github cert-manager/cert-manager v1.0.0

latest releases: v1.9.1, v1.9.0, v1.9.0-beta.1...
23 months ago

With cert-manager v1.0 we're putting a seal of trust on 3 years of development on the cert-manager project.
In these 3 years cert-manager has grown in functionality and stability, but mostly in the community.
Today we see many people using cert-manager to secure their Kubernetes clusters, as well as cert-manager
being integrated into many other parts in the ecosystem.
In the past 16 releases many bugs got fixed, and things that needed to be broken were broken.
Several iterations on the API improved the user experience.
We solved 1500 GitHub Issues with even more PRs by 253 contributors.

With releasing v1.0 we're officially making a statement that cert-manager is a mature project now.
We will also be making a compatibility promise with our v1 API.

A big thank you to everyone who helped to build cert-manager in the past 3 years!
Let v1.0 be the first of many big achievements!

The v1.0 release is a stability release with a few focus areas:

  • v1 API
  • kubectl cert-manager status command to help with investigating issues
  • Using new and stable Kubernetes APIs
  • Improved logging
  • AMCE improvements

We invite you to read more about these changes on our website

Urgent Upgrade Notes

(No, really, you MUST read this before you upgrade)

Changes by Kind


  • Add Events of Issuer and Secret to the output of status certificate command (#3213, @hzhou97)
  • Add Events of the Certificate and of the CertificateRequest to the output of the ctl command status certificate (#3102, @hzhou97)
  • Add priorityClassName field to podTemplate for ACME HTTP01 issuers (#3112, @meyskens)
  • Add serviceAccountName field to podTemplate for ACME HTTP01 issuers (#3139, @paulwilljones)
  • Add v1 API version (#3177, @wallrj)
  • Add webhook.hostNetwork option to the Helm Chart to run the webhook in hostNetwork mode (#3113, @jfrancisco0)
  • Add boolean field disableAccountKeyGeneration to ACMEIssuer to be able to not generate new account key and reuse existing ones. (#3141, @hzhou97)
  • Add info about Challenges related to a Certificate resource to the output of status certificate command. (#3186, @hzhou97)
  • Add key usages into the CSR body (#3211, @meyskens)
  • Add output about Order resource for status certificate command if ACME Issuer is used. (#3154, @hzhou97)
  • Add output about the Issuer/ClusterIssuer of the Certificate resource and about creation time of the Certificate. (#3120, @hzhou97)
  • Add output about the Secret resource for status certificate command (#3131, @hzhou97)
  • Add support for alternate certs with prefferedChain in ACME (#3208, @meyskens)
  • Add support for ctl convert over a list (#3205, @JoshVanL)
  • Added Namespace to VaultIssuer to support vault roles from a different vault namespaces (#3106, @thejasbabu)
  • Allow annotation on ingresses (#3085, @meyskens)
  • Change default output version of convert command to v1. (#3235, @hzhou97)
  • Helm chart: add extra custom annotation block to the mutating and validating webhooks. (#3142, @Cyanopus)
  • Helm chart: add image digest option (#3175, @guilhem)
  • Helm chart: make webhook-probes configurable (#3192, @ckotzbauer)
  • Updated controllers to use v1 API and make v1 the storage version (#3196, @wallrj)

Other (Bug, Cleanup or Flake)

  • Add CRDs (#3178, @meyskens)
  • Add support for (#3167, @meyskens)
  • Add validation webhooks in integration tests (#2958, @meyskens)
  • Build using Go version 1.15 (#3228, @wallrj)
  • Bump Kubernetes dependencies to 1.19 (#3166, @meyskens)
  • Ensures Secrets created from the Certificates controller contains the annotation containing the Issuer Group Name. (#3151, @JoshVanL)
  • Fix bug of status certificate command where the matching CR gets overwritten (#3117, @hzhou97)
  • Fixes generation of ACME resources if the the 52nd character in a CR name is a symbol. (#3232, @meyskens)
  • Let cert-manage handle ACME backoff when Retry-After is set on a rate limit error (#3215, @meyskens)
  • Refactor the cainjector to only have 1 leader election (#3187, @meyskens)
  • Remove Helm specific labels from static manifests (#3179, @meyskens)
  • Remove stability warning from README for v1.0 (#3240, @munnerz)
  • Updates kind cluster 1.19 SHA to use upstream kindest (#3227, @JoshVanL)
  • Use klog v2 and improve the use of log levels (#3143, @meyskens)
  • Use (#3172, @meyskens)

Don't miss a new cert-manager release

NewReleases is sending notifications on new releases.