Skip to content

Bump the gardener-dependencies group across 1 directory with 2 updates#392

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/gardener-dependencies-93dac5df13
Open

Bump the gardener-dependencies group across 1 directory with 2 updates#392
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/go_modules/gardener-dependencies-93dac5df13

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 27, 2026

Copy link
Copy Markdown
Contributor

Bumps the gardener-dependencies group with 1 update in the / directory: github.com/gardener/gardener.

Updates github.com/gardener/gardener from 1.142.1 to 1.145.0

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.145.0

[github.com/gardener/gardener:v1.145.0]

⚠️ Breaking Changes

  • [OPERATOR] The gardener-scheduler candidate determination strategy deployed by gardener-operator is now configurable via Garden.spec.virtualCluster.gardener.gardenerScheduler.candidateDeterminationStrategy (allowed values: SameRegion, MinimalDistance). The default is now SameRegion, matching the documented scheduler default; previously the strategy was hardcoded to MinimalDistance. Operators relying on the previous behavior must explicitly set the field to MinimalDistance. by @​marc1404 [#14963]
  • [OPERATOR] The GA-ed and always enabled UseUnifiedHTTPProxyPort feature gate is removed. If you have references to this feature gate, clean them up before upgrading to this version of Gardener. by @​hammadzf [#14999]
  • [USER] The GA-ed and unconditionally enabled InPlaceOrRecreate VPA feature gate is removed. It must be removed from Shoot/Seed/Garden manifests. by @​gardener-ci-robot [#14936]
  • [DEVELOPER] The local development setup on macOS contains changes which affect the order of DNS resolvers in /etc/resolver/local.gardener.cloud file. In order to regenerate the /etc/resolver/local.gardener.cloud file you can either remove it, or manually re-order the DNS resolvers. by @​dnaeon [#14998]

📰 Noteworthy

  • [OPERATOR] gardenlet migration code was removed that cleaned up ShootStates that were wrongfully created. by @​tobschli [#14981]
  • [OPERATOR] gardenlet migration code was removed that converted the secret data to a new format, which was introduced with #14268. by @​tobschli [#14981]

✨ New Features

  • [OPERATOR] Gardener can now support clusters with Kubernetes version 1.36. To allow creation/update of 1.36 clusters you will have to update the version of your provider extension(s) to a version that supports 1.36 as well. Please consult the respective releases and notes in the provider extension's repository. by @​ary1992 [#14924]
  • [OPERATOR] The pvc-autoscaler can be deployed as a Seed cluster component. Operators can configure it by setting the .spec.settings.persistentVolumeClaimAutoscaler.enabled field to true in the Seed spec. The field is defaulted to false until further integrations with the observability stack. by @​RadaBDimitrova [#14991]
  • [OPERATOR] Add logic to restart the OpenTelemetry Collector systemd service when it enters a degraded state due to resource leaks. by @​iypetrov [#14928]
  • [DEVELOPER] Gardener can now support clusters with Kubernetes version 1.36. Extension developers have to prepare individual extensions as well to work with 1.36. by @​ary1992 [#14924]

🐛 Bug Fixes

  • [OPERATOR] A bug has been fixed that prevented Gardenlet from reconciling shoots without an external cluster domain. by @​Wieneo [#14521]
  • [OPERATOR] Fix a recent regression and two long-standing bugs in the Prometheus recording rules related to metering: a load regression in garden Prometheus caused by an added metadata label, metering accumulation resets across short outages, and inflated averages for short-lived shoots. by @​istvanballok [#14982]
  • [DEVELOPER] The hack/usage/generate-kubeconfig.sh script is now fixed to no longer fail when invoked without arguments — it now correctly defaults to the shoot subcommand. by @​DobromirNPeev [#14990]
  • [DEVELOPER] Update hack/usage/wait-for.sh to handle empty arrays gracefully in older Bash versions, preventing an unbound variable error. by @​iypetrov [#14973]

🏃 Others

  • [OPERATOR] Align customverbauthorizer subject handling with RBAC subject types. by @​vpnachev [#15081]
  • [OPERATOR] The blackbox exporter in the runtime cluster is granted access to private networks. This is only relevant for the local setup, where the istio ingresses are deployed in a docker container listening on private IPs. by @​vicwicker [#14962]
  • [OPERATOR] A new helper script hack/rebootstrap-gardenlet.sh has been added to the Gardener repository that helps operators to manually re-bootstrap a gardenlet whose Kubeconfig (client certificate) has experired. More information can be found in here. by @​timuthy [#14805]
  • [OPERATOR] EXPERIMENTAL_DISABLE_KUBERNETES_VERSION_CHECK flag logs check results but ignores errors. It also disables version check in the seed reconciler. by @​matthias-horne [#14989]
  • [DEVELOPER] The vendored opentelemetry-operator API types under third_party/open-telemetry/opentelemetry-operator are now removed in favor of the newly introduced github.com/open-telemetry/opentelemetry-operator/apis sub-module. This decouples Gardener's sigs.k8s.io/controller-runtime version from the one used by opentelemetry-operator. by @​iypetrov [#14944]
  • [DEVELOPER] The local docker registry is configured as insecure in remote local setup. by @​vicwicker [#15037]
  • [DEPENDENCY] The following dependencies have been updated:
    • registry.k8s.io/autoscaling/vpa-admission-controller from 1.6.0 to 1.7.0.
    • registry.k8s.io/autoscaling/vpa-recommender from 1.6.0 to 1.7.0.
    • registry.k8s.io/autoscaling/vpa-updater from 1.6.0 to 1.7.0. by @​gardener-ci-robot [#14936]
  • [DEPENDENCY] The following dependencies have been updated:
    • gcr.io/istio-release/pilot from 1.29.3 to 1.29.4.
    • gcr.io/istio-release/proxyv2 from 1.29.3 to 1.29.4.
    • istio.io/api from v1.29.3 to v1.29.4. by @​gardener-ci-robot [#14980]
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
    • envoyproxy/envoy from distroless-v1.38.0 to v1.38.1. Release Notes

... (truncated)

Commits
  • 1cccf45 release v1.145.0
  • bd2b209 [release-v1.145] Align customverbauthorizer subject handling with RBAC subj...
  • 077a07c Update dependency gardener/autoscaler to v1.35.1 (#15057)
  • 44fe204 Update dependency gardener/autoscaler to v1.34.3 (#15056)
  • 4c5f42f Update gardener-discovery-server to v0.12.0 (#15055)
  • 3cf87f0 [GEP-38] Introduce pvc-autoscaler for Seed clusters (#14991)
  • 52dd8f7 Update dependency credativ/vali to v2.2.34 (#15034)
  • a94e4a1 Update module github.com/onsi/gomega to v1.42.0 (#15050)
  • 0e73687 remote-setup: Fix field name in the Garden resource (#15044)
  • f3249de Update dependency kubernetes/kubernetes to v1.36.2 (#15038)
  • Additional commits viewable in compare view

Updates github.com/gardener/gardener/pkg/apis from 1.142.1 to 1.143.0

Release notes

Sourced from github.com/gardener/gardener/pkg/apis's releases.

v1.143.0

[github.com/gardener/gardener:v1.143.0]

⚠️ Breaking Changes

  • [OPERATOR] gardener-operator's ValidatingWebhookConfiguration no longer accepts invalid values for the Garden's .spec.virtualCluster.kubernetes.kubeAPIServer.eventTTL field even for existing Garden resources with already invalid values. Invalid values are values outside of the range [0, 24h]. The gardener-operator webhook caps the eventTTL to 24h for already persisted Gardens with a value exceeding the allowed maximum. by @​ialidzhikov [#14707]
  • [OPERATOR] The GA-ed and unconditionally enabled NewWorkerPoolHash feature gate is removed. If you have references to this feature gate, clean them up before upgrading to this version of Gardener. by @​ialidzhikov [#14800]
  • [OPERATOR] ⚠️ The secrets in the gardener-system-shoot-issuer namespace containing shoot's OIDC discovery documents will stop to be labeled with authentication.gardener.cloud/public-keys=serviceaccount after Gardener v1.145.0 is released. Clients relying on this label must migrate to discovery.gardener.cloud/public=serviceaccount before that. For backward compatibility, it is advised to support both labels for some time. by @​vpnachev [#14670]
  • [OPERATOR] gardener-apiserver no longer accepts invalid values for ManagedSeedSet's .spec.shootTemplate.spec.kubernetes.kubeAPIServer.eventTTL field even for existing ManagedSeedSet resources with already invalid values. Invalid values are values outside of the range [0, 24h]. gardener-apiserver caps the eventTTL to 24h for already persisted ManagedSeedSets with a value exceeding the allowed maximum. by @​ialidzhikov [#14707]
  • [OPERATOR] The deprecated gardenClusterCACert field was removed from the GardenletConfiguration. The CA is now always automatically set by Gardener. by @​timuthy [#14803]
  • [USER] gardener-apiserver no longer accepts invalid values for the Shoot's .spec.kubernetes.kubeAPIServer.eventTTL field even for existing Shoot resources with already invalid values. Invalid values are values outside of the range [0, 24h]. gardener-apiserver caps the eventTTL to 24h for already persisted Shoots with a value exceeding the allowed maximum. by @​ialidzhikov [#14707]
  • [DEPENDENCY] In Gardener v1.142.0 the hack/push-helm.sh script was moved to dev-setup/push-helm.sh. It is now moved to back from dev-setup/push-helm.sh to hack/push-helm.sh to allow reuse from the extensions as before. by @​ialidzhikov [#14838]

📰 Noteworthy

  • [OPERATOR] Garden status now contains the AdvertisedAddresses of the virtual garden kube-apiserver by @​hown3d [#14831]
  • [USER] The release binary artifact names have changed to include an archive suffix, which is removed from the contained binary. by @​LucaBernstein [#14814]
  • [DEVELOPER] e2e tests are now running with Kubernetes v1.35. by @​timuthy [#14766]

✨ New Features

  • [USER] A new Kubelet option SingleProcessOOMKill was added to the Shoot API. Users can use this field to configure single process termination in case it ran out of memory. By default, all processes in the same cgroup are killed when an OOM occurs. by @​timuthy [#14866]

🐛 Bug Fixes

  • [OPERATOR] Fixed intermittent gRPC "server closed the stream without sending trailers" errors for shoot-node log collection by setting useClientProtocol: true on the otel-collector DestinationRule to ensure HTTP/2 is used for upstream connections. by @​rrhubenov [#14730]
  • [OPERATOR] A bug causing the gardener-resource-manager to panic whenever a VirtualService update event is processed and the Http/Tls/Tcp spec fields need element-by-element comparison is now fixed. by @​shafeeqes [#14888]
  • [OPERATOR] Skip unusable machine types in search for suitable bastion host image by @​matthias-horne [#14813]
  • [OPERATOR] A bug has been fixed where the SystemComponentsRunning was showing and error for self-hosted shoots on unmanaged infrastructure. by @​tobschli [#14804]
  • [OPERATOR] Fixed unreachability of gardener-discovery server if a custom URL is configured by @​crigertg [#14815]
  • [OPERATOR] The gardener-resource-manager deployment procedure was hardened. In rare situations, the procedure became stuck indefinitely after the seed's CA rotation. by @​timuthy [#14765]
  • [USER] Fix an issue where shoot node logging is broken when the valitail and opentelemetry-collector systemd units start before their auth-token file is written to disk. The units now wait for the token file to exist before starting, ensuring logs and telemetry from worker nodes are reliably shipped by @​iypetrov [#14905]
  • [USER] Fixed a bug where Shoot deletion could get permanently stuck if triggered while Shoot creation was still in progress. The delete flow incorrectly created a new ControlPlane extension resource that could never be reconciled due to missing shoot access secrets. by @​acumino [#14706]
  • [DEVELOPER] make generate no longer skips CRD regeneration when only a transitively-referenced type changed; CI runs manifest generation in sequential mode to catch any remaining drift. by @​shafeeqes [#14894]

🏃 Others

  • [OPERATOR] Add alpha.control-plane.shoot.gardener.cloud/vpn-auto-mtu annotation to enable automatic MTU configuration for VPN connections. When set to true, the OPENVPN_AUTO_MTU flag is propagated to all VPN components (seed server, shoot client, kube-apiserver sidecars).` by @​axel7born [#14768]
  • [OPERATOR] The images of the registry caches used in the dev setups are now updated to distribution/distribution@v3.1.1. by @​dimitar-kostadinov [#14791]
  • [OPERATOR] The gardener-node-init now performs a connectivity check to the kube-apiserver and fatal errors of the gardener-node-agent are forwarded to the machine console. This should improve the visibility when bootstrapping of machines fail. by @​vknabel [#14760]
  • [OPERATOR] Gardener observability components are accessible even if web browsers try to coalesce connections. by @​ScheererJ [#14867]
  • [OPERATOR] DestinationRules, VirtualServices & Services are now exported to the Istio Ingress namespaces where they are used only. by @​oliver-goetz [#14842]
  • [OPERATOR] The secrets reconciler in the gardener-controller-manager no longer copies secrets with labels gardener.cloud/role:{helm-pull-secret, oci-ca-bundle} from garden namespace to the seed namespaces in the virtual cluster. Gardenlet can already access this secret if the secret is referred in a ControllerDeployment and the seed has a ControllerInstallation referring this deployment. by @​shafeeqes [#14419]
  • [OPERATOR] Plutono's prometheus-longterm datasource now correctly targets the Cortex query frontend (port 81) instead of Prometheus's local API (port 80), fixing timed-out longterm queries. by @​rickardsjp [#14873]
  • [OPERATOR] The provider-local now implements the SelfHostedShootExposure extension. by @​cerealsnow [#14723]
  • [OPERATOR] Federation short-circuit from aggregate to garden Prometheus when both instances run on the runtime cluster has been adapted for Istio virtual services. by @​vicwicker [#14868]
  • [OPERATOR] The opentelemetry-operator and prometheus-operator deployed by Gardener now have the required RBAC for Events in the events.k8s.io API group. by @​plkokanov [#14808]
  • [OPERATOR] Disable IPIP encapsulation for IPv6 IP pools for local setup. by @​axel7born [#14790]
  • [OPERATOR] Memory usage and garbage collection metrics are exposed for cluster-autoscaler. by @​takoverflow [#14764]
  • [DEVELOPER] remote setup: Garden VPA is disabled by default to avoid two VPA deployments to act on the same cluster causing endless eviction loops. by @​ialidzhikov [#14680]
  • [DEVELOPER] The SetLoggerSuffix implementations in the extension healthcheck package now emit provider and extension as independent structured log fields instead of embedding them in the logger name. by @​AnantKumar17 [#14752]
  • [DEPENDENCY] The following dependencies have been updated:
  • [DEPENDENCY] The following dependencies have been updated:
    • europe-docker.pkg.dev/gardener-project/releases/gardener/fluent-bit-plugin from v1.4.0 to v1.5.0. by @​iypetrov [#14787]

... (truncated)

Commits
  • 94a9a9b release v1.143.0
  • e20fb02 [release-v1.143] Add missing RBAC for CA v1.35 (#14908)
  • 90fe58f [release-v1.143] Add validation for auth-token file for valitail and otel-col...
  • be8165b [release-v1.143] Fix gardener-resource-manager crash in `VirtualServicePred...
  • fd68c78 [release-v1.143] Fix make generate skipping CRDs when only transitive deps ...
  • da222d3 Add handling of HTTP/2 connection coalescing. (#14867)
  • 54b2ba1 Fix Garden Plutono prometheus-longterm datasource (#14873)
  • 44436fe Export DestinationRules, VirtualServices & Services to the Istio Ingres...
  • 67ea7d1 Prepare serviceaccount discovery secret migration from `v1beta1constants.Labe...
  • 15bb1ec Fix federation short-circuit from aggregate to garden Prometheus (#14868)
  • Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot dependabot Bot added area/compliance Compliance related kind/enhancement Enhancement, improvement, extension labels May 27, 2026
@dependabot dependabot Bot requested review from a team as code owners May 27, 2026 09:36
@dependabot dependabot Bot added kind/enhancement Enhancement, improvement, extension area/compliance Compliance related labels May 27, 2026
@gardener-prow gardener-prow Bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. labels May 27, 2026
@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

@gardener-prow

gardener-prow Bot commented May 27, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign wpross for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

4 similar comments
@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

@dependabot dependabot Bot changed the title Bump the gardener-dependencies group with 2 updates Bump the gardener-dependencies group across 1 directory with 2 updates Jun 17, 2026
@dependabot dependabot Bot force-pushed the dependabot/go_modules/gardener-dependencies-93dac5df13 branch from d16c353 to 208cd8f Compare June 17, 2026 07:52
@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

5 similar comments
@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

Bumps the gardener-dependencies group with 1 update in the / directory: [github.com/gardener/gardener](https://github.com/gardener/gardener).


Updates `github.com/gardener/gardener` from 1.142.1 to 1.145.0
- [Release notes](https://github.com/gardener/gardener/releases)
- [Commits](gardener/gardener@v1.142.1...v1.145.0)

Updates `github.com/gardener/gardener/pkg/apis` from 1.142.1 to 1.143.0
- [Release notes](https://github.com/gardener/gardener/releases)
- [Commits](gardener/gardener@v1.142.1...v1.143.0)

---
updated-dependencies:
- dependency-name: github.com/gardener/gardener
  dependency-version: 1.143.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gardener-dependencies
- dependency-name: github.com/gardener/gardener/pkg/apis
  dependency-version: 1.143.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gardener-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/go_modules/gardener-dependencies-93dac5df13 branch from 208cd8f to 1153ae8 Compare July 1, 2026 07:52
@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

3 similar comments
@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

@federated-github-access

Copy link
Copy Markdown
Contributor

The PR needs to be labeled with ok-to-test by a maintainer to trigger the automated validation of the change

@gardener-prow

gardener-prow Bot commented Jul 1, 2026

Copy link
Copy Markdown

rebase

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@gardener-prow gardener-prow Bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/compliance Compliance related cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. kind/enhancement Enhancement, improvement, extension needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants