Releases: gardener/gardener-extension-shoot-lakom-service
Releases · gardener/gardener-extension-shoot-lakom-service
v0.12.0
[gardener/gardener-extension-shoot-lakom-service]
⚠️ Breaking Changes
[OPERATOR]Change OCI Image Registry from GCR (eu.gcr.io/gardener-project) to Artifact-Registry (europe-docker.pkg.dev/gardener-project/releases). Users should update their references.
by @ccwienk [#61][OPERATOR]⚠️ Lakom admission webhooks now always use failure policyFailand it is no longer possible to change it toIgnore. If you want to allow untrusted images[DEVELOPER]The functionpkg/lakom/verifysignature.IsNoMatchingSignaturehas been renamed topkg/lakom/verifysignature.IsNoMatchingSignaturesby @vpnachev [#72]
✨ New Features
[OPERATOR]Lakom gardener extension controller configuration has new fieldallowUntrustedImages, it is used to control the lakom admission controller flag--insecure-allow-untrusted-images. by @vpnachev [#74][USER]Lakom admission controller is extended with a new flag--insecure-allow-untrusted-images. When it is set, the admission webhook returns just warning but still allows the images that are not signed or are not signed with trusted keys. by @vpnachev [#74]
🐛 Bug Fixes
[OPERATOR]Fix a bug in the mitigation for wrongly cached image signatures verification results due to exceeded or canceled context. by @dimityrmirchev [#54][OPERATOR]A bug in theshoot-lakom-servicecontroller that was causing the lakom CA secret for a shoot cluster to be recreated instead of restored during control plane migration has been fixed. by @vpnachev [#53]
🏃 Others
[DEVELOPER]Thevendordirectory has been dropped. by @vpnachev [#67][OPERATOR]Lakom application and lakom extension controller are now build with Go version 1.22.1 by @dependabot[bot] [#77][OPERATOR]The following dependencies have been updated:- github.com/gardener/service-account-issuer-discovery v0.2.0-> v0.6.0
- github.com/google/go-containerregistry v0.14.1-0.20230409045903-ed5c185df419 -> v0.19.0
- github.com/sigstore/cosign/v2 v2.0.2 -> v2.2.3
- github.com/sigstore/sigstore v1.6.4 -> v1.8.1
- golang.org/x/crypto v0.17.0 -> v0.19.0
- golang.org/x/sync v0.3.0 -> v0.6.0
- golang.org/x/tools v0.13.0 -> v0.18.0
- helm.sh/helm/v3 v3.11.1 -> v3.14.2
- k8s.io/* v0.28.4 -> v0.29.2 by @vpnachev [#72]
[OPERATOR]The following dependencies have been updated:
Docker Images
- gardener-extension-shoot-lakom-service:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-lakom-service:v0.12.0 - lakom:
europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/lakom:v0.12.0
Contributors
vpnachev, ccwienk, and 2 other contributors
Assets 3
v0.11.1
[gardener/gardener-extension-shoot-lakom-service]
🐛 Bug Fixes
[OPERATOR]Fix a bug in the mitigation for wrongly cached image signatures verification results due to exceeded or canceled context. by @vpnachev [#58]
🏃 Others
[OPERATOR]Lakom application and lakom extension controller are now built with Go version1.21.5. by @vpnachev [#59]
Docker Images
- gardener-extension-shoot-lakom-service:
eu.gcr.io/gardener-project/gardener/extensions/shoot-lakom-service:v0.11.1 - lakom:
eu.gcr.io/gardener-project/gardener/extensions/lakom:v0.11.1
Contributors
vpnachev
Assets 3
v0.11.0
[gardener/gardener-extension-shoot-lakom-service]
✨ New Features
[USER]Lakom admission webhooks now ignore the image pull secrets that does not exist in the cluster. by @vpnachev [#44][USER]shoot-lakom-serviceextension now supports Shoot Force Deletion. by @acumino [#45][USER]Lakom application now can be configured via the flag--use-only-image-pull-secretsto use only image pull secrets of the pod to authenticate against the OCI registry, i.e. it will not use the node identity or default docker configuration when the flag is set totrue. by @vpnachev [#49][OPERATOR]Lakom extension controller now has a configuration optioncontrollers.useOnlyImagePullSecretswhich controls the value of the lakom flag--use-only-image-pull-secrets. by @vpnachev [#49]
