Releases: gardener/gardener-extension-shoot-lakom-service
Releases · gardener/gardener-extension-shoot-lakom-service
v0.12.0
[gardener/gardener-extension-shoot-lakom-service]
⚠️ Breaking Changes
[OPERATOR]
Change OCI Image Registry from GCR (eu.gcr.io/gardener-project
) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases
). Users should update their references.
by @ccwienk [#61][OPERATOR]
⚠️ Lakom admission webhooks now always use failure policyFail
and it is no longer possible to change it toIgnore
. If you want to allow untrusted images[DEVELOPER]
The functionpkg/lakom/verifysignature.IsNoMatchingSignature
has been renamed topkg/lakom/verifysignature.IsNoMatchingSignatures
by @vpnachev [#72]
✨ New Features
[OPERATOR]
Lakom gardener extension controller configuration has new fieldallowUntrustedImages
, it is used to control the lakom admission controller flag--insecure-allow-untrusted-images
. by @vpnachev [#74][USER]
Lakom admission controller is extended with a new flag--insecure-allow-untrusted-images
. When it is set, the admission webhook returns just warning but still allows the images that are not signed or are not signed with trusted keys. by @vpnachev [#74]
🐛 Bug Fixes
[OPERATOR]
Fix a bug in the mitigation for wrongly cached image signatures verification results due to exceeded or canceled context. by @dimityrmirchev [#54][OPERATOR]
A bug in theshoot-lakom-service
controller that was causing the lakom CA secret for a shoot cluster to be recreated instead of restored during control plane migration has been fixed. by @vpnachev [#53]
🏃 Others
[DEVELOPER]
Thevendor
directory has been dropped. by @vpnachev [#67][OPERATOR]
Lakom application and lakom extension controller are now build with Go version 1.22.1 by @dependabot[bot] [#77][OPERATOR]
The following dependencies have been updated:- github.com/gardener/service-account-issuer-discovery v0.2.0-> v0.6.0
- github.com/google/go-containerregistry v0.14.1-0.20230409045903-ed5c185df419 -> v0.19.0
- github.com/sigstore/cosign/v2 v2.0.2 -> v2.2.3
- github.com/sigstore/sigstore v1.6.4 -> v1.8.1
- golang.org/x/crypto v0.17.0 -> v0.19.0
- golang.org/x/sync v0.3.0 -> v0.6.0
- golang.org/x/tools v0.13.0 -> v0.18.0
- helm.sh/helm/v3 v3.11.1 -> v3.14.2
- k8s.io/* v0.28.4 -> v0.29.2 by @vpnachev [#72]
[OPERATOR]
The following dependencies have been updated:
Docker Images
- gardener-extension-shoot-lakom-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-lakom-service:v0.12.0
- lakom:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/lakom:v0.12.0
v0.11.1
[gardener/gardener-extension-shoot-lakom-service]
🐛 Bug Fixes
[OPERATOR]
Fix a bug in the mitigation for wrongly cached image signatures verification results due to exceeded or canceled context. by @vpnachev [#58]
🏃 Others
[OPERATOR]
Lakom application and lakom extension controller are now built with Go version1.21.5
. by @vpnachev [#59]
Docker Images
- gardener-extension-shoot-lakom-service:
eu.gcr.io/gardener-project/gardener/extensions/shoot-lakom-service:v0.11.1
- lakom:
eu.gcr.io/gardener-project/gardener/extensions/lakom:v0.11.1
v0.11.0
[gardener/gardener-extension-shoot-lakom-service]
✨ New Features
[USER]
Lakom admission webhooks now ignore the image pull secrets that does not exist in the cluster. by @vpnachev [#44][USER]
shoot-lakom-service
extension now supports Shoot Force Deletion. by @acumino [#45][USER]
Lakom application now can be configured via the flag--use-only-image-pull-secrets
to use only image pull secrets of the pod to authenticate against the OCI registry, i.e. it will not use the node identity or default docker configuration when the flag is set totrue
. by @vpnachev [#49][OPERATOR]
Lakom extension controller now has a configuration optioncontrollers.useOnlyImagePullSecrets
which controls the value of the lakom flag--use-only-image-pull-secrets
. by @vpnachev [#49]
🏃 Others
[OPERATOR]
The base distroless OCI image is updated to debian 12. by @vpnachev [#46][OPERATOR]
Lakom application and lakom extension controller are now built with Go version1.21.4
. by @vpnachev [#50]
Docker Images
gardener-extension-shoot-lakom-service: eu.gcr.io/gardener-project/gardener/extensions/shoot-lakom-service:v0.11.0
lakom: eu.gcr.io/gardener-project/gardener/extensions/lakom:v0.11.0
v0.10.0
[gardener/gardener-extension-shoot-lakom-service]
⚠️ Breaking Changes
[OPERATOR]
Theshoot-lakom-service
extension no longer supports Shoots with Кubernetes version < 1.24. by @shafeeqes [#34]
🏃 Others
[OPERATOR]
The following dependency is updated:- github.com/gardener/gardener: v1.74.0-> v1.80.0
- k8s.io/* : v0.26.3 -> v0.28.2
- sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @shafeeqes [#38]
[OPERATOR]
The lakom extension binaries are now build with golang 1.21.3. by @vpnachev [#41][OPERATOR]
The lakom binaries are now build with golang 1.21.1. by @vpnachev [#40]
v0.9.0
v0.8.0
[gardener/gardener-extension-shoot-lakom-service]
⚠️ Breaking Changes
[OPERATOR]
extension-shoot-lakom-service
no longer supports Shoots with Кubernetes version < 1.22. by @shafeeqes [#23][OPERATOR]
The deprecated network policy annotations and kube-apiserver deployment webhook have been removed, thus this extension is not compatible withgardener<v1.71.0
.
🏃 Others
[OPERATOR]
The seed bootstrap controller is now installing a stand-alone instance of thelakom
admission controller in thekube-system
namespace of the seed cluster instead of running inside the extension controller manager. This is done to avoid dead locks with other admission controllers, like thegardener-resource-manager
that targets the pods in the extensions namespaces. by @vpnachev [#19][OPERATOR]
This extension again removes the health checks for the shooт managed resource. by @vpnachev [#17][OPERATOR]
The binaries of this extension are now build with golang 1.20.6. by @vpnachev [#27]
v0.7.0
[gardener-extension-shoot-lakom-service]
✨ New Features
- [USER] It is now possible to configure additional annotations for the
Service
in the Helm chart viaadditionalAnnotations.service
, and additional labels for theDeployment
viaadditionalAnnotations.deployment
. (gardener/gardener-extension-shoot-lakom-service#9, @rfranzke)
🏃 Others
- [OPERATOR] The binaries are now build with golang 1.20.4. (gardener/gardener-extension-shoot-lakom-service#3, @vpnachev)
- [OPERATOR] The following dependencies are updated: (gardener/gardener-extension-shoot-lakom-service#6, @vpnachev)
- github.com/prometheus/client_golang: v1.14.0 -> v1.15.0
- github.com/sigstore/cosign: v1.13.1 -> v2.0.2
- github.com/sigstore/sigstore: v1.4.5 -> v1.6.3
- golang.org/x/tools: v.0.4.0 -> v0.8.0
- github.com/docker/docker v20.10.20+incompatible -> v23.0.3+incompatible
- [OPERATOR] Lakom admission controller now have access to the metadata server also when gardener's feature gate
FullNetworkPoliciesInRuntimeCluster
is enabled. (gardener/gardener-extension-shoot-lakom-service#12, @vpnachev) - [OPERATOR] The following dependencies have been updated: (gardener/gardener-extension-shoot-lakom-service#15, @vpnachev)
- github.com/gardener/gardener@v1.71.3
- k8s.io/api@v0.26.3
- k8s.io/apimachinery@v0.26.3
- k8s.io/client-go@v0.26.3
- sigs.k8s.io/controller-runtime@v0.14.6
- [OPERATOR] This extension is now also doing health check on the managed resource installing the resources in the shoot cluster. (gardener/gardener-extension-shoot-lakom-service#16, @vpnachev)