trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.
This release is a feature release, but as usual, it contains various patches/fixes and dependency bumps.
Notable changes include a fix by @yugstar avoiding reconciling loops by ensuring the calculated trust bundle hash is deterministic when adding labels/annotations to the target configmaps/secrets. 💯 And trust-manager can now source CA certificates from configmap binaryData. 🚀
Our Helm chart now supports configuration of securityContexts for pods and containers, which has been highly requested by the community. A big thanks goes out to @MarcAntoineRaymond! ❤️
⚠️ Possibly breaking change in Helm chart values: if you currently set app.securityContext.seccompProfileEnabled, this value has been removed and replaced with a more generic mechanism for setting securityContexts.
What's Changed
Features
- feat(helm)!: configuration of securityContexts for pods and containers by @MarcAntoineRaymond in #836
- feat(helm): aggregate Bundle read access into the cluster-reader ClusterRole by @yugstar in #1009
- Make CertPool support pluggable filters by @erikgb in #1016
- feat: read CA data from ConfigMap binaryData field in Bundle sources by @mvanhorn in #1025
Fixes
- fix: scope metrics ServiceMonitor selector to the metrics service by @yugstar in #1008
- fix: make TrustBundleHash deterministic across reconciles by @yugstar in #1014
Bumps / CI
- fix(deps): update github.com/onsi deps to v2.30.0 by @renovate[bot] in #1001
- fix(deps): update kubernetes go patches to v0.36.2 by @renovate[bot] in #1002
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #1003
- fix(deps): update github.com/onsi deps by @renovate[bot] in #1004
- [CI] Merge self-upgrade-main into main by @octo-sts[bot] in #1006
- chore(deps): update makefile modules to 7835ffe by @renovate[bot] in #1007
- chore(deps): update makefile modules to 92aeb18 by @renovate[bot] in #1010
- chore(deps): update makefile modules to 5d90d75 by @renovate[bot] in #1011
- chore(deps): update misc github actions to v7 by @renovate[bot] in #1012
- chore(deps): update makefile modules to 3968a05 by @renovate[bot] in #1013
- chore(deps): update makefile modules to 6c59e94 by @renovate[bot] in #1015
- chore(deps): update makefile modules to e249911 by @renovate[bot] in #1017
- chore(deps): update makefile modules to 2439727 by @renovate[bot] in #1018
- fix(deps): update github.com/onsi deps by @renovate[bot] in #1019
- fix(deps): update k8s.io/utils digest to a95e086 by @renovate[bot] in #1020
- chore(deps): update makefile modules to 5a6dfa5 by @renovate[bot] in #1021
- fix(deps): update module github.com/onsi/gomega to v1.42.1 by @renovate[bot] in #1022
- chore(deps): update actions/setup-go action to v6.5.0 by @renovate[bot] in #1023
- chore(deps): update makefile modules to 3475385 by @renovate[bot] in #1024
New Contributors
- @yugstar made their first contribution in #1008
- @MarcAntoineRaymond made their first contribution in #836
- @mvanhorn made their first contribution in #1025
Full Changelog: v0.23.0...v0.24.0