cert-manager/cert-manager v0.16.0

on GitHub

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

• Old versions of kubectl and helm will have issues updating the CRD resources once installed. For more info check https://cert-manager.io/docs/installation/upgrading/upgrading-0.15-0.16/

• Support for AuditSink resources in the auditregistration.k8s.io/v1alpha1 API group has been removed (#3056, @munnerz)

Changes by Kind

Feature

• Acme: surface the 'reason' for Order's failing on Certificate & CertificateRequest resources for easier debugging of failures (#3075, @munnerz)
• Add Events of the Certificate and of the CertificateRequest to the output of the ctl command status certificate (#3102, @hzhou97)
• Add v1beta1 API version (#3038, @munnerz)
• Add a hostedZoneName field to Cloud DNS (#2975, @meyskens)
• Add cert-manager specific User-Agent to HTTP01 self-checks (#3046, @meyskens)
• Add information about the CertificateRequest resource related to the Certificate to the output of the status certificate command. (#3090, @hzhou97)
• Add new ctl command that outputs the details of the current status of a Certificate resource (#3026, @hzhou97)
• Add new ctl command to manually create a CertificateRequest from yaml description of a Certificate resource. (#2957, @hzhou97)
• Added the ability to set the container securityContext for each deployment in the helm chart (#2858, @sudermanjr)
• Enable the new certificate controller implementations for all users (#3049, @munnerz)
• Kubectl cert-manager: Added flags to wait for the CertificateRequest to be ready and store the certificate in a file. (#3044, @hzhou97)
• Venafi: make issuance of certificates asynchronous (#2979, @meyskens)

Other (Bug, Cleanup or Flake)

• Add e2e tests for OpenShift 3.11 (#2788, @meyskens)
• Add more information to the Cloudflare DNS errors (#3101, @meyskens)
• An empty ca.crt will no longer be added into the secret resource (#2947, @hzhou97)
• Build using Go version 1.14.4 (#3058, @munnerz)
• DNS01: make Cloudflare email optional if a token is used (#2989, @meyskens)
• Default to O = cert-manager in the Venafi issuer if DN is empty (#2946, @meyskens)
• Ensure Deleted Certificates no longer expose metrics and better cover all controller metrics. (#2923, @JoshVanL)
• Error on venafi CertificateRequest when DN is empty (#3053, @meyskens)
• Experimental certificate controllers encode private keys according to specification of user. (#3017, @hzhou97)
• Experimental certificates controllers: fix automated certificate renewal (#3027, @munnerz)
• Fix bug causing kubectl cert-manager convert to not work when conversions need to be performed (#3018, @hzhou97)
• Improve documentation of API types displayed via kubectl explain (#3031, @munnerz)
• Remove custom retry logic from Route53 DNS01 (#2898, @diversario)
• Tag the Docker image with the correct architecture attribute (#3001, @meyskens)
• Update the miekg/dns dependency (#2839, @meyskens)
• Updates AWS Go SDK to 1.31.3 to support Route53 in AWS China Region (#2940, @qqshfox)
• Upgrade to use Kubernetes 1.18.5 client libraries (#3059, @munnerz)
• Use ctl.Scheme in create cr ctl command (#3036, @hzhou97)