Skip to content

Deploy releases/k8s-manifests 51abac4#145

Merged
themightychris merged 3 commits into
deploys/k8s-manifestsfrom
releases/k8s-manifests
May 13, 2026
Merged

Deploy releases/k8s-manifests 51abac4#145
themightychris merged 3 commits into
deploys/k8s-manifestsfrom
releases/k8s-manifests

Conversation

@github-actions
Copy link
Copy Markdown

@github-actions github-actions Bot commented May 13, 2026

kubectl diff reports that applying 51abac4 will change:

diff too big; review locally

themightychris and others added 3 commits May 12, 2026 20:11
@themightychris @claude
chore(deps): bump civic-cloud to v1.8.0 (cert-manager 1.20.2)
2b042e3 
civic-cloud v1.8.0 pulls in cluster-template v1.4.0, which bumps
cert-manager from 1.13.3 to 1.20.2. The upgrade unlocks Gateway API
ListenerSet support and is the foundation for the upcoming Envoy
Gateway migration.

Also overrides the stale upstream helm-values.yaml that cert-manager's
source still ships at deploy/manifests/helm-values.yaml. That file
references `ingressShim.resources` and `webhook.enabled` which the
v1.20 chart schema rejects. The override keeps the still-valid bits
(fullnameOverride, controller resources) so the existing Deployment
name stays `cert-manager` (not `cert-manager-cert-manager`).

Verified by projecting locally:
- helm template renders cleanly (no schema errors)
- Deployment/cert-manager image bumps quay.io/jetstack/cert-manager-controller:v1.10.1 → v1.20.2
- ACME solver image bumps v1.10.1 → v1.20.2
- CRDs grow substantially (new schema fields across 7 minor versions);
  server-side apply (already in cluster-template workflow) handles the
  256KB annotation limit
- All deployments preserve their existing names via fullnameOverride

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@themightychris
Merge pull request #144 from CodeForPhilly/chore/civic-cloud-1.8.0
a4c6b5a 
chore(deps): bump civic-cloud to v1.8.0 (cert-manager 1.20.2)
@themightychris
☀ projected k8s-manifests-github from a4c6b5a
51abac4 
Source-holobranch: k8s-manifests-github
Source-commit: a4c6b5a
Source: a4c6b5a
@themightychris themightychris merged commit b03e8be into deploys/k8s-manifests May 13, 2026
1 check passed
@github-actions
Copy link
Copy Markdown
Author

github-actions Bot commented May 13, 2026

kubectl apply output (excluding unchanged) for b03e8be was:

customresourcedefinition.apiextensions.k8s.io/backups.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/clusterimagecatalogs.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/clusters.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/databases.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/failoverquorums.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/imagecatalogs.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/poolers.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/publications.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/scheduledbackups.postgresql.cnpg.io serverside-applied
customresourcedefinition.apiextensions.k8s.io/sealedsecrets.bitnami.com serverside-applied
customresourcedefinition.apiextensions.k8s.io/subscriptions.postgresql.cnpg.io serverside-applied
clusterrole.rbac.authorization.k8s.io/cert-manager-cainjector configured
clusterrole.rbac.authorization.k8s.io/cert-manager-cluster-view configured
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io configured
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificates configured
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests configured
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-challenges configured
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers configured
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim configured
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-issuers configured
clusterrole.rbac.authorization.k8s.io/cert-manager-controller-orders configured
clusterrole.rbac.authorization.k8s.io/cert-manager-edit configured
clusterrole.rbac.authorization.k8s.io/cert-manager-view configured
clusterrole.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews configured
clusterrole.rbac.authorization.k8s.io/grafana-clusterrole configured
clusterrole.rbac.authorization.k8s.io/prometheus-alertmanager configured
clusterrole.rbac.authorization.k8s.io/prometheus-pushgateway configured
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-cainjector configured
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-approve:cert-manager-io configured
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificates configured
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-certificatesigningrequests configured
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-challenges configured
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-clusterissuers configured
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-ingress-shim configured
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-issuers configured
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-controller-orders configured
clusterrolebinding.rbac.authorization.k8s.io/cert-manager-webhook:subjectaccessreviews configured
clusterrolebinding.rbac.authorization.k8s.io/sealed-secrets configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
mutatingwebhookconfiguration.admissionregistration.k8s.io/cnpg-mutating-webhook-configuration configured
validatingwebhookconfiguration.admissionregistration.k8s.io/cert-manager-webhook configured
validatingwebhookconfiguration.admissionregistration.k8s.io/cnpg-validating-webhook-configuration configured
validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission configured
deployment.apps/cert-manager-cainjector configured
deployment.apps/cert-manager-webhook configured
deployment.apps/cert-manager configured
role.rbac.authorization.k8s.io/cert-manager-tokenrequest created
role.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving configured
rolebinding.rbac.authorization.k8s.io/cert-manager-tokenrequest created
rolebinding.rbac.authorization.k8s.io/cert-manager-webhook:dynamic-serving configured
service/cert-manager-cainjector created
service/cert-manager-webhook configured
service/cert-manager configured
serviceaccount/cert-manager-cainjector configured
serviceaccount/cert-manager-webhook configured
serviceaccount/cert-manager configured
deployment.apps/choose-native-plants configured
cluster.postgresql.cnpg.io/shared-cluster configured
configmap/cnpg-controller-manager-config configured
statefulset.apps/data-warehouse-postgresql configured
configmap/grafana-dashboards-default configured
deployment.apps/grafana configured
deployment.apps/ingress-nginx-controller configured
deployment.apps/metrics-server configured
role.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection configured
role.rbac.authorization.k8s.io/cert-manager:leaderelection configured
rolebinding.rbac.authorization.k8s.io/cert-manager-cainjector:leaderelection configured
rolebinding.rbac.authorization.k8s.io/cert-manager:leaderelection configured
secret/promtail configured
statefulset.apps/loki configured
statefulset.apps/database configured
deployment.apps/prometheus-alertmanager configured
deployment.apps/prometheus-kube-state-metrics configured
deployment.apps/prometheus-pushgateway configured
deployment.apps/prometheus-server configured
serviceaccount/prometheus-kube-state-metrics configured
deployment.apps/sealed-secrets configured
rolebinding.rbac.authorization.k8s.io/sealed-secrets-key-admin configured
service/sealed-secrets configured
configmap "cert-manager-webhook" deleted from cert-manager namespace
configmap "cert-manager" deleted from cert-manager namespace

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@themightychris