You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add support for adding custom annotations and labels to the Secret containing the TLS key pair. (#3828, @jonathansp)
Add the deployed cert-manager version to 'kubectl cert-manager version' command (#4226, @inteon)
Added a new optional controller: gateway-shim. cert-manager now supports automatic
creation of certificates for the sig-network Gateway API Gateway, when annotated
similarly to existing support for Ingresses. (#4158, @maelvls)
Added a startup api check Job that waits for the cert-manager api to become ready (#4234, @inteon)
Added the kubectl 'cert-manager check api' command (#4205, @inteon)
Adds CLI command: ctl experimental create certificatesigningrequest for creating a Kuberenetes CertificateSigningRequest based upon a cert-manager Certificate manifest file (#4106, @JoshVanL)
Adds clock_time_seconds metric for calculating expiration time in monitoring systems without a built in function. (#4105, @kit837)
Adds support for Ed25519 private keys and signatures for Certificates (#4079, @annerajb)
cert-manager is now able to sign CertificateSigningRequests using the ACME issuer. Note that
the CertificateSigningRequests support is experimental and requires the use of a flag on the
controller: --feature-gates=ExperimentalCertificateSigningRequestControllers=true (#4112, @JoshVanL)
cert-manager is now able to sign CertificateSigningRequests using the SelfSigned issuer. Note that
the CertificateSigningRequests support is experimental and requires the use of a flag on the
controller: --feature-gates=ExperimentalCertificateSigningRequestControllers=true (#4100, @JoshVanL)
cert-manager is now able to sign CertificateSigningRequests using the Vault issuer. Note that
the CertificateSigningRequests support is experimental and requires the use of a flag on the
controller: --feature-gates=ExperimentalCertificateSigningRequestControllers=true (#4103, @JoshVanL)
cert-manager is now able to sign CertificateSigningRequests using the Venafi issuer. Note that
the CertificateSigningRequests support is experimental and requires the use of a flag on the
controller: --feature-gates=ExperimentalCertificateSigningRequestControllers=true (#4108, @JoshVanL)
cert-manager now supports the sig-network Gateway API to solve HTTP01 challenges. (#4276, @jakexks)
cert-manager now uses the networking.k8s.io/v1 Ingress type if available. (#4225, @jakexks)
Fire event when a CertificateSigningRequest has not yet been approved, so will skip processing until it is. (#4229, @JoshVanL)
kubectl cert-manager x install command is added (#4138, @inteon)
Bug or Regression
Cloudflare: Refactored DNS01 challenge to use API for finding the nearest Zone (fixing potential DNS-Issues) (#4147, @thiscantbeserious)
Fix a bug where failed Certificate Requests were not retried (#4130, @irbekrm)
Fix check for self-signed certificates in EncodeX509Chain which broke certs whose subject DN matched their issuer's subject DN (#4237, @SgtCoDFish)
Fix handling of chains which don't have a root in ParseSingleCertificateChain, and improve handling in situations where that function is passed a single certificate. (#4261, @SgtCoDFish)
Fixed a bug in the "gateway shim" controller that was causing the cert-manager controller to crash
with a nil pointer exception when using the annotation "cert-manager.io/issuer" on a Gateway that
had an empty tls block or with certificateRef left empty. (#4293, @maelvls)
Fixed a goroutine leak that was causing the controller's memory usage to grow with time (#4233, @maelvls)
Fixed a race condition introduced in v0.15.0 that would crash cert-manager for clusters
with a large number of certificates. (#4231, @maelvls)
Set correct exit codes on ctrl+c event & process defer calls on error (#4230, @inteon)
Set correct labels on resources in static manifest yaml files (#4190, @inteon)
Other (Cleanup or Flake)
Adds conformance E2E suite for CertificateSigningRequests (#4101, @JoshVanL)
Allows to configure labels on cert-manager webhook service via a Helm value. (#4260, @mozz-lx)
Allows to configure which annotations get copied from Certificate to CertificateRequest. Annotations with keys prefixed with kubectl.kubernetes.io/, fluxcd.io, argocd.argoproj.io are now excluded by default. (#4251, @irbekrm)
Minor cleanup of make targets, to prepare for more use of make in cert-manager (#4109, @SgtCoDFish)
Pre-v1 cert-manager resource requests now must be converted to v1 in order to be validated/mutated by admission webhooks. (Default cert-manager validating and mutating webhook configurations ensure the resource requests are being converted) (#4172, @irbekrm)
Reduce binary sizes by adding "-w" as ldflag (#4181, @inteon)
Regression: CertificateSigningRequests will no longer have a experimental.cert-manager.io/ca annotation set. (#4143, @JoshVanL)
Remove v1beta1 as an accepted AdmissionReviewVersion. cert-manager now only supports v1, available since Kubernetes v1.16 (#4254, @JoshVanL)
Remove v1beta1 as an accepted ConversionReviewVersion. cert-manager now only supports v1, available since Kubernetes v1.16 (#4253, @JoshVanL)
The controllers now exit more cleanly (eg. the Leader Election Lease is freed properly on shutdown) (#4243, @inteon)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Release notes for release-1.5
Changelog since v1.4.0
Changes by Kind
Feature
creation of certificates for the sig-network Gateway API Gateway, when annotated
similarly to existing support for Ingresses. (#4158, @maelvls)
ctl experimental create certificatesigningrequest
for creating a Kuberenetes CertificateSigningRequest based upon a cert-manager Certificate manifest file (#4106, @JoshVanL)the CertificateSigningRequests support is experimental and requires the use of a flag on the
controller:
--feature-gates=ExperimentalCertificateSigningRequestControllers=true
(#4112, @JoshVanL)the CertificateSigningRequests support is experimental and requires the use of a flag on the
controller:
--feature-gates=ExperimentalCertificateSigningRequestControllers=true
(#4100, @JoshVanL)the CertificateSigningRequests support is experimental and requires the use of a flag on the
controller:
--feature-gates=ExperimentalCertificateSigningRequestControllers=true
(#4103, @JoshVanL)the CertificateSigningRequests support is experimental and requires the use of a flag on the
controller:
--feature-gates=ExperimentalCertificateSigningRequestControllers=true
(#4108, @JoshVanL)kubectl cert-manager x install
command is added (#4138, @inteon)Bug or Regression
with a nil pointer exception when using the annotation "cert-manager.io/issuer" on a Gateway that
had an empty
tls
block or withcertificateRef
left empty. (#4293, @maelvls)with a large number of certificates. (#4231, @maelvls)
Other (Cleanup or Flake)
kubectl.kubernetes.io/
,fluxcd.io
,argocd.argoproj.io
are now excluded by default. (#4251, @irbekrm)experimental.cert-manager.io/ca
annotation set. (#4143, @JoshVanL)Dependencies
Added
Changed
This discussion was created from the release v1.5.0-beta.0.
Beta Was this translation helpful? Give feedback.
All reactions