kubernetes-kms

v0.7.0 - 2024-04-18

Changelog

Maintenance 🔧

• 042a175 chore: bump google.golang.org/protobuf from 1.31.0 to 1.33.0 (#349)

Security Fix 🛡️

• 17e660e security: bump golang.org/x/net to v0.23.0+ to fix CVE-2023-45288 (#364)

v0.6.0 - 2024-02-22

Changelog

Documentation 📘

• f1c6590 docs: use control plane instead of master (#270)

Features 🌈

• 3d46bb8 feat: Integration tests for KMS v2 (#238)
• c0e39e7 feat: implements mlog (#241)

Maintenance 🔧

• 34e0c1c chore: switch to using mcr image (#321)
• 014af7e chore: update to go1.21 (#319)

Security Fix 🛡️

• 8130ca0 security: bump golang.org/x/crypto to v0.17.0 to fix CVE-2023-48795 (#341)

v0.5.0 - 2023-05-17

Changelog

Continuous Integration 💜

• a6b962e ci: [StepSecurity] Apply security best practices (#222)
• b1994cb ci: make semantic check title only (#223)
• f57300d ci: switch to using mariner pool (#218)

Documentation 📘

• 9d080d2 docs: add openssf badge (#229)
• 59a0d74 docs: add roadmap link to readme (#209)
• 68490e2 docs: update AKS feature (#201)

Features 🌈

• 71ea631 feat: implements kms v2beta1 APIs (#210)
• e1976fc feat: adds CodeQL (#221)

Maintenance 🔧

• 5e07862 chore: use dl.k8s.io instead of hardcoded url (#235)
• e2b1486 chore: adds enj to OWNERS (#211)
• 268ac24 chore: bump distroless/static from 149531e to 9ecc53c (#231)
• 6b74492 chore: remove manual gettext/envsubst install (#219)
• e77adb6 chore: update linters (#217)
• e4f695b chore: updates lint (#212)
• b5c9c03 chore: bump github.com/Azure/go-autorest/autorest/adal (#208)
• 30acbf3 chore: bump k8s.io/apiserver from 0.25.7 to 0.25.8 (#207)
• dc597a2 chore: bump k8s.io/apiserver from 0.25.6 to 0.25.7 (#205)
• 6afb9ba chore: bump golang.org/x/text from 0.3.7 to 0.3.8 in /tools (#203)
• f7e64ce chore: bump golang.org/x/net from 0.4.0 to 0.7.0 (#202)
• a87a454 chore: bump github.com/Azure/azure-sdk-for-go (#200)
• 14d600d chore: bump github.com/Azure/go-autorest/autorest/adal (#199)
• e78c4f1 chore: bump k8s.io/apiserver from 0.25.5 to 0.25.6 (#198)
• 095042e chore: bump github.com/Azure/azure-sdk-for-go (#196)

v0.4.0 - 2022-12-20

Changelog

Continuous Integration 💜

• 483ca98 ci: update kubernetes versions for supported releases
• 2cefbfe ci: remove kubernetes version 1.22 (EOL)
• b3a62d8 ci: enable tests with kubernetes v1.26
• a53f68a ci: add CODEOWNERS file (#157)

Documentation 📘

• 8b88a5b docs: add release cadence to readme (#163)

Maintenance 🔧

• b3d9753 chore: bump github.com/Azure/azure-sdk-for-go (#192)
• 371e85b chore: bump k8s.io/apiserver from 0.25.4 to 0.25.5 (#190)
• 848d605 chore: bump github.com/Azure/azure-sdk-for-go (#188)
• f2f76db chore: bump k8s.io/apiserver from 0.25.2 to 0.25.4 (#187)
• 887fab8 chore: bump github.com/Azure/azure-sdk-for-go (#182)
• f211190 chore: bump k8s.io/component-base from 0.25.2 to 0.25.3 (#181)
• ed01f47 chore: bump k8s.io/apiserver from 0.25.1 to 0.25.2 (#178)
• 45b248c chore: update deps for v1.25.0 (#172)
• d1163d7 chore: bump k8s.io/apiserver from 0.24.3 to 0.24.4 (#170)
• a07dffa chore: update to go 1.19 (#171)
• a33d3e8 chore: bump github.com/Azure/go-autorest/autorest (#165)
• 40dceda chore: bump github.com/Azure/go-autorest/autorest/adal (#166)
• b6997f5 chore: update k8s deps to v1.24 (#164)
• b952953 chore: bump k8s.io/apiserver from 0.23.8 to 0.23.9 (#161)
• 583cff3 chore: bump github.com/Azure/azure-sdk-for-go (#160)
• 06f403e chore: bump k8s.io/apiserver from 0.23.7 to 0.23.8 (#158)
• 1708083 chore: bump github.com/Azure/azure-sdk-for-go (#156)
• c55e917 chore: bump k8s.io/apiserver from 0.23.6 to 0.23.7 (#154)
• 4173327 chore: bump github.com/Azure/go-autorest/autorest/adal (#150)
• 7a3b7b7 chore: bump github.com/Azure/azure-sdk-for-go (#149)
• fa396e6 chore: bump github.com/Azure/go-autorest/autorest/adal (#148)
• 0e5a22c chore: bump github.com/Azure/go-autorest/autorest (#147)
• c1177fe chore: bump k8s.io/apiserver from 0.23.5 to 0.23.6 (#146)
• f709bb8 chore: bump k8s.io/component-base from 0.23.5 to 0.23.6 (#145)
• f153de9 chore: bump github.com/Azure/azure-sdk-for-go (#144)
• 71af4c9 chore: bump github.com/Azure/azure-sdk-for-go (#143)
• 01fd443 chore: bump github.com/Azure/azure-sdk-for-go (#141)

Security Fix 🛡️

• b925b99 security: fix CVE-2022-41717 (#193)
• ee7a024 security: fix CVE-2022-32149 (#185)
• 5087dc7 security: fix CVE-2022-27664 (#176)

Testing 💚

• 963762d test: enable e2e with kind cluster matrix (#173)

v0.3.0 - 2022-04-11

Changelog

Bug Fixes 🐞

• f86d095 fix: add LDFLAGS args in dockerfile (#123)

Continuous Integration 💜

• 9e75cca ci: add goreleaser workflow for release (#139)
• b2c7af7 ci: switch to upstream ado org for e2e (#137)
• 346f0db ci: add semantic.yml (#132)

Documentation 📘

• 1f21b02 docs: update build badge url and add release badge (#138)

Features 🌈

• 27c7d31 feat: add support for managed HSM (#134)

Maintenance 🔧

• 764f341 chore: use structured logging and update imports order (#135)
• 0cba524 chore: bump github.com/Azure/go-autorest/autorest (#133)
• 09d9c30 chore: bump k8s.io/apiserver from 0.23.0 to 0.23.5 (#130)
• de5e00d chore: bump github.com/Azure/azure-sdk-for-go (#129)
• 17602d5 chore: bump google.golang.org/grpc from 1.40.0 to 1.40.1 (#128)
• 635feb5 chore: add dependabot.yml (#127)
• 962eaf1 chore: upgrade to go 1.18 (#124)
• 9144954 chore: update dependencies (#122)

Features 🌈

• https://github.com/Azure/kubernetes-kms/commit/14bc5c4533f2fac0133a6d81e80ac647cee29adf Support proxy in case kms-plugin can not access key vault (#119)

KMS Plugin for Key Vault image is now in mcr.microsoft.com/oss/azure/kms/keyvault:v0.2.0

Features 🌈

• add arm64 support for images (#116)

Documentation 📘

• add securityContext to pod manifest (#109)

Maintenance 🔧

• use := for IMAGE_TAG to not override (#108)
• update to go 1.17 (#115)

Testing 💚

• fixes flake and enables metrics test (#112)

KMS Plugin for Key Vault image is now in mcr.microsoft.com/oss/azure/kms/keyvault:v0.1.0

Warning ⚠️

--configFilePath flag has been deprecated with #103. Use --config-file-path instead to configure path for Azure Cloud Provider config file.

Features 🌈

• Adds Open Telemetry metrics (#104)

Bug Fixes 🐞

• Fixes keyvault token request when using user msi (#100)

Documentation 📘

• add rotation guide (#89)
• Adds metrics document (#104)

Testing 💚

• add nightly pipeline and fix CVE-2021-24032 (#81)
• Adds upgrade tests (#97)
• Adds soak tests (#97)

Maintenance 🔧

• Sanitizes (removes double quotes and white spaces) vault name, key name and key version (#102)
• Upgrades golang version to 1.16 (#82)
• change base image to distroless/static (#86)

KMS Plugin for Key Vault image is now in mcr.microsoft.com/oss/azure/kms/keyvault:v0.0.12

Features 🌈

• switch to distroless base image (#70)
• add byok support and refactor (#66)
• add healthz check for kms plugin (#77)

Documentation 📘

• update manual install docs for v0.0.11 release (#80)

Testing 💚

• add e2e tests with kind cluster (#75)
• enable golangci-lint (#76)

Maintenance 🔧

• update debian-base image to buster-v1.3.0 (#74)
• update debian-base image to buster-v1.4.0 (#78)

KMS Plugin for Key Vault image is now in mcr.microsoft.com/oss/azure/kms/keyvault:v0.0.11

Bug Fixes 🐞

• Skip key existence check after first time (resolves api limits and failing secrets) (#65)

Documentation 📘

• Removing AKS section as AKS doesn't use KMS today. (#54)
• add standalone Code of Conduct doc where GH can see it (#51)
• Add GitHub pull request template (#50)
• Add GitHub issue templates for bug and feature request (#49)
• add build badges (#64)

Testing 💚

• setup azure pipeline and add e2e (#60)
• update pipeline for unit tests (#67)

Image is in mcr.microsoft.com/k8s/kms/keyvault:v0.0.10