Release Notes v1.134

Yake release notes and upgrade guide

Related upstream release notes / changelogs

Update provider-azure to 1.57.0

[github.com/gardener/gardener-extension-provider-azure:v1.57.0]

⚠️ Breaking Changes

• [OPERATOR] Following the renaming based on PR13273, autonomous shoot cluster was renamed to self hosted shoot cluster. This leads to e.g. a change of the /gardener-extension-provider-azure's cli argument --autonomous-shoot-cluster to change to --self-hosted-shoot-cluster and the respective helm chart's variable .Values.gardener.autonomousShootCluster to change to .Values.gardener.selfHostedShootCluster. by @wpross [#1376]

📰 Noteworthy

• [OPERATOR] Deprecate resourceGroup field of infrastructureConfig by @hebelsan [#1356]

✨ New Features

• [OPERATOR] The Worker controller is prepared to support self-hosted shoot clusters with managed infrastructure (see GEP-28). by @timebertt [#1378]
• [USER] VMs can now be deployed into capacity reservations by @AndreasBurger [#1373]

🐛 Bug Fixes

• [OPERATOR] A bug in the cloud controller manager visible in Azure China has been fixed by updating the container images as follows:
  • v1.31.9 -> v1.31.10
  • v1.32.8 -> v1.32.9
  • v1.33.3 -> v1.33.4 by @vpnachev [#1368]
• [OPERATOR] Fix bug in Azure client failing to make use of Workload Identity in Azure China by downgrading the module github.com/AzureAD/microsoft-authentication-library-for-go to version v1.4.2. by @vpnachev [#1357]

🏃 Others

• [OPERATOR] Add input validation for DNS provider secrets referenced in the shoot spec. by @wpross [#1337]

• [OPERATOR] Update azure container registry links to v2 for new images by @hebelsan [#1385]

• [OPERATOR] Improve the implementation of the DisableRemedyController featuregate. Now by @kon-angelo [#1361]

• [OPERATOR] Remove controlplane webhook cleanup by @hebelsan [#1349]

• [OPERATOR] Remove CPU requests for azure-extension components in Shoot and Seed. by @voelzmo [#1384]

• [OPERATOR] Annotations added to ensure in-tree PVs can be forced attached to the node in ReadOnly caching mode. by @kon-angelo [#1382]

• [OPERATOR] Support for K8S version v1.34 has been added. Check the K8S release notes before upgrading to v1.34.

  Updated azure-sdk-for-go, microsoft-authentication-library-for-go, gardener/gardener, gardener/machine-controller-manager, gardener/remedy-controller, ginkgo, prometheus-operator, x/crypto, x/tools, k8s.io/api, k8s.io/apiextensions-apiserver, k8s.io/apimachinery, k8s.io/autoscaler/vertical-pod-autoscaler, k8s.io/client-go, k8s.io/code-generator, k8s.io/component-base, k8s.io/kubelet, sigs.k8s.io/controller-runtime, sigs.k8s.io/controller-tools, cloud-controller-manager by @wpross [#1376]

• [DEPENDENCY] The following container images have been updated:

  • cloud-controller-manager: v1.31.10 -> v1.31.11 (patch)
  • cloud-controller-manager: v1.32.9 -> v1.32.10 (patch)
  • cloud-controller-manager: v1.33.4 -> v1.33.5 (patch)
  • cloud-controller-manager: v1.34.2 -> v1.34.3 (patch)
  • cloud-node-manager: v1.31.10 -> v1.31.11 (patch)
  • cloud-node-manager: v1.32.9 -> v1.32.10 (patch)
  • cloud-node-manager: v1.33.4 -> v1.33.5 (patch)
  • cloud-node-manager: v1.34.2 -> v1.34.3 (patch)
  • csi-provisioner: v6.0.0 -> v6.1.0 (singleton) by @gardener-github-actions[bot] [#1381]

• [DEPENDENCY] The following container images have been updated:

  • cloud-node-manager: v1.31.9 -> v1.31.10 (patch)
  • cloud-node-manager: v1.32.8 -> v1.32.9 (patch)
  • cloud-node-manager: v1.33.3 -> v1.33.4 (patch)
  • csi-provisioner: v5.3.0 -> v6.0.0 (singleton)
  • csi-resizer: v1.14.0 -> v2.0.0 (singleton)
  • csi-snapshot-controller: v8.3.0 -> v8.4.0 (singleton)
  • csi-snapshotter: v8.3.0 -> v8.4.0 (singleton) by @gardener-github-actions[bot] [#1315]

Helm Charts

• admission-azure-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-application:v1.57.0
• admission-azure-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-azure-runtime:v1.57.0
• provider-azure: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-azure:v1.57.0

Container (OCI) Images

• gardener-extension-admission-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-azure:v1.57.0
• gardener-extension-provider-azure: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-azure:v1.57.0

Update os-gardenlinux to 0.35.0

[github.com/gardener/gardener-extension-os-gardenlinux:v0.35.0]

🏃 Others

• [OPERATOR] The Garden Linux OS extension now reconciles on OSCs of type gardenlinux-fips. by @MrBatschner [#321]

Helm Charts

• os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/os-gardenlinux:v0.35.0

Container (OCI) Images

• gardener-extension-os-gardenlinux: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/os-gardenlinux:v0.35.0

Update provider-gcp to 1.48.0

[github.com/gardener/gardener-extension-provider-gcp:v1.48.0]

