[release-next] (release 1.20) Version Bumps#2007
[release-next] (release 1.20) Version Bumps#2007cert-manager-prow[bot] merged 2 commits intocert-manager:release-nextfrom
Conversation
cert-manager-prow
bot
added
dco-signoff: yes
cert-manager-prow
bot
added
size/XL
✅ Deploy Preview for cert-manager ready!Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify project configuration. |
wallrj-cyberark
left a comment
wallrj-cyberark
left a comment
There was a problem hiding this comment.
Revert all the whitespace changes in the generate-... script.
The PR description gives the impression that this is mechanical change, but in fact you've fixed or improved something in one of the scripts too. Explain why.
I also don't understand why this PR depends on #2006
Please merge #2006 first.
...but that's a change to the master branch and this is a change to the release-next branch.
There was a problem hiding this comment.
Pull request overview
Part of the cert-manager website release process to update the site content for cert-manager v1.20, including regenerated API/CLI reference material and updated release support tables (per the release-next workflow).
Changes:
- Update the gendocs helper script to target the
release-1.20branch. - Update release/support tables to include 1.20 as released and adjust EOL/support metadata.
- Regenerate published reference docs (API docs + controller/webhook CLI reference output) for v1.20.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/gendocs/generate-new-import-path-docs | Switches docs generation target to release-1.20 and refactors version variables. |
| content/docs/releases/README.md | Updates the releases matrix for 1.20 and shifts 1.18 into the EOL’d list. |
| content/docs/reference/api-docs.md | Regenerated API reference docs with new/updated fields and descriptions. |
| content/docs/cli/webhook.md | Regenerated webhook CLI reference, including new client-verification flags. |
| content/docs/cli/controller.md | Regenerated controller CLI reference, including new sizing/backoff/listenerset flags. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
maelvls
changed the title
maelvls
changed the title
maelvls
changed the title
maelvls
changed the title
maelvls
force-pushed
the
bump-versions-to-1.20
branch
from
487f640 to
f9e9cb7
Compare
cert-manager-prow
bot
added
size/L
maelvls
force-pushed
the
bump-versions-to-1.20
branch
from
f9e9cb7 to
aeff39f
Compare
cert-manager-prow
bot
added
size/XL
|
|
||
| | Release | Release Date | End of Life | [Supported Kubernetes / OpenShift Versions][s] | [Tested Kubernetes Versions][test] | | ||
| |:--------:|:------------:|:---------------:|:----------------------------------------------:|:----------------------------------:| | ||
| | [1.20][] | Mar 10, 2026 | Release of 1.22 | 1.32 → 1.35 / 4.19 → 4.21 | 1.32 → 1.35 | |
There was a problem hiding this comment.
1.32 to 1.35 are the versions of Kubernetes we currently test at https://github.com/cert-manager/testing/blob/d7e8d653c9a24584e33df8cd214171fa77239154/config/prowgen/prowspecs/specs.go#L95-L96.
I guess I can add 1.31 and 4.18 to the "Supported Kubernetes versions" list...
There was a problem hiding this comment.
I'm not sure. It looks like OpenShift 4.18 is supported by RedHat until 25 Feb 2027, and it's based on Kubernetes 1.31.
Happy to leave it like this unless some OpenShift user complains.
Signed-off-by: Maël Valais <mael@vls.dev>
Signed-off-by: Maël Valais <mael@vls.dev>
maelvls
force-pushed
the
bump-versions-to-1.20
branch
from
aeff39f to
90cb77c
Compare
cert-manager-prow
bot
added
size/L
Done.
Thanks for pointing that out. I added a comment on that file to explain why I made that change.
That was wrong, I removed this mention. What I should have written is that "You must merge #2006 before merging release-next into master". PTAL @wallrj-cyberark |
| # For final releases such as v1.20.0, DOCS_FOLDER should be `docs` (or a | ||
| # versioned docs folder name such as `v1.20-docs`), and CM_BRANCH should be | ||
| # the release branch, e.g. `release-1.20`. | ||
| CM_BRANCH="release-1.20" | ||
| DOCS_FOLDER="docs" | ||
|
|
||
| genversionwithcli "$CM_BRANCH" "$DOCS_FOLDER" |
There was a problem hiding this comment.
The LATEST_VERSION made little sense to me. I've thus renamed it and also gave a name the second param.
This way, it is a little easier to explain what to do in the release process document.
| --acme-http01-solver-resource-request-memory string Defines the resource request Memory size when spawning new ACME HTTP01 challenge solver pods. (default "64Mi") | ||
| --acme-http01-solver-run-as-non-root Defines the ability to run the http01 solver as root for troubleshooting issues (default true) | ||
| --auto-certificate-annotations strings The annotation consumed by the ingress-shim controller to indicate an ingress is requesting a certificate (default [kubernetes.io/tls-acme]) | ||
| --certificate-request-minimum-backoff-duration duration Duration of the initial certificate request backoff when a certificate request fails. The backoff duration is exponentially increased based on consecutive failures, up to a maximum of 32 hours. (default 1h0m0s) |
| --dns01-recursive-nameservers-only When true, cert-manager will only ever query the configured DNS resolvers to perform the ACME DNS01 self check. This is useful in DNS constrained environments, where access to authoritative nameservers is restricted. Enabling this option could cause the DNS01 self check to take longer due to caching performed by the recursive nameservers. | ||
| --enable-certificate-owner-ref Whether to set the certificate resource as an owner of secret where the tls certificate is stored. When this flag is enabled, the secret will be automatically removed when the certificate resource is deleted. | ||
| --enable-gateway-api Whether gateway API integration is enabled within cert-manager. The ExperimentalGatewayAPISupport feature gate must also be enabled (default as of 1.15). | ||
| --enable-gateway-api-listenerset Whether ListenerSets support is enabled within cert-manager. The ListenerSet feature gate must also be enabled. |
| --master string Optional apiserver host address to connect to. If not specified, autoconfiguration will be attempted. | ||
| --max-certificate-bundle-size int Maximum size in bytes for PEM-encoded certificate bundles. (default 330000) | ||
| --max-certificate-chain-length int Maximum size in bytes for a PEM-encoded certificate chain. (default 95000) | ||
| --max-certificate-size int Maximum size in bytes for a single PEM-encoded certificate. Large certificates with many DNS names may need larger values. (default 36500) |
| --max-certificate-chain-length int Maximum size in bytes for a PEM-encoded certificate chain. (default 95000) | ||
| --max-certificate-size int Maximum size in bytes for a single PEM-encoded certificate. Large certificates with many DNS names may need larger values. (default 36500) | ||
| --max-concurrent-challenges int The maximum number of challenges that can be scheduled as 'processing' at once. (default 60) | ||
| --max-private-key-size int Maximum size in bytes for a single PEM-encoded private key. (default 13000) |
| Flags: | ||
| --api-server-host string Optional apiserver host address to connect to. If not specified, autoconfiguration will be attempted. | ||
| --client-ca-path string The client cert CA used to verify clients contacting webhooks. | ||
| --client-subject-names strings One or more client certificate subject names (CN or DNS SAN) that the apiserver may present when contacting the webhook. Should be a comma-separated list. |
| <tr> | ||
| <td> | ||
| <code>ingressShimConfig</code> | ||
| <code>ingressShimConfig,omitzero</code> |
There was a problem hiding this comment.
Is this because the API docs generator doesn't understand omitzero?
Is omitzero a standard Go feature? Or is it part of the GOEXPERIMENT=jsonv2 feature.
|
|
||
| | Release | Release Date | End of Life | [Supported Kubernetes / OpenShift Versions][s] | [Tested Kubernetes Versions][test] | | ||
| |:--------:|:------------:|:---------------:|:----------------------------------------------:|:----------------------------------:| | ||
| | [1.20][] | Mar 10, 2026 | Release of 1.22 | 1.32 → 1.35 / 4.19 → 4.21 | 1.32 → 1.35 | |
There was a problem hiding this comment.
I'm not sure. It looks like OpenShift 4.18 is supported by RedHat until 25 Feb 2027, and it's based on Kubernetes 1.31.
Happy to leave it like this unless some OpenShift user complains.
|
cc @wallrj |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: wallrj, wallrj-cyberark The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
cert-manager-prow
bot
added
the
approved
cert-manager-prow
bot
merged commit 1c95724
into
cert-manager:release-next
This is part of the "release 1.20" series of PRs, see Slack thread. Here is the series of PRs for this release:
What I've done
I've used an edited version of the instructions from https://cert-manager.io/docs/contributing/release-process/ (section "Prepare the "Bump Versions" PR.). Here is the edited version of the release process I used (I've opened #2008 with these updated instructions):