Releases: cert-manager/csi-driver-spiffe
v0.3.0
SgtCoDFish
Ashley Davis
csi-driver-spiffe is a clean and simple way to get SPIFFE IDs for your Kubernetes pods with minimal dependencies and minimal fuss.
v0.3.0 contains an important change to use P-256 certificates instead of P-521. This should be faster to generate and more widely supported by other tooling which might consume certificates issued by csi-driver-spiffe. In the longer term we'd like to make this configurable, but for now P-256 should be a good compromise in the middle.
None of the changes in this release made should be breaking, so feel free to upgrade and benefit from upgraded dependencies and base images, faster issuance and greater configurability!
What's Changed
- 🚀 Change to use p256 instead of p521 by @SgtCoDFish in #28
- Remove life cycle hook from Daemonset by @JoshVanL in #16
- Support for including imagePullSecrets in Helm by @sitaramkm in #18
- Adds priorityClassName option to helm chart by @JoshVanL in #20
- Ensures that CSI driver sidecar images are latest from registry.k8s.io by @irbekrm in #27
- Update logo to smaller version, fix broken HTML by @SgtCoDFish in #14
- Remove documentation in favour of cert-manager.io by @JoshVanL in #15
- README and example updates by @SgtCoDFish in #25
- Bump go, deps, base images by @SgtCoDFish in #29
- Updates dependencies by @JoshVanL in #21
- Bump helm version, improve install, add chart target by @SgtCoDFish in #26
- Bump versions, fix old info by @SgtCoDFish in #30
New Contributors
- @SgtCoDFish made their first contribution in #14
- @sitaramkm made their first contribution in #18
Full Changelog: v0.2.0...v0.3.0
Note
The container images for this chart were generated with a checkout of the v0.3.0 tag, but the published Helm chart was generated using commit 7d2d103 added in #31 - this is because of a bug in the make target for generating the chart. There are no functional differences and it's nothing to worry about - we simply value being transparent!
Contributors
Assets 2
v0.2.0
What's Changed
- Bump csi lib v0.2.2 by @JoshVanL in #4
- Update links to cert-manager/cert-manager in SECURITY.md and README.md by @JoshVanL in #5
- Updates to go v1.18 in Dockerfiles by @JoshVanL in #6
- Bumps bump-csi-node-driver-registrar to
v2.5.0by @JoshVanL in #7 - Adds liveness probe to csi-driver by @JoshVanL in #8
- Make CSI driver spiffe writeFiles compatable with go-spiffe
x509svid.Parseby @JoshVanL in #13 - Configurable side cars by @JoshVanL in #9
- Adds verify-helm-docs.sh and update-helm-docs.sh scripts. Verify helm-docs during lint by @JoshVanL in #11
- Updates app version to v0.2.0 by @JoshVanL in #10
Full Changelog: v0.1.0...v0.2.0
Contributors
Assets 2
v0.1.0
Initial Release
csi-driver-spiffe is a Container Storage Interface (CSI) driver plugin for Kubernetes to work along cert-manager. This CSI driver transparently delivers SPIFFE SVIDs in the form of X.509 certificate key pairs to mounting Kubernetes Pods.
The end result is all and any Pod running in Kubernetes can securely request their SPIFFE identity document from a Trust Domain with minimal configuration. These documents are:
automatically renewed; ✔️
private key never leaves the node's virtual memory; ✔️
each Pod's document is unique; ✔️
the document shares the same life cycle as the Pod and is destroyed on Pod termination. ✔️
...
volumeMounts:
- mountPath: "/var/run/secrets/spiffe.io"
name: spiffe
volumes:
- name: spiffe
csi:
driver: spiffe.csi.cert-manager.io
readOnly: trueSPIFFE documents can be used for mutual TLS (mTLS) or authentication by Pod's within its Trust Domain.