# Release v1.5.0
# Release notes for release-1.5

cert-manager 1.5 is the first release to support Kubernetes 1.22.

Note: in cert-manager 1.7, the API versions `v1alpha2`, `v1alpha3` and `v1beta1` will be removed in cert-manager 1.7. Keep in mind that you will have to change all your YAML manifests that use a deprecated API version to use `cert-manager.io/v1` instead, and re-apply them before cert-manager 1.7.

# Changelog since 1.4

## Changes by Kind

### Feature

- Add a name to Prometheus scraping service port ([#4072](https://github.com/jetstack/cert-manager/pull/4072), [@francescsanjuanmrf](https://github.com/francescsanjuanmrf))
- Add support for adding custom annotations and labels to the Secret containing the TLS key pair. ([#3828](https://github.com/jetstack/cert-manager/pull/3828), [@jonathansp](https://github.com/jonathansp))
- Add the deployed cert-manager version to 'kubectl cert-manager version' command ([#4226](https://github.com/jetstack/cert-manager/pull/4226), [@inteon](https://github.com/inteon))
- Added a new optional controller: gateway-shim. cert-manager now supports automatic
 creation of ACME certificates for the sig-network Gateway API Gateway, when annotated
 similarly to existing support for Ingresses. ([#4158](https://github.com/jetstack/cert-manager/pull/4158), [@maelvls](https://github.com/maelvls))
- Added a startup api check Job that waits for the cert-manager api to become ready ([#4234](https://github.com/jetstack/cert-manager/pull/4234), [@inteon](https://github.com/inteon))
- Added the kubectl 'cert-manager check api' command ([#4205](https://github.com/jetstack/cert-manager/pull/4205), [@inteon](https://github.com/inteon))
- Adds CLI command: `ctl experimental create certificatesigningrequest` for creating a Kuberenetes CertificateSigningRequest based upon a cert-manager Certificate manifest file ([#4106](https://github.com/jetstack/cert-manager/pull/4106), [@JoshVanL](https://github.com/JoshVanL))
- Adds clock_time_seconds metric for calculating expiration time in monitoring systems without a built in function. ([#4105](https://github.com/jetstack/cert-manager/pull/4105), [@kit837](https://github.com/kit837))
- Adds support for Ed25519 private keys and signatures for Certificates ([#4079](https://github.com/jetstack/cert-manager/pull/4079), [@annerajb](https://github.com/annerajb))
- cert-manager is now able to sign CertificateSigningRequests using the ACME issuer. Note that
 the CertificateSigningRequests support is experimental and requires the use of a flag on the
 controller: `--feature-gates=ExperimentalCertificateSigningRequestControllers=true` ([#4112](https://github.com/jetstack/cert-manager/pull/4112), [@JoshVanL](https://github.com/JoshVanL))
- cert-manager is now able to sign CertificateSigningRequests using the SelfSigned issuer. Note that
 the CertificateSigningRequests support is experimental and requires the use of a flag on the
 controller: `--feature-gates=ExperimentalCertificateSigningRequestControllers=true` ([#4100](https://github.com/jetstack/cert-manager/pull/4100), [@JoshVanL](https://github.com/JoshVanL))
- cert-manager is now able to sign CertificateSigningRequests using the Vault issuer. Note that
 the CertificateSigningRequests support is experimental and requires the use of a flag on the
 controller: `--feature-gates=ExperimentalCertificateSigningRequestControllers=true` ([#4103](https://github.com/jetstack/cert-manager/pull/4103), [@JoshVanL](https://github.com/JoshVanL))
- cert-manager is now able to sign CertificateSigningRequests using the Venafi issuer. Note that
 the CertificateSigningRequests support is experimental and requires the use of a flag on the
 controller: `--feature-gates=ExperimentalCertificateSigningRequestControllers=true` ([#4108](https://github.com/jetstack/cert-manager/pull/4108), [@JoshVanL](https://github.com/JoshVanL))
- cert-manager now supports the sig-network Gateway API to solve HTTP01 challenges. ([#4276](https://github.com/jetstack/cert-manager/pull/4276), [@jakexks](https://github.com/jakexks))
- cert-manager now uses the networking.k8s.io/v1 Ingress type if available. ([#4225](https://github.com/jetstack/cert-manager/pull/4225), [@jakexks](https://github.com/jakexks))
- Fire event when a CertificateSigningRequest has not yet been approved, so will skip processing until it is. ([#4229](https://github.com/jetstack/cert-manager/pull/4229), [@JoshVanL](https://github.com/JoshVanL))
- Reduce binary sizes by adding \-s -w\ as ldflags ([#4169](https://github.com/jetstack/cert-manager/pull/4169), [@inteon](https://github.com/inteon))
- `kubectl cert-manager x install` command is added ([#4138](https://github.com/jetstack/cert-manager/pull/4138), [@inteon](https://github.com/inteon))

### Bug or Regression

- Adds an explicit 10 second timeout when checking HTTP01 challenges for reachability ([#4318](https://github.com/jetstack/cert-manager/pull/4318), [@SgtCoDFish](https://github.com/SgtCoDFish))
- Cloudflare: Refactored DNS01 challenge to use API for finding the nearest Zone (fixing potential DNS-Issues) ([#4147](https://github.com/jetstack/cert-manager/pull/4147), [@thiscantbeserious](https://github.com/thiscantbeserious))
- Fix a bug where failed Certificate Requests were not retried ([#4130](https://github.com/jetstack/cert-manager/pull/4130), [@irbekrm](https://github.com/irbekrm))
- Fix check for self-signed certificates in EncodeX509Chain which broke certs whose subject DN matched their issuer's subject DN ([#4237](https://github.com/jetstack/cert-manager/pull/4237), [@SgtCoDFish](https://github.com/SgtCoDFish))
- Fix handling of chains which don't have a root in ParseSingleCertificateChain, and improve handling in situations where that function is passed a single certificate. ([#4261](https://github.com/jetstack/cert-manager/pull/4261), [@SgtCoDFish](https://github.com/SgtCoDFish))
- Fixed a bug in the \gateway shim\ controller that was causing the cert-manager controller to crash
 with a nil pointer exception when using the annotation \cert-manager.io/issuer\ on a Gateway that
 had an empty `tls` block or with `certificateRef` left empty. ([#4293](https://github.com/jetstack/cert-manager/pull/4293), [@maelvls](https://github.com/maelvls))
- Fixed a goroutine leak that was causing the controller's memory usage to grow with time ([#4233](https://github.com/jetstack/cert-manager/pull/4233), [@maelvls](https://github.com/maelvls))
- Fixed a race condition introduced in v0.15.0 that would crash cert-manager for clusters
 with a large number of certificates. ([#4231](https://github.com/jetstack/cert-manager/pull/4231), [@maelvls](https://github.com/maelvls))
- Set correct exit codes on ctrl+c event & process defer calls on error ([#4230](https://github.com/jetstack/cert-manager/pull/4230), [@inteon](https://github.com/inteon))
- Set correct labels on resources in static manifest yaml files ([#4190](https://github.com/jetstack/cert-manager/pull/4190), [@inteon](https://github.com/inteon))

### Other (Cleanup or Flake)

- Adds conformance E2E suite for CertificateSigningRequests ([#4101](https://github.com/jetstack/cert-manager/pull/4101), [@JoshVanL](https://github.com/JoshVanL))
- Allows to configure labels on cert-manager webhook service via a Helm value. ([#4260](https://github.com/jetstack/cert-manager/pull/4260), [@mozz-lx](https://github.com/mozz-lx))
- Allows to configure which annotations get copied from Certificate to CertificateRequest. Annotations with keys prefixed with `kubectl.kubernetes.io/`, `fluxcd.io`, `argocd.argoproj.io` are now excluded by default. ([#4251](https://github.com/jetstack/cert-manager/pull/4251), [@irbekrm](https://github.com/irbekrm))
- Minor cleanup of make targets, to prepare for more use of make in cert-manager ([#4109](https://github.com/jetstack/cert-manager/pull/4109), [@SgtCoDFish](https://github.com/SgtCoDFish))
- Pre-v1 cert-manager resource requests now must be converted to v1 in order to be validated/mutated by admission webhooks. (Default cert-manager validating and mutating webhook configurations ensure the resource requests are being converted) ([#4172](https://github.com/jetstack/cert-manager/pull/4172), [@irbekrm](https://github.com/irbekrm))
- Reduce binary sizes by adding \-w\ as ldflag ([#4181](https://github.com/jetstack/cert-manager/pull/4181), [@inteon](https://github.com/inteon))
- Regression: CertificateSigningRequests will no longer have a `experimental.cert-manager.io/ca` annotation set. ([#4143](https://github.com/jetstack/cert-manager/pull/4143), [@JoshVanL](https://github.com/JoshVanL))
- Remove v1beta1 as an accepted AdmissionReviewVersion. cert-manager now only supports v1, available since Kubernetes v1.16 ([#4254](https://github.com/jetstack/cert-manager/pull/4254), [@JoshVanL](https://github.com/JoshVanL))
- Remove v1beta1 as an accepted ConversionReviewVersion. cert-manager now only supports v1, available since Kubernetes v1.16 ([#4253](https://github.com/jetstack/cert-manager/pull/4253), [@JoshVanL](https://github.com/JoshVanL))
- The controllers now exit more cleanly (eg. the Leader Election Lease is freed properly on shutdown) ([#4243](https://github.com/jetstack/cert-manager/pull/4243), [@inteon](https://github.com/inteon))