Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CertificateRequest name collisions in v1.13.0 #6342

Closed
mghantous opened this issue Sep 13, 2023 · 1 comment · Fixed by #6354
Closed

CertificateRequest name collisions in v1.13.0 #6342

mghantous opened this issue Sep 13, 2023 · 1 comment · Fixed by #6354
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@mghantous
Copy link

Describe the bug:
This started happening after upgrading from v1.12.4 to v1.13.0

For Certificate: ad-data-1088-add-multiple-genb-209601f.stg.addgene.org-private (note "-private" suffix) there exists CertificateRequest: ad-data-1088-add-multiple-genb-209601f.stg.addgene.o-3

However for Certificate: ad-data-1088-add-multiple-genb-209601f.stg.addgene.org-public (note "-public" suffix), it is trying to create a CertificateRequest with the same name, and so we see the Warning Event that it already exists:

Failed to create CertificateRequest: certificaterequests.cert-manager.io "ad-data-1088-add-multiple-genb-209601f.stg.addgene.o-3" already exists

Another example

For Certificate: kcd-dev-14571-fix-duplicate-id-1e144fe.stg.addgene.org-private (note "-private" suffix) there exists CertificateRequest: kcd-dev-14571-fix-duplicate-id-1e144fe.stg.addgene.o-11

However for Certificate: kcd-dev-14571-fix-duplicate-id-1e144fe.stg.addgene.org-public (note "-public" suffix), it is trying to create a CertificateRequest with the same name, and so we see the Warning Event that it already exists:

Failed to create CertificateRequest: certificaterequests.cert-manager.io "kcd-dev-14571-fix-duplicate-id-1e144fe.stg.addgene.o-11" already exists

Older CertificateRequests from v1.12.4 had longer names. Was there something in v1.13.0 that makes them shorter and causes collisions? Examples of longer names from v1.12.4

kcd-dev-14571-fix-duplicate-id-1e144fe.stg.addgene.o-6jp4n
kcd-dev-14571-fix-duplicate-id-1e144fe.stg.addgene.o-j25m4

ad-data-1088-add-multiple-genb-209601f.stg.addgene.o-7h9hr
ad-data-1088-add-multiple-genb-209601f.stg.addgene.o-wz76x

Certificates with shorter names don't seem to have this issue, so it feels like something around truncation and collision.

Expected behaviour:
Unique CertificateRequest names are used and there are no Event Warnings that the name already exists.

Steps to reproduce the bug:

  1. Create a Ceritifcate with a long name (e.g. kcd-dev-14571-fix-duplicate-id-1e144fe.stg.addgene.org-private)
  2. Observe that the Certificate is ready and there are no warning events
  3. Create a 2nd Certificate that uses a similar long name but has a different suffix (e.g. kcd-dev-14571-fix-duplicate-id-1e144fe.stg.addgene.org-public)
  4. Observe that there is a warning event for the second certificate (e.g. Failed to create CertificateRequest: certificaterequests.cert-manager.io "kcd-dev-14571-fix-duplicate-id-1e144fe.stg.addgene.o-11" already exists)

Anything else we need to know?:
Certificates with shorter names don't seem to have this issue, so it feels like something around truncation and collision.

Environment details::

  • Kubernetes version: v1.27.2
  • Cloud-provider/provisioner: self-hosted
  • cert-manager version: v1.13.0
  • Install method: helm

/kind bug
@jetstack-bot jetstack-bot added the kind/bug Categorizes issue or PR as related to a bug. label Sep 13, 2023
@inteon
Copy link
Member

inteon commented Sep 19, 2023

@mghantous You are correct, this is a bug in the "StableCertificateRequestName" feature and we will release a patch release to fix this.
If you want, you can disable the StableCertificateRequestName feature to continue using v1.13.0

@inteon inteon mentioned this issue Sep 20, 2023
Merged
This was referenced Sep 20, 2023
Closed
Closed
stavros-k pushed a commit to truecharts/charts that referenced this issue Oct 3, 2023
@truecharts-admin
chore(deps): update helm general non-major (#13184)
a94c980 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cert-manager](https://togithub.com/cert-manager/cert-manager) | minor
| `v1.12.3` -> `v1.13.1` |
| [clickhouse](https://truecharts.org/charts/dependency/clickhouse)
([source](https://togithub.com/truecharts/charts)) | patch | `7.0.1` ->
`7.0.8` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.1` -> `14.0.6` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.3` -> `14.0.6` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.4` -> `14.0.6` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`13.2.1` -> `13.2.2` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.2` -> `14.0.6` |
| [redis](https://truecharts.org/charts/dependency/redis)
([source](https://togithub.com/truecharts/charts)) | patch | `8.0.0` ->
`8.0.27` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>cert-manager/cert-manager (cert-manager)</summary>

###
[`v1.13.1`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.1)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.13.0...v1.13.1)

v1.13.1 contains a bugfix for a name collision bug in the
StableCertificateRequestName feature that was enabled by default in
v1.13.0.

##### ⚠️ READ
https://github.com/cert-manager/cert-manager/releases/tag/v1.13.0 before
you upgrade from a < v1.13 version!

#### Changes since v1.13.0

##### Bug or Regression

- BUGFIX: fix CertificateRequest name collision bug in
StableCertificateRequestName feature.
([#&#8203;6358](https://togithub.com/cert-manager/cert-manager/issues/6358),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

##### Other (Cleanup or Flake)

- Upgrade `github.com/emicklei/go-restful/v3` to `v3.11.0` because
`v3.10.2` is labeled as "DO NOT USE".
([#&#8203;6368](https://togithub.com/cert-manager/cert-manager/issues/6368),
[@&#8203;inteon](https://togithub.com/inteon))
- Upgrade Go from 1.20.7 to 1.20.8.
([#&#8203;6370](https://togithub.com/cert-manager/cert-manager/issues/6370),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

###
[`v1.13.0`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.0)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.12.5...v1.13.0)

cert-manager is the easiest way to automatically manage certificates in
Kubernetes and OpenShift clusters.

This is the 1.13 release of cert-manager!

cert-manager 1.13 brings support for DNS over HTTPS, support for loading
options from a versioned
config file for the cert-manager controller, and more. This release also
includes the promotion of
the StableCertificateRequestName and SecretsFilteredCaching feature
gates to Beta.

#### Known issues

The `StableCertificateRequestName` that was promoted to Beta contains a
"name collision" bug:
[cert-manager/cert-manager#6342
This will be fixed in v1.13.1.

#### Breaking Changes (You MUST read this before you upgrade!)

1. **BREAKING** : If you deploy cert-manager using helm and have
`.featureGates` value set, the features defined there will no longer be
passed to cert-manager webhook, only to cert-manager controller. Use
`webhook.featureGates` field instead to define features to be enabled on
webhook.
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
2. **Potentially breaking**: If you were, for some reason, passing
cert-manager controller's features to webhook's `--feature-gates` flag,
this will now break (unless the webhook actually has a feature by that
name).
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
3. **Potentially breaking**: Webhook validation of CertificateRequest
resources is stricter now: all KeyUsages and ExtendedKeyUsages must be
defined directly in the CertificateRequest resource, the encoded CSR can
never contain more usages that defined there.
([#&#8203;6182](https://togithub.com/cert-manager/cert-manager/issues/6182),
[@&#8203;inteon](https://togithub.com/inteon))

#### Community

Welcome to these new cert-manager members (more info -
[cert-manager/cert-manager#6260):
[@&#8203;jsoref](https://togithub.com/jsoref)
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart)
[@&#8203;hawksight](https://togithub.com/hawksight)
[@&#8203;erikgb](https://togithub.com/erikgb)

Thanks again to all open-source contributors with commits in this
release, including:
[@&#8203;AcidLeroy](https://togithub.com/AcidLeroy)
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart)
[@&#8203;lucacome](https://togithub.com/lucacome)
[@&#8203;cypres](https://togithub.com/cypres)
[@&#8203;erikgb](https://togithub.com/erikgb)
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit)
[@&#8203;jkroepke](https://togithub.com/jkroepke)
[@&#8203;jsoref](https://togithub.com/jsoref)
[@&#8203;gdvalle](https://togithub.com/gdvalle)
[@&#8203;rouke-broersma](https://togithub.com/rouke-broersma)
[@&#8203;schrodit](https://togithub.com/schrodit)
[@&#8203;zhangzhiqiangcs](https://togithub.com/zhangzhiqiangcs)
[@&#8203;arukiidou](https://togithub.com/arukiidou)
[@&#8203;hawksight](https://togithub.com/hawksight)
[@&#8203;Richardds](https://togithub.com/Richardds)
[@&#8203;kahirokunn](https://togithub.com/kahirokunn)

Thanks also to the following cert-manager maintainers for their
contributions during this release:
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish)
[@&#8203;maelvls](https://togithub.com/maelvls)
[@&#8203;irbekrm](https://togithub.com/irbekrm)
[@&#8203;inteon](https://togithub.com/inteon)

Equally thanks to everyone who provided feedback, helped users and
raised issues on Github and Slack and joined our meetings!

Special thanks to [@&#8203;AcidLeroy](https://togithub.com/AcidLeroy)
for adding "load options from a versioned config file" support for the
cert-manager controller! This has been on our wishlist for a very long
time. (see
[cert-manager/cert-manager#5337)

Also, thanks a lot to
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart) for
adding support for DNS over HTTPS for the ACME DNS self-check. This is
very useful in case all traffic must be HTTP(S) trafic, eg. when using a
HTTPS_PROXY. (see
[cert-manager/cert-manager#5003)

Thanks also to the [CNCF](https://www.cncf.io/), which provides
resources and support, and to the AWS open source team for being good
community members and for their maintenance of the [PrivateCA
Issuer](https://togithub.com/cert-manager/aws-privateca-issuer).

In addition, massive thanks to [Venafi](https://www.venafi.com/) for
contributing developer time and resources towards the continued
maintenance of cert-manager projects.

#### Changes since v1.12.0

##### Feature

- Add support for logging options to webhook config file.
([#&#8203;6243](https://togithub.com/cert-manager/cert-manager/issues/6243),
[@&#8203;inteon](https://togithub.com/inteon))
- Add view permissions to the well-known (Openshift) user-facing
`cluster-reader` aggregated cluster role
([#&#8203;6241](https://togithub.com/cert-manager/cert-manager/issues/6241),
[@&#8203;erikgb](https://togithub.com/erikgb))
- Certificate Shim: distinguish dns names and ip address in certificate
([#&#8203;6267](https://togithub.com/cert-manager/cert-manager/issues/6267),
[@&#8203;zhangzhiqiangcs](https://togithub.com/zhangzhiqiangcs))
- Cmctl can now be imported by third parties.
([#&#8203;6049](https://togithub.com/cert-manager/cert-manager/issues/6049),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- Make `enableServiceLinks` configurable for all Deployments and
`startupapicheck` Job in Helm chart.
([#&#8203;6292](https://togithub.com/cert-manager/cert-manager/issues/6292),
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit))
- Promoted the StableCertificateRequestName and SecretsFilteredCaching
feature gates to Beta (enabled by default).
([#&#8203;6298](https://togithub.com/cert-manager/cert-manager/issues/6298),
[@&#8203;inteon](https://togithub.com/inteon))
- The cert-manager controller options are now configurable using a
configuration file.
([#&#8203;5337](https://togithub.com/cert-manager/cert-manager/issues/5337),
[@&#8203;AcidLeroy](https://togithub.com/AcidLeroy))
- The pki CertificateTemplate functions now perform validation of the
CSR blob, making sure we sign a Certificate that matches the IsCA and
(Extended)KeyUsages that are defined in the CertificateRequest resource.
([#&#8203;6199](https://togithub.com/cert-manager/cert-manager/issues/6199),
[@&#8203;inteon](https://togithub.com/inteon))
- \[helm] Add prometheus.servicemonitor.endpointAdditionalProperties to
define additional properties on a ServiceMonitor endpoint, e.g.
relabelings
([#&#8203;6110](https://togithub.com/cert-manager/cert-manager/issues/6110),
[@&#8203;jkroepke](https://togithub.com/jkroepke))

##### Design

- DNS over HTTPS (DoH) is now possible for doing the self-checks during
the ACME verification.
The DNS check method to be used is controlled through the command line
flag: `--dns01-recursive-nameservers-only=true` in combination with
`--dns01-recursive-nameservers=https://<DoH-endpoint>` (e.g.
`https://8.8.8.8/dns-query`). It keeps using DNS lookup as a default
method.
([#&#8203;5003](https://togithub.com/cert-manager/cert-manager/issues/5003),
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart))

##### Bug or Regression

- Allow overriding default pdb .minAvailable with .maxUnavailable
without setting .minAvailable to null
([#&#8203;6087](https://togithub.com/cert-manager/cert-manager/issues/6087),
[@&#8203;rouke-broersma](https://togithub.com/rouke-broersma))
- BUGFIX: `cmctl check api --wait 0` exited without output and exit code
1; we now make sure we perform the API check at least once and return
with the correct error code
([#&#8203;6109](https://togithub.com/cert-manager/cert-manager/issues/6109),
[@&#8203;inteon](https://togithub.com/inteon))
- BUGFIX: the issuer and certificate-name annotations on a Secret were
incorrectly updated when other fields are changed.
([#&#8203;6147](https://togithub.com/cert-manager/cert-manager/issues/6147),
[@&#8203;inteon](https://togithub.com/inteon))
- BUGFIX\[cainjector]: 1-character bug was causing invalid log messages
and a memory leak
([#&#8203;6232](https://togithub.com/cert-manager/cert-manager/issues/6232),
[@&#8203;inteon](https://togithub.com/inteon))
- Fix CloudDNS issuers stuck in propagation check, when multiple
instances are issuing for the same FQDN
([#&#8203;6088](https://togithub.com/cert-manager/cert-manager/issues/6088),
[@&#8203;cypres](https://togithub.com/cypres))
- Fix indentation of Webhook NetworkPolicy matchLabels in helm chart.
([#&#8203;6220](https://togithub.com/cert-manager/cert-manager/issues/6220),
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit))
- Fixed Cloudflare DNS01 challenge provider race condition when
validating multiple domains
([#&#8203;6191](https://togithub.com/cert-manager/cert-manager/issues/6191),
[@&#8203;Richardds](https://togithub.com/Richardds))
-   Fixes a bug where webhook was pulling in controller's feature gates.
**⚠️ ⚠️ BREAKING ⚠️ ⚠️** : If you deploy cert-manager using helm and
have `.featureGates` value set, the features defined there will no
longer be passed to cert-manager webhook, only to cert-manager
controller. Use `webhook.featureGates` field instead to define features
to be enabled on webhook.
**⚠️Potentially breaking**: If you were, for some reason, passing
cert-manager controller's features to webhook's `--feature-gates` flag,
this will now break (unless the webhook actually has a feature by that
name).
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
- Fixes an issue where cert-manager would incorrectly reject two IP
addresses as being unequal when they should have compared equal. This
would be most noticeable when using an IPv6 address which doesn't match
how Go's `net.IP.String()` function would have printed that address.
([#&#8203;6293](https://togithub.com/cert-manager/cert-manager/issues/6293),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- We disabled the `enableServiceLinks` option for our ACME http solver
pods, because the option caused the pod to be in a crash loop in a
cluster with lot of services.
([#&#8203;6143](https://togithub.com/cert-manager/cert-manager/issues/6143),
[@&#8203;schrodit](https://togithub.com/schrodit))
- **⚠️Potentially breaking**: Webhook validation of CertificateRequest
resources is stricter now: all KeyUsages and ExtendedKeyUsages must be
defined directly in the CertificateRequest resource, the encoded CSR can
never contain more usages that defined there.
([#&#8203;6182](https://togithub.com/cert-manager/cert-manager/issues/6182),
[@&#8203;inteon](https://togithub.com/inteon))

##### Other (Cleanup or Flake)

- A subset of the klogs flags have been deprecated and will be removed
in the future.
([#&#8203;5879](https://togithub.com/cert-manager/cert-manager/issues/5879),
[@&#8203;maelvls](https://togithub.com/maelvls))
- All service links in helm chart deployments have been disabled.
([#&#8203;6144](https://togithub.com/cert-manager/cert-manager/issues/6144),
[@&#8203;schrodit](https://togithub.com/schrodit))
- Cert-manager will now re-issue a certificate if the public key in the
latest CertificateRequest resource linked to a Certificate resource does
not match the public key of the key encoded in the Secret linked to that
Certificate resource
([#&#8203;6168](https://togithub.com/cert-manager/cert-manager/issues/6168),
[@&#8203;inteon](https://togithub.com/inteon))
- Chore: When hostNetwork is enabled, dnsPolicy is now set to
ClusterFirstWithHostNet.
([#&#8203;6156](https://togithub.com/cert-manager/cert-manager/issues/6156),
[@&#8203;kahirokunn](https://togithub.com/kahirokunn))
- Cleanup the controller configfile structure by introducing
sub-structs.
([#&#8203;6242](https://togithub.com/cert-manager/cert-manager/issues/6242),
[@&#8203;inteon](https://togithub.com/inteon))
- Don't run API Priority and Fairness controller in webhook's extension
apiserver
([#&#8203;6085](https://togithub.com/cert-manager/cert-manager/issues/6085),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
- Helm: Add apache 2.0 license annotation
([#&#8203;6225](https://togithub.com/cert-manager/cert-manager/issues/6225),
[@&#8203;arukiidou](https://togithub.com/arukiidou))
- Make apis/acme/v1/ACMEIssuer.PreferredChain optional in JSON
serialization.
([#&#8203;6034](https://togithub.com/cert-manager/cert-manager/issues/6034),
[@&#8203;gdvalle](https://togithub.com/gdvalle))
- The SecretPostIssuancePolicyChain now also makes sure that the
`cert-manager.io/common-name`, `cert-manager.io/alt-names`, ...
annotations on Secrets are kept at their correct value.
([#&#8203;6176](https://togithub.com/cert-manager/cert-manager/issues/6176),
[@&#8203;inteon](https://togithub.com/inteon))
- The cmctl logging has been improved and support for json logging has
been added.
([#&#8203;6247](https://togithub.com/cert-manager/cert-manager/issues/6247),
[@&#8203;inteon](https://togithub.com/inteon))
- Updates Kubernetes libraries to `v0.27.2`.
([#&#8203;6077](https://togithub.com/cert-manager/cert-manager/issues/6077),
[@&#8203;lucacome](https://togithub.com/lucacome))
- Updates Kubernetes libraries to `v0.27.4`.
([#&#8203;6227](https://togithub.com/cert-manager/cert-manager/issues/6227),
[@&#8203;lucacome](https://togithub.com/lucacome))
- We now only check that the issuer name, kind and group annotations on
a Secret match in case those annotations are set.
([#&#8203;6152](https://togithub.com/cert-manager/cert-manager/issues/6152),
[@&#8203;inteon](https://togithub.com/inteon))

###
[`v1.12.5`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.12.5)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.12.4...v1.12.5)

v1.12.5 contains a backport for a name collision bug that was found in
v1.13.0

#### Changes since v1.12.4

##### Bug or Regression

- BUGFIX: fix CertificateRequest name collision bug in
StableCertificateRequestName feature.
([#&#8203;6359](https://togithub.com/cert-manager/cert-manager/issues/6359),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

##### Other (Cleanup or Flake)

- Updated base images to the latest version.
([#&#8203;6372](https://togithub.com/cert-manager/cert-manager/issues/6372),
[@&#8203;inteon](https://togithub.com/inteon))
- Upgrade Go from 1.20.7 to 1.20.8.
([#&#8203;6371](https://togithub.com/cert-manager/cert-manager/issues/6371),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

###
[`v1.12.4`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.12.4)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.12.3...v1.12.4)

v1.12.4 contains an important security fix that
addresses [CVE-2023-29409](https://cve.report/CVE-2023-29409).

#### Changes since v1.12.3

- Fixes an issue where cert-manager would incorrectly reject two IP
addresses as being unequal when they should hav
e compared equal. This would be most noticeable when using an IPv6
address which doesn't match how Go's `net.IP.String()` function would
have printed that address.
([#&#8203;6297](https://togithub.com/cert-manager/cert-manager/issues/6297),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- Use Go 1.20.7 to fix a security issue in Go's `crypto/tls` library.
([#&#8203;6318](https://togithub.com/cert-manager/cert-manager/issues/6318),
[@&#8203;maelvls](https://togithub.com/maelvls))

</details>

<details>
<summary>truecharts/charts (clickhouse)</summary>

###
[`v7.0.8`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.8)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.7...clickhouse-7.0.8)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.7`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.7)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.6...clickhouse-7.0.7)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.6`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.6)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.5...clickhouse-7.0.6)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.5`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.5)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.4...clickhouse-7.0.5)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.4`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.4)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.3...clickhouse-7.0.4)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.3`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.3)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.2...clickhouse-7.0.3)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.2`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.2)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.1...clickhouse-7.0.2)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

</details>

<details>
<summary>truecharts/library-charts (common)</summary>

###
[`v14.0.6`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.6)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.5...common-14.0.6)

Function library for TrueCharts

###
[`v14.0.5`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.5)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.4...common-14.0.5)

Function library for TrueCharts

###
[`v14.0.4`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.4)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.3...common-14.0.4)

Function library for TrueCharts

###
[`v14.0.3`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.3)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.2...common-14.0.3)

Function library for TrueCharts

###
[`v14.0.2`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.2)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.1...common-14.0.2)

Function library for TrueCharts

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 10pm on tuesday" in timezone
Europe/Amsterdam, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://togithub.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zLjIiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zLjIiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIifQ==-->
stavros-k added a commit to truecharts/charts that referenced this issue Oct 7, 2023
@truecharts-admin @stavros-k
chore(deps): update helm general non-major (#13386)
aedf77b 
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cert-manager](https://togithub.com/cert-manager/cert-manager) | minor
| `v1.12.3` -> `v1.13.1` |
| [clickhouse](https://truecharts.org/charts/dependency/clickhouse)
([source](https://togithub.com/truecharts/charts)) | patch | `7.0.1` ->
`7.0.9` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.1` -> `14.0.9` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.6` -> `14.0.9` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.3` -> `14.0.9` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.4` -> `14.0.9` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`13.2.1` -> `13.2.2` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.2` -> `14.0.9` |
|
[common](https://togithub.com/truecharts/apps/tree/master/charts/common)
([source](https://togithub.com/truecharts/library-charts)) | patch |
`14.0.8` -> `14.0.9` |
|
[kube-state-metrics](https://truecharts.org/charts/dependency/kube-state-metrics)
([source](https://togithub.com/truecharts/charts)) | patch | `3.0.22` ->
`3.0.23` |
| [mariadb](https://truecharts.org/charts/dependency/mariadb)
([source](https://togithub.com/truecharts/charts)) | patch | `9.0.25` ->
`9.0.26` |
|
[node-exporter](https://truecharts.org/charts/dependency/node-exporter)
([source](https://togithub.com/truecharts/charts)) | patch | `3.0.24` ->
`3.0.25` |
| [redis](https://truecharts.org/charts/dependency/redis)
([source](https://togithub.com/truecharts/charts)) | patch | `8.0.0` ->
`8.0.29` |
| [redis](https://truecharts.org/charts/dependency/redis)
([source](https://togithub.com/truecharts/charts)) | patch | `8.0.28` ->
`8.0.29` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>cert-manager/cert-manager (cert-manager)</summary>

###
[`v1.13.1`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.1)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.13.0...v1.13.1)

v1.13.1 contains a bugfix for a name collision bug in the
StableCertificateRequestName feature that was enabled by default in
v1.13.0.

##### ⚠️ READ
https://github.com/cert-manager/cert-manager/releases/tag/v1.13.0 before
you upgrade from a < v1.13 version!

#### Changes since v1.13.0

##### Bug or Regression

- BUGFIX: fix CertificateRequest name collision bug in
StableCertificateRequestName feature.
([#&#8203;6358](https://togithub.com/cert-manager/cert-manager/issues/6358),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

##### Other (Cleanup or Flake)

- Upgrade `github.com/emicklei/go-restful/v3` to `v3.11.0` because
`v3.10.2` is labeled as "DO NOT USE".
([#&#8203;6368](https://togithub.com/cert-manager/cert-manager/issues/6368),
[@&#8203;inteon](https://togithub.com/inteon))
- Upgrade Go from 1.20.7 to 1.20.8.
([#&#8203;6370](https://togithub.com/cert-manager/cert-manager/issues/6370),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

###
[`v1.13.0`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.13.0)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.12.5...v1.13.0)

cert-manager is the easiest way to automatically manage certificates in
Kubernetes and OpenShift clusters.

This is the 1.13 release of cert-manager!

cert-manager 1.13 brings support for DNS over HTTPS, support for loading
options from a versioned
config file for the cert-manager controller, and more. This release also
includes the promotion of
the StableCertificateRequestName and SecretsFilteredCaching feature
gates to Beta.

#### Known issues

The `StableCertificateRequestName` that was promoted to Beta contains a
"name collision" bug:
[cert-manager/cert-manager#6342
This will be fixed in v1.13.1.

#### Breaking Changes (You MUST read this before you upgrade!)

1. **BREAKING** : If you deploy cert-manager using helm and have
`.featureGates` value set, the features defined there will no longer be
passed to cert-manager webhook, only to cert-manager controller. Use
`webhook.featureGates` field instead to define features to be enabled on
webhook.
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
2. **Potentially breaking**: If you were, for some reason, passing
cert-manager controller's features to webhook's `--feature-gates` flag,
this will now break (unless the webhook actually has a feature by that
name).
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
3. **Potentially breaking**: Webhook validation of CertificateRequest
resources is stricter now: all KeyUsages and ExtendedKeyUsages must be
defined directly in the CertificateRequest resource, the encoded CSR can
never contain more usages that defined there.
([#&#8203;6182](https://togithub.com/cert-manager/cert-manager/issues/6182),
[@&#8203;inteon](https://togithub.com/inteon))

#### Community

Welcome to these new cert-manager members (more info -
[cert-manager/cert-manager#6260):
[@&#8203;jsoref](https://togithub.com/jsoref)
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart)
[@&#8203;hawksight](https://togithub.com/hawksight)
[@&#8203;erikgb](https://togithub.com/erikgb)

Thanks again to all open-source contributors with commits in this
release, including:
[@&#8203;AcidLeroy](https://togithub.com/AcidLeroy)
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart)
[@&#8203;lucacome](https://togithub.com/lucacome)
[@&#8203;cypres](https://togithub.com/cypres)
[@&#8203;erikgb](https://togithub.com/erikgb)
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit)
[@&#8203;jkroepke](https://togithub.com/jkroepke)
[@&#8203;jsoref](https://togithub.com/jsoref)
[@&#8203;gdvalle](https://togithub.com/gdvalle)
[@&#8203;rouke-broersma](https://togithub.com/rouke-broersma)
[@&#8203;schrodit](https://togithub.com/schrodit)
[@&#8203;zhangzhiqiangcs](https://togithub.com/zhangzhiqiangcs)
[@&#8203;arukiidou](https://togithub.com/arukiidou)
[@&#8203;hawksight](https://togithub.com/hawksight)
[@&#8203;Richardds](https://togithub.com/Richardds)
[@&#8203;kahirokunn](https://togithub.com/kahirokunn)

Thanks also to the following cert-manager maintainers for their
contributions during this release:
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish)
[@&#8203;maelvls](https://togithub.com/maelvls)
[@&#8203;irbekrm](https://togithub.com/irbekrm)
[@&#8203;inteon](https://togithub.com/inteon)

Equally thanks to everyone who provided feedback, helped users and
raised issues on Github and Slack and joined our meetings!

Special thanks to [@&#8203;AcidLeroy](https://togithub.com/AcidLeroy)
for adding "load options from a versioned config file" support for the
cert-manager controller! This has been on our wishlist for a very long
time. (see
[cert-manager/cert-manager#5337)

Also, thanks a lot to
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart) for
adding support for DNS over HTTPS for the ACME DNS self-check. This is
very useful in case all traffic must be HTTP(S) trafic, eg. when using a
HTTPS_PROXY. (see
[cert-manager/cert-manager#5003)

Thanks also to the [CNCF](https://www.cncf.io/), which provides
resources and support, and to the AWS open source team for being good
community members and for their maintenance of the [PrivateCA
Issuer](https://togithub.com/cert-manager/aws-privateca-issuer).

In addition, massive thanks to [Venafi](https://www.venafi.com/) for
contributing developer time and resources towards the continued
maintenance of cert-manager projects.

#### Changes since v1.12.0

##### Feature

- Add support for logging options to webhook config file.
([#&#8203;6243](https://togithub.com/cert-manager/cert-manager/issues/6243),
[@&#8203;inteon](https://togithub.com/inteon))
- Add view permissions to the well-known (Openshift) user-facing
`cluster-reader` aggregated cluster role
([#&#8203;6241](https://togithub.com/cert-manager/cert-manager/issues/6241),
[@&#8203;erikgb](https://togithub.com/erikgb))
- Certificate Shim: distinguish dns names and ip address in certificate
([#&#8203;6267](https://togithub.com/cert-manager/cert-manager/issues/6267),
[@&#8203;zhangzhiqiangcs](https://togithub.com/zhangzhiqiangcs))
- Cmctl can now be imported by third parties.
([#&#8203;6049](https://togithub.com/cert-manager/cert-manager/issues/6049),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- Make `enableServiceLinks` configurable for all Deployments and
`startupapicheck` Job in Helm chart.
([#&#8203;6292](https://togithub.com/cert-manager/cert-manager/issues/6292),
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit))
- Promoted the StableCertificateRequestName and SecretsFilteredCaching
feature gates to Beta (enabled by default).
([#&#8203;6298](https://togithub.com/cert-manager/cert-manager/issues/6298),
[@&#8203;inteon](https://togithub.com/inteon))
- The cert-manager controller options are now configurable using a
configuration file.
([#&#8203;5337](https://togithub.com/cert-manager/cert-manager/issues/5337),
[@&#8203;AcidLeroy](https://togithub.com/AcidLeroy))
- The pki CertificateTemplate functions now perform validation of the
CSR blob, making sure we sign a Certificate that matches the IsCA and
(Extended)KeyUsages that are defined in the CertificateRequest resource.
([#&#8203;6199](https://togithub.com/cert-manager/cert-manager/issues/6199),
[@&#8203;inteon](https://togithub.com/inteon))
- \[helm] Add prometheus.servicemonitor.endpointAdditionalProperties to
define additional properties on a ServiceMonitor endpoint, e.g.
relabelings
([#&#8203;6110](https://togithub.com/cert-manager/cert-manager/issues/6110),
[@&#8203;jkroepke](https://togithub.com/jkroepke))

##### Design

- DNS over HTTPS (DoH) is now possible for doing the self-checks during
the ACME verification.
The DNS check method to be used is controlled through the command line
flag: `--dns01-recursive-nameservers-only=true` in combination with
`--dns01-recursive-nameservers=https://<DoH-endpoint>` (e.g.
`https://8.8.8.8/dns-query`). It keeps using DNS lookup as a default
method.
([#&#8203;5003](https://togithub.com/cert-manager/cert-manager/issues/5003),
[@&#8203;FlorianLiebhart](https://togithub.com/FlorianLiebhart))

##### Bug or Regression

- Allow overriding default pdb .minAvailable with .maxUnavailable
without setting .minAvailable to null
([#&#8203;6087](https://togithub.com/cert-manager/cert-manager/issues/6087),
[@&#8203;rouke-broersma](https://togithub.com/rouke-broersma))
- BUGFIX: `cmctl check api --wait 0` exited without output and exit code
1; we now make sure we perform the API check at least once and return
with the correct error code
([#&#8203;6109](https://togithub.com/cert-manager/cert-manager/issues/6109),
[@&#8203;inteon](https://togithub.com/inteon))
- BUGFIX: the issuer and certificate-name annotations on a Secret were
incorrectly updated when other fields are changed.
([#&#8203;6147](https://togithub.com/cert-manager/cert-manager/issues/6147),
[@&#8203;inteon](https://togithub.com/inteon))
- BUGFIX\[cainjector]: 1-character bug was causing invalid log messages
and a memory leak
([#&#8203;6232](https://togithub.com/cert-manager/cert-manager/issues/6232),
[@&#8203;inteon](https://togithub.com/inteon))
- Fix CloudDNS issuers stuck in propagation check, when multiple
instances are issuing for the same FQDN
([#&#8203;6088](https://togithub.com/cert-manager/cert-manager/issues/6088),
[@&#8203;cypres](https://togithub.com/cypres))
- Fix indentation of Webhook NetworkPolicy matchLabels in helm chart.
([#&#8203;6220](https://togithub.com/cert-manager/cert-manager/issues/6220),
[@&#8203;ubergesundheit](https://togithub.com/ubergesundheit))
- Fixed Cloudflare DNS01 challenge provider race condition when
validating multiple domains
([#&#8203;6191](https://togithub.com/cert-manager/cert-manager/issues/6191),
[@&#8203;Richardds](https://togithub.com/Richardds))
-   Fixes a bug where webhook was pulling in controller's feature gates.
**⚠️ ⚠️ BREAKING ⚠️ ⚠️** : If you deploy cert-manager using helm and
have `.featureGates` value set, the features defined there will no
longer be passed to cert-manager webhook, only to cert-manager
controller. Use `webhook.featureGates` field instead to define features
to be enabled on webhook.
**⚠️Potentially breaking**: If you were, for some reason, passing
cert-manager controller's features to webhook's `--feature-gates` flag,
this will now break (unless the webhook actually has a feature by that
name).
([#&#8203;6093](https://togithub.com/cert-manager/cert-manager/issues/6093),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
- Fixes an issue where cert-manager would incorrectly reject two IP
addresses as being unequal when they should have compared equal. This
would be most noticeable when using an IPv6 address which doesn't match
how Go's `net.IP.String()` function would have printed that address.
([#&#8203;6293](https://togithub.com/cert-manager/cert-manager/issues/6293),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- We disabled the `enableServiceLinks` option for our ACME http solver
pods, because the option caused the pod to be in a crash loop in a
cluster with lot of services.
([#&#8203;6143](https://togithub.com/cert-manager/cert-manager/issues/6143),
[@&#8203;schrodit](https://togithub.com/schrodit))
- **⚠️Potentially breaking**: Webhook validation of CertificateRequest
resources is stricter now: all KeyUsages and ExtendedKeyUsages must be
defined directly in the CertificateRequest resource, the encoded CSR can
never contain more usages that defined there.
([#&#8203;6182](https://togithub.com/cert-manager/cert-manager/issues/6182),
[@&#8203;inteon](https://togithub.com/inteon))

##### Other (Cleanup or Flake)

- A subset of the klogs flags have been deprecated and will be removed
in the future.
([#&#8203;5879](https://togithub.com/cert-manager/cert-manager/issues/5879),
[@&#8203;maelvls](https://togithub.com/maelvls))
- All service links in helm chart deployments have been disabled.
([#&#8203;6144](https://togithub.com/cert-manager/cert-manager/issues/6144),
[@&#8203;schrodit](https://togithub.com/schrodit))
- Cert-manager will now re-issue a certificate if the public key in the
latest CertificateRequest resource linked to a Certificate resource does
not match the public key of the key encoded in the Secret linked to that
Certificate resource
([#&#8203;6168](https://togithub.com/cert-manager/cert-manager/issues/6168),
[@&#8203;inteon](https://togithub.com/inteon))
- Chore: When hostNetwork is enabled, dnsPolicy is now set to
ClusterFirstWithHostNet.
([#&#8203;6156](https://togithub.com/cert-manager/cert-manager/issues/6156),
[@&#8203;kahirokunn](https://togithub.com/kahirokunn))
- Cleanup the controller configfile structure by introducing
sub-structs.
([#&#8203;6242](https://togithub.com/cert-manager/cert-manager/issues/6242),
[@&#8203;inteon](https://togithub.com/inteon))
- Don't run API Priority and Fairness controller in webhook's extension
apiserver
([#&#8203;6085](https://togithub.com/cert-manager/cert-manager/issues/6085),
[@&#8203;irbekrm](https://togithub.com/irbekrm))
- Helm: Add apache 2.0 license annotation
([#&#8203;6225](https://togithub.com/cert-manager/cert-manager/issues/6225),
[@&#8203;arukiidou](https://togithub.com/arukiidou))
- Make apis/acme/v1/ACMEIssuer.PreferredChain optional in JSON
serialization.
([#&#8203;6034](https://togithub.com/cert-manager/cert-manager/issues/6034),
[@&#8203;gdvalle](https://togithub.com/gdvalle))
- The SecretPostIssuancePolicyChain now also makes sure that the
`cert-manager.io/common-name`, `cert-manager.io/alt-names`, ...
annotations on Secrets are kept at their correct value.
([#&#8203;6176](https://togithub.com/cert-manager/cert-manager/issues/6176),
[@&#8203;inteon](https://togithub.com/inteon))
- The cmctl logging has been improved and support for json logging has
been added.
([#&#8203;6247](https://togithub.com/cert-manager/cert-manager/issues/6247),
[@&#8203;inteon](https://togithub.com/inteon))
- Updates Kubernetes libraries to `v0.27.2`.
([#&#8203;6077](https://togithub.com/cert-manager/cert-manager/issues/6077),
[@&#8203;lucacome](https://togithub.com/lucacome))
- Updates Kubernetes libraries to `v0.27.4`.
([#&#8203;6227](https://togithub.com/cert-manager/cert-manager/issues/6227),
[@&#8203;lucacome](https://togithub.com/lucacome))
- We now only check that the issuer name, kind and group annotations on
a Secret match in case those annotations are set.
([#&#8203;6152](https://togithub.com/cert-manager/cert-manager/issues/6152),
[@&#8203;inteon](https://togithub.com/inteon))

###
[`v1.12.5`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.12.5)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.12.4...v1.12.5)

v1.12.5 contains a backport for a name collision bug that was found in
v1.13.0

#### Changes since v1.12.4

##### Bug or Regression

- BUGFIX: fix CertificateRequest name collision bug in
StableCertificateRequestName feature.
([#&#8203;6359](https://togithub.com/cert-manager/cert-manager/issues/6359),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

##### Other (Cleanup or Flake)

- Updated base images to the latest version.
([#&#8203;6372](https://togithub.com/cert-manager/cert-manager/issues/6372),
[@&#8203;inteon](https://togithub.com/inteon))
- Upgrade Go from 1.20.7 to 1.20.8.
([#&#8203;6371](https://togithub.com/cert-manager/cert-manager/issues/6371),
[@&#8203;jetstack-bot](https://togithub.com/jetstack-bot))

###
[`v1.12.4`](https://togithub.com/cert-manager/cert-manager/releases/tag/v1.12.4)

[Compare
Source](https://togithub.com/cert-manager/cert-manager/compare/v1.12.3...v1.12.4)

v1.12.4 contains an important security fix that
addresses [CVE-2023-29409](https://cve.report/CVE-2023-29409).

#### Changes since v1.12.3

- Fixes an issue where cert-manager would incorrectly reject two IP
addresses as being unequal when they should have compared equal. This
would be most noticeable when using an IPv6 address which doesn't match
how Go's `net.IP.String()` function would have printed that address.
([#&#8203;6297](https://togithub.com/cert-manager/cert-manager/issues/6297),
[@&#8203;SgtCoDFish](https://togithub.com/SgtCoDFish))
- Use Go 1.20.7 to fix a security issue in Go's `crypto/tls` library.
([#&#8203;6318](https://togithub.com/cert-manager/cert-manager/issues/6318),
[@&#8203;maelvls](https://togithub.com/maelvls))

</details>

<details>
<summary>truecharts/charts (clickhouse)</summary>

###
[`v7.0.9`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.9)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.8...clickhouse-7.0.9)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.8`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.8)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.7...clickhouse-7.0.8)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.7`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.7)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.6...clickhouse-7.0.7)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.6`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.6)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.5...clickhouse-7.0.6)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.5`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.5)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.4...clickhouse-7.0.5)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.4`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.4)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.3...clickhouse-7.0.4)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.3`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.3)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.2...clickhouse-7.0.3)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

###
[`v7.0.2`](https://togithub.com/truecharts/charts/releases/tag/clickhouse-7.0.2)

[Compare
Source](https://togithub.com/truecharts/charts/compare/clickhouse-7.0.1...clickhouse-7.0.2)

ClickHouse is a column-oriented database management system (DBMS) for
online analytical processing of queries (OLAP).

</details>

<details>
<summary>truecharts/library-charts (common)</summary>

###
[`v14.0.9`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.9)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.8...common-14.0.9)

Function library for TrueCharts

###
[`v14.0.8`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.8)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.7...common-14.0.8)

Function library for TrueCharts

###
[`v14.0.7`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.7)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.6...common-14.0.7)

Function library for TrueCharts

###
[`v14.0.6`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.6)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.5...common-14.0.6)

Function library for TrueCharts

###
[`v14.0.5`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.5)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.4...common-14.0.5)

Function library for TrueCharts

###
[`v14.0.4`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.4)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.3...common-14.0.4)

Function library for TrueCharts

###
[`v14.0.3`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.3)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.2...common-14.0.3)

Function library for TrueCharts

###
[`v14.0.2`](https://togithub.com/truecharts/library-charts/releases/tag/common-14.0.2)

[Compare
Source](https://togithub.com/truecharts/library-charts/compare/common-14.0.1...common-14.0.2)

Function library for TrueCharts

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 10pm on tuesday" in timezone
Europe/Amsterdam, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://togithub.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy43LjEiLCJ1cGRhdGVkSW5WZXIiOiIzNy43LjEiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIifQ==-->

---------

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

BUGFIX: CertificateRequest short names must be unique. inteon/cert-manager
4 participants
@mghantous @jetstack-bot @inteon and others