🏃 Others
[OPERATOR]The base distroless OCI image is updated to debian 12. by @vpnachev [#46][OPERATOR]Lakom application and lakom extension controller are now built with Go version1.21.4. by @vpnachev [#50]
Docker Images
gardener-extension-shoot-lakom-service: eu.gcr.io/gardener-project/gardener/extensions/shoot-lakom-service:v0.11.0
lakom: eu.gcr.io/gardener-project/gardener/extensions/lakom:v0.11.0
Contributors
vpnachev and acumino
Assets 3
v0.10.0
[gardener/gardener-extension-shoot-lakom-service]
⚠️ Breaking Changes
[OPERATOR]Theshoot-lakom-serviceextension no longer supports Shoots with Кubernetes version < 1.24. by @shafeeqes [#34]
🏃 Others
[OPERATOR]The following dependency is updated:- github.com/gardener/gardener: v1.74.0-> v1.80.0
- k8s.io/* : v0.26.3 -> v0.28.2
- sigs.k8s.io/controller-runtime: v0.14.6-> v0.16.2 by @shafeeqes [#38]
[OPERATOR]The lakom extension binaries are now build with golang 1.21.3. by @vpnachev [#41][OPERATOR]The lakom binaries are now build with golang 1.21.1. by @vpnachev [#40]
Contributors
vpnachev and shafeeqes
Assets 3
v0.9.0
v0.8.0
[gardener/gardener-extension-shoot-lakom-service]
⚠️ Breaking Changes
[OPERATOR]extension-shoot-lakom-serviceno longer supports Shoots with Кubernetes version < 1.22. by @shafeeqes [#23][OPERATOR]The deprecated network policy annotations and kube-apiserver deployment webhook have been removed, thus this extension is not compatible withgardener<v1.71.0.
🏃 Others
[OPERATOR]The seed bootstrap controller is now installing a stand-alone instance of thelakomadmission controller in thekube-systemnamespace of the seed cluster instead of running inside the extension controller manager. This is done to avoid dead locks with other admission controllers, like thegardener-resource-managerthat targets the pods in the extensions namespaces. by @vpnachev [#19][OPERATOR]This extension again removes the health checks for the shooт managed resource. by @vpnachev [#17][OPERATOR]The binaries of this extension are now build with golang 1.20.6. by @vpnachev [#27]
Contributors
vpnachev and shafeeqes
Assets 3
v0.7.0
[gardener-extension-shoot-lakom-service]
✨ New Features
- [USER] It is now possible to configure additional annotations for the
Servicein the Helm chart viaadditionalAnnotations.service, and additional labels for theDeploymentviaadditionalAnnotations.deployment. (gardener/gardener-extension-shoot-lakom-service#9, @rfranzke)
🏃 Others
- [OPERATOR] The binaries are now build with golang 1.20.4. (gardener/gardener-extension-shoot-lakom-service#3, @vpnachev)
- [OPERATOR] The following dependencies are updated: (gardener/gardener-extension-shoot-lakom-service#6, @vpnachev)
- github.com/prometheus/client_golang: v1.14.0 -> v1.15.0
- github.com/sigstore/cosign: v1.13.1 -> v2.0.2
- github.com/sigstore/sigstore: v1.4.5 -> v1.6.3
- golang.org/x/tools: v.0.4.0 -> v0.8.0
- github.com/docker/docker v20.10.20+incompatible -> v23.0.3+incompatible
- [OPERATOR] Lakom admission controller now have access to the metadata server also when gardener's feature gate
FullNetworkPoliciesInRuntimeClusteris enabled. (gardener/gardener-extension-shoot-lakom-service#12, @vpnachev) - [OPERATOR] The following dependencies have been updated: (gardener/gardener-extension-shoot-lakom-service#15, @vpnachev)
- github.com/gardener/gardener@v1.71.3
- k8s.io/api@v0.26.3
- k8s.io/apimachinery@v0.26.3
- k8s.io/client-go@v0.26.3
- sigs.k8s.io/controller-runtime@v0.14.6
- [OPERATOR] This extension is now also doing health check on the managed resource installing the resources in the shoot cluster. (gardener/gardener-extension-shoot-lakom-service#16, @vpnachev)