Skip to content

Releases: SparebankenVest/azure-key-vault-to-kubernetes

Release 1.0.2

12 Mar 12:33
Compare
Choose a tag to compare

Unfortunately we had to patch away the functionality in the env-injector for removing sensitive files. The previous implementation caused issues if a pod crashed after initial startup and was unable to recover (because the filles needed where no longer present). We are currently working on a better and more secure solution, which will be released as soon as we can.

Helm Chart versions

We have bumped all versions, but only the env-injector has changed.

controller: 1.0.2 (app v: 1.0.2)
env-injector: 1.0.2 (app v: 1.0.2)

Installation / Upgrade

See https://akv2k8s.io/installation

Release 1.0.1

09 Mar 10:40
Compare
Choose a tag to compare

Patch relates to fix issue where AzureGermanCloud was mixed with AzureUSGovernmentCloud. Thanks to @theogq ❗️ for letting us know.

Helm Chart versions

controller: 1.0.1 (app v: 1.0.1)
env-injector: 1.0.1 (app v: 1.0.1)

Installation / Upgrade

See https://akv2k8s.io/installation

Version 1.0.0

08 Mar 23:36
Compare
Choose a tag to compare

Fixed all known critical issues and it was time to go to v1.0.0! 🎉

New features:

  • [docs] New documentation portal at https://akv2k8s.io
  • [env-injector] Improved logging
  • [env-injector] Prometheus metrics
  • [env-injector] Retry (up to 3 times) if fail to access AzureKeyVaultSecret on first try (ref: #34 )
  • [env-injector] Support getting raw certificate (?raw)
  • [controller & env-injector] Support all Azure environments (public, china, german, us-gov) - thanks @mayong43111 ❗️

Fixed:

  • [env-injector] Custom authentication
  • [env-injector] Delete sensitive files
  • [env-injector] Not map host volume for azure.json when using custom auth
  • [env-injector] Canonical names for Docker images
  • [controller] Use optional param for --cloudconfig (was hardcoded) - thanks @reiniertimmer ❗️

Helm Chart versions

controller: 1.0.0 (app v: 1.0.0)
env-injector: 1.0.0 (app v: 1.0.0)

Installation / Upgrade

See https://akv2k8s.io/installation

Version 0.1.15

11 Sep 21:38
Compare
Choose a tag to compare

This release fixes a timeout issue in the env-injector. All Docker images are updated with new version number to keep versions in sync.

Fixed:

  • [env-injector] Fixed timeout issue when downloading Docker images

Chart versions

controller: 0.1.22 (image versions: 0.1.15)
env-injector: 0.1.4 (image versions: 0.1.15)

Installation

Azure Key Vault Controller: https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/azure-key-vault-controller

Azure Key Vault Env Injector: https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/azure-key-vault-env-injector

Version 0.1.14

20 Jun 18:45
cac1a28
Compare
Choose a tag to compare

This release contains fixes and improvements for both the controller and env-injector.

Fixed:

  • [controller] Fixed issue where cloudconfig parameter was not used to load azure cloud config file (contributed by @reiniertimmer)

Improvements:

  • [controller & env-injector] Get all public keys (key chain)
  • [controller] When referencing a Certificate in AKV and Kubernetes secret type is Opaque, add the base64 encoded raw cert to Kubernetes secret
  • [controller] If private key is available for AKV certificate, export private key for both Kubernetes TLS and Opaque secret types

Documentation improvements:

  • Documented known issue when CA certs are missing
  • Corrected wrong reference to Kubernetes secret type for TLS (should be kubernetes.io/tls)
  • Documented that the env-injector needs to be explicitly enabled per namespace
  • Documented requirement for RBAC enabled cluster

Chart versions

controller: 0.1.20 (image versions: 0.1.14)
env-injector: 0.1.3 (image versions: 0.1.14)

Installation

Azure Key Vault Controller: https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/azure-key-vault-controller

Azure Key Vault Env Injector: https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/azure-key-vault-env-injector

Version 0.1.10

21 Mar 04:31
Compare
Choose a tag to compare

This release contains fixes and improvement for the env-injector. The controller is unchanged.

Fixed:

  • [env-injector] Inspecting docker image sometimes failed when trying to find cmd/entrypoint
  • [env-injector] Errors with non-canonical images (eg busybox:0.1.31 and not docker.io/library/busybox:0.1.31) solved
  • [env-injector] In some special cases an unhandled error caused mutation to continue, when it should have stopped, resulting in containers starting without injecting env vars

Improvements:

  • [env-injector] Better logging with timestamps

Chart versions

controller: 0.1.19 (image versions: 0.1.8)
env-injector: 0.1.2 (image versions: 0.1.10)

Installation

Azure Key Vault Controller: https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/azure-key-vault-controller

Azure Key Vault Env Injector: https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/azure-key-vault-env-injector

First public release

11 Mar 13:03
Compare
Choose a tag to compare

This is the first public release of Azure Key Vault Controller and Azure Key Vault Env Injector.

Install with Helm:

Azure Key Vault Controller: https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/azure-key-vault-controller

Azure Key Vault Env Injector: https://github.com/SparebankenVest/public-helm-charts/tree/master/stable/azure-key-vault-env-injector

Initial Alpha Release

09 Feb 21:12
Compare
Choose a tag to compare
Initial Alpha Release Pre-release
Pre-release

This is the first release of the Kubernetes Azure Key Vault Controller.

Image: spvest/azure-keyvault-controller:0.1.0-alpha.1

Synchronize Azure Key Vault Secrets, Certificates and Keys as Kubernetes Secrets