Releases: gardener/gardener-extension-shoot-cert-service
Releases · gardener/gardener-extension-shoot-cert-service
v1.21.0
[gardener-extension-shoot-cert-service]
⚠️ Breaking Changes
- [OPERATOR] This extension is only compatible with Gardener versions
>= v1.37
. (gardener/gardener-extension-shoot-cert-service#113, @rfranzke)
✨ New Features
- [OPERATOR] This extension is prepared to support the Shoot CA rotation feature (GEP-18). (gardener/gardener-extension-shoot-cert-service#113, @rfranzke)
🐛 Bug Fixes
- [OPERATOR] Add permissions to create events in control plane if issuer creation fails. (gardener/gardener-extension-shoot-cert-service#111, @MartinWeindel)
📖 Documentation
- [DEPENDENCY] Paths transformations in .docforge/manifest.yaml for simplification (gardener/gardener-extension-shoot-cert-service#112, @Kostov6)
🏃 Others
- [OPERATOR] Updated golang to 1.17.9, base image to alpine:3.15.3 (gardener/gardener-extension-shoot-cert-service#114, @MartinWeindel)
v1.20.0
[gardener-extension-shoot-cert-service]
🏃 Others
- [USER] Allow access to ACME CA on private network. (gardener/gardener-extension-shoot-cert-service#109, @MartinWeindel)
📰 Noteworthy
- [OPERATOR] The extension controller uses a projected
ServiceAccount
token in case it runs on a seed with a gardenlet of at leastv1.37
or higher. Similarly, thecert-controller-manager
deployed into shoot namespaces will no longer use a client certificate but an auto-rotatedServiceAccount
token which is only valid for12h
. (gardener/gardener-extension-shoot-cert-service#103, @rfranzke) - [DEVELOPER] The Golang version has been updated to
1.17.5
. (gardener/gardener-extension-shoot-cert-service#103, @rfranzke)
[cert-management]
🐛 Bug Fixes
- [OPERATOR] Fix unknown resource for group kind "Ingress.networking.k8s.io" on K8s 1.18 (regression issue of #98) (gardener/cert-management#99, @MartinWeindel)
🏃 Others
- [OPERATOR] Restrict discovery client calls to used groups to reduce API calls on startup (gardener/cert-management#98, @MartinWeindel)
- [OPERATOR] Switch default leader election resource lock from
configmapsleases
toleases
(gardener/cert-management#97, @MartinWeindel)
📰 Noteworthy
- [DEVELOPER] The Golang version has been updated to
1.17.5
. (gardener/cert-management#96, @MartinWeindel)
v1.19.0
[gardener-extension-shoot-cert-service]
🏃 Others
- [OPERATOR] Update certificate CRD for status.conditions (#93, @MartinWeindel)
[cert-management]
✨ New Features
- [USER] Added status.conditions attribute and condition type
Ready
for certificates (gardener/cert-management#93, @MartinWeindel)
🐛 Bug Fixes
- [OPERATOR] Fix rare divide by zero on looking up resource quota for uninitialised issuer (gardener/cert-management#92, @MartinWeindel)
v1.18.0
[gardener-extension-shoot-cert-service]
⚠️ Breaking Changes
- [OPERATOR] The default leader election resource lock of
gardener-extension-shoot-cert-service
has been changed fromconfigmapsleases
toleases
. (#89, @MartinWeindel)- Please make sure, that you had at least
gardener-extension-shoot-cert-service@v1.13
running before upgrading tov1.18.0
, so that it has successfully required leadership with the hybrid resource lock (configmapsleases
) at least once.
- Please make sure, that you had at least
🏃 Others
- [OPERATOR] Enable deactivation of authorizations for successful certificate requests (#90, @MartinWeindel)
- [OPERATOR] It is now possible to specify the leader election resource lock via the chart value
leaderElection.resourceLock
(defaults toleases
). (#89, @MartinWeindel) - [OPERATOR] Support for Kubernetes v1.22 (#88, @MartinWeindel)
[cert-management]
🐛 Bug Fixes
- [OPERATOR] fix nil pointer dereference in RememberAltIssuerSecret if an issuer secret contains no data (gardener/cert-management#85, @MartinWeindel)
🏃 Others
- [OPERATOR] No panic on failed groupkind migration (gardener/cert-management#87, @MartinWeindel)
- [OPERATOR] Support for Kubernetes v1.22 (gardener/cert-management#89, @MartinWeindel)
- [OPERATOR] Add command line flag
--acme-deactivate-authorizations
to enable deactivation of authorizations after a successful certificate request (gardener/cert-management#90, @MartinWeindel)
v1.17.1
[cert-management]
🐛 Bug Fixes
- [OPERATOR] fix nil pointer dereference in RememberAltIssuerSecret if an issuer secret contains no data (gardener/cert-management#85, @MartinWeindel)
v1.17.0
[cert-management]
🏃 Others
- [OPERATOR] fix TypeAssertionError panic on failed secret update on hash migration (gardener/cert-management#84, @MartinWeindel)
v1.16.0
[cert-management]
🐛 Bug Fixes
- [OPERATOR] Avoid requesting new certificates on migration from v0.7.x to v0.8.x for annotated ingress and service resources. (gardener/cert-management#83, @MartinWeindel)
- [OPERATOR] [ACME] Fix account registration on issuer secret update and allow secret rotation without immediate renewal of certificates. (gardener/cert-management#81, @MartinWeindel)
v1.15.0
[gardener-extension-shoot-cert-service]
🏃 Others
- [OPERATOR] Add permissions for leader election lease of cert-controller-manager in control plane (#79, @MartinWeindel)
[cert-management]
🏃 Others
- [OPERATOR] using both configmaps and leases for leader election (gardener/cert-management#79, @MartinWeindel)
v1.14.0
[gardener-extension-shoot-cert-service]
✨ New Features
- [USER] Support issuers on the shoot cluster (#74, @MartinWeindel)
[cert-management]
✨ New Features
- [USER] Allow issuers on target cluster (gardener/cert-management#77, @MartinWeindel)
v1.13.0
[gardener-extension-shoot-cert-service]
⚠️ Breaking Changes
- [USER] Extension resource configs (
CertConfig
) are now deserialized in "strict" mode. This means that deserializing resources with fields that are not allowed by the API schema will result in errors. Shoots containing such resources will fail with an appropriate error until you manually update the shoot to make sure any extension resource configs contained in it are valid. (#66, @stoyanr)
[cert-management]
🏃 Others
- [USER] changed default type of certificate secret to
kubernetes.io/tls
(gardener/cert-management#74, @MartinWeindel) - [OPERATOR] Updating controller-manager-library including K8s dependencies to v0.20.6. (gardener/cert-management#75, @MartinWeindel)
- [OPERATOR] Replacing apiVersion
extensions/v1beta1
forIngress
withnetworking.k8s.io/v1beta1
. (gardener/cert-management#75, @MartinWeindel) - [OPERATOR] Update Dockerfile base image to alpine:3.13.5 (gardener/cert-management#72, @MartinWeindel)
- [OPERATOR] updated dockerfile base image to alpine:3.13.4 and using golang@1.16.2 (gardener/cert-management#71, @MartinWeindel)
- [OPERATOR] Add certificaterevocations to clusterrole resources (gardener/cert-management#67, @wwatson13)