github cert-manager/trust-manager v0.23.0
on GitHub

7 hours ago

trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.

This release is a feature release, but as usual, it contains various patches/fixes and dependency bumps.

The most notable feature in this release is probably that trust-manager now provides a new trust-package bundle based on Debian Trixie.
💡 Note that the new trust-pkg-debian-trixie bundle is now the default trust package emitted by the Helm chart. For those of you still using our trust packages built from Debian Bullseye/Bookworm, we've just published new releases to fix vulnerabilites reported by scanners.

Our Helm chart has a new feature that allows a user to override the default webhook TLS certificate duration. We've also got a fix making it easier to use the trust-manager chart in an umbrella chart together with other cert-manager projects. This release also includes multiple fixes/inconsistencies in the Helm chart when using non-default values.

What's Changed

Features

  • Add duration for the webhook tls certificate by @mvrk69 in #961
  • Add new trust package based on Debian Trixie by @erikgb in #985
  • Make new trust package based on Debian Trixie the new default by @erikgb in #998

Fixes

  • fix: rename image helper to avoid umbrella chart conflicts by @FelixPhipps in #950
  • chore: typo succesful -> successful in publicbundle design doc by @SAY-5 in #944
  • fix(chart): honor serviceAccount.name override in ServiceAccount manifest by @lexfrei in #980
  • fix(chart): render servicemonitor.labels inside metadata.labels by @lexfrei in #981
  • Add tests for stable resourceVersion when adding labels/annotations to target by @erikgb in #972
  • fix: disabling the default package volumes if default package is disabled by @mrlunchbox777 in #987
  • Trigger new releases of older trust-packages by @erikgb in #999

Bumps / CI

  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #943
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #947
  • fix(deps): update module github.com/onsi/ginkgo/v2 to v2.28.2 by @renovate[bot] in #949
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #953
  • fix(deps): update github.com/onsi deps by @renovate[bot] in #952
  • fix(deps): update kubernetes go deps by @renovate[bot] in #945
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #957
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #959
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #960
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #963
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #965
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #966
  • fix(deps): update module sigs.k8s.io/controller-runtime to v0.24.1 by @renovate[bot] in #967
  • fix(deps): update kubernetes go patches to v0.36.1 by @renovate[bot] in #968
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #969
  • fix(deps): update github.com/onsi deps by @renovate[bot] in #974
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #975
  • Deduplicate trust-package CI by @erikgb in #973
  • chore(deps): update module golang.org/x/crypto to v0.52.0 [security] by @renovate[bot] in #978
  • chore(deps): update module golang.org/x/net to v0.55.0 [security] by @renovate[bot] in #979
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #976
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #982
  • fix(deps): update k8s.io/utils digest to ff6756f by @renovate[bot] in #984
  • chore(deps): update docker/login-action action to v4.2.0 by @renovate[bot] in #977
  • chore(deps): update misc github actions to v6.0.3 by @renovate[bot] in #989
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #990
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #991
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #992
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #993
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #994
  • [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #995
  • chore(deps): update misc github actions to v6.0.3 by @renovate[bot] in #997
  • fix(deps): update misc go deps to v0.7.2 by @renovate[bot] in #996
  • Fix leftovers after migrating to Debian Trixie trust package by @erikgb in #1000

New Contributors

Full Changelog: v0.22.1...v0.23.0

Check out latest releases or
releases around cert-manager/trust-manager v0.23.0

Don't miss a new trust-manager release

NewReleases is sending notifications on new releases.

Get notifications