Skip to content

v0.26.0
Compare
Choose a tag to compare
@v0lkan v0lkan released this 29 Jun 20:12
· 89 commits to main since this release
v0.26.0
This tag was signed with the committer’s verified signature.
v0lkan Volkan Özçelik
GPG key ID: 9A59F3D946BFD021
Learn about vigilant mode.
49ae83f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

VSecM Logo

Added

  • Added the ability to have regex-based SPIFFE ID matchers.
  • Enabled stricter validation on SPIFFE IDs to reduce configuration errors.
  • Added ability to optionally use multiple worker nodes for the development
    clusters.
  • Introduced helm-docs to automatically augment the documentation with the
    Helm chart's values.yaml.
  • Added the ability to deploy VSecM without SPIRE Controller Manager. In this
    mode, the operator will need to manually create SPIRE Server registration
    entries.
  • Added the ability to not create ClusterSPIFFEIDs for the VSecM components
    automatically. In this mode, the operator will need to manually create those
    required ClusterSPIFFEIDs.
  • Ability to use regexes for SPIFFEID prefix matching.
  • Ability to use a custom trust domain.
  • Ability to Use Regex-Based Validation for Sentinel, Safe, and Workload
    SPIFFE IDs.
  • Code cleanup and refactoring.
  • Random secret generator can now generate symbols too, along with numbers and
    letters.
  • Created a ./lib folder to hold common code that can be shared across
    different components, or even be imported by external applications.
  • Stability: Enhancements in liveness and readiness probes for VSecM components.
    This change ensures that the components are more resilient and reliable.
  • Enable Istio-style SPIFFE IDs; custom namespaces, and custom trust domains.

Changed

  • Lots of documentation updates to reflect the recent changes in the project.
  • Replaced github.com/pkg/errors with the native errors package
    to reduce the number of dependencies and the codebase more
    secure and maintainable.
  • Updates to the exponential backoff algorithm.
  • Enhancements to speed up build time.
  • Rephrased the "Problem reading secret" error message to be more informative.
    The message ought to have been a notification, not an error because it
    regularly happens during cache misses. Fixed the wording to indicate
    there is no need to panic.
  • We started using zola for the documentation
    website. This change makes the documentation website faster, more accessible,
    and easier to navigate and follow.

Security

  • Stricter workload validation: Workload validation now panics if the SPIFFE ID
    does not have the proper trust domain or is badly formatted.

Check out the changelog for a human-readable summary of what has happened so far.

Below are the generated release notes of every commit since the last release cut:

What's Changed

Full Changelog: v0.25.3...v0.26.0

Contributors

v0lkan, muratmirgun, and 2 other contributors
Assets 2
Loading
0 Join discussion