Robot Upgrade: cert-manager chart upgrade from v1.16.4 to v1.19.1

[weizhoublue]

I am robot, upgrade: project cert-manager chart upgrade from v1.16.4 to v1.19.1

[gemini-code-assist]

Summary of Changes

Hello @weizhoublue, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request orchestrates a comprehensive upgrade of the cert-manager Helm chart from v1.16.4 to v1.19.1. The update streamlines installation processes, introduces new configuration parameters for enhanced control over Kubernetes resource deployment, and integrates the latest features and API definitions from the cert-manager project. These changes aim to improve the chart's flexibility, maintainability, and alignment with current Kubernetes ecosystem standards.

Highlights

• Cert-Manager Chart Upgrade: The cert-manager Helm chart has been upgraded from version v1.16.4 to v1.19.1, updating appVersion and version fields across relevant Chart.yaml files.
• Updated Installation & Uninstallation Documentation: The README.md now reflects the new Helm installation method, which includes enabling CRDs directly via helm install --set crds.enabled=true, and provides updated instructions for uninstalling CRDs.
• New Global Configuration Options: New global configuration options, nodeSelector and hostUsers, have been introduced to provide more control over pod scheduling and user namespace settings, respectively.
• Feature Gate Updates: The controller's config.featureGates have been updated to align with v1.18.1 defaults, incorporating new GA, BETA, and ALPHA features, including enableGatewayAPI.
• New Custom Resource Definitions (CRDs): New CRD definitions for orders.acme.cert-manager.io, certificaterequests.cert-manager.io, and certificates.cert-manager.io have been added, reflecting expanded or updated API capabilities.
• Improved Templating and RBAC: Helm templates have been refined to support conditional imagePullSecrets and hostUsers for various deployments, updated nodeSelector logic, and enhanced serviceAccount.annotations to support templating. RBAC roles for tokenrequest now use fullname for consistent naming.
• Prometheus & Network Policy Enhancements: The prometheus.servicemonitor.targetPort default has changed from a number to a string (http-metrics), and webhook network policies now include IPv6 (::/0) alongside IPv4 (0.0.0.0/0) for broader compatibility.
• Private Key Rotation Policy Warning: A warning has been added to NOTES.txt regarding the new default private key rotation policy (Always) in cert-manager versions v1.18.0 and above.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request upgrades the cert-manager Helm chart from v1.16.4 to v1.19.1. The changes are extensive, reflecting the updates in the upstream chart, including version bumps, documentation updates, new features like global.hostUsers, and template improvements for better flexibility and consistency. The review identified a few minor issues, primarily related to documentation inconsistencies and trailing whitespace in template files, which should be addressed to improve clarity and maintain code quality. Overall, the upgrade appears to be handled correctly.

[gemini-code-assist]

There is trailing whitespace on this line. While many YAML parsers handle this gracefully, it's best practice to remove it to avoid potential issues and maintain clean code style.

      hostUsers: {{ .Values.global.hostUsers }}

[gemini-code-assist]

This line has trailing whitespace. To maintain code cleanliness and prevent potential parsing issues with different tools, it's recommended to remove it.

      hostUsers: {{ .Values.global.hostUsers }}

[gemini-code-assist]

There is trailing whitespace on this line. It's good practice to remove it to ensure consistent formatting and prevent any unexpected behavior from whitespace-sensitive tools.

      hostUsers: {{ .Values.global.hostUsers }}

[gemini-code-assist]

This line contains trailing whitespace. Please remove it to adhere to best practices for YAML files and avoid potential parsing issues.

      hostUsers: {{ .Values.global.hostUsers }}

[gemini-code-assist]

The JSON schema for prometheus.servicemonitor.targetPort is missing a type definition. While the default is now a string (http-metrics), it should also support integer values for flexibility. The README correctly documents this as string,integer. Please add the type definition to ensure the schema is accurate and useful for validation tools.

"default": "http-metrics",
"description": "The target port to set on the ServiceMonitor. This must match the port that the cert-manager controller is listening on for metrics.",
"type": ["string", "integer"]

[gemini-code-assist]

The documentation for global.hostUsers appears to be contradictory. Line 39 states it's to "run in a user namespace without host access", but line 46 says to "Set to false" to achieve this. This is confusing for users. Please clarify the description to indicate which value (true or false) enables the feature.

    # Set all pods to run in a user namespace without host access.
    # Experimental: may be removed once the Kubernetes User Namespaces feature is GA.
    #
    # Requirements:
    #   - Kubernetes ≥ 1.33, or
    #   - Kubernetes 1.27–1.32 with UserNamespacesSupport feature gate enabled.
    #
    # Set to `true` to run pods in a user namespace without host access.
    #
    # See [limitations](https://kubernetes.io/docs/concepts/workloads/pods/user-namespaces/#limitations) for details.
    # +docs:property
    # hostUsers: false