Skip to content

v0.12.0

Compare
Choose a tag to compare
@github-actions github-actions released this 19 Jul 12:32
· 164 commits to main since this release
v0.12.0
db4471f

trust-manager is the easiest way to manage security-critical TLS trust bundles in Kubernetes and OpenShift clusters.

v0.12.0 includes a variety of Helm chart improvements, notably including the ability to install trust-manager without having first installed cert-manager!

Overview

Standalone trust-manager

Previously, trust-manager required that cert-manager was installed for generating the trust-manager webhook certificate. cert-manager's cainjector was used to inject this webhook cert into the Kubernetes webhook resource.

Some users wanted to be able to install trust-manager standalone, and now this is possible thanks to Helm's inbuilt support for generating certificates. We'd like to note that relying on Helm for this functionality isn't likely to be the best way to run in production - we'd strongly suggest that running with cert-manager is the way to go, since that will handle cert rotation and be much easier to administer.

Still, for any user who wants to simply run trust-manager, that's now possible:

helm upgrade trust-manager jetstack/trust-manager \
  --install \
  --namespace cert-manager \
  --wait \
  --set app.webhook.tls.helmCert.enabled=true

Other Helm Improvements

There are even more improvements to the Helm chart:

  1. Support for configuring a dual stack service for the webhook (Thanks @M0NsTeRRR!)
  2. More configurability of trust-manager's leader-election including duration and deadline (Thanks @jabdoa2!)

What's Changed

New Features

  • Add support for generating certificates with helm by @SgtCoDFish in #157
  • feat(helm): dual-stack cluster service configuration by @M0NsTeRRR in #337
  • Add flags to configure LeaseDuration and RenewDeadline by @jabdoa2 in #385
  • Expose leader election leaseDuration and renewDeadline in helm chart by @jabdoa2 in #388

Refactors

  • refactor: simplify SSA patch calls by @erikgb in #393
  • refactor: move default truststore passwords to API by @erikgb in #394
  • refactor: extract truststore encoding to internal package by @erikgb in #396

New Contributors

Full Changelog: v0.11.1...v0.12.0