[ci:component:github.com/gardener/gardener-extension-provider-aws:v1.35.0->v1.37.0]

[gardener-robot-ci-2]

Release Notes:

Paths transformations in .docforge/manifest.yaml for simplification

The resource requests and limits for components (seed and shoot) managed by the `provider-aws` extension has been adapted based on a production environment analysis. This is done to avoid OOMKills and cpu throttling situations. Furthermore the vpa `minAllowed` settings are now aligned with the cpu and memory request of the respective component`

The dashboards: Cloud Controller Manager and CSI Driver are removed from Grafana

add link to K8s v1.23 conformance tests

This extension is only compatible with Gardener versions `>= v1.37`.

This extension is prepared to support the Shoot CA rotation feature ([GEP-18](https://github.com/gardener/gardener/issues/3292)).

The following images are updated:
- k8s.gcr.io/sig-storage/csi-provisioner: v2.1.2 -> v2.2.2 (for kubernetes < 1.20)
- k8s.gcr.io/sig-storage/csi-provisioner: v2.1.2 -> v3.2.0 (for kubernetes >= 1.20)
- k8s.gcr.io/sig-storage/csi-attacher: v3.3.0 -> v3.4.0
- k8s.gcr.io/sig-storage/csi-resizer: v0.5.0 -> v1.5.0
- k8s.gcr.io/sig-storage/csi-snapshotter: v3.0.3 -> v4.2.1 (for kubernetes >= 1.20)
- k8s.gcr.io/sig-storage/snapshot-validation-webhook: v3.0.3 -> v4.2.1 (for kubernetes >= 1.20)
- k8s.gcr.io/sig-storage/snapshot-controller: v3.0.3 -> v4.2.1 (for kubernetes >= 1.20)
- k8s.gcr.io/sig-storage/csi-node-driver-registrar: v1.3.0 -> v2.5.1
- k8s.gcr.io/sig-storage/livenessprobe: v2.3.0 -> v2.7.0

The following image is updated:
- k8s.gcr.io/provider-aws/aws-ebs-csi-driver: v1.5.0 -> v1.5.3

Update alpine to 3.15.4

Updated alpine base image to `v3.15.4`

The release tags from now are prefixed with `v`.

`k8s.io/legacy-cloud-providers` is now updated to `v1.21.12`.

The alpine version has been updated to `v3.15.4`.

The Golang version has been updated to `v1.16.15`.

`k8s.io/legacy-cloud-providers` is now updated to `v1.22.9`.

The alpine version has been updated to `v3.15.4`.

The Golang version has been updated to `v1.16.15`.

`k8s.io/legacy-cloud-providers` is now updated to `v1.23.6`.

The alpine version has been updated to `v3.15.4`.

The Golang version has been updated to `v1.17.9`.

The following images used by the mtu-customizer DaemonSet are updated:
- alpine: 3.12.1 -> 3.15.4
- k8s.gcr.io/pause: 3.1 -> 3.7

An issue causing admission-aws to fail a Shoot creation request with `.spec.provider.infrastructureConfig=nil` with 500 Internal server error is now fixed. admission-aws now properly indicates in the response that the corresponding field is required.

The extension does now automatically rotate its webhook CA and server certificates each `30d`.

This extension is prepared to support the Shoot `ServiceAccount` signing key rotation feature ([see documentation](https://github.com/gardener/gardener/blob/master/docs/usage/shoot_credentials_rotation.md#serviceaccount-token-signing-key)).

This version of admission-aws requires the SecretBinding provider controller to be enabled - enabled by default for gardener-controller-manager >= 1.42 or can be enabled via the gardener-controller-manager component config.

The Secrets webhook of admission-aws:
- no longer intercepts every Secret UPDATE request but only requests for Secrets that are associated with a SecretBinding with `provider.type=aws`.
- no longer needs to list Shoots (hence, no cache for Shoots)

The admission-aws component introduces a new SecretBinding validator. It validates requests for SecretBindings and checks whether the SecretBinding refers to a valid AWS Secret.

The AWS extension does now support shoot clusters with Kubernetes version 1.24. You should consider the [Kubernetes release notes](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.24.md) before upgrading to 1.24.

The following image is updated:
- eu.gcr.io/gardener-project/kubernetes/cloud-provider-aws: 1.23.6 -> 1.24.0(For shoots with Kubernetes version 1.24)

upgraded k8s dependecy to v1.22.9 (revendor in providers required to see effects)

K8s dependency upgraded to 1.21.12

Base image updated to alpine `v3.15.4` and build image to golang `1.17.9`.

Paths transformations in .docforge/manifest.yaml for simplification

upgraded to mcm version 0.45.0

Users can now set IOPS for a GP3 volume type. Validation of IOPS (i.e. whether it is allowed and is in the specified range for a volume type) is done on the AWS side, so feedback will arrive once the volume is created.

This version of provider-aws requires Gardener v1.50.0.

provider-aws now mutates the `cluster-autoscaler` Deployment by implementing the `EnsureClusterAutoscalerDeployment` function. This is required in the context of https://github.com/kubernetes/autoscaler/issues/4517 - cluster-autoscaler supports `--feature-gates` flag and provider extensions have to mutate the cluster-autoscaler Deployment to add the CSI related feature gates to it.

The extension now uses `distroless` instead of `alpine` as a base image.

`CloudProfileConfig` now supports a new field `.machineImages[].versions[].regions[].architecture`. It specifies the supported CPU architecture of the given machine image AMI.

`WorkerStatus` now supports a new field `.machineImage[].architecture`. It specifies the supported CPU architecture of the given worker pool.

The following dependency is updated:
- github.com/gardener/gardener: v1.48.0 -> v1.50.0

Update golang version used to 1.18

This version of provider-aws requires Gardener v1.50+.

The following image is updated:
- k8s.gcr.io/provider-aws/aws-ebs-csi-driver: v1.5.3 -> v1.9.0

The `gp2` StorageClass is now removed.

Use `go mod` instead of `dep`
Update golang version used.

The `aws-lb-readvertiser` now uses `distroless` instead of `alpine` as a base image.

Update MTU-resizer alpine image

The default leader election resource lock of `machine-controller-manager` has been changed from `endpointsleases` to `leases`.
Please make sure, that you had at least `machine-controller-manager@v0.43.0` running before upgrading to `v0.46.0`, so that it has successfully acquired leadership with the hybrid resource lock (`endpointsleases`) at least once.

Published docker images for Machine-Controller-Manager are now multi-arch ready. They support `linux/amd64` and `linux/arm64`.

Rollout freeze won't happen due to `Unknown` machines now.

The `machine-controller-manager` container now uses `distroless` instead of `alpine` as a base image.

machine-controller-manager-provider-aws now uses `distroless` instead of `alpine` as a base image.

The default leader election resource lock of `machine-controller-manager` has been changed from `endpointsleases` to `leases`.
Please make sure, that you had at least `machine-controller-manager@v0.43.0` running before upgrading to `v0.46.0`, so that it has successfully acquired leadership with the hybrid resource lock (`endpointsleases`) at least once.

Published docker images for Machine-Controller-Manager are now multi-arch ready. They support `linux/amd64` and `linux/arm64`.

Rollout freeze won't happen due to `Unknown` machines now.

The `machine-controller-manager` container now uses `distroless` instead of `alpine` as a base image.

probeResources() now doesn't try to delete orphan resources but only lists them.
The beforeSuite for IT test now calls for cleanup of orphan resources separately.
The Integration Test, which looks for orphan resources, now doesn't try to delete the orphan resources and just waits for them to be done automatically.

Terraform google provider is updated to v4.19.0

[gardener-robot]

@gardener-robot-ci-2 Thank you for your contribution.