Urgent Upgrade Notes
(No, really, you MUST read this before you upgrade)
-
This release of cert-manager only supports Kubernetes 1.16 and above
-
Fix Vault issuer not to store a root CA into a certificate bundle (
tls.crt). Also, Vault issuer now stores a root CA instead of an issuing CA into a CA bundle (ca.crt), from a CA chain returned from Vault. (#3433, @sorah)
Changes by Kind
Feature
- Add creation of PKCS12 truststore.p12 using Certificate Authority (#3489, @exceptionfactory)
- Added the ability to enable pprof profiling of the controller using the command line flag --enable-profiling. (#3477, @tharun208)
- The ingress-shim now checks for
cert-manager.io/durationandcert-manager.io/renew-beforeannotations and uses those values to set the Certificate.Spec.Duration and Certificate.Spec.RenewBefore fields. (#3465, @wallrj)
Other (Bug, Cleanup or Flake)
- Always install using admissionregistration.k8s.io/v1 (#3519, @meyskens)
- Change copyright owner to
The cert-manager Authors(#3500, @meyskens) - Deprecated the --renew-before-expiration-duration flag of the cert-manager controller (#3464, @wallrj)
- Fix a bug in the AWS Route53 DNS01 challenge that to retrying over and over instead of observing an exponential back off (#3485, @maelvls)
- Migrate Ingress to networking.k8s.io/v1beta1 API group (#3499, @meyskens)
- Remove Jetstack from user-agent fields (#3515, @meyskens)
- Remove legacy release (#3487, @meyskens)