fix(helm): update chart cert-manager ( v1.16.2 → v1.16.3 )

[repo-jeeves]

This PR contains the following updates:

Package	Update	Change
cert-manager (source)	patch	v1.16.2 -> v1.16.3

---

Release Notes

cert-manager/cert-manager (cert-manager)

v1.16.3

Compare Source

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.16.3 is a patch release mainly focused around bumping dependencies to address reported CVEs: CVE-2024-45337 and CVE-2024-45338.

We don't believe that cert-manager is actually vulnerable; this release is instead intended to satisfy vulnerability scanners.

It also includes a bug fix to the new renewBeforePercentage field. If you were using renewBeforePercentage, see PR #​7421 for more information.

Changes

Bug

• Bump golang.org/x/net and golang.org/x/crypto to address CVE-2024-45337 and CVE-2024-45338 (#​7485, @​erikgb)
• Fix the behaviour of renewBeforePercentage to comply with its spec (#​7441, @​cert-manager-bot)

Other

• Bump go to 1.23.4 (#​7489, @​erikgb)
• Bump base images to latest available (#​7508, @​SgtCoDFish)

[repo-jeeves]

--- kubernetes/main/apps/cert-manager/cert-manager/app Kustomization: flux-system/cert-manager HelmRelease: cert-manager/cert-manager

+++ kubernetes/main/apps/cert-manager/cert-manager/app Kustomization: flux-system/cert-manager HelmRelease: cert-manager/cert-manager

@@ -14,13 +14,13 @@

       chart: cert-manager
       interval: 15m
       sourceRef:
         kind: HelmRepository
         name: jetstack-charts
         namespace: flux-system
-      version: v1.16.2
+      version: v1.16.3
   install:
     crds: CreateReplace
     remediation:
       retries: 3
   interval: 15m
   maxHistory: 3

[repo-jeeves]

--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-cainjector

@@ -31,13 +31,13 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-cainjector
-        image: quay.io/jetstack/cert-manager-cainjector:v1.16.2
+        image: quay.io/jetstack/cert-manager-cainjector:v1.16.3
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --leader-election-namespace=kube-system
         ports:
         - containerPort: 9402
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager

@@ -31,19 +31,19 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-controller
-        image: quay.io/jetstack/cert-manager-controller:v1.16.2
+        image: quay.io/jetstack/cert-manager-controller:v1.16.3
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --cluster-resource-namespace=$(POD_NAMESPACE)
         - --leader-election-namespace=kube-system
-        - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.16.2
+        - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.16.3
         - --max-concurrent-challenges=60
         - --dns01-recursive-nameservers-only=true
         - --dns01-recursive-nameservers=https://1.1.1.1:443/dns-query,https://1.0.0.1:443/dns-query
         ports:
         - containerPort: 9402
           name: http-metrics
--- HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook

+++ HelmRelease: cert-manager/cert-manager Deployment: cert-manager/cert-manager-webhook

@@ -31,13 +31,13 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-webhook
-        image: quay.io/jetstack/cert-manager-webhook:v1.16.2
+        image: quay.io/jetstack/cert-manager-webhook:v1.16.3
         imagePullPolicy: IfNotPresent
         args:
         - --v=2
         - --secure-port=10250
         - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)
         - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca
--- HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck

+++ HelmRelease: cert-manager/cert-manager Job: cert-manager/cert-manager-startupapicheck

@@ -31,13 +31,13 @@

       securityContext:
         runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cert-manager-startupapicheck
-        image: quay.io/jetstack/cert-manager-startupapicheck:v1.16.2
+        image: quay.io/jetstack/cert-manager-startupapicheck:v1.16.3
         imagePullPolicy: IfNotPresent
         args:
         - check
         - api
         - --wait=1m
         - -v

[repo-jeeves]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ COPYPASTE	jscpd	yes		no	1.05s
✅ REPOSITORY	git_diff	yes		no	0.06s
✅ REPOSITORY	secretlint	yes		no	3.01s
✅ YAML	prettier	1		0	0.4s
✅ YAML	yamllint	1		0	0.36s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by