New Features and Support
- Users can now use multiple secrets with the same name across different namespaces for TLS Support with Secrets. This was not possible before because the OCI Certificates created by OCI Native Ingress Controller were named on the basis of secret names. These will now be named based on the secret's
UIDinstead. - Cert renewal for TLS Support with Secrets is now supported.
- To renew a certificate, update the secret content with the renewed server certificate, and (if required) rotated private key and certificate chain. The corresponding OCI Certificate Service Objects will be updated accordingly.
- Note that changing the server certificate's subject information, viz. Common Name, Subject Alternative Names, Org, etc. is not supported by the Certificate service. If you require to change this information, delete and recreate the secret. New OCI Certificate service resources will be provisioned and attached to the Load Balancer.
- Additional policy is now required to allow OCI Native Ingress Controller to manage OCI Certificate Versions. Please add the same to your existing policies to allow deletion of stale certificate versions.
Allow <subject> to manage leaf-certificate-versions in <compartment-id>
What's Changed
- Honor secret updates, change created certificate name to be uid-unique by @galovics and @piyush-tiwari in #113
- Update net dependency, go build version, doc updates by @piyush-tiwari in #115
Full Changelog: v1.4.0...v1.4.1
Contributors
galovics and piyush-tiwari