Skip to content

Update k8s packages (minor) #149

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update k8s packages (minor) #149

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jun 11, 2025
edited
Loading

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package Change Age Confidence
github.com/gardener/gardener v1.117.6 -> v1.128.2 age confidence
k8s.io/api v0.32.9 -> v0.34.1 age confidence
k8s.io/apiextensions-apiserver v0.32.9 -> v0.34.1 age confidence
k8s.io/apimachinery v0.32.9 -> v0.34.1 age confidence
k8s.io/client-go v0.32.9 -> v0.34.1 age confidence
k8s.io/code-generator v0.32.9 -> v0.34.1 age confidence
k8s.io/component-base v0.32.9 -> v0.34.1 age confidence
sigs.k8s.io/controller-runtime v0.20.4 -> v0.22.1 age confidence

Release Notes

gardener/gardener (github.com/gardener/gardener)

v1.128.2

Compare Source

[github.com/gardener/gardener:v1.128.2]

🐛 Bug Fixes

🏃 Others

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.128.2
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.128.2
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.128.2
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.128.2

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.128.2
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.128.2
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.128.2
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.128.2
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.128.2
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.128.2
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.128.2
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.128.2

v1.128.1

Compare Source

[github.com/gardener/gardener:v1.128.1]

🐛 Bug Fixes

🏃 Others

  • [USER] Gardener API server now serves the OpenAPI v2 schema ( /openapi/v2 endpoint) again and will keep on serving it until Gardener v1.160. In Gardener v1.127.0, the support for OpenAPI v2 schemas was removed. However, terraform-provider-kubernetes does not yet support OpenAPI v3 schema. by @​gardener-ci-robot [#​12992]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.128.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.128.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.128.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.128.1

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.128.1
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.128.1
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.128.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.128.1
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.128.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.128.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.128.1
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.128.1

v1.128.0

Compare Source

[github.com/gardener/gardener:v1.128.0]

⚠️ Breaking Changes

  • [USER] The validation logic for Project resources has been changed: .spec.description and .spec.purpose fields may only contain letters, numbers and some punctuation characters. Existing projects are not affected by this change unless their description or purpose is updated. by @​timuthy [#​12902]
  • [OPERATOR] The long time deprecated legacy ScrapeConfig roles in monitoring.coreos.com have been removed from CRD. by @​oliver-goetz [#​12908]
  • [USER] In the Shoot API, the .spec.kubernetes.kubelet.cpuManagerPolicy and .spec.provider.workers[].kubelet.cpuManagerPolicy fields are now validated to ensure they can only be set to static or none. by @​shafeeqes [#​12914]
  • [USER] In the Shoot API, the .spec.kubernetes.kubelet.containerLogMaxSize and .spec.provider.workers[].kubelet.containerLogMaxSize fields are now validated to ensure they contain a valid resource quantity. by @​shafeeqes [#​12914]
  • [OPERATOR] The ShootVPAEnabledByDefault admission plugin is now enabled by default for the Gardener API server. Disable this admission plugin explicitly if you don't want VPA to be enabled by default for newly created Shoots. If you already have the admission plugin enabled, you can remove the explicit enablement after upgrading to this version of Gardener as the plugin is now enabled by default. by @​georgibaltiev [#​12854]
  • [OPERATOR] The following fields in the CloudProfile have been renamed:
    • spec.capabilities -> spec.machineCapabilities
    • spec.MachineImages[].Versions[].capabilitySets -> spec.MachineImages[].Versions[].capabilityFlavors
      Please update your CloudProfiles accordingly if you are using capabilities (currently in alpha state). by @​Roncossek [#​12751]

📰 Noteworthy

  • [USER] The rotate-etcd-encryption-start and rotate-etcd-encryption-complete operation annotations have been deprecated in favour of rotate-etcd-encryption-key. by @​AleksandarSavchev [#​12605]
  • [DEVELOPER] Usages of the deprecated gopkg.in/yaml.v{2|3} packages were dropped. Please refrain from using them. Instead, please use the go.yaml.in/yaml/v4 package instead. by @​tobschli [#​12895]

✨ New Features

  • [OPERATOR] It is now allowed backups to use WorkloadIdentity as credentials via the seed.spec.backup.credentialsRef and backupBucket.spec.credentialsRef APIs. In order to make use of this feature, the infrastructure and provider extension must support WorkloadIdentity credentials. by @​vpnachev [#​12924]
  • [DEVELOPER] A developer guideline on validation in Gardener extensions has been added. Please consult this document as an extension developer or reviewer to ensure consistency in validation code across the Gardener extensions codebase. Check out the Validation Guidelines for Extensions document. by @​ialidzhikov [#​12811]
  • [DEVELOPER] A developer guideline on validation in Gardener components has been added. Please consult this document as a developer or reviewer to ensure consistency in validation code across the Gardener codebase. Check out the Validation Guidelines document. by @​ialidzhikov [#​12811]
  • [USER] Added operation annotation rotate-etcd-encryption-key which can be set to the Shoot and Garden resource to perform an etcd encryption key rotation. by @​AleksandarSavchev [#​12605]

🐛 Bug Fixes

  • [DEPENDENCY] The certificate issuance and renewal flow for webhooks has been improved. Previously, controller restarts during the renewal process could leave the system in an unrecoverable error state, preventing the extension from starting. by @​timuthy [#​12852]
  • [OPERATOR] An issue causing the update of existing CustomResourceDefinitions to be no-op is now fixed. by @​shafeeqes [#​12963]
  • [OPERATOR] A bug in the gardenlet start-up migration of the Admin and Viewer Kubeconfig ClusterRoleBindings where a ManagedResource secret could be deleted leading to gardenlet being unable to startup is fixed. by @​vpnachev [#​12923]

🏃 Others

  • [OPERATOR] gardener-node-agent no longer reboots a node if it flaps too often between ready/non-ready in a short period of time. by @​ScheererJ [#​12930]
  • [DEPENDENCY] The following dependencies have been updated:
  • [OPERATOR] Monitoring the Istio Ingress Gateways is temporarily disabled to mitigate a metric leak issue. This does not affect the monitoring of the shoot control planes where these metrics are not used. by @​istvanballok [#​12896]
  • [OPERATOR] Reduce the CPU resource requests of istio-ingressgateway to 450m for the case with enabled L7 loadbalancing. by @​voelzmo [#​12881]
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
    • gcr.io/istio-release/pilot from 1.25.4 to 1.25.5.
    • gcr.io/istio-release/proxyv2 from 1.25.4 to 1.25.5.
    • istio.io/api from v1.25.4 to v1.25.5. by @​gardener-ci-robot [#​12886]
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEVELOPER] Add ensure capabilities for HA vpn statefulsets by @​RiRa12621 [#​12949]
  • [OPERATOR] Ensure that enabling node-local-dns for all shoot clusters does not alter DNS behaviour. To maintain consistency the custom CoreDNS configmap is mounted into the node-local-dns pods and the custom overwrite rules defined in the custom CoreDNS configuration is applied onto the node-local-dns pods. by @​DockToFuture [#​12893]
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [OPERATOR] Adds Machine Capabilities support for provider local. Read more about Machine Capabilities here by @​Roncossek [#​12751]
  • [OPERATOR] The VPA ManagedResource and the Secret it references are now removed when VPA is disabled in the Shoot, Seed or Garden specification. Previously, when VPA was disabled a ManagedResource with an empty Secret would be created. Now, no ManagedResource is created. by @​RadaBDimitrova [#​12870]
  • [OPERATOR] set semver-compliant resource-version for envoy-proxy by @​ccwienk [#​12941]
  • [DEVELOPER] The istio-ingressgateway service of the local2 seed is now exposed on 172.18.255.2:443 instead of 172.18.255.2:9443 on the developer's host machine. by @​plkokanov [#​12905]
  • [OPERATOR] Allowlist new etcd-druid compaction metric and update network policies to allow full-snapshot API requests from etcd-druid to etcd-main client service. by @​anveshreddy18 [#​12849]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.128.0
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.128.0
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.128.0
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.128.0

