Release Notes v1.126

Yake release notes and upgrade guide

Update gardener-controlplane to 1.125.1

[github.com/gardener/gardener:v1.125.1]

🏃 Others

[DEPENDENCY] The following dependencies have been updated:
- gardener/vpn2 from 0.41.0 to 0.41.1. Release Notes by @gardener-ci-robot [#12726]
[DEPENDENCY] The following dependencies have been updated:
- gardener/autoscaler from v1.32.0 to v1.32.1. Release Notes by @gardener-ci-robot [#12720]

Update gardener-controlplane to 1.125.1

[github.com/gardener/gardener:v1.125.1]

🏃 Others

[DEPENDENCY] The following dependencies have been updated:
- gardener/vpn2 from 0.41.0 to 0.41.1. Release Notes by @gardener-ci-robot [#12726]
[DEPENDENCY] The following dependencies have been updated:
- gardener/autoscaler from v1.32.0 to v1.32.1. Release Notes by @gardener-ci-robot [#12720]

Update gardenlet to 1.125.1

[github.com/gardener/gardener:v1.125.1]

🏃 Others

[DEPENDENCY] The following dependencies have been updated:
- gardener/vpn2 from 0.41.0 to 0.41.1. Release Notes by @gardener-ci-robot [#12726]
[DEPENDENCY] The following dependencies have been updated:
- gardener/autoscaler from v1.32.0 to v1.32.1. Release Notes by @gardener-ci-robot [#12720]

Update provider-aws to 1.63.0

Update shoot-rsyslog-relp to 0.10.0

[github.com/gardener/gardener-extension-shoot-rsyslog-relp:v0.10.0]

⚠️ Breaking Changes

[OPERATOR] shoot-rsyslog-relp no longer supports Shoots with Кubernetes version <= 1.28. by @RadaBDimitrova [#291]

Helm Charts

shoot-rsyslog-relp-admission-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-application:v0.10.0
shoot-rsyslog-relp-admission-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-runtime:v0.10.0
shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp:v0.10.0

Container (OCI) Images

gardener-extension-shoot-rsyslog-relp-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.10.0
gardener-extension-shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.10.0

Update shoot-networking-problemdetector to 0.28.0

[github.com/gardener/gardener-extension-shoot-networking-problemdetector:v0.28.0]

🏃 Others

[OPERATOR] shoot-networking-problemdetector no longer supports Shoots with Кubernetes version <= 1.28. by @georgibaltiev [#259]
[OPERATOR] export testresults as inlined ocm-resource by @heldkat [#261]
[DEVELOPER] migrate CICD-Pipeline to GitHub-Actions by @ccwienk [#252]

Update runtime-gvisor to 0.23.0

[github.com/gardener/gardener-extension-runtime-gvisor:v0.23.0]

🏃 Others

[DEVELOPER] migrate CICD-Pipelines to GitHub-Actions by @ccwienk [#237]

🏃 Others

[OPERATOR] Update gvisor to 20250811.0, git diff of upstream gvisor https://github.com/google/gvisor/compare/release-20250505.0...release-20250811.0 by @Vincinator [#271]
[OPERATOR] Support containerd 2 with config version format=3 by @Vincinator [#238]

Update networking-cilium to 1.42.1

[github.com/gardener/gardener-extension-networking-cilium:v1.42.1]

🏃 Others

[OPERATOR] Cilium extension now works with worker pool specific node-local-dns daemonsets. by @ScheererJ [gardener/gardener-extension-networking-cilium@c705d373358926f282538d171a13e63539b4ea81]

Update gardener-controlplane to 1.125.2

[github.com/gardener/gardener:v1.125.2]

🐛 Bug Fixes

[USER] Errors that occur during Worker reconciliation are now also propagated to the Shoot status. by @gardener-ci-robot [#12789]
[OPERATOR] The plutono-datasources ConfigMap is no longer wrongfully garbage collected while it is in use. by @gardener-ci-robot [#12765]

Update gardener-controlplane to 1.125.2

[github.com/gardener/gardener:v1.125.2]

🐛 Bug Fixes

[USER] Errors that occur during Worker reconciliation are now also propagated to the Shoot status. by @gardener-ci-robot [#12789]
[OPERATOR] The plutono-datasources ConfigMap is no longer wrongfully garbage collected while it is in use. by @gardener-ci-robot [#12765]

Update gardenlet to 1.125.2

[github.com/gardener/gardener:v1.125.2]

🐛 Bug Fixes

[USER] Errors that occur during Worker reconciliation are now also propagated to the Shoot status. by @gardener-ci-robot [#12789]
[OPERATOR] The plutono-datasources ConfigMap is no longer wrongfully garbage collected while it is in use. by @gardener-ci-robot [#12765]

Update gardener-controlplane to 1.126.0

[github.com/gardener/gardener:v1.126.0]

⚠️ Breaking Changes

[OPERATOR] A separate node-local-dns DaemonSet is deployed for each worker pool such that each DaemonSet has the name node-local-dns-<worker-pool-name>.
If you are using gardener-extension-networking-cilium in your landscape, it is required to update it to a version which supports these new names for the DaemonSets.
Support is added with https://github.com/gardener/gardener-extension-networking-cilium/pull/622 and included in versions starting from: v1.42.1, v1.41.3 and v1.40.4 by @DockToFuture [#12422]
[OPERATOR] ⚠️ The NewWorkerPoolHash feature gate has been promoted to beta and is now enabled by default. When the feature gate is enabled, changes to kubeReserved, systemReserved, evictionHard or cpuManagerPolicy in the kubelet of the Shoot will trigger a node-roll. All provider extensions must be upgraded to a version which includes Gardener v1.98.0 first to support this feature. by @Duciwuci [#12550]
[DEVELOPER] The local Gardener development setup has been restructured:
- The location of key config files has changed. In particular, project.yaml now has to be created at example/provider-extensions/garden/project/base/project.yaml.
- The deprecated SecretBinding resource has been removed from the local deployment. Developers should now use CredentialsBinding resources instead.
- The template for credentials bindings is now located at:
  - For static credentials: example/provider-extensions/garden/project/without-workload-identity/credentials/credentialsbindings.yaml.tmpl
  - For workload identity: example/provider-extensions/garden/project/with-workload-identity/credentials/credentialsbindings.yaml.tmpl
- When referencing static credentials, update your configuration to use CredentialsBinding referencing Secret objects, as shown in the new template file. The previous secretbindings.yaml file and template have been removed.
Action required:
If you use static credentials for your local setup, update your configuration to:
- Use the new location for project.yaml.
- Replace any usage of secretbindings.yaml with credentialsbindings.yaml as per the new template and location.
- In your shoot spec, use spec.credentialsBindingName instead of spec.secretBindingName by @wpross [#12748]
[DEVELOPER] The constant github.com/gardener/gardener/pkg/apis/core/v1beta1/constants.ShootGroupViewers has been removed, please use github.com/gardener/gardener/pkg/apis/core/v1beta1/constants.ShootSystemViewersGroupName by @vpnachev [#12673]

📰 Noteworthy

[USER] New ClusterRoleBindings are deployed in the shoot clusters, they will grant Admin and Viewer permissions that will be later leveraged by the AdminKubeconfig and ViewerKubeconfig feature of Gardener.
- gardener.cloud:system:admins - grants admin access to users that are Gardener System admins
- gardener.cloud:system:viewers- grants viewer access to users that are Gardener System viewers
- gardener.cloud:project:admins - grants admin access to users that are Gardener Project admins
- gardener.cloud:project:viewers - grants viewer access to users that are Gardener Project viewers by @vpnachev [#12673]

✨ New Features

[OPERATOR] Add annotation shoot.gardener.cloud/emergency-stop-reconciliations=true to Seed resources to temporarily disable Shoot reconciliations. by @LucaBernstein [#12712]

🐛 Bug Fixes

[OPERATOR] An issue causing the plutono-datasources ConfigMap to be reconciled by 2 ManagedResources when Seed is Garden managed by gardener-operator is now fixed. Occasionally, the issue was preventing successful Seed deletion. by @gardener-ci-robot [#12798]
[OPERATOR] Fixed MachineImage and MachineType architecture defaulting for CloudProfiles supporting one architecture only. by @Roncossek [#12745]
[USER] Errors that occur during Worker reconciliation are now also propagated to the Shoot status. by @matthias-horne [#12769]
[USER] The status of constraint DualStackNodesMigrationReady is now progressing instead of false at the start of a migration to dual-stack networking. by @axel7born [#12685]
[OPERATOR] The plutono-datasources ConfigMap is no longer wrongfully garbage collected while it is in use. by @timebertt [#12762]

🏃 Others

[DEPENDENCY] The following dependencies have been updated:
- gardener/dashboard from 1.81.1 to 1.81.2. Release Notes by @gardener-ci-robot [#12691]
[OPERATOR] Starting from Kubernetes version 1.34, enabling or disabling node-local-dns will no longer trigger node rolling (except kube-proxy is running in IPVS mode). Instead, a cleanup job will be executed. Additionally, node-local-dns is deployed per WorkerPool and node-local-dns will use UDP as default protocol for DNS queries to the upstream DNS server. by @DockToFuture [#12422]
[DEPENDENCY] The following dependencies have been updated:
- registry.k8s.io/ingress-nginx/controller-chroot from v1.13.0 to v1.13.1. by @gardener-ci-robot [#12710]
[DEPENDENCY] The following dependencies have been updated:
- registry.k8s.io/ingress-nginx/controller-chroot from v1.12.4 to v1.12.5. by @gardener-ci-robot [#12713]
[DEPENDENCY] The following dependencies have been updated:
- gardener/vpn2 from 0.41.0 to 0.41.1. Release Notes by @gardener-ci-robot [#12722]
[USER] Collect apiserver_validating_admission_policy_check_total metric by shoot Prometheus. by @chrkl [#12716]
[OPERATOR] The device-taint-eviction-controller is disabled for workerless Shoots with Kubernetes v1.33+. by @RadaBDimitrova [#12757]
[DEPENDENCY] The following dependencies have been updated:
- gardener/autoscaler from v1.32.0 to v1.32.1. Release Notes by @gardener-ci-robot [#12715]
[OPERATOR] Remove the init container and annotation used for the Prometheus volume cleanup migration from Prometheus resources by @vicwicker [#12728]
[DEPENDENCY] The following dependencies have been updated:
- quay.io/kiwigrid/k8s-sidecar from 1.30.7 to 1.30.8. by @gardener-ci-robot [#12727]
[OPERATOR] gardenlet now deploys a ServiceMonitor resource for the vpa-updater. With this, the vpa-updater metrics are scraped by prometheus. by @vitanovs [#12677]
[DEVELOPER] golang-test images for Go 1.25 are built now. Those for Go 1.23 are not built anymore because it is out of maintenance. by @marc1404 [#12770]
[OPERATOR] Validations for spec.provider.worker[] and spec.kubernetes.clusterAutoscaler have been improved. by @aaronfern [#12567]
[OPERATOR] The AdmissionConfiguration API resource has been migrated from version v1alpha1 to v1. by @georgibaltiev [#12615]
[OPERATOR] Update Setup Guide to include Cert Management for Garden by @hendrikKahl [#12706]
[DEPENDENCY] The following dependencies have been updated:
- quay.io/kiwigrid/k8s-sidecar from 1.30.8 to 1.30.9. by @gardener-ci-robot [#12750]

Update gardener-controlplane to 1.126.0

[github.com/gardener/gardener:v1.126.0]

⚠️ Breaking Changes

[OPERATOR] A separate node-local-dns DaemonSet is deployed for each worker pool such that each DaemonSet has the name node-local-dns-<worker-pool-name>.
If you are using gardener-extension-networking-cilium in your landscape, it is required to update it to a version which supports these new names for the DaemonSets.
Support is added with https://github.com/gardener/gardener-extension-networking-cilium/pull/622 and included in versions starting from: v1.42.1, v1.41.3 and v1.40.4 by @DockToFuture [#12422]
[OPERATOR] ⚠️ The NewWorkerPoolHash feature gate has been promoted to beta and is now enabled by default. When the feature gate is enabled, changes to kubeReserved, systemReserved, evictionHard or cpuManagerPolicy in the kubelet of the Shoot will trigger a node-roll. All provider extensions must be upgraded to a version which includes Gardener v1.98.0 first to support this feature. by @Duciwuci [#12550]
[DEVELOPER] The local Gardener development setup has been restructured:
- The location of key config files has changed. In particular, project.yaml now has to be created at example/provider-extensions/garden/project/base/project.yaml.
- The deprecated SecretBinding resource has been removed from the local deployment. Developers should now use CredentialsBinding resources instead.
- The template for credentials bindings is now located at:
  - For static credentials: example/provider-extensions/garden/project/without-workload-identity/credentials/credentialsbindings.yaml.tmpl
  - For workload identity: example/provider-extensions/garden/project/with-workload-identity/credentials/credentialsbindings.yaml.tmpl
- When referencing static credentials, update your configuration to use CredentialsBinding referencing Secret objects, as shown in the new template file. The previous secretbindings.yaml file and template have been removed.
Action required:
If you use static credentials for your local setup, update your configuration to:
- Use the new location for project.yaml.
- Replace any usage of secretbindings.yaml with credentialsbindings.yaml as per the new template and location.
- In your shoot spec, use spec.credentialsBindingName instead of spec.secretBindingName by @wpross [#12748]
[DEVELOPER] The constant github.com/gardener/gardener/pkg/apis/core/v1beta1/constants.ShootGroupViewers has been removed, please use github.com/gardener/gardener/pkg/apis/core/v1beta1/constants.ShootSystemViewersGroupName by @vpnachev [#12673]

📰 Noteworthy

[USER] New ClusterRoleBindings are deployed in the shoot clusters, they will grant Admin and Viewer permissions that will be later leveraged by the AdminKubeconfig and ViewerKubeconfig feature of Gardener.
- gardener.cloud:system:admins - grants admin access to users that are Gardener System admins
- gardener.cloud:system:viewers- grants viewer access to users that are Gardener System viewers
- gardener.cloud:project:admins - grants admin access to users that are Gardener Project admins
- gardener.cloud:project:viewers - grants viewer access to users that are Gardener Project viewers by @vpnachev [#12673]

✨ New Features

[OPERATOR] Add annotation shoot.gardener.cloud/emergency-stop-reconciliations=true to Seed resources to temporarily disable Shoot reconciliations. by @LucaBernstein [#12712]

🐛 Bug Fixes

[OPERATOR] An issue causing the plutono-datasources ConfigMap to be reconciled by 2 ManagedResources when Seed is Garden managed by gardener-operator is now fixed. Occasionally, the issue was preventing successful Seed deletion. by @gardener-ci-robot [#12798]
[OPERATOR] Fixed MachineImage and MachineType architecture defaulting for CloudProfiles supporting one architecture only. by @Roncossek [#12745]
[USER] Errors that occur during Worker reconciliation are now also propagated to the Shoot status. by @matthias-horne [#12769]
[USER] The status of constraint DualStackNodesMigrationReady is now progressing instead of false at the start of a migration to dual-stack networking. by @axel7born [#12685]
[OPERATOR] The plutono-datasources ConfigMap is no longer wrongfully garbage collected while it is in use. by @timebertt [#12762]

🏃 Others

[DEPENDENCY] The following dependencies have been updated:
- gardener/dashboard from 1.81.1 to 1.81.2. Release Notes by @gardener-ci-robot [#12691]
[OPERATOR] Starting from Kubernetes version 1.34, enabling or disabling node-local-dns will no longer trigger node rolling (except kube-proxy is running in IPVS mode). Instead, a cleanup job will be executed. Additionally, node-local-dns is deployed per WorkerPool and node-local-dns will use UDP as default protocol for DNS queries to the upstream DNS server. by @DockToFuture [#12422]
[DEPENDENCY] The following dependencies have been updated:
- registry.k8s.io/ingress-nginx/controller-chroot from v1.13.0 to v1.13.1. by @gardener-ci-robot [#12710]
[DEPENDENCY] The following dependencies have been updated:
- registry.k8s.io/ingress-nginx/controller-chroot from v1.12.4 to v1.12.5. by @gardener-ci-robot [#12713]
[DEPENDENCY] The following dependencies have been updated:
- gardener/vpn2 from 0.41.0 to 0.41.1. Release Notes by @gardener-ci-robot [#12722]
[USER] Collect apiserver_validating_admission_policy_check_total metric by shoot Prometheus. by @chrkl [#12716]
[OPERATOR] The device-taint-eviction-controller is disabled for workerless Shoots with Kubernetes v1.33+. by @RadaBDimitrova [#12757]
[DEPENDENCY] The following dependencies have been updated:
- gardener/autoscaler from v1.32.0 to v1.32.1. Release Notes by @gardener-ci-robot [#12715]
[OPERATOR] Remove the init container and annotation used for the Prometheus volume cleanup migration from Prometheus resources by @vicwicker [#12728]
[DEPENDENCY] The following dependencies have been updated:
- quay.io/kiwigrid/k8s-sidecar from 1.30.7 to 1.30.8. by @gardener-ci-robot [#12727]
[OPERATOR] gardenlet now deploys a ServiceMonitor resource for the vpa-updater. With this, the vpa-updater metrics are scraped by prometheus. by @vitanovs [#12677]
[DEVELOPER] golang-test images for Go 1.25 are built now. Those for Go 1.23 are not built anymore because it is out of maintenance. by @marc1404 [#12770]
[OPERATOR] Validations for spec.provider.worker[] and spec.kubernetes.clusterAutoscaler have been improved. by @aaronfern [#12567]
[OPERATOR] The AdmissionConfiguration API resource has been migrated from version v1alpha1 to v1. by @georgibaltiev [#12615]
[OPERATOR] Update Setup Guide to include Cert Management for Garden by @hendrikKahl [#12706]
[DEPENDENCY] The following dependencies have been updated:
- quay.io/kiwigrid/k8s-sidecar from 1.30.8 to 1.30.9. by @gardener-ci-robot [#12750]

Update gardenlet to 1.126.0

[github.com/gardener/gardener:v1.126.0]

⚠️ Breaking Changes

[OPERATOR] A separate node-local-dns DaemonSet is deployed for each worker pool such that each DaemonSet has the name node-local-dns-<worker-pool-name>.
If you are using gardener-extension-networking-cilium in your landscape, it is required to update it to a version which supports these new names for the DaemonSets.
Support is added with https://github.com/gardener/gardener-extension-networking-cilium/pull/622 and included in versions starting from: v1.42.1, v1.41.3 and v1.40.4 by @DockToFuture [#12422]
[OPERATOR] ⚠️ The NewWorkerPoolHash feature gate has been promoted to beta and is now enabled by default. When the feature gate is enabled, changes to kubeReserved, systemReserved, evictionHard or cpuManagerPolicy in the kubelet of the Shoot will trigger a node-roll. All provider extensions must be upgraded to a version which includes Gardener v1.98.0 first to support this feature. by @Duciwuci [#12550]
[DEVELOPER] The local Gardener development setup has been restructured:
- The location of key config files has changed. In particular, project.yaml now has to be created at example/provider-extensions/garden/project/base/project.yaml.
- The deprecated SecretBinding resource has been removed from the local deployment. Developers should now use CredentialsBinding resources instead.
- The template for credentials bindings is now located at:
  - For static credentials: example/provider-extensions/garden/project/without-workload-identity/credentials/credentialsbindings.yaml.tmpl
  - For workload identity: example/provider-extensions/garden/project/with-workload-identity/credentials/credentialsbindings.yaml.tmpl
- When referencing static credentials, update your configuration to use CredentialsBinding referencing Secret objects, as shown in the new template file. The previous secretbindings.yaml file and template have been removed.
Action required:
If you use static credentials for your local setup, update your configuration to:
- Use the new location for project.yaml.
- Replace any usage of secretbindings.yaml with credentialsbindings.yaml as per the new template and location.
- In your shoot spec, use spec.credentialsBindingName instead of spec.secretBindingName by @wpross [#12748]
[DEVELOPER] The constant github.com/gardener/gardener/pkg/apis/core/v1beta1/constants.ShootGroupViewers has been removed, please use github.com/gardener/gardener/pkg/apis/core/v1beta1/constants.ShootSystemViewersGroupName by @vpnachev [#12673]

📰 Noteworthy

[USER] New ClusterRoleBindings are deployed in the shoot clusters, they will grant Admin and Viewer permissions that will be later leveraged by the AdminKubeconfig and ViewerKubeconfig feature of Gardener.
- gardener.cloud:system:admins - grants admin access to users that are Gardener System admins
- gardener.cloud:system:viewers- grants viewer access to users that are Gardener System viewers
- gardener.cloud:project:admins - grants admin access to users that are Gardener Project admins
- gardener.cloud:project:viewers - grants viewer access to users that are Gardener Project viewers by @vpnachev [#12673]

✨ New Features

[OPERATOR] Add annotation shoot.gardener.cloud/emergency-stop-reconciliations=true to Seed resources to temporarily disable Shoot reconciliations. by @LucaBernstein [#12712]

🐛 Bug Fixes

[OPERATOR] An issue causing the plutono-datasources ConfigMap to be reconciled by 2 ManagedResources when Seed is Garden managed by gardener-operator is now fixed. Occasionally, the issue was preventing successful Seed deletion. by @gardener-ci-robot [#12798]
[OPERATOR] Fixed MachineImage and MachineType architecture defaulting for CloudProfiles supporting one architecture only. by @Roncossek [#12745]
[USER] Errors that occur during Worker reconciliation are now also propagated to the Shoot status. by @matthias-horne [#12769]
[USER] The status of constraint DualStackNodesMigrationReady is now progressing instead of false at the start of a migration to dual-stack networking. by @axel7born [#12685]
[OPERATOR] The plutono-datasources ConfigMap is no longer wrongfully garbage collected while it is in use. by @timebertt [#12762]

🏃 Others

[DEPENDENCY] The following dependencies have been updated:
- gardener/dashboard from 1.81.1 to 1.81.2. Release Notes by @gardener-ci-robot [#12691]
[OPERATOR] Starting from Kubernetes version 1.34, enabling or disabling node-local-dns will no longer trigger node rolling (except kube-proxy is running in IPVS mode). Instead, a cleanup job will be executed. Additionally, node-local-dns is deployed per WorkerPool and node-local-dns will use UDP as default protocol for DNS queries to the upstream DNS server. by @DockToFuture [#12422]
[DEPENDENCY] The following dependencies have been updated:
- registry.k8s.io/ingress-nginx/controller-chroot from v1.13.0 to v1.13.1. by @gardener-ci-robot [#12710]
[DEPENDENCY] The following dependencies have been updated:
- registry.k8s.io/ingress-nginx/controller-chroot from v1.12.4 to v1.12.5. by @gardener-ci-robot [#12713]
[DEPENDENCY] The following dependencies have been updated:
- gardener/vpn2 from 0.41.0 to 0.41.1. Release Notes by @gardener-ci-robot [#12722]
[USER] Collect apiserver_validating_admission_policy_check_total metric by shoot Prometheus. by @chrkl [#12716]
[OPERATOR] The device-taint-eviction-controller is disabled for workerless Shoots with Kubernetes v1.33+. by @RadaBDimitrova [#12757]
[DEPENDENCY] The following dependencies have been updated:
- gardener/autoscaler from v1.32.0 to v1.32.1. Release Notes by @gardener-ci-robot [#12715]
[OPERATOR] Remove the init container and annotation used for the Prometheus volume cleanup migration from Prometheus resources by @vicwicker [#12728]
[DEPENDENCY] The following dependencies have been updated:
- quay.io/kiwigrid/k8s-sidecar from 1.30.7 to 1.30.8. by @gardener-ci-robot [#12727]
[OPERATOR] gardenlet now deploys a ServiceMonitor resource for the vpa-updater. With this, the vpa-updater metrics are scraped by prometheus. by @vitanovs [#12677]
[DEVELOPER] golang-test images for Go 1.25 are built now. Those for Go 1.23 are not built anymore because it is out of maintenance. by @marc1404 [#12770]
[OPERATOR] Validations for spec.provider.worker[] and spec.kubernetes.clusterAutoscaler have been improved. by @aaronfern [#12567]
[OPERATOR] The AdmissionConfiguration API resource has been migrated from version v1alpha1 to v1. by @georgibaltiev [#12615]
[OPERATOR] Update Setup Guide to include Cert Management for Garden by @hendrikKahl [#12706]
[DEPENDENCY] The following dependencies have been updated:
- quay.io/kiwigrid/k8s-sidecar from 1.30.8 to 1.30.9. by @gardener-ci-robot [#12750]

Yake release notes and upgrade guide​

Related upstream release notes / changelogs​

[github.com/gardener/gardener:v1.125.1]

🏃 Others​

[github.com/gardener/gardener:v1.125.1]

🏃 Others​

[github.com/gardener/gardener:v1.125.1]

🏃 Others​

[github.com/gardener/gardener-extension-shoot-rsyslog-relp:v0.10.0]

⚠️ Breaking Changes​

Helm Charts​

Container (OCI) Images​

[github.com/gardener/gardener-extension-shoot-networking-problemdetector:v0.28.0]

🏃 Others​

[github.com/gardener/gardener-extension-runtime-gvisor:v0.23.0]

🏃 Others​

🏃 Others​

[github.com/gardener/gardener-extension-networking-cilium:v1.42.1]

🏃 Others​

[github.com/gardener/gardener:v1.125.2]

🐛 Bug Fixes​

[github.com/gardener/gardener:v1.125.2]

🐛 Bug Fixes​

[github.com/gardener/gardener:v1.125.2]

🐛 Bug Fixes​

[github.com/gardener/gardener:v1.126.0]

⚠️ Breaking Changes​

📰 Noteworthy​

✨ New Features​

🐛 Bug Fixes​

🏃 Others​

[github.com/gardener/gardener:v1.126.0]

⚠️ Breaking Changes​

📰 Noteworthy​

✨ New Features​

🐛 Bug Fixes​

🏃 Others​

[github.com/gardener/gardener:v1.126.0]

⚠️ Breaking Changes​

📰 Noteworthy​

✨ New Features​

🐛 Bug Fixes​

🏃 Others​

Yake release notes and upgrade guide

Related upstream release notes / changelogs

🏃 Others

🏃 Others

🏃 Others

⚠️ Breaking Changes

Helm Charts

Container (OCI) Images

🏃 Others

🏃 Others

🏃 Others

🏃 Others

🐛 Bug Fixes

🐛 Bug Fixes

🐛 Bug Fixes

⚠️ Breaking Changes

📰 Noteworthy

✨ New Features

🐛 Bug Fixes

🏃 Others

⚠️ Breaking Changes

📰 Noteworthy

✨ New Features

🐛 Bug Fixes

🏃 Others

⚠️ Breaking Changes

📰 Noteworthy

✨ New Features

🐛 Bug Fixes

🏃 Others