Update Gardener to use latest DWD APIs (gardener#6693)

* API changes

Run `make generate`

Co-Authored-By: Himanshu Sharma <79965161+himanshu-kun@users.noreply.github.com>

* Update DWD to `v1.0.0`

Update `go.mod`
Run `make revendor`
Update DWD image

Co-Authored-By: Himanshu Sharma <79965161+himanshu-kun@users.noreply.github.com>

* Update documentation

Co-Authored-By: Himanshu Sharma <79965161+himanshu-kun@users.noreply.github.com>

* Add validations and warnings

Co-Authored-By: Himanshu Sharma <79965161+himanshu-kun@users.noreply.github.com>

* Refactor DWD component

Co-Authored-By: Himanshu Sharma <79965161+himanshu-kun@users.noreply.github.com>

* Rename `endpoint` to `weeder`, `probe` to `prober`

Co-Authored-By: Himanshu Sharma <79965161+himanshu-kun@users.noreply.github.com>

* Update dependencies in skaffold.yaml

Co-Authored-By: Himanshu Sharma <79965161+himanshu-kun@users.noreply.github.com>

* Fix tests

* address Rafael's review comments

* removed validation disallowing old and new field together

* Apply suggestions from code review

Co-authored-by: Rafael Franzke <rafael.franzke@sap.com>

* address remaining review comments

* fixed integration tests

* fix make generate output for controller-registration

* address review comments

* fix failing unit tests 2

* rebased on master

---------

Co-authored-by: Shafeeque E S <shafeeque.e.s@sap.com>
Co-authored-by: Rafael Franzke <rafael.franzke@sap.com>

charts/images.yaml

@@ -31,7 +31,7 @@ images:
 - name: dependency-watchdog
   sourceRepository: github.com/gardener/dependency-watchdog
   repository: eu.gcr.io/gardener-project/gardener/dependency-watchdog
-  tag: "v0.8.0"
+  tag: "v1.0.0"
 - name: nginx-ingress-controller-seed
   sourceRepository: github.com/kubernetes/ingress-nginx
   repository: registry.k8s.io/ingress-nginx/controller

cmd/gardener-extension-provider-local/app/app.go

@@ -329,7 +329,7 @@ func (w *webhookTriggerer) Start(ctx context.Context) error {
 		return err
 	}
 
-	return w.trigger(ctx, w.client, w.client, nil, &appsv1.DeploymentList{}, client.MatchingLabels{"app": "dependency-watchdog-probe"})
+	return w.trigger(ctx, w.client, w.client, nil, &appsv1.DeploymentList{}, client.MatchingLabels{"app": "dependency-watchdog-prober"})
 }
 
 func (w *webhookTriggerer) trigger(ctx context.Context, reader client.Reader, writer client.Writer, statusWriter client.StatusWriter, objectList client.ObjectList, opts ...client.ListOption) error {

docs/api-reference/core.md

@@ -8724,7 +8724,8 @@ SeedSettingDependencyWatchdogEndpoint
 </td>
 <td>
 <em>(Optional)</em>
-<p>Endpoint controls the endpoint settings for the dependency-watchdog for the seed.</p>
+<p>Endpoint controls the endpoint settings for the dependency-watchdog for the seed.
+Deprecated: This field is deprecated and will be removed in a future version of Gardener. Use <code>Weeder</code> instead.</p>
 </td>
 </tr>
 <tr>
@@ -8738,7 +8739,36 @@ SeedSettingDependencyWatchdogProbe
 </td>
 <td>
 <em>(Optional)</em>
-<p>Probe controls the probe settings for the dependency-watchdog for the seed.</p>
+<p>Probe controls the probe settings for the dependency-watchdog for the seed.
+Deprecated: This field is deprecated and will be removed in a future version of Gardener. Use <code>Prober</code> instead.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>weeder</code></br>
+<em>
+<a href="#core.gardener.cloud/v1beta1.SeedSettingDependencyWatchdogWeeder">
+SeedSettingDependencyWatchdogWeeder
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Weeder controls the weeder settings for the dependency-watchdog for the seed.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>prober</code></br>
+<em>
+<a href="#core.gardener.cloud/v1beta1.SeedSettingDependencyWatchdogProber">
+SeedSettingDependencyWatchdogProber
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Prober controls the prober settings for the dependency-watchdog for the seed.</p>
 </td>
 </tr>
 </tbody>
@@ -8750,7 +8780,8 @@ SeedSettingDependencyWatchdogProbe
 <a href="#core.gardener.cloud/v1beta1.SeedSettingDependencyWatchdog">SeedSettingDependencyWatchdog</a>)
 </p>
 <p>
-<p>SeedSettingDependencyWatchdogEndpoint controls the endpoint settings for the dependency-watchdog for the seed.</p>
+<p>SeedSettingDependencyWatchdogEndpoint controls the endpoint settings for the dependency-watchdog for the seed.
+Deprecated: This type is deprecated and will be removed in a future version of Gardener. Use type <code>SeedSettingDependencyWatchdogWeeder</code> instead.</p>
 </p>
 <table>
 <thead>
@@ -8782,7 +8813,8 @@ CrashLoopBackoff status and restarting them once their dependants become ready a
 <a href="#core.gardener.cloud/v1beta1.SeedSettingDependencyWatchdog">SeedSettingDependencyWatchdog</a>)
 </p>
 <p>
-<p>SeedSettingDependencyWatchdogProbe controls the probe settings for the dependency-watchdog for the seed.</p>
+<p>SeedSettingDependencyWatchdogProbe controls the probe settings for the dependency-watchdog for the seed.
+Deprecated: This type is deprecated and will be removed in a future version of Gardener. Use type <code>SeedSettingDependencyWatchdogProber</code> instead.</p>
 </p>
 <table>
 <thead>
@@ -8801,12 +8833,76 @@ bool
 </td>
 <td>
 <p>Enabled controls whether the probe controller of the dependency-watchdog should be enabled. This controller
-scales down the kube-controller-manager of shoot clusters in case their respective kube-apiserver is not
+scales down the kube-controller-manager, machine-controller-manager and cluster-autoscaler of shoot clusters in case their respective kube-apiserver is not
 reachable via its external ingress in order to avoid melt-down situations.</p>
 </td>
 </tr>
 </tbody>
 </table>
+<h3 id="core.gardener.cloud/v1beta1.SeedSettingDependencyWatchdogProber">SeedSettingDependencyWatchdogProber
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#core.gardener.cloud/v1beta1.SeedSettingDependencyWatchdog">SeedSettingDependencyWatchdog</a>)
+</p>
+<p>
+<p>SeedSettingDependencyWatchdogProber controls the prober settings for the dependency-watchdog for the seed.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>enabled</code></br>
+<em>
+bool
+</em>
+</td>
+<td>
+<p>Enabled controls whether the probe controller(prober) of the dependency-watchdog should be enabled. This controller
+scales down the kube-controller-manager, machine-controller-manager and cluster-autoscaler of shoot clusters in case their respective kube-apiserver is not
+reachable via its external ingress in order to avoid melt-down situations.</p>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="core.gardener.cloud/v1beta1.SeedSettingDependencyWatchdogWeeder">SeedSettingDependencyWatchdogWeeder
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#core.gardener.cloud/v1beta1.SeedSettingDependencyWatchdog">SeedSettingDependencyWatchdog</a>)
+</p>
+<p>
+<p>SeedSettingDependencyWatchdogWeeder controls the weeder settings for the dependency-watchdog for the seed.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>enabled</code></br>
+<em>
+bool
+</em>
+</td>
+<td>
+<p>Enabled controls whether the endpoint controller(weeder) of the dependency-watchdog should be enabled. This controller
+helps to alleviate the delay where control plane components remain unavailable by finding the respective pods in
+CrashLoopBackoff status and restarting them once their dependants become ready and available again.</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="core.gardener.cloud/v1beta1.SeedSettingExcessCapacityReservation">SeedSettingExcessCapacityReservation
 </h3>
 <p>

docs/usage/seed_bootstrapping.md

@@ -15,9 +15,9 @@ Gardener is using it for two purposes:
 
 For the sake of separating these concerns, two instances of the DWD are deployed by the seed controller.
 
-### Probe
+### Prober
 
-The `dependency-watchdog-probe` deployment is responsible for above mentioned first point.
+The `dependency-watchdog-prober` deployment is responsible for above-mentioned first point.
 
