Bump github.com/gardener/gardener from 1.85.0 to 1.86.0

[dependabot]

Bumps github.com/gardener/gardener from 1.85.0 to 1.86.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.86.0

[gardener/gardener]

⚠️ Breaking Changes

• [OPERATOR] All virtual garden access Secrets have to be labeled with with resources.gardener.cloud/class=shoot. Otherwise the virtual-GRM won't consider the Secrets and won't renew them. by @​rfranzke #8883
• [OPERATOR] The ContainerdRegistryHostsDir feature gate has been promoted to beta and is now turned on by default. by @​ialidzhikov #8873
• [DEVELOPER] Support for the deprecated NetworkPolicy annotations networking.resources.gardener.cloud/from-policy-allowed-ports and networking.resources.gardener.cloud/from-policy-pod-label-selector has been removed. Use networking.resources.gardener.cloud/from-<some-alias>-allowed-ports instead (documentation). by @​rfranzke #8883

📰 Noteworthy

• [DEVELOPER] The local Gardener environments for e2e tests running in Prow are now backed by the registry-cache extensions enabled in the Prow cluster. This should have a positive impact on the network I/O for image pulls and resulting costs. by @​oliver-goetz #8880
• [OPERATOR] The WorkerlessShoots has been promoted to GA and is now locked to "enabled by default". by @​acumino #8906

✨ New Features

• [USER] It is now possible to configure the resources encrypted in the ETCD for shoot clusters, see this document for more details. by @​shafeeqes #8842
• [USER] The shoots/viewerkubeconfig subresource now also restricts viewer access to resources which are specified in the spec.kubernetes.kubeAPIServer.encryptionConfig in the Shoot in addition to Secrets. by @​shafeeqes #8966
• [USER] It is now possible to request a kubeconfig with read-only access (all APIs except core/v1.Secret) for shoot clusters by using the new shoots/viewerkubeconfig subresource. Read all about it here. by @​rfranzke #8870
• [OPERATOR] The vpn-seed-server component now supports IPv4 seed clusters hosting IPv6 shoot clusters. by @​DockToFuture #8830
• [OPERATOR] It is now possible to configure the resources encrypted in the ETCD for the virtual garden cluster, see this document for more details. by @​shafeeqes #8842

🐛 Bug Fixes

• [DEPENDENCY] extension library: An issue causing the Worker restore operation to fail for hibernated Shoots is now fixed. by @​ialidzhikov #8943
• [OPERATOR] A bug causing the Shoot to use the wrong istio load balancer if the ExposureClass name and the exposureclass handler name are not the same is now fixed. by @​shafeeqes #8926
• [OPERATOR] Fixed a bug where a Shoot with an expired machine image or Kubernetes version could be created.
  For machine images: only allow updating to a higher expired machine image version for an existing worker pool
  For Kubernetes versions: do not allow creation of a worker pool with an expired K8s version, but still allow updating an existing worker pool to a higher expired version. by @​danielfoehrKn #8854
• [OPERATOR] gardener-node-agent's OperatingSystemConfig controller now respects the reconciliation timeout and aborts the reconciliation if it takes too long. by @​rfranzke #8907
• [OPERATOR] gardener-node-agent now creates temporary directories and files under /var/lib/gardener-node-agent/tmp instead of /tmp. This fixes issues during OperatingSystemConfig reconciliation which occur when /var and /tmp are backed by different file systems or devices. by @​rfranzke #8894
• [OPERATOR] gardener-node-agent now skips disablement and stop attempts of deleted units in case their unit files have already been cleaned up by third parties. by @​rfranzke #8898
• [OPERATOR] gardener-node-agent now converts the hostname to lower case to match kubelet behaviour when it maintains the kubernetes.io/hostname label on Nodes. by @​rfranzke #8902

🏃 Others

• [OPERATOR] gardener-node-agent now stops waiting for systemd command results if they don't respond back after 10s. by @​rfranzke #8919
• [OPERATOR] Add unhealthy nodes dashboard. by @​adenitiu #8869
• [OPERATOR] Add egressCIDRs field to the infrastructureStatus resource. This allows provider-extensions to specify a list of stable CIDRs used as source IP for traffic generated by the shoot's worker nodes. by @​kon-angelo #8888
• [DEVELOPER] Add support for optional SCRIPT_ROOT environment var in vgopath enabled hack scripts by @​afritzler #8935

[gardener/vpn2]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references. by @​ccwienkgardener/vpn2#62

📰 Noteworthy

• [OPERATOR] added ipv6 single-stack support by @​nschadgardener/vpn2#45
• [OPERATOR] Add iptables backend detection to firewall script. by @​axel7borngardener/vpn2#64

[gardener/apiserver-proxy]

📰 Noteworthy

• [OPERATOR] Remove the optional creation of iptables rules and the flag--setup-iptables. by @​axel7borngardener/apiserver-proxy#70

... (truncated)

Commits

• cee1201 Release v1.86.0
• 483cda3 [release-v1.86] Revert "Spread Istio Ingress Gateway pods across hosts if the...
• c75e3b6 [release-v1.86] Prevent reading encrypted resources with `shoots/viewerkubeco...
• 0a20f87 Delete MCM before deleting the MCM resources in the Shoot force deletion flow...
• e6f98fa egress cidrs (#8888)
• 9748682 Upgrade vpn-seed-server and vpn-shoot-client (#8958)
• f31674b typo (#8955)
• 8077ed3 [scheduler] Clean up technical debt in defaulting code (#8832)
• fd95bd4 Add e2e test for cpm of hibernated shoot (#8952)
• 3374afd Fix CPM for hibernated Shoots (#8943)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

```other operator Bump github.com/gardener/gardener from 1.85.0 to 1.86.0. ```

[gardener-robot]

@dependabot[bot] Thank you for your contribution.

[gardener-robot-ci-1]

Thank you @dependabot[bot] for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below.

[MartinWeindel]

/lgtm