release 0.25.3 (#967)

* manifest updates

Signed-off-by: Volkan Özçelik <volkan.ozcelik@broadcom.com>

* release notes

Signed-off-by: Volkan Özçelik <volkan.ozcelik@broadcom.com>

---------

Signed-off-by: Volkan Özçelik <volkan.ozcelik@broadcom.com>

Makefile

@@ -12,7 +12,7 @@
 ifdef VSECM_VERSION
  VERSION := $(VSECM_VERSION)
 else
- VERSION := 0.25.3
+ VERSION := 0.25.4
 endif
 
 # Set deploySpire to false, if you want to use existing spire deployment

dockerfiles/example/init-container.Dockerfile

@@ -22,7 +22,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o example \
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/example/multiple-secrets.Dockerfile

@@ -25,7 +25,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o sloth \
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/example/sdk-go.Dockerfile

@@ -25,7 +25,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o env \
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/example/sidecar.Dockerfile

@@ -24,7 +24,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o env \
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/util/inspector.Dockerfile

@@ -26,7 +26,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o sloth \
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/util/keygen.Dockerfile

@@ -25,7 +25,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o vsecm-keygen \
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/vsecm-ist-fips/init-container.Dockerfile

@@ -26,7 +26,7 @@ RUN CGO_ENABLED=0 GOEXPERIMENT=boringcrypto GOOS=linux go build -mod vendor -a -
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/vsecm-ist-fips/keystone.Dockerfile

@@ -25,7 +25,7 @@ RUN CGO_ENABLED=0 GOEXPERIMENT=boringcrypto GOOS=linux go build -mod vendor -a -
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/vsecm-ist-fips/safe.Dockerfile

@@ -24,7 +24,7 @@ RUN CGO_ENABLED=0 GOEXPERIMENT=boringcrypto GOOS=linux go build -mod vendor -a -
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/vsecm-ist-fips/sentinel.Dockerfile

@@ -25,7 +25,7 @@ RUN CGO_ENABLED=0 GOEXPERIMENT=boringcrypto GOOS=linux go build -mod vendor -a -
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/vsecm-ist-fips/sidecar.Dockerfile

@@ -25,7 +25,7 @@ RUN CGO_ENABLED=0 GOEXPERIMENT=boringcrypto GOOS=linux go build -mod vendor -a -
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/vsecm-ist/init-container.Dockerfile

@@ -24,7 +24,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o vsecm-init-container \
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/vsecm-ist/keystone.Dockerfile

@@ -23,7 +23,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o vsecm-keystone \
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/vsecm-ist/safe.Dockerfile

@@ -22,7 +22,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o vsecm-safe ./app/safe/cm
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/vsecm-ist/sentinel.Dockerfile

@@ -23,7 +23,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o sloth ./app/sentinel/bac
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

dockerfiles/vsecm-ist/sidecar.Dockerfile

@@ -22,7 +22,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o vsecm-sidecar ./app/side
 # generate clean, final image for end users
 FROM gcr.io/distroless/static-debian11
 
-ENV APP_VERSION="0.25.3"
+ENV APP_VERSION="0.25.4"
 
 LABEL "maintainers"="VSecM Maintainers <maintainers@vsecm.com>"
 LABEL "version"=$APP_VERSION

docs/content/timeline/changelog.md

@@ -15,6 +15,10 @@ weight = 11
 
 ## Recent Updates
 
+TBD
+
+## [0.25.3] - 2024-05-17
+
 * Removed some configuration options including `
  VSECM_MANUAL_ROOT_KEY_UPDATES_K8S_SECRET` because how the root key will
  be updated will be depending on backing store implementation. And it does
@@ -28,7 +32,19 @@ weight = 11
 * Removed Kubernetes secrets deletion queue because we do not link Kubernetes
  secrets to workloads anymore. Deletion of ad-hoc VSecM-generated Kubernetes
  `Secret`s will be handled by upcoming configuration options. Right now,
- VSecM Safe can only create and update, but not delete Kubernetes `Secret`s
+ VSecM Safe can only create and update, but not delete Kubernetes `Secret`s.
+* Stability improvements, including adding "exponential backoff"s to places
+ where requests can be retried before giving up; also letting the apps
+ crash (*and be re-crated by the scheduler*) if certain critical requests fail
+ even after a fair amount exponentially-backed-off of retries (*10 by default*).
+* An entire overhaul of the documentation website: It is now faster, more 
+ accessible, more usable, easier to navigate and follow.
+* Added an experimental Java SDK. The keyword here is: **experimental**; we
+ do know that it does not work out-of-the box, so we are not providing any
+ documentation yet: Feel free to join our Slack channel to learn more about
+ how best you can use it.
+* Refactorings and improvements across the entire codebase.
+* Introduced [Architectural Decision Records](https://vsecm.com/documentation/architecture/adr-intro/)
 
