[gardener-extension-shoot-cert-service]

✨ New Features

[USER] support for custom issuer with external account binding (#61, @MartinWeindel)
[USER] support for domain restrictions in custom issuer spec (#61, @MartinWeindel)
[USER] support for providing private key for custom issuer via shoot resource reference (#61, @MartinWeindel)

[OPERATOR] updating Gardener dependency to v1.16.4 (#62, @MartinWeindel)
[OPERATOR] Certificate request quota are configurable for custom issuer defined in the providerConfig of the shoot extension spec. (#58, @MartinWeindel)
[OPERATOR] Allow to configure precheck DNS nameservers and CA certificates for private ACME providers (#54, @MartinWeindel)
[DEPENDENCY] Go dependencies have been updated to: (#57, @timuthy)
- github.com/gardener/gardener v1.15.1-0.20210115062544-6dc08568692a
- sigs.k8s.io/controller-runtime v0.7.1
- k8s.io/* v0.19.6

[OPERATOR] activate quotas for certificate requests per day and issuer (#55, @MartinWeindel)

[OPERATOR] added metrics for certificate secrets (gardener/cert-management#60, @MartinWeindel)
[OPERATOR] Use common prefix cert_management_ for metrics names. (gardener/cert-management#58, @MartinWeindel)
[OPERATOR] Add metrics cert_management_overdue_renewal_certificates to allow alerting for expiring certificates. (gardener/cert-management#58, @MartinWeindel)
[OPERATOR] no caching of secrets on source cluster to reduce memory footprint (gardener/cert-management#56, @MartinWeindel)
[OPERATOR] renew certificate if its certificate secret is invalid/corrupt instead of going to state error (gardener/cert-management#54, @MartinWeindel)

[USER] Support external account binding for ACME. Especially the ACME implementation of DigiCert is supported now. (gardener/cert-management#61, @MartinWeindel)
[USER] Support for certificate revocation by creating a CertificateRevocation object to trigger revocation of old certificate(s) and optional renewal. (gardener/cert-management#57, @MartinWeindel)