Bump github.com/gardener/gardener from 1.90.0 to 1.91.0

[dependabot]

Bumps github.com/gardener/gardener from 1.90.0 to 1.91.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.91.0

[gardener/gardener]

⚠️ Breaking Changes

• [USER] Deprecated .spec.kubernetes.allowPrivilegedContainers field in the Shoot API is now removed. by @​shafeeqes #9274
• [USER] The .status.advertisedAddresses[] list in a Shoot's status now includes the Shoot's service account issuer under the name service-account-issuer. Please revisit any logic that might depend on all advertised addresses being used for communication with the kube-apiserver of a shoot cluster. by @​dimityrmirchev #9196
• [OPERATOR] The ShootForceDeletion feature gate has been promoted to beta and is turned on by default. by @​acumino #9325

✨ New Features

• [DEVELOPER] The {garden,seed,shoot}-care controllers now incorporate ManagedResources into all relevant conditions, and it is possible to override the condition type into which a ManagedResource's status gets incorporated via the care.gardener.cloud/condition-type label. Please consult the respective documentation for more information (garden-care, seed-care, shoot-care). by @​rfranzke #9313
• [OPERATOR] The gardenlet now synchronizes the service account public keys of shoot clusters that have managed issuer enabled. The public keys are stored in a dedicated gardener-system-shoot-issuer namespace in the Garden cluster. by @​dimityrmirchev #9354
• [OPERATOR] gardener-resource-manager now considers the health and the progressing status for Certificate and Issuer resources (see cert-management) managed via ManagedResources. by @​timuthy #9326
• [OPERATOR] The Shoot maintenance controller now removes unsupported feature gates and admission plugins from the Shoot during force upgrades. by @​shafeeqes #9365
• [OPERATOR] gardener-operator now deploys two Alertmanager replicas into the garden namespace. They don't come with any configuration by default. It is in the responsibility of the human operators to create monitoring.coreos.com/v1alpha1.AlertmanagerConfig resources with the proper configuration suitable for their needs. Read more about it here. by @​rfranzke #9301
• [OPERATOR] The ControlPlaneHealthy condition in Shoots now reports an issue when {kube,machine}-controller-manager or cluster-autoscaler are scaled down to 0 replicas. The EveryNodeReady condition in Shoots now reports an issue when at least 20% of the Leases related to nodes in the kube-node-lease namespace are expired. by @​rfranzke #9376

🐛 Bug Fixes

• [DEVELOPER] Function NewClientFromBytes in package pkg/client/kubernetes/client.go was fixed to consider AllowedUserFields. Earlier, it failed when creating a Kubernetes client with a special but allowed fields in the Kubeconfig (e.g. auth-provider). by @​timuthy #9333

🏃 Others

• [OPERATOR] Update CoreDNS to v1.11.1. by @​DockToFuture #8945
• [OPERATOR] The gardener operator documentation now closes resembles the reality of the coding. by @​ScheererJ #9342
• [OPERATOR] The istio ingress gateway orphan namespace detection no longer interferes with the istio ingress gateway zone migration in case the target zone names are unknown and there is no active usage. by @​ScheererJ #9460
• [OPERATOR] The ingress domain of kube-apiserver should work again for single-zonal shoot control planes. by @​ScheererJ #9393
• [OPERATOR] There is a new plutono dashboard named Container Images that currently contains 2 panels for image pull durations. by @​ialidzhikov #9422
• [OPERATOR] Port 8132 of istio ingress gateway will respond to all ordinary http requests with a redirect (301) to the https port by @​ScheererJ #9332
• [OPERATOR] The operating system config reconciler of the gardener-node-agent now creates directories with 0755 permissions when it creates files listed in the corresponding OperatingSystemConfig on the node. Previously these directories were created with no permissions. by @​plkokanov #9443
• [OPERATOR] Seed clusters with a wildcard certificate no longer use Ingress resources to expose kube-apiserver. Instead, Istio resources are directly used now. by @​ScheererJ #9300
• [OPERATOR] Shoot clusters should stay accessible after istio ingress gateway migration via annotation alpha.istio-ingress.gardener.cloud/migrate-to was triggered. by @​ScheererJ #9423
• [OPERATOR] Operators can create duplicate istio ingress gateways for migration if the zone names should be changed in the seed specification by @​ScheererJ #9304
• [DEVELOPER] Now the observability applications which are also targets of the authentication & authorization proxies share common label. by @​nickytd #9385
• [DEVELOPER] Local dev setup can now deploy a cluster with volume resize support. by @​dnaeon #9363

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.91.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.91.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.91.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.91.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.91.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.91.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.91.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.91.0

v1.90.4

[gardener/gardener]

🐛 Bug Fixes

• [OPERATOR] A configuration issue of the prometheus-operator managed alertmanager instances is fixed. by @​istvanballok #9420

... (truncated)

Commits

• df6b9c1 Release v1.91.0
• 5e4ffa3 Fix race condition in istio zone migration. (#9460)
• 11da203 Fix kube-apiserver service exposure after replacement of ingress resources wi...
• 2c61b00 Update dependency prometheus/prometheus to v2.51.0 (#9448)
• 2c6e0e2 Set ENV GOTOOLCHAIN=auto in golang-test image (#9446)
• 8ed01b9 Update quay.io/prometheus-operator/prometheus-config-reloader Docker tag to v...
• 3636a01 Add plutono dashboard for image pull duration (#9422)
• 85e4279 Update dependency envoyproxy/envoy to v1.29.2 (#9407)
• 74e5783 Update quay.io/prometheus/node-exporter Docker tag to v1.7.0 (#9430)
• c2b7b0e Update module github.com/gardener/hvpa-controller/api to v0.15.0 (#9426)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Release note:

Bumps github.com/gardener/gardener from 1.90.0 to 1.91.0.

[gardener-robot]

@dependabot[bot] Thank you for your contribution.

[gardener-robot-ci-1]

Thank you @dependabot[bot] for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below.

[MartinWeindel]

/cla

[gardener-robot]

@MartinWeindel I reached out successfully to the cla-assistant to recheck this pull request.

[MartinWeindel]

/lgtm