Skip to content

Commit

Permalink
Merge pull request #1633 from SgtCoDFish/cert-manager-v1.17
Browse files Browse the repository at this point in the history 
Add docs, release notes and upgrade docs for cert-manager v1.17
  • Loading branch information
@cert-manager-prow
cert-manager-prow[bot] authored Feb 3, 2025
2 parents 3deb793 + 6a02b87 commit e851a00
Show file tree
Hide file tree
Showing 132 changed files with 30,824 additions and 45 deletions.
30 changes: 30 additions & 0 deletions .spelling
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,11 @@
phillebaba
aidy
bashlion
7ing
fadecore
schedin
ssyno
ianarsenault
tberreis
allenmunC1
jeremycampbell
Expand All @@ -7,13 +14,27 @@ JoeNorth
tanujd11
asapekia
pevidex
TheHenrick
ilyesAj
Peac36
jochenrichter
adam-sroka
rquinio1A
puerco
fcrespofastly
vinny
lauraseidler
ABWassim
ThatsMrTalbot
Pionerd
SHA-256
SHA-384
SHA-512
3072-bit
4096-bit
andrey-dubnik
bwaldrep
sdarwin
eplightning
findnature
gplessis
Expand Down Expand Up @@ -539,6 +560,15 @@ v1.15
v1.15.
v1.16
v1.16.
v1.16.0
v1.16.1
v1.17
v1.17.
v1.17.0
v1.18.
v1.18
v1.18.0
v1.18.0.
v1.19
v1.5
v1.5.0
Expand Down
1 change: 1 addition & 0 deletions content/docs/cli/cainjector.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ Flags:
--feature-gates mapStringBool A set of key=value pairs that describe feature gates for alpha/experimental features. Options are:
AllAlpha=true|false (ALPHA - default=false)
AllBeta=true|false (BETA - default=false)
CAInjectorMerging=true|false (ALPHA - default=false)
ServerSideApply=true|false (ALPHA - default=false)
-h, --help help for cainjector
--kubeconfig string Paths to a kubeconfig. Only required if out-of-cluster.
Expand Down
4 changes: 2 additions & 2 deletions content/docs/cli/controller.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,13 +45,13 @@ Flags:
ExperimentalCertificateSigningRequestControllers=true|false (ALPHA - default=false)
ExperimentalGatewayAPISupport=true|false (BETA - default=true)
LiteralCertificateSubject=true|false (BETA - default=true)
NameConstraints=true|false (ALPHA - default=false)
NameConstraints=true|false (BETA - default=true)
OtherNames=true|false (ALPHA - default=false)
SecretsFilteredCaching=true|false (BETA - default=true)
ServerSideApply=true|false (ALPHA - default=false)
StableCertificateRequestName=true|false (BETA - default=true)
UseCertificateRequestBasicConstraints=true|false (ALPHA - default=false)
UseDomainQualifiedFinalizer=true|false (ALPHA - default=false)
UseDomainQualifiedFinalizer=true|false (BETA - default=true)
ValidateCAA=true|false (ALPHA - default=false)
-h, --help help for controller
--issuer-ambient-credentials Whether an issuer may make use of ambient credentials. 'Ambient Credentials' are credentials drawn from the environment, metadata services, or local files which are not explicitly configured in the Issuer API object. When this flag is enabled, the following sources for credentials are also used: AWS - All sources the Go SDK defaults to, notably including any EC2 IAM roles available via instance metadata.
Expand Down
2 changes: 1 addition & 1 deletion content/docs/cli/webhook.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ Flags:
AllAlpha=true|false (ALPHA - default=false)
AllBeta=true|false (BETA - default=false)
LiteralCertificateSubject=true|false (BETA - default=true)
NameConstraints=true|false (ALPHA - default=false)
NameConstraints=true|false (BETA - default=true)
OtherNames=true|false (ALPHA - default=false)
--healthz-port int32 port number to listen on for insecure healthz connections (default 6080)
-h, --help help for webhook
Expand Down
2 changes: 0 additions & 2 deletions content/docs/installation/configuring-components.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,6 @@ featureGates:
LiteralCertificateSubject: true
UseCertificateRequestBasicConstraints: true
OtherNames: true
NameConstraints: true
UseDomainQualifiedFinalizer: true
```
Expand All @@ -81,7 +80,6 @@ featureGates:
AdditionalCertificateOutputFormats: true
LiteralCertificateSubject: true
OtherNames: true
NameConstraints: true
```
> **Note:** This is included as an example only and not intended to be used as default settings.
Expand Down
20 changes: 14 additions & 6 deletions content/docs/manifest.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,16 +21,16 @@
"path": "/docs/releases/README.md"
},
{
"title": "1.16",
"path": "/docs/releases/release-notes/release-notes-1.16.md"
"title": "1.17",
"path": "/docs/releases/release-notes/release-notes-1.17.md"
},
{
"title": "Upgrade 1.15 to 1.16",
"path": "/docs/releases/upgrading/upgrading-1.15-1.16.md"
"title": "Upgrade 1.16 to 1.17",
"path": "/docs/releases/upgrading/upgrading-1.16-1.17.md"
},
{
"title": "1.15",
"path": "/docs/releases/release-notes/release-notes-1.15.md"
"title": "1.16",
"path": "/docs/releases/release-notes/release-notes-1.16.md"
},
{
"title": "Upgrading from 1.12",
Expand All @@ -51,6 +51,14 @@
"title": "Migrating Deprecated API Resources",
"path": "/docs/releases/upgrading/remove-deprecated-apis.md"
},
{
"title": "Upgrade 1.15 to 1.16",
"path": "/docs/releases/upgrading/upgrading-1.15-1.16.md"
},
{
"title": "1.15",
"path": "/docs/releases/release-notes/release-notes-1.15.md"
},
{
"title": "Upgrade 1.14 to 1.15",
"path": "/docs/releases/upgrading/upgrading-1.14-1.15.md"
Expand Down
72 changes: 52 additions & 20 deletions content/docs/reference/api-docs.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2167,6 +2167,17 @@ description: >-
<p>resource ID of the managed identity, can not be used at the same time as clientID Cannot be used for Azure Managed Service Identity</p>
</td>
</tr>
<tr>
<td>
<code>tenantID</code>
<br />
<em>string</em>
</td>
<td>
<em>(Optional)</em>
<p>tenant ID of the managed identity, can not be used at the same time as resourceID</p>
</td>
</tr>
</tbody>
</table>
<h3 id="acme.cert-manager.io/v1.CNAMEStrategy"> CNAMEStrategy (<code>string</code> alias) </h3>
Expand Down Expand Up @@ -5152,10 +5163,7 @@ description: >-
<h3 id="cert-manager.io/v1.JKSKeystore">JKSKeystore</h3>
<p> (<em>Appears on:</em> <a href="#cert-manager.io/v1.CertificateKeystores">CertificateKeystores</a>) </p>
<div>
<p>
JKS configures options for storing a JKS keystore in the <code>spec.secretName</code>
Secret resource.
</p>
<p>JKS configures options for storing a JKS keystore in the target secret. Either PasswordSecretRef or Password must be provided.</p>
</div>
<table>
<thead>
Expand All @@ -5173,11 +5181,22 @@ description: >-
</td>
<td>
<p>
Create enables JKS keystore creation for the Certificate. If true, a file named <code>keystore.jks</code> will be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code>. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named <code>truststore.jks</code> will also be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code>
Create enables JKS keystore creation for the Certificate. If true, a file named <code>keystore.jks</code> will be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code> or <code>password</code>. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named <code>truststore.jks</code> will also be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code>
containing the issuing Certificate Authority
</p>
</td>
</tr>
<tr>
<td>
<code>alias</code>
<br />
<em>string</em>
</td>
<td>
<em>(Optional)</em>
<p> Alias specifies the alias of the key in the keystore, required by the JKS format. If not provided, the default alias <code>certificate</code> will be used. </p>
</td>
</tr>
<tr>
<td>
<code>passwordSecretRef</code>
Expand All @@ -5187,18 +5206,19 @@ description: >-
</em>
</td>
<td>
<p>PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the JKS keystore.</p>
<em>(Optional)</em>
<p>PasswordSecretRef is a reference to a non-empty key in a Secret resource containing the password used to encrypt the JKS keystore. Mutually exclusive with password. One of password or passwordSecretRef must provide a password with a non-zero length.</p>
</td>
</tr>
<tr>
<td>
<code>alias</code>
<code>password</code>
<br />
<em>string</em>
</td>
<td>
<em>(Optional)</em>
<p> Alias specifies the alias of the key in the keystore, required by the JKS format. If not provided, the default alias <code>certificate</code> will be used. </p>
<p>Password provides a literal password used to encrypt the JKS keystore. Mutually exclusive with passwordSecretRef. One of password or passwordSecretRef must provide a password with a non-zero length.</p>
</td>
</tr>
</tbody>
Expand Down Expand Up @@ -5526,36 +5546,48 @@ description: >-
<em>bool</em>
</td>
<td>
<p> Create enables PKCS12 keystore creation for the Certificate. If true, a file named <code>keystore.p12</code> will be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code>. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named <code>truststore.p12</code> will also be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code> containing the issuing Certificate Authority </p>
<p> Create enables PKCS12 keystore creation for the Certificate. If true, a file named <code>keystore.p12</code> will be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code> or in <code>password</code>. The keystore file will be updated immediately. If the issuer provided a CA certificate, a file named <code>truststore.p12</code> will also be created in the target Secret resource, encrypted using the password stored in <code>passwordSecretRef</code> containing the issuing Certificate Authority </p>
</td>
</tr>
<tr>
<td>
<code>passwordSecretRef</code>
<code>profile</code>
<br />
<em>
<a href="#meta.cert-manager.io/v1.SecretKeySelector">SecretKeySelector</a>
<a href="#cert-manager.io/v1.PKCS12Profile">PKCS12Profile</a>
</em>
</td>
<td>
<p>PasswordSecretRef is a reference to a key in a Secret resource containing the password used to encrypt the PKCS12 keystore.</p>
<em>(Optional)</em>
<p> Profile specifies the key and certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 keystore. Default value is <code>LegacyRC2</code> for backward compatibility. </p>
<p>
If provided, allowed values are:
<code>LegacyRC2</code>: Deprecated. Not supported by default in OpenSSL 3 or Java 20. <code>LegacyDES</code>: Less secure algorithm. Use this option for maximal compatibility. <code>Modern2023</code>: Secure algorithm. Use this option in case you have to always use secure algorithms (eg. because of company policy). Please note that the security of the algorithm is not that important in reality, because the unencrypted certificate and private key are also stored in the Secret.
</p>
</td>
</tr>
<tr>
<td>
<code>profile</code>
<code>passwordSecretRef</code>
<br />
<em>
<a href="#cert-manager.io/v1.PKCS12Profile">PKCS12Profile</a>
<a href="#meta.cert-manager.io/v1.SecretKeySelector">SecretKeySelector</a>
</em>
</td>
<td>
<em>(Optional)</em>
<p> Profile specifies the key and certificate encryption algorithms and the HMAC algorithm used to create the PKCS12 keystore. Default value is <code>LegacyRC2</code> for backward compatibility. </p>
<p>
If provided, allowed values are:
<code>LegacyRC2</code>: Deprecated. Not supported by default in OpenSSL 3 or Java 20. <code>LegacyDES</code>: Less secure algorithm. Use this option for maximal compatibility. <code>Modern2023</code>: Secure algorithm. Use this option in case you have to always use secure algorithms (eg. because of company policy). Please note that the security of the algorithm is not that important in reality, because the unencrypted certificate and private key are also stored in the Secret.
</p>
<p>PasswordSecretRef is a reference to a non-empty key in a Secret resource containing the password used to encrypt the PKCS#12 keystore. Mutually exclusive with password. One of password or passwordSecretRef must provide a password with a non-zero length.</p>
</td>
</tr>
<tr>
<td>
<code>password</code>
<br />
<em>string</em>
</td>
<td>
<em>(Optional)</em>
<p>Password provides a literal password used to encrypt the PKCS#12 keystore. Mutually exclusive with passwordSecretRef. One of password or passwordSecretRef must provide a password with a non-zero length.</p>
</td>
</tr>
</tbody>
Expand Down Expand Up @@ -7103,5 +7135,5 @@ description: >-
</table>
<hr />
<p>
<em> Generated with <code>gen-crd-api-reference-docs</code> on git commit <code>33df0f2</code>. </em>
<em> Generated with <code>gen-crd-api-reference-docs</code> on git commit <code>4562b9a</code>. </em>
</p>
Loading

0 comments on commit e851a00

Please sign in to comment.