BUGFIX: fix issue that caused Vault issuer to not retry signing when an error was encountered. (#7111, @inteon)
Other (Cleanup or Flake)
Update github.com/Azure/azure-sdk-for-go/sdk/azidentity to address CVE-2024-35255 (#7092, @ThatsMrTalbot)
Bump the go-retryablehttp dependency to fix CVE-2024-6104 (#7130, @SgtCoDFish)
v1.15.0
cert-manager is the easiest way to automatically manage certificates in Kubernetes and OpenShift clusters.
cert-manager 1.15 promotes several features to beta, including GatewayAPI support (ExperimentalGatewayAPISupport), the ability to provide a subject in the Certificate that will be used literally in the CertificateSigningRequest (LiteralCertificateSubject) and the outputting of additional certificate formats (AdditionalCertificateOutputFormats).
[!NOTE]
The cmctl binary have been moved to https://github.com/cert-manager/cmctl/releases.
For the startupapicheck Job you should update references to point at quay.io/jetstack/cert-manager-startupapicheck
[!NOTE]
From this release, the Helm chart will no longer uninstall the CRDs when the chart is uninstalled. If you want the CRDs to be removed on uninstall use crds.keep=false when installing the Helm chart.
Equally thanks to everyone who provided feedback, helped users and raised issues on GitHub and Slack and joined our meetings!
Thanks also to the CNCF, which provides resources and support, and to the AWS open source team for being good community members and for their maintenance of the PrivateCA Issuer.
In addition, massive thanks to Venafi for contributing developer time and resources towards the continued maintenance of cert-manager projects.
Changes by Kind
Feature
GatewayAPI support has graduated to Beta. Add the --enable-gateway-api flag to enable the integration. (#6961, @ThatsMrTalbot)
Add support to specify a custom key alias in a JKS Keystore (#6807, @bwaldrep)
Add the ability to communicate with Vault via mTLS when strict client certificates is enabled at Vault server side (#6614, @rodrigorfk)
Added option to provide additional audiences in the service account auth section for vault (#6718, @andrey-dubnik)
... (truncated)
Commits
5b04ec6 Merge pull request #7130 from SgtCoDFish/release-1.15-bump-http-lib
7936ff0 [release-1.15] Bump go-retryablehttp to address CVE-2024-6104
3da4f98 Merge pull request #7111 from inteon/release-1.15_vault_bugfix
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency
- `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Bumps the all group with 9 updates in the / directory:
1.16.1
1.17.2
1.14.5
1.15.1
2.18.0
2.19.0
1.8.0
1.8.1
1.18.2
1.19.0
0.30.1
0.30.2
0.30.1
0.30.2
2.120.1
2.130.1
0.18.2
0.18.4
Updates
cloud.google.com/go/security
from 1.16.1 to 1.17.2Release notes
Sourced from cloud.google.com/go/security's releases.
Commits
ae8c7b7
chore: release main (#9384)f049c97
fix(aiplatform): remove fieldmax_wait_duration
from message Scheduling (#9...f7170e2
chore: update CI to turn gowork setting off for build/test (#9396)530d273
chore(main): release vertexai 0.7.1 (#9395)8bd57a1
fix(vertexai): fix dependency on aiplatform (#9394)b29f331
chore(main): release vertexai 0.7.0 (#9393)f5d56eb
feat(vertexai): add WithREST option to vertexai client (#9389)1879551
chore(vertexai): use unary RPC for GenerateContent (#9391)e8bd85b
docs(storage): indicate that gRPC is incompatible with universe domains (#9386)909fbdf
fix: add mutex to internal trace otel test variable (#9390)Updates
github.com/cert-manager/cert-manager
from 1.14.5 to 1.15.1Release notes
Sourced from github.com/cert-manager/cert-manager's releases.
... (truncated)
Commits
5b04ec6
Merge pull request #7130 from SgtCoDFish/release-1.15-bump-http-lib7936ff0
[release-1.15] Bump go-retryablehttp to address CVE-2024-61043da4f98
Merge pull request #7111 from inteon/release-1.15_vault_bugfixdb2a8f5
add testcasec680694
only retry when encountering a Vault non-InvalidData errorc91273a
BUGFIX: retry signing when encountering transient errord95c635
Merge pull request #7092 from ThatsMrTalbot/chore/update-azidentity-1.6.048bf30a
chore: updating github.com/Azure/azure-sdk-for-go/sdk/azidentity to address C...9b53314
Merge pull request #7091 from cert-manager-bot/cherry-pick-7090-to-release-1.157ec86d2
feat: normalize azure errorsUpdates
github.com/onsi/ginkgo/v2
from 2.18.0 to 2.19.0Release notes
Sourced from github.com/onsi/ginkgo/v2's releases.
Changelog
Sourced from github.com/onsi/ginkgo/v2's changelog.
Commits
28fb5d6
v2.19.0e31f03a
fix another typo966a28c
Fix typos in label sets docscd231fd
Label sets allow for more expressive label filteringUpdates
github.com/spf13/cobra
from 1.8.0 to 1.8.1Release notes
Sourced from github.com/spf13/cobra's releases.
... (truncated)
Commits
e94f6d0
Address golangci-lint deprecation warnings, enable some more linters (#2152)8003b74
Remove fully inactivated linters (#2148)5c2c1d6
Consistent annotation names (#2140)5a1acea
build(deps): bump github.com/cpuguy83/go-md2man/v2 from 2.0.3 to 2.0.4 (#2127)0fc86c2
docs: update user guide (#2128)6b5f577
More linting (#2099)bd914e5
fix: remove deprecated io/ioutils package (#2120)1f80fa2
chore: remove repetitive words (#2122)c69ae4c
ci: test golang 1.22 (#2113)a30cee5
build(deps): bump actions/cache from 3 to 4 (#2102)Updates
github.com/spf13/viper
from 1.18.2 to 1.19.0Release notes
Sourced from github.com/spf13/viper's releases.
... (truncated)
Commits
b9733f0
build(deps): bump actions/checkout from 4.1.4 to 4.1.66ecc5c8
build(deps): bump cachix/install-nix-action from 26 to 27248c6fd
build(deps): bump github/codeql-action from 3.25.4 to 3.25.7abea773
Update references to bketelsen/cryptf17acb4
build(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.18e285a5
build(deps): bump github/codeql-action from 3.25.2 to 3.25.44017620
build(deps): bump actions/setup-go from 5.0.0 to 5.0.1b67e814
build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.1 to 2.2.24a182c7
build(deps): bump actions/dependency-review-action from 4.2.5 to 4.3.245a0e12
build(deps): bump mheap/github-action-required-labelsUpdates
google.golang.org/api
from 0.177.0 to 0.187.0Release notes
Sourced from google.golang.org/api's releases.
... (truncated)
Changelog
Sourced from google.golang.org/api's changelog.
... (truncated)
Commits
b6c87f6
chore(main): release 0.187.0 (#2656)e051997
fix: pass through gRPC api key option to new auth lib (#2664)2ea4e07
chore(all): update all to dc46fd2 (#2662)6e061ce
feat(all): auto-regenerate discovery clients (#2663)0a238f5
feat(all): auto-regenerate discovery clients (#2661)3ca2f84
feat(all): auto-regenerate discovery clients (#2660)7cd88da
feat(all): auto-regenerate discovery clients (#2659)a758bc1
fix(gensupport): wrap chunk upload err for retries (#2657)719f988
feat(all): auto-regenerate discovery clients (#2658)1a28e06
feat(all): auto-regenerate discovery clients (#2655)Updates
google.golang.org/genproto
from 0.0.0-20240401170217-c3f982113cda to 0.0.0-20240624140628-dc46fd24d27dCommits
Updates
google.golang.org/protobuf
from 1.34.0 to 1.34.2Updates
k8s.io/api
from 0.30.1 to 0.30.2Commits
118f81c
Update dependencies to v0.30.2 tagUpdates
k8s.io/apimachinery
from 0.30.1 to 0.30.2Commits
Updates
k8s.io/cli-runtime
from 0.30.1 to 0.30.2Commits
a93d336
Update dependencies to v0.30.2 tagUpdates
k8s.io/client-go
from 0.30.1 to 0.30.2Commits
592d891
Update dependencies to v0.30.2 tagUpdates
k8s.io/klog/v2
from 2.120.1 to 2.130.1Release notes
Sourced from k8s.io/klog/v2's releases.
Commits
75663bb
Merge pull request #408 from pohly/klog-flush-sync-fix2327d4c
data race: avoid unprotected access to sb.file16c7d26
Merge pull request #401 from pohly/ktesting-warning-delaycd24012
ktesting: tone down warning about leaked test goroutine2ee202a
Merge pull request #404 from 1978629634/fsync-freelock79575d8
Do not acquire lock for file.Sync() fsync call7af45d6
Merge pull request #406 from pohly/linterd008cfe
examples: fix linter warningab53041
Merge pull request #402 from pohly/linter-issuesff7c070
build: fix some linter warningsUpdates
sigs.k8s.io/controller-runtime
from 0.18.2 to 0.18.4Release notes
Sourced from sigs.k8s.io/controller-runtime's releases.
Commits
12cc8d5
Merge pull request #2848 from k8s-infra-cherrypick-robot/cherry-pick-2847-to-...c0c229e
controllerutil: allow configuring BlockOwnerDeletion when setting OwnerRefere...be2f383
Merge pull request #2840 from sbueringer/pr-bump-k8s4720d17
Bump k8s.io/* to v0.30.1aa9ed14
Merge pull request #2837 from sbueringer/pr-setup-envtest-ct-rel-0.1835d7bbd
default --use-deprecated-gcs to truece4e4f5
some more deprecations56dcc14
setup-envtest: allow downloading envtest binaries from controller-toolsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show