⚠️ Breaking Changes

• [OPERATOR] Following the renaming based on PR13273, autonomous shoot cluster was renamed to self hosted shoot cluster. This leads to e.g. a change of the /gardener-extension-provider-gcp's cli argument --autonomous-shoot-cluster to change to --self-hosted-shoot-cluster and the respective helm chart's variable .Values.gardener.autonomousShootCluster to change to .Values.gardener.selfHostedShootCluster. by @tobschli [#1236]

✨ New Features

• [OPERATOR] The Worker controller is prepared to support self-hosted shoot clusters with managed infrastructure (see GEP-28). by @timebertt [#1239]
• [USER] The provider-gcp extension does now support shoot clusters with Kubernetes version 1.34. You should consider the Kubernetes release notes before upgrading to 1.34. by @tobschli [#1236]

🏃 Others

• [OPERATOR] Add missing useWorkloadIdentity helm parameter for the ingress-gce chart. by @kon-angelo [#1226]
• [OPERATOR] A bug in the migration of dual-stack to single-stack clusters has been fixed. by @axel7born [#1243]
• [OPERATOR] Introduce a healthcheck for the ingress controller when deployed. by @kon-angelo [#1230]
• [OPERATOR] Remove CPU requests for gcp-extension components in Shoot and Seed. by @voelzmo [#1242]
• [OPERATOR] Deployment gce-ingress is scaled to 0, but still enabled after migration from dual-stack to single-stack networking. by @axel7born [#1227]
• [DEPENDENCY] The following container images have been updated:
  • csi-driver: v1.17.14 -> v1.22.1 (singleton)
  • csi-driver-filestore: v1.11.0 -> v1.11.4 (singleton)
  • csi-provisioner: v5.3.0 -> v6.1.0 (singleton)
  • csi-resizer: v1.14.0 -> v2.0.0 (singleton)
  • csi-snapshot-controller: v8.3.0 -> v8.4.0 (singleton)
  • csi-snapshotter: v8.3.0 -> v8.4.0 (singleton) by @gardener-github-actions[bot] [#1221]
• [DEPENDENCY] Updated
  gardener/gardener -> v1.132.2
  ginkgo -> v2.27.2
  x/exp, x/oauth2, x/tools by @wpross [#1247]

Helm Charts

• admission-gcp-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-application:v1.48.0
• admission-gcp-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-runtime:v1.48.0
• provider-gcp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-gcp:v1.48.0

Container (OCI) Images

• gardener-extension-admission-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-gcp:v1.48.0
• gardener-extension-provider-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-gcp:v1.48.0

Update provider-alicloud to 1.67.0

[github.com/gardener/gardener-extension-provider-alicloud:v1.67.0]

✨ New Features

• [OPERATOR] The Worker controller is prepared to support self-hosted shoot clusters with managed infrastructure (see GEP-28). by @timebertt [#853]
• [USER] The provider-alicloud extension does now support shoot clusters with Kubernetes version 1.34. You should consider the Kubernetes release notes before upgrading to 1.34. by @tobschli [#856]

🏃 Others

• [OPERATOR] Update the deletion process of Natgateway in Flow-Base by @kevin-lacoo [#858]
• [OPERATOR] Update golang to 1.25 by @kevin-lacoo [#852]
• [OPERATOR] Update gardener/gardener to v1.127.1 by @kevin-lacoo [#857]
• [OPERATOR] Avoid duplicate creation of Natgateway by @kevin-lacoo [#847]
• [OPERATOR] Update gardener/gardener to v1.125.1 by @kevin-lacoo [#849]

Helm Charts

• admission-alicloud-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-application:v1.67.0
• admission-alicloud-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-alicloud-runtime:v1.67.0
• provider-alicloud: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-alicloud:v1.67.0

Container (OCI) Images

• gardener-extension-admission-alicloud: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-alicloud:v1.67.0
• gardener-extension-provider-alicloud: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-alicloud:v1.67.0

Update dashboard to 1.82.6

[github.com/gardener/dashboard:1.82.6]

🐛 Bug Fixes

• [USER] Adds CSRF protection to the authorizeToken function that handles token-based authentication via POST /auth. by @gardener-github-actions[bot] [#2703]
• [USER] Fixed an issue where floating pool names using a domain selector were not displayed by @grolu [#2700]

Container (OCI) Images

• gardener-dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.82.6

Update dashboard to 1.82.6

[github.com/gardener/dashboard:1.82.6]

🐛 Bug Fixes

• [USER] Adds CSRF protection to the authorizeToken function that handles token-based authentication via POST /auth. by @gardener-github-actions[bot] [#2703]
• [USER] Fixed an issue where floating pool names using a domain selector were not displayed by @grolu [#2700]

Container (OCI) Images

• gardener-dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.82.6

Update dashboard to 1.83.0

[github.com/gardener/dashboard:1.83.0]

⚠️ Breaking Changes

• [OPERATOR] The backend now requires an websocketAllowedOrigins configuration to protect the Socket.IO server from cross-site requests

  • To allow all origins, you may set the value to * (not recommended)
  • When deploying with the Gardener operator, this setting is automatically configured based on the public ingress hosts
  • For manual deployments, you must provide the correct values in the Helm chart configuration by @grolu [#2588]

• [USER] Simplified DNS Credential Handling:

