Skip to content

Commit

Permalink
Add changelogs
Browse files Browse the repository at this point in the history
  • Loading branch information
@torresdal
torresdal committed Oct 14, 2020
1 parent d63b6ec commit e93a2af
Show file tree
Hide file tree
Showing 2 changed files with 104 additions and 0 deletions.
37 changes: 37 additions & 0 deletions CHANGELOG-1.0.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
# Changelog for Version 1.0

## Version 1.0.2

Unfortunately we had to patch away the functionality in the env-injector for removing sensitive files. The previous implementation caused issues if a pod crashed after initial startup and was unable to recover (because the filles needed where no longer present). We are currently working on a better and more secure solution, which will be released as soon as we can.

### Chart and Image versions

We have bumped all versions, but only the env-injector has changed.

| Type | Component | Version |
| ------------ | ---------------------------------- | -----------------------------|
| Helm Chart | [azure-key-vault-controller](https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/azure-key-vault-controller) | 1.0.2 |
| Helm Chart | [azure-key-vault-env-injector](https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/azure-key-vault-env-injector) | 1.0.2 |
| Docker Image | spvest/azure-keyvault-controller | 1.0.2 |
| Docker Image | spvest/azure-keyvault-webhook | 1.0.2 |
| Docker Image | spvest/azure-keyvault-env | 1.0.2 |


## Version 1.0.0

### Added

* [docs] New documentation portal at https://akv2k8s.io
* [env-injector] Improved logging
* [env-injector] Prometheus metrics
* [env-injector] Retry (up to 3 times) if fail to access AzureKeyVaultSecret on first try (ref: #34 )
* [env-injector] Support getting raw certificate (`?raw`)
* [controller & env-injector] Support all Azure environments (public, china, german, us-gov) - thanks @mayong43111 ❗️

### Changed

* [env-injector] Custom authentication
* [env-injector] Delete sensitive files
* [env-injector] Not map host volume for azure.json when using custom auth
* [env-injector] Canonical names for Docker images
* [controller] Use optional param for --cloudconfig (was hardcoded) - thanks @reiniertimmer ❗️
67 changes: 67 additions & 0 deletions CHANGELOG-1.1.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
# Changelog for Version 1.1

## Version 1.1.1

The most notable changes in this release are:

* a complete rewrite of how Azure Key Vault authentication is handled and secured in Env-Injector
* a new Helm chart `akv2k8s` containing both the Controller and Env-Injector

### General

#### Features
* Support for Azure Managed Identities (MSI) when authenticating with Azure Key Vault
* Support fmt and json log formats - fmt is default
* Support other cloud types than Public Cloud (`AZURECHINACLOUD`, `AZUREGERMANCLOUD` and `AZUREUSGOVERNMENTCLOUD`)

#### Other
* AzureKeyVaultSecret CRD version changed from `apiVersion: spv.no/v1alpha1` to `apiVersion: spv.no/v1` - still backward compatible with previous versions
* Kubernetes >= v0.17.4

### Env-Injector

#### Features
* Basic support for Prometheus metrics
* Use remote inspection, instead of docker pull, to find Docker image cmd or entrypoint
* As part of the Auth service, introduced a ca-bundle-controller that will sync akv2k8s ca-cert to every namespace enabled with env-injection
* Support for SHA Docker image notation

#### Bug Fixes

* Provide Auth endpoint as a better and more secure alternative to storing credentials in a volume attached to a Pod - fixes issue #25 (and #42 #40 #39 and more) for getting oauth tokens to authenticate with Azure Key Vault
* Fix #69 - handle containers with no explicit cmd

### Controller

#### Features
* Add chainOrder option to ensure server certificate is first in chain (thanks to @david.mansson)

#### Bug Fixes
* #104 - pass on labels and annotations from AzureKeyVaultSecret to Kubernetes Secret

### Docs

* Updated tutorials
* Show multiple versions (currently 1.0 and 1.1) - where 1.1 is now default
* Updated authentiction docs to reflect changes in 1.1

### Helm Charts

* Introduced a new Helm chart (`akv2k8s`) that contains both the Controller and Env-Injector in one chart AND uses Helm 3
* Removed CRDs from old charts (`azure-key-vault-controller` and `azure-key-vault-env-injector`)
* Updated installation instructions for why and how to manually install CRDs
* Fixed issue #55 where auth with ACR was not working
* Support log format fmt and json
* New charts have major changes in values - make sure to check yours match

### Chart and Image versions

| Type | Component | Version |
| ------- | ---------------------------------- | -----------------------------|
| Helm Chart | [akv2k8s](https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/akv2k8s) | 1.1.24 |
| Helm Chart | [azure-key-vault-controller](https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/azure-key-vault-controller) | 1.1.3 |
| Helm Chart | [azure-key-vault-env-injector](https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/azure-key-vault-env-injector) | 1.1.18 |
| Docker Image | spvest/azure-keyvault-controller | 1.1.0 |
| Docker Image | spvest/azure-keyvault-webhook | 1.1.10 |
| Docker Image | spvest/azure-keyvault-env | 1.1.1 |
| Docker Image | spvest/ca-bundle-controller | 1.1.0 |

0 comments on commit e93a2af

Please sign in to comment.