Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update suite.yml for v1.11.7+suite.1 release #226

Merged
merged 1 commit into from
Jul 12, 2021
Merged

Update suite.yml for v1.11.7+suite.1 release #226

merged 1 commit into from
Jul 12, 2021

Conversation

jtuttle
Copy link
Member

@jtuttle jtuttle commented Jul 1, 2021
edited
Loading

Release Notes

All notable changes to this project will be documented in this file.

[v1.11.7+suite.1] - 2021-07-06

Table of Contents

Components

These are the components that combine to create this Conjur OSS Suite release and links
to their releases:

Conjur Server

Conjur SDK

Platform Integrations

DevOps Tools

Secretless Broker

Summon

Installation Instructions for the Suite Release Version of Conjur

Installing the Suite Release Version of Conjur requires setting the container image tag. Below are more specific instructions depending on environment.

  • Docker or docker-compose

    Set the container image tag to cyberark/conjur:1.11.7.
    For example, make the following update to the conjur service in the quickstart docker-compose.yml

    image: cyberark/conjur:1.11.7

  • Conjur OSS Helm chart

    Update the image.tag value and use the appropriate release of the helm chart:

    helm install ... \
  --set image.tag="1.11.7" \
  ...
  https://github.com/cyberark/conjur-oss-helm-chart/releases/download/v2.0.4/conjur-oss-2.0.4.tgz

Upgrade Instructions

Upgrade instructions are available for the following components:

Changes

The following are changes to the constituent components since the last Conjur
OSS Suite release:

cyberark/conjur

v1.11.7 (2021-06-08)

  • Added
    • Enabled authenticators can now be configured via a configuration file, or the
      CONJUR_AUTHENTICATORS environment variable.
      cyberark/conjur#2173
    • Trusted Proxies can now be configured with a configuration file or by setting
      the CONJUR_TRUSTED_PROXIES environment variable.
      cyberark/conjur#2168
    • Added conjurctl configuration show command to print the Conjur configuration
      values and the sources they are loaded from.
      cyberark/conjur#2169
    • Added conjurctl configuration apply command restart the Conjur process and
      pick up changes to the configuration file.
      cyberark/conjur#2171
  • Fixed
    • Fix bug where running conjurctl server or conjurctl account create with
      passwords that contain ,s sent via stdin raised an error.
      cyberark/conjur#2159
    • Update the default keepalive timeout for puma to be longer than most common proxy and load balancers.
      Previously, the load balancer in front of Conjur would commonly have a longer timeout than the
      server itself, which can lead to Conjur closing connections even as there are pending requests and
      the proxy returning 502 errors to the client.
      PR cyberark/conjur#2191
  • Security

cyberark/cloudfoundry-conjur-buildpack

v2.2.1 (2020-06-24)

  • Fixed
    • Fixed scrambled error messages (e.g. with invalid line numbers) that were
      generated whenever the Cloudfoundry Buildpack encountered errors while
      parsing environment variable settings after retrieving secrets variables
      from Conjur.
      cyberark/cloudfoundry-conjur-buildpack#120

cyberark/conjur-authn-k8s-client

v0.20.0 (2021-06-16)

  • Changed
  • Fixed
    • Fixes bug in error handling within the VerifyFileExists method that resulted in a
      panic when the error from os.Stat was not ErrNotExist. The fix includes introducing
      the CAKC058 error and log message for a file permissions error and theCAKC059 error
      and log message for when the path to a file exists but is not a regular file.
      cyberark/conjur-authn-k8s-client#252

v0.21.0 (2021-06-25)

@jtuttle jtuttle requested a review from a team as a code owner July 1, 2021 14:14
@jtuttle jtuttle force-pushed the update-suite-yml-for-1.11.7-release branch 3 times, most recently from 1950cab to 75d876b Compare July 7, 2021 13:15
@jtuttle
Copy link
Member Author

jtuttle commented Jul 7, 2021
edited by alexkalish
Loading

@boazmichaely @alexkalish

What's New

This suite release aligns with Conjur Server version 1.11.7. It includes a number of bug fixes, security upgrades, and logging improvements as well as a new configuration system and improvements to the kubernetes deployment experience.

File-based Configuration

In order to improve the experience of configuring Conjur instances at scale, a new file-based configuration system has been introduced. The system uses a YAML-formatted configuration file /etc/conjur/config/conjur.yml and can currently be used to configure trusted_proxies and enabled_authenticators. Values specified in the configuration file can be overridden for specific instances using environment variables. Previous methods of configuring these values have been deprecated and will be removed in a future release of Conjur.

To support this file-based configuration, two new conjurctl commands have been added:

  • conjurctl configuration show command will display the current state of configuration.
  • conjurctl configuration apply command will restart the Conjur server to pick up changes to the configuration file and the environment.

New Helm Charts

Two new helm charts have been added to simplify the deployment of Conjur-authenticated applications in Kubernetes environments:

  • conjur-config-cluster-prep: Creates Kubernetes resources for authentication and a "Golden" ConfigMap, which is a source of truth for Conjur connection details.
  • conjur-config-namespace-prep: Creates the namespace RoleBinding and a local copy of the above "Golden" ConfigMap.

Together, these Helm charts remove the need for application engineers to manage Conjur connection details. To start, this is a Community release. A Certified release will arrive in the near future. For more details, see the Helm README.

(Minor updates by @alexkalish)

@jtuttle jtuttle force-pushed the update-suite-yml-for-1.11.7-release branch from 75d876b to c063759 Compare July 7, 2021 14:52
@jtuttle jtuttle changed the title Update suite.yml for v1.11.7 release Update suite.yml for v1.11.7+suite.1 release Jul 9, 2021
alexkalish
alexkalish approved these changes Jul 9, 2021
View reviewed changes
Copy link
Contributor

@alexkalish alexkalish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, @jtuttle!

@jtuttle jtuttle merged commit e6a3fb6 into main Jul 12, 2021
@jtuttle jtuttle deleted the update-suite-yml-for-1.11.7-release branch July 12, 2021 00:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexkalish alexkalish alexkalish approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jtuttle @alexkalish