Skip to content

Release v1.1.0

Latest
Latest
Compare
Choose a tag to compare
@osmman osmman released this 07 Nov 11:47
v1.1.0
dd505a5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

What's Changed

  • Remove dependency on sigstore-ocp by @bouskaJ in #387
  • fix: Set the common name of the Fulcio cert automatically by @JasonPowr in #365
  • Extract fbc sources code to separate repository by @osmman in #395
  • rm kube-rbac-proxy by @JasonPowr in #388
  • Handle error when ctlog unable to generate public key by @osmman in #369
  • Add annotation to pause resource reconciliation by @osmman in #346
  • Use SecurityContextConstraints resource to identify OCP environment by @osmman in #391
  • Add liveness and readiness probes by @osmman in #408
  • Securesign-1001 | Create Tree Deadline not being enough by @tommyd450 in #393
  • doc: fix breaking readme by @kahboom in #434
  • rm-unused-secret by @JasonPowr in #433
  • [SECURESIGN-1016] | Adding License by @tommyd450 in #435
  • Rename Rekor search image from quay.io by @osmman in #440
  • [SECURESIGN-844] Migrate to kubebuilder go/v4 by @bouskaJ in #431
  • Remove dupplicated e2e by @bouskaJ in #442
  • [SECURESIGN-570] Rekor add options to set trillian_log_server by @tommyd450 in #196
  • Move metrics annotation into annotation package by @osmman in #441
  • [SECURESIGN-1002] Move creation of cli server to manager startup cycle by @osmman in #450
  • Add new flag for manager to define target k8s environment by @osmman in #459
  • Split build actions by @osmman in #460
  • Update golang Docker tag to v1.22 (main) by @red-hat-konflux in #473
  • feat: pass proxy configuration to operands by @miyunari in #475
  • [SECURESIGN-1137] refactor services port name by @fghanmi in #474
  • Fix trillian-db scc by @bouskaJ in #464
  • [SECURESIGN-1049] adding securesign quay url by @SequeI in #486
  • [SECURESIGN-663] Add option to set an external ctlog service by @fghanmi in #465
  • Extract shared actions by @bouskaJ in #490
  • Inject CA trust bundle into managed containers and set SSL_CERT_DIR by @osmman in #491
  • Bumb source version of operator for upgrade scenario by @osmman in #497
  • Use Gomega parameter passed by eventually to create assertions by @osmman in #495
  • Store K8s dump into file by @osmman in #499
  • [SECURESIGN-1206] Making segment backup job proxy aware by @SequeI in #501
  • feat: provide host name option for CLI and search ui by @JasonPowr in #488
  • Namespace deletion check in Reconcile function by @osmman in #505
  • Create tree event contains Merkle tree id by @osmman in #506
  • SECURESIGN-1207: fix SBJ breaking on update by @JasonPowr in #502
  • Update Rekor controller behavior to preserve generated keys by @osmman in #351
  • SECURESIGN-1226: Update Rekor's treeID when it change by @osmman in #509
  • Remove finalizer before interupting reconcile function by @osmman in #511
  • SECURESIGN-1227: Update CTlog's treeID when it change by @osmman in #510
  • doc: Rotation the signer key for Rekor service by @osmman in #513
  • Fix incorrect number of parameters for SBJ error logging by @osmman in #519
  • SECURESIGN-1250 | Targets are not coming up with monitoring enabled. by @JasonPowr in #518
  • e2e: Use deployment to verify configuration update of component by @osmman in #522
  • rekor: Initialize action execute when targeted condition status is false by @osmman in #529
  • SECURESIGN-568: Extend Rekor API to support sharding configuration by @osmman in #512
  • [SECURESIGN-574] | Independently deployable CTlog Changes by @tommyd450 in #517
  • SECURESIGN-1275: Enable RecoverPanic on controllers by @osmman in #532
  • Enforce standards by golangci linter by @osmman in #534
  • logging: Replace zap logger by klog by @osmman in #533
  • chore: update checkout and setup-go actions by @osmman in #535
  • Migrate images to new repos by @bouskaJ in #539
  • Update rekor-redis image sha by @bouskaJ in #542
  • feat: add prefix parameter into Fulcio's ctlog config by @osmman in #543
  • refactor: fix e2e tests to pass golangci linter by @osmman in #545
  • feat: add option to set custom CTlog server's config by @osmman in #544
  • SECURESIGN-1014 | Add support for Trusted Timestamp Authorities in SecureSign by @JasonPowr in #456
  • chore: patch-tsa-upgrade-test by @JasonPowr in #563
  • refactor: switch from docker to go-containerregistry implementation by @osmman in #562
  • SECURESIGN-1015 | Configure ingress sharding by @JasonPowr in #566
  • fix: check observed, available and new replica set statuses to decide if deployment is ready by @osmman in #564
  • [SECURESIGN-574] Independently Deployable CT-log by @tommyd450 in #561
  • SECURESIGN-842 | Operator's metrics are not consumed by OCP monitor by @JasonPowr in #557
  • SECURESIGN-1203 | Add TSA key rotation doc by @JasonPowr in #565
  • doc: CT log signer key rotation and sharding by @osmman in #571
  • SECURESIGN-1221 | SBJ Not reaching segment endpoint by @JasonPowr in #570
  • fix(rekor): create new secret only for generated signer key by @osmman in #582
  • Add proxy e2e test by @bouskaJ in #536
  • fix: check if lates progressing status is for current deployment temp… by @osmman in #583
  • refactor: split config update based on component by @osmman in #548
  • fix: Make sure cosign recognises leaf cert by @JasonPowr in #586
  • SECURESIGN-1200 | Fulcio key rotation by @JasonPowr in #578
  • fix: Make sure SBJ installation runs only once by @JasonPowr in #587
  • fix(trillian): run initialize check when deployment changed by @osmman in #590
  • [SECURESIGN-1238] Align with new TUF server by @bouskaJ in #550
  • doc(rekor): add rekor_server option for rekor-cli commands by @osmman in #597
  • SECURESIGN-1338 | Tsa-server does not work in Proxy environment by @JasonPowr in #600
  • fix(ctlog): fix handle key action condition for private password ref by @osmman in #601
  • doc(ctlog): patch password reference and fix ctlog pod label by @osmman in #598
  • doc(ctlog): update treeID in key rotation patch by @osmman in #603
  • doc(rekor): modify verification steps for sharding step by @osmman in #599
  • [SECURESIGN-994] Add TLS support for trillian db #558 by @fghanmi in #592
  • Migrate to tough by @bouskaJ in #602
  • Add tuf server write mode to support manual upload by @bouskaJ in #609
  • Update readme by @bouskaJ in #611
  • SECURESIGN-1360 | Fix upgrade Scenario by @JasonPowr in #614
  • SECURESIGN-1342 | Unable to delete upgraded Securesign object by @JasonPowr in #604
  • SBJ | Make sure SBJ reconciles after upgrade by @JasonPowr in #617
  • add proxy aware metadata by @miyunari in #624
  • update images, update fulcio config format by @fghanmi in #619
  • test: add namespaced custom installation test by @osmman in #622
  • Update Ensure to use CreateOrUpdate function by @bouskaJ in #627
  • SECURESIGN-1015 | Make sure route selector labels and managed annos are recconciled by @JasonPowr in #613
  • Unifying CLI Servers by @tommyd450 in #618
  • fix: tuffer image name by @osmman in #638
  • fix: add minKubeVersion into CSV manifest by @osmman in #649
  • doc(rekor): document Rekor's signer options for KMS by @osmman in #650
  • SECURESIGN-1405 | Fulcio key-rotation procedure does not work as expected by @JasonPowr in #655
  • fix: recreate ctlog config when spec has changed by @osmman in #658
  • Add Cert creation steps, remove tuf bits by @JasonPowr in #656
  • test: extend client server scenario by updatetree createtree and tuftool by @osmman in #660
  • Resolve SECURESIGN-1405 by @bouskaJ in #661
  • [SECURESIGN-1455] Fix Ensure function by @bouskaJ in #669
  • [SECURESIGN-1458] Update TUF component files by @bouskaJ in #672
  • refactor: constants for app.kubernetes.io labels by @osmman in #673
  • [SECURESIGN-1455] Fix rekor-server component by @bouskaJ in #671
  • SECURESIGN-1461: check if Trillian's secret with db connection already exists by @osmman in #674
  • Ensure that Fulcio component does not create duplicated resources by @bouskaJ in #677
  • Ensure that CTLog component does not create duplicated resources by @bouskaJ in #686
  • fix(ctlog): cleanup only linked server configs by @osmman in #693
  • fix(fulcio): delete all unassigned server config maps by @osmman in #694
  • fix(rekor): delete unassigned sharding configmaps by @osmman in #695
  • fix: Resolving rekor pub key locally against openshift by @JasonPowr in #679
  • SECURESIGN-1460 | Ensure that TSA component does not create duplicated resources by @JasonPowr in #675
  • test: benchmark e2e install scenario by @osmman in #670

New Contributors

Full Changelog: v1.0.1...v1.1.0

Contributors

osmman, kahboom, and 6 other contributors
Assets 2
Loading