Bump github.com/gardener/etcd-druid from 0.22.5 to 0.23.1

[dependabot]

Bumps github.com/gardener/etcd-druid from 0.22.5 to 0.23.1.

Release notes

Sourced from github.com/gardener/etcd-druid's releases.

v0.23.1

[gardener/etcd-druid]

⚠️ Breaking Changes

• [OPERATOR] If you wish to downgrade from druid v0.23.x to versions =<v0.22.7, please ensure that you change the CLI flags for the druid command to remove the new CLI flags introduced in v0.23.0. If you are using the provided helm charts to deploy druid, you may ignore this and simply deploy the helm chart, which takes care of the CLI flag changes for you. by @​shreyas-s-rao #894

📰 Noteworthy

• [OPERATOR] etcd-backup-restore has been bumped to v0.30.2 and etcd-wrapper has been bumped to v0.2.0. by @​shreyas-s-rao #894

🏃 Others

• [USER] Fixed the ready condition for the Etcd resource. by @​shreyas-s-rao #894
• [OPERATOR] Fixes for handling of pod template labels, label-selector, replicas and TLS changes to Etcd resource. StatefulSet does not allow update of label-selector. v0.23.x changes the label-selector, to get that reflected in the STS, it will be orphan deleted and subsequently created. Similarly for peer TLS and pod label changes an update of pods will be done. For single member etcd clusters this will cause a transient downtime. If replicas, TLS, label-selector are changed together then it will also cause transient quorum loss in multi-node etcd clusters. by @​shreyas-s-rao #894

[gardener/etcd-wrapper]

🏃 Others

• [DEVELOPER] Upgrade the Go dependency to go1.23.1. by @​renormalizegardener/etcd-wrapper#32
• [OPERATOR] Added a capability to stop the etcd-wrapper container by exposing an endpoint /stop. by @​ishan16696gardener/etcd-wrapper#31
• [OPERATOR] ops/print-etcd-cert-paths.sh has been removed and is now replaced with ops/print-etcd-cheatsheet.sh by @​unmarshallgardener/etcd-wrapper#18

[gardener/etcd-backup-restore]

📰 Noteworthy

• [USER] Introduced a CLI flag --use-etcd-wrapper (default: false) to enable/disable the backup-restore to use etcd-wrapper related functionality. Note: enable this flag only if etcd-wrapper is deployed. by @​ishan16696gardener/etcd-backup-restore#794
• [OPERATOR] etcd-backup-restore now triggers a restart of the etcd member after updating etcd's advertise peer URLs if found updated. by @​ishan16696gardener/etcd-backup-restore#794

Docker Images

• etcd-druid: europe-docker.pkg.dev/gardener-project/releases/gardener/etcd-druid:v0.23.1

v0.23.0

[gardener/etcd-druid]

⚠️ Breaking Changes

• [OPERATOR] Custodian controller has now been removed in favour of etcd status reconciliation handled by etcd controller. CLI flags --custodian-workers and --custodian-sync-period have now been removed, and are no longer recognised by etcd-druid. by @​unmarshall #777
• [OPERATOR] Labels on druid-managed resources are now streamlined, and no longer include name and instance. Instead, these are now standard labels app.kubernetes.io/managed-by and app.kubernetes.io/part-of, as recommended by Kubernetes. Additionally, app.kubernetes.io/component label is also used to set the type of the component for an etcd cluster. by @​unmarshall #777
• [OPERATOR] Creation of Etcd resource no longer requires annotation gardener.cloud/operation: reconcile to be set on it for etcd-druid to reconcile it. In other words, creation of Etcd resource is immediate, irrespective of whether etcd-spec-auto-reconciliation is enabled or not. by @​unmarshall #777
• [OPERATOR] CLI flag --workers has now been renamed to --etcd-workers. Additionally, etcd controller also accepts new CLI flags enable-etcd-spec-auto-reconcile to control how and when the etcd spec is reconciled, and etcd-status-sync-period to specify the duration after which an event will be re-queued to ensure etcd status reconciliation. CLI flag ignore-operation-annotation has been deprecated, and will be removed in an upcoming release. by @​unmarshall #777
• [OPERATOR] Volume mounts for the etcd StatefulSet have now been fixed, to allow individually specifying TLS secrets for the etcd and backup-restore servers. CA and TLS certificates used for etcd client-server communication, relevant to the container that they are mounted on, can be found at /var/etcd/ssl/. CA and TLS certificates used for etcd peer communication, relevant to the container that they are mounted on, can be found at /var/etcd/ssl/peer. CA and TLS certificates used for etcd-backup-restore client-server communication, relevant to the container that they are mounted on, can be found at /var/etcdbr/ssl. by @​unmarshall #777
• [DEVELOPER] Vendor directory has now been removed from the project. Please run make tidy to pull dependencies into go mod cache initially, and whenever required. by @​shreyas-s-rao #748
• [USER] Before upgrading druid to v0.23.0+, please ensure that druid is running with at least v0.22.3+. This is required to avoid any downtime during the upgrade of the etcds by the new druid version, as well as to ensure backward compatibility of your etcds, in case you wish to downgrade back to v0.22.3+. by @​shreyas-s-rao #823

📰 Noteworthy

• [OPERATOR] A new condition DataVolumesReady has been introduced in etcd.Status to capture and report PVC warnings. by @​unmarshall #777
• [OPERATOR] Annotation druid.gardener.cloud/ignore-reconciliation has been marked as deprecated. Please use druid.gardener.cloud/suspend-etcd-spec-reconcile instead, which provides the same behavior. by @​unmarshall #777
• [OPERATOR] Scale-up logic for single-node etcd clusters with peerTLS disabled to multi-node etcd clusters with peerTLS enabled, has been improved by making it deterministic and eliminates an unnecessary restart of the first etcd member, thus making this process faster and error-free. by @​unmarshall #777
• [OPERATOR] CLI flag --leader-election-resource-lock is now deprecated, and will be set to leases from a future release onwards. by @​unmarshall #777
• [OPERATOR] A new validating webhook named sentinel has been introduced to safeguard resources created by etcd-druid. A new annotation druid.gardener.cloud/disable-etcd-component-protection has been introduced, which if set, tells sentinel webhook to allow manual changes by an operator on any resource managed by etcd-druid.

... (truncated)

Commits

• 113b557 Release v0.23.1
• fa13ba7 Fixes Label-Selector, Pod Template label updates and TLS changes for client a...
• a35b5c2 Add additional latest tag to images during release (#888)
• 9b70bfb prepare next dev cycle v0.23.1-dev
• 8569ac3 Release v0.23.0
• 81dbd51 Enhance the docker-build make target to build for multiple platforms. (#873)
• 4fb2b05 Fix make deploy-debug (#876)
• d3ac301 Remove usage of *_STORAGE_API_ENDPOINT` environment variables for providers (...
• 92a3192 Fix peer TLS enablement during scale-up of etcd cluster (#874)
• 55efca1 [ci:component:github.com/gardener/etcd-backup-restore:v0.30.0->v0.30.1] (#871)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #73.