Bump github.com/gardener/gardener from 1.83.1 to 1.84.0

[dependabot]

Bumps github.com/gardener/gardener from 1.83.1 to 1.84.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.84.0

[gardener/machine-controller-manager]

🐛 Bug Fixes

• [OPERATOR] Removes node.machine.sapcloud.io/not-managed-by-mcm annotation from nodes managed by the MCM. by @​elankathgardener/machine-controller-manager#866

🏃 Others

• [OPERATOR] The default machine-safety-orphan-vms-period has been reduced from 30m to 15m. by @​elankathgardener/machine-controller-manager#866

[gardener/gardener]

⚠️ Breaking Changes

• [DEVELOPER] New Secrets referenced in ManagedResources will no longer be patched with the label resources.gardener.cloud/garbage-collectable-reference when the ManagedResource is reconciled. Secrets which already exist in the ManagedResource specification will still be patched if necessary. by @​dimityrmirchev #8788
• [OPERATOR] ⚠️ The deprecated fields spec.settings.dependencyWatchdog.endpoint and spec.settings.dependencyWatchdog.probe have been removed from the Seed API. Please check your Seeds and remove any usage before upgrading to this Gardener version. by @​himanshu-kun #8747
• [USER] A validation rule was added that forbids changing the primary DNS provider in .spec.dns.providers as soon as the shoot was scheduled. by @​timuthy #8761

📰 Noteworthy

• [DEVELOPER] The Secret reconciler in gardener-resource-manager will now always remove its finalizer (if present). by @​Kostov6 #8745
• [DEVELOPER] Vendoring has been removed from the project, i.e., there is no vendor folder anymore. by @​afritzler #8775

✨ New Features

• [OPERATOR] The deltaSnapshotRetentionPeriod parameter has been introduced in the etcdConfig section of the GardenletConfiguration. This new feature allows users to configure the retention period for delta snapshots in the ETCD component. By making the delta snapshot retention period configurable, we provide a more flexible debugging experience. Delta snapshots can now be retained for a user-defined duration, offering a valuable window for reviewing changes in case of any issues. by @​seshachalam-yv #8659
• [OPERATOR] Enabled the node-exporter's textfile collector. It will parse files matching the *.prom glob in the /var/lib/node-exporter/textfile-collector directory and load metrics from them so that they can be scraped by prometheus. by @​plkokanov #8721
• [OPERATOR] Condition handling was improved for Shoots of ManagedSeeds. Earlier, when unknown conditions were removed from seeds (e.g. maintained by third-party components), the affected condition was still present in the shoot's conditions. by @​timuthy #8736
• [USER] The kube-controller-manager controllers are now disabled based on disabled APIs, which can be configured with spec.kubernetes.kubeAPIServer.runtimeConfig field in the Shoot API. All controllers are enabled by default for Shoot with workers. For workerless Shoots, some non-required APIs are disabled by default, which can be overridden by the above configuration. by @​shafeeqes #8763
• [DEVELOPER] Use ginkgolinter instead of self baked gomegacheck by @​afritzler #8769

🐛 Bug Fixes

• [DEVELOPER] A bug causing the crd generation for druid.gardener.cloud group to fail in extensions is now fixed. by @​shafeeqes #8789
• [OPERATOR] During the restore phase of control plane migration, the machine-controller-manager is deployed with 0 replicas if it did not exist before or if it existed and was not scaled up yet. This fixes an issue that could cause the Shoot's nodes to get recreated during control plane migration. by @​plkokanov #8742

🏃 Others

• [OPERATOR] Control plane components kube-apiserver, kube-controller-manager and kube-scheduler now run as nonroot user and group 65532. by @​AleksandarSavchev #8690
• [OPERATOR] The credentials (CA) rotation has been made more robust. In some cases, the Shoot reconciliation stuck at Deploying main and events etcd when the rotation was in Preparing phase. by @​timuthy #8795
• [OPERATOR] Control plane components kube-apiserver, kube-controller-manager and kube-scheduler now mount key files with DefaultMode set to 416(0640 permissions). by @​AleksandarSavchev #8790
• [OPERATOR] Plutono is updated to v7.5.26.
  Vali is updated to v2.2.11.
  Kube-rbac-proxy is updated to v0.15.0. by @​nickytd #8799
• [OPERATOR] The registry of the prometheus-operator image is switched from ghcr (ghcr.io/prometheus-operator/prometheus-config-reloader) to quay.io (quay.io/prometheus-operator/prometheus-config-reloader) because the ghcr does not support image pulls over IPv6. by @​ialidzhikov #8751
• [OPERATOR] gardener-apiserver and gardener-admission-controller now mount key files with DefaultMode set to 416(0640 permissions). by @​AleksandarSavchev #8790
• [OPERATOR] NewClientForShoot creates a client with a rest mapper using LazyDiscovery. by @​acumino #8781
• [OPERATOR] Shoot control plane prometheus is now scraping kubelet volume metrics (kubelet_volume_stats_available_bytes, kubelet_volume_stats_capacity_bytes and kubelet_volume_stats_used_bytes) from the kube-system namespace. This allows Gardener extensions deploying PVCs to the Shoot's kube-system namespace (such as the registry-cache extension) to build alerting and plutono dashboard panels using these kubelet volume metrics. by @​ialidzhikov #8798
• [OPERATOR] Prepare shared component_descriptor script for migration from GCR to Artifact Registry. by @​ccwienk #8755
• [OPERATOR] metrics exposed by cluster autoscaler now scraped by prometheus by @​aaronfern #8750
• [DEVELOPER] The component checklist is enhanced with 2 new rules for container images:
  • Do not use container images from registries that don't support IPv6 - registries such as GHCR, ECR, MCR don't support image pulls over IPv6
  • Do not use Shoot container images that are not multi-arch by @​ialidzhikov #8770

Docker Images

... (truncated)

Commits

• fb7838f Release v1.84.0
• b0681e5 Deprecated OS common package ignores files with image ref (#8828)
• 9d94f61 Do not try recreating secrets in terminating namespaces (#8820)
• 428302c [node-agent] Refactor files handling in OperatingSystemConfig API (#8814)
• c675f5b Use annotation for old secret name instead of label (#8818)
• dc2cf26 Log a minor retriable error as info instead of an error (#8746)
• d0b2a83 Recreate managed resource secrets that have deletion timestamp (#8812)
• 524084c Refactoring: Remove vendoring from project (#8775)
• 328f202 Pull provider-local coredns from k8s registry (#8813)
• 36826b6 Configure 0640 permissions to mounted key files on Control plane componen...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)