Releases: gardener/gardener-extension-shoot-cert-service
Releases · gardener/gardener-extension-shoot-cert-service
v1.21.0
[gardener-extension-shoot-cert-service]
⚠️ Breaking Changes
- [OPERATOR] This extension is only compatible with Gardener versions
>= v1.37. (gardener/gardener-extension-shoot-cert-service#113, @rfranzke)
✨ New Features
- [OPERATOR] This extension is prepared to support the Shoot CA rotation feature (GEP-18). (gardener/gardener-extension-shoot-cert-service#113, @rfranzke)
🐛 Bug Fixes
- [OPERATOR] Add permissions to create events in control plane if issuer creation fails. (gardener/gardener-extension-shoot-cert-service#111, @MartinWeindel)
📖 Documentation
- [DEPENDENCY] Paths transformations in .docforge/manifest.yaml for simplification (gardener/gardener-extension-shoot-cert-service#112, @Kostov6)
🏃 Others
- [OPERATOR] Updated golang to 1.17.9, base image to alpine:3.15.3 (gardener/gardener-extension-shoot-cert-service#114, @MartinWeindel)
v1.20.0
[gardener-extension-shoot-cert-service]
🏃 Others
- [USER] Allow access to ACME CA on private network. (gardener/gardener-extension-shoot-cert-service#109, @MartinWeindel)
📰 Noteworthy
- [OPERATOR] The extension controller uses a projected
ServiceAccounttoken in case it runs on a seed with a gardenlet of at leastv1.37or higher. Similarly, thecert-controller-managerdeployed into shoot namespaces will no longer use a client certificate but an auto-rotatedServiceAccounttoken which is only valid for12h. (gardener/gardener-extension-shoot-cert-service#103, @rfranzke) - [DEVELOPER] The Golang version has been updated to
1.17.5. (gardener/gardener-extension-shoot-cert-service#103, @rfranzke)
[cert-management]
🐛 Bug Fixes
- [OPERATOR] Fix unknown resource for group kind "Ingress.networking.k8s.io" on K8s 1.18 (regression issue of #98) (gardener/cert-management#99, @MartinWeindel)
🏃 Others
- [OPERATOR] Restrict discovery client calls to used groups to reduce API calls on startup (gardener/cert-management#98, @MartinWeindel)
- [OPERATOR] Switch default leader election resource lock from
configmapsleasestoleases(gardener/cert-management#97, @MartinWeindel)
📰 Noteworthy
- [DEVELOPER] The Golang version has been updated to
1.17.5. (gardener/cert-management#96, @MartinWeindel)
v1.19.0
[gardener-extension-shoot-cert-service]
🏃 Others
- [OPERATOR] Update certificate CRD for status.conditions (#93, @MartinWeindel)
[cert-management]
✨ New Features
- [USER] Added status.conditions attribute and condition type
Readyfor certificates (gardener/cert-management#93, @MartinWeindel)
🐛 Bug Fixes
- [OPERATOR] Fix rare divide by zero on looking up resource quota for uninitialised issuer (gardener/cert-management#92, @MartinWeindel)
Contributors
MartinWeindel
Assets 3
v1.18.0
[gardener-extension-shoot-cert-service]
⚠️ Breaking Changes
- [OPERATOR] The default leader election resource lock of
gardener-extension-shoot-cert-servicehas been changed fromconfigmapsleasestoleases. (#89, @MartinWeindel)- Please make sure, that you had at least
gardener-extension-shoot-cert-service@v1.13running before upgrading tov1.18.0, so that it has successfully required leadership with the hybrid resource lock (configmapsleases) at least once.
- Please make sure, that you had at least
🏃 Others
- [OPERATOR] Enable deactivation of authorizations for successful certificate requests (#90, @MartinWeindel)
- [OPERATOR] It is now possible to specify the leader election resource lock via the chart value
leaderElection.resourceLock(defaults toleases). (#89, @MartinWeindel) - [OPERATOR] Support for Kubernetes v1.22 (#88, @MartinWeindel)
[cert-management]
🐛 Bug Fixes
- [OPERATOR] fix nil pointer dereference in RememberAltIssuerSecret if an issuer secret contains no data (gardener/cert-management#85, @MartinWeindel)
🏃 Others
- [OPERATOR] No panic on failed groupkind migration (gardener/cert-management#87, @MartinWeindel)
- [OPERATOR] Support for Kubernetes v1.22 (gardener/cert-management#89, @MartinWeindel)
- [OPERATOR] Add command line flag
--acme-deactivate-authorizationsto enable deactivation of authorizations after a successful certificate request (gardener/cert-management#90, @MartinWeindel)
Contributors
MartinWeindel
Assets 3
v1.17.1
[cert-management]
🐛 Bug Fixes
- [OPERATOR] fix nil pointer dereference in RememberAltIssuerSecret if an issuer secret contains no data (gardener/cert-management#85, @MartinWeindel)
Contributors
MartinWeindel
Assets 3
v1.17.0
[cert-management]
🏃 Others
- [OPERATOR] fix TypeAssertionError panic on failed secret update on hash migration (gardener/cert-management#84, @MartinWeindel)
Contributors
MartinWeindel
Assets 3
v1.16.0
[cert-management]
🐛 Bug Fixes
- [OPERATOR] Avoid requesting new certificates on migration from v0.7.x to v0.8.x for annotated ingress and service resources. (gardener/cert-management#83, @MartinWeindel)
- [OPERATOR] [ACME] Fix account registration on issuer secret update and allow secret rotation without immediate renewal of certificates. (gardener/cert-management#81, @MartinWeindel)
v1.15.0
[gardener-extension-shoot-cert-service]
🏃 Others
- [OPERATOR] Add permissions for leader election lease of cert-controller-manager in control plane (#79, @MartinWeindel)
[cert-management]
🏃 Others
- [OPERATOR] using both configmaps and leases for leader election (gardener/cert-management#79, @MartinWeindel)
v1.14.0
[gardener-extension-shoot-cert-service]
✨ New Features
- [USER] Support issuers on the shoot cluster (#74, @MartinWeindel)
[cert-management]
✨ New Features
- [USER] Allow issuers on target cluster (gardener/cert-management#77, @MartinWeindel)
v1.13.0
[gardener-extension-shoot-cert-service]
⚠️ Breaking Changes
- [USER] Extension resource configs (
CertConfig) are now deserialized in "strict" mode. This means that deserializing resources with fields that are not allowed by the API schema will result in errors. Shoots containing such resources will fail with an appropriate error until you manually update the shoot to make sure any extension resource configs contained in it are valid. (#66, @stoyanr)
[cert-management]
🏃 Others
- [USER] changed default type of certificate secret to
kubernetes.io/tls(gardener/cert-management#74, @MartinWeindel) - [OPERATOR] Updating controller-manager-library including K8s dependencies to v0.20.6. (gardener/cert-management#75, @MartinWeindel)
- [OPERATOR] Replacing apiVersion
extensions/v1beta1forIngresswithnetworking.k8s.io/v1beta1. (gardener/cert-management#75, @MartinWeindel) - [OPERATOR] Update Dockerfile base image to alpine:3.13.5 (gardener/cert-management#72, @MartinWeindel)
- [OPERATOR] updated dockerfile base image to alpine:3.13.4 and using golang@1.16.2 (gardener/cert-management#71, @MartinWeindel)
- [OPERATOR] Add certificaterevocations to clusterrole resources (gardener/cert-management#67, @wwatson13)