×

The cert-manager Operator for Red Hat OpenShift is a cluster-wide service that provides application certificate lifecycle management.

These release notes track the development of cert-manager Operator for Red Hat OpenShift.

Release notes for cert-manager Operator for Red Hat OpenShift 1.10.2

Issued: 2023-03-23

The following advisory is available for the cert-manager Operator for Red Hat OpenShift 1.10.2:

For more information, see the cert-manager project release notes for v1.10.

If you used the Technology Preview version of the cert-manager Operator for Red Hat OpenShift, you must uninstall it and remove all related resources for the Technology Preview version before installing this version of the cert-manager Operator for Red Hat OpenShift.

New features and enhancements

This is the general availability (GA) release of the cert-manager Operator for Red Hat OpenShift.

  • The following issuer types are supported:

    • Automated Certificate Management Environment (ACME)

    • Certificate authority (CA)

    • Self-signed

  • The following ACME challenge types are supported:

    • DNS-01

    • HTTP-01

  • The following DNS-01 providers for ACME issuers are supported:

    • Amazon Route 53

    • Azure DNS

    • Google Cloud DNS

  • The cert-manager Operator for Red Hat OpenShift now supports injecting custom CA certificates and propagating cluster-wide egress proxy environment variables.

Bug fixes

  • Previously, the unsupportedConfigOverrides field replaced user-provided arguments instead of appending them. Now, the unsupportedConfigOverrides field properly appends user-provided arguments. (CM-23)

    Using the unsupportedConfigOverrides section to modify the configuration of an Operator is unsupported and might block cluster upgrades.

  • Previously, the cert-manager Operator for Red Hat OpenShift was installed as a cluster Operator. With this release, the cert-manager Operator for Red Hat OpenShift is now properly installed as an OLM Operator. (CM-35)

Known issues

  • Using Route objects is not fully supported. Currently, to use cert-manager Operator for Red Hat OpenShift with Routes, users must create Ingress objects, which are translated to Route objects by the Ingress-to-Route Controller. (CM-16)

  • The cert-manager Operator for Red Hat OpenShift does not support using Azure Active Directory (Azure AD) pod identities to assign a managed identity to a pod. As a workaround, you can use a service principal to assign a managed identity. (OCPBUGS-8665)

  • The cert-manager Operator for Red Hat OpenShift does not support using Google workload identity federation. (OCPBUGS-9998)

  • When uninstalling the cert-manager Operator for Red Hat OpenShift, if you select the Delete all operand instances for this operator checkbox in the OpenShift Container Platform web console, the Operator is not uninstalled properly. As a workaround, do not select this checkbox when uninstalling the cert-manager Operator for Red Hat OpenShift. (OCPBUGS-9960)

Release notes for cert-manager Operator for Red Hat OpenShift 1.7.1-1 (Technology Preview)

Issued: 2022-04-11

The following advisory is available for the cert-manager Operator for Red Hat OpenShift 1.7.1-1:

For more information, see the cert-manager project release notes for v1.7.1.

New features and enhancements

  • This is the initial, Technology Preview release of the cert-manager Operator for Red Hat OpenShift.

Known issues

  • Using Route objects is not fully supported. Currently, cert-manager Operator for Red Hat OpenShift integrates with Route objects by creating Ingress objects through the Ingress Controller. (CM-16)