github cert-manager/cert-manager v1.19.0-alpha.0
on GitHub

pre-release9 hours ago

cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.

⚠️ This is a pre-release. For testing only!

Changes since v1.18.0:

Feature

  • Add IPv6 rules to the default network policy (#7726, @jcpunk)
  • Add global.nodeSelector to helm chart to allow for a single nodeSelector to be set across all services. (#7818, @StingRayZA)
  • Add generated applyconfigurations allowing clients to make type safe server-side apply requests for cert-manager resources. (#7866, @erikgb)
  • Added API defaults to issuer references group (cert-manager.io) and kind (Issuer). (#7414, @erikgb)
  • Added certmanager_certificate_challenge_status Prometheus metric. (#7736, @hjoshi123)
  • Added protocol field for rfc2136 DNS01 provider (#7881, @hjoshi123)
  • CAInjectorMerging has been promoted to BETA and is now enabled by default (#8017, @ThatsMrTalbot)
  • Feature: Add support for ACME profiles extension. (#7777, @wallrj)
  • Support configurable resource requests and limits for ACME HTTP01 solver pods through ClusterIssuer and Issuer specifications, allowing granular resource management that overrides global --acme-http01-solver-resource-* settings. (#7972, @lunarwhite)
  • The controller, webhook and ca-injector now logs its version and git commit on startup for easier debugging and support. (#8072, @prasad89)
  • Updated certificate metrics to the collector approach. (#7856, @hjoshi123)

Bug or Regression

  • ACME: Increased challenge authorization timeout to 2 minutes to fix error waiting for authorization (#7796, @hjoshi123)
  • BUGFIX: permitted URI domains were incorrectly used to set the excluded URI domains in the CSR's name constraints (#7816, @kinolaev)
  • Enforced ACME HTTP-01 solver validation to properly reject configurations when multiple ingress options (class, ingressClassName, name) are specified simultaneously (#8021, @lunarwhite)
  • Increase maximum sizes of PEM certificates and chains which can be parsed in cert-manager, to handle leaf certificates with large numbers of DNS names or other identities (#7961, @SgtCoDFish)
  • Reverted adding the global.rbac.disableHTTPChallengesRole Helm option. (#7836, @inteon)
  • Use the latest version of ingress-nginx in E2E tests to ensure compatibility (#7792, @wallrj)

Other (Cleanup or Flake)

  • Helm: Fix naming template of tokenrequest RoleBinding resource to improve consistency (#7761, @lunarwhite)
  • Improve error messages when certificates, CRLs or private keys fail admission due to malformed or missing PEM data (#7928, @SgtCoDFish)
  • Major upgrade of Akamai SDK. NOTE: The new version has not been fully tested end-to-end due to the lack of cloud infrastructure. (#8003, @hjoshi123)
  • Update kind images to include the Kubernetes 1.33 node image (#7786, @wallrj)
  • Use maps.Copy for cleaner map handling (#8092, @quantpoet)
Check out latest releases or
releases around cert-manager/cert-manager v1.19.0-alpha.0

Don't miss a new cert-manager release

NewReleases is sending notifications on new releases.

Get notifications