From 071ac754773f5767c17d2987bd615712c047dde2 Mon Sep 17 00:00:00 2001 From: svcAPLBot <174728082+svcAPLBot@users.noreply.github.com> Date: Fri, 26 Jun 2026 01:27:06 +0000 Subject: [PATCH] chore(chart-deps): update cert-manager to version v1.20.3 --- apps.yaml | 2 +- chart/chart-index/Chart.yaml | 2 +- charts/cert-manager/Chart.yaml | 4 ++-- charts/cert-manager/README.md | 2 +- charts/cert-manager/templates/rbac.yaml | 18 ++++++++++++++++-- 5 files changed, 21 insertions(+), 7 deletions(-) diff --git a/apps.yaml b/apps.yaml index 4a46e31787..b2968d41a5 100644 --- a/apps.yaml +++ b/apps.yaml @@ -23,7 +23,7 @@ appsInfo: integration: Argo CD is configured by App Platform to use the SSO provided by keycloak, and maps App Platform groups to Argo CD roles. The otomi-admin role is made super admin within Argo CD. The team-admin role has access to Argo CD and is admin of all team projects. Members of team roles are only allowed to administer their own projects. All Teams will automatically get access to a Git repo, and Argo CD is configured to listen to this repo. All a team has to do is to fill their repo with intended state, commit, and automation takes care of the rest. cert-manager: title: Cert-manager - appVersion: 1.20.2 + appVersion: 1.20.3 repo: https://github.com/cert-manager/cert-manager maintainers: The Linux Foundation relatedLinks: diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index 070acce3e9..df73b6f499 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -12,7 +12,7 @@ dependencies: version: 1.1.5 repository: oci://ghcr.io/argoproj/argo-helm/argocd-image-updater - name: cert-manager - version: v1.20.2 + version: v1.20.3 repository: https://charts.jetstack.io - name: cloudnative-pg version: 0.28.3 diff --git a/charts/cert-manager/Chart.yaml b/charts/cert-manager/Chart.yaml index 3640c97ebf..b139024cf5 100644 --- a/charts/cert-manager/Chart.yaml +++ b/charts/cert-manager/Chart.yaml @@ -6,7 +6,7 @@ annotations: fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg apiVersion: v2 -appVersion: v1.20.2 +appVersion: v1.20.3 description: A Helm chart for cert-manager home: https://cert-manager.io icon: https://raw.githubusercontent.com/cert-manager/community/4d35a69437d21b76322157e6284be4cd64e6d2b7/logo/logo-small.png @@ -23,4 +23,4 @@ maintainers: name: cert-manager sources: - https://github.com/cert-manager/cert-manager -version: v1.20.2 +version: v1.20.3 diff --git a/charts/cert-manager/README.md b/charts/cert-manager/README.md index b7b8be1ee1..bba0bc8820 100644 --- a/charts/cert-manager/README.md +++ b/charts/cert-manager/README.md @@ -26,7 +26,7 @@ helm install \ cert-manager jetstack/cert-manager \ --namespace cert-manager \ --create-namespace \ - --version v1.20.2 \ + --version v1.20.3 \ --set crds.enabled=true ``` diff --git a/charts/cert-manager/templates/rbac.yaml b/charts/cert-manager/templates/rbac.yaml index 1f921a833f..e1a01b9e33 100644 --- a/charts/cert-manager/templates/rbac.yaml +++ b/charts/cert-manager/templates/rbac.yaml @@ -514,9 +514,23 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["certificates/status"] verbs: ["update"] + {{- /* + Challenge and Order resources are not intended to be created or + modified directly by users. + + Challenges: "create" is excluded. "patch" and "update" are retained + because spec is immutable after creation (ValidateChallengeUpdate) + and because users need them to remove stuck finalizers + (see cert-manager/cert-manager#3851, cert-manager/cert-manager#3870). + + Orders: "create", "patch", and "update" are excluded. + */}} - apiGroups: ["acme.cert-manager.io"] - resources: ["challenges", "orders"] - verbs: ["create", "delete", "deletecollection", "patch", "update"] + resources: ["challenges"] + verbs: ["delete", "deletecollection", "patch", "update"] + - apiGroups: ["acme.cert-manager.io"] + resources: ["orders"] + verbs: ["delete", "deletecollection"] ---