Approver Policy releases¶
Approver Policy provides a policy engine for certificates issued by cert-manager.
Learn about current and past releases of Approver Policy.
Latest release¶
The latest stable version of Approver Policy is v0.13.1.
Downloads¶
- Docker Image:
private-registry.venafi.cloud/cert-manager-approver-policy/cert-manager-approver-policy:v0.13.1
- Helm Chart:
oci://registry.venafi.cloud/charts/cert-manager-approver-policy:v0.13.1
- Helm Chart:
oci://private-registry.venafi.cloud/charts/cert-manager-approver-policy:v0.13.1
- Docker Image:
private-registry.venafi.eu/cert-manager-approver-policy/approver-policy:v0.13.1
- Helm Chart:
oci://registry.venafi.cloud/charts/cert-manager-approver-policy:v0.13.1
- Helm Chart:
oci://private-registry.venafi.eu/charts/cert-manager-approver-policy:v0.13.1
Release v0.13.1¶
Approver Policy v0.13.1 was released on March 26, 2024.
Key features¶
- You can now configure an HTTP proxy from the Helm chart by using the following values:
http_proxy
,https_proxy
, andno_proxy
. If you are using the upstream version of Approver Policy, this may not be useful to you. These variables are useful for projects building plugins on top of Approver Policy and make HTTP calls to the internet. For more information, see Approver Policy Helm values reference page. - You can now also configure the
priorityClassName
field in the Helm chart. For more information, see Approver Policy Helm values reference page. - The following vulnerability was fixed by upgrading to google.golang.org/protobuf@v1.33.0: GO-2024-2611 (CVE-2024-24786) .
Downloads
- Docker Image:
private-registry.venafi.cloud/cert-manager-approver-policy/cert-manager-approver-policy:v0.13.1
- Helm Chart:
oci://registry.venafi.cloud/charts/cert-manager-approver-policy:v0.13.1
- Helm Chart:
oci://private-registry.venafi.cloud/charts/cert-manager-approver-policy:v0.13.1
- Docker Image:
private-registry.venafi.eu/cert-manager-approver-policy/cert-manager-approver-policy:v0.13.1
- Helm Chart:
oci://registry.venafi.cloud/charts/cert-manager-approver-policy:v0.13.1
- Helm Chart:
oci://private-registry.venafi.eu/charts/cert-manager-approver-policy:v0.13.1
Release v0.13.0¶
Approver Policy v0.13.0 was released on March 6, 2024.
Key features¶
-
By default, the Helm chart now adds the
helm.sh/resource-policy: keep annotation
to all CRDs. This prevents accidental deletion of CRDs when uninstalling the component using Helm.Note
This feature introduces an additional uninstall step:
$ kubectl delete crd certificaterequestpolicies.policy.cert-manager.io
To avoid using the annotation, add
--set crds.keep=false
to your installation. To exclude the CRD from the Helm installation use--set crds.enabled=false
. -
This release also adds an optional
PodDisruptionBudget
helm value that can be used in your values.yaml file:podDisruptionBudget: enabled: true
-
To help avoid disk exhaustion attacks, a size limit of 50mb has been set on the
emptyDir
used for the/tmp
directory. A/tmp
directory is used for the TLS certificate which it generates for the webhook, as well as by some Approver Policy plugins for creating temporary configuration files. -
Platform engineers can now set Topology Spread Constraints using a Helm chart values. For more information see Topology Spread Constraints.
-
All Approver Policy deployment-related Helm values have been made global in this release.
-
The
replicaCount
Helm value can now be set to either an integer or a string.
Downloads
- Docker Image:
private-registry.venafi.cloud/cert-manager-approver-policy/cert-manager-approver-policy:v0.13.0
- Helm Chart:
oci://registry.venafi.cloud/charts/cert-manager-approver-policy:v0.13.0
- Helm Chart:
oci://private-registry.venafi.cloud/charts/cert-manager-approver-policy:v0.13.0
- Docker Image:
private-registry.venafi.eu/cert-manager-approver-policy/cert-manager-approver-policy:v0.13.0
- Helm Chart:
oci://registry.venafi.cloud/charts/cert-manager-approver-policy:v0.13.0
- Helm Chart:
oci://private-registry.venafi.eu/charts/cert-manager-approver-policy:v0.13.0
Release v0.12.1¶
Approver Policy v0.12.1 was released on February 1, 2024.
Key features¶
-
This patch release improves the Helm chart README and metadata properties.
Note
This release of Approver Policy changes how containers are built, which in turn changes the path at which the binary can be found inside the container. This means that new container images can't be used with older Helm charts, or with any software which expects the old path.
For the simplest upgrade experience, use the latest helm chart with the latest image.
Downloads
- Docker Image:
private-registry.venafi.cloud/cert-manager-approver-policy/cert-manager-approver-policy:v0.12.1
- Helm Chart:
oci://registry.venafi.cloud/charts/cert-manager-approver-policy:v0.12.1
- Helm Chart:
oci://private-registry.venafi.cloud/charts/cert-manager-approver-policy:v0.12.1
- Docker Image:
private-registry.venafi.eu/cert-manager-approver-policy/cert-manager-approver-policy:v0.12.1
- Helm Chart:
oci://registry.venafi.cloud/charts/cert-manager-approver-policy:v0.12.1
he- Helm Chart:oci://private-registry.venafi.eu/charts/cert-manager-approver-policy:v0.12.1