fix(helm): update chart cert-manager to v1.11.4
This MR contains the following updates:
Package | Update | Change |
---|---|---|
cert-manager | patch |
v1.11.0 -> v1.11.4
|
Release Notes
cert-manager/cert-manager (cert-manager)
v1.11.4
Changes by Kind
Other (Cleanup or Flake)
- Resolved docker/docker trivy CVE alert (#6164, @inteon)
- Upgraded base images (#6128, @SgtCoDFish)
Dependencies
Changed
- github.com/docker/distribution: v2.8.1+incompatible → v2.8.2+incompatible
v1.11.3
v1.11.3 mostly contains ACME library changes. API Priority and Fairness feature is now disabled in the external webhook's extension apiserver.
Changes by Kind
Other (Cleanup or Flake)
- API Priority and Fairness controller is now disabled in extension apiserver for DNS webhook implementation. (#6092, @irbekrm)
- Adds a warning for folks to not use controller feature gates helm value to configure webhook feature gates (#6101, @irbekrm)
v1.11.2
Changelog since v1.11.1
Changes by Kind
Bug or Regression
- Build with go 1.19.9 (#6014, @SgtCoDFish)
Other (Cleanup or Flake)
-
Bumps Docker libraries to fix vulnerability scan alert for CVE-2023-28840, CVE-2023-28841, CVE-2023-28842 (#6037, @irbekrm) Cert-manager was not actually affected by these CVEs which are all to do with Docker daemon's overlay network.
-
Bumps Kube libraries v0.26.0 -> v0.26.4 (#6038, @irbekrm) This might help with running cert-manager v1.11 on Kubernetes v1.27, see #6038
v1.11.1
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
In v1.11.1, we updated the base images used for cert-manager containers. In addition, the users of the Venafi issuer will see less certificates repeatedly failing.
If you are a user of Venafi TPP and have been having issues with the error message This certificate cannot be processed while it is in an error state. Fix any errors, and then click Retry
, please use this version.
Changes since v1.11.0
Bug or Regression
- Bump helm and other dependencies to fix CVEs, along with upgrading go and base images (#5815, @SgtCoDFish)
- Bump the distroless base images (#5930, @maelvls)
- The auto-retry mechanism added in VCert 4.23.0 and part of cert-manager 1.11.0 (#5674) has been found to be faulty. Until this issue is fixed upstream, we now use a patched version of VCert. This patch will slowdown the issuance of certificates by 9% in case of heavy load on TPP. We aim to release at an ulterior date a patch release of cert-manager to fix this slowdown. (#5819, @maelvls)
- Use a fake-kube apiserver version when generating helm template in
cmctl x install
, to work around a hardcoded Kubernetes version in Helm. (#5726, @SgtCoDFish)
Other (Cleanup or Flake)
- Bump keystore-go to v4.4.1 to work around an upstream rewrite of history (#5730, @SgtCoDFish)
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.