Release Notes v1.128

Yake release notes and upgrade guide

Related upstream release notes / changelogs

Update external-dns-management to 0.28.0

Helm Charts

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.28.0

Container (OCI) Images

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.28.0

Update provider-azure to 1.54.0

[github.com/gardener/gardener-extension-provider-azure:v1.54.0]

⚠️ Breaking Changes

• [OPERATOR] provider-azure no longer supports Shoots with Кubernetes version <= 1.28. by @RadaBDimitrova [#1216]
• [OPERATOR] Remove support for the terraform-based infrastructure reconciler. by @kon-angelo [#1231]

📰 Noteworthy

• [OPERATOR] Enforce NAT-Gateway creation for new shoots if no NAT-Config provided and user doesn't bring his own VNet by @hebelsan [#1257]

✨ New Features

• [USER] This extension now supports in-place node updates. Read more about it here. by @acumino [#1181]

🐛 Bug Fixes

• [OPERATOR] A bug preventing all obsolete machine-controller-manager ClusterRoles and ClusterRoleBindings to be deleted on extension startup has been fixed. by @georgibaltiev [#1240]
• [OPERATOR] Add missing permission for the CSI disk driver by @hebelsan [#1218]

🏃 Others

• [OPERATOR] Update GHA pipelines with new release options by @kon-angelo [#1230]
• [OPERATOR] Enable setting feature gates for the admission controller by @hebelsan [#1284]
• [OPERATOR] Upgrade gardener dependency to v1.123.1 by @theoddora [#1232]
• [OPERATOR] Clients created by the Azure extension provider will now identify themselves by adding to the user-agent header of their calls. by @AndreasBurger [#1211]
• [OPERATOR] Separate bastion reconcile and delete options by @hebelsan [#1233]
• [OPERATOR] Introduce feature gate to forcefully migrate Availability set based shoots to VMSS by @kon-angelo [#1242]
• [DEVELOPER] migrate CICD-Pipeline to GitHub-Actions by @ccwienk [#1225]
• [OPERATOR] The provider-azure extension does now support shoot clusters with Kubernetes version 1.33. You should consider the Kubernetes release notes before upgrading to 1.33. by @plkokanov [#1198]
• [OPERATOR] Update none gardener dependencies & gardener/gardener to v1.125.0 by @hebelsan [#1249]
• [OPERATOR] Upgrade vendored gardener/gardener v1.118.0 -> v1.121.1 by @kon-angelo [#1201]
• [OPERATOR] Remove obsolete terraformer resources by @kon-angelo [#1239]
• [OPERATOR] Upgrade gardener dependency to v1.122.1 by @RadaBDimitrova [#1226]
• [OPERATOR] Update the default etcd storage-class to reflect the CSI provisioner and update the default opts by @kon-angelo [#1223]
• [OPERATOR] Introduce annotation that disables default outbound access on subnet level to be used for testing purposes. by @kon-angelo [#1241]
• [OPERATOR] An example Extension manifest for extension registration has been added. It can be found at example/extension.yaml by @timuthy [#1262]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.54.0
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.54.0
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.54.0

Container (OCI) Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.54.0
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.54.0

Update shoot-dns-service to 1.69.0

[github.com/gardener/gardener-extension-shoot-dns-service:v1.69.0]

🏃 Others

• [DEPENDENCY] Updated external-dns-management to v0.28.0 ref. by @marc1404 [#545]

Helm Charts

• shoot-dns-service-admission-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-dns-service-admission-application:v1.69.0
• shoot-dns-service-admission-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-dns-service-admission-runtime:v1.69.0
• shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-dns-service:v1.69.0

Container (OCI) Images

• gardener-extension-admission-shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-shoot-dns-service:v1.69.0
• gardener-extension-shoot-dns-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-dns-service:v1.69.0

Update gardener-controlplane to 1.127.1

[github.com/gardener/gardener:v1.127.1]

🐛 Bug Fixes

• [OPERATOR] A bug in the gardenlet start-up migration of the Admin and Viewer Kubeconfig ClusterRoleBindings where a ManagedResource secret could be deleted leading to gardenlet being unable to startup is fixed. by @gardener-ci-robot [#12928]

🏃 Others

• [OPERATOR] Monitoring the Istio Ingress Gateways is temporarily disabled to mitigate a metric leak issue. This does not affect the monitoring of the shoot control planes where these metrics are not used. by @gardener-ci-robot [#12935]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.127.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.127.1
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.127.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.127.1

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.127.1
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.127.1
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.127.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.127.1
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.127.1
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.127.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.127.1
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.127.1

Update gardener-controlplane to 1.127.1

[github.com/gardener/gardener:v1.127.1]

🐛 Bug Fixes

• [OPERATOR] A bug in the gardenlet start-up migration of the Admin and Viewer Kubeconfig ClusterRoleBindings where a ManagedResource secret could be deleted leading to gardenlet being unable to startup is fixed. by @gardener-ci-robot [#12928]

🏃 Others

• [OPERATOR] Monitoring the Istio Ingress Gateways is temporarily disabled to mitigate a metric leak issue. This does not affect the monitoring of the shoot control planes where these metrics are not used. by @gardener-ci-robot [#12935]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.127.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.127.1
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.127.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.127.1

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.127.1
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.127.1
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.127.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.127.1
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.127.1
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.127.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.127.1
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.127.1

Update gardenlet to 1.127.1

[github.com/gardener/gardener:v1.127.1]

🐛 Bug Fixes

• [OPERATOR] A bug in the gardenlet start-up migration of the Admin and Viewer Kubeconfig ClusterRoleBindings where a ManagedResource secret could be deleted leading to gardenlet being unable to startup is fixed. by @gardener-ci-robot [#12928]

🏃 Others

• [OPERATOR] Monitoring the Istio Ingress Gateways is temporarily disabled to mitigate a metric leak issue. This does not affect the monitoring of the shoot control planes where these metrics are not used. by @gardener-ci-robot [#12935]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.127.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.127.1
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.127.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.127.1

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.127.1
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.127.1
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.127.1
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.127.1
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.127.1
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.127.1
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.127.1
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.127.1

Update provider-azure to 1.54.1

[github.com/gardener/gardener-extension-provider-azure:v1.54.1]

🏃 Others

• [OPERATOR] Fix a bug that disabled subnet's default outbound access. by @kon-angelo [#1291]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.54.1
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.54.1
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.54.1

Container (OCI) Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.54.1
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.54.1

Update backup-s3 to 0.8.1

General Changes

• fix(chart): rbac-runtime has a wrong serviceAccountName (#20) @nschad

Update shoot-networking-filter to 0.25.0

[github.com/gardener/gardener-extension-shoot-networking-filter:v0.25.0]

🐛 Bug Fixes

• [OPERATOR] Networking filter now prints the server's response in case no valid JSON was returned while downloading the filter list. by @domdom82 [#273]

🏃 Others

• [OPERATOR] Fix priorityClassName for deployment on Garden runtime cluster. by @MartinWeindel [#266]

Helm Charts

• runtime-networking-filter: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/runtime-networking-filter:v0.25.0
• shoot-networking-filter-admission-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-networking-filter-admission-application:v0.25.0
• shoot-networking-filter-admission-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-networking-filter-admission-runtime:v0.25.0
• shoot-networking-filter: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-networking-filter:v0.25.0

Container (OCI) Images

• gardener-extension-shoot-networking-filter-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-networking-filter-admission:v0.25.0
• gardener-extension-shoot-networking-filter: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-networking-filter:v0.25.0
• gardener-runtime-networking-filter: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-networking-filter:v0.25.0

Update os-gardenlinux to 0.33.0

[github.com/gardener/gardener-extension-os-gardenlinux:v0.33.0]

🏃 Others

• [OPERATOR] An example Extension manifest for extension registration has been added. It can be found at example/extension.yaml by @timuthy [#290]
• [DEVELOPER] migrate CICD-Pipeline to GitHub-Actions by @ccwienk [#272]
• [OPERATOR] export testresults as inlined ocm-resource by @heldkat [#280]

Helm Charts

• os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-gardenlinux:v0.33.0

Container (OCI) Images

• gardener-extension-os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.33.0

Update os-ubuntu to 1.32.0

[github.com/gardener/gardener-extension-os-ubuntu:v1.32.0]

🐛 Bug Fixes

• [OPERATOR] Fixed an RBAC issue when deploying this extension through the Gardener operator. by @Wieneo [#215]

🏃 Others

• [DEVELOPER] migrate CICD-Pipelines to GitHub-Actions by @ccwienk [#223]
• [OPERATOR] export testresults as inlined ocm-resource by @heldkat [#229]
• [OPERATOR] An example Extension manifest for extension registration has been added. It can be found at example/extension.yaml by @timuthy [#238]

Helm Charts

• os-ubuntu: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-ubuntu:v1.32.0

Container (OCI) Images

• gardener-extension-os-ubuntu: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-ubuntu:v1.32.0

Update runtime-gvisor to 0.24.0

[github.com/gardener/gardener-extension-runtime-gvisor:v0.24.0]

🏃 Others

• [OPERATOR] An example Extension manifest for extension registration has been added. It can be found at example/extension.yaml by @timuthy [#275]

🏃 Others

• [OPERATOR] Updated gVisor binaries to 20250820.0. by @gardener-github-actions[bot] [#279]

Helm Charts

• runtime-gvisor: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/runtime-gvisor:v0.24.0

Container (OCI) Images

• gardener-extension-runtime-gvisor-installation: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor-installation:v0.24.0
• gardener-extension-runtime-gvisor: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/runtime-gvisor:v0.24.0

Update shoot-flux to 0.22.0

What's Changed

• 🤖: migrate renovate config by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/186
• 🤖 Update module github.com/fluxcd/flux2/v2 to v2.6.4 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/167
• 🤖 Update module golang.org/x/tools to v0.37.0 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/187
• 🤖 Update k8s and gardener packages to v0.33.5 (patch) by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/164
• Add Garden Cluster Identity to shoot-info ConfigMap by @maboehm in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/189
• 🤖 Update module github.com/gardener/gardener to v1.127.1 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-shoot-flux/pull/188

Full Changelog: https://github.com/stackitcloud/gardener-extension-shoot-flux/compare/v0.21.0...v0.22.0

Update provider-alicloud to 1.65.0

[github.com/gardener/gardener-extension-provider-alicloud:v1.65.0]

📰 Noteworthy

• [OPERATOR] Added support for immutable backup buckets in the Alicloud provider extension. Operators can configure immutability settings. Please refer to this doc: https://github.com/gardener/gardener-extension-provider-alicloud/blob/master/docs/usage/usage.md#BackupBucket by @ishan16696 [#825]

🐛 Bug Fixes

• [OPERATOR] A bug preventing all obsolete machine-controller-manager ClusterRoles and ClusterRoleBindings to be deleted on extension startup has been fixed. by @georgibaltiev [#823]

🏃 Others

• [OPERATOR] Upgrade gardener dependency to v1.123.1 by @theoddora [#821]
• [OPERATOR] Flow-base now supports zone CIDR named with worker , and enable migrate from worker to workers by @kevin-lacoo [#836]
• [OPERATOR] An example Extension manifest for extension registration has been added. It can be found at [example/extension.yaml](https://github.com/gardener/gardener-extension-provider-alicloud/blob/master/example/extension.yaml) by @timuthy [#833]
• [DEVELOPER] disable upgrade-pullrequest-workflow for forks by @ccwienk [#822]
• [OPERATOR] export testresults as inlined ocm-resource by @heldkat [#827]
• [OPERATOR] Reverting the fix of creation of OSS backup-bucket with redundancy set to ZRS to LRS as some region doesn't support the ZRS. by @ishan16696 [#826]

Helm Charts

• admission-alicloud-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-application:v1.65.0
• admission-alicloud-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-runtime:v1.65.0
• provider-alicloud: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-alicloud:v1.65.0

Container (OCI) Images

• gardener-extension-admission-alicloud: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-alicloud:v1.65.0
• gardener-extension-provider-alicloud: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-alicloud:v1.65.0

Update dashboard to 1.82.0

[github.com/gardener/dashboard:1.82.0]

✨ New Features

• [USER] Added icon picker for custom fields by @petersutter [#2572]
• [OPERATOR] Real-time updates for seeds are now supported. In the shoot list, you can now see the conditions of the corresponding seed cluster in the Seed Readiness column. The Seed column has also been moved close to the newly introduced Seed Readiness column. by @petersutter [#2444]
• [USER] Add support for STACKIT infrastructure by @maboehm [#2610]
• [USER] Considers project tolerations for cloudprofile selection in shoot creation dialog by @klocke-io [#2589]
• [USER] Added support for Project titles by @marc1404 [#2470]

🐛 Bug Fixes

• [DEVELOPER] Fix flaky test and pin NodeJS version for reproduceable pipeline runs by @klocke-io [#2585]

🏃 Others

• [DEVELOPER] Adds a central serve command to start the development serve in both the backend and frontend. by @klocke-io [#2633]
• [DEVELOPER] Add minimal AGENTS.md setup by @klocke-io [#2622]
• [DEVELOPER] Migrated backend from CommonJS to ESM and added a temporary transpilation step for Jest tests, which are still in CommonJS until a later migration by @klocke-io [#2494]

Container (OCI) Images

• gardener-dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.82.0

Update dashboard to 1.82.0

[github.com/gardener/dashboard:1.82.0]

✨ New Features

• [USER] Added icon picker for custom fields by @petersutter [#2572]
• [OPERATOR] Real-time updates for seeds are now supported. In the shoot list, you can now see the conditions of the corresponding seed cluster in the Seed Readiness column. The Seed column has also been moved close to the newly introduced Seed Readiness column. by @petersutter [#2444]
• [USER] Add support for STACKIT infrastructure by @maboehm [#2610]
• [USER] Considers project tolerations for cloudprofile selection in shoot creation dialog by @klocke-io [#2589]
• [USER] Added support for Project titles by @marc1404 [#2470]

🐛 Bug Fixes

• [DEVELOPER] Fix flaky test and pin NodeJS version for reproduceable pipeline runs by @klocke-io [#2585]

