trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.
This release primarily contains dependency updates, but also includes a new feature that allows trust-manager to be configured to only operate on a list of named target namespaces. While this feature can allow trust-manager to operate without cluster-wide access to namespaces, the Bundle resource is cluster-scoped, and events from cluster-scoped resources are emitted to the default namespace.
⚠️ The code performing migration from client-side to server-side apply is removed in this release. This means that if upgrading from a really old version of trust-manager (< 0.7.0), you must upgrade to 0.19.0 first.
The work on migrating Bundle to ClusterBundle continues, but none of these changes are user-facing in this release.
What's Changed
Miscellaneous
- Add generated applyconfigurations for ClusterBundle API by @erikgb in #690
- Split integration tests for Bundle and ClusterBundle by @erikgb in #691
- Add new Bundle (migration) controller by @erikgb in #681
- Eliminate multiple sigs.k8s.io/structured-merge-diff deps by @erikgb in #712
- Refactor cache setup to controller package by @erikgb in #727
- feat: add ability to limit the target namespaces managed by @asmaoune in #744
- Bootstrap shared Renovate preset by @erikgb in #751
- Move additional formats handling from source to target by @erikgb in #703
- Remove code for migrating CSA to SSA by @erikgb in #754
- Feat: add an option to enable or disable rbac resources by @asmaoune in #753
- Bump default CAs bundle version to trigger release by @erikgb in #768
- Make: missing quote breaking CI by @maelvls in #770
- Don't set the tag in values.yaml, since it is overwritten at chart build time by @inteon in #771
Updates by Dependabot/Renovate
- build(deps): Bump the all group with 5 updates by @dependabot[bot] in #687
- build(deps): Bump the all-go-deps group across 1 directory with 2 updates by @dependabot[bot] in #696
- fix(deps): update module github.com/stretchr/testify to v1.11.0 by @github-actions[bot] in #699
- fix(deps): update kubernetes go deps to v0.34.0 by @erikgb in #710
- fix(deps): update misc go deps by @github-actions[bot] in #707
- fix(deps): update misc go deps by @github-actions[bot] in #721
- fix(deps): update module github.com/onsi/ginkgo/v2 to v2.25.2 by @github-actions[bot] in #720
- build(deps): Bump actions/setup-go from 5 to 6 in the all-gh-actions group by @dependabot[bot] in #729
- chore(deps): update actions/github-script action to v8 by @octo-sts[bot] in #732
- chore(deps): pin dependencies by @octo-sts[bot] in #731
- fix(deps): update module github.com/onsi/ginkgo/v2 to v2.25.3 by @octo-sts[bot] in #736
- fix(deps): update kubernetes go patches to v0.34.1 by @octo-sts[bot] in #745
- chore(deps): pin quay.io/jetstack/trust-pkg-debian-bookworm docker tag to 4e46f31 by @octo-sts[bot] in #752
- fix(deps): update module sigs.k8s.io/controller-runtime to v0.22.1 by @erikgb in #757
- chore(deps): update docker/login-action digest to 5e57cd1 by @octo-sts[bot] in #760
- fix(deps): update module github.com/onsi/ginkgo/v2 to v2.26.0 by @octo-sts[bot] in #763
- fix(deps): update module sigs.k8s.io/controller-runtime to v0.22.2 by @octo-sts[bot] in #766
- fix(deps): update k8s.io/utils digest to bc988d5 by @octo-sts[bot] in #769
Updates by makefile-modules
- [CI] Merge self-upgrade-main into main by @github-actions[bot] in #686
- [CI] Merge self-upgrade-main into main by @github-actions[bot] in #692
- [CI] Merge self-upgrade-main into main by @github-actions[bot] in #694
- [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #695
- [CI] Merge self-upgrade-main into main by @github-actions[bot] in #697
- Manual self upgrade by @erikgb in #698
- [CI] Merge self-upgrade-main into main by @github-actions[bot] in #705
- [CI] Merge self-upgrade-main into main by @github-actions[bot] in #706
- [CI] Merge self-upgrade-main into main by @github-actions[bot] in #714
- [CI] Merge self-upgrade-main into main by @github-actions[bot] in #715
- [CI] Merge self-upgrade-main into main by @github-actions[bot] in #717
- [CI] Self-upgrade merging self-upgrade-main into main by @erikgb in #718
- [CI] Merge self-upgrade-main into main by @github-actions[bot] in #719
- [CI] Merge self-upgrade-main into main by @github-actions[bot] in #723
- [CI] Merge self-upgrade-main into main by @github-actions[bot] in #724
- [CI] Merge self-upgrade-main into main by @github-actions[bot] in #725
- [CI] Merge self-upgrade-main into main by @github-actions[bot] in #728
- [CI] Self-upgrade merging self-upgrade-main into main by @erikgb in #730
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #735
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #737
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #738
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #739
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #740
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #743
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #746
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #747
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #755
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #758
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #759
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #764
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #765
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #767
New Contributors
- @octo-sts[bot] made their first contribution in #732
- @asmaoune made their first contribution in #744
- @maelvls made their first contribution in #770
Full Changelog: v0.19.0...v0.20.0