Changelog since release-1.2

Changes by Kind

Feature

• Add automountServiceAccountToken field to service accounts in helm chart (#3725, @joshuastern)
• Adds Approved condition type to CertificateRequest (#3735, @JoshVanL)
• Adds ObservedGeneration field to all Issuer conditions (#3754, @JoshVanL)
• Adds RevisionHistoryLimit field to Certificates to optionally garbage collect old CertificateRequests (#3773, @JoshVanL)
• Adds UserInfo fields to CertificateRequests containing the UserInfo of the requester: Username, Groups, UID, Extra. (#3641, @JoshVanL)
• Adds `kubectl cert-manager [approve|deny] CLI commands to manually approve or deny CertificateRequests (#3792, @JoshVanL)
• Adds an observedGeneration field to all Certificate conditions. This is set to the generation of that Certificate at the time of updating. (#3613, @JoshVanL)
• Allows disabling enabled cert-manager-controller controller, for example '--controllers=*,-foo' (#3791, @JoshVanL)
• kubectl get certificaterequest now outputs the Issuer name and the username of the requestor by default (#3774, @JoshVanL)

Bug or Regression

• Allow the usage of hostNetwork in the webhook PSP (#3454, @Kirill-Garbar)
• Correct permissions on edit aggregate role (#3697, @yann-soubeyrand)
• Fixes multiple Certificate Requests issue - see #3603 (#3665, @irbekrm)
• Improve error messages when Vault Issuer has misconfigured auth method (#3763, @JoshVanL)
• Skip Google Cloud DNS test when gcloud hasn't been configured (#3752, @SgtCoDFish)
• Use port from helm values for service targetPort (#3652, @7opf)

Other (Cleanup or Flake)

• Removes --renew-before-expiry flag that was deprecated in release v1.2.0 (#3693, @irbekrm)
• Standardise controller names across the project (#3789, @JoshVanL)
• Update distroless/static base image (#3741, @teejaded)