trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.
v0.16.0 includes an important change which you should be aware of before upgrading: by default, trust-manager v0.16.0 uses a trust package based on Debian Bookworm which is more modern than the previous image.
Most users should be unaffected by this change, since it roughly corresponds to running applications on a Debian Bullseye VM and then upgrading to Bookworm - the most commonly-used CA certificates on the web are present in both trust stores. However, it may be wise to deploy to a test environment first.
You don't need to upgrade trust packages when upgrading to a newer version of trust-manager; the old trust package is compatible with v0.16.0, just as the new trust package is compatible with older versions of trust-manager.
There's a full guide on cert-manager.io detailing how to upgrade safely. If you upgrade and choose to use the new default trust package, your Bundle resources will automatically be updated. As usual, you may need to restart pods to pick up any changes.
What's Changed
Features
- Add build for trust package based on Debian Bookworm by @SgtCoDFish in #540
- Use the Debian Bookworm package for testing + releases by @SgtCoDFish in #547
- Use Context to pass Logger by @erikgb in #550
- Helm: Allow configuring automountServiceAccountToken by @germanattanasio in #513
Test / CI
- Simplify integration test setup by @erikgb in #493
- Add fetch-depth to checkout action by @SgtCoDFish in #543
- Fix syntax error by @SgtCoDFish in #544
- Copy the other release action by @SgtCoDFish in #545
- Add fetch-depth:0 to bookworm upgrade job by @SgtCoDFish in #553
- Tweak JUnit config for e2e / integration tests by @SgtCoDFish in #551
Dependency Updates
- build(deps): Bump the all group across 1 directory with 6 updates by @dependabot in #535
- build(deps): Bump github.com/spf13/pflag from 1.0.5 to 1.0.6 in the all group by @dependabot in #539
Design Docs
Makefile Modules Updates
- [CI] Merge self-upgrade-main into main by @github-actions in #531
- [CI] Merge self-upgrade-main into main by @github-actions in #534
- [CI] Merge self-upgrade-main into main by @github-actions in #536
- [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #537
- [CI] Merge self-upgrade-main into main by @github-actions in #541
- [CI] Merge self-upgrade-main into main by @github-actions in #542
- [CI] Merge self-upgrade-main into main by @github-actions in #546
- [CI] Merge self-upgrade-main into main by @github-actions in #548
- [CI] Merge self-upgrade-main into main by @github-actions in #549
- [CI] Merge self-upgrade-main into main by @github-actions in #552
- Upgrade oci-build makefile module by @inteon in #538
New Contributors
- @germanattanasio made their first contribution in #513 🎉
Full Changelog: v0.15.0...v0.16.0