Closed doug-piranha-bot[bot] closed 1 week ago
--- kubernetes/registry/apps/network/echo-server/app Kustomization: flux-system/echo-server HelmRelease: network/echo-server
+++ kubernetes/registry/apps/network/echo-server/app Kustomization: flux-system/echo-server HelmRelease: network/echo-server
@@ -13,13 +13,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 3.4.0
+ version: 3.5.0
install:
remediation:
retries: 3
interval: 30m
upgrade:
cleanupOnFail: true
--- kubernetes/registry/apps/harbor/harbor/backup Kustomization: flux-system/harbor-backup HelmRelease: harbor/harbor-pgdump
+++ kubernetes/registry/apps/harbor/harbor/backup Kustomization: flux-system/harbor-backup HelmRelease: harbor/harbor-pgdump
@@ -13,13 +13,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 3.4.0
+ version: 3.5.0
install:
remediation:
retries: 3
interval: 30m
upgrade:
cleanupOnFail: true
--- kubernetes/registry/apps/cert-manager/cert-manager/app Kustomization: flux-system/cert-manager HelmRelease: cert-manager/cert-manager
+++ kubernetes/registry/apps/cert-manager/cert-manager/app Kustomization: flux-system/cert-manager HelmRelease: cert-manager/cert-manager
@@ -13,13 +13,13 @@
spec:
chart: cert-manager
sourceRef:
kind: HelmRepository
name: jetstack
namespace: flux-system
- version: v1.16.0
+ version: v1.15.3
install:
remediation:
retries: 3
interval: 30m
upgrade:
cleanupOnFail: true
--- kubernetes/registry/apps/tools/system-upgrade-controller/app Kustomization: flux-system/system-upgrade-controller HelmRelease: tools/system-upgrade-controller
+++ kubernetes/registry/apps/tools/system-upgrade-controller/app Kustomization: flux-system/system-upgrade-controller HelmRelease: tools/system-upgrade-controller
@@ -13,13 +13,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 3.4.0
+ version: 3.5.0
install:
remediation:
retries: 3
interval: 30m
upgrade:
cleanupOnFail: true
--- HelmRelease: cert-manager/cert-manager ClusterRoleBinding: cert-manager/cert-manager-webhook:subjectaccessreviews
+++ HelmRelease: cert-manager/cert-manager ClusterRoleBinding: cert-manager/cert-manager-webhook:subjectaccessreviews
@@ -11,10 +11,11 @@
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-webhook:subjectaccessreviews
subjects:
-- kind: ServiceAccount
+- apiGroup: ''
+ kind: ServiceAccount
name: cert-manager-webhook
namespace: cert-manager
--- HelmRelease: cert-manager/cert-manager Role: cert-manager/cert-manager-tokenrequest
+++ HelmRelease: cert-manager/cert-manager Role: cert-manager/cert-manager-tokenrequest
@@ -1,22 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- name: cert-manager-tokenrequest
- namespace: cert-manager
- labels:
- app: cert-manager
- app.kubernetes.io/name: cert-manager
- app.kubernetes.io/instance: cert-manager
- app.kubernetes.io/component: controller
- app.kubernetes.io/managed-by: Helm
-rules:
-- apiGroups:
- - ''
- resources:
- - serviceaccounts/token
- resourceNames:
- - cert-manager
- verbs:
- - create
-
--- HelmRelease: cert-manager/cert-manager RoleBinding: kube-system/cert-manager:leaderelection
+++ HelmRelease: cert-manager/cert-manager RoleBinding: kube-system/cert-manager:leaderelection
@@ -12,10 +12,11 @@
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cert-manager:leaderelection
subjects:
-- kind: ServiceAccount
+- apiGroup: ''
+ kind: ServiceAccount
name: cert-manager
namespace: cert-manager
--- HelmRelease: cert-manager/cert-manager RoleBinding: cert-manager/cert-manager-cert-manager-tokenrequest
+++ HelmRelease: cert-manager/cert-manager RoleBinding: cert-manager/cert-manager-cert-manager-tokenrequest
@@ -1,21 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- name: cert-manager-cert-manager-tokenrequest
- namespace: cert-manager
- labels:
- app: cert-manager
- app.kubernetes.io/name: cert-manager
- app.kubernetes.io/instance: cert-manager
- app.kubernetes.io/component: controller
- app.kubernetes.io/managed-by: Helm
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: cert-manager-tokenrequest
-subjects:
-- kind: ServiceAccount
- name: cert-manager
- namespace: cert-manager
-
--- HelmRelease: cert-manager/cert-manager RoleBinding: cert-manager/cert-manager-webhook:dynamic-serving
+++ HelmRelease: cert-manager/cert-manager RoleBinding: cert-manager/cert-manager-webhook:dynamic-serving
@@ -12,10 +12,11 @@
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cert-manager-webhook:dynamic-serving
subjects:
-- kind: ServiceAccount
+- apiGroup: ''
+ kind: ServiceAccount
name: cert-manager-webhook
namespace: cert-manager
--- HelmRelease: cert-manager/cert-manager Service: cert-manager/cert-manager-cainjector
+++ HelmRelease: cert-manager/cert-manager Service: cert-manager/cert-manager-cainjector
@@ -1,23 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: cert-manager-cainjector
- namespace: cert-manager
- labels:
- app: cainjector
- app.kubernetes.io/name: cainjector
- app.kubernetes.io/instance: cert-manager
- app.kubernetes.io/component: cainjector
- app.kubernetes.io/managed-by: Helm
-spec:
- type: ClusterIP
- ports:
- - protocol: TCP
- port: 9402
- name: http-metrics
- selector:
- app.kubernetes.io/name: cainjector
- app.kubernetes.io/instance: cert-manager
- app.kubernetes.io/component: cainjector
-
--- HelmRelease: cert-manager/cert-manager Service: cert-manager/cert-manager-webhook
+++ HelmRelease: cert-manager/cert-manager Service: cert-manager/cert-manager-webhook
@@ -14,15 +14,11 @@
type: ClusterIP
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
- - name: metrics
- port: 9402
- protocol: TCP
- targetPort: http-metrics
selector:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: webhook
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector
+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector
@@ -31,21 +31,17 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-cainjector
- image: quay.io/jetstack/cert-manager-cainjector:v1.16.0
+ image: quay.io/jetstack/cert-manager-cainjector:v1.15.3
imagePullPolicy: IfNotPresent
args:
- --v=2
- --leader-election-namespace=kube-system
- ports:
- - containerPort: 9402
- name: http-metrics
- protocol: TCP
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
securityContext:
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager
+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager
@@ -31,19 +31,19 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-controller
- image: quay.io/jetstack/cert-manager-controller:v1.16.0
+ image: quay.io/jetstack/cert-manager-controller:v1.15.3
imagePullPolicy: IfNotPresent
args:
- --v=2
- --cluster-resource-namespace=$(POD_NAMESPACE)
- --leader-election-namespace=kube-system
- - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.16.0
+ - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.15.3
- --max-concurrent-challenges=60
- --dns01-recursive-nameservers-only=true
- --dns01-recursive-nameservers=https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query
ports:
- containerPort: 9402
name: http-metrics
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook
+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook
@@ -31,13 +31,13 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-webhook
- image: quay.io/jetstack/cert-manager-webhook:v1.16.0
+ image: quay.io/jetstack/cert-manager-webhook:v1.15.3
imagePullPolicy: IfNotPresent
args:
- --v=2
- --secure-port=10250
- --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
- --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
@@ -48,15 +48,12 @@
- name: https
protocol: TCP
containerPort: 10250
- name: healthcheck
protocol: TCP
containerPort: 6080
- - containerPort: 9402
- name: http-metrics
- protocol: TCP
livenessProbe:
httpGet:
path: /livez
port: 6080
scheme: HTTP
initialDelaySeconds: 60
--- HelmRelease: cert-manager/cert-manager ServiceMonitor: cert-manager/cert-manager
+++ HelmRelease: cert-manager/cert-manager ServiceMonitor: cert-manager/cert-manager
@@ -11,29 +11,16 @@
app.kubernetes.io/component: controller
app.kubernetes.io/managed-by: Helm
prometheus: default
spec:
jobLabel: cert-manager
selector:
- matchExpressions:
- - key: app.kubernetes.io/name
- operator: In
- values:
- - cainjector
- - cert-manager
- - webhook
- - key: app.kubernetes.io/instance
- operator: In
- values:
- - cert-manager
- - key: app.kubernetes.io/component
- operator: In
- values:
- - cainjector
- - controller
- - webhook
+ matchLabels:
+ app.kubernetes.io/name: cert-manager
+ app.kubernetes.io/instance: cert-manager
+ app.kubernetes.io/component: controller
endpoints:
- targetPort: 9402
path: /metrics
interval: 60s
scrapeTimeout: 30s
honorLabels: false
--- HelmRelease: cert-manager/cert-manager Role: cert-manager/cert-manager-startupapicheck:create-cert
+++ HelmRelease: cert-manager/cert-manager Role: cert-manager/cert-manager-startupapicheck:create-cert
@@ -15,10 +15,10 @@
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
helm.sh/hook-weight: '-5'
rules:
- apiGroups:
- cert-manager.io
resources:
- - certificaterequests
+ - certificates
verbs:
- create
--- HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck
+++ HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck
@@ -31,27 +31,22 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-startupapicheck
- image: quay.io/jetstack/cert-manager-startupapicheck:v1.16.0
+ image: quay.io/jetstack/cert-manager-startupapicheck:v1.15.3
imagePullPolicy: IfNotPresent
args:
- check
- api
- --wait=1m
- -v
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
- env:
- - name: POD_NAMESPACE
- valueFrom:
- fieldRef:
- fieldPath: metadata.namespace
nodeSelector:
kubernetes.io/os: linux
--- HelmRelease: tools/system-upgrade-controller ServiceAccount: tools/system-upgrade
+++ HelmRelease: tools/system-upgrade-controller ServiceAccount: tools/system-upgrade
@@ -5,8 +5,8 @@
name: system-upgrade
labels:
app.kubernetes.io/instance: system-upgrade-controller
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: system-upgrade-controller
secrets:
-- name: system-upgrade-controller-sa-token
+- name: system-upgrade-controller-default-sa-token
--- HelmRelease: tools/system-upgrade-controller Deployment: tools/system-upgrade-controller
+++ HelmRelease: tools/system-upgrade-controller Deployment: tools/system-upgrade-controller
@@ -18,13 +18,13 @@
app.kubernetes.io/component: system-upgrade-controller
app.kubernetes.io/name: system-upgrade-controller
app.kubernetes.io/instance: system-upgrade-controller
template:
metadata:
annotations:
- checksum/secrets: 4141e6981f3b767e75a4e744858b9ff414dba5d0ef6afd761f7700061fb6e32e
+ checksum/secrets: f9a2edb516d89dc9e0af00dcf3d13ae57cbe1bc631c4b35d393a497ef218d929
labels:
app.kubernetes.io/component: system-upgrade-controller
app.kubernetes.io/instance: system-upgrade-controller
app.kubernetes.io/name: system-upgrade-controller
spec:
enableServiceLinks: false
This PR contains the following updates:
3.4.0
->3.5.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.