-
Notifications
You must be signed in to change notification settings - Fork 395
[CANCELLED][release-next] Merge master into release-next #1996
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
4fcfad1
d481d62
cc5edae
26521cb
c32f9cf
077192c
b14023f
cb65c79
b30933a
4f4027c
9731efa
2e29f61
315b301
8336efc
e4d264f
6a9fa66
b3f207c
3bf9e7c
9e79d81
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -304,3 +304,45 @@ metadata: | |
| ] | ||
| ... | ||
| ``` | ||
|
|
||
| ### Issuer Custom Fields | ||
|
|
||
| Starting `v1.20`, you can use `venafi.cert-manager.io/custom-fields` annotation on an `Issuer` or `ClusterIssuer` resource. | ||
| This configuration would be applied to all Certificate requests created from `Issuer`. | ||
|
|
||
| It is possible to override or append custom configuration to `Certificate` resources via the `Issuer` assigned to it. | ||
| For example with an `Issuer` such as: | ||
|
|
||
| ```yaml | ||
| apiVersion: cert-manager.io/v1 | ||
| kind: Issuer | ||
| metadata: | ||
| name: corp-issuer | ||
| annotations: | ||
| venafi.cert-manager.io/custom-fields: |- | ||
| [ | ||
| {"name": "Environemnt", "value": "Dev"}, | ||
|
||
| ] | ||
|
Comment on lines
+322
to
+325
|
||
| ``` | ||
|
|
||
| and a `Certificate` resource: | ||
|
|
||
| ```yaml | ||
| apiVersion: cert-manager.io/v1 | ||
| kind: Certificate | ||
| metadata: | ||
| name: example-com-certificate | ||
| annotations: | ||
| venafi.cert-manager.io/custom-fields: |- | ||
| [ | ||
| {"name": "Team", "value": "amber"}, | ||
| ] | ||
|
Comment on lines
+336
to
+339
|
||
| ... | ||
| ``` | ||
|
|
||
| Final configuration will be: | ||
|
|
||
|
||
| ```json | ||
| {"name": "Environemnt", "value": "Dev"}, | ||
|
||
| {"name": "Team", "value": "amber"} | ||
| ``` | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,80 @@ | ||
| --- | ||
| title: Release 1.20 | ||
| description: 'cert-manager release notes: cert-manager 1.20' | ||
| --- | ||
|
|
||
| cert-manager is the easiest way to automatically manage certificates in | ||
| Kubernetes and OpenShift clusters. | ||
|
|
||
| TODO | ||
|
||
|
|
||
| Be sure to review all new features and changes below, and read the full release notes carefully before upgrading. | ||
|
|
||
| ## Major Themes | ||
|
|
||
| ### Network Policy | ||
|
|
||
| The cert-manager Helm chart now allows you to create `NetworkPolicy` resources | ||
| for all the cert-manager Deployments. | ||
| This makes it easier to follow [best practices when deploying cert-manager in production](../../installation/best-practice.md#network-requirements-and-network-policy). | ||
|
|
||
| ### TODO ADD REMAINING THEMES | ||
|
|
||
| TODO | ||
|
Comment on lines
+21
to
+23
|
||
|
|
||
| ## Community | ||
|
|
||
| As always, we'd like to thank all of the community members who helped in this release cycle, including all below who merged a PR and anyone that helped by commenting on issues, testing, or getting involved in cert-manager meetings. We're lucky to have you involved. | ||
|
|
||
| A special thanks to: | ||
|
|
||
| {/* BEGIN contributors */} | ||
| - [`@LiquidPL`](https://github.com/LiquidPL) | ||
| - [`@Peac36`](https://github.com/Peac36) | ||
| - [`@mathieu-clnk`](https://github.com/mathieu-clnk) | ||
| - [`@mikeluttikhuis`](https://github.com/mikeluttikhuis) | ||
| - [`@wallrj-cyberark`](https://github.com/wallrj-cyberark) | ||
| {/* END contributors */} | ||
|
|
||
| ...for their contributions, comments and support! | ||
|
|
||
| Also, thanks to the cert-manager maintainer team for their help in this release: | ||
|
|
||
| {/* BEGIN maintainers */} | ||
| - [`@SgtCoDFish`](https://github.com/SgtCoDFish) | ||
| - [`@ThatsMrTalbot`](https://github.com/ThatsMrTalbot) | ||
| - [`@erikgb`](https://github.com/erikgb) | ||
| - [`@inteon`](https://github.com/inteon) | ||
| - [`@maelvls`](https://github.com/maelvls) | ||
| - [`@munnerz`](https://github.com/munnerz) | ||
| - [`@wallrj`](https://github.com/wallrj) | ||
| {/* END maintainers */} | ||
|
|
||
| And finally, thanks to the cert-manager steering committee for their feedback in this release cycle: | ||
|
|
||
| {/* BEGIN steerers */} | ||
| - [`@FlorianLiebhart`](https://github.com/FlorianLiebhart) | ||
| - [`@TrilokGeer`](https://github.com/TrilokGeer) | ||
| - [`@ianarsenault`](https://github.com/ianarsenault) | ||
| - [`@ssyno`](https://github.com/ssyno) | ||
| {/* END steerers */} | ||
|
|
||
| {/* BEGIN changelog v1.20.0-alpha.0 */} | ||
| ## `v1.20.0-alpha.0` | ||
|
|
||
| Changes since `v1.19.0`: | ||
|
|
||
| ### Feature | ||
|
|
||
| - Add built-in "Ready" status metrics for ClusterIssuer and Issuer resources. ([`#8188`](https://github.com/cert-manager/cert-manager/pull/8188), [`@mikeluttikhuis`](https://github.com/mikeluttikhuis)) | ||
| - Add support for specifying `imagePullSecrets` in the `startupapicheck-job` Helm template to enable pulling images from private registries. ([`#8186`](https://github.com/cert-manager/cert-manager/pull/8186), [`@mathieu-clnk`](https://github.com/mathieu-clnk)) | ||
|
|
||
| ### Bug or Regression | ||
|
|
||
| - Adds logs for cases when acme server returns us a fatal error in the order controller ([`#8199`](https://github.com/cert-manager/cert-manager/pull/8199), [`@Peac36`](https://github.com/Peac36)) | ||
| - BUGFIX: in case kind or group in the `issuerRef` of a Certificate was omitted, upgrading to `1.19.x` incorrectly caused the certificate to be renewed ([`#8160`](https://github.com/cert-manager/cert-manager/pull/8160), [`@inteon`](https://github.com/inteon)) | ||
| - Fix unregulated retries with the DigitalOcean DNS-01 solver ([`#8221`](https://github.com/cert-manager/cert-manager/pull/8221), [`@wallrj-cyberark`](https://github.com/wallrj-cyberark)) | ||
| - Add full detailed DNS-01 errors to the events attached to the Challenge, for easier debugging ([`#8221`](https://github.com/cert-manager/cert-manager/pull/8221), [`@wallrj-cyberark`](https://github.com/wallrj-cyberark)) | ||
| - Revert API defaults for issuer reference kind and group introduced in `1.19.0` ([`#8173`](https://github.com/cert-manager/cert-manager/pull/8173), [`@erikgb`](https://github.com/erikgb)) | ||
| - When Prometheus monitoring is enabled, the metrics label is now set to the intended value of `cert-manager`. Previously, it was set depending on various factors (namespace cert-manager is installed in and/or Helm release name). ([`#8162`](https://github.com/cert-manager/cert-manager/pull/8162), [`@LiquidPL`](https://github.com/LiquidPL)) | ||
| {/* END changelog v1.20.0-alpha.0 */} | ||
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,10 @@ | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| --- | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| title: Upgrading from v1.19 to v1.20 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| description: 'cert-manager installation: Upgrading v1.19 to v1.20' | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| --- | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| TODO | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Comment on lines
+6
to
+7
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| TODO | |
| This page describes what to check when upgrading an existing cert-manager installation | |
| from v1.19 to v1.20. | |
| > Note: The information below is intentionally high-level. Always review the | |
| > detailed v1.20 release notes and changelog for the exact list of changes | |
| > that apply to your environment. | |
| ## Breaking changes | |
| At the time of writing, there are no generally applicable breaking changes | |
| that require mandatory manual intervention for a standard upgrade from | |
| v1.19 to v1.20. | |
| However, you **must** verify the following before upgrading: | |
| - Review the v1.20 release notes for any API removals or behavioral changes | |
| that affect the issuers, certificate types, or integrations you use. | |
| - Check for any flags, configuration fields, or Kubernetes API versions | |
| that are marked as removed or no longer supported in v1.20. | |
| If any removed or changed features are in use in your cluster, plan the | |
| corresponding configuration updates before upgrading. | |
| ## Required actions | |
| Before upgrading: | |
| - Ensure your cluster meets the minimum supported Kubernetes version for | |
| cert-manager v1.20 as documented in the release notes. | |
| - Take a backup of: | |
| - cert-manager custom resources (`Issuers`, `ClusterIssuers`, `Certificates`, | |
| and related resources), | |
| - the `cert-manager` namespace (or the namespace where cert-manager is | |
| installed), | |
| - and any custom configuration (Helm values, manifests, or operator config). | |
| - If you are using Helm or another package manager, update your repository | |
| indices so that the v1.20 charts are available. | |
| - Test the upgrade in a non-production or staging environment that closely | |
| matches your production configuration. | |
| During and after the upgrade: | |
| - Monitor the cert-manager controller, webhook, and cainjector pods for | |
| readiness and error logs. | |
| - Verify that new Certificates can be issued and that existing Certificates | |
| continue to renew as expected. | |
| ## Known issues | |
| - Known issues and any late-breaking changes for v1.20 are tracked in the | |
| v1.20 release notes and the project issue tracker. | |
| - Before upgrading production clusters, review the release notes and open | |
| issues for items that match your environment (specific issuers, DNS | |
| providers, ingress controllers, or custom integrations). | |
| If you encounter unexpected behavior after upgrading, consult the troubleshooting | |
| documentation and the project issue tracker, and consider rolling back to | |
| v1.19 while you investigate. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
v1.20.0is duplicated in the spelling allowlist. Remove the duplicate entry to keep the list clean (and, if the file expects sorting, keep the remaining entry in the correct order).