chore(deps): bump civic-cloud to v1.8.1 (cert-manager 1.20.2)#144
Merged
Conversation
civic-cloud v1.8.0 pulls in cluster-template v1.4.0, which bumps cert-manager from 1.13.3 to 1.20.2. The upgrade unlocks Gateway API ListenerSet support and is the foundation for the upcoming Envoy Gateway migration. Also overrides the stale upstream helm-values.yaml that cert-manager's source still ships at deploy/manifests/helm-values.yaml. That file references `ingressShim.resources` and `webhook.enabled` which the v1.20 chart schema rejects. The override keeps the still-valid bits (fullnameOverride, controller resources) so the existing Deployment name stays `cert-manager` (not `cert-manager-cert-manager`). Verified by projecting locally: - helm template renders cleanly (no schema errors) - Deployment/cert-manager image bumps quay.io/jetstack/cert-manager-controller:v1.10.1 → v1.20.2 - ACME solver image bumps v1.10.1 → v1.20.2 - CRDs grow substantially (new schema fields across 7 minor versions); server-side apply (already in cluster-template workflow) handles the 256KB annotation limit - All deployments preserve their existing names via fullnameOverride Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
themightychris
changed the title
7 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bumps civic-cloud from v1.7.8 → v1.8.1, which transitively pulls cluster-template v1.4.1 (cert-manager 1.13.3 → 1.20.2). The upgrade unlocks Gateway API ListenerSet support — foundation for the upcoming Envoy Gateway / Gateway API migration.
Commits
2b042e38— initial bump to v1.8.0 + workspace override of cert-manager's stalehelm-values.yamld4169d0e— bump to v1.8.1 (which has the upstream fix from fix(cert-manager): drop stale upstream helm-values.yaml mapping JarvusInnovations/cluster-template#57), drop workspace overrideThe intermediate workaround commit could be squashed if you prefer linear history. Either way the final tree is the same — verified by local projection: byte-identical output tree (
ee5450ef...) with or without the workaround once v1.8.1 is in.What changes in the deployed projection
vs. currently deployed
releases/k8s-manifests: 50 files changed, ~15.5k insertions / ~3k deletions — almost entirely the cert-manager 1.10.1 → 1.20.2 jump (CRD schema growth, image bumps, newRole/cert-manager-tokenrequest, newService/cert-manager-cainjector, obsoleteConfigMap/cert-manager{,-webhook}removed).Deployment names stay stable (
cert-manager/cert-manager-cainjector/cert-manager-webhook) viafullnameOverride— now inlined into cluster-template'sdefault-values.yamlupstream, so no per-cluster override needed.Test plan
Build k8s-manifestspasses (projection completes end-to-end)K8s: Deploy k8s-manifestsworkflow applies cleanly (server-side apply handles the bigger CRDs)Unblocks
After this, PR #131 (Envoy Gateway + ListenerSet) becomes actionable — cert-manager now has the API support it needs.
🤖 Generated with Claude Code