Update Helm release cert-manager to v1.10.1
This MR contains the following updates:
Package | Update | Change |
---|---|---|
cert-manager | minor |
v1.9.1 -> v1.10.1
|
⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.
Release Notes
cert-manager/cert-manager
v1.10.1
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
cert-manager v1.10.1 is a bug fix release which fixes a problem which prevented the Venafi Issuer from connecting to TPP servers where the vedauth API endpoints were configured to accept client certificates. It is also compiled with a newer version of Go 1.19 (v1.19.3) which fixes some vulnerabilities in the Go standard library.
v1.10.0
Changes since Bug or Regression
- The Venafi Issuer now supports TLS 1.2 renegotiation, so that it can connect to TPP servers where the
vedauth
API endpoints are configured to accept client certificates. (Note: This does not mean that the Venafi Issuer supports client certificate authentication). (#5576, @wallrj) - Upgrade to latest go patch release (#5560, @SgtCoDFish )
v1.10.0
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
Version 1.10 adds a variety of quality-of-life fixes and features including improvements to the test suite.
Changes since v1.9.1
Feature
- Add
issuer_name
,issuer_kind
andissuer_group
labels tocertificate_expiration_timestamp_seconds
,certmanager_certificate_renewal_timestamp_seconds
andcertmanager_certificate_ready_status
metrics (#5461, @dkulchinsky) - Add make targets for running scans with trivy against locally built containers (#5358, @SgtCoDFish)
- CertificateRequests: requests that use the SelfSigned Issuer will be re-reconciled when the target private key Secret has been informed
cert-manager.io/private-key-secret-name
. This resolves an issue whereby a request would never be signed when the target Secret was not created or was misconfigured before the request. (#5336, @JoshVanL) - CertificateSigningRequests: requests that use the SelfSigned Issuer will be re-reconciled when the target private key Secret has been informed
experimental.cert-manager.io/private-key-secret-name
. This resolves an issue whereby a request would never be signed when the target Secret was not created or was misconfigured before the request. CertificateSigningRequets will also now no-longer be marked as failed when the target private key Secret is malformed- now only firing an event. When the Secret data is resolved, the request will attempt issuance. (#5379, @JoshVanL) - Upgraded Gateway API to v0.5.0 (#5376, @inteon)
- Add caBundleSecretRef to the Vault Issuer to allow referencing the Vault CA Bundle with a Secret. Cannot be used in conjunction with the in-line caBundle field. (#5387, @Tolsto)
- The feature to create certificate requests with the name being a function of certificate name and revision has been introduced under the feature flag "StableCertificateRequestName" and it is disabled by default. This helps to prevent the error "multiple CertificateRequests were found for the 'next' revision...". (#5487, @sathyanarays)
- Helm: Added a new parameter
commonLabels
which gives you the capability to add the same label on all the resource deployed by the chart. (#5208, @thib-mary)
Bug or Regression
- CertificateSigningRequest: no longer mark a request as failed when using the SelfSigned issuer, and the Secret referenced in
experimental.cert-manager.io/private-key-secret-name
doesn't exist. (#5323, @JoshVanL) - DNS Route53: Remove incorrect validation which rejects solvers that don't define either a
accessKeyID
orsecretAccessKeyID
. (#5339, @JoshVanL) - Enhanced securityContext for PSS/restricted compliance. (#5259, @joebowbeer)
- Fix issue where CertificateRequests marked as InvalidRequest did not properly trigger issuance failure handling leading to 'stuck' requests (#5366, @munnerz)
-
cmctl
andkubectl cert-manager
now report their actual versions instead of "canary", fixing issue #5020 (#5022, @maelvls)
Other
- Avoid hard-coding release namespace in helm chart (#5163, @james-callahan)
- Bump cert-manager's version of Go to
1.19
(#5466, @lucacome) - Remove
.bazel
and.bzl
files from cert-manager now that bazel has been fully replaced (#5340, @SgtCoDFish) - Updates Kubernetes libraries to
v0.25.2
. (#5456, @lucacome) - Add annotations for ServiceMonitor in helm chart (#5401, @sathieu)
- Helm: Add NetworkPolicy support (#5417, @mjudeikis)
- To help troubleshooting, make the container names unique.
BREAKING: this change will break scripts/ CI that depend on
cert-manager
being the container name. (#5410, @rgl)
Thank You!
Thank you to the following community members who had a merged MR for this version - your contributions are at the heart of everything we do!
- @joebowbeer
- @rgl
- @lucacome
- @sathieu
- @mjudeikis
- @james-callahan
- @dkulchinsky
- @thib-mary
- @Tolsto
- @sathyanarays
Thanks also to the following maintainers who worked on cert-manager 1.10:
v1.9.2
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
cert-manager v1.9.2
is a bug fix release which fixes an issue where CertificateRequests marked as InvalidRequest did not properly trigger issuance failure handling leading to 'stuck' requests, and a problem which prevented the Venafi Issuer from connecting to TPP servers where the vedauth
API endpoints were configured to accept client certificates.
It is also compiled with a newer version of Go 1.18 (v1.18.8
) which fixes some vulnerabilities in the Go standard library.
v1.9.1
Changes since Bug or Regression
- Fix issue where CertificateRequests marked as InvalidRequest did not properly trigger issuance failure handling leading to 'stuck' requests. (#5371, @munnerz )
- The Venafi Issuer now supports TLS 1.2 renegotiation, so that it can connect to TPP servers where the
vedauth
API endpoints are configured to accept client certificates. (Note: This does not mean that the Venafi Issuer supports client certificate authentication). (#5577, @wallrj) - Upgrade to latest go patch release. (#5561, @SgtCoDFish)
Configuration
-
If you want to rebase/retry this MR, click this checkbox.
This MR has been generated by Renovate Bot.