chore(deps): update helm chart cert-manager to v1.5.0

[renovate-self-hosted]

This PR contains the following updates:

Package	Update	Change
cert-manager	minor	v1.4.2 -> v1.5.0

---

Release Notes

jetstack/cert-manager

v1.5.0

Compare Source

Release notes for release-1.5

cert-manager 1.5 is the first release to support Kubernetes 1.22.

Note: in cert-manager 1.7, the API versions v1alpha2, v1alpha3 and v1beta1 will be removed in cert-manager 1.7. Keep in mind that you will have to change all your YAML manifests that use a deprecated API version to use cert-manager.io/v1 instead, and re-apply them before cert-manager 1.7.

Changelog since 1.4

Changes by Kind

Feature

• Add a name to Prometheus scraping service port (#​4072, @​francescsanjuanmrf)
• Add support for adding custom annotations and labels to the Secret containing the TLS key pair. (#​3828, @​jonathansp)
• Add the deployed cert-manager version to 'kubectl cert-manager version' command (#​4226, @​inteon)
• Added a new optional controller: gateway-shim. cert-manager now supports automatic
  creation of ACME certificates for the sig-network Gateway API Gateway, when annotated
  similarly to existing support for Ingresses. (#​4158, @​maelvls)
• Added a startup api check Job that waits for the cert-manager api to become ready (#​4234, @​inteon)
• Added the kubectl 'cert-manager check api' command (#​4205, @​inteon)
• Adds CLI command: ctl experimental create certificatesigningrequest for creating a Kuberenetes CertificateSigningRequest based upon a cert-manager Certificate manifest file (#​4106, @​JoshVanL)
• Adds clock_time_seconds metric for calculating expiration time in monitoring systems without a built in function. (#​4105, @​kit837)
• Adds support for Ed25519 private keys and signatures for Certificates (#​4079, @​annerajb)
• cert-manager is now able to sign CertificateSigningRequests using the ACME issuer. Note that
  the CertificateSigningRequests support is experimental and requires the use of a flag on the
  controller: --feature-gates=ExperimentalCertificateSigningRequestControllers=true (#​4112, @​JoshVanL)
• cert-manager is now able to sign CertificateSigningRequests using the SelfSigned issuer. Note that
  the CertificateSigningRequests support is experimental and requires the use of a flag on the
  controller: --feature-gates=ExperimentalCertificateSigningRequestControllers=true (#​4100, @​JoshVanL)
• cert-manager is now able to sign CertificateSigningRequests using the Vault issuer. Note that
  the CertificateSigningRequests support is experimental and requires the use of a flag on the
  controller: --feature-gates=ExperimentalCertificateSigningRequestControllers=true (#​4103, @​JoshVanL)
• cert-manager is now able to sign CertificateSigningRequests using the Venafi issuer. Note that
  the CertificateSigningRequests support is experimental and requires the use of a flag on the
  controller: --feature-gates=ExperimentalCertificateSigningRequestControllers=true (#​4108, @​JoshVanL)
• cert-manager now supports the sig-network Gateway API to solve HTTP01 challenges. (#​4276, @​jakexks)
• cert-manager now uses the networking.k8s.io/v1 Ingress type if available. (#​4225, @​jakexks)
• Fire event when a CertificateSigningRequest has not yet been approved, so will skip processing until it is. (#​4229, @​JoshVanL)
• Reduce binary sizes by adding "-s -w" as ldflags (#​4169, @​inteon)
• kubectl cert-manager x install command is added (#​4138, @​inteon)

Bug or Regression

• Adds an explicit 10 second timeout when checking HTTP01 challenges for reachability (#​4318, @​SgtCoDFish)
• Cloudflare: Refactored DNS01 challenge to use API for finding the nearest Zone (fixing potential DNS-Issues) (#​4147, @​thiscantbeserious)
• Fix a bug where failed Certificate Requests were not retried (#​4130, @​irbekrm)
• Fix check for self-signed certificates in EncodeX509Chain which broke certs whose subject DN matched their issuer's subject DN (#​4237, @​SgtCoDFish)
• Fix handling of chains which don't have a root in ParseSingleCertificateChain, and improve handling in situations where that function is passed a single certificate. (#​4261, @​SgtCoDFish)
• Fixed a bug in the "gateway shim" controller that was causing the cert-manager controller to crash
  with a nil pointer exception when using the annotation "cert-manager.io/issuer" on a Gateway that
  had an empty tls block or with certificateRef left empty. (#​4293, @​maelvls)
• Fixed a goroutine leak that was causing the controller's memory usage to grow with time (#​4233, @​maelvls)
• Fixed a race condition introduced in v0.15.0 that would crash cert-manager for clusters
  with a large number of certificates. (#​4231, @​maelvls)
• Set correct exit codes on ctrl+c event & process defer calls on error (#​4230, @​inteon)
• Set correct labels on resources in static manifest yaml files (#​4190, @​inteon)

Other (Cleanup or Flake)

• Adds conformance E2E suite for CertificateSigningRequests (#​4101, @​JoshVanL)
• Allows to configure labels on cert-manager webhook service via a Helm value. (#​4260, @​mozz-lx)
• Allows to configure which annotations get copied from Certificate to CertificateRequest. Annotations with keys prefixed with kubectl.kubernetes.io/, fluxcd.io, argocd.argoproj.io are now excluded by default. (#​4251, @​irbekrm)
• Minor cleanup of make targets, to prepare for more use of make in cert-manager (#​4109, @​SgtCoDFish)
• Pre-v1 cert-manager resource requests now must be converted to v1 in order to be validated/mutated by admission webhooks. (Default cert-manager validating and mutating webhook configurations ensure the resource requests are being converted) (#​4172, @​irbekrm)
• Reduce binary sizes by adding "-w" as ldflag (#​4181, @​inteon)
• Regression: CertificateSigningRequests will no longer have a experimental.cert-manager.io/ca annotation set. (#​4143, @​JoshVanL)
• Remove v1beta1 as an accepted AdmissionReviewVersion. cert-manager now only supports v1, available since Kubernetes v1.16 (#​4254, @​JoshVanL)
• Remove v1beta1 as an accepted ConversionReviewVersion. cert-manager now only supports v1, available since Kubernetes v1.16 (#​4253, @​JoshVanL)
• The controllers now exit more cleanly (eg. the Leader Election Lease is freed properly on shutdown) (#​4243, @​inteon)

v1.4.3

Compare Source

Release notes for v1.4.3

Changelog since v1.4.2

Changes by Kind

Bug or Regression

• Adds an explicit 10 second timeout when checking HTTP01 challenges for reachability (#​4319, @​SgtCoDFish)

Other (Cleanup or Flake)

• Clarify the exact supported kubernetes version range for cert-manager 1.4 (#​4315, @​SgtCoDFish)

---

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box.

---

This PR has been generated by Renovate Bot.