Release Notes
Container Images
The KES container/docker images now use the UBI micro as base image instead of UBI minimal.
Now, KES images are about half the size compared to previous images based on UBI minimal and
contain no unused dependencies anymore.
API customization
A KES edge server now supports API configuration. For example:
api:
/v1/metrics:
skip_auth: false
timeout: 15s
Now, the API timeout can be customized for all v1 APIs. In addition, the API authentication can be turned off for the following
three APIs:
/v1/status/v1/metrics/v1/api
However, API authentication should only be disabled when provisioning e.g. a monitoring service with an API key or client certificate is not possible for some specific reasons. In general, disabling authentication for any API is not recommended. The timeout and
authentication configuration for each API is exposed as part of the /v1/api API.
New packages kes/edge and kes/kv
There are two new packages - kes/edge and kes/kv. The former one provides functionality for reading KES edge server
configuration. The later exposes a generic abstraction over KES edge server backends for storing crypto. keys.
What's Changed
- build(deps): bump golang.org/x/net from 0.4.0 to 0.7.0 by @dependabot in #333
- move from UBI-minimal to UBI-micro containers by @aead in #337
- move handler logic into
internal/apiby @aead in #335 - expose keystore status in the
/v1/statusAPI by @aead in #339 - allow server API customization by @aead in #338
- add new packages
edgeandkvby @aead in #342 - use HTTP instead of TCP KeyStore status check by @aead in #345
Full Changelog: 2023-02-15T14-54-37Z...2023-04-03T16-41-28Z