Update module github.com/gardener/gardener to v1.141.1

[gardener-ci-robot]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/gardener/gardener	v1.132.5 → v1.141.1

---

Release Notes

gardener/gardener (github.com/gardener/gardener)

v1.141.1

Compare Source

[github.com/gardener/gardener:v1.141.1]

🐛 Bug Fixes

• [OPERATOR] An issue causing the guestbook TM test to fail against IPv6 Shoot clusters in now fixed. by @​plkokanov [#​14705]
• [DEPENDENCY] The reconcileSeedWebhookConfig function now correctly reconciles both MutatingWebhookConfiguration and ValidatingWebhookConfiguration for extensions that register both mutating and validating admission webhooks. Previously, only the first configuration was reconciled due to a premature return in the loop. by @​Roncossek [#​14688]

🏃 Others

• [OPERATOR] Add resourceId for image istio-basic-auth-server to fix overwrite image lookup by @​MartinWeindel [#​14721]
• [OPERATOR] Certain best-practice Envoy settings for HTTP2 protocol options have been applied to istio-ingressgateways. by @​oliver-goetz [#​14685]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/ext-authz-server from v0.2.0 to v0.3.0. Release Notes by @​ScheererJ [#​14728]

application/spdx+json

• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:a533cff53ce26faae8d16ce777e42acfaec59f37b14e037f3df49897eb6e37a6
• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:f9a88c4286072181ba44333dae0899fd7f04e6109deee7649b7ec4225d061c2e
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:e4a314c878793de9230de8e578f4affde97f13669773b1038a1cedb542e3a46f
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:ec09bb23be84cdc04592a29db374e1107b91114c4420523bb8ad52a07777d2e2
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:2f4e2274461634f42f90fb5787cf2176d00079b0dcb1cbd6d6b06b5e8bfa3243
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:a20de14a51d7512cf7e4658a4e52a2c60dff17efbf2965ef20565a696619aa6a
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:0723efdd00b677215935e8d86c5568c7c583afbecc130f1a281bd1da4ccacb67
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:e1ddbc08706eb9ac4af03811a12553cadeb00915f890883572ba7c267173473f
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:2904444a43a685fee5e601b621603114585857c6205d3d9286921a114110849c
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:a592e08ced947cda1565a4bf3800785c2596880940542843787388baf0ad51ee
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:63efdd9693ec670ba326fd4c3f70f88702aa41aaac69c268c83ab4a69820eea1
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:f61bcb10bfbd98c0a17d944d061357b78a59e09f79bc207db64203488bfb6ebd
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:358db949d83420843f863158d5b97d6a7d2d6df8ed48e4ac4a442e883387c0d9
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:90d8da86f54ce63dd043285388d7acce0f9b3fb30f15e040ae4452f59d1d5b02
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:1c50c5a130190374ed9ddf8244e48585ef15fc4bed428817b7db101e8b14d747
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:9b1947be7ce2fe329591e02acb40960aadb1c41a88f9b8b9e10824ed5dd85787
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:0406036d984dcb000eb4a7af85a453ca7ec8a5cf7772c0cf7dfdbd6e576ba881
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:c5272548e8a05a13aeaf02d69bc1b10a57fd0e3de0ce44cf51433b43d00f964b

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.141.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.141.1
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.141.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.141.1

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.141.1
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.141.1
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.141.1
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.141.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.141.1
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.141.1
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.141.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.141.1
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.141.1

v1.141.0

Compare Source

[github.com/gardener/gardener:v1.141.0]

⚠️ Breaking Changes

• [OPERATOR] The NewWorkerPoolHash feature gate has been promoted to GA and can no longer be disabled. by @​timuthy [#​14531]
• [OPERATOR] ⚠️ Gardener does no longer support Garden, Seed, or Shoot clusters with Kubernetes versions <= 1.30. Make sure to upgrade all existing clusters before upgrading to this Gardener version. by @​timuthy [#​14501]
• [USER] Newly created Shoots now have a set period of 28d for etcd encryption key rotation. by @​AleksandarSavchev [#​14034]
• [DEVELOPER] make gardenadm-up SCENARIO=connect now deploys the Gardener (gardener-operator and Garden resource) directly into the self-hosted shoot. Previously, it was deploying them next to the machine pods of the self-hosted shoot in the kind cluster. Use make gardenadm-up SCENARIO=connect-kind for the out-of-self-hosted-shoot deployment mode. by @​rfranzke [#​14387]
• [DEPENDENCY] The obsolete Provider field was removed from the extensionswebhook.Webhook struct. The field can be removed without substitution. by @​timuthy [#​14460]

📰 Noteworthy

• [OPERATOR] The gardener-resource-manager HA config webhook now uses ScheduleAnyway instead of DoNotSchedule for the hostname topology spread constraint when there is at most one node in the cluster. A new node-high-availability-config controller re-triggers the webhook when the node count crosses this threshold. by @​rfranzke [#​14595]
• [OPERATOR] machine-controller-manager's RBAC permissions for the source cluster have been reduced to follow the principle of least privilege. by @​dimityrmirchev [#​14372]
• [DEVELOPER] Added panic recovery to flow.Task to prevent a single task failure from crashing the entire controller. If you previously implemented custom panic recovery within your tasks, you can consider removing that custom panic recovery. by @​dergeberl [#​14606]
• [DEVELOPER] The local setup now includes a cloud-controller-manager-local, which is deployed for kind clusters (in the kube-system namespace) and for shoot clusters (in the control plane namespace). The cloud-controller-manager implements Services of type LoadBalancer by creating dedicated Docker containers listening on external IPs (automatically added to the host's loopback interface on kind cluster creation). This replaces previous hacks for implementing load balancers in provider-local and supports load balancers in shoot clusters for the first time. by @​timebertt [#​14415]
• [DEPENDENCY] Extension charts deployed on self-hosted shoot clusters may not receive .Values.gardener.seed when the shoot has not yet been promoted to a Seed. Charts should guard Seed-dependent values with {{ if .Values.gardener.seed }}. by @​rfranzke [#​14395]
• [DEPENDENCY] A new helper function BuildExtensionTypeNamespaceSelector has been introduced. It builds proper namespaces selectors for extension webhooks, based on the extension type and class attributes. by @​timuthy [#​14460]

✨ New Features

• [OPERATOR] Added spec.runtimeCluster.settings.loadBalancerServices.proxyProtocol.allowed and spec.runtimeCluster.settings.loadBalancerServices.externalTrafficPolicy to the Garden resource. When Allowed set to true, gardener-operator configures the Istio ingress gateway to terminate PROXY protocol, enabling preservation of the original client IP address for load balancers that use PROXY protocol. The explicit nature of the setting allows a seamless migration while enforcing a good security posture. ExternalTrafficPolicy allows configuring the Gateway either as Cluster (default) or Local, similar to the Seed. by @​jamand [#​14420]
• [OPERATOR] The gardener-node-agent now monitors the health of systemd units declared in the OperatingSystemConfig and reports a SystemdUnitsReady condition on the Node. Unhealthy units are surfaced on the Shoot via the EveryNodeReady condition. by @​rfranzke [#​14496]
• [USER] The Shoot spec field spec.kubernetes.kubeAPIServer.encryptionConfig.provider.type now supports the aesgcm and secretbox encryption provider types. The field is immutable. by @​AleksandarSavchev [#​14034]
• [USER] The Garden spec fields spec.virtualCluster.kubernetes.kubeAPIServer.encryptionConfig.provider.typeand spec.virtualCluster.gardener.gardenerAPIServer.encryptionConfig.provider.type now support the aesgcm and secretbox encryption provider types. The fields are immutable. by @​AleksandarSavchev [#​14034]

🐛 Bug Fixes

• [OPERATOR] The garbage collection logic now also deletes pods that are stuck due to preemption by the kubelet or scheduler. by @​rfranzke [#​14519]
• [OPERATOR] The observability setup is deleted as late as possible so that, in case an error occurs during the deletion of any components, there is still enough information available to investigate the issue. by @​iypetrov [#​14475]
• [OPERATOR] A bug was fixed where gardenadm init could fail due to a transient error while fetching the shoot-gardener-node-agent ManagedResource when the Kubernetes API server is temporarily unavailable due to static pod rollout. by @​ialidzhikov [#​14601]
• [OPERATOR] A bug has been fixed that caused unintentional ShootState creations for Shoots running on managed seed clusters (those backed by ManagedSeed objects). The affected ShootState resources are automatically cleaned up by gardenlet during start-up. by @​plkokanov [#​14666]
• [USER] Cluster-proportional autoscaling of coredns now works with Kubernetes >= 1.33 by @​ScheererJ [#​14638]
• [DEPENDENCY] The golangci-lint makefile install recipe can be used in Gardener extensions again. by @​timebertt [#​14555]

🏃 Others

• [OPERATOR] Gardener Discovery Server is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14587]
• [OPERATOR] Alertmanager is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14575]
• [OPERATOR] Vali is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14567]
• [OPERATOR] OpenTelemetry Collector is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14585]
• [OPERATOR] Use Info logging for admission denials instead of Error so that the full stack trace to every denial log entry does not get logged by @​DockToFuture [#​14561]
• [OPERATOR] Apiserver-Proxy uses a dedicated network interface apiserver-proxy for its advertised IP address. Requests from nodes such as kubelet probes will use the proper IP as per the route table again. by @​domdom82 [#​14440]
• [OPERATOR] Shoot advertised addresses are now configurable by extension components for Shoot VirtualService resources. by @​ScheererJ [#​14534]
• [OPERATOR] During Shoot reconciliation MachineDeployments are now deployed in parallel. This should speed up the reconciliation of the Worker resource. by @​plkokanov [#​14220]
• [OPERATOR] Resource limits have been removed for node-problem-detector by @​domdom82 [#​14450]
• [OPERATOR] Prometheus is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14573]
• [OPERATOR] Additional per nodegroup metrics can be exposed by cluster-autoscaler via the field .spec.kubernetes.clusterAutoscaler.emitPerNodeGroupMetrics in the Shoot API . by @​aaronfern [#​14557]
• [OPERATOR] Gardener Dashboard is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14586]
• [OPERATOR] Patch is now used to label all Machines with force-deletion: True instead of Update when the Shoot is being hibernated or deleted. Additionally, the function used to do this during the reconciliation of the Worker resource is now only executed once instead of for each MachineDeployment. by @​plkokanov [#​14220]
• [OPERATOR] The gardenadm init flow now determines Pod network availability by checking the Node's NetworkUnavailable condition instead of the shoot-core-coredns ManagedResource health. This is a prerequisite improvement for the control plane Node restoration feature. by @​ialidzhikov [#​14523]
• [OPERATOR] The following dependencies have been updated:
  • gardener/etcd-druid from v0.36.2 to v0.36.3. Release Notes
  • github.com/gardener/etcd-druid/api from v0.36.2 to v0.36.3. by @​Shreyas-s14 [#​14661]
• [OPERATOR] cluster-autoscaler now supports a new expander least-nodes from v1.31 onwards by @​aaronfern [#​14558]
• [OPERATOR] Plutono is now exposed directly via istio instead of nginx-ingress by @​ScheererJ [#​14142]
• [USER] VPN-related dashboards now show a shared crosshair on all panels. by @​domdom82 [#​14576]
• [DEVELOPER] The DinD version used in the remote local setup has been updated to v29. by @​vicwicker [#​14644]
• [DEVELOPER] make seed-down and make garden-down cleanup additional resources by @​matthias-horne [#​14547]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/prometheus/node-exporter from v1.10.2 to v1.11.1. by @​gardener-ci-robot [#​14508]
• [DEPENDENCY] The following dependencies have been updated:
  • gcr.io/istio-release/pilot from 1.29.1 to 1.29.2.
  • gcr.io/istio-release/proxyv2 from 1.29.1 to 1.29.2.
  • istio.io/api from v1.29.1 to v1.29.2. by @​gardener-ci-robot [#​14582]
• [DEPENDENCY] Update kindest/node image to v1.35.1 (Kubernetes v1.35.1, containerd v2.2.1). by @​LucaBernstein [#​14421]
• [DEPENDENCY] The following dependencies have been updated:
  • credativ/vali from v2.2.31 to v2.2.32. Release Notes by @​gardener-ci-robot [#​14611]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/kiwigrid/k8s-sidecar from 2.5.5 to 2.6.0. by @​gardener-ci-robot [#​14537]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/etcd-druid from v0.36.1 to v0.36.2. Release Notes
  • github.com/gardener/etcd-druid/api from v0.36.1 to v0.36.2. by @​gardener-ci-robot [#​14579]
• [DEPENDENCY] The following dependencies have been updated:
  • credativ/plutono from v7.5.46 to v7.5.47. Release Notes by @​gardener-ci-robot [#​14613]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/gardener-discovery-server from v0.9.0 to v0.10.0. Release Notes by @​gardener-ci-robot [#​14600]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/coredns-config-adapter from v0.5.0 to v0.6.0. Release Notes by @​gardener-ci-robot [#​14605]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/prometheus/alertmanager from v0.31.1 to v0.32.0. by @​gardener-ci-robot [#​14538]
• [DEPENDENCY] The following dependencies have been updated:
  • envoyproxy/envoy from distroless-v1.37.0 to v1.37.2. Release Notes by @​gardener-ci-robot [#​14563]

application/spdx+json

• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:4c0764b6cbd79bea391de905c444e8901f3ef901c9cc601a5b8fcf66394aa40a
• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:a4bed35099c21fb59a719a718afc1f83040d4746a7dfaf81c4442e09725bf0ab
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:549aafc0b61b16d9e7d6fa1ab0bd95bd68f0d7dfac77989be541e9551f4dc726
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:b0675085cef3786d983b6a751cff7820b6dd896e55afccd99e07cefa2891f161
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:3757e8e04a1e555abbe832c72932211b4fb766ee8f3d6ded15c9acd6a14adde9
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:68bc182b3b1cbfcbbdb26bcb9b0ac5a182e0de0b1ae785c7f0fd9947e9653ccd
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:558ae9de4cfffe41cce57e22bc8505c9f38d54e0fb8feea7b06754970b9090a3
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:ca399bfd9253860c2a8f5287aec8ecdd90b8b4fa96e8694dede72a05f0fbe263
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:47b8d427ac8f6deee19004e196c2a3396edd5010293bb1272abd7aaa2d385dae
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:88953b01d223307b0ea3e05c8df24eeb1f08e5c1883b85be42b5e5da7a2f5af3
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:97bbf8d719ee9a6a441aee3ea1690bcb054eaf5ee23b3e98ee7ba580e5732a80
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:b40af8512c84cb32e56541716cba9036152e4393e9c810d0ea109d9e89f3abe7
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:b687d0080c773f8b51d7e7fe262bd38774cace83dc175bd59e86b38d4378fa89
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:de2bed5eedb5348fb5399b7ade0ec3569a247f75a6ea532b1365cab8c84cba59
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:127276658aff87d975ce690a0a862c0073d1c119028110d0a4dcb1a71e281c50
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:637b96ae9ddebe86ce4b36cb9a275b88a5dcd6cc7a7c1ac3993d7d93c0b89374
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:118cf6da60ad6930362891b741ab79a4d596a5fc8933c2cef7f8cb9fe75653f8
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:f9aa546df5d17ae6fe8510da46bb403de6d5a594febec773258cf79886257ec6

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.141.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.141.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.141.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.141.0

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.141.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.141.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.141.0
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.141.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.141.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.141.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.141.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.141.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.141.0

v1.140.3

Compare Source

[github.com/gardener/gardener:v1.140.3]

🐛 Bug Fixes

• [OPERATOR] An issue causing the guestbook TM test to fail against IPv6 Shoot clusters in now fixed. by @​plkokanov [#​14702]
• [DEPENDENCY] The reconcileSeedWebhookConfig function now correctly reconciles both MutatingWebhookConfiguration and ValidatingWebhookConfiguration for extensions that register both mutating and validating admission webhooks. Previously, only the first configuration was reconciled due to a premature return in the loop. by @​Roncossek [#​14689]

🏃 Others

• [OPERATOR] Certain best-practice Envoy settings for HTTP2 protocol options have been applied to istio-ingressgateways. by @​oliver-goetz [#​14684]

application/spdx+json

• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:1822e85f811978fb349b74680f28221c87f4fa2d04fe0762de218b332075e992
• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:e716405933cb7b0c95dad7c8b11a124cb9b571c30895a4d2f84f9cd2771ba93e
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:1ef36f5654df729eb00af9ab0810911e3e3421f6dedaebb5608a92e16e91f41e
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:4e7a18d5e6bc47206fc791b49a86bc9771f6f66d7834e949f4fe9f067dd60e42
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:75206bf16fb2d8d00455cb980e841f21cb2cb9b1d6f6c65289868f0016aa0ff4
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:9e17e10e5233fe816fa941337079a5f0cf4971706e56b3ca41d53891f4298bc8
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:362e9f27c3ef430116f35bf61b9c978f357d19ff1adeb006dbb0806490d36804
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:4ea00980471d300bcfea2d9a14aa6e86fc7cb9576cac09d52654971e82bc13b1
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:86bcf0386b0c339a0cc6575d0a90fe35e90d2e9ed23def3cab61d0a34c920088
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:e7412d581e18a4abcd07de047e4b54d57a33a971bdb0c8ed0865bc75d4cbe95d
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:92cd70254d04d18c7344eb8ce7403bb55bf7daeac13aa3aab396584a83c1f2d2
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:d8c29267cee2c67ff2e2f763d0d30b2bb9da26b85785f62d7ee848b1be4167d4
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:4618dc33e7a7a6107a4a1a913a59227c9789bd5e0bb104fa386abc268e50e563
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:fb2981dbb5af259f7efed3fb486461e7390bc85a061da6c76bfcd0885a9daeaa
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:1392b85a90c73abb2ffc3c5de671a7ff31caacd18b6386b6830cc709eb788e9e
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:91be0a00364158cab7080cbd4f4d4c63f55e3efb518541af5ff6084606eab9b5
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:7ba50df1dc37cd310633090fca423084453a5f426e3066e2f075c047753e727c
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:85cab24d82c6cac2806c8cf94cec16274c41df98f569c0926de5b8994b837d9c

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.140.3
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.140.3
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.140.3
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.140.3

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.140.3
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.140.3
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.140.3
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.140.3
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.140.3
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.140.3
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.140.3
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.140.3
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.140.3

v1.140.2

Compare Source

[github.com/gardener/gardener:v1.140.2]

🐛 Bug Fixes

• [OPERATOR] A bug has been fixed that caused unintentional ShootState creations for Shoots running on managed seed clusters (those backed by ManagedSeed objects). The affected ShootState resources are automatically cleaned up by gardenlet during start-up. by @​tobschli [#​14652]
• [USER] Cluster-proportional autoscaling of coredns now works with Kubernetes >= 1.33 by @​ScheererJ [#​14650]

🏃 Others

• [DEPENDENCY] The following dependencies have been updated:
  • gardener/gardener-discovery-server from v0.9.0 to v0.10.0. Release Notes by @​gardener-ci-robot [#​14609]

application/spdx+json

• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:8e632c165a58e3d73b7b8d91ba20c6c9c0d56eb2c77eb51ed8f68c53b7c119ec
• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:b1bbf47c6050a0b0bd375b1caa6ed7676ab3f55c415ebf7d0b5ef6e474d6b3c0
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:3dbd103fd2bff6f557201f8c2089d835ab8690aa7c45fc2ab3ea9d246faa4d5c
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:bba291fa54adf1fee863013d8e1853eb1b69e269957837619ccb44882293d79e
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:197cc1f8adb17c6dedf2bff14cae41e2995101208b664ddea635e79410738d61
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:3f2d2108871940f6a8ad215cc221044fc27998f835ee4a4a5b486f7b0f14b080
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:666d9f776aa93a4aadc2abe094acfab8b042407255ee44f6f085e346741c3478
• gardenadm-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm@sha256:dfc8facb4841da0a19feea65952dbfc3306404ada2e595ef1ca322fd594db0c7
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:670478cf01ee601df03a77215e1c79fbda52181d4ec43c293b43cb2c4c468faf
• gardenlet-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet@sha256:e69825509720518c2419a2b701e9a9433359a4a3d067176473557d2587a4b4f6
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:0ce0315f2f8b870e9518a63a6ef3ce1d7c3b8f4871a049a5f645c7b6f1f41bb7
• node-agent-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent@sha256:38781d55c778f4b5432c5b8189b06780eebe2850085ea3268a9111ec328afba7
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:649244b2bebce7cd92c3b6db632a7e8c26a0e4a9f40670ca2ce7da7f205551f4
• operator-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/operator@sha256:b55360921c2a8c84a1897a3d64c25dfbb3f0603d0c3d9d20c516a0a2c3b76e26
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:5155120ca1aac1ce9b752b1a629fcef61c246e1e74621e3c58aead8bdfd33bac
• resource-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager@sha256:b547e944c7be9504bc0ec013beaaf507bb4794e22ceb9d925456d1eab8430849
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:44b1e433d7e7870a787774b2964657a4113ca758ac1e5a6444ea820f484ec038
• scheduler-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler@sha256:fe309373e4bd99f3a1ae293fefce589cd8a4afe69269db261ce6c1fd2986f1e4

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.140.2
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.140.2
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.140.2
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.140.2

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.140.2
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.140.2
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.140.2
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.140.2
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.140.2
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.140.2
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.140.2
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.140.2
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.140.2

v1.140.1

Compare Source

[github.com/gardener/gardener:v1.140.1]

🐛 Bug Fixes

• [DEPENDENCY] The golangci-lint makefile install recipe can be used in Gardener extensions again. by @​timebertt [#​14564]

🏃 Others

• [DEPENDENCY] The following dependencies have been updated:
  • gardener/etcd-druid from v0.36.1 to v0.36.2. Release Notes
  • github.com/gardener/etcd-druid/api from v0.36.1 to v0.36.2. by @​gardener-ci-robot [#​14581]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.140.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.140.1
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.140.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.140.1

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.140.1
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.140.1
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.140.1
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.140.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.140.1
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.140.1
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.140.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.140.1
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.140.1

v1.140.0

Compare Source

[github.com/gardener/gardener:v1.140.0]

⚠️ Breaking Changes

• [OPERATOR] The UseUnifiedHTTPProxyPort feature gate has been promoted to Beta and is enabled by default. If using the Gardener ACL Extension you need make sure that at least version v1.15.0 is installed and all Shoots are reconciled before the upgrade. by @​jamand [#​14422]
• [DEVELOPER] The generate-admin-kubeconf.sh script has been renamed to generate-kubeconfig.sh. It now supports generating both admin (default) and viewer kubeconfigs. by @​timuthy [#​14464]
• [DEVELOPER] The gardenadm machine pods have their state persisted in a unified PVC. Existing local gardenadm setups need to be recreated. To reset a local machine pod, delete both the pod and its corresponding PVC. by @​LucaBernstein [#​14359]
• [DEVELOPER] GEN_CRD_API_REFERENCE_DOCS make command has been replaced with CRD_REF_DOCS. by @​acumino [#​14324]
• [DEPENDENCY] The pkg/utils/time package is now removed. Use k8s.io/utils/clock.Clock instead. by @​shafeeqes [#​14515]

