Add intro to 0.9 release notes

Signed-off-by: James Munnelly <james@munnelly.eu>
cert-manager · Jul 23, 2019 · 6645257 · 6645257
1 parent e3b1fb7
commit 6645257
Showing 1 changed file with 70 additions and 1 deletion.
diff --git a/design/release-notes/release-0.9/draft-release-notes.md b/design/release-notes/release-0.9/draft-release-notes.md
@@ -1,5 +1,46 @@
+The v0.9 release is one of our biggest yet, packed with new features and bug
+fixes!
+
+The introduction of the new CertificateRequest resource type is significant as
+it is a step towards where we want to be for 1.0, defining an API specification
+for Certificates and allowing anyone to implement their own issuers and CAs as
+first class citizens.
+
+This release includes changes from:
+
+* Aaron Gershman
+* Aled James
+* Artem Yarmoluk
+* Carlos Panato
+* Chris Abiad
+* Christopher Abiad
+* Crystal-Chun
+* Dan
+* Dobes Vandermeer
+* Hans Kristian Flaatten
+* Hays Clark
+* Ivan Wallis
+* James Munnelly
+* Joshua Van Leeuwen
+* Kevin Woo
+* Lachlan Cooper
+* Louis Taylor
+* Michael Cristina
+* Michael Tsang
+* PirateBread
+* Qiu Yu
+* Sergej Nikolaev
+* Solly Ross
+* Stefan Kolb
+* Steven Tobias
+* Stuart Hu
+* Till Wiese
+* kfoozminus
+
 ## Notable Items
+
 ### New CertificateRequest Resource
+
 A new resource has been introduced - `CertificateRequest` - that is used to
 request certificates using a raw x509 certificate signing request. This resource
 is not typically used by humans but rather by other controllers or services. For
@@ -20,6 +61,7 @@ or how this resource is used in the
 
 
 ### DNS Zones support for ACME challenge solver selector
+
 A list of DNS zones can now be added to the ACME challenge solver selector.  The
 most specific DNS zone match specified here will take precedence over other DNS
 zone matches, so a solver specifying `sys.example.com` will be selected over one
@@ -29,46 +71,59 @@ labels in matchLabels will be selected. If neither has more matches, the solver
 defined earlier in the list will be selected.
 
 ### Certificate Readiness Prometheus Metrics
+
 Cert-manager now exposes Prometheus metrics on Certificate ready statuses as
 `certmanager_certificate_ready_status`. This is useful for monitoring
 Certificate resources to ensure they have a `Ready=True` status.
 
 ### Prometheus Operator ServiceMonitor
+
 Support has been added to include a Prometheus ServiceMonitor for cert-manager
 in the helm chart. This enables monitoring of cert-manager when in conjunction
 with the [Prometheus Operator](https://github.com/coreos/prometheus-operator).
 This is disabled by default but can be enabled via the helm configuration.
 
 ### ACMEv2 POST-as-GET
 
-- Add support for ACMEv2 POST-as-GET ([#1648](https://github.com/jetstack/cert-manager/pull/1648), [@munnerz](https://github.com/munnerz)) <- this one means we are now ACMEv2 spec compliant
+We have now switched to use the new POST-as-GET feature that was introduced
+into the latest version of the ACME spec a few months ago.
+
+If you are running your own ACME server, please ensure it supports POST-as-GET
+as we no longer supported the old behaviour.
 
 ### ACME Issuer Solver Pod Template
+
 The ACME Solver Pod Spec now exposes a template that can be used to change
 metadata about that pod. Currently, a template will expose labels, annotations,
 node selector, tolerations, and affinity. This is useful when running
 cert-manager in multi-arch clusters, or when you run workloads across different
 types of nodes and need to restrict where the acmesolver pod runs.
 
 ## Action Required
+
 ### Length limit for Common Names
+
 Common names with a character length of over 63 will be rejected during
 validation. This is due to the upper limit being detailed in RFC 5280.
 
 ### Distroless Cert-Manager Base Images
+
 For each container, cert-manager ships with the base image
 'gcr.io/distroless/static' which is a minimal image that includes no binaries.
 Users who want to debug from within the cert-manager pod will need to attach an
 additional container with their debug utilities to the pod's namespace.
 
 ### CSRs in Order Resources now PEM Encoded
+
 CSRs in Order resources have previously been incorrectly DER encoded due to an
 error in implementation. This has now been corrected to PEM encoding. Current
 orders that were created with a previous version of cert-manager will fail to
 validate and so will be recreated. This should resume the order normally.
 
 ## Changelog
+
 ### General
+
 - Reduce cert-manager's RBAC permissions ([#1658](https://github.com/jetstack/cert-manager/pull/1658), [@munnerz](https://github.com/munnerz))
 - commented-out extraArg for enable-certificate-owner-ref ([#1828](https://github.com/jetstack/cert-manager/pull/1828), [@aegershman](https://github.com/aegershman))
 - Validate that Certificates in a namespace have unique `secretName` ([#1689](https://github.com/jetstack/cert-manager/pull/1689), [@cheukwing](https://github.com/cheukwing))
@@ -79,7 +134,9 @@ validate and so will be recreated. This should resume the order normally.
 - Allow disabling issuing temporary certificates with feature flag `--feature-gates=IssueTemporaryCertificate=false` ([#1764](https://github.com/jetstack/cert-manager/pull/1764), [@gordonbondon](https://github.com/gordonbondon))
 - Switch to using distroless for base images ([#1663](https://github.com/jetstack/cert-manager/pull/1663), [@munnerz](https://github.com/munnerz))
 - Limit length for CommonName to 63 bytes ([#1818](https://github.com/jetstack/cert-manager/pull/1818), [@cheukwing](https://github.com/cheukwing))
+
 ### ACME Issuer
+
 - Properly encode the CSR field on Order resources as PEM data instead of DER ([#1884](https://github.com/jetstack/cert-manager/pull/1884), [@munnerz](https://github.com/munnerz))
 - Fire informational Event if an ACME solver cannot be chosen for a domain on an Order ([#1856](https://github.com/jetstack/cert-manager/pull/1856), [@munnerz](https://github.com/munnerz))
 - Fix bug with auto-generated Order names being longer than 63 characters ([#1765](https://github.com/jetstack/cert-manager/pull/1765), [@cheukwing](https://github.com/cheukwing))
@@ -98,23 +155,35 @@ validate and so will be recreated. This should resume the order normally.
 - Fix incorrect handling of `issuewild` tag when verifying CAA ([#1777](https://github.com/jetstack/cert-manager/pull/1777), [@cheukwing](https://github.com/cheukwing))
 - Add support for selecting ACME challenge solver to use by specifying 'dnsZones' in the selector ([#1806](https://github.com/jetstack/cert-manager/pull/1806), [@munnerz](https://github.com/munnerz))
 - Use proxy environment variables in self-check request ([#1850](https://github.com/jetstack/cert-manager/pull/1850), [@kinolaev](https://github.com/kinolaev))
+
 ### Venafi Issuer
+
 - Venafi: use vCert v4.1.0 ([#1827](https://github.com/jetstack/cert-manager/pull/1827), [@munnerz](https://github.com/munnerz))
 - Bump Venafi vcert dependency to latest version ([#1754](https://github.com/jetstack/cert-manager/pull/1754), [@munnerz](https://github.com/munnerz))
+
 ### Webhook
+
 - cert-manager-webhook secret exists in cert-manager ns ([#1791](https://github.com/jetstack/cert-manager/pull/1791), [@jetstack-bot](https://github.com/jetstack-bot))
 - Support CRD conversion webhooks in the CA injector controller. ([#1505](https://github.com/jetstack/cert-manager/pull/1505), [@DirectXMan12](https://github.com/DirectXMan12))
+
 ### CA Issuer
+
 - Adds CSR signing to CA issuer ([#1835](https://github.com/jetstack/cert-manager/pull/1835), [@JoshVanL](https://github.com/JoshVanL))
+
 ### CertificateRequest
+
 - Adds CertificateRequest resource ([#1789](https://github.com/jetstack/cert-manager/pull/1789), [@JoshVanL](https://github.com/JoshVanL))
 - Adds CA issuer controller to resolve CertificateRequests where CA is the issuer reference ([#1836](https://github.com/jetstack/cert-manager/pull/1836), [@JoshVanL](https://github.com/JoshVanL))
 - Adds Sign interface to Issuers ([#1807](https://github.com/jetstack/cert-manager/pull/1807), [@JoshVanL](https://github.com/JoshVanL))
 - Adds `group` to `issuerRef` in `CertificateRequest` resources to distinguish resource ownership of incoming CertificateRequests so enabling full external issuer support.  ([#1860](https://github.com/jetstack/cert-manager/pull/1860), [@JoshVanL](https://github.com/JoshVanL))
+
 ### Documentation
+
 - Adds Design and Proposals page to website docs ([#1876](https://github.com/jetstack/cert-manager/pull/1876), [@JoshVanL](https://github.com/JoshVanL))
 - Adds CertificateRequest proposal ([#1866](https://github.com/jetstack/cert-manager/pull/1866), [@JoshVanL](https://github.com/JoshVanL))
+
 ### Monitoring
+
 - Prometheus metrics for deleted Certificates are cleaned up ([#1681](https://github.com/jetstack/cert-manager/pull/1681), [@cheukwing](https://github.com/cheukwing))
 - Adds `ControllerSyncCallCount` prometheus metric to count sync calls from each controller ([#1692](https://github.com/jetstack/cert-manager/pull/1692), [@cheukwing](https://github.com/cheukwing))
 - Add support for Prometheus Operator ServiceMonitor object in Helm Chart ([#1761](https://github.com/jetstack/cert-manager/pull/1761), [@Starefossen](https://github.com/Starefossen))