CLOUD-727: Bump github.com/cert-manager/cert-manager from 1.17.2 to 1.18.1

[dependabot]

Bumps github.com/cert-manager/cert-manager from 1.17.2 to 1.18.1.

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.18.1

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

We have added a new feature gate ACMEHTTP01IngressPathTypeExact, to allow ingress-nginx users to turn off the new default Ingress PathType: Exact behavior, in ACME HTTP01 Ingress challenge solvers. This change fixes the following issue: #7791

We have increased the ACME challenge authorization timeout to two minutes, which we hope will fix a timeout error (error waiting for authorization), which has been reported by multiple users, since the release of cert-manager v1.16.0. This change should fix the following issues: #7337, #7444, and #7685.

ℹ️ Be sure to review all new features and changes below, and read the full release notes carefully before upgrading.

Changes since v1.18.0:

Feature

• Added a new feature gate ACMEHTTP01IngressPathTypeExact, to allow ingress-nginx users to turn off the new default Ingress PathType: Exact behavior, in ACME HTTP01 Ingress challenge solvers. ([#7810](https://github.com/cert-manager/cert-manager/issues/7810), @​sspreitzer)

Bug or Regression

• ACME: Increased challenge authorization timeout to 2 minutes to fix error waiting for authorization. ([#7801](https://github.com/cert-manager/cert-manager/issues/7801), @​hjoshi123)

Other (Cleanup or Flake)

• Use the latest version of ingress-nginx in E2E tests to ensure compatibility ([#7807](https://github.com/cert-manager/cert-manager/issues/7807), @​wallrj)

v1.18.0

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

cert-manager 1.18 introduces several new features and breaking changes. Highlights include support for ACME certificate profiles, a new default for Certificate.Spec.PrivateKey.RotationPolicy now set to Always (breaking change), and the default Certificate.Spec.RevisionHistoryLimit now set to 1 (potentially breaking).

ℹ️ Be sure to review all new features and changes below, and read the full release notes carefully before upgrading.

Known Issues

• ACME HTTP01 challenge paths are rejected by the ingress-nginx validating webhook (#7791)

Changes since v1.17.2:

Feature

• Add config to the Vault issuer to allow the server-name to be specified when validating the certificates the Vault server presents. (#7663, @​ThatsMrTalbot)
• Added app.kubernetes.io/managed-by: cert-manager label to the created Let's Encrypt account keys (#7577, @​terinjokes)
• Added certificate issuance and expiration time metrics (certmanager_certificate_not_before_timestamp_seconds, certmanager_certificate_not_after_timestamp_seconds). (#7612, @​solidDoWant)
• Added ingress-shim option: --extra-certificate-annotations, which sets a list of annotation keys to be copied from Ingress-like to resulting Certificate object (#7083, @​k0da)
• Added the iss short name for the cert-manager Issuer resource. (#7373, @​SgtCoDFish)
• Added the ciss short name for the cert-manager ClusterIssuer resource (#7373, @​SgtCoDFish)
• Adds the global.rbac.disableHTTPChallengesRole helm value to disable HTTP-01 ACME challenges. This allows cert-manager to drop its permission to create pods, improving security when HTTP-01 challenges are not required. (#7666, @​ali-hamza-noor)
• Allow customizing signature algorithm (#7591, @​tareksha)
• Cache the full DNS response and handle TTL expiration in FindZoneByFqdn (#7596, @​ThatsIvan)
• Cert-manager now uses a local fork of the golang.org/x/crypto/acme package (#7752, @​wallrj)
• Add support for ACME profiles extension. (#7777, @​wallrj)

... (truncated)

Commits

• d5382c8 Merge pull request #7814 from cert-manager-bot/cherry-pick-7813-to-release-1.18
• c4e9ecf Change ACMEHTTP01IngressPathTypeExact feature to beta
• 379f43e Merge pull request #7811 from cert-manager-bot/cherry-pick-7809-to-release-1.18
• 9542d75 make generate
• aa0aedf Update feature gate documentation in the Helm chart
• f05762b Explain why we disable strict-validate-path in ingress-nginx
• ee3b742 Fix typo
• 80e4745 Merge pull request #7810 from cert-manager-bot/cherry-pick-7795-to-release-1.18
• d69c1fc feat(acme): Add default feature gate to set Ingress pathType to Exact
• a95f4e1 Merge pull request #7807 from cert-manager-bot/cherry-pick-7792-to-release-1.18
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

[JNKPercona]

Test name	Status
affinity-8-0	passed
auto-tuning-8-0	passed
cross-site-8-0	passed
custom-users-8-0	passed
demand-backup-cloud-8-0	failure
demand-backup-encrypted-with-tls-8-0	passed
demand-backup-8-0	failure
demand-backup-flow-control-8-0	failure
demand-backup-parallel-8-0	failure
demand-backup-without-passwords-8-0	failure
haproxy-5-7	passed
haproxy-8-0	passed
init-deploy-5-7	failure
init-deploy-8-0	failure
limits-8-0	passed
monitoring-2-0-8-0	passed
monitoring-pmm3-8-0	passed
one-pod-5-7	passed
one-pod-8-0	failure
pitr-8-0	failure
pitr-gap-errors-8-0	failure
proxy-protocol-8-0	passed
proxysql-sidecar-res-limits-8-0	passed
pvc-resize-5-7	passed
pvc-resize-8-0	passed
recreate-8-0	passed
restore-to-encrypted-cluster-8-0	passed
scaling-proxysql-8-0	passed
scaling-8-0	passed
scheduled-backup-5-7	passed
scheduled-backup-8-0	passed
security-context-8-0	passed
smart-update1-8-0	passed
smart-update2-8-0	passed
storage-8-0	failure
tls-issue-cert-manager-ref-8-0	passed
tls-issue-cert-manager-8-0	passed
tls-issue-self-8-0	passed
upgrade-consistency-8-0	passed
upgrade-haproxy-5-7	passed
upgrade-haproxy-8-0	passed
upgrade-proxysql-5-7	passed
upgrade-proxysql-8-0	passed
users-5-7	passed
users-8-0	passed
validation-hook-8-0	passed
We run 46 out of 46

commit: e6408ab
image: perconalab/percona-xtradb-cluster-operator:PR-2098-e6408ab3

[dependabot]

Superseded by #2107.