make bundle-generate

Signed-off-by: Richard Wall <richard.wall@venafi.com>

bundle/bundle.Dockerfile

@@ -5,8 +5,8 @@ LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1
 LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/
 LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/
 LABEL operators.operatorframework.io.bundle.package.v1=cert-manager
-LABEL operators.operatorframework.io.bundle.channels.v1=stable,candidate
-LABEL operators.operatorframework.io.bundle.channel.default.v1=stable
+LABEL operators.operatorframework.io.bundle.channels.v1=candidate
+LABEL operators.operatorframework.io.bundle.channel.default.v1=candidate
 LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.33.0
 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1
 LABEL operators.operatorframework.io.metrics.project_layout=unknown

bundle/manifests/acme.cert-manager.io_orders.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/component: crds
     app.kubernetes.io/instance: cert-manager
     app.kubernetes.io/name: cert-manager
-    app.kubernetes.io/version: v1.15.2
+    app.kubernetes.io/version: v1.16.0-beta.0
   name: orders.acme.cert-manager.io
 spec:
   group: acme.cert-manager.io

bundle/manifests/cert-manager-cluster-view_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/component: controller
     app.kubernetes.io/instance: cert-manager
     app.kubernetes.io/name: cert-manager
-    app.kubernetes.io/version: v1.15.2
+    app.kubernetes.io/version: v1.16.0-beta.0
     rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
   name: cert-manager-cluster-view
 rules:

bundle/manifests/cert-manager-edit_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/component: controller
     app.kubernetes.io/instance: cert-manager
     app.kubernetes.io/name: cert-manager
-    app.kubernetes.io/version: v1.15.2
+    app.kubernetes.io/version: v1.16.0-beta.0
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"
   name: cert-manager-edit

bundle/manifests/cert-manager-view_rbac.authorization.k8s.io_v1_clusterrole.yaml

@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/component: controller
     app.kubernetes.io/instance: cert-manager
     app.kubernetes.io/name: cert-manager
-    app.kubernetes.io/version: v1.15.2
+    app.kubernetes.io/version: v1.16.0-beta.0
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
     rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
     rbac.authorization.k8s.io/aggregate-to-edit: "true"

bundle/manifests/cert-manager-webhook_v1_service.yaml

@@ -7,14 +7,18 @@ metadata:
     app.kubernetes.io/component: webhook
     app.kubernetes.io/instance: cert-manager
     app.kubernetes.io/name: webhook
-    app.kubernetes.io/version: v1.15.2
+    app.kubernetes.io/version: v1.16.0-beta.0
   name: cert-manager-webhook
 spec:
   ports:
   - name: https
     port: 443
     protocol: TCP
     targetPort: https
+  - name: metrics
+    port: 9402
+    protocol: TCP
+    targetPort: http-metrics
   selector:
     app.kubernetes.io/component: webhook
     app.kubernetes.io/instance: cert-manager

bundle/manifests/cert-manager.clusterserviceversion.yaml

@@ -67,9 +67,8 @@ metadata:
       ]
     capabilities: Full Lifecycle
     categories: Security
-    containerImage: quay.io/jetstack/cert-manager-controller:v1.15.2
-    createdAt: '2024-07-30T13:50:01'
-    olm.skipRange: '>=1.15.0 <1.15.2'
+    containerImage: quay.io/jetstack/cert-manager-controller:v1.16.0-beta.0
+    createdAt: '2024-10-02T16:10:00'
     operators.operatorframework.io/builder: operator-sdk-v1.33.0
     operators.operatorframework.io/internal-objects: |-
       [
@@ -84,7 +83,7 @@ metadata:
     operatorframework.io/arch.arm64: supported
     operatorframework.io/arch.ppc64le: supported
     operatorframework.io/arch.s390x: supported
-  name: cert-manager.v1.15.2
+  name: cert-manager.v1.16.0-beta.0
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -94,12 +93,10 @@ spec:
         A CertificateRequest is used to request a signed certificate from one of the
         configured issuers.
 
-
         All fields within the CertificateRequest's `spec` are immutable after creation.
         A CertificateRequest will either succeed or fail, as denoted by its `Ready` status
         condition and its `status.failureTime` field.
 
-
         A CertificateRequest is a one-shot resource, meaning it represents a single
         point in time request for a certificate and cannot be re-used.
       displayName: CertificateRequest
@@ -110,7 +107,6 @@ spec:
         A Certificate resource should be created to ensure an up to date and signed
         X.509 certificate is stored in the Kubernetes Secret resource named in `spec.secretName`.
 
-
         The stored certificate will be renewed before it expires (as configured by `spec.renewBefore`).
       displayName: Certificate
       kind: Certificate
@@ -633,7 +629,7 @@ spec:
           app.kubernetes.io/component: controller
           app.kubernetes.io/instance: cert-manager
           app.kubernetes.io/name: cert-manager
-          app.kubernetes.io/version: v1.15.2
+          app.kubernetes.io/version: v1.16.0-beta.0
         name: cert-manager
         spec:
           replicas: 1
@@ -654,21 +650,21 @@ spec:
                 app.kubernetes.io/component: controller
                 app.kubernetes.io/instance: cert-manager
                 app.kubernetes.io/name: cert-manager
-                app.kubernetes.io/version: v1.15.2
+                app.kubernetes.io/version: v1.16.0-beta.0
             spec:
               containers:
               - args:
                 - --v=2
                 - --cluster-resource-namespace=$(POD_NAMESPACE)
                 - --leader-election-namespace=kube-system
-                - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.15.2
+                - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.16.0-beta.0
                 - --max-concurrent-challenges=60
                 env:
                 - name: POD_NAMESPACE
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.namespace
-                image: quay.io/jetstack/cert-manager-controller:v1.15.2
+                image: quay.io/jetstack/cert-manager-controller:v1.16.0-beta.0
                 imagePullPolicy: IfNotPresent
                 livenessProbe:
                   failureThreshold: 8
@@ -708,7 +704,7 @@ spec:
           app.kubernetes.io/component: cainjector
           app.kubernetes.io/instance: cert-manager
           app.kubernetes.io/name: cainjector
-          app.kubernetes.io/version: v1.15.2
+          app.kubernetes.io/version: v1.16.0-beta.0
         name: cert-manager-cainjector
         spec:
           replicas: 1
@@ -720,12 +716,16 @@ spec:
           strategy: {}
           template:
             metadata:
+              annotations:
+                prometheus.io/path: /metrics
+                prometheus.io/port: '9402'
+                prometheus.io/scrape: 'true'
               labels:
                 app: cainjector
                 app.kubernetes.io/component: cainjector
                 app.kubernetes.io/instance: cert-manager
                 app.kubernetes.io/name: cainjector
-                app.kubernetes.io/version: v1.15.2
+                app.kubernetes.io/version: v1.16.0-beta.0
             spec:
               containers:
               - args:
@@ -736,9 +736,13 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.namespace
-                image: quay.io/jetstack/cert-manager-cainjector:v1.15.2
+                image: quay.io/jetstack/cert-manager-cainjector:v1.16.0-beta.0
                 imagePullPolicy: IfNotPresent
                 name: cert-manager-cainjector
+                ports:
+                - containerPort: 9402
+                  name: http-metrics
+                  protocol: TCP
                 resources: {}
                 securityContext:
                   allowPrivilegeEscalation: false
@@ -759,7 +763,7 @@ spec:
           app.kubernetes.io/component: webhook
           app.kubernetes.io/instance: cert-manager
           app.kubernetes.io/name: webhook
-          app.kubernetes.io/version: v1.15.2
+          app.kubernetes.io/version: v1.16.0-beta.0
         name: cert-manager-webhook
         spec:
           replicas: 1
@@ -771,12 +775,16 @@ spec:
           strategy: {}
           template:
             metadata:
+              annotations:
+                prometheus.io/path: /metrics
+                prometheus.io/port: '9402'
+                prometheus.io/scrape: 'true'
               labels:
                 app: webhook
                 app.kubernetes.io/component: webhook
                 app.kubernetes.io/instance: cert-manager
                 app.kubernetes.io/name: webhook
-                app.kubernetes.io/version: v1.15.2
+                app.kubernetes.io/version: v1.16.0-beta.0
             spec:
               containers:
               - args:
@@ -789,7 +797,7 @@ spec:
                   valueFrom:
                     fieldRef:
                       fieldPath: metadata.namespace
-                image: quay.io/jetstack/cert-manager-webhook:v1.15.2
+                image: quay.io/jetstack/cert-manager-webhook:v1.16.0-beta.0
                 imagePullPolicy: IfNotPresent
                 livenessProbe:
                   failureThreshold: 3
@@ -809,6 +817,9 @@ spec:
                 - containerPort: 6080
                   name: healthcheck
                   protocol: TCP
+                - containerPort: 9402
+                  name: http-metrics
+                  protocol: TCP
                 readinessProbe:
                   failureThreshold: 3
                   httpGet:
@@ -836,6 +847,14 @@ spec:
               serviceAccountName: cert-manager-webhook
       permissions:
       - rules:
+        - apiGroups:
+          - ''
+          resourceNames:
+          - cert-manager
+          resources:
+          - serviceaccounts/token
+          verbs:
+          - create
         - apiGroups:
           - coordination.k8s.io
           resourceNames:
@@ -919,7 +938,7 @@ spec:
   provider:
     name: The cert-manager maintainers
     url: https://cert-manager.io/
-  version: 1.15.2
+  version: 1.16.0-beta.0
   webhookdefinitions:
   - admissionReviewVersions:
     - v1

bundle/manifests/cert-manager.io_certificaterequests.yaml

@@ -6,7 +6,7 @@ metadata:
     app: cert-manager
     app.kubernetes.io/instance: cert-manager
     app.kubernetes.io/name: cert-manager
-    app.kubernetes.io/version: v1.15.2
+    app.kubernetes.io/version: v1.16.0-beta.0
   name: certificaterequests.cert-manager.io
 spec:
   group: cert-manager.io
@@ -36,7 +36,7 @@ spec:
       name: Issuer
       type: string
     - jsonPath: .spec.username
-      name: Requestor
+      name: Requester
       type: string
     - jsonPath: .status.conditions[?(@.type=="Ready")].message
       name: Status
@@ -56,12 +56,10 @@ spec:
           A CertificateRequest is used to request a signed certificate from one of the
           configured issuers.
 
-
           All fields within the CertificateRequest's `spec` are immutable after creation.
           A CertificateRequest will either succeed or fail, as denoted by its `Ready` status
           condition and its `status.failureTime` field.
 
-
           A CertificateRequest is a one-shot resource, meaning it represents a single
           point in time request for a certificate and cannot be re-used.
         properties:
@@ -115,11 +113,9 @@ spec:
                   Requested basic constraints isCA value. Note that the issuer may choose
                   to ignore the requested isCA value, just like any other requested attribute.
 
-
                   NOTE: If the CSR in the `Request` field has a BasicConstraints extension,
                   it must have the same isCA value as specified here.
 
-
                   If true, this will automatically add the `cert sign` usage to the list
                   of requested `usages`.
                 type: boolean
@@ -130,7 +126,6 @@ spec:
                   as the Certificate. If the issuer is cluster-scoped, it can be used
                   from any namespace.
 
-
                   The `name` field of the reference must always be specified.
                 properties:
                   group:
@@ -150,7 +145,6 @@ spec:
                   The PEM-encoded X.509 certificate signing request to be submitted to the
                   issuer for signing.
 
-
                   If the CSR has a BasicConstraints extension, its isCA attribute must
                   match the `isCA` value of this CertificateRequest.
                   If the CSR has a KeyUsage extension, its key usages must match the
@@ -169,12 +163,10 @@ spec:
                 description: |-
                   Requested key usages and extended key usages.
 
-
                   NOTE: If the CSR in the `Request` field has uses the KeyUsage or
                   ExtKeyUsage extension, these extensions must have the same values
                   as specified here without any additional values.
 
-
                   If unset, defaults to `digital signature` and `key encipherment`.
                 items:
                   description: |-
@@ -183,7 +175,6 @@ spec:
                     https://tools.ietf.org/html/rfc5280#section-4.2.1.3
                     https://tools.ietf.org/html/rfc5280#section-4.2.1.12
 
-
                     Valid KeyUsage values are as follows:
                     "signing",
                     "digital signature",