feat(container): update app-template ( 3.4.0 → 3.5.0 ) [registry]

[doug-piranha-bot[bot]]

This PR contains the following updates:

Package	Update	Change
app-template	minor	3.4.0 -> 3.5.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[doug-piranha-bot[bot]]

--- kubernetes/registry/apps/network/echo-server/app Kustomization: flux-system/echo-server HelmRelease: network/echo-server

+++ kubernetes/registry/apps/network/echo-server/app Kustomization: flux-system/echo-server HelmRelease: network/echo-server

@@ -13,13 +13,13 @@

     spec:
       chart: app-template
       sourceRef:
         kind: HelmRepository
         name: bjw-s
         namespace: flux-system
-      version: 3.4.0
+      version: 3.5.0
   install:
     remediation:
       retries: 3
   interval: 30m
   upgrade:
     cleanupOnFail: true
--- kubernetes/registry/apps/harbor/harbor/backup Kustomization: flux-system/harbor-backup HelmRelease: harbor/harbor-pgdump

+++ kubernetes/registry/apps/harbor/harbor/backup Kustomization: flux-system/harbor-backup HelmRelease: harbor/harbor-pgdump

@@ -13,13 +13,13 @@

     spec:
       chart: app-template
       sourceRef:
         kind: HelmRepository
         name: bjw-s
         namespace: flux-system
-      version: 3.4.0
+      version: 3.5.0
   install:
     remediation:
       retries: 3
   interval: 30m
   upgrade:
     cleanupOnFail: true
--- kubernetes/registry/apps/cert-manager/cert-manager/app Kustomization: flux-system/cert-manager HelmRelease: cert-manager/cert-manager

+++ kubernetes/registry/apps/cert-manager/cert-manager/app Kustomization: flux-system/cert-manager HelmRelease: cert-manager/cert-manager

@@ -13,13 +13,13 @@

     spec:
       chart: cert-manager
       sourceRef:
         kind: HelmRepository
         name: jetstack
         namespace: flux-system
-      version: v1.16.0
+      version: v1.15.3
   install:
     remediation:
       retries: 3
   interval: 30m
   upgrade:
     cleanupOnFail: true
--- kubernetes/registry/apps/tools/system-upgrade-controller/app Kustomization: flux-system/system-upgrade-controller HelmRelease: tools/system-upgrade-controller

+++ kubernetes/registry/apps/tools/system-upgrade-controller/app Kustomization: flux-system/system-upgrade-controller HelmRelease: tools/system-upgrade-controller

@@ -13,13 +13,13 @@

     spec:
       chart: app-template
       sourceRef:
         kind: HelmRepository
         name: bjw-s
         namespace: flux-system
-      version: 3.4.0
+      version: 3.5.0
   install:
     remediation:
       retries: 3
   interval: 30m
   upgrade:
     cleanupOnFail: true

[doug-piranha-bot[bot]]

--- HelmRelease: cert-manager/cert-manager ClusterRoleBinding: cert-manager/cert-manager-webhook:subjectaccessreviews

+++ HelmRelease: cert-manager/cert-manager ClusterRoleBinding: cert-manager/cert-manager-webhook:subjectaccessreviews

@@ -11,10 +11,11 @@

     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: cert-manager-webhook:subjectaccessreviews
 subjects:
-- kind: ServiceAccount
+- apiGroup: ''
+  kind: ServiceAccount
   name: cert-manager-webhook
   namespace: cert-manager

--- HelmRelease: cert-manager/cert-manager Role: cert-manager/cert-manager-tokenrequest

+++ HelmRelease: cert-manager/cert-manager Role: cert-manager/cert-manager-tokenrequest

@@ -1,22 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: cert-manager-tokenrequest
-  namespace: cert-manager
-  labels:
-    app: cert-manager
-    app.kubernetes.io/name: cert-manager
-    app.kubernetes.io/instance: cert-manager
-    app.kubernetes.io/component: controller
-    app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
-  - ''
-  resources:
-  - serviceaccounts/token
-  resourceNames:
-  - cert-manager
-  verbs:
-  - create
-
--- HelmRelease: cert-manager/cert-manager RoleBinding: kube-system/cert-manager:leaderelection

+++ HelmRelease: cert-manager/cert-manager RoleBinding: kube-system/cert-manager:leaderelection

@@ -12,10 +12,11 @@

     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: cert-manager:leaderelection
 subjects:
-- kind: ServiceAccount
+- apiGroup: ''
+  kind: ServiceAccount
   name: cert-manager
   namespace: cert-manager

--- HelmRelease: cert-manager/cert-manager RoleBinding: cert-manager/cert-manager-cert-manager-tokenrequest

+++ HelmRelease: cert-manager/cert-manager RoleBinding: cert-manager/cert-manager-cert-manager-tokenrequest

@@ -1,21 +0,0 @@

----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: cert-manager-cert-manager-tokenrequest
-  namespace: cert-manager
-  labels:
-    app: cert-manager
-    app.kubernetes.io/name: cert-manager
-    app.kubernetes.io/instance: cert-manager
-    app.kubernetes.io/component: controller
-    app.kubernetes.io/managed-by: Helm
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: cert-manager-tokenrequest
-subjects:
-- kind: ServiceAccount
-  name: cert-manager
-  namespace: cert-manager
-
--- HelmRelease: cert-manager/cert-manager RoleBinding: cert-manager/cert-manager-webhook:dynamic-serving

+++ HelmRelease: cert-manager/cert-manager RoleBinding: cert-manager/cert-manager-webhook:dynamic-serving

@@ -12,10 +12,11 @@

     app.kubernetes.io/managed-by: Helm
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: cert-manager-webhook:dynamic-serving
 subjects:
-- kind: ServiceAccount
+- apiGroup: ''
+  kind: ServiceAccount
   name: cert-manager-webhook
   namespace: cert-manager

--- HelmRelease: cert-manager/cert-manager Service: cert-manager/cert-manager-cainjector

+++ HelmRelease: cert-manager/cert-manager Service: cert-manager/cert-manager-cainjector

@@ -1,23 +0,0 @@

----
-apiVersion: v1
-kind: Service
-metadata:
-  name: cert-manager-cainjector
-  namespace: cert-manager
-  labels:
-    app: cainjector
-    app.kubernetes.io/name: cainjector
-    app.kubernetes.io/instance: cert-manager
-    app.kubernetes.io/component: cainjector
-    app.kubernetes.io/managed-by: Helm
-spec:
-  type: ClusterIP
-  ports:
-  - protocol: TCP
-    port: 9402
-    name: http-metrics
-  selector:
-    app.kubernetes.io/name: cainjector
-    app.kubernetes.io/instance: cert-manager
-    app.kubernetes.io/component: cainjector
-
--- HelmRelease: cert-manager/cert-manager Service: cert-manager/cert-manager-webhook

+++ HelmRelease: cert-manager/cert-manager Service: cert-manager/cert-manager-webhook

@@ -14,15 +14,11 @@

   type: ClusterIP
   ports:
   - name: https
     port: 443
     protocol: TCP
     targetPort: https
-  - name: metrics
-    port: 9402
-    protocol: TCP
-    targetPort: http-metrics
   selector:
     app.kubernetes.io/name: webhook
     app.kubernetes.io/instance: cert-manager
     app.kubernetes.io/component: webhook

--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector

@@ -31,21 +31,17 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-cainjector
-        image: quay.io/jetstack/cert-manager-cainjector:v1.16.0
+        image: quay.io/jetstack/cert-manager-cainjector:v1.15.3
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --leader-election-namespace=kube-system
-        ports:
-        - containerPort: 9402
-          name: http-metrics
-          protocol: TCP
         env:
         - name: POD_NAMESPACE
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
         securityContext:
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager

@@ -31,19 +31,19 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-controller
-        image: quay.io/jetstack/cert-manager-controller:v1.16.0
+        image: quay.io/jetstack/cert-manager-controller:v1.15.3
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --cluster-resource-namespace=$(POD_NAMESPACE)
         - --leader-election-namespace=kube-system
-        - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.16.0
+        - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.15.3
         - --max-concurrent-challenges=60
         - --dns01-recursive-nameservers-only=true
         - --dns01-recursive-nameservers=https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query
         ports:
         - containerPort: 9402
           name: http-metrics
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook

@@ -31,13 +31,13 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-webhook
-        image: quay.io/jetstack/cert-manager-webhook:v1.16.0
+        image: quay.io/jetstack/cert-manager-webhook:v1.15.3
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --secure-port=10250
         - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
         - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
@@ -48,15 +48,12 @@

         - name: https
           protocol: TCP
           containerPort: 10250
         - name: healthcheck
           protocol: TCP
           containerPort: 6080
-        - containerPort: 9402
-          name: http-metrics
-          protocol: TCP
         livenessProbe:
           httpGet:
             path: /livez
             port: 6080
             scheme: HTTP
           initialDelaySeconds: 60
--- HelmRelease: cert-manager/cert-manager ServiceMonitor: cert-manager/cert-manager

+++ HelmRelease: cert-manager/cert-manager ServiceMonitor: cert-manager/cert-manager

@@ -11,29 +11,16 @@

     app.kubernetes.io/component: controller
     app.kubernetes.io/managed-by: Helm
     prometheus: default
 spec:
   jobLabel: cert-manager
   selector:
-    matchExpressions:
-    - key: app.kubernetes.io/name
-      operator: In
-      values:
-      - cainjector
-      - cert-manager
-      - webhook
-    - key: app.kubernetes.io/instance
-      operator: In
-      values:
-      - cert-manager
-    - key: app.kubernetes.io/component
-      operator: In
-      values:
-      - cainjector
-      - controller
-      - webhook
+    matchLabels:
+      app.kubernetes.io/name: cert-manager
+      app.kubernetes.io/instance: cert-manager
+      app.kubernetes.io/component: controller
   endpoints:
   - targetPort: 9402
     path: /metrics
     interval: 60s
     scrapeTimeout: 30s
     honorLabels: false
--- HelmRelease: cert-manager/cert-manager Role: cert-manager/cert-manager-startupapicheck:create-cert

+++ HelmRelease: cert-manager/cert-manager Role: cert-manager/cert-manager-startupapicheck:create-cert

@@ -15,10 +15,10 @@

     helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
     helm.sh/hook-weight: '-5'
 rules:
 - apiGroups:
   - cert-manager.io
   resources:
-  - certificaterequests
+  - certificates
   verbs:
   - create

--- HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck

+++ HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck

@@ -31,27 +31,22 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-startupapicheck
-        image: quay.io/jetstack/cert-manager-startupapicheck:v1.16.0
+        image: quay.io/jetstack/cert-manager-startupapicheck:v1.15.3
         imagePullPolicy: IfNotPresent
         args:
         - check
         - api
         - --wait=1m
         - -v
         securityContext:
           allowPrivilegeEscalation: false
           capabilities:
             drop:
             - ALL
           readOnlyRootFilesystem: true
-        env:
-        - name: POD_NAMESPACE
-          valueFrom:
-            fieldRef:
-              fieldPath: metadata.namespace
       nodeSelector:
         kubernetes.io/os: linux

--- HelmRelease: tools/system-upgrade-controller ServiceAccount: tools/system-upgrade

+++ HelmRelease: tools/system-upgrade-controller ServiceAccount: tools/system-upgrade

@@ -5,8 +5,8 @@

   name: system-upgrade
   labels:
     app.kubernetes.io/instance: system-upgrade-controller
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: system-upgrade-controller
 secrets:
-- name: system-upgrade-controller-sa-token
+- name: system-upgrade-controller-default-sa-token

--- HelmRelease: tools/system-upgrade-controller Deployment: tools/system-upgrade-controller

+++ HelmRelease: tools/system-upgrade-controller Deployment: tools/system-upgrade-controller

@@ -18,13 +18,13 @@

       app.kubernetes.io/component: system-upgrade-controller
       app.kubernetes.io/name: system-upgrade-controller
       app.kubernetes.io/instance: system-upgrade-controller
   template:
     metadata:
       annotations:
-        checksum/secrets: 4141e6981f3b767e75a4e744858b9ff414dba5d0ef6afd761f7700061fb6e32e
+        checksum/secrets: f9a2edb516d89dc9e0af00dcf3d13ae57cbe1bc631c4b35d393a497ef218d929
       labels:
         app.kubernetes.io/component: system-upgrade-controller
         app.kubernetes.io/instance: system-upgrade-controller
         app.kubernetes.io/name: system-upgrade-controller
     spec:
       enableServiceLinks: false