 ## [0.25.2] - 2024-05-06
 

examples/multiple_secrets/k8s-eks/Deployment.yaml

@@ -28,7 +28,7 @@ spec:
  serviceAccountName: example
  containers:
  - name: main
- image: vsecm/example-multiple-secrets:0.25.3
+ image: vsecm/example-multiple-secrets:0.25.4
  volumeMounts:
  # Volume mount for SPIRE unix domain socket.
  - name: spire-agent-socket

examples/multiple_secrets/k8s-eks/image-override.yaml

@@ -18,7 +18,7 @@ spec:
  spec:
  containers:
  - name: main
- image: public.ecr.aws/h8y1n7y7/example-multiple-secrets:0.25.3
+ image: public.ecr.aws/h8y1n7y7/example-multiple-secrets:0.25.4
  env:
  - name: VSECM_LOG_LEVEL
  value: "7"

examples/multiple_secrets/k8s/Deployment.yaml

@@ -28,7 +28,7 @@ spec:
  serviceAccountName: example
  containers:
  - name: main
- image: vsecm/example-multiple-secrets:0.25.3
+ image: vsecm/example-multiple-secrets:0.25.4
  volumeMounts:
  # Volume mount for SPIRE unix domain socket.
  - name: spire-agent-socket

examples/multiple_secrets/k8s/image-override.yaml

@@ -18,7 +18,7 @@ spec:
  spec:
  containers:
  - name: main
- image: localhost:5000/example-multiple-secrets:0.25.3
+ image: localhost:5000/example-multiple-secrets:0.25.4
  env:
  - name: VSECM_LOG_LEVEL
  value: "7"

examples/operator_decrpyt_secrets/reveal.sh

@@ -9,7 +9,7 @@
 # <>/' Copyright 2023-present VMware Secrets Manager contributors.
 # >/' SPDX-License-Identifier: BSD-2-Clause
 # */
-VERSION="0.25.3"
+VERSION="0.25.4"
 
 docker run --rm \
  -v "$(pwd)":/vsecm \

examples/using_init_container/k8s-eks/Deployment.yaml

@@ -28,13 +28,13 @@ spec:
  serviceAccountName: example
  containers:
  - name: main
- image: vsecm/example-using-init-container:0.25.3
+ image: vsecm/example-using-init-container:0.25.4
 
  initContainers:
  # See `./register.sh` to register the workload and finalize
  # this init container.
  - name: init-container
- image: vsecm/vsecm-ist-init-container:0.25.3
+ image: vsecm/vsecm-ist-init-container:0.25.4
  volumeMounts:
  # Volume mount for SPIRE unix domain socket.
  - name: spire-agent-socket

examples/using_init_container/k8s-eks/image-override.yaml

@@ -18,7 +18,7 @@ spec:
  spec:
  containers:
  - name: main
- image: public.ecr.aws/h8y1n7y7/example-using-init-container:0.25.3
+ image: public.ecr.aws/h8y1n7y7/example-using-init-container:0.25.4
  initContainers:
  - name: init-container
- image: public.ecr.aws/h8y1n7y7/vsecm-ist-init-container:0.25.3
+ image: public.ecr.aws/h8y1n7y7/vsecm-ist-init-container:0.25.4

examples/using_init_container/k8s/Deployment.yaml

@@ -28,13 +28,13 @@ spec:
  serviceAccountName: example
  containers:
  - name: main
- image: vsecm/example-using-init-container:0.25.3
+ image: vsecm/example-using-init-container:0.25.4
 
  initContainers:
  # See `./register.sh` to register the workload and finalize
  # this init container.
  - name: init-container
- image: vsecm/vsecm-ist-init-container:0.25.3
+ image: vsecm/vsecm-ist-init-container:0.25.4
  volumeMounts:
  # Volume mount for SPIRE unix domain socket.
  - name: spire-agent-socket

examples/using_init_container/k8s/image-override.yaml

@@ -18,7 +18,7 @@ spec:
  spec:
  containers:
  - name: main
- image: localhost:5000/example-using-init-container:0.25.3
+ image: localhost:5000/example-using-init-container:0.25.4
  initContainers:
  - name: init-container
- image: localhost:5000/vsecm-ist-init-container:0.25.3
+ image: localhost:5000/vsecm-ist-init-container:0.25.4

examples/using_sdk_go/k8s-eks/Deployment.yaml

@@ -28,7 +28,7 @@ spec:
  serviceAccountName: example
  containers:
  - name: main
- image: vsecm/example-using-sdk-go:0.25.3
+ image: vsecm/example-using-sdk-go:0.25.4
  volumeMounts:
  # Volume mount for SPIRE unix domain socket.
  - name: spire-agent-socket

examples/using_sdk_go/k8s-eks/image-override.yaml

@@ -18,4 +18,4 @@ spec:
  spec:
  containers:
  - name: main
- image: public.ecr.aws/h8y1n7y7/example-using-sdk-go:0.25.3
+ image: public.ecr.aws/h8y1n7y7/example-using-sdk-go:0.25.4

examples/using_sdk_go/k8s/Deployment.yaml

@@ -28,7 +28,7 @@ spec:
  serviceAccountName: example
  containers:
  - name: main
- image: vsecm/example-using-sdk-go:0.25.3
+ image: vsecm/example-using-sdk-go:0.25.4
  volumeMounts:
  # Volume mount for SPIRE unix domain socket.
  - name: spire-agent-socket

examples/using_sdk_go/k8s/image-override.yaml

@@ -18,4 +18,4 @@ spec:
  spec:
  containers:
  - name: main
- image: localhost:5000/example-using-sdk-go:0.25.3
+ image: localhost:5000/example-using-sdk-go:0.25.4

examples/using_sidecar/k8s-eks/Deployment.yaml

@@ -28,13 +28,13 @@ spec:
  serviceAccountName: example
  containers:
  - name: main
- image: vsecm/example-using-sidecar:0.25.3
+ image: vsecm/example-using-sidecar:0.25.4
  volumeMounts:
  # `main` shares this volume with `sidecar`.
  - mountPath: /opt/vsecm
  name: vsecm-secrets-volume
  - name: sidecar
- image: vsecm/vsecm-ist-sidecar:0.25.3
+ image: vsecm/vsecm-ist-sidecar:0.25.4
  volumeMounts:
  # /opt/vsecm/secrets.json is the place the secrets will be at.
  - mountPath: /opt/vsecm

examples/using_sidecar/k8s-eks/image-override.yaml

@@ -18,6 +18,6 @@ spec:
  spec:
  containers:
  - name: main
- image: public.ecr.aws/h8y1n7y7/example-using-sidecar:0.25.3
+ image: public.ecr.aws/h8y1n7y7/example-using-sidecar:0.25.4
  - name: sidecar
- image: public.ecr.aws/h8y1n7y7/vsecm-ist-sidecar:0.25.3
+ image: public.ecr.aws/h8y1n7y7/vsecm-ist-sidecar:0.25.4

examples/using_sidecar/k8s/Deployment.yaml

@@ -28,13 +28,13 @@ spec:
  serviceAccountName: example
  containers:
  - name: main
- image: vsecm/example-using-sidecar:0.25.3
+ image: vsecm/example-using-sidecar:0.25.4
  volumeMounts:
  # `main` shares this volume with `sidecar`.
  - mountPath: /opt/vsecm
  name: vsecm-secrets-volume
  - name: sidecar
- image: vsecm/vsecm-ist-sidecar:0.25.3
+ image: vsecm/vsecm-ist-sidecar:0.25.4
  volumeMounts:
  # /opt/vsecm/secrets.json is the place the secrets will be at.
  - mountPath: /opt/vsecm

examples/using_sidecar/k8s/image-override.yaml

@@ -18,6 +18,6 @@ spec:
  spec:
  containers:
  - name: main
- image: localhost:5000/example-using-sidecar:0.25.3
+ image: localhost:5000/example-using-sidecar:0.25.4
  - name: sidecar
- image: localhost:5000/vsecm-ist-sidecar:0.25.3
+ image: localhost:5000/vsecm-ist-sidecar:0.25.4

examples/using_vsecm_inspector/Deployment.yaml

@@ -28,7 +28,7 @@ spec:
  serviceAccountName: vsecm-inspector
  containers:
  - name: main
- image: localhost:5000/vsecm-inspector:0.25.3
+ image: localhost:5000/vsecm-inspector:0.25.4
  volumeMounts:
  - name: spire-agent-socket
  mountPath: /spire-agent-socket

examples/workshop_aegis/init-container/Deployment.yaml

@@ -28,7 +28,7 @@ spec:
  serviceAccountName: example
  containers:
  - name: main
- image: vsecm/example-using-init-container:0.25.3
+ image: vsecm/example-using-init-container:0.25.4
  env:
  - name: SECRET
  valueFrom:
@@ -50,7 +50,7 @@ spec:
  # See `./register.sh` to register the workload and finalize
  # this init container.
  - name: init-container
- image: vsecm/vsecm-ist-init-container:0.25.3
+ image: vsecm/vsecm-ist-init-container:0.25.4
  volumeMounts:
  # Volume mount for SPIRE unix domain socket.
  - name: spire-agent-socket