🏃 Others

• [DEVELOPER] Adds a central serve command to start the development serve in both the backend and frontend. by @klocke-io [#2633]
• [DEVELOPER] Add minimal AGENTS.md setup by @klocke-io [#2622]
• [DEVELOPER] Migrated backend from CommonJS to ESM and added a temporary transpilation step for Jest tests, which are still in CommonJS until a later migration by @klocke-io [#2494]

Container (OCI) Images

• gardener-dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.82.0

Update networking-calico to 1.51.0

[github.com/gardener/gardener-extension-networking-calico:v1.51.0]

🏃 Others

• [OPERATOR] An example Extension manifest for extension registration has been added. It can be found at example/extension.yaml by @timuthy [#706]
• [OPERATOR] A background script in the calico-node pod now properly reacts to SIGTERM allowing for faster node reboots. by @MrBatschner [#710]
• [OPERATOR] bird-exporter sidecar added to calico-node DaemonSet to export bird metrics into Prometheus by @videlov [#687]
• [OPERATOR] calico is updated to v3.30.3 by @axel7born [#691]

Helm Charts

• admission-calico-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.51.0
• admission-calico-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.51.0
• networking-calico: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.51.0

Container (OCI) Images

• gardener-extension-admission-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.51.0
• gardener-extension-networking-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.51.0

Update networking-cilium to 1.43.0

[github.com/gardener/gardener-extension-networking-cilium:v1.43.0]

🏃 Others

• [OPERATOR] A background script in the cilium agent pod now properly reacts to SIGTERM allowing for faster node reboots. by @ScheererJ [#629]
• [OPERATOR] Update cilium to v1.17.7 by @gardener-ci-robot [#621]
• [OPERATOR] An example Extension manifest for extension registration has been added. It can be found at example/extension.yaml by @timuthy [#623]
• [OPERATOR] Cilium extension now works with worker pool specific node-local-dns daemonsets. by @ScheererJ [#622]

Helm Charts

• admission-cilium-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.43.0
• admission-cilium-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.43.0
• networking-cilium: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.43.0

Container (OCI) Images

• gardener-extension-admission-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.43.0
• gardener-extension-networking-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.43.0

Update dashboard to 1.82.1

[github.com/gardener/dashboard:1.82.1]

🐛 Bug Fixes

• [USER] Fix filtering of cloudprofiles by provider type in the create cluster dialog by @gardener-github-actions[bot] [#2640]

Container (OCI) Images

• gardener-dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.82.1

Update dashboard to 1.82.1

[github.com/gardener/dashboard:1.82.1]

🐛 Bug Fixes

• [USER] Fix filtering of cloudprofiles by provider type in the create cluster dialog by @gardener-github-actions[bot] [#2640]

Container (OCI) Images

• gardener-dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.82.1

Update networking-cilium to 1.43.1

[github.com/gardener/gardener-extension-networking-cilium:v1.43.1]

🐛 Bug Fixes

• [OPERATOR] Adapt ScrapeConfig to more picky prometheus-operator v0.76.0 to support new gardener releases. by @Johannes Scheerer [gardener/gardener-extension-networking-cilium@f6da49a531b9ccf1566a52fa6ce75d7a416228b0]

Helm Charts

• admission-cilium-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.43.1
• admission-cilium-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.43.1
• networking-cilium: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.43.1

Container (OCI) Images

• gardener-extension-admission-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.43.1
• gardener-extension-networking-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.43.1

Update gardener-controlplane to 1.128.0

[github.com/gardener/gardener:v1.128.0]

⚠️ Breaking Changes

• [USER] The validation logic for Project resources has been changed: .spec.description and .spec.purpose fields may only contain letters, numbers and some punctuation characters. Existing projects are not affected by this change unless their description or purpose is updated. by @timuthy [#12902]
• [OPERATOR] The long time deprecated legacy ScrapeConfig roles in monitoring.coreos.com have been removed from CRD. by @oliver-goetz [#12908]
• [USER] In the Shoot API, the .spec.kubernetes.kubelet.cpuManagerPolicy and .spec.provider.workers[].kubelet.cpuManagerPolicy fields are now validated to ensure they can only be set to static or none. by @shafeeqes [#12914]
• [USER] In the Shoot API, the .spec.kubernetes.kubelet.containerLogMaxSize and .spec.provider.workers[].kubelet.containerLogMaxSize fields are now validated to ensure they contain a valid resource quantity. by @shafeeqes [#12914]
• [OPERATOR] The ShootVPAEnabledByDefault admission plugin is now enabled by default for the Gardener API server. Disable this admission plugin explicitly if you don't want VPA to be enabled by default for newly created Shoots. If you already have the admission plugin enabled, you can remove the explicit enablement after upgrading to this version of Gardener as the plugin is now enabled by default. by @georgibaltiev [#12854]
• [OPERATOR] The following fields in the CloudProfile have been renamed:
  • spec.capabilities -> spec.machineCapabilities
  • spec.MachineImages[].Versions[].capabilitySets -> spec.MachineImages[].Versions[].capabilityFlavors
    Please update your CloudProfiles accordingly if you are using capabilities (currently in alpha state). by @Roncossek [#12751]

📰 Noteworthy

• [USER] The rotate-etcd-encryption-start and rotate-etcd-encryption-complete operation annotations have been deprecated in favour of rotate-etcd-encryption-key. by @AleksandarSavchev [#12605]
• [DEVELOPER] Usages of the deprecated gopkg.in/yaml.v{2|3} packages were dropped. Please refrain from using them. Instead, please use the go.yaml.in/yaml/v4 package instead. by @tobschli [#12895]

✨ New Features

• [OPERATOR] It is now allowed backups to use WorkloadIdentity as credentials via the seed.spec.backup.credentialsRef and backupBucket.spec.credentialsRef APIs. In order to make use of this feature, the infrastructure and provider extension must support WorkloadIdentity credentials. by @vpnachev [#12924]
• [DEVELOPER] A developer guideline on validation in Gardener extensions has been added. Please consult this document as an extension developer or reviewer to ensure consistency in validation code across the Gardener extensions codebase. Check out the Validation Guidelines for Extensions document. by @ialidzhikov [#12811]
• [DEVELOPER] A developer guideline on validation in Gardener components has been added. Please consult this document as a developer or reviewer to ensure consistency in validation code across the Gardener codebase. Check out the Validation Guidelines document. by @ialidzhikov [#12811]
• [USER] Added operation annotation rotate-etcd-encryption-key which can be set to the Shoot and Garden resource to perform an etcd encryption key rotation. by @AleksandarSavchev [#12605]

🐛 Bug Fixes

• [DEPENDENCY] The certificate issuance and renewal flow for webhooks has been improved. Previously, controller restarts during the renewal process could leave the system in an unrecoverable error state, preventing the extension from starting. by @timuthy [#12852]
• [OPERATOR] An issue causing the update of existing CustomResourceDefinitions to be no-op is now fixed. by @shafeeqes [#12963]
• [OPERATOR] A bug in the gardenlet start-up migration of the Admin and Viewer Kubeconfig ClusterRoleBindings where a ManagedResource secret could be deleted leading to gardenlet being unable to startup is fixed. by @vpnachev [#12923]

🏃 Others

• [OPERATOR] gardener-node-agent no longer reboots a node if it flaps too often between ready/non-ready in a short period of time. by @ScheererJ [#12930]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/dashboard from 1.82.0 to 1.82.1. Release Notes by @gardener-ci-robot [#12982]
• [OPERATOR] Monitoring the Istio Ingress Gateways is temporarily disabled to mitigate a metric leak issue. This does not affect the monitoring of the shoot control planes where these metrics are not used. by @istvanballok [#12896]
• [OPERATOR] Reduce the CPU resource requests of istio-ingressgateway to 450m for the case with enabled L7 loadbalancing. by @voelzmo [#12881]
• [DEPENDENCY] The following dependencies have been updated:
  • envoyproxy/envoy from distroless-v1.35.0 to v1.35.3. Release Notes by @gardener-ci-robot [#12909]
• [DEPENDENCY] The following dependencies have been updated:
  • gcr.io/istio-release/pilot from 1.25.4 to 1.25.5.
  • gcr.io/istio-release/proxyv2 from 1.25.4 to 1.25.5.
  • istio.io/api from v1.25.4 to v1.25.5. by @gardener-ci-robot [#12886]
• [DEPENDENCY] The following dependencies have been updated:
  • perses/perses from v0.51.1 to v0.52.0. Release Notes by @gardener-ci-robot [#12951]
• [DEVELOPER] Add ensure capabilities for HA vpn statefulsets by @RiRa12621 [#12949]
• [OPERATOR] Ensure that enabling node-local-dns for all shoot clusters does not alter DNS behaviour. To maintain consistency the custom CoreDNS configmap is mounted into the node-local-dns pods and the custom overwrite rules defined in the custom CoreDNS configuration is applied onto the node-local-dns pods. by @DockToFuture [#12893]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/dashboard from 1.81.3 to 1.82.0. Release Notes by @gardener-ci-robot [#12970]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/ingress-default-backend from 0.23.0 to 0.24.0. Release Notes by @gardener-ci-robot [#12945]
• [OPERATOR] Adds Machine Capabilities support for provider local. Read more about Machine Capabilities here by @Roncossek [#12751]
• [OPERATOR] The VPA ManagedResource and the Secret it references are now removed when VPA is disabled in the Shoot, Seed or Garden specification. Previously, when VPA was disabled a ManagedResource with an empty Secret would be created. Now, no ManagedResource is created. by @RadaBDimitrova [#12870]
• [OPERATOR] set semver-compliant resource-version for envoy-proxy by @ccwienk [#12941]
• [DEVELOPER] The istio-ingressgateway service of the local2 seed is now exposed on 172.18.255.2:443 instead of 172.18.255.2:9443 on the developer's host machine. by @plkokanov [#12905]
• [OPERATOR] Allowlist new etcd-druid compaction metric and update network policies to allow full-snapshot API requests from etcd-druid to etcd-main client service. by @anveshreddy18 [#12849]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.128.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.128.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.128.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.128.0

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.128.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.128.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.128.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.128.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.128.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.128.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.128.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.128.0

Update gardener-controlplane to 1.128.0

[github.com/gardener/gardener:v1.128.0]

⚠️ Breaking Changes

• [USER] The validation logic for Project resources has been changed: .spec.description and .spec.purpose fields may only contain letters, numbers and some punctuation characters. Existing projects are not affected by this change unless their description or purpose is updated. by @timuthy [#12902]
• [OPERATOR] The long time deprecated legacy ScrapeConfig roles in monitoring.coreos.com have been removed from CRD. by @oliver-goetz [#12908]
• [USER] In the Shoot API, the .spec.kubernetes.kubelet.cpuManagerPolicy and .spec.provider.workers[].kubelet.cpuManagerPolicy fields are now validated to ensure they can only be set to static or none. by @shafeeqes [#12914]
• [USER] In the Shoot API, the .spec.kubernetes.kubelet.containerLogMaxSize and .spec.provider.workers[].kubelet.containerLogMaxSize fields are now validated to ensure they contain a valid resource quantity. by @shafeeqes [#12914]
• [OPERATOR] The ShootVPAEnabledByDefault admission plugin is now enabled by default for the Gardener API server. Disable this admission plugin explicitly if you don't want VPA to be enabled by default for newly created Shoots. If you already have the admission plugin enabled, you can remove the explicit enablement after upgrading to this version of Gardener as the plugin is now enabled by default. by @georgibaltiev [#12854]
• [OPERATOR] The following fields in the CloudProfile have been renamed:
  • spec.capabilities -> spec.machineCapabilities
  • spec.MachineImages[].Versions[].capabilitySets -> spec.MachineImages[].Versions[].capabilityFlavors
    Please update your CloudProfiles accordingly if you are using capabilities (currently in alpha state). by @Roncossek [#12751]

📰 Noteworthy

• [USER] The rotate-etcd-encryption-start and rotate-etcd-encryption-complete operation annotations have been deprecated in favour of rotate-etcd-encryption-key. by @AleksandarSavchev [#12605]
• [DEVELOPER] Usages of the deprecated gopkg.in/yaml.v{2|3} packages were dropped. Please refrain from using them. Instead, please use the go.yaml.in/yaml/v4 package instead. by @tobschli [#12895]

✨ New Features

• [OPERATOR] It is now allowed backups to use WorkloadIdentity as credentials via the seed.spec.backup.credentialsRef and backupBucket.spec.credentialsRef APIs. In order to make use of this feature, the infrastructure and provider extension must support WorkloadIdentity credentials. by @vpnachev [#12924]
• [DEVELOPER] A developer guideline on validation in Gardener extensions has been added. Please consult this document as an extension developer or reviewer to ensure consistency in validation code across the Gardener extensions codebase. Check out the Validation Guidelines for Extensions document. by @ialidzhikov [#12811]
• [DEVELOPER] A developer guideline on validation in Gardener components has been added. Please consult this document as a developer or reviewer to ensure consistency in validation code across the Gardener codebase. Check out the Validation Guidelines document. by @ialidzhikov [#12811]
• [USER] Added operation annotation rotate-etcd-encryption-key which can be set to the Shoot and Garden resource to perform an etcd encryption key rotation. by @AleksandarSavchev [#12605]

🐛 Bug Fixes

• [DEPENDENCY] The certificate issuance and renewal flow for webhooks has been improved. Previously, controller restarts during the renewal process could leave the system in an unrecoverable error state, preventing the extension from starting. by @timuthy [#12852]
• [OPERATOR] An issue causing the update of existing CustomResourceDefinitions to be no-op is now fixed. by @shafeeqes [#12963]
• [OPERATOR] A bug in the gardenlet start-up migration of the Admin and Viewer Kubeconfig ClusterRoleBindings where a ManagedResource secret could be deleted leading to gardenlet being unable to startup is fixed. by @vpnachev [#12923]

