Update module github.com/cert-manager/cert-manager to v1.12.3 #10
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
|
we currently need k8s 1.26 |
Renovate Ignore NotificationBecause you closed this PR without merging, Renovate will ignore this update (v1.12.3). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR. |
renovate
bot
deleted the
renovate/github.com-cert-manager-cert-manager-1.x
branch
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.11.0->v1.12.3Release Notes
cert-manager/cert-manager (github.com/cert-manager/cert-manager)
v1.12.3Compare Source
Changes by Kind
Bugfixes
v1.12.2Compare Source
Known issues
https://github.com/cert-manager/cert-manager/pull/62326232 for context.
Changes by Kind
Bugfixes
cmctl check api --wait 0exited without output; we now make sure we perform the API check at least once (#6116, @jetstack-bot)v1.12.1Compare Source
v1.12.1
This release contains a couple dependency bumps and changes to ACME external webhook library.
Known issues
cmctlAPI check is broken in v1.12.1. We suggest that you do not upgradecmctlto this version. The fix will be released in v1.12.2.See #6116 for context.
https://github.com/cert-manager/cert-manager/pull/62326232 for context.
Changes by Kind
Other (Cleanup or Flake)
Uncategorized
v0.27.2. (#6077, @lucacome)v0.15.0(#6098, @lucacome)v1.12.0Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
cert-manager v1.12 brings support for JSON logging, a lower memory footprint, support for ephemeral service account tokens with Vault, improved dependency management and support for the ingressClassName field.
The full release notes are available at https://cert-manager.io/docs/release-notes/release-notes-1.12.
Known issues
cmctlAPI check is broken in v1.12.1. We suggest that you do not upgradecmctlto this version. The fix will be released in v1.12.2.See #6116 for context.
https://github.com/cert-manager/cert-manager/pull/62326232 for context.
Community
Thanks again to all open-source contributors with commits in this release, including:
Thanks also to the following cert-manager maintainers for their contributions during this release:
Equally thanks to everyone who provided feedback, helped users and raised issues on Github and Slack, joined our meetings and talked to us at Kubecon!
Special thanks to @erikgb for continuously great input and feedback and to @lucacome for always ensuring that our kube deps are up to date!
Thanks also to the CNCF, which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the PrivateCA Issuer.
In addition, massive thanks to Jetstack (by Venafi) for contributing developer time and resources towards the continued maintenance of cert-manager projects.
Changes by Kind
Feature
--concurrent-workersflag that lets you control the number of concurrent workers for each of our controllers. (#5936, @inteon)acme.solvers.http01.ingress.podTemplate.spec.imagePullSecretsfield to issuer spec to allow to specify image pull secrets for the ACME HTTP01 solver pod. (#5801, @malovme)--watch-certsflag was renamed to--enable-certificates-data-source. (#5766, @irbekrm)--dns01-recursive-nameservers,--enable-certificate-owner-ref, and--dns01-recursive-nameservers-onlythrough Helm values. (#5614, @jkroepke)ingressClassName. The credit goes to @dsonck92 for implementing the initial PR. (#5849, @maelvls)serviceAccountReffield, cert-manager generates a short-lived token associated to the service account to authenticate to Vault. Along with this new feature, we have added validation logic in the webhook in order to check thevault.authfield when creating an Issuer or ClusterIssuer. Previously, it was possible to create an Issuer or ClusterIssuer with an invalid value forvault.auth. (#5502, @maelvls)/livezendpoint and a default liveness probe, which fails if leader election has been lost and for some reason the process has not exited. The liveness probe is disabled by default. (#5962, @wallrj)--v=5flag) (#5975, @tobotg)Design
This is not necessarily a breaking change as due to a race condition this may already have been the case. (#5887, @irbekrm)
Documentation
values.yamlare now working (#5999, @SgtCoDFish)Bug or Regression
cmctl x install. (#5720, @irbekrm)--acme-http01-solver-imagegiven to the variableacmesolver.extraArgsnow has precedence over the variableacmesolver.image. (#5693, @SgtCoDFish)jksandpkcs12fields on a Certificate resource with a CA issuer that doesn't set theca.crtin the Secret resource, cert-manager no longer loop trying to copyca.crtintotruststore.jksortruststore.p12. (#5972, @vinzent)literalSubjectfield on a Certificate resource, the IPs, URIs, DNS names, and email addresses segments are now properly compared. (#5747, @inteon)Other (Cleanup or Flake)
make go-workspacetarget for generating a go.work file for local development (#5935, @SgtCoDFish)**BREAKING:*- users who are relying on cainjector to work when
certificates.cert-manager.ioCRD is not installed in the cluster, now need to pass--watch-certificates=falseflag to cainjector else it will not start.Users who only use cainjector as cert-manager's internal component and have a large number of
Certificateresources in cluster can pass--watch-certificates=falseto avoid cainjector from cachingCertificateresources and save some memory. (#5746, @irbekrm)automountServiceAccountTokenturned off. (#5754, @wallrj)SecretsFilteredCachingfeature flag. The filtering mechanism might, in some cases, slightly slow down issuance or cause additional requests to kube-apiserver because unlabelled Secret resources that cert-manager controller needs will now be retrieved from kube-apiserver instead of being cached locally. To prevent this from happening, users can label all issuer Secret resources with thecontroller.cert-manager.io/fao: truelabel. (#5824, @irbekrm)POTENTIALLY BREAKING: this PR slightly changes how the name of the Challenge resources are calculated. To avoid duplicate issuances due to the Challenge resource being recreated, ensure that there is no in-progress ACME certificate issuance when you upgrade to this version of cert-manager. (#5901, @irbekrm)
v0.26.2. (#5820, @lucacome)v0.26.3. (#5907, @lucacome)v0.27.1. (#5961, @lucacome)certificate.spec.secretNameis a validSecretname (#5967, @avi-08)certificate.spec.secretNameSecrets will now be labelled withcontroller.cert-manager.io/faolabel (#5660, @irbekrm)Uncategorized
v1.11.4Compare Source
Changes by Kind
Other (Cleanup or Flake)
Dependencies
Changed
v1.11.3Compare Source
v1.11.3 mostly contains ACME library changes. API Priority and Fairness feature is now disabled in the external webhook's extension apiserver.
Changes by Kind
Other (Cleanup or Flake)
v1.11.2Compare Source
Changelog since v1.11.1
Changes by Kind
Bug or Regression
Other (Cleanup or Flake)
Bump the distroless base images (#5930, @maelvls)
Bumps Docker libraries to fix vulnerability scan alert for CVE-2023-28840, CVE-2023-28841, CVE-2023-28842 (#6037, @irbekrm)
Cert-manager was not actually affected by these CVEs which are all to do with Docker daemon's overlay network.
Bumps Kube libraries v0.26.0 -> v0.26.4 (#6038, @irbekrm)
This might help with running cert-manager v1.11 on Kubernetes v1.27, see #6038
v1.11.1Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
In v1.11.1, we updated the base images used for cert-manager containers. In addition, the users of the Venafi issuer will see less certificates repeatedly failing.
If you are a user of Venafi TPP and have been having issues with the error message
This certificate cannot be processed while it is in an error state. Fix any errors, and then click Retry, please use this version.Changes since v1.11.0
Bug or Regression
cmctl x install, to work around a hardcoded Kubernetes version in Helm. (#5726, @SgtCoDFish)Other (Cleanup or Flake)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.