Release v0.26.0
Release Image
Image | Registry |
---|---|
projects.registry.vmware.com/pinniped/pinniped-server:v0.26.0
| VMware Harbor |
docker.io/getpinniped/pinniped-server:v0.26.0
| DockerHub |
These images can also be referenced by their digest: sha256:a92183de893eb0b1850cc3a1d33306b96ba2cdb72a8a49c6493a58c01b4fa9cd
.
Changes
This release introduces new features for using multiple identity providers, and identity transformation and policy expressions. It also includes some minor changes and upgrades all project dependencies.
Major Changes
- The Pinniped Supervisor can now be configured to source user identities from multiple identity providers (#1660). It can also be configured to transform usernames and group names using CEL expressions, and to reject authentication based on usernames and group names using CEL expressions. For more information, see the blog post for this release.
Minor Changes
- Updates the output of the
pinniped version
CLI command and the procedure for setting the version number at build time (#1634). Thepinniped version
CLI command also now accepts new optional arguments-o json
and-o yaml
to set an alternate output format. Note that this PR changes how to inject the version number into the CLI and server binaries at build time. Anyone who is doing their own Docker build, or using their own custom Dockerfile, or building the CLI, may need to change how the version number is injected at build time, if they choose to have a version number for their server and CLI binaries. Export theKUBE_GIT_VERSION
environment variable to set the semver version number before callinghack/get-ldflags.sh
to set the ldflags for thego build
command. For example, set theKUBE_GIT_VERSION
variable tov0.26.0
. When using the project's Dockerfile, this value can be passed as a build ARG. When building the CLI, useexport KUBE_GIT_VERSION=v0.26.0 && CGO_ENABLED=0 GOOS="darwin" GOARCH="amd64" go build -trimpath -ldflags "$(hack/get-ldflags.sh)" ./cmd/pinniped
. - Refactors to use
Conditions
type from the Kubernetes library (#1644). If you are using the generated client code in a Golang project, you may need to change yourimport
statements for theConditions
type used by several Pinniped types to import it from thek8s.io/apimachinery/pkg/apis/meta/v1
library. - Updates Go to v1.21.1, update Kubernetes libraries to v0.28.2, and updates all other project dependencies (#1630, #1646, #1647, #1664, #1674, #1675, #1676, #1677).
- Improves logging for debugging Pinniped Supervisor ingress and TLS certificate configuration problems at the default log level (#1662).
- Documentation and minor web site updates (#1419, #1621, #1631, #1654, #1663)
Bug Fixes
- Fix an error that can occur in the Concierge when the cluster has been configured to automatically inject sidecar containers into every pod, including the kube cert agent pod (#1682).
A complete list of changes (148 commits, 1,179 changed files with 27,130 additions and 108,272 deletions) can be found here.
Acknowledgements
Thanks to @djpbessems for providing suggestions and feedback for one of the docs PRs (#1631).