csi-driver
csi-driver copied to clipboard
cert-manager
Bump the all group across 1 directory with 3 updates
Bumps the all group with 2 updates in the / directory: github.com/cert-manager/cert-manager and github.com/cert-manager/csi-lib.
Updates github.com/cert-manager/cert-manager from 1.15.3 to 1.16.1
Release notes
Sourced from github.com/cert-manager/cert-manager's releases.
v1.16.1
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
The cert-manager 1.16 release includes: new Helm chart features, more Prometheus metrics, memory optimizations, and various improvements and bug fixes for the ACME issuer and Venafi Issuer.
📖 Read the complete 1.16 release notes before upgrading.
📜Changes since
v1.16.0Bug or Regression
- BUGFIX: Helm schema validation: the new schema validation was too strict for the "global" section. Since the global section is shared across all charts and sub-charts, we must also allow unknown fields. (#7348,
@inteon)- BUGFIX: Helm will now accept percentages for the
podDisruptionBudget.minAvailableandpodDisruptionBudget.maxAvailablevalues. (#7345,@inteon)- Helm: allow
enabledto be set as a value to toggle cert-manager as a dependency. (#7356,@inteon)- BUGFIX: A change in
v1.16.0caused cert-manager's ACME ClusterIssuer to look in the wrong namespace for resources required for the issuance (e.g. credential Secrets). This is now fixed inv1.16.1. (#7342,@inteon)v1.16.0
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
The cert-manager 1.16 release includes: new Helm chart features, more Prometheus metrics, memory optimizations, and various improvements and bug fixes for the ACME issuer and Venafi Issuer.
📖 Read the complete 1.16 release notes at cert-manager.io.
⚠️ Known issues
- Helm Chart: JSON schema prevents the chart being used as a sub-chart on Rancher RKE.
- ACME DNS01 ClusterIssuer fail while loading credentials from Secret resources.
❗ Breaking changes
- Helm schema validation may reject your existing Helm values files if they contain typos or unrecognized fields.
- Venafi Issuer may fail to renew certificates if the requested duration conflicts with the CA’s minimum or maximum policy settings in Venafi.
- Venafi Issuer may fail to renew Certificates if the issuer has been configured for TPP with username-password authentication.
📖 Read the complete 1.16 release notes at cert-manager.io.
📜 Changes since v1.15.0
📖 Read the complete 1.16 release notes at cert-manager.io.
Feature
- Add
SecretRefsupport for Venafi TPP issuer CA Bundle (#7036,@sankalp-at-gh)- Add
renewBeforePercentagealternative torenewBefore(#6987,@cbroglie)- Add a metrics server to the cainjector (#7194,
@wallrj)- Add a metrics server to the webhook (#7182,
@wallrj)- Add client certificate auth method for Vault issuer (#4330,
@joshmue)- Add process and go runtime metrics for controller (#6966,
@mindw)- Added
app.kubernetes.io/managed-by: cert-managerlabel to the cert-manager-webhook-ca Secret (#7154,@jrcichra)- Allow the user to specify a Pod template when using GatewayAPI HTTP01 solver, this mirrors the behavior when using the Ingress HTTP01 solver. (#7211,
@ThatsMrTalbot)- Create token request RBAC for the cert-manager ServiceAccount by default (#7213,
@Jasper-Ben)
... (truncated)
Commits
ff50c06Merge pull request #7356 from cert-manager-bot/cherry-pick-7350-to-release-1.162298278Helm: add enabled to json schema02f4a60Merge pull request #7355 from cert-manager-bot/cherry-pick-7351-to-release-1.167525267Helm chart: fix documentation for service accounts annotationsb44f375Merge pull request #7348 from cert-manager/self-upgrade-release-1.16c3bdc1fRun 'make upgrade-klone' and 'make generate'2d22a92Merge pull request #7345 from cert-manager-bot/cherry-pick-7343-to-release-1.164f4ea8bupdate schema validation for minAvailable and maxAvailable to accept both str...17d9d81Merge pull request #7342 from cert-manager-bot/cherry-pick-7339-to-release-1.161144aabadd ACME ClusterIssuer resource namespace test- Additional commits viewable in compare view
Updates github.com/cert-manager/csi-lib from 0.7.0 to 0.8.0
Release notes
Sourced from github.com/cert-manager/csi-lib's releases.
v0.8.0
What's Changed
- Replace deprecated functions and add missing error checks by
@inteonin cert-manager/csi-lib#64- Update atomic writer based on upstream: avoiding chown race condition by
@inteonin cert-manager/csi-lib#65- Upgrade golang 1.23 and support CSI spec v1.10.0 by
@7ingin cert-manager/csi-lib#67Full Changelog: https://github.com/cert-manager/csi-lib/compare/v0.7.0...v0.8.0
Commits
c552f3aMerge pull request #67 from 7ing/upgrade-go-1.23f64c593Upgrade golang 1.23 and support CSI spec v1.10.0bff7666Merge pull request #65 from inteon/update_atomic_writer3ba2694Merge pull request #64 from inteon/replace_deprecated1f84151update vendored atomic writer to latest upstream versionffb1d38replace deprecated functions and add missing error checks- See full diff in compare view
Updates k8s.io/utils from 0.0.0-20240711033017-18e509b52bc8 to 0.0.0-20240921022957-49e7df575cb6
Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
Hi @dependabot[bot]. Thanks for your PR.
I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
![cert-manager-prow[bot] avatar](https://avatars.githubusercontent.com/in/877404?v=4 "Published by a pub.dev verified publisher"){kind=small}
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: inteon
The full list of commands accepted by this bot can be found here.
The pull request process is described here
- ~~OWNERS~~ [inteon]
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| pull-cert-manager-csi-driver-verify | 41039e976e04ae002937257b831858a9a4821f73 | link | true | /test pull-cert-manager-csi-driver-verify |
| pull-cert-manager-csi-driver-test | 41039e976e04ae002937257b831858a9a4821f73 | link | true | /test pull-cert-manager-csi-driver-test |
| pull-cert-manager-csi-driver-e2e | 41039e976e04ae002937257b831858a9a4821f73 | link | true | /test pull-cert-manager-csi-driver-e2e |
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.
Looks like these dependencies are updatable in another way, so this is no longer needed.