Releases: phenixblue/imageswap-webhook
v1.5.3
What's Changed
- Bump flask from 2.2.2 to 2.2.5 in /app/imageswap by @dependabot in #97
- Bump certifi from 2022.12.7 to 2023.7.22 in /app/imageswap-init by @dependabot in #102
- Bump cryptography from 39.0.1 to 41.0.2 in /app/imageswap-init by @dependabot in #101
- Bump cryptography from 41.0.2 to 41.0.3 in /app/imageswap-init by @dependabot in #103
- BUGFIX: identity mapping with EXACT and REPLACE is ignored by @ferenc-hechler in #104
- Prepare v1.5.3 release by @phenixblue in #106
Full Changelog: v1.5.2...v1.5.3
v1.5.2
What's Changed
- Bump oauthlib from 3.2.0 to 3.2.1 in /app/imageswap-init by @dependabot in #79
- Introducing [REPLACE] by @M4C4R in #85
- Bump certifi from 2022.9.14 to 2022.12.7 in /app/imageswap-init by @dependabot in #91
- Fix detection of IMAGESWAP_DISABLE_AUTO_MWC by @howardburgess in #88
- Bump cryptography from 38.0.4 to 39.0.1 in /app/imageswap-init by @dependabot in #92
- Bump werkzeug from 2.2.2 to 2.2.3 in /app/imageswap by @dependabot in #93
- Prepare v1.5.2 release by @phenixblue in #96
New Contributors
- @M4C4R made their first contribution in #85
- @howardburgess made their first contribution in #88
Full Changelog: v1.5.1...v1.5.2
v1.5.1
Overview
This is primarily a maintenance release with a couple of small enhancements.
Enhancements
- Cleanup some legacy logic for detecting the K8s API Server CA Cert. This also enables support in K3S environments (#70)
- Adds the
IMAGESWAP_DISABLE_AUTO_MWC
environment variable to allow for disabling the automatic generation of the Mutating Webhook Configuration (MWC) in the imageswap-init container (#71) - Adds the
IMAGESWAP_CSR_SIGNER_NAME
environmental variable to allow for customizing the signer used in the K8s CertificateSigningRequest resource. Defaults tokubernetes.io/kubelet-serving
to maintain backwards compatibility (#76)
Acknowledgements
v1.5.0
Overview
This release is primarily focused on adding support for newer Kubernetes versions (v1.19+), but does introduce breaking changes for prior Kubernetes versions.
ImageSwap v1.4.2 should be used for Kubernetes versions below v1.19.0
ImageSwap v1.5.0 is using a newer release of the Kubernetes Python Client library which removed some previously deprecated API's and changed the way the CertificateSigningRequest resource is handled for the webhook Cert Bundle.
This release also moves to using a new syntax (::
) to separate the key and value portions of a map definition in the maps file. Backwards compatibility is maintained for the existing :
syntax, but this has been deprecated and should not be used. Please update any existing map configurations to use the new syntax.
This release also adds additional validation to catch errors associated with specifying a registry in a map definition key that includes the :<port_number>
syntax. Previously this would result in an error and a stack trace. This is now handled gracefully and the new map separator syntax should allow for registries to include ports going forward.
Enhancements
- Add support for new map definition deparator syntax (#50)
- Bump Kubernetes Python Client to v23.3.0 to support new K8s versions (#68 / #65)
- Bump KinD node images/matrix to test aginst k8s v1.19, v1.20, v1.21, and v1.22 for CI (#68 / #65)
- Bump KinD Github Action to v0.12.0 for CI (#68 / #65)
- Move to admission.k8s.io/v1 for AdmissionReview (#68 / #65)
- Move to admissionregistration.k8s.io/v1 for VWC (#68 / #65)
- Add sign verb for cluster scoped RBAC (#68 / #65)
- Move to support v4.x of yq utility syntax for Makefile/CI (#68 / #65)
- Temporarily remove the
linux/ppc64le
platform from image builds. Ongoing issue that needs triage - Move imageswap-init container image to lockstep versioning with image swap image
Acknowledgements
- Thanks to @sblair-metrostar for bringing the port number issue to our attention
- Thanks to @mariomcosta, @awoimbee, and @ilrudie for helping get k8s v1.22+ supported
v1.4.2
Overview
This release fixes a bug in the image swap logic related to a scenario where a library level image is used and the image tag contains .
's.
More info can be found in this issue: #46
Enhancements
- Add fix for dotted tag on library image (#47)
Acknowledgements
- Thanks to @adavenpo for bringing this to our attention
v1.4.1
Overview
This release adds logic to process maps for library level images differently from images nested under a specific project/organization.
EXAMPLE:
docker.io:harbor.example.com
docker.io/library:harbor.example.com/library
This would be the output for the library vs. non-library images:
nginx:latest
-> harbor.example.com/library/nginx:latest
tmobile/magtape:latest
-> harbor.example.com/tmobile/magtape:latest
This is applicable for use cases such as the Harbor projects image pull-through cache
- See the maps examples for specific syntax on using the library map
- Docker documentation for image naming
Enhancements
- Add logic to handle maps for library level images (#42)
Acknowledgements
- Thanks to @fragolinux for the suggestion!
v1.4.0
Overview
This release addresses a few security fixes for dependent libraries and introduces some major enhancements.
!!! Please read carefully as there is new functoinality that is not directly backwards compatible !!!
ImageSwap v1.4.0 requires some new configuration settings and makes major changes to the default image swap logic.
Enhancements
- Introduces new MAPS swap mode logic (#29)
- Updates to logging when disable label is supplied (#29)
- Added a kustomize overlay for LEGACY swap mode (#29)
- Update image swap logic to preserve image org/project (#29)
- Update CI for Image Builds. Include multi-arch builds using buildx (#39)
- Bump KinD Version to 0.11.1 (#39)
- Bump KinD Node Images. Drop K8s v1.16 and add K8s v1.20 (#39)
MAPS LOGIC: There is a new MAPS mode logic that has been added to allow for more flexibility in the image swapping logic.
The existing logic, referred to asLEGACY
mode, is still available, but has been deprecated.
To continue using theLEGACY
mode logic set theIMAGESWAP_MODE
environment variable accordingly. Please reference the configuration section for more information.
Image Definition Preservation: Updates have been made to how image definitions are processed during a swap. Previously the swap logic would drop the image org/project before adding the prefix (ie.
nginx/nginx-ingress:latest
would drop thenginx/
portion of the image definition).
In v1.4.0+ the swap logic will preserve all parts of the image except the Registry (ie.docker.io/nginx/nginx-ingress
will drop thedocker.io
only from the image definition).
Security Fixes
v1.4.0-prerelease
Merge pull request #30 from phenixblue/update-changelog Updates changelog for 1.4.0 release prep
v1.3.2
Overview
This release contains a single security related fix.
Enhancements
Bumps jinja2 from 2.11.2 to 2.11.3. in /app/imageswap (#25)
v1.3.1
Overview
This release contains a single security related fix.
Enhancements
Bump cryptography from 3.2 to 3.3.2 in /app/imageswap-init (#24 )
Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)