Bump github.com/gardener/gardener from 1.110.3 to 1.111.0

[dependabot]

Bumps github.com/gardener/gardener from 1.110.3 to 1.111.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.111.0

[gardener/gardener]

⚠️ Breaking Changes

• [OPERATOR] The OperatorConfiguration changed incompatibly: extensionRequired was renamed to extensionRequiredRuntime. by @​timuthy #11001

• [OPERATOR] The ShootManagedIssuer feature gate was removed. Enablement of the feature is now dependent on the existence of a secret in the garden namespace labeled with gardener.cloud/role: shoot-service-account-issuer. by @​dimityrmirchev #11078

• [OPERATOR] The ShootForceDeletion feature gate has been graduated to GA and is locked to true. by @​shafeeqes #11107

• [OPERATOR] This change applies to IPv4 clusters only.
  Gardener uses the CIDR range of 240.0.0.0/8 which is reserved as per IANA db to map the cluster ip of the kubernetes api-server in the seed to a different network range before exposing it to the shoot in the kubernetes service. This frees up address space in the shoot and removes potential clashes with shoot workload ips.

  Seed operators need to check if any of the following properties collide with the 240.0.0.0/8 range:

  spec:  
    networks:  
      pods: < check here >  
      nodes: < check here >  
      services: < check here >  
      shootDefaults:  
        pods: < check here >  
        nodes: < check here >  
        services: < check here >  
  

  by @​domdom82 #10949

• [OPERATOR] The wildcard TLS certificate for the runtime cluster must now be labelled with gardener.cloud/role=garden-cert instead of gardener.cloud/role=controlplane-cert to avoid duplicate role assignments for runtime and seed certificate secrets if Gardener runtime and seed run on the same cluster.
  The old role name is deprecated for the runtime cluster. It will not be accepted anymore with the next Gardener release. by @​MartinWeindel #11113

• [DEPENDENCY] Client-related functions have been adapted to use the external version of k8s.io/component-base/config.ClientConnectionConfiguration. If you need a helper function for transitioning to the external version, use pkg/client/kubernetes.ConvertClientConnectionConfigurationToExternal. by @​timebertt #11052

• [DEPENDENCY] The package github.com/gardener/gardener/extensions/pkg/apis/config has been dropped. Use the versioned variant of the package instead: github.com/gardener/gardener/extensions/pkg/apis/config/v1alpha1. by @​timebertt #11056

📰 Noteworthy

• [USER] Expired versions from the NamespacedCloudProfile are always dropped, except for already applied versions. by @​LucaBernstein #10910
• [OPERATOR] The vpa field (ineffective since v1.102) has been removed from the ManagedSeed API. by @​rfranzke #11047
• [OPERATOR] Now "vali" contains the managed control plane logs from the early stages of shoot reconcile. by @​nickytd #11082

✨ New Features

• [OPERATOR] Gardener-Operator handles generic Gardener extensions in the Garden-Runtime cluster (type: Extension). Such extensions can be configured via spec.extensions in the Garden resource. by @​timuthy #11192
• [OPERATOR] gardener-node-agent now persists its applied changes after each step when reconciling the OSC. This should avoid unnecessary work and systemd unit restarts. by @​maboehm #10969
• [OPERATOR] Add vpa histogram decay half-life parameters to the Shoot spec. by @​voelzmo #10959
• [OPERATOR] The Gardener Admission Controller now implements a handler that can prevent tampering with system Secrets and ConfigMaps if they are labeled with gardener.cloud/update-restriction=true. by @​dimityrmirchev #11108
• [OPERATOR] Add flow and flow task metrics for timing duration, delay and result count to gardenlet metrics. by @​LucaBernstein #10967
• [USER] Gardener now allows to omit or to only partially define the machine image version in shoot.Spec.Provider.Workers[].Machine.Image.Version. The version will automatically be defaulted to the latest minor/patch version found in the referenced CloudProfile. by @​LucaBernstein #10954
• [DEVELOPER] The extension library now supports adding watches via WatchBuilder for other resources in the generic extension controller. by @​domdom82 #11064
• [DEVELOPER] Add option to register flow metrics on monitoring registry. by @​LucaBernstein #10967
• [DEVELOPER] A local setup for trying out, developing, and testing the autonomous shoot cluster functionality of gardenadm has been introduced. You can find the documentation here. by @​rfranzke #10977

🐛 Bug Fixes

• [OPERATOR] Gardener can now delete and migrate shoots that use dynamic node network allocation, even if the infrastructure creation has never been successfully completed. by @​timebertt #11038
• [OPERATOR] An issue was fixed in gardener-operator that prevented configuring OIDC for gardener-dashboard while using Structured Authentication. by @​timuthy #11080
• [OPERATOR] gardener-node-agent does not restart containerd.service on every OSC reconciliation anymore. by @​oliver-goetz #11120
• [USER] Fix the NamespacedCloudProfile status mutation. by @​LucaBernstein #11036
• [DEVELOPER] Avoid calling GetCluster for non-shoot namespaces in shootNotFailedPredicate and dnsrecord controller. by @​MartinWeindel #11123

... (truncated)

Commits

• 37ae9bf Release v1.111.0
• 8fda81b chore(deps): update registry.k8s.io/ingress-nginx/controller-chroot docker ta...
• fa1658e Consider machine image name while calculating list of valid image (#11220)
• 822c574 Fix TM test Shoot container runtime testing (#11219)
• ceaced6 Allow generic-garbage-collector serviceaccount to delete update restricted re...
• bd43935 Drop internal version of resourcemanager.config.gardener.cloud API (#11099)
• 44b0ad7 Fixed broken links - 2025.01 (#11207)
• c2ce545 Separate apis/\<api>/[ver]/helper/helper.go into different `helper_<resource...
• 3a215a4 docs: Simplify second seed cluster guide (#11213)
• 58cd487 [operator] Manage Generic Gardener Extensions (#11192)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[gardener-robot]

@dependabot[bot] Thank you for your contribution.

[gardener-robot-ci-1]

Thank you @dependabot[bot] for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below.