github cert-manager/trust-manager v0.20.0
on GitHub

latest release: v0.20.1
one day ago

trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.

⚠️ Known issue ⚠️

Golang 1.25.2 has a backwards incompatible change (see golang/go#75828 (comment)). This will for example result in certificates with a DNS SAN ending in a dot causing trust-manager to error.

This release primarily contains dependency updates, but also includes a new feature that allows trust-manager to be configured to only operate on a list of named target namespaces. While this feature can allow trust-manager to operate without cluster-wide access to namespaces, the Bundle resource is cluster-scoped, and events from cluster-scoped resources are emitted to the default namespace.

⚠️ The code performing migration from client-side to server-side apply is removed in this release. This means that if upgrading from a really old version of trust-manager (< 0.7.0), you must upgrade to 0.19.0 first.

The work on migrating Bundle to ClusterBundle continues, but none of these changes are user-facing in this release.

What's Changed

Features

  • You can now use trust-manager in the new "restricted" mode to scope trust-manager’s and target caches to a specific set of Kubernetes namespaces provided at startup. When this feature is not used, behavior remains unchanged (cluster-wide watch). By @asmaoune in #744
  • Helm: you can now disable the creation of the RBAC resources. By @asmaoune in #753

Internal changes

  • Add generated applyconfigurations for ClusterBundle API by @erikgb in #690
  • Split integration tests for Bundle and ClusterBundle by @erikgb in #691
  • Add new Bundle (migration) controller by @erikgb in #681
  • Eliminate multiple sigs.k8s.io/structured-merge-diff deps by @erikgb in #712
  • Refactor cache setup to controller package by @erikgb in #727
  • Bootstrap shared Renovate preset by @erikgb in #751
  • Move additional formats handling from source to target by @erikgb in #703
  • Remove code for migrating CSA to SSA by @erikgb in #754
  • Bump default CAs bundle version to trigger release by @erikgb in #768
  • Make: missing quote breaking CI by @maelvls in #770
  • Don't set the tag in values.yaml, since it is overwritten at chart build time by @inteon in #771

Updates by Dependabot/Renovate

  • build(deps): Bump the all group with 5 updates by @dependabot[bot] in #687
  • build(deps): Bump the all-go-deps group across 1 directory with 2 updates by @dependabot[bot] in #696
  • fix(deps): update module github.com/stretchr/testify to v1.11.0 by @github-actions[bot] in #699
  • fix(deps): update kubernetes go deps to v0.34.0 by @erikgb in #710
  • fix(deps): update misc go deps by @github-actions[bot] in #707
  • fix(deps): update misc go deps by @github-actions[bot] in #721
  • fix(deps): update module github.com/onsi/ginkgo/v2 to v2.25.2 by @github-actions[bot] in #720
  • build(deps): Bump actions/setup-go from 5 to 6 in the all-gh-actions group by @dependabot[bot] in #729
  • chore(deps): update actions/github-script action to v8 by @octo-sts[bot] in #732
  • chore(deps): pin dependencies by @octo-sts[bot] in #731
  • fix(deps): update module github.com/onsi/ginkgo/v2 to v2.25.3 by @octo-sts[bot] in #736
  • fix(deps): update kubernetes go patches to v0.34.1 by @octo-sts[bot] in #745
  • chore(deps): pin quay.io/jetstack/trust-pkg-debian-bookworm docker tag to 4e46f31 by @octo-sts[bot] in #752
  • fix(deps): update module sigs.k8s.io/controller-runtime to v0.22.1 by @erikgb in #757
  • chore(deps): update docker/login-action digest to 5e57cd1 by @octo-sts[bot] in #760
  • fix(deps): update module github.com/onsi/ginkgo/v2 to v2.26.0 by @octo-sts[bot] in #763
  • fix(deps): update module sigs.k8s.io/controller-runtime to v0.22.2 by @octo-sts[bot] in #766
  • fix(deps): update k8s.io/utils digest to bc988d5 by @octo-sts[bot] in #769

Updates by makefile-modules

  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #686
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #692
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #694
  • [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #695
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #697
  • Manual self upgrade by @erikgb in #698
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #705
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #706
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #714
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #715
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #717
  • [CI] Self-upgrade merging self-upgrade-main into main by @erikgb in #718
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #719
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #723
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #724
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #725
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #728
  • [CI] Self-upgrade merging self-upgrade-main into main by @erikgb in #730
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #735
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #737
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #738
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #739
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #740
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #743
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #746
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #747
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #755
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #758
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #759
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #764
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #765
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #767

New Contributors

Full Changelog: v0.19.0...v0.20.0

Check out latest releases or
releases around cert-manager/trust-manager v0.20.0

Don't miss a new trust-manager release

NewReleases is sending notifications on new releases.

Get notifications