Changes by Kind
Feature
- Add encodeUsagesInRequest to Certificate spec to disable encoding usages in the CSR (#3304, @raphink)
- Add option to pass the Certificate duration to ACME (not supported by Let's Encrypt yet) (#3347, @meyskens)
- Add support for issuing IP certificates in ACME (#3288, @meyskens)
- Adds ability to Helm chart to set podLabels for the webhook and cainjector deployments (#3419, @logicbomb421)
- Helm: Allow custom timeout value for webhook calls (#3323, @renan)
- Make ACME dns01 propagation check period configurable (#3314, @freym)
- Make Kubernetes API QPS throttling configurable (#3382, @meyskens)
- TPP issuer now supports access-token credentials. See https://cert-manager.io/docs/configuration/venafi/#creating-a-venafi-trust-protection-platform-issuer for details. (#3379, @wallrj)
Other (Bug, Cleanup or Flake)
- Add Venafi Cloud e2e tests (#2966, @meyskens)
- Do not encode EextendedKeyUsage in the CSR is none is needed (#3262, @meyskens)
- Fix a panic when changing the max concurrent challenges to a lower value (#3399, @meyskens)
- Fix bug in AWS route53 zone lookup that caused too many IAM requests (#3354, @supriya-premkumar)
- Fix conversion webhook when given v1beta1 requests (#3242, @meyskens)
- Fix logic in patchDuplicateKeyUsage when signing and digital signature were set (#3343, @meyskens)
- Fix nil pointer error in Cloud DNS when specific config was used. (#3417, @meyskens)
- Fixes incorrect CSR validation when both "signing" and "digital signature" are set (#3279, @meyskens)
- Improve ACME backoff logic + prevent infinity retry without surfacing errors (#3321, @meyskens)
- Improved API validation for Venafi Issuer configuration (#3409, @wallrj)
- Include ACME resources aggregated ClusterRoles (#3330, @sharmaansh21)
- Put current year into manifest license (#3357, @meyskens)
- Refactor the cainjector to only have 1 leader election and to avoid duplicate caches (#3275, @wallrj)
- Remove stability warning from README for v1.0 (#3240, @munnerz)
- Replace Go's ACME retry logic with custom logic (#3384, @meyskens)
- Revert de-duplication of cainjector leader-election to fix scenario where it crashes at startup due to broken webhook. (#3254, @wallrj)
- Run e2e tests against Venafi TPP (#3328, @meyskens)
- Set the resync periods of informers to 10 hours instead of 30 seconds (#3403, @meyskens)⏎