v0.8.3

openshift-routes provides OpenShift Route support for cert-manager.

This release is a patch release, upgrading Go from 1.25.1 to 1.25.3, fixing a range of CVEs: CVE-2025-61724, CVE-2025-58187, CVE-2025-47912, CVE-2025-58183, CVE-2025-61723, CVE-2025-58186, CVE-2025-58185, CVE-2025-58188, and CVE-2025-61725.

Furthermore, additional go dependencies were upgraded where possible.

Full Changelog: v0.8.2...v0.8.3

v0.8.2

openshift-routes provides OpenShift Route support for cert-manager.

v0.8.2 is another simple rebuild with bumped dependencies and a newer version of Go, created because openshift-routes hadn't been released in a while.

What's Changed

Dependency Updates

• Bump the all group across 1 directory with 7 updates by @dependabot[bot] in #209
• Bump the all-go-deps group with 5 updates by @dependabot[bot] in #223
• Bump actions/checkout from 4 to 5 in the all-gh-actions group by @dependabot[bot] in #222

Makefile Modules

• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #200
• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #202
• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #205
• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #206
• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #207
• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #208
• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #210
• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #211
• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #212
• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #213
• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #214
• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #215
• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #216
• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #218
• [CI] Merge self-upgrade-main into main by @github-actions[bot] in #221

Other

• Add missing CONTRIBUTING.md file by @SgtCoDFish in #220

Full Changelog: v0.8.1...v0.8.2

v0.8.1

openshift-routes provides OpenShift Route support for cert-manager.

v0.8.1 is a simple rebuild with bumped dependencies and a newer version of Go, created because openshift-routes hadn't been released in a while.

What's Changed

• [CI] Merge self-upgrade-main into main by @github-actions in #149
• [CI] Merge self-upgrade-main into main by @github-actions in #151
• Manual makefile-modules upgrade by @SgtCoDFish in #152
• [CI] Merge self-upgrade-main into main by @github-actions in #154
• [CI] Merge self-upgrade-main into main by @github-actions in #155
• [CI] Merge self-upgrade-main into main by @github-actions in #157
• [CI] Merge self-upgrade-main into main by @github-actions in #158
• [CI] Merge self-upgrade-main into main by @github-actions in #159
• [CI] Merge self-upgrade-main into main by @github-actions in #160
• [CI] Merge self-upgrade-main into main by @github-actions in #162
• [CI] Merge self-upgrade-main into main by @github-actions in #164
• [CI] Merge self-upgrade-main into main by @github-actions in #165
• [CI] Merge self-upgrade-main into main by @github-actions in #166
• [CI] Merge self-upgrade-main into main by @github-actions in #168
• [CI] Merge self-upgrade-main into main by @github-actions in #169
• [CI] Merge self-upgrade-main into main by @github-actions in #170
• [CI] Merge self-upgrade-main into main by @github-actions in #171
• Bump the all group across 1 directory with 9 updates by @dependabot in #163
• [CI] Merge self-upgrade-main into main by @github-actions in #172
• [CI] Merge self-upgrade-main into main by @github-actions in #173
• Bump golang.org/x/net from 0.34.0 to 0.36.0 in the go_modules group by @dependabot in #167
• [CI] Merge self-upgrade-main into main by @github-actions in #175
• [CI] Merge self-upgrade-main into main by @github-actions in #176
• [CI] Merge self-upgrade-main into main by @github-actions in #177
• [CI] Merge self-upgrade-main into main by @github-actions in #179
• [CI] Merge self-upgrade-main into main by @github-actions in #181
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #183
• Add dependency licenses to repo and OCI image by @inteon in #184
• [CI] Merge self-upgrade-main into main by @github-actions in #185
• Bump the all group across 1 directory with 6 updates by @dependabot in #182
• [CI] Merge self-upgrade-main into main by @github-actions in #186
• [CI] Merge self-upgrade-main into main by @github-actions in #187
• [CI] Merge self-upgrade-main into main by @github-actions in #188
• [CI] Merge self-upgrade-main into main by @github-actions in #189
• [CI] Merge self-upgrade-main into main by @github-actions in #190
• [CI] Merge self-upgrade-main into main by @github-actions in #191
• [CI] Merge self-upgrade-main into main by @github-actions in #192
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #193
• [CI] Merge self-upgrade-main into main by @github-actions in #197
• [CI] Merge self-upgrade-main into main by @github-actions in #198
• Bump the all group across 1 directory with 8 updates by @dependabot in #199

Full Changelog: v0.8.0...v0.8.1

v0.8.0

openshift-routes provides OpenShift Route support for cert-manager.

v0.8.0 includes a slew of dependency bumps, along with an important bug fix for routes with chains with more than 2 total certificates. We recommend all users to upgrade.

What's Changed

Bug Fixes

• ❗ Ensure that chain is copied in full to route by @SgtCoDFish in #122

Other

• Add Helm chart OCI release to GH automation by @inteon in #134

Dependency Updates

• Bump the all group across 1 directory with 8 updates by @dependabot in #130
• Bump the all group across 1 directory with 5 updates by @dependabot in #138
• Bump golang.org/x/crypto from 0.27.0 to 0.31.0 in the go_modules group by @dependabot in #137
• Bump sigs.k8s.io/controller-runtime from 0.19.3 to 0.19.4 in the all group by @dependabot in #143
• Bump dependencies to fix trivy-reported CVEs by @SgtCoDFish in #145
• Bump the all group with 7 updates by @dependabot in #146

Makefile Modules Updates

• [CI] Merge self-upgrade-main into main by @github-actions in #114
• [CI] Merge self-upgrade-main into main by @github-actions in #118
• [CI] Merge self-upgrade-main into main by @github-actions in #119
• [CI] Merge self-upgrade-main into main by @github-actions in #120
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #121
• [CI] Merge self-upgrade-main into main by @github-actions in #125
• [CI] Merge self-upgrade-main into main by @github-actions in #128
• [CI] Merge self-upgrade-main into main by @github-actions in #129
• [CI] Merge self-upgrade-main into main by @github-actions in #131
• [CI] Merge self-upgrade-main into main by @github-actions in #132
• [CI] Merge self-upgrade-main into main by @github-actions in #133
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #136
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #139
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #140
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #141
• [CI] Merge self-upgrade-main into main by @github-actions in #142
• [CI] Merge self-upgrade-main into main by @github-actions in #144
• [CI] Merge self-upgrade-main into main by @github-actions in #147

Full Changelog: v0.7.1...v0.8.0

v0.7.1

openshift-routes provides OpenShift Route support for cert-manager.

v0.7.1 includes a bug fix for an issue relating to the renew-before annotation. The bug was introduced in v0.7.0.

If upgrading from a version below v0.7.0, you should read the release notes for v0.7.0 in full.

What's Changed

• Don't set renew-before if annotation not present by @SgtCoDFish in #111
• Various dependency bumps (#105, #109, #112) and other upgrades (#106, #107, #108, #110) by @inteon, @dependabot and @github-actions

Full Changelog: v0.7.0...v0.7.1

v0.7.1-beta.0

openshift-routes provides OpenShift Route support for cert-manager.

v0.7.1-beta.0 is a pre-release version for testing a potential bug fix around the renew-before annotation. See this comment for more information.

What's Changed

• Don't set renew-before if annotation not present by @SgtCoDFish in #111
• Various dependency bumps (#105 and #109) and other upgrades (#106, #107, #108, #110) by @inteon, @dependabot and @github-actions

Full Changelog: v0.7.0...v0.7.1-beta.0

v0.7.0

openshift-routes provides OpenShift Route support for cert-manager.

Version v0.7.0 is a major architectural change to the project which fundamentally alters how it works behind the scenes.

READ BEFORE UPGRADING: Issuing via Certificate Resources

Previously, openshift-routes worked by creating cert-manager CertificateRequest resources based on the annotations added to OpenShift Route resources.

This worked well most of the time, but caused several issues, details of which can be found in #55, #101, #34 and #49.

To address these issues, openshift-routes will now create cert-manager Certificate resources instead, which dramatically simplifies the login in openshift-routes and provides several benefits:

1. Metrics are exposed by cert-manager for Certificate resources, improving observability
2. Certificate resources are much more user friendly to read and understand
3. Issued certificates are also stored in Kubernetes Secret resources, allowing use in your applications as well as on Routes

Among other benefits.

What action do I need to take?

We expect that most users should be able to upgrade using Helm without seeing much difference in behaviour. Existing annotated Routes with certificates will continue to function as before. When reissuance is triggered, the Route should be updated using a Certificate with no user interaction.

Still, given the nature of the change, it's advisable to check the state of issued certificates on your Route resources to be sure that they're being renewed. If you find any problems, please raise an issue and ideally reach out to us on slack to let us know.

It's important to note that:

1. You must upgrade properly. There are important RBAC changes which come with the upgrade. Without those changes, openshift-routes will fail to issue any certificate.
2. If you're using cert-manager's approval mechanism, the CertificateRequest resources will have different names to what they had before. The names now will be deterministic per-route.

What else should I be aware of?

To check if the TLS certificate on a Route needs to be reissued, openshift-routes needs to be able to compare it against the Secret resource which is created by the Certificates which are now used for issuance. That means that after you upgrade, openshift-routes will be able to read all Secrets across the cluster.

New Annotations Supported

openshift-route now supports more annotations on routes, allowing greater flexibility in issuing certificates:

• cert-manager.io/private-key-algorithm now now supports Ed25519 keys
• cert-manager.io/private-key-rotation-policy allows specifying how private keys should be rotated. Set this to Always unless you've got a good reason not to.
• cert-manager.io/revision-history-limit controls how many CertificateRequests should be preserved when Certificates are (re-)issued. Set this to a low number to reduce cluster clutter.

What's Changed

Features

• ⚠️ Use Certificates over CertificateRequests (follow-up to #55) by @jacksgt and @SgtCoDFish in #101

Bug Fixes

• Fix logging issue where %s is presented by @davidcollom in #97

New Contributors

• @davidcollom made their first contribution in #97 🎉

Full Changelog: v0.6.1...v0.7.0

v0.6.1

openshift-routes provides OpenShift Route support for cert-manager

What's Changed

• Update README.md to reflect changes made to release artifacts and installation instructions by @inteon in #82
• Use v-prefixed value for appVersion in Helm chart by @inteon in #88
• Bugfix/ update openshift dependencies by @ctrought in #93

Update dependencies:

• Bump the all group across 1 directory with 6 updates by @dependabot in #84
• Bump github.com/cert-manager/cert-manager from 1.15.2 to 1.15.3 in the all group by @dependabot in #86

Update makefile modules:

• [CI] Merge self-upgrade-main into main by @github-actions in #83
• [CI] Merge self-upgrade-main into main by @github-actions in #85
• [CI] Merge self-upgrade-main into main by @github-actions in #87
• [CI] Self-upgrade merging self-upgrade-main into main by @inteon in #89
• [CI] Merge self-upgrade-main into main by @github-actions in #90
• [CI] Merge self-upgrade-main into main by @github-actions in #91
• [CI] Merge self-upgrade-main into main by @github-actions in #92
• [CI] Merge self-upgrade-main into main by @github-actions in #94

Full Changelog: v0.6.0...v0.6.1

v0.6.0

openshift-routes provides OpenShift Route support for cert-manager

We changed the release process. The project now relies on Makefile modules like the other projects under the cert-manager org. The changes are:

• The file static/cert-manager-openshift-routes.yaml is no longer present in the repository. You now have to template your own manifests, for example:

  oc apply -f <(helm template openshift-routes -n cert-manager oci://ghcr.io/cert-manager/charts/openshift-routes --set omitHelmLabels=true --version 0.6.0)

• Image tags now use the v prefix:

  -ghcr.io/cert-manager/cert-manager-openshift-routes:0.5.0
  +ghcr.io/cert-manager/cert-manager-openshift-routes:v0.6.0

Install instructions

helm install openshift-routes -n cert-manager oci://ghcr.io/cert-manager/charts/openshift-routes --version 0.6.0

What changed between v0.5.0 and v0.6.0?

• Helm: it is now possible to use the namespace field in values.yaml for configuring the destination namespace. This is useful in the context of Helm subcharts. By @Jaydee94 in #59
• Migrate the project to Makefile modules by @inteon in #60
• Add E2E smoke tests by @inteon in #63
• Helm: add omitHelmLabels so that people can generate static manifests without the Helm-specific labels by @maelvls in #74

New Contributors

• @Jaydee94 made their first contribution in #59
• @inteon made their first contribution in #60
• @github-actions made their first contribution in #66

Full Changelog: v0.5.0...v0.6.0-alpha.0

v0.6.0-alpha.0

This is the first alpha release of openshift-routes v0.6.0.

We changed the release process. The project now relies on Makefile modules like the other projects under the cert-manager org. The changes are:

• The file static/cert-manager-openshift-routes.yaml is no longer present in the repository. You can continue relying on the generated cert-manager-openshift-routes.yaml, for example:

  oc apply -f https://github.com/cert-manager/openshift-routes/releases/download/v0.6.0-alpha.0/cert-manager-openshift-routes.yaml

• Image tags now use the v prefix:

  -ghcr.io/cert-manager/cert-manager-openshift-routes:0.5.0
  +ghcr.io/cert-manager/cert-manager-openshift-routes:v0.6.0-alpha.0

Install instructions

helm install openshift-routes -n cert-manager oci://ghcr.io/cert-manager/charts/openshift-routes --version=0.6.0-alpha.0

You can also use the static manifests:

oc apply -f https://github.com/cert-manager/openshift-routes/releases/download/v0.6.0-alpha.0/cert-manager-openshift-routes.yaml

What changed between v0.5.0 and v0.6.0-alpha0?

• Helm: it is now possible to use the namespace field in values.yaml for configuring the destination namespace. This is useful in the context of Helm subcharts. By @Jaydee94 in #59
• Migrate the project to Makefile modules by @inteon in #60
• Add E2E smoke tests by @inteon in #63

New Contributors

• @Jaydee94 made their first contribution in #59
• @inteon made their first contribution in #60
• @github-actions made their first contribution in #66

Full Changelog: v0.5.0...v0.6.0-alpha.0