spire-0.18.2

A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager.

spire-0.18.1

A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager.

What's Changed

• Fix error message typo 'county' -> 'country' by @ericpfisher in #275
• Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.16.0 in /tests by @dependabot in #276
• Update SPIRE to 1.9.1 by @kfox1111 in #277
• Bump spire Helm Chart version from 0.18.0 to 0.18.1 by @faisal-memon in #278

New Contributors

• @ericpfisher made their first contribution in #275

Full Changelog: spire-0.18.0...spire-0.18.1

spire-0.18.0

A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager.

What's Changed

• Fix whitespace in spire-agent daemonset by @marcofranssen in #238
• Add support for enabling the spire-agent admin socket by @kfox1111 in #234
• Added emptyDir volume to spire-agent SCC by @sabre1041 in #243
• make audit_log_enabled configurable by @mcrors in #241
• Bump helm/kind-action from 1.8.0 to 1.9.0 by @dependabot in #245
• Bump test chart dependencies by @github-actions in #246
• Bump helm.sh/helm/v3 from 3.14.0 to 3.14.1 in /tests by @dependabot in #249
• Add example for using SPIRE for mTLS with Keycloak by @moritzschmitz-oviva in #248
• Bump test chart dependencies by @github-actions in #252
• Add global override for kubectl tag by @kfox1111 in #251
• Add support for integration tests in the tests/integration dir by @kfox1111 in #253
• Add support for specifying server admin_ids by @kfox1111 in #254
• Add support for specifying agent authorized_delegates by @kfox1111 in #255
• Bump helm/kind-action from 1.8.0 to 1.9.0 by @dependabot in #256
• Bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 in /tests by @dependabot in #257
• Upgrade to spire-controller-manager 0.4.3 by @kfox1111 in #258
• Fix OpenShift Federation Ingress bug by @maia-iyer in #260
• Bump test chart dependencies by @github-actions in #263
• Bump peter-evans/create-pull-request from 6.0.0 to 6.0.1 by @dependabot in #267
• Initial SPIRE 1.9.0 support by @kfox1111 in #262
• Enable CA settings via global by @kfox1111 in #268
• Add direct tpm support for spire-server by @kfox1111 in #211
• Add direct tpm support for spire-agent by @kfox1111 in #216
• Configurable daemonsets updateStrategy by @marcofranssen in #212
• add pod labels to spire server values by @mcrors in #271
• Bump test chart dependencies by @github-actions in #272
• Add pod labels to the SPIRE agent by @mcrors in #273
• Bump spire Helm Chart version from 0.17.2 to 0.18.0 by @faisal-memon in #274

New Contributors

• @mcrors made their first contribution in #241
• @moritzschmitz-oviva made their first contribution in #248
• @maia-iyer made their first contribution in #260

Full Changelog: spire-0.17.2...spire-0.18.0

spire-0.17.2

A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager.

What's Changed

• Bump peter-evans/create-pull-request from 5.0.2 to 6.0.0 by @dependabot in #229
• Add missing upgrade test bypass by @kfox1111 in #231
• Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 by @dependabot in #228
• Update README.md delete pvc for cleanup by @cccsss01 in #233
• Bump test chart dependencies by @github-actions in #235
• Add example of mysql using spire by @kfox1111 in #164
• Add alternate name support for the socket by @kfox1111 in #181
• Add missing affinity settings by @kfox1111 in #232
• Bump spire Helm Chart version from 0.17.1 to 0.17.2 by @faisal-memon in #236

Full Changelog: spire-0.17.1...spire-0.17.2

spire-0.17.1

A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager.

What's Changed

• Update spire-agent daemonset with pod annotation for default container by @cccsss01 in #204
• Always upgrade test from the previous major release by @kfox1111 in #207
• Update to spire-controller-manager 0.4.2 by @kfox1111 in #195
• Reduce spire-agent readinessProbe to allow faster rollouts by @marcofranssen in #210
• Remove the white line from securityContext rendering by @marcofranssen in #213
• Add another upgrade note and fix value name by @kfox1111 in #215
• Bump test chart dependencies by @github-actions in #219
• Update README.md put cleanup seperately by @cccsss01 in #223
• Fix hardcoded nodeAttestor and keyManager in spire-agent by @kfox1111 in #221
• Pass the agent's securityContext on to Kubernetes by @kfox1111 in #225
• Bump spire Helm Chart version from 0.17.0 to 0.17.1 by @faisal-memon in #226

Full Changelog: spire-0.17.0...spire-0.17.1

spire-crds-0.3.0

A Helm chart for deploying the Spire CRDS

What's Changed

• Remove CRD that isn't really a CRD by @kfox1111 in #197

Full Changelog: spire-0.16.0...spire-crds-0.3.0

spire-0.17.0

A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager.

Important

Depending on your current oidc-discovery-provider setup the upgrade might fail. To workaround this issue you can do following.

kubectl delete -n spire-system deployment spire-spiffe-oidc-discovery-provider

Now simply run helm upgrade again.

Warning

The SPIFFE OIDC Discovery Provider now has many new TLS options and defaults to using SPIRE to issue its certificate.

The spiffe-oidc-discovery-provider.insecureScheme.enabled flag was removed. If you previously set that flag, remove the setting from your values.yaml and see if the new default of using a SPIRE issued certificate is suitable for your deployment. If it isn't, please consider one of the other options under spiffe-oidc-discovery-provider.tls. If all other options are still unsuitable, you can still enable the previous mode by disabling TLS. spiffe-oidc-discovery-provider.spire.enabled=false

The SPIFFE OIDC Discovery Provider is now enabled by default. If you previously chose to have it off, you can disable it explicitly with spiffe-oidc-discovery-provider.enabled=false.

What's Changed

• Added ability to create namespaces by @sabre1041 in #103
• Remove unneeded lookup function from upgrade hook by @kfox1111 in #104
• Add a flag to enable recommendations by @kfox1111 in #121
• Bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #136
• Bump actions/setup-python from 4 to 5 by @dependabot in #137
• SELinux support by @kfox1111 in #122
• Bump test chart dependencies by @github-actions in #134
• Bump test chart dependencies by @github-actions in #141
• Revert openssl 3.2 change by @kfox1111 in #142
• Tornjak UBI support by @kfox1111 in #123
• Use good and automatic defaults for tornjak frontend workingDir by @kfox1111 in #129
• Add recommendation for priorityClass by @kfox1111 in #124
• Add devcontainer support to the repo by @kfox1111 in #98
• Bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #145
• Update default for additionalDomains not to include localhost by @kfox1111 in #146
• Remove extra example values that are already set by default by @kfox1111 in #128
• Bump sigstore/cosign-installer from 3.2.0 to 3.3.0 by @dependabot in #147
• Bump helm.sh/helm/v3 from 3.13.2 to 3.13.3 in /tests by @dependabot in #149
• Update the Tornjak image version by @mrsabath in #150
• Bump test chart dependencies by @github-actions in #155
• Add recommendation for strictMode by @kfox1111 in #143
• Add recommendation for securityContext and podSecurityContext by @kfox1111 in #125
• Add recommendation for prometheus exporter by @kfox1111 in #144
• Fix test logging by @kfox1111 in #154
• Bump k8s versions for ci workflow by @marcofranssen in #156
• Add recommendation for namespaceLayout by @kfox1111 in #127
• Fix nested test by @kfox1111 in #158
• Remove 1.29.0 until deps catch up. by @kfox1111 in #159
• Revert to older ingress-nginx to fix tests by @kfox1111 in #161
• Bump golang.org/x/crypto from 0.14.0 to 0.17.0 in /tests by @dependabot in #162
• Add recommendation for namespacePSS by @kfox1111 in #131
• Update jwt test to work with newer slim images by @drewwells in #139
• Bump test chart dependencies by @github-actions in #165
• Fix links still pointing at older git repo by @kfox1111 in #167
• Bump test chart dependencies by @github-actions in #171
• SPIFFE OIDC Discovery Provider Rework by @kfox1111 in #152
• Bump test chart dependencies by @github-actions in #174
• Update HorizontalPodAutoscaler API to autoscaling/v2 by @jer8me in #153
• Remove deprecated version values by @kfox1111 in #179
• Fix notes bug by @kfox1111 in #178
• Add spire-agent to spire-agent pod path by @kfox1111 in #180
• Bump github.com/onsi/ginkgo/v2 from 2.13.2 to 2.14.0 in /tests by @dependabot in #183
• Fix agent daemonset format by @mrsabath in #184
• Bump test chart dependencies by @github-actions in #186
• Add join_token server nodeattestor support by @kfox1111 in #187
• Add tls section to federation bundle endpoint and fix up annotations by @kfox1111 in #173
• Add a test and example for federation support by @kfox1111 in #169
• Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.15.0 in /tests by @dependabot in #191
• Bump helm.sh/helm/v3 from 3.13.3 to 3.14.0 in /tests by @dependabot in #190
• Bump github.com/onsi/gomega from 1.30.0 to 1.31.0 in /tests by @dependabot in #192
• Add support for running spiffe secured discovery provider (default) by @kfox1111 in #163
• Update SPIRE to 1.8.7 by @kfox1111 in #194
• Update to spire-controller-manager 0.4.1 by @kfox1111 in #193
• Bump github.com/onsi/gomega from 1.31.0 to 1.31.1 in /tests by @dependabot in #199
• Add missing extraVolumeMounts to the controllerManager by @kfox1111 in #196
• Bump test chart dependencies by @github-actions in #200
• Update the documentation by @kfox1111 in #172
• Add missing bundlePublisher section and extraEnv so settings can be set by @kfox1111 in #201
• Update the CRs to enable multiple instance nesting without naming conflicts by @kfox1111 in #189
• Update spire-server with default container annotation. by @cccsss01 in #205
• Bump spire Helm Chart version from 0.16.0 to 0.17.0 by @kfox1111 in #203

New Contributors

• @drewwells made their first contribution in #139
• @jer8me made their first contribution in #153
• @cccsss01 made their first contribution in #205

Full Changelog: spire-0.16.0...spire-0.17.0

spire-0.16.0

A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager.

What's Changed

• Documentation cleanup by @kfox1111 in #97
• Render notes correctly on vscode by @kfox1111 in #96
• Bump github.com/onsi/ginkgo/v2 from 2.13.0 to 2.13.1 in /tests by @dependabot in #100
• Bump test chart dependencies by @github-actions in #101
• Add some nested diagrams by @kfox1111 in #102
• Ordering of SecurityContextConstraint array items by @sabre1041 in #105
• Fix typo ClusterSPIFFEID for workloadTSelectoremplates by @MattiasGees in #107
• Consolidate all the examples to a common relative path by @mrsabath in #109
• Introduce ReadOnlyRootFilesystem for Tornjak frontend by @mrsabath in #110
• Auto add default CSIDriver labels on OpenShift by @kfox1111 in #111
• Bump test chart dependencies by @github-actions in #113
• Bump spire version to 1.8.5 by @kfox1111 in #115
• Bump test chart dependencies by @github-actions in #116
• Enable agent to kubelet connection to use hostname by @kfox1111 in #112
• Allow additional CRs to be managed by the chart by @kfox1111 in #117
• Fix missing release name from install documentation by @kfox1111 in #118
• Add note about supported version upgrades by @faisal-memon in #119
• Fix missing protocol in JWT Issuer by @mrsabath in #120
• Bump github.com/onsi/ginkgo/v2 from 2.13.1 to 2.13.2 in /tests by @dependabot in #126
• Add additional instructions to release PR to also check other charts by @marcofranssen in #95
• Bump spire Helm Chart version from 0.15.1 to 0.16.0 by @marcofranssen in #130

New Contributors

• @MattiasGees made their first contribution in #107

Full Changelog: spire-0.15.1...spire-0.16.0

spire-crds-0.2.0

A Helm chart for deploying the Spire CRDS

What's Changed

• Update SPIRE crds version by @faisal-memon in #93

Full Changelog: spire-0.15.0...spire-crds-0.2.0

spire-0.15.1

A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager.

What's Changed

• Add Tornjak ingress example by @mrsabath in #30
• Bump spire Helm Chart version from 0.15.0 to 0.15.1 by @marcofranssen in #94

Full Changelog: spire-crds-0.2.0...spire-0.15.1