Releases: sapcc/kubernikus
Releases · sapcc/kubernikus
1.0.0+72f42c66025b7e1e4da64184f2f96f7470263077
Add images for k8s 1.31.10 (#1014) Co-authored-by: sapcc-bot <fabus@mailbox.com> Co-authored-by: Jan Knipper <9881823+jknipper@users.noreply.github.com>
1.0.0+2723af2986b16f2152449bacd08d1e012fd44da3
Add support for Kubernetes 1.33.2 (#1019) * Add images for k8s 1.33.2 * change default --------- Co-authored-by: sapcc-bot <fabus@mailbox.com> Co-authored-by: Jan Knipper <9881823+jknipper@users.noreply.github.com>
1.0.0+2688349cc820b22244c7af052edc8606d62440c5
v1.0.0+2688349cc820b22244c7af052edc8606d62440c5 Use cinder v3 in e2e test (#1023)
1.0.0+bdbb8d0f2b3864d03d28f694f9cbf2898ae76aad
v1.0.0+bdbb8d0f2b3864d03d28f694f9cbf2898ae76aad Update auth config on kluster update (#1016)
1.0.0+415897d6bcf8a013307ced4e6f844f3b2d8e21a0
Fix CA regeneration (#1013) When regenerating the TLS CA certificate we must be careful to keep the subject of the new CA exactly the same byte for byte. Otherwise the old CA is not considered in a cert pool when validating certificates issued by the new CA: https://github.com/golang/go/blob/497cb7c0c3042d3c6605b46a1bf35b7c3bc8b046/src/crypto/x509/cert_pool.go#L144 How the subject is rended into bytes from a pkix.Name struct is not guaranteed to be stable across go versions. We actually ran into this issue before and already filed a bug for this: https://github.com/golang/go/issues/45882 Signed-off-by: Fabian Ruff <fabian.ruff@sap.com>
1.0.0+d0fe42e5a2ad151c45691d7994036895f85d34a3
Add support for structured authentication (#995) * Initial support for structured-auth Signed-off-by: Fabian Ruff <fabian.ruff@sap.com> * add structured authenitcation configuration This commit adds a new field “authenticationConfiguration” to the kluster spec that allowing to provide the content of the —authentication-configuration config file. The ground controller reconciles any changes to the api and updates a configmap that is referenced in the apiserver deployment. As any changes to the configfile are automatically picked up by the apiserver this changes to the kluster spec become effective within a minute. Signed-off-by: Fabian Ruff <fabian.ruff@sap.com> * incorporate code-review feedback Signed-off-by: Fabian Ruff <fabian.ruff@sap.com> --------- Signed-off-by: Fabian Ruff <fabian.ruff@sap.com>
1.0.0+0bdf2604b830cff4d0f076088492bbf79133cc31
Rotate tls CA with missing subject key id, re-use private key (#1012) * Rotate tls CA with missing subject key id, re-use private key * Check for authority key id changes
1.0.0+29a429204e10cbc2352a452cf2011cdbfed6a737
v1.0.0+29a429204e10cbc2352a452cf2011cdbfed6a737 Move admission CA reconciliation into ground controller (#1011)
1.0.0+81d817287dfc007a1862081a0cc17d16b9dc7746
v1.0.0+81d817287dfc007a1862081a0cc17d16b9dc7746 Raise csi provisioner memory limit (#1007)
1.0.0+493594d1fa17cff3baab61d62bf7fc886f8969dc
Revert TLS CA rotation (#1008) Also, remove authority/subject key id generation as that is done by crypto/x509 library since go1.15.