Skip to content

Fix flaws in ClusterBundle API#927

Merged
cert-manager-prow[bot] merged 1 commit into
cert-manager:mainfrom
erikgb:fix-clusterbundle-api-flaws
Apr 7, 2026
Merged

Fix flaws in ClusterBundle API#927
cert-manager-prow[bot] merged 1 commit into
cert-manager:mainfrom
erikgb:fix-clusterbundle-api-flaws

Conversation

@erikgb

@erikgb erikgb commented Apr 5, 2026

Copy link
Copy Markdown
Member

This PR fixes some minor flaws in the new ClusterBundle API noted by Copilot in #702.

Signed-off-by: Erik Godding Boye <egboye@gmail.com>
@erikgb erikgb requested a review from Copilot April 5, 2026 13:43
@cert-manager-prow cert-manager-prow Bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Apr 5, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR corrects minor API/CRD flaws in the ClusterBundle v1alpha2 surface area introduced during the Bundle → ClusterBundle migration, aligning generated docs and kubectl output with the current schema (notably the defaultCAs/multi-key target model).

Changes:

  • Remove kubebuilder:printcolumn / CRD printer columns that referenced non-existent .spec.target.{configMap,secret}.key fields (targets now use data[]).
  • Update status.defaultCAVersion field documentation to reference spec.defaultCAs (replacing the outdated spec.includeDefaultCAs wording).
  • Regenerate/align corresponding applyconfiguration and CRD schema descriptions.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
pkg/applyconfigurations/trustmanager/v1alpha2/bundlestatus.go Updates defaultCAVersion docstring to match the spec.defaultCAs API.
pkg/apis/trustmanager/v1alpha2/types_cluster_bundle.go Removes invalid printer columns and fixes defaultCAVersion documentation reference.
deploy/crds/trust-manager.io_clusterbundles.yaml Removes invalid additionalPrinterColumns and updates the OpenAPI description for defaultCAVersion.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@erikgb

erikgb commented Apr 5, 2026

Copy link
Copy Markdown
Member Author

/cc @SgtCoDFish

@SgtCoDFish SgtCoDFish left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

👍

@cert-manager-prow cert-manager-prow Bot added the lgtm Indicates that a PR is ready to be merged. label Apr 7, 2026
@cert-manager-prow

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: SgtCoDFish

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow cert-manager-prow Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 7, 2026
@cert-manager-prow cert-manager-prow Bot merged commit 21824c2 into cert-manager:main Apr 7, 2026
10 checks passed
eleboucher pushed a commit to eleboucher/homelab that referenced this pull request Apr 17, 2026
…0.22.0 → v0.22.1) (#204)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [quay.io/jetstack/charts/trust-manager](https://cert-manager.io/docs/trust/trust-manager) ([source](https://github.com/cert-manager/trust-manager)) | patch | `v0.22.0` → `v0.22.1` |

---

### Release Notes

<details>
<summary>cert-manager/trust-manager (quay.io/jetstack/charts/trust-manager)</summary>

### [`v0.22.1`](https://github.com/cert-manager/trust-manager/releases/tag/v0.22.1)

[Compare Source](cert-manager/trust-manager@v0.22.1...v0.22.1)

trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.

This release is a patch release, bumping dependencies, Go version, and base images to address vulnerabilities reported by scanners.

The release also contains various non-user-facing changes, preparing for the migration from `Bundle` to `ClusterBundle`.

##### What's Changed

- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;909](cert-manager/trust-manager#909)
- fix(deps): update kubernetes go patches to v0.35.3 by [@&#8203;renovate](https://github.com/renovate)\[bot] in [#&#8203;911](cert-manager/trust-manager#911)
- fix gosec G122 by [@&#8203;inteon](https://github.com/inteon) in [#&#8203;914](cert-manager/trust-manager#914)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;910](cert-manager/trust-manager#910)
- fix: remove trailing dash in certificate.yaml template conditional by [@&#8203;archy-rock3t-cloud](https://github.com/archy-rock3t-cloud) in [#&#8203;916](cert-manager/trust-manager#916)
- Run trust-bundle test in CI by [@&#8203;inteon](https://github.com/inteon) in [#&#8203;915](cert-manager/trust-manager#915)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;917](cert-manager/trust-manager#917)
- chore(deps): update actions/setup-go action to v6.4.0 by [@&#8203;renovate](https://github.com/renovate)\[bot] in [#&#8203;919](cert-manager/trust-manager#919)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;922](cert-manager/trust-manager#922)
- chore(deps): update docker/login-action action to v4.1.0 by [@&#8203;renovate](https://github.com/renovate)\[bot] in [#&#8203;925](cert-manager/trust-manager#925)
- Introduce KAL optional fields checks by [@&#8203;erikgb](https://github.com/erikgb) in [#&#8203;871](cert-manager/trust-manager#871)
- Finalize initial KAL config by [@&#8203;erikgb](https://github.com/erikgb) in [#&#8203;926](cert-manager/trust-manager#926)
- Make Renovate suggest KAL upgrades by [@&#8203;erikgb](https://github.com/erikgb) in [#&#8203;924](cert-manager/trust-manager#924)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;929](cert-manager/trust-manager#929)
- Make Renovate suggest KAL upgrades (take 2) by [@&#8203;erikgb](https://github.com/erikgb) in [#&#8203;928](cert-manager/trust-manager#928)
- Fix flaws in ClusterBundle API by [@&#8203;erikgb](https://github.com/erikgb) in [#&#8203;927](cert-manager/trust-manager#927)
- Remove misleading Helm chart annotation by [@&#8203;erikgb](https://github.com/erikgb) in [#&#8203;930](cert-manager/trust-manager#930)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;931](cert-manager/trust-manager#931)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;932](cert-manager/trust-manager#932)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;935](cert-manager/trust-manager#935)
- fix(deps): update module software.sslmate.com/src/go-pkcs12 to v0.7.1 by [@&#8203;renovate](https://github.com/renovate)\[bot] in [#&#8203;933](cert-manager/trust-manager#933)
- chore(deps): update actions/github-script action to v9 by [@&#8203;renovate](https://github.com/renovate)\[bot] in [#&#8203;934](cert-manager/trust-manager#934)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;936](cert-manager/trust-manager#936)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;938](cert-manager/trust-manager#938)
- Bump trust packages to force rebuild with go 1.26.2 by [@&#8203;erikgb](https://github.com/erikgb) in [#&#8203;937](cert-manager/trust-manager#937)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;939](cert-manager/trust-manager#939)
- fix(deps): update module sigs.k8s.io/structured-merge-diff/v6 to v6.4.0 by [@&#8203;renovate](https://github.com/renovate)\[bot] in [#&#8203;940](cert-manager/trust-manager#940)
- fix(deps): update kubernetes go patches to v0.35.4 by [@&#8203;renovate](https://github.com/renovate)\[bot] in [#&#8203;941](cert-manager/trust-manager#941)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;942](cert-manager/trust-manager#942)

##### New Contributors

- [@&#8203;archy-rock3t-cloud](https://github.com/archy-rock3t-cloud) made their first contribution in [#&#8203;916](cert-manager/trust-manager#916)

**Full Changelog**: <cert-manager/trust-manager@v0.22.0...v0.22.1>

### [`v0.22.1`](https://github.com/cert-manager/trust-manager/releases/tag/v0.22.1)

[Compare Source](cert-manager/trust-manager@v0.22.0...v0.22.1)

trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.

This release is a patch release, bumping dependencies, Go version, and base images to address vulnerabilities reported by scanners.

The release also contains various non-user-facing changes, preparing for the migration from `Bundle` to `ClusterBundle`.

##### What's Changed

- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;909](cert-manager/trust-manager#909)
- fix(deps): update kubernetes go patches to v0.35.3 by [@&#8203;renovate](https://github.com/renovate)\[bot] in [#&#8203;911](cert-manager/trust-manager#911)
- fix gosec G122 by [@&#8203;inteon](https://github.com/inteon) in [#&#8203;914](cert-manager/trust-manager#914)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;910](cert-manager/trust-manager#910)
- fix: remove trailing dash in certificate.yaml template conditional by [@&#8203;archy-rock3t-cloud](https://github.com/archy-rock3t-cloud) in [#&#8203;916](cert-manager/trust-manager#916)
- Run trust-bundle test in CI by [@&#8203;inteon](https://github.com/inteon) in [#&#8203;915](cert-manager/trust-manager#915)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;917](cert-manager/trust-manager#917)
- chore(deps): update actions/setup-go action to v6.4.0 by [@&#8203;renovate](https://github.com/renovate)\[bot] in [#&#8203;919](cert-manager/trust-manager#919)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;922](cert-manager/trust-manager#922)
- chore(deps): update docker/login-action action to v4.1.0 by [@&#8203;renovate](https://github.com/renovate)\[bot] in [#&#8203;925](cert-manager/trust-manager#925)
- Introduce KAL optional fields checks by [@&#8203;erikgb](https://github.com/erikgb) in [#&#8203;871](cert-manager/trust-manager#871)
- Finalize initial KAL config by [@&#8203;erikgb](https://github.com/erikgb) in [#&#8203;926](cert-manager/trust-manager#926)
- Make Renovate suggest KAL upgrades by [@&#8203;erikgb](https://github.com/erikgb) in [#&#8203;924](cert-manager/trust-manager#924)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;929](cert-manager/trust-manager#929)
- Make Renovate suggest KAL upgrades (take 2) by [@&#8203;erikgb](https://github.com/erikgb) in [#&#8203;928](cert-manager/trust-manager#928)
- Fix flaws in ClusterBundle API by [@&#8203;erikgb](https://github.com/erikgb) in [#&#8203;927](cert-manager/trust-manager#927)
- Remove misleading Helm chart annotation by [@&#8203;erikgb](https://github.com/erikgb) in [#&#8203;930](cert-manager/trust-manager#930)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;931](cert-manager/trust-manager#931)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;932](cert-manager/trust-manager#932)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;935](cert-manager/trust-manager#935)
- fix(deps): update module software.sslmate.com/src/go-pkcs12 to v0.7.1 by [@&#8203;renovate](https://github.com/renovate)\[bot] in [#&#8203;933](cert-manager/trust-manager#933)
- chore(deps): update actions/github-script action to v9 by [@&#8203;renovate](https://github.com/renovate)\[bot] in [#&#8203;934](cert-manager/trust-manager#934)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;936](cert-manager/trust-manager#936)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;938](cert-manager/trust-manager#938)
- Bump trust packages to force rebuild with go 1.26.2 by [@&#8203;erikgb](https://github.com/erikgb) in [#&#8203;937](cert-manager/trust-manager#937)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;939](cert-manager/trust-manager#939)
- fix(deps): update module sigs.k8s.io/structured-merge-diff/v6 to v6.4.0 by [@&#8203;renovate](https://github.com/renovate)\[bot] in [#&#8203;940](cert-manager/trust-manager#940)
- fix(deps): update kubernetes go patches to v0.35.4 by [@&#8203;renovate](https://github.com/renovate)\[bot] in [#&#8203;941](cert-manager/trust-manager#941)
- \[CI] Merge self-upgrade-main into main by [@&#8203;octo-sts](https://github.com/octo-sts)\[bot] in [#&#8203;942](cert-manager/trust-manager#942)

##### New Contributors

- [@&#8203;archy-rock3t-cloud](https://github.com/archy-rock3t-cloud) made their first contribution in [#&#8203;916](cert-manager/trust-manager#916)

**Full Changelog**: <cert-manager/trust-manager@v0.22.0...v0.22.1>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDEuMSIsInVwZGF0ZWRJblZlciI6IjQzLjEwMS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19-->

Reviewed-on: https://git.erwanleboucher.dev/eleboucher/homelab/pulls/204
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. lgtm Indicates that a PR is ready to be merged. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants