- [ENHANCEMENT] bump dependencies
- [ENHANCEMENT] Makefile, Dockerfile to work better with different architectures
- [ENHANCEMENT] bump dependencies
- [ENHANCEMENT]
README.md
now contains information about the future outlook of the project wrt to deprecations, features and K8s Sig-Auth acceptance - [ENHANCEMENT] bump dependencies
- [FEATURE] health endpoint
/healthz
offered on--proxy-endpoints-port
- [FEATURE]
--upstream-client-cert-file
enables the kube-rbac-proxy client connecting to upstream to use TLS - [CHANGE] use cobra and usptream command machinery, introduces deprecation to some flags
- [ENHANCEMENT] bump k8s to 1.25.2 #200 (contains fixes for CVEs)
- [ENHANCEMENT] bump Go to 1.19.1 #178 (contains fixes for CVEs)
- [ENHANCEMENT] bump golang.org/x/crypto due to CVE-2022-27191 #188
- [CHANGE] add warning messages for features that will be removed
- [ENHANCEMENT] bump k8s to 1.24.2 #178
- [ENHANCEMENT] bump Go to 1.18.3 #178
- [ENHANCEMENT] update README.md to be more accurate and up to date #178, #173
- [ENHANCEMENT] check all headers for rewrites and create additional authz requests #171
- [ENHANCEMENT] bump k8s to 1.23.5. #149, #155, #160
- [ENHANCEMENT] add release documentation, #156
- [ENHANCEMENT] use supported apiVersion for deployment and authorization. #150
- [BUGFIX] ppc64le image build which in turn fixed multi-arch build. #147
- [ENHANCEMENT] Support building on riscv64 architecture. #141
- [ENHANCEMENT] move --upstream-force-h2c out of --insecure-listen-address. #140
- [FEATURE] Support for path patterns in --allow-paths and --ignore-paths. #135
- [ENHANCEMENT] Dynamically reload client CA. #127
- [BUGFIX] Fix panics on client-cert authenticated requests. #132
- [FEATURE] Support local static authorizer. #125
- [FEATURE] Support rewrites using HTTP headers in addition to query parameters. #104
- [FEATURE] Support pass-through of client certificates. #113
- [FEATURE] Support TLS 1.3. #120
- [FEATURE] Add ability with the new
--ignore-paths
flag to define paths for which kube-rbac-proxy will proxy without performing authn/authz. This cannot be used with--allow-paths
. #91
- [CHANGE] Make images rootless. #86
- [FEATURE] Add ability to check for allowed request paths with new
--allow-paths
config option. #83
- [CHANGE] Use gcr.io/distroless/static as base image instead of alpine. #67
- [ENHANCEMENT] Add multi-arch container images for amd64, arm, arm64, ppc64le and s390x. #67
- [CHANGE] Move from glog to klog for logging. #57
- [FEATURE] Support token audience reviews. #56
- [FEATURE] Support custom upstream CAs. #34
- [ENHANCEMENT] Reload TLS certificates at runtime. #47
- [ENHANCEMENT] Add host in self-signed certs. #43
- [ENHANCEMENT] Use golang.org/x/net http2 server. #29
- [ENHANCEMENT] Update Kubernetes to 1.13.2 #28
- [ENHANCEMENT] Make multi-arch builds possible. #21
- [BUGFIX] Log when server isn't able to start. #27
- [BUGFIX] Set user specified TLS configuration when explicit TLS certificates are provided.
- [CHANGE] The config file flag has been renamed to
--config-file
. - [CHANGE] There is a breaking change in the configuration. All configuration that was previously valid, is now nested in
.authorization.resourceAttributes
. - [FEATURE] Add OIDC token authentication provider (note: this is not a client code flow for client authentication).
- [FEATURE] Add ability to rewrite SubjectAccessReviews based on request query parameters.
This release is unmodified code from v0.3.0, but built with latest golang.
- [BUGFIX] Fix
x509: cannot parse dnsName
in intermediate certificates.
- [FEATURE] Add HTTP/2 support.
- [ENHANCEMENT] Add ability to choose TLS cipher suites.
- [ENHANCEMENT] Add ability to choose minimum TLS version and default to TLS 1.2.
- [CHANGE]
--listen-address
flag renamed to--insecure-listen-address
. - [FEATURE] Add TLS support.