v0.26.0
Added
- Added the ability to have regex-based SPIFFE ID matchers.
- Enabled stricter validation on SPIFFE IDs to reduce configuration errors.
- Added ability to optionally use multiple worker nodes for the development
clusters. - Introduced
helm-docs
to automatically augment the documentation with the
Helm chart's values.yaml. - Added the ability to deploy VSecM without SPIRE Controller Manager. In this
mode, the operator will need to manually create SPIRE Server registration
entries. - Added the ability to not create
ClusterSPIFFEID
s for the VSecM components
automatically. In this mode, the operator will need to manually create those
requiredClusterSPIFFEID
s. - Ability to use regexes for SPIFFEID prefix matching.
- Ability to use a custom trust domain.
- Ability to Use Regex-Based Validation for Sentinel, Safe, and Workload
SPIFFE IDs. - Code cleanup and refactoring.
- Random secret generator can now generate symbols too, along with numbers and
letters. - Created a
./lib
folder to hold common code that can be shared across
different components, or even be imported by external applications. - Stability: Enhancements in liveness and readiness probes for VSecM components.
This change ensures that the components are more resilient and reliable. - Enable Istio-style SPIFFE IDs; custom namespaces, and custom trust domains.
Changed
- Lots of documentation updates to reflect the recent changes in the project.
- Replaced
github.com/pkg/errors
with the nativeerrors
package
to reduce the number of dependencies and the codebase more
secure and maintainable. - Updates to the exponential backoff algorithm.
- Enhancements to speed up build time.
- Rephrased the "Problem reading secret" error message to be more informative.
The message ought to have been a notification, not an error because it
regularly happens during cache misses. Fixed the wording to indicate
there is no need to panic. - We started using zola for the documentation
website. This change makes the documentation website faster, more accessible,
and easier to navigate and follow.
Security
- Stricter workload validation: Workload validation now panics if the SPIFFE ID
does not have the proper trust domain or is badly formatted.
Check out the changelog for a human-readable summary of what has happened so far.
Below are the generated release notes of every commit since the last release cut:
What's Changed
- Initializing helm chart/0.25.4 by @v0lkan in #964
- release 0.25.3 by @v0lkan in #967
- documentation patch by @v0lkan in #969
- ✨ test(VSecM): increase test coverage from core/env by @muratmirgun in #970
- 🚨 test(VSecM): add missed unit tests by @muratmirgun in #972
- minor refactoring by @v0lkan in #973
- Ability to Use Regex-Based Validation for Sentinel, Safe, and Workload SPIFFE IDs by @v0lkan in #974
- documentation update by @v0lkan in #978
- Remove side effects from certain functions. by @v0lkan in #979
- Add symbols support for secret gen function by @BulldromeQ in #971
- Documentation update and multi-node minikube by @v0lkan in #981
- Introduce
helm-docs
by @v0lkan in #984 - Remove FIPS from build-local by @v0lkan in #990
- [security] Move SPIRE Server Into its Own Namespace by @v0lkan in #992
- Increase Unite Tests to %19 by @muratmirgun in #991
- Backoff Algorithm Updates by @v0lkan in #993
- Environment Variable Updates by @v0lkan in #994
- Minor fixes in makefiles by @v0lkan in #1000
- Instructions to publish the new documentation by @v0lkan in #1001
- Various Refactorings by @v0lkan in #1002
- Documentation update. by @v0lkan in #1003
- rename "internal" to "lib" by @v0lkan in #1004
- Use Go’s Native “errors” Package by @v0lkan in #1005
- Minor Refactorings by @v0lkan in #1007
- Created a ./lib folder for reusable modules. by @v0lkan in #1008
- Consolidate Constants by @v0lkan in #1009
- minor refactoring by @v0lkan in #1010
- Enable Istio-style SPIFFE IDs; custom namespaces, and trust domains by @v0lkan in #1011
- Minor by @v0lkan in #1012
- Mainly documentation updates by @v0lkan in #1015
- Add unit test for core/crypto and a little change in the empty []byte return value. by @yigithankarabulut in #1014
- 🌟 enhancement(VSecM Helm Charts): add operated-by label to secrets by @v0lkan in #1016
- Release v0.26.0 by @v0lkan in #1021
- helm docs update by @v0lkan in #1022
Full Changelog: v0.25.3...v0.26.0