Automatically provision and manage TLS certificates in Kubernetes
APACHE-2.0 License
Bot releases are hidden (Show)
Published by munnerz over 6 years ago
This is an alpha release of cert-manager. It is subject to change in breaking ways
and should only be used for testing the latest features of cert-manager in order to
provide feedback ahead of a non-alpha release.
This is a big feature filled release of cert-manager, and the first since moving to a
more frequent release model.
There's been a huge uptick in community contributions to the project, and this release
comprises the combined effort of 36 code contributors and hundreds of users reporting
issues, feature requests and bug reports!
There's quite a few big headline points, so we'll get straight in:
This release of cert-manager brings the long-awaited ACMEv2 support, and with it, Let's Encrypt
wildcard certificates!
This allows you to request certificates for wildcard domains, e.g. *.example.com, which can be used
to secure many different subdomains of your domain!
The introduction of ACMEv2 is a breaking change. Please read the notes below in the Action Required
section for details on how to handle your existing ACME Issuers whilst upgrading from v0.2.x.
Whilst this note applies to the v0.2.x release series also, it is worth noting.
We have now moved to readthedocs.io and reStructuredText for our documentation.
This should hopefully make it easier for external collaborators to make quick edits
to our documentation, and should provide more structure.
We'd like to take the time to thank all those that have opened issues or opened pull requests against
our documentation - it's a difficult thing to get right, but it's imperative our documentation is
clear for new users adopting the project.
When cert-manager was first released, only CloudDNS and Cloudflare DNS01 providers were
supported when solving ACME challenges.
As new users, each using their own DNS providers, have adopted the project; there has been
a flurry of contributions adding support for the variety of providers out there.
With this release, we support the following DNS providers when solving ACME DNS01 challenges:
There are pull requests in flight to add support for:
Supporting resources for ClusterIssuer's (e.g. signing CA certificates, or ACME account private keys) will now be stored in the same namespace as cert-manager, instead of kube-system in previous versions (#329, @munnerz):
Action required: you will need to ensure to properly manually migrate these referenced resources across into the deployment namespace of cert-manager, else cert-manager may not be able to find account private keys or signing CA certificates. (TODO: link to docs guide)
Use ConfigMaps for leader election (#327, @mikebryant):
Action required: Before upgrading, scale the cert-manager Deployment to 0, to avoid two controllers attempting to operate on the same resources
Remove support for ACMEv1 in favour of ACMEv2 (#309, @munnerz):
Action required: As this release drops support for ACMEv1, all Issuer resources that use ACMEv1 endpoints (e.g. existing Let's Encrypt Issuers) will need updating to use equivalent ACMEv2 endpoints. (TODO: link to docs guide)
--issuer-ambient-credentials
and --cluster-issuer-ambient-credentials
flags on the cert-manager controller. (#363, @euank)kubernetes.io/tls-acme
annotation if the value of that annotation is true. (#325, @wmedlar)cert
and certs
. This is configurable in the Helm Chart with certificateResourceShortNames
. (#312, @Mikulas)Published by munnerz over 6 years ago
This release helps diagnosing abusive traffic patterns against Letsencrypt when using cert-manager.
The only addition is to add a meaningful user agent to the ACME client, which will allow the Letsencrypt admins to monitor how various versions of cert-manager are being used with their service.
It's advised that all users upgrade to v0.2.4, as it is a small upgrade that will help to improve cert-manager (and great services like Letsencrypt!) in future 🎉
Published by munnerz almost 7 years ago
This release fixes a number of bugs in the ACME validation flow, as well as a critical bug that could cause a panic due to a race condition. It is advised that all cert-manager users update as soon as possible.
Published by munnerz almost 7 years ago
This release adds an experimental ingress-shim controller that can be used to automate creation of Certificate resources based on annotations on Ingress resources.
You can install cert-manager with a command similar to below to set a default issuer for ingress resources that specify kube-lego's kubernetes.io/tls-acme: "true"
annotation:
helm upgrade --install cert-manager ./contrib/charts/cert-manager --set ingressShim.extraArgs='{--default-issuer-name=letsencrypt-staging,--default-issuer-kind=ClusterIssuer}'
For more information on the available annotations on ingress resources, see the ingress-shim source. Full documentation and user guides will follow, feedback on its design is greatly appreciated.
Published by munnerz almost 7 years ago
This is a bugfix release that resolves an issue that could lead to cert-manager entering an issuance loop, exhausting ACME rate limits and causing certificates to constantly update.
Published by munnerz almost 7 years ago
Published by munnerz almost 7 years ago
repository. A
helm upgrade` should take care of this. (#145, @munnerz)--namespace
flag set (#179, @munnerz)Published by munnerz almost 7 years ago
This release fixes some issues with the ACME implementation when using the GCLB ingress controller. Previously, cert-manager might have passed the HTTP01 self check before the new path had propagated to all of Google's edge locations.
This release also fixes a race in the HTTP01 challenge solver.
Published by munnerz about 7 years ago
This is the first release of cert-manager. It is currently still not in a production ready state, and features are subject to change.
Notable features:
Please check the README for a quick-start guide.
We really value any feedback and contributions to the project. If you'd like to get involved, please open some issues, comment or pick something up and get started!