chore(deps): update dependency cert-manager/cert-manager to v1.12.0 #19
Loading…
Reference in New Issue
Block a user
No description provided.
Delete Branch "renovate/crds-catalog"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
v1.11.2
->v1.12.0
Release Notes
cert-manager/cert-manager
v1.12.0
Compare Source
v1.12.0
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
cert-manager v1.12 brings support for JSON logging, a lower memory footprint, the support for ephemeral service account tokens with Vault, improved dependency management and the support of the ingressClassName field.
Community
Thanks again to all open-source contributors with commits in this release, including:
Thanks also to the following cert-manager maintainers for their contributions during this release:
Equally thanks to everyone who provided feedback, helped users and raised issues on Github and Slack, joined our meetings and talked to us at Kubecon!
Special thanks to @erikgb for continuously great input and feedback and to @lucacome for always ensuring that our kube deps are up to date!
Thanks also to the CNCF, which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the PrivateCA Issuer.
In addition, massive thanks to Jetstack (by Venafi) for contributing developer time and resources towards the continued maintenance of cert-manager projects.
Changes by Kind
Feature
--concurrent-workers
flag that lets you control the number of concurrent workers for each of our controllers. (#5936, @inteon)acme.solvers.http01.ingress.podTemplate.spec.imagePullSecrets
field to issuer spec to allow to specify image pull secrets for the ACME HTTP01 solver pod. (#5801, @malovme)--watch-certs
flag was renamed to--enable-certificates-data-source
. (#5766, @irbekrm)--dns01-recursive-nameservers
,--enable-certificate-owner-ref
, and--dns01-recursive-nameservers-only
through Helm values. (#5614, @jkroepke)ingressClassName
. The credit goes to @dsonck92 for implementing the initial PR. (#5849, @maelvls)serviceAccountRef
field, cert-manager generates a short-lived token associated to the service account to authenticate to Vault. Along with this new feature, we have added validation logic in the webhook in order to check thevault.auth
field when creating an Issuer or ClusterIssuer. Previously, it was possible to create an Issuer or ClusterIssuer with an invalid value forvault.auth
. (#5502, @maelvls)/livez
endpoint and a default liveness probe, which fails if leader election has been lost and for some reason the process has not exited. The liveness probe is disabled by default. (#5962, @wallrj)--v=5
flag) (#5975, @tobotg)Design
This is not necessarily a breaking change as due to a race condition this may already have been the case. (#5887, @irbekrm)
Documentation
values.yaml
are now working (#5999, @SgtCoDFish)Bug or Regression
cmctl x install
. (#5720, @irbekrm)--acme-http01-solver-image
given to the variableacmesolver.extraArgs
now has precedence over the variableacmesolver.image
. (#5693, @SgtCoDFish)jks
andpkcs12
fields on a Certificate resource with a CA issuer that doesn't set theca.crt
in the Secret resource, cert-manager no longer loop trying to copyca.crt
intotruststore.jks
ortruststore.p12
. (#5972, @vinzent)literalSubject
field on a Certificate resource, the IPs, URIs, DNS names, and email addresses segments are now properly compared. (#5747, @inteon)Other (Cleanup or Flake)
make go-workspace
target for generating a go.work file for local development (#5935, @SgtCoDFish)**BREAKING:*- users who are relying on cainjector to work when
certificates.cert-manager.io
CRD is not installed in the cluster, now need to pass--watch-certificates=false
flag to cainjector else it will not start.Users who only use cainjector as cert-manager's internal component and have a large number of
Certificate
resources in cluster can pass--watch-certificates=false
to avoid cainjector from cachingCertificate
resources and save some memory. (#5746, @irbekrm)automountServiceAccountToken
turned off. (#5754, @wallrj)SecretsFilteredCaching
feature flag. The filtering mechanism might, in some cases, slightly slow down issuance or cause additional requests to kube-apiserver because unlabelled Secret resources that cert-manager controller needs will now be retrieved from kube-apiserver instead of being cached locally. To prevent this from happening, users can label all issuer Secret resources with thecontroller.cert-manager.io/fao: true
label. (#5824, @irbekrm)POTENTIALLY BREAKING: this PR slightly changes how the name of the Challenge resources are calculated. To avoid duplicate issuances due to the Challenge resource being recreated, ensure that there is no in-progress ACME certificate issuance when you upgrade to this version of cert-manager. (#5901, @irbekrm)
v0.26.2
. (#5820, @lucacome)v0.26.3
. (#5907, @lucacome)v0.27.1
. (#5961, @lucacome)certificate.spec.secretName
is a validSecret
name (#5967, @avi-08)certificate.spec.secretName
Secrets will now be labelled withcontroller.cert-manager.io/fao
label (#5660, @irbekrm)Uncategorized
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.