spire-0.7.1

A Helm chart for deploying spire-server and spire-agent.

⚠️ Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server.
⚠️ Minimum Spire version is v1.0.2.

To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM.

docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh

Then add the following to /etc/kubernetes/manifests/kube-apiserver.yaml

spec:
   containers:
     - command:
          - kube-apiserver
          - --api-audiences=api,spire-server
          - --service-account-issuer=api,spire-agent
          - --service-account-key-file=/run/config/pki/sa.pub
          - --service-account-signing-key-file=/run/config/pki/sa.key

What's Changed

• Allow to configure oidc nginx container resources by @marcofranssen in #75

Full Changelog: spire-0.7.0...spire-0.7.1

spire-0.7.0

A Helm chart for deploying spire-server and spire-agent. > ⚠️ Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server. > ⚠️ Minimum Spire version is v1.0.2. To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM. bash docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh Then add the following to /etc/kubernetes/manifests/kube-apiserver.yaml yaml spec: containers: - command: - kube-apiserver - --api-audiences=api,spire-server - --service-account-issuer=api,spire-agent - --service-account-key-file=/run/config/pki/sa.pub - --service-account-signing-key-file=/run/config/pki/sa.key

What's Changed

• spire configurable socket paths by @marcofranssen in #74

Full Changelog: spire-0.6.3...spire-0.7.0

spire-0.6.3

A Helm chart for deploying spire-server and spire-agent. > ⚠️ Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server. > ⚠️ Minimum Spire version is v1.0.2. To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM. bash docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh Then add the following to /etc/kubernetes/manifests/kube-apiserver.yaml yaml spec: containers: - command: - kube-apiserver - --api-audiences=api,spire-server - --service-account-issuer=api,spire-agent - --service-account-key-file=/run/config/pki/sa.pub - --service-account-signing-key-file=/run/config/pki/sa.key

What's Changed

• Fix spire oidc nginx container by @marcofranssen in #73

Full Changelog: spire-0.6.2...spire-0.6.3

spire-client-example-0.3.0

A Helm chart for deploying a spire workload as example.

spire-0.6.2

A Helm chart for deploying spire-server and spire-agent. > ⚠️ Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server. > ⚠️ Minimum Spire version is v1.0.2. To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM. bash docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh Then add the following to /etc/kubernetes/manifests/kube-apiserver.yaml yaml spec: containers: - command: - kube-apiserver - --api-audiences=api,spire-server - --service-account-issuer=api,spire-agent - --service-account-key-file=/run/config/pki/sa.pub - --service-account-signing-key-file=/run/config/pki/sa.key

Full Changelog: spire-client-example-0.3.0...spire-0.6.2

spire-0.6.1

A Helm chart for deploying spire-server and spire-agent. > ⚠️ Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server. > ⚠️ Minimum Spire version is v1.0.2. To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM. bash docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh Then add the following to /etc/kubernetes/manifests/kube-apiserver.yaml yaml spec: containers: - command: - kube-apiserver - --api-audiences=api,spire-server - --service-account-issuer=api,spire-agent - --service-account-key-file=/run/config/pki/sa.pub - --service-account-signing-key-file=/run/config/pki/sa.key

What's Changed

• spiffe csi volume for oidc by @marcofranssen in #70

Full Changelog: spire-0.6.0...spire-0.6.1

spire-0.6.0

A Helm chart for deploying spire-server and spire-agent. > ⚠️ Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server. > ⚠️ Minimum Spire version is v1.0.2. To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM. bash docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh Then add the following to /etc/kubernetes/manifests/kube-apiserver.yaml yaml spec: containers: - command: - kube-apiserver - --api-audiences=api,spire-server - --service-account-issuer=api,spire-agent - --service-account-key-file=/run/config/pki/sa.pub - --service-account-signing-key-file=/run/config/pki/sa.key

Full Changelog: spire-0.5.6...spire-0.6.0

spire-0.5.6

A Helm chart for deploying spire-server and spire-agent. > ⚠️ Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server. > ⚠️ Minimum Spire version is v1.0.2. To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM. bash docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh Then add the following to /etc/kubernetes/manifests/kube-apiserver.yaml yaml spec: containers: - command: - kube-apiserver - --api-audiences=api,spire-server - --service-account-issuer=api,spire-agent - --service-account-key-file=/run/config/pki/sa.pub - --service-account-signing-key-file=/run/config/pki/sa.key

Full Changelog: spire-0.5.5...spire-0.5.6

spire-0.5.5

A Helm chart for deploying spire-server and spire-agent. > ⚠️ Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server. > ⚠️ Minimum Spire version is v1.0.2. To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM. bash docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh Then add the following to /etc/kubernetes/manifests/kube-apiserver.yaml yaml spec: containers: - command: - kube-apiserver - --api-audiences=api,spire-server - --service-account-issuer=api,spire-agent - --service-account-key-file=/run/config/pki/sa.pub - --service-account-signing-key-file=/run/config/pki/sa.key

Full Changelog: spire-0.5.4...spire-0.5.5

spire-0.5.4

A Helm chart for deploying spire-server and spire-agent. > ⚠️ Please note this chart requires Projected Service Account Tokens which has to be enabled on your k8s api server. > ⚠️ Minimum Spire version is v1.0.2. To enable Projected Service Account Tokens on Docker for Mac/Windows run the following command to SSH into the Docker Desktop K8s VM. bash docker run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh Then add the following to /etc/kubernetes/manifests/kube-apiserver.yaml yaml spec: containers: - command: - kube-apiserver - --api-audiences=api,spire-server - --service-account-issuer=api,spire-agent - --service-account-key-file=/run/config/pki/sa.pub - --service-account-signing-key-file=/run/config/pki/sa.key

Full Changelog: spire-0.5.3...spire-0.5.4