Skip to content

Commit

Permalink
Merge pull request #99 from wallrj/release-1.13
Browse files Browse the repository at this point in the history 
Release 1.13
  • Loading branch information
@wallrj
wallrj authored Oct 5, 2023
2 parents ff8ef93 + b249773 commit 8cad90d
Show file tree
Hide file tree
Showing 15 changed files with 399 additions and 254 deletions.
4 changes: 2 additions & 2 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ SHELL := bash
.SUFFIXES:
.ONESHELL:

CERT_MANAGER_VERSION ?= 1.12.2
CERT_MANAGER_VERSION ?= 1.13.1
# Decoupled the BUNDLE_VERSION from the CERT_MANAGER_VERSION so that I can do a
# patch release containing the fix for:
# https://github.com/cert-manager/cert-manager/issues/5551
export BUNDLE_VERSION ?= 1.12.2
export BUNDLE_VERSION ?= 1.13.1
# DO NOT PUBLISH PRE-RELEASES TO THE STABLE CHANNEL!
# For stable releases use: `candidate stable`.
# For pre-releases use: `candidate`.
Expand Down
78 changes: 52 additions & 26 deletions bundle/manifests/acme.cert-manager.io_challenges.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.12.2
app.kubernetes.io/version: v1.13.1
name: challenges.acme.cert-manager.io
spec:
group: acme.cert-manager.io
Expand Down Expand Up @@ -530,10 +530,12 @@ spec:
items:
description: "ParentReference identifies an API object
(usually a Gateway) that can be considered a parent
of this resource (usually a route). The only kind
of parent resource with \"Core\" support is Gateway.
This API may be extended in the future to support
additional kinds of parent resources, such as HTTPRoute.
of this resource (usually a route). There are two
kinds of parent resources with \"Core\" support: \n
* Gateway (Gateway conformance profile) * Service
(Mesh conformance profile, experimental, ClusterIP
Services only) \n This API may be extended in the
future to support additional kinds of parent resources.
\n The API object must be valid in the cluster; the
Group and Kind must be registered in the cluster for
this reference to be valid."
Expand All @@ -551,9 +553,12 @@ spec:
type: string
kind:
default: Gateway
description: "Kind is kind of the referent. \n Support:
Core (Gateway) \n Support: Implementation-specific
(Other Resources)"
description: "Kind is kind of the referent. \n There
are two kinds of parent resources with \"Core\"
support: \n * Gateway (Gateway conformance profile)
* Service (Mesh conformance profile, experimental,
ClusterIP Services only) \n Support for other
resources is Implementation-Specific."
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
Expand All @@ -575,6 +580,16 @@ spec:
to. For example: Gateway has the AllowedRoutes
field, and ReferenceGrant provides a generic way
to enable any other kind of cross-namespace reference.
\n ParentRefs from a Route to a Service in the
same namespace are \"producer\" routes, which
apply default routing rules to inbound connections
from any namespace to the Service. \n ParentRefs
from a Route to a Service in a different namespace
are \"consumer\" routes, and these routing rules
are only applied to outbound connections originating
from the same namespace as the Route, for which
the intended destination of the connections are
a Service targeted as a ParentRef of the Route.
\n Support: Core"
maxLength: 63
minLength: 1
Expand All @@ -593,20 +608,25 @@ spec:
port(s) may be changed. When both Port and SectionName
are specified, the name and port of the selected
listener must match both specified values. \n
Implementations MAY choose to support other parent
resources. Implementations supporting other types
of parent resources MUST clearly document how/if
Port is interpreted. \n For the purpose of status,
an attachment is considered successful as long
as the parent resource accepts it partially. For
example, Gateway listeners can restrict which
Routes can attach to them by Route kind, namespace,
or hostname. If 1 of 2 Gateway listeners accept
attachment from the referencing Route, the Route
MUST be considered successfully attached. If no
Gateway listeners accept attachment from this
Route, the Route MUST be considered detached from
the Gateway. \n Support: Extended \n <gateway:experimental>"
When the parent resource is a Service, this targets
a specific port in the Service spec. When both
Port (experimental) and SectionName are specified,
the name and port of the selected port must match
both specified values. \n Implementations MAY
choose to support other parent resources. Implementations
supporting other types of parent resources MUST
clearly document how/if Port is interpreted. \n
For the purpose of status, an attachment is considered
successful as long as the parent resource accepts
it partially. For example, Gateway listeners can
restrict which Routes can attach to them by Route
kind, namespace, or hostname. If 1 of 2 Gateway
listeners accept attachment from the referencing
Route, the Route MUST be considered successfully
attached. If no Gateway listeners accept attachment
from this Route, the Route MUST be considered
detached from the Gateway. \n Support: Extended
\n <gateway:experimental>"
format: int32
maximum: 65535
minimum: 1
Expand All @@ -618,10 +638,16 @@ spec:
* Gateway: Listener Name. When both Port (experimental)
and SectionName are specified, the name and port
of the selected listener must match both specified
values. \n Implementations MAY choose to support
attaching Routes to other resources. If that is
the case, they MUST clearly document how SectionName
is interpreted. \n When unspecified (empty string),
values. * Service: Port Name. When both Port (experimental)
and SectionName are specified, the name and port
of the selected listener must match both specified
values. Note that attaching Routes to Services
as Parents is part of experimental Mesh support
and is not supported for any other purpose. \n
Implementations MAY choose to support attaching
Routes to other resources. If that is the case,
they MUST clearly document how SectionName is
interpreted. \n When unspecified (empty string),
this will reference the entire resource. For the
purpose of status, an attachment is considered
successful if at least one section in the parent
Expand Down
2 changes: 1 addition & 1 deletion bundle/manifests/acme.cert-manager.io_orders.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
app: cert-manager
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.12.2
app.kubernetes.io/version: v1.13.1
name: orders.acme.cert-manager.io
spec:
group: acme.cert-manager.io
Expand Down
21 changes: 21 additions & 0 deletions bundle/manifests/cert-manager-cluster-view_rbac.authorization.k8s.io_v1_clusterrole.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
labels:
app: cert-manager
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.13.1
rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
name: cert-manager-cluster-view
rules:
- apiGroups:
- cert-manager.io
resources:
- clusterissuers
verbs:
- get
- list
- watch
2 changes: 1 addition & 1 deletion bundle/manifests/cert-manager-edit_rbac.authorization.k8s.io_v1_clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ metadata:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.12.2
app.kubernetes.io/version: v1.13.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
name: cert-manager-edit
Expand Down
3 changes: 2 additions & 1 deletion bundle/manifests/cert-manager-view_rbac.authorization.k8s.io_v1_clusterrole.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,9 @@ metadata:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.12.2
app.kubernetes.io/version: v1.13.1
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: cert-manager-view
Expand Down
2 changes: 1 addition & 1 deletion bundle/manifests/cert-manager-webhook_v1_configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,5 +7,5 @@ metadata:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.12.2
app.kubernetes.io/version: v1.13.1
name: cert-manager-webhook
2 changes: 1 addition & 1 deletion bundle/manifests/cert-manager-webhook_v1_service.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ metadata:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.12.2
app.kubernetes.io/version: v1.13.1
name: cert-manager-webhook
spec:
ports:
Expand Down
41 changes: 22 additions & 19 deletions bundle/manifests/cert-manager.clusterserviceversion.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,9 +67,9 @@ metadata:
]
capabilities: Full Lifecycle
categories: Security
containerImage: quay.io/jetstack/cert-manager-controller:v1.12.2
createdAt: '2023-10-03T13:18:40'
olm.skipRange: '>=1.12.0 <1.12.2'
containerImage: quay.io/jetstack/cert-manager-controller:v1.13.1
createdAt: '2023-10-03T16:49:57'
olm.skipRange: '>=1.13.0 <1.13.1'
operators.operatorframework.io/builder: operator-sdk-v1.25.0
operators.operatorframework.io/internal-objects: |-
[
Expand All @@ -84,7 +84,7 @@ metadata:
operatorframework.io/arch.arm64: supported
operatorframework.io/arch.ppc64le: supported
operatorframework.io/arch.s390x: supported
name: cert-manager.v1.12.2
name: cert-manager.v1.13.1
namespace: placeholder
spec:
apiservicedefinitions: {}
Expand All @@ -93,15 +93,15 @@ spec:
- description: "A CertificateRequest is used to request a signed certificate from\
\ one of the configured issuers. \n All fields within the CertificateRequest's\
\ `spec` are immutable after creation. A CertificateRequest will either succeed\
\ or fail, as denoted by its `status.state` field. \n A CertificateRequest\
\ is a one-shot resource, meaning it represents a single point in time request\
\ for a certificate and cannot be re-used."
\ or fail, as denoted by its `Ready` status condition and its `status.failureTime`\
\ field. \n A CertificateRequest is a one-shot resource, meaning it represents\
\ a single point in time request for a certificate and cannot be re-used."
displayName: CertificateRequest
kind: CertificateRequest
name: certificaterequests.cert-manager.io
version: v1
- description: "A Certificate resource should be created to ensure an up to date\
\ and signed x509 certificate is stored in the Kubernetes Secret resource\
\ and signed X.509 certificate is stored in the Kubernetes Secret resource\
\ named in `spec.secretName`. \n The stored certificate will be renewed before\
\ it expires (as configured by `spec.renewBefore`)."
displayName: Certificate
Expand Down Expand Up @@ -621,7 +621,7 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.12.2
app.kubernetes.io/version: v1.13.1
name: cert-manager
spec:
replicas: 1
Expand All @@ -642,21 +642,21 @@ spec:
app.kubernetes.io/component: controller
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cert-manager
app.kubernetes.io/version: v1.12.2
app.kubernetes.io/version: v1.13.1
spec:
containers:
- args:
- --v=2
- --cluster-resource-namespace=$(POD_NAMESPACE)
- --leader-election-namespace=kube-system
- --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.12.2
- --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.13.1
- --max-concurrent-challenges=60
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-controller:v1.12.2
image: quay.io/jetstack/cert-manager-controller:v1.13.1
imagePullPolicy: IfNotPresent
name: cert-manager-controller
ports:
Expand All @@ -672,6 +672,7 @@ spec:
capabilities:
drop:
- ALL
enableServiceLinks: false
nodeSelector:
kubernetes.io/os: linux
securityContext:
Expand All @@ -684,7 +685,7 @@ spec:
app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.12.2
app.kubernetes.io/version: v1.13.1
name: cert-manager-cainjector
spec:
replicas: 1
Expand All @@ -701,7 +702,7 @@ spec:
app.kubernetes.io/component: cainjector
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: cainjector
app.kubernetes.io/version: v1.12.2
app.kubernetes.io/version: v1.13.1
spec:
containers:
- args:
Expand All @@ -712,7 +713,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-cainjector:v1.12.2
image: quay.io/jetstack/cert-manager-cainjector:v1.13.1
imagePullPolicy: IfNotPresent
name: cert-manager-cainjector
resources: {}
Expand All @@ -721,6 +722,7 @@ spec:
capabilities:
drop:
- ALL
enableServiceLinks: false
nodeSelector:
kubernetes.io/os: linux
securityContext:
Expand All @@ -733,7 +735,7 @@ spec:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.12.2
app.kubernetes.io/version: v1.13.1
name: cert-manager-webhook
spec:
replicas: 1
Expand All @@ -750,7 +752,7 @@ spec:
app.kubernetes.io/component: webhook
app.kubernetes.io/instance: cert-manager
app.kubernetes.io/name: webhook
app.kubernetes.io/version: v1.12.2
app.kubernetes.io/version: v1.13.1
spec:
containers:
- args:
Expand All @@ -766,7 +768,7 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/jetstack/cert-manager-webhook:v1.12.2
image: quay.io/jetstack/cert-manager-webhook:v1.13.1
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
Expand Down Expand Up @@ -802,6 +804,7 @@ spec:
capabilities:
drop:
- ALL
enableServiceLinks: false
nodeSelector:
kubernetes.io/os: linux
securityContext:
Expand Down Expand Up @@ -894,7 +897,7 @@ spec:
provider:
name: The cert-manager maintainers
url: https://cert-manager.io/
version: 1.12.2
version: 1.13.1
webhookdefinitions:
- admissionReviewVersions:
- v1
Expand Down
Loading

0 comments on commit 8cad90d

Please sign in to comment.