Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Releases: cert-manager/csi-driver

v0.11.1

17 Oct 08:01
df98a1d

Choose a tag to compare

cert-manager-csi-driver enables issuing secretless X.509 certificates for pods using cert-manager!

This release is a patch release, upgrading Go from 1.25.1 to 1.25.3, fixing a range of CVEs: CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-61723, CVE-2025-58186, CVE-2025-58185, CVE-2025-58188, and CVE-2025-61725.

Furthermore, additional go dependencies were upgraded where possible.

Full Changelog: v0.11.0...v0.11.1

v0.11.0

11 Aug 15:04
v0.11.0
1de91f6

Choose a tag to compare

cert-manager-csi-driver enables issuing secretless X.509 certificates for pods using cert-manager!

v0.11.0 is a feature release containing the ability to specify a key type for the certificate you're mounting with csi-driver, allowing
the use of ECDSA and Ed25519 certs using csi-driver.

To generate a P-256 certificate, try the following:

apiVersion: v1
kind: Pod
metadata:
  name: my-csi-app
  namespace: sandbox
  labels:
    app: my-csi-app
spec:
  containers:
    - name: my-frontend
      image: busybox
      volumeMounts:
      - mountPath: "/tls"
        name: tls
      command: [ "sleep", "1000000" ]
  volumes:
    - name: tls
      csi:
        driver: csi.cert-manager.io
        readOnly: true
        volumeAttributes:
          csi.cert-manager.io/issuer-name: my-issuer
          csi.cert-manager.io/issuer-kind: Issuer
          csi.cert-manager.io/dns-names: ${POD_NAME}.${POD_NAMESPACE}.svc.cluster.local
          csi.cert-manager.io/key-algorithm: ECDSA

Huge thanks to @matthewpi for the awesome contribution!

What's Changed

Features

  • 🚀 Add support for ECDSA and Ed25519 algorithms, make key size configurable by @matthewpi in #404

Dependency Bumps

  • Bump the all group across 1 directory with 2 updates by @dependabot[bot] in #422
  • Bump the all group across 1 directory with 8 updates by @dependabot[bot] in #428
  • Bump the all group with 2 updates by @dependabot[bot] in #431

Makefile Modules Updates

  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #420
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #423
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #424
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #426
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #429
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #430
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #432
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #433
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #434
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] in #435
  • [CI] Merge self-upgrade-main into main by @github-actions[bot] (and @SgtCoDFish) in #436

New Contributors

Full Changelog: v0.10.4...v0.11.0

v0.10.4

26 Jun 16:51
75b5e0e

Choose a tag to compare

cert-manager-csi-driver enables issuing secretless X.509 certificates for pods using cert-manager!

This release contains miscellaneous bug fixes and dependency updates.
It is built with Go 1.24.4 which fixes the following vulnerabilities: CVE-2025-22874, CVE-2025-0913, and CVE-2025-4673.

helm inspect chart cert-manager-csi-driver --repo https://charts.jetstack.io --version v0.10.4

What's Changed

  • Bump sidecar images in preparation for release by @wallrj in #419

Dependabot

makefile-modules

  • [CI] Merge self-upgrade-main into main by @github-actions in #407
  • [CI] Merge self-upgrade-main into main by @github-actions in #408
  • [CI] Merge self-upgrade-main into main by @github-actions in #409
  • [CI] Merge self-upgrade-main into main by @github-actions in #411
  • [CI] Merge self-upgrade-main into main by @github-actions in #414
  • [CI] Merge self-upgrade-main into main by @github-actions in #416
  • [CI] Merge self-upgrade-main into main by @github-actions in #417

Full Changelog: v0.10.3...v0.10.4

v0.10.3

06 May 10:28
88ea30b

Choose a tag to compare

cert-manager-csi-driver enables issuing secretless X.509 certificates for pods using cert-manager!

This is a patch release with dependency bumps, aiming to fix "vulnerabilities" reported by scanners. We don't know of any specific vulnerability in csi-driver, but we think it's important to make occasional releases with patched dependencies.

This new version can be installed as follows:

helm upgrade cert-manager-csi-driver jetstack/cert-manager-csi-driver \
  --install \
  --version v0.10.3 \
  --namespace cert-manager \
  --wait

What's Changed

Features

  • Add dependency licenses to repo and OCI image by @inteon in #398

Dependency upgrades

  • Bump sigs.k8s.io/controller-runtime from 0.19.4 to 0.20.0 in the all group by @dependabot in #356
  • Bump other images, add note to release process about checking them by @SgtCoDFish in #357
  • Bump the all group across 1 directory with 4 updates by @dependabot in #365
  • Bump golang.org/x/sync from 0.10.0 to 0.11.0 in the all group by @dependabot in #367
  • Bump the all group across 1 directory with 11 updates by @dependabot in #377
  • Bump golang.org/x/net from 0.35.0 to 0.36.0 in the go_modules group by @dependabot in #381
  • Bump the all group across 1 directory with 10 updates by @dependabot in #386
  • Bump github.com/onsi/gomega from 1.36.3 to 1.37.0 in the all group by @dependabot in #387
  • Bump golang.org/x/net from 0.37.0 to 0.38.0 in the go_modules group by @dependabot in #392
  • Bump the all group across 1 directory with 7 updates by @dependabot in #396

Makefile module upgrades

#358, #360, #361, #363, #364, #366, #368, #369, #373, #375, #376, #378, #388, #389, #390, #391, #393, #395, #397, #399, #400, #401, #402, #403, #405

Full Changelog: v0.10.2...v0.10.3

v0.10.2

20 Jan 11:19
v0.10.2
822a3a3

Choose a tag to compare

cert-manager-csi-driver enables issuing secretless X.509 certificates for pods using cert-manager!

This is a patch release with dependency bumps, aiming to fix "vulnerabilities" reported by scanners. We don't know of any specific vulnerability in csi-driver, but we think it's important to make occasional releases with patched dependencies.

Note that the livenessprobe and node-driver-registrar images for this release aren't at their latest versions. You can control the versions of these images at install time.

For example, to use the latest images at the time of the release of csi-driver v0.10.2:

helm upgrade cert-manager-csi-driver jetstack/cert-manager-csi-driver \
  --install \
  --version v0.10.2 \
  --namespace cert-manager \
  --set nodeDriverRegistrarImage.tag=v2.13.0 \
  --set livenessProbeImage.tag=v2.15.0 \
  --wait

What's Changed

Dependency Bumps

  • Bump the all group across 1 directory with 3 updates by @dependabot in #299
  • Bump the all group with 6 updates by @dependabot in #303
  • Bump the all group across 1 directory with 13 updates by @dependabot in #322
  • Bump the all group across 1 directory with 4 updates by @dependabot in #337
  • Bump the all group across 1 directory with 6 updates by @dependabot in #341
  • Bump golang.org/x/crypto from 0.28.0 to 0.31.0 in the go_modules group by @dependabot in #343
  • Bump the all group across 1 directory with 2 updates by @dependabot in #349
  • Bump the all group across 1 directory with 8 updates by @dependabot in #354

Other

  • Add Helm chart OCI release to GH automation by @inteon in #340

Makefile Modules Upgrades

  • [CI] Merge self-upgrade-main into main by @github-actions in #298
  • [CI] Merge self-upgrade-main into main by @github-actions in #300
  • [CI] Merge self-upgrade-main into main by @github-actions in #301
  • [CI] Merge self-upgrade-main into main by @github-actions in #302
  • [CI] Merge self-upgrade-main into main by @github-actions in #304
  • [CI] Merge self-upgrade-main into main by @github-actions in #305
  • [CI] Merge self-upgrade-main into main by @github-actions in #306
  • [CI] Merge self-upgrade-main into main by @github-actions in #308
  • [CI] Merge self-upgrade-main into main by @github-actions in #311
  • [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #312
  • [CI] Merge self-upgrade-main into main by @github-actions in #313
  • [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #315
  • [CI] Merge self-upgrade-main into main by @github-actions in #317
  • [CI] Merge self-upgrade-main into main by @github-actions in #321
  • [CI] Merge self-upgrade-main into main by @github-actions in #323
  • [CI] Merge self-upgrade-main into main by @github-actions in #324
  • [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #325
  • [CI] Merge self-upgrade-main into main by @github-actions in #327
  • [CI] Merge self-upgrade-main into main by @github-actions in #330
  • [CI] Merge self-upgrade-main into main by @github-actions in #332
  • [CI] Merge self-upgrade-main into main by @github-actions in #334
  • [CI] Merge self-upgrade-main into main by @github-actions in #336
  • [CI] Merge self-upgrade-main into main by @github-actions in #338
  • [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #342
  • [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #344
  • [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #345
  • [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #347
  • [CI] Merge self-upgrade-main into main by @github-actions in #350
  • [CI] Merge self-upgrade-main into main by @github-actions in #352
  • [CI] Merge self-upgrade-main into main by @github-actions in #355

Full Changelog: v0.10.1...v0.10.2

v0.10.1

29 Aug 12:28
4676cc9

Choose a tag to compare

cert-manager-csi-driver enables issuing secretless X.509 certificates for pods using cert-manager!

This is a patch release with some dependency bumps.

What's Changed

Dependency Bumps

  • chore: update csi-node-driver-registrar to v2.12.0 by @ThatsMrTalbot in #296
  • Bump the all group across 1 directory with 8 updates by @dependabot in #281
  • Bump the all group across 1 directory with 3 updates by @dependabot in #284
  • Bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 in the all group by @dependabot in #286
  • Bump the all group across 1 directory with 10 updates by @dependabot in #294

Makefile Modules Updates

  • [CI] Merge self-upgrade-main into main by @github-actions in #282
  • [CI] Merge self-upgrade-main into main by @github-actions in #285
  • [CI] Merge self-upgrade-main into main by @github-actions in #287
  • [CI] Merge self-upgrade-main into main by @github-actions in #290
  • [CI] Merge self-upgrade-main into main by @github-actions in #293
  • [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #295

Full Changelog: v0.10.0...v0.10.1

v0.10.0

22 Jul 12:14
d65e12a

Choose a tag to compare

cert-manager-csi-driver enables issuing secretless X.509 certificates for pods using cert-manager!

What's Changed

  • Add Prometheus metrics endpoint by @wallrj in #271
  • Bump google.golang.org/grpc from 1.64.0 to 1.64.1 in the go_modules group by @dependabot in #275
  • chore: update csi-node-driver-registrar image by @ThatsMrTalbot in #280

New Contributors

Full Changelog: v0.9.0...v0.10.0

v0.9.0

27 Jun 13:33
4e343e1

Choose a tag to compare

cert-manager-csi-driver enables issuing secretless X.509 certificates for pods using cert-manager!

What's Changed

  • Helm: set linux nodeSelector by default by @inteon in #258
  • docs: move release docs to RELEASE.md by @ThatsMrTalbot in #259
  • Add attribute support for certificate subject by @nzbr in #228
  • [CI] Merge self-upgrade-main into main by @github-actions in #260
  • Bump the all group across 1 directory with 9 updates by @dependabot in #263
  • Bump the all group with 3 updates by @dependabot in #265
  • feat: add RBAC for OpenShift SecurityContextConstraints by @ThatsMrTalbot in #272
  • [CI] Merge self-upgrade-main into main by @github-actions in #266
  • Bump the all group across 1 directory with 8 updates by @dependabot in #270
  • Bump github.com/cert-manager/cert-manager from 1.15.0 to 1.15.1 in the all group by @dependabot in #273

New Contributors

  • @nzbr made their first contribution in #228

Full Changelog: v0.8.1...v0.9.0

v0.8.1

13 May 12:52
0444845

Choose a tag to compare

cert-manager-csi-driver enables issuing secretless X.509 certificates for pods using cert-manager!

This patch release upgrades the Go version used to build from 1.22.2 to 1.22.3, fixing GO-2024-2824 (GHSA-2jwv-jmq4-4j3r).

Additionally, the PR includes version bumps for all Go dependencies.

Version bumps

  • Bump sigs.k8s.io/controller-runtime from 0.17.2 to 0.17.3 in the all group by @dependabot in #233
  • Bump golang.org/x/net from 0.20.0 to 0.23.0 in the go_modules group by @dependabot in #236
  • Bump the all group across 1 directory with 8 updates by @dependabot in #242
  • Bump github.com/cert-manager/cert-manager from 1.14.4 to 1.14.5 in the all group by @dependabot in #243
  • Bump the all group across 1 directory with 3 updates by @dependabot in #249
  • Bump sigs.k8s.io/controller-runtime from 0.18.1 to 0.18.2 in the all group by @dependabot in #250
  • Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 in the all group by @dependabot in #253

Full Changelog: v0.8.0...v0.8.1

v0.8.0

27 Mar 13:47
v0.8.0
2309ade

Choose a tag to compare

cert-manager-csi-driver enables issuing secretless X.509 certificates for pods using cert-manager!

v0.8.0 includes a few improvements and upgrades to the Helm chart, which should make it easier to install and manage CSI driver.

Notably, this release uses the v1 API for CSIDriver in all cases. Previously, logic existed which tried to support very old Kubernetes versions back from before the CSIDriver resource hit GA around Kubernetes v1.18. Since those versions are so old now, we unconditionally use v1 to simply the process of using csi-driver. Notably, this helps if using helm template to render the chart to YAML.

This release also includes a great improvement from a first time contributor, @Cisien! They added the ability to pass volumeAttributes along to the CertificateRequest resource which csi-driver creates. This makes csi-driver act more like "regular" cert-manager, enabling new potential uses!

Finally, the csi-driver DaemonSet now includes the default-container annotation, which means that kubectl logs will show the logs for the csi-driver container by default, which should help with debugging!

What's Changed

  • Use CSIDriver v1 unconditionally by @SgtCoDFish in #220
  • Pass non-driver volumeAttributes to the created CertificateRequest by @Cisien in #212
  • Add 'crds.enabled' and 'crds.keep' options to generated CRDs by @inteon in #204
  • Enable helm-tool linter and schema generator by @inteon in #191
  • Fix broken link to csi-driver-spiffe in Chart.yaml by @inteon in #201
  • Helm: Use same include statement for labels everywhere by @inteon in #207
  • Add default container annotation to daemonset by @SgtCoDFish in #223

Misc / Business-as-Usual

  • Add initial documentation of release process by @SgtCoDFish in #224
  • Several dependency upgrade PRs by @dependabot
  • Several makefile modules update PRs by @github-actions

New Contributors

Full Changelog: v0.7.1...v0.8.0