Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support loading controller configuration from a versioned file #5337

Merged
merged 3 commits into from Jul 31, 2023
Merged

Support loading controller configuration from a versioned file #5337

merged 3 commits into from Jul 31, 2023

Conversation

AcidLeroy
Copy link
Contributor

@AcidLeroy AcidLeroy commented Jul 25, 2022
edited by inteon

Pull Request Motivation

Closes #5160

The motivation for this pull request is to add a version config file for the cert-manager controller. This follows the guidance from Versioned Component Configuration Files. In addition, this closely follows the pattern defined in PR: #4546.

Checklist

Kind

/kind feature

Release Note

The cert-manager controller options are now configurable using a configuration file.

@jetstack-bot jetstack-bot added release-note-none Denotes a PR that doesn't merit a release note. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Jul 25, 2022
@jetstack-bot
Copy link
Collaborator

Hi @AcidLeroy. Thanks for your PR.

I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@jetstack-bot jetstack-bot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. area/api Indicates a PR directly modifies the 'pkg/apis' directory needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Jul 25, 2022
@jetstack-bot jetstack-bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Nov 17, 2022
@jetstack-bot
Copy link
Collaborator

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Send feedback to jetstack.
/lifecycle stale

@jetstack-bot jetstack-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 15, 2023
@irbekrm irbekrm mentioned this pull request Mar 9, 2023
Closed
7 tasks
@irbekrm
Copy link
Collaborator

irbekrm commented Mar 9, 2023

/remove-lifecycle stale

@jetstack-bot jetstack-bot removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Mar 9, 2023
@AcidLeroy AcidLeroy force-pushed the controller-configuration-file branch from 0981a5c to c3a4b41 Compare March 10, 2023 17:48
@jetstack-bot jetstack-bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. and removed dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. labels Mar 10, 2023
@AcidLeroy AcidLeroy force-pushed the controller-configuration-file branch 8 times, most recently from 8e3ebe0 to 3992542 Compare March 15, 2023 22:38
@AcidLeroy AcidLeroy force-pushed the controller-configuration-file branch from 3992542 to 357829f Compare March 17, 2023 23:29
@AcidLeroy AcidLeroy force-pushed the controller-configuration-file branch from acd1d49 to 282a6d5 Compare July 27, 2023 23:44
inteon
inteon reviewed Jul 28, 2023
View reviewed changes
internal/apis/config/controller/v1alpha1/conversion.go
logsapi "k8s.io/component-base/logs/api/v1"
)

func Convert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfiguration(in *v1alpha1.ControllerConfiguration, out *controller.ControllerConfiguration, s conversion.Scope) error {
Copy link
Member

@inteon inteon Jul 28, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Do we need these 2 functions? Are they not auto-generated?

@inteon
Copy link
Member

inteon commented Jul 28, 2023

This is a great improvement @AcidLeroy!
Thank you for resolving all my questions.
/approve
/lgtm
/hold I have one optional nit, please let me know if you want to merge without fixing it.

@jetstack-bot jetstack-bot added lgtm Indicates that a PR is ready to be merged. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels Jul 28, 2023
@jetstack-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: AcidLeroy, inteon

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jetstack-bot jetstack-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 28, 2023
@inteon
Copy link
Member

inteon commented Jul 31, 2023

/unhold
We can fix that convert function later if necessary.

@jetstack-bot jetstack-bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jul 31, 2023
@jetstack-bot jetstack-bot merged commit d233758 into cert-manager:master Jul 31, 2023
6 checks passed
@inteon
Copy link
Member

inteon commented Jul 31, 2023

@AcidLeroy Could you also create a website documentation PR for this improvement?

@inteon
Copy link
Member

inteon commented Jul 31, 2023

@AcidLeroy Any further improvements can be made in seperate PRs.

@jetstack-bot jetstack-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. and removed release-note-none Denotes a PR that doesn't merit a release note. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Jul 31, 2023
This was referenced Jul 31, 2023
Merged
Closed
This was referenced Aug 10, 2023
Merged
Merged
@ubergesundheit ubergesundheit mentioned this pull request Aug 24, 2023
Merged
nrdufour added a commit to nrdufour/home-ops that referenced this pull request Sep 12, 2023
@nrdufour
chore(deps): update helm release cert-manager to v1.13.0 (#84)
ea78c14 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cert-manager](https://github.com/cert-manager/cert-manager) | minor | `v1.12.4` -> `v1.13.0` |

---

### Release Notes

<details>
<summary>cert-manager/cert-manager (cert-manager)</summary>

### [`v1.13.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.13.0)

[Compare Source](cert-manager/cert-manager@v1.12.4...v1.13.0)

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

This is the 1.13 release of cert-manager!

#### Community

Welcome to these new cert-manager members (more info - cert-manager/cert-manager#6260):
[@&#8203;jsoref](https://github.com/jsoref)
[@&#8203;FlorianLiebhart](https://github.com/FlorianLiebhart)
[@&#8203;hawksight](https://github.com/hawksight)
[@&#8203;erikgb](https://github.com/erikgb)

Thanks again to all open-source contributors with commits in this release, including:
[@&#8203;AcidLeroy](https://github.com/AcidLeroy)
[@&#8203;FlorianLiebhart](https://github.com/FlorianLiebhart)
[@&#8203;lucacome](https://github.com/lucacome)
[@&#8203;cypres](https://github.com/cypres)
[@&#8203;erikgb](https://github.com/erikgb)
[@&#8203;ubergesundheit](https://github.com/ubergesundheit)
[@&#8203;jkroepke](https://github.com/jkroepke)
[@&#8203;jsoref](https://github.com/jsoref)
[@&#8203;gdvalle](https://github.com/gdvalle)
[@&#8203;rouke-broersma](https://github.com/rouke-broersma)
[@&#8203;schrodit](https://github.com/schrodit)
[@&#8203;zhangzhiqiangcs](https://github.com/zhangzhiqiangcs)
[@&#8203;arukiidou](https://github.com/arukiidou)
[@&#8203;hawksight](https://github.com/hawksight)
[@&#8203;Richardds](https://github.com/Richardds)
[@&#8203;kahirokunn](https://github.com/kahirokunn)

Thanks also to the following cert-manager maintainers for their contributions during this release:
[@&#8203;SgtCoDFish](https://github.com/SgtCoDFish)
[@&#8203;maelvls](https://github.com/maelvls)
[@&#8203;irbekrm](https://github.com/irbekrm)
[@&#8203;inteon](https://github.com/inteon)

Equally thanks to everyone who provided feedback, helped users and raised issues on Github and Slack and joined our meetings!

Special thanks to [@&#8203;AcidLeroy](https://github.com/AcidLeroy) for adding "load options from a versioned config file" support for the cert-manager controller! This has been on our wishlist for a very long time. (see cert-manager/cert-manager#5337)

Also, thanks a lot to [@&#8203;FlorianLiebhart](https://github.com/FlorianLiebhart) for adding support for DNS over HTTPS for the ACME DNS self-check. This is very useful in case all traffic must be HTTP(S) trafic, eg. when using a HTTPS_PROXY. (see cert-manager/cert-manager#5003)

Thanks also to the [CNCF](https://www.cncf.io/), which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the [PrivateCA Issuer](https://github.com/cert-manager/aws-privateca-issuer).

In addition, massive thanks to [Venafi](https://www.venafi.com/) for contributing developer time and resources towards the continued maintenance of cert-manager projects.

#### Changes since v1.12.0

##### Feature

-   Add support for logging options to webhook config file. ([#&#8203;6243](cert-manager/cert-manager#6243), [@&#8203;inteon](https://github.com/inteon))
-   Add view permissions to the well-known (Openshift) user-facing `cluster-reader` aggregated cluster role ([#&#8203;6241](cert-manager/cert-manager#6241), [@&#8203;erikgb](https://github.com/erikgb))
-   Certificate Shim: distinguish dns names and ip address in certificate ([#&#8203;6267](cert-manager/cert-manager#6267), [@&#8203;zhangzhiqiangcs](https://github.com/zhangzhiqiangcs))
-   Cmctl can now be imported by third parties. ([#&#8203;6049](cert-manager/cert-manager#6049), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
-   Make `enableServiceLinks` configurable for all Deployments and `startupapicheck` Job in Helm chart. ([#&#8203;6292](cert-manager/cert-manager#6292), [@&#8203;ubergesundheit](https://github.com/ubergesundheit))
-   Promoted the StableCertificateRequestName and SecretsFilteredCaching feature gates to Beta (enabled by default). ([#&#8203;6298](cert-manager/cert-manager#6298), [@&#8203;inteon](https://github.com/inteon))
-   The cert-manager controller options are now configurable using a configuration file. ([#&#8203;5337](cert-manager/cert-manager#5337), [@&#8203;AcidLeroy](https://github.com/AcidLeroy))
-   The pki CertificateTemplate functions now perform validation of the CSR blob, making sure we sign a Certificate that matches the IsCA and (Extended)KeyUsages that are defined in the CertificateRequest resource. ([#&#8203;6199](cert-manager/cert-manager#6199), [@&#8203;inteon](https://github.com/inteon))
-   \[helm] Add prometheus.servicemonitor.endpointAdditionalProperties to define additional properties on a ServiceMonitor endpoint, e.g. relabelings ([#&#8203;6110](cert-manager/cert-manager#6110), [@&#8203;jkroepke](https://github.com/jkroepke))

##### Design

-   DNS over HTTPS (DoH) is now possible for doing the self-checks during the ACME verification.
    The DNS check method to be used is controlled through the command line flag: `--dns01-recursive-nameservers-only=true` in combination with `--dns01-recursive-nameservers=https://<DoH-endpoint>` (e.g. `https://8.8.8.8/dns-query`). It keeps using DNS lookup as a default method. ([#&#8203;5003](cert-manager/cert-manager#5003), [@&#8203;FlorianLiebhart](https://github.com/FlorianLiebhart))

