Bump github.com/gardener/gardener from 1.73.1 to 1.75.1

[dependabot]

Bumps github.com/gardener/gardener from 1.73.1 to 1.75.1.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.75.1

[gardener/gardener]

🐛 Bug Fixes

• [OPERATOR] The obsolete addons ManagedResource is now properly cleaned up. by @​gardener-ci-robot #8255
• [OPERATOR] Now the vali ingress definition points to the shoot logging service. by @​vpnachev #8254

v1.75.0

[gardener/gardener]

⚠️ Breaking Changes

• [DEVELOPER] Added new option to ./hack/generate-controller-registration.sh script [-e, --pod-security-enforce[=pod-security-standard] which sets the security.gardener.cloud/pod-security-enforce annotation of the generated ControllerRegistration. When not set this option defaults to baseline. by @​AleksandarSavchev #8099
• [DEVELOPER] Shoot fields .spec.dns.providers[].domains and .spec.dns.providers[].zones are now deprecated and expected to be removed in version v1.87. Please plan ahead to drop using those fields in extensions. by @​timuthy #8199
• [DEVELOPER] Usage of the deprecated injection mechanisms in controller-runtime (like InjectScheme, InjectLogger, InjectConfig, InjectClient, InjectCache etc) as well as package extensions/pkg/controller/common are dropped in a preparation to upgrade to the next version where injection is removed entirely. With this, Inject* functions on controllers, predicates, actuators, delegates, and friends are not called anymore. When upgrading the gardener/gardener dependency to this version, all injection implementations need to be removed. As a replacement, you can get the needed clients and similar from the manager during initialisation of the component. by @​ary1992 #8217
• [OPERATOR] gardener-operator is now managing the nginx-ingress-controller and nginx-ingress-k8s-backend components. Make sure that your Garden resource specifies the .spec.runtimeCluster.ingress section. by @​StenlyTU #7945
• [OPERATOR] Support for nip.io shoot domains is discontinued. by @​timuthy #8199
• [USER] Adding Gardener-managed finalizers (e.g., gardener or gardener.cloud/reference-protection) to the Shoot on creation is now forbidden. by @​shafeeqes #8209
• [USER] Shoot fields .spec.dns.providers[].domains and .spec.dns.providers[].zones are now deprecated and expected to be removed in version v1.87. Please use the extensions' configuration to configure providers with this ability. by @​timuthy #8199
• [DEPENDENCY] github.com/gardener/gardener/pkg/utils/gardener.ShootAccessSecret was renamed to AccessSecret. by @​timebertt #8204

✨ New Features

• [OPERATOR] Added pod security enforce level baseline label to Istio-related namespaces. The garden and shoot namespaces have the privileged level. For extension namespaces, the new security.gardener.cloud/pod-security-standard-enforce annotation on ControllerRegistration resources specifies the level. When set, the extension namespace is created with pod-security.kubernetes.io/enforce label set to security.gardener.cloud/pod-security-standard-enforce's value. by @​AleksandarSavchev #8099
• [USER] Gardener now allows to omit or to only partially define Kubernetes versions in Shoots. The version will automatically be defaulted to the latest minor and/or patch version found in the linked CloudProfile. by @​timuthy #8198
• [USER] A new optional constraint CRDsWithProblematicConversionWebhooks is introduced in the Shoot status. This constraint indicates that there is at least one CRD in the cluster which has multiple stored versions and a conversion webhook configured, which could break the reconciliation flow of a Shoot in some cases. by @​shafeeqes #8159
• [USER] It is now possible to reference Secrets containing kubeconfigs for admission plugins in Shoots. The referenced Secret must be referenced in.spec.resources as well as in .spec.kubernetes.kubeAPIServer.admissionPlugins[].kubeconfigSecretName. by @​acumino #8110

🐛 Bug Fixes

• [OPERATOR] Fix network annotations to allow fluent-bit connecting to shoot Valis. by @​vlvasilev #8197
• [OPERATOR] A bug causing the gardenlet to panic when a ETCD encryption key rotation operation is triggered for a hibernated Shoot is now fixed. Now, triggering ETCD encryption key rotation or ServiceAccount signing key rotation is forbidden when the Shoot is in waking up phase. by @​shafeeqes #8184

🏃 Others

• [OPERATOR] nginx-ingress-controller image is updated to v1.8.1 for Kubernetesv1.24+ clusters. by @​shafeeqes #8205
• [OPERATOR] The eu.gcr.io/gardener-project/gardener/autoscaler/cluster-autoscaler image has been updated from v1.26.2 to v1.27.0 (for Kubernetes >= 1.27). by @​rishabh-11 #8187
• [OPERATOR] The shoots/adminkubeconfig relies on the ca-client InternalSecret only and does not use the ShootState object anymore. by @​timebertt #8195
• [OPERATOR] Update Prometheus job tunnel-probe-apiserver-proxy to fix for HA VPN mode by @​Sallyan #7954
• [OPERATOR] Update vertical-pod-autoscaler to v0.14.0. by @​voelzmo #8166
• [DEVELOPER] Go version is updated to 1.20.6. by @​oliver-goetz #8224

[gardener/etcd-druid]

⚠️ Breaking Changes

• [OPERATOR] ⚠️ etcd.Status.ClusterSize, etcd.Status.ServiceName, etcd.Status.UpdatedReplicas have been marked as deprecated and users should refrain from depending on these fields. by @​shreyas-s-raogardener/etcd-druid#637

🐛 Bug Fixes

• [OPERATOR] AllMembersReady condition has now been fixed to eventually show the correct overall readiness of an etcd cluster. by @​shreyas-s-raogardener/etcd-druid#637

🏃 Others

• [OPERATOR] Print build version and go runtime info. by @​shreyas-s-raogardener/etcd-druid#637

... (truncated)

Commits

• 771d8f1 Release v1.75.1
• 40d52ac [release-v1.75] Cleanup old addons ManagedResource (#8255)
• 8c8196d fix(logging): fix vali ingress backend definition (#8254)
• ef07146 Prepare next Dev Cycle v1.75.1-dev
• 5c9bbe4 Release v1.75.0
• 072e4ef Upgrade etcd-druid (#8225)
• a2bfe93 Allow to use the pre-previous version for upgrade tests (#8223)
• 49c0258 Update to Go 1.20.6 (#8224)
• 9e54720 Install protoc in tools/bin dir (#8218)
• 7333b8f Fixed broken links (#8221)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #250.