github cert-manager/cert-manager v1.7.0-alpha.1

latest releases: v1.9.1, v1.9.0, v1.9.0-beta.1...
pre-release6 months ago

Breaking Changes (You MUST read this before you upgrade!)

⚠ Following their deprecation in version 1.5, the cert-manager APIVersions v1alpha2, v1alpha3, and v1beta1 have been removed.
You must ensure that all cert-manager custom resources are stored in etcd at version v1
and that all cert-manager CustomResourceDefinitions have only v1 as the stored version.

Since v1.7.0-alpha.1 cmctl can automatically migrate any deprecated API resources.
Please download cmctl-v1.7.0-alpha.1 (from the Assets section below) and read Removing Deprecated API Resources
for full instructions.

Changelog since v1.7.0-alpha.0

Changes by Kind


  • Add cmctl upgrade migrate-api-version to ensure all CRD resources are stored at 'v1' prior to upgrading to v1.7 onwards (#4711, @munnerz)
  • Add acme-http01-solver-nameservers flag to enable custom nameservers usage for ACME HTT01 challenges propagation checks. (#4287, @Adphi)
  • Add goimports verification step for CI (#4710, @SgtCoDFish)
  • Added additionalOutputFormats parameter to allow DER (binary) and CombinedPEM (key + cert bundle) formats. (#4598, @seuf)
  • Certificate Secrets are now managed by the APPLY API call, rather than UPDATE/CREATE. The issuing controller actively reconciles Certificate SecretTemplate's against corresponding Secrets, garbage collecting and correcting key/value changes. (#4638, @JoshVanL)

Bug or Regression

  • Fix unexpected exit when multiple DNS providers are passed to RunWebhookServer (#4702, @devholic)
  • Fixes a bug where a previous failed CertificateRequest was picked up during the next issuance. Thanks to @MattiasGees for raising the issue and help with debugging! (#4688, @irbekrm)
  • Improve checksum validation in makefile-based tool installation (#4680, @SgtCoDFish)

Other (Cleanup or Flake)

  • Added helm value .Values.serviceAnnotations (#4329, @jwenz723)
  • Cleanup: Pipe feature gate flag to the e2e binary. Test against shared Feature Gate map for feature enabled and whether they should be tested against. (#4703, @JoshVanL)
  • Ensures that in cases where an attempt to finalize an already finalized order is made, the originally issued certificate is used (instead of erroring and creating a new ACME order) (#4697, @irbekrm)
  • Update distroless base images for cert-manager (#4706, @SgtCoDFish)
  • Upgrade Kubernetes dependencies to v0.23.1 (#4675, @munnerz)

Don't miss a new cert-manager release

NewReleases is sending notifications on new releases.