chore(deps): bump github.com/gardener/gardener from 1.87.2 to 1.88.0

[dependabot]

Bumps github.com/gardener/gardener from 1.87.2 to 1.88.0.

Release notes

Sourced from github.com/gardener/gardener's releases.

v1.88.0

[gardener/gardener]

⚠️ Breaking Changes

• [OPERATOR] The docker CRI is no longer supported for machine images in the CloudProfile. Docker CRI was already not supported for Shoots with Kubernetes versions >= v1.23, so adding this CRI is a no-op currently. Please remove all the usages of docker CRI from your CloudProfiles before upgrading to this version. by @​shafeeqes #9135
• [OPERATOR] The GA-ed WorkerlessShoots feature gate has been removed. by @​acumino #9094
• [OPERATOR] The GA-ed ContainerdRegistryHostsDir feature gate has been removed. by @​ialidzhikov #9058
• [DEPENDENCY] The Selector field of the github.com/gardener/gardener/pkg/extensions/webhook.{Webhook,Args} types is now renamed to NamespaceSelector. by @​ialidzhikov #9085

✨ New Features

• [OPERATOR] When SSH access is enabled for a shoot cluster, the gardener linux user is created during the bootstrapping process of a node. This allows human operators to more easily SSH into the worker nodes with this username independent of the underlying machine image or cloud provider. by @​oliver-goetz #9077
• [OPERATOR] It is now possible to define additional/custom permissions via RBAC for extensions access in the garden cluster. You can read all about it here. by @​rfranzke #9079
• [DEVELOPER] The prometheus-operator (and its related CustomResourceDefinitions) are now deployed by default to garden clusters (by gardener-operator) and to seed clusters (by gardenlet). In the future, it will take over management of the Prometheus and Alertmanager instances. by @​rfranzke #9067
• [USER] The gardener-node-agent health is now being considered during the health check of a Shoot and incorporated into the EveryNodeReady condition. by @​tobschli #9073

🐛 Bug Fixes

• [DEVELOPER] Fix: add snapshots repository to default "component prefixes" to fix wrong values generated into Component Descriptors by @​ccwienk #9109
• [DEVELOPER] Fix Istio ingress service.yaml for dual-stack setup and add test. by @​axel7born #9098
• [OPERATOR] A bug has been fixed which was preventing valitail systemd services on shoot workers from starting when the UseGardenerNodeAgent feature gate is enabled. by @​oliver-goetz #9149
• [OPERATOR] Cluster creation with highly available control planes and an infrastructure extension that uses dynamic node networks is no longer delayed by a failing VPN connection before the first reconciliation. by @​MichaelEischer #9075
• [USER] The kube-apiserver deployment is annotated to mark the completion of labeling the resources for encrytion so that this step is not repeated in case the "label removal" step fails and resources are partially without the label. by @​shafeeqes #9147

🏃 Others

• [DEVELOPER] There is now a new github.com/gardener/gardener/extensions/pkg/webhook.EnsureUnitWithName func that can be used to add/update unit to OperatingSystemConfig units. by @​ialidzhikov #9121
• [DEVELOPER] Gardener's ClientMap implementation was moved from an internal to the commonly accessible clientmap package. by @​timuthy #9101
• [DEVELOPER] gardener-node-agent is now enabled in provider-extensions setup. by @​oliver-goetz #9048
• [OPERATOR] On node machines gardener-node-init.service is disabled and stopped when gardener-node-agent is active. by @​oliver-goetz #9096
• [OPERATOR] Fluent-bit is now upgraded to v2.2.2 by @​nickytd #9120
• [OPERATOR] BackupEntrys and Shoots are now labelled with seed.gardener.cloud/<seed-name>=true where <seed-name> is the value of .spec.seedName or .status.seedName. This allows for server-side filtering when watching these resources by leveraging a label selector. by @​rfranzke #9089
• [OPERATOR] Seed namespaces in the garden cluster are now labelled with gardener.cloud/role=seed, and ServiceAccounts for extensions in the seed namespaces are labelled with controllerregistration.core.gardener.cloud/name=<controllerregistration-name>. by @​rfranzke #9079
• [OPERATOR] The following image is updated:
  • ci:component:github.com/gardener/alpine-conntrack: 3.19.0 -> 3.19.1 by @​gardener-robot-ci-3 #9090
• [OPERATOR] When upgrading a shoot control plane to multi-zonal high-availability there will no longer be an envoy filter left in the old istio ingress namespace by @​ScheererJ #9005
• [OPERATOR] Change dnsLookupFamily to ALL in vpn seed envoy config, to prevent unnecessary DNS lookups. by @​axel7born #9102
• [OPERATOR] nginx-ingress-controller image is updated to v1.9.6. by @​shafeeqes #9124
• [USER] It is now possible to read the cluster-identity ConfigMap in the kube-system namespace of the Garden cluster by @​petersutter #9056
• [DEPENDENCY] Utility functions QuantityPtr,ProtocolPtr,TimePtr and TimePtrDeref, extensionsv1alpha1.UnitCommandPtr and ValueExists are dropped. Use k8s.io/utils/ptr.To, k8s.io/utils/ptr.Deref and slices.Contains instead. by @​shafeeqes #9107

[gardener/ingress-default-backend]

🏃 Others

• [OPERATOR] ingress-default-backend has been migrated to Golang-based implementation. by @​acuminogardener/ingress-default-backend#32

[gardener/machine-controller-manager]

🐛 Bug Fixes

• [DEVELOPER] MCM restart happens properly in integration tests now. This fix will get activated, once this version is vendored in your mcm-provider by @​sssash18gardener/machine-controller-manager#879
• [OPERATOR] Fix for edge case of Node object deletion missed during machine termination. by @​elankathgardener/machine-controller-manager#887
• [OPERATOR] Removes node.machine.sapcloud.io/not-managed-by-mcm annotation from nodes managed by the MCM. by @​elankathgardener/machine-controller-manager#866

... (truncated)

Commits

• 193c91f Release v1.88.0
• de4393d Remove ConditionPathExists from valitail systemd unit (#9149)
• ebc92c2 [release-v1.88] Annotate kube-apiserver deployment after labeling the resou...
• 2ebd233 [release-v1.88] Allow docker CRI to be specified in the cloudprofile for on...
• 409b26e [release-v1.88] Drop remaining usages of docker CRI (#9135)
• 7654c94 Bump golang from 1.21.6 to 1.21.7 (#9130)
• 10632d7 Update tools (#9119)
• 56945b0 [GEP-24] Shoot OIDC Issuer (#9024)
• 483a626 Update nginx ingress image to v1.9.6 (#9124)
• 76704c3 Replace usages of deprecated pointer functions (#9107)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Dependabot tried to add @onmetal/gardener-extension-maintainers as a reviewer to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/onmetal/gardener-extension-provider-onmetal/pulls/47/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the teams you specified is not a collaborator of the onmetal/gardener-extension-provider-onmetal repository. // See: https://docs.github.com/rest/pulls/review-requests#request-reviewers-for-a-pull-request