chore(deps): update helm release cert-manager to v1.19.0
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| cert-manager (source) | minor |
1.18.2 -> v1.19.0
|
Release Notes
cert-manager/cert-manager (cert-manager)
v1.19.0
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
⚠️ Known issues: We are working on a patch to fix the following issues:
This release focuses on expanding platform compatibility, improving deployment flexibility, enhancing observability, and addressing key reliability issues.
📖 Read the full release notes at cert-manager.io: https://cert-manager.io/docs/releases/release-notes/release-notes-1.19
Changes since v1.18.0:
Feature
- Add IPv6 rules to the default network policy (#7726, @jcpunk)
- Add
global.nodeSelectorto helm chart to allow for a singlenodeSelectorto be set across all services. (#7818, @StingRayZA) - Add a feature gate to default to Ingress
pathTypeExactin ACME HTTP01 Ingress challenge solvers. (#7795, @sspreitzer) - Add generated
applyconfigurationsallowing clients to make type-safe server-side apply requests for cert-manager resources. (#7866, @erikgb) - Added API defaults to issuer references group (cert-manager.io) and kind (Issuer). (#7414, @erikgb)
- Added
certmanager_certificate_challenge_statusPrometheus metric. (#7736, @hjoshi123) - Added
protocolfield forrfc2136DNS01 provider (#7881, @hjoshi123) - Added experimental field
hostUsersflag to all pods. Not set by default. (#7973, @hjoshi123) - Support configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global
--acme-http01-solver-resource-*settings. (#7972, @lunarwhite) - The
CAInjectorMergingfeature has been promoted to BETA and is now enabled by default (#8017, @ThatsMrTalbot) - The controller, webhook and ca-injector now log their version and git commit on startup for easier debugging and support. (#8072, @prasad89)
- Updated
certificatemetrics to the collector approach. (#7856, @hjoshi123)
Bug or Regression
- ACME: Increased challenge authorization timeout to 2 minutes to fix
error waiting for authorization(#7796, @hjoshi123) - BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (#7816, @kinolaev)
- Enforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (
class,ingressClassName,name) are specified simultaneously (#8021, @lunarwhite) - Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (#7961, @SgtCoDFish)
- Reverted adding the
global.rbac.disableHTTPChallengesRoleHelm option. (#7836, @inteon) - This change removes the
pathlabel of core ACME client metrics and will require users to update their monitoring dashboards and alerting rules if using those metrics. (#8109, @mladen-rusev-cyberark) - Use the latest version of
ingress-nginxin E2E tests to ensure compatibility (#7792, @wallrj)
Other (Cleanup or Flake)
- Helm: Fix naming template of
tokenrequestRoleBinding resource to improve consistency (#7761, @lunarwhite) - Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (#7928, @SgtCoDFish)
- Major upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. (#8003, @hjoshi123)
- Update kind images to include the Kubernetes 1.33 node image (#7786, @wallrj)
- Use
maps.Copyfor cleaner map handling (#8092, @quantpoet) - Vault: Migrate Vault E2E add-on tests from deprecated
vault-client-goto the newvault/apiclient. (#8059, @armagankaratosun)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.