v0.21.0
Release Notes Summary
This release focuses on security hardening, high-availability support, and a major architectural change to the Kubernetes deployment controller.
New Features
- Metacontroller-based deployment controller — Migrated the Kubernetes deployment controller from an in-process controller to a Metacontroller webhook architecture (
d65ecf7,c57ba8b) - High-availability backend — Backend is now safe to run with multiple replicas, including HA lease liveness and retryable OAuth state (
7077511,fe18842) - Deployment secrets as Kubernetes Secrets — Environment variable secrets are now injected as proper Kubernetes Secrets instead of inline values (
bd10719) - Pod-IP validation for webhooks — Replaced token-based webhook auth with pod-IP validation for improved security (
a48c586) --platformbuild option — Override the default build platform (e.g.,--platform linux/amd64) (3626399)rise env export— New command to export environment variables, with a fix to environment resolution inrise run(08b6b67)
Bug Fixes
- Fix handling of terminating pods in deployment status display (
6c044ba) - Reject plain PKCE method in OAuth flow, require S256 (
4b42ae3) - Fix
podSelectorin webhook NetworkPolicy for metacontroller (6909f0f)
Other Changes
- Added
cargo auditto CI (d3541cb) - Dependency updates: openssl, pack (buildpacks), marked
- Development documentation and task improvements
- Updated tag-release script
Download rise-deploy 0.21.0
| File | Platform | Checksum |
|---|---|---|
| rise-deploy-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
| rise-deploy-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
| rise-deploy-x86_64-unknown-linux-gnu.tar.xz | x64 Linux | checksum |