trust-manager is the easiest way to manage security-critical trust bundles in Kubernetes and OpenShift clusters.
v0.5.0 introduces support for writing JKS formatted trust bundles, along with a set of improvements to our Helm chart and a bunch of other tweaks.
Special thanks to all of the contributors and to @xxmaestroxx, @vinzent, @hazmat345 and @claudiuavat1 for testing the beta releases of this version to help iron out bugs 🐛
Lots of Java applications consume trust stores not from the PEM bundles which trust-manager has always supported, but from binary JKS files. Using PEM bundles in Java can be a pain, and we heard that loud and clear!
We've introduced support for JKS files in trust-manager, as an additional (binary) field you can add to your targets!
For an example, see the below
apiVersion: trust.cert-manager.io/v1alpha1 kind: Bundle metadata: name: jks-test-bundle spec: sources: - useDefaultCAs: true target: configMap: key: "target-key" additionalFormats: jks: key: "my-bundle.jks"
- Add support for JKS truststores by @aidy in #122
- Use ordered aliases when creating JKS files by @SgtCoDFish in #127
- Ensure unique aliases in JKS files by @SgtCoDFish in #129
- Minor restructure for ko compatibility by @aidy in #124
- Bump to v0.5.0-beta.0 for release by @SgtCoDFish in #125
- Allow node selection based on nodeSelector, tolerations, affinities and topologySpreadConstraints (fixes #13) by @stzov in #117
- Make installation of default trust package optional in helm chart by @siiimooon in #121
- Add descriptions for some helm chart fields by @SgtCoDFish in #126
- Formatting improvements, tests for dummy certs by @SgtCoDFish in #128
- Explicitly define resource namespaces in Helm chart by @inteon in #123
- Use boilersuite for boilerplate verification by @SgtCoDFish in #130
- Add a design for public trust bundles by @SgtCoDFish in #43
- @aidy made their first contribution in #122
- @stzov made their first contribution in #117
- @siiimooon made their first contribution in #121
Full Changelog: v0.4.0...v0.5.0