Bump github.com/jetstack/cert-manager from 1.2.0 to 1.7.0

[dependabot]

Bumps github.com/jetstack/cert-manager from 1.2.0 to 1.7.0.

Release notes

Sourced from github.com/jetstack/cert-manager's releases.

v1.7.0

Breaking Changes (You MUST read this before you upgrade!)

Removal of Deprecated APIs

⚠ Following their deprecation in version 1.4, the cert-manager API versions v1alpha2, v1alpha3, and v1beta1 have been removed. You must ensure that all cert-manager custom resources are stored in etcd at version v1 and that all cert-manager CustomResourceDefinitions have only v1 as the stored version before upgrading.

Since release 1.7, cmctl can automatically migrate any deprecated API resources. Please download cmctl-v1.7.0 and read Migrating Deprecated API Resources for full instructions.

Ingress Class Semantics

In 1.7, we have reverted a change that caused a regression in the ACME Issuer. Before 1.5, the Ingress created by cert-manager while solving an HTTP-01 challenge contained the kubernetes.io/ingress.class annotation:

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: istio # The `class` present on the Issuer.

After 1.5, the Ingress does not contain the annotation anymore. Instead, cert-manager uses the ingressClassName field:

apiVersion: networking.k8s.io/v1
kind: Ingress
spec:
  ingressClassName: istio # 🔥 Breaking change!

This broke many users that either don't use an Ingress controller that supports the field (such as ingress-gce and Azure AGIC), as well as people who did not need to create an IngressClass previously (such as with Istio and Traefik).

The regression is present in cert-manager 1.5.0, 1.5.1, 1.5.2, 1.5.3, 1.5.4, 1.6.0, 1.6.1. It is only present on Kubernetes 1.19+ and only appears when using an Issuer or ClusterIssuer with an ACME HTTP-01 solver configured.

In 1.7, we have restored the original behavior which is to use the annotation. We will also backport this fix to 1.5.5 and 1.6.2, allowing people to upgrade safely.

Most people won't have any trouble upgrading from a version that contains the regression to 1.7.0, 1.6.2 or 1.5.5. If you are using Gloo, Contour, Skipper, or kube-ingress-aws-controller, you shouldn't have any issues. If you use the default "class" (e.g., istio for Istio) for Traefik, Istio, Ambassador, or ingress-nginx, then these should also continue to work without issue.

If you are using Traefik, Istio, Ambassador, or ingress-nginx and you are using a non-default value for the class (e.g., istio-internal), or if you experience any issues with your HTTP-01 challenges please read the notes on Ingress v1 compatibility.

... (truncated)

Commits

• 7898587 Merge pull request #4784 from jetstack-bot/cherry-pick-4779-to-release-1.7
• be19ca0 Removes duplicated service annotations from Helm chart
• 39e388e Merge pull request #4762 from jakexks/use-only-ingress-annotation
• fed2465 Merge pull request #4766 from wallrj/4765-gengo-output-base
• 56acb0f Merge pull request #4764 from wallrj/upgrade-containerd-again
• 65902d5 Always use the kubernetes.io/ingress.class annotation (#4537)
• 06ed2bd Merge pull request #4763 from wallrj/4739-cmctl-x-install-default-namespace
• 3679ee8 Apply suggestions from code review
• 35b9053 Specify and output-base directory for all the gengo tools
• f084967 bazel run //hack:update-deps
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #41.