- feat(helm): Rename
secureMetricstometricsand addmetrics.secureandmetrics.metricsAddressas configuration values. This way, Prometheus can scrape the controller manager metrics without the secure metrics proxy. - feat(helm): Add configuration element in Helm chart default values file to configure container ports on the controller manager container.
- fix(deps): Update golang.org/x/net to v0.19.0
- fix(dockerfile): Upgrade builder image to golang:1.20 to address CVE-2023-38408
- feat(controller): Implement Kubernetes
client-goREST client for Secret/ConfigMap retrieval to bypasscontroller-runtimecaching system. This enables the reconciler to retrieve Secret and ConfigMap resources at the namespace scope with only namespace-level permissions.
- fix(helm): Add configuration flag to configure chart to either grant cluster-scoped or namespace-scoped access to Secret and ConfigMap API
- fix(controller): Add logic to read secret from reconciler namespace or Issuer namespace depending on Helm configuration.
- feat(signer): Signer recognizes
metadata.command-issuer.keyfactor.com/<metadata-field-name>: <metadata-value>annotations on the CertificateRequest resource and uses them to populate certificate metadata in Command. - feat(release): Container build and release now uses GitHub Actions.
- fix(helm): CRDs now correspond to correct values for the
command-issuer. - fix(helm): Signer Helm Chart now includes a
secureMetricsvalue to enable/disable sidecar RBAC container for further protection of the/metricsendpoint. - fix(signer): Signer now returns CA chain bytes instead of appending to the leaf certificate.
- fix(role): Removed permissions for
configmapsresource types for theleader-election-rolerole.