- feat(signer): Signer recognizes
metadata.command-issuer.keyfactor.com/<metadata-field-name>: <metadata-value>annotations on the CertificateRequest resource and uses them to populate certificate metadata in Command. - feat(release): Container build and release now uses GitHub Actions.
- fix(helm): CRDs now correspond to correct values for the
command-issuer. - fix(helm): Signer Helm Chart now includes a
secureMetricsvalue to enable/disable sidecar RBAC container for further protection of the/metricsendpoint. - fix(signer): Signer now returns CA chain bytes instead of appending to the leaf certificate.
- fix(role): Removed permissions for
configmapsresource types for theleader-election-rolerole.
- feat(controller): Implement Kubernetes
client-goREST client for Secret/ConfigMap retrieval to bypasscontroller-runtimecaching system. This enables the reconciler to retrieve Secret and ConfigMap resources at the namespace scope with only namespace-level permissions.
- fix(helm): Add configuration flag to configure chart to either grant cluster-scoped or namespace-scoped access to Secret and ConfigMap API
- fix(controller): Add logic to read secret from reconciler namespace or Issuer namespace depending on Helm configuration.