-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update all non-major dependencies #210
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
July 13, 2022 17:34
643ac93
to
7a2572b
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
July 20, 2022 20:19
2fa222e
to
dea839d
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
4 times, most recently
from
July 26, 2022 16:52
b2d1343
to
7e5cc63
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
2 times, most recently
from
August 1, 2022 20:03
d38c9b4
to
1f66165
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
3 times, most recently
from
August 8, 2022 19:01
efa1024
to
b47758d
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
6 times, most recently
from
August 14, 2022 18:55
5876c9c
to
826aaef
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
August 15, 2022 20:12
826aaef
to
cb0ecaa
Compare
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
August 18, 2022 05:35
cb0ecaa
to
89086ef
Compare
Signed-off-by: Renovate Bot <bot@renovateapp.com>
renovate
bot
force-pushed
the
renovate/all-minor-patch
branch
from
August 23, 2022 15:53
89086ef
to
164dd42
Compare
aveega
approved these changes
Aug 23, 2022
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: aveega, renovate[bot] The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.8.2
->v1.9.1
v1.16.7
->v1.16.11
v1.15.13
->v1.17.1
v1.12.8
->v1.12.14
v1.17.10
->v1.17.15
v1.18.9
->v1.18.13
v1.16.11
->v1.16.15
v1.16.9
->v1.16.13
v1.8.2
->v1.9.1
1.17
->1.19
1.18.3
->1.19.0
1.18
->1.19
v0.24.2
->v0.24.4
v0.24.2
->v0.24.4
f6158b4
->e9cbc92
Release Notes
cert-manager/cert-manager
v1.9.1
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
Version 1.9.1 is a bugfix release which removes an incorrect check in the Route53 DNS solver. This accidental change prevented the use of credentials derived from instance metadata or AWS pod metadata.
Thanks to @danquack and @ArchiFleKs for raising this issue, and @danquack and @JoshVanL for fixing it!
Changes since v1.9.0
Bug
accessKeyID
orsecretAccessKeyID
. (#5341, @JoshVanL @danquack )v1.9.0
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
The new version adds alpha support for using cert-manager
Certificate
s in scenarios where the ordering of the Relative Distinguished Names (RDN) sequence that constitutes an X.509 certificate's subject needs to be preserved; improves the ability to configure theCertificate
created via ingress-shim using annotations on theIngress
resource; introduces various changes/improvements in contributor flow; and finishes the new make-based contributor workflow.Major Themes
Literal Certificate Subjects
cert-manager's
Certificate
allows users to configure the subject fields of the X.509 certificate viaspec.subject
andspec.commonName
fields. The X.509 spec states that the subject is an (ordered) sequence of Relative Distinguished Names (RDN).cert-manager does not strictly abide by this spec when encoding the subject fields from the
Certificate
spec. For example, the order of the RDN sequence may not be preserved. This is because cert-manager uses Go's libraries for X.509 certificates, and the Go libraries don't preserve ordering.For the vast majority of users this does not matter, but there are specific cases that require defining the exact ordered RDN sequence. For example, if the certificate is used for LDAP authentication and the RDN sequence represents a location in LDAP directory tree. See
cert-manager#​3203
.For these use cases, a new alpha
LiteralSubject
field has been added to theCertificate
spec where users can pass a literal RDN sequence:To use this field, the alpha feature gate
LiteralCertificateSubject
needs to be enabled on both the cert-manager controller and webhook. Bear in mind thatspec.literalSubject
is mutually exclusive withspec.commonName
andspec.subject
.This feature is aimed at the specific scenario where an exact RDN sequence needs to be defined. We do not intend to deprecate the existing
spec.subject
andspec.commonName
fields and we recommend that folks keep using those fields in all other cases; they're simpler, have better validation and are more obvious to read and change.ingress-shim
Certificate
Configurationcert-manager 1.9 adds the ability to configure an ingress-shim
Certificate
'sspec.revisionHistoryLimit
andspec.privateKey
via annotations on theIngress
resource.This should allow folks to configure ingress-shim
Certificate
s according to best practices (i.e by settingCertificate
'sspec.privateKey.rotationPolicy
toAlways
).In the future we would like to design a better mechanism to configure these
Certificate
s. We advise caution when usingIngress
annotations as there is no validation of the annotations atIngress
creation time.Contribution Workflow
Over the past couple of months there have been a number of discussions in regards to contributor experience and project health, partially triggered by the awesome community discussions in cert-manager's KubeCon booth and also by the work done to move cert-manager to CNCF's incubating stage.
For example, we've clarified our feature policy and discussed the process of building cert-manager's roadmap. If you're interested in these topics, we're happy to chat about them!
make
Workflowcert-manager 1.8 introduced a new
make
based workflow alongside the existing Bazel workflow. The work to improve themake
workflow was continued in 1.9 and our contributor documentation has been redefined to usemake
commands. This should make building and testing cert-manager easier with faster build and test times, easier debugging and less complexity.As part of this, Bazel has now been fully deprecated for building and testing cert-manager.
As usual, we welcome any feedback in regards to further improving contributor experience.
Thank You!
Thank you to the following community members who had a merged PR for this version - your contributions are at the heart of everything we do!
Thanks also to the following maintainers who worked on cert-manager 1.9:
Changes since v1.8.0
Feature
make clean-all
for starting a fresh development environment andmake which-go
for getting go version information when developing cert-manager (#5118, @SgtCoDFish)make upload-release
target for publishing cert-manager releases to GCS, simplifying the cert-manager release process simpler and making it easier to change (#5205, @SgtCoDFish)certmanager_http_venafi_client_request_duration_seconds
which allows tracking the latency of Venafi API calls. The metric is labelled by the type of API call. Example PromQL query:certmanager_http_venafi_client_request_duration_seconds{api_call="request_certificate"}
will show the average latency of calls to the Venafi certificate request endpoint (#5053, @irbekrm)cert-manager.io/revision-history-limit
annotation for Ingress resources, to limit the number of CertificateRequests which are kept for a Certificate (#5221, @oGi4i)literalSubject
field for Certificate resources. This is an alpha feature, enabled by passing the flag--feature-gates=LiteralCertificateSubject=true
to the cert-manager controller and webhook.literalSubject
allows fine-grained control of the subject a certificate should have when issued and is intended for power-users with specific use cases in mind (#5002, @spockz)bin
to_bin
, which plays better with certain tools which might treatbin
as just another source directory (#5130, @SgtCoDFish)namespace
parameter which allows users to override the namespace in which resources will be created. This also allows users to set the namespace of the chart when using cert-manager as a sub chart. (#5141, @andrewgkew)curl
, to reduce flakes in tests and development environments (#5272, @SgtCoDFish)Bug or Regression
make release-artifacts
only builds unsigned artifacts as intended (#5181, @SgtCoDFish)./
is stripped from paths. This ensures that behaviour is the same as v1.7 and earlier (#5050, @jahrlin)cmctl
andkubectl cert-manager
now report their actual versions instead of "canary", fixing issue #5020 (#5286, @jetstack-bot)Other (Cleanup or Flake)
make update-all
as a convenience target to run before raising a PR (#5251, @SgtCoDFish)experimental.cert-manager.io/private-key-secret-name
doesn't exist. (#5332, @jetstack-bot)securityContext.enabled
from helm chart (#4721, @Dean-Coakley)v0.24.2
. (#5097, @lucacome)aws/aws-sdk-go-v2
v1.16.11
Compare Source
v1.16.10
Compare Source
v1.16.9
Compare Source
v1.16.8
Compare Source
golang/go
v1.19.0
v1.18.5
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
kubernetes/api
v0.24.4
Compare Source
v0.24.3
Compare Source
kubernetes/apimachinery
v0.24.4
Compare Source
v0.24.3
Compare Source
Configuration
📅 Schedule: Branch creation - "after 9am on Wednesday,before 12pm on Wednesday" in timezone America/New_York, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.