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.128.0
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.128.0
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.128.0
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.128.0
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.128.0
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.128.0
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.128.0
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.128.0

v1.127.4

Compare Source

[github.com/gardener/gardener:v1.127.4]

🐛 Bug Fixes

🏃 Others

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.127.4
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.127.4
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.127.4
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.127.4

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.127.4
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.127.4
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.127.4
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.127.4
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.127.4
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.127.4
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.127.4
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.127.4

v1.127.3

Compare Source

[github.com/gardener/gardener:v1.127.3]

🐛 Bug Fixes

🏃 Others

  • [USER] Gardener API server now serves the OpenAPI v2 schema ( /openapi/v2 endpoint) again and will keep on serving it until Gardener v1.160. In Gardener v1.127.0, the support for OpenAPI v2 schemas was removed. However, terraform-provider-kubernetes does not yet support OpenAPI v3 schema. by @​gardener-ci-robot [#​12993]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.127.3
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.127.3
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.127.3
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.127.3

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.127.3
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.127.3
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.127.3
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.127.3
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.127.3
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.127.3
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.127.3
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.127.3

v1.127.2

Compare Source

[github.com/gardener/gardener:v1.127.2]

🐛 Bug Fixes

🏃 Others

  • [DEVELOPER] The envoy-proxy component now has a semver-compliant resource version. by @​ccwienk [#​12942]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.127.2
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.127.2
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.127.2
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.127.2

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.127.2
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.127.2
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.127.2
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.127.2
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.127.2
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.127.2
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.127.2
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.127.2

v1.127.1

Compare Source

[github.com/gardener/gardener:v1.127.1]

🐛 Bug Fixes

  • [OPERATOR] A bug in the gardenlet start-up migration of the Admin and Viewer Kubeconfig ClusterRoleBindings where a ManagedResource secret could be deleted leading to gardenlet being unable to startup is fixed. by @​gardener-ci-robot [#​12928]

🏃 Others

  • [OPERATOR] Monitoring the Istio Ingress Gateways is temporarily disabled to mitigate a metric leak issue. This does not affect the monitoring of the shoot control planes where these metrics are not used. by @​gardener-ci-robot [#​12935]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.127.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.127.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.127.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.127.1

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.127.1
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.127.1
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.127.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.127.1
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.127.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.127.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.127.1
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.127.1

v1.127.0

Compare Source

[github.com/gardener/gardener:v1.127.0]

⚠️ Breaking Changes

  • [OPERATOR] The ProjectValidator admission plugin is now renamed to ProjectMutator. If you have references to the old name of the admission plugin, make sure to adapt them before upgrading to this version of Gardener. by @​georgibaltiev [#​12818]

  • [OPERATOR] ⚠️ Gardener does no longer support garden, seed, or shoot clusters with Kubernetes versions <= 1.28. Make sure to upgrade all existing clusters before upgrading to this Gardener version. by @​seshachalam-yv [#​12486]

  • [USER] It is not allowed anymore to specify a comma ",", as well as duplicate values, within the entries of theShoot.spec.kubernetes.kubeAPIServer.apiAudiences[]. Please update your Shoots accordingly. by @​tobschli [#​12788]

  • [DEVELOPER] The Priority field for the MachineDeployment API is now required instead of optional. Provider extensions need to make sure that the MachineDeployments they generate specify this field. by @​tobschli [#​12742]

  • [OPERATOR] The CredentialsRotationWithoutWorkersRollout feature gate has been promoted to GA and is enabled unconditionally. by @​rfranzke [#​12857]

  • [OPERATOR] The GA-ed and unconditionally enabled NewVPN feature gates is removed. If you have references to this feature gate, clean them up before upgrading to this version of Gardener. by @​ialidzhikov [#​12807]

  • [OPERATOR] A Project resource's .spec.namespace field is now validated in the storage layer. It was previously validated in the ProjectValidator admission plugin due to backwards-compatibility reasons. With this change, gardener-apiserver unconditionally accepts only garden and values with prefix garden- as valid Project namespaces. by @​georgibaltiev [#​12784]

