chore(deps): bump github.com/gardener/gardener from 1.117.5 to 1.119.0

[dependabot]

Bumps github.com/gardener/gardener from 1.117.5 to 1.119.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.119.0

[gardener/gardener]

⚠️ Breaking Changes

• [OPERATOR] The already deprecated autoscaling.k8s.io/v1beta2 API version is no longer served. Before upgrading to this version of Gardener, make sure that all components use the autoscaling.k8s.io/v1 API version for managing VerticalPodAutoscaler resources. by @​ialidzhikov #11840
• [OPERATOR] The support for the already deprecated shoot.gardener.cloud/managed-seed-api-server annotation is now removed. Instead, consider enabling high availability for the ManagedSeed's Shoot control plane. by @​ialidzhikov #11838
• [USER] The already deprecated autoscaling.k8s.io/v1beta2 API version is no longer served. Instead, use the autoscaling.k8s.io/v1 API version for managing VerticalPodAutoscaler resources. by @​ialidzhikov #11840

📰 Noteworthy

• [USER] The spec.kubernetes.kubeAPIServer.enableAnonymousAuthentication field in the Shoot API is deprecated and will be removed in a future release. Before removal, it will be forbidden to set the field when using a future Kubernetes version that graduates the feature gate AnonymousAuthConfigurableEndpoints. by @​marc1404 #11984
• [OPERATOR] The RemoveAPIServerProxyLegacyPort feature gate has been promoted to beta and is now turned on by default. by @​Wieneo #11902

✨ New Features

• [OPERATOR] Garden.spec.virtualCluster.gardener.gardenerDashboard.ingress.enabled can now be used to control whether the gardener-operator should deploy a Ingress resource for the dashboard. by @​Wieneo #12002
• [OPERATOR] Garden.spec.virtualCluster.gardener.gardenerDashboard.oidcConfig.certificateAuthoritySecretRef can now be used to specify a secret containing a custom CA certificate for talking to the OIDC endpoint. The certificate must be stored under the ca.crt key. by @​Wieneo #11967
• [OPERATOR] Gardener supports gardener-node-agent images built by ko. by @​timebertt #12021
• [OPERATOR] It is now possible forcing gardener-operator to re-deploy gardenlets by annotating the responsible seedmanagement.gardener.cloud/v1alpha1.Gardenlet resource with gardener.cloud/operation=force-redeploy. Read all about it here. by @​rfranzke #11972

🐛 Bug Fixes

• [OPERATOR] gardenlet's shoot-care controller : An issue causing gardenlet to report a misleading reason (NodesScalingDown) during rolling update of Shoot Nodes is now fixed. by @​RadaBDimitrova #11869
• [DEVELOPER] Fix extension webhook registration for autonomous shoot clusters. by @​ScheererJ #12040

🏃 Others

• [OPERATOR] It is now ensured that extension admission webhooks have validated WorkloadIdentitys/Secrets referenced in Shoots. by @​rfranzke #12075
• [OPERATOR] Annotations and labels are now ignored when creating referenced resources in the shoot control plane namespaces in seed clusters. by @​rfranzke #12064
• [OPERATOR] Set minAllowed CPU to 150m for prometheus-shoot to avoid frequent evictions by @​voelzmo #12069
• [OPERATOR] A new check ensures that only owners and project members with a UAM role are allowed to modify the project owner. by @​timuthy #12082
• [OPERATOR] The utilization of the VPN containers running in the seed is now improved by adapting their initial/static requests and by changing the corresponding VPA configuration:
  • autoscaling is disabled for the vpn-seed-server and openvpn-exporter containers
  • initial/static resource requests are reduced
  • limits are removed
  • minAllowed for the envoy-proxy container is removed by @​axel7born #12023
• [OPERATOR] Remove sum for VPA Pod metrics in 'recommendations' dashboard by @​voelzmo #12057
• [OPERATOR] Spreading Istio ingress-gateway pods across hosts is enforced only for zonal Istio deployments now. by @​oliver-goetz #12007
• [OPERATOR] kube-proxy no longer fails its readiness probe in case the node is about to be deleted by cluster-autoscaler. by @​ScheererJ #12015
• [DEPENDENCY] The following dependencies have been updated:
  • gcr.io/istio-release/pilot from 1.25.2 to 1.25.3.
  • gcr.io/istio-release/proxyv2 from 1.25.2 to 1.25.3.
  • istio.io/api from v1.25.2 to v1.25.3. by @​gardener-ci-robot #12074
• [DEPENDENCY] The following dependencies have been updated:
  • envoyproxy/envoy from v1.34.0 to v1.34.1. Release Notes by @​gardener-ci-robot #12024
• [DEVELOPER] The admission-local deployment was fixed to work with KinD based test setup. by @​timuthy #12106

📖 Documentation

• [USER] Dual-Stack Migration documentation now clearly states the precondition of overlay removal. by @​ScheererJ #12053

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.119.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.119.0

... (truncated)

Commits

• 69fc069 Release v1.119.0
• 7040450 Update dependency gardener/dashboard to v1.80.2 (#12120)
• c663684 Fix network policy for admission-local (#12116)
• 61de528 Revert "Use Role/RoleBinding to provide RBAC permissions to MCM/CA pod inst...
• 97e817c Fix admission-local deployment (#12105)
• a635858 [GEP-28] Prevent flaky e2e tests (#12085)
• 62a06cc Update dependency projectcalico/calico to v3.30.0 (#12017)
• cff94f7 [GEP-31] Add TM test for worker pools with InPlace update strategy (#11990)
• fb3f728 Restrict project owner change (#12062)
• c003646 Improve utilization of vpn-seed-server, vpn-client-* and vpn-path-controller....
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #756.