Releases: gardener/gardener-extension-shoot-cert-service
Releases · gardener/gardener-extension-shoot-cert-service
v1.47.0
[gardener/cert-management]
✨ New Features
[USER]
Introduce the new Issuer typeSelfSigned
for creating self-signed certificates. by @RaphaelVogel [gardener/cert-management#228][USER]
The certificate resource can now define a duration (the lifetime of the certificate). The issuer (especially Let's Encrypt) may ignore this field. by @marc1404 [gardener/cert-management#354]
🐛 Bug Fixes
[OPERATOR]
Fix panic if target issuer referenced but not allowed by @MartinWeindel [gardener/cert-management#371][OPERATOR]
Cleanup status for orphan pending certificate resources by @MartinWeindel [gardener/cert-management#367]
🏃 Others
[DEVELOPER]
Use Pebble as an ACME server in the integration tests. by @marc1404 [gardener/cert-management#339]
[gardener/gardener-extension-shoot-cert-service]
🏃 Others
[OPERATOR]
Bumps github.com/gardener/gardener from 1.108.0 to 1.109.0. by @dependabot[bot] [#320][OPERATOR]
Vertical scaling on CPU dropped in VPA resource by @MartinWeindel [#318]
Helm Charts
- shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-cert-service:v1.47.0
Docker Images
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.47.0
v1.46.0
[gardener/gardener-extension-shoot-cert-service]
🏃 Others
[OPERATOR]
Reduce default values for resource utilisation of cert-management controller in the control plane. by @MartinWeindel [#308][OPERATOR]
Bumps github.com/gardener/gardener from 1.106.0 to 1.107.0. by @dependabot[bot] [#310][OPERATOR]
Bumps golang from 1.23.2 to 1.23.3. by @dependabot[bot] [#311][OPERATOR]
Bumps github.com/gardener/gardener from 1.105.0 to 1.106.0. by @dependabot[bot] [#306][OPERATOR]
Bumps github.com/gardener/gardener from 1.107.0 to 1.108.0. by @dependabot[bot] [#315]
Helm Charts
- shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-cert-service:v1.46.0
Docker Images
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.46.0
v1.45.0
[gardener/gardener-extension-shoot-cert-service]
✨ New Features
[OPERATOR]
Helm charts of extension and admission controller are published as OCI artifacts now. by @oliver-goetz [#282]
🏃 Others
[OPERATOR]
Bumps github.com/gardener/gardener from 1.99.0 to 1.100.0. by @dependabot[bot] [#283][OPERATOR]
Bumps github.com/gardener/gardener from 1.100.0 to 1.101.0. by @dependabot[bot] [#290][OPERATOR]
Bumps golang from 1.23.0 to 1.23.1. by @dependabot[bot] [#297][OPERATOR]
Bumps golang from 1.22.3 to 1.22.4. by @dependabot[bot] [#267][OPERATOR]
Bumps github.com/gardener/gardener from 1.96.1 to 1.97.0. by @dependabot[bot] [#271][OPERATOR]
Bumps golang from 1.22.4 to 1.22.5. by @dependabot[bot] [#276][OPERATOR]
Bumps github.com/gardener/gardener from 1.101.0 to 1.102.0. by @dependabot[bot] [#294][OPERATOR]
Bumps golang from 1.22.6 to 1.23.0. by @dependabot[bot] [#292][OPERATOR]
Bumps golang from 1.23.1 to 1.23.2. by @dependabot[bot] [#299][OPERATOR]
Bumps github.com/gardener/gardener from 1.103.0 to 1.105.0. by @dependabot[bot] [#301][OPERATOR]
Bumps github.com/gardener/gardener from 1.97.0 to 1.98.0. by @dependabot[bot] [#274][OPERATOR]
Bumps github.com/gardener/gardener from 1.98.0 to 1.99.0. by @dependabot[bot] [#278][OPERATOR]
Bumps github.com/gardener/gardener from 1.95.0 to 1.96.1. by @dependabot[bot] [#266][OPERATOR]
gosec
was introduced for Static Application Security Testing (SAST). by @MartinWeindel [#302]
[gardener/cert-management]
📰 Noteworthy
[OPERATOR]
gosec
was introduced for Static Application Security Testing (SAST). by @MartinWeindel [gardener/cert-management#313]
✨ New Features
[OPERATOR]
The Helm chart is published as OCI artifacts now. by @rfranzke [gardener/cert-management#281][OPERATOR]
Usednsrecords.extensions.gardener.cloud
API as an alternative todnsentries.dns.gardener.cloud
for DNS challenges. by @MartinWeindel [gardener/cert-management#177][USER]
Istio gateways: Allow to specify namespace for TLS secret by annotationcert.gardener.cloud/secret-namespace
. by @MartinWeindel [gardener/cert-management#316]
🐛 Bug Fixes
[USER]
Creating certificates with a given csr referencing a ca issuer do not throw a nil pointer exception anymore by @RaphaelVogel [gardener/cert-management#234]
🏃 Others
[OPERATOR]
Bumps golang from 1.22.5 to 1.22.6. by @dependabot[bot] [gardener/cert-management#253][OPERATOR]
Add local Kind setup with knot-dns,peeble, and dns-controller-manager by @MartinWeindel [gardener/cert-management#181][DEVELOPER]
Refactoring: introduce issuer key interface by @MartinWeindel [gardener/cert-management#240]
Helm Charts
- shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-cert-service:v1.45.0
Docker Images
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.45.0
v1.44.2
[gardener/gardener-extension-shoot-cert-service]
🏃 Others
[OPERATOR]
The memory limit from thecert-controller-manager
Deployment is now removed. by @ialidzhikov [#287]
Docker Images
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.44.2
v1.44.1
[gardener/gardener-extension-shoot-cert-service]
🐛 Bug Fixes
[OPERATOR]
An issue causing thecontrolledValues: RequestsOnly
field not to be set for theshoot-cert-management-seed-vpa
VPA is now fixed. by @ialidzhikov [#285]
Docker Images
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.44.1
v1.44.0
[gardener/gardener-extension-shoot-cert-service]
🏃 Others
[OPERATOR]
Bumps github.com/gardener/gardener from 1.94.0 to 1.95.0. by @dependabot[bot] [#259][OPERATOR]
This extension is now using the new way of providing monitoring configuration (ref GEP-19) in case a shoot cluster's Prometheus has been migrated to management viaprometheus-operator
. by @rfranzke [#257][OPERATOR]
Bumps github.com/gardener/gardener from 1.93.0 to 1.94.0. by @dependabot[bot] [#255][OPERATOR]
Add permissions to manage configmaps for extension service account. by @MartinWeindel [#262]
[gardener/cert-management]
🏃 Others
[OPERATOR]
Bumps golang from 1.22.2 to 1.22.3. by @dependabot[bot] [gardener/cert-management#178][USER]
Support Istio apiVersionnetworking.istio.io/v1
by @MartinWeindel [gardener/cert-management#179]
Docker Images
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.44.0
v1.43.1
[gardener/cert-management]
🐛 Bug Fixes
[USER]
Fix regression for annotations on ingress resources:dns.gardener.cloud/dnsnames
annotation must be ignored. by @MartinWeindel [gardener/cert-management@1dafe3a]
Docker Images
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.43.1
v1.43.0
[gardener/gardener-extension-shoot-cert-service]
🏃 Others
[OPERATOR]
Bumps github.com/gardener/gardener from 1.91.0 to 1.92.0. by @dependabot[bot] [#249][OPERATOR]
Bumps golang from 1.22.1 to 1.22.2. by @dependabot[bot] [#247][OPERATOR]
Bumps github.com/gardener/gardener from 1.92.0 to 1.93.0. by @dependabot[bot] [#251][USER]
The defaults for the private key of new certificates have been changed fromRSA 2048bit
toRSA 3072bit
. Existing certificates will make use of these new defaults when they are renewed. by @gardener-robot-ci-3 [#253]
[gardener/cert-management]
✨ New Features
[USER]
The Istio resourceGateway
can now be annotated withcert.gardener.cloud/purpose=managed
to enable the automatic creation ofCertificate
resources for domain names extracted from hosts fields in this resource or relatedVirtualServices
resources.
TheGateway
andHTTPRoute
resources from the Gateway API are supported in a similar way. by @MartinWeindel [gardener/cert-management#174]
🏃 Others
[OPERATOR]
Fix cluster configuration for new source controllersistio-gateways-dns
andk8s-gateways-dns
. by @MartinWeindel [gardener/cert-management#175][OPERATOR]
Support deployment specific default values for private key algorithm and size with the new command line options--default-private-key-algorithm
,--default-rsa-private-key-size
,--default-ecdsa-private-key-size
by @MartinWeindel [gardener/cert-management#171]
Docker Images
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.43.0
v1.42.0
[gardener/gardener-extension-shoot-cert-service]
⚠️ Breaking Changes
[OPERATOR]
extension-shoot-cert-service
no longer supports Shoots with Кubernetes version == 1.24. by @shafeeqes [#223]
🏃 Others
[OPERATOR]
Bumps github.com/gardener/gardener from 1.90.0 to 1.91.0. by @dependabot[bot] [#244][OPERATOR]
Bumps github.com/gardener/gardener from 1.89.0 to 1.90.0. by @dependabot[bot] [#238]
[gardener/cert-management]
✨ New Features
[USER]
The algorithm and size for the private key can now be specified in the certificate spec section to override the default algorithmRSA
with key size 2048.
Supported algorithms areRSA
andECDSA
. ForRSA
the allowed key sizes are2048
,3072
, and4096
with2048
as default is not specified explicitly. ForECDSA
the allowed key sizes are256
and384
with256
as default.
These algorithms and key sizes are supported by Let's Encrypt. For other ACME servers please check their documentation for information about supported combinations. by @MartinWeindel [gardener/cert-management#168]
Docker Images
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.42.0
v1.41.0
[gardener/cert-management]
🐛 Bug Fixes
[USER]
Updating certificates from source objects (like Ingress or Service) with first domain name longer than 64 character failed, as the commonName field was filled. It must be left empty in this case. by @MartinWeindel [gardener/cert-management#164]
🏃 Others
[OPERATOR]
Bump golang from 1.22.0 to 1.22.1 by @MartinWeindel [gardener/cert-management#165]
[gardener/gardener-extension-shoot-cert-service]
🏃 Others
[OPERATOR]
Bumps golang from 1.22.0 to 1.22.1. by @dependabot[bot] [#236]
Docker Images
- gardener-extension-shoot-cert-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-cert-service:v1.41.0