Merge branch 'master' into remove-ccd-mutation

.github/workflows/docker.yaml

@@ -38,7 +38,7 @@ jobs:
         [ "${GITHUB_EVENT_NAME}" == 'push' ] && echo "tag=latest" >> $GITHUB_ENV || true
 
     - name: Build and push image
-      uses: docker/build-push-action@v5
+      uses: docker/build-push-action@v6
       with:
         context: .
         push: true

charts/images.yaml

@@ -22,11 +22,11 @@ images:
 - name: metallb-speaker
   sourceRepository: https://github.com/metallb/metallb
   repository: quay.io/metallb/speaker
-  tag: "v0.14.3"
+  tag: "v0.14.8"
 - name: metallb-controller
   sourceRepository: https://github.com/metallb/metallb
   repository: quay.io/metallb/controller
-  tag: "v0.14.3"
+  tag: "v0.14.8"
 - name: duros-controller
   sourceRepository: https://github.com/metal-stack/duros-controller
   repository: ghcr.io/metal-stack/duros-controller
@@ -38,7 +38,7 @@ images:
 - name: metallb-health-sidecar
   sourceRepository: https://github.com/metal-stack/metallb-health-sidecar
   repository: ghcr.io/metal-stack/metallb-health-sidecar
-  tag: "v0.1.1"
+  tag: "v0.1.2"
 - name: firewall-controller-manager
   sourceRepository: https://github.com/metal-stack/firewall-controller-manager
   repository: ghcr.io/metal-stack/firewall-controller-manager

charts/internal/shoot-control-plane/templates/metallb.yaml

@@ -267,6 +267,7 @@ rules:
   - pods
   verbs:
   - list
+  - get
 - apiGroups:
   - ""
   resources:
@@ -551,6 +552,10 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: spec.nodeName
+        - name: METALLB_POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
         - name: METALLB_HOST
           valueFrom:
             fieldRef:

pkg/admission/mutator/config.go

@@ -11,10 +11,6 @@ import (
 
 type config struct{}
 
-func (c *config) allowedPrivilegedContainers() bool {
-	return c.bool("DEFAULTER_ALLOWEDPRIVILEGEDCONTAINERS", true)
-}
-
 func (c *config) maxPods() int32 {
 	return c.int32("DEFAULTER_MAXPODS", 250)
 }
@@ -126,5 +122,5 @@ func (c *config) int32(key string, fallback int32) int32 {
 		return fallback
 	}
 
-	return int32(parsed)
+	return int32(parsed) // nolint:gosec
 }

pkg/admission/mutator/defaulter.go

@@ -12,7 +12,6 @@ import (
 	"github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal"
 	"github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal/helper"
 	metalv1alpha1 "github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal/v1alpha1"
-	"github.com/metal-stack/metal-lib/pkg/k8s"
 	"github.com/metal-stack/metal-lib/pkg/pointer"
 
 	"k8s.io/apimachinery/pkg/runtime"
@@ -27,14 +26,6 @@ type defaulter struct {
 }
 
 func (d *defaulter) defaultShoot(shoot *gardenv1beta1.Shoot) error {
-	lessThan125, err := k8s.LessThan(shoot.Spec.Kubernetes.Version, k8s.KubernetesV125)
-	if err != nil {
-		return err
-	}
-	if shoot.Spec.Kubernetes.AllowPrivilegedContainers == nil && lessThan125 {
-		shoot.Spec.Kubernetes.AllowPrivilegedContainers = pointer.Pointer(d.c.allowedPrivilegedContainers())
-	}
-
 	if shoot.Spec.Kubernetes.KubeControllerManager == nil {
 		shoot.Spec.Kubernetes.KubeControllerManager = &gardenv1beta1.KubeControllerManagerConfig{}
 	}
@@ -51,7 +42,7 @@ func (d *defaulter) defaultShoot(shoot *gardenv1beta1.Shoot) error {
 		shoot.Spec.Kubernetes.Kubelet.MaxPods = pointer.Pointer(d.c.maxPods())
 	}
 
-	err = d.defaultInfrastructureConfig(shoot)
+	err := d.defaultInfrastructureConfig(shoot)
 	if err != nil {
 		return err
 	}

pkg/admission/mutator/defaulter_test.go

@@ -117,8 +117,7 @@ func Test_defaulter_defaultShoot(t *testing.T) {
 			want: &gardenv1beta1.Shoot{
 				Spec: gardenv1beta1.ShootSpec{
 					Kubernetes: gardenv1beta1.Kubernetes{
-						Version:                   "1.24.0",
-						AllowPrivilegedContainers: pointer.Pointer(true),
+						Version: "1.24.0",
 						KubeControllerManager: &gardenv1beta1.KubeControllerManagerConfig{
 							NodeCIDRMaskSize: pointer.Pointer(int32(23)),
 						},