File cert-manager.changes of Package cert-manager

-------------------------------------------------------------------
Tue Oct 28 09:19:47 UTC 2025 - Berthold Gunreben <azouhr@opensuse.org>

- Update service file to generate the different needed vendor archives
- Update to version 1.19.1+git.0.a22e21ea3 from version 0.15.1
Core Feature and API Improvements

- Upgraded API resources to v1 versions, bringing stability and better
  integration with Kubernetes best practices.
- Issuer and ClusterIssuer resources now provide resource requests/limits
  configuration for ACME HTTP-01 solver pods, improving operational
  flexibility.
- CAInjectorMerging, which merges CA certificates instead of replacing them, is
  now stable and enabled by default.
- Stricter ACME solver validation to reject multiple ingress selector
  configurations, reducing configuration errors.
- Increased authorization timeout for ACME challenges from one to two minutes
  to improve reliability in certificate issuance.
- Added structured logging for better observability and debug capabilities.
- Promoted multiple feature gates (e.g., NameConstraints,
  UseDomainQualifiedFinalizer) to stable, enabling advanced certificate
  management by default.
- Improved error messages for malformed or missing PEM data in certificates,
  CRLs, or private keys.

Platform Compatibility and Security

- Support for expanded platforms and Kubernetes versions (now Kubernetes v1.20+
  is the minimum requirement).
- Upgraded support for Helm charts and installation instructions to align with
  modern Kubernetes.
- Bumped Go language version to 1.25.3, addressing multiple critical CVEs for
  improved runtime security.
- Increased maximum size of PEM certificates and chains that cert-manager can
  parse, handling certificates with large DNS name lists.

ACME and DNS Improvements

- Added ACMEHTTP01IngressPathTypeExact feature gate for controlling
  ingress-nginx Ingress PathType behavior.
- New protocol field for RFC2136 DNS01 provider, broadening DNS integration
  options.
- Deprecated older feature gates, such as ValidateCAA, cleaning up legacy code.
- Removed high-cardinality Prometheus metric labels in favor of bounded
  cardinality labels, making monitoring more efficient.
- Enhanced error handling for ACME server responses, giving more actionable
  feedback in Kubernetes events and logs.

Usability, Observability, Reliability

- Numerous reliability fixes for certificate management and Certificate Signing
  Requests (CSRs).
- Corrected URI domain handling in CSR name constraints.
- Improved admission layer error reporting to catch and clarify PEM formatting
  issues.
- Reverted CRD-based API defaults for IssuerRef after bugs were discovered (to
  be re-introduced in future releases).
- Fixed regression causing certificates to renew unnecessarily after upgrades
  if issuerRef fields were omitted.
- Additional bug fixes in DNS names handling for X.509 Subject Alternative
  Names (SANs) with trailing dots.

Operational Changes and Compliance

- Refined resource management for solver pods and more granular configuration
  options for operators.
- Improved compatibility with ingress controllers and external DNS systems.
- Better support for specifying passwords for PKCS#12 and JKS keystores,
  enhancing security and compliance.
- Improved integration for VirtualServer resources with NGINX Ingress
  Controller, making automatic certificate management possible.

Performance and Maintenance

- Dependency updates and codebase refinements for performance and reliability.
- Cleanup of unused or deprecated flags and API fields to reduce user
  confusion.
- Transition to structured logging across more cert-manager components,
  aligning with modern cloud-native best practices.

-------------------------------------------------------------------
Wed Oct 14 09:59:41 UTC 2020 - Jan Engelhardt <jengelh@inai.de>

- Use noun phrase in summary. Wrap description at 80 cols.
- Avoid double %setup call.

-------------------------------------------------------------------
Wed Jun 10 05:28:12 UTC 2020 - jenting hsiao <jenting.hsiao@suse.com>

- Remove build acme binary since cert-manager helm chart does not requires it

-------------------------------------------------------------------
Mon Jun  1 13:24:55 UTC 2020 - jenting hsiao <jenting.hsiao@suse.com>

- Initial version v0.15.1