The Concierge now supports most managed Kubernetes clusters including EKS, AKS, and GKE. This works by using a new strategy that employs Kubernetes impersonation. For more information about this new feature, see our blog post.
The Pinniped command-line tool now supports a
whoamisubcommand, which returns the currently-authenticated user identity. This functionality is also available in a new
WhoAmIRequestAPI served by the Concierge.
pinniped get kubeconfigcommand now waits for the Concierge to become stable and validates that the final generated kubeconfig is valid. It also prints more verbose log output describing any parameters that are autodetected.
Added several new optional flags to the
pinniped get kubeconfigcommand, including
--output. For a full list of new options, see the CLI reference documentation.
Added new API fields to the CredentialIssuer API to support the impersonation proxy strategy. The
status.kubeConfigInfofield is now deprecated and will be removed in a future release.
Fixed Homebrew installation of the
Upgraded Debian base images from 10.8 to 10.9.
Upgraded Go from 1.15.8 to 1.16.2.
Upgraded Kubernetes runtime library dependencies from v1.20.1 to v1.20.5 plus some additional unreleased commits to address CVE-2021-3121 (a potential denial-of-service vulnerability).
Improved the stability of several integration tests.
A complete list of changes (377 commits, 862 changed files with 33,098 additions and 4,917 deletions!) can be found here.