From 4b24ee66c7958f017674236fc36777efccf277f8 Mon Sep 17 00:00:00 2001 From: Tanvir Tatla Date: Fri, 12 Apr 2024 15:47:43 -0700 Subject: [PATCH] Bump cert-manager to 1.14.2 (#3063) * Bump cert-manager to 1.14.2 * update helm image list for cert-manager --- UPSTREAM_PROJECTS.yaml | 4 +- .../CERT_MANAGER_ACMESOLVER_ATTRIBUTION.txt | 173 ++-- .../CERT_MANAGER_CAINJECTOR_ATTRIBUTION.txt | 170 ++-- .../CERT_MANAGER_CONTROLLER_ATTRIBUTION.txt | 752 ++++++++++++++---- .../CERT_MANAGER_CTL_ATTRIBUTION.txt | 298 ++++--- .../CERT_MANAGER_WEBHOOK_ATTRIBUTION.txt | 237 +++--- projects/cert-manager/cert-manager/CHECKSUMS | 20 +- projects/cert-manager/cert-manager/GIT_TAG | 2 +- .../cert-manager/cert-manager/GOLANG_VERSION | 2 +- projects/cert-manager/cert-manager/Makefile | 2 +- projects/cert-manager/cert-manager/README.md | 2 +- ...e-sourceRegistry-and-digest-in-chart.patch | 145 ++-- .../patches/0002-Add-cert-manager-CRDs.patch | 4 +- .../0003-Remove-namespace-from-chart.patch | 4 +- ...Update-cert-manager-namespace-config.patch | 22 +- .../cert-manager/manifests/cert-manager.yaml | 454 ++++++++--- 16 files changed, 1431 insertions(+), 860 deletions(-) diff --git a/UPSTREAM_PROJECTS.yaml b/UPSTREAM_PROJECTS.yaml index 760f8a8e07..a5adc3398a 100644 --- a/UPSTREAM_PROJECTS.yaml +++ b/UPSTREAM_PROJECTS.yaml @@ -61,8 +61,8 @@ projects: repos: - name: cert-manager versions: - - tag: v1.13.2 - go_version: "1.20" + - tag: v1.14.2 + go_version: "1.21" - org: cilium repos: - name: cilium diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_ACMESOLVER_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_ACMESOLVER_ATTRIBUTION.txt index 781d2e0598..e6cd6b9985 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_ACMESOLVER_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_ACMESOLVER_ATTRIBUTION.txt @@ -2,20 +2,20 @@ ** github.com/cert-manager/cert-manager; version v0.0.0-00010101000000-000000000000 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/acmesolver-binary; version v1.13.2 -- +** github.com/cert-manager/cert-manager/acmesolver-binary; version v1.14.2 -- https://github.com/cert-manager/cert-manager/acmesolver-binary -** github.com/go-logr/logr; version v1.2.4 -- +** github.com/go-logr/logr; version v1.4.1 -- https://github.com/go-logr/logr -** github.com/go-logr/zapr; version v1.2.4 -- +** github.com/go-logr/zapr; version v1.3.0 -- https://github.com/go-logr/zapr ** github.com/google/gofuzz; version v1.2.0 -- https://github.com/google/gofuzz -** github.com/matttproud/golang_protobuf_extensions/pbutil; version v1.0.4 -- -https://github.com/matttproud/golang_protobuf_extensions +** github.com/matttproud/golang_protobuf_extensions/v2/pbutil; version v2.0.0 -- +https://github.com/matttproud/golang_protobuf_extensions/v2 ** github.com/modern-go/concurrent; version v0.0.0-20180306012644-bacd9c7ef1dd -- https://github.com/modern-go/concurrent @@ -23,57 +23,57 @@ https://github.com/modern-go/concurrent ** github.com/modern-go/reflect2; version v1.0.2 -- https://github.com/modern-go/reflect2 -** github.com/prometheus/client_golang/prometheus; version v1.16.0 -- +** github.com/prometheus/client_golang/prometheus; version v1.18.0 -- https://github.com/prometheus/client_golang -** github.com/prometheus/client_model/go; version v0.4.0 -- +** github.com/prometheus/client_model/go; version v0.5.0 -- https://github.com/prometheus/client_model -** github.com/prometheus/common; version v0.44.0 -- +** github.com/prometheus/common; version v0.45.0 -- https://github.com/prometheus/common -** github.com/prometheus/procfs; version v0.10.1 -- +** github.com/prometheus/procfs; version v0.12.0 -- https://github.com/prometheus/procfs -** github.com/spf13/cobra; version v1.7.0 -- +** github.com/spf13/cobra; version v1.8.0 -- https://github.com/spf13/cobra ** gopkg.in/yaml.v2; version v2.4.0 -- https://gopkg.in/yaml.v2 -** k8s.io/api; version v0.28.1 -- +** k8s.io/api/core/v1; version v0.29.0 -- https://github.com/kubernetes/api -** k8s.io/apiextensions-apiserver/pkg/apis/apiextensions; version v0.28.1 -- +** k8s.io/apiextensions-apiserver/pkg/apis/apiextensions; version v0.29.0 -- https://github.com/kubernetes/apiextensions-apiserver -** k8s.io/apimachinery/pkg; version v0.28.1 -- +** k8s.io/apimachinery/pkg; version v0.29.0 -- https://github.com/kubernetes/apimachinery -** k8s.io/client-go/kubernetes/scheme; version v0.28.1 -- -https://github.com/kubernetes/client-go - -** k8s.io/component-base; version v0.28.1 -- +** k8s.io/component-base; version v0.29.0 -- https://github.com/kubernetes/component-base -** k8s.io/klog/v2; version v2.100.1 -- +** k8s.io/klog/v2; version v2.110.1 -- https://github.com/kubernetes/klog -** k8s.io/kube-aggregator/pkg/apis/apiregistration; version v0.28.1 -- -https://github.com/kubernetes/kube-aggregator - -** k8s.io/utils; version v0.0.0-20230726121419-3b25d923346b -- +** k8s.io/utils; version v0.0.0-20240102154912-e7106e64919e -- https://github.com/kubernetes/utils -** sigs.k8s.io/gateway-api/apis/v1beta1; version v0.8.0 -- +** sigs.k8s.io/gateway-api/apis/v1; version v1.0.0 -- https://github.com/kubernetes-sigs/gateway-api ** sigs.k8s.io/json; version v0.0.0-20221116044647-bc3834ca7abd -- https://github.com/kubernetes-sigs/json -** sigs.k8s.io/structured-merge-diff/v4/value; version v4.3.0 -- +** sigs.k8s.io/structured-merge-diff/v4/value; version v4.4.1 -- https://github.com/kubernetes-sigs/structured-merge-diff +** sigs.k8s.io/yaml; version v1.4.0 -- +https://github.com/kubernetes-sigs/yaml + +** sigs.k8s.io/yaml/goyaml.v2; version v1.4.0 -- +https://github.com/kubernetes-sigs/yaml + Apache License Version 2.0, January 2004 @@ -278,7 +278,7 @@ https://github.com/kubernetes-sigs/structured-merge-diff limitations under the License. -* For github.com/matttproud/golang_protobuf_extensions/pbutil see also this required NOTICE: +* For github.com/matttproud/golang_protobuf_extensions/v2/pbutil see also this required NOTICE: Copyright 2012 Matt T. Proud (matt.proud@gmail.com) @@ -349,6 +349,22 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + +* For sigs.k8s.io/yaml/goyaml.v2 see also this required NOTICE: +Copyright 2011-2016 Canonical Ltd. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + ------ ** github.com/gogo/protobuf; version v1.3.2 -- @@ -392,41 +408,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/golang/protobuf/proto; version v1.5.3 -- -https://github.com/golang/protobuf - -Copyright 2010 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - ------- - -** github.com/google/go-cmp/cmp; version v0.5.9 -- +** github.com/google/go-cmp/cmp; version v0.6.0 -- https://github.com/google/go-cmp Copyright (c) 2017 The Go Authors. All rights reserved. @@ -459,7 +441,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg; version v0.44.0 -- +** github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg; version v0.45.0 -- https://github.com/prometheus/common Copyright (c) 2011, Open Knowledge Foundation Ltd. @@ -529,19 +511,19 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** golang.org/go; version go1.20.14 -- +** golang.org/go; version go1.21.8 -- https://github.com/golang/go -** golang.org/x/net; version v0.17.0 -- +** golang.org/x/net; version v0.19.0 -- https://golang.org/x/net -** golang.org/x/sys/unix; version v0.13.0 -- +** golang.org/x/sys/unix; version v0.15.0 -- https://golang.org/x/sys -** golang.org/x/text; version v0.13.0 -- +** golang.org/x/text; version v0.14.0 -- https://golang.org/x/text -** k8s.io/apimachinery/third_party/forked/golang/reflect; version v0.28.1 -- +** k8s.io/apimachinery/third_party/forked/golang/reflect; version v0.29.0 -- https://github.com/kubernetes/apimachinery Copyright (c) 2009 The Go Authors. All rights reserved. @@ -574,7 +556,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** google.golang.org/protobuf; version v1.31.0 -- +** google.golang.org/protobuf; version v1.32.0 -- https://go.googlesource.com/protobuf Copyright (c) 2018 The Go Authors. All rights reserved. @@ -641,7 +623,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** k8s.io/utils/internal/third_party/forked/golang/net; version v0.0.0-20230726121419-3b25d923346b -- +** k8s.io/utils/internal/third_party/forked/golang/net; version v0.0.0-20240102154912-e7106e64919e -- https://github.com/kubernetes/utils Copyright (c) 2012 The Go Authors. All rights reserved. @@ -694,7 +676,7 @@ Copyright (c) 2016 json-iterator https://github.com/uber-go/multierr Copyright (c) 2017-2021 Uber Technologies, Inc. -** go.uber.org/zap; version v1.25.0 -- +** go.uber.org/zap; version v1.26.0 -- https://github.com/uber-go/zap Copyright (c) 2016-2017 Uber Technologies, Inc. @@ -717,56 +699,3 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ------ - -** sigs.k8s.io/yaml; version v1.3.0 -- -https://github.com/kubernetes-sigs/yaml -Copyright (c) 2014 Sam Ghods -Copyright (c) 2012 The Go Authors. All rights reserved. - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - - - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - -* Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. -* Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. -* Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------- diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_CAINJECTOR_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_CAINJECTOR_ATTRIBUTION.txt index b81057c5ef..47682d513c 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_CAINJECTOR_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_CAINJECTOR_ATTRIBUTION.txt @@ -2,22 +2,22 @@ ** github.com/cert-manager/cert-manager; version v0.0.0-00010101000000-000000000000 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/cainjector-binary; version v1.13.2 -- +** github.com/cert-manager/cert-manager/cainjector-binary; version v1.14.2 -- https://github.com/cert-manager/cert-manager/cainjector-binary -** github.com/go-logr/logr; version v1.2.4 -- +** github.com/go-logr/logr; version v1.4.1 -- https://github.com/go-logr/logr -** github.com/go-logr/zapr; version v1.2.4 -- +** github.com/go-logr/zapr; version v1.3.0 -- https://github.com/go-logr/zapr -** github.com/go-openapi/jsonpointer; version v0.19.6 -- +** github.com/go-openapi/jsonpointer; version v0.20.2 -- https://github.com/go-openapi/jsonpointer -** github.com/go-openapi/jsonreference; version v0.20.2 -- +** github.com/go-openapi/jsonreference; version v0.20.4 -- https://github.com/go-openapi/jsonreference -** github.com/go-openapi/swag; version v0.22.3 -- +** github.com/go-openapi/swag; version v0.22.7 -- https://github.com/go-openapi/swag ** github.com/golang/groupcache/lru; version v0.0.0-20210331224755-41bb18bfe9da -- @@ -29,8 +29,8 @@ https://github.com/google/gnostic-models ** github.com/google/gofuzz; version v1.2.0 -- https://github.com/google/gofuzz -** github.com/matttproud/golang_protobuf_extensions/pbutil; version v1.0.4 -- -https://github.com/matttproud/golang_protobuf_extensions +** github.com/matttproud/golang_protobuf_extensions/v2/pbutil; version v2.0.0 -- +https://github.com/matttproud/golang_protobuf_extensions/v2 ** github.com/modern-go/concurrent; version v0.0.0-20180306012644-bacd9c7ef1dd -- https://github.com/modern-go/concurrent @@ -38,19 +38,19 @@ https://github.com/modern-go/concurrent ** github.com/modern-go/reflect2; version v1.0.2 -- https://github.com/modern-go/reflect2 -** github.com/prometheus/client_golang/prometheus; version v1.16.0 -- +** github.com/prometheus/client_golang/prometheus; version v1.18.0 -- https://github.com/prometheus/client_golang -** github.com/prometheus/client_model/go; version v0.4.0 -- +** github.com/prometheus/client_model/go; version v0.5.0 -- https://github.com/prometheus/client_model -** github.com/prometheus/common; version v0.44.0 -- +** github.com/prometheus/common; version v0.45.0 -- https://github.com/prometheus/common -** github.com/prometheus/procfs; version v0.10.1 -- +** github.com/prometheus/procfs; version v0.12.0 -- https://github.com/prometheus/procfs -** github.com/spf13/cobra; version v1.7.0 -- +** github.com/spf13/cobra; version v1.8.0 -- https://github.com/spf13/cobra ** gomodules.xyz/jsonpatch/v2; version v2.4.0 -- @@ -59,48 +59,54 @@ https://github.com/gomodules/jsonpatch ** gopkg.in/yaml.v2; version v2.4.0 -- https://gopkg.in/yaml.v2 -** k8s.io/api; version v0.28.1 -- +** k8s.io/api; version v0.29.0 -- https://github.com/kubernetes/api -** k8s.io/apiextensions-apiserver/pkg/apis/apiextensions; version v0.28.1 -- +** k8s.io/apiextensions-apiserver/pkg/apis/apiextensions; version v0.29.0 -- https://github.com/kubernetes/apiextensions-apiserver -** k8s.io/apimachinery/pkg; version v0.28.1 -- +** k8s.io/apimachinery/pkg; version v0.29.0 -- https://github.com/kubernetes/apimachinery -** k8s.io/client-go; version v0.28.1 -- +** k8s.io/client-go; version v0.29.0 -- https://github.com/kubernetes/client-go -** k8s.io/component-base; version v0.28.1 -- +** k8s.io/component-base; version v0.29.0 -- https://github.com/kubernetes/component-base -** k8s.io/klog/v2; version v2.100.1 -- +** k8s.io/klog/v2; version v2.110.1 -- https://github.com/kubernetes/klog -** k8s.io/kube-aggregator/pkg/apis/apiregistration; version v0.28.1 -- +** k8s.io/kube-aggregator/pkg/apis/apiregistration; version v0.29.0 -- https://github.com/kubernetes/kube-aggregator -** k8s.io/kube-openapi/pkg; version v0.0.0-20230905202853-d090da108d2f -- +** k8s.io/kube-openapi/pkg; version v0.0.0-20240103051144-eec4567ac022 -- https://github.com/kubernetes/kube-openapi -** k8s.io/kube-openapi/pkg/validation/spec; version v0.0.0-20230905202853-d090da108d2f -- +** k8s.io/kube-openapi/pkg/validation/spec; version v0.0.0-20240103051144-eec4567ac022 -- https://github.com/kubernetes/kube-openapi -** k8s.io/utils; version v0.0.0-20230726121419-3b25d923346b -- +** k8s.io/utils; version v0.0.0-20240102154912-e7106e64919e -- https://github.com/kubernetes/utils -** sigs.k8s.io/controller-runtime; version v0.16.1 -- +** sigs.k8s.io/controller-runtime; version v0.16.3 -- https://github.com/kubernetes-sigs/controller-runtime -** sigs.k8s.io/gateway-api/apis/v1beta1; version v0.8.0 -- +** sigs.k8s.io/gateway-api/apis/v1; version v1.0.0 -- https://github.com/kubernetes-sigs/gateway-api ** sigs.k8s.io/json; version v0.0.0-20221116044647-bc3834ca7abd -- https://github.com/kubernetes-sigs/json -** sigs.k8s.io/structured-merge-diff/v4; version v4.3.0 -- +** sigs.k8s.io/structured-merge-diff/v4; version v4.4.1 -- https://github.com/kubernetes-sigs/structured-merge-diff +** sigs.k8s.io/yaml; version v1.4.0 -- +https://github.com/kubernetes-sigs/yaml + +** sigs.k8s.io/yaml/goyaml.v2; version v1.4.0 -- +https://github.com/kubernetes-sigs/yaml + Apache License Version 2.0, January 2004 @@ -305,7 +311,7 @@ https://github.com/kubernetes-sigs/structured-merge-diff limitations under the License. -* For github.com/matttproud/golang_protobuf_extensions/pbutil see also this required NOTICE: +* For github.com/matttproud/golang_protobuf_extensions/v2/pbutil see also this required NOTICE: Copyright 2012 Matt T. Proud (matt.proud@gmail.com) @@ -376,6 +382,22 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + +* For sigs.k8s.io/yaml/goyaml.v2 see also this required NOTICE: +Copyright 2011-2016 Canonical Ltd. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + ------ ** github.com/pkg/errors; version v0.9.1 -- @@ -407,7 +429,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/evanphx/json-patch/v5; version v5.6.0 -- +** github.com/evanphx/json-patch/v5; version v5.7.0 -- https://github.com/evanphx/json-patch/v5 Copyright (c) 2014, Evan Phoenix @@ -438,7 +460,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/fsnotify/fsnotify; version v1.6.0 -- +** github.com/fsnotify/fsnotify; version v1.7.0 -- https://github.com/fsnotify/fsnotify Copyright © 2012 The Go Authors. All rights reserved. @@ -544,7 +566,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/google/go-cmp/cmp; version v0.5.9 -- +** github.com/google/go-cmp/cmp; version v0.6.0 -- https://github.com/google/go-cmp Copyright (c) 2017 The Go Authors. All rights reserved. @@ -577,7 +599,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/google/uuid; version v1.3.1 -- +** github.com/google/uuid; version v1.5.0 -- https://github.com/google/uuid Copyright (c) 2009,2014 Google Inc. All rights reserved. @@ -610,7 +632,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/imdario/mergo; version v0.3.13 -- +** github.com/imdario/mergo; version v0.3.16 -- https://github.com/darccio/mergo Copyright (c) 2013 Dario Castañé. All rights reserved. @@ -681,7 +703,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg; version v0.44.0 -- +** github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg; version v0.45.0 -- https://github.com/prometheus/common Copyright (c) 2011, Open Knowledge Foundation Ltd. @@ -751,34 +773,31 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** golang.org/go; version go1.20.14 -- +** golang.org/go; version go1.21.8 -- https://github.com/golang/go -** golang.org/x/exp; version v0.0.0-20230905200255-921286631fa9 -- +** golang.org/x/exp/maps; version v0.0.0-20231226003508-02704c960a9b -- https://golang.org/x/exp -** golang.org/x/net; version v0.17.0 -- +** golang.org/x/net; version v0.19.0 -- https://golang.org/x/net -** golang.org/x/oauth2; version v0.12.0 -- +** golang.org/x/oauth2; version v0.15.0 -- https://golang.org/x/oauth2 -** golang.org/x/sync/errgroup; version v0.3.0 -- -https://golang.org/x/sync - -** golang.org/x/sys/unix; version v0.13.0 -- +** golang.org/x/sys/unix; version v0.15.0 -- https://golang.org/x/sys -** golang.org/x/term; version v0.13.0 -- +** golang.org/x/term; version v0.15.0 -- https://golang.org/x/term -** golang.org/x/text; version v0.13.0 -- +** golang.org/x/text; version v0.14.0 -- https://golang.org/x/text -** golang.org/x/time/rate; version v0.3.0 -- +** golang.org/x/time/rate; version v0.5.0 -- https://golang.org/x/time -** k8s.io/apimachinery/third_party/forked/golang; version v0.28.1 -- +** k8s.io/apimachinery/third_party/forked/golang; version v0.29.0 -- https://github.com/kubernetes/apimachinery Copyright (c) 2009 The Go Authors. All rights reserved. @@ -811,7 +830,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** google.golang.org/protobuf; version v1.31.0 -- +** google.golang.org/protobuf; version v1.32.0 -- https://go.googlesource.com/protobuf Copyright (c) 2018 The Go Authors. All rights reserved. @@ -878,7 +897,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json; version v0.0.0-20230905202853-d090da108d2f -- +** k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json; version v0.0.0-20240103051144-eec4567ac022 -- https://github.com/kubernetes/kube-openapi Copyright (c) 2020 The Go Authors. All rights reserved. @@ -911,7 +930,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** k8s.io/utils/internal/third_party/forked/golang/net; version v0.0.0-20230726121419-3b25d923346b -- +** k8s.io/utils/internal/third_party/forked/golang/net; version v0.0.0-20240102154912-e7106e64919e -- https://github.com/kubernetes/utils Copyright (c) 2012 The Go Authors. All rights reserved. @@ -997,7 +1016,7 @@ Copyright (c) 2016 Mail.Ru Group https://github.com/uber-go/multierr Copyright (c) 2017-2021 Uber Technologies, Inc. -** go.uber.org/zap; version v1.25.0 -- +** go.uber.org/zap; version v1.26.0 -- https://github.com/uber-go/zap Copyright (c) 2016-2017 Uber Technologies, Inc. @@ -1093,56 +1112,3 @@ See the License for the specific language governing permissions and limitations under the License. ------ - -** sigs.k8s.io/yaml; version v1.3.0 -- -https://github.com/kubernetes-sigs/yaml -Copyright (c) 2014 Sam Ghods -Copyright (c) 2012 The Go Authors. All rights reserved. - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - - - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - -* Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. -* Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. -* Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------- diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_CONTROLLER_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_CONTROLLER_ATTRIBUTION.txt index 65e9aa404e..3b7af6c2a0 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_CONTROLLER_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_CONTROLLER_ATTRIBUTION.txt @@ -5,34 +5,13 @@ https://github.com/googleapis/google-cloud-go ** github.com/akamai/AkamaiOPEN-edgegrid-golang; version v1.2.2 -- https://github.com/akamai/AkamaiOPEN-edgegrid-golang -** github.com/aws/aws-sdk-go; version v1.45.7 -- +** github.com/aws/aws-sdk-go; version v1.49.13 -- https://github.com/aws/aws-sdk-go -** github.com/Azure/go-autorest/autorest; version v0.11.29 -- -https://github.com/Azure/go-autorest/autorest - -** github.com/Azure/go-autorest/autorest/adal; version v0.9.23 -- -https://github.com/Azure/go-autorest/autorest/adal - -** github.com/Azure/go-autorest/autorest/date; version v0.3.0 -- -https://github.com/Azure/go-autorest/autorest/date - -** github.com/Azure/go-autorest/autorest/to; version v0.4.0 -- -https://github.com/Azure/go-autorest/autorest/to - -** github.com/Azure/go-autorest/autorest/validation; version v0.3.1 -- -https://github.com/Azure/go-autorest/autorest/validation - -** github.com/Azure/go-autorest/logger; version v0.2.1 -- -https://github.com/Azure/go-autorest/logger - -** github.com/Azure/go-autorest/tracing; version v0.6.0 -- -https://github.com/Azure/go-autorest/tracing - ** github.com/cert-manager/cert-manager; version v0.0.0-00010101000000-000000000000 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/controller-binary; version v1.13.2 -- +** github.com/cert-manager/cert-manager/controller-binary; version v1.14.2 -- https://github.com/cert-manager/cert-manager/controller-binary ** github.com/coreos/go-semver/semver; version v0.3.1 -- @@ -41,25 +20,25 @@ https://github.com/coreos/go-semver ** github.com/coreos/go-systemd/v22/journal; version v22.5.0 -- https://github.com/coreos/go-systemd/v22 -** github.com/go-jose/go-jose/v3; version v3.0.0 -- +** github.com/go-jose/go-jose/v3; version v3.0.1 -- https://github.com/go-jose/go-jose/v3 -** github.com/go-logr/logr; version v1.2.4 -- +** github.com/go-logr/logr; version v1.4.1 -- https://github.com/go-logr/logr ** github.com/go-logr/stdr; version v1.2.2 -- https://github.com/go-logr/stdr -** github.com/go-logr/zapr; version v1.2.4 -- +** github.com/go-logr/zapr; version v1.3.0 -- https://github.com/go-logr/zapr -** github.com/go-openapi/jsonpointer; version v0.19.6 -- +** github.com/go-openapi/jsonpointer; version v0.20.2 -- https://github.com/go-openapi/jsonpointer -** github.com/go-openapi/jsonreference; version v0.20.2 -- +** github.com/go-openapi/jsonreference; version v0.20.4 -- https://github.com/go-openapi/jsonreference -** github.com/go-openapi/swag; version v0.22.3 -- +** github.com/go-openapi/swag; version v0.22.7 -- https://github.com/go-openapi/swag ** github.com/golang/groupcache/lru; version v0.0.0-20210331224755-41bb18bfe9da -- @@ -74,7 +53,7 @@ https://github.com/google/gofuzz ** github.com/google/s2a-go; version v0.1.7 -- https://github.com/google/s2a-go -** github.com/googleapis/enterprise-certificate-proxy/client; version v0.2.5 -- +** github.com/googleapis/enterprise-certificate-proxy/client; version v0.3.2 -- https://github.com/googleapis/enterprise-certificate-proxy ** github.com/grpc-ecosystem/go-grpc-prometheus; version v1.2.0 -- @@ -83,8 +62,11 @@ https://github.com/grpc-ecosystem/go-grpc-prometheus ** github.com/jmespath/go-jmespath; version v0.4.1-0.20220621161143-b0104c826a24 -- https://github.com/jmespath/go-jmespath -** github.com/matttproud/golang_protobuf_extensions/pbutil; version v1.0.4 -- -https://github.com/matttproud/golang_protobuf_extensions +** github.com/kylelemons/godebug; version v1.1.0 -- +https://github.com/kylelemons/godebug + +** github.com/matttproud/golang_protobuf_extensions/v2/pbutil; version v2.0.0 -- +https://github.com/matttproud/golang_protobuf_extensions/v2 ** github.com/modern-go/concurrent; version v0.0.0-20180306012644-bacd9c7ef1dd -- https://github.com/modern-go/concurrent @@ -92,123 +74,126 @@ https://github.com/modern-go/concurrent ** github.com/modern-go/reflect2; version v1.0.2 -- https://github.com/modern-go/reflect2 -** github.com/prometheus/client_golang/prometheus; version v1.16.0 -- +** github.com/prometheus/client_golang/prometheus; version v1.18.0 -- https://github.com/prometheus/client_golang -** github.com/prometheus/client_model/go; version v0.4.0 -- +** github.com/prometheus/client_model/go; version v0.5.0 -- https://github.com/prometheus/client_model -** github.com/prometheus/common; version v0.44.0 -- +** github.com/prometheus/common; version v0.45.0 -- https://github.com/prometheus/common -** github.com/prometheus/procfs; version v0.10.1 -- +** github.com/prometheus/procfs; version v0.12.0 -- https://github.com/prometheus/procfs -** github.com/spf13/cobra; version v1.7.0 -- +** github.com/spf13/cobra; version v1.8.0 -- https://github.com/spf13/cobra -** github.com/Venafi/vcert/v4; version v4.24.1-0.20230703183014-69f417ae176d -- -https://github.com/Venafi/vcert/v4 +** github.com/Venafi/vcert/v5; version v5.3.0 -- +https://github.com/Venafi/vcert/v5 -** go.etcd.io/etcd/api/v3; version v3.5.9 -- +** go.etcd.io/etcd/api/v3; version v3.5.11 -- https://github.com/etcd-io/etcd -** go.etcd.io/etcd/client/pkg/v3; version v3.5.9 -- +** go.etcd.io/etcd/client/pkg/v3; version v3.5.11 -- https://github.com/etcd-io/etcd -** go.etcd.io/etcd/client/v3; version v3.5.9 -- +** go.etcd.io/etcd/client/v3; version v3.5.11 -- https://github.com/etcd-io/etcd ** go.opencensus.io; version v0.24.0 -- https://github.com/census-instrumentation/opencensus-go -** go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc; version v0.45.0 -- +** go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc; version v0.46.1 -- https://github.com/open-telemetry/opentelemetry-go-contrib -** go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp; version v0.44.0 -- +** go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp; version v0.46.1 -- https://github.com/open-telemetry/opentelemetry-go-contrib -** go.opentelemetry.io/otel; version v1.19.0 -- +** go.opentelemetry.io/otel; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/exporters/otlp/otlptrace; version v1.19.0 -- +** go.opentelemetry.io/otel/exporters/otlp/otlptrace; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc; version v1.19.0 -- +** go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/metric; version v1.19.0 -- +** go.opentelemetry.io/otel/metric; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/sdk; version v1.19.0 -- +** go.opentelemetry.io/otel/sdk; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/trace; version v1.19.0 -- +** go.opentelemetry.io/otel/trace; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go ** go.opentelemetry.io/proto/otlp; version v1.0.0 -- https://github.com/open-telemetry/opentelemetry-proto-go -** google.golang.org/genproto/googleapis/api; version v0.0.0-20230803162519-f966b187b2e5 -- +** google.golang.org/genproto/googleapis/api; version v0.0.0-20240102182953-50ed04b92917 -- https://github.com/googleapis/go-genproto -** google.golang.org/genproto/googleapis/rpc; version v0.0.0-20230911183012-2d3300fd4832 -- +** google.golang.org/genproto/googleapis/rpc; version v0.0.0-20240102182953-50ed04b92917 -- https://github.com/googleapis/go-genproto -** google.golang.org/grpc; version v1.58.3 -- +** google.golang.org/grpc; version v1.60.1 -- https://github.com/grpc/grpc-go -** gopkg.in/ini.v1; version v1.62.0 -- +** gopkg.in/ini.v1; version v1.67.0 -- https://gopkg.in/ini.v1 ** gopkg.in/yaml.v2; version v2.4.0 -- https://gopkg.in/yaml.v2 -** k8s.io/api; version v0.28.1 -- +** k8s.io/api; version v0.29.0 -- https://github.com/kubernetes/api -** k8s.io/apiextensions-apiserver/pkg/apis/apiextensions; version v0.28.1 -- +** k8s.io/apiextensions-apiserver/pkg/apis/apiextensions; version v0.29.0 -- https://github.com/kubernetes/apiextensions-apiserver -** k8s.io/apimachinery/pkg; version v0.28.1 -- +** k8s.io/apimachinery/pkg; version v0.29.0 -- https://github.com/kubernetes/apimachinery -** k8s.io/apiserver/pkg; version v0.28.1 -- +** k8s.io/apiserver/pkg; version v0.29.0 -- https://github.com/kubernetes/apiserver -** k8s.io/client-go; version v0.28.1 -- +** k8s.io/client-go; version v0.29.0 -- https://github.com/kubernetes/client-go -** k8s.io/component-base; version v0.28.1 -- +** k8s.io/component-base; version v0.29.0 -- https://github.com/kubernetes/component-base -** k8s.io/klog/v2; version v2.100.1 -- +** k8s.io/klog/v2; version v2.110.1 -- https://github.com/kubernetes/klog -** k8s.io/kube-aggregator/pkg/apis/apiregistration; version v0.28.1 -- -https://github.com/kubernetes/kube-aggregator - -** k8s.io/kube-openapi/pkg; version v0.0.0-20230905202853-d090da108d2f -- +** k8s.io/kube-openapi/pkg; version v0.0.0-20240103051144-eec4567ac022 -- https://github.com/kubernetes/kube-openapi -** k8s.io/kube-openapi/pkg/validation/spec; version v0.0.0-20230905202853-d090da108d2f -- +** k8s.io/kube-openapi/pkg/validation/spec; version v0.0.0-20240103051144-eec4567ac022 -- https://github.com/kubernetes/kube-openapi -** k8s.io/utils; version v0.0.0-20230726121419-3b25d923346b -- +** k8s.io/utils; version v0.0.0-20240102154912-e7106e64919e -- https://github.com/kubernetes/utils -** sigs.k8s.io/apiserver-network-proxy/konnectivity-client; version v0.1.2 -- +** sigs.k8s.io/apiserver-network-proxy/konnectivity-client; version v0.29.0 -- https://github.com/kubernetes-sigs/apiserver-network-proxy -** sigs.k8s.io/gateway-api; version v0.8.0 -- +** sigs.k8s.io/gateway-api; version v1.0.0 -- https://github.com/kubernetes-sigs/gateway-api ** sigs.k8s.io/json; version v0.0.0-20221116044647-bc3834ca7abd -- https://github.com/kubernetes-sigs/json -** sigs.k8s.io/structured-merge-diff/v4; version v4.3.0 -- +** sigs.k8s.io/structured-merge-diff/v4; version v4.4.1 -- https://github.com/kubernetes-sigs/structured-merge-diff +** sigs.k8s.io/yaml; version v1.4.0 -- +https://github.com/kubernetes-sigs/yaml + +** sigs.k8s.io/yaml/goyaml.v2; version v1.4.0 -- +https://github.com/kubernetes-sigs/yaml + Apache License Version 2.0, January 2004 @@ -434,7 +419,7 @@ go-jmespath Copyright 2015 James Saryerwinnie -* For github.com/matttproud/golang_protobuf_extensions/pbutil see also this required NOTICE: +* For github.com/matttproud/golang_protobuf_extensions/v2/pbutil see also this required NOTICE: Copyright 2012 Matt T. Proud (matt.proud@gmail.com) @@ -505,6 +490,51 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + +* For sigs.k8s.io/yaml/goyaml.v2 see also this required NOTICE: +Copyright 2011-2016 Canonical Ltd. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +------ + +** github.com/pkg/browser; version v0.0.0-20210911075715-681adbf594b8 -- +https://github.com/pkg/browser + +Copyright (c) 2014, Dave Cheney +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ------ ** github.com/pkg/errors; version v0.9.1 -- @@ -536,40 +566,37 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/aws/aws-sdk-go/internal/sync/singleflight; version v1.45.7 -- +** github.com/aws/aws-sdk-go/internal/sync/singleflight; version v1.49.13 -- https://github.com/aws/aws-sdk-go -** golang.org/go; version go1.20.14 -- +** golang.org/go; version go1.21.8 -- https://github.com/golang/go -** golang.org/x/crypto; version v0.14.0 -- +** golang.org/x/crypto; version v0.17.0 -- https://golang.org/x/crypto -** golang.org/x/exp; version v0.0.0-20230905200255-921286631fa9 -- -https://golang.org/x/exp - -** golang.org/x/net; version v0.17.0 -- +** golang.org/x/net; version v0.19.0 -- https://golang.org/x/net -** golang.org/x/oauth2; version v0.12.0 -- +** golang.org/x/oauth2; version v0.15.0 -- https://golang.org/x/oauth2 -** golang.org/x/sync/errgroup; version v0.3.0 -- +** golang.org/x/sync/errgroup; version v0.5.0 -- https://golang.org/x/sync -** golang.org/x/sys; version v0.13.0 -- +** golang.org/x/sys; version v0.15.0 -- https://golang.org/x/sys -** golang.org/x/term; version v0.13.0 -- +** golang.org/x/term; version v0.15.0 -- https://golang.org/x/term -** golang.org/x/text; version v0.13.0 -- +** golang.org/x/text; version v0.14.0 -- https://golang.org/x/text -** golang.org/x/time/rate; version v0.3.0 -- +** golang.org/x/time/rate; version v0.5.0 -- https://golang.org/x/time -** k8s.io/apimachinery/third_party/forked/golang; version v0.28.1 -- +** k8s.io/apimachinery/third_party/forked/golang; version v0.29.0 -- https://github.com/kubernetes/apimachinery Copyright (c) 2009 The Go Authors. All rights reserved. @@ -602,10 +629,10 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/go-jose/go-jose/v3/json; version v3.0.0 -- +** github.com/go-jose/go-jose/v3/json; version v3.0.1 -- https://github.com/go-jose/go-jose/v3 -** k8s.io/utils/internal/third_party/forked/golang/net; version v0.0.0-20230726121419-3b25d923346b -- +** k8s.io/utils/internal/third_party/forked/golang/net; version v0.0.0-20240102154912-e7106e64919e -- https://github.com/kubernetes/utils Copyright (c) 2012 The Go Authors. All rights reserved. @@ -746,7 +773,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/google/go-cmp/cmp; version v0.5.9 -- +** github.com/google/go-cmp/cmp; version v0.6.0 -- https://github.com/google/go-cmp Copyright (c) 2017 The Go Authors. All rights reserved. @@ -812,7 +839,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/google/uuid; version v1.3.1 -- +** github.com/google/uuid; version v1.5.0 -- https://github.com/google/uuid Copyright (c) 2009,2014 Google Inc. All rights reserved. @@ -878,7 +905,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/grpc-ecosystem/grpc-gateway/v2; version v2.16.0 -- +** github.com/grpc-ecosystem/grpc-gateway/v2; version v2.18.1 -- https://github.com/grpc-ecosystem/grpc-gateway/v2 Copyright (c) 2015, Gengo, Inc. @@ -911,7 +938,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/imdario/mergo; version v0.3.13 -- +** github.com/imdario/mergo; version v0.3.16 -- https://github.com/darccio/mergo Copyright (c) 2013 Dario Castañé. All rights reserved. @@ -945,7 +972,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/miekg/dns; version v1.1.55 -- +** github.com/miekg/dns; version v1.1.57 -- https://github.com/miekg/dns BSD 3-Clause License @@ -1051,7 +1078,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg; version v0.44.0 -- +** github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg; version v0.45.0 -- https://github.com/prometheus/common Copyright (c) 2011, Open Knowledge Foundation Ltd. @@ -1087,10 +1114,10 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/rogpeppe/go-internal/fmtsort; version v1.11.0 -- +** github.com/rogpeppe/go-internal/fmtsort; version v1.12.0 -- https://github.com/rogpeppe/go-internal -** google.golang.org/protobuf; version v1.31.0 -- +** google.golang.org/protobuf; version v1.32.0 -- https://go.googlesource.com/protobuf Copyright (c) 2018 The Go Authors. All rights reserved. @@ -1157,7 +1184,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** google.golang.org/api; version v0.140.0 -- +** google.golang.org/api; version v0.154.0 -- https://github.com/googleapis/google-api-go-client Copyright (c) 2011 Google Inc. All rights reserved. @@ -1190,7 +1217,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** google.golang.org/api/internal/third_party/uritemplates; version v0.140.0 -- +** google.golang.org/api/internal/third_party/uritemplates; version v0.154.0 -- https://github.com/googleapis/google-api-go-client Copyright (c) 2013 Joshua Tacoma. All rights reserved. @@ -1257,7 +1284,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json; version v0.0.0-20230905202853-d090da108d2f -- +** k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json; version v0.0.0-20240103051144-eec4567ac022 -- https://github.com/kubernetes/kube-openapi Copyright (c) 2020 The Go Authors. All rights reserved. @@ -1290,7 +1317,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** software.sslmate.com/src/go-pkcs12; version v0.2.1 -- +** software.sslmate.com/src/go-pkcs12; version v0.4.0 -- https://software.sslmate.com/src/go-pkcs12 Copyright (c) 2015, 2018, 2019 Opsmate, Inc. All rights reserved. @@ -1345,10 +1372,41 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ------ -** github.com/Azure/azure-sdk-for-go; version v68.0.0+incompatible -- -https://github.com/Azure/azure-sdk-for-go +** github.com/Azure/azure-sdk-for-go/sdk/azcore; version v1.9.1 -- +https://github.com/Azure/azure-sdk-for-go/sdk/azcore Copyright (c) Microsoft Corporation. +** github.com/Azure/azure-sdk-for-go/sdk/azidentity; version v1.4.0 -- +https://github.com/Azure/azure-sdk-for-go/sdk/azidentity +Copyright (c) Microsoft Corporation. + +** github.com/Azure/azure-sdk-for-go/sdk/internal; version v1.5.1 -- +https://github.com/Azure/azure-sdk-for-go/sdk/internal +Copyright (c) Microsoft Corporation. + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE +------ + +** github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns; version v1.2.0 -- +https://github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns +Copyright (c) Microsoft Corporation. All rights reserved. + ** github.com/Azure/go-ntlmssp; version v0.0.0-20221128193559-754e69321358 -- https://github.com/Azure/go-ntlmssp Copyright (c) 2016 Microsoft @@ -1401,12 +1459,12 @@ Copyright (c) 2018 Daniel McCarney https://github.com/emicklei/go-restful/v3 Copyright (c) 2012,2013 Ernest Micklei -** github.com/felixge/httpsnoop; version v1.0.3 -- +** github.com/felixge/httpsnoop; version v1.0.4 -- https://github.com/felixge/httpsnoop Copyright (c) 2016 Felix Geisendörfer (felix@debuggable.com) -** github.com/golang-jwt/jwt/v4; version v4.5.0 -- -https://github.com/golang-jwt/jwt/v4 +** github.com/golang-jwt/jwt/v5; version v5.0.0 -- +https://github.com/golang-jwt/jwt/v5 Copyright (c) 2012 Dave Grijalva Copyright (c) 2021 golang-jwt maintainers @@ -1446,6 +1504,10 @@ Copyright (c) 2014 Ryan Uber https://github.com/sirupsen/logrus Copyright (c) 2014 Simon Eskildsen +** github.com/sosodev/duration; version v1.2.0 -- +https://github.com/sosodev/duration +Copyright (c) 2022 Kyle McGough + ** github.com/youmark/pkcs8; version v0.0.0-20201027041543-1326539a0a0a -- https://github.com/youmark/pkcs8 Copyright (c) 2014 youmark @@ -1454,7 +1516,7 @@ Copyright (c) 2014 youmark https://github.com/uber-go/multierr Copyright (c) 2017-2021 Uber Technologies, Inc. -** go.uber.org/zap; version v1.25.0 -- +** go.uber.org/zap; version v1.26.0 -- https://github.com/uber-go/zap Copyright (c) 2016-2017 Uber Technologies, Inc. @@ -1477,7 +1539,34 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ------ -** github.com/digitalocean/godo; version v1.102.1 -- +** github.com/AzureAD/microsoft-authentication-library-for-go/apps; version v1.1.1 -- +https://github.com/AzureAD/microsoft-authentication-library-for-go +Copyright (c) Microsoft Corporation. + +MIT License + + + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE +------ + +** github.com/digitalocean/godo; version v1.107.0 -- https://github.com/digitalocean/godo Copyright (c) 2014-2016 The godo AUTHORS. All rights reserved. Copyright (c) 2013 The go-github AUTHORS. All rights reserved. @@ -1534,7 +1623,7 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/go-asn1-ber/asn1-ber; version v1.5.4 -- +** github.com/go-asn1-ber/asn1-ber; version v1.5.5 -- https://github.com/go-asn1-ber/asn1-ber Copyright (c) 2011-2015 Michael Mitton (mmitton@gmail.com) @@ -1559,7 +1648,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ------ -** github.com/go-ldap/ldap/v3; version v3.4.5 -- +** github.com/go-ldap/ldap/v3; version v3.4.6 -- https://github.com/go-ldap/ldap/v3 Copyright (c) 2011-2015 Michael Mitton (mmitton@gmail.com) @@ -1684,59 +1773,6 @@ limitations under the License. ------ -** sigs.k8s.io/yaml; version v1.3.0 -- -https://github.com/kubernetes-sigs/yaml -Copyright (c) 2014 Sam Ghods -Copyright (c) 2012 The Go Authors. All rights reserved. - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - - - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - -* Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. -* Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. -* Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------- - ** github.com/hashicorp/errwrap; version v1.1.0 -- https://github.com/hashicorp/errwrap @@ -2118,12 +2154,6 @@ https://github.com/hashicorp/go-rootcerts * Package github.com/hashicorp/go-rootcerts's source code may be found at: https://github.com/hashicorp/go-rootcerts/tree/v1.0.2 -** github.com/hashicorp/go-secure-stdlib/parseutil; version v0.1.7 -- -https://github.com/hashicorp/go-secure-stdlib/parseutil - - * Package github.com/hashicorp/go-secure-stdlib/parseutil's source code may be found at: - https://github.com/hashicorp/go-secure-stdlib/parseutil/tree/v0.1.7 - ** github.com/hashicorp/go-secure-stdlib/strutil; version v0.1.2 -- https://github.com/hashicorp/go-secure-stdlib/strutil @@ -2858,11 +2888,11 @@ Exhibit B - “Incompatible With Secondary Licenses” Notice ------ -** github.com/hashicorp/go-retryablehttp; version v0.7.4 -- +** github.com/hashicorp/go-retryablehttp; version v0.7.5 -- https://github.com/hashicorp/go-retryablehttp * Package github.com/hashicorp/go-retryablehttp's source code may be found at: - https://github.com/hashicorp/go-retryablehttp/tree/v0.7.4 + https://github.com/hashicorp/go-retryablehttp/tree/v0.7.5 ** github.com/hashicorp/vault/api; version v1.10.0 -- https://github.com/hashicorp/vault/api @@ -2870,11 +2900,11 @@ https://github.com/hashicorp/vault/api * Package github.com/hashicorp/vault/api's source code may be found at: https://github.com/hashicorp/vault/api/tree/v1.10.0 -** github.com/hashicorp/vault/sdk/helper; version v0.10.0 -- +** github.com/hashicorp/vault/sdk/helper; version v0.10.2 -- https://github.com/hashicorp/vault/sdk * Package github.com/hashicorp/vault/sdk/helper's source code may be found at: - https://github.com/hashicorp/vault/sdk/tree/v0.10.0 + https://github.com/hashicorp/vault/sdk/tree/v0.10.2 Copyright (c) 2015 HashiCorp, Inc. @@ -3244,11 +3274,387 @@ Exhibit B - "Incompatible With Secondary Licenses" Notice ------ -** github.com/hashicorp/go-sockaddr; version v1.0.2 -- +** github.com/hashicorp/go-secure-stdlib/parseutil; version v0.1.8 -- +https://github.com/hashicorp/go-secure-stdlib/parseutil + + * Package github.com/hashicorp/go-secure-stdlib/parseutil's source code may be found at: + https://github.com/hashicorp/go-secure-stdlib/parseutil/tree/v0.1.8 + +Copyright (c) 2020 HashiCorp, Inc. + +Mozilla Public License, version 2.0 + +1. Definitions + +1.1. "Contributor" + + means each individual or legal entity that creates, contributes to the + creation of, or owns Covered Software. + +1.2. "Contributor Version" + + means the combination of the Contributions of others (if any) used by a + Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + + means Source Code Form to which the initial Contributor has attached the + notice in Exhibit A, the Executable Form of such Source Code Form, and + Modifications of such Source Code Form, in each case including portions + thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + a. that the initial Contributor has attached the notice described in + Exhibit B to the Covered Software; or + + b. that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the terms of + a Secondary License. + +1.6. "Executable Form" + + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + + means a work that combines Covered Software with other material, in a + separate file or files, that is not Covered Software. + +1.8. "License" + + means this document. + +1.9. "Licensable" + + means having the right to grant, to the maximum extent possible, whether + at the time of the initial grant or subsequently, any and all of the + rights conveyed by this License. + +1.10. "Modifications" + + means any of the following: + + a. any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered Software; or + + b. any new file in Source Code Form that contains any Covered Software. + +1.11. "Patent Claims" of a Contributor + + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the License, + by the making, using, selling, offering for sale, having made, import, + or transfer of either its Contributions or its Contributor Version. + +1.12. "Secondary License" + + means either the GNU General Public License, Version 2.0, the GNU Lesser + General Public License, Version 2.1, the GNU Affero General Public + License, Version 3.0, or any later versions of those licenses. + +1.13. "Source Code Form" + + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that controls, is + controlled by, or is under common control with You. For purposes of this + definition, "control" means (a) the power, direct or indirect, to cause + the direction or management of such entity, whether by contract or + otherwise, or (b) ownership of more than fifty percent (50%) of the + outstanding shares or beneficial ownership of such entity. + + +2. License Grants and Conditions + +2.1. Grants + + Each Contributor hereby grants You a world-wide, royalty-free, + non-exclusive license: + + a. under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + + b. under Patent Claims of such Contributor to make, use, sell, offer for + sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + + The licenses granted in Section 2.1 with respect to any Contribution + become effective for each Contribution on the date the Contributor first + distributes such Contribution. + +2.3. Limitations on Grant Scope + + The licenses granted in this Section 2 are the only rights granted under + this License. No additional rights or licenses will be implied from the + distribution or licensing of Covered Software under this License. + Notwithstanding Section 2.1(b) above, no patent license is granted by a + Contributor: + + a. for any code that a Contributor has removed from Covered Software; or + + b. for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + + c. under Patent Claims infringed by Covered Software in the absence of + its Contributions. + + This License does not grant any rights in the trademarks, service marks, + or logos of any Contributor (except as may be necessary to comply with + the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + + No Contributor makes additional grants as a result of Your choice to + distribute the Covered Software under a subsequent version of this + License (see Section 10.2) or under the terms of a Secondary License (if + permitted under the terms of Section 3.3). + +2.5. Representation + + Each Contributor represents that the Contributor believes its + Contributions are its original creation(s) or it has sufficient rights to + grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + + This License is not intended to limit any rights You have under + applicable copyright doctrines of fair use, fair dealing, or other + equivalents. + +2.7. Conditions + + Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in + Section 2.1. + + +3. Responsibilities + +3.1. Distribution of Source Form + + All distribution of Covered Software in Source Code Form, including any + Modifications that You create or to which You contribute, must be under + the terms of this License. You must inform recipients that the Source + Code Form of the Covered Software is governed by the terms of this + License, and how they can obtain a copy of this License. You may not + attempt to alter or restrict the recipients' rights in the Source Code + Form. + +3.2. Distribution of Executable Form + + If You distribute Covered Software in Executable Form then: + + a. such Covered Software must also be made available in Source Code Form, + as described in Section 3.1, and You must inform recipients of the + Executable Form how they can obtain a copy of such Source Code Form by + reasonable means in a timely manner, at a charge no more than the cost + of distribution to the recipient; and + + b. You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter the + recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + + You may create and distribute a Larger Work under terms of Your choice, + provided that You also comply with the requirements of this License for + the Covered Software. If the Larger Work is a combination of Covered + Software with a work governed by one or more Secondary Licenses, and the + Covered Software is not Incompatible With Secondary Licenses, this + License permits You to additionally distribute such Covered Software + under the terms of such Secondary License(s), so that the recipient of + the Larger Work may, at their option, further distribute the Covered + Software under the terms of either this License or such Secondary + License(s). + +3.4. Notices + + You may not remove or alter the substance of any license notices + (including copyright notices, patent notices, disclaimers of warranty, or + limitations of liability) contained within the Source Code Form of the + Covered Software, except that You may alter any license notices to the + extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + + You may choose to offer, and to charge a fee for, warranty, support, + indemnity or liability obligations to one or more recipients of Covered + Software. However, You may do so only on Your own behalf, and not on + behalf of any Contributor. You must make it absolutely clear that any + such warranty, support, indemnity, or liability obligation is offered by + You alone, and You hereby agree to indemnify every Contributor for any + liability incurred by such Contributor as a result of warranty, support, + indemnity or liability terms You offer. You may include additional + disclaimers of warranty and limitations of liability specific to any + jurisdiction. + +4. Inability to Comply Due to Statute or Regulation + + If it is impossible for You to comply with any of the terms of this License + with respect to some or all of the Covered Software due to statute, + judicial order, or regulation then You must: (a) comply with the terms of + this License to the maximum extent possible; and (b) describe the + limitations and the code they affect. Such description must be placed in a + text file included with all distributions of the Covered Software under + this License. Except to the extent prohibited by statute or regulation, + such description must be sufficiently detailed for a recipient of ordinary + skill to be able to understand it. + +5. Termination + +5.1. The rights granted under this License will terminate automatically if You + fail to comply with any of its terms. However, if You become compliant, + then the rights granted under this License from a particular Contributor + are reinstated (a) provisionally, unless and until such Contributor + explicitly and finally terminates Your grants, and (b) on an ongoing + basis, if such Contributor fails to notify You of the non-compliance by + some reasonable means prior to 60 days after You have come back into + compliance. Moreover, Your grants from a particular Contributor are + reinstated on an ongoing basis if such Contributor notifies You of the + non-compliance by some reasonable means, this is the first time You have + received notice of non-compliance with this License from such + Contributor, and You become compliant prior to 30 days after Your receipt + of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent + infringement claim (excluding declaratory judgment actions, + counter-claims, and cross-claims) alleging that a Contributor Version + directly or indirectly infringes any patent, then the rights granted to + You by any and all Contributors for the Covered Software under Section + 2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user + license agreements (excluding distributors and resellers) which have been + validly granted by You or Your distributors under this License prior to + termination shall survive termination. + +6. Disclaimer of Warranty + + Covered Software is provided under this License on an "as is" basis, + without warranty of any kind, either expressed, implied, or statutory, + including, without limitation, warranties that the Covered Software is free + of defects, merchantable, fit for a particular purpose or non-infringing. + The entire risk as to the quality and performance of the Covered Software + is with You. Should any Covered Software prove defective in any respect, + You (not any Contributor) assume the cost of any necessary servicing, + repair, or correction. This disclaimer of warranty constitutes an essential + part of this License. No use of any Covered Software is authorized under + this License except under this disclaimer. + +7. Limitation of Liability + + Under no circumstances and under no legal theory, whether tort (including + negligence), contract, or otherwise, shall any Contributor, or anyone who + distributes Covered Software as permitted above, be liable to You for any + direct, indirect, special, incidental, or consequential damages of any + character including, without limitation, damages for lost profits, loss of + goodwill, work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses, even if such party shall have been + informed of the possibility of such damages. This limitation of liability + shall not apply to liability for death or personal injury resulting from + such party's negligence to the extent applicable law prohibits such + limitation. Some jurisdictions do not allow the exclusion or limitation of + incidental or consequential damages, so this exclusion and limitation may + not apply to You. + +8. Litigation + + Any litigation relating to this License may be brought only in the courts + of a jurisdiction where the defendant maintains its principal place of + business and such litigation shall be governed by laws of that + jurisdiction, without reference to its conflict-of-law provisions. Nothing + in this Section shall prevent a party's ability to bring cross-claims or + counter-claims. + +9. Miscellaneous + + This License represents the complete agreement concerning the subject + matter hereof. If any provision of this License is held to be + unenforceable, such provision shall be reformed only to the extent + necessary to make it enforceable. Any law or regulation which provides that + the language of a contract shall be construed against the drafter shall not + be used to construe this License against a Contributor. + + +10. Versions of the License + +10.1. New Versions + + Mozilla Foundation is the license steward. Except as provided in Section + 10.3, no one other than the license steward has the right to modify or + publish new versions of this License. Each version will be given a + distinguishing version number. + +10.2. Effect of New Versions + + You may distribute the Covered Software under the terms of the version + of the License under which You originally received the Covered Software, + or under the terms of any subsequent version published by the license + steward. + +10.3. Modified Versions + + If you create software not governed by this License, and you want to + create a new license for such software, you may create and use a + modified version of this License if you rename the license and remove + any references to the name of the license steward (except to note that + such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary + Licenses If You choose to distribute Source Code Form that is + Incompatible With Secondary Licenses under the terms of this version of + the License, the notice described in Exhibit B of this License must be + attached. + +Exhibit A - Source Code Form License Notice + + This Source Code Form is subject to the + terms of the Mozilla Public License, v. + 2.0. If a copy of the MPL was not + distributed with this file, You can + obtain one at + http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular file, +then You may include the notice in a location (such as a LICENSE file in a +relevant directory) where a recipient would be likely to look for such a +notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice + + This Source Code Form is "Incompatible + With Secondary Licenses", as defined by + the Mozilla Public License, v. 2.0. + + +------ + +** github.com/hashicorp/go-sockaddr; version v1.0.6 -- https://github.com/hashicorp/go-sockaddr * Package github.com/hashicorp/go-sockaddr's source code may be found at: - https://github.com/hashicorp/go-sockaddr/tree/v1.0.2 + https://github.com/hashicorp/go-sockaddr/tree/v1.0.6 + +Copyright (c) 2016 HashiCorp, Inc. Mozilla Public License Version 2.0 ================================== diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_CTL_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_CTL_ATTRIBUTION.txt index fbf983af83..86ffa1b7e9 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_CTL_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_CTL_ATTRIBUTION.txt @@ -1,20 +1,23 @@ -** github.com/cert-manager/cert-manager; version v1.13.2-0.20231026154503-eca879c9d5de -- +** github.com/cert-manager/cert-manager; version v1.14.1 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/cmd/ctl; version v1.13.2 -- +** github.com/cert-manager/cert-manager/cmd/ctl; version v1.14.2 -- https://github.com/cert-manager/cert-manager/cmd/ctl -** github.com/containerd/containerd; version v1.7.1 -- +** github.com/containerd/containerd; version v1.7.11 -- https://github.com/containerd/containerd -** github.com/docker/cli/cli/config; version v23.0.3+incompatible -- +** github.com/containerd/log; version v0.1.0 -- +https://github.com/containerd/log + +** github.com/docker/cli/cli/config; version v24.0.6+incompatible -- https://github.com/docker/cli ** github.com/docker/distribution; version v2.8.2+incompatible -- https://github.com/distribution/distribution -** github.com/docker/docker; version v23.0.3+incompatible -- +** github.com/docker/docker; version v24.0.7+incompatible -- https://github.com/moby/moby ** github.com/docker/go-connections; version v0.4.0 -- @@ -26,22 +29,22 @@ https://github.com/docker/go-metrics ** github.com/docker/go-units; version v0.5.0 -- https://github.com/docker/go-units -** github.com/go-logr/logr; version v1.2.4 -- +** github.com/go-logr/logr; version v1.4.1 -- https://github.com/go-logr/logr ** github.com/go-logr/stdr; version v1.2.2 -- https://github.com/go-logr/stdr -** github.com/go-logr/zapr; version v1.2.4 -- +** github.com/go-logr/zapr; version v1.3.0 -- https://github.com/go-logr/zapr -** github.com/go-openapi/jsonpointer; version v0.19.6 -- +** github.com/go-openapi/jsonpointer; version v0.20.2 -- https://github.com/go-openapi/jsonpointer -** github.com/go-openapi/jsonreference; version v0.20.2 -- +** github.com/go-openapi/jsonreference; version v0.20.4 -- https://github.com/go-openapi/jsonreference -** github.com/go-openapi/swag; version v0.22.3 -- +** github.com/go-openapi/swag; version v0.22.7 -- https://github.com/go-openapi/swag ** github.com/google/btree; version v1.0.1 -- @@ -56,14 +59,14 @@ https://github.com/google/gofuzz ** github.com/google/shlex; version v0.0.0-20191202100458-e7afc7fbc510 -- https://github.com/google/shlex -** github.com/klauspost/compress; version v1.16.0 -- +** github.com/klauspost/compress; version v1.16.5 -- https://github.com/klauspost/compress ** github.com/Masterminds/goutils; version v1.1.1 -- https://github.com/Masterminds/goutils -** github.com/matttproud/golang_protobuf_extensions/pbutil; version v1.0.4 -- -https://github.com/matttproud/golang_protobuf_extensions +** github.com/matttproud/golang_protobuf_extensions/v2/pbutil; version v2.0.0 -- +https://github.com/matttproud/golang_protobuf_extensions/v2 ** github.com/moby/locker; version v1.0.1 -- https://github.com/moby/locker @@ -71,7 +74,7 @@ https://github.com/moby/locker ** github.com/moby/spdystream; version v0.2.0 -- https://github.com/moby/spdystream -** github.com/moby/term; version v0.0.0-20221205130635-1aeaba878587 -- +** github.com/moby/term; version v0.5.0 -- https://github.com/moby/term ** github.com/modern-go/concurrent; version v0.0.0-20180306012644-bacd9c7ef1dd -- @@ -83,22 +86,22 @@ https://github.com/modern-go/reflect2 ** github.com/opencontainers/go-digest; version v1.0.0 -- https://github.com/opencontainers/go-digest -** github.com/opencontainers/image-spec/specs-go; version v1.1.0-rc2.0.20221005185240-3a7f492d3f1b -- +** github.com/opencontainers/image-spec/specs-go; version v1.1.0-rc5 -- https://github.com/opencontainers/image-spec -** github.com/prometheus/client_golang/prometheus; version v1.16.0 -- +** github.com/prometheus/client_golang/prometheus; version v1.18.0 -- https://github.com/prometheus/client_golang -** github.com/prometheus/client_model/go; version v0.4.0 -- +** github.com/prometheus/client_model/go; version v0.5.0 -- https://github.com/prometheus/client_model -** github.com/prometheus/common; version v0.44.0 -- +** github.com/prometheus/common; version v0.45.0 -- https://github.com/prometheus/common -** github.com/prometheus/procfs; version v0.10.1 -- +** github.com/prometheus/procfs; version v0.12.0 -- https://github.com/prometheus/procfs -** github.com/spf13/cobra; version v1.7.0 -- +** github.com/spf13/cobra; version v1.8.0 -- https://github.com/spf13/cobra ** github.com/xeipuuv/gojsonpointer; version v0.0.0-20190905194746-02993c407bfb -- @@ -110,19 +113,22 @@ https://github.com/xeipuuv/gojsonreference ** github.com/xeipuuv/gojsonschema; version v1.2.0 -- https://github.com/xeipuuv/gojsonschema -** go.opentelemetry.io/otel; version v1.19.0 -- +** go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp; version v0.46.1 -- +https://github.com/open-telemetry/opentelemetry-go-contrib + +** go.opentelemetry.io/otel; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/metric; version v1.19.0 -- +** go.opentelemetry.io/otel/metric; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/trace; version v1.19.0 -- +** go.opentelemetry.io/otel/trace; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go -** google.golang.org/genproto/googleapis/rpc/status; version v0.0.0-20230911183012-2d3300fd4832 -- +** google.golang.org/genproto/googleapis/rpc/status; version v0.0.0-20240102182953-50ed04b92917 -- https://github.com/googleapis/go-genproto -** google.golang.org/grpc; version v1.58.3 -- +** google.golang.org/grpc; version v1.60.1 -- https://github.com/grpc/grpc-go ** gopkg.in/yaml.v2; version v2.4.0 -- @@ -131,52 +137,49 @@ https://gopkg.in/yaml.v2 ** helm.sh/helm/v3; version v3.12.3 -- https://github.com/helm/helm -** k8s.io/api; version v0.28.1 -- +** k8s.io/api; version v0.29.0 -- https://github.com/kubernetes/api -** k8s.io/apiextensions-apiserver/pkg/apis/apiextensions; version v0.28.1 -- +** k8s.io/apiextensions-apiserver/pkg/apis/apiextensions; version v0.29.0 -- https://github.com/kubernetes/apiextensions-apiserver -** k8s.io/apimachinery/pkg; version v0.28.1 -- +** k8s.io/apimachinery/pkg; version v0.29.0 -- https://github.com/kubernetes/apimachinery -** k8s.io/apiserver/pkg/endpoints/deprecation; version v0.28.1 -- +** k8s.io/apiserver/pkg/endpoints/deprecation; version v0.29.0 -- https://github.com/kubernetes/apiserver -** k8s.io/cli-runtime/pkg; version v0.28.1 -- +** k8s.io/cli-runtime/pkg; version v0.29.0 -- https://github.com/kubernetes/cli-runtime -** k8s.io/client-go; version v0.28.1 -- +** k8s.io/client-go; version v0.29.0 -- https://github.com/kubernetes/client-go -** k8s.io/component-base; version v0.28.1 -- +** k8s.io/component-base; version v0.29.0 -- https://github.com/kubernetes/component-base -** k8s.io/klog/v2; version v2.100.1 -- +** k8s.io/klog/v2; version v2.110.1 -- https://github.com/kubernetes/klog -** k8s.io/kube-aggregator/pkg/apis/apiregistration; version v0.28.1 -- -https://github.com/kubernetes/kube-aggregator - -** k8s.io/kube-openapi/pkg; version v0.0.0-20230905202853-d090da108d2f -- +** k8s.io/kube-openapi/pkg; version v0.0.0-20240103051144-eec4567ac022 -- https://github.com/kubernetes/kube-openapi -** k8s.io/kube-openapi/pkg/validation/spec; version v0.0.0-20230905202853-d090da108d2f -- +** k8s.io/kube-openapi/pkg/validation/spec; version v0.0.0-20240103051144-eec4567ac022 -- https://github.com/kubernetes/kube-openapi -** k8s.io/kubectl/pkg; version v0.28.1 -- +** k8s.io/kubectl/pkg; version v0.29.0 -- https://github.com/kubernetes/kubectl -** k8s.io/utils; version v0.0.0-20230726121419-3b25d923346b -- +** k8s.io/utils; version v0.0.0-20240102154912-e7106e64919e -- https://github.com/kubernetes/utils -** oras.land/oras-go/pkg; version v1.2.3 -- +** oras.land/oras-go/pkg; version v1.2.4 -- https://github.com/oras-project/oras-go -** sigs.k8s.io/controller-runtime/pkg; version v0.16.1 -- +** sigs.k8s.io/controller-runtime/pkg; version v0.16.3 -- https://github.com/kubernetes-sigs/controller-runtime -** sigs.k8s.io/gateway-api/apis/v1beta1; version v0.8.0 -- +** sigs.k8s.io/gateway-api/apis/v1; version v1.0.0 -- https://github.com/kubernetes-sigs/gateway-api ** sigs.k8s.io/json; version v0.0.0-20221116044647-bc3834ca7abd -- @@ -188,9 +191,15 @@ https://github.com/kubernetes-sigs/kustomize ** sigs.k8s.io/kustomize/kyaml; version v0.14.3-0.20230601165947-6ce0bf390ce3 -- https://github.com/kubernetes-sigs/kustomize -** sigs.k8s.io/structured-merge-diff/v4; version v4.3.0 -- +** sigs.k8s.io/structured-merge-diff/v4; version v4.4.1 -- https://github.com/kubernetes-sigs/structured-merge-diff +** sigs.k8s.io/yaml; version v1.4.0 -- +https://github.com/kubernetes-sigs/yaml + +** sigs.k8s.io/yaml/goyaml.v2; version v1.4.0 -- +https://github.com/kubernetes-sigs/yaml + Apache License Version 2.0, January 2004 @@ -477,7 +486,7 @@ For more information, please see https://www.bis.doc.gov See also https://www.apache.org/dev/crypto.html and/or seek legal counsel. -* For github.com/matttproud/golang_protobuf_extensions/pbutil see also this required NOTICE: +* For github.com/matttproud/golang_protobuf_extensions/v2/pbutil see also this required NOTICE: Copyright 2012 Matt T. Proud (matt.proud@gmail.com) @@ -556,6 +565,50 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + +* For sigs.k8s.io/yaml/goyaml.v2 see also this required NOTICE: +Copyright 2011-2016 Canonical Ltd. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +------ + +** github.com/gorilla/websocket; version v1.5.0 -- +https://github.com/gorilla/websocket + +Copyright (c) 2013 The Gorilla WebSocket Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + + Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ------ ** github.com/pkg/errors; version v0.9.1 -- @@ -689,10 +742,10 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/evanphx/json-patch; version v5.6.0+incompatible -- +** github.com/evanphx/json-patch; version v5.7.0+incompatible -- https://github.com/evanphx/json-patch -** github.com/evanphx/json-patch/v5; version v5.6.0 -- +** github.com/evanphx/json-patch/v5; version v5.7.0 -- https://github.com/evanphx/json-patch/v5 Copyright (c) 2014, Evan Phoenix @@ -798,7 +851,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/google/go-cmp/cmp; version v0.5.9 -- +** github.com/google/go-cmp/cmp; version v0.6.0 -- https://github.com/google/go-cmp Copyright (c) 2017 The Go Authors. All rights reserved. @@ -831,7 +884,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/google/uuid; version v1.3.1 -- +** github.com/google/uuid; version v1.5.0 -- https://github.com/google/uuid Copyright (c) 2009,2014 Google Inc. All rights reserved. @@ -897,7 +950,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/imdario/mergo; version v0.3.13 -- +** github.com/imdario/mergo; version v0.3.16 -- https://github.com/darccio/mergo Copyright (c) 2013 Dario Castañé. All rights reserved. @@ -931,7 +984,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/klauspost/compress/internal/snapref; version v1.16.0 -- +** github.com/klauspost/compress/internal/snapref; version v1.16.5 -- https://github.com/klauspost/compress Copyright (c) 2011 The Snappy-Go Authors. All rights reserved. @@ -967,40 +1020,37 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ** github.com/liggitt/tabwriter; version v0.0.0-20181228230101-89fcab3d43de -- https://github.com/liggitt/tabwriter -** golang.org/go; version go1.20.14 -- +** golang.org/go; version go1.21.8 -- https://github.com/golang/go -** golang.org/x/crypto; version v0.14.0 -- +** golang.org/x/crypto; version v0.17.0 -- https://golang.org/x/crypto -** golang.org/x/exp; version v0.0.0-20230905200255-921286631fa9 -- -https://golang.org/x/exp - -** golang.org/x/net; version v0.17.0 -- +** golang.org/x/net; version v0.19.0 -- https://golang.org/x/net -** golang.org/x/oauth2; version v0.12.0 -- +** golang.org/x/oauth2; version v0.15.0 -- https://golang.org/x/oauth2 -** golang.org/x/sync; version v0.3.0 -- +** golang.org/x/sync; version v0.5.0 -- https://golang.org/x/sync -** golang.org/x/sys; version v0.13.0 -- +** golang.org/x/sys; version v0.15.0 -- https://golang.org/x/sys -** golang.org/x/term; version v0.13.0 -- +** golang.org/x/term; version v0.15.0 -- https://golang.org/x/term -** golang.org/x/text; version v0.13.0 -- +** golang.org/x/text; version v0.14.0 -- https://golang.org/x/text -** golang.org/x/time/rate; version v0.3.0 -- +** golang.org/x/time/rate; version v0.5.0 -- https://golang.org/x/time -** k8s.io/apimachinery/third_party/forked/golang; version v0.28.1 -- +** k8s.io/apimachinery/third_party/forked/golang; version v0.29.0 -- https://github.com/kubernetes/apimachinery -** k8s.io/client-go/third_party/forked/golang/template; version v0.28.1 -- +** k8s.io/client-go/third_party/forked/golang/template; version v0.29.0 -- https://github.com/kubernetes/client-go Copyright (c) 2009 The Go Authors. All rights reserved. @@ -1070,7 +1120,42 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg; version v0.44.0 -- +** github.com/mxk/go-flowrate/flowrate; version v0.0.0-20140419014527-cca7078d478f -- +https://github.com/mxk/go-flowrate + +Copyright (c) 2014 The Go-FlowRate Authors. All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the + distribution. + + * Neither the name of the go-flowrate project nor the names of its + contributors may be used to endorse or promote products derived + from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +------ + +** github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg; version v0.45.0 -- https://github.com/prometheus/common Copyright (c) 2011, Open Knowledge Foundation Ltd. @@ -1175,7 +1260,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** google.golang.org/protobuf; version v1.31.0 -- +** google.golang.org/protobuf; version v1.32.0 -- https://go.googlesource.com/protobuf Copyright (c) 2018 The Go Authors. All rights reserved. @@ -1242,7 +1327,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json; version v0.0.0-20230905202853-d090da108d2f -- +** k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json; version v0.0.0-20240103051144-eec4567ac022 -- https://github.com/kubernetes/kube-openapi Copyright (c) 2020 The Go Authors. All rights reserved. @@ -1275,7 +1360,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** k8s.io/utils/internal/third_party/forked/golang/net; version v0.0.0-20230726121419-3b25d923346b -- +** k8s.io/utils/internal/third_party/forked/golang/net; version v0.0.0-20240102154912-e7106e64919e -- https://github.com/kubernetes/utils Copyright (c) 2012 The Go Authors. All rights reserved. @@ -1329,9 +1414,9 @@ OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. ------ -** github.com/asaskevich/govalidator; version v0.0.0-20200428143746-21a406dcc535 -- +** github.com/asaskevich/govalidator; version v0.0.0-20230301143203-a9d515a09cc2 -- https://github.com/asaskevich/govalidator -Copyright (c) 2014 Alex Saskevich +Copyright (c) 2014-2020 Alex Saskevich ** github.com/Azure/go-ntlmssp; version v0.0.0-20221128193559-754e69321358 -- https://github.com/Azure/go-ntlmssp @@ -1345,7 +1430,7 @@ Copyright (C) 2013 Blake Mizerany https://github.com/blang/semver/v4 Copyright (c) 2014 Benedikt Lang -** github.com/BurntSushi/toml; version v1.2.1 -- +** github.com/BurntSushi/toml; version v1.3.2 -- https://github.com/BurntSushi/toml Copyright (c) 2013 TOML authors @@ -1373,6 +1458,10 @@ Copyright (c) 2015 Fatih Arslan https://github.com/fatih/color Copyright (c) 2013 Fatih Arslan +** github.com/felixge/httpsnoop; version v1.0.4 -- +https://github.com/felixge/httpsnoop +Copyright (c) 2016 Felix Geisendörfer (felix@debuggable.com) + ** github.com/go-errors/errors; version v1.4.2 -- https://github.com/go-errors/errors Copyright (c) 2015 Conrad Irwin @@ -1401,7 +1490,7 @@ Copyright (c) 2019 Josh Bleecher Snyder https://github.com/json-iterator/go Copyright (c) 2016 json-iterator -** github.com/klauspost/compress/zstd/internal/xxhash; version v1.16.0 -- +** github.com/klauspost/compress/zstd/internal/xxhash; version v1.16.5 -- https://github.com/klauspost/compress Copyright (c) 2016 Caleb Spare @@ -1469,11 +1558,11 @@ Copyright (c) 2011-2012 Peter Bourgon https://github.com/rivo/uniseg Copyright (c) 2019 Oliver Kuederle -** github.com/rubenv/sql-migrate; version v1.3.1 -- +** github.com/rubenv/sql-migrate; version v1.5.2 -- https://github.com/rubenv/sql-migrate Copyright (C) 2014-2021 by Ruben Vermeersch -** github.com/rubenv/sql-migrate/sqlparse; version v1.3.1 -- +** github.com/rubenv/sql-migrate/sqlparse; version v1.5.2 -- https://github.com/rubenv/sql-migrate Copyright (C) 2014-2017 by Ruben Vermeersch Copyright (C) 2012-2014 by Liam Staskawicz @@ -1490,7 +1579,7 @@ Copyright (c) 2014 Steve Francia https://github.com/uber-go/multierr Copyright (c) 2017-2021 Uber Technologies, Inc. -** go.uber.org/zap; version v1.25.0 -- +** go.uber.org/zap; version v1.26.0 -- https://github.com/uber-go/zap Copyright (c) 2016-2017 Uber Technologies, Inc. @@ -1517,7 +1606,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ------ -** github.com/go-asn1-ber/asn1-ber; version v1.5.4 -- +** github.com/go-asn1-ber/asn1-ber; version v1.5.5 -- https://github.com/go-asn1-ber/asn1-ber Copyright (c) 2011-2015 Michael Mitton (mmitton@gmail.com) @@ -1570,7 +1659,7 @@ TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ------ -** github.com/go-ldap/ldap/v3; version v3.4.5 -- +** github.com/go-ldap/ldap/v3; version v3.4.6 -- https://github.com/go-ldap/ldap/v3 Copyright (c) 2011-2015 Michael Mitton (mmitton@gmail.com) @@ -1830,59 +1919,6 @@ limitations under the License. ------ -** sigs.k8s.io/yaml; version v1.3.0 -- -https://github.com/kubernetes-sigs/yaml -Copyright (c) 2014 Sam Ghods -Copyright (c) 2012 The Go Authors. All rights reserved. - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - - - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - -* Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. -* Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. -* Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------- - ** github.com/hashicorp/errwrap; version v1.1.0 -- https://github.com/hashicorp/errwrap diff --git a/projects/cert-manager/cert-manager/CERT_MANAGER_WEBHOOK_ATTRIBUTION.txt b/projects/cert-manager/cert-manager/CERT_MANAGER_WEBHOOK_ATTRIBUTION.txt index 588581d0ce..885c2618c9 100644 --- a/projects/cert-manager/cert-manager/CERT_MANAGER_WEBHOOK_ATTRIBUTION.txt +++ b/projects/cert-manager/cert-manager/CERT_MANAGER_WEBHOOK_ATTRIBUTION.txt @@ -2,35 +2,38 @@ ** github.com/cert-manager/cert-manager; version v0.0.0-00010101000000-000000000000 -- https://github.com/cert-manager/cert-manager -** github.com/cert-manager/cert-manager/webhook-binary; version v1.13.2 -- +** github.com/cert-manager/cert-manager/webhook-binary; version v1.14.2 -- https://github.com/cert-manager/cert-manager/webhook-binary -** github.com/go-logr/logr; version v1.2.4 -- +** github.com/go-logr/logr; version v1.4.1 -- https://github.com/go-logr/logr ** github.com/go-logr/stdr; version v1.2.2 -- https://github.com/go-logr/stdr -** github.com/go-logr/zapr; version v1.2.4 -- +** github.com/go-logr/zapr; version v1.3.0 -- https://github.com/go-logr/zapr -** github.com/go-openapi/jsonpointer; version v0.19.6 -- +** github.com/go-openapi/jsonpointer; version v0.20.2 -- https://github.com/go-openapi/jsonpointer -** github.com/go-openapi/jsonreference; version v0.20.2 -- +** github.com/go-openapi/jsonreference; version v0.20.4 -- https://github.com/go-openapi/jsonreference -** github.com/go-openapi/swag; version v0.22.3 -- +** github.com/go-openapi/swag; version v0.22.7 -- https://github.com/go-openapi/swag +** github.com/google/cel-go; version v0.17.7 -- +https://github.com/google/cel-go + ** github.com/google/gnostic-models; version v0.6.8 -- https://github.com/google/gnostic-models ** github.com/google/gofuzz; version v1.2.0 -- https://github.com/google/gofuzz -** github.com/matttproud/golang_protobuf_extensions/pbutil; version v1.0.4 -- -https://github.com/matttproud/golang_protobuf_extensions +** github.com/matttproud/golang_protobuf_extensions/v2/pbutil; version v2.0.0 -- +https://github.com/matttproud/golang_protobuf_extensions/v2 ** github.com/modern-go/concurrent; version v0.0.0-20180306012644-bacd9c7ef1dd -- https://github.com/modern-go/concurrent @@ -38,40 +41,40 @@ https://github.com/modern-go/concurrent ** github.com/modern-go/reflect2; version v1.0.2 -- https://github.com/modern-go/reflect2 -** github.com/prometheus/client_golang/prometheus; version v1.16.0 -- +** github.com/prometheus/client_golang/prometheus; version v1.18.0 -- https://github.com/prometheus/client_golang -** github.com/prometheus/client_model/go; version v0.4.0 -- +** github.com/prometheus/client_model/go; version v0.5.0 -- https://github.com/prometheus/client_model -** github.com/prometheus/common; version v0.44.0 -- +** github.com/prometheus/common; version v0.45.0 -- https://github.com/prometheus/common -** github.com/prometheus/procfs; version v0.10.1 -- +** github.com/prometheus/procfs; version v0.12.0 -- https://github.com/prometheus/procfs -** github.com/spf13/cobra; version v1.7.0 -- +** github.com/spf13/cobra; version v1.8.0 -- https://github.com/spf13/cobra -** go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp; version v0.44.0 -- +** go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp; version v0.46.1 -- https://github.com/open-telemetry/opentelemetry-go-contrib -** go.opentelemetry.io/otel; version v1.19.0 -- +** go.opentelemetry.io/otel; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/exporters/otlp/otlptrace; version v1.19.0 -- +** go.opentelemetry.io/otel/exporters/otlp/otlptrace; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc; version v1.19.0 -- +** go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/metric; version v1.19.0 -- +** go.opentelemetry.io/otel/metric; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/sdk; version v1.19.0 -- +** go.opentelemetry.io/otel/sdk; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go -** go.opentelemetry.io/otel/trace; version v1.19.0 -- +** go.opentelemetry.io/otel/trace; version v1.21.0 -- https://github.com/open-telemetry/opentelemetry-go ** go.opentelemetry.io/proto/otlp; version v1.0.0 -- @@ -80,63 +83,66 @@ https://github.com/open-telemetry/opentelemetry-proto-go ** gomodules.xyz/jsonpatch/v2; version v2.4.0 -- https://github.com/gomodules/jsonpatch -** google.golang.org/genproto/googleapis/api/httpbody; version v0.0.0-20230803162519-f966b187b2e5 -- +** google.golang.org/genproto/googleapis/api; version v0.0.0-20240102182953-50ed04b92917 -- https://github.com/googleapis/go-genproto -** google.golang.org/genproto/googleapis/rpc; version v0.0.0-20230911183012-2d3300fd4832 -- +** google.golang.org/genproto/googleapis/rpc; version v0.0.0-20240102182953-50ed04b92917 -- https://github.com/googleapis/go-genproto -** google.golang.org/grpc; version v1.58.3 -- +** google.golang.org/grpc; version v1.60.1 -- https://github.com/grpc/grpc-go ** gopkg.in/yaml.v2; version v2.4.0 -- https://gopkg.in/yaml.v2 -** k8s.io/api; version v0.28.1 -- +** k8s.io/api; version v0.29.0 -- https://github.com/kubernetes/api -** k8s.io/apiextensions-apiserver/pkg/apis/apiextensions; version v0.28.1 -- +** k8s.io/apiextensions-apiserver/pkg/apis/apiextensions; version v0.29.0 -- https://github.com/kubernetes/apiextensions-apiserver -** k8s.io/apimachinery/pkg; version v0.28.1 -- +** k8s.io/apimachinery/pkg; version v0.29.0 -- https://github.com/kubernetes/apimachinery -** k8s.io/apiserver; version v0.28.1 -- +** k8s.io/apiserver; version v0.29.0 -- https://github.com/kubernetes/apiserver -** k8s.io/client-go; version v0.28.1 -- +** k8s.io/client-go; version v0.29.0 -- https://github.com/kubernetes/client-go -** k8s.io/component-base; version v0.28.1 -- +** k8s.io/component-base; version v0.29.0 -- https://github.com/kubernetes/component-base -** k8s.io/klog/v2; version v2.100.1 -- +** k8s.io/klog/v2; version v2.110.1 -- https://github.com/kubernetes/klog -** k8s.io/kube-aggregator/pkg/apis/apiregistration; version v0.28.1 -- -https://github.com/kubernetes/kube-aggregator - -** k8s.io/kube-openapi/pkg; version v0.0.0-20230905202853-d090da108d2f -- +** k8s.io/kube-openapi/pkg; version v0.0.0-20240103051144-eec4567ac022 -- https://github.com/kubernetes/kube-openapi -** k8s.io/kube-openapi/pkg/validation/spec; version v0.0.0-20230905202853-d090da108d2f -- +** k8s.io/kube-openapi/pkg/validation/spec; version v0.0.0-20240103051144-eec4567ac022 -- https://github.com/kubernetes/kube-openapi -** k8s.io/utils; version v0.0.0-20230726121419-3b25d923346b -- +** k8s.io/utils; version v0.0.0-20240102154912-e7106e64919e -- https://github.com/kubernetes/utils -** sigs.k8s.io/apiserver-network-proxy/konnectivity-client; version v0.1.2 -- +** sigs.k8s.io/apiserver-network-proxy/konnectivity-client; version v0.29.0 -- https://github.com/kubernetes-sigs/apiserver-network-proxy -** sigs.k8s.io/gateway-api/apis/v1beta1; version v0.8.0 -- +** sigs.k8s.io/gateway-api/apis/v1; version v1.0.0 -- https://github.com/kubernetes-sigs/gateway-api ** sigs.k8s.io/json; version v0.0.0-20221116044647-bc3834ca7abd -- https://github.com/kubernetes-sigs/json -** sigs.k8s.io/structured-merge-diff/v4; version v4.3.0 -- +** sigs.k8s.io/structured-merge-diff/v4; version v4.4.1 -- https://github.com/kubernetes-sigs/structured-merge-diff +** sigs.k8s.io/yaml; version v1.4.0 -- +https://github.com/kubernetes-sigs/yaml + +** sigs.k8s.io/yaml/goyaml.v2; version v1.4.0 -- +https://github.com/kubernetes-sigs/yaml + Apache License Version 2.0, January 2004 @@ -341,7 +347,7 @@ https://github.com/kubernetes-sigs/structured-merge-diff limitations under the License. -* For github.com/matttproud/golang_protobuf_extensions/pbutil see also this required NOTICE: +* For github.com/matttproud/golang_protobuf_extensions/v2/pbutil see also this required NOTICE: Copyright 2012 Matt T. Proud (matt.proud@gmail.com) @@ -412,6 +418,54 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + +* For sigs.k8s.io/yaml/goyaml.v2 see also this required NOTICE: +Copyright 2011-2016 Canonical Ltd. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +------ + +** github.com/antlr/antlr4/runtime/Go/antlr/v4; version v4.0.0-20230305170008-8188dc5388df -- +https://github.com/antlr/antlr4/runtime/Go/antlr/v4 + +Copyright 2021 The ANTLR Project + +Redistribution and use in source and binary forms, with or without modification, +are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + + 3. Neither the name of the copyright holder nor the names of its + contributors may be used to endorse or promote products derived from this + software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + ------ ** github.com/gogo/protobuf; version v1.3.2 -- @@ -489,7 +543,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/google/go-cmp/cmp; version v0.5.9 -- +** github.com/google/go-cmp/cmp; version v0.6.0 -- https://github.com/google/go-cmp Copyright (c) 2017 The Go Authors. All rights reserved. @@ -522,7 +576,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/google/uuid; version v1.3.1 -- +** github.com/google/uuid; version v1.5.0 -- https://github.com/google/uuid Copyright (c) 2009,2014 Google Inc. All rights reserved. @@ -555,7 +609,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/grpc-ecosystem/grpc-gateway/v2; version v2.16.0 -- +** github.com/grpc-ecosystem/grpc-gateway/v2; version v2.18.1 -- https://github.com/grpc-ecosystem/grpc-gateway/v2 Copyright (c) 2015, Gengo, Inc. @@ -588,7 +642,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/imdario/mergo; version v0.3.13 -- +** github.com/imdario/mergo; version v0.3.16 -- https://github.com/darccio/mergo Copyright (c) 2013 Dario Castañé. All rights reserved. @@ -659,7 +713,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg; version v0.44.0 -- +** github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg; version v0.45.0 -- https://github.com/prometheus/common Copyright (c) 2011, Open Knowledge Foundation Ltd. @@ -729,37 +783,37 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** golang.org/go; version go1.20.14 -- +** golang.org/go; version go1.21.8 -- https://github.com/golang/go -** golang.org/x/crypto/md4; version v0.14.0 -- +** golang.org/x/crypto; version v0.17.0 -- https://golang.org/x/crypto -** golang.org/x/exp; version v0.0.0-20230905200255-921286631fa9 -- +** golang.org/x/exp; version v0.0.0-20231226003508-02704c960a9b -- https://golang.org/x/exp -** golang.org/x/net; version v0.17.0 -- +** golang.org/x/net; version v0.19.0 -- https://golang.org/x/net -** golang.org/x/oauth2; version v0.12.0 -- +** golang.org/x/oauth2; version v0.15.0 -- https://golang.org/x/oauth2 -** golang.org/x/sync/errgroup; version v0.3.0 -- +** golang.org/x/sync; version v0.5.0 -- https://golang.org/x/sync -** golang.org/x/sys/unix; version v0.13.0 -- +** golang.org/x/sys/unix; version v0.15.0 -- https://golang.org/x/sys -** golang.org/x/term; version v0.13.0 -- +** golang.org/x/term; version v0.15.0 -- https://golang.org/x/term -** golang.org/x/text; version v0.13.0 -- +** golang.org/x/text; version v0.14.0 -- https://golang.org/x/text -** golang.org/x/time/rate; version v0.3.0 -- +** golang.org/x/time/rate; version v0.5.0 -- https://golang.org/x/time -** k8s.io/apimachinery/third_party/forked/golang/reflect; version v0.28.1 -- +** k8s.io/apimachinery/third_party/forked/golang/reflect; version v0.29.0 -- https://github.com/kubernetes/apimachinery Copyright (c) 2009 The Go Authors. All rights reserved. @@ -792,7 +846,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** google.golang.org/protobuf; version v1.31.0 -- +** google.golang.org/protobuf; version v1.32.0 -- https://go.googlesource.com/protobuf Copyright (c) 2018 The Go Authors. All rights reserved. @@ -859,7 +913,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json; version v0.0.0-20230905202853-d090da108d2f -- +** k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json; version v0.0.0-20240103051144-eec4567ac022 -- https://github.com/kubernetes/kube-openapi Copyright (c) 2020 The Go Authors. All rights reserved. @@ -892,7 +946,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------ -** k8s.io/utils/internal/third_party/forked/golang; version v0.0.0-20230726121419-3b25d923346b -- +** k8s.io/utils/internal/third_party/forked/golang; version v0.0.0-20240102154912-e7106e64919e -- https://github.com/kubernetes/utils Copyright (c) 2012 The Go Authors. All rights reserved. @@ -970,7 +1024,7 @@ Copyright (c) 2016 Caleb Spare https://github.com/emicklei/go-restful/v3 Copyright (c) 2012,2013 Ernest Micklei -** github.com/felixge/httpsnoop; version v1.0.3 -- +** github.com/felixge/httpsnoop; version v1.0.4 -- https://github.com/felixge/httpsnoop Copyright (c) 2016 Felix Geisendörfer (felix@debuggable.com) @@ -986,11 +1040,15 @@ Copyright (c) 2016 json-iterator https://github.com/mailru/easyjson Copyright (c) 2016 Mail.Ru Group +** github.com/stoewer/go-strcase; version v1.3.0 -- +https://github.com/stoewer/go-strcase +Copyright (c) 2017, Adrian Stoewer + ** go.uber.org/multierr; version v1.11.0 -- https://github.com/uber-go/multierr Copyright (c) 2017-2021 Uber Technologies, Inc. -** go.uber.org/zap; version v1.25.0 -- +** go.uber.org/zap; version v1.26.0 -- https://github.com/uber-go/zap Copyright (c) 2016-2017 Uber Technologies, Inc. @@ -1013,7 +1071,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ------ -** github.com/go-asn1-ber/asn1-ber; version v1.5.4 -- +** github.com/go-asn1-ber/asn1-ber; version v1.5.5 -- https://github.com/go-asn1-ber/asn1-ber Copyright (c) 2011-2015 Michael Mitton (mmitton@gmail.com) @@ -1038,7 +1096,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ------ -** github.com/go-ldap/ldap/v3; version v3.4.5 -- +** github.com/go-ldap/ldap/v3; version v3.4.6 -- https://github.com/go-ldap/ldap/v3 Copyright (c) 2011-2015 Michael Mitton (mmitton@gmail.com) @@ -1135,56 +1193,3 @@ See the License for the specific language governing permissions and limitations under the License. ------ - -** sigs.k8s.io/yaml; version v1.3.0 -- -https://github.com/kubernetes-sigs/yaml -Copyright (c) 2014 Sam Ghods -Copyright (c) 2012 The Go Authors. All rights reserved. - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - - - - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - -* Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. -* Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. -* Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ------- diff --git a/projects/cert-manager/cert-manager/CHECKSUMS b/projects/cert-manager/cert-manager/CHECKSUMS index fe55ad3172..bafd0581dc 100644 --- a/projects/cert-manager/cert-manager/CHECKSUMS +++ b/projects/cert-manager/cert-manager/CHECKSUMS @@ -1,10 +1,10 @@ -be01a1e488b6e1ef741dd338a0c38bba5cc2559c0b70d9c60858938f8f669171 _output/bin/cert-manager/linux-amd64/cert-manager-acmesolver -a5c72f1382c9fde1ae86f3dea515a8ee8beb920f8070071c0fbc8a186bd6b7c8 _output/bin/cert-manager/linux-amd64/cert-manager-cainjector -cf07a535068307b81d47bf8018784476a0ebed3c548590c454e3b9847ba68136 _output/bin/cert-manager/linux-amd64/cert-manager-controller -5d69da6145371e1ccb7392da6422686aa183121f6349f924968f4c14a234d926 _output/bin/cert-manager/linux-amd64/cert-manager-ctl -20526ae1da90f153483f439b871dd2f4a53fa7fef32fbc2d6e369ec421f126bd _output/bin/cert-manager/linux-amd64/cert-manager-webhook -0d58e2bdf6917fee879bb349c750eaa79778a1787e04540a11b67d6a08c7792c _output/bin/cert-manager/linux-arm64/cert-manager-acmesolver -9cfc5e998a4a4a16513ba6bd03cc745488d36d7b147ba74edb5229551d00482a _output/bin/cert-manager/linux-arm64/cert-manager-cainjector -302572486cec395a4b828b2fb7457eecbb724b016e1f08cc540381039baffd45 _output/bin/cert-manager/linux-arm64/cert-manager-controller -e55dc2209d059b736318b0eacaa37e8143f29a2c307b8ce90221e8e7b6830bc2 _output/bin/cert-manager/linux-arm64/cert-manager-ctl -82369712dcd24a7be62e4c7429485ecba7eab4ab791b2d746d09d718e31731c0 _output/bin/cert-manager/linux-arm64/cert-manager-webhook +f87d0e03d7d9cdbf86e56de682346bc266eea265923d98376e25c3e5b4178acd _output/bin/cert-manager/linux-amd64/cert-manager-acmesolver +81222fbaed5c13731342e44d0b2911b061e97706afeb92a809acf2793f214de4 _output/bin/cert-manager/linux-amd64/cert-manager-cainjector +e5a325c99cca47903a082392d0937d048841d0793ad77065381f030d394abdb2 _output/bin/cert-manager/linux-amd64/cert-manager-controller +b4c636bd455da0a14bc6ee76d2ee601e6971ac00eefa810aead5d2b6c0be0172 _output/bin/cert-manager/linux-amd64/cert-manager-ctl +50cbe34b9c8bb617022ec518b97d4a36562fa4770e2dab14c001db6a3eb00799 _output/bin/cert-manager/linux-amd64/cert-manager-webhook +07987ba3eba7caa0f2576de93251e3dcf0692af8a96542a5acef09c6500ff5fe _output/bin/cert-manager/linux-arm64/cert-manager-acmesolver +962cc57a64f81f953dbac8b94605dd6c735b522b708123c2bb2ba094d50a0288 _output/bin/cert-manager/linux-arm64/cert-manager-cainjector +1aef22785b156b03a08fefd201a62318c3983a250c37b58277427107ccdc4935 _output/bin/cert-manager/linux-arm64/cert-manager-controller +8659660b8fc33cf9e03798c46ec38d82985a6f92693fa5f905c591f0b5f8a17a _output/bin/cert-manager/linux-arm64/cert-manager-ctl +a1ef6c91870ba52ea48b252d58aba242ea3891155f1cd4f95f299551a2ea5372 _output/bin/cert-manager/linux-arm64/cert-manager-webhook diff --git a/projects/cert-manager/cert-manager/GIT_TAG b/projects/cert-manager/cert-manager/GIT_TAG index fb844899c1..471578389b 100644 --- a/projects/cert-manager/cert-manager/GIT_TAG +++ b/projects/cert-manager/cert-manager/GIT_TAG @@ -1 +1 @@ -v1.13.2 +v1.14.2 diff --git a/projects/cert-manager/cert-manager/GOLANG_VERSION b/projects/cert-manager/cert-manager/GOLANG_VERSION index 5fb5a6b4f5..d2ab029d32 100644 --- a/projects/cert-manager/cert-manager/GOLANG_VERSION +++ b/projects/cert-manager/cert-manager/GOLANG_VERSION @@ -1 +1 @@ -1.20 +1.21 diff --git a/projects/cert-manager/cert-manager/Makefile b/projects/cert-manager/cert-manager/Makefile index 49a858ad17..2efff714d4 100644 --- a/projects/cert-manager/cert-manager/Makefile +++ b/projects/cert-manager/cert-manager/Makefile @@ -25,7 +25,7 @@ CERT_MANAGER_ACMESOLVER_ATTRIBUTION_OVERRIDE=cert-manager-acmesolver HAS_HELM_CHART=true HELM_DIRECTORY=deploy/charts/cert-manager -HELM_IMAGE_LIST=cert-manager/cert-manager-cainjector cert-manager/cert-manager-controller cert-manager/cert-manager-webhook cert-manager/cert-manager-ctl +HELM_IMAGE_LIST=cert-manager/cert-manager-cainjector cert-manager/cert-manager-controller cert-manager/cert-manager-webhook cert-manager/cert-manager-ctl cert-manager/cert-manager-acmesolver HAS_S3_ARTIFACTS=true diff --git a/projects/cert-manager/cert-manager/README.md b/projects/cert-manager/cert-manager/README.md index 9766a4d661..0f5200c1a2 100644 --- a/projects/cert-manager/cert-manager/README.md +++ b/projects/cert-manager/cert-manager/README.md @@ -1,5 +1,5 @@ ## **cert-manager** -![Version](https://img.shields.io/badge/version-v1.13.2-blue) +![Version](https://img.shields.io/badge/version-v1.14.2-blue) ![Build Status](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiUkphQkhWTUpOOVE1OFVLU0dHQmVFUXZJV0dJaGVLYmtEZHp0aGtDRnJBQUxtaHVqOWp3S0l6d0NlTytqNWpwc2tNTmF6RnNhMTZ3d1J1RXErR0lWcldZPSIsIml2UGFyYW1ldGVyU3BlYyI6IlQyU2lIcVVtU3ozZVZSVTgiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) [cert-manager](https://github.com/cert-manager/cert-manager) is a Kubernetes add-on to automate the management and issuance of TLS certificates from various issuing sources, such as [Let’s Encrypt](https://letsencrypt.org), [HashiCorp Vault](https://www.vaultproject.io), [Venafi](https://www.venafi.com/), a simple signing key pair, or self signed. It periodically ensures that certificates are valid and up-to-date, and attempts to renew certificates at an appropriate time before expiry. diff --git a/projects/cert-manager/cert-manager/helm/patches/0001-Use-sourceRegistry-and-digest-in-chart.patch b/projects/cert-manager/cert-manager/helm/patches/0001-Use-sourceRegistry-and-digest-in-chart.patch index 2701c3d05d..d8c5d49524 100644 --- a/projects/cert-manager/cert-manager/helm/patches/0001-Use-sourceRegistry-and-digest-in-chart.patch +++ b/projects/cert-manager/cert-manager/helm/patches/0001-Use-sourceRegistry-and-digest-in-chart.patch @@ -1,4 +1,4 @@ -From 61be93062447ad6eebd654f37e8f178f3bd4cbee Mon Sep 17 00:00:00 2001 +From cd922266eab5d30b4fe51645876291aa29144477 Mon Sep 17 00:00:00 2001 From: Abdullahi Abdinur Date: Thu, 6 Oct 2022 12:55:27 -0700 Subject: [PATCH 1/4] Use-sourceRegistry-and-digest-in-chart @@ -6,13 +6,13 @@ Subject: [PATCH 1/4] Use-sourceRegistry-and-digest-in-chart --- deploy/charts/cert-manager/Chart.yaml | 20 ++ deploy/charts/cert-manager/README.md | 248 ++++++++++++++++++ - .../templates/cainjector-deployment.yaml | 4 +- - .../cert-manager/templates/deployment.yaml | 4 +- + .../templates/cainjector-deployment.yaml | 2 +- + .../cert-manager/templates/deployment.yaml | 2 +- .../cert-manager/templates/namespace.yaml | 7 + - .../templates/startupapicheck-job.yaml | 4 +- - .../templates/webhook-deployment.yaml | 4 +- - deploy/charts/cert-manager/values.yaml | 14 +- - 8 files changed, 289 insertions(+), 16 deletions(-) + .../templates/startupapicheck-job.yaml | 2 +- + .../templates/webhook-deployment.yaml | 2 +- + deploy/charts/cert-manager/values.yaml | 17 +- + 8 files changed, 291 insertions(+), 9 deletions(-) create mode 100644 deploy/charts/cert-manager/Chart.yaml create mode 100644 deploy/charts/cert-manager/README.md create mode 100644 deploy/charts/cert-manager/templates/namespace.yaml @@ -298,35 +298,31 @@ index 000000000..4fd1e752d + +This chart is maintained at [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager). diff --git a/deploy/charts/cert-manager/templates/cainjector-deployment.yaml b/deploy/charts/cert-manager/templates/cainjector-deployment.yaml -index fbfed0fce..8d979bdd8 100644 +index a2f7243e8..8f181519e 100644 --- a/deploy/charts/cert-manager/templates/cainjector-deployment.yaml +++ b/deploy/charts/cert-manager/templates/cainjector-deployment.yaml -@@ -54,9 +54,7 @@ spec: +@@ -59,7 +59,7 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }}-cainjector -- {{- with .Values.cainjector.image }} -- image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" -- {{- end }} +- image: "{{ template "image" (tuple .Values.cainjector.image $.Chart.AppVersion) }}" + image: "{{ .Values.sourceRegistry }}/{{ .Values.cainjector.image.repository }}@{{ .Values.cainjector.image.digest }}" imagePullPolicy: {{ .Values.cainjector.image.pullPolicy }} args: - {{- if .Values.global.logLevel }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} diff --git a/deploy/charts/cert-manager/templates/deployment.yaml b/deploy/charts/cert-manager/templates/deployment.yaml -index 6e74f1e82..fdb95289d 100644 +index c984de03d..2cf730824 100644 --- a/deploy/charts/cert-manager/templates/deployment.yaml +++ b/deploy/charts/cert-manager/templates/deployment.yaml -@@ -65,9 +65,7 @@ spec: +@@ -77,7 +77,7 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }}-controller -- {{- with .Values.image }} -- image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" -- {{- end }} +- image: "{{ template "image" (tuple .Values.image $.Chart.AppVersion) }}" + image: "{{ .Values.sourceRegistry }}/{{ .Values.image.repository }}@{{ .Values.image.digest }}" imagePullPolicy: {{ .Values.image.pullPolicy }} args: - {{- if .Values.global.logLevel }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} diff --git a/deploy/charts/cert-manager/templates/namespace.yaml b/deploy/charts/cert-manager/templates/namespace.yaml new file mode 100644 index 000000000..b49644d70 @@ -341,40 +337,36 @@ index 000000000..b49644d70 +spec: {} +status: {} diff --git a/deploy/charts/cert-manager/templates/startupapicheck-job.yaml b/deploy/charts/cert-manager/templates/startupapicheck-job.yaml -index f55b5fe15..6a7675e27 100644 +index 311b4c48e..daf358d57 100644 --- a/deploy/charts/cert-manager/templates/startupapicheck-job.yaml +++ b/deploy/charts/cert-manager/templates/startupapicheck-job.yaml -@@ -43,9 +43,7 @@ spec: +@@ -47,7 +47,7 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }}-startupapicheck -- {{- with .Values.startupapicheck.image }} -- image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" -- {{- end }} +- image: "{{ template "image" (tuple .Values.startupapicheck.image $.Chart.AppVersion) }}" + image: "{{ .Values.sourceRegistry }}/{{ .Values.startupapicheck.image.repository }}@{{ .Values.startupapicheck.image.digest }}" imagePullPolicy: {{ .Values.startupapicheck.image.pullPolicy }} args: - check diff --git a/deploy/charts/cert-manager/templates/webhook-deployment.yaml b/deploy/charts/cert-manager/templates/webhook-deployment.yaml -index 259a96c79..efe5d692e 100644 +index e55cd4361..ca7698384 100644 --- a/deploy/charts/cert-manager/templates/webhook-deployment.yaml +++ b/deploy/charts/cert-manager/templates/webhook-deployment.yaml -@@ -56,9 +56,7 @@ spec: +@@ -64,7 +64,7 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }}-webhook -- {{- with .Values.webhook.image }} -- image: "{{- if .registry -}}{{ .registry }}/{{- end -}}{{ .repository }}{{- if (.digest) -}} @{{ .digest }}{{- else -}}:{{ default $.Chart.AppVersion .tag }} {{- end -}}" -- {{- end }} +- image: "{{ template "image" (tuple .Values.webhook.image $.Chart.AppVersion) }}" + image: "{{ .Values.sourceRegistry }}/{{ .Values.webhook.image.repository }}@{{ .Values.webhook.image.digest }}" imagePullPolicy: {{ .Values.webhook.image.pullPolicy }} args: - {{- if .Values.global.logLevel }} + {{- /* The if statement below is equivalent to {{- if $value }} but will also return true for 0. */ -}} diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml -index 35ec9766a..fd30fc787 100644 +index 885ae024b..bbd1d61c4 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml -@@ -1,6 +1,8 @@ +@@ -3,6 +3,8 @@ # Default values for cert-manager. # This is a YAML-formatted file. # Declare variables to be passed into your templates. @@ -383,74 +375,91 @@ index 35ec9766a..fd30fc787 100644 global: # Reference to one or more secrets to be used when pulling images # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -@@ -68,7 +70,7 @@ featureGates: "" - maxConcurrentChallenges: 60 +@@ -130,7 +132,7 @@ image: - image: + # The container image for the cert-manager controller + # +docs:property - repository: quay.io/jetstack/cert-manager-controller + repository: cert-manager/cert-manager-controller - # You can manage a registry with - # registry: quay.io - # repository: jetstack/cert-manager-controller -@@ -79,6 +81,7 @@ image: - # Setting a digest will override any tag + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion will be used. +@@ -142,6 +144,7 @@ image: # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + # Kubernetes imagePullPolicy on Deployment. + digest: {{cert-manager/cert-manager-controller}} pullPolicy: IfNotPresent # Override the namespace used to store DNS provider credentials etc. for ClusterIssuer -@@ -333,7 +336,7 @@ webhook: - serviceLabels: {} +@@ -753,7 +756,7 @@ webhook: - image: + # The container image for the cert-manager webhook + # +docs:property - repository: quay.io/jetstack/cert-manager-webhook + repository: cert-manager/cert-manager-webhook - # You can manage a registry with - # registry: quay.io - # repository: jetstack/cert-manager-webhook -@@ -344,6 +347,7 @@ webhook: - # Setting a digest will override any tag + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion will be used. +@@ -765,6 +768,7 @@ webhook: # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 -+ digest: {{cert-manager/cert-manager-webhook}} + # Kubernetes imagePullPolicy on Deployment. ++ digest: {{cert-manager/cert-manager-webhook}} pullPolicy: IfNotPresent -@@ -471,7 +475,7 @@ cainjector: - podLabels: {} + serviceAccount: +@@ -1036,7 +1040,7 @@ cainjector: - image: + # The container image for the cert-manager cainjector + # +docs:property - repository: quay.io/jetstack/cert-manager-cainjector + repository: cert-manager/cert-manager-cainjector - # You can manage a registry with - # registry: quay.io - # repository: jetstack/cert-manager-cainjector -@@ -482,6 +486,7 @@ cainjector: - # Setting a digest will override any tag + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion will be used. +@@ -1048,6 +1052,7 @@ cainjector: # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + # Kubernetes imagePullPolicy on Deployment. + digest: {{cert-manager/cert-manager-cainjector}} + pullPolicy: IfNotPresent + + serviceAccount: +@@ -1095,7 +1100,7 @@ acmesolver: + # The container image for the cert-manager acmesolver + # +docs:property +- repository: quay.io/jetstack/cert-manager-acmesolver ++ repository: cert-manager/cert-manager-acmesolver + + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion will be used. +@@ -1107,6 +1112,7 @@ acmesolver: + # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + # Kubernetes imagePullPolicy on Deployment. ++ digest: {{cert-manager/cert-manager-acmesolver}} pullPolicy: IfNotPresent -@@ -577,7 +582,7 @@ startupapicheck: - podLabels: {} + # +docs:section=Startup API Check +@@ -1222,7 +1228,7 @@ startupapicheck: - image: -- repository: quay.io/jetstack/cert-manager-ctl + # The container image for the cert-manager startupapicheck + # +docs:property +- repository: quay.io/jetstack/cert-manager-startupapicheck + repository: cert-manager/cert-manager-ctl - # You can manage a registry with - # registry: quay.io - # repository: jetstack/cert-manager-ctl -@@ -588,6 +593,7 @@ startupapicheck: - # Setting a digest will override any tag + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion will be used. +@@ -1234,6 +1240,7 @@ startupapicheck: # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 -+ digest: {{cert-manager/cert-manager-ctl}} + # Kubernetes imagePullPolicy on Deployment. ++ digest: {{cert-manager/cert-manager-ctl}} pullPolicy: IfNotPresent + rbac: -- -2.34.1 +2.42.0 diff --git a/projects/cert-manager/cert-manager/helm/patches/0002-Add-cert-manager-CRDs.patch b/projects/cert-manager/cert-manager/helm/patches/0002-Add-cert-manager-CRDs.patch index 8b1cf03c01..3cff2f9608 100644 --- a/projects/cert-manager/cert-manager/helm/patches/0002-Add-cert-manager-CRDs.patch +++ b/projects/cert-manager/cert-manager/helm/patches/0002-Add-cert-manager-CRDs.patch @@ -1,4 +1,4 @@ -From f54914de847ff0be543ed2c966905aac8920a22d Mon Sep 17 00:00:00 2001 +From ddb08b49854fe5a5f19df0a3a9d72d6ca0669d6d Mon Sep 17 00:00:00 2001 From: Prow Bot Date: Thu, 23 Jun 2022 07:01:26 -0600 Subject: [PATCH 2/4] Add cert-manager CRDs @@ -4193,5 +4193,5 @@ index 000000000..af016f11e + served: true + storage: true -- -2.34.1 +2.42.0 diff --git a/projects/cert-manager/cert-manager/helm/patches/0003-Remove-namespace-from-chart.patch b/projects/cert-manager/cert-manager/helm/patches/0003-Remove-namespace-from-chart.patch index 73c7249b4a..e5cf5d2e60 100644 --- a/projects/cert-manager/cert-manager/helm/patches/0003-Remove-namespace-from-chart.patch +++ b/projects/cert-manager/cert-manager/helm/patches/0003-Remove-namespace-from-chart.patch @@ -1,4 +1,4 @@ -From e733b0c7c345b91542537de3fee523897190a717 Mon Sep 17 00:00:00 2001 +From 7b6ab0321b1f5fda5b46f51e626c51749851178b Mon Sep 17 00:00:00 2001 From: Abdullahi Abdinur Date: Thu, 6 Oct 2022 12:58:13 -0700 Subject: [PATCH 3/4] Remove namespace from chart @@ -22,5 +22,5 @@ index b49644d70..000000000 -spec: {} -status: {} -- -2.34.1 +2.42.0 diff --git a/projects/cert-manager/cert-manager/helm/patches/0004-Update-cert-manager-namespace-config.patch b/projects/cert-manager/cert-manager/helm/patches/0004-Update-cert-manager-namespace-config.patch index ffb81ae7f1..fc261dbda2 100644 --- a/projects/cert-manager/cert-manager/helm/patches/0004-Update-cert-manager-namespace-config.patch +++ b/projects/cert-manager/cert-manager/helm/patches/0004-Update-cert-manager-namespace-config.patch @@ -1,4 +1,4 @@ -From 0b0c300c2ee6b8622bec6414d8d8706badaff458 Mon Sep 17 00:00:00 2001 +From fc73bb8866bf3e113c3a3e0f412f46bff30ea866 Mon Sep 17 00:00:00 2001 From: Abdullahi Abdinur Date: Wed, 19 Oct 2022 10:58:28 -0700 Subject: [PATCH 4/4] Update cert manager namespace config @@ -13,16 +13,18 @@ Subject: [PATCH 4/4] Update cert manager namespace config 6 files changed, 13 insertions(+), 10 deletions(-) diff --git a/deploy/charts/cert-manager/templates/_helpers.tpl b/deploy/charts/cert-manager/templates/_helpers.tpl -index 90db4af26..da4f1a14b 100644 +index 067fe6a05..902142094 100644 --- a/deploy/charts/cert-manager/templates/_helpers.tpl +++ b/deploy/charts/cert-manager/templates/_helpers.tpl -@@ -170,5 +170,5 @@ This gets around an problem within helm discussed here +@@ -170,7 +170,7 @@ This gets around an problem within helm discussed here https://github.com/helm/helm/issues/5358 */}} {{- define "cert-manager.namespace" -}} - {{ .Values.namespace | default .Release.Namespace }} + {{ .Release.Namespace | default .Values.defaultNamespace}} {{- end -}} + + {{/* diff --git a/deploy/charts/cert-manager/templates/cainjector-serviceaccount.yaml b/deploy/charts/cert-manager/templates/cainjector-serviceaccount.yaml index fedc731f8..6f2723a80 100644 --- a/deploy/charts/cert-manager/templates/cainjector-serviceaccount.yaml @@ -40,7 +42,7 @@ index fedc731f8..6f2723a80 100644 {{- end }} {{- end }} diff --git a/deploy/charts/cert-manager/templates/serviceaccount.yaml b/deploy/charts/cert-manager/templates/serviceaccount.yaml -index 6026842ff..39209cfa5 100644 +index 87fc00ea7..b90ec30c3 100644 --- a/deploy/charts/cert-manager/templates/serviceaccount.yaml +++ b/deploy/charts/cert-manager/templates/serviceaccount.yaml @@ -1,9 +1,9 @@ @@ -87,10 +89,10 @@ index dff5c0672..eec438f38 100644 {{- end }} {{- end }} diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml -index fd30fc787..3e5c9d004 100644 +index bbd1d61c4..b91e7b810 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml -@@ -3,10 +3,13 @@ +@@ -5,6 +5,9 @@ # Declare variables to be passed into your templates. namespace: "cert-manager" sourceRegistry: "public.ecr.aws/eks-anywhere" @@ -100,11 +102,15 @@ index fd30fc787..3e5c9d004 100644 global: # Reference to one or more secrets to be used when pulling images # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +@@ -12,7 +15,7 @@ global: + # For example: + # imagePullSecrets: + # - name: "image-pull-secret" - imagePullSecrets: [] + #imagePullSecrets: [] - # - name: "image-pull-secret" # Labels to apply to all resources + # Please note that this does not add labels to the resources created dynamically by the controllers. -- -2.34.1 +2.42.0 diff --git a/projects/cert-manager/cert-manager/manifests/cert-manager.yaml b/projects/cert-manager/cert-manager/manifests/cert-manager.yaml index 15f67a138e..4f940cb126 100644 --- a/projects/cert-manager/cert-manager/manifests/cert-manager.yaml +++ b/projects/cert-manager/cert-manager/manifests/cert-manager.yaml @@ -27,7 +27,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" spec: group: cert-manager.io names: @@ -225,7 +225,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" spec: group: cert-manager.io names: @@ -387,9 +387,83 @@ spec: name: description: 'Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string + profile: + description: "Profile specifies the key and certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 keystore. Default value is `LegacyRC2` for backward compatibility. \n If provided, allowed values are: `LegacyRC2`: Deprecated. Not supported by default in OpenSSL 3 or Java 20. `LegacyDES`: Less secure algorithm. Use this option for maximal compatibility. `Modern2023`: Secure algorithm. Use this option in case you have to always use secure algorithms (eg. because of company policy). Please note that the security of the algorithm is not that important in reality, because the unencrypted certificate and private key are also stored in the Secret." + type: string + enum: + - LegacyRC2 + - LegacyDES + - Modern2023 literalSubject: description: "Requested X.509 certificate subject, represented using the LDAP \"String Representation of a Distinguished Name\" [1]. Important: the LDAP string format also specifies the order of the attributes in the subject, this is important when issuing certs for LDAP authentication. Example: `CN=foo,DC=corp,DC=example,DC=com` More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 More info: https://github.com/cert-manager/cert-manager/issues/3203 More info: https://github.com/cert-manager/cert-manager/issues/4424 \n Cannot be set if the `subject` or `commonName` field is set. This is an Alpha Feature and is only enabled with the `--feature-gates=LiteralCertificateSubject=true` option set on both the controller and webhook components." type: string + nameConstraints: + description: "x.509 certificate NameConstraint extension which MUST NOT be used in a non-CA certificate. More Info: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.10 \n This is an Alpha Feature and is only enabled with the `--feature-gates=NameConstraints=true` option set on both the controller and webhook components." + type: object + properties: + critical: + description: if true then the name constraints are marked critical. + type: boolean + excluded: + description: Excluded contains the constraints which must be disallowed. Any name matching a restriction in the excluded field is invalid regardless of information appearing in the permitted + type: object + properties: + dnsDomains: + description: DNSDomains is a list of DNS domains that are permitted or excluded. + type: array + items: + type: string + emailAddresses: + description: EmailAddresses is a list of Email Addresses that are permitted or excluded. + type: array + items: + type: string + ipRanges: + description: IPRanges is a list of IP Ranges that are permitted or excluded. This should be a valid CIDR notation. + type: array + items: + type: string + uriDomains: + description: URIDomains is a list of URI domains that are permitted or excluded. + type: array + items: + type: string + permitted: + description: Permitted contains the constraints in which the names must be located. + type: object + properties: + dnsDomains: + description: DNSDomains is a list of DNS domains that are permitted or excluded. + type: array + items: + type: string + emailAddresses: + description: EmailAddresses is a list of Email Addresses that are permitted or excluded. + type: array + items: + type: string + ipRanges: + description: IPRanges is a list of IP Ranges that are permitted or excluded. This should be a valid CIDR notation. + type: array + items: + type: string + uriDomains: + description: URIDomains is a list of URI domains that are permitted or excluded. + type: array + items: + type: string + otherNames: + description: '`otherNames` is an escape hatch for SAN that allows any type. We currently restrict the support to string like otherNames, cf RFC 5280 p 37 Any UTF8 String valued otherName can be passed with by setting the keys oid: x.x.x.x and UTF8Value: somevalue for `otherName`. Most commonly this would be UPN set with oid: 1.3.6.1.4.1.311.20.2.3 You should ensure that any OID passed is valid for the UTF8String type as we do not explicitly validate this.' + type: array + items: + type: object + properties: + oid: + description: OID is the object identifier for the otherName SAN. The object identifier must be expressed as a dotted string, for example, "1.2.840.113556.1.4.221". + type: string + utf8Value: + description: utf8Value is the string value of the otherName SAN. The utf8Value accepts any valid UTF8 string to set as value for the otherName SAN. + type: string privateKey: description: Private key options. These include the key algorithm and size, the used encoding and the rotation policy. type: object @@ -596,7 +670,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" spec: group: acme.cert-manager.io names: @@ -761,10 +835,10 @@ spec: - subscriptionID properties: clientID: - description: if both this and ClientSecret are left unset MSI will be used + description: 'Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set.' type: string clientSecretSecretRef: - description: if both this and ClientID are left unset MSI will be used + description: 'Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set.' type: object required: - name @@ -787,14 +861,14 @@ spec: description: name of the DNS zone that should be used type: string managedIdentity: - description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + description: 'Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set.' type: object properties: clientID: description: client ID of the managed identity, can not be used at the same time as resourceID type: string resourceID: - description: resource ID of the managed identity, can not be used at the same time as clientID + description: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity type: string resourceGroupName: description: resource group the DNS zone is located in @@ -803,7 +877,7 @@ spec: description: ID of the Azure subscription type: string tenantID: - description: when specifying ClientID and ClientSecret then this field is also needed + description: 'Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set.' type: string cloudDNS: description: Use the Google Cloud DNS API to manage DNS01 challenge records. @@ -1009,13 +1083,13 @@ spec: maxLength: 253 minLength: 1 namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" type: string maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " type: integer format: int32 maximum: 65535 @@ -1229,7 +1303,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -1259,6 +1333,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -1312,7 +1398,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -1342,6 +1428,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -1402,7 +1500,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -1432,6 +1530,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -1485,7 +1595,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -1515,6 +1625,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -1674,7 +1796,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: "cert-manager" # Generated labels - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" spec: group: cert-manager.io names: @@ -1878,10 +2000,10 @@ spec: - subscriptionID properties: clientID: - description: if both this and ClientSecret are left unset MSI will be used + description: 'Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set.' type: string clientSecretSecretRef: - description: if both this and ClientID are left unset MSI will be used + description: 'Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set.' type: object required: - name @@ -1904,14 +2026,14 @@ spec: description: name of the DNS zone that should be used type: string managedIdentity: - description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + description: 'Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set.' type: object properties: clientID: description: client ID of the managed identity, can not be used at the same time as resourceID type: string resourceID: - description: resource ID of the managed identity, can not be used at the same time as clientID + description: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity type: string resourceGroupName: description: resource group the DNS zone is located in @@ -1920,7 +2042,7 @@ spec: description: ID of the Azure subscription type: string tenantID: - description: when specifying ClientID and ClientSecret then this field is also needed + description: 'Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set.' type: string cloudDNS: description: Use the Google Cloud DNS API to manage DNS01 challenge records. @@ -2126,13 +2248,13 @@ spec: maxLength: 253 minLength: 1 namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" type: string maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " type: integer format: int32 maximum: 65535 @@ -2346,7 +2468,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -2376,6 +2498,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -2429,7 +2563,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -2459,6 +2593,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -2519,7 +2665,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -2549,6 +2695,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -2602,7 +2760,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -2632,6 +2790,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -2749,6 +2919,11 @@ spec: type: array items: type: string + issuingCertificateURLs: + description: IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. As an example, such a URL might be "http://ca.domain.com/ca.crt". + type: array + items: + type: string ocspServers: description: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". type: array @@ -2994,7 +3169,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: "cert-manager" # Generated labels - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" spec: group: cert-manager.io names: @@ -3198,10 +3373,10 @@ spec: - subscriptionID properties: clientID: - description: if both this and ClientSecret are left unset MSI will be used + description: 'Auth: Azure Service Principal: The ClientID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientSecret and TenantID must also be set.' type: string clientSecretSecretRef: - description: if both this and ClientID are left unset MSI will be used + description: 'Auth: Azure Service Principal: A reference to a Secret containing the password associated with the Service Principal. If set, ClientID and TenantID must also be set.' type: object required: - name @@ -3224,14 +3399,14 @@ spec: description: name of the DNS zone that should be used type: string managedIdentity: - description: managed identity configuration, can not be used at the same time as clientID, clientSecretSecretRef or tenantID + description: 'Auth: Azure Workload Identity or Azure Managed Service Identity: Settings to enable Azure Workload Identity or Azure Managed Service Identity If set, ClientID, ClientSecret and TenantID must not be set.' type: object properties: clientID: description: client ID of the managed identity, can not be used at the same time as resourceID type: string resourceID: - description: resource ID of the managed identity, can not be used at the same time as clientID + description: resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity type: string resourceGroupName: description: resource group the DNS zone is located in @@ -3240,7 +3415,7 @@ spec: description: ID of the Azure subscription type: string tenantID: - description: when specifying ClientID and ClientSecret then this field is also needed + description: 'Auth: Azure Service Principal: The TenantID of the Azure Service Principal used to authenticate with Azure DNS. If set, ClientID and ClientSecret must also be set.' type: string cloudDNS: description: Use the Google Cloud DNS API to manage DNS01 challenge records. @@ -3446,13 +3621,13 @@ spec: maxLength: 253 minLength: 1 namespace: - description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" + description: "Namespace is the namespace of the referent. When unspecified, this refers to the local namespace of the Route. \n Note that there are specific rules for ParentRefs which cross namespace boundaries. Cross-namespace references are only valid if they are explicitly allowed by something in the namespace they are referring to. For example: Gateway has the AllowedRoutes field, and ReferenceGrant provides a generic way to enable any other kind of cross-namespace reference. \n ParentRefs from a Route to a Service in the same namespace are \"producer\" routes, which apply default routing rules to inbound connections from any namespace to the Service. \n ParentRefs from a Route to a Service in a different namespace are \"consumer\" routes, and these routing rules are only applied to outbound connections originating from the same namespace as the Route, for which the intended destination of the connections are a Service targeted as a ParentRef of the Route. \n Support: Core" type: string maxLength: 63 minLength: 1 pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ port: - description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " + description: "Port is the network port this Route targets. It can be interpreted differently based on the type of parent resource. \n When the parent resource is a Gateway, this targets all listeners listening on the specified port that also support this kind of Route(and select this Route). It's not recommended to set `Port` unless the networking behaviors specified in a Route must apply to a specific port as opposed to a listener(s) whose port(s) may be changed. When both Port and SectionName are specified, the name and port of the selected listener must match both specified values. \n When the parent resource is a Service, this targets a specific port in the Service spec. When both Port (experimental) and SectionName are specified, the name and port of the selected port must match both specified values. \n Implementations MAY choose to support other parent resources. Implementations supporting other types of parent resources MUST clearly document how/if Port is interpreted. \n For the purpose of status, an attachment is considered successful as long as the parent resource accepts it partially. For example, Gateway listeners can restrict which Routes can attach to them by Route kind, namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from the referencing Route, the Route MUST be considered successfully attached. If no Gateway listeners accept attachment from this Route, the Route MUST be considered detached from the Gateway. \n Support: Extended \n " type: integer format: int32 maximum: 65535 @@ -3666,7 +3841,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -3696,6 +3871,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -3749,7 +3936,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -3779,6 +3966,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -3839,7 +4038,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -3869,6 +4068,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -3922,7 +4133,7 @@ spec: - topologyKey properties: labelSelector: - description: A label query over a set of resources, in this case pods. + description: A label query over a set of resources, in this case pods. If it's null, this PodAffinityTerm matches with no Pods. type: object properties: matchExpressions: @@ -3952,6 +4163,18 @@ spec: additionalProperties: type: string x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. Also, MatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic + mismatchLabelKeys: + description: MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. + type: array + items: + type: string + x-kubernetes-list-type: atomic namespaceSelector: description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. type: object @@ -4069,6 +4292,11 @@ spec: type: array items: type: string + issuingCertificateURLs: + description: IssuingCertificateURLs is a list of URLs which this issuer should embed into certificates it creates. See https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1 for more details. As an example, such a URL might be "http://ca.domain.com/ca.crt". + type: array + items: + type: string ocspServers: description: The OCSP server list is an X.509 v3 extension that defines a list of URLs of OCSP responders. The OCSP responders can be queried for the revocation status of an issued certificate. If not set, the certificate will be issued with no OCSP servers set. For example, an OCSP server URL could be "http://ocsp.int-x3.letsencrypt.org". type: array @@ -4314,7 +4542,7 @@ metadata: app.kubernetes.io/name: 'cert-manager' app.kubernetes.io/instance: 'cert-manager' # Generated labels - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" spec: group: acme.cert-manager.io names: @@ -4498,7 +4726,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" --- # Source: cert-manager/templates/serviceaccount.yaml apiVersion: v1 @@ -4512,7 +4740,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" --- # Source: cert-manager/templates/webhook-serviceaccount.yaml apiVersion: v1 @@ -4526,35 +4754,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.13.2" ---- -# Source: cert-manager/templates/controller-config.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: cert-manager - namespace: cert-manager - labels: - app: cert-manager - app.kubernetes.io/name: cert-manager - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" -data: ---- -# Source: cert-manager/templates/webhook-config.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: cert-manager-webhook - namespace: cert-manager - labels: - app: webhook - app.kubernetes.io/name: webhook - app.kubernetes.io/instance: cert-manager - app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.13.2" -data: + app.kubernetes.io/version: "v1.14.2" --- # Source: cert-manager/templates/cainjector-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -4566,7 +4766,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rules: - apiGroups: ["cert-manager.io"] resources: ["certificates"] @@ -4598,7 +4798,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rules: - apiGroups: ["cert-manager.io"] resources: ["issuers", "issuers/status"] @@ -4624,7 +4824,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rules: - apiGroups: ["cert-manager.io"] resources: ["clusterissuers", "clusterissuers/status"] @@ -4650,7 +4850,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rules: - apiGroups: ["cert-manager.io"] resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"] @@ -4685,7 +4885,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rules: - apiGroups: ["acme.cert-manager.io"] resources: ["orders", "orders/status"] @@ -4723,7 +4923,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rules: # Use to update challenge resource status - apiGroups: ["acme.cert-manager.io"] @@ -4783,7 +4983,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rules: - apiGroups: ["cert-manager.io"] resources: ["certificates", "certificaterequests"] @@ -4820,7 +5020,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rbac.authorization.k8s.io/aggregate-to-cluster-reader: "true" rules: - apiGroups: ["cert-manager.io"] @@ -4837,7 +5037,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -4860,7 +5060,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: @@ -4885,7 +5085,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] @@ -4905,7 +5105,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rules: - apiGroups: ["certificates.k8s.io"] resources: ["certificatesigningrequests"] @@ -4931,7 +5131,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rules: - apiGroups: ["authorization.k8s.io"] resources: ["subjectaccessreviews"] @@ -4947,7 +5147,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4967,7 +5167,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -4987,7 +5187,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5007,7 +5207,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5027,7 +5227,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5047,7 +5247,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5067,7 +5267,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5087,7 +5287,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5107,7 +5307,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cert-manager" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5127,7 +5327,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -5150,7 +5350,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rules: # Used for leader election by the controller # cert-manager-cainjector-leader-election is used by the CertificateBased injector controller @@ -5176,7 +5376,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rules: - apiGroups: ["coordination.k8s.io"] resources: ["leases"] @@ -5197,7 +5397,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" rules: - apiGroups: [""] resources: ["secrets"] @@ -5222,7 +5422,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -5245,7 +5445,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -5267,7 +5467,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -5289,7 +5489,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" spec: type: ClusterIP ports: @@ -5313,7 +5513,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" spec: type: ClusterIP ports: @@ -5337,7 +5537,7 @@ metadata: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" spec: replicas: 1 selector: @@ -5352,7 +5552,7 @@ spec: app.kubernetes.io/name: cainjector app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "cainjector" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" spec: serviceAccountName: cert-manager-cainjector enableServiceLinks: false @@ -5362,7 +5562,7 @@ spec: type: RuntimeDefault containers: - name: cert-manager-cainjector - image: "quay.io/jetstack/cert-manager-cainjector:v1.13.2" + image: "quay.io/jetstack/cert-manager-cainjector:v1.14.2" imagePullPolicy: IfNotPresent args: - --v=2 @@ -5377,6 +5577,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true nodeSelector: kubernetes.io/os: linux --- @@ -5391,7 +5592,7 @@ metadata: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" spec: replicas: 1 selector: @@ -5406,7 +5607,7 @@ spec: app.kubernetes.io/name: cert-manager app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "controller" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" annotations: prometheus.io/path: "/metrics" prometheus.io/scrape: 'true' @@ -5420,13 +5621,13 @@ spec: type: RuntimeDefault containers: - name: cert-manager-controller - image: "quay.io/jetstack/cert-manager-controller:v1.13.2" + image: "quay.io/jetstack/cert-manager-controller:v1.14.2" imagePullPolicy: IfNotPresent args: - --v=2 - --cluster-resource-namespace=$(POD_NAMESPACE) - --leader-election-namespace=kube-system - - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.13.2 + - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.14.2 - --max-concurrent-challenges=60 ports: - containerPort: 9402 @@ -5440,11 +5641,25 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace + # LivenessProbe settings are based on those used for the Kubernetes + # controller-manager. See: + # https://github.com/kubernetes/kubernetes/blob/806b30170c61a38fedd54cc9ede4cd6275a1ad3b/cmd/kubeadm/app/util/staticpod/utils.go#L241-L245 + livenessProbe: + httpGet: + port: http-healthz + path: /livez + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 8 nodeSelector: kubernetes.io/os: linux --- @@ -5459,7 +5674,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" spec: replicas: 1 selector: @@ -5474,7 +5689,7 @@ spec: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" spec: serviceAccountName: cert-manager-webhook enableServiceLinks: false @@ -5484,7 +5699,7 @@ spec: type: RuntimeDefault containers: - name: cert-manager-webhook - image: "quay.io/jetstack/cert-manager-webhook:v1.13.2" + image: "quay.io/jetstack/cert-manager-webhook:v1.14.2" imagePullPolicy: IfNotPresent args: - --v=2 @@ -5527,6 +5742,7 @@ spec: capabilities: drop: - ALL + readOnlyRootFilesystem: true env: - name: POD_NAMESPACE valueFrom: @@ -5545,7 +5761,7 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" annotations: cert-manager.io/inject-ca-from-secret: "cert-manager/cert-manager-webhook-ca" webhooks: @@ -5553,20 +5769,18 @@ webhooks: rules: - apiGroups: - "cert-manager.io" - - "acme.cert-manager.io" apiVersions: - "v1" operations: - CREATE - - UPDATE resources: - - "*/*" + - "certificaterequests" admissionReviewVersions: ["v1"] # This webhook only accepts v1 cert-manager resources. # Equivalent matchPolicy ensures that non-v1 resource requests are sent to # this webhook (after the resources have been converted to v1). matchPolicy: Equivalent - timeoutSeconds: 10 + timeoutSeconds: 30 failurePolicy: Fail # Only include 'sideEffects' field in Kubernetes 1.12+ sideEffects: None @@ -5586,15 +5800,15 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/instance: cert-manager app.kubernetes.io/component: "webhook" - app.kubernetes.io/version: "v1.13.2" + app.kubernetes.io/version: "v1.14.2" annotations: cert-manager.io/inject-ca-from-secret: "cert-manager/cert-manager-webhook-ca" webhooks: - name: webhook.cert-manager.io namespaceSelector: matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" + - key: cert-manager.io/disable-validation + operator: NotIn values: - "true" rules: @@ -5613,7 +5827,7 @@ webhooks: # Equivalent matchPolicy ensures that non-v1 resource requests are sent to # this webhook (after the resources have been converted to v1). matchPolicy: Equivalent - timeoutSeconds: 10 + timeoutSeconds: 30 failurePolicy: Fail sideEffects: None clientConfig: