Skip to content

chore(deps): update helm release cert-manager to v1.5.4

Renovate Bot requested to merge renovate/cert-manager-1.x into main

This MR contains the following updates:

Package Update Change
cert-manager minor v1.4.3 -> v1.5.4

Release Notes

jetstack/cert-manager

v1.5.4

Compare Source

Changelog since v1.5.3

Changes by Kind

Bug or Regression
  • FIX: Prevent Vault Client from panicing when request to Vault health endpoint fails. (#​4476, @​JoshVanL)
  • Pod Security Policy for startup api check job (#​4432, @​ndegory)
  • The startupapicheck post-install hook in the Helm chart now deletes any post-install hook resources left after a previous failed install allowing helm install to be re-run after a previous failure. (#​4435, @​wallrj)
Other (Cleanup or Flake)

v1.5.3

Compare Source

Changelog since v1.5.2

Bug or Regression

v1.5.2

Compare Source

Changelog since v1.5.1

Changes by Kind

Bug or Regression

v1.5.1

Compare Source

Release notes for release-1.5

The CRDs for the cert-manager v1beta1 API were mistakenly changed in cert-manager v1.5.0. If you installed the CRDs for v1.5.0, you should upgrade your CRDs to v1.5.1.

The only affected API version is v1beta1, so if you're using the latest version - v1 - you won't be affected by the CRD changes. It's worth upgrading to v1 in any case, since v1alpha2, v1alpha3 and v1beta1 are all deprecated and will be removed in a future release.

Changelog since v1.5.0

Changes by Kind

Bug or Regression

v1.5.0

Compare Source

Release notes for release-1.5

cert-manager 1.5 is the first release to support Kubernetes 1.22.

Note: cert-manager API versions v1alpha2, v1alpha3 and v1beta1 that were deprecated in 1.4 will no longer be served in 1.6. If your cert-manager deployment was created before 1.0 and/or any cert-manager resources were created using any of the deprecated APIs, please ensure the resources and CRDs are updated before upgrading to 1.6, see the docs.

Changelog since 1.4

Changes by Kind

Feature
  • Add a name to Prometheus scraping service port (#​4072, @​francescsanjuanmrf)
  • Add support for adding custom annotations and labels to the Secret containing the TLS key pair. (#​3828, @​jonathansp)
  • Add the deployed cert-manager version to 'kubectl cert-manager version' command (#​4226, @​inteon)
  • Added a new optional controller: gateway-shim. cert-manager now supports automatic creation of ACME certificates for the sig-network Gateway API Gateway, when annotated similarly to existing support for Ingresses. (#​4158, @​maelvls)
  • Added a startup api check Job that waits for the cert-manager api to become ready (#​4234, @​inteon)
  • Added the kubectl 'cert-manager check api' command (#​4205, @​inteon)
  • Adds CLI command: ctl experimental create certificatesigningrequest for creating a Kuberenetes CertificateSigningRequest based upon a cert-manager Certificate manifest file (#​4106, @​JoshVanL)
  • Adds clock_time_seconds metric for calculating expiration time in monitoring systems without a built in function. (#​4105, @​kit837)
  • Adds support for Ed25519 private keys and signatures for Certificates (#​4079, @​annerajb)
  • cert-manager is now able to sign CertificateSigningRequests using the ACME issuer. Note that the CertificateSigningRequests support is experimental and requires the use of a flag on the controller: --feature-gates=ExperimentalCertificateSigningRequestControllers=true (#​4112, @​JoshVanL)
  • cert-manager is now able to sign CertificateSigningRequests using the SelfSigned issuer. Note that the CertificateSigningRequests support is experimental and requires the use of a flag on the controller: --feature-gates=ExperimentalCertificateSigningRequestControllers=true (#​4100, @​JoshVanL)
  • cert-manager is now able to sign CertificateSigningRequests using the Vault issuer. Note that the CertificateSigningRequests support is experimental and requires the use of a flag on the controller: --feature-gates=ExperimentalCertificateSigningRequestControllers=true (#​4103, @​JoshVanL)
  • cert-manager is now able to sign CertificateSigningRequests using the Venafi issuer. Note that the CertificateSigningRequests support is experimental and requires the use of a flag on the controller: --feature-gates=ExperimentalCertificateSigningRequestControllers=true (#​4108, @​JoshVanL)
  • cert-manager now supports the sig-network Gateway API to solve HTTP01 challenges. (#​4276, @​jakexks)
  • cert-manager now uses the networking.k8s.io/v1 Ingress type if available. (#​4225, @​jakexks)
  • Fire event when a CertificateSigningRequest has not yet been approved, so will skip processing until it is. (#​4229, @​JoshVanL)
  • Reduce binary sizes by adding "-s -w" as ldflags (#​4169, @​inteon)
  • kubectl cert-manager x install command is added (#​4138, @​inteon)
Bug or Regression
  • Adds an explicit 10 second timeout when checking HTTP01 challenges for reachability (#​4318, @​SgtCoDFish)
  • Cloudflare: Refactored DNS01 challenge to use API for finding the nearest Zone (fixing potential DNS-Issues) (#​4147, @​thiscantbeserious)
  • Fix a bug where failed Certificate Requests were not retried (#​4130, @​irbekrm)
  • Fix check for self-signed certificates in EncodeX509Chain which broke certs whose subject DN matched their issuer's subject DN (#​4237, @​SgtCoDFish)
  • Fix handling of chains which don't have a root in ParseSingleCertificateChain, and improve handling in situations where that function is passed a single certificate. (#​4261, @​SgtCoDFish)
  • Fixed a bug in the "gateway shim" controller that was causing the cert-manager controller to crash with a nil pointer exception when using the annotation "cert-manager.io/issuer" on a Gateway that had an empty tls block or with certificateRef left empty. (#​4293, @​maelvls)
  • Fixed a goroutine leak that was causing the controller's memory usage to grow with time (#​4233, @​maelvls)
  • Fixed a race condition introduced in v0.15.0 that would crash cert-manager for clusters with a large number of certificates. (#​4231, @​maelvls)
  • Set correct exit codes on ctrl+c event & process defer calls on error (#​4230, @​inteon)
  • Set correct labels on resources in static manifest yaml files (#​4190, @​inteon)
Other (Cleanup or Flake)
  • Adds conformance E2E suite for CertificateSigningRequests (#​4101, @​JoshVanL)
  • Allows to configure labels on cert-manager webhook service via a Helm value. (#​4260, @​mozz-lx)
  • Allows to configure which annotations get copied from Certificate to CertificateRequest. Annotations with keys prefixed with kubectl.kubernetes.io/, fluxcd.io, argocd.argoproj.io are now excluded by default. (#​4251, @​irbekrm)
  • Minor cleanup of make targets, to prepare for more use of make in cert-manager (#​4109, @​SgtCoDFish)
  • Pre-v1 cert-manager resource requests now must be converted to v1 in order to be validated/mutated by admission webhooks. (Default cert-manager validating and mutating webhook configurations ensure the resource requests are being converted) (#​4172, @​irbekrm)
  • Reduce binary sizes by adding "-w" as ldflag (#​4181, @​inteon)
  • Regression: CertificateSigningRequests will no longer have a experimental.cert-manager.io/ca annotation set. (#​4143, @​JoshVanL)
  • Remove v1beta1 as an accepted AdmissionReviewVersion. cert-manager now only supports v1, available since Kubernetes v1.16 (#​4254, @​JoshVanL)
  • Remove v1beta1 as an accepted ConversionReviewVersion. cert-manager now only supports v1, available since Kubernetes v1.16 (#​4253, @​JoshVanL)
  • The controllers now exit more cleanly (eg. the Leader Election Lease is freed properly on shutdown) (#​4243, @​inteon)

v1.4.4

Compare Source

Changelog since v1.4.3

Bug or Regression

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.


  • If you want to rebase/retry this MR, check this box.

This MR has been generated by Renovate Bot.

Merge request reports