github vmware-tanzu/pinniped v0.10.0
on GitHub

latest releases: v0.29.0, v0.28.0, v0.27.0...
2 years ago

Release v0.10.0

Release Image

Image Registry
projects.registry.vmware.com/pinniped/pinniped-server:v0.10.0 VMware Harbor
docker.io/getpinniped/pinniped-server:v0.10.0 DockerHub

These images can also be referenced by their digest: sha256:3bdfb9ad9275449f07614081eca27cff16f15562aeabfee9214a0b0506bb6320.

Changes

This release extends Pinniped to support logins from more scenarios, including OIDC access from SSH jump hosts and LDAP access from CI/CD jobs. See our blog post for more details and a demo video!

Major Changes

  • Added support for authenticating to the Supervisor on machines without web browsers using an out-of-band login flow (#687). You can now use OpenID Connect browser-based login flows even on SSH jump hosts or other environments without a local web browser.
  • Added support for non-interactive LDAP password-based logins. You can now use PINNIPED_USERNAME and PINNIPED_PASSWORD environment variables to avoid being interactively prompted for username and password. This is useful, for example, to authenticate as an LDAP service account in a CI/CD job (#730).

Minor Changes

  • Added https_proxy and no_proxy ytt parameters for the Supervisor deployment (#701). These variables can be used to connect to OIDCIdentityProviders which can only be reached via HTTP proxy.
  • The Supervisor can now serve FederationDomain with an IPv6 address in the spec.issuer field (#684).
  • Added documentation for using the Pinniped Supervisor with Dex and Github (#729).
  • Upgraded Debian base images from 10.9 to 10.10.
  • Upgraded Go from 1.16.5 to 1.16.6.
  • Upgraded Kubernetes runtime library dependencies to v1.21.3, and upgraded several other miscellaneous Go module dependencies.
  • Improved the stability of several integration tests.

Bug Fixes

  • Fixed undesired behavior where some other non-Pinniped controller competes with the Pinniped controllers to write an annotation onto the impersonator's Service (#739). This could cause unwanted etcd resource consumption on some clusters.
  • Fixed a bug that caused failures when installing recent versions of the Concierge using kubectl (#664). We now recommend installing with kapp, or using two kubectl apply invocations to install the CRDs separately from the rest of the resources.
  • The Concierge now correctly reacts to changes in the impersonation proxy ClusterIP service immediately (#752).
  • Fixed a race during Concierge API service serving certificate rotation that could cause unnecessary updates to the API service. This could cause some aggregated API requests to fail for a short duration (#747).
  • The first line of the server logs for the Supervisor and Concierge containers will now correctly include the current git SHA of source code repo at build time. This can help identify what version of the code is running in the container by cross-referencing it back to the GitHub repo (#724).

A complete list of changes (140 commits, 143 changed files with 4,228 additions and 1,449 deletions) can be found here.

Check out latest releases or
releases around vmware-tanzu/pinniped v0.10.0

Don't miss a new pinniped release

NewReleases is sending notifications on new releases.

Get notifications