  • DNS credentials no longer require a SecretBinding or CredentialsBinding to work with the Gardener Dashboard. The Dashboard now relies on a new label, dashboard.gardener.cloud/dnsProviderType: <provider-type>, to identify the DNS provider type. All Secret resources containing this label will appear as DNS credentials in the Dashboard.
  • For backward compatibility, Secrets previously created through the Dashboard — which have the label provider.shoot.gardener.cloud/<provider-type> set by Gardener — will continue to be recognized as DNS credentials. This label now serves as a fallback for existing DNS Secrets.
  • For new DNS credentials, only a Secret resource is created (no additional CredentialsBinding resource). You may safely clean up any existing CredentialsBinding or SecretBinding resources related to DNS credentials, as they are no longer required. by @grolu [#2632]

• [DEVELOPER] The dashboard configuration now requires a websocketAllowedOrigins setting. Without it, the dashboard will not start. See the local development setup documentation for more details. by @grolu [#2588]

✨ New Features

• [OPERATOR] Improved Custom Asset Handling
  • You no longer need to provide the full asset set — individual icons can now be overridden as needed
  • Improved caching behavior by applying correct cache-control headers, preventing outdated assets from being served by @grolu [#2687]
• [USER] Add providerTemplate for stackit clusters by @nschad [#2686]

Container (OCI) Images

• gardener-dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.83.0

Update dashboard to 1.83.0

[github.com/gardener/dashboard:1.83.0]

⚠️ Breaking Changes

• [OPERATOR] The backend now requires an websocketAllowedOrigins configuration to protect the Socket.IO server from cross-site requests

  • To allow all origins, you may set the value to * (not recommended)
  • When deploying with the Gardener operator, this setting is automatically configured based on the public ingress hosts
  • For manual deployments, you must provide the correct values in the Helm chart configuration by @grolu [#2588]

• [USER] Simplified DNS Credential Handling:

  • DNS credentials no longer require a SecretBinding or CredentialsBinding to work with the Gardener Dashboard. The Dashboard now relies on a new label, dashboard.gardener.cloud/dnsProviderType: <provider-type>, to identify the DNS provider type. All Secret resources containing this label will appear as DNS credentials in the Dashboard.
  • For backward compatibility, Secrets previously created through the Dashboard — which have the label provider.shoot.gardener.cloud/<provider-type> set by Gardener — will continue to be recognized as DNS credentials. This label now serves as a fallback for existing DNS Secrets.
  • For new DNS credentials, only a Secret resource is created (no additional CredentialsBinding resource). You may safely clean up any existing CredentialsBinding or SecretBinding resources related to DNS credentials, as they are no longer required. by @grolu [#2632]

• [DEVELOPER] The dashboard configuration now requires a websocketAllowedOrigins setting. Without it, the dashboard will not start. See the local development setup documentation for more details. by @grolu [#2588]

✨ New Features

• [OPERATOR] Improved Custom Asset Handling
  • You no longer need to provide the full asset set — individual icons can now be overridden as needed
  • Improved caching behavior by applying correct cache-control headers, preventing outdated assets from being served by @grolu [#2687]
• [USER] Add providerTemplate for stackit clusters by @nschad [#2686]

Container (OCI) Images

• gardener-dashboard: europe-docker.pkg.dev/gardener-project/releases/gardener/dashboard:1.83.0

Update acl to 1.14.0

What's Changed

🐛 Bug Fixes

• Fix extension helm chart syntax issue in image vector overwrite by @namsral in https://github.com/stackitcloud/gardener-extension-acl/pull/194
• Only validate extension if it not disabled. by @Gerrit91 in https://github.com/stackitcloud/gardener-extension-acl/pull/214

🤖 Dependencies

• Update module github.com/gardener/gardener to v1.129.1 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/188
• Update module sigs.k8s.io/controller-runtime to v0.22.3 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/189
• Update dependency go to v1.25.3 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/190
• Update module github.com/gardener/gardener to v1.129.2 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/191
• Update module github.com/onsi/ginkgo/v2 to v2.27.1 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/193
• Update module github.com/gardener/gardener to v1.130.0 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/192
• Update module github.com/gardener/gardener to v1.130.1 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/195
• Update module github.com/onsi/ginkgo/v2 to v2.27.2 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/196
• Update module github.com/gardener/gardener to v1.130.2 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/197
• Update module github.com/gardener/gardener to v1.131.0 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/198
• Update module sigs.k8s.io/controller-runtime to v0.22.4 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/199
• Update module github.com/gardener/gardener to v1.131.1 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/200
• Update dependency go to v1.25.4 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/201
• Update module github.com/gardener/gardener to v1.131.2 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/202
• Update k8s packages (patch) by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/203
• Update module golang.org/x/tools to v0.39.0 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/204
• Update module github.com/gardener/gardener to v1.131.4 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/206
• Update module github.com/gardener/gardener to v1.132.1 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/205
• Update actions/checkout action to v6 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/208
• Update module github.com/gardener/gardener to v1.132.2 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/209
• Update module github.com/gardener/gardener to v1.133.0 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/210
• Update dependency go to v1.25.5 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/211
• Update module github.com/spf13/cobra to v1.10.2 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/213
• Update dependency go to v1.25.5 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/212
• Update module github.com/onsi/ginkgo/v2 to v2.27.3 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/215
• Update module github.com/onsi/gomega to v1.38.3 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/216
• Update module golang.org/x/tools to v0.40.0 by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/217
• Update k8s packages to v0.34.3 (patch) by @renovate[bot] in https://github.com/stackitcloud/gardener-extension-acl/pull/218

New Contributors

• @namsral made their first contribution in https://github.com/stackitcloud/gardener-extension-acl/pull/194
• @Gerrit91 made their first contribution in https://github.com/stackitcloud/gardener-extension-acl/pull/214

Full Changelog: https://github.com/stackitcloud/gardener-extension-acl/compare/v1.13.0...v1.14.0

Update networking-calico to 1.54.0

[github.com/gardener/gardener-extension-networking-calico:v1.54.0]

🐛 Bug Fixes

• [USER] Calico won't create a VPA configuration for Typha when it is disabled by @domdom82 [#759]

🏃 Others

• [OPERATOR] fix indentation for Helm chart securityContext by @mstueer [#749]

Helm Charts

• admission-calico-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-application:v1.54.0
• admission-calico-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-calico-runtime:v1.54.0
• networking-calico: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-calico:v1.54.0

Container (OCI) Images

• cni-plugins: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/cni-plugins:v1.54.0
• gardener-extension-admission-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-calico:v1.54.0
• gardener-extension-networking-calico: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-calico:v1.54.0

Update gardener-controlplane to 1.134.0

[github.com/gardener/gardener:v1.134.0]

⚠️ Breaking Changes

• [OPERATOR] The DoNotCopyBackupCredentials feature gate has been promoted to GA and can no longer be disabled. The Seed backup secret is no longer copied from the Shoot infrastructure credentials in case an operator does not provide an existing backup secret. If you configure seed.spec.backup.credentialsRef, make sure that the referred credential already exists. For production setups, it is advised that operators configure a separate set of credentials for Seed backup and Shoot infrastructure. by @dimityrmirchev [#13564]

• [OPERATOR] Several fields and configurations of operator.gardener.cloud/v1alpha1.Extension resources are now validated:

  • Either an extension or admission deployment must be specified (spec.deployment.{extension,admission})
  • One of spec.deployment.admission.runtimeCluster or spec.deployment.admission.virtualCluster must be specified
  • A Helm deployment configuration must be in place (spec.deployment.extension.helm or spec.deployment.admission.{runtimeCluster,virtualCluster}.helm)
  • A valid OCI repository configuration is required (helm.ociRepository)

  Please check your Extension resources and rectify them accordingly, before upgrading to this version. by @timuthy [#13528]

• [OPERATOR] The GA-ed and unconditionally enabled ShootCredentialsBinding feature gate is removed. If you have references to this feature gate, clean them up before upgrading to this version of Gardener. by @ialidzhikov [#13576]

• [DEVELOPER] Ensure you have the docker compose plugin installed for starting the local setup. by @timebertt [#13551]

• [DEVELOPER] The registry for the local development setup is now exposed under registry.local.gardener.cloud instead of garden.local.gardener.cloud. Make sure to update your /etc/hosts file by replacing the existing 127.0.0.1 garden.local.gardener.cloud entries with 127.0.0.1 registry.local.gardener.cloud. by @timebertt [#13551]

• [DEVELOPER] To support self-hosted shoots with managed infrastructure, the Worker extension (controller/delegate) needs to use the technical ID from Cluster.shoot.status.technicalID for prefixing the names of machine-related objects. The Worker namespace is kube-system for self-hosted shoots. Read the docs. by @timebertt [#13485]

📰 Noteworthy

• [OPERATOR] As the DoNotCopyBackupCredentials feature gate cannot be disabled, backup secrets that were copied from Shoot infrastructure credentials in previous reconciliations are labeled with gardener.cloud/secret-status=previously-managed and Gardener no longer takes care of them. Operators are responsible to delete those if unused for other scenarios. by @dimityrmirchev [#13564]
• [OPERATOR] Introduced GEP-35 that outlines a migration strategy from Vali to VictoriaLogs as a database for Garden, Seed & Shoot clusters. by @rrhubenov [#13242]

✨ New Features

• [OPERATOR] Istio-gateways now provide access logs for requests to kube-apiservers via the apiserver-proxy endpoint when IstioTLSTermination feature gate is active. by @oliver-goetz [#13569]
• [OPERATOR] Seed clusters are now labelled with a specific extension label extensions.extensions.gardener.cloud/<extension-type>: true whenever such an extension is activated for the seed. by @timuthy [#13509]
• [USER] Istio access logs are now visible for users in the shoot plutono. by @majst01 [#13548]
• [DEVELOPER] The Worker extension no longer needs to fetch the machine state from the ShootState object in the garden cluster. Instead, Gardener populates the machine state directly in the Worker.status.state field on restoration of the shoot. Read the docs. by @timebertt [#13485]

🐛 Bug Fixes

• [OPERATOR] A bug which caused kube-apiserver metrics to be scraped thrice when IstioTLSTermination feature gate is active has been fixed. by @oliver-goetz [#13590]
• [OPERATOR] Fixed a bug where operators could not exclusively specify count limits in the Garden's spec.virtualCluster.gardener.gardenerAdmissionController.resourceAdmissionConfiguration.limit field. by @tobschli [#13577]
• [USER] A bug which prevented the wildcard certificate endpoints to be advertised in the shoot status has been fixed. by @oliver-goetz [#13644]
• [USER] Fixed DNS resolution issues during dual-stack migration by ensuring /etc/resolv.conf only contains the IPv4 DNS server address until the kube-dns service is fully migrated. by @axel7born [#13601]

🏃 Others

• [OPERATOR] Seeds are now labeled with seed.gardener.cloud/provider=<seed.spec.provider.type> and seed.gardener.cloud/region=<seed.spec.provider.region>. by @georgibaltiev [#12623]
• [OPERATOR] apiserver-proxy endpoints now using the same keep alive settings and connection timeout as default kube-apiserver endpoints when IstioTLSTermination feature gate is active. by @oliver-goetz [#13569]
• [OPERATOR] Projects are no-longer requeued with back-off when they have a deletionTimestamp and still existing Shoots in the corresponding namespaces. Instead they are now automatically requeued on Shoot deletion events if they no-longer contain any Shoots so that the deletion of the Project can finish. by @plkokanov [#13052]
• [OPERATOR] ManagedResources are no-longer requeued with back-off, if their responsibility was transferred from one gardener-resource-manager to another, while waiting for the original gardener-resource-manager to finish cleaning up the deployed resources. Instead, ManagedResources are automatically requeued when the cleanup of resources by the original gardener-resource-manager has finished. by @plkokanov [#13052]
• [DEVELOPER] The VPAInPlaceUpdates feature gate is enabled in local setups for gardenlet and gardener-operator. by @vitanovs [#13508]
• [DEVELOPER] Update remote local setup with most recent hosts for end-to-end tests and instructions for an IPv6 setup by @vicwicker [#13436]
• [DEVELOPER] Usages of controller-runtime's deprecated reconcile.Result{Requeue: true} have been removed. by @plkokanov [#13052]
• [DEVELOPER] Ignore whitespace-only YAML chunks when parsing ManagedResource secrets. This prevents decoder errors from trailing --- separators. by @DockToFuture [#13622]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/kiwigrid/k8s-sidecar from 2.1.3 to 2.1.4. by @gardener-ci-robot [#13567]
• [DEPENDENCY] The gardener/autoscaler image for Shoots with Kubernetes version 1.34 has been updated to v1.34.0. Release Notes by @takoverflow [#13554]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/etcd-druid from v0.33.0 to v0.34.0. Release Notes
  • github.com/gardener/etcd-druid/api from v0.33.0 to v0.34.0. by @Shreyas-s14 [#13617]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/dashboard from 1.82.6 to 1.83.0. Release Notes by @gardener-ci-robot [#13620]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/dashboard from 1.82.5 to 1.82.6. Release Notes by @gardener-ci-robot [#13619]
• [DEPENDENCY] The following dependencies have been updated:
  • registry.k8s.io/ingress-nginx/controller-chroot from v1.14.0 to v1.14.1. by @gardener-ci-robot [#13599]
• [DEPENDENCY] The following dependencies have been updated:
  • gcr.io/istio-release/pilot from 1.27.3 to 1.27.4.
  • gcr.io/istio-release/proxyv2 from 1.27.3 to 1.27.4.
  • istio.io/api from v1.27.3 to v1.27.4. by @gardener-ci-robot [#13595]
• [DEPENDENCY] The following dependencies have been updated:
  • envoyproxy/envoy from distroless-v1.36.2 to v1.36.3. Release Notes by @gardener-ci-robot [#13598]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/cortexproject/cortex from v1.20.0 to v1.20.1. by @gardener-ci-robot [#13597]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/kiwigrid/k8s-sidecar from 2.1.2 to 2.1.3. by @gardener-ci-robot [#13562]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.134.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.134.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.134.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.134.0

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.134.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.134.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.134.0
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.134.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.134.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.134.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.134.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.134.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.134.0

Update gardener-controlplane to 1.134.0

[github.com/gardener/gardener:v1.134.0]

⚠️ Breaking Changes

• [OPERATOR] The DoNotCopyBackupCredentials feature gate has been promoted to GA and can no longer be disabled. The Seed backup secret is no longer copied from the Shoot infrastructure credentials in case an operator does not provide an existing backup secret. If you configure seed.spec.backup.credentialsRef, make sure that the referred credential already exists. For production setups, it is advised that operators configure a separate set of credentials for Seed backup and Shoot infrastructure. by @dimityrmirchev [#13564]

• [OPERATOR] Several fields and configurations of operator.gardener.cloud/v1alpha1.Extension resources are now validated:

  • Either an extension or admission deployment must be specified (spec.deployment.{extension,admission})
  • One of spec.deployment.admission.runtimeCluster or spec.deployment.admission.virtualCluster must be specified
  • A Helm deployment configuration must be in place (spec.deployment.extension.helm or spec.deployment.admission.{runtimeCluster,virtualCluster}.helm)
  • A valid OCI repository configuration is required (helm.ociRepository)

  Please check your Extension resources and rectify them accordingly, before upgrading to this version. by @timuthy [#13528]

• [OPERATOR] The GA-ed and unconditionally enabled ShootCredentialsBinding feature gate is removed. If you have references to this feature gate, clean them up before upgrading to this version of Gardener. by @ialidzhikov [#13576]

• [DEVELOPER] Ensure you have the docker compose plugin installed for starting the local setup. by @timebertt [#13551]

• [DEVELOPER] The registry for the local development setup is now exposed under registry.local.gardener.cloud instead of garden.local.gardener.cloud. Make sure to update your /etc/hosts file by replacing the existing 127.0.0.1 garden.local.gardener.cloud entries with 127.0.0.1 registry.local.gardener.cloud. by @timebertt [#13551]

• [DEVELOPER] To support self-hosted shoots with managed infrastructure, the Worker extension (controller/delegate) needs to use the technical ID from Cluster.shoot.status.technicalID for prefixing the names of machine-related objects. The Worker namespace is kube-system for self-hosted shoots. Read the docs. by @timebertt [#13485]

📰 Noteworthy

• [OPERATOR] As the DoNotCopyBackupCredentials feature gate cannot be disabled, backup secrets that were copied from Shoot infrastructure credentials in previous reconciliations are labeled with gardener.cloud/secret-status=previously-managed and Gardener no longer takes care of them. Operators are responsible to delete those if unused for other scenarios. by @dimityrmirchev [#13564]
• [OPERATOR] Introduced GEP-35 that outlines a migration strategy from Vali to VictoriaLogs as a database for Garden, Seed & Shoot clusters. by @rrhubenov [#13242]

✨ New Features

• [OPERATOR] Istio-gateways now provide access logs for requests to kube-apiservers via the apiserver-proxy endpoint when IstioTLSTermination feature gate is active. by @oliver-goetz [#13569]
• [OPERATOR] Seed clusters are now labelled with a specific extension label extensions.extensions.gardener.cloud/<extension-type>: true whenever such an extension is activated for the seed. by @timuthy [#13509]
• [USER] Istio access logs are now visible for users in the shoot plutono. by @majst01 [#13548]
• [DEVELOPER] The Worker extension no longer needs to fetch the machine state from the ShootState object in the garden cluster. Instead, Gardener populates the machine state directly in the Worker.status.state field on restoration of the shoot. Read the docs. by @timebertt [#13485]

🐛 Bug Fixes

• [OPERATOR] A bug which caused kube-apiserver metrics to be scraped thrice when IstioTLSTermination feature gate is active has been fixed. by @oliver-goetz [#13590]
• [OPERATOR] Fixed a bug where operators could not exclusively specify count limits in the Garden's spec.virtualCluster.gardener.gardenerAdmissionController.resourceAdmissionConfiguration.limit field. by @tobschli [#13577]
• [USER] A bug which prevented the wildcard certificate endpoints to be advertised in the shoot status has been fixed. by @oliver-goetz [#13644]
• [USER] Fixed DNS resolution issues during dual-stack migration by ensuring /etc/resolv.conf only contains the IPv4 DNS server address until the kube-dns service is fully migrated. by @axel7born [#13601]

🏃 Others

• [OPERATOR] Seeds are now labeled with seed.gardener.cloud/provider=<seed.spec.provider.type> and seed.gardener.cloud/region=<seed.spec.provider.region>. by @georgibaltiev [#12623]
• [OPERATOR] apiserver-proxy endpoints now using the same keep alive settings and connection timeout as default kube-apiserver endpoints when IstioTLSTermination feature gate is active. by @oliver-goetz [#13569]
• [OPERATOR] Projects are no-longer requeued with back-off when they have a deletionTimestamp and still existing Shoots in the corresponding namespaces. Instead they are now automatically requeued on Shoot deletion events if they no-longer contain any Shoots so that the deletion of the Project can finish. by @plkokanov [#13052]
• [OPERATOR] ManagedResources are no-longer requeued with back-off, if their responsibility was transferred from one gardener-resource-manager to another, while waiting for the original gardener-resource-manager to finish cleaning up the deployed resources. Instead, ManagedResources are automatically requeued when the cleanup of resources by the original gardener-resource-manager has finished. by @plkokanov [#13052]
• [DEVELOPER] The VPAInPlaceUpdates feature gate is enabled in local setups for gardenlet and gardener-operator. by @vitanovs [#13508]
• [DEVELOPER] Update remote local setup with most recent hosts for end-to-end tests and instructions for an IPv6 setup by @vicwicker [#13436]
• [DEVELOPER] Usages of controller-runtime's deprecated reconcile.Result{Requeue: true} have been removed. by @plkokanov [#13052]
• [DEVELOPER] Ignore whitespace-only YAML chunks when parsing ManagedResource secrets. This prevents decoder errors from trailing --- separators. by @DockToFuture [#13622]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/kiwigrid/k8s-sidecar from 2.1.3 to 2.1.4. by @gardener-ci-robot [#13567]
• [DEPENDENCY] The gardener/autoscaler image for Shoots with Kubernetes version 1.34 has been updated to v1.34.0. Release Notes by @takoverflow [#13554]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/etcd-druid from v0.33.0 to v0.34.0. Release Notes
  • github.com/gardener/etcd-druid/api from v0.33.0 to v0.34.0. by @Shreyas-s14 [#13617]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/dashboard from 1.82.6 to 1.83.0. Release Notes by @gardener-ci-robot [#13620]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/dashboard from 1.82.5 to 1.82.6. Release Notes by @gardener-ci-robot [#13619]
• [DEPENDENCY] The following dependencies have been updated:
  • registry.k8s.io/ingress-nginx/controller-chroot from v1.14.0 to v1.14.1. by @gardener-ci-robot [#13599]
• [DEPENDENCY] The following dependencies have been updated:
  • gcr.io/istio-release/pilot from 1.27.3 to 1.27.4.
  • gcr.io/istio-release/proxyv2 from 1.27.3 to 1.27.4.
  • istio.io/api from v1.27.3 to v1.27.4. by @gardener-ci-robot [#13595]
• [DEPENDENCY] The following dependencies have been updated:
  • envoyproxy/envoy from distroless-v1.36.2 to v1.36.3. Release Notes by @gardener-ci-robot [#13598]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/cortexproject/cortex from v1.20.0 to v1.20.1. by @gardener-ci-robot [#13597]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/kiwigrid/k8s-sidecar from 2.1.2 to 2.1.3. by @gardener-ci-robot [#13562]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.134.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.134.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.134.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.134.0

