Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(chart-deps): update cert-manager to version v1.17.0 #1925

Closed
wants to merge 2 commits into from
Closed

chore(chart-deps): update cert-manager to version v1.17.0 #1925

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7be3379
chore(chart-deps): update cert-manager to version v1.17.0
svcAPLBot Feb 4, 2025
33a8d41
Merge branch 'main'
merll Feb 6, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion chart/chart-index/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ dependencies:
version: 6.7.3
repository: https://argoproj.github.io/argo-helm
- name: cert-manager
version: v1.16.3
version: v1.17.0
repository: https://charts.jetstack.io
- name: cloudnative-pg
version: 0.23.0
Expand Down
4 changes: 2 additions & 2 deletions charts/cert-manager/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ annotations:
fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E
url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg
apiVersion: v2
appVersion: v1.16.3
appVersion: v1.17.0
description: A Helm chart for cert-manager
home: https://cert-manager.io
icon: https://raw.githubusercontent.com/cert-manager/community/4d35a69437d21b76322157e6284be4cd64e6d2b7/logo/logo-small.png
Expand All @@ -23,4 +23,4 @@ maintainers:
name: cert-manager
sources:
- https://github.com/cert-manager/cert-manager
version: v1.16.3
version: v1.17.0
41 changes: 27 additions & 14 deletions charts/cert-manager/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ Before installing the chart, you must first install the cert-manager CustomResou
This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources.

```bash
$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.3/cert-manager.crds.yaml
$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.17.0/cert-manager.crds.yaml
```

To install the chart with the release name `cert-manager`:
Expand All @@ -29,7 +29,7 @@ To install the chart with the release name `cert-manager`:
$ helm repo add jetstack https://charts.jetstack.io --force-update

## Install the cert-manager helm chart
$ helm install cert-manager --namespace cert-manager --version v1.16.3 jetstack/cert-manager
$ helm install cert-manager --namespace cert-manager --version v1.17.0 jetstack/cert-manager
```

In order to begin issuing certificates, you will need to set up a ClusterIssuer
Expand Down Expand Up @@ -65,7 +65,7 @@ If you want to completely uninstall cert-manager from your cluster, you will als
delete the previously installed CustomResourceDefinition resources:

```console
$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.3/cert-manager.crds.yaml
$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.17.0/cert-manager.crds.yaml
```

## Configuration
Expand Down Expand Up @@ -316,7 +316,13 @@ If not set and create is true, a name is generated using the fullname template.

#### **serviceAccount.annotations** ~ `object`

Optional additional annotations to add to the controller's Service Account.
Optional additional annotations to add to the controller's Service Account. Templates are allowed for both keys and values.
Example using templating:

```yaml
annotations:
"{{ .Chart.Name }}-helm-chart/version": "{{ .Chart.Version }}"
```

#### **serviceAccount.labels** ~ `object`

Expand Down Expand Up @@ -364,17 +370,24 @@ config:
kubernetesAPIQPS: 9000
kubernetesAPIBurst: 9000
numberOfConcurrentWorkers: 200
enableGatewayAPI: true
# Feature gates as of v1.17.0. Listed with their default values.
# See https://cert-manager.io/docs/cli/controller/
featureGates:
AdditionalCertificateOutputFormats: true
DisallowInsecureCSRUsageDefinition: true
ExperimentalCertificateSigningRequestControllers: true
ExperimentalGatewayAPISupport: true
LiteralCertificateSubject: true
SecretsFilteredCaching: true
ServerSideApply: true
StableCertificateRequestName: true
UseCertificateRequestBasicConstraints: true
ValidateCAA: true
AdditionalCertificateOutputFormats: true # BETA - default=true
AllAlpha: false # ALPHA - default=false
AllBeta: false # BETA - default=false
ExperimentalCertificateSigningRequestControllers: false # ALPHA - default=false
ExperimentalGatewayAPISupport: true # BETA - default=true
LiteralCertificateSubject: true # BETA - default=true
NameConstraints: true # BETA - default=true
OtherNames: false # ALPHA - default=false
SecretsFilteredCaching: true # BETA - default=true
ServerSideApply: false # ALPHA - default=false
StableCertificateRequestName: true # BETA - default=true
UseCertificateRequestBasicConstraints: false # ALPHA - default=false
UseDomainQualifiedFinalizer: true # BETA - default=false
ValidateCAA: false # ALPHA - default=false
# Configure the metrics server for TLS
# See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls
metricsTLSConfig:
Expand Down
6 changes: 6 additions & 0 deletions charts/cert-manager/templates/cainjector-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,12 @@ spec:
prometheus.io/port: '9402'
{{- end }}
spec:
{{- if not .Values.cainjector.serviceAccount.create }}
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ template "cainjector.serviceAccountName" . }}
{{- if hasKey .Values.cainjector "automountServiceAccountToken" }}
automountServiceAccountToken: {{ .Values.cainjector.automountServiceAccountToken }}
Expand Down
2 changes: 2 additions & 0 deletions charts/cert-manager/templates/cainjector-service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.cainjector.enabled }}
{{- if and .Values.prometheus.enabled (not .Values.prometheus.podmonitor.enabled) }}
apiVersion: v1
kind: Service
Expand Down Expand Up @@ -28,3 +29,4 @@ spec:
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/component: "cainjector"
{{- end }}
{{- end }}
37 changes: 30 additions & 7 deletions charts/cert-manager/templates/crds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -514,7 +514,6 @@ spec:
type: object
required:
- create
- passwordSecretRef
properties:
alias:
description: |-
Expand All @@ -526,17 +525,25 @@ spec:
Create enables JKS keystore creation for the Certificate.
If true, a file named `keystore.jks` will be created in the target
Secret resource, encrypted using the password stored in
`passwordSecretRef`.
`passwordSecretRef` or `password`.
The keystore file will be updated immediately.
If the issuer provided a CA certificate, a file named `truststore.jks`
will also be created in the target Secret resource, encrypted using the
password stored in `passwordSecretRef`
containing the issuing Certificate Authority
type: boolean
password:
description: |-
Password provides a literal password used to encrypt the JKS keystore.
Mutually exclusive with passwordSecretRef.
One of password or passwordSecretRef must provide a password with a non-zero length.
type: string
passwordSecretRef:
description: |-
PasswordSecretRef is a reference to a key in a Secret resource
PasswordSecretRef is a reference to a non-empty key in a Secret resource
containing the password used to encrypt the JKS keystore.
Mutually exclusive with password.
One of password or passwordSecretRef must provide a password with a non-zero length.
type: object
required:
- name
Expand All @@ -559,24 +566,31 @@ spec:
type: object
required:
- create
- passwordSecretRef
properties:
create:
description: |-
Create enables PKCS12 keystore creation for the Certificate.
If true, a file named `keystore.p12` will be created in the target
Secret resource, encrypted using the password stored in
`passwordSecretRef`.
`passwordSecretRef` or in `password`.
The keystore file will be updated immediately.
If the issuer provided a CA certificate, a file named `truststore.p12` will
also be created in the target Secret resource, encrypted using the
password stored in `passwordSecretRef` containing the issuing Certificate
Authority
type: boolean
password:
description: |-
Password provides a literal password used to encrypt the PKCS#12 keystore.
Mutually exclusive with passwordSecretRef.
One of password or passwordSecretRef must provide a password with a non-zero length.
type: string
passwordSecretRef:
description: |-
PasswordSecretRef is a reference to a key in a Secret resource
containing the password used to encrypt the PKCS12 keystore.
PasswordSecretRef is a reference to a non-empty key in a Secret resource
containing the password used to encrypt the PKCS#12 keystore.
Mutually exclusive with password.
One of password or passwordSecretRef must provide a password with a non-zero length.
type: object
required:
- name
Expand Down Expand Up @@ -1376,6 +1390,9 @@ spec:
resource ID of the managed identity, can not be used at the same time as clientID
Cannot be used for Azure Managed Service Identity
type: string
tenantID:
description: tenant ID of the managed identity, can not be used at the same time as resourceID
type: string
resourceGroupName:
description: resource group the DNS zone is located in
type: string
Expand Down Expand Up @@ -4689,6 +4706,9 @@ spec:
resource ID of the managed identity, can not be used at the same time as clientID
Cannot be used for Azure Managed Service Identity
type: string
tenantID:
description: tenant ID of the managed identity, can not be used at the same time as resourceID
type: string
resourceGroupName:
description: resource group the DNS zone is located in
type: string
Expand Down Expand Up @@ -8415,6 +8435,9 @@ spec:
resource ID of the managed identity, can not be used at the same time as clientID
Cannot be used for Azure Managed Service Identity
type: string
tenantID:
description: tenant ID of the managed identity, can not be used at the same time as resourceID
type: string
resourceGroupName:
description: resource group the DNS zone is located in
type: string
Expand Down
6 changes: 6 additions & 0 deletions charts/cert-manager/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,12 @@ spec:
prometheus.io/port: '9402'
{{- end }}
spec:
{{- if not .Values.serviceAccount.create }}
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ template "cert-manager.serviceAccountName" . }}
{{- if hasKey .Values "automountServiceAccountToken" }}
automountServiceAccountToken: {{ .Values.automountServiceAccountToken }}
Expand Down
4 changes: 3 additions & 1 deletion charts/cert-manager/templates/serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,9 @@ metadata:
namespace: {{ include "cert-manager.namespace" . }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- range $k, $v := . }}
{{- printf "%s: %s" (tpl $k $) (tpl $v $) | nindent 4 }}
{{- end }}
{{- end }}
labels:
app: {{ include "cert-manager.name" . }}
Expand Down
6 changes: 6 additions & 0 deletions charts/cert-manager/templates/webhook-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,12 @@ spec:
prometheus.io/port: '9402'
{{- end }}
spec:
{{- if not .Values.webhook.serviceAccount.create }}
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
serviceAccountName: {{ template "webhook.serviceAccountName" . }}
{{- if hasKey .Values.webhook "automountServiceAccountToken" }}
automountServiceAccountToken: {{ .Values.webhook.automountServiceAccountToken }}
Expand Down
4 changes: 2 additions & 2 deletions charts/cert-manager/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -579,7 +579,7 @@
},
"helm-values.config": {
"default": {},
"description": "This property is used to configure options for the controller pod. This allows setting options that would usually be provided using flags.\n\nIf `apiVersion` and `kind` are unspecified they default to the current latest version (currently `controller.config.cert-manager.io/v1alpha1`). You can pin the version by specifying the `apiVersion` yourself.\n\nFor example:\nconfig:\n apiVersion: controller.config.cert-manager.io/v1alpha1\n kind: ControllerConfiguration\n logging:\n verbosity: 2\n format: text\n leaderElectionConfig:\n namespace: kube-system\n kubernetesAPIQPS: 9000\n kubernetesAPIBurst: 9000\n numberOfConcurrentWorkers: 200\n featureGates:\n AdditionalCertificateOutputFormats: true\n DisallowInsecureCSRUsageDefinition: true\n ExperimentalCertificateSigningRequestControllers: true\n ExperimentalGatewayAPISupport: true\n LiteralCertificateSubject: true\n SecretsFilteredCaching: true\n ServerSideApply: true\n StableCertificateRequestName: true\n UseCertificateRequestBasicConstraints: true\n ValidateCAA: true\n # Configure the metrics server for TLS\n # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls\n metricsTLSConfig:\n dynamic:\n secretNamespace: \"cert-manager\"\n secretName: \"cert-manager-metrics-ca\"\n dnsNames:\n - cert-manager-metrics",
"description": "This property is used to configure options for the controller pod. This allows setting options that would usually be provided using flags.\n\nIf `apiVersion` and `kind` are unspecified they default to the current latest version (currently `controller.config.cert-manager.io/v1alpha1`). You can pin the version by specifying the `apiVersion` yourself.\n\nFor example:\nconfig:\n apiVersion: controller.config.cert-manager.io/v1alpha1\n kind: ControllerConfiguration\n logging:\n verbosity: 2\n format: text\n leaderElectionConfig:\n namespace: kube-system\n kubernetesAPIQPS: 9000\n kubernetesAPIBurst: 9000\n numberOfConcurrentWorkers: 200\n enableGatewayAPI: true\n # Feature gates as of v1.17.0. Listed with their default values.\n # See https://cert-manager.io/docs/cli/controller/\n featureGates:\n AdditionalCertificateOutputFormats: true # BETA - default=true\n AllAlpha: false # ALPHA - default=false\n AllBeta: false # BETA - default=false\n ExperimentalCertificateSigningRequestControllers: false # ALPHA - default=false\n ExperimentalGatewayAPISupport: true # BETA - default=true\n LiteralCertificateSubject: true # BETA - default=true\n NameConstraints: true # BETA - default=true\n OtherNames: false # ALPHA - default=false\n SecretsFilteredCaching: true # BETA - default=true\n ServerSideApply: false # ALPHA - default=false\n StableCertificateRequestName: true # BETA - default=true\n UseCertificateRequestBasicConstraints: false # ALPHA - default=false\n UseDomainQualifiedFinalizer: true # BETA - default=false\n ValidateCAA: false # ALPHA - default=false\n # Configure the metrics server for TLS\n # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls\n metricsTLSConfig:\n dynamic:\n secretNamespace: \"cert-manager\"\n secretName: \"cert-manager-metrics-ca\"\n dnsNames:\n - cert-manager-metrics",
"type": "object"
},
"helm-values.containerSecurityContext": {
Expand Down Expand Up @@ -1223,7 +1223,7 @@
"type": "object"
},
"helm-values.serviceAccount.annotations": {
"description": "Optional additional annotations to add to the controller's Service Account.",
"description": "Optional additional annotations to add to the controller's Service Account. Templates are allowed for both keys and values.\nExample using templating:\nannotations:\n \"{{ .Chart.Name }}-helm-chart/version\": \"{{ .Chart.Version }}\"",
"type": "object"
},
"helm-values.serviceAccount.automountServiceAccountToken": {
Expand Down
32 changes: 21 additions & 11 deletions charts/cert-manager/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,7 +190,10 @@ serviceAccount:
# +docs:property
# name: ""

# Optional additional annotations to add to the controller's Service Account.
# Optional additional annotations to add to the controller's Service Account. Templates are allowed for both keys and values.
# Example using templating:
# annotations:
# "{{ .Chart.Name }}-helm-chart/version": "{{ .Chart.Version }}"
# +docs:property
# annotations: {}

Expand Down Expand Up @@ -227,17 +230,24 @@ enableCertificateOwnerRef: false
# kubernetesAPIQPS: 9000
# kubernetesAPIBurst: 9000
# numberOfConcurrentWorkers: 200
# enableGatewayAPI: true
# # Feature gates as of v1.17.0. Listed with their default values.
# # See https://cert-manager.io/docs/cli/controller/
# featureGates:
# AdditionalCertificateOutputFormats: true
# DisallowInsecureCSRUsageDefinition: true
# ExperimentalCertificateSigningRequestControllers: true
# ExperimentalGatewayAPISupport: true
# LiteralCertificateSubject: true
# SecretsFilteredCaching: true
# ServerSideApply: true
# StableCertificateRequestName: true
# UseCertificateRequestBasicConstraints: true
# ValidateCAA: true
# AdditionalCertificateOutputFormats: true # BETA - default=true
# AllAlpha: false # ALPHA - default=false
# AllBeta: false # BETA - default=false
# ExperimentalCertificateSigningRequestControllers: false # ALPHA - default=false
# ExperimentalGatewayAPISupport: true # BETA - default=true
# LiteralCertificateSubject: true # BETA - default=true
# NameConstraints: true # BETA - default=true
# OtherNames: false # ALPHA - default=false
# SecretsFilteredCaching: true # BETA - default=true
# ServerSideApply: false # ALPHA - default=false
# StableCertificateRequestName: true # BETA - default=true
# UseCertificateRequestBasicConstraints: false # ALPHA - default=false
# UseDomainQualifiedFinalizer: true # BETA - default=false
# ValidateCAA: false # ALPHA - default=false
# # Configure the metrics server for TLS
# # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls
# metricsTLSConfig:
Expand Down
Loading