chore(deps): update helm release cert-manager to v1.16.0

[renovate]

This PR contains the following updates:

Package	Update	Change
cert-manager (source)	minor	v1.15.3 -> v1.16.0

---

Release Notes

cert-manager/cert-manager (cert-manager)

v1.16.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Helm Diff

Chart.yaml:

@@ -6,7 +6,7 @@
     fingerprint: 1020CF3C033D4F35BAE1C19E1226061C665DF13E
     url: https://cert-manager.io/public-keys/cert-manager-keyring-2021-09-20-1020CF3C033D4F35BAE1C19E1226061C665DF13E.gpg
 apiVersion: v2
-appVersion: v1.15.3
+appVersion: v1.16.0
 description: A Helm chart for cert-manager
 home: https://cert-manager.io
 icon: https://raw.githubusercontent.com/cert-manager/community/4d35a69437d21b76322157e6284be4cd64e6d2b7/logo/logo-small.png
@@ -23,4 +23,4 @@
 name: cert-manager
 sources:
 - https://github.com/cert-manager/cert-manager
-version: v1.15.3
+version: v1.16.0

Values.yaml:

@@ -166,6 +166,19 @@
 # This is helpful when installing cert manager as a chart dependency (sub chart).
 namespace: ""
 
+# Override the "cert-manager.fullname" value. This value is used as part of
+# most of the names of the resources created by this Helm chart.
+# +docs:property
+# fullnameOverride: "my-cert-manager"
+
+# Override the "cert-manager.name" value, which is used to annotate some of
+# the resources that are created by this Chart (using "app.kubernetes.io/name").
+# NOTE: There are some inconsistencies in the Helm chart when it comes to
+# these annotations (some resources use eg. "cainjector.name" which resolves
+# to the value "cainjector").
+# +docs:property
+# nameOverride: "my-cert-manager"
+
 serviceAccount:
   # Specifies whether a service account should be created.
   create: true
@@ -195,8 +208,10 @@
 
 # This property is used to configure options for the controller pod.
 # This allows setting options that would usually be provided using flags.
-# An APIVersion and Kind must be specified in your values.yaml file.
-# Flags will override options that are set here.
+#
+# If `apiVersion` and `kind` are unspecified they default to the current latest
+# version (currently `controller.config.cert-manager.io/v1alpha1`). You can pin
+# the version by specifying the `apiVersion` yourself.
 #
 # For example:
 #  config:
@@ -221,14 +236,14 @@
 #      StableCertificateRequestName: true
 #      UseCertificateRequestBasicConstraints: true
 #      ValidateCAA: true
+#    # Configure the metrics server for TLS
+#    # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls
 #    metricsTLSConfig:
 #      dynamic:
 #        secretNamespace: "cert-manager"
 #        secretName: "cert-manager-metrics-ca"
 #        dnsNames:
 #        - cert-manager-metrics
-#        - cert-manager-metrics.cert-manager
-#        - cert-manager-metrics.cert-manager.svc
 config: {}
 
 # Setting Nameservers for DNS01 Self Check.
@@ -261,7 +276,7 @@
 # Additional command line flags to pass to cert-manager controller binary.
 # To see all available flags run `docker run quay.io/jetstack/cert-manager-controller:<version> --help`.
 #
-# Use this flag to enable or disable arbitrary controllers. For example, to disable the CertificiateRequests approver.
+# Use this flag to enable or disable arbitrary controllers. For example, to disable the CertificateRequests approver.
 #
 # For example:
 #  extraArgs:
@@ -269,9 +284,11 @@
 extraArgs: []
 
 # Additional environment variables to pass to cert-manager controller binary.
+# For example:
+#  extraEnv:
+#  - name: SOME_VAR
+#    value: 'some value'
 extraEnv: []
-# - name: SOME_VAR
-#   value: 'some value'
 
 # Resources to provide to the cert-manager controller pod.
 #
@@ -467,18 +484,25 @@
 # +docs:section=Prometheus
 
 prometheus:
-  # Enable Prometheus monitoring for the cert-manager controller to use with the
-  # Prometheus Operator. If this option is enabled without enabling `prometheus.servicemonitor.enabled` or
-  # `prometheus.podmonitor.enabled`, 'prometheus.io' annotations are added to the cert-manager Deployment
-  # resources. Additionally, a service is created which can be used together
-  # with your own ServiceMonitor (managed outside of this Helm chart).
-  # Otherwise, a ServiceMonitor/ PodMonitor is created.
+  # Enable Prometheus monitoring for the cert-manager controller and webhook.
+  # If you use the Prometheus Operator, set prometheus.podmonitor.enabled or
+  # prometheus.servicemonitor.enabled, to create a PodMonitor or a
+  # ServiceMonitor resource.
+  # Otherwise, 'prometheus.io' annotations are added to the cert-manager and
+  # cert-manager-webhook Deployments.
+  # Note that you can not enable both PodMonitor and ServiceMonitor as they are
+  # mutually exclusive. Enabling both will result in an error.
   enabled: true
 
   servicemonitor:
     # Create a ServiceMonitor to add cert-manager to Prometheus.
     enabled: false
 
+    # The namespace that the service monitor should live in, defaults
+    # to the cert-manager namespace.
+    # +docs:property
+    # namespace: cert-manager
+
     # Specifies the `prometheus` label on the created ServiceMonitor. This is
     # used when different Prometheus instances have label selectors matching
     # different ServiceMonitors.
@@ -520,11 +544,16 @@
     # +docs:property
     endpointAdditionalProperties: {}
 
-  # Note that you can not enable both PodMonitor and ServiceMonitor as they are mutually exclusive. Enabling both will result in a error.
+  # Note that you can not enable both PodMonitor and ServiceMonitor as they are mutually exclusive. Enabling both will result in an error.
   podmonitor:
     # Create a PodMonitor to add cert-manager to Prometheus.
     enabled: false
 
+    # The namespace that the pod monitor should live in, defaults
+    # to the cert-manager namespace.
+    # +docs:property
+    # namespace: cert-manager
+
     # Specifies the `prometheus` label on the created PodMonitor. This is
     # used when different Prometheus instances have label selectors matching
     # different PodMonitors.
@@ -558,6 +587,15 @@
     #     sourceLabels:
     #     - __meta_kubernetes_pod_node_name
     #     targetLabel: instance
+    #   # Configure the PodMonitor for TLS connections
+    #   # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls
+    #   scheme: https
+    #   tlsConfig:
+    #     serverName: cert-manager-metrics
+    #     ca:
+    #       secret:
+    #         name: cert-manager-metrics-ca
+    #         key: "tls.crt"
     #
     # +docs:property
     endpointAdditionalProperties: {}
@@ -591,8 +629,10 @@
 
   # This is used to configure options for the webhook pod.
   # This allows setting options that would usually be provided using flags.
-  # An APIVersion and Kind must be specified in your values.yaml file.
-  # Flags override options that are set here.
+  #
+  # If `apiVersion` and `kind` are unspecified they default to the current latest
+  # version (currently `webhook.config.cert-manager.io/v1alpha1`). You can pin
+  # the version by specifying the `apiVersion` yourself.
   #
   # For example:
   #  apiVersion: webhook.config.cert-manager.io/v1alpha1
@@ -605,6 +645,14 @@
   #  # This should be uncommented and set as a default by the chart once
   #  # the apiVersion of WebhookConfiguration graduates beyond v1alpha1.
   #  securePort: 10250
+  #  # Configure the metrics server for TLS
+  #  # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls
+  #  metricsTLSConfig:
+  #    dynamic:
+  #      secretNamespace: "cert-manager"
+  #      secretName: "cert-manager-metrics-ca"
+  #      dnsNames:
+  #      - cert-manager-metrics
   config: {}
 
   # The update strategy for the cert-manager webhook deployment.
@@ -706,6 +754,13 @@
   # Path to a file containing a WebhookConfiguration object used to configure the webhook.
   # - --config=<path-to-config-file>
 
+  # Additional environment variables to pass to cert-manager webhook binary.
+  # For example:
+  #  extraEnv:
+  #  - name: SOME_VAR
+  #    value: 'some value'
+  extraEnv: []
+
   # Comma separated list of feature gates that should be enabled on the
   # webhook pod.
   featureGates: ""
@@ -942,8 +997,10 @@
 
   # This is used to configure options for the cainjector pod.
   # It allows setting options that are usually provided via flags.
-  # An APIVersion and Kind must be specified in your values.yaml file.
-  # Flags override options that are set here.
+  #
+  # If `apiVersion` and `kind` are unspecified they default to the current latest
+  # version (currently `cainjector.config.cert-manager.io/v1alpha1`). You can pin
+  # the version by specifying the `apiVersion` yourself.
   #
   # For example:
   #  apiVersion: cainjector.config.cert-manager.io/v1alpha1
@@ -953,6 +1010,14 @@
   #   format: text
   #  leaderElectionConfig:
   #   namespace: kube-system
+  #  # Configure the metrics server for TLS
+  #  # See https://cert-manager.io/docs/devops-tips/prometheus-metrics/#tls
+  #  metricsTLSConfig:
+  #    dynamic:
+  #      secretNamespace: "cert-manager"
+  #      secretName: "cert-manager-metrics-ca"
+  #      dnsNames:
+  #      - cert-manager-metrics
   config: {}
 
   # Deployment update strategy for the cert-manager cainjector deployment.
@@ -1013,12 +1078,23 @@
   # +docs:property
   # podAnnotations: {}
 
+  # Optional additional annotations to add to the cainjector metrics Service.
+  # +docs:property
+  # serviceAnnotations: {}
+
   # Additional command line flags to pass to cert-manager cainjector binary.
   # To see all available flags run `docker run quay.io/jetstack/cert-manager-cainjector:<version> --help`.
   extraArgs: []
   # Enable profiling for cainjector.
   # - --enable-profiling=true
 
+  # Additional environment variables to pass to cert-manager cainjector binary.
+  # For example:
+  #  extraEnv:
+  #  - name: SOME_VAR
+  #    value: 'some value'
+  extraEnv: []
+
   # Comma separated list of feature gates that should be enabled on the
   # cainjector pod.
   featureGates: ""
@@ -1084,6 +1160,9 @@
   # Optional additional labels to add to the CA Injector Pods.
   podLabels: {}
 
+  # Optional additional labels to add to the CA Injector metrics Service.
+  serviceLabels: {}
+
   image:
     # The container registry to pull the cainjector image from.
     # +docs:property
@@ -1222,6 +1301,13 @@
   extraArgs:
   - -v
 
+  # Additional environment variables to pass to cert-manager startupapicheck binary.
+  # For example:
+  #  extraEnv:
+  #  - name: SOME_VAR
+  #    value: 'some value'
+  extraEnv: []
+
   # Resources to provide to the cert-manager controller pod.
   #
   # For example:
@@ -1345,5 +1431,11 @@
 #     apiVersion: v1
 #     kind: ConfigMap
 #     metadata:
-#       name: '{{ template "cert-manager.name" . }}-extra-configmap'
+#       name: '{{ template "cert-manager.fullname" . }}-extra-configmap'
 extraObjects: []
+
+# Field used by our release pipeline to produce the static manifests.
+# The field defaults to "helm" but is set to "static" when we render
+# the static YAML manifests.
+# +docs:hidden
+creator: "helm"