CLOUD-727: Bump github.com/cert-manager/cert-manager from 1.18.2 to 1.19.0

[dependabot]

Bumps github.com/cert-manager/cert-manager from 1.18.2 to 1.19.0.

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.19.0

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ Known issues: We are working on a patch to fix the following issues:

• Unexpected certificate renewal after upgrading to 1.19.0

This release focuses on expanding platform compatibility, improving deployment flexibility, enhancing observability, and addressing key reliability issues.

📖 Read the full release notes at cert-manager.io: https://cert-manager.io/docs/releases/release-notes/release-notes-1.19

Changes since v1.18.0:

Feature

• Add IPv6 rules to the default network policy (#7726, @​jcpunk)
• Add global.nodeSelector to helm chart to allow for a single nodeSelector to be set across all services. (#7818, @​StingRayZA)
• Add a feature gate to default to Ingress pathType Exact in ACME HTTP01 Ingress challenge solvers. (#7795, @​sspreitzer)
• Add generated applyconfigurations allowing clients to make type-safe server-side apply requests for cert-manager resources. (#7866, @​erikgb)
• Added API defaults to issuer references group (cert-manager.io) and kind (Issuer). (#7414, @​erikgb)
• Added certmanager_certificate_challenge_status Prometheus metric. (#7736, @​hjoshi123)
• Added protocol field for rfc2136 DNS01 provider (#7881, @​hjoshi123)
• Added experimental field hostUsers flag to all pods. Not set by default. (#7973, @​hjoshi123)
• Support configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global --acme-http01-solver-resource-* settings. (#7972, @​lunarwhite)
• The CAInjectorMerging feature has been promoted to BETA and is now enabled by default (#8017, @​ThatsMrTalbot)
• The controller, webhook and ca-injector now log their version and git commit on startup for easier debugging and support. (#8072, @​prasad89)
• Updated certificate metrics to the collector approach. (#7856, @​hjoshi123)

Bug or Regression

• ACME: Increased challenge authorization timeout to 2 minutes to fix error waiting for authorization (#7796, @​hjoshi123)
• BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (#7816, @​kinolaev)
• Enforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (class, ingressClassName, name) are specified simultaneously (#8021, @​lunarwhite)
• Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (#7961, @​SgtCoDFish)
• Reverted adding the global.rbac.disableHTTPChallengesRole Helm option. (#7836, @​inteon)
• This change removes the path label of core ACME client metrics and will require users to update their monitoring dashboards and alerting rules if using those metrics. (#8109, @​mladen-rusev-cyberark)
• Use the latest version of ingress-nginx in E2E tests to ensure compatibility (#7792, @​wallrj)

Other (Cleanup or Flake)

• Helm: Fix naming template of tokenrequest RoleBinding resource to improve consistency (#7761, @​lunarwhite)
• Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (#7928, @​SgtCoDFish)
• Major upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. (#8003, @​hjoshi123)
• Update kind images to include the Kubernetes 1.33 node image (#7786, @​wallrj)
• Use maps.Copy for cleaner map handling (#8092, @​quantpoet)
• Vault: Migrate Vault E2E add-on tests from deprecated vault-client-go to the new vault/api client. (#8059, @​armagankaratosun)

v1.19.0-alpha.0

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ This is a pre-release. For testing only!

... (truncated)

Commits

• 12a3ef9 Merge pull request #8142 from cert-manager/renovate/kubernetes-go-deps
• 50f4142 fix(deps): update module sigs.k8s.io/controller-runtime to v0.22.2
• 55c8b13 Merge pull request #8140 from cert-manager/renovate/kubernetes-go-deps
• b532b0d fix(deps): update module sigs.k8s.io/gateway-api to v1.4.0
• 2b1e348 Merge pull request #8138 from cert-manager/self-upgrade-master
• 24e1c7a BOT: run 'make upgrade-klone' and 'make generate'
• 290d577 Merge pull request #8137 from cert-manager/renovate/misc-go-deps
• 8b1650c fix(deps): update misc go deps
• 0343fae Merge pull request #8136 from cert-manager/self-upgrade-master
• dbb59b7 BOT: run 'make upgrade-klone' and 'make generate'
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[JNKPercona]

Test name	Status
arbiter	failure
balancer	failure
cross-site-sharded	failure
custom-replset-name	failure
custom-tls	failure
custom-users-roles	failure
custom-users-roles-sharded	failure
data-at-rest-encryption	failure
data-sharded	failure
demand-backup	failure
demand-backup-eks-credentials-irsa	skipped
demand-backup-fs	skipped
demand-backup-if-unhealthy	skipped
demand-backup-incremental	skipped
demand-backup-incremental-sharded	skipped
demand-backup-physical-parallel	skipped
demand-backup-physical-aws	skipped
demand-backup-physical-azure	skipped
demand-backup-physical-gcp-s3	skipped
demand-backup-physical-gcp-native	skipped
demand-backup-physical-minio	skipped
demand-backup-physical-sharded-parallel	skipped
demand-backup-physical-sharded-aws	skipped
demand-backup-physical-sharded-azure	skipped
demand-backup-physical-sharded-gcp-native	skipped
demand-backup-physical-sharded-minio	skipped
demand-backup-sharded	skipped
expose-sharded	skipped
finalizer	skipped
ignore-labels-annotations	skipped
init-deploy	skipped
ldap	skipped
ldap-tls	skipped
limits	skipped
liveness	skipped
mongod-major-upgrade	skipped
mongod-major-upgrade-sharded	skipped
monitoring-2-0	skipped
monitoring-pmm3	skipped
multi-cluster-service	skipped
multi-storage	skipped
non-voting-and-hidden	skipped
one-pod	skipped
operator-self-healing-chaos	skipped
pitr	skipped
pitr-physical	skipped
pitr-sharded	skipped
pitr-to-new-cluster	skipped
pitr-physical-backup-source	skipped
preinit-updates	skipped
pvc-resize	skipped
recover-no-primary	skipped
replset-overrides	skipped
rs-shard-migration	skipped
scaling	skipped
scheduled-backup	skipped
security-context	skipped
self-healing-chaos	skipped
service-per-pod	skipped
serviceless-external-nodes	skipped
smart-update	skipped
split-horizon	skipped
stable-resource-version	skipped
storage	skipped
tls-issue-cert-manager	skipped
upgrade	skipped
upgrade-consistency	skipped
upgrade-consistency-sharded-tls	skipped
upgrade-sharded	skipped
upgrade-partial-backup	skipped
users	skipped
version-service	skipped
We run 10 out of 72

commit: 1e38f98
image: perconalab/percona-server-mongodb-operator:PR-2085-1e38f980