Created
February 14, 2024 15:45
-
-
Save wallrj/60e23094a939670964006f2bb4c19b0f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/bundle.Dockerfile b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/bundle.Dockerfile | |
index 4101107..ff869b9 100644 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/bundle.Dockerfile | |
+++ b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/bundle.Dockerfile | |
@@ -5,9 +5,9 @@ LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 | |
LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ | |
LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ | |
LABEL operators.operatorframework.io.bundle.package.v1=cert-manager | |
-LABEL operators.operatorframework.io.bundle.channels.v1=candidate,stable | |
+LABEL operators.operatorframework.io.bundle.channels.v1=stable,candidate | |
LABEL operators.operatorframework.io.bundle.channel.default.v1=stable | |
-LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.25.0 | |
+LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.33.0 | |
LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 | |
LABEL operators.operatorframework.io.metrics.project_layout=unknown | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/acme.cert-manager.io_challenges.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/acme.cert-manager.io_challenges.yaml | |
index 39a82cb..4ea4dd2 100644 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/acme.cert-manager.io_challenges.yaml | |
+++ b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/acme.cert-manager.io_challenges.yaml | |
@@ -6,7 +6,7 @@ metadata: | |
app: cert-manager | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: cert-manager | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
name: challenges.acme.cert-manager.io | |
spec: | |
group: acme.cert-manager.io | |
@@ -199,12 +199,16 @@ spec: | |
challenge records. | |
properties: | |
clientID: | |
- description: if both this and ClientSecret are left unset | |
- MSI will be used | |
+ description: 'Auth: Azure Service Principal: The ClientID | |
+ of the Azure Service Principal used to authenticate | |
+ with Azure DNS. If set, ClientSecret and TenantID must | |
+ also be set.' | |
type: string | |
clientSecretSecretRef: | |
- description: if both this and ClientID are left unset | |
- MSI will be used | |
+ description: 'Auth: Azure Service Principal: A reference | |
+ to a Secret containing the password associated with | |
+ the Service Principal. If set, ClientID and TenantID | |
+ must also be set.' | |
properties: | |
key: | |
description: The key of the entry in the Secret resource's | |
@@ -230,9 +234,10 @@ spec: | |
description: name of the DNS zone that should be used | |
type: string | |
managedIdentity: | |
- description: managed identity configuration, can not be | |
- used at the same time as clientID, clientSecretSecretRef | |
- or tenantID | |
+ description: 'Auth: Azure Workload Identity or Azure Managed | |
+ Service Identity: Settings to enable Azure Workload | |
+ Identity or Azure Managed Service Identity If set, ClientID, | |
+ ClientSecret and TenantID must not be set.' | |
properties: | |
clientID: | |
description: client ID of the managed identity, can | |
@@ -240,7 +245,8 @@ spec: | |
type: string | |
resourceID: | |
description: resource ID of the managed identity, | |
- can not be used at the same time as clientID | |
+ can not be used at the same time as clientID Cannot | |
+ be used for Azure Managed Service Identity | |
type: string | |
type: object | |
resourceGroupName: | |
@@ -250,8 +256,10 @@ spec: | |
description: ID of the Azure subscription | |
type: string | |
tenantID: | |
- description: when specifying ClientID and ClientSecret | |
- then this field is also needed | |
+ description: 'Auth: Azure Service Principal: The TenantID | |
+ of the Azure Service Principal used to authenticate | |
+ with Azure DNS. If set, ClientID and ClientSecret must | |
+ also be set.' | |
type: string | |
required: | |
- resourceGroupName | |
@@ -580,16 +588,17 @@ spec: | |
to. For example: Gateway has the AllowedRoutes | |
field, and ReferenceGrant provides a generic way | |
to enable any other kind of cross-namespace reference. | |
- \n ParentRefs from a Route to a Service in the | |
- same namespace are \"producer\" routes, which | |
- apply default routing rules to inbound connections | |
- from any namespace to the Service. \n ParentRefs | |
- from a Route to a Service in a different namespace | |
- are \"consumer\" routes, and these routing rules | |
- are only applied to outbound connections originating | |
- from the same namespace as the Route, for which | |
- the intended destination of the connections are | |
- a Service targeted as a ParentRef of the Route. | |
+ \n <gateway:experimental:description> ParentRefs | |
+ from a Route to a Service in the same namespace | |
+ are \"producer\" routes, which apply default routing | |
+ rules to inbound connections from any namespace | |
+ to the Service. \n ParentRefs from a Route to | |
+ a Service in a different namespace are \"consumer\" | |
+ routes, and these routing rules are only applied | |
+ to outbound connections originating from the same | |
+ namespace as the Route, for which the intended | |
+ destination of the connections are a Service targeted | |
+ as a ParentRef of the Route. </gateway:experimental:description> | |
\n Support: Core" | |
maxLength: 63 | |
minLength: 1 | |
@@ -608,25 +617,26 @@ spec: | |
port(s) may be changed. When both Port and SectionName | |
are specified, the name and port of the selected | |
listener must match both specified values. \n | |
- When the parent resource is a Service, this targets | |
- a specific port in the Service spec. When both | |
- Port (experimental) and SectionName are specified, | |
- the name and port of the selected port must match | |
- both specified values. \n Implementations MAY | |
- choose to support other parent resources. Implementations | |
- supporting other types of parent resources MUST | |
- clearly document how/if Port is interpreted. \n | |
- For the purpose of status, an attachment is considered | |
- successful as long as the parent resource accepts | |
- it partially. For example, Gateway listeners can | |
- restrict which Routes can attach to them by Route | |
- kind, namespace, or hostname. If 1 of 2 Gateway | |
- listeners accept attachment from the referencing | |
- Route, the Route MUST be considered successfully | |
- attached. If no Gateway listeners accept attachment | |
- from this Route, the Route MUST be considered | |
- detached from the Gateway. \n Support: Extended | |
- \n <gateway:experimental>" | |
+ <gateway:experimental:description> When the parent | |
+ resource is a Service, this targets a specific | |
+ port in the Service spec. When both Port (experimental) | |
+ and SectionName are specified, the name and port | |
+ of the selected port must match both specified | |
+ values. </gateway:experimental:description> \n | |
+ Implementations MAY choose to support other parent | |
+ resources. Implementations supporting other types | |
+ of parent resources MUST clearly document how/if | |
+ Port is interpreted. \n For the purpose of status, | |
+ an attachment is considered successful as long | |
+ as the parent resource accepts it partially. For | |
+ example, Gateway listeners can restrict which | |
+ Routes can attach to them by Route kind, namespace, | |
+ or hostname. If 1 of 2 Gateway listeners accept | |
+ attachment from the referencing Route, the Route | |
+ MUST be considered successfully attached. If no | |
+ Gateway listeners accept attachment from this | |
+ Route, the Route MUST be considered detached from | |
+ the Gateway. \n Support: Extended \n <gateway:experimental>" | |
format: int32 | |
maximum: 65535 | |
minimum: 1 | |
@@ -870,6 +880,16 @@ spec: | |
type: object | |
type: object | |
x-kubernetes-map-type: atomic | |
+ matchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
+ mismatchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
namespaceSelector: | |
properties: | |
matchExpressions: | |
@@ -938,6 +958,16 @@ spec: | |
type: object | |
type: object | |
x-kubernetes-map-type: atomic | |
+ matchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
+ mismatchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
namespaceSelector: | |
properties: | |
matchExpressions: | |
@@ -1004,6 +1034,16 @@ spec: | |
type: object | |
type: object | |
x-kubernetes-map-type: atomic | |
+ matchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
+ mismatchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
namespaceSelector: | |
properties: | |
matchExpressions: | |
@@ -1072,6 +1112,16 @@ spec: | |
type: object | |
type: object | |
x-kubernetes-map-type: atomic | |
+ matchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
+ mismatchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
namespaceSelector: | |
properties: | |
matchExpressions: | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/acme.cert-manager.io_orders.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/acme.cert-manager.io_orders.yaml | |
index 1949d5e..5de6b1e 100644 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/acme.cert-manager.io_orders.yaml | |
+++ b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/acme.cert-manager.io_orders.yaml | |
@@ -6,7 +6,7 @@ metadata: | |
app: cert-manager | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: cert-manager | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
name: orders.acme.cert-manager.io | |
spec: | |
group: acme.cert-manager.io | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager-cluster-view_rbac.authorization.k8s.io_v1_clusterrole.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager-cluster-view_rbac.authorization.k8s.io_v1_clusterrole.yaml | |
index 755d384..f1100cf 100644 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager-cluster-view_rbac.authorization.k8s.io_v1_clusterrole.yaml | |
+++ b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager-cluster-view_rbac.authorization.k8s.io_v1_clusterrole.yaml | |
@@ -7,7 +7,7 @@ metadata: | |
app.kubernetes.io/component: controller | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: cert-manager | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true" | |
name: cert-manager-cluster-view | |
rules: | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager-edit_rbac.authorization.k8s.io_v1_clusterrole.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager-edit_rbac.authorization.k8s.io_v1_clusterrole.yaml | |
index e7a4b95..09bba7a 100644 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager-edit_rbac.authorization.k8s.io_v1_clusterrole.yaml | |
+++ b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager-edit_rbac.authorization.k8s.io_v1_clusterrole.yaml | |
@@ -7,7 +7,7 @@ metadata: | |
app.kubernetes.io/component: controller | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: cert-manager | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
rbac.authorization.k8s.io/aggregate-to-admin: "true" | |
rbac.authorization.k8s.io/aggregate-to-edit: "true" | |
name: cert-manager-edit | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager-view_rbac.authorization.k8s.io_v1_clusterrole.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager-view_rbac.authorization.k8s.io_v1_clusterrole.yaml | |
index 2f91118..e052ef0 100644 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager-view_rbac.authorization.k8s.io_v1_clusterrole.yaml | |
+++ b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager-view_rbac.authorization.k8s.io_v1_clusterrole.yaml | |
@@ -7,7 +7,7 @@ metadata: | |
app.kubernetes.io/component: controller | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: cert-manager | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
rbac.authorization.k8s.io/aggregate-to-admin: "true" | |
rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true" | |
rbac.authorization.k8s.io/aggregate-to-edit: "true" | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager-webhook_v1_configmap.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager-webhook_v1_configmap.yaml | |
deleted file mode 100644 | |
index 5f743c9..0000000 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager-webhook_v1_configmap.yaml | |
+++ /dev/null | |
@@ -1,11 +0,0 @@ | |
-apiVersion: v1 | |
-data: null | |
-kind: ConfigMap | |
-metadata: | |
- labels: | |
- app: webhook | |
- app.kubernetes.io/component: webhook | |
- app.kubernetes.io/instance: cert-manager | |
- app.kubernetes.io/name: webhook | |
- app.kubernetes.io/version: v1.13.3 | |
- name: cert-manager-webhook | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager-webhook_v1_service.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager-webhook_v1_service.yaml | |
index 2723b50..e4e23f5 100644 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager-webhook_v1_service.yaml | |
+++ b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager-webhook_v1_service.yaml | |
@@ -7,7 +7,7 @@ metadata: | |
app.kubernetes.io/component: webhook | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: webhook | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
name: cert-manager-webhook | |
spec: | |
ports: | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager.clusterserviceversion.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager.clusterserviceversion.yaml | |
index 84f89f4..37472b3 100644 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager.clusterserviceversion.yaml | |
+++ b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager.clusterserviceversion.yaml | |
@@ -67,10 +67,10 @@ metadata: | |
] | |
capabilities: Full Lifecycle | |
categories: Security | |
- containerImage: quay.io/jetstack/cert-manager-controller:v1.13.3 | |
- createdAt: '2023-12-14T11:57:16' | |
- olm.skipRange: '>=1.13.0 <1.13.3' | |
- operators.operatorframework.io/builder: operator-sdk-v1.25.0 | |
+ containerImage: quay.io/jetstack/cert-manager-controller:v1.14.2 | |
+ createdAt: '2024-02-14T15:41:37' | |
+ olm.skipRange: '>=1.14.0 <1.14.2' | |
+ operators.operatorframework.io/builder: operator-sdk-v1.33.0 | |
operators.operatorframework.io/internal-objects: |- | |
[ | |
"challenges.acme.cert-manager.io", | |
@@ -84,7 +84,7 @@ metadata: | |
operatorframework.io/arch.arm64: supported | |
operatorframework.io/arch.ppc64le: supported | |
operatorframework.io/arch.s390x: supported | |
- name: cert-manager.v1.13.3 | |
+ name: cert-manager.v1.14.2 | |
namespace: placeholder | |
spec: | |
apiservicedefinitions: {} | |
@@ -621,7 +621,7 @@ spec: | |
app.kubernetes.io/component: controller | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: cert-manager | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
name: cert-manager | |
spec: | |
replicas: 1 | |
@@ -642,22 +642,32 @@ spec: | |
app.kubernetes.io/component: controller | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: cert-manager | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
spec: | |
containers: | |
- args: | |
- --v=2 | |
- --cluster-resource-namespace=$(POD_NAMESPACE) | |
- --leader-election-namespace=kube-system | |
- - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.13.3 | |
+ - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.14.2 | |
- --max-concurrent-challenges=60 | |
env: | |
- name: POD_NAMESPACE | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- image: quay.io/jetstack/cert-manager-controller:v1.13.3 | |
+ image: quay.io/jetstack/cert-manager-controller:v1.14.2 | |
imagePullPolicy: IfNotPresent | |
+ livenessProbe: | |
+ failureThreshold: 8 | |
+ httpGet: | |
+ path: /livez | |
+ port: http-healthz | |
+ scheme: HTTP | |
+ initialDelaySeconds: 10 | |
+ periodSeconds: 10 | |
+ successThreshold: 1 | |
+ timeoutSeconds: 15 | |
name: cert-manager-controller | |
ports: | |
- containerPort: 9402 | |
@@ -672,6 +682,7 @@ spec: | |
capabilities: | |
drop: | |
- ALL | |
+ readOnlyRootFilesystem: true | |
enableServiceLinks: false | |
nodeSelector: | |
kubernetes.io/os: linux | |
@@ -685,7 +696,7 @@ spec: | |
app.kubernetes.io/component: cainjector | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: cainjector | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
name: cert-manager-cainjector | |
spec: | |
replicas: 1 | |
@@ -702,7 +713,7 @@ spec: | |
app.kubernetes.io/component: cainjector | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: cainjector | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
spec: | |
containers: | |
- args: | |
@@ -713,7 +724,7 @@ spec: | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- image: quay.io/jetstack/cert-manager-cainjector:v1.13.3 | |
+ image: quay.io/jetstack/cert-manager-cainjector:v1.14.2 | |
imagePullPolicy: IfNotPresent | |
name: cert-manager-cainjector | |
resources: {} | |
@@ -722,6 +733,7 @@ spec: | |
capabilities: | |
drop: | |
- ALL | |
+ readOnlyRootFilesystem: true | |
enableServiceLinks: false | |
nodeSelector: | |
kubernetes.io/os: linux | |
@@ -735,7 +747,7 @@ spec: | |
app.kubernetes.io/component: webhook | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: webhook | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
name: cert-manager-webhook | |
spec: | |
replicas: 1 | |
@@ -752,15 +764,12 @@ spec: | |
app.kubernetes.io/component: webhook | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: webhook | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
spec: | |
containers: | |
- args: | |
- --v=2 | |
- --secure-port=10250 | |
- - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE) | |
- - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca | |
- - --dynamic-serving-dns-names=cert-manager-webhook-service.$(POD_NAMESPACE).svc | |
- --tls-cert-file=/apiserver.local.config/certificates/apiserver.crt | |
- --tls-private-key-file=/apiserver.local.config/certificates/apiserver.key | |
env: | |
@@ -768,7 +777,7 @@ spec: | |
valueFrom: | |
fieldRef: | |
fieldPath: metadata.namespace | |
- image: quay.io/jetstack/cert-manager-webhook:v1.13.3 | |
+ image: quay.io/jetstack/cert-manager-webhook:v1.14.2 | |
imagePullPolicy: IfNotPresent | |
livenessProbe: | |
failureThreshold: 3 | |
@@ -804,6 +813,7 @@ spec: | |
capabilities: | |
drop: | |
- ALL | |
+ readOnlyRootFilesystem: true | |
enableServiceLinks: false | |
nodeSelector: | |
kubernetes.io/os: linux | |
@@ -897,7 +907,7 @@ spec: | |
provider: | |
name: The cert-manager maintainers | |
url: https://cert-manager.io/ | |
- version: 1.13.3 | |
+ version: 1.14.2 | |
webhookdefinitions: | |
- admissionReviewVersions: | |
- v1 | |
@@ -919,7 +929,7 @@ spec: | |
- '*/*' | |
sideEffects: None | |
targetPort: https | |
- timeoutSeconds: 10 | |
+ timeoutSeconds: 30 | |
type: ValidatingAdmissionWebhook | |
webhookPath: /validate | |
- admissionReviewVersions: | |
@@ -932,16 +942,14 @@ spec: | |
rules: | |
- apiGroups: | |
- cert-manager.io | |
- - acme.cert-manager.io | |
apiVersions: | |
- v1 | |
operations: | |
- CREATE | |
- - UPDATE | |
resources: | |
- - '*/*' | |
+ - certificaterequests | |
sideEffects: None | |
targetPort: https | |
- timeoutSeconds: 10 | |
+ timeoutSeconds: 30 | |
type: MutatingAdmissionWebhook | |
webhookPath: /mutate | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager.io_certificaterequests.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager.io_certificaterequests.yaml | |
index e1de9ea..ef1b079 100644 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager.io_certificaterequests.yaml | |
+++ b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager.io_certificaterequests.yaml | |
@@ -6,7 +6,7 @@ metadata: | |
app: cert-manager | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: cert-manager | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
name: certificaterequests.cert-manager.io | |
spec: | |
group: cert-manager.io | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager.io_certificates.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager.io_certificates.yaml | |
index f89e028..696e085 100644 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager.io_certificates.yaml | |
+++ b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager.io_certificates.yaml | |
@@ -6,7 +6,7 @@ metadata: | |
app: cert-manager | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: cert-manager | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
name: certificates.cert-manager.io | |
spec: | |
group: cert-manager.io | |
@@ -226,6 +226,23 @@ spec: | |
required: | |
- name | |
type: object | |
+ profile: | |
+ description: "Profile specifies the key and certificate encryption | |
+ algorithms and the HMAC algorithm used to create the PKCS12 | |
+ keystore. Default value is `LegacyRC2` for backward compatibility. | |
+ \n If provided, allowed values are: `LegacyRC2`: Deprecated. | |
+ Not supported by default in OpenSSL 3 or Java 20. `LegacyDES`: | |
+ Less secure algorithm. Use this option for maximal compatibility. | |
+ `Modern2023`: Secure algorithm. Use this option in case | |
+ you have to always use secure algorithms (eg. because of | |
+ company policy). Please note that the security of the algorithm | |
+ is not that important in reality, because the unencrypted | |
+ certificate and private key are also stored in the Secret." | |
+ enum: | |
+ - LegacyRC2 | |
+ - LegacyDES | |
+ - Modern2023 | |
+ type: string | |
required: | |
- create | |
- passwordSecretRef | |
@@ -244,6 +261,97 @@ spec: | |
is an Alpha Feature and is only enabled with the `--feature-gates=LiteralCertificateSubject=true` | |
option set on both the controller and webhook components." | |
type: string | |
+ nameConstraints: | |
+ description: "x.509 certificate NameConstraint extension which MUST | |
+ NOT be used in a non-CA certificate. More Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 | |
+ \n This is an Alpha Feature and is only enabled with the `--feature-gates=NameConstraints=true` | |
+ option set on both the controller and webhook components." | |
+ properties: | |
+ critical: | |
+ description: if true then the name constraints are marked critical. | |
+ type: boolean | |
+ excluded: | |
+ description: Excluded contains the constraints which must be disallowed. | |
+ Any name matching a restriction in the excluded field is invalid | |
+ regardless of information appearing in the permitted | |
+ properties: | |
+ dnsDomains: | |
+ description: DNSDomains is a list of DNS domains that are | |
+ permitted or excluded. | |
+ items: | |
+ type: string | |
+ type: array | |
+ emailAddresses: | |
+ description: EmailAddresses is a list of Email Addresses that | |
+ are permitted or excluded. | |
+ items: | |
+ type: string | |
+ type: array | |
+ ipRanges: | |
+ description: IPRanges is a list of IP Ranges that are permitted | |
+ or excluded. This should be a valid CIDR notation. | |
+ items: | |
+ type: string | |
+ type: array | |
+ uriDomains: | |
+ description: URIDomains is a list of URI domains that are | |
+ permitted or excluded. | |
+ items: | |
+ type: string | |
+ type: array | |
+ type: object | |
+ permitted: | |
+ description: Permitted contains the constraints in which the names | |
+ must be located. | |
+ properties: | |
+ dnsDomains: | |
+ description: DNSDomains is a list of DNS domains that are | |
+ permitted or excluded. | |
+ items: | |
+ type: string | |
+ type: array | |
+ emailAddresses: | |
+ description: EmailAddresses is a list of Email Addresses that | |
+ are permitted or excluded. | |
+ items: | |
+ type: string | |
+ type: array | |
+ ipRanges: | |
+ description: IPRanges is a list of IP Ranges that are permitted | |
+ or excluded. This should be a valid CIDR notation. | |
+ items: | |
+ type: string | |
+ type: array | |
+ uriDomains: | |
+ description: URIDomains is a list of URI domains that are | |
+ permitted or excluded. | |
+ items: | |
+ type: string | |
+ type: array | |
+ type: object | |
+ type: object | |
+ otherNames: | |
+ description: '`otherNames` is an escape hatch for SAN that allows | |
+ any type. We currently restrict the support to string like otherNames, | |
+ cf RFC 5280 p 37 Any UTF8 String valued otherName can be passed | |
+ with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for | |
+ `otherName`. Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3 | |
+ You should ensure that any OID passed is valid for the UTF8String | |
+ type as we do not explicitly validate this.' | |
+ items: | |
+ properties: | |
+ oid: | |
+ description: OID is the object identifier for the otherName | |
+ SAN. The object identifier must be expressed as a dotted string, | |
+ for example, "1.2.840.113556.1.4.221". | |
+ type: string | |
+ utf8Value: | |
+ description: utf8Value is the string value of the otherName | |
+ SAN. The utf8Value accepts any valid UTF8 string to set as | |
+ value for the otherName SAN. | |
+ type: string | |
+ type: object | |
+ type: array | |
privateKey: | |
description: Private key options. These include the key algorithm | |
and size, the used encoding and the rotation policy. | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager.io_clusterissuers.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager.io_clusterissuers.yaml | |
index 61597df..b457101 100644 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager.io_clusterissuers.yaml | |
+++ b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager.io_clusterissuers.yaml | |
@@ -6,7 +6,7 @@ metadata: | |
app: cert-manager | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: cert-manager | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
name: clusterissuers.cert-manager.io | |
spec: | |
group: cert-manager.io | |
@@ -296,12 +296,16 @@ spec: | |
DNS01 challenge records. | |
properties: | |
clientID: | |
- description: if both this and ClientSecret are left | |
- unset MSI will be used | |
+ description: 'Auth: Azure Service Principal: The | |
+ ClientID of the Azure Service Principal used to | |
+ authenticate with Azure DNS. If set, ClientSecret | |
+ and TenantID must also be set.' | |
type: string | |
clientSecretSecretRef: | |
- description: if both this and ClientID are left | |
- unset MSI will be used | |
+ description: 'Auth: Azure Service Principal: A reference | |
+ to a Secret containing the password associated | |
+ with the Service Principal. If set, ClientID and | |
+ TenantID must also be set.' | |
properties: | |
key: | |
description: The key of the entry in the Secret | |
@@ -330,9 +334,11 @@ spec: | |
used | |
type: string | |
managedIdentity: | |
- description: managed identity configuration, can | |
- not be used at the same time as clientID, clientSecretSecretRef | |
- or tenantID | |
+ description: 'Auth: Azure Workload Identity or Azure | |
+ Managed Service Identity: Settings to enable Azure | |
+ Workload Identity or Azure Managed Service Identity | |
+ If set, ClientID, ClientSecret and TenantID must | |
+ not be set.' | |
properties: | |
clientID: | |
description: client ID of the managed identity, | |
@@ -341,6 +347,7 @@ spec: | |
resourceID: | |
description: resource ID of the managed identity, | |
can not be used at the same time as clientID | |
+ Cannot be used for Azure Managed Service Identity | |
type: string | |
type: object | |
resourceGroupName: | |
@@ -351,8 +358,10 @@ spec: | |
description: ID of the Azure subscription | |
type: string | |
tenantID: | |
- description: when specifying ClientID and ClientSecret | |
- then this field is also needed | |
+ description: 'Auth: Azure Service Principal: The | |
+ TenantID of the Azure Service Principal used to | |
+ authenticate with Azure DNS. If set, ClientID | |
+ and ClientSecret must also be set.' | |
type: string | |
required: | |
- resourceGroupName | |
@@ -701,19 +710,20 @@ spec: | |
are referring to. For example: Gateway has | |
the AllowedRoutes field, and ReferenceGrant | |
provides a generic way to enable any other | |
- kind of cross-namespace reference. \n ParentRefs | |
- from a Route to a Service in the same namespace | |
- are \"producer\" routes, which apply default | |
- routing rules to inbound connections from | |
- any namespace to the Service. \n ParentRefs | |
- from a Route to a Service in a different | |
- namespace are \"consumer\" routes, and these | |
- routing rules are only applied to outbound | |
- connections originating from the same namespace | |
- as the Route, for which the intended destination | |
- of the connections are a Service targeted | |
- as a ParentRef of the Route. \n Support: | |
- Core" | |
+ kind of cross-namespace reference. \n <gateway:experimental:description> | |
+ ParentRefs from a Route to a Service in | |
+ the same namespace are \"producer\" routes, | |
+ which apply default routing rules to inbound | |
+ connections from any namespace to the Service. | |
+ \n ParentRefs from a Route to a Service | |
+ in a different namespace are \"consumer\" | |
+ routes, and these routing rules are only | |
+ applied to outbound connections originating | |
+ from the same namespace as the Route, for | |
+ which the intended destination of the connections | |
+ are a Service targeted as a ParentRef of | |
+ the Route. </gateway:experimental:description> | |
+ \n Support: Core" | |
maxLength: 63 | |
minLength: 1 | |
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ | |
@@ -732,25 +742,27 @@ spec: | |
may be changed. When both Port and SectionName | |
are specified, the name and port of the | |
selected listener must match both specified | |
- values. \n When the parent resource is a | |
- Service, this targets a specific port in | |
- the Service spec. When both Port (experimental) | |
- and SectionName are specified, the name | |
- and port of the selected port must match | |
- both specified values. \n Implementations | |
- MAY choose to support other parent resources. | |
- Implementations supporting other types of | |
- parent resources MUST clearly document how/if | |
- Port is interpreted. \n For the purpose | |
- of status, an attachment is considered successful | |
- as long as the parent resource accepts it | |
- partially. For example, Gateway listeners | |
- can restrict which Routes can attach to | |
- them by Route kind, namespace, or hostname. | |
- If 1 of 2 Gateway listeners accept attachment | |
- from the referencing Route, the Route MUST | |
- be considered successfully attached. If | |
- no Gateway listeners accept attachment from | |
+ values. \n <gateway:experimental:description> | |
+ When the parent resource is a Service, this | |
+ targets a specific port in the Service spec. | |
+ When both Port (experimental) and SectionName | |
+ are specified, the name and port of the | |
+ selected port must match both specified | |
+ values. </gateway:experimental:description> | |
+ \n Implementations MAY choose to support | |
+ other parent resources. Implementations | |
+ supporting other types of parent resources | |
+ MUST clearly document how/if Port is interpreted. | |
+ \n For the purpose of status, an attachment | |
+ is considered successful as long as the | |
+ parent resource accepts it partially. For | |
+ example, Gateway listeners can restrict | |
+ which Routes can attach to them by Route | |
+ kind, namespace, or hostname. If 1 of 2 | |
+ Gateway listeners accept attachment from | |
+ the referencing Route, the Route MUST be | |
+ considered successfully attached. If no | |
+ Gateway listeners accept attachment from | |
this Route, the Route MUST be considered | |
detached from the Gateway. \n Support: Extended | |
\n <gateway:experimental>" | |
@@ -1006,6 +1018,16 @@ spec: | |
type: object | |
type: object | |
x-kubernetes-map-type: atomic | |
+ matchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
+ mismatchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
namespaceSelector: | |
properties: | |
matchExpressions: | |
@@ -1074,6 +1096,16 @@ spec: | |
type: object | |
type: object | |
x-kubernetes-map-type: atomic | |
+ matchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
+ mismatchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
namespaceSelector: | |
properties: | |
matchExpressions: | |
@@ -1140,6 +1172,16 @@ spec: | |
type: object | |
type: object | |
x-kubernetes-map-type: atomic | |
+ matchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
+ mismatchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
namespaceSelector: | |
properties: | |
matchExpressions: | |
@@ -1208,6 +1250,16 @@ spec: | |
type: object | |
type: object | |
x-kubernetes-map-type: atomic | |
+ matchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
+ mismatchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
namespaceSelector: | |
properties: | |
matchExpressions: | |
@@ -1345,6 +1397,13 @@ spec: | |
items: | |
type: string | |
type: array | |
+ issuingCertificateURLs: | |
+ description: IssuingCertificateURLs is a list of URLs which this | |
+ issuer should embed into certificates it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 | |
+ for more details. As an example, such a URL might be "http://ca.domain.com/ca.crt". | |
+ items: | |
+ type: string | |
+ type: array | |
ocspServers: | |
description: The OCSP server list is an X.509 v3 extension that | |
defines a list of URLs of OCSP responders. The OCSP responders | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager.io_issuers.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager.io_issuers.yaml | |
index 012115c..4c005ab 100644 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager.io_issuers.yaml | |
+++ b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager.io_issuers.yaml | |
@@ -6,7 +6,7 @@ metadata: | |
app: cert-manager | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: cert-manager | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
name: issuers.cert-manager.io | |
spec: | |
group: cert-manager.io | |
@@ -295,12 +295,16 @@ spec: | |
DNS01 challenge records. | |
properties: | |
clientID: | |
- description: if both this and ClientSecret are left | |
- unset MSI will be used | |
+ description: 'Auth: Azure Service Principal: The | |
+ ClientID of the Azure Service Principal used to | |
+ authenticate with Azure DNS. If set, ClientSecret | |
+ and TenantID must also be set.' | |
type: string | |
clientSecretSecretRef: | |
- description: if both this and ClientID are left | |
- unset MSI will be used | |
+ description: 'Auth: Azure Service Principal: A reference | |
+ to a Secret containing the password associated | |
+ with the Service Principal. If set, ClientID and | |
+ TenantID must also be set.' | |
properties: | |
key: | |
description: The key of the entry in the Secret | |
@@ -329,9 +333,11 @@ spec: | |
used | |
type: string | |
managedIdentity: | |
- description: managed identity configuration, can | |
- not be used at the same time as clientID, clientSecretSecretRef | |
- or tenantID | |
+ description: 'Auth: Azure Workload Identity or Azure | |
+ Managed Service Identity: Settings to enable Azure | |
+ Workload Identity or Azure Managed Service Identity | |
+ If set, ClientID, ClientSecret and TenantID must | |
+ not be set.' | |
properties: | |
clientID: | |
description: client ID of the managed identity, | |
@@ -340,6 +346,7 @@ spec: | |
resourceID: | |
description: resource ID of the managed identity, | |
can not be used at the same time as clientID | |
+ Cannot be used for Azure Managed Service Identity | |
type: string | |
type: object | |
resourceGroupName: | |
@@ -350,8 +357,10 @@ spec: | |
description: ID of the Azure subscription | |
type: string | |
tenantID: | |
- description: when specifying ClientID and ClientSecret | |
- then this field is also needed | |
+ description: 'Auth: Azure Service Principal: The | |
+ TenantID of the Azure Service Principal used to | |
+ authenticate with Azure DNS. If set, ClientID | |
+ and ClientSecret must also be set.' | |
type: string | |
required: | |
- resourceGroupName | |
@@ -700,19 +709,20 @@ spec: | |
are referring to. For example: Gateway has | |
the AllowedRoutes field, and ReferenceGrant | |
provides a generic way to enable any other | |
- kind of cross-namespace reference. \n ParentRefs | |
- from a Route to a Service in the same namespace | |
- are \"producer\" routes, which apply default | |
- routing rules to inbound connections from | |
- any namespace to the Service. \n ParentRefs | |
- from a Route to a Service in a different | |
- namespace are \"consumer\" routes, and these | |
- routing rules are only applied to outbound | |
- connections originating from the same namespace | |
- as the Route, for which the intended destination | |
- of the connections are a Service targeted | |
- as a ParentRef of the Route. \n Support: | |
- Core" | |
+ kind of cross-namespace reference. \n <gateway:experimental:description> | |
+ ParentRefs from a Route to a Service in | |
+ the same namespace are \"producer\" routes, | |
+ which apply default routing rules to inbound | |
+ connections from any namespace to the Service. | |
+ \n ParentRefs from a Route to a Service | |
+ in a different namespace are \"consumer\" | |
+ routes, and these routing rules are only | |
+ applied to outbound connections originating | |
+ from the same namespace as the Route, for | |
+ which the intended destination of the connections | |
+ are a Service targeted as a ParentRef of | |
+ the Route. </gateway:experimental:description> | |
+ \n Support: Core" | |
maxLength: 63 | |
minLength: 1 | |
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ | |
@@ -731,25 +741,27 @@ spec: | |
may be changed. When both Port and SectionName | |
are specified, the name and port of the | |
selected listener must match both specified | |
- values. \n When the parent resource is a | |
- Service, this targets a specific port in | |
- the Service spec. When both Port (experimental) | |
- and SectionName are specified, the name | |
- and port of the selected port must match | |
- both specified values. \n Implementations | |
- MAY choose to support other parent resources. | |
- Implementations supporting other types of | |
- parent resources MUST clearly document how/if | |
- Port is interpreted. \n For the purpose | |
- of status, an attachment is considered successful | |
- as long as the parent resource accepts it | |
- partially. For example, Gateway listeners | |
- can restrict which Routes can attach to | |
- them by Route kind, namespace, or hostname. | |
- If 1 of 2 Gateway listeners accept attachment | |
- from the referencing Route, the Route MUST | |
- be considered successfully attached. If | |
- no Gateway listeners accept attachment from | |
+ values. \n <gateway:experimental:description> | |
+ When the parent resource is a Service, this | |
+ targets a specific port in the Service spec. | |
+ When both Port (experimental) and SectionName | |
+ are specified, the name and port of the | |
+ selected port must match both specified | |
+ values. </gateway:experimental:description> | |
+ \n Implementations MAY choose to support | |
+ other parent resources. Implementations | |
+ supporting other types of parent resources | |
+ MUST clearly document how/if Port is interpreted. | |
+ \n For the purpose of status, an attachment | |
+ is considered successful as long as the | |
+ parent resource accepts it partially. For | |
+ example, Gateway listeners can restrict | |
+ which Routes can attach to them by Route | |
+ kind, namespace, or hostname. If 1 of 2 | |
+ Gateway listeners accept attachment from | |
+ the referencing Route, the Route MUST be | |
+ considered successfully attached. If no | |
+ Gateway listeners accept attachment from | |
this Route, the Route MUST be considered | |
detached from the Gateway. \n Support: Extended | |
\n <gateway:experimental>" | |
@@ -1005,6 +1017,16 @@ spec: | |
type: object | |
type: object | |
x-kubernetes-map-type: atomic | |
+ matchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
+ mismatchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
namespaceSelector: | |
properties: | |
matchExpressions: | |
@@ -1073,6 +1095,16 @@ spec: | |
type: object | |
type: object | |
x-kubernetes-map-type: atomic | |
+ matchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
+ mismatchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
namespaceSelector: | |
properties: | |
matchExpressions: | |
@@ -1139,6 +1171,16 @@ spec: | |
type: object | |
type: object | |
x-kubernetes-map-type: atomic | |
+ matchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
+ mismatchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
namespaceSelector: | |
properties: | |
matchExpressions: | |
@@ -1207,6 +1249,16 @@ spec: | |
type: object | |
type: object | |
x-kubernetes-map-type: atomic | |
+ matchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
+ mismatchLabelKeys: | |
+ items: | |
+ type: string | |
+ type: array | |
+ x-kubernetes-list-type: atomic | |
namespaceSelector: | |
properties: | |
matchExpressions: | |
@@ -1344,6 +1396,13 @@ spec: | |
items: | |
type: string | |
type: array | |
+ issuingCertificateURLs: | |
+ description: IssuingCertificateURLs is a list of URLs which this | |
+ issuer should embed into certificates it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 | |
+ for more details. As an example, such a URL might be "http://ca.domain.com/ca.crt". | |
+ items: | |
+ type: string | |
+ type: array | |
ocspServers: | |
description: The OCSP server list is an X.509 v3 extension that | |
defines a list of URLs of OCSP responders. The OCSP responders | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager_v1_configmap.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager_v1_configmap.yaml | |
deleted file mode 100644 | |
index 27ceef5..0000000 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager_v1_configmap.yaml | |
+++ /dev/null | |
@@ -1,11 +0,0 @@ | |
-apiVersion: v1 | |
-data: null | |
-kind: ConfigMap | |
-metadata: | |
- labels: | |
- app: cert-manager | |
- app.kubernetes.io/component: controller | |
- app.kubernetes.io/instance: cert-manager | |
- app.kubernetes.io/name: cert-manager | |
- app.kubernetes.io/version: v1.13.3 | |
- name: cert-manager | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager_v1_service.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager_v1_service.yaml | |
index fb944fa..24cd2a5 100644 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/manifests/cert-manager_v1_service.yaml | |
+++ b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/manifests/cert-manager_v1_service.yaml | |
@@ -7,7 +7,7 @@ metadata: | |
app.kubernetes.io/component: controller | |
app.kubernetes.io/instance: cert-manager | |
app.kubernetes.io/name: cert-manager | |
- app.kubernetes.io/version: v1.13.3 | |
+ app.kubernetes.io/version: v1.14.2 | |
name: cert-manager | |
spec: | |
ports: | |
diff --git a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/metadata/annotations.yaml b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/metadata/annotations.yaml | |
index df833d8..0b72003 100644 | |
--- a/build/operatorhub-repos/community-operators/operators/cert-manager/1.13.3/metadata/annotations.yaml | |
+++ b/build/operatorhub-repos/community-operators/operators/cert-manager/1.14.2/metadata/annotations.yaml | |
@@ -4,12 +4,12 @@ annotations: | |
operators.operatorframework.io.bundle.manifests.v1: manifests/ | |
operators.operatorframework.io.bundle.metadata.v1: metadata/ | |
operators.operatorframework.io.bundle.package.v1: cert-manager | |
- operators.operatorframework.io.bundle.channels.v1: candidate,stable | |
+ operators.operatorframework.io.bundle.channels.v1: stable,candidate | |
operators.operatorframework.io.bundle.channel.default.v1: stable | |
- operators.operatorframework.io.metrics.builder: operator-sdk-v1.25.0 | |
+ operators.operatorframework.io.metrics.builder: operator-sdk-v1.33.0 | |
operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 | |
operators.operatorframework.io.metrics.project_layout: unknown | |
- | |
# Annotations for testing. | |
operators.operatorframework.io.test.mediatype.v1: scorecard+v1 | |
operators.operatorframework.io.test.config.v1: tests/scorecard/ | |
+ com.redhat.openshift.versions: v4.6 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment