chore(deps): bump github.com/cert-manager/cert-manager from 1.15.3 to 1.16.1

[dependabot]

Bumps github.com/cert-manager/cert-manager from 1.15.3 to 1.16.1.

Release notes

Sourced from github.com/cert-manager/cert-manager's releases.

v1.16.1

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

The cert-manager 1.16 release includes: new Helm chart features, more Prometheus metrics, memory optimizations, and various improvements and bug fixes for the ACME issuer and Venafi Issuer.

📖 Read the complete 1.16 release notes before upgrading.

📜Changes since v1.16.0

Bug or Regression

• BUGFIX: Helm schema validation: the new schema validation was too strict for the "global" section. Since the global section is shared across all charts and sub-charts, we must also allow unknown fields. (#7348, @inteon)
• BUGFIX: Helm will now accept percentages for the podDisruptionBudget.minAvailable and podDisruptionBudget.maxAvailable values. (#7345, @inteon)
• Helm: allow enabled to be set as a value to toggle cert-manager as a dependency. (#7356, @inteon)
• BUGFIX: A change in v1.16.0 caused cert-manager's ACME ClusterIssuer to look in the wrong namespace for resources required for the issuance (e.g. credential Secrets). This is now fixed in v1.16.1. (#7342, @inteon)

v1.16.0

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

The cert-manager 1.16 release includes: new Helm chart features, more Prometheus metrics, memory optimizations, and various improvements and bug fixes for the ACME issuer and Venafi Issuer.

📖 Read the complete 1.16 release notes at cert-manager.io.

⚠️ Known issues

1. Helm Chart: JSON schema prevents the chart being used as a sub-chart on Rancher RKE.
2. ACME DNS01 ClusterIssuer fail while loading credentials from Secret resources.

❗ Breaking changes

1. Helm schema validation may reject your existing Helm values files if they contain typos or unrecognized fields.
2. Venafi Issuer may fail to renew certificates if the requested duration conflicts with the CA’s minimum or maximum policy settings in Venafi.
3. Venafi Issuer may fail to renew Certificates if the issuer has been configured for TPP with username-password authentication.

📖 Read the complete 1.16 release notes at cert-manager.io.

📜 Changes since v1.15.0

📖 Read the complete 1.16 release notes at cert-manager.io.

Feature

• Add SecretRef support for Venafi TPP issuer CA Bundle (#7036, @sankalp-at-gh)
• Add renewBeforePercentage alternative to renewBefore (#6987, @cbroglie)
• Add a metrics server to the cainjector (#7194, @wallrj)
• Add a metrics server to the webhook (#7182, @wallrj)
• Add client certificate auth method for Vault issuer (#4330, @joshmue)
• Add process and go runtime metrics for controller (#6966, @mindw)
• Added app.kubernetes.io/managed-by: cert-manager label to the cert-manager-webhook-ca Secret (#7154, @jrcichra)
• Allow the user to specify a Pod template when using GatewayAPI HTTP01 solver, this mirrors the behavior when using the Ingress HTTP01 solver. (#7211, @ThatsMrTalbot)
• Create token request RBAC for the cert-manager ServiceAccount by default (#7213, @Jasper-Ben)

... (truncated)

Commits

• ff50c06 Merge pull request #7356 from cert-manager-bot/cherry-pick-7350-to-release-1.16
• 2298278 Helm: add enabled to json schema
• 02f4a60 Merge pull request #7355 from cert-manager-bot/cherry-pick-7351-to-release-1.16
• 7525267 Helm chart: fix documentation for service accounts annotations
• b44f375 Merge pull request #7348 from cert-manager/self-upgrade-release-1.16
• c3bdc1f Run 'make upgrade-klone' and 'make generate'
• 2d22a92 Merge pull request #7345 from cert-manager-bot/cherry-pick-7343-to-release-1.16
• 4f4ea8b update schema validation for minAvailable and maxAvailable to accept both str...
• 17d9d81 Merge pull request #7342 from cert-manager-bot/cherry-pick-7339-to-release-1.16
• 1144aab add ACME ClusterIssuer resource namespace test
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once CI passes on it, as requested by @rhacs-bot.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[rhacs-bot]

@dependabot squash and merge