OSDOCS#14771: Updated cert-manager release note text for 1.16 #93727
Conversation
openshift-ci
bot
added
the
size/S
|
🤖 Mon May 26 08:25:20 - Prow CI generated the docs preview: |
|
@subhtk: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
We also need to add a new section for cainjector and webhook metrics in the existing monitoring pages of our operator (upstream 1.16 introduced it).
/cc @lunarwhite
| [id="cert-manager-operator-1-16-0-features-enhancements_{context}"] | ||
| === New features and enhancements | ||
|
|
||
| *Disconnected installation support* |
There was a problem hiding this comment.
@lunarwhite would it be needful to mention that we tested on Private ACME?
I think the Issuer list table that we have.
There was a problem hiding this comment.
Disconnected environment support
With this release, the cert-manager operator has been verified to install and function in disconnected clusters with the following issuer types: ACME, CA, Self-signed, and Vault. Specifically, private or self-hosted ACME servers have been validated, as Let's Encrypt or other public ACME services are not feasible options in air-gapped environments. To mirror operator images, the preferred method is using the oc-mirror plugin v2, for more infomation, please see: https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/disconnected_environments/mirroring-in-disconnected-environments#about-installing-oc-mirror-v2
|
|
||
| * link:https://access.redhat.com/errata/RHBA-2025[RHEA-2025] | ||
|
|
||
| Version `1.16` of the {cert-manager-operator} is based on the upstream cert-manager version `v1.16.0`. For more information, see the link:https://cert-manager.io/docs/releases/release-notes/release-notes-1.16[cert-manager project release notes for v1.16]. |
There was a problem hiding this comment.
based on the upstream cert-manager version `v1.16.4`
and link it to: https://cert-manager.io/docs/releases/release-notes/release-notes-1.16/#v1164
like we did in all previous versions.
| @@ -12,6 +12,28 @@ These release notes track the development of {cert-manager-operator}. | |||
|
|
|||
| For more information, see xref:../../security/cert_manager_operator/index.adoc#cert-manager-operator-about[About the {cert-manager-operator}]. | |||
|
|
|||
| [id="cert-manager-operator-release-notes-1-16_{context}"] | |||
| == {cert-manager-operator} 1.16 | |||
There was a problem hiding this comment.
| == {cert-manager-operator} 1.16 | |
| == {cert-manager-operator} 1.16.0 |
please find other version refs if present too.
|
|
||
| [id="cert-manager-operator-1-16-CVEs_{context}"] | ||
| === CVEs | ||
|
|
There was a problem hiding this comment.
+ CVE-2025-22866
+ CVE-2024-45337
+ CVE-2024-45338
|
Plus, we want to add about the following in release notes:
|
| *Disconnected installation support* | ||
|
|
||
| Starting with {cert-manager-operator} v1.16, the Operator can now be deployed in disconnected OpenShift clusters, enabling customers operating in disconnected environments to use {cert-manager-operator}. | ||
|
|
There was a problem hiding this comment.
Adding
Extended operand metrics support
With this release, cert-manager webhook and cainjector operands now expose Prometheus metrics on port 9402 by default via the
/metricsservice endpoint. You can configure OpenShift Monitoring to collect metrics from all cert-manager operands by enabling the built-in user workload monitoring stack. For more information, see<the link to the existing monitoring page>
For the doc section to modify/create, you could refer to https://github.com/openshift/cert-manager-operator/blob/52b0de67fc0fa8a3b3602ffa0785bd95b403585c/docs/operand_metrics.md
| [id="cert-manager-operator-1-16-0-features-enhancements_{context}"] | ||
| === New features and enhancements | ||
|
|
||
| *Disconnected installation support* |
There was a problem hiding this comment.
Disconnected environment support
With this release, the cert-manager operator has been verified to install and function in disconnected clusters with the following issuer types: ACME, CA, Self-signed, and Vault. Specifically, private or self-hosted ACME servers have been validated, as Let's Encrypt or other public ACME services are not feasible options in air-gapped environments. To mirror operator images, the preferred method is using the oc-mirror plugin v2, for more infomation, please see: https://docs.redhat.com/en/documentation/openshift_container_platform/4.18/html/disconnected_environments/mirroring-in-disconnected-environments#about-installing-oc-mirror-v2
|
And please note that this PR is applicable to OCP v4.14+ |
| *Disconnected installation support* | ||
|
|
||
| Starting with {cert-manager-operator} v1.16, the Operator can now be deployed in disconnected OpenShift clusters, enabling customers operating in disconnected environments to use {cert-manager-operator}. | ||
|
|
There was a problem hiding this comment.
Would it be helpful to mention the route feature GA-ed in OCP v4.19? (perhaps could do it in a separate followup PR, since it only applicable to 4.19+) Just like something we did for v1.13.0: #78572
Adding something like #93202:
Securing routes with cert-manager managed certificates
...
And make changes to the corresponding section, similar to what we're doing in #92978
There was a problem hiding this comment.
SGTM. We just need to clarify that the feature is applicable for OCP 4.19+, and not actually mapped to cert-manager release.
There was a problem hiding this comment.
Let me create the follow up PR for the same.
openshift-merge-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Version(s): 4.14+
Issue: https://issues.redhat.com/browse/OSDOCS-14771
Link to docs preview:
QE review:
Additional information: