Update Helm release cert-manager to v1.11.0 (#70)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cert-manager](https://github.com/cert-manager/cert-manager) | minor | `v1.10.1` -> `v1.11.0` |

---

### Release Notes

<details>
<summary>cert-manager/cert-manager</summary>

### [`v1.11.0`](https://github.com/cert-manager/cert-manager/releases/tag/v1.11.0)

[Compare Source](cert-manager/cert-manager@v1.10.2...v1.11.0)

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

`v1.11.0` includes a drastic reduction in cert-manager's runtime memory usage, a slew of improvements to AKS integrations and various other tweaks, fixes and improvements, all towards cert-manager's goal of being the best way to handle certificates in modern Cloud Native applications.

#### Community

Thanks again to all open-source contributors with commits in this release, including:

-   [@&#8203;cmcga1125](https://github.com/cmcga1125)
-   [@&#8203;karlschriek](https://github.com/karlschriek)
-   [@&#8203;lvyanru8200](https://github.com/lvyanru8200)
-   [@&#8203;mmontes11](https://github.com/mmontes11)
-   [@&#8203;pinkfloydx33](https://github.com/pinkfloydx33)
-   [@&#8203;sathyanarays](https://github.com/sathyanarays)
-   [@&#8203;weisdd](https://github.com/weisdd)
-   [@&#8203;yann-soubeyrand](https://github.com/yann-soubeyrand)
-   [@&#8203;joycebrum](https://github.com/joycebrum)
-   [@&#8203;Git-Jiro](https://github.com/Git-Jiro)
-   [@&#8203;thib-mary](https://github.com/thib-mary)
-   [@&#8203;yk](https://github.com/yk)
-   [@&#8203;RomanenkoDenys](https://github.com/RomanenkoDenys)
-   [@&#8203;lucacome](https://github.com/lucacome)
-   [@&#8203;yanggangtony](https://github.com/yanggangtony)

Thanks also to the following cert-manager maintainers for their contributions during this release:

-   [@&#8203;wallrj](https://github.com/wallrj)
-   [@&#8203;irbekrm](https://github.com/irbekrm)
-   [@&#8203;maelvls](https://github.com/maelvls)
-   [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish)
-   [@&#8203;inteon](https://github.com/inteon)
-   [@&#8203;jakexks](https://github.com/jakexks)
-   [@&#8203;JoshVanL](https://github.com/JoshVanL)

Thanks also to the [CNCF](https://www.cncf.io/), which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the [PrivateCA Issuer](https://github.com/cert-manager/aws-privateca-issuer).

In addition, massive thanks to [Jetstack](https://www.jetstack.io/) (by [Venafi](https://www.venafi.com/)) for contributing developer time and resources towards the continued maintenance of cert-manager projects.

#### Changes since cert-manager `v1.10`

For an overview of new features, see the [v1.11 release notes](https://cert-manager.io/docs/release-notes/release-notes-1.11/)!

##### Feature

-   Helm: allow configuring the image used by ACME HTTP-01 solver ([#&#8203;5554](cert-manager/cert-manager#5554), [@&#8203;yann-soubeyrand](https://github.com/yann-soubeyrand))
-   Add the `--max-concurrent-challenges` controller flag to the helm chart ([#&#8203;5638](cert-manager/cert-manager#5638), [@&#8203;lvyanru8200](https://github.com/lvyanru8200))
-   Adds the ability to specify a custom CA bundle in Issuers when connecting to an ACME server ([#&#8203;5644](cert-manager/cert-manager#5644), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
-   Enable testing against Kubernetes 1.26 and test with Kubernetes 1.26 by default ([#&#8203;5646](cert-manager/cert-manager#5646), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
-   Experimental make targets for pushing images to an OCI registry using `ko` and redeploying cert-manager to the cluster referenced by your current KUBECONFIG context. ([#&#8203;5655](cert-manager/cert-manager#5655), [@&#8203;wallrj](https://github.com/wallrj))
-   Add ability to run acmesolver pods as root if desired. The default is still to run as non-root. ([#&#8203;5546](cert-manager/cert-manager#5546), [@&#8203;cmcga1125](https://github.com/cmcga1125))
-   Add support for DC and UID in `LiteralSubject` field, all mandatory OIDs are now supported for LDAP certificates (rfc4514). ([#&#8203;5587](cert-manager/cert-manager#5587), [@&#8203;SpectralHiss](https://github.com/SpectralHiss))
-   Add support for Workload Identity to AzureDNS resolver ([#&#8203;5570](cert-manager/cert-manager#5570), [@&#8203;weisdd](https://github.com/weisdd))
-   Breaking: updates the gateway API integration to use the more stable v1beta1 API version. Any users of the cert-manager `ExperimentalGatewayAPISupport` alpha feature must ensure that `v1beta` of Gateway API is installed in cluster. ([#&#8203;5583](cert-manager/cert-manager#5583), [@&#8203;lvyanru8200](https://github.com/lvyanru8200))
-   Certificate secrets get refreshed if the keystore format change ([#&#8203;5597](cert-manager/cert-manager#5597), [@&#8203;sathyanarays](https://github.com/sathyanarays))
-   Introducing UseCertificateRequestBasicConstraints feature flag to enable Basic Constraints in the Certificate Signing Request ([#&#8203;5552](cert-manager/cert-manager#5552), [@&#8203;sathyanarays](https://github.com/sathyanarays))
-   Return error when Gateway has a cross-namespace secret ref ([#&#8203;5613](cert-manager/cert-manager#5613), [@&#8203;mmontes11](https://github.com/mmontes11))
-   Signers fire an event on CertificateRequests which have not been approved yet. Used for informational purposes so users understand why a request is not progressing. ([#&#8203;5535](cert-manager/cert-manager#5535), [@&#8203;JoshVanL](https://github.com/JoshVanL))

##### Bug or Regression

-   Don't log errors relating to self-signed issuer checks for external issuers ([#&#8203;5681](cert-manager/cert-manager#5681), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
-   Fixed a bug in AzureDNS resolver that led to early reconciliations in misconfigured Workload Identity-enabled setups (when Federated Identity Credential is not linked with a controller's k8s service account) ([#&#8203;5663](cert-manager/cert-manager#5663), [@&#8203;weisdd](https://github.com/weisdd))
-   Use manually specified temporary directory template when verifying CRDs ([#&#8203;5680](cert-manager/cert-manager#5680), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
-   `vcert` was upgraded to `v4.23.0`, fixing two bugs in cert-manager. The first bug was preventing the Venafi issuer from renewing certificates when using TPP has been fixed. You should no longer see your certificates getting stuck with `WebSDK CertRequest Module Requested Certificate` or `This certificate cannot be processed while it is in an error state. Fix any errors, and then click Retry.`. The second bug that was fixed prevented the use of `algorithm: Ed25519` in Certificate resources with VaaS. ([#&#8203;5674](cert-manager/cert-manager#5674), [@&#8203;maelvls](https://github.com/maelvls))
-   Upgrade `golang/x/net` to fix CVE-2022-41717 ([#&#8203;5632](cert-manager/cert-manager#5632), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
-   Bug fix: When using feature gates with the helm chart, enable feature gate flags on webhook as well as controller ([#&#8203;5584](cert-manager/cert-manager#5584), [@&#8203;lvyanru8200](https://github.com/lvyanru8200))
-   Fix `golang.org/x/text` vulnerability ([#&#8203;5562](cert-manager/cert-manager#5562), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
-   Fixes a bug that caused the Vault issuer to omit the Vault namespace in requests to the Vault API. ([#&#8203;5591](cert-manager/cert-manager#5591), [@&#8203;wallrj](https://github.com/wallrj))
-   The Venafi Issuer now supports TLS 1.2 renegotiation, so that it can connect to TPP servers where the vedauth API endpoints are configured to *accept* client certificates. (Note: This does not mean that the Venafi Issuer supports client certificate authentication). ([#&#8203;5568](cert-manager/cert-manager#5568), [@&#8203;wallrj](https://github.com/wallrj))
-   Upgrade to go 1.19.4 to fix CVE-2022-41717 ([#&#8203;5619](cert-manager/cert-manager#5619), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
-   Upgrade to latest go minor release ([#&#8203;5559](cert-manager/cert-manager#5559), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
-   Ensure `extraArgs` in Helm takes precedence over the new acmesolver image options ([#&#8203;5702](cert-manager/cert-manager#5702), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
-   Fix cainjector's --namespace flag. Users who want to prevent cainjector from reading all Secrets and Certificates in all namespaces (i.e to prevent excessive memory consumption) can now scope it to a single namespace using the --namespace flag. A cainjector that is only used as part of cert-manager installation only needs access to the cert-manager installation namespace. ([#&#8203;5694](cert-manager/cert-manager#5694), [@&#8203;irbekrm](https://github.com/irbekrm))
-   Fixes a bug where cert-manager controller was caching all Secrets twice ([#&#8203;5691](cert-manager/cert-manager#5691), [@&#8203;irbekrm](https://github.com/irbekrm))

##### Other

-   `certificate.spec.secretName` Secrets will now be labelled with the `controller.cert-manager.io/fao` label ([#&#8203;5703](cert-manager/cert-manager#5703), [@&#8203;irbekrm](https://github.com/irbekrm))
-   Upgrade to go 1.19.5 ([#&#8203;5714](cert-manager/cert-manager#5714), [@&#8203;yanggangtony](https://github.com/yanggangtony))

##### Known issues

-   There is a bug in conformance tests for external DNS webhook implementations that was introduced in this release, see cert-manager/cert-manager#5725
    If you are importing cert-manager as a library to run conformance tests against your DNS webhook solver implementation, please make sure that you import a version with a fix, see cert-manager/cert-manager#5725 (comment)

### [`v1.10.2`](https://github.com/cert-manager/cert-manager/releases/tag/v1.10.2)

[Compare Source](cert-manager/cert-manager@v1.10.1...v1.10.2)

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

v1.10.2 is primarily a performance enhancement release which might reduce memory consumption by up to 50% in some cases thanks to some brilliant work by [@&#8203;irbekrm](https://github.com/irbekrm)! 🎉

It also patches several vulnerabilities reported by scanners and updates the base images used for cert-manager containers. In addition, it removes a potentially confusing log line which had been introduced in v1.10.0 which implied that an error had occurred when using external issuers even though there'd been no error.

#### Changes since `v1.10.1`

##### Feature

-   Enable support for Kubernetes 1.26 in tests ([#&#8203;5647](cert-manager/cert-manager#5647), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))

##### Bug or Regression

-   Fixes a bug where the cert-manager controller was caching all Secrets twice ([#&#8203;5704](cert-manager/cert-manager#5704), [@&#8203;irbekrm](https://github.com/irbekrm))
-   Bump helm version to fix CVE-2022-23525 ([#&#8203;5676](cert-manager/cert-manager#5676), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
-   Don't log errors relating to selfsigned issuer checks for external issuers ([#&#8203;5687](cert-manager/cert-manager#5687), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
-   Fix `golang.org/x/text` vulnerability ([#&#8203;5592](cert-manager/cert-manager#5592), [@&#8203;SgtCoDfish](https://github.com/SgtCoDfish))
-   Upgrade golang/x/net to fix CVE-2022-41717 ([#&#8203;5635](cert-manager/cert-manager#5635), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))
-   Upgrade to go 1.19.4 to fix CVE-2022-41717 ([#&#8203;5620](cert-manager/cert-manager#5620), [@&#8203;SgtCoDfish](https://github.com/SgtCoDfish))
-   Use manually specified tmpdir template when verifying CRDs ([#&#8203;5682](cert-manager/cert-manager#5682), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))

##### Other (Cleanup or Flake)

-   Bump distroless base images to latest versions ([#&#8203;5677](cert-manager/cert-manager#5677), [@&#8203;SgtCoDFish](https://github.com/SgtCoDFish))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xMDEuMCIsInVwZGF0ZWRJblZlciI6IjM0LjEwMS4wIn0=-->

Co-authored-by: Michael Wittig <michael.wittig@posteo.de>
Co-authored-by: drone <pipeline@drone.os.sh4ke.rocks>
Reviewed-on: https://gitea.sh4ke.rocks/sh4ke/k8s-projects/pulls/70

cert-manager/Chart.yaml

@@ -15,14 +15,14 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.0.1
+version: 1.1.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "v1.9.1"
+appVersion: "v1.11.1"
 
 dependencies:
 - name: cert-manager
-  version: v1.10.1
+  version: v1.11.0
   repository: https://charts.jetstack.io