Release v0.34.0
Release Image
| Image | Registry |
|---|---|
ghcr.io/vmware-tanzu/pinniped/pinniped-server:v0.34.0
| GitHub Container Registry |
docker.io/getpinniped/pinniped-server:v0.34.0
| DockerHub |
These images can also be referenced by their digest: sha256:fe17d873d146347defe440ee53b7b4b31416e56a66c6e73312cc482f93e2c898.
Changes
This release fixes a bug when calculating status conditions for WebhookAuthenticators and GitHubIdentityProviders in the presence of HTTPS_PROXY. It also includes some other minor changes, bug fixes, and upgrades all project dependencies.
Minor Changes
- Updates Go to v1.23.2, updates the Kubernetes libraries to v0.31.1, and updates all other project dependencies. (#2071, #2068, #2067, #2064, #2063, #2059, #2058, #2057, #2052, #2047, #2048, #2046, #2045, #2044, #2042, #2041)
- Some developer tooling, log statements, and comments were improved for the project maintainers and contributors. (#2061, #2049, #2037)
- Some small documentation updates. (#2050, #2038, #2039)
Bug Fixes
- When the
HTTPS_PROXYenvironment variable was set for the Concierge pods, the Concierge would not use the proxy setting while calculating the status conditions of WebhookAuthenticators. This could cause the connection probe to fail and the WebhookAuthenticator to be incorrectly put into an error status, making it unusable. This bug was introduced in v0.30.0 when the WebhookAuthenticator status conditions were introduced. This release fixes the bug by automatically skipping the connection probe when theHTTPS_PROXYandNO_PROXYenvironment variable values would cause requests to the WebhookAuthenticator's configured URL to be made through the proxy. (#2069) Additionally, thetls.Dialused in this connection probe was assigned a timeout. (#2056, #2065) - When the
HTTPS_PROXYenvironment variable was set for the Supervisor pods, the Supervisor would not use the proxy setting while calculating the status conditions of GitHubIdentityProviders. This could cause the connection probe to fail and the GitHubIdentityProvider to be incorrectly put into an error status, making it unusable. This bug was introduced in v0.31.0 when GitHubIdentityProviders were first introduced. This release fixes the bug by respecting the values of theHTTPS_PROXYandNO_PROXYenvironment variables during the connection probe to the configured GitHub server. (#2069) - When the Concierge finds a controller-manager pod and tries to parse its configured command-line flags, it previously looked for the flags
--cluster-signing-cert-fileand--cluster-signing-key-file. Now it will also look for the alternate flags--cluster-signing-kube-apiserver-client-key-fileand--cluster-signing-kube-apiserver-client-cert-file. This could potentially help make the Concierge compatible with more Kubernetes distributions. For more information, please see the PR description. (#2043)
Diffs
A complete list of changes (113 commits, 421 changed files with 25,654 additions and 11,665 deletions) can be found here.