Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Helm release trust-manager to v0.14.0 #22

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update Helm release trust-manager to v0.14.0 #22

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 23, 2024
edited
Loading

This PR contains the following updates:

Package Update Change
trust-manager (source) minor v0.7.0 -> v0.14.0

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

cert-manager/trust-manager (trust-manager)

v0.14.0

Compare Source

trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.

v0.14.0 is a minor release including new features, some bugfixes, refactors and dependency updates.

Among the new features is support for set-based requirements (matchExpressions) when selecting namepaces to target with a Bundle.

This release also inludes some major bugfixes:

Thanks to all contributors! 🚀

New features

Bugfixes

Enhancements and Refactorings

Automated Dependency Bumps

Automated Makefile Modules Updates

New Contributors

Full Changelog: cert-manager/trust-manager@v0.13.0...v0.14.0

v0.13.0

Compare Source

trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.

v0.13.0 is a minor release to include a swathe of dependency updates, refactors and a few new features.

Among the new features is the new optional includeAllKeys field for Secret and ConfigMap sources, by @​juliocamarero. Previously, these sources required users to specify an indvidual key to include in the resulting bundle. With this new field, you can request that all keys be included instead. Note that Secret sources of kubernetes.io/tls type are not eligible for use with includeAllKeys, to avoid trust-manager reading a private key.

In addition, @​arsenalzp landed a great PR which cleans up handling of certificates within trust-manager, reducing the number of encode/decode operations done during a bundle reconcile.

What's Changed

Refactoring
Automated Dependency Bumps
Automated Makefile Modules Updates

New Contributors

Full Changelog: cert-manager/trust-manager@v0.12.0...v0.13.0

v0.12.0

Compare Source

trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.

v0.12.0 includes a variety of Helm chart improvements, notably including the ability to install trust-manager without having first installed cert-manager!

Overview

Standalone trust-manager

Previously, trust-manager required that cert-manager was installed for generating the trust-manager webhook certificate. cert-manager's cainjector was used to inject this webhook cert into the Kubernetes webhook resource.

Some users wanted to be able to install trust-manager standalone, and now this is possible thanks to Helm's inbuilt support for generating certificates. We'd like to note that relying on Helm for this functionality isn't likely to be the best way to run in production - we'd strongly suggest that running with cert-manager is the way to go, since that will handle cert rotation and be much easier to administer.

Still, for any user who wants to simply run trust-manager, that's now possible:

helm upgrade trust-manager jetstack/trust-manager \
  --install \
  --namespace cert-manager \
  --wait \
  --set app.webhook.tls.helmCert.enabled=true
Other Helm Improvements

There are even more improvements to the Helm chart:

  1. Support for configuring a dual stack service for the webhook (Thanks @​M0NsTeRRR!)
  2. More configurability of trust-manager's leader-election including duration and deadline (Thanks @​jabdoa2!)

What's Changed

New Features
Refactors

New Contributors

Full Changelog: cert-manager/trust-manager@v0.11.1...v0.12.0

v0.11.1

Compare Source

trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.

What's Changed

New Contributors

Full Changelog: cert-manager/trust-manager@v0.11.0...v0.11.1

v0.11.0

Compare Source

trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.

v0.11.0 includes support for JSON logging, as well as some bug fixes and code quality improvements which have been made since the release of trust-manager v0.10.0

Notably, this release re-adds the s390x architecture which was missing in v0.10.0 and v0.10.1 and enables several linters to ensure the codebase remains at a high level of quality.

Feature Overview: JSON Logging

Prolific contributor @​erikgb added support for JSON logging in trust-manager in #​354 🚀

JSON logging can be enabled through the new app.logFormat Helm value which defaults to text but can be set to json.

$ helm upgrade trust-manager jetstack/trust-manager \
  --set app.logFormat=json \
  --install \
  --namespace cert-manager \
  --wait

$ kubectl logs -n cert-manager trust-manager-xxxxx
{"time":"2024-06-03T14:05:12.468612847Z","level":"INFO","msg":"successfully loaded default package from filesystem","logger":"trust/bundle","path":"/packages/cert-manager-package-debian.json"}
...

Log Level Parsing

v0.11.0 also changes how log levels are parsed when passed in to trust-manager.

Previously, non-numeric log levels would be silently ignored, so if you set a log level of "v5" rather than "5", the setting would not take effect and the log level would default to 1. Now, log levels must be valid integers and trust-manager will fail to start if a log level is invalid.

This change will help to catch configuration errors.

What's Changed

Features
Bug Fixes
Testing / Code Quality
Docs
Version Bumps

Full Changelog: cert-manager/trust-manager@v0.10.0...v0.11.0

v0.10.1

Compare Source

trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.

This patch release fixes a bug in the trust-manager build process causing it to be build with an out-of-date go version (1.22.0), instead of the latest Go version available at the time (1.22.3).

[!WARNING]

trust-manager v0.10.1 does not include images for s390x. This was an oversight arising from the migration to makefile-modules.
This will be fixed in trust-manager v0.11.0

Full Changelog: cert-manager/trust-manager@v0.10.0...v0.10.1

v0.10.0

Compare Source

trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.

This release is be the first trust-manager release that uses Makefile modules. Apart from that change, this release includes a lot of version bumps and some small bug fixes.

[!WARNING]

There was a bug with the release of trust-manager v0.10.0 which meant it was built with go 1.22.0 rather than the latest Go version available at the time (1.22.3).
This was fixed in trust-manager v0.10.1 and v0.11.0+

[!WARNING]

trust-manager v0.10.0 does not include images for s390x. This was an oversight arising from the migration to makefile-modules.
This will be fixed in trust-manager v0.11.0

What's Changed

Dependency upgrades

New Contributors

Full Changelog: cert-manager/trust-manager@v0.9.2...v0.10.0

v0.9.2

Compare Source

trust-manager is the easiest way to manage security-critical trust bundles in Kubernetes and OpenShift clusters.

v0.9.2 is another small bugfix release for a minor issue in the Helm chart's schema along with a small dependency update to fix a reported CVE. Thanks @​DrFaust92 for fixing the schema!

What's Changed

Full Changelog: cert-manager/trust-manager@v0.9.1...v0.9.2

v0.9.1

Compare Source

trust-manager is the easiest way to manage security-critical trust bundles in Kubernetes and OpenShift clusters.

v0.9.1 is a small bugfix release for a minor issue in the Helm chart's schema. Thanks to @​erikgb and @​wallrj for the bugfix!

In addition, unrelated to this specific release, we're looking to rebuild the debian trust package to include the s390x architecture that was added in trust-manager v0.9.0. That will happen outside of the release process for v0.9.1.

What's Changed

Full Changelog: cert-manager/trust-manager@v0.9.0...v0.9.1

v0.9.0

Compare Source

trust-manager is the easiest way to manage security-critical trust bundles in Kubernetes and OpenShift clusters.

v0.9.0 contains a bunch of improvements and once again the awesome trust-manager community played a huge role!

Inclusions to note are:

  • We fixed a bug (#​296) which broke passwordless PKCS#12 files when read by Java.
    • It's possible that this could have an effect on non-Java platforms, but in testing it seemed safe for both Go and Java
  • We added support for the s390x architecture for trust-manager!
  • We added a crds.keep option to reduce the risk of losing important data when uninstalling trust-manager
  • We fixed an issue with certificate deduplication when certs were present in multiple sources

As always, please report any issues either here in the repo, in a cert-manager meeting or on Slack!

Happy bundling!

Special Thanks

We'd like to thank the following for their contributions, expertise, time and patience since the last trust-manager release:

In addition, a warm welcome to our latest reviewer @​ThatsMrTalbot ! 🎉

What's Changed

New Features
Bug Fixes and Resilience Improvements
Documentation and Testing
Bumps and Miscellaneous

New Contributors

Full Changelog: cert-manager/trust-manager@v0.8.0...v0.9.0

v0.8.0

Compare Source

trust-manager is the easiest way to manage security-critical trust bundles in Kubernetes and OpenShift clusters.

v0.8.0 includes a bunch of new features, largely contributed by our awesome community!

Included is an option at startup to filter expired certificates from all bundles and the ability to include Secret and ConfigMap resources via labels.

There are also a bunch of improvements which make trust-manager easier to develop and iterate on, which isn't as exciting as new features but should make it easier for us to provide features going forwards!

Speaking of going forwards, trust-manager is on the road to v1! 🎉 From here, we want to stabilise our API, get our CRDs to v1beta1 and then v1, and bump trust-manager itself to v1. We don't have a timeline currently, but we think it's important to be clear that it's a goal of ours to be rock-solid and stable for everyone to build upon!

Special thanks to @​erikgb for his efforts in reviewing, developing and helping in this release - it couldn't have happened without him!

⚠️ Known Issues

When using PKCS#12 targets with empty passwords, a PKCS#12 file will be generated that the Java keytool utility is unable to read. See #​296

Read Before Updating

Removal of .status.target

trust-manager v0.8.0 removes the .status.target field from Bundle resources, which had a significant overhead to maintain and wasn't particularly useful as far as we could tell.

If you were previously relying on this field, you should be able to calculate it from the spec of your Bundle. We try to avoid breaking anything generally but we felt like this field was worth the removal.

What's Changed

New Features
Changes
Changes for trust-manager Developers

New Contributors

Full Changelog: cert-manager/trust-manager@v0.7.0...v0.8.0

v0.7.1

Compare Source

trust-manager is the easiest way to manage security-critical trust bundles in Kubernetes and OpenShift clusters.

v0.7.1 is a patch release fixing a bug in targets including PKCS#12 bundles - see #​260 for details. All users are recommended to upgrade to this version from v0.7.0 immediately.

What's Changed

Full Changelog: cert-manager/trust-manager@v0.7.0...v0.7.1

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title Update Helm release trust-manager to v0.8.0 Update Helm release trust-manager to v0.9.0 Mar 7, 2024
@renovate renovate bot force-pushed the renovate/trust-manager/helmrelease.yaml branch 2 times, most recently from 7940b96 to d7900f8 Compare March 13, 2024 20:10
@renovate renovate bot changed the title Update Helm release trust-manager to v0.9.0 Update Helm release trust-manager to v0.9.1 Mar 13, 2024
@renovate renovate bot force-pushed the renovate/trust-manager/helmrelease.yaml branch from d7900f8 to 7ddd967 Compare March 26, 2024 17:56
@renovate renovate bot changed the title Update Helm release trust-manager to v0.9.1 Update Helm release trust-manager to v0.9.2 Mar 26, 2024
@renovate renovate bot changed the title Update Helm release trust-manager to v0.9.2 Update Helm release trust-manager to v0.10.0 May 13, 2024
@renovate renovate bot force-pushed the renovate/trust-manager/helmrelease.yaml branch from 7ddd967 to 35ee7fc Compare May 13, 2024 16:11
@renovate renovate bot force-pushed the renovate/trust-manager/helmrelease.yaml branch from 35ee7fc to 0d0f33d Compare May 29, 2024 19:24
@renovate renovate bot changed the title Update Helm release trust-manager to v0.10.0 Update Helm release trust-manager to v0.10.1 May 29, 2024
@renovate renovate bot force-pushed the renovate/trust-manager/helmrelease.yaml branch from 0d0f33d to 1811856 Compare June 3, 2024 16:45
@renovate renovate bot changed the title Update Helm release trust-manager to v0.10.1 Update Helm release trust-manager to v0.11.0 Jun 3, 2024
@renovate renovate bot force-pushed the renovate/trust-manager/helmrelease.yaml branch from 1811856 to 7395639 Compare July 15, 2024 17:14
@renovate renovate bot changed the title Update Helm release trust-manager to v0.11.0 Update Helm release trust-manager to v0.11.1 Jul 15, 2024
@renovate renovate bot force-pushed the renovate/trust-manager/helmrelease.yaml branch from 7395639 to 1638b2c Compare July 19, 2024 14:52
@renovate renovate bot changed the title Update Helm release trust-manager to v0.11.1 Update Helm release trust-manager to v0.12.0 Jul 19, 2024
@renovate renovate bot force-pushed the renovate/trust-manager/helmrelease.yaml branch from 1638b2c to ebc0001 Compare October 29, 2024 18:09
@renovate renovate bot changed the title Update Helm release trust-manager to v0.12.0 Update Helm release trust-manager to v0.13.0 Oct 29, 2024
@renovate renovate bot force-pushed the renovate/trust-manager/helmrelease.yaml branch from ebc0001 to 61c41be Compare December 2, 2024 16:31
@renovate renovate bot changed the title Update Helm release trust-manager to v0.13.0 Update Helm release trust-manager to v0.14.0 Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants