search

timescale / tobs

tobs - The Observability Stack for Kubernetes. Easy install of a full observability stack into a k8s cluster with Helm charts.
Apache License 2.0
560 stars 61 forks source link

chore(deps): update dependency cert-manager/cert-manager to v1.10.0 #610

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Update Change
cert-manager/cert-manager minor v1.9.1 -> v1.10.0

Release Notes

cert-manager/cert-manager ### [`v1.10.0`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.10.0) [Compare Source](https://togithub.com/cert-manager/cert-manager/compare/v1.9.1...v1.10.0) cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters. Version 1.10 adds a variety of quality-of-life fixes and features including improvements to the test suite. #### Changes since v1.9.1 ##### Feature - Add `issuer_name`, `issuer_kind` and `issuer_group` labels to `certificate_expiration_timestamp_seconds`, `certmanager_certificate_renewal_timestamp_seconds` and `certmanager_certificate_ready_status` metrics ([#​5461](https://togithub.com/cert-manager/cert-manager/issues/5461), [@​dkulchinsky](https://togithub.com/dkulchinsky)) - Add make targets for running scans with trivy against locally built containers ([#​5358](https://togithub.com/cert-manager/cert-manager/issues/5358), [@​SgtCoDFish](https://togithub.com/SgtCoDFish)) - CertificateRequests: requests that use the SelfSigned Issuer will be re-reconciled when the target private key Secret has been informed `cert-manager.io/private-key-secret-name`. This resolves an issue whereby a request would never be signed when the target Secret was not created or was misconfigured before the request. ([#​5336](https://togithub.com/cert-manager/cert-manager/issues/5336), [@​JoshVanL](https://togithub.com/JoshVanL)) - CertificateSigningRequests: requests that use the SelfSigned Issuer will be re-reconciled when the target private key Secret has been informed `experimental.cert-manager.io/private-key-secret-name`. This resolves an issue whereby a request would never be signed when the target Secret was not created or was misconfigured before the request. CertificateSigningRequets will also now no-longer be marked as failed when the target private key Secret is malformed- now only firing an event. When the Secret data is resolved, the request will attempt issuance. ([#​5379](https://togithub.com/cert-manager/cert-manager/issues/5379), [@​JoshVanL](https://togithub.com/JoshVanL)) - Upgraded Gateway API to v0.5.0 ([#​5376](https://togithub.com/cert-manager/cert-manager/issues/5376), [@​inteon](https://togithub.com/inteon)) - Add caBundleSecretRef to the Vault Issuer to allow referencing the Vault CA Bundle with a Secret. Cannot be used in conjunction with the in-line caBundle field. ([#​5387](https://togithub.com/cert-manager/cert-manager/issues/5387), [@​Tolsto](https://togithub.com/Tolsto)) - The feature to create certificate requests with the name being a function of certificate name and revision has been introduced under the feature flag "StableCertificateRequestName" and it is disabled by default. This helps to prevent the error "multiple CertificateRequests were found for the 'next' revision...". ([#​5487](https://togithub.com/cert-manager/cert-manager/issues/5487), [@​sathyanarays](https://togithub.com/sathyanarays)) - Helm: Added a new parameter `commonLabels` which gives you the capability to add the same label on all the resource deployed by the chart. ([#​5208](https://togithub.com/cert-manager/cert-manager/issues/5208), [@​thib-mary](https://togithub.com/thib-mary)) ##### Bug or Regression - CertificateSigningRequest: no longer mark a request as failed when using the SelfSigned issuer, and the Secret referenced in `experimental.cert-manager.io/private-key-secret-name` doesn't exist. ([#​5323](https://togithub.com/cert-manager/cert-manager/issues/5323), [@​JoshVanL](https://togithub.com/JoshVanL)) - DNS Route53: Remove incorrect validation which rejects solvers that don't define either a `accessKeyID` or `secretAccessKeyID`. ([#​5339](https://togithub.com/cert-manager/cert-manager/issues/5339), [@​JoshVanL](https://togithub.com/JoshVanL)) - Enhanced securityContext for PSS/restricted compliance. ([#​5259](https://togithub.com/cert-manager/cert-manager/issues/5259), [@​joebowbeer](https://togithub.com/joebowbeer)) - Fix issue where CertificateRequests marked as InvalidRequest did not properly trigger issuance failure handling leading to 'stuck' requests ([#​5366](https://togithub.com/cert-manager/cert-manager/issues/5366), [@​munnerz](https://togithub.com/munnerz)) - `cmctl` and `kubectl cert-manager` now report their actual versions instead of "canary", fixing issue [#​5020](https://togithub.com/cert-manager/cert-manager/issues/5020) ([#​5022](https://togithub.com/cert-manager/cert-manager/issues/5022), [@​maelvls](https://togithub.com/maelvls)) ##### Other - Avoid hard-coding release namespace in helm chart ([#​5163](https://togithub.com/cert-manager/cert-manager/issues/5163), [@​james-callahan](https://togithub.com/james-callahan)) - Bump cert-manager's version of Go to `1.19` ([#​5466](https://togithub.com/cert-manager/cert-manager/issues/5466), [@​lucacome](https://togithub.com/lucacome)) - Remove `.bazel` and `.bzl` files from cert-manager now that bazel has been fully replaced ([#​5340](https://togithub.com/cert-manager/cert-manager/issues/5340), [@​SgtCoDFish](https://togithub.com/SgtCoDFish)) - Updates Kubernetes libraries to `v0.25.2`. ([#​5456](https://togithub.com/cert-manager/cert-manager/issues/5456), [@​lucacome](https://togithub.com/lucacome)) - Add annotations for ServiceMonitor in helm chart ([#​5401](https://togithub.com/cert-manager/cert-manager/issues/5401), [@​sathieu](https://togithub.com/sathieu)) - Helm: Add NetworkPolicy support ([#​5417](https://togithub.com/cert-manager/cert-manager/issues/5417), [@​mjudeikis](https://togithub.com/mjudeikis)) - To help troubleshooting, make the container names unique. BREAKING: this change will break scripts/ CI that depend on `cert-manager` being the container name. ([#​5410](https://togithub.com/cert-manager/cert-manager/issues/5410), [@​rgl](https://togithub.com/rgl)) #### Thank You! Thank you to the following community members who had a merged PR for this version - your contributions are at the heart of everything we do! - [@​joebowbeer](https://togithub.com/joebowbeer) - [@​rgl](https://togithub.com/rgl) - [@​lucacome](https://togithub.com/lucacome) - [@​sathieu](https://togithub.com/sathieu) - [@​mjudeikis](https://togithub.com/mjudeikis) - [@​james-callahan](https://togithub.com/james-callahan) - [@​dkulchinsky](https://togithub.com/dkulchinsky) - [@​thib-mary](https://togithub.com/thib-mary) - [@​Tolsto](https://togithub.com/Tolsto) - [@​sathyanarays](https://togithub.com/sathyanarays) Thanks also to the following maintainers who worked on cert-manager 1.10: - [@​irbekrm](https://togithub.com/irbekrm) - [@​SgtCoDFish](https://togithub.com/SgtCoDFish) - [@​jakexks](https://togithub.com/jakexks) - [@​wallrj](https://togithub.com/wallrj) - [@​maelvls](https://togithub.com/maelvls) - [@​JoshVanL](https://togithub.com/JoshVanL) - [@​jahrlin](https://togithub.com/jahrlin) - [@​munnerz](https://togithub.com/munnerz) - [@​inteon](https://togithub.com/inteon)

Configuration

📅 Schedule: Branch creation - "before 2am" in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.