Update Helm release cert-manager to v1.13.0 #734
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.12.4
->v1.13.0
Release Notes
cert-manager/cert-manager (cert-manager)
v1.13.0
Compare Source
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
This is the 1.13 release of cert-manager!
cert-manager 1.13 brings support for DNS over HTTPS, support for loading options from a versioned
config file for the cert-manager controller, and more. This release also includes the promotion of
the StableCertificateRequestName and SecretsFilteredCaching feature gates to Beta.
Breaking Changes (You MUST read this before you upgrade!)
.featureGates
value set, the features defined there will no longer be passed to cert-manager webhook, only to cert-manager controller. Usewebhook.featureGates
field instead to define features to be enabled on webhook. (#6093, @irbekrm)--feature-gates
flag, this will now break (unless the webhook actually has a feature by that name). (#6093, @irbekrm)Community
Welcome to these new cert-manager members (more info - https://github.com/cert-manager/cert-manager/pull/6260):
@jsoref
@FlorianLiebhart
@hawksight
@erikgb
Thanks again to all open-source contributors with commits in this release, including:
@AcidLeroy
@FlorianLiebhart
@lucacome
@cypres
@erikgb
@ubergesundheit
@jkroepke
@jsoref
@gdvalle
@rouke-broersma
@schrodit
@zhangzhiqiangcs
@arukiidou
@hawksight
@Richardds
@kahirokunn
Thanks also to the following cert-manager maintainers for their contributions during this release:
@SgtCoDFish
@maelvls
@irbekrm
@inteon
Equally thanks to everyone who provided feedback, helped users and raised issues on Github and Slack and joined our meetings!
Special thanks to @AcidLeroy for adding "load options from a versioned config file" support for the cert-manager controller! This has been on our wishlist for a very long time. (see https://github.com/cert-manager/cert-manager/pull/5337)
Also, thanks a lot to @FlorianLiebhart for adding support for DNS over HTTPS for the ACME DNS self-check. This is very useful in case all traffic must be HTTP(S) trafic, eg. when using a HTTPS_PROXY. (see https://github.com/cert-manager/cert-manager/pull/5003)
Thanks also to the CNCF, which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the PrivateCA Issuer.
In addition, massive thanks to Venafi for contributing developer time and resources towards the continued maintenance of cert-manager projects.
Changes since v1.12.0
Feature
cluster-reader
aggregated cluster role (#6241, @erikgb)enableServiceLinks
configurable for all Deployments andstartupapicheck
Job in Helm chart. (#6292, @ubergesundheit)Design
The DNS check method to be used is controlled through the command line flag:
--dns01-recursive-nameservers-only=true
in combination with--dns01-recursive-nameservers=https://<DoH-endpoint>
(e.g.https://8.8.8.8/dns-query
). It keeps using DNS lookup as a default method. (#5003, @FlorianLiebhart)Bug or Regression
cmctl check api --wait 0
exited without output and exit code 1; we now make sure we perform the API check at least once and return with the correct error code (#6109, @inteon).featureGates
value set, the features defined there will no longer be passed to cert-manager webhook, only to cert-manager controller. Usewebhook.featureGates
field instead to define features to be enabled on webhook.--feature-gates
flag, this will now break (unless the webhook actually has a feature by that name). (#6093, @irbekrm)net.IP.String()
function would have printed that address. (#6293, @SgtCoDFish)enableServiceLinks
option for our ACME http solver pods, because the option caused the pod to be in a crash loop in a cluster with lot of services. (#6143, @schrodit)Other (Cleanup or Flake)
cert-manager.io/common-name
,cert-manager.io/alt-names
, ... annotations on Secrets are kept at their correct value. (#6176, @inteon)v0.27.2
. (#6077, @lucacome)v0.27.4
. (#6227, @lucacome)Configuration
📅 Schedule: Branch creation - "before 6am on Monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.