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.134.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.134.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.134.0
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.134.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.134.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.134.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.134.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.134.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.134.0

Update gardenlet to 1.134.0

[github.com/gardener/gardener:v1.134.0]

⚠️ Breaking Changes

• [OPERATOR] The DoNotCopyBackupCredentials feature gate has been promoted to GA and can no longer be disabled. The Seed backup secret is no longer copied from the Shoot infrastructure credentials in case an operator does not provide an existing backup secret. If you configure seed.spec.backup.credentialsRef, make sure that the referred credential already exists. For production setups, it is advised that operators configure a separate set of credentials for Seed backup and Shoot infrastructure. by @dimityrmirchev [#13564]

• [OPERATOR] Several fields and configurations of operator.gardener.cloud/v1alpha1.Extension resources are now validated:

  • Either an extension or admission deployment must be specified (spec.deployment.{extension,admission})
  • One of spec.deployment.admission.runtimeCluster or spec.deployment.admission.virtualCluster must be specified
  • A Helm deployment configuration must be in place (spec.deployment.extension.helm or spec.deployment.admission.{runtimeCluster,virtualCluster}.helm)
  • A valid OCI repository configuration is required (helm.ociRepository)

  Please check your Extension resources and rectify them accordingly, before upgrading to this version. by @timuthy [#13528]

• [OPERATOR] The GA-ed and unconditionally enabled ShootCredentialsBinding feature gate is removed. If you have references to this feature gate, clean them up before upgrading to this version of Gardener. by @ialidzhikov [#13576]

• [DEVELOPER] Ensure you have the docker compose plugin installed for starting the local setup. by @timebertt [#13551]

• [DEVELOPER] The registry for the local development setup is now exposed under registry.local.gardener.cloud instead of garden.local.gardener.cloud. Make sure to update your /etc/hosts file by replacing the existing 127.0.0.1 garden.local.gardener.cloud entries with 127.0.0.1 registry.local.gardener.cloud. by @timebertt [#13551]

• [DEVELOPER] To support self-hosted shoots with managed infrastructure, the Worker extension (controller/delegate) needs to use the technical ID from Cluster.shoot.status.technicalID for prefixing the names of machine-related objects. The Worker namespace is kube-system for self-hosted shoots. Read the docs. by @timebertt [#13485]

📰 Noteworthy

• [OPERATOR] As the DoNotCopyBackupCredentials feature gate cannot be disabled, backup secrets that were copied from Shoot infrastructure credentials in previous reconciliations are labeled with gardener.cloud/secret-status=previously-managed and Gardener no longer takes care of them. Operators are responsible to delete those if unused for other scenarios. by @dimityrmirchev [#13564]
• [OPERATOR] Introduced GEP-35 that outlines a migration strategy from Vali to VictoriaLogs as a database for Garden, Seed & Shoot clusters. by @rrhubenov [#13242]

✨ New Features

• [OPERATOR] Istio-gateways now provide access logs for requests to kube-apiservers via the apiserver-proxy endpoint when IstioTLSTermination feature gate is active. by @oliver-goetz [#13569]
• [OPERATOR] Seed clusters are now labelled with a specific extension label extensions.extensions.gardener.cloud/<extension-type>: true whenever such an extension is activated for the seed. by @timuthy [#13509]
• [USER] Istio access logs are now visible for users in the shoot plutono. by @majst01 [#13548]
• [DEVELOPER] The Worker extension no longer needs to fetch the machine state from the ShootState object in the garden cluster. Instead, Gardener populates the machine state directly in the Worker.status.state field on restoration of the shoot. Read the docs. by @timebertt [#13485]

🐛 Bug Fixes

• [OPERATOR] A bug which caused kube-apiserver metrics to be scraped thrice when IstioTLSTermination feature gate is active has been fixed. by @oliver-goetz [#13590]
• [OPERATOR] Fixed a bug where operators could not exclusively specify count limits in the Garden's spec.virtualCluster.gardener.gardenerAdmissionController.resourceAdmissionConfiguration.limit field. by @tobschli [#13577]
• [USER] A bug which prevented the wildcard certificate endpoints to be advertised in the shoot status has been fixed. by @oliver-goetz [#13644]
• [USER] Fixed DNS resolution issues during dual-stack migration by ensuring /etc/resolv.conf only contains the IPv4 DNS server address until the kube-dns service is fully migrated. by @axel7born [#13601]

🏃 Others

• [OPERATOR] Seeds are now labeled with seed.gardener.cloud/provider=<seed.spec.provider.type> and seed.gardener.cloud/region=<seed.spec.provider.region>. by @georgibaltiev [#12623]
• [OPERATOR] apiserver-proxy endpoints now using the same keep alive settings and connection timeout as default kube-apiserver endpoints when IstioTLSTermination feature gate is active. by @oliver-goetz [#13569]
• [OPERATOR] Projects are no-longer requeued with back-off when they have a deletionTimestamp and still existing Shoots in the corresponding namespaces. Instead they are now automatically requeued on Shoot deletion events if they no-longer contain any Shoots so that the deletion of the Project can finish. by @plkokanov [#13052]
• [OPERATOR] ManagedResources are no-longer requeued with back-off, if their responsibility was transferred from one gardener-resource-manager to another, while waiting for the original gardener-resource-manager to finish cleaning up the deployed resources. Instead, ManagedResources are automatically requeued when the cleanup of resources by the original gardener-resource-manager has finished. by @plkokanov [#13052]
• [DEVELOPER] The VPAInPlaceUpdates feature gate is enabled in local setups for gardenlet and gardener-operator. by @vitanovs [#13508]
• [DEVELOPER] Update remote local setup with most recent hosts for end-to-end tests and instructions for an IPv6 setup by @vicwicker [#13436]
• [DEVELOPER] Usages of controller-runtime's deprecated reconcile.Result{Requeue: true} have been removed. by @plkokanov [#13052]
• [DEVELOPER] Ignore whitespace-only YAML chunks when parsing ManagedResource secrets. This prevents decoder errors from trailing --- separators. by @DockToFuture [#13622]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/kiwigrid/k8s-sidecar from 2.1.3 to 2.1.4. by @gardener-ci-robot [#13567]
• [DEPENDENCY] The gardener/autoscaler image for Shoots with Kubernetes version 1.34 has been updated to v1.34.0. Release Notes by @takoverflow [#13554]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/etcd-druid from v0.33.0 to v0.34.0. Release Notes
  • github.com/gardener/etcd-druid/api from v0.33.0 to v0.34.0. by @Shreyas-s14 [#13617]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/dashboard from 1.82.6 to 1.83.0. Release Notes by @gardener-ci-robot [#13620]
• [DEPENDENCY] The following dependencies have been updated:
  • gardener/dashboard from 1.82.5 to 1.82.6. Release Notes by @gardener-ci-robot [#13619]
• [DEPENDENCY] The following dependencies have been updated:
  • registry.k8s.io/ingress-nginx/controller-chroot from v1.14.0 to v1.14.1. by @gardener-ci-robot [#13599]
• [DEPENDENCY] The following dependencies have been updated:
  • gcr.io/istio-release/pilot from 1.27.3 to 1.27.4.
  • gcr.io/istio-release/proxyv2 from 1.27.3 to 1.27.4.
  • istio.io/api from v1.27.3 to v1.27.4. by @gardener-ci-robot [#13595]
• [DEPENDENCY] The following dependencies have been updated:
  • envoyproxy/envoy from distroless-v1.36.2 to v1.36.3. Release Notes by @gardener-ci-robot [#13598]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/cortexproject/cortex from v1.20.0 to v1.20.1. by @gardener-ci-robot [#13597]
• [DEPENDENCY] The following dependencies have been updated:
  • quay.io/kiwigrid/k8s-sidecar from 2.1.2 to 2.1.3. by @gardener-ci-robot [#13562]

Helm Charts

• controlplane: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/controlplane:v1.134.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/gardenlet:v1.134.0
• operator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/operator:v1.134.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/resource-manager:v1.134.0

Container (OCI) Images

• admission-controller: europe-docker.pkg.dev/gardener-project/releases/gardener/admission-controller:v1.134.0
• apiserver: europe-docker.pkg.dev/gardener-project/releases/gardener/apiserver:v1.134.0
• controller-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/controller-manager:v1.134.0
• gardenadm: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenadm:v1.134.0
• gardenlet: europe-docker.pkg.dev/gardener-project/releases/gardener/gardenlet:v1.134.0
• node-agent: europe-docker.pkg.dev/gardener-project/releases/gardener/node-agent:v1.134.0
• operator: europe-docker.pkg.dev/gardener-project/releases/gardener/operator:v1.134.0
• resource-manager: europe-docker.pkg.dev/gardener-project/releases/gardener/resource-manager:v1.134.0
• scheduler: europe-docker.pkg.dev/gardener-project/releases/gardener/scheduler:v1.134.0

Update provider-gcp to 1.48.1

[github.com/gardener/gardener-extension-provider-gcp:v1.48.1]

🏃 Others

• [OPERATOR] Fix infrastructure status to correctly use spec IP families during single-stack to dual-stack migration. by @axel7born [#1256]

Helm Charts

• admission-gcp-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-application:v1.48.1
• admission-gcp-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-gcp-runtime:v1.48.1
• provider-gcp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/provider-gcp:v1.48.1

Container (OCI) Images

• gardener-extension-admission-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-gcp:v1.48.1
• gardener-extension-provider-gcp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/provider-gcp:v1.48.1

Update external-dns-management to 0.34.0

[github.com/gardener/external-dns-management:v0.34.0]

🐛 Bug Fixes

• [OPERATOR] In an edge case, the data section for a Secret is not dropped anymore when it is not longer used by any provider and the secret is updated to remove the finalizer. by @MartinWeindel [#723]

Helm Charts

• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/dns-controller-manager:v0.34.0

Container (OCI) Images

• dns-controller-manager-next-generation: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager-next-generation:v0.34.0
• dns-controller-manager: europe-docker.pkg.dev/gardener-project/releases/dns-controller-manager:v0.34.0