Releases: philips-labs/helm-charts
spire-0.12.2
A Helm chart for deploying the full Spire stack into your k8s cluster.
Components:
- spire-server
- spire-controller-manager (optional)
- spire-k8s-workload-registrar (deprecated, optional)
- spire-agent
- spiffe-csi-driver
- spiffe-oidc-discovery-provider (optional)
Warning: Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server.
Note: Minimum Spire version is
v1.5.3(This requires a nodeSelector to limit toamd64nodes on multi-node clusters).
The recommended minimum version for multi-architecture clusters isv1.6.0which ships witharm64support.
To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM.
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i shThen add the following to /etc/kubernetes/manifests/kube-apiserver.yaml
spec:
containers:
- command:
- kube-apiserver
- --api-audiences=api,spire-server
- --service-account-issuer=api,spire-agent
- --service-account-key-file=/run/config/pki/sa.pub
- --service-account-signing-key-file=/run/config/pki/sa.keyWhat's Changed
- Replace hostPath volume with emptyDir on spire-server by @marcofranssen in #120
Full Changelog: spire-0.12.1...spire-0.12.2
Contributors
Assets 3
spire-0.12.1
A Helm chart for deploying the full Spire stack into your k8s cluster.
Components:
- spire-server
- spire-controller-manager (optional)
- spire-k8s-workload-registrar (deprecated, optional)
- spire-agent
- spiffe-csi-driver
- spiffe-oidc-discovery-provider (optional)
Warning: Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server.
Note: Minimum Spire version is
v1.5.3(This requires a nodeSelector to limit toamd64nodes on multi-node clusters).
The recommended minimum version for multi-architecture clusters isv1.6.0which ships witharm64support.
To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM.
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i shThen add the following to /etc/kubernetes/manifests/kube-apiserver.yaml
spec:
containers:
- command:
- kube-apiserver
- --api-audiences=api,spire-server
- --service-account-issuer=api,spire-agent
- --service-account-key-file=/run/config/pki/sa.pub
- --service-account-signing-key-file=/run/config/pki/sa.keyWhat's Changed
- fix healthcheck spire controller manager by @marcofranssen in #119
Full Changelog: spire-0.12.0...spire-0.12.1
Contributors
Assets 3
spire-0.12.0
A Helm chart for deploying the full Spire stack into your k8s cluster.
Components:
- spire-server
- spire-controller-manager (optional)
- spire-k8s-workload-registrar (deprecated, optional)
- spire-agent
- spiffe-csi-driver
- spiffe-oidc-discovery-provider (optional)
Warning: Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server.
Note: Minimum Spire version is
v1.5.3(This requires a nodeSelector to limit toamd64nodes on multi-node clusters).
The recommended minimum version for multi-architecture clusters isv1.6.0which ships witharm64support.
To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM.
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i shThen add the following to /etc/kubernetes/manifests/kube-apiserver.yaml
spec:
containers:
- command:
- kube-apiserver
- --api-audiences=api,spire-server
- --service-account-issuer=api,spire-agent
- --service-account-key-file=/run/config/pki/sa.pub
- --service-account-signing-key-file=/run/config/pki/sa.keyWhat's Changed
- Bump spire images to arm64 releases by @marcofranssen in #110
Full Changelog: spire-0.11.5...spire-0.12.0
Contributors
Assets 3
spire-0.11.5
A Helm chart for deploying spire-server and spire-agent.
Warning: Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server.
Note: Minimum Spire version is
v1.5.3.
To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM.
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i shThen add the following to /etc/kubernetes/manifests/kube-apiserver.yaml
spec:
containers:
- command:
- kube-apiserver
- --api-audiences=api,spire-server
- --service-account-issuer=api,spire-agent
- --service-account-key-file=/run/config/pki/sa.pub
- --service-account-signing-key-file=/run/config/pki/sa.keyWhat's Changed
- Bump actions/checkout from 3.2.0 to 3.3.0 by @dependabot in #118
- Add option to specify priorityClassName to the helm charts (#117)Co-authored-by: Marco Franssen [email protected] by @ancsatis in #117
New Contributors
Full Changelog: spire-0.11.4...spire-0.11.5
Contributors
Assets 3
spire-0.11.4
A Helm chart for deploying spire-server and spire-agent.
Warning: Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server.
Note: Minimum Spire version is
v1.5.3.
To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM.
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i shThen add the following to /etc/kubernetes/manifests/kube-apiserver.yaml
spec:
containers:
- command:
- kube-apiserver
- --api-audiences=api,spire-server
- --service-account-issuer=api,spire-agent
- --service-account-key-file=/run/config/pki/sa.pub
- --service-account-signing-key-file=/run/config/pki/sa.keyWhat's Changed
- Fix some volumes by @marcofranssen in #115
Full Changelog: spire-0.11.3...spire-0.11.4
Contributors
Assets 3
spire-0.11.3
A Helm chart for deploying spire-server and spire-agent.
Warning: Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server.
Note: Minimum Spire version is
v1.5.3.
To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM.
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i shThen add the following to /etc/kubernetes/manifests/kube-apiserver.yaml
spec:
containers:
- command:
- kube-apiserver
- --api-audiences=api,spire-server
- --service-account-issuer=api,spire-agent
- --service-account-key-file=/run/config/pki/sa.pub
- --service-account-signing-key-file=/run/config/pki/sa.keyWhat's Changed
- improve spiffe csi security by @marcofranssen in #113
- Bump spire images to 1.5.5 to resolve some CVEs by @marcofranssen in #114
Full Changelog: spire-0.11.2...spire-0.11.3
Contributors
Assets 3
spire-0.11.2
A Helm chart for deploying spire-server and spire-agent.
Warning: Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server.
Note: Minimum Spire version is
v1.5.3.
To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM.
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i shThen add the following to /etc/kubernetes/manifests/kube-apiserver.yaml
spec:
containers:
- command:
- kube-apiserver
- --api-audiences=api,spire-server
- --service-account-issuer=api,spire-agent
- --service-account-key-file=/run/config/pki/sa.pub
- --service-account-signing-key-file=/run/config/pki/sa.keyWhat's Changed
- Add namespaceSelector for spire-controller-manager by @KenHuffmanAtNice in #112
Full Changelog: spire-0.11.1...spire-0.11.2
Contributors
Assets 3
spire-0.11.1
A Helm chart for deploying spire-server and spire-agent.
Warning: Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server.
Note: Minimum Spire version is
v1.5.3.
To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM.
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i shThen add the following to /etc/kubernetes/manifests/kube-apiserver.yaml
spec:
containers:
- command:
- kube-apiserver
- --api-audiences=api,spire-server
- --service-account-issuer=api,spire-agent
- --service-account-key-file=/run/config/pki/sa.pub
- --service-account-signing-key-file=/run/config/pki/sa.keyWhat's Changed
- Hotfix k8s service dns names for oidc provider by @marcofranssen in #111
Full Changelog: spire-0.11.0...spire-0.11.1
Contributors
Assets 3
spire-0.11.0
A Helm chart for deploying spire-server and spire-agent.
Warning: Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server.
Note: Minimum Spire version is
v1.5.3.
To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM.
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i shThen add the following to /etc/kubernetes/manifests/kube-apiserver.yaml
spec:
containers:
- command:
- kube-apiserver
- --api-audiences=api,spire-server
- --service-account-issuer=api,spire-agent
- --service-account-key-file=/run/config/pki/sa.pub
- --service-account-signing-key-file=/run/config/pki/sa.keyWhat's Changed
- Add support for spire controller manager by @marcofranssen in #102
Full Changelog: spire-0.10.2...spire-0.11.0
Contributors
Assets 3
spire-0.10.2
A Helm chart for deploying spire-server and spire-agent.
Warning: Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server.
Note: Minimum Spire version is
v1.5.3.
To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM.
docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i shThen add the following to /etc/kubernetes/manifests/kube-apiserver.yaml
spec:
containers:
- command:
- kube-apiserver
- --api-audiences=api,spire-server
- --service-account-issuer=api,spire-agent
- --service-account-key-file=/run/config/pki/sa.pub
- --service-account-signing-key-file=/run/config/pki/sa.keyWhat's Changed
- Hotfix spire-server, k8s-workload-registrar, spire-agent, and upstream-ca-secret by @marcofranssen in #109
Full Changelog: spire-0.10.1...spire-0.10.2