Bump github.com/gardener/gardener from 1.97.1 to 1.102.1

[dependabot]

Bumps github.com/gardener/gardener from 1.97.1 to 1.102.1.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.102.1

[gardener/gardener]

🐛 Bug Fixes

• [OPERATOR] A bug has been fixed that prevented the deployment of gardenlets via gardener-operator and the Gardenlet resource when .spec.kubeconfigSecretRef was used. by @​rfranzke #10411

🏃 Others

• [DEPENDENCY] The gardener/etcd-druid image has been updated to v0.22.5. Release Notes by @​gardener-ci-robot #10443
• [OPERATOR] gardener-controller-manager: A corner case issue in the maintenance controller that prevented forceful minor K8s version update from K8s 1.29 to K8s 1.30 is now resolved. by @​ialidzhikov #10438
• [OPERATOR] Kernel setting net.netfilter.nf_conntrack_max is only set on nodes by sysctl.d if kube-proxy is disabled. by @​ScheererJ #10434

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.102.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.102.1
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.102.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.102.1

Docker Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.102.1
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.102.1
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.102.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.102.1
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.102.1
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.102.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.102.1
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.102.1

v1.102.0

[gardener/gardener]

⚠️ Breaking Changes

• [OPERATOR] When the NewWorkerPoolHash feature gate is enabled, the calculation now also rolls worker nodes of Shoots when changing systemReserved in the kubelet configuration. Worker pools are not rolled if the sum of kubeReserved and systemReserved does not change. If the feature gate is already enabled, then the worker pools of Shoots with non-zero values in systemReserved will be rolled once. by @​MichaelEischer #10290

📰 Noteworthy

• [USER] The spec.client field in the {Cluster}OpenIDConnectPreset APIs is deprecated and will be removed after support for Kubernetes 1.30 is dropped. by @​AleksandarSavchev #10253
• [USER] The spec.kubernetes.kubeAPIServer.oidcConfig.clientAuthentication field in the Shoot API is deprecated and will be removed after support for Kubernetes 1.30 is dropped. by @​AleksandarSavchev #10253
• [USER] The Shoot specification field .spec.kubernetes.kubeAPIServer.oidcConfig.signingAlgs for Kubernetes versions >= v1.30 is not supported anymore. by @​AleksandarSavchev #10244
• [OPERATOR] The .spec.deployment.vpa field in the seedmanagement.gardener.cloud/v1alpha1.{Gardenlet,ManagedSeed} APIs is deprecated and has no effect anymore. It will be removed in a future version. Now, gardenlet deploys its own VPA as part of the Seed reconciliation (after it ensured the VPA CRD exists). by @​rfranzke #10299

✨ New Features

• [USER] Structured authentication configuration can now be set by creating a ConfigMap in the project namespace with the AuthenticationConfiguration file set in the config.yaml data key and referencing the ConfigMap in the new Shoot specification field .spec.kubernetes.kubeAPIServer.structuredAuthentication.configMapName for Kubernetes versions >= v1.30. Only one authenticator can be set via the authentication configuration until k8s.io/* Golang dependencies are upgraded to version >= v0.30. by @​AleksandarSavchev #10244
• [USER] The following vpa-recommender flags are now configurable via the Shoot specification:
  • --recommendation-lower-bound-cpu-percentile: .spec.kubernetes.verticalPodAutoscaler.recommendationLowerBoundCPUPercentile
  • --recommendation-upper-bound-cpu-percentile: .spec.kubernetes.verticalPodAutoscaler.recommendationUpperBoundCPUPercentile
  • --target-memory-percentile: .spec.kubernetes.verticalPodAutoscaler.targetMemoryPercentile
  • --recommendation-lower-bound-memory-percentile: .spec.kubernetes.verticalPodAutoscaler.recommendationLowerBoundMemoryPercentile
  • --recommendation-upper-bound-memory-percentile: .spec.kubernetes.verticalPodAutoscaler.recommendationUpperBoundMemoryPercentile by @​ialidzhikov #10221
• [OPERATOR] Performing control plane migration across Seeds with different provider types is now possible. Before triggering the migration, make sure that pods in the Shoot's control plane, once it is moved to the Destination Seed, will have network connectivity to the storage provider of the Source Seed (so that ETCD backups can be copied automatically). Additionally, make sure that the Shoot's nodes will have network connectivity to the Shoot's control plane after it is moved to the Destination Seed. by @​plkokanov #10323
• [OPERATOR] gardenlet now runs a new controller called TokenRequestorWorkloadIdentity which requests workload identity tokens and writes them into Secret resources in the seed cluster. These tokens can be then used by control plane components in order to present the said WorkloadIdentity before external systems. Please see here for more details. by @​dimityrmirchev #10298

... (truncated)

Commits

• 3a641c9 Release v1.102.1
• 00b6b7f chore(deps): update dependency gardener/etcd-druid to v0.22.5 (#10443)
• f89f708 maintenance controller: Fix a corner case in the 1.29 -> 1.30 forceful upgrad...
• 1018974 Prevent setting net.netfilter.nf_conntrack_max in case kube-proxy is depl...
• ea02640 [release-v1.102] Fix make generate (#10419)
• e95976a Disable caches for target client in Gardenlet controller (#10411)
• c86168e Prepare next Development Cycle v1.102.1-dev
• 1040631 Release v1.102.0
• fa42ac0 [release-v1.102] Fix Shoot Structured Authentication API conflict (#10385)
• adc2419 Fix registry hosts probing when OSC `criConfig.containerd.registries.hosts.ca...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[gardener-robot]

@dependabot[bot] Thank you for your contribution.

[gardener-robot-ci-2]

Thank you @dependabot[bot] for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below.

[MrBatschner]

/add reviewed/ok-to-test

[MrBatschner]

/lgtm