Release v1.1.0

Changes by Kind

Feature

  • Add encodeUsagesInRequest to Certificate spec to disable encoding usages in the CSR (#3304, @raphink)

  • Add option to pass the Certificate duration to ACME (not supported by Let’s Encrypt yet) (#3347, @meyskens)

  • Add support for issuing IP certificates in ACME (#3288, @meyskens)

  • Adds ability to Helm chart to set podLabels for the webhook and cainjector deployments (#3419, @logicbomb421)

  • Helm: Allow custom timeout value for webhook calls (#3323, @renan)

  • Make ACME dns01 propagation check period configurable (#3314, @freym)

  • Make Kubernetes API QPS throttling configurable (#3382, @meyskens)

  • TPP issuer now supports access-token credentials. See https://cert-manager.io/docs/configuration/venafi/#creating-a-venafi-trust-protection-platform-issuer for details. (#3379, @wallrj)

Other (Bug, Cleanup or Flake)

  • Add Venafi Cloud e2e tests (#2966, @meyskens)

  • Do not encode EextendedKeyUsage in the CSR is none is needed (#3262, @meyskens)

  • Fix a panic when changing the max concurrent challenges to a lower value (#3399, @meyskens)

  • Fix bug in AWS route53 zone lookup that caused too many IAM requests (#3354, @supriya-premkumar)

  • Fix conversion webhook when given v1beta1 requests (#3242, @meyskens)

  • Fix logic in patchDuplicateKeyUsage when signing and digital signature were set (#3343, @meyskens)

  • Fix nil pointer error in Cloud DNS when specific config was used. (#3417, @meyskens)

  • Fixes incorrect CSR validation when both \signing\ and \digital signature\ are set (#3279, @meyskens)

  • Improve ACME backoff logic + prevent infinity retry without surfacing errors (#3321, @meyskens)

  • Improved API validation for Venafi Issuer configuration (#3409, @wallrj)

  • Include ACME resources aggregated ClusterRoles (#3330, @sharmaansh21)

  • Put current year into manifest license (#3357, @meyskens)

  • Refactor the cainjector to only have 1 leader election and to avoid duplicate caches (#3275, @wallrj)

  • Remove stability warning from README for v1.0 (#3240, @munnerz)

  • Replace Go’s ACME retry logic with custom logic (#3384, @meyskens)

  • Revert de-duplication of cainjector leader-election to fix scenario where it crashes at startup due to broken webhook. (#3254, @wallrj)

  • Run e2e tests against Venafi TPP (#3328, @meyskens)

  • Set the resync periods of informers to 10 hours instead of 30 seconds (#3403, @meyskens)⏎