diff --git a/CHANGELOG.md b/CHANGELOG.md index 343b30c05e..499aa90036 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -31,6 +31,10 @@ - Bump Calico version to [3.29.3](https://github.com/projectcalico/calico/releases/tag/v3.29.3) (PR[#4571](https://github.com/scality/metalk8s/pull/4571)) +- Bump cert-manager version to + [1.17.1](https://github.com/cert-manager/cert-manager/releases/tag/v1.17.1) + (PR[#4579](https://github.com/scality/metalk8s/pull/4579)) + ## Release 129.0.1 (in development) ### Enhancements diff --git a/buildchain/buildchain/versions.py b/buildchain/buildchain/versions.py index 17abcf7a78..04af5f6f08 100644 --- a/buildchain/buildchain/versions.py +++ b/buildchain/buildchain/versions.py @@ -85,7 +85,7 @@ def load_version_information() -> None: NGINX_IMAGE_VERSION: str = "1.27.2-alpine" NODEJS_IMAGE_VERSION: str = "20.11.1" KEEPALIVED_VERSION: str = "2.3.1" -CERT_MANAGER_VERSION: str = "1.16.1" +CERT_MANAGER_VERSION: str = "1.17.1" # Current build IDs, to be augmented whenever we rebuild the corresponding # image, e.g. because the `Dockerfile` is changed, or one of the dependencies @@ -279,22 +279,22 @@ def _version_prefix(version: str, prefix: str = "v") -> str: Image( name="cert-manager-controller", version=_version_prefix(CERT_MANAGER_VERSION), - digest="sha256:ae5e14401cde4dec8bccce7594f829cd491044aa66944272e1d4fccc941ec77c", + digest="sha256:9339837eaaa7852509fa4c89c12543721d79d7facf57f29adec7c96fffe408d6", ), Image( name="cert-manager-webhook", version=_version_prefix(CERT_MANAGER_VERSION), - digest="sha256:6edf44244b2a711be737c4ab8e54e68d9112cc4e87da2ef97a7f76b768f4fde7", + digest="sha256:2933ec670a99524a6860f641ef3720289d784b0bef35bd0b74fc3eb093e71596", ), Image( name="cert-manager-cainjector", version=_version_prefix(CERT_MANAGER_VERSION), - digest="sha256:3c49185718cf454bac559f71c4453b33f1086db48084604247d9acb7a4de2973", + digest="sha256:a8319ee78e94abb11c4fe0b35197a57848ae7eec6c526e369187dc57b2961116", ), Image( name="cert-manager-acmesolver", version=_version_prefix(CERT_MANAGER_VERSION), - digest="sha256:14304826ab1a1184e185f952ef7e0bf8e620568b5c17939179efe6f4c6049d8e", + digest="sha256:a076f72f33a22dfd3a23727f1e1a069817819406b39e5b0fd9cb97d3338cb8d8", ), ) diff --git a/charts/cert-manager/Chart.yaml b/charts/cert-manager/Chart.yaml index 01d0c1d30b..6f05ea15f0 100644 --- a/charts/cert-manager/Chart.yaml +++ b/charts/cert-manager/Chart.yaml @@ -6,7 +6,7 @@ annotations: fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg apiVersion: v2 -appVersion: v1.16.1 +appVersion: v1.17.1 description: A Helm chart for cert-manager home: https://cert-manager.io icon: https://raw.githubusercontent.com/cert-manager/community/4d35a69437d21b76322157e6284be4cd64e6d2b7/logo/logo-small.png @@ -23,4 +23,4 @@ maintainers: name: cert-manager sources: - https://github.com/cert-manager/cert-manager -version: v1.16.1 +version: v1.17.1 diff --git a/charts/cert-manager/README.md b/charts/cert-manager/README.md index 4064f9e045..a995bad282 100644 --- a/charts/cert-manager/README.md +++ b/charts/cert-manager/README.md @@ -19,7 +19,7 @@ Before installing the chart, you must first install the cert-manager CustomResou This is performed in a separate step to allow you to easily uninstall and reinstall cert-manager without deleting your installed custom resources. ```bash -$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.1/cert-manager.crds.yaml +$ kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.17.1/cert-manager.crds.yaml ``` To install the chart with the release name `cert-manager`: @@ -29,7 +29,7 @@ To install the chart with the release name `cert-manager`: $ helm repo add jetstack https://charts.jetstack.io --force-update ## Install the cert-manager helm chart -$ helm install cert-manager --namespace cert-manager --version v1.16.1 jetstack/cert-manager +$ helm install cert-manager --namespace cert-manager --version v1.17.1 jetstack/cert-manager ``` In order to begin issuing certificates, you will need to set up a ClusterIssuer @@ -65,7 +65,7 @@ If you want to completely uninstall cert-manager from your cluster, you will als delete the previously installed CustomResourceDefinition resources: ```console -$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.16.1/cert-manager.crds.yaml +$ kubectl delete -f https://github.com/cert-manager/cert-manager/releases/download/v1.17.1/cert-manager.crds.yaml ``` ## Configuration @@ -316,7 +316,13 @@ If not set and create is true, a name is generated using the fullname template. #### **serviceAccount.annotations** ~ `object` -Optional additional annotations to add to the controller's Service Account. +Optional additional annotations to add to the controller's Service Account. Templates are allowed for both keys and values. +Example using templating: + +```yaml +annotations: + "{{ .Chart.Name }}-helm-chart/version": "{{ .Chart.Version }}" +``` #### **serviceAccount.labels** ~ `object` @@ -364,17 +370,24 @@ config: kubernetesAPIQPS: 9000 kubernetesAPIBurst: 9000 numberOfConcurrentWorkers: 200 + enableGatewayAPI: true + # Feature gates as of v1.17.0. Listed with their default values. + # See https://cert-manager.io/docs/cli/controller/ featureGates: - AdditionalCertificateOutputFormats: true - DisallowInsecureCSRUsageDefinition: true - ExperimentalCertificateSigningRequestControllers: true - ExperimentalGatewayAPISupport: true - LiteralCertificateSubject: true - SecretsFilteredCaching: true - ServerSideApply: true - StableCertificateRequestName: true - UseCertificateRequestBasicConstraints: true - ValidateCAA: true + AdditionalCertificateOutputFormats: true # BETA - default=true + AllAlpha: false # ALPHA - default=false + AllBeta: false # BETA - default=false + ExperimentalCertificateSigningRequestControllers: false # ALPHA - default=false + ExperimentalGatewayAPISupport: true # BETA - default=true + LiteralCertificateSubject: true # BETA - default=true + NameConstraints: true # BETA - default=true + OtherNames: false # ALPHA - default=false + SecretsFilteredCaching: true # BETA - default=true + ServerSideApply: false # ALPHA - default=false + StableCertificateRequestName: true # BETA - default=true + UseCertificateRequestBasicConstraints: false # ALPHA - default=false + UseDomainQualifiedFinalizer: true # BETA - default=false + ValidateCAA: false # ALPHA - default=false # Configure the metrics server for TLS # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls metricsTLSConfig: diff --git a/charts/cert-manager/templates/cainjector-deployment.yaml b/charts/cert-manager/templates/cainjector-deployment.yaml index 65e658940e..dc14ab0227 100644 --- a/charts/cert-manager/templates/cainjector-deployment.yaml +++ b/charts/cert-manager/templates/cainjector-deployment.yaml @@ -53,6 +53,12 @@ spec: prometheus.io/port: '9402' {{- end }} spec: + {{- if not .Values.cainjector.serviceAccount.create }} + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} serviceAccountName: {{ template "cainjector.serviceAccountName" . }} {{- if hasKey .Values.cainjector "automountServiceAccountToken" }} automountServiceAccountToken: {{ .Values.cainjector.automountServiceAccountToken }} diff --git a/charts/cert-manager/templates/cainjector-service.yaml b/charts/cert-manager/templates/cainjector-service.yaml index 2ed9178f31..dd0e64db25 100644 --- a/charts/cert-manager/templates/cainjector-service.yaml +++ b/charts/cert-manager/templates/cainjector-service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.cainjector.enabled }} {{- if and .Values.prometheus.enabled (not .Values.prometheus.podmonitor.enabled) }} apiVersion: v1 kind: Service @@ -28,3 +29,4 @@ spec: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: "cainjector" {{- end }} +{{- end }} diff --git a/charts/cert-manager/templates/crds.yaml b/charts/cert-manager/templates/crds.yaml index 00930f9c82..f5f8ec4378 100644 --- a/charts/cert-manager/templates/crds.yaml +++ b/charts/cert-manager/templates/crds.yaml @@ -514,7 +514,6 @@ spec: type: object required: - create - - passwordSecretRef properties: alias: description: |- @@ -526,17 +525,25 @@ spec: Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in - `passwordSecretRef`. + `passwordSecretRef` or `password`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority type: boolean + password: + description: |- + Password provides a literal password used to encrypt the JKS keystore. + Mutually exclusive with passwordSecretRef. + One of password or passwordSecretRef must provide a password with a non-zero length. + type: string passwordSecretRef: description: |- - PasswordSecretRef is a reference to a key in a Secret resource + PasswordSecretRef is a reference to a non-empty key in a Secret resource containing the password used to encrypt the JKS keystore. + Mutually exclusive with password. + One of password or passwordSecretRef must provide a password with a non-zero length. type: object required: - name @@ -559,24 +566,31 @@ spec: type: object required: - create - - passwordSecretRef properties: create: description: |- Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in - `passwordSecretRef`. + `passwordSecretRef` or in `password`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority type: boolean + password: + description: |- + Password provides a literal password used to encrypt the PKCS#12 keystore. + Mutually exclusive with passwordSecretRef. + One of password or passwordSecretRef must provide a password with a non-zero length. + type: string passwordSecretRef: description: |- - PasswordSecretRef is a reference to a key in a Secret resource - containing the password used to encrypt the PKCS12 keystore. + PasswordSecretRef is a reference to a non-empty key in a Secret resource + containing the password used to encrypt the PKCS#12 keystore. + Mutually exclusive with password. + One of password or passwordSecretRef must provide a password with a non-zero length. type: object required: - name @@ -1376,6 +1390,9 @@ spec: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity type: string + tenantID: + description: tenant ID of the managed identity, can not be used at the same time as resourceID + type: string resourceGroupName: description: resource group the DNS zone is located in type: string @@ -4689,6 +4706,9 @@ spec: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity type: string + tenantID: + description: tenant ID of the managed identity, can not be used at the same time as resourceID + type: string resourceGroupName: description: resource group the DNS zone is located in type: string @@ -8415,6 +8435,9 @@ spec: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity type: string + tenantID: + description: tenant ID of the managed identity, can not be used at the same time as resourceID + type: string resourceGroupName: description: resource group the DNS zone is located in type: string diff --git a/charts/cert-manager/templates/deployment.yaml b/charts/cert-manager/templates/deployment.yaml index e6f3f681e8..8a4a9734b8 100644 --- a/charts/cert-manager/templates/deployment.yaml +++ b/charts/cert-manager/templates/deployment.yaml @@ -52,6 +52,12 @@ spec: prometheus.io/port: '9402' {{- end }} spec: + {{- if not .Values.serviceAccount.create }} + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} serviceAccountName: {{ template "cert-manager.serviceAccountName" . }} {{- if hasKey .Values "automountServiceAccountToken" }} automountServiceAccountToken: {{ .Values.automountServiceAccountToken }} diff --git a/charts/cert-manager/templates/serviceaccount.yaml b/charts/cert-manager/templates/serviceaccount.yaml index 87fc00ea70..698ddef8c6 100644 --- a/charts/cert-manager/templates/serviceaccount.yaml +++ b/charts/cert-manager/templates/serviceaccount.yaml @@ -11,7 +11,9 @@ metadata: namespace: {{ include "cert-manager.namespace" . }} {{- with .Values.serviceAccount.annotations }} annotations: - {{- toYaml . | nindent 4 }} + {{- range $k, $v := . }} + {{- printf "%s: %s" (tpl $k $) (tpl $v $) | nindent 4 }} + {{- end }} {{- end }} labels: app: {{ include "cert-manager.name" . }} diff --git a/charts/cert-manager/templates/webhook-deployment.yaml b/charts/cert-manager/templates/webhook-deployment.yaml index 1535589ff6..857cf353d8 100644 --- a/charts/cert-manager/templates/webhook-deployment.yaml +++ b/charts/cert-manager/templates/webhook-deployment.yaml @@ -52,6 +52,12 @@ spec: prometheus.io/port: '9402' {{- end }} spec: + {{- if not .Values.webhook.serviceAccount.create }} + {{- with .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} serviceAccountName: {{ template "webhook.serviceAccountName" . }} {{- if hasKey .Values.webhook "automountServiceAccountToken" }} automountServiceAccountToken: {{ .Values.webhook.automountServiceAccountToken }} diff --git a/charts/cert-manager/values.schema.json b/charts/cert-manager/values.schema.json index d04da90c27..36d1d0ca85 100644 --- a/charts/cert-manager/values.schema.json +++ b/charts/cert-manager/values.schema.json @@ -579,7 +579,7 @@ }, "helm-values.config": { "default": {}, - "description": "This property is used to configure options for the controller pod. This allows setting options that would usually be provided using flags.\n\nIf `apiVersion` and `kind` are unspecified they default to the current latest version (currently `controller.config.cert-manager.io/v1alpha1`). You can pin the version by specifying the `apiVersion` yourself.\n\nFor example:\nconfig:\n apiVersion: controller.config.cert-manager.io/v1alpha1\n kind: ControllerConfiguration\n logging:\n verbosity: 2\n format: text\n leaderElectionConfig:\n namespace: kube-system\n kubernetesAPIQPS: 9000\n kubernetesAPIBurst: 9000\n numberOfConcurrentWorkers: 200\n featureGates:\n AdditionalCertificateOutputFormats: true\n DisallowInsecureCSRUsageDefinition: true\n ExperimentalCertificateSigningRequestControllers: true\n ExperimentalGatewayAPISupport: true\n LiteralCertificateSubject: true\n SecretsFilteredCaching: true\n ServerSideApply: true\n StableCertificateRequestName: true\n UseCertificateRequestBasicConstraints: true\n ValidateCAA: true\n # Configure the metrics server for TLS\n # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls\n metricsTLSConfig:\n dynamic:\n secretNamespace: \"cert-manager\"\n secretName: \"cert-manager-metrics-ca\"\n dnsNames:\n - cert-manager-metrics", + "description": "This property is used to configure options for the controller pod. This allows setting options that would usually be provided using flags.\n\nIf `apiVersion` and `kind` are unspecified they default to the current latest version (currently `controller.config.cert-manager.io/v1alpha1`). You can pin the version by specifying the `apiVersion` yourself.\n\nFor example:\nconfig:\n apiVersion: controller.config.cert-manager.io/v1alpha1\n kind: ControllerConfiguration\n logging:\n verbosity: 2\n format: text\n leaderElectionConfig:\n namespace: kube-system\n kubernetesAPIQPS: 9000\n kubernetesAPIBurst: 9000\n numberOfConcurrentWorkers: 200\n enableGatewayAPI: true\n # Feature gates as of v1.17.0. Listed with their default values.\n # See https://cert-manager.io/docs/cli/controller/\n featureGates:\n AdditionalCertificateOutputFormats: true # BETA - default=true\n AllAlpha: false # ALPHA - default=false\n AllBeta: false # BETA - default=false\n ExperimentalCertificateSigningRequestControllers: false # ALPHA - default=false\n ExperimentalGatewayAPISupport: true # BETA - default=true\n LiteralCertificateSubject: true # BETA - default=true\n NameConstraints: true # BETA - default=true\n OtherNames: false # ALPHA - default=false\n SecretsFilteredCaching: true # BETA - default=true\n ServerSideApply: false # ALPHA - default=false\n StableCertificateRequestName: true # BETA - default=true\n UseCertificateRequestBasicConstraints: false # ALPHA - default=false\n UseDomainQualifiedFinalizer: true # BETA - default=false\n ValidateCAA: false # ALPHA - default=false\n # Configure the metrics server for TLS\n # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls\n metricsTLSConfig:\n dynamic:\n secretNamespace: \"cert-manager\"\n secretName: \"cert-manager-metrics-ca\"\n dnsNames:\n - cert-manager-metrics", "type": "object" }, "helm-values.containerSecurityContext": { @@ -1223,7 +1223,7 @@ "type": "object" }, "helm-values.serviceAccount.annotations": { - "description": "Optional additional annotations to add to the controller's Service Account.", + "description": "Optional additional annotations to add to the controller's Service Account. Templates are allowed for both keys and values.\nExample using templating:\nannotations:\n \"{{ .Chart.Name }}-helm-chart/version\": \"{{ .Chart.Version }}\"", "type": "object" }, "helm-values.serviceAccount.automountServiceAccountToken": { diff --git a/charts/cert-manager/values.yaml b/charts/cert-manager/values.yaml index 7a1c295305..a8c94f8b46 100644 --- a/charts/cert-manager/values.yaml +++ b/charts/cert-manager/values.yaml @@ -190,7 +190,10 @@ serviceAccount: # +docs:property # name: "" - # Optional additional annotations to add to the controller's Service Account. + # Optional additional annotations to add to the controller's Service Account. Templates are allowed for both keys and values. + # Example using templating: + # annotations: + # "{{ .Chart.Name }}-helm-chart/version": "{{ .Chart.Version }}" # +docs:property # annotations: {} @@ -227,17 +230,24 @@ enableCertificateOwnerRef: false # kubernetesAPIQPS: 9000 # kubernetesAPIBurst: 9000 # numberOfConcurrentWorkers: 200 +# enableGatewayAPI: true +# # Feature gates as of v1.17.0. Listed with their default values. +# # See https://cert-manager.io/docs/cli/controller/ # featureGates: -# AdditionalCertificateOutputFormats: true -# DisallowInsecureCSRUsageDefinition: true -# ExperimentalCertificateSigningRequestControllers: true -# ExperimentalGatewayAPISupport: true -# LiteralCertificateSubject: true -# SecretsFilteredCaching: true -# ServerSideApply: true -# StableCertificateRequestName: true -# UseCertificateRequestBasicConstraints: true -# ValidateCAA: true +# AdditionalCertificateOutputFormats: true # BETA - default=true +# AllAlpha: false # ALPHA - default=false +# AllBeta: false # BETA - default=false +# ExperimentalCertificateSigningRequestControllers: false # ALPHA - default=false +# ExperimentalGatewayAPISupport: true # BETA - default=true +# LiteralCertificateSubject: true # BETA - default=true +# NameConstraints: true # BETA - default=true +# OtherNames: false # ALPHA - default=false +# SecretsFilteredCaching: true # BETA - default=true +# ServerSideApply: false # ALPHA - default=false +# StableCertificateRequestName: true # BETA - default=true +# UseCertificateRequestBasicConstraints: false # ALPHA - default=false +# UseDomainQualifiedFinalizer: true # BETA - default=false +# ValidateCAA: false # ALPHA - default=false # # Configure the metrics server for TLS # # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls # metricsTLSConfig: diff --git a/salt/metalk8s/addons/cert-manager/deployed/chart.sls b/salt/metalk8s/addons/cert-manager/deployed/chart.sls index 1cf4957b67..6fbf57c7ca 100644 --- a/salt/metalk8s/addons/cert-manager/deployed/chart.sls +++ b/salt/metalk8s/addons/cert-manager/deployed/chart.sls @@ -18,8 +18,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cainjector app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-cainjector namespace: metalk8s-certs @@ -35,8 +35,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager namespace: metalk8s-certs @@ -52,8 +52,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: webhook app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-webhook namespace: metalk8s-certs @@ -69,8 +69,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: certificaterequests.cert-manager.io namespace: metalk8s-certs @@ -384,8 +384,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: certificates.cert-manager.io namespace: metalk8s-certs @@ -567,17 +567,25 @@ spec: Create enables JKS keystore creation for the Certificate. If true, a file named `keystore.jks` will be created in the target Secret resource, encrypted using the password stored in - `passwordSecretRef`. + `passwordSecretRef` or `password`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.jks` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority type: boolean + password: + description: |- + Password provides a literal password used to encrypt the JKS keystore. + Mutually exclusive with passwordSecretRef. + One of password or passwordSecretRef must provide a password with a non-zero length. + type: string passwordSecretRef: description: |- - PasswordSecretRef is a reference to a key in a Secret resource + PasswordSecretRef is a reference to a non-empty key in a Secret resource containing the password used to encrypt the JKS keystore. + Mutually exclusive with password. + One of password or passwordSecretRef must provide a password with a non-zero length. properties: key: description: |- @@ -595,7 +603,6 @@ spec: type: object required: - create - - passwordSecretRef type: object pkcs12: description: |- @@ -607,17 +614,25 @@ spec: Create enables PKCS12 keystore creation for the Certificate. If true, a file named `keystore.p12` will be created in the target Secret resource, encrypted using the password stored in - `passwordSecretRef`. + `passwordSecretRef` or in `password`. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named `truststore.p12` will also be created in the target Secret resource, encrypted using the password stored in `passwordSecretRef` containing the issuing Certificate Authority type: boolean + password: + description: |- + Password provides a literal password used to encrypt the PKCS#12 keystore. + Mutually exclusive with passwordSecretRef. + One of password or passwordSecretRef must provide a password with a non-zero length. + type: string passwordSecretRef: description: |- - PasswordSecretRef is a reference to a key in a Secret resource - containing the password used to encrypt the PKCS12 keystore. + PasswordSecretRef is a reference to a non-empty key in a Secret resource + containing the password used to encrypt the PKCS#12 keystore. + Mutually exclusive with password. + One of password or passwordSecretRef must provide a password with a non-zero length. properties: key: description: |- @@ -650,7 +665,6 @@ spec: type: string required: - create - - passwordSecretRef type: object type: object literalSubject: @@ -1142,8 +1156,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: challenges.acme.cert-manager.io namespace: metalk8s-certs @@ -1408,6 +1422,10 @@ spec: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity type: string + tenantID: + description: tenant ID of the managed identity, can + not be used at the same time as resourceID + type: string type: object resourceGroupName: description: resource group the DNS zone is located in @@ -4513,8 +4531,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: clusterissuers.cert-manager.io namespace: metalk8s-certs @@ -4891,6 +4909,10 @@ spec: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity type: string + tenantID: + description: tenant ID of the managed identity, + can not be used at the same time as resourceID + type: string type: object resourceGroupName: description: resource group the DNS zone is located @@ -8463,8 +8485,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: issuers.cert-manager.io namespace: metalk8s-certs @@ -8840,6 +8862,10 @@ spec: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity type: string + tenantID: + description: tenant ID of the managed identity, + can not be used at the same time as resourceID + type: string type: object resourceGroupName: description: resource group the DNS zone is located @@ -12412,8 +12438,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: orders.acme.cert-manager.io namespace: metalk8s-certs @@ -12682,8 +12708,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cainjector app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-cainjector namespace: metalk8s-certs @@ -12755,8 +12781,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-issuers namespace: metalk8s-certs @@ -12806,8 +12832,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-clusterissuers namespace: metalk8s-certs @@ -12857,8 +12883,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-certificates namespace: metalk8s-certs @@ -12931,8 +12957,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-orders namespace: metalk8s-certs @@ -13002,8 +13028,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-challenges namespace: metalk8s-certs @@ -13112,8 +13138,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-ingress-shim namespace: metalk8s-certs @@ -13186,8 +13212,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s rbac.authorization.k8s.io/aggregate-to-cluster-reader: 'true' name: cert-manager-cluster-view @@ -13212,8 +13238,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s rbac.authorization.k8s.io/aggregate-to-admin: 'true' rbac.authorization.k8s.io/aggregate-to-cluster-reader: 'true' @@ -13252,8 +13278,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s rbac.authorization.k8s.io/aggregate-to-admin: 'true' rbac.authorization.k8s.io/aggregate-to-edit: 'true' @@ -13300,8 +13326,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-approve:cert-manager-io namespace: metalk8s-certs @@ -13326,8 +13352,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-certificatesigningrequests namespace: metalk8s-certs @@ -13374,8 +13400,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: webhook app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-webhook:subjectaccessreviews namespace: metalk8s-certs @@ -13397,8 +13423,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cainjector app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-cainjector namespace: metalk8s-certs @@ -13421,8 +13447,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-issuers namespace: metalk8s-certs @@ -13445,8 +13471,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-clusterissuers namespace: metalk8s-certs @@ -13469,8 +13495,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-certificates namespace: metalk8s-certs @@ -13493,8 +13519,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-orders namespace: metalk8s-certs @@ -13517,8 +13543,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-challenges namespace: metalk8s-certs @@ -13541,8 +13567,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-ingress-shim namespace: metalk8s-certs @@ -13565,8 +13591,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-approve:cert-manager-io namespace: metalk8s-certs @@ -13589,8 +13615,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-controller-certificatesigningrequests namespace: metalk8s-certs @@ -13613,8 +13639,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: webhook app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-webhook:subjectaccessreviews namespace: metalk8s-certs @@ -13637,8 +13663,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cainjector app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-cainjector:leaderelection namespace: kube-system @@ -13671,8 +13697,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager:leaderelection namespace: kube-system @@ -13704,8 +13730,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-tokenrequest namespace: metalk8s-certs @@ -13729,8 +13755,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: webhook app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-webhook:dynamic-serving namespace: metalk8s-certs @@ -13763,8 +13789,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cainjector app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-cainjector:leaderelection namespace: kube-system @@ -13787,8 +13813,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager:leaderelection namespace: kube-system @@ -13811,8 +13837,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-cert-manager-tokenrequest namespace: metalk8s-certs @@ -13835,8 +13861,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: webhook app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-webhook:dynamic-serving namespace: metalk8s-certs @@ -13859,8 +13885,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cainjector app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-cainjector namespace: metalk8s-certs @@ -13885,8 +13911,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager namespace: metalk8s-certs @@ -13912,8 +13938,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: webhook app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-webhook namespace: metalk8s-certs @@ -13943,8 +13969,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cainjector app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-cainjector namespace: metalk8s-certs @@ -13964,8 +13990,8 @@ spec: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cainjector app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s spec: containers: @@ -13977,7 +14003,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: {% endraw -%}{{ build_image_name("cert-manager-cainjector", False) }}{%- raw %}:v1.16.1 + image: {% endraw -%}{{ build_image_name("cert-manager-cainjector", False) }}{%- raw %}:v1.17.1 imagePullPolicy: IfNotPresent name: cert-manager-cainjector ports: @@ -14017,8 +14043,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager namespace: metalk8s-certs @@ -14038,8 +14064,8 @@ spec: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s spec: containers: @@ -14047,14 +14073,14 @@ spec: - --v=2 - --cluster-resource-namespace=$(POD_NAMESPACE) - --leader-election-namespace=kube-system - - --acme-http01-solver-image={% endraw -%}{{ build_image_name("cert-manager-acmesolver", False) }}{%- raw %}:v1.16.1 + - --acme-http01-solver-image={% endraw -%}{{ build_image_name("cert-manager-acmesolver", False) }}{%- raw %}:v1.17.1 - --max-concurrent-challenges=60 env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: {% endraw -%}{{ build_image_name("cert-manager-controller", False) }}{%- raw %}:v1.16.1 + image: {% endraw -%}{{ build_image_name("cert-manager-controller", False) }}{%- raw %}:v1.17.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 @@ -14107,8 +14133,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: webhook app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-webhook namespace: metalk8s-certs @@ -14128,8 +14154,8 @@ spec: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: webhook app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s spec: containers: @@ -14146,7 +14172,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: {% endraw -%}{{ build_image_name("cert-manager-webhook", False) }}{%- raw %}:v1.16.1 + image: {% endraw -%}{{ build_image_name("cert-manager-webhook", False) }}{%- raw %}:v1.17.1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -14214,8 +14240,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: webhook app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-webhook namespace: metalk8s-certs @@ -14252,8 +14278,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: cert-manager app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s metalk8s.scality.com/monitor: '' prometheus: default @@ -14298,8 +14324,8 @@ metadata: app.kubernetes.io/managed-by: salt app.kubernetes.io/name: webhook app.kubernetes.io/part-of: metalk8s - app.kubernetes.io/version: v1.16.1 - helm.sh/chart: cert-manager-v1.16.1 + app.kubernetes.io/version: v1.17.1 + helm.sh/chart: cert-manager-v1.17.1 heritage: metalk8s name: cert-manager-webhook namespace: metalk8s-certs