v0.17.1

[gardener/cert-management]

🐛 Bug Fixes

• [OPERATOR] Fix panic if target issuer referenced but not allowed by @MartinWeindel [#371]

Helm Charts

• cert-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/cert-controller-manager:v0.17.1

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.17.1

v0.17.0

[gardener/cert-management]

✨ New Features

• [USER] Introduce the new Issuer type SelfSigned for creating self-signed certificates. by @RaphaelVogel [#228]
• [USER] The certificate resource can now define a duration (the lifetime of the certificate). The issuer (especially Let's Encrypt) may ignore this field. by @marc1404 [#354]

🐛 Bug Fixes

• [OPERATOR] Cleanup status for orphan pending certificate resources by @MartinWeindel [#367]

🏃 Others

• [DEVELOPER] Use Pebble as an ACME server in the integration tests. by @marc1404 [#339]

Helm Charts

• cert-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/cert-controller-manager:v0.17.0

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.17.0

v0.16.0

[gardener/cert-management]

📰 Noteworthy

• [OPERATOR] gosec was introduced for Static Application Security Testing (SAST). by @MartinWeindel [#313]

✨ New Features

• [USER] Istio gateways: Allow to specify namespace for TLS secret by annotation cert.gardener.cloud/secret-namespace. by @MartinWeindel [#316]
• [OPERATOR] The Helm chart is published as OCI artifacts now. by @rfranzke [#281]

🐛 Bug Fixes

• [USER] Creating certificates with a given csr referencing a ca issuer do not throw a nil pointer exception anymore by @RaphaelVogel [#234]

🏃 Others

• [DEVELOPER] Refactoring: introduce issuer key interface by @MartinWeindel [#240]
• [OPERATOR] Bumps golang from 1.22.5 to 1.22.6. by @dependabot[bot] [#253]
• [OPERATOR] Add local Kind setup with knot-dns,peeble, and dns-controller-manager by @MartinWeindel [#181]

Helm Charts

• cert-controller-manager: europe-docker.pkg.dev/gardener-project/releases/charts/cert-controller-manager:v0.16.0

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.16.0

v0.15.0

[gardener/cert-management]

✨ New Features

• [OPERATOR] Use dnsrecords.extensions.gardener.cloud API as an alternative to dnsentries.dns.gardener.cloud for DNS challenges. by @MartinWeindel [#177]

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.15.0

v0.14.3

[gardener/cert-management]

🏃 Others

• [USER] Support Istio apiVersion networking.istio.io/v1 by @MartinWeindel [#179]
• [OPERATOR] Bumps golang from 1.22.2 to 1.22.3. by @dependabot[bot] [#178]

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.14.3

v0.14.2

[gardener/cert-management]

🐛 Bug Fixes

• [USER] Fix regression for annotations on ingress resources: dns.gardener.cloud/dnsnames annotation must be ignored. by @MartinWeindel [#176]

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.14.2

v0.14.1

[gardener/cert-management]

🏃 Others

• [OPERATOR] Fix cluster configuration for new source controllers istio-gateways-dns and k8s-gateways-dns. by @MartinWeindel [#175]

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.14.1

v0.14.0

[gardener/cert-management]

✨ New Features

• [USER] The Istio resource Gateway can now be annotated with cert.gardener.cloud/purpose=managed to enable the automatic creation of Certificate resources for domain names extracted from hosts fields in this resource or related VirtualServices resources.
  The Gateway and HTTPRoute resources from the Gateway API are supported in a similar way. by @MartinWeindel [#174]

🏃 Others

• [OPERATOR] Support deployment specific default values for private key algorithm and size with the new command line options --default-private-key-algorithm, --default-rsa-private-key-size, --default-ecdsa-private-key-size by @MartinWeindel [#171]

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.14.0

v0.13.0

[gardener/cert-management]

✨ New Features

• [USER] The algorithm and size for the private key can now be specified in the certificate spec section to override the default algorithm RSA with key size 2048.
  Supported algorithms are RSA and ECDSA. For RSA the allowed key sizes are 2048, 3072, and 4096 with 2048 as default is not specified explicitly. For ECDSA the allowed key sizes are 256 and 384 with 256 as default.
  These algorithms and key sizes are supported by Let's Encrypt. For other ACME servers please check their documentation for information about supported combinations. by @MartinWeindel [#168]

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.13.0

v0.12.1

[gardener/cert-management]

🐛 Bug Fixes

• [USER] Updating certificates from source objects (like Ingress or Service) with first domain name longer than 64 character failed, as the commonName field was filled. It must be left empty in this case. by @MartinWeindel [#164]

🏃 Others

• [OPERATOR] Bump golang from 1.22.0 to 1.22.1 by @MartinWeindel [#165]

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.12.1