 The `kube-apiserver` of shoot clusters is exposed via a load balancer, usually with an attached public IP, which serves as the main entry point when it comes to interaction with the shoot cluster (e.g., via `kubectl`).
 While end-users are talking to their clusters via this load balancer, other control plane components like the `kube-controller-manager` or `kube-scheduler` run in the same namespace/same cluster, so they can communicate via the in-cluster `Service` directly instead of using the detour with the load balancer.
@@ -27,6 +27,7 @@ This means that the `kubelet`s and `kube-proxy`s also have to talk to the contro
 The `kube-controller-manager` has a special control loop called [`nodelifecycle`](https://github.com/kubernetes/kubernetes/tree/master/pkg/controller/nodelifecycle) which will set the status of `Node`s to `NotReady` in case the kubelet stops to regularly renew its lease/to send its heartbeat.
 This will trigger other self-healing capabilities of Kubernetes, for example, the eviction of pods from such "unready" nodes to healthy nodes.
 Similarly, the `cloud-controller-manager` has a control loop that will disconnect load balancers from "unready" nodes, i.e., such workload would no longer be accessible until moved to a healthy node.
+Furthermore, the `machine-controller-manager` removes "unready" nodes after `health-timeout` (default 10min).
 
 While these are awesome Kubernetes features on their own, they have a dangerous drawback when applied in the context of Gardener's architecture:
 When the `kube-apiserver` load balancer fails for whatever reason, then the `kubelet`s can't talk to the `kube-apiserver` to renew their lease anymore.
@@ -36,13 +37,13 @@ As a result, the customer's workload will go down and become unreachable.
 
 This is exactly the situation that the DWD prevents:
 It regularly tries to talk to the `kube-apiserver`s of the shoot clusters, once by using their load balancer, and once by talking via the in-cluster `Service`.
-If it detects that the `kube-apiserver` is reachable internally but not externally, it scales down the `kube-controller-manager` to `0`.
-This will prevent it from marking the shoot worker nodes as "unready".
-As soon as the `kube-apiserver` is reachable externally again, the `kube-controller-manager` will be scaled up to `1` again.
+If it detects that the `kube-apiserver` is reachable internally but not externally, it scales down `machine-controller-manager`, `cluster-autoscaler` (if enabled) and `kube-controller-manager` to `0`.
+This will prevent it from marking the shoot worker nodes as "unready". This will also prevent the `machine-controller-manager` from deleting potentially healthy nodes.
+As soon as the `kube-apiserver` is reachable externally again, `kube-controller-manager`, `machine-controller-manager` and `cluster-autoscaler` are restored to the state prior to scale-down.
 
-### Endpoint
+### Weeder
 
-The `dependency-watchdog-endpoint` deployment is responsible for the above mentioned second point.
+The `dependency-watchdog-weeder` deployment is responsible for above mentioned second point.
 
 Kubernetes is restarting failing pods with an exponentially increasing backoff time.
 While this is a great strategy to prevent system overloads, it has the disadvantage that the delay between restarts is increasing up to multiple minutes very fast.

docs/usage/seed_settings.md

@@ -5,24 +5,29 @@ This document provides an overview over the available settings:
 
 ## Dependency Watchdog
 
-gardenlet can deploy two instances of the [dependency-watchdog](https://github.com/gardener/dependency-watchdog) into the `garden` namespace of the seed cluster.
-One instance only activates the `endpoint` controller, while the second instance only activates the `probe` controller.
+Gardenlet can deploy two instances of the [dependency-watchdog](https://github.com/gardener/dependency-watchdog) into the `garden` namespace of the seed cluster.
+One instance only activates the weeder while the second instance only activates the prober.
 
-### Endpoint Controller
+### Weeder
 
-The `endpoint` controller helps to alleviate the delay where control plane components remain unavailable by finding the respective pods in CrashLoopBackoff status and restarting them once their dependants become ready and available again.
-For example, if `etcd` goes down, then also `kube-apiserver` goes down (and into a `CrashLoopBackoff` state). If `etcd` comes up again, then (without the `endpoint` controller) it might take some time until `kube-apiserver` gets restarted as well.
+The weeder helps to alleviate the delay where control plane components remain unavailable by finding the respective pods in `CrashLoopBackoff` status and restarting them once their dependants become ready and available again.
+For example, if `etcd` goes down then also `kube-apiserver` goes down (and into a `CrashLoopBackoff` state). If `etcd` comes up again then (without the `endpoint` controller) it might take some time until `kube-apiserver` gets restarted as well.
 
+:warning: `.spec.settings.dependencyWatchdog.endpoint.enabled` is deprecated and will be removed in a future version of Gardener. Use `.spec.settings.dependencyWatchdog.weeder.enabled` instead.
+
 It can be enabled/disabled via the `.spec.settings.dependencyWatchdog.endpoint.enabled` field.
 It defaults to `true`.
 
-### Probe Controller
+### Prober 
 
 The `probe` controller scales down the `kube-controller-manager` of shoot clusters in case their respective `kube-apiserver` is not reachable via its external ingress.
 This is in order to avoid melt-down situations, since the `kube-controller-manager` uses in-cluster communication when talking to the `kube-apiserver`, i.e., it wouldn't be affected if the external access to the `kube-apiserver` is interrupted for whatever reason.
 The `kubelet`s on the shoot worker nodes, however, would indeed be affected since they typically run in different networks and use the external ingress when talking to the `kube-apiserver`.
 Hence, without scaling down `kube-controller-manager`, the nodes might be marked as `NotReady` and eventually replaced (since the `kubelet`s cannot report their status anymore).
-To prevent such unnecessary turbulences, `kube-controller-manager` is being scaled down until the external ingress becomes available again.
+To prevent such unnecessary turbulences, `kube-controller-manager` is being scaled down until the external ingress becomes available again. In addition, as a precautionary measure, `machine-controller-manager` is also scaled down, along with `cluster-autoscaler` which depends on 
+`machine-controller-manager`.
+
+:warning: `.spec.settings.dependencyWatchdog.probe.enabled` is deprecated and will be removed in a future version of Gardener. Use `.spec.settings.dependencyWatchdog.prober.enabled` instead.
 
 It can be enabled/disabled via the `.spec.settings.dependencyWatchdog.probe.enabled` field.
 It defaults to `true`.

example/50-seed.yaml

@@ -51,9 +51,13 @@ spec:
     - 169.254.169.254/32
   settings:
     dependencyWatchdog:
-      endpoint:
-        enabled: true # crashlooping pods will be restarted onces their dependants become ready
-      probe:
+      weeder:
+        enabled: true # crashlooping pods will be restarted once their dependants become ready
+      endpoint: # deprecated
+        enabled: true # crashlooping pods will be restarted once their dependants become ready
+      prober:
+        enabled: true # shoot's kube-controller-managers get scaled down when the kube-apiserver is not reachable via external DNS
+      probe: # deprecated
         enabled: true # shoot's kube-controller-managers get scaled down when the kube-apiserver is not reachable via external DNS
     excessCapacityReservation:
       enabled: true # this seed will deploy excess-capacity-reservation pods

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/bronze1man/yaml2json v0.0.0-20211227013850-8972abeaea25
 	github.com/coreos/go-systemd/v22 v22.3.2
 	github.com/fluent/fluent-operator v1.7.0
-	github.com/gardener/dependency-watchdog v0.7.0
+	github.com/gardener/dependency-watchdog v1.0.0
 	github.com/gardener/etcd-druid v0.15.3
 	github.com/gardener/hvpa-controller/api v0.5.0
 	github.com/gardener/machine-controller-manager v0.48.1
@@ -68,7 +68,7 @@ require (
 )
 
 require (
-	github.com/BurntSushi/toml v0.3.1 // indirect
+	github.com/BurntSushi/toml v1.0.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/NYTimes/gziphandler v1.1.1 // indirect
 	github.com/antlr/antlr4/runtime/Go/antlr v1.4.10 // indirect
@@ -80,11 +80,13 @@ require (
 	github.com/cyphar/filepath-securejoin v0.2.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dsnet/compress v0.0.1 // indirect
+	github.com/elazarl/goproxy v0.0.0-20191011121108-aa519ddbe484 // indirect
 	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
 	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/frankban/quicktest v1.14.4 // indirect
 	github.com/fsnotify/fsnotify v1.6.0 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect