github cert-manager/trust-manager v0.5.0

17 days ago

trust-manager is the easiest way to manage security-critical trust bundles in Kubernetes and OpenShift clusters.

v0.5.0 introduces support for writing JKS formatted trust bundles, along with a set of improvements to our Helm chart and a bunch of other tweaks.

Special thanks to all of the contributors and to @xxmaestroxx, @vinzent, @hazmat345 and @claudiuavat1 for testing the beta releases of this version to help iron out bugs 🐛

JKS Support

Lots of Java applications consume trust stores not from the PEM bundles which trust-manager has always supported, but from binary JKS files. Using PEM bundles in Java can be a pain, and we heard that loud and clear!

We've introduced support for JKS files in trust-manager, as an additional (binary) field you can add to your targets!

For an example, see the below Bundle definition:

kind: Bundle
  name: jks-test-bundle
  - useDefaultCAs: true
      key: "target-key"
        key: "my-bundle.jks"

What's Changed

  • Add support for JKS truststores by @aidy in #122
  • Use ordered aliases when creating JKS files by @SgtCoDFish in #127
  • Ensure unique aliases in JKS files by @SgtCoDFish in #129
  • Minor restructure for ko compatibility by @aidy in #124
  • Bump to v0.5.0-beta.0 for release by @SgtCoDFish in #125
  • Allow node selection based on nodeSelector, tolerations, affinities and topologySpreadConstraints (fixes #13) by @stzov in #117
  • Make installation of default trust package optional in helm chart by @siiimooon in #121
  • Add descriptions for some helm chart fields by @SgtCoDFish in #126
  • Formatting improvements, tests for dummy certs by @SgtCoDFish in #128
  • Explicitly define resource namespaces in Helm chart by @inteon in #123
  • Use boilersuite for boilerplate verification by @SgtCoDFish in #130
  • Add a design for public trust bundles by @SgtCoDFish in #43

New Contributors

Full Changelog: v0.4.0...v0.5.0

Don't miss a new trust-manager release

NewReleases is sending notifications on new releases.