trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.
v0.12.0 includes a variety of Helm chart improvements, notably including the ability to install trust-manager without having first installed cert-manager!
Overview
Standalone trust-manager
Previously, trust-manager required that cert-manager was installed for generating the trust-manager webhook certificate. cert-manager's cainjector was used to inject this webhook cert into the Kubernetes webhook resource.
Some users wanted to be able to install trust-manager standalone, and now this is possible thanks to Helm's inbuilt support for generating certificates. We'd like to note that relying on Helm for this functionality isn't likely to be the best way to run in production - we'd strongly suggest that running with cert-manager is the way to go, since that will handle cert rotation and be much easier to administer.
Still, for any user who wants to simply run trust-manager, that's now possible:
helm upgrade trust-manager jetstack/trust-manager \
--install \
--namespace cert-manager \
--wait \
--set app.webhook.tls.helmCert.enabled=true
Other Helm Improvements
There are even more improvements to the Helm chart:
- Support for configuring a dual stack service for the webhook (Thanks @M0NsTeRRR!)
- More configurability of trust-manager's leader-election including duration and deadline (Thanks @jabdoa2!)
What's Changed
New Features
- Add support for generating certificates with helm by @SgtCoDFish in #157
- feat(helm): dual-stack cluster service configuration by @M0NsTeRRR in #337
- Add flags to configure LeaseDuration and RenewDeadline by @jabdoa2 in #385
- Expose leader election leaseDuration and renewDeadline in helm chart by @jabdoa2 in #388
Refactors
- refactor: simplify SSA patch calls by @erikgb in #393
- refactor: move default truststore passwords to API by @erikgb in #394
- refactor: extract truststore encoding to internal package by @erikgb in #396
New Contributors
- @M0NsTeRRR made their first contribution in #337
Full Changelog: v0.11.1...v0.12.0