cert-manager: update Helm release cert-manager to v1.18.2 #359
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
Infro diff for 7ae857d
time="2025-07-02T19:15:40Z" level=warning msg="Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web."
time="2025-07-02T19:15:51Z" level=warning msg="Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web."
===== /Service cert-manager/cert-manager ======
--- /tmp/argocd-diff593863361/cert-manager-live.yaml
+++ /tmp/argocd-diff593863361/cert-manager
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager
namespace: cert-manager
resourceVersion: "683811126"
@@ -29,7 +29,7 @@
- name: tcp-prometheus-servicemonitor
port: 9402
protocol: TCP
- targetPort: 9402
+ targetPort: http-metrics
selector:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
===== /Service cert-manager/cert-manager-cainjector ======
--- /tmp/argocd-diff3171313923/cert-manager-cainjector-live.yaml
+++ /tmp/argocd-diff3171313923/cert-manager-cainjector
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cainjector
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
===== /Service cert-manager/cert-manager-webhook ======
--- /tmp/argocd-diff1738359372/cert-manager-webhook-live.yaml
+++ /tmp/argocd-diff1738359372/cert-manager-webhook
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: webhook
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-webhook
namespace: cert-manager
resourceVersion: "683811122"
===== /ServiceAccount cert-manager/cert-manager ======
--- /tmp/argocd-diff1569331718/cert-manager-live.yaml
+++ /tmp/argocd-diff1569331718/cert-manager
@@ -12,8 +12,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager
namespace: cert-manager
resourceVersion: "683811072"
===== /ServiceAccount cert-manager/cert-manager-cainjector ======
--- /tmp/argocd-diff1641974013/cert-manager-cainjector-live.yaml
+++ /tmp/argocd-diff1641974013/cert-manager-cainjector
@@ -12,8 +12,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cainjector
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-cainjector
namespace: cert-manager
resourceVersion: "683811071"
===== /ServiceAccount cert-manager/cert-manager-webhook ======
--- /tmp/argocd-diff3464077075/cert-manager-webhook-live.yaml
+++ /tmp/argocd-diff3464077075/cert-manager-webhook
@@ -12,8 +12,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: webhook
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-webhook
namespace: cert-manager
resourceVersion: "683811070"
===== admissionregistration.k8s.io/MutatingWebhookConfiguration /cert-manager-webhook ======
--- /tmp/argocd-diff1765216256/cert-manager-webhook-live.yaml
+++ /tmp/argocd-diff1765216256/cert-manager-webhook
@@ -13,8 +13,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: webhook
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-webhook
resourceVersion: "683811178"
uid: a7f571ec-2419-45ec-a654-50a4edb23356
===== admissionregistration.k8s.io/ValidatingWebhookConfiguration /cert-manager-webhook ======
--- /tmp/argocd-diff118945968/cert-manager-webhook-live.yaml
+++ /tmp/argocd-diff118945968/cert-manager-webhook
@@ -13,8 +13,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: webhook
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-webhook
resourceVersion: "683811179"
uid: 321c697b-3a16-4c65-a673-215c6141ac7d
===== apiextensions.k8s.io/CustomResourceDefinition /certificaterequests.cert-manager.io ======
--- /tmp/argocd-diff1989571554/certificaterequests.cert-manager.io-live.yaml
+++ /tmp/argocd-diff1989571554/certificaterequests.cert-manager.io
@@ -12,8 +12,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: apiextensions.k8s.io/v1
fieldsType: FieldsV1
===== apiextensions.k8s.io/CustomResourceDefinition /certificates.cert-manager.io ======
--- /tmp/argocd-diff2943280674/certificates.cert-manager.io-live.yaml
+++ /tmp/argocd-diff2943280674/certificates.cert-manager.io
@@ -12,8 +12,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: apiextensions.k8s.io/v1
fieldsType: FieldsV1
@@ -154,10 +154,6 @@
description: |-
Defines extra output formats of the private key and signed certificate chain
to be written to this Certificate's target Secret.
-
- This is a Beta Feature enabled by default. It can be disabled with the
- `--feature-gates=AdditionalCertificateOutputFormats=false` option set on both
- the controller and webhook components.
items:
description: |-
CertificateAdditionalOutputFormat defines an additional output format of a
@@ -358,7 +354,7 @@
`LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20.
`LegacyDES`: Less secure algorithm. Use this option for maximal compatibility.
`Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms
- (eg. because of company policy). Please note that the security of the algorithm is not that important
+ (e.g., because of company policy). Please note that the security of the algorithm is not that important
in reality, because the unencrypted certificate and private key are also stored in the Secret.
enum:
- LegacyRC2
@@ -521,7 +517,11 @@
to await user intervention.
If set to `Always`, a private key matching the specified requirements
will be generated whenever a re-issuance occurs.
- Default is `Never` for backward compatibility.
+ Default is `Always`.
+ The default was changed from `Never` to `Always` in cert-manager >=v1.18.0.
+ The new default can be disabled by setting the
+ `--feature-gates=DefaultPrivateKeyRotationPolicyAlways=false` option on
+ the controller component.
enum:
- Never
- Always
@@ -582,8 +582,7 @@
revisions exceeds this number.
If set, revisionHistoryLimit must be a value of `1` or greater.
- If unset (`nil`), revisions will not be garbage collected.
- Default value is `nil`.
+ Default value is `1`.
format: int32
type: integer
secretName:
@@ -614,6 +613,21 @@
Kubernetes Secret.
type: object
type: object
+ signatureAlgorithm:
+ description: |-
+ Signature algorithm to use.
+ Allowed values for RSA keys: SHA256WithRSA, SHA384WithRSA, SHA512WithRSA.
+ Allowed values for ECDSA keys: ECDSAWithSHA256, ECDSAWithSHA384, ECDSAWithSHA512.
+ Allowed values for Ed25519 keys: PureEd25519.