📰 Noteworthy

• [OPERATOR] The SeedAuthorizer now enforces field/label selectors for gardenlet list/watch requests on ControllerInstallation, Bastion, Gardenlet, Seed, Shoot, and ManagedSeed resources, restricting each gardenlet to only observe resources belonging to its own seed. by @​rfranzke [#​14452]
• [OPERATOR] The gardener-resource-manager's NetworkPolicy controller now only creates policies in namespaces that have pods with matching to-* labels, significantly reducing the number of NetworkPolicy objects on seeds. by @​rfranzke [#​14410]
• [OPERATOR] RemoveVali FeatureGate has been introduced. When enabled, every Vali instance will be removed. This feature gate is available for both the gardenlet and the gardener-operator. by @​rrhubenov [#​14279]
• [DEVELOPER] The sast and sast-report checks have been removed from verify and verify-extended make targets. Please call them explicitly when required. by @​oliver-goetz [#​14443]

✨ New Features

• [OPERATOR] The Project API now has a .status.conditions field for allowing controllers to report conditions on Project objects. by @​jamand [#​14403]
• [DEVELOPER] The local setup has been augmented to make the self-hosted shoot's API server directly accessible from the host machine without kubectl port-forward. A new unified hack/usage/generate-admin-kubeconfig-local.sh script supports generating kubeconfigs for both the virtual garden and the self-hosted shoot. by @​rfranzke [#​14370]

🐛 Bug Fixes

• [OPERATOR] The formatting of event-logger logs when the OpenTelemetryCollector feature gate is enabled is now partially fixed. The event-logger logs are now properly structured with fields as attributes, but to make them searchable with the unpack feature a change in the fluent-bit output plugin is required. by @​iypetrov [#​14423]
• [OPERATOR] The gardenlet reconciler in the gardener-operator now uses the virtual cluster client to fetch the pull secret and CA bundle secret. It was wrongly using the runtime cluster client earlier. by @​shafeeqes [#​14331]
• [OPERATOR] Fix a bug where the shoot-care controller cannot reconcile shoots with spec.maintenance.confineSpecUpdateRollout=true and updated DNS credentials, i.e. shoot.spec.dns.providers[].credentialsRef, until the shoot is reconciled. by @​vpnachev [#​14397]
• [USER] Fixed EveryNodeReady shoot condition incorrectly reporting NodeAgentUnhealthy for nodes not managed by MCM. by @​acumino [#​14509]
• [DEVELOPER] Pull secrets in the remote setup are labeled correctly to be automatically propagated by @​matthias-horne [#​14502]
• [DEPENDENCY] Extension shoot webhook configs are now always produced even when mergeShootWebhooksIntoSeedWebhooks is true, so that a self-hosted Shoot promoted to a Seed has the correct shoot webhooks registered. by @​rfranzke [#​14389]

🏃 Others

• [OPERATOR] Fix KubePodNotReadyControlPlane alert to not trigger for pods in Completed state. by @​adenitiu [#​14404]
• [OPERATOR] Create pull secret in garden namespace of virtual garden for remote setup. by @​DockToFuture [#​14449]
• [OPERATOR] Introduce seed reconciliation alerts. by @​adenitiu [#​14441]
• [OPERATOR] Enable notification flexibility of EtcdDbSizeLimitApproaching and EtcdDbSizeLimitCrossed alert for seeds by @​adenitiu [#​14384]
• [OPERATOR] The following dependencies have been updated:
  • gardener/autoscaler from v1.34.0 to v1.34.1. Release Notes
  • gardener/autoscaler from v1.33.0 to v1.33.1. Release Notes
  • gardener/autoscaler from v1.32.2 to v1.32.3. Release Notes
  • gardener/autoscaler from v1.31.0 to v1.31.1. Release Notes
  • gardener/autoscaler from v1.30.2 to v1.30.3. Release Notes by @​aaronfern [#​14479]
• [OPERATOR] There is now maxConnectionDuration of 1 day for connections to kube-apiserver endpoints. Their maxConnections limit has been removed. by @​oliver-goetz [#​14463]
• [DEVELOPER] The default shoot for test machinery tests was adjusted to work with Kubernetes 1.35. by @​timuthy [#​14439]
• [DEVELOPER] In the remote setup Kyverno now always adds imagePullSecret for images in the remote registry. by @​matthias-horne [#​14478]
• [DEPENDENCY] The following dependencies have been updated:
  • registry.k8s.io/autoscaling/vpa-admission-controller from 1.5.1 to 1.6.0.
  • registry.k8s.io/autoscaling/vpa-recommender from 1.5.1 to 1.6.0.
  • registry.k8s.io/autoscaling/vpa-updater from 1.5.1 to 1.6.0. by @​gardener-ci-robot [#​14036]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/machine-controller-manager from v0.61.2 to v0.61.3. Release Notes
  • github.com/gardener/machine-controller-manager from v0.61.2 to v0.61.3. by @​gardener-ci-robot [#​14453]
• [DEPENDENCY] Istio charts and images are updated to v1.29.1 by @​axel7born [#​14454]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/gardener-metrics-exporter from 0.43.0 to 0.44.0. Release Notes by @​gardener-ci-robot [#​14486]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/kiwigrid/k8s-sidecar from 2.5.0 to 2.5.5. by @​gardener-ci-robot [#​14480]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/coredns-config-adapter from v0.4.0 to v0.5.0. Release Notes by @​DockToFuture [#​14490]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.140.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.140.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.140.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.140.0

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.140.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.140.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.140.0
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.140.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.140.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.140.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.140.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.140.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.140.0

v1.139.4

Compare Source

[github.com/gardener/gardener:v1.139.4]

🐛 Bug Fixes

• [OPERATOR] An issue causing the guestbook TM test to fail against IPv6 Shoot clusters in now fixed. by @​plkokanov [#​14715]
• [DEPENDENCY] The reconcileSeedWebhookConfig function now correctly reconciles both MutatingWebhookConfiguration and ValidatingWebhookConfiguration for extensions that register both mutating and validating admission webhooks. Previously, only the first configuration was reconciled due to a premature return in the loop. by @​Roncossek [#​14687]

