chore(deps): bump github.com/gardener/gardener from 1.117.5 to 1.120.0

[dependabot]

Bumps github.com/gardener/gardener from 1.117.5 to 1.120.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.120.0

[gardener/gardener]

⚠️ Breaking Changes

• [DEPENDENCY] The machinecontrollermanager.ProviderSidecarContainer now expects additional shoot and controlPlaneNamespace params. In controlplane webhooks, extensions can use GardenContext.GetCluster to retrieve the shoot from the Cluster object. by @​timebertt #12152
• [OPERATOR] The graduated and unconditionally enabled ShootForceDeletion feature gate has been removed. If you have references to the feature gate, clean them up before upgrading to this version of Gardener. by @​acumino #12078
• [OPERATOR] The field .seedConfig.spec.backup.credentialsRef/secretRef will no longer be defaulted in GardenletConfiguration when backup is configured but reference to credentials is not provided. Operators are responsible to provide a valid credentials reference when configuring backup for seeds. Please consult the deploy gardenlet documentation for more information. by @​dimityrmirchev #12087
• [OPERATOR] The BackupBucket API field spec.secretRef has been deprecated and will be removed in a future version of Gardener in favor of spec.credentialsRef, please adapt your BackupBucket manifests to use the new credentialsRef field. by @​vpnachev #12032
• [OPERATOR] A new field, clusterCompatibility, has been added to the Extension API. If your landscape is managed by gardener-operator and your garden specifies spec.extensions, please add the garden cluster type value to your corresponding Extension resources. by @​timuthy #11982
• [DEVELOPER] WorkerPoolHash now includes a new parameter additionalDataInPlace to support hash calculation for worker pools using the InPlace update strategy. by @​acumino #12178
• [DEVELOPER] The already deprecated github.com/gardener/gardener/pkg/utils/gardener.ReconcileTopologyAwareRoutingMetadata func is now removed. Instead, use github.com/gardener/gardener/pkg/utils/gardener.ReconcileTopologyAwareRoutingSettings. by @​ialidzhikov #12091

📰 Noteworthy

• [DEVELOPER] The Shoot Pod autoscaling best practices guide now recommends for a container under VPA to not set initial resource requests less than VPA's minAllowed or 10m and 10Mi. 10m and 10Mi are the minimum resources VPA can recommend for a Pod (for a Pod, not a container). When a Pod with a single container under VPA defines initial resource requests less than VPA's minAllowed or 10m and 10Mi, it gets evicted right away so that the Pod minimum recommendation gets applied. by @​ialidzhikov #12030
• [DEVELOPER] The .spec.purpose field in the ControlPlane resource is now deprecated and will be removed in Gardener v1.123. In the times before SNI was introduced and unconditionally enabled it was previously used to manage control plane exposure. by @​theoddora #12161
• [OPERATOR] The field globallyEnabled in the Extension and ControllerRegistration APIs is deprecated and will be removed in Gardener v1.122. Please use autoEnable instead. by @​timuthy #11982
• [OPERATOR] The initial resource requests of etcd container are reduced as follows:
  • etcd-events/etcd: from 300m, 1G to 30m, 150M
  • etcd-main/etcd: from 300m, 1G to 150m, 500M by @​chungtd203338 #11911

✨ New Features

• [OPERATOR] New configuration options were added to Extension and ControllerRegistration APIs:

  • autoEnable controls which cluster types an extension is automatically enabled (previously globallyEnabled - deprecated now)
  • clusterCompatibility controls which cluster types an extension is compatible with.

  Both fields are supposed to be set for kind: Extension and accept the cluster types shoot, seed and garden. by @​timuthy #11982

• [OPERATOR] The Garden resource has been enhanced with a new field, spec.VirtualCluster.ETCD.Main.Backup.Region, which enables the configuration of the backup bucket region. Previously, the region was derived from the provider (spec.runtimeCluster.provider.region). This behavior remains as a fallback if the backup region is not explicitly specified. by @​timuthy #12186

• [OPERATOR] The BackupBucket API feature new field spec.credentialsRef, it is of type corev1.ObjectReference and is allowed to refer to a Secret. by @​vpnachev #12032

• [USER] It's now possible to configure the MaxParallelImagePulls field for the kubelet configuration in the Shoot spec via the .spec.{provider.workers[]}.kubernetes.kubelet.maxParallelImagePulls field. by @​theoddora #12093

• [DEVELOPER] BackupBucket extension controllers: Instead of always creating the Secret referenced in .status.generatedSecretRef in the garden namespace, the controller should read the annotation backupbucket.extensions.gardener.cloud/generated-secret-ref-namespace and use its value. by @​rfranzke #12123

• [DEVELOPER] The cloud provider Secret is now deployed into the autonomous shoot cluster (if specified). by @​ScheererJ #12146

🐛 Bug Fixes

• [USER] gardenlet: An issue causing the CA bundle on the Nodes to contain wrong certificates when a worker specifies a custom CA bundle (spec.provider.workers[].caBundle) is now fixed. by @​dimitar-kostadinov #12150
• [OPERATOR] The deletion of NamespacedCloudProfiles has been fixed. Previously, users could not delete these resources if objects with the same name but in different namespaces existed in the landscape. Gardener incorrectly reported them as still being referenced by shoot clusters. by @​timuthy #12188
• [OPERATOR] Fixed a bug that caused the gardener operator to never reconcile the Garden object, when there was no gardenerDashboard defined. by @​Wieneo #12153

🏃 Others

• [DEVELOPER] The github.com/gardener/gardener/pkg/component/nodemanagement/machinecontrollermanager.ProviderSidecarContainer func does now set initial resource requests for the machine-controller-manager provider sidecar container in order to avoid unnecessary VPA eviction for the machine-controller-manager Pod after the first VPA recommendation. by @​ialidzhikov #12160
• [DEVELOPER] GEP-34 Introducing OpenTelemetry Operator and Collectors in Shoot Control Planes by @​nickytd #11861
• [DEVELOPER] Remove unused codepath from the hack/.ci/component_descriptor script. by @​ccwienk #12173
• [DEVELOPER] Shoot creation test supports using CredentialsBindings. by @​hendrikKahl #12190
• [OPERATOR] Fix a race condition in dual-stack migration where kube-dns service gets created with an arbitrary assigned IPv6 clusterIP address. by @​DockToFuture #12170
• [OPERATOR] The terminal-controller-manager no longer needs to list Secrets from the (virtual) garden cluster. by @​petersutter #12145
• [OPERATOR] gardener-node-agent now executes readiness probe when the registry config is updated. Previously, the readiness probe was not executed if the corresponding hosts.toml file was present. by @​ialidzhikov #11864
• [OPERATOR] Obsolete journald-kubelet-monitor ClusterFilter and ClusterInput resources are now deleted. The systemd unit kubelet-monitor was replaced by a healthcheck controller in the gardener-node-agent in Gardener v1.87.0. by @​ialidzhikov #12094
• [OPERATOR] Field garden.spec.virtualCluster.kubernetes.kubeAPIServer.sni.secretName has been made optional. Instead gardener-operator falls back to a gardener.cloud/role: garden-cert labelled secret for the SNI setup. by @​timuthy #12133
• [OPERATOR] The etcd VerticalPodAutoscaler resources now target the Etcd instead of the StatefulSet resource. On the first Seed reconciliation that deploys etcd-druid@v0.30 etcd VerticalPodAutoscaler resources might be not operating for up to 10min due to this migration of the VerticalPodAutoscaler target from the StatefulSet to the Etcd resource. by @​shreyas-s-rao #12176
• [OPERATOR] The cpu resource requests for cluster-autoscaler, gardener-resource-manager, kube-controller-manager, kube-scheduler and machine-controller-manager is increased from 5m to 10m in order to avoid unnecessary VPA eviction for these components after the first VPA recommendation. by @​ialidzhikov #12148

... (truncated)

Commits

• 08f02a3 Release v1.120.0
• 4bb4282 remove terraformer limits (#12200)
• 754ddd4 Add TODO for follow-up regarding authorizer decision caches (#12197)
• 87785b5 Add zip utility to golang-test container image. (#12203)
• c7d6189 Clarify k8s version when setting anonymous authentication via StructuredAuthe...
• 71667aa testmachinery: support credentials bindings (#12190)
• 8927cdf Update etcd-druid to v0.30.1 (#12176)
• b236e35 [GEP-31] Add usage doc for in-place update (#12005)
• b517e10 [GEP-31] Introduce separate GNA Key and Worker Pool Hash calculation for in-P...
• 4f3300d gardenlet: Prevent CA bundle on the Nodes to contain wrong certificates when ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #759.