Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update helm release cert-manager to v1.16.0 #3534

Merged
merged 1 commit into from
Oct 3, 2024
Merged

chore(deps): update helm release cert-manager to v1.16.0 #3534

merged 1 commit into from
Oct 3, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 3, 2024

This PR contains the following updates:

Package Update Change
cert-manager (source) minor v1.15.3 -> v1.16.0

Release Notes

cert-manager/cert-manager (cert-manager)

v1.16.0

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot assigned rxbn Oct 3, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 3, 2024

Path: infra/cert-manager/helmrelease.yaml
Version: v1.15.3 -> v1.16.0

@@ -381,7 +381,7 @@
 ---
 # Source: cert-manager/templates/rbac.yaml
 # Permission to:
-# - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers
+# - Update and sign CertificateSigningRequests referencing cert-manager.io Issuers and ClusterIssuers
 # - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -620,8 +620,7 @@
 kind: ClusterRole
 name: cert-manager-webhook:subjectaccessreviews
 subjects:
- - apiGroup: ""
- kind: ServiceAccount
+ - kind: ServiceAccount
 name: cert-manager-webhook
 namespace: default
 ---
@@ -673,6 +672,24 @@
 resources: ["leases"]
 verbs: ["create"]
 ---
+# Source: cert-manager/templates/rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: cert-manager-tokenrequest
+ namespace: default
+ labels:
+ app: cert-manager
+ app.kubernetes.io/name: cert-manager
+ app.kubernetes.io/instance: cert-manager
+ app.kubernetes.io/component: "controller"
+ app.kubernetes.io/managed-by: Helm
+rules:
+ - apiGroups: [""]
+ resources: ["serviceaccounts/token"]
+ resourceNames: ["cert-manager"]
+ verbs: ["create"]
+---
 # Source: cert-manager/templates/webhook-rbac.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -738,8 +755,29 @@
 kind: Role
 name: cert-manager:leaderelection
 subjects:
- - apiGroup: ""
- kind: ServiceAccount
+ - kind: ServiceAccount
+ name: cert-manager
+ namespace: default
+---
+# Source: cert-manager/templates/rbac.yaml
+# grant cert-manager permission to create tokens for the serviceaccount
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: cert-manager-cert-manager-tokenrequest
+ namespace: default
+ labels:
+ app: cert-manager
+ app.kubernetes.io/name: cert-manager
+ app.kubernetes.io/instance: cert-manager
+ app.kubernetes.io/component: "controller"
+ app.kubernetes.io/managed-by: Helm
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: cert-manager-tokenrequest
+subjects:
+ - kind: ServiceAccount
 name: cert-manager
 namespace: default
 ---
@@ -760,11 +798,33 @@
 kind: Role
 name: cert-manager-webhook:dynamic-serving
 subjects:
- - apiGroup: ""
- kind: ServiceAccount
+ - kind: ServiceAccount
 name: cert-manager-webhook
 namespace: default
 ---
+# Source: cert-manager/templates/cainjector-service.yaml
+apiVersion: v1
+kind: Service
+metadata:
+ name: cert-manager-cainjector
+ namespace: default
+ labels:
+ app: cainjector
+ app.kubernetes.io/name: cainjector
+ app.kubernetes.io/instance: cert-manager
+ app.kubernetes.io/component: "cainjector"
+ app.kubernetes.io/managed-by: Helm
+spec:
+ type: ClusterIP
+ ports:
+ - protocol: TCP
+ port: 9402
+ name: http-metrics
+ selector:
+ app.kubernetes.io/name: cainjector
+ app.kubernetes.io/instance: cert-manager
+ app.kubernetes.io/component: "cainjector"
+---
 # Source: cert-manager/templates/service.yaml
 apiVersion: v1
 kind: Service
@@ -808,6 +868,10 @@
 port: 443
 protocol: TCP
 targetPort: "https"
+ - name: metrics
+ port: 9402
+ protocol: TCP
+ targetPort: "http-metrics"
 selector:
 app.kubernetes.io/name: webhook
 app.kubernetes.io/instance: cert-manager
@@ -849,11 +913,15 @@
 type: RuntimeDefault
 containers:
 - name: cert-manager-cainjector
- image: "quay.io/jetstack/cert-manager-cainjector:v1.15.3"
+ image: "quay.io/jetstack/cert-manager-cainjector:v1.16.0"
 imagePullPolicy: IfNotPresent
 args:
 - --v=2
 - --leader-election-namespace=kube-system
+ ports:
+ - containerPort: 9402
+ name: http-metrics
+ protocol: TCP
 env:
 - name: POD_NAMESPACE
 valueFrom:
@@ -904,13 +972,13 @@
 type: RuntimeDefault
 containers:
 - name: cert-manager-controller
- image: "quay.io/jetstack/cert-manager-controller:v1.15.3"
+ image: "quay.io/jetstack/cert-manager-controller:v1.16.0"
 imagePullPolicy: IfNotPresent
 args:
 - --v=2
 - --cluster-resource-namespace=$(POD_NAMESPACE)
 - --leader-election-namespace=kube-system
- - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.15.3
+ - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.16.0
 - --dns01-recursive-nameservers=1.1.1.1:53
 - --dns01-recursive-nameservers-only
 - --max-concurrent-challenges=60
@@ -989,7 +1057,7 @@
 type: RuntimeDefault
 containers:
 - name: cert-manager-webhook
- image: "quay.io/jetstack/cert-manager-webhook:v1.15.3"
+ image: "quay.io/jetstack/cert-manager-webhook:v1.16.0"
 imagePullPolicy: IfNotPresent
 args:
 - --v=2
@@ -1006,6 +1074,9 @@
 - name: healthcheck
 protocol: TCP
 containerPort: 6080
+ - containerPort: 9402
+ name: http-metrics
+ protocol: TCP
 livenessProbe:
 httpGet:
 path: /livez
@@ -1107,10 +1178,23 @@
 spec:
 jobLabel: cert-manager
 selector:
- matchLabels:
- app.kubernetes.io/name: cert-manager
- app.kubernetes.io/instance: cert-manager
- app.kubernetes.io/component: "controller"
+ matchExpressions:
+ - key: app.kubernetes.io/name
+ operator: In
+ values:
+ - cainjector
+ - cert-manager
+ - webhook
+ - key: app.kubernetes.io/instance
+ operator: In
+ values:
+ - cert-manager
+ - key: app.kubernetes.io/component
+ operator: In
+ values:
+ - cainjector
+ - controller
+ - webhook
 namespaceSelector:
 matchNames:
 - default
@@ -1204,7 +1288,7 @@
 helm.sh/hook-weight: "-5"
 rules:
 - apiGroups: ["cert-manager.io"]
- resources: ["certificates"]
+ resources: ["certificaterequests"]
 verbs: ["create"]
 ---
 # Source: cert-manager/templates/startupapicheck-rbac.yaml
@@ -1268,7 +1352,7 @@
 type: RuntimeDefault
 containers:
 - name: cert-manager-startupapicheck
- image: "quay.io/jetstack/cert-manager-startupapicheck:v1.15.3"
+ image: "quay.io/jetstack/cert-manager-startupapicheck:v1.16.0"
 imagePullPolicy: IfNotPresent
 args:
 - check
@@ -1281,5 +1365,10 @@
 drop:
 - ALL
 readOnlyRootFilesystem: true
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
 nodeSelector:
 kubernetes.io/os: linux

@rxbn rxbn merged commit 0470e7a into master Oct 3, 2024
2 checks passed
@rxbn rxbn deleted the renovate/cert-manager-1.x branch October 3, 2024 17:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@rxbn rxbn

Labels
dep/minor renovate/helm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@rxbn