Skip to content

v0.3.0-alpha.2

Pre-release
Pre-release
Compare
Choose a tag to compare
@munnerz munnerz released this 26 Apr 12:51
· 74 commits to release-0.3 since this release
v0.3.0-alpha.2
098aa93
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This is an alpha release of cert-manager. It is subject to change in breaking ways
and should only be used for testing the latest features of cert-manager in order to
provide feedback ahead of a non-alpha release.

Documentation

This release follows on from the alpha.1 release earlier this month.

Notably, ingress-shim is now no longer a standalone binary, and is instead linked into the main cert-manager-controller container. This should see a reduction in memory consumption, as well as simplified deployment and operations when inspecting cert-manager itself.

We have also changed the default behaviour of ingress-shim (or now, cert-manager), to set the ingressClass field instead of ingress on Certificate resources it creates. This should enable better compatibility with ingress controllers like nginx. For more information on the reasons for this change, see #235.

In order to continue to support users using ingress controllers that bind a single IP address to a single Ingress resource (such as the gce ingress controller), we have added the new certmanager.k8s.io/acme-http01-edit-in-place annotation that can be added to your Ingress resource. When set, cert-manager will set the ingress field on the Certificate resource it generates (similar to the behaviour in previous releases).

Changelog since v0.3.0-alpha.1

Action Required

  • ACTION REQUIRED: Remove ingress-shim and link it into cert-manager itself. You must change your 'helm install' command to use the new --ingressShim.defaultIssuerName, --ingressShim.defaultIssuerKind options when upgrading as --ingressShim.extraArgs has been removed. (#502, @munnerz)

  • ACTION REQUIRED: Add certmanager.k8s.io/acme-http01-edit-in-place annotation and change ingress-shim to set 'ingressClass' on ACME Certificate resources by default. This is a potentially breaking change for users of ingress controllers that map a single IP address to a single Ingress resource, such as the GCE ingress controller. These users will need to add the following annotation to their ingress: certmanager.k8s.io/acme-http01-edit-in-place: "true". (#493, @munnerz)

Bugfixes:

  • Fix a bug causing certificates for domain.com as well as *.domain.com to fail validation (#514, @munnerz)
  • Fixed bug requiring users to specify the apex domain (e.g. example.com) when attempting to obtain a wildcard certificate from an ACME server (#512, @munnerz)
Assets 2