v2.5.0 - 🚨 Critical Fix for Service Interruption due to unexpected API change 🚨

Major Scope

🚨 Release contains a critical fix for a service interruption due to an unexpected API change by docker.io: #564. helm upgrade is not functional due to the issue and upgrade must be performed via helm uninstall followed by helm install. For more information, checkout #566.

This release also contains several several notable new features and improvements:

• exposing prometheus metrics (see docs): #508
• cosign support for ambient credentials/workload identities (see docs): #551
• cosign support for multiple signers of a single image (see docs): #428
• cosign KMS support goes GA (see docs): #558
• reinvocation policy for objects mutated during admission (see docs): #518
• less noisy logging: #501

Changelog

Feat

• enforce/require/allow multiple container image signers for cosign #428
• cosign kms support reaches GA #558
• add reinvocationPolicy option #518
• Support cosign --k8s-keychain flag #551
• silent healthz endpoints logging #501
• prometheus metrics #508

Update

• connaisseur (chart v1.3.0, image v2.5.0) #562
• bump actions/checkout from 2 to 3 #565
• bump actions/setup-python from 2 to 3 #561
• update mkdocs-material requirement from ~=8.2.1 to ~=8.2.3 #559
• cosign v1.5.1 to v1.5.2 #556
• update setuptools requirement from ~=60.9.2 to ~=60.9.3 #552
• update mkdocs-material requirement from ~=8.1.11 to ~=8.2.1 #553
• update setuptools requirement from ~=60.8.2 to ~=60.9.2 #549
• update flask requirement from ~=2.0.2 to ~=2.0.3 #544
• update pytest-asyncio requirement from ~=0.18.0 to ~=0.18.1 #536
• update mkdocs-material requirement from ~=8.1.10 to ~=8.1.11 #537
• update setuptools requirement from ~=60.8.1 to ~=60.8.2 #535
• update pytest-subprocess requirement from ~=1.4.0 to ~=1.4.1 #534

Test

• reset values.yaml after test #563
• added tests for logging wrapper #545
• Make IT exectuable and rename complexity files #554
• fix unset variable in preconfig integration test #542

Ci

• run nightly scans on released version #567
• Expose k8s logs when integration test fails #555

Fix

• disable aiohttp content type check #564
• add missing config schema fields #476

Docs

• fix contributing guide link in pr template #557
• Add explanation for k8s api path #554

Build

• Fix typo in Makefile #554

What's Changed

• feat: prometheus metrics by @masaruhoshi in #508
• update: update pytest-subprocess requirement from ~=1.4.0 to ~=1.4.1 by @dependabot in #534
• update: update setuptools requirement from ~=60.8.1 to ~=60.8.2 by @dependabot in #535
• update: update mkdocs-material requirement from ~=8.1.10 to ~=8.1.11 by @dependabot in #537
• update: update pytest-asyncio requirement from ~=0.18.0 to ~=0.18.1 by @dependabot in #536
• test: fix unset variable in preconfig integration test by @annekebr in #542
• update: update flask requirement from ~=2.0.2 to ~=2.0.3 by @dependabot in #544
• update: update setuptools requirement from ~=60.8.2 to ~=60.9.2 by @dependabot in #549
• update: update mkdocs-material requirement from ~=8.1.11 to ~=8.2.1 by @dependabot in #553
• update: update setuptools requirement from ~=60.9.2 to ~=60.9.3 by @dependabot in #552
• fix: add missing config schema fields by @phbelitz in #476
• Various changes by @Starkteetje in #554
• feat: silent healthz endpoints logging by @sf-jmarcou in #501
• update: cosign v1.5.1 to v1.5.2 by @xopham in #556
• docs: fix contributing guide link in pr template by @xopham in #557
• feat: Support cosign --k8s-keychain flag by @marckn0x in #551
• feat: add reinvocationPolicy option by @caiconkhicon in #518
• Expose k8s logs on failure by @Starkteetje in #555
• test: added tests for logging wrapper by @phbelitz in #545
• update: update mkdocs-material requirement from ~=8.2.1 to ~=8.2.3 by @dependabot in #559
• update: bump actions/setup-python from 2 to 3 by @dependabot in #561
• fix: disable aiohttp content type check by @xopham in #564
• Ci/run nightly scans on released version by @xopham in #567
• update: bump actions/checkout from 2 to 3 by @dependabot in #565
• test: reset values.yaml after test by @xopham in #563
• Feat/cosign kms support by @xopham in #558
• feat: multi-signer support for cosign by @xopham in #428
• Update/version 2.5.0 by @xopham in #562
• Release 2.5.0 by @xopham in #538

New Contributors

• @masaruhoshi made their first contribution in #508
• @marckn0x made their first contribution in #551
• @caiconkhicon made their first contribution in #518

Full Changelog: v2.4.1...v2.5.0