE_AGENT_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)                -t $(NODE_AGENT_IMAGE_REPOSITORY):latest                -f Dockerfile --target node-agent .
-	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION)  -t $(OPERATOR_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)                  -t $(OPERATOR_IMAGE_REPOSITORY):latest                  -f Dockerfile --target operator .
-	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION)  -t $(GARDENLET_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)                 -t $(GARDENLET_IMAGE_REPOSITORY):latest                 -f Dockerfile --target gardenlet .
-	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION)  -t $(GARDENADM_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)                 -t $(GARDENADM_IMAGE_REPOSITORY):latest                 -f Dockerfile --target gardenadm .
-	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION)  -t $(EXTENSION_PROVIDER_LOCAL_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)  -t $(EXTENSION_PROVIDER_LOCAL_IMAGE_REPOSITORY):latest  -f Dockerfile --target gardener-extension-provider-local .
-	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION)  -t $(EXTENSION_ADMISSION_LOCAL_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION) -t $(EXTENSION_ADMISSION_LOCAL_IMAGE_REPOSITORY):latest -f Dockerfile --target gardener-extension-admission-local .
+	@echo "Building docker images with version and tag $(EFFECTIVE_VERSION) for target platforms $(TARGET_PLATFORMS)"
+	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) --platform $(TARGET_PLATFORMS) -t $(APISERVER_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)                 -t $(APISERVER_IMAGE_REPOSITORY):latest                 -f Dockerfile --target apiserver .
+	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) --platform $(TARGET_PLATFORMS) -t $(CONTROLLER_MANAGER_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)        -t $(CONTROLLER_MANAGER_IMAGE_REPOSITORY):latest        -f Dockerfile --target controller-manager .
+	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) --platform $(TARGET_PLATFORMS) -t $(SCHEDULER_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)                 -t $(SCHEDULER_IMAGE_REPOSITORY):latest                 -f Dockerfile --target scheduler .
+	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) --platform $(TARGET_PLATFORMS) -t $(ADMISSION_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)                 -t $(ADMISSION_IMAGE_REPOSITORY):latest                 -f Dockerfile --target admission-controller .
+	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) --platform $(TARGET_PLATFORMS) -t $(RESOURCE_MANAGER_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)          -t $(RESOURCE_MANAGER_IMAGE_REPOSITORY):latest          -f Dockerfile --target resource-manager .
+	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) --platform $(TARGET_PLATFORMS) -t $(NODE_AGENT_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)                -t $(NODE_AGENT_IMAGE_REPOSITORY):latest                -f Dockerfile --target node-agent .
+	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) --platform $(TARGET_PLATFORMS) -t $(OPERATOR_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)                  -t $(OPERATOR_IMAGE_REPOSITORY):latest                  -f Dockerfile --target operator .
+	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) --platform $(TARGET_PLATFORMS) -t $(GARDENLET_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)                 -t $(GARDENLET_IMAGE_REPOSITORY):latest                 -f Dockerfile --target gardenlet .
+	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) --platform $(TARGET_PLATFORMS) -t $(GARDENADM_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)                 -t $(GARDENADM_IMAGE_REPOSITORY):latest                 -f Dockerfile --target gardenadm .
+	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) --platform $(TARGET_PLATFORMS) -t $(EXTENSION_PROVIDER_LOCAL_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION)  -t $(EXTENSION_PROVIDER_LOCAL_IMAGE_REPOSITORY):latest  -f Dockerfile --target gardener-extension-provider-local .
+	@docker build --build-arg EFFECTIVE_VERSION=$(EFFECTIVE_VERSION) --platform $(TARGET_PLATFORMS) -t $(EXTENSION_ADMISSION_LOCAL_IMAGE_REPOSITORY):$(EFFECTIVE_VERSION) -t $(EXTENSION_ADMISSION_LOCAL_IMAGE_REPOSITORY):latest -f Dockerfile --target gardener-extension-admission-local .
 
 .PHONY: docker-push
 docker-push:
@@ -426,6 +427,9 @@ operator-seed-up operator-seed-dev: $(SKAFFOLD) $(HELM) $(KUBECTL) operator-up g
 	TIMEOUT=900 ./hack/usage/wait-for.sh garden local VirtualGardenAPIServerAvailable RuntimeComponentsHealthy VirtualComponentsHealthy
 operator-seed-down: $(SKAFFOLD) $(HELM) $(KUBECTL) seed-down garden-down
 
+# gardenadm
+gardenadm:
+	BUILD_OUTPUT_FILE=./bin/ BUILD_PACKAGES=./cmd/gardenadm $(MAKE) build
 # gardenadm-{up,down}
 gardenadm-%: export SKAFFOLD_FILENAME = skaffold-gardenadm.yaml
 gardenadm-up: $(SKAFFOLD) $(KUBECTL)
@@ -449,10 +453,10 @@ test-e2e-local-ha-multi-zone: $(GINKGO)
 	SHOOT_FAILURE_TOLERANCE_TYPE=zone USE_PROVIDER_LOCAL_COREDNS_SERVER=true ./hack/test-e2e-local.sh --procs=$(PARALLEL_E2E_TESTS) --label-filter "basic || (high-availability && update-to-zone)" ./test/e2e/gardener/...
 test-e2e-local-operator: $(GINKGO)
 	./hack/test-e2e-local.sh operator --procs=1 --label-filter="default" ./test/e2e/operator/...
-test-e2e-local-gardenadm-medium-touch: $(GINKGO)
-	./hack/test-e2e-local.sh gardenadm --procs=1 --label-filter="medium-touch" ./test/e2e/gardenadm/...
-test-e2e-local-gardenadm-high-touch: $(GINKGO)
-	./hack/test-e2e-local.sh gardenadm --procs=1 --label-filter="high-touch" ./test/e2e/gardenadm/...
+test-e2e-local-gardenadm-managed-infra: $(GINKGO)
+	./hack/test-e2e-local.sh gardenadm --procs=1 --label-filter="managed-infra" ./test/e2e/gardenadm/...
+test-e2e-local-gardenadm-unmanaged-infra: $(GINKGO)
+	./hack/test-e2e-local.sh gardenadm --procs=1 --label-filter="unmanaged-infra" ./test/e2e/gardenadm/...
 
 test-non-ha-pre-upgrade: $(GINKGO)
 	./hack/test-e2e-local.sh --procs=$(PARALLEL_E2E_TESTS) --label-filter="pre-upgrade && !high-availability" ./test/e2e/gardener/...

OWNERS_ALIASES

@@ -25,6 +25,7 @@ aliases:
   - marc1404
   - oliver-goetz
   - plkokanov
+  - RadaBDimitrova
   - rfranzke
   - ScheererJ
   - shafeeqes