🏃 Others

• [OPERATOR] Certain best-practice Envoy settings for HTTP2 protocol options have been applied to istio-ingressgateways. by @​oliver-goetz [#​14686]

application/spdx+json

• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:11734fcca9c46eca915bf337b80e638bc15297cc2e3377e7d3347b7ece7d8f0c
• admission-controller-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller@sha256:7a2c70c395c4d158e005ea03aad441ce38e066cd92991c919eb3119c5568eaef
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:0669836b0b7004c4e5052bdd64f66366226d83038007e514fb860d96e2c13bd7
• apiserver-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver@sha256:39ba155f5152883751e3edd65091c4be36b9d1c0501f891476d399d9bae98f86
• controller-manager-spdx-ref: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager@sha256:27445598326ac805d67cd2e4c41ced755e72567273544cec2342b70cd7f5026f
• controller-manager-spdx-ref: `europe-docker

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

Release note:

The following dependencies have been updated:
- `github.com/gardener/gardener` from `v1.132.5` to `v1.141.1`. 

[gardener-ci-robot]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum

Command failed: go get -t ./...
go: module github.com/gardener/gardener@v1.141.1 requires go >= 1.25.7; switching to go1.25.9
go: github.com/gardener/cluster-api-provider-gardener/internal/controller/infrastructure imports
	github.com/gardener/gardener/pkg/apis/core/helper: cannot find module providing package github.com/gardener/gardener/pkg/apis/core/helper

File name: go.mod

Command failed: make generate
go: module github.com/gardener/gardener@v1.141.1 requires go >= 1.25.7; switching to go1.25.9
go: downloading go1.25.9 (linux/amd64)
go: downloading github.com/gardener/gardener v1.141.1
go: upgraded go 1.25.0 => 1.25.7
go: upgraded github.com/BurntSushi/toml v1.5.0 => v1.6.0
go: upgraded github.com/andybalholm/brotli v1.2.0 => v1.2.1
go: upgraded github.com/brunoga/deep v1.2.5 => v1.3.1
go: upgraded github.com/coreos/go-systemd/v22 v22.6.0 => v22.7.0
go: upgraded github.com/cyphar/filepath-securejoin v0.6.0 => v0.6.1
go: upgraded github.com/fluent/fluent-operator/v3 v3.5.0 => v3.7.0
go: upgraded github.com/gardener/cert-management v0.19.0 => v0.22.0
go: upgraded github.com/gardener/etcd-druid/api v0.33.0 => v0.36.3
go: upgraded github.com/gardener/machine-controller-manager v0.60.2 => v0.61.3
go: upgraded github.com/go-jose/go-jose/v4 v4.1.3 => v4.1.4
go: upgraded github.com/go-openapi/errors v0.22.3 => v0.22.7
go: upgraded github.com/go-openapi/jsonpointer v0.22.1 => v0.22.5
go: upgraded github.com/go-openapi/jsonreference v0.21.2 => v0.21.5
go: upgraded github.com/go-openapi/swag v0.23.1 => v0.25.4
go: upgraded github.com/go-openapi/swag/jsonname v0.25.1 => v0.25.5
go: upgraded github.com/goccy/go-yaml v1.18.0 => v1.19.2
go: upgraded github.com/google/cel-go v0.26.0 => v0.27.0
go: upgraded github.com/google/gnostic-models v0.7.0 => v0.7.1
go: upgraded github.com/google/pprof v0.0.0-20250501235452-c0086092b71a => v0.0.0-20260115054156-294ebfa9ad83
go: upgraded github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7 => v2.28.0
go: upgraded github.com/labstack/echo/v4 v4.13.4 => v4.15.1
go: upgraded github.com/mailru/easyjson v0.9.0 => v0.9.1
go: upgraded github.com/moby/spdystream v0.5.0 => v0.5.1
go: upgraded github.com/onsi/ginkgo/v2 v2.27.1 => v2.28.1
go: upgraded github.com/onsi/gomega v1.38.2 => v1.39.1
go: upgraded github.com/perses/common v0.27.1-0.20250326140707-96e439b14e0e => v0.30.2
go: upgraded github.com/perses/perses v0.51.0 => v0.53.0
go: upgraded github.com/perses/perses-operator v0.2.0 => v0.3.2
go: upgraded github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring v0.86.2 => v0.89.0
go: upgraded github.com/prometheus/common v0.67.2 => v0.67.5
go: upgraded github.com/prometheus/otlptranslator v0.0.2 => v1.0.0
go: upgraded github.com/prometheus/procfs v0.17.0 => v0.20.1
go: upgraded github.com/sirupsen/logrus v1.9.3 => v1.9.4
go: upgraded github.com/spf13/cobra v1.10.1 => v1.10.2
go: upgraded github.com/zitadel/oidc/v3 v3.38.1 => v3.45.4
go: upgraded github.com/zitadel/schema v1.3.1 => v1.3.2
go: upgraded go.etcd.io/etcd/api/v3 v3.6.4 => v3.6.5
go: upgraded go.etcd.io/etcd/client/pkg/v3 v3.6.4 => v3.6.5
go: upgraded go.etcd.io/etcd/client/v3 v3.6.4 => v3.6.5
go: upgraded go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.60.0 => v0.63.0
go: upgraded go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 => v0.67.0
go: upgraded go.opentelemetry.io/contrib/otelconf v0.18.0 => v0.22.0
go: upgraded go.opentelemetry.io/otel v1.40.0 => v1.43.0
go: upgraded go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.14.0 => v0.18.0
go: upgraded go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.14.0 => v0.19.0
go: upgraded go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.38.0 => v1.42.0
go: upgraded go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.38.0 => v1.43.0
go: upgraded go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.40.0 => v1.43.0
go: upgraded go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0 => v1.42.0
go: upgraded go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.38.0 => v1.43.0
go: upgraded go.opentelemetry.io/otel/exporters/prometheus v0.60.0 => v0.64.0
go: upgraded go.opentelemetry.io/otel/exporters/stdout/stdoutlog v0.14.0 => v0.18.0
go: upgraded go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.38.0 => v1.42.0
go: upgraded go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.38.0 => v1.42.0
go: upgraded go.opentelemetry.io/otel/log v0.14.0 => v0.19.0
go: upgraded go.opentelemetry.io/otel/metric v1.40.0 => v1.43.0
go: upgraded go.opentelemetry.io/otel/sdk v1.40.0 => v1.43.0
go: upgraded go.opentelemetry.io/otel/sdk/log v0.14.0 => v0.19.0
go: upgraded go.opentelemetry.io/otel/sdk/metric v1.40.0 => v1.43.0
go: upgraded go.opentelemetry.io/otel/trace v1.40.0 => v1.43.0
go: upgraded go.opentelemetry.io/proto/otlp v1.9.0 => v1.10.0
go: upgraded go.uber.org/zap v1.27.0 => v1.27.1
go: upgraded golang.org/x/crypto v0.47.0 => v0.50.0
go: upgraded golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 => v0.0.0-20260218203240-3dfff04db8fa
go: upgraded golang.org/x/mod v0.31.0 => v0.35.0
go: upgraded golang.org/x/net v0.49.0 => v0.53.0
go: upgraded golang.org/x/oauth2 v0.34.0 => v0.36.0
go: upgraded golang.org/x/sync v0.19.0 => v0.20.0
go: upgraded golang.org/x/sys v0.40.0 => v0.43.0
go: upgraded golang.org/x/telemetry v0.0.0-20251203150158-8fff8a5912fc => v0.0.0-20260409153401-be6f6cb8b1fa
go: upgraded golang.org/x/term v0.39.0 => v0.42.0
go: upgraded golang.org/x/text v0.33.0 => v0.36.0
go: upgraded golang.org/x/time v0.14.0 => v0.15.0
go: upgraded golang.org/x/tools v0.40.0 => v0.44.0
go: upgraded google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 => v0.0.0-20260401024825-9d38bb4040a9
go: upgraded google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 => v0.0.0-20260401024825-9d38bb4040a9
go: upgraded google.golang.org/grpc v1.79.3 => v1.80.0
go: upgraded helm.sh/helm/v3 v3.19.1 => v3.20.2
go: upgraded istio.io/api v1.27.3 => v1.29.2
go: upgraded istio.io/client-go v1.27.2 => v1.29.2
go: upgraded k8s.io/api v0.34.1 => v0.35.4
go: upgraded k8s.io/apiextensions-apiserver v0.34.1 => v0.35.4
go: upgraded k8s.io/apimachinery v0.34.1 => v0.35.4
go: upgraded k8s.io/apiserver v0.34.1 => v0.35.4
go: upgraded k8s.io/autoscaler/vertical-pod-autoscaler v1.5.1 => v1.6.0
go: upgraded k8s.io/client-go v0.34.1 => v0.35.4
go: upgraded k8s.io/cluster-bootstrap v0.34.1 => v0.35.4
go: upgraded k8s.io/code-generator v0.34.1 => v0.35.4
go: upgraded k8s.io/component-base v0.34.1 => v0.35.4
go: upgraded k8s.io/gengo/v2 v2.0.0-20250820003526-c297c0c1eb9d => v2.0.0-20251215205346-5ee0d033ba5b
go: upgraded k8s.io/klog/v2 v2.130.1 => v2.140.0
go: upgraded k8s.io/kms v0.34.1 => v0.35.4
go: upgraded k8s.io/kube-aggregator v0.34.1 => v0.35.4
go: upgraded k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 => v0.0.0-20260127142750-a19766b6e2d4
go: upgraded k8s.io/kubelet v0.34.1 => v0.35.4
go: upgraded k8s.io/metrics v0.34.1 => v0.35.4
go: upgraded k8s.io/pod-security-admission v0.34.1 => v0.35.4
go: upgraded k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 => v0.0.0-20260319190234-28399d86e0b5
go: upgraded sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.3 => v0.33.0
go: upgraded sigs.k8s.io/controller-runtime v0.22.4 => v0.23.3
go: upgraded sigs.k8s.io/controller-tools v0.19.0 => v0.20.1
go: downloading go1.25.7 (linux/amd64)
go: downloading sigs.k8s.io/cluster-api v1.11.10
go: downloading github.com/pkg/errors v0.9.1
go: downloading github.com/spf13/pflag v1.0.10
go: downloading k8s.io/api v0.35.4
go: downloading k8s.io/apiextensions-apiserver v0.35.4
go: downloading k8s.io/apimachinery v0.35.4
go: downloading k8s.io/client-go v0.35.4
go: downloading k8s.io/component-base v0.35.4
go: downloading k8s.io/klog/v2 v2.140.0
go: downloading k8s.io/utils v0.0.0-20260319190234-28399d86e0b5
go: downloading k8s.io/klog v1.0.0
go: downloading sigs.k8s.io/controller-runtime v0.23.3
go: downloading sigs.k8s.io/randfill v1.0.0
go: downloading k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4
go: downloading sigs.k8s.io/structured-merge-diff/v6 v6.3.2
go: downloading github.com/spf13/cobra v1.10.2
go: downloading github.com/go-logr/logr v1.4.3
go: downloading github.com/prometheus/client_golang v1.23.2
go: downloading golang.org/x/text v0.36.0
go: downloading github.com/blang/semver/v4 v4.0.0
go: downloading k8s.io/apiserver v0.35.4
go: downloading github.com/fsnotify/fsnotify v1.9.0
go: downloading github.com/evanphx/json-patch/v5 v5.9.11
go: downloading gomodules.xyz/jsonpatch/v2 v2.5.0
go: downloading sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730
go: downloading gopkg.in/inf.v0 v0.9.1
go: downloading github.com/json-iterator/go v1.1.13-0.20220915233716-71ac16282d12
go: downloading go.yaml.in/yaml/v2 v2.4.3
go: downloading github.com/inconshreveable/mousetrap v1.1.0
go: downloading github.com/google/go-cmp v0.7.0
go: downloading github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
go: downloading github.com/go-logr/zapr v1.3.0
go: downloading go.uber.org/zap v1.27.1
go: downloading github.com/onsi/gomega v1.39.1
go: downloading github.com/emicklei/go-restful/v3 v3.13.0
go: downloading golang.org/x/term v0.42.0
go: downloading github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
go: downloading golang.org/x/net v0.53.0
go: downloading github.com/go-openapi/jsonreference v0.21.5
go: downloading github.com/go-openapi/swag v0.25.4
go: downloading github.com/google/gnostic-models v0.7.1
go: downloading github.com/gobuffalo/flect v1.0.3
go: downloading golang.org/x/oauth2 v0.36.0
go: downloading github.com/beorn7/perks v1.0.1
go: downloading github.com/cespare/xxhash/v2 v2.3.0
go: downloading github.com/prometheus/client_model v0.6.2
go: downloading github.com/prometheus/common v0.67.5
go: downloading github.com/prometheus/procfs v0.20.1
go: downloading golang.org/x/sys v0.43.0
go: downloading google.golang.org/protobuf v1.36.11
go: downloading github.com/Masterminds/sprig/v3 v3.3.0
go: downloading golang.org/x/time v0.15.0
go: downloading github.com/google/btree v1.1.3
go: downloading golang.org/x/sync v0.20.0
go: downloading github.com/fxamacker/cbor/v2 v2.9.0
go: downloading github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd
go: downloading github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee
go: downloading github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
go: downloading go.uber.org/multierr v1.11.0
go: downloading github.com/google/cel-go v0.27.0
go: downloading github.com/MakeNowJust/heredoc v1.0.0
go: downloading sigs.k8s.io/yaml v1.6.0
go: downloading k8s.io/cluster-bootstrap v0.35.4
go: downloading github.com/go-openapi/jsonpointer v0.22.5
go: downloading github.com/go-openapi/swag/cmdutils v0.25.4
go: downloading github.com/go-openapi/swag/conv v0.25.5
go: downloading github.com/go-openapi/swag/fileutils v0.25.5
go: downloading github.com/go-openapi/swag/jsonname v0.25.5
go: downloading github.com/go-openapi/swag/jsonutils v0.25.5
go: downloading github.com/go-openapi/swag/loading v0.25.5
go: downloading github.com/go-openapi/swag/mangling v0.25.5
go: downloading github.com/go-openapi/swag/netutils v0.25.4
go: downloading github.com/go-openapi/swag/stringutils v0.25.5
go: downloading github.com/go-openapi/swag/typeutils v0.25.5
go: downloading github.com/go-openapi/swag/yamlutils v0.25.5
go: downloading go.yaml.in/yaml/v3 v3.0.4
go: downloading dario.cat/mergo v1.0.2
go: downloading github.com/Masterminds/goutils v1.1.1
go: downloading github.com/Masterminds/semver/v3 v3.4.0
go: downloading github.com/google/uuid v1.6.0
go: downloading github.com/huandu/xstrings v1.5.0
go: downloading github.com/mitchellh/copystructure v1.2.0
go: downloading github.com/shopspring/decimal v1.4.0
go: downloading github.com/spf13/cast v1.10.0
go: downloading golang.org/x/crypto v0.50.0
go: downloading github.com/x448/float16 v0.8.4
go: downloading go.opentelemetry.io/otel/trace v1.43.0
go: downloading go.opentelemetry.io/otel v1.43.0
go: downloading github.com/NYTimes/gziphandler v1.1.1
go: downloading google.golang.org/genproto/googleapis/api v0.0.0-20260401024825-9d38bb4040a9
go: downloading cel.dev/expr v0.25.1
go: downloading github.com/mitchellh/reflectwalk v1.0.2
go: downloading go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.67.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.42.0
go: downloading go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.43.0
go: downloading go.opentelemetry.io/otel/sdk v1.43.0
go: downloading gopkg.in/evanphx/json-patch.v4 v4.13.0
go: downloading github.com/valyala/fastjson v1.6.10
go: downloading google.golang.org/genproto/googleapis/rpc v0.0.0-20260401024825-9d38bb4040a9
go: downloading github.com/antlr4-go/antlr/v4 v4.13.1
go: downloading github.com/felixge/httpsnoop v1.0.4
go: downloading go.opentelemetry.io/otel/metric v1.43.0
go: downloading github.com/kylelemons/godebug v1.1.0
go: downloading go.opentelemetry.io/proto/otlp v1.10.0
go: downloading google.golang.org/grpc v1.80.0
go: downloading sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.33.0
go: downloading golang.org/x/exp v0.0.0-20260218203240-3dfff04db8fa
go: downloading github.com/cenkalti/backoff/v5 v5.0.3
go: downloading github.com/grpc-ecosystem/grpc-gateway/v2 v2.28.0
go: downloading github.com/go-logr/stdr v1.2.2
go: downloading go.opentelemetry.io/auto/sdk v1.2.1
missing go.sum entry for module providing package sigs.k8s.io/controller-tools/cmd/controller-gen; to add:
	go mod download sigs.k8s.io/controller-tools
make: *** [/home/ubuntu/go/pkg/mod/github.com/gardener/gardener@v1.141.1/hack/tools.mk:147: /tmp/renovate/repos/github/gardener/cluster-api-provider-gardener/hack/tools/bin/linux-amd64/controller-gen] Error 1

[gardener-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign rfranzke for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gardener-prow]

@gardener-ci-robot: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cluster-api-provider-gardener-unit	b38ff41	link	true	/test pull-cluster-api-provider-gardener-unit
pull-cluster-api-provider-gardener-e2e-kind	b38ff41	link	true	/test pull-cluster-api-provider-gardener-e2e-kind

Full PR test history. Your PR dashboard. Command help for this repository.
Please help us cut down on flakes by linking this test failure to an open flake report or filing a new flake report if you can't find an existing one. Also see our testing guideline for how to avoid and hunt flakes.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.