Changes by Kind
Feature
- Add
certificate.spec.keystores
stanza and allowing configuring JKS and PKCS12 issuing on a per-Certificate basis (#2824, @munnerz) - Add support for Azure Managed Identity (#2681, @gitirabassi)
- Add support for private key rotation when renewing or re-issuing certificates. This feature requires use of the new 'experimental' certificates controller. Set
certificate.spec.privateKey.rotationPolicy
toAlways
to enable this functionality. (#2814, @munnerz) - Adds cert-manager-ctl command with version (#2725, @JoshVanL)
- Support the
AuditSink
kind inauditregistration.k8s.io/v1alpha1
to be a ca injector target. (#2027, @pepov) - Adds new extensible issuing certificate (#2782, @JoshVanL)
Other (Bug, Cleanup or Flake)
- Add license files to /licences/ in Docker images (#2816, @meyskens)
- Expose webhook deployment container port (#2806, @dewet22)
- Fix issuing causing CRDs to added to the static manifests twice (#2790, @munnerz)
- This change will create a limited scope role for the configmaps used in leadership election. This limits the role to just the 3 configmaps used for leadership election. (#2807, @HoogWater)