Update Helm release cert-manager to v1.18.2 #1065
No reviewers
Labels
No labels
state
stale
state
to-do
state
waiting
system
argo
system
cni
system
dashboard
system
ingress
system
monitoring
system
sso
system
storage
system
woodpecker
type
bug
type
enhancement
type
update
type
dependency-dashboard
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: yolokube/core-deployments#1065
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "renovate/cert-manager-1.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
v1.17.2
->v1.18.2
Release Notes
cert-manager/cert-manager (cert-manager)
v1.18.2
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
We fixed a bug in the CSR's name constraints construction (only applies if you have enabled the
NameConstraints
feature gate).We dropped the new
global.rbac.disableHTTPChallengesRole
Helm option due to a bug we found, this feature will be released inv1.19
instead.Changes since
v1.18.1
:Bug or Regression
global.rbac.disableHTTPChallengesRole
Helm option. (#7837, @cert-manager-bot)v1.18.1
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
We have added a new feature gate
ACMEHTTP01IngressPathTypeExact
, to allowingress-nginx
users to turn off the new default IngressPathType: Exact
behavior, in ACME HTTP01 Ingress challenge solvers.This change fixes the following issue: #7791
We have increased the ACME challenge authorization timeout to two minutes, which we hope will fix a timeout error (
error waiting for authorization
), which has been reported by multiple users, since the release of cert-managerv1.16.0
.This change should fix the following issues: #7337, #7444, and #7685.
Changes since
v1.18.0
:Feature
ACMEHTTP01IngressPathTypeExact
, to allowingress-nginx
users to turn off the new default IngressPathType: Exact
behavior, in ACME HTTP01 Ingress challenge solvers. (#7810
, @sspreitzer)Bug or Regression
error waiting for authorization
. (#7801
, @hjoshi123)Other (Cleanup or Flake)
#7807
, @wallrj)v1.18.0
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
cert-manager 1.18 introduces several new features and breaking changes. Highlights include support for ACME certificate profiles, a new default for
Certificate.Spec.PrivateKey.RotationPolicy
now set toAlways
(breaking change), and the defaultCertificate.Spec.RevisionHistoryLimit
now set to1
(potentially breaking).Known Issues
Changes since
v1.17.2
:Feature
app.kubernetes.io/managed-by: cert-manager
label to the created Let's Encrypt account keys (#7577, @terinjokes)certmanager_certificate_not_before_timestamp_seconds
,certmanager_certificate_not_after_timestamp_seconds
). (#7612, @solidDoWant)--extra-certificate-annotations
, which sets a list of annotation keys to be copied from Ingress-like to resulting Certificate object (#7083, @k0da)iss
short name for the cert-managerIssuer
resource. (#7373, @SgtCoDFish)ciss
short name for the cert-managerClusterIssuer
resource (#7373, @SgtCoDFish)global.rbac.disableHTTPChallengesRole
helm value to disable HTTP-01 ACME challenges. This allows cert-manager to drop its permission to create pods, improving security when HTTP-01 challenges are not required. (#7666, @ali-hamza-noor)FindZoneByFqdn
(#7596, @ThatsIvan)UseDomainQualifiedFinalizer
feature to GA. (#7735, @jsoref)Certificate.Spec.PrivateKey.RotationPolicy
changed fromNever
toAlways
. (#7723, @wallrj)Documentation
Bug or Regression
go-jose
dependency to addressCVE-2025-27144
. (#7606, @SgtCoDFish)golang.org/x/oauth2
to patchCVE-2025-22868
. (#7638, @NicholasBlaskey)golang.org/x/crypto
to patchGHSA-hcg3-q754-cr77
. (#7638, @NicholasBlaskey)github.com/golang-jwt/jwt
to patchGHSA-mh63-6h87-95cp
. (#7638, @NicholasBlaskey)ImplementationSpecific
toExact
for a reliable handling of ingress controllers and enhanced security. (#7767, @sspreitzer)--namespace=<namespace>
: limit the scope of cert-manager to a single namespace and disable cluster-scoped controllers. (#7678, @tsaarni)commonName
field; IP addresses are no longer added to the DNSsubjectAlternativeName
list and are instead added to theipAddresses
field as expected. (#7081, @johnjcool)certmanager_certificate_renewal_timestamp_seconds
metric help text indicating that the metric is relative to expiration time, rather than Unix epoch time. (#7609, @solidDoWant)Passthrough
mode. (#6986, @vehagn)golang.org/x/net
fixingCVE-2025-22870
. (#7619, @dependabot[bot])Other (Cleanup or Flake)
third_party/forked/acme
package with support for the ACME profiles extension. (#7776, @wallrj)AdditionalCertificateOutputFormats
feature to GA, making additional formats always enabled. (#7744, @erikgb)ValidateCAA
. Setting this feature gate is now a no-op which does nothing but print a warning log line (#7553, @SgtCoDFish)v1.24.4
(#7785, @wallrj)v1.17.4
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
We fixed a bug in the CSR's name constraints construction (only applies if you have enabled the
NameConstraints
feature gate).Changes since
v1.17.3
:Bug or Regression
v1.17.3
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This patch release addresses several vulnerabilities reported by the Trivy security scanner. It is built with the latest version of Go 1.23.
We have increased the ACME challenge authorization timeout to two minutes, which we hope will fix a timeout error (
error waiting for authorization
), which has been reported by multiple users, in: #7337, #7444, and #7685.Changes since
v1.17.2
:Bug or Regression
waiting for authorization
(#7798, @hjoshi123)Other (Cleanup or Flake)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.
397d2f9e76
to1ce941d2b9
chore(deps): update helm release cert-manager to v1.18.0to chore(deps): update helm release cert-manager to v1.18.1chore(deps): update helm release cert-manager to v1.18.1to Update Helm release cert-manager to v1.18.11ce941d2b9
tod079fdfc9f
Update Helm release cert-manager to v1.18.1to Update Helm release cert-manager to v1.18.2View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.