Closed renovate[bot] closed 3 weeks ago
--- kubernetes/apps/cert-manager/cert-manager/app Kustomization: flux-system/cert-manager HelmRelease: cert-manager/cert-manager
+++ kubernetes/apps/cert-manager/cert-manager/app Kustomization: flux-system/cert-manager HelmRelease: cert-manager/cert-manager
@@ -13,13 +13,13 @@
spec:
chart: cert-manager
sourceRef:
kind: HelmRepository
name: jetstack
namespace: flux-system
- version: v1.15.3
+ version: v1.16.0
install:
remediation:
retries: 3
interval: 30m
upgrade:
cleanupOnFail: true
--- HelmRelease: cert-manager/cert-manager ClusterRoleBinding: cert-manager/cert-manager-webhook:subjectaccessreviews
+++ HelmRelease: cert-manager/cert-manager ClusterRoleBinding: cert-manager/cert-manager-webhook:subjectaccessreviews
@@ -11,11 +11,10 @@
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cert-manager-webhook:subjectaccessreviews
subjects:
-- apiGroup: ''
- kind: ServiceAccount
+- kind: ServiceAccount
name: cert-manager-webhook
namespace: cert-manager
--- HelmRelease: cert-manager/cert-manager RoleBinding: kube-system/cert-manager:leaderelection
+++ HelmRelease: cert-manager/cert-manager RoleBinding: kube-system/cert-manager:leaderelection
@@ -12,11 +12,10 @@
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cert-manager:leaderelection
subjects:
-- apiGroup: ''
- kind: ServiceAccount
+- kind: ServiceAccount
name: cert-manager
namespace: cert-manager
--- HelmRelease: cert-manager/cert-manager RoleBinding: cert-manager/cert-manager-webhook:dynamic-serving
+++ HelmRelease: cert-manager/cert-manager RoleBinding: cert-manager/cert-manager-webhook:dynamic-serving
@@ -12,11 +12,10 @@
app.kubernetes.io/managed-by: Helm
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cert-manager-webhook:dynamic-serving
subjects:
-- apiGroup: ''
- kind: ServiceAccount
+- kind: ServiceAccount
name: cert-manager-webhook
namespace: cert-manager
--- HelmRelease: cert-manager/cert-manager Service: cert-manager/cert-manager-webhook
+++ HelmRelease: cert-manager/cert-manager Service: cert-manager/cert-manager-webhook
@@ -14,11 +14,15 @@
type: ClusterIP
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
+ - name: metrics
+ port: 9402
+ protocol: TCP
+ targetPort: http-metrics
selector:
app.kubernetes.io/name: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/component: webhook
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector
+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector
@@ -31,17 +31,21 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-cainjector
- image: quay.io/jetstack/cert-manager-cainjector:v1.15.3
+ image: quay.io/jetstack/cert-manager-cainjector:v1.16.0
imagePullPolicy: IfNotPresent
args:
- --v=2
- --leader-election-namespace=kube-system
+ ports:
+ - containerPort: 9402
+ name: http-metrics
+ protocol: TCP
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
securityContext:
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager
+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager
@@ -31,19 +31,19 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-controller
- image: quay.io/jetstack/cert-manager-controller:v1.15.3
+ image: quay.io/jetstack/cert-manager-controller:v1.16.0
imagePullPolicy: IfNotPresent
args:
- --v=2
- --cluster-resource-namespace=$(POD_NAMESPACE)
- --leader-election-namespace=kube-system
- - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.15.3
+ - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.16.0
- --enable-gateway-api
- --max-concurrent-challenges=60
- --dns01-recursive-nameservers-only=true
- --dns01-recursive-nameservers=https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query
ports:
- containerPort: 9402
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook
+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook
@@ -31,13 +31,13 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-webhook
- image: quay.io/jetstack/cert-manager-webhook:v1.15.3
+ image: quay.io/jetstack/cert-manager-webhook:v1.16.0
imagePullPolicy: IfNotPresent
args:
- --v=2
- --secure-port=10250
- --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
- --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
@@ -48,12 +48,15 @@
- name: https
protocol: TCP
containerPort: 10250
- name: healthcheck
protocol: TCP
containerPort: 6080
+ - containerPort: 9402
+ name: http-metrics
+ protocol: TCP
livenessProbe:
httpGet:
path: /livez
port: 6080
scheme: HTTP
initialDelaySeconds: 60
--- HelmRelease: cert-manager/cert-manager ServiceMonitor: cert-manager/cert-manager
+++ HelmRelease: cert-manager/cert-manager ServiceMonitor: cert-manager/cert-manager
@@ -11,16 +11,29 @@
app.kubernetes.io/component: controller
app.kubernetes.io/managed-by: Helm
prometheus: default
spec:
jobLabel: cert-manager
selector:
- matchLabels:
- app.kubernetes.io/name: cert-manager
- app.kubernetes.io/instance: cert-manager
- app.kubernetes.io/component: controller
+ matchExpressions:
+ - key: app.kubernetes.io/name
+ operator: In
+ values:
+ - cainjector
+ - cert-manager
+ - webhook
+ - key: app.kubernetes.io/instance
+ operator: In
+ values:
+ - cert-manager
+ - key: app.kubernetes.io/component
+ operator: In
+ values:
+ - cainjector
+ - controller
+ - webhook
endpoints:
- targetPort: 9402
path: /metrics
interval: 60s
scrapeTimeout: 30s
honorLabels: false
--- HelmRelease: cert-manager/cert-manager Role: cert-manager/cert-manager-startupapicheck:create-cert
+++ HelmRelease: cert-manager/cert-manager Role: cert-manager/cert-manager-startupapicheck:create-cert
@@ -15,10 +15,10 @@
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
helm.sh/hook-weight: '-5'
rules:
- apiGroups:
- cert-manager.io
resources:
- - certificates
+ - certificaterequests
verbs:
- create
--- HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck
+++ HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck
@@ -31,22 +31,27 @@
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: cert-manager-startupapicheck
- image: quay.io/jetstack/cert-manager-startupapicheck:v1.15.3
+ image: quay.io/jetstack/cert-manager-startupapicheck:v1.16.0
imagePullPolicy: IfNotPresent
args:
- check
- api
- --wait=1m
- -v
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
nodeSelector:
kubernetes.io/os: linux
--- HelmRelease: cert-manager/cert-manager Role: cert-manager/cert-manager-tokenrequest
+++ HelmRelease: cert-manager/cert-manager Role: cert-manager/cert-manager-tokenrequest
@@ -0,0 +1,22 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: cert-manager-tokenrequest
+ namespace: cert-manager
+ labels:
+ app: cert-manager
+ app.kubernetes.io/name: cert-manager
+ app.kubernetes.io/instance: cert-manager
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/managed-by: Helm
+rules:
+- apiGroups:
+ - ''
+ resources:
+ - serviceaccounts/token
+ resourceNames:
+ - cert-manager
+ verbs:
+ - create
+
--- HelmRelease: cert-manager/cert-manager RoleBinding: cert-manager/cert-manager-cert-manager-tokenrequest
+++ HelmRelease: cert-manager/cert-manager RoleBinding: cert-manager/cert-manager-cert-manager-tokenrequest
@@ -0,0 +1,21 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: cert-manager-cert-manager-tokenrequest
+ namespace: cert-manager
+ labels:
+ app: cert-manager
+ app.kubernetes.io/name: cert-manager
+ app.kubernetes.io/instance: cert-manager
+ app.kubernetes.io/component: controller
+ app.kubernetes.io/managed-by: Helm
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: cert-manager-tokenrequest
+subjects:
+- kind: ServiceAccount
+ name: cert-manager
+ namespace: cert-manager
+
--- HelmRelease: cert-manager/cert-manager Service: cert-manager/cert-manager-cainjector
+++ HelmRelease: cert-manager/cert-manager Service: cert-manager/cert-manager-cainjector
@@ -0,0 +1,23 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: cert-manager-cainjector
+ namespace: cert-manager
+ labels:
+ app: cainjector
+ app.kubernetes.io/name: cainjector
+ app.kubernetes.io/instance: cert-manager
+ app.kubernetes.io/component: cainjector
+ app.kubernetes.io/managed-by: Helm
+spec:
+ type: ClusterIP
+ ports:
+ - protocol: TCP
+ port: 9402
+ name: http-metrics
+ selector:
+ app.kubernetes.io/name: cainjector
+ app.kubernetes.io/instance: cert-manager
+ app.kubernetes.io/component: cainjector
+
This PR contains the following updates:
v1.15.3
->v1.16.0
Release Notes
cert-manager/cert-manager (cert-manager)
### [`v1.16.0`](https://redirect.github.com/cert-manager/cert-manager/compare/v1.15.3...v1.16.0) [Compare Source](https://redirect.github.com/cert-manager/cert-manager/compare/v1.15.3...v1.16.0)Configuration
📅 Schedule: Branch creation - "after 8am every weekday,before 7pm every weekday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.