Upgraded several cluster components

As part of our regular upgrade cycle, the following Kubernetes cluster components have been updated. We’ve already rolled these out to all clusters.

Most notable changes include bug fixes and minor improvements. Click each link to go to the full upstream changelog.

Core functionality


  • cert-manager 1.1.0 -> 1.2.0
    • Add kubectl cert-manager inspect secret to print certificate info from a secret resource
    • Add option to pass the Certificate duration to ACME (not supported by Let’s Encrypt yet)
    • The ingress-shim now checks for cert-manager.io/duration and cert-manager.io/renew-before annotations and uses those values to set the Certificate.Spec.Duration and Certificate.Spec.RenewBefore fields
    • Fix a bug in the AWS Route53 DNS01 challenge that to retrying over and over instead of observing an exponential back off
    • Relaxes Ingress validation rules to allow for Certificates to be created/updated for valid Ingress TLS entries even if the same Ingress contains some invalid TLS entries
  • dex 2.27.0 -> 2.28.0
  • fluent-bit 1.6.10 -> 1.7.2
    • HTTP input plugin (beta): plugin that allows to receive data over HTTP protocol
    • Filter GeoIP2: enrich records with geoip2 data
    • WebSocket Output
    • Included Grafana dashboard to monitor FLuent Bit health and log processing rates
  • kubernetes-dashboard 2.1.0 to 2.2.0
  • oauth2-proxy 7.0.0 -> 7.0.1