##### Bug or Regression

-   Allow overriding default pdb .minAvailable with .maxUnavailable without setting .minAvailable to null ([#&#8203;6087](cert-manager/cert-manager#6087), [@&#8203;rouke-broersma](https://github.com/rouke-broersma))
-   BUGFIX: `cmctl check api --wait 0` exited without output and exit code 1; we now make sure we perform the API check at least once and return with the correct error code ([#&#8203;6109](cert-manager/cert-manager#6109), [@&#8203;inteon](https://github.com/inteon))
-   BUGFIX: the issuer and certificate-name annotations on a Secret were incorrectly updated when other fields are changed. ([#&#8203;6147](cert-manager/cert-manager#6147), [@&#8203;inteon](https://github.com/inteon))
-   BUGFIX\[cainjector]: 1-character bug was causing invalid log messages and a memory leak ([#&#8203;6232](cert-manager/cert-manager#6232), [@&#8203;inteon](https://github.com/inteon))
-   Fix CloudDNS issuers stuck in propagation check, when multiple instances are issuing for the same FQDN ([#&#8203;6088](cert-manager/cert-manager#6088), [@&#8203;cypres](https://github.com/cypres))
-   Fix indentation of Webhook NetworkPolicy matchLabels in helm chart. ([#&#8203;6220](cert-manager/cert-manager#6220), [@&#8203;ubergesundheit](https://github.com/ubergesundheit))
-   Fixed Cloudflare DNS01 challenge provider race condition when validating multiple domains ([#&#8203;6191](cert-manager/cert-manager#6191), [@&#8203;Richardds](https://github.com/Richardds))
-   Fixes a bug where webhook was pulling in controller's feature gates.
    ⚠️  ⚠️ BREAKING ⚠️ ⚠️ : If you deploy cert-manager using helm and have `.featureGates` value set, the features defined there will no longer be passed to cert-manager webhook, only to cert-manager controller. Use `webhook.featureGates` field instead to define features to be enabled on webhook.
    **Potentially breaking**: If you were, for some reason, passing cert-manager controller's features to webhook's `--feature-gates` flag, this will now break (unless the webhook actually has a feature by that name). ([#&#8203;6093](cert-manager/cert-manager#6093), [@&#8203;irbekrm](https://github.com/irbekrm))
-   Fixes an issue where cert-manager would incorrectly reject two IP addresses as being unequal when they should have compared equal. This would be most noticeable when using an IPv6 address which doesn't match how Go's `net.IP.String()` function would have printed that address. ([#&#8203;6293](cert-manager/cert-manager#6293), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
-   We disabled the `enableServiceLinks` option for our ACME http solver pods, because the option caused the pod to be in a crash loop in a cluster with lot of services. ([#&#8203;6143](cert-manager/cert-manager#6143), [@&#8203;schrodit](https://github.com/schrodit))
-   ⚠️ possibly breaking: Webhook validation of CertificateRequest resources is stricter now: all KeyUsages and ExtendedKeyUsages must be defined directly in the CertificateRequest resource, the encoded CSR can never contain more usages that defined there. ([#&#8203;6182](cert-manager/cert-manager#6182), [@&#8203;inteon](https://github.com/inteon))

##### Other (Cleanup or Flake)

-   A subset of the klogs flags have been deprecated and will be removed in the future. ([#&#8203;5879](cert-manager/cert-manager#5879), [@&#8203;maelvls](https://github.com/maelvls))
-   All service links in helm chart deployments have been disabled. ([#&#8203;6144](cert-manager/cert-manager#6144), [@&#8203;schrodit](https://github.com/schrodit))
-   Cert-manager will now re-issue a certificate if the public key in the latest CertificateRequest resource linked to a Certificate resource does not match the public key of the key encoded in the Secret linked to that Certificate resource ([#&#8203;6168](cert-manager/cert-manager#6168), [@&#8203;inteon](https://github.com/inteon))
-   Chore: When hostNetwork is enabled, dnsPolicy is now set to ClusterFirstWithHostNet. ([#&#8203;6156](cert-manager/cert-manager#6156), [@&#8203;kahirokunn](https://github.com/kahirokunn))
-   Cleanup the controller configfile structure by introducing sub-structs. ([#&#8203;6242](cert-manager/cert-manager#6242), [@&#8203;inteon](https://github.com/inteon))
-   Don't run API Priority and Fairness controller in webhook's extension apiserver ([#&#8203;6085](cert-manager/cert-manager#6085), [@&#8203;irbekrm](https://github.com/irbekrm))
-   Helm: Add apache 2.0 license annotation ([#&#8203;6225](cert-manager/cert-manager#6225), [@&#8203;arukiidou](https://github.com/arukiidou))
-   Make apis/acme/v1/ACMEIssuer.PreferredChain optional in JSON serialization. ([#&#8203;6034](cert-manager/cert-manager#6034), [@&#8203;gdvalle](https://github.com/gdvalle))
-   The SecretPostIssuancePolicyChain now also makes sure that the `cert-manager.io/common-name`, `cert-manager.io/alt-names`, ... annotations on Secrets are kept at their correct value. ([#&#8203;6176](cert-manager/cert-manager#6176), [@&#8203;inteon](https://github.com/inteon))
-   The cmctl logging has been improved and support for json logging has been added. ([#&#8203;6247](cert-manager/cert-manager#6247), [@&#8203;inteon](https://github.com/inteon))
-   Updates Kubernetes libraries to `v0.27.2`. ([#&#8203;6077](cert-manager/cert-manager#6077), [@&#8203;lucacome](https://github.com/lucacome))
-   Updates Kubernetes libraries to `v0.27.4`. ([#&#8203;6227](cert-manager/cert-manager#6227), [@&#8203;lucacome](https://github.com/lucacome))
-   We now only check that the issuer name, kind and group annotations on a Secret match in case those annotations are set. ([#&#8203;6152](cert-manager/cert-manager#6152), [@&#8203;inteon](https://github.com/inteon))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yMy4yIiwidXBkYXRlZEluVmVyIjoiMzYuMjMuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Reviewed-on: https://git.home/nrdufour/home-ops/pulls/84
Co-authored-by: Renovate <renovate@ptinem.io>
Co-committed-by: Renovate <renovate@ptinem.io>
coolguy1771 pushed a commit to coolguy1771/home-ops that referenced this pull request Sep 12, 2023
@lumiere-bot
feat(helm): update chart cert-manager to v1.13.0 (#3321)
f5d60da 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cert-manager](https://togithub.com/cert-manager/cert-manager) | minor
| `v1.12.4` -> `v1.13.0` |

---

### Release Notes

<details>
<summary>cert-manager/cert-manager (cert-manager)</summary>

###
[`v1.13.0`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.0)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.12.4...v1.13.0)

cert-manager is the easiest way to automatically manage certificates in
Kubernetes and OpenShift clusters.

This is the 1.13 release of cert-manager!

#### Community

Welcome to these new cert-manager members (more info -
[cert-manager/cert-manager#6260):
[@&#8203;jsoref](https://togithub.com/jsoref)
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart)
[@&#8203;hawksight](https://togithub.com/hawksight)
[@&#8203;erikgb](https://togithub.com/erikgb)

Thanks again to all open-source contributors with commits in this
release, including:
[@&#8203;AcidLeroy](https://togithub.com/AcidLeroy)
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart)
[@&#8203;lucacome](https://togithub.com/lucacome)
[@&#8203;cypres](https://togithub.com/cypres)
[@&#8203;erikgb](https://togithub.com/erikgb)
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit)
[@&#8203;jkroepke](https://togithub.com/jkroepke)
[@&#8203;jsoref](https://togithub.com/jsoref)
[@&#8203;gdvalle](https://togithub.com/gdvalle)
[@&#8203;rouke-broersma](https://togithub.com/rouke-broersma)
[@&#8203;schrodit](https://togithub.com/schrodit)
[@&#8203;zhangzhiqiangcs](https://togithub.com/zhangzhiqiangcs)
[@&#8203;arukiidou](https://togithub.com/arukiidou)
[@&#8203;hawksight](https://togithub.com/hawksight)
[@&#8203;Richardds](https://togithub.com/Richardds)
[@&#8203;kahirokunn](https://togithub.com/kahirokunn)

Thanks also to the following cert-manager maintainers for their
contributions during this release:
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish)
[@&#8203;maelvls](https://togithub.com/maelvls)
[@&#8203;irbekrm](https://togithub.com/irbekrm)
[@&#8203;inteon](https://togithub.com/inteon)

Equally thanks to everyone who provided feedback, helped users and
raised issues on Github and Slack and joined our meetings!

Special thanks to [@&#8203;AcidLeroy](https://togithub.com/AcidLeroy)
for adding "load options from a versioned config file" support for the
cert-manager controller! This has been on our wishlist for a very long
time. (see
[cert-manager/cert-manager#5337)

Also, thanks a lot to
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart) for
adding support for DNS over HTTPS for the ACME DNS self-check. This is
very useful in case all traffic must be HTTP(S) trafic, eg. when using a
HTTPS_PROXY. (see
[cert-manager/cert-manager#5003)

Thanks also to the [CNCF](https://www.cncf.io/), which provides
resources and support, and to the AWS open source team for being good
community members and for their maintenance of the [PrivateCA
Issuer](https://togithub.com/cert-manager/aws-privateca-issuer).

In addition, massive thanks to [Venafi](https://www.venafi.com/) for
contributing developer time and resources towards the continued
maintenance of cert-manager projects.

#### Changes since v1.12.0

##### Feature

- Add support for logging options to webhook config file.
([#&#8203;6243](https://togithub.com/cert-manager/cert-manager/issues/6243),
[@&#8203;inteon](https://togithub.com/inteon))
- Add view permissions to the well-known (Openshift) user-facing
`cluster-reader` aggregated cluster role
([#&#8203;6241](https://togithub.com/cert-manager/cert-manager/issues/6241),
[@&#8203;erikgb](https://togithub.com/erikgb))
- Certificate Shim: distinguish dns names and ip address in certificate
([#&#8203;6267](https://togithub.com/cert-manager/cert-manager/issues/6267),
[@&#8203;zhangzhiqiangcs](https://togithub.com/zhangzhiqiangcs))
- Cmctl can now be imported by third parties.
([#&#8203;6049](https://togithub.com/cert-manager/cert-manager/issues/6049),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- Make `enableServiceLinks` configurable for all Deployments and
`startupapicheck` Job in Helm chart.
([#&#8203;6292](https://togithub.com/cert-manager/cert-manager/issues/6292),
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit))
- Promoted the StableCertificateRequestName and SecretsFilteredCaching
feature gates to Beta (enabled by default).
([#&#8203;6298](https://togithub.com/cert-manager/cert-manager/issues/6298),
[@&#8203;inteon](https://togithub.com/inteon))
- The cert-manager controller options are now configurable using a
configuration file.
([#&#8203;5337](https://togithub.com/cert-manager/cert-manager/issues/5337),
[@&#8203;AcidLeroy](https://togithub.com/AcidLeroy))
- The pki CertificateTemplate functions now perform validation of the
CSR blob, making sure we sign a Certificate that matches the IsCA and
(Extended)KeyUsages that are defined in the CertificateRequest resource.
([#&#8203;6199](https://togithub.com/cert-manager/cert-manager/issues/6199),
[@&#8203;inteon](https://togithub.com/inteon))
- \[helm] Add prometheus.servicemonitor.endpointAdditionalProperties to
define additional properties on a ServiceMonitor endpoint, e.g.
relabelings
([#&#8203;6110](https://togithub.com/cert-manager/cert-manager/issues/6110),
[@&#8203;jkroepke](https://togithub.com/jkroepke))

##### Design

- DNS over HTTPS (DoH) is now possible for doing the self-checks during
the ACME verification.
The DNS check method to be used is controlled through the command line
flag: `--dns01-recursive-nameservers-only=true` in combination with
`--dns01-recursive-nameservers=https://<DoH-endpoint>` (e.g.
`https://8.8.8.8/dns-query`). It keeps using DNS lookup as a default
method.
([#&#8203;5003](https://togithub.com/cert-manager/cert-manager/issues/5003),
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart))

##### Bug or Regression

- Allow overriding default pdb .minAvailable with .maxUnavailable
without setting .minAvailable to null
([#&#8203;6087](https://togithub.com/cert-manager/cert-manager/issues/6087),
[@&#8203;rouke-broersma](https://togithub.com/rouke-broersma))
- BUGFIX: `cmctl check api --wait 0` exited without output and exit code
1; we now make sure we perform the API check at least once and return
with the correct error code
([#&#8203;6109](https://togithub.com/cert-manager/cert-manager/issues/6109),
[@&#8203;inteon](https://togithub.com/inteon))
- BUGFIX: the issuer and certificate-name annotations on a Secret were
incorrectly updated when other fields are changed.
([#&#8203;6147](https://togithub.com/cert-manager/cert-manager/issues/6147),
[@&#8203;inteon](https://togithub.com/inteon))
- BUGFIX\[cainjector]: 1-character bug was causing invalid log messages
and a memory leak
([#&#8203;6232](https://togithub.com/cert-manager/cert-manager/issues/6232),
[@&#8203;inteon](https://togithub.com/inteon))
- Fix CloudDNS issuers stuck in propagation check, when multiple
instances are issuing for the same FQDN
([#&#8203;6088](https://togithub.com/cert-manager/cert-manager/issues/6088),
[@&#8203;cypres](https://togithub.com/cypres))
- Fix indentation of Webhook NetworkPolicy matchLabels in helm chart.
([#&#8203;6220](https://togithub.com/cert-manager/cert-manager/issues/6220),
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit))
- Fixed Cloudflare DNS01 challenge provider race condition when
validating multiple domains
([#&#8203;6191](https://togithub.com/cert-manager/cert-manager/issues/6191),
[@&#8203;Richardds](https://togithub.com/Richardds))
-   Fixes a bug where webhook was pulling in controller's feature gates.
⚠️ ⚠️ BREAKING ⚠️ ⚠️ : If you deploy cert-manager using helm and have
`.featureGates` value set, the features defined there will no longer be
passed to cert-manager webhook, only to cert-manager controller. Use
`webhook.featureGates` field instead to define features to be enabled on
webhook.
**Potentially breaking**: If you were, for some reason, passing
cert-manager controller's features to webhook's `--feature-gates` flag,
this will now break (unless the webhook actually has a feature by that
name).
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
- Fixes an issue where cert-manager would incorrectly reject two IP
addresses as being unequal when they should have compared equal. This
would be most noticeable when using an IPv6 address which doesn't match
how Go's `net.IP.String()` function would have printed that address.
([#&#8203;6293](https://togithub.com/cert-manager/cert-manager/issues/6293),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- We disabled the `enableServiceLinks` option for our ACME http solver
pods, because the option caused the pod to be in a crash loop in a
cluster with lot of services.
([#&#8203;6143](https://togithub.com/cert-manager/cert-manager/issues/6143),
[@&#8203;schrodit](https://togithub.com/schrodit))
- ⚠️ possibly breaking: Webhook validation of CertificateRequest
resources is stricter now: all KeyUsages and ExtendedKeyUsages must be
defined directly in the CertificateRequest resource, the encoded CSR can
never contain more usages that defined there.
([#&#8203;6182](https://togithub.com/cert-manager/cert-manager/issues/6182),
[@&#8203;inteon](https://togithub.com/inteon))

##### Other (Cleanup or Flake)

- A subset of the klogs flags have been deprecated and will be removed
in the future.
([#&#8203;5879](https://togithub.com/cert-manager/cert-manager/issues/5879),
[@&#8203;maelvls](https://togithub.com/maelvls))
- All service links in helm chart deployments have been disabled.
([#&#8203;6144](https://togithub.com/cert-manager/cert-manager/issues/6144),
[@&#8203;schrodit](https://togithub.com/schrodit))
- Cert-manager will now re-issue a certificate if the public key in the
latest CertificateRequest resource linked to a Certificate resource does
not match the public key of the key encoded in the Secret linked to that
Certificate resource
([#&#8203;6168](https://togithub.com/cert-manager/cert-manager/issues/6168),
[@&#8203;inteon](https://togithub.com/inteon))
- Chore: When hostNetwork is enabled, dnsPolicy is now set to
ClusterFirstWithHostNet.
([#&#8203;6156](https://togithub.com/cert-manager/cert-manager/issues/6156),
[@&#8203;kahirokunn](https://togithub.com/kahirokunn))
- Cleanup the controller configfile structure by introducing
sub-structs.
([#&#8203;6242](https://togithub.com/cert-manager/cert-manager/issues/6242),
[@&#8203;inteon](https://togithub.com/inteon))
- Don't run API Priority and Fairness controller in webhook's extension
apiserver
([#&#8203;6085](https://togithub.com/cert-manager/cert-manager/issues/6085),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
- Helm: Add apache 2.0 license annotation
([#&#8203;6225](https://togithub.com/cert-manager/cert-manager/issues/6225),
[@&#8203;arukiidou](https://togithub.com/arukiidou))
- Make apis/acme/v1/ACMEIssuer.PreferredChain optional in JSON
serialization.
([#&#8203;6034](https://togithub.com/cert-manager/cert-manager/issues/6034),
[@&#8203;gdvalle](https://togithub.com/gdvalle))
- The SecretPostIssuancePolicyChain now also makes sure that the
`cert-manager.io/common-name`, `cert-manager.io/alt-names`, ...
annotations on Secrets are kept at their correct value.
([#&#8203;6176](https://togithub.com/cert-manager/cert-manager/issues/6176),
[@&#8203;inteon](https://togithub.com/inteon))
- The cmctl logging has been improved and support for json logging has
been added.
([#&#8203;6247](https://togithub.com/cert-manager/cert-manager/issues/6247),
[@&#8203;inteon](https://togithub.com/inteon))
- Updates Kubernetes libraries to `v0.27.2`.
([#&#8203;6077](https://togithub.com/cert-manager/cert-manager/issues/6077),
[@&#8203;lucacome](https://togithub.com/lucacome))
- Updates Kubernetes libraries to `v0.27.4`.
([#&#8203;6227](https://togithub.com/cert-manager/cert-manager/issues/6227),
[@&#8203;lucacome](https://togithub.com/lucacome))
- We now only check that the issuer name, kind and group annotations on
a Secret match in case those annotations are set.
([#&#8203;6152](https://togithub.com/cert-manager/cert-manager/issues/6152),
[@&#8203;inteon](https://togithub.com/inteon))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://togithub.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi45My4xIiwidXBkYXRlZEluVmVyIjoiMzYuOTMuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: lumiere-bot <98047013+lumiere-bot[bot]@users.noreply.github.com>
@p-linnane p-linnane mentioned this pull request Sep 13, 2023
Merged
@inteon inteon mentioned this pull request Sep 14, 2023
Merged
szinn pushed a commit to szinn/k8s-homelab that referenced this pull request Sep 16, 2023
@repo-jeeves
feat(helm): update chart cert-manager to v1.13.0 (#2392)
7a4a0a3 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cert-manager](https://togithub.com/cert-manager/cert-manager) | minor
| `v1.12.4` -> `v1.13.0` |

---

### Release Notes

<details>
<summary>cert-manager/cert-manager (cert-manager)</summary>

###
[`v1.13.0`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.0)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.12.4...v1.13.0)

cert-manager is the easiest way to automatically manage certificates in
Kubernetes and OpenShift clusters.

This is the 1.13 release of cert-manager!

cert-manager 1.13 brings support for DNS over HTTPS, support for loading
options from a versioned
config file for the cert-manager controller, and more. This release also
includes the promotion of
the StableCertificateRequestName and SecretsFilteredCaching feature
gates to Beta.

#### Breaking Changes (You MUST read this before you upgrade!)

1. **BREAKING** : If you deploy cert-manager using helm and have
`.featureGates` value set, the features defined there will no longer be
passed to cert-manager webhook, only to cert-manager controller. Use
`webhook.featureGates` field instead to define features to be enabled on
webhook.
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
2. **Potentially breaking**: If you were, for some reason, passing
cert-manager controller's features to webhook's `--feature-gates` flag,
this will now break (unless the webhook actually has a feature by that
name).
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
3. **Potentially breaking**: Webhook validation of CertificateRequest
resources is stricter now: all KeyUsages and ExtendedKeyUsages must be
defined directly in the CertificateRequest resource, the encoded CSR can
never contain more usages that defined there.
([#&#8203;6182](https://togithub.com/cert-manager/cert-manager/issues/6182),
[@&#8203;inteon](https://togithub.com/inteon))

#### Community

Welcome to these new cert-manager members (more info -
[cert-manager/cert-manager#6260):
[@&#8203;jsoref](https://togithub.com/jsoref)
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart)
[@&#8203;hawksight](https://togithub.com/hawksight)
[@&#8203;erikgb](https://togithub.com/erikgb)

Thanks again to all open-source contributors with commits in this
release, including:
[@&#8203;AcidLeroy](https://togithub.com/AcidLeroy)
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart)
[@&#8203;lucacome](https://togithub.com/lucacome)
[@&#8203;cypres](https://togithub.com/cypres)
[@&#8203;erikgb](https://togithub.com/erikgb)
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit)
[@&#8203;jkroepke](https://togithub.com/jkroepke)
[@&#8203;jsoref](https://togithub.com/jsoref)
[@&#8203;gdvalle](https://togithub.com/gdvalle)
[@&#8203;rouke-broersma](https://togithub.com/rouke-broersma)
[@&#8203;schrodit](https://togithub.com/schrodit)
[@&#8203;zhangzhiqiangcs](https://togithub.com/zhangzhiqiangcs)
[@&#8203;arukiidou](https://togithub.com/arukiidou)
[@&#8203;hawksight](https://togithub.com/hawksight)
[@&#8203;Richardds](https://togithub.com/Richardds)
[@&#8203;kahirokunn](https://togithub.com/kahirokunn)

Thanks also to the following cert-manager maintainers for their
contributions during this release:
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish)
[@&#8203;maelvls](https://togithub.com/maelvls)
[@&#8203;irbekrm](https://togithub.com/irbekrm)
[@&#8203;inteon](https://togithub.com/inteon)

Equally thanks to everyone who provided feedback, helped users and
raised issues on Github and Slack and joined our meetings!

Special thanks to [@&#8203;AcidLeroy](https://togithub.com/AcidLeroy)
for adding "load options from a versioned config file" support for the
cert-manager controller! This has been on our wishlist for a very long
time. (see
[cert-manager/cert-manager#5337)

Also, thanks a lot to
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart) for
adding support for DNS over HTTPS for the ACME DNS self-check. This is
very useful in case all traffic must be HTTP(S) trafic, eg. when using a
HTTPS_PROXY. (see
[cert-manager/cert-manager#5003)

Thanks also to the [CNCF](https://www.cncf.io/), which provides
resources and support, and to the AWS open source team for being good
community members and for their maintenance of the [PrivateCA
Issuer](https://togithub.com/cert-manager/aws-privateca-issuer).

In addition, massive thanks to [Venafi](https://www.venafi.com/) for
contributing developer time and resources towards the continued
maintenance of cert-manager projects.

#### Changes since v1.12.0

##### Feature

- Add support for logging options to webhook config file.
([#&#8203;6243](https://togithub.com/cert-manager/cert-manager/issues/6243),
[@&#8203;inteon](https://togithub.com/inteon))
- Add view permissions to the well-known (Openshift) user-facing
`cluster-reader` aggregated cluster role
([#&#8203;6241](https://togithub.com/cert-manager/cert-manager/issues/6241),
[@&#8203;erikgb](https://togithub.com/erikgb))
- Certificate Shim: distinguish dns names and ip address in certificate
([#&#8203;6267](https://togithub.com/cert-manager/cert-manager/issues/6267),
[@&#8203;zhangzhiqiangcs](https://togithub.com/zhangzhiqiangcs))
- Cmctl can now be imported by third parties.
([#&#8203;6049](https://togithub.com/cert-manager/cert-manager/issues/6049),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- Make `enableServiceLinks` configurable for all Deployments and
`startupapicheck` Job in Helm chart.
([#&#8203;6292](https://togithub.com/cert-manager/cert-manager/issues/6292),
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit))
- Promoted the StableCertificateRequestName and SecretsFilteredCaching
feature gates to Beta (enabled by default).
([#&#8203;6298](https://togithub.com/cert-manager/cert-manager/issues/6298),
[@&#8203;inteon](https://togithub.com/inteon))
- The cert-manager controller options are now configurable using a
configuration file.
([#&#8203;5337](https://togithub.com/cert-manager/cert-manager/issues/5337),
[@&#8203;AcidLeroy](https://togithub.com/AcidLeroy))
- The pki CertificateTemplate functions now perform validation of the
CSR blob, making sure we sign a Certificate that matches the IsCA and
(Extended)KeyUsages that are defined in the CertificateRequest resource.
([#&#8203;6199](https://togithub.com/cert-manager/cert-manager/issues/6199),
[@&#8203;inteon](https://togithub.com/inteon))
- \[helm] Add prometheus.servicemonitor.endpointAdditionalProperties to
define additional properties on a ServiceMonitor endpoint, e.g.
relabelings
([#&#8203;6110](https://togithub.com/cert-manager/cert-manager/issues/6110),
[@&#8203;jkroepke](https://togithub.com/jkroepke))

##### Design

- DNS over HTTPS (DoH) is now possible for doing the self-checks during
the ACME verification.
The DNS check method to be used is controlled through the command line
flag: `--dns01-recursive-nameservers-only=true` in combination with
`--dns01-recursive-nameservers=https://<DoH-endpoint>` (e.g.
`https://8.8.8.8/dns-query`). It keeps using DNS lookup as a default
method.
([#&#8203;5003](https://togithub.com/cert-manager/cert-manager/issues/5003),
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart))

##### Bug or Regression

- Allow overriding default pdb .minAvailable with .maxUnavailable
without setting .minAvailable to null
([#&#8203;6087](https://togithub.com/cert-manager/cert-manager/issues/6087),
[@&#8203;rouke-broersma](https://togithub.com/rouke-broersma))
- BUGFIX: `cmctl check api --wait 0` exited without output and exit code
1; we now make sure we perform the API check at least once and return
with the correct error code
([#&#8203;6109](https://togithub.com/cert-manager/cert-manager/issues/6109),
[@&#8203;inteon](https://togithub.com/inteon))
- BUGFIX: the issuer and certificate-name annotations on a Secret were
incorrectly updated when other fields are changed.
([#&#8203;6147](https://togithub.com/cert-manager/cert-manager/issues/6147),
[@&#8203;inteon](https://togithub.com/inteon))
- BUGFIX\[cainjector]: 1-character bug was causing invalid log messages
and a memory leak
([#&#8203;6232](https://togithub.com/cert-manager/cert-manager/issues/6232),
[@&#8203;inteon](https://togithub.com/inteon))
- Fix CloudDNS issuers stuck in propagation check, when multiple
instances are issuing for the same FQDN
([#&#8203;6088](https://togithub.com/cert-manager/cert-manager/issues/6088),
[@&#8203;cypres](https://togithub.com/cypres))
- Fix indentation of Webhook NetworkPolicy matchLabels in helm chart.
([#&#8203;6220](https://togithub.com/cert-manager/cert-manager/issues/6220),
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit))
- Fixed Cloudflare DNS01 challenge provider race condition when
validating multiple domains
([#&#8203;6191](https://togithub.com/cert-manager/cert-manager/issues/6191),
[@&#8203;Richardds](https://togithub.com/Richardds))
-   Fixes a bug where webhook was pulling in controller's feature gates.
**⚠️ ⚠️ BREAKING ⚠️ ⚠️** : If you deploy cert-manager using helm and
have `.featureGates` value set, the features defined there will no
longer be passed to cert-manager webhook, only to cert-manager
controller. Use `webhook.featureGates` field instead to define features
to be enabled on webhook.
**⚠️Potentially breaking**: If you were, for some reason, passing
cert-manager controller's features to webhook's `--feature-gates` flag,
this will now break (unless the webhook actually has a feature by that
name).
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
- Fixes an issue where cert-manager would incorrectly reject two IP
addresses as being unequal when they should have compared equal. This
would be most noticeable when using an IPv6 address which doesn't match
how Go's `net.IP.String()` function would have printed that address.
([#&#8203;6293](https://togithub.com/cert-manager/cert-manager/issues/6293),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- We disabled the `enableServiceLinks` option for our ACME http solver
pods, because the option caused the pod to be in a crash loop in a
cluster with lot of services.
([#&#8203;6143](https://togithub.com/cert-manager/cert-manager/issues/6143),
[@&#8203;schrodit](https://togithub.com/schrodit))
- **⚠️Potentially breaking**: Webhook validation of CertificateRequest
resources is stricter now: all KeyUsages and ExtendedKeyUsages must be
defined directly in the CertificateRequest resource, the encoded CSR can
never contain more usages that defined there.
([#&#8203;6182](https://togithub.com/cert-manager/cert-manager/issues/6182),
[@&#8203;inteon](https://togithub.com/inteon))

##### Other (Cleanup or Flake)

- A subset of the klogs flags have been deprecated and will be removed
in the future.
([#&#8203;5879](https://togithub.com/cert-manager/cert-manager/issues/5879),
[@&#8203;maelvls](https://togithub.com/maelvls))
- All service links in helm chart deployments have been disabled.
([#&#8203;6144](https://togithub.com/cert-manager/cert-manager/issues/6144),
[@&#8203;schrodit](https://togithub.com/schrodit))
- Cert-manager will now re-issue a certificate if the public key in the
latest CertificateRequest resource linked to a Certificate resource does
not match the public key of the key encoded in the Secret linked to that
Certificate resource
([#&#8203;6168](https://togithub.com/cert-manager/cert-manager/issues/6168),
[@&#8203;inteon](https://togithub.com/inteon))
- Chore: When hostNetwork is enabled, dnsPolicy is now set to
ClusterFirstWithHostNet.
([#&#8203;6156](https://togithub.com/cert-manager/cert-manager/issues/6156),
[@&#8203;kahirokunn](https://togithub.com/kahirokunn))
- Cleanup the controller configfile structure by introducing
sub-structs.
([#&#8203;6242](https://togithub.com/cert-manager/cert-manager/issues/6242),
[@&#8203;inteon](https://togithub.com/inteon))
- Don't run API Priority and Fairness controller in webhook's extension
apiserver
([#&#8203;6085](https://togithub.com/cert-manager/cert-manager/issues/6085),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
- Helm: Add apache 2.0 license annotation
([#&#8203;6225](https://togithub.com/cert-manager/cert-manager/issues/6225),
[@&#8203;arukiidou](https://togithub.com/arukiidou))
- Make apis/acme/v1/ACMEIssuer.PreferredChain optional in JSON
serialization.
([#&#8203;6034](https://togithub.com/cert-manager/cert-manager/issues/6034),
[@&#8203;gdvalle](https://togithub.com/gdvalle))
- The SecretPostIssuancePolicyChain now also makes sure that the
`cert-manager.io/common-name`, `cert-manager.io/alt-names`, ...
annotations on Secrets are kept at their correct value.
([#&#8203;6176](https://togithub.com/cert-manager/cert-manager/issues/6176),
[@&#8203;inteon](https://togithub.com/inteon))
- The cmctl logging has been improved and support for json logging has
been added.
([#&#8203;6247](https://togithub.com/cert-manager/cert-manager/issues/6247),
[@&#8203;inteon](https://togithub.com/inteon))
- Updates Kubernetes libraries to `v0.27.2`.
([#&#8203;6077](https://togithub.com/cert-manager/cert-manager/issues/6077),
[@&#8203;lucacome](https://togithub.com/lucacome))
- Updates Kubernetes libraries to `v0.27.4`.
([#&#8203;6227](https://togithub.com/cert-manager/cert-manager/issues/6227),
[@&#8203;lucacome](https://togithub.com/lucacome))
- We now only check that the issuer name, kind and group annotations on
a Secret match in case those annotations are set.
([#&#8203;6152](https://togithub.com/cert-manager/cert-manager/issues/6152),
[@&#8203;inteon](https://togithub.com/inteon))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://togithub.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi45My42IiwidXBkYXRlZEluVmVyIjoiMzYuOTMuNiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Co-authored-by: repo-jeeves <106431701+repo-jeeves[bot]@users.noreply.github.com>
@ThomasVitale ThomasVitale mentioned this pull request Sep 19, 2023
Open
stavros-k pushed a commit to truecharts/charts that referenced this pull request Oct 3, 2023
@truecharts-admin
chore(deps): update helm general non-major (#13184)
a94c980 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cert-manager](https://togithub.com/cert-manager/cert-manager) | minor
| `v1.12.3` -> `v1.13.1` |
| [clickhouse](https://truecharts.org/charts/dependency/clickhouse)
([source](https://togithub.com/truecharts/charts)) | patch | `7.0.1` ->
`7.0.8` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.1` -> `14.0.6` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.3` -> `14.0.6` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.4` -> `14.0.6` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`13.2.1` -> `13.2.2` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.2` -> `14.0.6` |
| [redis](https://truecharts.org/charts/dependency/redis)
([source](https://togithub.com/truecharts/charts)) | patch | `8.0.0` ->
`8.0.27` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>cert-manager/cert-manager (cert-manager)</summary>

###
[`v1.13.1`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.1)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.13.0...v1.13.1)

v1.13.1 contains a bugfix for a name collision bug in the
StableCertificateRequestName feature that was enabled by default in
v1.13.0.

##### ⚠️ READ
https://github.com/cert-manager/cert-manager/releases/tag/v1.13.0 before
you upgrade from a < v1.13 version!

#### Changes since v1.13.0

##### Bug or Regression

- BUGFIX: fix CertificateRequest name collision bug in
StableCertificateRequestName feature.
([#&#8203;6358](https://togithub.com/cert-manager/cert-manager/issues/6358),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

##### Other (Cleanup or Flake)

- Upgrade `github.com/emicklei/go-restful/v3` to `v3.11.0` because
`v3.10.2` is labeled as "DO NOT USE".
([#&#8203;6368](https://togithub.com/cert-manager/cert-manager/issues/6368),
[@&#8203;inteon](https://togithub.com/inteon))
- Upgrade Go from 1.20.7 to 1.20.8.
([#&#8203;6370](https://togithub.com/cert-manager/cert-manager/issues/6370),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

###
[`v1.13.0`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.0)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.12.5...v1.13.0)

cert-manager is the easiest way to automatically manage certificates in
Kubernetes and OpenShift clusters.

This is the 1.13 release of cert-manager!

cert-manager 1.13 brings support for DNS over HTTPS, support for loading
options from a versioned
config file for the cert-manager controller, and more. This release also
includes the promotion of
the StableCertificateRequestName and SecretsFilteredCaching feature
gates to Beta.

#### Known issues

The `StableCertificateRequestName` that was promoted to Beta contains a
"name collision" bug:
[cert-manager/cert-manager#6342
This will be fixed in v1.13.1.

#### Breaking Changes (You MUST read this before you upgrade!)

1. **BREAKING** : If you deploy cert-manager using helm and have
`.featureGates` value set, the features defined there will no longer be
passed to cert-manager webhook, only to cert-manager controller. Use
`webhook.featureGates` field instead to define features to be enabled on
webhook.
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
2. **Potentially breaking**: If you were, for some reason, passing
cert-manager controller's features to webhook's `--feature-gates` flag,
this will now break (unless the webhook actually has a feature by that
name).
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
3. **Potentially breaking**: Webhook validation of CertificateRequest
resources is stricter now: all KeyUsages and ExtendedKeyUsages must be
defined directly in the CertificateRequest resource, the encoded CSR can
never contain more usages that defined there.
([#&#8203;6182](https://togithub.com/cert-manager/cert-manager/issues/6182),
[@&#8203;inteon](https://togithub.com/inteon))

#### Community

Welcome to these new cert-manager members (more info -
[cert-manager/cert-manager#6260):
[@&#8203;jsoref](https://togithub.com/jsoref)
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart)
[@&#8203;hawksight](https://togithub.com/hawksight)
[@&#8203;erikgb](https://togithub.com/erikgb)

Thanks again to all open-source contributors with commits in this
release, including:
[@&#8203;AcidLeroy](https://togithub.com/AcidLeroy)
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart)
[@&#8203;lucacome](https://togithub.com/lucacome)
[@&#8203;cypres](https://togithub.com/cypres)
[@&#8203;erikgb](https://togithub.com/erikgb)
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit)
[@&#8203;jkroepke](https://togithub.com/jkroepke)
[@&#8203;jsoref](https://togithub.com/jsoref)
[@&#8203;gdvalle](https://togithub.com/gdvalle)
[@&#8203;rouke-broersma](https://togithub.com/rouke-broersma)
[@&#8203;schrodit](https://togithub.com/schrodit)
[@&#8203;zhangzhiqiangcs](https://togithub.com/zhangzhiqiangcs)
[@&#8203;arukiidou](https://togithub.com/arukiidou)
[@&#8203;hawksight](https://togithub.com/hawksight)
[@&#8203;Richardds](https://togithub.com/Richardds)
[@&#8203;kahirokunn](https://togithub.com/kahirokunn)

Thanks also to the following cert-manager maintainers for their
contributions during this release:
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish)
[@&#8203;maelvls](https://togithub.com/maelvls)
[@&#8203;irbekrm](https://togithub.com/irbekrm)
[@&#8203;inteon](https://togithub.com/inteon)

Equally thanks to everyone who provided feedback, helped users and
raised issues on Github and Slack and joined our meetings!

Special thanks to [@&#8203;AcidLeroy](https://togithub.com/AcidLeroy)
for adding "load options from a versioned config file" support for the
cert-manager controller! This has been on our wishlist for a very long
time. (see
[cert-manager/cert-manager#5337)

Also, thanks a lot to
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart) for
adding support for DNS over HTTPS for the ACME DNS self-check. This is
very useful in case all traffic must be HTTP(S) trafic, eg. when using a
HTTPS_PROXY. (see
[cert-manager/cert-manager#5003)

Thanks also to the [CNCF](https://www.cncf.io/), which provides
resources and support, and to the AWS open source team for being good
community members and for their maintenance of the [PrivateCA
Issuer](https://togithub.com/cert-manager/aws-privateca-issuer).

In addition, massive thanks to [Venafi](https://www.venafi.com/) for
contributing developer time and resources towards the continued
maintenance of cert-manager projects.

#### Changes since v1.12.0

##### Feature

- Add support for logging options to webhook config file.
([#&#8203;6243](https://togithub.com/cert-manager/cert-manager/issues/6243),
[@&#8203;inteon](https://togithub.com/inteon))
- Add view permissions to the well-known (Openshift) user-facing
`cluster-reader` aggregated cluster role
([#&#8203;6241](https://togithub.com/cert-manager/cert-manager/issues/6241),
[@&#8203;erikgb](https://togithub.com/erikgb))
- Certificate Shim: distinguish dns names and ip address in certificate
([#&#8203;6267](https://togithub.com/cert-manager/cert-manager/issues/6267),
[@&#8203;zhangzhiqiangcs](https://togithub.com/zhangzhiqiangcs))
- Cmctl can now be imported by third parties.
([#&#8203;6049](https://togithub.com/cert-manager/cert-manager/issues/6049),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- Make `enableServiceLinks` configurable for all Deployments and
`startupapicheck` Job in Helm chart.
([#&#8203;6292](https://togithub.com/cert-manager/cert-manager/issues/6292),
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit))
- Promoted the StableCertificateRequestName and SecretsFilteredCaching
feature gates to Beta (enabled by default).
([#&#8203;6298](https://togithub.com/cert-manager/cert-manager/issues/6298),
[@&#8203;inteon](https://togithub.com/inteon))
- The cert-manager controller options are now configurable using a
configuration file.
([#&#8203;5337](https://togithub.com/cert-manager/cert-manager/issues/5337),
[@&#8203;AcidLeroy](https://togithub.com/AcidLeroy))
- The pki CertificateTemplate functions now perform validation of the
CSR blob, making sure we sign a Certificate that matches the IsCA and
(Extended)KeyUsages that are defined in the CertificateRequest resource.
([#&#8203;6199](https://togithub.com/cert-manager/cert-manager/issues/6199),
[@&#8203;inteon](https://togithub.com/inteon))
- \[helm] Add prometheus.servicemonitor.endpointAdditionalProperties to
define additional properties on a ServiceMonitor endpoint, e.g.
relabelings
([#&#8203;6110](https://togithub.com/cert-manager/cert-manager/issues/6110),
[@&#8203;jkroepke](https://togithub.com/jkroepke))

##### Design

- DNS over HTTPS (DoH) is now possible for doing the self-checks during
the ACME verification.
The DNS check method to be used is controlled through the command line
flag: `--dns01-recursive-nameservers-only=true` in combination with
`--dns01-recursive-nameservers=https://<DoH-endpoint>` (e.g.
`https://8.8.8.8/dns-query`). It keeps using DNS lookup as a default
method.
([#&#8203;5003](https://togithub.com/cert-manager/cert-manager/issues/5003),
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart))

##### Bug or Regression

- Allow overriding default pdb .minAvailable with .maxUnavailable
without setting .minAvailable to null
([#&#8203;6087](https://togithub.com/cert-manager/cert-manager/issues/6087),
[@&#8203;rouke-broersma](https://togithub.com/rouke-broersma))
- BUGFIX: `cmctl check api --wait 0` exited without output and exit code
1; we now make sure we perform the API check at least once and return
with the correct error code
([#&#8203;6109](https://togithub.com/cert-manager/cert-manager/issues/6109),
[@&#8203;inteon](https://togithub.com/inteon))
- BUGFIX: the issuer and certificate-name annotations on a Secret were
incorrectly updated when other fields are changed.
([#&#8203;6147](https://togithub.com/cert-manager/cert-manager/issues/6147),
[@&#8203;inteon](https://togithub.com/inteon))
- BUGFIX\[cainjector]: 1-character bug was causing invalid log messages
and a memory leak
([#&#8203;6232](https://togithub.com/cert-manager/cert-manager/issues/6232),
[@&#8203;inteon](https://togithub.com/inteon))
- Fix CloudDNS issuers stuck in propagation check, when multiple
instances are issuing for the same FQDN
([#&#8203;6088](https://togithub.com/cert-manager/cert-manager/issues/6088),
[@&#8203;cypres](https://togithub.com/cypres))
- Fix indentation of Webhook NetworkPolicy matchLabels in helm chart.
([#&#8203;6220](https://togithub.com/cert-manager/cert-manager/issues/6220),
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit))
- Fixed Cloudflare DNS01 challenge provider race condition when
validating multiple domains
([#&#8203;6191](https://togithub.com/cert-manager/cert-manager/issues/6191),
[@&#8203;Richardds](https://togithub.com/Richardds))
-   Fixes a bug where webhook was pulling in controller's feature gates.
**⚠️ ⚠️ BREAKING ⚠️ ⚠️** : If you deploy cert-manager using helm and
have `.featureGates` value set, the features defined there will no
longer be passed to cert-manager webhook, only to cert-manager
controller. Use `webhook.featureGates` field instead to define features
to be enabled on webhook.
**⚠️Potentially breaking**: If you were, for some reason, passing
cert-manager controller's features to webhook's `--feature-gates` flag,
this will now break (unless the webhook actually has a feature by that
name).
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
- Fixes an issue where cert-manager would incorrectly reject two IP
addresses as being unequal when they should have compared equal. This
would be most noticeable when using an IPv6 address which doesn't match
how Go's `net.IP.String()` function would have printed that address.
([#&#8203;6293](https://togithub.com/cert-manager/cert-manager/issues/6293),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- We disabled the `enableServiceLinks` option for our ACME http solver
pods, because the option caused the pod to be in a crash loop in a
cluster with lot of services.
([#&#8203;6143](https://togithub.com/cert-manager/cert-manager/issues/6143),
[@&#8203;schrodit](https://togithub.com/schrodit))
- **⚠️Potentially breaking**: Webhook validation of CertificateRequest
resources is stricter now: all KeyUsages and ExtendedKeyUsages must be
defined directly in the CertificateRequest resource, the encoded CSR can
never contain more usages that defined there.
([#&#8203;6182](https://togithub.com/cert-manager/cert-manager/issues/6182),
[@&#8203;inteon](https://togithub.com/inteon))

##### Other (Cleanup or Flake)

- A subset of the klogs flags have been deprecated and will be removed
in the future.
([#&#8203;5879](https://togithub.com/cert-manager/cert-manager/issues/5879),
[@&#8203;maelvls](https://togithub.com/maelvls))
- All service links in helm chart deployments have been disabled.
([#&#8203;6144](https://togithub.com/cert-manager/cert-manager/issues/6144),
[@&#8203;schrodit](https://togithub.com/schrodit))
- Cert-manager will now re-issue a certificate if the public key in the
latest CertificateRequest resource linked to a Certificate resource does
not match the public key of the key encoded in the Secret linked to that
Certificate resource
([#&#8203;6168](https://togithub.com/cert-manager/cert-manager/issues/6168),
[@&#8203;inteon](https://togithub.com/inteon))
- Chore: When hostNetwork is enabled, dnsPolicy is now set to
ClusterFirstWithHostNet.
([#&#8203;6156](https://togithub.com/cert-manager/cert-manager/issues/6156),
[@&#8203;kahirokunn](https://togithub.com/kahirokunn))
- Cleanup the controller configfile structure by introducing
sub-structs.
([#&#8203;6242](https://togithub.com/cert-manager/cert-manager/issues/6242),
[@&#8203;inteon](https://togithub.com/inteon))
- Don't run API Priority and Fairness controller in webhook's extension
apiserver
([#&#8203;6085](https://togithub.com/cert-manager/cert-manager/issues/6085),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
- Helm: Add apache 2.0 license annotation
([#&#8203;6225](https://togithub.com/cert-manager/cert-manager/issues/6225),
[@&#8203;arukiidou](https://togithub.com/arukiidou))
- Make apis/acme/v1/ACMEIssuer.PreferredChain optional in JSON
serialization.
([#&#8203;6034](https://togithub.com/cert-manager/cert-manager/issues/6034),
[@&#8203;gdvalle](https://togithub.com/gdvalle))
- The SecretPostIssuancePolicyChain now also makes sure that the
`cert-manager.io/common-name`, `cert-manager.io/alt-names`, ...
annotations on Secrets are kept at their correct value.
([#&#8203;6176](https://togithub.com/cert-manager/cert-manager/issues/6176),
[@&#8203;inteon](https://togithub.com/inteon))
- The cmctl logging has been improved and support for json logging has
been added.
([#&#8203;6247](https://togithub.com/cert-manager/cert-manager/issues/6247),
[@&#8203;inteon](https://togithub.com/inteon))
- Updates Kubernetes libraries to `v0.27.2`.
([#&#8203;6077](https://togithub.com/cert-manager/cert-manager/issues/6077),
[@&#8203;lucacome](https://togithub.com/lucacome))
- Updates Kubernetes libraries to `v0.27.4`.
([#&#8203;6227](https://togithub.com/cert-manager/cert-manager/issues/6227),
[@&#8203;lucacome](https://togithub.com/lucacome))
- We now only check that the issuer name, kind and group annotations on
a Secret match in case those annotations are set.
([#&#8203;6152](https://togithub.com/cert-manager/cert-manager/issues/6152),
[@&#8203;inteon](https://togithub.com/inteon))

###
[`v1.12.5`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.12.5)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.12.4...v1.12.5)

v1.12.5 contains a backport for a name collision bug that was found in
v1.13.0

#### Changes since v1.12.4

##### Bug or Regression

- BUGFIX: fix CertificateRequest name collision bug in
StableCertificateRequestName feature.
([#&#8203;6359](https://togithub.com/cert-manager/cert-manager/issues/6359),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

##### Other (Cleanup or Flake)

- Updated base images to the latest version.
([#&#8203;6372](https://togithub.com/cert-manager/cert-manager/issues/6372),
[@&#8203;inteon](https://togithub.com/inteon))
- Upgrade Go from 1.20.7 to 1.20.8.
([#&#8203;6371](https://togithub.com/cert-manager/cert-manager/issues/6371),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

###
[`v1.12.4`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.12.4)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.12.3...v1.12.4)

v1.12.4 contains an important security fix that
addresses [CVE-2023-29409](https://cve.report/CVE-2023-29409).

#### Changes since v1.12.3

- Fixes an issue where cert-manager would incorrectly reject two IP
addresses as being unequal when they should hav
e compared equal. This would be most noticeable when using an IPv6
address which doesn't match how Go's `net.IP.String()` function would
have printed that address.
([#&#8203;6297](https://togithub.com/cert-manager/cert-manager/issues/6297),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- Use Go 1.20.7 to fix a security issue in Go's `crypto/tls` library.
([#&#8203;6318](https://togithub.com/cert-manager/cert-manager/issues/6318),
[@&#8203;maelvls](https://togithub.com/maelvls))

</details>

<details>
<summary>truecharts/charts (clickhouse)</summary>

###
[`v7.0.8`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.8)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.7...clickhouse-7.0.8)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.7`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.7)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.6...clickhouse-7.0.7)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.6`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.6)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.5...clickhouse-7.0.6)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.5`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.5)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.4...clickhouse-7.0.5)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.4`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.4)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.3...clickhouse-7.0.4)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.3`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.3)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.2...clickhouse-7.0.3)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.2`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.2)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.1...clickhouse-7.0.2)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

</details>

<details>
<summary>truecharts/library-charts (common)</summary>

###
[`v14.0.6`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.6)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.5...common-14.0.6)

Function library for TrueCharts

###
[`v14.0.5`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.5)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.4...common-14.0.5)

Function library for TrueCharts

###
[`v14.0.4`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.4)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.3...common-14.0.4)

Function library for TrueCharts

###
[`v14.0.3`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.3)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.2...common-14.0.3)

Function library for TrueCharts

###
[`v14.0.2`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.2)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.1...common-14.0.2)

Function library for TrueCharts

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 10pm on tuesday" in timezone
Europe/Amsterdam, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://togithub.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zLjIiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zLjIiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIifQ==-->
stavros-k added a commit to truecharts/charts that referenced this pull request Oct 7, 2023
@truecharts-admin @stavros-k
chore(deps): update helm general non-major (#13386)
aedf77b 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cert-manager](https://togithub.com/cert-manager/cert-manager) | minor
| `v1.12.3` -> `v1.13.1` |
| [clickhouse](https://truecharts.org/charts/dependency/clickhouse)
([source](https://togithub.com/truecharts/charts)) | patch | `7.0.1` ->
`7.0.9` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.1` -> `14.0.9` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.6` -> `14.0.9` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.3` -> `14.0.9` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.4` -> `14.0.9` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`13.2.1` -> `13.2.2` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.2` -> `14.0.9` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.8` -> `14.0.9` |
|
[kube-state-metrics](https://truecharts.org/charts/dependency/kube-state-metrics)
([source](https://togithub.com/truecharts/charts)) | patch | `3.0.22` ->
`3.0.23` |
| [mariadb](https://truecharts.org/charts/dependency/mariadb)
([source](https://togithub.com/truecharts/charts)) | patch | `9.0.25` ->
`9.0.26` |
|
[node-exporter](https://truecharts.org/charts/dependency/node-exporter)
([source](https://togithub.com/truecharts/charts)) | patch | `3.0.24` ->
`3.0.25` |
| [redis](https://truecharts.org/charts/dependency/redis)
([source](https://togithub.com/truecharts/charts)) | patch | `8.0.0` ->
`8.0.29` |
| [redis](https://truecharts.org/charts/dependency/redis)
([source](https://togithub.com/truecharts/charts)) | patch | `8.0.28` ->
`8.0.29` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>cert-manager/cert-manager (cert-manager)</summary>

###
[`v1.13.1`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.1)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.13.0...v1.13.1)

v1.13.1 contains a bugfix for a name collision bug in the
StableCertificateRequestName feature that was enabled by default in
v1.13.0.

##### ⚠️ READ
https://github.com/cert-manager/cert-manager/releases/tag/v1.13.0 before
you upgrade from a < v1.13 version!

#### Changes since v1.13.0

##### Bug or Regression

- BUGFIX: fix CertificateRequest name collision bug in
StableCertificateRequestName feature.
([#&#8203;6358](https://togithub.com/cert-manager/cert-manager/issues/6358),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

##### Other (Cleanup or Flake)

- Upgrade `github.com/emicklei/go-restful/v3` to `v3.11.0` because
`v3.10.2` is labeled as "DO NOT USE".
([#&#8203;6368](https://togithub.com/cert-manager/cert-manager/issues/6368),
[@&#8203;inteon](https://togithub.com/inteon))
- Upgrade Go from 1.20.7 to 1.20.8.
([#&#8203;6370](https://togithub.com/cert-manager/cert-manager/issues/6370),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

###
[`v1.13.0`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.0)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.12.5...v1.13.0)

cert-manager is the easiest way to automatically manage certificates in
Kubernetes and OpenShift clusters.

This is the 1.13 release of cert-manager!

cert-manager 1.13 brings support for DNS over HTTPS, support for loading
options from a versioned
config file for the cert-manager controller, and more. This release also
includes the promotion of
the StableCertificateRequestName and SecretsFilteredCaching feature
gates to Beta.

#### Known issues

The `StableCertificateRequestName` that was promoted to Beta contains a
"name collision" bug:
[cert-manager/cert-manager#6342
This will be fixed in v1.13.1.

#### Breaking Changes (You MUST read this before you upgrade!)

1. **BREAKING** : If you deploy cert-manager using helm and have
`.featureGates` value set, the features defined there will no longer be
passed to cert-manager webhook, only to cert-manager controller. Use
`webhook.featureGates` field instead to define features to be enabled on
webhook.
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
2. **Potentially breaking**: If you were, for some reason, passing
cert-manager controller's features to webhook's `--feature-gates` flag,
this will now break (unless the webhook actually has a feature by that
name).
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
3. **Potentially breaking**: Webhook validation of CertificateRequest
resources is stricter now: all KeyUsages and ExtendedKeyUsages must be
defined directly in the CertificateRequest resource, the encoded CSR can
never contain more usages that defined there.
([#&#8203;6182](https://togithub.com/cert-manager/cert-manager/issues/6182),
[@&#8203;inteon](https://togithub.com/inteon))

#### Community

Welcome to these new cert-manager members (more info -
[cert-manager/cert-manager#6260):
[@&#8203;jsoref](https://togithub.com/jsoref)
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart)
[@&#8203;hawksight](https://togithub.com/hawksight)
[@&#8203;erikgb](https://togithub.com/erikgb)

Thanks again to all open-source contributors with commits in this
release, including:
[@&#8203;AcidLeroy](https://togithub.com/AcidLeroy)
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart)
[@&#8203;lucacome](https://togithub.com/lucacome)
[@&#8203;cypres](https://togithub.com/cypres)
[@&#8203;erikgb](https://togithub.com/erikgb)
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit)
[@&#8203;jkroepke](https://togithub.com/jkroepke)
[@&#8203;jsoref](https://togithub.com/jsoref)
[@&#8203;gdvalle](https://togithub.com/gdvalle)
[@&#8203;rouke-broersma](https://togithub.com/rouke-broersma)
[@&#8203;schrodit](https://togithub.com/schrodit)
[@&#8203;zhangzhiqiangcs](https://togithub.com/zhangzhiqiangcs)
[@&#8203;arukiidou](https://togithub.com/arukiidou)
[@&#8203;hawksight](https://togithub.com/hawksight)
[@&#8203;Richardds](https://togithub.com/Richardds)
[@&#8203;kahirokunn](https://togithub.com/kahirokunn)

Thanks also to the following cert-manager maintainers for their
contributions during this release:
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish)
[@&#8203;maelvls](https://togithub.com/maelvls)
[@&#8203;irbekrm](https://togithub.com/irbekrm)
[@&#8203;inteon](https://togithub.com/inteon)

Equally thanks to everyone who provided feedback, helped users and
raised issues on Github and Slack and joined our meetings!

Special thanks to [@&#8203;AcidLeroy](https://togithub.com/AcidLeroy)
for adding "load options from a versioned config file" support for the
cert-manager controller! This has been on our wishlist for a very long
time. (see
[cert-manager/cert-manager#5337)

Also, thanks a lot to
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart) for
adding support for DNS over HTTPS for the ACME DNS self-check. This is
very useful in case all traffic must be HTTP(S) trafic, eg. when using a
HTTPS_PROXY. (see
[cert-manager/cert-manager#5003)

Thanks also to the [CNCF](https://www.cncf.io/), which provides
resources and support, and to the AWS open source team for being good
community members and for their maintenance of the [PrivateCA
Issuer](https://togithub.com/cert-manager/aws-privateca-issuer).

In addition, massive thanks to [Venafi](https://www.venafi.com/) for
contributing developer time and resources towards the continued
maintenance of cert-manager projects.

#### Changes since v1.12.0

##### Feature

- Add support for logging options to webhook config file.
([#&#8203;6243](https://togithub.com/cert-manager/cert-manager/issues/6243),
[@&#8203;inteon](https://togithub.com/inteon))
- Add view permissions to the well-known (Openshift) user-facing
`cluster-reader` aggregated cluster role
([#&#8203;6241](https://togithub.com/cert-manager/cert-manager/issues/6241),
[@&#8203;erikgb](https://togithub.com/erikgb))
- Certificate Shim: distinguish dns names and ip address in certificate
([#&#8203;6267](https://togithub.com/cert-manager/cert-manager/issues/6267),
[@&#8203;zhangzhiqiangcs](https://togithub.com/zhangzhiqiangcs))
- Cmctl can now be imported by third parties.
([#&#8203;6049](https://togithub.com/cert-manager/cert-manager/issues/6049),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- Make `enableServiceLinks` configurable for all Deployments and
`startupapicheck` Job in Helm chart.
([#&#8203;6292](https://togithub.com/cert-manager/cert-manager/issues/6292),
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit))
- Promoted the StableCertificateRequestName and SecretsFilteredCaching
feature gates to Beta (enabled by default).
([#&#8203;6298](https://togithub.com/cert-manager/cert-manager/issues/6298),
[@&#8203;inteon](https://togithub.com/inteon))
- The cert-manager controller options are now configurable using a
configuration file.
([#&#8203;5337](https://togithub.com/cert-manager/cert-manager/issues/5337),
[@&#8203;AcidLeroy](https://togithub.com/AcidLeroy))
- The pki CertificateTemplate functions now perform validation of the
CSR blob, making sure we sign a Certificate that matches the IsCA and
(Extended)KeyUsages that are defined in the CertificateRequest resource.
([#&#8203;6199](https://togithub.com/cert-manager/cert-manager/issues/6199),
[@&#8203;inteon](https://togithub.com/inteon))
- \[helm] Add prometheus.servicemonitor.endpointAdditionalProperties to
define additional properties on a ServiceMonitor endpoint, e.g.
relabelings
([#&#8203;6110](https://togithub.com/cert-manager/cert-manager/issues/6110),
[@&#8203;jkroepke](https://togithub.com/jkroepke))

##### Design

- DNS over HTTPS (DoH) is now possible for doing the self-checks during
the ACME verification.
The DNS check method to be used is controlled through the command line
flag: `--dns01-recursive-nameservers-only=true` in combination with
`--dns01-recursive-nameservers=https://<DoH-endpoint>` (e.g.
`https://8.8.8.8/dns-query`). It keeps using DNS lookup as a default
method.
([#&#8203;5003](https://togithub.com/cert-manager/cert-manager/issues/5003),
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart))

##### Bug or Regression

- Allow overriding default pdb .minAvailable with .maxUnavailable
without setting .minAvailable to null
([#&#8203;6087](https://togithub.com/cert-manager/cert-manager/issues/6087),
[@&#8203;rouke-broersma](https://togithub.com/rouke-broersma))
- BUGFIX: `cmctl check api --wait 0` exited without output and exit code
1; we now make sure we perform the API check at least once and return
with the correct error code
([#&#8203;6109](https://togithub.com/cert-manager/cert-manager/issues/6109),
[@&#8203;inteon](https://togithub.com/inteon))
- BUGFIX: the issuer and certificate-name annotations on a Secret were
incorrectly updated when other fields are changed.
([#&#8203;6147](https://togithub.com/cert-manager/cert-manager/issues/6147),
[@&#8203;inteon](https://togithub.com/inteon))
- BUGFIX\[cainjector]: 1-character bug was causing invalid log messages
and a memory leak
([#&#8203;6232](https://togithub.com/cert-manager/cert-manager/issues/6232),
[@&#8203;inteon](https://togithub.com/inteon))
- Fix CloudDNS issuers stuck in propagation check, when multiple
instances are issuing for the same FQDN
([#&#8203;6088](https://togithub.com/cert-manager/cert-manager/issues/6088),
[@&#8203;cypres](https://togithub.com/cypres))
- Fix indentation of Webhook NetworkPolicy matchLabels in helm chart.
([#&#8203;6220](https://togithub.com/cert-manager/cert-manager/issues/6220),
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit))
- Fixed Cloudflare DNS01 challenge provider race condition when
validating multiple domains
([#&#8203;6191](https://togithub.com/cert-manager/cert-manager/issues/6191),
[@&#8203;Richardds](https://togithub.com/Richardds))
-   Fixes a bug where webhook was pulling in controller's feature gates.
**⚠️ ⚠️ BREAKING ⚠️ ⚠️** : If you deploy cert-manager using helm and
have `.featureGates` value set, the features defined there will no
longer be passed to cert-manager webhook, only to cert-manager
controller. Use `webhook.featureGates` field instead to define features
to be enabled on webhook.
**⚠️Potentially breaking**: If you were, for some reason, passing
cert-manager controller's features to webhook's `--feature-gates` flag,
this will now break (unless the webhook actually has a feature by that
name).
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
- Fixes an issue where cert-manager would incorrectly reject two IP
addresses as being unequal when they should have compared equal. This
would be most noticeable when using an IPv6 address which doesn't match
how Go's `net.IP.String()` function would have printed that address.
([#&#8203;6293](https://togithub.com/cert-manager/cert-manager/issues/6293),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- We disabled the `enableServiceLinks` option for our ACME http solver
pods, because the option caused the pod to be in a crash loop in a
cluster with lot of services.
([#&#8203;6143](https://togithub.com/cert-manager/cert-manager/issues/6143),
[@&#8203;schrodit](https://togithub.com/schrodit))
- **⚠️Potentially breaking**: Webhook validation of CertificateRequest
resources is stricter now: all KeyUsages and ExtendedKeyUsages must be
defined directly in the CertificateRequest resource, the encoded CSR can
never contain more usages that defined there.
([#&#8203;6182](https://togithub.com/cert-manager/cert-manager/issues/6182),
[@&#8203;inteon](https://togithub.com/inteon))

##### Other (Cleanup or Flake)

- A subset of the klogs flags have been deprecated and will be removed
in the future.
([#&#8203;5879](https://togithub.com/cert-manager/cert-manager/issues/5879),
[@&#8203;maelvls](https://togithub.com/maelvls))
- All service links in helm chart deployments have been disabled.
([#&#8203;6144](https://togithub.com/cert-manager/cert-manager/issues/6144),
[@&#8203;schrodit](https://togithub.com/schrodit))
- Cert-manager will now re-issue a certificate if the public key in the
latest CertificateRequest resource linked to a Certificate resource does
not match the public key of the key encoded in the Secret linked to that
Certificate resource
([#&#8203;6168](https://togithub.com/cert-manager/cert-manager/issues/6168),
[@&#8203;inteon](https://togithub.com/inteon))
- Chore: When hostNetwork is enabled, dnsPolicy is now set to
ClusterFirstWithHostNet.
([#&#8203;6156](https://togithub.com/cert-manager/cert-manager/issues/6156),
[@&#8203;kahirokunn](https://togithub.com/kahirokunn))
- Cleanup the controller configfile structure by introducing
sub-structs.
([#&#8203;6242](https://togithub.com/cert-manager/cert-manager/issues/6242),
[@&#8203;inteon](https://togithub.com/inteon))
- Don't run API Priority and Fairness controller in webhook's extension
apiserver
([#&#8203;6085](https://togithub.com/cert-manager/cert-manager/issues/6085),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
- Helm: Add apache 2.0 license annotation
([#&#8203;6225](https://togithub.com/cert-manager/cert-manager/issues/6225),
[@&#8203;arukiidou](https://togithub.com/arukiidou))
- Make apis/acme/v1/ACMEIssuer.PreferredChain optional in JSON
serialization.
([#&#8203;6034](https://togithub.com/cert-manager/cert-manager/issues/6034),
[@&#8203;gdvalle](https://togithub.com/gdvalle))
- The SecretPostIssuancePolicyChain now also makes sure that the
`cert-manager.io/common-name`, `cert-manager.io/alt-names`, ...
annotations on Secrets are kept at their correct value.
([#&#8203;6176](https://togithub.com/cert-manager/cert-manager/issues/6176),
[@&#8203;inteon](https://togithub.com/inteon))
- The cmctl logging has been improved and support for json logging has
been added.
([#&#8203;6247](https://togithub.com/cert-manager/cert-manager/issues/6247),
[@&#8203;inteon](https://togithub.com/inteon))
- Updates Kubernetes libraries to `v0.27.2`.
([#&#8203;6077](https://togithub.com/cert-manager/cert-manager/issues/6077),
[@&#8203;lucacome](https://togithub.com/lucacome))
- Updates Kubernetes libraries to `v0.27.4`.
([#&#8203;6227](https://togithub.com/cert-manager/cert-manager/issues/6227),
[@&#8203;lucacome](https://togithub.com/lucacome))
- We now only check that the issuer name, kind and group annotations on
a Secret match in case those annotations are set.
([#&#8203;6152](https://togithub.com/cert-manager/cert-manager/issues/6152),
[@&#8203;inteon](https://togithub.com/inteon))

###
[`v1.12.5`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.12.5)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.12.4...v1.12.5)

v1.12.5 contains a backport for a name collision bug that was found in
v1.13.0

#### Changes since v1.12.4

##### Bug or Regression

- BUGFIX: fix CertificateRequest name collision bug in
StableCertificateRequestName feature.
([#&#8203;6359](https://togithub.com/cert-manager/cert-manager/issues/6359),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

##### Other (Cleanup or Flake)

- Updated base images to the latest version.
([#&#8203;6372](https://togithub.com/cert-manager/cert-manager/issues/6372),
[@&#8203;inteon](https://togithub.com/inteon))
- Upgrade Go from 1.20.7 to 1.20.8.
([#&#8203;6371](https://togithub.com/cert-manager/cert-manager/issues/6371),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

###
[`v1.12.4`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.12.4)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.12.3...v1.12.4)

v1.12.4 contains an important security fix that
addresses [CVE-2023-29409](https://cve.report/CVE-2023-29409).

#### Changes since v1.12.3

- Fixes an issue where cert-manager would incorrectly reject two IP
addresses as being unequal when they should have compared equal. This
would be most noticeable when using an IPv6 address which doesn't match
how Go's `net.IP.String()` function would have printed that address.
([#&#8203;6297](https://togithub.com/cert-manager/cert-manager/issues/6297),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- Use Go 1.20.7 to fix a security issue in Go's `crypto/tls` library.
([#&#8203;6318](https://togithub.com/cert-manager/cert-manager/issues/6318),
[@&#8203;maelvls](https://togithub.com/maelvls))

</details>

<details>
<summary>truecharts/charts (clickhouse)</summary>

###
[`v7.0.9`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.9)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.8...clickhouse-7.0.9)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.8`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.8)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.7...clickhouse-7.0.8)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.7`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.7)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.6...clickhouse-7.0.7)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.6`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.6)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.5...clickhouse-7.0.6)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.5`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.5)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.4...clickhouse-7.0.5)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.4`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.4)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.3...clickhouse-7.0.4)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.3`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.3)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.2...clickhouse-7.0.3)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.2`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.2)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.1...clickhouse-7.0.2)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

</details>

<details>
<summary>truecharts/library-charts (common)</summary>

###
[`v14.0.9`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.9)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.8...common-14.0.9)

Function library for TrueCharts

###
[`v14.0.8`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.8)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.7...common-14.0.8)

Function library for TrueCharts

###
[`v14.0.7`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.7)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.6...common-14.0.7)

Function library for TrueCharts

###
[`v14.0.6`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.6)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.5...common-14.0.6)

Function library for TrueCharts

###
[`v14.0.5`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.5)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.4...common-14.0.5)

Function library for TrueCharts

###
[`v14.0.4`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.4)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.3...common-14.0.4)

Function library for TrueCharts

###
[`v14.0.3`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.3)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.2...common-14.0.3)

Function library for TrueCharts

###
[`v14.0.2`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.2)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.1...common-14.0.2)

Function library for TrueCharts

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 10pm on tuesday" in timezone
Europe/Amsterdam, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://togithub.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy43LjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy43LjEiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIifQ==-->

---------

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
@swghosh swghosh mentioned this pull request Oct 18, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@irbekrm irbekrm irbekrm left review comments

@inteon inteon inteon left review comments

Assignees

@inteon inteon

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/acme Indicates a PR directly modifies the ACME Issuer code area/api Indicates a PR directly modifies the 'pkg/apis' directory area/deploy Indicates a PR modifies deployment configuration area/testing Issues relating to testing dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. ok-to-test release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support loading controller configuration from a versioned file
4 participants
@AcidLeroy @jetstack-bot @irbekrm @inteon