Bump github.com/gardener/gardener from v1.85.1 to 1.86.0

[dependabot]

Bumps github.com/gardener/gardener from 1.85.1 to 1.86.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.86.0

[gardener/gardener]

⚠️ Breaking Changes

• [OPERATOR] All virtual garden access Secrets have to be labeled with with resources.gardener.cloud/class=shoot. Otherwise the virtual-GRM won't consider the Secrets and won't renew them. by @​rfranzke #8883
• [OPERATOR] The ContainerdRegistryHostsDir feature gate has been promoted to beta and is now turned on by default. by @​ialidzhikov #8873
• [DEVELOPER] Support for the deprecated NetworkPolicy annotations networking.resources.gardener.cloud/from-policy-allowed-ports and networking.resources.gardener.cloud/from-policy-pod-label-selector has been removed. Use networking.resources.gardener.cloud/from-<some-alias>-allowed-ports instead (documentation). by @​rfranzke #8883

📰 Noteworthy

• [DEVELOPER] The local Gardener environments for e2e tests running in Prow are now backed by the registry-cache extensions enabled in the Prow cluster. This should have a positive impact on the network I/O for image pulls and resulting costs. by @​oliver-goetz #8880
• [OPERATOR] The WorkerlessShoots has been promoted to GA and is now locked to "enabled by default". by @​acumino #8906

✨ New Features

• [USER] It is now possible to configure the resources encrypted in the ETCD for shoot clusters, see this document for more details. by @​shafeeqes #8842
• [USER] The shoots/viewerkubeconfig subresource now also restricts viewer access to resources which are specified in the spec.kubernetes.kubeAPIServer.encryptionConfig in the Shoot in addition to Secrets. by @​shafeeqes #8966
• [USER] It is now possible to request a kubeconfig with read-only access (all APIs except core/v1.Secret) for shoot clusters by using the new shoots/viewerkubeconfig subresource. Read all about it here. by @​rfranzke #8870
• [OPERATOR] The vpn-seed-server component now supports IPv4 seed clusters hosting IPv6 shoot clusters. by @​DockToFuture #8830
• [OPERATOR] It is now possible to configure the resources encrypted in the ETCD for the virtual garden cluster, see this document for more details. by @​shafeeqes #8842

🐛 Bug Fixes

• [DEPENDENCY] extension library: An issue causing the Worker restore operation to fail for hibernated Shoots is now fixed. by @​ialidzhikov #8943
• [OPERATOR] A bug causing the Shoot to use the wrong istio load balancer if the ExposureClass name and the exposureclass handler name are not the same is now fixed. by @​shafeeqes #8926
• [OPERATOR] Fixed a bug where a Shoot with an expired machine image or Kubernetes version could be created.
  For machine images: only allow updating to a higher expired machine image version for an existing worker pool
  For Kubernetes versions: do not allow creation of a worker pool with an expired K8s version, but still allow updating an existing worker pool to a higher expired version. by @​danielfoehrKn #8854
• [OPERATOR] gardener-node-agent's OperatingSystemConfig controller now respects the reconciliation timeout and aborts the reconciliation if it takes too long. by @​rfranzke #8907
• [OPERATOR] gardener-node-agent now creates temporary directories and files under /var/lib/gardener-node-agent/tmp instead of /tmp. This fixes issues during OperatingSystemConfig reconciliation which occur when /var and /tmp are backed by different file systems or devices. by @​rfranzke #8894
• [OPERATOR] gardener-node-agent now skips disablement and stop attempts of deleted units in case their unit files have already been cleaned up by third parties. by @​rfranzke #8898
• [OPERATOR] gardener-node-agent now converts the hostname to lower case to match kubelet behaviour when it maintains the kubernetes.io/hostname label on Nodes. by @​rfranzke #8902

🏃 Others

• [OPERATOR] gardener-node-agent now stops waiting for systemd command results if they don't respond back after 10s. by @​rfranzke #8919
• [OPERATOR] Add unhealthy nodes dashboard. by @​adenitiu #8869
• [OPERATOR] Add egressCIDRs field to the infrastructureStatus resource. This allows provider-extensions to specify a list of stable CIDRs used as source IP for traffic generated by the shoot's worker nodes. by @​kon-angelo #8888
• [DEVELOPER] Add support for optional SCRIPT_ROOT environment var in vgopath enabled hack scripts by @​afritzler #8935

[gardener/vpn2]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references. by @​ccwienkgardener/vpn2#62

📰 Noteworthy

• [OPERATOR] added ipv6 single-stack support by @​nschadgardener/vpn2#45
• [OPERATOR] Add iptables backend detection to firewall script. by @​axel7borngardener/vpn2#64

[gardener/apiserver-proxy]

📰 Noteworthy

• [OPERATOR] Remove the optional creation of iptables rules and the flag--setup-iptables. by @​axel7borngardener/apiserver-proxy#70

... (truncated)

Commits

• cee1201 Release v1.86.0
• 483cda3 [release-v1.86] Revert "Spread Istio Ingress Gateway pods across hosts if the...
• c75e3b6 [release-v1.86] Prevent reading encrypted resources with `shoots/viewerkubeco...
• 0a20f87 Delete MCM before deleting the MCM resources in the Shoot force deletion flow...
• e6f98fa egress cidrs (#8888)
• 9748682 Upgrade vpn-seed-server and vpn-shoot-client (#8958)
• f31674b typo (#8955)
• 8077ed3 [scheduler] Clean up technical debt in defaulting code (#8832)
• fd95bd4 Add e2e test for cpm of hibernated shoot (#8952)
• 3374afd Fix CPM for hibernated Shoots (#8943)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

The following dependency is updated:
- `github.com/gardener/gardener`: v1.85.1 -> v1.86.0

[gardener-ci-robot]

The Gardener project currently lacks enough active contributors to adequately respond to all PRs.
This bot triages PRs according to the following rules:

• After 15d of inactivity, lifecycle/stale is applied
• After 15d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 7d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Mark this PR as fresh with /remove-lifecycle stale
• Mark this PR as rotten with /lifecycle rotten
• Close this PR with /close

/lifecycle stale

[ialidzhikov]

@dependabot recreate

[gardener-prow]

rebase

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[dependabot]

Dependabot couldn't access the repository. Because of this, Dependabot cannot update this pull request.

[ialidzhikov]

@dependabot recreate

[ialidzhikov]

/test pull-gardener-extension-registry-cache-e2e-kind

[ialidzhikov]

/lgtm

[gardener-prow]

LGTM label has been added.

Git tree hash: 823c87587cbf3250794440e2d8748b883210c1cb

[gardener-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ialidzhikov

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ialidzhikov]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment