Skip to content

fix(helm/cert-manager): update v1.20.0 ➼ v1.20.1#5210

Merged
JJGadgets merged 6 commits intomainfrom
renovate/cert-manager-1.20.x
Apr 2, 2026
Merged

fix(helm/cert-manager): update v1.20.0 ➼ v1.20.1#5210
JJGadgets merged 6 commits intomainfrom
renovate/cert-manager-1.20.x

Conversation

@tinfoild
Copy link
Copy Markdown
Contributor

@tinfoild tinfoild bot commented Mar 27, 2026
edited
Loading

This PR contains the following updates:

Package Update Change OpenSSF
cert-manager (source) patch v1.20.0v1.20.1 OpenSSF Scorecard

Release Notes

cert-manager/cert-manager (cert-manager)

v1.20.1

Compare Source

v1.20.1 fixes an issue for OpenShift users that has to do with the finalizer RBAC, bumps gRPC to address a reported non-affecting vulnerability, and fixes a duplicate parentRef bug when both issuer config and annotations are present (Gateway API).

Bug or Regression
  • Fixed duplicate parentRef bug when both issuer config and annotations are present. (#​8658, @​hjoshi123)
  • Add missing issuer finalizer RBAC to the order controller to support owner references. This was preventing OpenShift users from being able to upgrade to v1.20.0. (#​8655, @​erikgb)
  • Bump google.golang.org/grpc to fix vulnerability reported by scanners. This isn't a vulnerability that affects cert-manager, but we are bumping it because it is reported by scanners. (#​8657, @​erikgb)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages bot commented Mar 27, 2026
edited
Loading

Deploying jjgadgets-biohazard with  Cloudflare Pages  Cloudflare Pages

Latest commit: c51e288
Status: ✅  Deploy successful!
Preview URL: https://787358f9.jjgadgets-biohazard.pages.dev
Branch Preview URL: https://renovate-cert-manager-1-20-x.jjgadgets-biohazard.pages.dev

View logs

@tinfoild
Copy link
Copy Markdown
Contributor Author

tinfoild bot commented Mar 27, 2026

kube/helmrelease/out00

--- HelmRelease: cert-manager/cert-manager ClusterRole: cert-manager/cert-manager-controller-orders

+++ HelmRelease: cert-manager/cert-manager ClusterRole: cert-manager/cert-manager-controller-orders

@@ -47,12 +47,19 @@

   - acme.cert-manager.io
   resources:
   - orders/finalizers
   verbs:
   - update
 - apiGroups:
+  - cert-manager.io
+  resources:
+  - clusterissuers/finalizers
+  - issuers/finalizers
+  verbs:
+  - update
+- apiGroups:
   - ''
   resources:
   - secrets
   verbs:
   - get
   - list
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector

@@ -31,13 +31,13 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-cainjector
-        image: quay.io/jetstack/cert-manager-cainjector:v1.20.0
+        image: quay.io/jetstack/cert-manager-cainjector:v1.20.1
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --leader-election-namespace=kube-system
         ports:
         - containerPort: 9402
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager

@@ -31,19 +31,19 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-controller
-        image: quay.io/jetstack/cert-manager-controller:v1.20.0
+        image: quay.io/jetstack/cert-manager-controller:v1.20.1
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --cluster-resource-namespace=
         - --leader-election-namespace=kube-system
-        - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.20.0
+        - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.20.1
         - --dns01-recursive-nameservers="https://1.0.0.1:443/dns-query","https://security.cloudflare-dns.com/dns-query","https://1.1.1.2:443/dns-query","https://1.0.0.2:443/dns-query","https://family.cloudflare-dns.com/dns-query","https://1.1.1.3:443/dns-query","https://1.0.0.3:443/dns-query"
         - --dns01-recursive-nameservers-only
         - --feature-gates=AdditionalCertificateOutputFormats=true
         - --max-concurrent-challenges=60
         ports:
         - containerPort: 9402
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook

@@ -31,13 +31,13 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-webhook
-        image: quay.io/jetstack/cert-manager-webhook:v1.20.0
+        image: quay.io/jetstack/cert-manager-webhook:v1.20.1
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --secure-port=10250
         - --dynamic-serving-ca-secret-namespace=
         - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
--- HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck

+++ HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck

@@ -31,13 +31,13 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-startupapicheck
-        image: quay.io/jetstack/cert-manager-startupapicheck:v1.20.0
+        image: quay.io/jetstack/cert-manager-startupapicheck:v1.20.1
         imagePullPolicy: IfNotPresent
         args:
         - check
         - api
         - --wait=1m
         - -v

@JJGadgets JJGadgets enabled auto-merge (squash) April 2, 2026 14:09
@tinfoild
Copy link
Copy Markdown
Contributor Author

tinfoild bot commented Apr 2, 2026

kube/kustomization/out00

--- kube/deploy/core/tls/cert-manager/app Kustomization: flux-system/1-core-tls-cert-manager-app HelmRelease: cert-manager/cert-manager

+++ kube/deploy/core/tls/cert-manager/app Kustomization: flux-system/1-core-tls-cert-manager-app HelmRelease: cert-manager/cert-manager

@@ -13,13 +13,13 @@

     spec:
       chart: cert-manager
       sourceRef:
         kind: HelmRepository
         name: jetstack
         namespace: flux-system
-      version: v1.20.0
+      version: v1.20.1
   driftDetection:
     ignore:
     - paths:
       - /spec/replicas
     mode: warn
   install:

@JJGadgets JJGadgets merged commit 98a56b9 into main Apr 2, 2026
2 of 3 checks passed
@JJGadgets JJGadgets deleted the renovate/cert-manager-1.20.x branch April 2, 2026 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

kube/deploy/core renovate/datasource/helm renovate/type/patch

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JJGadgets