Skip to content

spire-0.17.0
Compare
Choose a tag to compare
@github-actions github-actions released this 24 Jan 11:38
spire-0.17.0
5f46d7b
This commit was signed with the committer’s verified signature. The key has expired.
marcofranssen Marco Franssen
GPG key ID: 196A5F57979D5CD2
Expired
Learn about vigilant mode.

A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager.

Important

Depending on your current oidc-discovery-provider setup the upgrade might fail. To workaround this issue you can do following.

kubectl delete -n spire-system deployment spire-spiffe-oidc-discovery-provider

Now simply run helm upgrade again.

Warning

The SPIFFE OIDC Discovery Provider now has many new TLS options and defaults to using SPIRE to issue its certificate.

The spiffe-oidc-discovery-provider.insecureScheme.enabled flag was removed. If you previously set that flag, remove the setting from your values.yaml and see if the new default of using a SPIRE issued certificate is suitable for your deployment. If it isn't, please consider one of the other options under spiffe-oidc-discovery-provider.tls. If all other options are still unsuitable, you can still enable the previous mode by disabling TLS. spiffe-oidc-discovery-provider.spire.enabled=false

The SPIFFE OIDC Discovery Provider is now enabled by default. If you previously chose to have it off, you can disable it explicitly with spiffe-oidc-discovery-provider.enabled=false.

What's Changed

  • Added ability to create namespaces by @sabre1041 in #103
  • Remove unneeded lookup function from upgrade hook by @kfox1111 in #104
  • Add a flag to enable recommendations by @kfox1111 in #121
  • Bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #136
  • Bump actions/setup-python from 4 to 5 by @dependabot in #137
  • SELinux support by @kfox1111 in #122
  • Bump test chart dependencies by @github-actions in #134
  • Bump test chart dependencies by @github-actions in #141
  • Revert openssl 3.2 change by @kfox1111 in #142
  • Tornjak UBI support by @kfox1111 in #123
  • Use good and automatic defaults for tornjak frontend workingDir by @kfox1111 in #129
  • Add recommendation for priorityClass by @kfox1111 in #124
  • Add devcontainer support to the repo by @kfox1111 in #98
  • Bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #145
  • Update default for additionalDomains not to include localhost by @kfox1111 in #146
  • Remove extra example values that are already set by default by @kfox1111 in #128
  • Bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #147
  • Bump helm.sh/helm/v3 from 3.13.2 to 3.13.3 in /tests by @dependabot in #149
  • Update the Tornjak image version by @mrsabath in #150
  • Bump test chart dependencies by @github-actions in #155
  • Add recommendation for strictMode by @kfox1111 in #143
  • Add recommendation for securityContext and podSecurityContext by @kfox1111 in #125
  • Add recommendation for prometheus exporter by @kfox1111 in #144
  • Fix test logging by @kfox1111 in #154
  • Bump k8s versions for ci workflow by @marcofranssen in #156
  • Add recommendation for namespaceLayout by @kfox1111 in #127
  • Fix nested test by @kfox1111 in #158
  • Remove 1.29.0 until deps catch up. by @kfox1111 in #159
  • Revert to older ingress-nginx to fix tests by @kfox1111 in #161
  • Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /tests by @dependabot in #162
  • Add recommendation for namespacePSS by @kfox1111 in #131
  • Update jwt test to work with newer slim images by @drewwells in #139
  • Bump test chart dependencies by @github-actions in #165
  • Fix links still pointing at older git repo by @kfox1111 in #167
  • Bump test chart dependencies by @github-actions in #171
  • SPIFFE OIDC Discovery Provider Rework by @kfox1111 in #152
  • Bump test chart dependencies by @github-actions in #174
  • Update HorizontalPodAutoscaler API to autoscaling/v2 by @jer8me in #153
  • Remove deprecated version values by @kfox1111 in #179
  • Fix notes bug by @kfox1111 in #178
  • Add spire-agent to spire-agent pod path by @kfox1111 in #180
  • Bump github.com/onsi/ginkgo/v2 from 2.13.2 to 2.14.0 in /tests by @dependabot in #183
  • Fix agent daemonset format by @mrsabath in #184
  • Bump test chart dependencies by @github-actions in #186
  • Add join_token server nodeattestor support by @kfox1111 in #187
  • Add tls section to federation bundle endpoint and fix up annotations by @kfox1111 in #173
  • Add a test and example for federation support by @kfox1111 in #169
  • Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.15.0 in /tests by @dependabot in #191
  • Bump helm.sh/helm/v3 from 3.13.3 to 3.14.0 in /tests by @dependabot in #190
  • Bump github.com/onsi/gomega from 1.30.0 to 1.31.0 in /tests by @dependabot in #192
  • Add support for running spiffe secured discovery provider (default) by @kfox1111 in #163
  • Update SPIRE to 1.8.7 by @kfox1111 in #194
  • Update to spire-controller-manager 0.4.1 by @kfox1111 in #193
  • Bump github.com/onsi/gomega from 1.31.0 to 1.31.1 in /tests by @dependabot in #199
  • Add missing extraVolumeMounts to the controllerManager by @kfox1111 in #196
  • Bump test chart dependencies by @github-actions in #200
  • Update the documentation by @kfox1111 in #172
  • Add missing bundlePublisher section and extraEnv so settings can be set by @kfox1111 in #201
  • Update the CRs to enable multiple instance nesting without naming conflicts by @kfox1111 in #189
  • Update spire-server with default container annotation. by @cccsss01 in #205
  • Bump spire Helm Chart version from 0.16.0 to 0.17.0 by @kfox1111 in #203

New Contributors

Full Changelog: spire-0.16.0...spire-0.17.0

Contributors

drewwells, marcofranssen, and 6 other contributors
Assets 3
Loading