Automatically provision and manage TLS certificates in Kubernetes
APACHE-2.0 License
Bot releases are visible (Hide)
Published by jetstack-release-bot about 3 years ago
--feature-gates=ExperimentalGatewayAPISupport=true
command line flag on the cert-manager controller (https://github.com/jetstack/cert-manager/pull/4320, @jakexks)Published by jetstack-release-bot about 3 years ago
Published by jetstack-release-bot about 3 years ago
Published by jetstack-release-bot about 3 years ago
This release adds support for the upcoming Kubernetes 1.22 release. You must upgrade to this beta version if you are trying out Kubernetes 1.22.
ctl experimental create certificatesigningrequest
for creating a Kuberenetes CertificateSigningRequest based upon a cert-manager Certificate manifest file (#4106, @JoshVanL)--feature-gates=ExperimentalCertificateSigningRequestControllers=true
(#4112, @JoshVanL)--feature-gates=ExperimentalCertificateSigningRequestControllers=true
(#4100, @JoshVanL)--feature-gates=ExperimentalCertificateSigningRequestControllers=true
(#4103, @JoshVanL)--feature-gates=ExperimentalCertificateSigningRequestControllers=true
(#4108, @JoshVanL)kubectl cert-manager x install
command is added (#4138, @inteon)tls
block or with certificateRef
left empty. (#4293, @maelvls)kubectl.kubernetes.io/
, fluxcd.io
, argocd.argoproj.io
are now excluded by default. (#4251, @irbekrm)experimental.cert-manager.io/ca
annotation set. (#4143, @JoshVanL)Published by jetstack-release-bot about 3 years ago
Thanks to Wilson Júnior (@wpjunior) for the PR which originally exposed the certificate chain issue which this release fixes!
Nothing has changed.
Nothing has changed.
Nothing has changed.
Published by jetstack-release-bot about 3 years ago
Nothing has changed.
Nothing has changed.
Nothing has changed.
Published by jetstack-release-bot about 3 years ago
Nothing has changed.
Nothing has changed.
Nothing has changed.
Published by jetstack-release-bot over 3 years ago
ctl experimental create certificatesigningrequest
for creating a Kuberenetes CertificateSigningRequest based upon a cert-manager Certificate manifest file (#4106, @JoshVanL)--feature-gates=ExperimentalCertificateSigningRequestControllers=true
(#4100, @JoshVanL)--feature-gates=ExperimentalCertificateSigningRequestControllers=true
(#4103, @JoshVanL)kubectl cert-manager x install
command is added (#4138, @inteon)experimental.cert-manager.io/ca
annotation set. (#4143, @JoshVanL)Published by jetstack-release-bot over 3 years ago
ca.crt
field for issued certificates; this is a change of behavior. All of the information which was previously available is still available: the intermediate should appear as part of the chain in tls.crt
. (#3865, @erikgb)kubectl cert-manager
plugin is now built for darwin/arm64 (https://github.com/cert-manager/release/pull/37, @irbekrm)PublicKeysEqual
comparison function for public keys and improve doc comments on related functions (#3914, @SgtCoDFish)Certificate
with a long name (52 characters or more) does not get renewed due to non-unique Order
names being generated. (#3866, @jandersen-plaid)Published by jetstack-release-bot over 3 years ago
kubectl cert-manager
plugin is now built for darwin/arm64 (https://github.com/cert-manager/release/pull/37, @irbekrm)Nothing has changed.
Nothing has changed.
Nothing has changed.
Published by jetstack-release-bot over 3 years ago
Published by jetstack-release-bot over 3 years ago
Nothing has changed.
Published by jetstack-release-bot over 3 years ago
ca.crt
field for issued certificates; this is a change of behavior. All of the information which was previously available is still available: the intermediate should appear as part of the chain in tls.crt
. (#3865, @erikgb)PublicKeysEqual
comparison function for public keys and improve doc comments on related functions (#3914, @SgtCoDFish)Published by jetstack-release-bot over 3 years ago
Ready=False
added to it. After v1.3, the Ready=False
was not set anymore due to the addition of the Approval API. (#3892, @JoshVanL)Published by jetstack-release-bot over 3 years ago
If you install cert-manager with helm, upgrade directly to v1.3.1 to avoid a CRD type conversion issue. (#3880)
This release updates the Venafi Cloud Issuer to use OutagePREDICT
instead of DevOpsACCELERATE
.
The only impact to Venafi Cloud users is the change in zone syntax.
The zone is now <Application Name>\<Issuing Template Alias>
(e.g. My Application\My CIT
).
The --renew-before-expiration-duration
flag has been removed from the cert-manager controller, having been deprecated in the previous release.
CertificateRequests
are now immutable - the spec
and metadata.annotations
fields cannot be changed after creation. They were always designed to be immutable but this behavior is now enforced by the cert-manager webhook.
Username
, Groups
, UID
, Extra
. (#3641, @JoshVanL)kubectl get certificaterequest
now outputs the Issuer name and the username of the requestor by default (#3774, @JoshVanL)cainjector
to use v1 API versions of admissionregistration, apiextensions and apiregistration. (#3838, @wallrj)Nothing has changed.
Published by jetstack-release-bot over 3 years ago
Published by jetstack-release-bot over 3 years ago
Published by jetstack-release-bot over 3 years ago
Username
, Groups
, UID
, Extra
. (#3641, @JoshVanL)kubectl get certificaterequest
now outputs the Issuer name and the username of the requestor by default (#3774, @JoshVanL)Published by jetstack-release-bot over 3 years ago
This is a maintenance release that allows users who have installed a pre-v1.1 version of cert-manager using the Helm chart with --set installCRDs=true
to upgrade to the v1.1
release without hitting a CRD validation issue that causes helm upgrade
to fail.
If you cannot upgrade to Kubernetes v1.16
or later but wish to use the latest version of cert-manager that supports Kubernetes v1.11
- v1.15
you should upgrade to this release.
Most users should upgrade to the latest v1.2.0
release below.
Published by jetstack-release-bot over 3 years ago
v1.2.0
. Users still running Kubernetes v1.15
or below should upgrade to a supported version before installing cert-manager or use cert-manager v1.1
.User-Agent
request header sent by cert-manager has changed to reflect the ownership transfer to the CNCF — see (#3515, @meyskens)--renew-before-expiration-duration
flag of the cert-manager controller-manager has been deprecated. Please set the Certificate.Spec.RenewBefore
field instead. This flag will be removed in the next release.ca.crt
— see (#3433, @sorah)cert-manager.io/usages
to ingress-shim to specify key usages. Server Auth is now also added as default key usage of ingress-shim (#3545, @meyskens)kubectl cert-manager inspect secret
to print certificate info from a secret resource (#3457, @meyskens)kubectl get cert-manager
and kubectl get cert-manager-acme
(#3583, @meyskens)--leader-election-lease-duration
, --leader-election-renew-deadline
and --leader-election-retry-period
(#3527, @ndrpnt)cert-manager.io/duration
and cert-manager.io/renew-before
annotations and uses those values to set the Certificate.Spec.Duration and Certificate.Spec.RenewBefore fields. (#3465, @wallrj)tls.crt
). Also, Vault issuer now stores a root CA instead of an issuing CA into a CA bundle (ca.crt
), from a CA chain returned from Vault. (#3433, @sorah)The cert-manager Authors
(#3500, @meyskens)