|
1 | | -# v1.0.4 |
2 | | - |
| 1 | +# v2.2.0 |
3 | 2 | ## Features |
4 | | -* feat(signer): Signer recognizes `metadata.command-issuer.keyfactor.com/<metadata-field-name>: <metadata-value>` annotations on the CertificateRequest resource and uses them to populate certificate metadata in Command. |
5 | | -* feat(release): Container build and release now uses GitHub Actions. |
| 3 | +- Added support for enrolling CSRs with [Enrollment Patterns](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Enrollment-Patterns.htm), a new feature introduced in Keyfactor Command 25.1. [Release notes](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReleaseNotes/Release2511.htm) |
| 4 | + - Usage of `CertificateTemplate` is still supported, but if using Keyfactor Command 25.1 and above, it is recommended to start using Enrollment Patterns in your issuer specification. You may use `EnrollmentPatternId` or `EnrollmentPatternName` in your specification. |
| 5 | + |
| 6 | +## Chores |
| 7 | +- Updated documentation for using ambient credentials with Azure Kuberentes Services. |
| 8 | +- Removed documentation for using ambient credentials with Google Kubernetes Engine. As of writing, Google is not a supported identity provider in Keyfactor Command. |
| 9 | +- Migrated from using [keyfactor-go-client](https://github.com/Keyfactor/keyfactor-go-client) to [keyfactor-go-client-sdk](https://github.com/keyfactor/keyfactor-go-client-sdk). |
| 10 | + |
| 11 | +# v2.1.1 |
6 | 12 |
|
7 | 13 | ## Fixes |
8 | | -* fix(helm): CRDs now correspond to correct values for the `command-issuer`. |
9 | | -* fix(helm): Signer Helm Chart now includes a `secureMetrics` value to enable/disable sidecar RBAC container for further protection of the `/metrics` endpoint. |
10 | | -* fix(signer): Signer now returns CA chain bytes instead of appending to the leaf certificate. |
11 | | -* fix(role): Removed permissions for `configmaps` resource types for the `leader-election-role` role. |
| 14 | +- Update Helm chart deployment template to resolve Docker image metadata issue. |
12 | 15 |
|
13 | | -# v1.0.5 |
| 16 | +## Chores |
| 17 | +- Update documentation for more clear instructions on deploying workloads to Azure Kubernetes Service and Google Kubernetes Engine, as well as permissions needed on Command Security Roles. |
14 | 18 |
|
15 | | -## Features |
16 | | -* feat(controller): Implement Kubernetes `client-go` REST client for Secret/ConfigMap retrieval to bypass `controller-runtime` caching system. This enables the reconciler to retrieve Secret and ConfigMap resources at the namespace scope with only namespace-level permissions. |
| 19 | +# v2.1.0 |
17 | 20 |
|
18 | 21 | ## Fixes |
19 | | -* fix(helm): Add configuration flag to configure chart to either grant cluster-scoped or namespace-scoped access to Secret and ConfigMap API |
20 | | -* fix(controller): Add logic to read secret from reconciler namespace or Issuer namespace depending on Helm configuration. |
| 22 | +- Updated library golang.org/x/crypto to version v0.33.0 to address authorization bypass vulnerability (https://github.com/advisories/GHSA-v778-237x-gjrc) |
| 23 | +- Bug fix for Google ambient credentials |
| 24 | + |
| 25 | +# v2.0.2 |
| 26 | + |
| 27 | +## Fixes |
| 28 | +- Bug fix in Helm chart release action |
| 29 | + |
| 30 | +# v2.0.1 |
| 31 | + |
| 32 | +## Fixes |
| 33 | +- Change Helm release trigger from `v*` to `release-*` to support Keyfactor Bootstrap Workflow |
21 | 34 |
|
22 | 35 | # v2.0.0 |
23 | 36 |
|
|
33 | 46 | - Refactor unit tests to use fake Command API instead of requiring live Command server. |
34 | 47 | - Write e2e integration test. |
35 | 48 |
|
36 | | -# v2.0.1 |
37 | | - |
38 | | -## Fixes |
39 | | -- Change Helm release trigger from `v*` to `release-*` to support Keyfactor Bootstrap Workflow |
| 49 | +# v1.0.5 |
40 | 50 |
|
41 | | -# v2.0.2 |
| 51 | +## Features |
| 52 | +* feat(controller): Implement Kubernetes `client-go` REST client for Secret/ConfigMap retrieval to bypass `controller-runtime` caching system. This enables the reconciler to retrieve Secret and ConfigMap resources at the namespace scope with only namespace-level permissions. |
42 | 53 |
|
43 | 54 | ## Fixes |
44 | | -- Bug fix in Helm chart release action |
45 | | - |
46 | | -# v2.1.0 |
| 55 | +* fix(helm): Add configuration flag to configure chart to either grant cluster-scoped or namespace-scoped access to Secret and ConfigMap API |
| 56 | +* fix(controller): Add logic to read secret from reconciler namespace or Issuer namespace depending on Helm configuration. |
47 | 57 |
|
48 | | -## Fixes |
49 | | -- Updated library golang.org/x/crypto to version v0.33.0 to address authorization bypass vulnerability (https://github.com/advisories/GHSA-v778-237x-gjrc) |
50 | | -- Bug fix for Google ambient credentials |
| 58 | +# v1.0.4 |
51 | 59 |
|
52 | | -# v2.1.1 |
| 60 | +## Features |
| 61 | +* feat(signer): Signer recognizes `metadata.command-issuer.keyfactor.com/<metadata-field-name>: <metadata-value>` annotations on the CertificateRequest resource and uses them to populate certificate metadata in Command. |
| 62 | +* feat(release): Container build and release now uses GitHub Actions. |
53 | 63 |
|
54 | 64 | ## Fixes |
55 | | -- Update Helm chart deployment template to resolve Docker image metadata issue. |
56 | | - |
57 | | -## Chores |
58 | | -- Update documentation for more clear instructions on deploying workloads to Azure Kubernetes Service and Google Kubernetes Engine, as well as permissions needed on Command Security Roles. |
| 65 | +* fix(helm): CRDs now correspond to correct values for the `command-issuer`. |
| 66 | +* fix(helm): Signer Helm Chart now includes a `secureMetrics` value to enable/disable sidecar RBAC container for further protection of the `/metrics` endpoint. |
| 67 | +* fix(signer): Signer now returns CA chain bytes instead of appending to the leaf certificate. |
| 68 | +* fix(role): Removed permissions for `configmaps` resource types for the `leader-election-role` role. |
0 commit comments