Skip to content

What's changed

ncm-issuer 1.1.0 introduces a number of improvements mainly related to the logic of handling and sending requests to NCM API, but also significant enhancement to Helm chart. Besides the improvements, there are also a few features, including sidecar, selection of the logging verbosity level and Prometheus metrics.

⚠ Warning: Read this before upgrading from version <1.1.0!

New, more user-friendly fields names are used to simplify the definition of Issuer and ClusterIssuer. This means that the old names are not suggested way of declaring them, but they will remain supported for a few more releases.

New suggested way of defining Issuer or ClusterIssuer and their fields description: CRDs

Improvements

  • The Issuer and ClusterIssuer definitions are improved to use more user-friendly names and grouped into appropriate sections (see mentioned warning)
  • NCM API errors (indicating that API is not available) or statuses indicating that certificate has not yet been issued now results in CSRs being queued and processed after some time instead of being immediately re-processed and making unnecessary requests to NCM API
  • Improve the mechanism responsible for the selection of NCM API - it's now based on the first-alive algorithm
  • Helm chart is rewritten according to the rules given in the Helm documentation

Features

  • Add option to set HTTP client timeout
  • Add option to set a time indicating how often NCM API(s) availability should be checked (related to new NCM API selection mechanism)
  • Add Prometheus support to allow monitoring of the total number of enrollment or renewal operations. Each of these operations also has metrics responsible for determining how many of them were successful or failed. The metrics attempt to reflect the number of CSRs or renewals sent to the NCM, if request is rejected or postponed by NCM, this state will be reflected as failure of the enrollment operation, while accepting and returning appropriate resource will result in successful enrollment or renewal operation (use the prefix ncm_issuer in Prometheus query to see all possible metrics)
  • More efficient debugging of ncm-issuer is added with the option of using sidecar or defining logging level verbosity (for more information, see: Troubleshooting)

Fixes

  • Fix occasionally encountered data-races when accessing saved Issuer or ClusterIssuer config

Other

  • Add ncm-issuer documentation hosted on GitHub pages (visit: documentation)
  • Helm chart is now hosted on GitHub pages (link: https://nokia.github.io/ncm-issuer/charts)

For more detailed view about new CRDs definition, troubleshooting and more, see: documentation