[release-next] Freeze And Bump Versions for cert-manager v1.20.0#1998
Merged
cert-manager-prow[bot] merged 1 commit intorelease-nextfrom Mar 10, 2026
Merged
Conversation
cert-manager-prow
bot
added
dco-signoff: yes
maelvls
force-pushed
the
bump-versions-after-1.20-release
branch
from
0989537 to
ab4a120
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the website docs to reflect the v1.20.0 release by freezing v1.19 documentation, bumping version variables, and refreshing release/CLI docs.
Changes:
- Added a frozen
content/v1.19-docs/snapshot (tutorials, installation, configuration, concepts, etc.). - Updated site-wide versioning and release metadata for v1.20.0 (and added v1.21 to upcoming).
- Regenerated/updated release upgrade notes and CLI reference pages.
Reviewed changes
Copilot reviewed 95 out of 128 changed files in this pull request and generated 13 comments.
Show a summary per file
| File | Description |
|---|---|
| content/v1.19-docs/tutorials/acme/pomerium-ingress.md | Adds frozen v1.19 tutorial content for Pomerium ingress |
| content/v1.19-docs/tutorials/acme/migrating-from-kube-lego.md | Adds frozen v1.19 migration tutorial |
| content/v1.19-docs/tutorials/acme/http-validation.md | Adds frozen v1.19 HTTP01 validation tutorial |
| content/v1.19-docs/tutorials/acme/example/staging-issuer.yaml | Adds v1.19 tutorial example manifest |
| content/v1.19-docs/tutorials/acme/example/service.yaml | Adds v1.19 tutorial example manifest |
| content/v1.19-docs/tutorials/acme/example/production-issuer.yaml | Adds v1.19 tutorial example manifest |
| content/v1.19-docs/tutorials/acme/example/pomerium-values.yaml | Adds v1.19 tutorial example values file |
| content/v1.19-docs/tutorials/acme/example/pomerium-staging-issuer.yaml | Adds v1.19 tutorial example manifest |
| content/v1.19-docs/tutorials/acme/example/pomerium-production-issuer.yaml | Adds v1.19 tutorial example manifest |
| content/v1.19-docs/tutorials/acme/example/pomerium-certificates.yaml | Adds v1.19 tutorial example manifest |
| content/v1.19-docs/tutorials/acme/example/ingress.yaml | Adds v1.19 tutorial example ingress manifest |
| content/v1.19-docs/tutorials/acme/example/ingress-tls.yaml | Adds v1.19 tutorial example ingress manifest |
| content/v1.19-docs/tutorials/acme/example/ingress-tls-final.yaml | Adds v1.19 tutorial example ingress manifest |
| content/v1.19-docs/tutorials/acme/example/deployment.yaml | Adds v1.19 tutorial example deployment manifest |
| content/v1.19-docs/tutorials/acme/dns-validation.md | Adds frozen v1.19 DNS01 validation tutorial |
| content/v1.19-docs/tutorials/README.md | Adds frozen v1.19 tutorials index |
| content/v1.19-docs/trust/trust-manager/installation.md | Adds frozen v1.19 trust-manager installation docs |
| content/v1.19-docs/trust/README.md | Adds frozen v1.19 trust docs overview |
| content/v1.19-docs/troubleshooting/acme.md | Adds frozen v1.19 ACME troubleshooting guide |
| content/v1.19-docs/troubleshooting/README.md | Adds frozen v1.19 troubleshooting overview |
| content/v1.19-docs/reference/tls-terminology.md | Adds frozen v1.19 TLS terminology reference |
| content/v1.19-docs/reference/README.md | Adds frozen v1.19 reference index |
| content/v1.19-docs/policy/issuing.md | Adds frozen v1.19 issuing policy docs |
| content/v1.19-docs/policy/defaulting.md | Adds frozen v1.19 defaulting policy docs |
| content/v1.19-docs/policy/approval/approver-policy/installation.md | Adds frozen v1.19 approver-policy install docs |
| content/v1.19-docs/policy/approval/README.md | Adds frozen v1.19 approval policy docs |
| content/v1.19-docs/policy/README.md | Adds frozen v1.19 policy index |
| content/v1.19-docs/installation/upgrade.md | Adds frozen v1.19 upgrade docs |
| content/v1.19-docs/installation/uninstall.md | Adds frozen v1.19 uninstall docs |
| content/v1.19-docs/installation/reinstall.md | Adds frozen v1.19 reinstall docs |
| content/v1.19-docs/installation/kubectl.md | Adds frozen v1.19 kubectl install docs |
| content/v1.19-docs/installation/helm.md | Adds frozen v1.19 helm install docs |
| content/v1.19-docs/installation/continuous-deployment-and-gitops.md | Adds frozen v1.19 GitOps install docs |
| content/v1.19-docs/installation/configuring-components.md | Adds frozen v1.19 component configuration docs |
| content/v1.19-docs/installation/compatibility.md | Adds frozen v1.19 platform compatibility docs |
| content/v1.19-docs/installation/code-signing.md | Adds frozen v1.19 signature verification docs |
| content/v1.19-docs/installation/README.md | Adds frozen v1.19 installation index |
| content/v1.19-docs/getting-started/README.md | Adds frozen v1.19 getting started page |
| content/v1.19-docs/faq/README.md | Adds frozen v1.19 FAQ |
| content/v1.19-docs/devops-tips/syncing-secrets-across-namespaces.md | Adds frozen v1.19 devops tips |
| content/v1.19-docs/devops-tips/scaling-cert-manager.md | Adds frozen v1.19 scaling guidance |
| content/v1.19-docs/devops-tips/prometheus-metrics.md | Adds frozen v1.19 metrics docs |
| content/v1.19-docs/devops-tips/backup.md | Adds frozen v1.19 backup/restore docs |
| content/v1.19-docs/configuration/selfsigned.md | Adds frozen v1.19 SelfSigned issuer docs |
| content/v1.19-docs/configuration/acme/http01/externalloadbalancer.md | Adds frozen v1.19 HTTP01 external LB doc |
| content/v1.19-docs/configuration/acme/dns01/webhook.md | Adds frozen v1.19 DNS01 webhook solver doc |
| content/v1.19-docs/configuration/acme/dns01/rfc2136.md | Adds frozen v1.19 RFC2136 DNS01 doc |
| content/v1.19-docs/configuration/acme/dns01/google.md | Adds frozen v1.19 Google CloudDNS doc |
| content/v1.19-docs/configuration/acme/dns01/digitalocean.md | Adds frozen v1.19 DigitalOcean DNS doc |
| content/v1.19-docs/configuration/acme/dns01/cloudflare.md | Adds frozen v1.19 Cloudflare DNS doc |
| content/v1.19-docs/configuration/acme/dns01/akamai.md | Adds frozen v1.19 Akamai DNS doc |
| content/v1.19-docs/configuration/acme/dns01/acme-dns.md | Adds frozen v1.19 acme-dns provider doc |
| content/v1.19-docs/configuration/acme/dns01/README.md | Adds frozen v1.19 DNS01 overview doc |
| content/v1.19-docs/configuration/README.md | Adds frozen v1.19 configuration index |
| content/v1.19-docs/concepts/webhook.md | Adds frozen v1.19 webhook concept doc |
| content/v1.19-docs/concepts/issuer.md | Adds frozen v1.19 issuer concept doc |
| content/v1.19-docs/concepts/ca-injector.md | Adds frozen v1.19 cainjector concept doc |
| content/v1.19-docs/concepts/acme-orders-challenges.md | Adds frozen v1.19 ACME orders/challenges concept doc |
| content/v1.19-docs/concepts/README.md | Adds frozen v1.19 concepts index |
| content/v1.19-docs/cli/webhook.md | Adds frozen v1.19 CLI reference snapshot |
| content/v1.19-docs/cli/startupapicheck.md | Adds frozen v1.19 CLI reference snapshot |
| content/v1.19-docs/cli/controller.md | Adds frozen v1.19 CLI reference snapshot |
| content/v1.19-docs/cli/cmctl.md | Adds frozen v1.19 CLI reference snapshot |
| content/v1.19-docs/cli/cainjector.md | Adds frozen v1.19 CLI reference snapshot |
| content/v1.19-docs/cli/acmesolver.md | Adds frozen v1.19 CLI reference snapshot |
| content/v1.19-docs/cli/README.md | Adds frozen v1.19 CLI index |
| content/v1.19-docs/README.md | Adds frozen v1.19 docs root index |
| content/docs/variables.json | Bumps latest cert-manager version variable to v1.20.0 |
| content/docs/releases/upgrading/upgrading-1.19-1.20.md | Replaces placeholder with v1.19→v1.20 upgrade guidance |
| content/docs/releases/README.md | Updates supported/upcoming/EOL releases tables (1.20 current, 1.21 upcoming, 1.18 EOL) |
| content/docs/cli/webhook.md | Updates current CLI reference content |
| content/docs/cli/controller.md | Updates current CLI reference content |
Comments suppressed due to low confidence (1)
content/v1.19-docs/faq/README.md:1
- There are typos in identifiers: '
CertficateRequest' should be 'CertificateRequest', and 'cert-mananager' should be 'cert-manager'.
---
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -0,0 +1,169 @@ | |||
| --- | |||
| title: DNS Validation | |||
| description: 'cert-manager turorials: Issuing an ACME certificate using DNS validation' | |||
There was a problem hiding this comment.
Typo in the frontmatter description: 'turorials' should be 'tutorials'.
Suggested change
| description: 'cert-manager turorials: Issuing an ACME certificate using DNS validation' | |
| description: 'cert-manager tutorials: Issuing an ACME certificate using DNS validation' |
Comment on lines
+51
to
+59
| url: https://authenticate.example.com | ||
| identityProvider: | ||
| provider: ${YOUR_IdP} | ||
| secret: pomerium/idp | ||
| # certificates: | ||
| # - pomerium/pomerium-proxy-tls | ||
| ``` | ||
|
|
||
| Replace `${YOUR_IdP}` with your identity provider. Apply with `kubectl -f`. |
There was a problem hiding this comment.
The YAML example is invalid due to inconsistent indentation under authenticate and identityProvider (the child keys are over-indented). Also, the command text 'Apply with kubectl -f' is missing apply. Adjust indentation to make the YAML valid and update the command to kubectl apply -f ....
Suggested change
| url: https://authenticate.example.com | |
| identityProvider: | |
| provider: ${YOUR_IdP} | |
| secret: pomerium/idp | |
| # certificates: | |
| # - pomerium/pomerium-proxy-tls | |
| ``` | |
| Replace `${YOUR_IdP}` with your identity provider. Apply with `kubectl -f`. | |
| url: https://authenticate.example.com | |
| identityProvider: | |
| provider: ${YOUR_IdP} | |
| secret: pomerium/idp | |
| # certificates: | |
| # - pomerium/pomerium-proxy-tls | |
| ``` | |
| Replace `${YOUR_IdP}` with your identity provider. Apply with `kubectl apply -f ...`. |
Comment on lines
+51
to
+59
| url: https://authenticate.example.com | ||
| identityProvider: | ||
| provider: ${YOUR_IdP} | ||
| secret: pomerium/idp | ||
| # certificates: | ||
| # - pomerium/pomerium-proxy-tls | ||
| ``` | ||
|
|
||
| Replace `${YOUR_IdP}` with your identity provider. Apply with `kubectl -f`. |
There was a problem hiding this comment.
The YAML example is invalid due to inconsistent indentation under authenticate and identityProvider (the child keys are over-indented). Also, the command text 'Apply with kubectl -f' is missing apply. Adjust indentation to make the YAML valid and update the command to kubectl apply -f ....
Suggested change
| url: https://authenticate.example.com | |
| identityProvider: | |
| provider: ${YOUR_IdP} | |
| secret: pomerium/idp | |
| # certificates: | |
| # - pomerium/pomerium-proxy-tls | |
| ``` | |
| Replace `${YOUR_IdP}` with your identity provider. Apply with `kubectl -f`. | |
| url: https://authenticate.example.com | |
| identityProvider: | |
| provider: ${YOUR_IdP} | |
| secret: pomerium/idp | |
| # certificates: | |
| # - pomerium/pomerium-proxy-tls | |
| ``` | |
| Replace `${YOUR_IdP}` with your identity provider. Apply with `kubectl apply -f ...`. |
Comment on lines
+5
to
+6
| annotations: {} | ||
| #cert-manager.io/issuer: "letsencrypt-staging" |
There was a problem hiding this comment.
This manifest is not valid YAML: annotations: {} cannot have nested keys/comments at a deeper indentation level. Use an empty map without the nested indentation, or define annotations: as a mapping and comment within it at the correct indentation.
Suggested change
| annotations: {} | |
| #cert-manager.io/issuer: "letsencrypt-staging" | |
| annotations: | |
| # cert-manager.io/issuer: "letsencrypt-staging" |
| Additionally, an issuer could also choose accept all requests and instead | ||
| override the non-conforming properties in the CSR. More generally, | ||
| the issuer is free to use any logic to map the properties in the X.509 Certificate Signing Request (CSR) | ||
| to the properties in the X.509 Certificate (see [Issuing Policy](../issuing.md). |
There was a problem hiding this comment.
The sentence ends with an unmatched parenthesis; the markdown link is missing a closing ) at the end of the sentence. Close the parenthetical to avoid broken formatting.
Suggested change
| to the properties in the X.509 Certificate (see [Issuing Policy](../issuing.md). | |
| to the properties in the X.509 Certificate (see [Issuing Policy](../issuing.md)). |
| One of the more important configuration options you might need to consider at install time is which "trust namespace" to use, | ||
| which can be set via the Helm value `app.trust.namespace`. | ||
|
|
||
| By default, the trust namespace is the only namespace where`Secret`s will be read. This restriction is in place |
There was a problem hiding this comment.
Missing spaces around inline code make the markdown harder to read: change 'theuseDefaultCAs' to 'the useDefaultCAs', and 'whereSecrets' to 'where Secrets'.
Comment on lines
+38
to
+44
| the ACME server. After negotiating with the ACME server, a the TXT RR that is | ||
| published on the domain validates that the domain is legitimately engaged with | ||
| the process of creating a certificate for it. In the bigger picture of DNS, this | ||
| means that an arbitrary actor (cert-manager, in this case) must be able to add | ||
| one of these KV mappings to the domain and delete it after the certificate has | ||
| been issued. `cert-manager` does not have a convenient physical characteristic | ||
| such as a DHCP allocation to validate it's requests. |
There was a problem hiding this comment.
There are a few grammar/wording issues: 'a the TXT RR' should be 'the TXT RR', 'it's requests' should be 'its requests', and 'name deployments' likely meant 'named deployments' (matching the earlier named references).
Suggested change
| the ACME server. After negotiating with the ACME server, a the TXT RR that is | |
| published on the domain validates that the domain is legitimately engaged with | |
| the process of creating a certificate for it. In the bigger picture of DNS, this | |
| means that an arbitrary actor (cert-manager, in this case) must be able to add | |
| one of these KV mappings to the domain and delete it after the certificate has | |
| been issued. `cert-manager` does not have a convenient physical characteristic | |
| such as a DHCP allocation to validate it's requests. | |
| the ACME server. After negotiating with the ACME server, the TXT RR that is | |
| published on the domain validates that the domain is legitimately engaged with | |
| the process of creating a certificate for it. In the bigger picture of DNS, this | |
| means that an arbitrary actor (cert-manager, in this case) must be able to add | |
| one of these KV mappings to the domain and delete it after the certificate has | |
| been issued. `cert-manager` does not have a convenient physical characteristic | |
| such as a DHCP allocation to validate its requests. |
Comment on lines
+43
to
+44
| been issued. `cert-manager` does not have a convenient physical characteristic | ||
| such as a DHCP allocation to validate it's requests. |
There was a problem hiding this comment.
There are a few grammar/wording issues: 'a the TXT RR' should be 'the TXT RR', 'it's requests' should be 'its requests', and 'name deployments' likely meant 'named deployments' (matching the earlier named references).
| - https://www.cyberciti.biz/faq/unix-linux-bind-named-configuring-tsig/ | ||
| - https://tomthorp.me/blog/using-tsig-enable-secure-zone-transfers-between-bind-9x-servers | ||
|
|
||
| More complex `name` deployments will not use text files, but rather may use LDAP |
There was a problem hiding this comment.
There are a few grammar/wording issues: 'a the TXT RR' should be 'the TXT RR', 'it's requests' should be 'its requests', and 'name deployments' likely meant 'named deployments' (matching the earlier named references).
| annotations: | ||
| cert-manager.io/issuer: letsencrypt-staging | ||
| tls: | ||
| secretName: authenticate.localhost.pomerium.io-tls |
There was a problem hiding this comment.
Trailing whitespace in YAML can cause noisy diffs and some linters to fail. Remove the extra space at the end of the line.
Suggested change
| secretName: authenticate.localhost.pomerium.io-tls | |
| secretName: authenticate.localhost.pomerium.io-tls |
maelvls
force-pushed
the
bump-versions-after-1.20-release
branch
from
ab4a120 to
9343ee8
Compare
✅ Deploy Preview for cert-manager ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
maelvls
changed the title
maelvls
changed the title
maelvls
changed the title
This was referenced Mar 10, 2026
maelvls
force-pushed
the
bump-versions-after-1.20-release
branch
from
9343ee8 to
7d82e64
Compare
Signed-off-by: Maël Valais <mael@vls.dev>
maelvls
force-pushed
the
bump-versions-after-1.20-release
branch
from
7d82e64 to
bc39ce2
Compare
maelvls
added
approved
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
Member
Author
|
I've skipped the approval as I don't think it brings a lot of value to review this... I hope I'm not wrong. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is the "Prepare the Website Bump Versions" step from the cert-manager release process (step 5, for final + patch releases):
./scripts/freeze-docs 1.19content/docs/releases/README.md:scripts/gendocs/generate-new-import-path-docsfrom release-1.19 to release-1.20./scripts/gendocs/generateRelated: