Releases: DaspawnW/vault-crd
1.9.1 - upgrade log4j api & logback
Upgrade for security reasons log4j & logback.
- As only log4j api is used it's not affected by the log4shell. Various scanners (e.g. trivy) still mark log4j-api as vulnerabile even it it's not the case.
- logback has also a vulnerability which not affects vault-crd as scan=true must be set but to be also safe upgrade for it.
1.9.0 - Mission api server on fire
As the title already says this release try to reduce the load on the api server
- switched reconciliation loop to use indexed informer
- introduce cache for secrets
- switched owner reference fix by default to false
Update process
This upgrade requires a manual job to be executed as soon as the new version of vault-crd is deployed:
namespaceResources=$(kubectl get namespaces -o json)
for ns in $(echo "${namespaceResources}" | jq -r '.items[] | @base64'); do
_jqNS() {
echo ${ns} | base64 --decode | jq -r ${1}
}
namespace=$(_jqNS '.metadata.name')
echo "Start searching for vault resources in namespace ${namespace}"
vaultResources=$(kubectl get vault --namespace ${namespace} -o json)
for vault in $(echo "${vaultResources}" | jq -r '.items[] | @base64'); do
_jqVault() {
echo ${vault} | base64 --decode | jq -r ${1}
}
name=$(_jqVault '.metadata.name')
echo "Patching secret ${name} in namespace ${namespace}"
kubectl patch secret --namespace ${namespace} ${name} -p '{"metadata": {"labels": {"vault.koudingspawn.de": "vault"}}}' --type=merge
done
done
1.8.0 - Kubernetes 1.22 support & java 11
Features
- Add support for Kubernetes 1.22 #71
- Upgrade java dependency to java 11
- Migrate to distroless java 11-nonroot
- Upgrade various dependencies
1.7.0 - report events to Kubernetes
Adds support to report events of successful / failed run on vault-crd resource.
This adds to the vault-crd resource events which can be listed via describe command.
Available events are:
- SuccessfulCreated (Created secret out of vault-crd resource)
- FailedCreation (Secret creation out of vault-crd resource failed with exception)
- SuccessfulModified (A secret was successfully modified out of vault-crd resource change or secret was updated in vault)
- FailedModification (A secret update out of vault-crd failed with an exception)
- RotationTriggered (A changeAdjustmentCallback was called to rotate a resource which is dependent on the vault-crd / secret resource)
- FixedOwnerReference (A Owner reference was fixed, for details please see 8b10f6e)
- DeletionOfResource (Vault-CRD resource was deleted and the corresponding secret was deleted by the controller)
1.6.3 - bugfix release
This release replaces the 1.6.2 release as it contains an issue in the java.security file
1.6.2 - bugfix release (Please don't use)
- Fix a bug that owner reference had wrong value
- Make exception if secret in properties can't be loaded more clear.
This release contains an issue with java.security, which is fixed in 1.6.3.
1.6.1 - feature / bugfix release
Changes:
- Add support for statefulset change detection
- Fix issue that could produce an endless "add" event
Docker image: daspawnw/vault-crd:1.6.1
1.6.0 - Adjustment Callback
New feature:
- An Adjustment Callback can be defined, with this a deployment gets re-rolled out as soon as a secret was modified (https://vault.koudingspawn.de/change-detection)
Docker image: daspawnw/vault-crd:1.6.0
1.5.0 - Feature release
New features:
- Add Admission Webhook to validate accessibility of secret before apply resource (#47)
- Propagate annotations and labels to secrets (#41)
- Switch to distroless java to increase security (#45)
- Helm Chart upgraded to support Admission-Webhook (https://github.com/DaspawnW/vault-crd-helm)
Thanks to @archi-team-cacd2 for the pull request :-)
Docker image: daspawnw/vault-crd:1.5.0
1.4.2 - Bugfix release
Contains a bugfix for an issue with newer versions of Kubernetes:
- #36 Too old resource version
Thanks to @terrych0u for opening the issue.
Docker image: daspawnw/vault-crd:1.4.2