v0.14.1

[gardener/cert-management]

🏃 Others

• [OPERATOR] Fix cluster configuration for new source controllers istio-gateways-dns and k8s-gateways-dns. by @MartinWeindel [#175]

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.14.1

v0.14.0

[gardener/cert-management]

✨ New Features

• [USER] The Istio resource Gateway can now be annotated with cert.gardener.cloud/purpose=managed to enable the automatic creation of Certificate resources for domain names extracted from hosts fields in this resource or related VirtualServices resources.
  The Gateway and HTTPRoute resources from the Gateway API are supported in a similar way. by @MartinWeindel [#174]

🏃 Others

• [OPERATOR] Support deployment specific default values for private key algorithm and size with the new command line options --default-private-key-algorithm, --default-rsa-private-key-size, --default-ecdsa-private-key-size by @MartinWeindel [#171]

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.14.0

v0.13.0

[gardener/cert-management]

✨ New Features

• [USER] The algorithm and size for the private key can now be specified in the certificate spec section to override the default algorithm RSA with key size 2048.
  Supported algorithms are RSA and ECDSA. For RSA the allowed key sizes are 2048, 3072, and 4096 with 2048 as default is not specified explicitly. For ECDSA the allowed key sizes are 256 and 384 with 256 as default.
  These algorithms and key sizes are supported by Let's Encrypt. For other ACME servers please check their documentation for information about supported combinations. by @MartinWeindel [#168]

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.13.0

v0.12.1

[gardener/cert-management]

🐛 Bug Fixes

• [USER] Updating certificates from source objects (like Ingress or Service) with first domain name longer than 64 character failed, as the commonName field was filled. It must be left empty in this case. by @MartinWeindel [#164]

🏃 Others

• [OPERATOR] Bump golang from 1.22.0 to 1.22.1 by @MartinWeindel [#165]

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.12.1

v0.12.0

[gardener/cert-management]

✨ New Features

• [USER] Allow certificates without common name. As the common name is restricted to 64 characters, this means it is now possible to create certificates for domains longer than 64 characters without needing to set the common name to a shorter domain name. by @MartinWeindel [#150]

🏃 Others

• [OPERATOR] Bumps golang from 1.21.6 to 1.22.0. by @dependabot[bot] [#161]
• [OPERATOR] Bumps golang from 1.21.5 to 1.21.6. by @dependabot[bot] [#159]
• [OPERATOR] Bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot[bot] [#158]

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.12.0

v0.11.4

[gardener/cert-management]

⚠️ Breaking Changes

• [OPERATOR] Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
  by @ccwienk [#156]

🏃 Others

• [OPERATOR] Update expirationDate if secret is shared between certs by @MartinWeindel [#152]
• [OPERATOR] Updated dependencies controller-manager-library and kubernetes from v1.28.2 to v1.28.3 by @MartinWeindel [#149]
• [OPERATOR] Bumps golang from 1.21.3 to 1.21.4. by @dependabot[bot] [#148]
• [OPERATOR] Bumps golang from 1.21.4 to 1.21.5. by @dependabot[bot] [#154]
• [USER] Improve message if DNS entry is not getting ready. by @MartinWeindel [#151]
• [DEVELOPER] Remove vendoring by @MartinWeindel [#157]

Docker Images

• cert-management: europe-docker.pkg.dev/gardener-project/releases/cert-controller-manager:v0.11.4

v0.11.3

[gardener/cert-management]

🏃 Others

• [USER] Support PKCS8 private keys for CA issuers by @MartinWeindel [#146]
• [OPERATOR] Bumps golang from 1.21.2 to 1.21.3. by @dependabot[bot] [#143]
• [OPERATOR] Remove issuer short name for issuer CustomResourceDefinition as it is the same as the singular. by @MartinWeindel [#147]

Docker Images

cert-management: eu.gcr.io/gardener-project/cert-controller-manager:v0.11.3

v0.11.2

[gardener/cert-management]

🏃 Others

• [OPERATOR] Update k8s dependencies by updating controller-manager-library by @MartinWeindel [#142]
• [OPERATOR] Bumps golang from 1.21.1 to 1.21.2. by @MartinWeindel [#142]

v0.11.1

[gardener/cert-management]

🏃 Others

• [OPERATOR] Disable followCNAME by default again as it was activated implicitly by github.com/go-acme/lego version upgrade by @MartinWeindel [#140]
• [OPERATOR] Fix edge case of inconsistent certificate/secret: request certificate in this case. by @MartinWeindel [#138]

v0.11.0

[gardener/cert-management]

✨ New Features

• [USER] Support for preferred chains to select a certificate chain returned for a certificate request from the ACME server by @MartinWeindel [#137]