✨ What's new in v4
- Full rewrite around a YAML config file and a pluggable architecture — clean foundations for the project to grow on.
- Memory-safe Kubernetes watch — RAM usage stays flat instead of spiking; expect to set memory limits ~10× lower than before.
- Richer PKCS#12 wiring — full keystore + truststore coverage, flexible passphrase sourcing.
- Surface workload metadata — lift watched resource labels onto emitted certificate series.
- Supply-chain hardened — SLSA Build L3 provenance, cosign-signed binaries, images and chart, SBOM attestations.
- Multi-cluster from a single instance — fan-in metrics from any number of clusters via distinct kubeconfigs.
- Per-source observability — granular health and triage signals, not just a global error counter.
⚠️ BREAKING CHANGES
This new major version introduces changes that may break existing deployments.
Please read the v3 → v4 migration guide before upgrading.
Changes
Exceptionally, this release has no detailed changelog: v4 is the outcome of a deep rewrite spanning over a hundred commits.