From 75e79bcbd33530ebaf9083f63987e2f7b87f8cd0 Mon Sep 17 00:00:00 2001 From: Philip Haupt <“der.mad.mob@gmail.com”> Date: Tue, 24 Mar 2026 14:46:00 +0100 Subject: [PATCH] cert-manager update --- certmanager/main.yaml | 470 +++++++++++++++++------------ certmanager/src/kustomization.yaml | 4 +- 2 files changed, 279 insertions(+), 195 deletions(-) diff --git a/certmanager/main.yaml b/certmanager/main.yaml index e1d6c02..3f3356e 100644 --- a/certmanager/main.yaml +++ b/certmanager/main.yaml @@ -9,8 +9,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: certificaterequests.cert-manager.io spec: group: cert-manager.io @@ -320,6 +320,10 @@ spec: type: string type: object type: object + selectableFields: + - jsonPath: .spec.issuerRef.group + - jsonPath: .spec.issuerRef.kind + - jsonPath: .spec.issuerRef.name served: true storage: true subresources: @@ -336,8 +340,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: certificates.cert-manager.io spec: group: cert-manager.io @@ -792,9 +796,6 @@ spec: will be generated whenever a re-issuance occurs. Default is `Always`. The default was changed from `Never` to `Always` in cert-manager >=v1.18.0. - The new default can be disabled by setting the - `--feature-gates=DefaultPrivateKeyRotationPolicyAlways=false` option on - the controller component. enum: - Never - Always @@ -1155,6 +1156,10 @@ spec: type: integer type: object type: object + selectableFields: + - jsonPath: .spec.issuerRef.group + - jsonPath: .spec.issuerRef.kind + - jsonPath: .spec.issuerRef.name served: true storage: true subresources: @@ -1171,8 +1176,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: challenges.acme.cert-manager.io spec: group: acme.cert-manager.io @@ -1456,6 +1461,22 @@ spec: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. type: string + zoneType: + description: |- + ZoneType determines which type of Azure DNS zone to use. + + Valid values are: + - AzurePublicZone (default): Use a public Azure DNS zone. + - AzurePrivateZone: Use an Azure Private DNS zone. + + If not specified, AzurePublicZone is used. + + Support for Azure Private DNS zones is currently + experimental and may change in future releases. + enum: + - AzurePublicZone + - AzurePrivateZone + type: string required: - resourceGroupName - subscriptionID @@ -1583,7 +1604,7 @@ spec: description: |- The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be - enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. + enclosed in square brackets (e.g [2001:db8::1]); port is optional. This field is required. type: string protocol: @@ -1636,8 +1657,8 @@ spec: description: |- The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. - If neither the Access Key nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance metadata, + If neither the Access Key nor Key ID are set, we fall back to using env + vars, shared credentials file, or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials type: string accessKeyIDSecretRef: @@ -1645,8 +1666,8 @@ spec: The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. - If neither the Access Key nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance metadata, + If neither the Access Key nor Key ID are set, we fall back to using env + vars, shared credentials file, or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials properties: key: @@ -1738,8 +1759,8 @@ spec: secretAccessKeySecretRef: description: |- The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance metadata, + If neither the Access Key nor Key ID are set, we fall back to using env + vars, shared credentials file, or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials properties: key: @@ -3186,9 +3207,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -4489,9 +4511,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -4639,6 +4662,10 @@ spec: - metadata - spec type: object + selectableFields: + - jsonPath: .spec.issuerRef.group + - jsonPath: .spec.issuerRef.kind + - jsonPath: .spec.issuerRef.name served: true storage: true subresources: @@ -4655,8 +4682,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: clusterissuers.cert-manager.io spec: group: cert-manager.io @@ -5056,6 +5083,22 @@ spec: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. type: string + zoneType: + description: |- + ZoneType determines which type of Azure DNS zone to use. + + Valid values are: + - AzurePublicZone (default): Use a public Azure DNS zone. + - AzurePrivateZone: Use an Azure Private DNS zone. + + If not specified, AzurePublicZone is used. + + Support for Azure Private DNS zones is currently + experimental and may change in future releases. + enum: + - AzurePublicZone + - AzurePrivateZone + type: string required: - resourceGroupName - subscriptionID @@ -5184,7 +5227,7 @@ spec: description: |- The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be - enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. + enclosed in square brackets (e.g [2001:db8::1]); port is optional. This field is required. type: string protocol: @@ -5237,8 +5280,8 @@ spec: description: |- The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. - If neither the Access Key nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance metadata, + If neither the Access Key nor Key ID are set, we fall back to using env + vars, shared credentials file, or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials type: string accessKeyIDSecretRef: @@ -5246,8 +5289,8 @@ spec: The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. - If neither the Access Key nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance metadata, + If neither the Access Key nor Key ID are set, we fall back to using env + vars, shared credentials file, or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials properties: key: @@ -5339,8 +5382,8 @@ spec: secretAccessKeySecretRef: description: |- The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance metadata, + If neither the Access Key nor Key ID are set, we fall back to using env + vars, shared credentials file, or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials properties: key: @@ -6810,9 +6853,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -8137,9 +8181,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -8397,8 +8442,8 @@ spec: properties: audiences: description: |- - TokenAudiences is an optional list of extra audiences to include in the token passed to Vault. The default token - consisting of the issuer's namespace and name is always included. + TokenAudiences is an optional list of extra audiences to include in the token passed to Vault. + The default audiences are always included in the token. items: type: string type: array @@ -8529,17 +8574,17 @@ spec: type: object venafi: description: |- - Venafi configures this issuer to sign certificates using a Venafi TPP - or Venafi Cloud policy zone. + Venafi configures this issuer to sign certificates using a CyberArk Certificate Manager Self-Hosted + or SaaS policy zone. properties: cloud: description: |- - Cloud specifies the Venafi cloud configuration settings. - Only one of TPP or Cloud may be specified. + Cloud specifies the CyberArk Certificate Manager SaaS configuration settings. + Only one of CyberArk Certificate Manager may be specified. properties: apiTokenSecretRef: description: APITokenSecretRef is a secret key selector for - the Venafi Cloud API token. + the CyberArk Certificate Manager SaaS API token. properties: key: description: |- @@ -8557,7 +8602,7 @@ spec: type: object url: description: |- - URL is the base URL for Venafi Cloud. + URL is the base URL for CyberArk Certificate Manager SaaS. Defaults to "https://api.venafi.cloud/". type: string required: @@ -8565,13 +8610,13 @@ spec: type: object tpp: description: |- - TPP specifies Trust Protection Platform configuration settings. - Only one of TPP or Cloud may be specified. + TPP specifies CyberArk Certificate Manager Self-Hosted configuration settings. + Only one of CyberArk Certificate Manager may be specified. properties: caBundle: description: |- Base64-encoded bundle of PEM CAs which will be used to validate the certificate - chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. + chain presented by the CyberArk Certificate Manager Self-Hosted server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain. format: byte @@ -8579,7 +8624,7 @@ spec: caBundleSecretRef: description: |- Reference to a Secret containing a base64-encoded bundle of PEM CAs - which will be used to validate the certificate chain presented by the TPP server. + which will be used to validate the certificate chain presented by the CyberArk Certificate Manager Self-Hosted server. Only used if using HTTPS; ignored for HTTP. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef is defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. @@ -8600,7 +8645,7 @@ spec: type: object credentialsRef: description: |- - CredentialsRef is a reference to a Secret containing the Venafi TPP API credentials. + CredentialsRef is a reference to a Secret containing the CyberArk Certificate Manager Self-Hosted API credentials. The secret must contain the key 'access-token' for the Access Token Authentication, or two keys, 'username' and 'password' for the API Keys Authentication. properties: @@ -8614,7 +8659,7 @@ spec: type: object url: description: |- - URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, + URL is the base URL for the vedsdk endpoint of the CyberArk Certificate Manager Self-Hosted instance, for example: "https://tpp.example.com/vedsdk". type: string required: @@ -8623,8 +8668,8 @@ spec: type: object zone: description: |- - Zone is the Venafi Policy Zone to use for this issuer. - All requests made to the Venafi platform will be restricted by the named + Zone is the Certificate Manager Policy Zone to use for this issuer. + All requests made to the Certificate Manager platform will be restricted by the named zone policy. This field is required. type: string @@ -8731,8 +8776,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: issuers.cert-manager.io spec: group: cert-manager.io @@ -9131,6 +9176,22 @@ spec: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set. type: string + zoneType: + description: |- + ZoneType determines which type of Azure DNS zone to use. + + Valid values are: + - AzurePublicZone (default): Use a public Azure DNS zone. + - AzurePrivateZone: Use an Azure Private DNS zone. + + If not specified, AzurePublicZone is used. + + Support for Azure Private DNS zones is currently + experimental and may change in future releases. + enum: + - AzurePublicZone + - AzurePrivateZone + type: string required: - resourceGroupName - subscriptionID @@ -9259,7 +9320,7 @@ spec: description: |- The IP address or hostname of an authoritative DNS server supporting RFC2136 in the form host:port. If the host is an IPv6 address it must be - enclosed in square brackets (e.g [2001:db8::1]) ; port is optional. + enclosed in square brackets (e.g [2001:db8::1]); port is optional. This field is required. type: string protocol: @@ -9312,8 +9373,8 @@ spec: description: |- The AccessKeyID is used for authentication. Cannot be set when SecretAccessKeyID is set. - If neither the Access Key nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance metadata, + If neither the Access Key nor Key ID are set, we fall back to using env + vars, shared credentials file, or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials type: string accessKeyIDSecretRef: @@ -9321,8 +9382,8 @@ spec: The SecretAccessKey is used for authentication. If set, pull the AWS access key ID from a key within a Kubernetes Secret. Cannot be set when AccessKeyID is set. - If neither the Access Key nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance metadata, + If neither the Access Key nor Key ID are set, we fall back to using env + vars, shared credentials file, or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials properties: key: @@ -9414,8 +9475,8 @@ spec: secretAccessKeySecretRef: description: |- The SecretAccessKey is used for authentication. - If neither the Access Key nor Key ID are set, we fall-back to using env - vars, shared credentials file or AWS Instance metadata, + If neither the Access Key nor Key ID are set, we fall back to using env + vars, shared credentials file, or AWS Instance metadata, see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials properties: key: @@ -10885,9 +10946,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -12212,9 +12274,10 @@ spec: operator: description: |- Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. + Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators). type: string tolerationSeconds: description: |- @@ -12472,8 +12535,8 @@ spec: properties: audiences: description: |- - TokenAudiences is an optional list of extra audiences to include in the token passed to Vault. The default token - consisting of the issuer's namespace and name is always included. + TokenAudiences is an optional list of extra audiences to include in the token passed to Vault. + The default audiences are always included in the token. items: type: string type: array @@ -12604,17 +12667,17 @@ spec: type: object venafi: description: |- - Venafi configures this issuer to sign certificates using a Venafi TPP - or Venafi Cloud policy zone. + Venafi configures this issuer to sign certificates using a CyberArk Certificate Manager Self-Hosted + or SaaS policy zone. properties: cloud: description: |- - Cloud specifies the Venafi cloud configuration settings. - Only one of TPP or Cloud may be specified. + Cloud specifies the CyberArk Certificate Manager SaaS configuration settings. + Only one of CyberArk Certificate Manager may be specified. properties: apiTokenSecretRef: description: APITokenSecretRef is a secret key selector for - the Venafi Cloud API token. + the CyberArk Certificate Manager SaaS API token. properties: key: description: |- @@ -12632,7 +12695,7 @@ spec: type: object url: description: |- - URL is the base URL for Venafi Cloud. + URL is the base URL for CyberArk Certificate Manager SaaS. Defaults to "https://api.venafi.cloud/". type: string required: @@ -12640,13 +12703,13 @@ spec: type: object tpp: description: |- - TPP specifies Trust Protection Platform configuration settings. - Only one of TPP or Cloud may be specified. + TPP specifies CyberArk Certificate Manager Self-Hosted configuration settings. + Only one of CyberArk Certificate Manager may be specified. properties: caBundle: description: |- Base64-encoded bundle of PEM CAs which will be used to validate the certificate - chain presented by the TPP server. Only used if using HTTPS; ignored for HTTP. + chain presented by the CyberArk Certificate Manager Self-Hosted server. Only used if using HTTPS; ignored for HTTP. If undefined, the certificate bundle in the cert-manager controller container is used to validate the chain. format: byte @@ -12654,7 +12717,7 @@ spec: caBundleSecretRef: description: |- Reference to a Secret containing a base64-encoded bundle of PEM CAs - which will be used to validate the certificate chain presented by the TPP server. + which will be used to validate the certificate chain presented by the CyberArk Certificate Manager Self-Hosted server. Only used if using HTTPS; ignored for HTTP. Mutually exclusive with CABundle. If neither CABundle nor CABundleSecretRef is defined, the certificate bundle in the cert-manager controller container is used to validate the TLS connection. @@ -12675,7 +12738,7 @@ spec: type: object credentialsRef: description: |- - CredentialsRef is a reference to a Secret containing the Venafi TPP API credentials. + CredentialsRef is a reference to a Secret containing the CyberArk Certificate Manager Self-Hosted API credentials. The secret must contain the key 'access-token' for the Access Token Authentication, or two keys, 'username' and 'password' for the API Keys Authentication. properties: @@ -12689,7 +12752,7 @@ spec: type: object url: description: |- - URL is the base URL for the vedsdk endpoint of the Venafi TPP instance, + URL is the base URL for the vedsdk endpoint of the CyberArk Certificate Manager Self-Hosted instance, for example: "https://tpp.example.com/vedsdk". type: string required: @@ -12698,8 +12761,8 @@ spec: type: object zone: description: |- - Zone is the Venafi Policy Zone to use for this issuer. - All requests made to the Venafi platform will be restricted by the named + Zone is the Certificate Manager Policy Zone to use for this issuer. + All requests made to the Certificate Manager platform will be restricted by the named zone policy. This field is required. type: string @@ -12806,8 +12869,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: orders.acme.cert-manager.io spec: group: acme.cert-manager.io @@ -13072,6 +13135,10 @@ spec: - metadata - spec type: object + selectableFields: + - jsonPath: .spec.issuerRef.group + - jsonPath: .spec.issuerRef.kind + - jsonPath: .spec.issuerRef.name served: true storage: true subresources: @@ -13087,8 +13154,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager namespace: cert-manager --- @@ -13102,8 +13169,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-cainjector namespace: cert-manager --- @@ -13121,8 +13188,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: startupapicheck - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-startupapicheck namespace: cert-manager --- @@ -13136,8 +13203,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-webhook namespace: cert-manager --- @@ -13146,7 +13213,7 @@ kind: ServiceAccount metadata: labels: app: cert-manager-webhook-netcup - chart: cert-manager-webhook-netcup-1.0.34 + chart: cert-manager-webhook-netcup-1.0.43 heritage: Helm release: cert-manager-webhook-netcup name: cert-manager-webhook-netcup @@ -13161,8 +13228,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-cainjector:leaderelection namespace: cert-manager rules: @@ -13197,8 +13264,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: startupapicheck - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-startupapicheck:create-cert namespace: cert-manager rules: @@ -13218,8 +13285,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-tokenrequest namespace: cert-manager rules: @@ -13255,8 +13322,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-webhook:dynamic-serving namespace: cert-manager rules: @@ -13287,8 +13354,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager:leaderelection namespace: cert-manager rules: @@ -13318,8 +13385,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-cainjector rules: - apiGroups: @@ -13388,8 +13455,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true" name: cert-manager-cluster-view rules: @@ -13411,8 +13478,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-approve:cert-manager-io rules: - apiGroups: @@ -13434,8 +13501,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-certificates rules: - apiGroups: @@ -13505,8 +13572,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-certificatesigningrequests rules: - apiGroups: @@ -13550,8 +13617,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-challenges rules: - apiGroups: @@ -13657,8 +13724,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-clusterissuers rules: - apiGroups: @@ -13705,8 +13772,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-ingress-shim rules: - apiGroups: @@ -13748,6 +13815,7 @@ rules: resources: - gateways - httproutes + - listenersets verbs: - get - list @@ -13757,6 +13825,7 @@ rules: resources: - gateways/finalizers - httproutes/finalizers + - listenersets/finalizers verbs: - update - apiGroups: @@ -13776,8 +13845,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-issuers rules: - apiGroups: @@ -13824,8 +13893,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-orders rules: - apiGroups: @@ -13892,8 +13961,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" name: cert-manager-edit @@ -13937,8 +14006,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 rbac.authorization.k8s.io/aggregate-to-admin: "true" rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -13970,7 +14039,7 @@ kind: ClusterRole metadata: labels: app: cert-manager-webhook-netcup - chart: cert-manager-webhook-netcup-1.0.34 + chart: cert-manager-webhook-netcup-1.0.43 heritage: Helm release: cert-manager-webhook-netcup name: cert-manager-webhook-netcup:domain-solver @@ -13987,7 +14056,7 @@ kind: ClusterRole metadata: labels: app: cert-manager-webhook-netcup - chart: cert-manager-webhook-netcup-1.0.34 + chart: cert-manager-webhook-netcup-1.0.43 heritage: Helm release: cert-manager-webhook-netcup name: cert-manager-webhook-netcup:flowcontrol @@ -14011,8 +14080,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-webhook:subjectaccessreviews rules: - apiGroups: @@ -14031,8 +14100,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-cainjector:leaderelection namespace: cert-manager roleRef: @@ -14057,8 +14126,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: startupapicheck - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-startupapicheck:create-cert namespace: cert-manager roleRef: @@ -14079,8 +14148,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-tokenrequest namespace: cert-manager roleRef: @@ -14116,8 +14185,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-webhook:dynamic-serving namespace: cert-manager roleRef: @@ -14138,8 +14207,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager:leaderelection namespace: cert-manager roleRef: @@ -14156,7 +14225,7 @@ kind: RoleBinding metadata: labels: app: cert-manager-webhook-netcup - chart: cert-manager-webhook-netcup-1.0.34 + chart: cert-manager-webhook-netcup-1.0.43 heritage: Helm release: cert-manager-webhook-netcup name: cert-manager-webhook-netcup:webhook-authentication-reader @@ -14180,8 +14249,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-cainjector roleRef: apiGroup: rbac.authorization.k8s.io @@ -14201,8 +14270,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-approve:cert-manager-io roleRef: apiGroup: rbac.authorization.k8s.io @@ -14222,8 +14291,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-certificates roleRef: apiGroup: rbac.authorization.k8s.io @@ -14243,8 +14312,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-certificatesigningrequests roleRef: apiGroup: rbac.authorization.k8s.io @@ -14264,8 +14333,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-challenges roleRef: apiGroup: rbac.authorization.k8s.io @@ -14285,8 +14354,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-clusterissuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -14306,8 +14375,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-ingress-shim roleRef: apiGroup: rbac.authorization.k8s.io @@ -14327,8 +14396,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-issuers roleRef: apiGroup: rbac.authorization.k8s.io @@ -14348,8 +14417,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-controller-orders roleRef: apiGroup: rbac.authorization.k8s.io @@ -14365,7 +14434,7 @@ kind: ClusterRoleBinding metadata: labels: app: cert-manager-webhook-netcup - chart: cert-manager-webhook-netcup-1.0.34 + chart: cert-manager-webhook-netcup-1.0.43 heritage: Helm release: cert-manager-webhook-netcup name: cert-manager-webhook-netcup:auth-delegator @@ -14384,7 +14453,7 @@ kind: ClusterRoleBinding metadata: labels: app: cert-manager-webhook-netcup - chart: cert-manager-webhook-netcup-1.0.34 + chart: cert-manager-webhook-netcup-1.0.43 heritage: Helm release: cert-manager-webhook-netcup name: cert-manager-webhook-netcup:domain-solver @@ -14403,7 +14472,7 @@ kind: ClusterRoleBinding metadata: labels: app: cert-manager-webhook-netcup - chart: cert-manager-webhook-netcup-1.0.34 + chart: cert-manager-webhook-netcup-1.0.43 heritage: Helm release: cert-manager-webhook-netcup name: cert-manager-webhook-netcup:flowcontrol @@ -14426,8 +14495,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-webhook:subjectaccessreviews roleRef: apiGroup: rbac.authorization.k8s.io @@ -14447,8 +14516,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager namespace: cert-manager spec: @@ -14472,8 +14541,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-cainjector namespace: cert-manager spec: @@ -14496,8 +14565,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-webhook namespace: cert-manager spec: @@ -14521,7 +14590,7 @@ kind: Service metadata: labels: app: cert-manager-webhook-netcup - chart: cert-manager-webhook-netcup-1.0.34 + chart: cert-manager-webhook-netcup-1.0.43 heritage: Helm release: cert-manager-webhook-netcup name: cert-manager-webhook-netcup @@ -14546,8 +14615,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager namespace: cert-manager spec: @@ -14569,22 +14638,22 @@ spec: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cert-manager - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 spec: containers: - args: - --v=2 - --cluster-resource-namespace=$(POD_NAMESPACE) - --leader-election-namespace=cert-manager - - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.19.1 + - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.20.0 - --max-concurrent-challenges=60 env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-controller:v1.19.1 + image: quay.io/jetstack/cert-manager-controller:v1.20.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 @@ -14628,8 +14697,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-cainjector namespace: cert-manager spec: @@ -14651,8 +14720,8 @@ spec: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: cainjector - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 spec: containers: - args: @@ -14663,7 +14732,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-cainjector:v1.19.1 + image: quay.io/jetstack/cert-manager-cainjector:v1.20.0 imagePullPolicy: IfNotPresent name: cert-manager-cainjector ports: @@ -14694,8 +14763,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-webhook namespace: cert-manager spec: @@ -14717,8 +14786,8 @@ spec: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 spec: containers: - args: @@ -14734,7 +14803,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-webhook:v1.19.1 + image: quay.io/jetstack/cert-manager-webhook:v1.20.0 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 3 @@ -14787,7 +14856,7 @@ kind: Deployment metadata: labels: app: cert-manager-webhook-netcup - chart: cert-manager-webhook-netcup-1.0.34 + chart: cert-manager-webhook-netcup-1.0.43 heritage: Helm release: cert-manager-webhook-netcup name: cert-manager-webhook-netcup @@ -14829,10 +14898,25 @@ spec: port: https scheme: HTTPS resources: {} + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault volumeMounts: - mountPath: /tls name: certs readOnly: true + securityContext: + fsGroup: 10002 + runAsGroup: 10001 + runAsUser: 10001 serviceAccountName: cert-manager-webhook-netcup volumes: - name: certs @@ -14846,7 +14930,7 @@ metadata: cert-manager.io/inject-ca-from: cert-manager/cert-manager-webhook-netcup-webhook-tls labels: app: cert-manager-webhook-netcup - chart: cert-manager-webhook-netcup-1.0.34 + chart: cert-manager-webhook-netcup-1.0.43 heritage: Helm release: cert-manager-webhook-netcup name: v1alpha1.com.netcup.webhook @@ -14872,8 +14956,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: startupapicheck - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-startupapicheck namespace: cert-manager spec: @@ -14886,8 +14970,8 @@ spec: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: startupapicheck - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 spec: containers: - args: @@ -14900,7 +14984,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: quay.io/jetstack/cert-manager-startupapicheck:v1.19.1 + image: quay.io/jetstack/cert-manager-startupapicheck:v1.20.0 imagePullPolicy: IfNotPresent name: cert-manager-startupapicheck securityContext: @@ -14924,7 +15008,7 @@ kind: Certificate metadata: labels: app: cert-manager-webhook-netcup - chart: cert-manager-webhook-netcup-1.0.34 + chart: cert-manager-webhook-netcup-1.0.43 heritage: Helm release: cert-manager-webhook-netcup name: cert-manager-webhook-netcup-ca @@ -14942,7 +15026,7 @@ kind: Certificate metadata: labels: app: cert-manager-webhook-netcup - chart: cert-manager-webhook-netcup-1.0.34 + chart: cert-manager-webhook-netcup-1.0.43 heritage: Helm release: cert-manager-webhook-netcup name: cert-manager-webhook-netcup-webhook-tls @@ -14962,7 +15046,7 @@ kind: Issuer metadata: labels: app: cert-manager-webhook-netcup - chart: cert-manager-webhook-netcup-1.0.34 + chart: cert-manager-webhook-netcup-1.0.43 heritage: Helm release: cert-manager-webhook-netcup name: cert-manager-webhook-netcup-ca @@ -14976,7 +15060,7 @@ kind: Issuer metadata: labels: app: cert-manager-webhook-netcup - chart: cert-manager-webhook-netcup-1.0.34 + chart: cert-manager-webhook-netcup-1.0.43 heritage: Helm release: cert-manager-webhook-netcup name: cert-manager-webhook-netcup-selfsign @@ -14995,8 +15079,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-webhook webhooks: - admissionReviewVersions: @@ -15032,8 +15116,8 @@ metadata: app.kubernetes.io/instance: cert-manager app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: webhook - app.kubernetes.io/version: v1.19.1 - helm.sh/chart: cert-manager-v1.19.1 + app.kubernetes.io/version: v1.20.0 + helm.sh/chart: cert-manager-v1.20.0 name: cert-manager-webhook webhooks: - admissionReviewVersions: diff --git a/certmanager/src/kustomization.yaml b/certmanager/src/kustomization.yaml index b822299..4dd5c2d 100644 --- a/certmanager/src/kustomization.yaml +++ b/certmanager/src/kustomization.yaml @@ -5,14 +5,14 @@ kind: Kustomization helmCharts: - name: cert-manager repo: https://charts.jetstack.io - version: 1.19.1 + version: 1.20.0 releaseName: cert-manager namespace: cert-manager valuesFile: values.yaml - name: cert-manager-webhook-netcup repo: https://aellwein.github.io/cert-manager-webhook-netcup/charts/ - version: 1.0.34 + version: 1.0.43 releaseName: cert-manager-webhook-netcup namespace: cert-manager valuesFile: values-netcup.yaml