+ enum:
+ - SHA256WithRSA
+ - SHA384WithRSA
+ - SHA512WithRSA
+ - ECDSAWithSHA256
+ - ECDSAWithSHA384
+ - ECDSAWithSHA512
+ - PureEd25519
+ type: string
subject:
description: |-
Requested set of X509 certificate subject attributes.
===== apiextensions.k8s.io/CustomResourceDefinition /challenges.acme.cert-manager.io ======
--- /tmp/argocd-diff382178836/challenges.acme.cert-manager.io-live.yaml
+++ /tmp/argocd-diff382178836/challenges.acme.cert-manager.io
@@ -12,8 +12,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: apiextensions.k8s.io/v1
fieldsType: FieldsV1
@@ -143,9 +143,9 @@
type: string
dnsName:
description: |-
- dnsName is the identifier that this challenge is for, e.g. example.com.
+ dnsName is the identifier that this challenge is for, e.g., example.com.
If the requested DNSName is a 'wildcard', this field MUST be set to the
- non-wildcard domain, e.g. for `*.example.com`, it must be `example.com`.
+ non-wildcard domain, e.g., for `*.example.com`, it must be `example.com`.
type: string
issuerRef:
description: |-
@@ -334,17 +334,17 @@
If set, ClientID, ClientSecret and TenantID must not be set.
properties:
clientID:
- description: client ID of the managed identity, can
- not be used at the same time as resourceID
+ description: client ID of the managed identity, cannot
+ be used at the same time as resourceID
type: string
resourceID:
description: |-
- resource ID of the managed identity, can not be used at the same time as clientID
+ resource ID of the managed identity, cannot be used at the same time as clientID
Cannot be used for Azure Managed Service Identity
type: string
tenantID:
- description: tenant ID of the managed identity, can
- not be used at the same time as resourceID
+ description: tenant ID of the managed identity, cannot
+ be used at the same time as resourceID
type: string
type: object
resourceGroupName:
@@ -662,7 +662,7 @@
when challenges are processed.
This can contain arbitrary JSON data.
Secret values should not be specified in this stanza.
- If secret values are needed (e.g. credentials for a DNS service), you
+ If secret values are needed (e.g., credentials for a DNS service), you
should use a SecretKeySelector to reference a Secret resource.
For details on the schema of this field, consult the webhook provider
implementation's documentation.
@@ -678,7 +678,7 @@
description: |-
The name of the solver to use, as defined in the webhook provider
implementation.
- This will typically be the name of the provider, e.g. 'cloudflare'.
+ This will typically be the name of the provider, e.g., 'cloudflare'.
type: string
required:
- groupName
@@ -690,7 +690,7 @@
Configures cert-manager to attempt to complete authorizations by
performing the HTTP01 challenge flow.
It is not possible to obtain certificates for wildcard domain names
- (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
+ (e.g., `*.example.com`) using the HTTP01 challenge mechanism.
properties:
gatewayHTTPRoute:
description: |-
===== apiextensions.k8s.io/CustomResourceDefinition /clusterissuers.cert-manager.io ======
--- /tmp/argocd-diff1333521313/clusterissuers.cert-manager.io-live.yaml
+++ /tmp/argocd-diff1333521313/clusterissuers.cert-manager.io
@@ -12,8 +12,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: apiextensions.k8s.io/v1
fieldsType: FieldsV1
@@ -89,6 +89,8 @@
kind: ClusterIssuer
listKind: ClusterIssuerList
plural: clusterissuers
+ shortNames:
+ - ciss
singular: clusterissuer
scope: Cluster
versions:
@@ -231,7 +233,7 @@
PreferredChain is the chain to use if the ACME server outputs multiple.
PreferredChain is no guarantee that this one gets delivered by the ACME
endpoint.
- For example, for Let's Encrypt's DST crosssign you would use:
+ For example, for Let's Encrypt's DST cross-sign you would use:
"DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA.
This value picks the first certificate bundle in the combined set of
ACME default and alternative chains that has a root-most certificate with
@@ -260,6 +262,11 @@
required:
- name
type: object
+ profile:
+ description: |-
+ Profile allows requesting a certificate profile from the ACME server.
+ Supported profiles are listed by the server's ACME directory URL.
+ type: string
server:
description: |-
Server is the URL used to access the ACME server's 'directory' endpoint.
@@ -447,16 +454,16 @@
properties:
clientID:
description: client ID of the managed identity,
- can not be used at the same time as resourceID
+ cannot be used at the same time as resourceID
type: string
resourceID:
description: |-
- resource ID of the managed identity, can not be used at the same time as clientID
+ resource ID of the managed identity, cannot be used at the same time as clientID
Cannot be used for Azure Managed Service Identity
type: string
tenantID:
description: tenant ID of the managed identity,
- can not be used at the same time as resourceID
+ cannot be used at the same time as resourceID
type: string
type: object
resourceGroupName:
@@ -776,7 +783,7 @@
when challenges are processed.
This can contain arbitrary JSON data.
Secret values should not be specified in this stanza.
- If secret values are needed (e.g. credentials for a DNS service), you
+ If secret values are needed (e.g., credentials for a DNS service), you
should use a SecretKeySelector to reference a Secret resource.
For details on the schema of this field, consult the webhook provider
implementation's documentation.
@@ -792,7 +799,7 @@
description: |-
The name of the solver to use, as defined in the webhook provider
implementation.
- This will typically be the name of the provider, e.g. 'cloudflare'.
+ This will typically be the name of the provider, e.g., 'cloudflare'.
type: string
required:
- groupName
@@ -804,7 +811,7 @@
Configures cert-manager to attempt to complete authorizations by
performing the HTTP01 challenge flow.
It is not possible to obtain certificates for wildcard domain names
- (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
+ (e.g., `*.example.com`) using the HTTP01 challenge mechanism.
properties:
gatewayHTTPRoute:
description: |-
@@ -3851,6 +3858,11 @@
description: 'Server is the connection address for the Vault server,
e.g: "https://vault.example.com:8200".'
type: string
+ serverName:
+ description: |-
+ ServerName is used to verify the hostname on the returned certificates
+ by the Vault server.
+ type: string
required:
- auth
- path
@@ -3887,7 +3899,7 @@
url:
description: |-
URL is the base URL for Venafi Cloud.
- Defaults to "https://api.venafi.cloud/v1".
+ Defaults to "https://api.venafi.cloud/".
type: string
required:
- apiTokenSecretRef
===== apiextensions.k8s.io/CustomResourceDefinition /issuers.cert-manager.io ======
--- /tmp/argocd-diff2471186810/issuers.cert-manager.io-live.yaml
+++ /tmp/argocd-diff2471186810/issuers.cert-manager.io
@@ -13,8 +13,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: apiextensions.k8s.io/v1
fieldsType: FieldsV1
@@ -91,6 +91,8 @@
kind: Issuer
listKind: IssuerList
plural: issuers
+ shortNames:
+ - iss
singular: issuer
scope: Namespaced
versions:
@@ -232,7 +234,7 @@
PreferredChain is the chain to use if the ACME server outputs multiple.
PreferredChain is no guarantee that this one gets delivered by the ACME
endpoint.
- For example, for Let's Encrypt's DST crosssign you would use:
+ For example, for Let's Encrypt's DST cross-sign you would use:
"DST Root CA X3" or "ISRG Root X1" for the newer Let's Encrypt root CA.
This value picks the first certificate bundle in the combined set of
ACME default and alternative chains that has a root-most certificate with
@@ -261,6 +263,11 @@
required:
- name
type: object
+ profile:
+ description: |-
+ Profile allows requesting a certificate profile from the ACME server.
+ Supported profiles are listed by the server's ACME directory URL.
+ type: string
server:
description: |-
Server is the URL used to access the ACME server's 'directory' endpoint.
@@ -448,16 +455,16 @@
properties:
clientID:
description: client ID of the managed identity,
- can not be used at the same time as resourceID
+ cannot be used at the same time as resourceID
type: string
resourceID:
description: |-
- resource ID of the managed identity, can not be used at the same time as clientID
+ resource ID of the managed identity, cannot be used at the same time as clientID
Cannot be used for Azure Managed Service Identity
type: string
tenantID:
description: tenant ID of the managed identity,
- can not be used at the same time as resourceID
+ cannot be used at the same time as resourceID
type: string
type: object
resourceGroupName:
@@ -777,7 +784,7 @@
when challenges are processed.
This can contain arbitrary JSON data.
Secret values should not be specified in this stanza.
- If secret values are needed (e.g. credentials for a DNS service), you
+ If secret values are needed (e.g., credentials for a DNS service), you
should use a SecretKeySelector to reference a Secret resource.
For details on the schema of this field, consult the webhook provider
implementation's documentation.
@@ -793,7 +800,7 @@
description: |-
The name of the solver to use, as defined in the webhook provider
implementation.
- This will typically be the name of the provider, e.g. 'cloudflare'.
+ This will typically be the name of the provider, e.g., 'cloudflare'.
type: string
required:
- groupName
@@ -805,7 +812,7 @@
Configures cert-manager to attempt to complete authorizations by
performing the HTTP01 challenge flow.
It is not possible to obtain certificates for wildcard domain names
- (e.g. `*.example.com`) using the HTTP01 challenge mechanism.
+ (e.g., `*.example.com`) using the HTTP01 challenge mechanism.
properties:
gatewayHTTPRoute:
description: |-
@@ -3852,6 +3859,11 @@
description: 'Server is the connection address for the Vault server,
e.g: "https://vault.example.com:8200".'
type: string
+ serverName:
+ description: |-
+ ServerName is used to verify the hostname on the returned certificates
+ by the Vault server.
+ type: string
required:
- auth
- path
@@ -3888,7 +3900,7 @@
url:
description: |-
URL is the base URL for Venafi Cloud.
- Defaults to "https://api.venafi.cloud/v1".
+ Defaults to "https://api.venafi.cloud/".
type: string
required:
- apiTokenSecretRef
===== apiextensions.k8s.io/CustomResourceDefinition /orders.acme.cert-manager.io ======
--- /tmp/argocd-diff1189030784/orders.acme.cert-manager.io-live.yaml
+++ /tmp/argocd-diff1189030784/orders.acme.cert-manager.io
@@ -13,8 +13,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: apiextensions.k8s.io/v1
fieldsType: FieldsV1
@@ -185,6 +185,11 @@
required:
- name
type: object
+ profile:
+ description: |-
+ Profile allows requesting a certificate profile from the ACME server.
+ Supported profiles are listed by the server's ACME directory URL.
+ type: string
request:
description: |-
Certificate signing request bytes in DER encoding.
@@ -228,7 +233,7 @@
type: string
type:
description: |-
- Type is the type of challenge being offered, e.g. 'http-01', 'dns-01',
+ Type is the type of challenge being offered, e.g., 'http-01', 'dns-01',
'tls-sni-01', etc.
This is the raw value retrieved from the ACME server.
Only 'http-01' and 'dns-01' are supported by cert-manager, other values
===== apps/Deployment cert-manager/cert-manager ======
--- /tmp/argocd-diff4195262744/cert-manager-live.yaml
+++ /tmp/argocd-diff4195262744/cert-manager
@@ -13,8 +13,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager
namespace: cert-manager
resourceVersion: "785936944"
@@ -44,15 +44,15 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
spec:
containers:
- args:
- --v=2
- --cluster-resource-namespace=$(POD_NAMESPACE)
- --leader-election-namespace=kube-system
- - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.17.1
+ - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.18.2
- --max-concurrent-challenges=60
env:
- name: POD_NAMESPACE
@@ -60,7 +60,7 @@
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: quay.io/jetstack/cert-manager-controller:v1.17.1
+ image: quay.io/jetstack/cert-manager-controller:v1.18.2
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 8
===== apps/Deployment cert-manager/cert-manager-cainjector ======
--- /tmp/argocd-diff1741412589/cert-manager-cainjector-live.yaml
+++ /tmp/argocd-diff1741412589/cert-manager-cainjector
@@ -13,8 +13,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cainjector
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-cainjector
namespace: cert-manager
resourceVersion: "785937080"
@@ -42,8 +42,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cainjector
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
spec:
containers:
- args:
@@ -55,7 +55,7 @@
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: quay.io/jetstack/cert-manager-cainjector:v1.17.1
+ image: quay.io/jetstack/cert-manager-cainjector:v1.18.2
imagePullPolicy: IfNotPresent
name: cert-manager-cainjector
ports:
===== apps/Deployment cert-manager/cert-manager-webhook ======
--- /tmp/argocd-diff759462431/cert-manager-webhook-live.yaml
+++ /tmp/argocd-diff759462431/cert-manager-webhook
@@ -13,8 +13,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: webhook
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-webhook
namespace: cert-manager
resourceVersion: "785937726"
@@ -42,8 +42,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: webhook
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
spec:
containers:
- args:
@@ -60,13 +60,13 @@
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- image: quay.io/jetstack/cert-manager-webhook:v1.17.1
+ image: quay.io/jetstack/cert-manager-webhook:v1.18.2
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
- port: 6080
+ port: healthcheck
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
@@ -87,7 +87,7 @@
failureThreshold: 3
httpGet:
path: /healthz
- port: 6080
+ port: healthcheck
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
===== monitoring.coreos.com/ServiceMonitor cert-manager/cert-manager ======
--- /tmp/argocd-diff1517771989/cert-manager-live.yaml
+++ /tmp/argocd-diff1517771989/cert-manager
@@ -12,8 +12,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
prometheus: default
managedFields:
- apiVersion: monitoring.coreos.com/v1
@@ -54,7 +54,7 @@
interval: 60s
path: /metrics
scrapeTimeout: 30s
- targetPort: 9402
+ targetPort: http-metrics
jobLabel: cert-manager
selector:
matchExpressions:
===== rbac.authorization.k8s.io/ClusterRole /cert-manager-cainjector ======
--- /tmp/argocd-diff3842609699/cert-manager-cainjector-live.yaml
+++ /tmp/argocd-diff3842609699/cert-manager-cainjector
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cainjector
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-cainjector
resourceVersion: "683811097"
uid: b2d193b4-d01a-4b98-8c83-ad1d57a962f6
===== rbac.authorization.k8s.io/ClusterRole /cert-manager-cluster-view ======
--- /tmp/argocd-diff2575760096/cert-manager-cluster-view-live.yaml
+++ /tmp/argocd-diff2575760096/cert-manager-cluster-view
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
===== rbac.authorization.k8s.io/ClusterRole /cert-manager-controller-approve:cert-manager-io ======
--- /tmp/argocd-diff2201352028/cert-manager-controller-approve:cert-manager-io-live.yaml
+++ /tmp/argocd-diff2201352028/cert-manager-controller-approve:cert-manager-io
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
===== rbac.authorization.k8s.io/ClusterRole /cert-manager-controller-certificates ======
--- /tmp/argocd-diff2118761145/cert-manager-controller-certificates-live.yaml
+++ /tmp/argocd-diff2118761145/cert-manager-controller-certificates
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-controller-certificates
resourceVersion: "683811096"
uid: 2bce8ee3-b9ac-472c-b630-85a49609749f
===== rbac.authorization.k8s.io/ClusterRole /cert-manager-controller-certificatesigningrequests ======
--- /tmp/argocd-diff2993885090/cert-manager-controller-certificatesigningrequests-live.yaml
+++ /tmp/argocd-diff2993885090/cert-manager-controller-certificatesigningrequests
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
===== rbac.authorization.k8s.io/ClusterRole /cert-manager-controller-challenges ======
--- /tmp/argocd-diff276024778/cert-manager-controller-challenges-live.yaml
+++ /tmp/argocd-diff276024778/cert-manager-controller-challenges
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-controller-challenges
resourceVersion: "683811095"
uid: 189fee60-6d1d-4ada-a529-5318458151d8
===== rbac.authorization.k8s.io/ClusterRole /cert-manager-controller-clusterissuers ======
--- /tmp/argocd-diff1777218734/cert-manager-controller-clusterissuers-live.yaml
+++ /tmp/argocd-diff1777218734/cert-manager-controller-clusterissuers
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-controller-clusterissuers
resourceVersion: "683811092"
uid: c4d9134e-ab8e-4090-afd7-98e73c09cb94
===== rbac.authorization.k8s.io/ClusterRole /cert-manager-controller-ingress-shim ======
--- /tmp/argocd-diff3807762906/cert-manager-controller-ingress-shim-live.yaml
+++ /tmp/argocd-diff3807762906/cert-manager-controller-ingress-shim
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-controller-ingress-shim
resourceVersion: "683811091"
uid: 0123f449-4cd8-4ee5-98a0-7ec7e1394642
===== rbac.authorization.k8s.io/ClusterRole /cert-manager-controller-issuers ======
--- /tmp/argocd-diff3192021160/cert-manager-controller-issuers-live.yaml
+++ /tmp/argocd-diff3192021160/cert-manager-controller-issuers
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-controller-issuers
resourceVersion: "683811093"
uid: c7b23f85-0063-4231-a5d4-cb082564c3f4
===== rbac.authorization.k8s.io/ClusterRole /cert-manager-controller-orders ======
--- /tmp/argocd-diff4251552500/cert-manager-controller-orders-live.yaml
+++ /tmp/argocd-diff4251552500/cert-manager-controller-orders
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-controller-orders
resourceVersion: "683811086"
uid: 01b924dd-0bac-4d0f-a011-db6e7da80184
===== rbac.authorization.k8s.io/ClusterRole /cert-manager-edit ======
--- /tmp/argocd-diff166410279/cert-manager-edit-live.yaml
+++ /tmp/argocd-diff166410279/cert-manager-edit
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit
===== rbac.authorization.k8s.io/ClusterRole /cert-manager-view ======
--- /tmp/argocd-diff1832121291/cert-manager-view-live.yaml
+++ /tmp/argocd-diff1832121291/cert-manager-view
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
===== rbac.authorization.k8s.io/ClusterRole /cert-manager-webhook:subjectaccessreviews ======
--- /tmp/argocd-diff2151729165/cert-manager-webhook:subjectaccessreviews-live.yaml
+++ /tmp/argocd-diff2151729165/cert-manager-webhook:subjectaccessreviews
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: webhook
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
===== rbac.authorization.k8s.io/ClusterRoleBinding /cert-manager-cainjector ======
--- /tmp/argocd-diff2955016463/cert-manager-cainjector-live.yaml
+++ /tmp/argocd-diff2955016463/cert-manager-cainjector
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cainjector
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-cainjector
resourceVersion: "683811105"
uid: 9f37f5ef-9686-4e0e-9fa1-290de3fb1983
===== rbac.authorization.k8s.io/ClusterRoleBinding /cert-manager-controller-approve:cert-manager-io ======
--- /tmp/argocd-diff3663864529/cert-manager-controller-approve:cert-manager-io-live.yaml
+++ /tmp/argocd-diff3663864529/cert-manager-controller-approve:cert-manager-io
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
===== rbac.authorization.k8s.io/ClusterRoleBinding /cert-manager-controller-certificates ======
--- /tmp/argocd-diff3777846966/cert-manager-controller-certificates-live.yaml
+++ /tmp/argocd-diff3777846966/cert-manager-controller-certificates
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-controller-certificates
resourceVersion: "683811103"
uid: 2f0e4d26-bead-4b82-84e1-22d13eb7a71a
===== rbac.authorization.k8s.io/ClusterRoleBinding /cert-manager-controller-certificatesigningrequests ======
--- /tmp/argocd-diff1157877150/cert-manager-controller-certificatesigningrequests-live.yaml
+++ /tmp/argocd-diff1157877150/cert-manager-controller-certificatesigningrequests
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
===== rbac.authorization.k8s.io/ClusterRoleBinding /cert-manager-controller-challenges ======
--- /tmp/argocd-diff4226154788/cert-manager-controller-challenges-live.yaml
+++ /tmp/argocd-diff4226154788/cert-manager-controller-challenges
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-controller-challenges
resourceVersion: "683811104"
uid: 25965b15-d6e5-44cd-906d-f4cf8a2f385e
===== rbac.authorization.k8s.io/ClusterRoleBinding /cert-manager-controller-clusterissuers ======
--- /tmp/argocd-diff212735819/cert-manager-controller-clusterissuers-live.yaml
+++ /tmp/argocd-diff212735819/cert-manager-controller-clusterissuers
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-controller-clusterissuers
resourceVersion: "683811108"
uid: 37f7bc3a-c0ba-43cb-a785-5d1bbe5ee585
===== rbac.authorization.k8s.io/ClusterRoleBinding /cert-manager-controller-ingress-shim ======
--- /tmp/argocd-diff320581186/cert-manager-controller-ingress-shim-live.yaml
+++ /tmp/argocd-diff320581186/cert-manager-controller-ingress-shim
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-controller-ingress-shim
resourceVersion: "683811106"
uid: 683db6d6-5eeb-466f-b37f-614b6cff07c3
===== rbac.authorization.k8s.io/ClusterRoleBinding /cert-manager-controller-issuers ======
--- /tmp/argocd-diff2956041665/cert-manager-controller-issuers-live.yaml
+++ /tmp/argocd-diff2956041665/cert-manager-controller-issuers
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-controller-issuers
resourceVersion: "683811110"
uid: b99d0606-a6f6-46f6-832f-75752f068aac
===== rbac.authorization.k8s.io/ClusterRoleBinding /cert-manager-controller-orders ======
--- /tmp/argocd-diff4104748814/cert-manager-controller-orders-live.yaml
+++ /tmp/argocd-diff4104748814/cert-manager-controller-orders
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-controller-orders
resourceVersion: "683811111"
uid: 56414e27-6ccc-4e25-b6fc-0568b2d41150
===== rbac.authorization.k8s.io/ClusterRoleBinding /cert-manager-webhook:subjectaccessreviews ======
--- /tmp/argocd-diff30419912/cert-manager-webhook:subjectaccessreviews-live.yaml
+++ /tmp/argocd-diff30419912/cert-manager-webhook:subjectaccessreviews
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: webhook
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
===== rbac.authorization.k8s.io/Role cert-manager/cert-manager-tokenrequest ======
--- /tmp/argocd-diff3968422948/cert-manager-tokenrequest-live.yaml
+++ /tmp/argocd-diff3968422948/cert-manager-tokenrequest
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
===== rbac.authorization.k8s.io/Role cert-manager/cert-manager-webhook:dynamic-serving ======
--- /tmp/argocd-diff4078814948/cert-manager-webhook:dynamic-serving-live.yaml
+++ /tmp/argocd-diff4078814948/cert-manager-webhook:dynamic-serving
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: webhook
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-webhook:dynamic-serving
namespace: cert-manager
resourceVersion: "683811115"
===== rbac.authorization.k8s.io/Role kube-system/cert-manager-cainjector:leaderelection ======
--- /tmp/argocd-diff1691870422/cert-manager-cainjector:leaderelection-live.yaml
+++ /tmp/argocd-diff1691870422/cert-manager-cainjector:leaderelection
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cainjector
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-cainjector:leaderelection
namespace: kube-system
resourceVersion: "683811114"
===== rbac.authorization.k8s.io/Role kube-system/cert-manager:leaderelection ======
--- /tmp/argocd-diff2434143093/cert-manager:leaderelection-live.yaml
+++ /tmp/argocd-diff2434143093/cert-manager:leaderelection
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager:leaderelection
namespace: kube-system
resourceVersion: "683811113"
===== rbac.authorization.k8s.io/RoleBinding cert-manager/cert-manager-cert-manager-tokenrequest ======
--- /tmp/argocd-diff3343809234/cert-manager-cert-manager-tokenrequest-live.yaml
+++ /tmp/argocd-diff3343809234/cert-manager-cert-manager-tokenrequest
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
managedFields:
- apiVersion: rbac.authorization.k8s.io/v1
fieldsType: FieldsV1
===== rbac.authorization.k8s.io/RoleBinding cert-manager/cert-manager-webhook:dynamic-serving ======
--- /tmp/argocd-diff785005495/cert-manager-webhook:dynamic-serving-live.yaml
+++ /tmp/argocd-diff785005495/cert-manager-webhook:dynamic-serving
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: webhook
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-webhook:dynamic-serving
namespace: cert-manager
resourceVersion: "683811120"
===== rbac.authorization.k8s.io/RoleBinding kube-system/cert-manager-cainjector:leaderelection ======
--- /tmp/argocd-diff1227315170/cert-manager-cainjector:leaderelection-live.yaml
+++ /tmp/argocd-diff1227315170/cert-manager-cainjector:leaderelection
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cainjector
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager-cainjector:leaderelection
namespace: kube-system
resourceVersion: "683811116"
===== rbac.authorization.k8s.io/RoleBinding kube-system/cert-manager:leaderelection ======
--- /tmp/argocd-diff2935453129/cert-manager:leaderelection-live.yaml
+++ /tmp/argocd-diff2935453129/cert-manager:leaderelection
@@ -11,8 +11,8 @@
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: cert-manager
- app.kubernetes.io/version: v1.17.1
- helm.sh/chart: cert-manager-v1.17.1
+ app.kubernetes.io/version: v1.18.2
+ helm.sh/chart: cert-manager-v1.18.2
name: cert-manager:leaderelection
namespace: kube-system
resourceVersion: "683811117"
time="2025-07-02T19:15:53Z" level=warning msg="Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web."
time="2025-07-02T19:15:56Z" level=warning msg="Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web."
===== /Service external-dns/external-dns ======
--- /tmp/argocd-diff261486255/external-dns-live.yaml
+++ /tmp/argocd-diff261486255/external-dns
@@ -2,9 +2,11 @@
kind: Service
metadata:
annotations:
+ argocd.argoproj.io/tracking-id: external-dns:/Service:external-dns/external-dns
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"external-dns"},"name":"external-dns","namespace":"external-dns"},"spec":{"ports":[{"name":"metrics","port":7979,"targetPort":7979}],"selector":{"app.kubernetes.io/name":"external-dns"}}}
labels:
+ app.kubernetes.io/instance: external-dns
app.kubernetes.io/name: external-dns
name: external-dns
namespace: external-dns
===== /ServiceAccount external-dns/external-dns ======
--- /tmp/argocd-diff1994761776/external-dns-live.yaml
+++ /tmp/argocd-diff1994761776/external-dns
@@ -2,9 +2,11 @@
kind: ServiceAccount
metadata:
annotations:
+ argocd.argoproj.io/tracking-id: external-dns:/ServiceAccount:external-dns/external-dns
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"external-dns"},"name":"external-dns","namespace":"external-dns"}}
labels:
+ app.kubernetes.io/instance: external-dns
app.kubernetes.io/name: external-dns
name: external-dns
namespace: external-dns
===== apps/Deployment external-dns/external-dns ======
--- /tmp/argocd-diff2861917407/external-dns-live.yaml
+++ /tmp/argocd-diff2861917407/external-dns
@@ -2,11 +2,13 @@
kind: Deployment
metadata:
annotations:
+ argocd.argoproj.io/tracking-id: external-dns:apps/Deployment:external-dns/external-dns
deployment.kubernetes.io/revision: "11"
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"external-dns"},"name":"external-dns","namespace":"external-dns"},"spec":{"selector":{"matchLabels":{"app.kubernetes.io/name":"external-dns"}},"strategy":{"type":"Recreate"},"template":{"metadata":{"labels":{"app.kubernetes.io/name":"external-dns"}},"spec":{"containers":[{"args":["--source=service","--source=ingress","--registry=txt","--provider=aws","--txt-owner-id=digitalocean-hashbang","--txt-prefix=_owner.","--source=crd","--domain-filter=hashbang.sh","--managed-record-types=A","--managed-record-types=CNAME","--managed-record-types=TXT"],"env":[{"name":"AWS_REGION","value":"us-west-2"},{"name":"AWS_ACCESS_KEY_ID","value":"AKIAR7CEWFK35SZX5S66"},{"name":"AWS_SECRET_ACCESS_KEY","valueFrom":{"secretKeyRef":{"key":"key","name":"external-dns-iam"}}}],"image":"registry.k8s.io/external-dns/external-dns:v0.16.1@sha256:37d3a7a05c4638b8177382b80a627c223bd84a53c1a91be137245bd3cfdf9986","name":"external-dns","ports":[{"containerPort":7979,"name":"metrics"}]}],"securityContext":{"fsGroup":65534},"serviceAccountName":"external-dns"}}}}
generation: 11
labels:
+ app.kubernetes.io/instance: external-dns
app.kubernetes.io/name: external-dns
managedFields:
- apiVersion: apps/v1
@@ -150,11 +152,6 @@
- --provider=aws
- --txt-owner-id=digitalocean-hashbang
- --txt-prefix=_owner.
- - --source=crd
- - --domain-filter=hashbang.sh
- - --managed-record-types=A
- - --managed-record-types=CNAME
- - --managed-record-types=TXT
env:
- name: AWS_REGION
value: us-west-2
===== cilium.io/CiliumNetworkPolicy external-dns/external-dns ======
--- /tmp/argocd-diff4159551838/external-dns-live.yaml
+++ /tmp/argocd-diff4159551838/external-dns
@@ -2,10 +2,12 @@
kind: CiliumNetworkPolicy
metadata:
annotations:
+ argocd.argoproj.io/tracking-id: external-dns:cilium.io/CiliumNetworkPolicy:external-dns/external-dns
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"cilium.io/v2","kind":"CiliumNetworkPolicy","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"external-dns"},"name":"external-dns","namespace":"external-dns"},"spec":{"egress":[{"toEntities":["cluster"]},{"toEntities":["cluster"],"toPorts":[{"ports":[{"port":"53","protocol":"ANY"}],"rules":{"dns":[{"matchPattern":"*.amazonaws.com"}]}}]},{"toEntities":["world"],"toPorts":[{"ports":[{"port":"443","protocol":"TCP"}]}]}],"endpointSelector":{"matchLabels":{"k8s:app":"external-dns"}},"ingress":[{"fromEntities":["cluster"],"toPorts":[{"ports":[{"port":"7979","protocol":"TCP"}],"rules":{"http":[{"method":"GET","path":"/metrics"}]}}]}]}}
generation: 32
labels:
+ app.kubernetes.io/instance: external-dns
app.kubernetes.io/name: external-dns
name: external-dns
namespace: external-dns
===== monitoring.coreos.com/ServiceMonitor external-dns/external-dns-server-metrics ======
--- /tmp/argocd-diff1777673684/external-dns-server-metrics-live.yaml
+++ /tmp/argocd-diff1777673684/external-dns-server-metrics
@@ -3,10 +3,12 @@
metadata:
annotations:
argocd.argoproj.io/sync-options: SkipDryRunOnMissingResource=true
+ argocd.argoproj.io/tracking-id: external-dns:monitoring.coreos.com/ServiceMonitor:external-dns/external-dns-server-metrics
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"annotations":{"argocd.argoproj.io/sync-options":"SkipDryRunOnMissingResource=true"},"labels":{"app.kubernetes.io/name":"external-dns","prometheusInstance":"default"},"name":"external-dns-server-metrics","namespace":"external-dns"},"spec":{"endpoints":[{"port":"metrics"}],"selector":{"matchLabels":{"app.kubernetes.io/name":"external-dns"}}}}
generation: 1
labels:
+ app.kubernetes.io/instance: external-dns
app.kubernetes.io/name: external-dns
prometheusInstance: default
managedFields:
===== rbac.authorization.k8s.io/ClusterRole /external-dns ======
--- /tmp/argocd-diff1118670651/external-dns-live.yaml
+++ /tmp/argocd-diff1118670651/external-dns
@@ -2,9 +2,11 @@
kind: ClusterRole
metadata:
annotations:
+ argocd.argoproj.io/tracking-id: external-dns:rbac.authorization.k8s.io/ClusterRole:external-dns/external-dns
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"external-dns"},"name":"external-dns"},"rules":[{"apiGroups":[""],"resources":["endpoints","pods","services"],"verbs":["get","watch","list"]},{"apiGroups":["extensions"],"resources":["ingresses"],"verbs":["get","watch","list"]},{"apiGroups":["networking.k8s.io"],"resources":["ingresses"],"verbs":["get","watch","list"]},{"apiGroups":[""],"resources":["nodes"],"verbs":["watch","list"]},{"apiGroups":["externaldns.k8s.io"],"resources":["dnsendpoints"],"verbs":["get","watch","list"]},{"apiGroups":["externaldns.k8s.io"],"resources":["dnsendpoints/status"],"verbs":["*"]}]}
labels:
+ app.kubernetes.io/instance: external-dns
app.kubernetes.io/name: external-dns
name: external-dns
resourceVersion: "710536737"
@@ -43,17 +45,3 @@
verbs:
- watch
- list
-- apiGroups:
- - externaldns.k8s.io
- resources:
- - dnsendpoints
- verbs:
- - get
- - watch
- - list
-- apiGroups:
- - externaldns.k8s.io
- resources:
- - dnsendpoints/status
- verbs:
- - '*'
===== rbac.authorization.k8s.io/ClusterRoleBinding /external-dns-viewer ======
--- /tmp/argocd-diff337196576/external-dns-viewer-live.yaml
+++ /tmp/argocd-diff337196576/external-dns-viewer
@@ -2,9 +2,11 @@
kind: ClusterRoleBinding
metadata:
annotations:
+ argocd.argoproj.io/tracking-id: external-dns:rbac.authorization.k8s.io/ClusterRoleBinding:external-dns/external-dns-viewer
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRoleBinding","metadata":{"annotations":{},"labels":{"app.kubernetes.io/name":"external-dns"},"name":"external-dns-viewer"},"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"external-dns"},"subjects":[{"kind":"ServiceAccount","name":"external-dns","namespace":"external-dns"}]}
labels:
+ app.kubernetes.io/instance: external-dns
app.kubernetes.io/name: external-dns
name: external-dns-viewer
resourceVersion: "710536742"
time="2025-07-02T19:16:03Z" level=warning msg="Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web."
time="2025-07-02T19:16:06Z" level=warning msg="Failed to invoke grpc call. Use flag --grpc-web in grpc calls. To avoid this warning message, use flag --grpc-web."
===== apps/Deployment ircd/irc-deployment ======
--- /tmp/argocd-diff167881356/irc-deployment-live.yaml
+++ /tmp/argocd-diff167881356/irc-deployment
@@ -30,7 +30,7 @@
app: irc
spec:
containers:
- - image: ghcr.io/ergochat/ergo:v2.14.0@sha256:ef4040d18044a53c8c995defb3159018cf2e83030e5db068c3976d9343c826a5
+ - image: ghcr.io/ergochat/ergo:v2.15.0@sha256:135cd42c6300d957e0045ee53fbe886e43e1c04bb621391ed7b8940c174d68f3
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
@@ -78,7 +78,7 @@
echo "Exiting.";
command:
- /bin/sh
- image: ghcr.io/ergochat/ergo:v2.14.0@sha256:ef4040d18044a53c8c995defb3159018cf2e83030e5db068c3976d9343c826a5
+ image: ghcr.io/ergochat/ergo:v2.15.0@sha256:135cd42c6300d957e0045ee53fbe886e43e1c04bb621391ed7b8940c174d68f3
imagePullPolicy: IfNotPresent
name: config-reloader
resources: {} |
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/cert-manager-1.x
branch
from
d2c9d2b to
a77a766
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/cert-manager-1.x
branch
from
a77a766 to
045fc45
Compare
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/cert-manager-1.x
branch
from
045fc45 to
cfc5bb3
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.17.1->v1.18.2Release Notes
cert-manager/cert-manager (cert-manager)
v1.18.2Compare Source
v1.18.1Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
We have added a new feature gate
ACMEHTTP01IngressPathTypeExact, to allowingress-nginxusers to turn off the new default IngressPathType: Exactbehavior, in ACME HTTP01 Ingress challenge solvers.This change fixes the following issue: #7791
We have increased the ACME challenge authorization timeout to two minutes, which we hope will fix a timeout error (
error waiting for authorization), which has been reported by multiple users, since the release of cert-managerv1.16.0.This change should fix the following issues: #7337, #7444, and #7685.
Changes since
v1.18.0:Feature
ACMEHTTP01IngressPathTypeExact, to allowingress-nginxusers to turn off the new default IngressPathType: Exactbehavior, in ACME HTTP01 Ingress challenge solvers. (#7810, @sspreitzer)Bug or Regression
error waiting for authorization. (#7801, @hjoshi123)Other (Cleanup or Flake)
#7807, @wallrj)v1.18.0Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
cert-manager 1.18 introduces several new features and breaking changes. Highlights include support for ACME certificate profiles, a new default for
Certificate.Spec.PrivateKey.RotationPolicynow set toAlways(breaking change), and the defaultCertificate.Spec.RevisionHistoryLimitnow set to1(potentially breaking).Known Issues
Changes since
v1.17.2:Feature
app.kubernetes.io/managed-by: cert-managerlabel to the created Let's Encrypt account keys (#7577, @terinjokes)certmanager_certificate_not_before_timestamp_seconds,certmanager_certificate_not_after_timestamp_seconds). (#7612, @solidDoWant)--extra-certificate-annotations, which sets a list of annotation keys to be copied from Ingress-like to resulting Certificate object (#7083, @k0da)issshort name for the cert-managerIssuerresource. (#7373, @SgtCoDFish)cissshort name for the cert-managerClusterIssuerresource (#7373, @SgtCoDFish)global.rbac.disableHTTPChallengesRolehelm value to disable HTTP-01 ACME challenges. This allows cert-manager to drop its permission to create pods, improving security when HTTP-01 challenges are not required. (#7666, @ali-hamza-noor)FindZoneByFqdn(#7596, @ThatsIvan)UseDomainQualifiedFinalizerfeature to GA. (#7735, @jsoref)Certificate.Spec.PrivateKey.RotationPolicychanged fromNevertoAlways. (#7723, @wallrj)Documentation
Bug or Regression
go-josedependency to addressCVE-2025-27144. (#7606, @SgtCoDFish)golang.org/x/oauth2to patchCVE-2025-22868. (#7638, @NicholasBlaskey)golang.org/x/cryptoto patchGHSA-hcg3-q754-cr77. (#7638, @NicholasBlaskey)github.com/golang-jwt/jwtto patchGHSA-mh63-6h87-95cp. (#7638, @NicholasBlaskey)ImplementationSpecifictoExactfor a reliable handling of ingress controllers and enhanced security. (#7767, @sspreitzer)--namespace=<namespace>: limit the scope of cert-manager to a single namespace and disable cluster-scoped controllers. (#7678, @tsaarni)commonNamefield; IP addresses are no longer added to the DNSsubjectAlternativeNamelist and are instead added to theipAddressesfield as expected. (#7081, @johnjcool)certmanager_certificate_renewal_timestamp_secondsmetric help text indicating that the metric is relative to expiration time, rather than Unix epoch time. (#7609, @solidDoWant)Passthroughmode. (#6986, @vehagn)golang.org/x/netfixingCVE-2025-22870. (#7619, @dependabot[bot])Other (Cleanup or Flake)
third_party/forked/acmepackage with support for the ACME profiles extension. (#7776, @wallrj)AdditionalCertificateOutputFormatsfeature to GA, making additional formats always enabled. (#7744, @erikgb)ValidateCAA. Setting this feature gate is now a no-op which does nothing but print a warning log line (#7553, @SgtCoDFish)v1.24.4(#7785, @wallrj)v1.17.4Compare Source
v1.17.3Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This patch release addresses several vulnerabilities reported by the Trivy security scanner. It is built with the latest version of Go 1.23.
We have increased the ACME challenge authorization timeout to two minutes, which we hope will fix a timeout error (
error waiting for authorization), which has been reported by multiple users, in: #7337, #7444, and #7685.Changes since
v1.17.2:Bug or Regression
waiting for authorization(#7798, @hjoshi123)Other (Cleanup or Flake)
v1.17.2Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This patch release addresses several vulnerabilities reported by the Trivy security scanner. It is built with the latest version of Go 1.23 and includes various dependency updates.
Changes since
v1.17.1Bug or Regression
v1.23.8to fixCVE-2025-22871(#7701,@wallrj)go-josedependency to addressCVE-2025-27144(#7603,@SgtCoDFish)golang.org/x/netto addressCVE-2025-22870reported by Trivy (#7622,@SgtCoDFish)golang.org/x/netto fixCVE-2025-22872(#7703,@wallrj)golang.org/x/oauth2to patchCVE-2025-22868(#7692,@lentzi90)golang.org/x/cryptoto patchGHSA-hcg3-q754-cr77(#7692,@lentzi90)github.com/golang-jwt/jwtto patchGHSA-mh63-6h87-95cp(#7692,@lentzi90)Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.