v1.4.2 Cert Cleanup Support

Note

Please use the latest helm chart while upgrading, since additional permissions have been added to the ClusterRole used by NIC.

New Features and Support

• Clean-up for unused OCI Certificate service resources generated for TLS Support through kubernetes secrets can now be enabled by setting certDeletionGracePeriodInDays in the helm values.yaml file. The value should be an integer, where 0 represents that this feature is disabled.
• OCI Certificate Service resources created for TLS Support through kubernetes secrets can now be managed in the LB compartment. Set useLbCompartmentForCertificates in the helm values.yaml file to enable this.
• Errors seen in Ingress / IngressClass reconciliations can now be surfaced as kubernetes events by setting emitEvents in the helm values.yaml file.

What's Changed

• add v1.31 to supported Kubernetes versions by @piyush-tiwari in #123
• Sync with internal repo by @piyush-tiwari in #127
  -- Allow certificates to be managed in LB compartment
  -- Preserve defined tags on LB when defined-tag related annotations are absent
  -- Only sync relevant BackendSets and Listeners for an Ingress reconciliation, to fix a bug where changing the IngressBackend for a TLS enabled Ingress was not possible
  -- Report warning events for ingress and ingressclass reconciliation failures
  -- Allow host header to contain listener port for routing rules, to fix a bug where requests with Host: hostname:port were getting rejected but requests with Host: hostname were allowed
  -- Make tlsv1.2 minimum for webhook server for security reasons
  -- Clean up unused certificate resources managed by NIC
  -- Bump golang.org/x/net to 0.36.0, golang.org/x/oauth2 to 0.27.0, go compile version to 1.23.7 for security reasons

Full Changelog: v1.4.1...v1.4.2