Bump github.com/gardener/gardener from 1.94.1 to 1.132.1

[dependabot]

Bumps github.com/gardener/gardener from 1.94.1 to 1.132.1.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.132.1

[github.com/gardener/gardener:v1.132.1]

🐛 Bug Fixes

• [OPERATOR] A bug which made istio-ingressgateway forwarding requests via HTTP1.1 only to kube-apiserver when IstioTLSTermination feature gate is active has been fixed. Exhausted connection limits between istio-ingressgateway and kube-apiserver could be a consequence of this bug. by @​oliver-goetz [#13467]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.132.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.132.1
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.132.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.132.1

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.132.1
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.132.1
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.132.1
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.132.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.132.1
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.132.1
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.132.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.132.1
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.132.1

v1.132.0

[github.com/gardener/gardener:v1.132.0]

⚠️ Breaking Changes

• [DEPENDENCY] The .gardener.autonomousShootCluster is no longer part of the Helm values when extension charts are rendered. The field has been renamed to gardener.selfHostedShootCluster. In addition, the previous flag --autonomous-shoot-cluster has been renamed to --self-hosted-shoot-cluster. Extension developers should adapt their Helm charts. by @​rfranzke [#13273]
• [DEVELOPER] "Autonomous Shoot Clusters" have been renamed to "Self-Hosted Shoot Clusters". The "medium-touch" scenario has been renamed to "managed infrastructure" scenario. The "high-touch" scenario has been renamed to "unmanaged infrastructure" scenario. by @​rfranzke [#13273]
• [DEVELOPER] The github.com/gardener/gardener/pkg/controllerutils.GetMainReconciliationContext function is removed. Instead, use the ReconciliationTimeout field of the sigs.k8s.io/controller-runtime/pkg/controller.Options type when registering the controller to the controller manager. by @​ScheererJ [#13238]

📰 Noteworthy

• [DEVELOPER] A new document has been added describing the development tasks for removing support for a Kubernetes version. See Removing Support For a Kubernetes Version. by @​RadaBDimitrova [#12859]

✨ New Features

• [OPERATOR] It is now possible to restrict the total count of objects for non-namespaced resources. You can set it through the admission controller configuration's server.resourceAdmissionConfiguration.limits[].count field. by @​tobschli [#12916]
• [OPERATOR] Gardener can now support clusters with Kubernetes version 1.34. To allow creation/update of 1.34 clusters you will have to update the version of your provider extension(s) to a version that supports 1.34 as well. Please consult the respective releases and notes in the provider extension's repository. by @​tobschli [#12883]
• [USER] gardener-node-agent now labels worker nodes in shoot clusters with the node-role.kubernetes.io/worker="" label. by @​rfranzke [#13387]
• [USER] Individual worker pools can now be scheduled for manual rollout using a new annotation on the shoot: gardener.cloud/operation=rollout-workers=<pool1>,<pool2>,...,<poolN>. by @​rrhubenov [#12829]
• [OPERATOR] Operators can set Seed.spec.settings.loadBalancerServices.class (docs) and/or GardenletConfiguration.exposureClassHandlers[].loadBalancerService.class (docs) to specify a non-default loadBalancerClass for the corresponding istio-ingressgateway services on seeds. by @​timebertt [#13305]
• [DEVELOPER] Gardener can now support clusters with Kubernetes version 1.34. Extension developers have to prepare individual extensions as well to work with 1.34. by @​tobschli [#12883]
• [DEVELOPER] Gardener container images now can be built for multiple platforms locally via the variable TARGET_PLATFORMS, e.g. make docker-images TARGET_PLATFORMS=linux/amd64,linux/arm64. If the variable is unset, the container images are built for the platform linux/<host-arch> only. by @​vpnachev [#13324]

🐛 Bug Fixes

• [OPERATOR] UnauthenticatedHTTP2DOSMitigation feature gate is now always disabled for kube-apiservers where IstioTLSTermination (aka L7 load-balancing) is activated. This prevents unwanted side-effects when unauthenticated requests are sent. HTTP/2 "Rapid Reset" DoS Vulnerability is mitigated by Envoy in this case. by @​oliver-goetz [#13405]
• [DEVELOPER] Fix make kind-up command to work correctly with Docker>=v29.0.0. by @​oliver-goetz [#13410]
• [OPERATOR] Gardenlet's backupbucket and backupentry controllers are now unsetting all unknown labels and annotations on the extension secrets in the seed cluster, this fixes a bug that occurs after migration from WorkloadIdentity to Secret credentials the workload identity annotations and labels were kept in the secrets causing other controllers to keep trying to use the WorkloadIdentity credentials. by @​vpnachev [#13282]
• [OPERATOR] Gardener no longer deploys the node-exporter ServiceMonitor in the kube-system namespace on unmanaged Seeds. by @​rickardsjp [#13382]
• [USER] The feature for supporting custom server blocks in node-local-dns is now reverted. by @​Kostov6 [#13344]
• [USER] An issue with the configuration for the OpenTelemetryCollector on the nodes that leads to missing kernel logs in Vali is now fixed. by @​rrhubenov [#13328]
• [OPERATOR] The Istio Gateway dashboard now correctly displays the total resource usage across pod restarts. by @​rickardsjp [#13402]

... (truncated)

Commits

• 79a6822 release v1.132.1
• 6319579 Set useClientProtocol in destination rules to true when `IstioTLSTerminat...
• 68ce5fd next version: v1.132.1-dev
• 7e2ec2c release v1.132.0
• 568c384 Deflake lease controller integration tests (#13449)
• 81a1adf Correct the gardener-admission-controller VPA name (#13430)
• 6534840 Update prometheus-operator to v0.86.2 (minor) (#13388)
• 7d289e2 [GEP-28] HA: Augment gardenadm join to request short-lived client certifica...
• 7c0127f [GEP-28] gardenadm init: Deploy/restore DNSRecord (#13385)
• a9be1f4 Improve autoscaling of istio-ingressgateway when IstioTLSTermination feat...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #528.