chore(deps): update helm release trust-manager to v0.14.0
This MR contains the following updates:
| Package | Update | Change |
|---|---|---|
| trust-manager (source) | minor |
v0.10.0 -> v0.14.0
|
⚠️ WarningSome dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
cert-manager/trust-manager (trust-manager)
v0.14.0
trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.
v0.14.0 is a minor release including new features, some bugfixes, refactors and dependency updates.
Among the new features is support for set-based requirements (matchExpressions) when selecting namepaces to target with a Bundle.
This release also inludes some major bugfixes:
- Allow
keyto be omitted when using the newincludeAllKeysfield introduced in v0.13.0 by @juliocamarero. - Updating JKS/PKCS#12 target truststores when password changes by @arsenalzp and @inteon.
Thanks to all contributors!
New features
- feat(helm): add secretTemplate-ing to certificate by @guntiskarulis in https://github.com/cert-manager/trust-manager/pull/469
- Feat: Add port naming for podMonitor support by @noamgloberman0 in https://github.com/cert-manager/trust-manager/pull/467
- feat: support namespaceSelector matchExpressions by @erikgb in https://github.com/cert-manager/trust-manager/pull/476
Bugfixes
- Fix crd validation: Key should not be required anymore in bundle source resources by @juliocamarero in https://github.com/cert-manager/trust-manager/pull/474
- Fix issue with updating of JKS/PKCS targets when password changes #449 (review) by @inteon in https://github.com/cert-manager/trust-manager/pull/480
- Fix issue with updating of JKS/PKCS targets when password changes by @arsenalzp in https://github.com/cert-manager/trust-manager/pull/449
Enhancements and Refactorings
- Improve OpenAPI validation and SSA Golang markers by @erikgb in https://github.com/cert-manager/trust-manager/pull/477
- refactor: more generic target handling by @erikgb in https://github.com/cert-manager/trust-manager/pull/440
- Set dummy Helm chart versions by @erikgb in https://github.com/cert-manager/trust-manager/pull/490
- Remove generated api-docs by @erikgb in https://github.com/cert-manager/trust-manager/pull/491
Automated Dependency Bumps
- build(deps): Bump the all group with 2 updates by @dependabot in https://github.com/cert-manager/trust-manager/pull/464
- build(deps): Bump the all group across 1 directory with 2 updates by @dependabot in https://github.com/cert-manager/trust-manager/pull/473
- build(deps): Bump the all group with 6 updates by @dependabot in https://github.com/cert-manager/trust-manager/pull/481
- build(deps): Bump sigs.k8s.io/controller-runtime from 0.19.1 to 0.19.2 in the all group by @dependabot in https://github.com/cert-manager/trust-manager/pull/484
- build(deps): Bump the all group with 2 updates by @dependabot in https://github.com/cert-manager/trust-manager/pull/487
Automated Makefile Modules Updates
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/470
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/471
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/472
- [CI] Self-upgrade merging self-upgrade-main into main by @inteon in https://github.com/cert-manager/trust-manager/pull/479
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/483
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/488
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/492
New Contributors
- @guntiskarulis made their first contribution in https://github.com/cert-manager/trust-manager/pull/469
- @noamgloberman0 made their first contribution in https://github.com/cert-manager/trust-manager/pull/467
Full Changelog: https://github.com/cert-manager/trust-manager/compare/v0.13.0...v0.14.0
v0.13.0
trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.
v0.13.0 is a minor release to include a swathe of dependency updates, refactors and a few new features.
Among the new features is the new optional includeAllKeys field for Secret and ConfigMap sources, by @juliocamarero. Previously, these sources required users to specify an indvidual key to include in the resulting bundle. With this new field, you can request that all keys be included instead. Note that Secret sources of kubernetes.io/tls type are not eligible for use with includeAllKeys, to avoid trust-manager reading a private key.
In addition, @arsenalzp landed a great MR which cleans up handling of certificates within trust-manager, reducing the number of encode/decode operations done during a bundle reconcile.
What's Changed
- Support for including all certificates from a secret/configMap in bundle source by @juliocamarero in https://github.com/cert-manager/trust-manager/pull/460
- Introduce certificate pool structure and remove multiple encode/decode process by @arsenalzp in https://github.com/cert-manager/trust-manager/pull/375
- Fix example of topologySpreadConstraints to reference trust-manager by @SgtCoDFish in https://github.com/cert-manager/trust-manager/pull/401
- Bump sigs.k8s.io/controller-runtime to 0.19.0 by @erikgb in https://github.com/cert-manager/trust-manager/pull/414
- fix: don't error if source selector selects no sources by @erikgb in https://github.com/cert-manager/trust-manager/pull/432
- ci: fix new copyloopvar lint errors by @erikgb in https://github.com/cert-manager/trust-manager/pull/445
- test: add tests for truststore deterministic by @erikgb in https://github.com/cert-manager/trust-manager/pull/443
Refactoring
- refactor: move FieldManager to more available package by @erikgb in https://github.com/cert-manager/trust-manager/pull/397
- refactor: fix name and import alias collisions by @erikgb in https://github.com/cert-manager/trust-manager/pull/412
- refactor: dedicated target data struct by @erikgb in https://github.com/cert-manager/trust-manager/pull/415
- refactor: move function for creating managed field entries by @erikgb in https://github.com/cert-manager/trust-manager/pull/413
- refactor: use NamespacedName instead of positional name/namespace by @erikgb in https://github.com/cert-manager/trust-manager/pull/435
- refactor: reduce duplication in sync target functions by @erikgb in https://github.com/cert-manager/trust-manager/pull/436
- refactor: establish target.Reconciler by @erikgb in https://github.com/cert-manager/trust-manager/pull/378
Automated Dependency Bumps
- Bump the all group across 1 directory with 2 updates by @dependabot in https://github.com/cert-manager/trust-manager/pull/404
- Bump the all group with 2 updates by @dependabot in https://github.com/cert-manager/trust-manager/pull/398
- Bump k8s.io/cli-runtime from 0.30.3 to 0.31.0 in the all group across 1 directory by @dependabot in https://github.com/cert-manager/trust-manager/pull/417
- Bump the all group across 1 directory with 3 updates by @dependabot in https://github.com/cert-manager/trust-manager/pull/429
- build(deps): Bump sigs.k8s.io/controller-runtime from 0.19.0 to 0.19.1 in the all group by @dependabot in https://github.com/cert-manager/trust-manager/pull/463
- Bump the all group with 5 updates by @dependabot in https://github.com/cert-manager/trust-manager/pull/438
- build(deps): Bump the all group with 5 updates by @dependabot in https://github.com/cert-manager/trust-manager/pull/461
Automated Makefile Modules Updates
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/400
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/402
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/405
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/410
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/416
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/418
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/422
- [CI] Self-upgrade merging self-upgrade-main into main by @inteon in https://github.com/cert-manager/trust-manager/pull/423
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/427
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/430
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/431
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/437
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/439
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/441
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/444
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/446
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/448
- [CI] Self-upgrade merging self-upgrade-main into main by @inteon in https://github.com/cert-manager/trust-manager/pull/450
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/451
- [CI] Self-upgrade merging self-upgrade-main into main by @inteon in https://github.com/cert-manager/trust-manager/pull/456
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/462
New Contributors
-
@juliocamarero made their first contribution in https://github.com/cert-manager/trust-manager/pull/460
🎉
Full Changelog: https://github.com/cert-manager/trust-manager/compare/v0.12.0...v0.13.0
v0.12.0
trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.
v0.12.0 includes a variety of Helm chart improvements, notably including the ability to install trust-manager without having first installed cert-manager!
Overview
Standalone trust-manager
Previously, trust-manager required that cert-manager was installed for generating the trust-manager webhook certificate. cert-manager's cainjector was used to inject this webhook cert into the Kubernetes webhook resource.
Some users wanted to be able to install trust-manager standalone, and now this is possible thanks to Helm's inbuilt support for generating certificates. We'd like to note that relying on Helm for this functionality isn't likely to be the best way to run in production - we'd strongly suggest that running with cert-manager is the way to go, since that will handle cert rotation and be much easier to administer.
Still, for any user who wants to simply run trust-manager, that's now possible:
helm upgrade trust-manager jetstack/trust-manager \
--install \
--namespace cert-manager \
--wait \
--set app.webhook.tls.helmCert.enabled=trueOther Helm Improvements
There are even more improvements to the Helm chart:
- Support for configuring a dual stack service for the webhook (Thanks @M0NsTeRRR!)
- More configurability of trust-manager's leader-election including duration and deadline (Thanks @jabdoa2!)
What's Changed
New Features
- Add support for generating certificates with helm by @SgtCoDFish in https://github.com/cert-manager/trust-manager/pull/157
- feat(helm): dual-stack cluster service configuration by @M0NsTeRRR in https://github.com/cert-manager/trust-manager/pull/337
- Add flags to configure LeaseDuration and RenewDeadline by @jabdoa2 in https://github.com/cert-manager/trust-manager/pull/385
- Expose leader election leaseDuration and renewDeadline in helm chart by @jabdoa2 in https://github.com/cert-manager/trust-manager/pull/388
Refactors
- refactor: simplify SSA patch calls by @erikgb in https://github.com/cert-manager/trust-manager/pull/393
- refactor: move default truststore passwords to API by @erikgb in https://github.com/cert-manager/trust-manager/pull/394
- refactor: extract truststore encoding to internal package by @erikgb in https://github.com/cert-manager/trust-manager/pull/396
New Contributors
- @M0NsTeRRR made their first contribution in https://github.com/cert-manager/trust-manager/pull/337
Full Changelog: https://github.com/cert-manager/trust-manager/compare/v0.11.1...v0.12.0
v0.11.1
trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.
What's Changed
- Bump sigs.k8s.io/controller-runtime from 0.18.3 to 0.18.4 in the all group by @dependabot in https://github.com/cert-manager/trust-manager/pull/369
- refactor: split bundle sync code into source and target by @erikgb in https://github.com/cert-manager/trust-manager/pull/370
- Bump the all group across 1 directory with 7 updates by @dependabot in https://github.com/cert-manager/trust-manager/pull/374
- refactor: build bundle data from relevant spec by @erikgb in https://github.com/cert-manager/trust-manager/pull/377
- Sort certificates in bundles to ensure deterministic behaviour by @jabdoa2 in https://github.com/cert-manager/trust-manager/pull/380
New Contributors
- @jabdoa2 made their first contribution in https://github.com/cert-manager/trust-manager/pull/380
Full Changelog: https://github.com/cert-manager/trust-manager/compare/v0.11.0...v0.11.1
v0.11.0
trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.
v0.11.0 includes support for JSON logging, as well as some bug fixes and code quality improvements which have been made since the release of trust-manager v0.10.0
Notably, this release re-adds the s390x architecture which was missing in v0.10.0 and v0.10.1 and enables several linters to ensure the codebase remains at a high level of quality.
Feature Overview: JSON Logging
Prolific contributor @erikgb added support for JSON logging in trust-manager in #354
JSON logging can be enabled through the new app.logFormat Helm value which defaults to text but can be set to json.
$ helm upgrade trust-manager jetstack/trust-manager \
--set app.logFormat=json \
--install \
--namespace cert-manager \
--wait
$ kubectl logs -n cert-manager trust-manager-xxxxx
{"time":"2024-06-03T14:05:12.468612847Z","level":"INFO","msg":"successfully loaded default package from filesystem","logger":"trust/bundle","path":"/packages/cert-manager-package-debian.json"}
...Log Level Parsing
v0.11.0 also changes how log levels are parsed when passed in to trust-manager.
Previously, non-numeric log levels would be silently ignored, so if you set a log level of "v5" rather than "5", the setting would not take effect and the log level would default to 1. Now, log levels must be valid integers and trust-manager will fail to start if a log level is invalid.
This change will help to catch configuration errors.
What's Changed
Features
- Add support for JSON logging format by @erikgb in https://github.com/cert-manager/trust-manager/pull/354
- Re-add support for s390x by @SgtCoDFish in https://github.com/cert-manager/trust-manager/pull/366
Bug Fixes
- Fix use of system trust bundle when building package by @SgtCoDFish in https://github.com/cert-manager/trust-manager/pull/355
- Use the go version specified in the Makefile tools module by @inteon in https://github.com/cert-manager/trust-manager/pull/364
Testing / Code Quality
- Replace deprecated klog.New in tests with ktesting.NewTestContext by @erikgb in https://github.com/cert-manager/trust-manager/pull/352
- Deduplicate code for syncing target configmaps and secrets by @erikgb in https://github.com/cert-manager/trust-manager/pull/356
- Fix all linter issues and un-ignore golanci-lint linter exceptions by @inteon in https://github.com/cert-manager/trust-manager/pull/360
Docs
- Add RELEASE.md file to document release process by @ThatsMrTalbot in https://github.com/cert-manager/trust-manager/pull/365
Version Bumps
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/363
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/361
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/357
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/351
- [CI] Merge self-upgrade-main into main by @github-actions in https://github.com/cert-manager/trust-manager/pull/349
- Bump the all group with 5 updates by @dependabot in https://github.com/cert-manager/trust-manager/pull/350
- Bump the all group with 2 updates by @dependabot in https://github.com/cert-manager/trust-manager/pull/359
- Bump the all group with 2 updates by @dependabot in https://github.com/cert-manager/trust-manager/pull/362
Full Changelog: https://github.com/cert-manager/trust-manager/compare/v0.10.0...v0.11.0
v0.10.1
trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.
This patch release fixes a bug in the trust-manager build process causing it to be build with an out-of-date go version (1.22.0), instead of the latest Go version available at the time (1.22.3).
[!WARNING]
trust-manager v0.10.1 does not include images for s390x. This was an oversight arising from the migration to makefile-modules. This will be fixed in trust-manager v0.11.0
Full Changelog: https://github.com/cert-manager/trust-manager/compare/v0.10.0...v0.10.1
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot. Tell Nogweii if it blows up.