🏃 Others

• [OPERATOR] gardener-node-agent no longer reboots a node if it flaps too often between ready/non-ready in a short period of time. by @ScheererJ [#12930]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/dashboard from 1.82.0 to 1.82.1. Release Notes by @gardener-ci-robot [#12982]
• [OPERATOR] Monitoring the Istio Ingress Gateways is temporarily disabled to mitigate a metric leak issue. This does not affect the monitoring of the shoot control planes where these metrics are not used. by @istvanballok [#12896]
• [OPERATOR] Reduce the CPU resource requests of istio-ingressgateway to 450m for the case with enabled L7 loadbalancing. by @voelzmo [#12881]
• [DEPENDENCY] The following dependencies have been updated:
  • envoyproxy/envoy from distroless-v1.35.0 to v1.35.3. Release Notes by @gardener-ci-robot [#12909]
• [DEPENDENCY] The following dependencies have been updated:
  • gcr.io/istio-release/pilot from 1.25.4 to 1.25.5.
  • gcr.io/istio-release/proxyv2 from 1.25.4 to 1.25.5.
  • istio.io/api from v1.25.4 to v1.25.5. by @gardener-ci-robot [#12886]
• [DEPENDENCY] The following dependencies have been updated:
  • perses/perses from v0.51.1 to v0.52.0. Release Notes by @gardener-ci-robot [#12951]
• [DEVELOPER] Add ensure capabilities for HA vpn statefulsets by @RiRa12621 [#12949]
• [OPERATOR] Ensure that enabling node-local-dns for all shoot clusters does not alter DNS behaviour. To maintain consistency the custom CoreDNS configmap is mounted into the node-local-dns pods and the custom overwrite rules defined in the custom CoreDNS configuration is applied onto the node-local-dns pods. by @DockToFuture [#12893]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/dashboard from 1.81.3 to 1.82.0. Release Notes by @gardener-ci-robot [#12970]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/ingress-default-backend from 0.23.0 to 0.24.0. Release Notes by @gardener-ci-robot [#12945]
• [OPERATOR] Adds Machine Capabilities support for provider local. Read more about Machine Capabilities here by @Roncossek [#12751]
• [OPERATOR] The VPA ManagedResource and the Secret it references are now removed when VPA is disabled in the Shoot, Seed or Garden specification. Previously, when VPA was disabled a ManagedResource with an empty Secret would be created. Now, no ManagedResource is created. by @RadaBDimitrova [#12870]
• [OPERATOR] set semver-compliant resource-version for envoy-proxy by @ccwienk [#12941]
• [DEVELOPER] The istio-ingressgateway service of the local2 seed is now exposed on 172.18.255.2:443 instead of 172.18.255.2:9443 on the developer's host machine. by @plkokanov [#12905]
• [OPERATOR] Allowlist new etcd-druid compaction metric and update network policies to allow full-snapshot API requests from etcd-druid to etcd-main client service. by @anveshreddy18 [#12849]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.128.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.128.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.128.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.128.0

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.128.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.128.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.128.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.128.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.128.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.128.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.128.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.128.0

Update gardenlet to 1.128.0

[github.com/gardener/gardener:v1.128.0]

⚠️ Breaking Changes

• [USER] The validation logic for Project resources has been changed: .spec.description and .spec.purpose fields may only contain letters, numbers and some punctuation characters. Existing projects are not affected by this change unless their description or purpose is updated. by @timuthy [#12902]
• [OPERATOR] The long time deprecated legacy ScrapeConfig roles in monitoring.coreos.com have been removed from CRD. by @oliver-goetz [#12908]
• [USER] In the Shoot API, the .spec.kubernetes.kubelet.cpuManagerPolicy and .spec.provider.workers[].kubelet.cpuManagerPolicy fields are now validated to ensure they can only be set to static or none. by @shafeeqes [#12914]
• [USER] In the Shoot API, the .spec.kubernetes.kubelet.containerLogMaxSize and .spec.provider.workers[].kubelet.containerLogMaxSize fields are now validated to ensure they contain a valid resource quantity. by @shafeeqes [#12914]
• [OPERATOR] The ShootVPAEnabledByDefault admission plugin is now enabled by default for the Gardener API server. Disable this admission plugin explicitly if you don't want VPA to be enabled by default for newly created Shoots. If you already have the admission plugin enabled, you can remove the explicit enablement after upgrading to this version of Gardener as the plugin is now enabled by default. by @georgibaltiev [#12854]
• [OPERATOR] The following fields in the CloudProfile have been renamed:
  • spec.capabilities -> spec.machineCapabilities
  • spec.MachineImages[].Versions[].capabilitySets -> spec.MachineImages[].Versions[].capabilityFlavors
    Please update your CloudProfiles accordingly if you are using capabilities (currently in alpha state). by @Roncossek [#12751]

📰 Noteworthy

• [USER] The rotate-etcd-encryption-start and rotate-etcd-encryption-complete operation annotations have been deprecated in favour of rotate-etcd-encryption-key. by @AleksandarSavchev [#12605]
• [DEVELOPER] Usages of the deprecated gopkg.in/yaml.v{2|3} packages were dropped. Please refrain from using them. Instead, please use the go.yaml.in/yaml/v4 package instead. by @tobschli [#12895]

✨ New Features

• [OPERATOR] It is now allowed backups to use WorkloadIdentity as credentials via the seed.spec.backup.credentialsRef and backupBucket.spec.credentialsRef APIs. In order to make use of this feature, the infrastructure and provider extension must support WorkloadIdentity credentials. by @vpnachev [#12924]
• [DEVELOPER] A developer guideline on validation in Gardener extensions has been added. Please consult this document as an extension developer or reviewer to ensure consistency in validation code across the Gardener extensions codebase. Check out the Validation Guidelines for Extensions document. by @ialidzhikov [#12811]
• [DEVELOPER] A developer guideline on validation in Gardener components has been added. Please consult this document as a developer or reviewer to ensure consistency in validation code across the Gardener codebase. Check out the Validation Guidelines document. by @ialidzhikov [#12811]
• [USER] Added operation annotation rotate-etcd-encryption-key which can be set to the Shoot and Garden resource to perform an etcd encryption key rotation. by @AleksandarSavchev [#12605]

🐛 Bug Fixes

• [DEPENDENCY] The certificate issuance and renewal flow for webhooks has been improved. Previously, controller restarts during the renewal process could leave the system in an unrecoverable error state, preventing the extension from starting. by @timuthy [#12852]
• [OPERATOR] An issue causing the update of existing CustomResourceDefinitions to be no-op is now fixed. by @shafeeqes [#12963]
• [OPERATOR] A bug in the gardenlet start-up migration of the Admin and Viewer Kubeconfig ClusterRoleBindings where a ManagedResource secret could be deleted leading to gardenlet being unable to startup is fixed. by @vpnachev [#12923]

🏃 Others

• [OPERATOR] gardener-node-agent no longer reboots a node if it flaps too often between ready/non-ready in a short period of time. by @ScheererJ [#12930]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/dashboard from 1.82.0 to 1.82.1. Release Notes by @gardener-ci-robot [#12982]
• [OPERATOR] Monitoring the Istio Ingress Gateways is temporarily disabled to mitigate a metric leak issue. This does not affect the monitoring of the shoot control planes where these metrics are not used. by @istvanballok [#12896]
• [OPERATOR] Reduce the CPU resource requests of istio-ingressgateway to 450m for the case with enabled L7 loadbalancing. by @voelzmo [#12881]
• [DEPENDENCY] The following dependencies have been updated:
  • envoyproxy/envoy from distroless-v1.35.0 to v1.35.3. Release Notes by @gardener-ci-robot [#12909]
• [DEPENDENCY] The following dependencies have been updated:
  • gcr.io/istio-release/pilot from 1.25.4 to 1.25.5.
  • gcr.io/istio-release/proxyv2 from 1.25.4 to 1.25.5.
  • istio.io/api from v1.25.4 to v1.25.5. by @gardener-ci-robot [#12886]
• [DEPENDENCY] The following dependencies have been updated:
  • perses/perses from v0.51.1 to v0.52.0. Release Notes by @gardener-ci-robot [#12951]
• [DEVELOPER] Add ensure capabilities for HA vpn statefulsets by @RiRa12621 [#12949]
• [OPERATOR] Ensure that enabling node-local-dns for all shoot clusters does not alter DNS behaviour. To maintain consistency the custom CoreDNS configmap is mounted into the node-local-dns pods and the custom overwrite rules defined in the custom CoreDNS configuration is applied onto the node-local-dns pods. by @DockToFuture [#12893]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/dashboard from 1.81.3 to 1.82.0. Release Notes by @gardener-ci-robot [#12970]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/ingress-default-backend from 0.23.0 to 0.24.0. Release Notes by @gardener-ci-robot [#12945]
• [OPERATOR] Adds Machine Capabilities support for provider local. Read more about Machine Capabilities here by @Roncossek [#12751]
• [OPERATOR] The VPA ManagedResource and the Secret it references are now removed when VPA is disabled in the Shoot, Seed or Garden specification. Previously, when VPA was disabled a ManagedResource with an empty Secret would be created. Now, no ManagedResource is created. by @RadaBDimitrova [#12870]
• [OPERATOR] set semver-compliant resource-version for envoy-proxy by @ccwienk [#12941]
• [DEVELOPER] The istio-ingressgateway service of the local2 seed is now exposed on 172.18.255.2:443 instead of 172.18.255.2:9443 on the developer's host machine. by @plkokanov [#12905]
• [OPERATOR] Allowlist new etcd-druid compaction metric and update network policies to allow full-snapshot API requests from etcd-druid to etcd-main client service. by @anveshreddy18 [#12849]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.128.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.128.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.128.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.128.0

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.128.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.128.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.128.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.128.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.128.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.128.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.128.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.128.0