trust-manager is the easiest way to manage security-critical trust bundles in Kubernetes and OpenShift clusters.
v0.8.0 includes a bunch of new features, largely contributed by our awesome community!
Included is an option at startup to filter expired certificates from all bundles and the ability to include Secret and ConfigMap resources via labels.
There are also a bunch of improvements which make trust-manager easier to develop and iterate on, which isn't as exciting as new features but should make it easier for us to provide features going forwards!
Speaking of going forwards, trust-manager is on the road to v1! 🎉 From here, we want to stabilise our API, get our CRDs to v1beta1 and then v1, and bump trust-manager itself to v1. We don't have a timeline currently, but we think it's important to be clear that it's a goal of ours to be rock-solid and stable for everyone to build upon!
Special thanks to @erikgb for his efforts in reviewing, developing and helping in this release - it couldn't have happened without him!
Read Before Updating
Removal of .status.target
trust-manager v0.8.0 removes the .status.target field from Bundle resources, which had a significant overhead to maintain and wasn't particularly useful as far as we could tell.
If you were previously relying on this field, you should be able to calculate it from the spec of your Bundle. We try to avoid breaking anything generally but we felt like this field was worth the removal.
What's Changed
New Features
- Add option to filter expired certificates from bundle by @Hoega in #273
- Add label selector option for Secret and ConfigMap sources by @ocampeau in #258
- Add support for additional pod annotations/labels by @jaygridley in #116
- Allow permissions to put the leases in the trust-manager namespace, not the trust namespace by @tspearconquest in #225
Changes
- Remove
.status.targetfield from Bundle API by @erikgb in #230 - Encode additional target format just once per bundle reconcile by @erikgb in #241
- Add dedicated structures for PKCS12 and JKS stores by @arsenalzp in #253
- fix: Reconcile targets consistently by @erikgb in #260
Changes for trust-manager Developers
- Better handling of local arch differences by @SgtCoDFish in #250
- Improve package CI error handling by @SgtCoDFish in #247
- Improve makefile comments around image building by @SgtCoDFish in #268
- Move to helm-tool for docs by @ThatsMrTalbot in #278
- Do more of the container build process locally by @SgtCoDFish in #251
- Don't build trust bundle images using make image by @SgtCoDFish in #269
- Generate applyconfigurations for custom resources by @erikgb in #217
- Fix flaky tests by introducing komega by @erikgb in #252
- Fix apply-configuration gen for Bundle (cluster-scoped) by @erikgb in #257
- Fix apply configuration generation on macOS by @SgtCoDFish in #248
- Align BundleCondition with upstream metav1.Condition by @erikgb in #249
New Contributors
- @jaygridley made their first contribution in #116
- @tspearconquest made their first contribution in #225
- @ocampeau made their first contribution in #258
- @Hoega made their first contribution in #273
- @ThatsMrTalbot made their first contribution in #278
Full Changelog: v0.7.0...v0.8.0