  • [USER] gardener-apiserver no longer serves the /openapi/v2 endpoint. kubectl < 1.27 relies on this endpoint. Make sure to use kubectl 1.27+ against this version of gardener-apiserver. by @​seshachalam-yv [#​12486]

  • [USER] The spec.seedSelector field in the Shoot API is now validated for invalid label values. by @​shafeeqes [#​12708]

  • [OPERATOR] The following fields of resources in the core.gardener.cloud group are now validated for invalid label values:

    • spec.seedSelector in the CloudProfile API
    • spec.deployment.seedSelector in the ControllerRegistration API
    • scheduling.seedSelector in the ExposureClass API

    The following fields of resources in the operator.gardener.cloud group are now validated for invalid label values:

    • spec.virtualCluster.gardener.gardenerControllerManager.defaultProjectQuotas.projectSelector in the Garden API

    The following fields of resources in the controllermanager.config.gardener.cloud group are now validated for invalid label values:

    • controllers.project.quotas[].projectSelector

    The following fields of resources in the seedmanagement.gardener.cloud group are now validated for invalid label values:

    • spec.selector in the ManagedSeedSet API

    The following fields of resources in the settings.gardener.cloud group are now validated for invalid label values:

📰 Noteworthy

✨ New Features

  • [OPERATOR] Enabling feature gate OpenTelemetryCollector will now route logs through the collector in the Shoot control-plane before reaching Vali. by @​rrhubenov [#​12568]
  • [OPERATOR] The Seed spec was extended to allow explicit configuration for internal DNS settings. Operators can configure these by setting .spec.dns.internal. The implicit configuration that involved selecting a DNS secret from the Garden cluster based on labels will be eventually removed. Operators should adapt their Seed manifests to explicitly configure internal DNS. by @​dimityrmirchev [#​12663]

🐛 Bug Fixes

  • [DEVELOPER] Ambiguous go.mod dependencies were removed when calling make import-tools-bin. by @​timuthy [#​12810]
  • [OPERATOR] A misconfiguration has been fixed which was preventing gardener-admission-controller from being called for ConfigMap creations of gardenlet. by @​rfranzke [#​12858]
  • [OPERATOR] Flip the status of a set EmergencyStopShootReconciliations Seed condition from False to True. by @​LucaBernstein [#​12823]
  • [OPERATOR] Fix shoot creation failure for shoots with kubernetes version >=1.32 and openidconnect preset present by @​p53 [#​12743]

🏃 Others

  • [OPERATOR] GOMAXPROCS for the gardener-controller-manager is set by the Go runtime instead of the external go.uber.org/automaxprocs/maxprocs library. by @​timuthy [#​12801]
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] We now use envoyproxy/envoy:distroless-v1.35.0 instead of the deprecated repository envoyproxy/envoy-distroless:v1.35.0 by @​oliver-goetz [#​12868]
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEVELOPER] The optimistic defaulting of priorities for MachineDeployments was removed. This needs to be done by the provider extension now. by @​tobschli [#​12742]
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
    • registry.k8s.io/autoscaling/vpa-admission-controller from 1.4.1 to 1.4.2.
    • registry.k8s.io/autoscaling/vpa-recommender from 1.4.1 to 1.4.2.
    • registry.k8s.io/autoscaling/vpa-updater from 1.4.1 to 1.4.2. by @​gardener-ci-robot [#​12813]
  • [DEPENDENCY] The following dependencies have been updated:
  • [OPERATOR] Add validation for the name of worker's root volumes. by @​kon-angelo [#​12820]
  • [OPERATOR] The gardener/autoscaler image has been updated to v1.33.0. Release Notes by @​aaronfern [#​12800]
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [OPERATOR] Improved dual-stack migration by ensuring CoreDNS pods are restarted before configuring the kube-dns service as dual-stack, preventing IPv6 DNS query failures during migration. by @​axel7born [#​12816]
  • [OPERATOR] gardener-apiserver: The FinalizerRemoval admission plugin's type is now changed from mutating to validating. by @​georgibaltiev [#​12786]
  • [DEPENDENCY] The following dependencies have been updated:

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.127.0
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.127.0
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.127.0
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.127.0

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.127.0
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.127.0
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.127.0
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.127.0
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.127.0
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.127.0
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.127.0
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.127.0

v1.126.2

Compare Source

[github.com/gardener/gardener:v1.126.2]

🐛 Bug Fixes

  • [OPERATOR] Flip the status of a set EmergencyStopShootReconciliations Seed condition from False to True. by @​gardener-ci-robot [#​12948]
  • [OPERATOR] An issue causing the update of existing CustomResourceDefinitions to be no-op is now fixed. by @​shafeeqes [#​12972]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.126.2
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.126.2
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.126.2
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.126.2

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.126.2
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.126.2
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.126.2
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.126.2
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.126.2
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.126.2
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.126.2
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.126.2

v1.126.1

Compare Source

[github.com/gardener/gardener:v1.126.1]

🐛 Bug Fixes

  • [OPERATOR] A bug in the gardenlet start-up migration of the Admin and Viewer Kubeconfig ClusterRoleBindings where a ManagedResource secret could be deleted leading to gardenlet being unable to startup is fixed. by @​gardener-ci-robot [#​12927]

🏃 Others

  • [OPERATOR] Monitoring the Istio Ingress Gateways is temporarily disabled to mitigate a metric leak issue. This does not affect the monitoring of the shoot control planes where these metrics are not used. by @​gardener-ci-robot [#​12934]

Helm Charts

  • controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.126.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.126.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.126.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.126.1

Container (OCI) Images

  • admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.126.1
  • apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.126.1
  • controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.126.1
  • gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.126.1
  • node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.126.1
  • operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.126.1
  • resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.126.1
  • scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.126.1

v1.126.0

Compare Source

[github.com/gardener/gardener:v1.126.0]

⚠️ Breaking Changes

  • [OPERATOR] A separate node-local-dns DaemonSet is deployed for each worker pool such that each DaemonSet has the name node-local-dns-<worker-pool-name>.
    If you are using gardener-extension-networking-cilium in your landscape, it is required to update it to a version which supports these new names for the DaemonSets.
    Support is added with gardener/gardener-extension-networking-cilium#622 and included in versions starting from: v1.42.1, v1.41.3 and v1.40.4 by @​DockToFuture [#​12422]

  • [OPERATOR] ⚠️ The NewWorkerPoolHash feature gate has been promoted to beta and is now enabled by default. When the feature gate is enabled, changes to kubeReserved, systemReserved, evictionHard or cpuManagerPolicy in the kubelet of the Shoot will trigger a node-roll. All provider extensions must be upgraded to a version which includes Gardener v1.98.0 first to support this feature. by @​Duciwuci [#​12550]

  • [DEVELOPER] The local Gardener development setup has been restructured:

    Action required:
    If you use static credentials for your local setup, update your configuration to:

    • Use the new location for project.yaml.
    • Replace any usage of secretbindings.yaml with credentialsbindings.yaml as per the new template and location.
    • In your shoot spec, use spec.credentialsBindingName instead of spec.secretBindingName by @​wpross [#​12748]

  • [DEVELOPER] The constant github.com/gardener/gardener/pkg/apis/core/v1beta1/constants.ShootGroupViewers has been removed, please use github.com/gardener/gardener/pkg/apis/core/v1beta1/constants.ShootSystemViewersGroupName by @​vpnachev [#​12673]

📰 Noteworthy

  • [USER] New ClusterRoleBindings are deployed in the shoot clusters, they will grant Admin and Viewer permissions that will be later leveraged by the AdminKubeconfig and ViewerKubeconfig feature of Gardener.
    • gardener.cloud:system:admins - grants admin access to users that are Gardener System admins
    • gardener.cloud:system:viewers- grants viewer access to users that are Gardener System viewers
    • gardener.cloud:project:admins - grants admin access to users that are Gardener Project admins
    • gardener.cloud:project:viewers - grants viewer access to users that are Gardener Project viewers by @​vpnachev [#​12673]

✨ New Features

  • [OPERATOR] Add annotation shoot.gardener.cloud/emergency-stop-reconciliations=true to Seed resources to temporarily disable Shoot reconciliations. by @​LucaBernstein [#​12712]

🐛 Bug Fixes

  • [OPERATOR] An issue causing the plutono-datasources ConfigMap to be reconciled by 2 ManagedResources when Seed is Garden managed by gardener-operator is now fixed. Occasionally, the issue was preventing successful Seed deletion. by @​gardener-ci-robot [#​12798]
  • [OPERATOR] Fixed MachineImage and MachineType architecture defaulting for CloudProfiles supporting one architecture only. by @​Roncossek [#​12745]
  • [USER] Errors that occur during Worker reconciliation are now also propagated to the Shoot status. by @​matthias-horne [#​12769]
  • [USER] The status of constraint DualStackNodesMigrationReady is now progressing instead of false at the start of a migration to dual-stack networking. by @​axel7born [#​12685]
  • [OPERATOR] The plutono-datasources ConfigMap is no longer wrongfully garbage collected while it is in use. by @​timebertt [#​12762]

🏃 Others

  • [DEPENDENCY] The following dependencies have been updated:
  • [OPERATOR] Starting from Kubernetes version 1.34, enabling or disabling node-local-dns will no longer trigger node rolling (except kube-proxy is running in IPVS mode). Instead, a cleanup job will be executed. Additionally, node-local-dns is deployed per WorkerPool and node-local-dns will use UDP as default protocol for DNS queries to the upstream DNS server. by @​DockToFuture [[#​12422](https://redirect.github.com/gar

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Upgrade dependencies and tools label Jun 11, 2025
@renovate renovate bot force-pushed the renovate/k8s-go branch from e57c692 to 061a8b3 Compare June 13, 2025 13:01
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Jun 13, 2025
edited
Loading

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 28 additional dependencies were updated

Details:

Package Change
istio.io/api v1.25.2 -> v1.25.3
github.com/BurntSushi/toml v1.4.0 -> v1.5.0
github.com/cyphar/filepath-securejoin v0.3.6 -> v0.4.1
github.com/emicklei/go-restful/v3 v3.12.1 -> v3.12.2
github.com/fsnotify/fsnotify v1.8.0 -> v1.9.0
github.com/fxamacker/cbor/v2 v2.7.0 -> v2.8.0
github.com/gardener/etcd-druid/api v0.29.0 -> v0.30.1
github.com/gardener/machine-controller-manager v0.57.2 -> v0.58.0
github.com/go-openapi/jsonpointer v0.21.0 -> v0.21.1
github.com/go-openapi/swag v0.23.0 -> v0.23.1
github.com/gorilla/websocket v1.5.3 -> v1.5.4-0.20250319132907-e064f32e3674
github.com/mattn/go-colorable v0.1.13 -> v0.1.14
github.com/prometheus/client_model v0.6.1 -> v0.6.2
github.com/prometheus/common v0.63.0 -> v0.65.0
github.com/prometheus/procfs v0.15.1 -> v0.16.1
golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 -> v0.0.0-20250620022241-b7579e27df2b
golang.org/x/oauth2 v0.28.0 -> v0.30.0
golang.org/x/time v0.11.0 -> v0.12.0
google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 -> v0.0.0-20250324211829-b45e905df463
google.golang.org/protobuf v1.36.5 -> v1.36.6
helm.sh/helm/v3 v3.17.3 -> v3.18.3
k8s.io/gengo/v2 v2.0.0-20240911193312-2b36238f13e9 -> v2.0.0-20250207200755-1244d31929d7
k8s.io/kube-aggregator v0.32.3 -> v0.33.2
k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 -> v0.0.0-20250318190949-c8a335a9a2ff
k8s.io/kubelet v0.32.3 -> v0.33.2
k8s.io/metrics v0.32.3 -> v0.33.2
sigs.k8s.io/controller-tools v0.17.3 -> v0.18.0
sigs.k8s.io/structured-merge-diff/v4 v4.5.0 -> v4.7.0

@renovate renovate bot force-pushed the renovate/k8s-go branch 3 times, most recently from a5ba7a9 to 41a233e Compare June 19, 2025 23:12
@renovate renovate bot force-pushed the renovate/k8s-go branch 2 times, most recently from 43794ca to adbd0bc Compare June 27, 2025 10:48
@renovate renovate bot force-pushed the renovate/k8s-go branch 3 times, most recently from 66d526b to 86acc5e Compare July 11, 2025 10:48
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Jul 11, 2025
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: go.sum
Command failed: go mod tidy
go: downloading k8s.io/code-generator v0.34.1
go: downloading github.com/stretchr/testify v1.11.1
go: downloading github.com/spf13/afero v1.15.0
go: downloading k8s.io/gengo/v2 v2.0.0-20250604051438-85fd79dbfd9f
go: downloading k8s.io/apiserver v0.34.1
go: downloading github.com/miekg/dns v1.1.67
go: downloading github.com/docker/docker v28.0.0+incompatible
go: downloading cloud.google.com/go/compute/metadata v0.7.0
go: github.com/stackitcloud/gardener-extension-acl/cmd/gardener-extension-acl/app imports
	github.com/gardener/gardener/extensions/pkg/util imports
	github.com/gardener/gardener/pkg/client/kubernetes imports
	github.com/open-telemetry/opentelemetry-operator/apis/v1beta1 tested by
	github.com/open-telemetry/opentelemetry-operator/apis/v1beta1.test imports
	github.com/open-telemetry/opentelemetry-operator/internal/manifests/collector imports
	github.com/prometheus/prometheus/config imports
	github.com/prometheus/prometheus/storage/remote/googleiam imports
	golang.org/x/oauth2/google imports
	cloud.google.com/go/compute/metadata: ambiguous import: found package cloud.google.com/go/compute/metadata in multiple modules:
	cloud.google.com/go v0.51.0 (/runner/cache/others/go/pkg/mod/cloud.google.com/[email protected]/compute/metadata)
	cloud.google.com/go/compute/metadata v0.7.0 (/runner/cache/others/go/pkg/mod/cloud.google.com/go/compute/[email protected])

@renovate renovate bot force-pushed the renovate/k8s-go branch 4 times, most recently from 22ab14b to a9b0383 Compare July 16, 2025 17:26
@renovate renovate bot force-pushed the renovate/k8s-go branch 3 times, most recently from c38a790 to 9bda6ad Compare July 25, 2025 01:01
@renovate renovate bot force-pushed the renovate/k8s-go branch 4 times, most recently from b92cc74 to b0630e2 Compare August 14, 2025 10:15
@renovate renovate bot force-pushed the renovate/k8s-go branch 3 times, most recently from c7219d7 to 8a95947 Compare August 25, 2025 06:06
@renovate renovate bot force-pushed the renovate/k8s-go branch 2 times, most recently from 4ca13ba to 40fe0f2 Compare August 28, 2025 06:48
@renovate renovate bot force-pushed the renovate/k8s-go branch 4 times, most recently from 993eb73 to 7a75dee Compare September 10, 2025 08:55
@renovate renovate bot force-pushed the renovate/k8s-go branch 2 times, most recently from cd803e6 to 442b303 Compare September 19, 2025 13:02
@renovate renovate bot force-pushed the renovate/k8s-go branch 3 times, most recently from 5c2f232 to 8f0bae6 Compare September 25, 2025 09:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dergeberl dergeberl Awaiting requested review from dergeberl dergeberl is a code owner

@timebertt timebertt Awaiting requested review from timebertt timebertt is a code owner

@robinschneider robinschneider Awaiting requested review from robinschneider robinschneider is a code owner

@Wieneo Wieneo Awaiting requested review from Wieneo

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Upgrade dependencies and tools
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants