Releases: jetstack/jetstack-secure
Releases · jetstack/jetstack-secure
v1.8.0
OCI_PREFLIGHT_IMAGE: quay.io/jetstack/venafi-agent
OCI_PREFLIGHT_TAG: v1.8.0
HELM_CHART_IMAGE: quay.io/jetstack/charts/venafi-kubernetes-agent
HELM_CHART_VERSION: v1.8.0
ARK_IMAGE: quay.io/jetstack/disco-agent
ARK_IMAGE_TAG: v1.8.0
ARK_IMAGE_DIGEST: sha256:4fe39b74b626fc2035cbdc67c749d19d27561e822da6f8877ccb9c1362536e95
ARK_CHART: quay.io/jetstack/charts/disco-agent
ARK_CHART_TAG: v1.8.0
ARK_CHART_DIGEST: sha256:15fb3bcda2fb2a856a3290fa19fec3b2b21546a2dd1e2bd85ee0b09d2dc39fda
What's Changed
- Add upload timeout by @inteon in #743
- Log debug message before uploading by @inteon in #744
- Upgrade go dependencies and makefile modules by @inteon in #745
- Run 'make upgrade-klone' and 'make generate' by @inteon in #749
- Upgrade go dependencies by @inteon in #750
- Use digests for all GH actions by @inteon in #751
- Rebrand Venafi to CyberArk by @inteon in #752
Full Changelog: v1.7.1...v1.8.0
Contributors
inteon
Assets 2
v1.8.0-alpha.0
OCI_PREFLIGHT_IMAGE: quay.io/jetstack/venafi-agent
OCI_PREFLIGHT_TAG: v1.8.0-alpha.0
HELM_CHART_IMAGE: quay.io/jetstack/charts/venafi-kubernetes-agent
HELM_CHART_VERSION: v1.8.0-alpha.0
ARK_IMAGE: quay.io/jetstack/disco-agent
ARK_IMAGE_TAG: v1.8.0-alpha.0
ARK_IMAGE_DIGEST: sha256:884e604811b1ca7b95a888078acfa1dcefeaf3a6c2366aa57ca7892f98abfc9c
ARK_CHART: quay.io/jetstack/charts/disco-agent
ARK_CHART_TAG: v1.8.0-alpha.0
ARK_CHART_DIGEST: sha256:9f39b2d5df827a9ac1df7b20da89265055fd646b84fbcd263b64dc30693307c9
What's Changed
- Add upload timeout by @inteon in #743
- Log debug message before uploading by @inteon in #744
- Upgrade go dependencies and makefile modules by @inteon in #745
Full Changelog: v1.7.1...v1.8.0-alpha.0
Contributors
inteon
Assets 2
v1.7.1
v1.7.1
This tag was signed with the committer’s verified signature.
wallrj-cyberark
Richard Wall
OCI_PREFLIGHT_IMAGE: quay.io/jetstack/venafi-agent
OCI_PREFLIGHT_TAG: v1.7.1
HELM_CHART_IMAGE: quay.io/jetstack/charts/venafi-kubernetes-agent
HELM_CHART_VERSION: v1.7.1
ARK_IMAGE: quay.io/jetstack/disco-agent
ARK_IMAGE_TAG: v1.7.1
ARK_IMAGE_DIGEST: sha256:b63bfa7eb45302be214e7f408aff70aa15221105ced934e95c2faf83e65aa0af
ARK_CHART: quay.io/jetstack/charts/disco-agent
ARK_CHART_TAG: v1.7.1
ARK_CHART_DIGEST: sha256:2d0ff2fd142e2f84541bd228591f1133b5b0604c7bedbecc839964696c0b49e0
What's Changed
This is a patch release with a small change to the CyberArk disco-agent, to filter out deleted Secret resources from the data which it uploads to the CyberArk Discovery and Context API because that data is not needed by the backend.
This release also contains various changes to the venafi-kubernetes-agent Helm chart documentation, related to the rebranding of Venafi to CyberArk product names.
Finally, this release contains extended debug logging, as a result of updating to the latest version of venafi-connection-lib, to help customers and support engineers diagnose problems with VenafiConnection based authentication in the field.
- [VC-46370] CyberArk: Skip deleted resources when converting data readings to snapshot by @wallrj-cyberark in #741
- [VC-45018] Improve consistency of contextual information in cert-components by @iossifbenbassat123 in #739
- [VC-46486] Update venafi-connection-lib to v0.5.1 by @wallrj-cyberark in #742
New Contributors
- @iossifbenbassat123 made their first contribution in #739
Helm Chart Changes
$ diff -u <(helm template oci://quay.io/jetstack/charts/venafi-kubernetes-agent --version v1.7.0 | fgrep -v -e helm.sh/chart -e app.kubernetes.io/version) <(helm template oci://quay.io/jetstack/charts/venafi-kubernetes-agent:v1.7.1 | fgrep -v -e helm.sh/chart -e app.kubernetes.io/version)
Pulled: quay.io/jetstack/charts/venafi-kubernetes-agent:v1.7.1
Pulled: quay.io/jetstack/charts/venafi-kubernetes-agent:v1.7.0
Digest: sha256:94782809893d1ad0e815054216bb77f41a97c9db9941da5743034fffd327ed4c
Digest: sha256:2776ca45271676dbfee30cbec69063faaef66c51081a56f0df249c20ba6d954e
--- /dev/fd/63 2025-11-04 12:20:32.541652736 +0000
+++ /dev/fd/62 2025-11-04 12:20:32.542652733 +0000
@@ -877,7 +877,7 @@
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- image: "quay.io/jetstack/venafi-agent:v1.7.0"
+ image: "quay.io/jetstack/venafi-agent:v1.7.1"
imagePullPolicy: IfNotPresent
env:
- name: POD_NAMESPACEDocker Image Comparison
$ diffoci diff quay.io/jetstack/venafi-agent:v1.7.0 quay.io/jetstack/venafi-agent:v1.7.1 --semantic
INFO[0000] Target platforms: [linux/amd64]
TYPE NAME INPUT-0 INPUT-1
File ko-app/preflight b2453fed97b6041799436821ae56d88e12b272ad373cde0c87af8261dc5f27f5 6d6aaa53e279170a4e42811ca176bf44330eda4acca70740970a657b03082cc0
File licenses/LICENSES eba3b9d98369e17c83a1ee29798b663e14dd9b54bcf720b936127a06f104fed3 b73d0d9af1d810bd33928f92085aa3e97ba79f3cc8f842f65f2be17ad7c7d7bd
Mani ctx:/manifests-0/annotations field "Annotations"
Idx ctx:/annotations field "Annotations"
Full Changelog: v1.7.0...v1.7.1
Contributors
wallrj-cyberark and iossifbenbassat123
Assets 2
v1.7.1-alpha.1
v1.7.1-alpha.1
This tag was signed with the committer’s verified signature.
wallrj-cyberark
Richard Wall
434f5a1
This commit was signed with the committer’s verified signature.
wallrj-cyberark
Richard Wall
A pre-release to test the latest venafi-connection-lib upgrade in #742
OCI_PREFLIGHT_IMAGE: quay.io/jetstack/venafi-agent
OCI_PREFLIGHT_TAG: v1.7.1-alpha.1
HELM_CHART_IMAGE: quay.io/jetstack/charts/venafi-kubernetes-agent
HELM_CHART_VERSION: v1.7.1-alpha.1
ARK_IMAGE: quay.io/jetstack/disco-agent
ARK_IMAGE_TAG: v1.7.1-alpha.1
ARK_IMAGE_DIGEST: sha256:6b43f206b6087f134e357b7a44936d02a466d30bd1dd08c2b3da351d17b1eb62
ARK_CHART: quay.io/jetstack/charts/disco-agent
ARK_CHART_TAG: v1.7.1-alpha.1
ARK_CHART_DIGEST: sha256:8a6011fe5d93fde6411cbaa358dcc04943ec10d436a5de3acff4d15a1f835e0c
v1.7.1-alpha.0
v1.7.1-alpha.0
This tag was signed with the committer’s verified signature.
wallrj-cyberark
Richard Wall
OCI_PREFLIGHT_IMAGE: quay.io/jetstack/venafi-agent
OCI_PREFLIGHT_TAG: v1.7.1-alpha.0
HELM_CHART_IMAGE: quay.io/jetstack/charts/venafi-kubernetes-agent
HELM_CHART_VERSION: v1.7.1-alpha.0
ARK_IMAGE: quay.io/jetstack/disco-agent
ARK_IMAGE_TAG: v1.7.1-alpha.0
ARK_IMAGE_DIGEST: sha256:27b5cba92c3a1d697efbb3dd30ad63f21fce913dcdf8ef466835ba9a129f40dc
ARK_CHART: quay.io/jetstack/charts/disco-agent
ARK_CHART_TAG: v1.7.1-alpha.0
ARK_CHART_DIGEST: sha256:0d9f386fb2678d311064df66f16ca16423e532bcd8fdff2cef73106e8c208499
What's Changed
- [VC-46370] CyberArk: Skip deleted resources when converting data readings to snapshot by @wallrj-cyberark in #741
Full Changelog: v1.7.0...v1.7.1-alpha.0
Contributors
wallrj-cyberark
Assets 2
v1.7.0
OCI_PREFLIGHT_IMAGE: quay.io/jetstack/venafi-agent
OCI_PREFLIGHT_TAG: v1.7.0
HELM_CHART_IMAGE: quay.io/jetstack/charts/venafi-kubernetes-agent
HELM_CHART_VERSION: v1.7.0
ARK_IMAGE: quay.io/jetstack/disco-agent
ARK_IMAGE_TAG: v1.7.0
ARK_IMAGE_DIGEST: sha256:d752c23399c41fc21c42b08451fed264934bbf4175d69f54d66ab91440faa0fa
ARK_CHART: quay.io/jetstack/charts/disco-agent
ARK_CHART_TAG: v1.7.0
ARK_CHART_DIGEST: sha256:4db0e34c80fc3d690f5b2d2bc7c242c11b4f01bf65117b81d20667672b3efa92
What's Changed
This release introduces a new Helm chart for the CyberArk Disco Agent, enhances data collection with additional cluster and secret metadata, and adds new output modes for easier debugging and integration.
Notable Changes
- Add CyberArk Disco Agent Helm chart by @wallrj-cyberark in #678
- Add cluster UID derived from kube-system namespace by @SgtCoDFish in #670
- Add cluster name and description to CyberArk Discovery and Context snapshot by @wallrj-cyberark in #730
- Collect creationTimestamp, deletionTimestamp and resourceVersion metadata for Secret and Route resources by @wallrj-cyberark in #688
- Report Kubernetes Secret immutable attribute to DisCo by @FelixPhipps in #735
- Add Local File output path mode by @wallrj-cyberark in #692
- Add support for MachineHub output mode to the CyberArk agent by @wallrj-cyberark in #696
- Change default agent config period to 12h in values.yaml by @wallrj-cyberark in #720
- Minimize snapshot by filtering non-clientauth TLS secrets by @wallrj-cyberark in #714
- Add debug roundtripper to discovery and identity clients for easier debugging by @wallrj-cyberark in #683
- Fix the version subcommand panic by @mladen-rusev-cyberark in #736
- Fix agent version reporting to handle go module/repo mismatch by @wallrj-cyberark in #733
- Improve DataReading JSON parsing and error handling by @wallrj-cyberark in #710
Non user-facing changes
- Remove jetstack-agent chart and docs by @SgtCoDFish in #672
- Rename cyberark-disco-agent to disco-agent across repo by @wallrj-cyberark in #727
- Deprecate service/discovery API and implement the new one by @mladen-rusev-cyberark in #706
- Refactor various clients (identity, servicediscovery, dataupload) to take an HTTP client by @wallrj-cyberark in #698, #699, #700
- Relocate internal packages and update imports by @wallrj-cyberark in #704
- Automate the e2e script to run in CI by @mladen-rusev-cyberark in #716
- Automate the release process for cyberark-disco-agent by @wallrj-cyberark in #725
- Add telemetry header to all API requests by @wallrj-cyberark in #719
Full Changelog: v1.6.0...v1.7.0
Helm chart changes
--- a/templates/configmap.yaml
+++ b/templates/configmap.yaml
@@ -10,7 +10,7 @@
data:
config.yaml: |-
- cluster_id: ""
+ cluster_name: ""
cluster_description: ""
server: "https://api.venafi.cloud/"
period: "0h1m0s"
--- a/templates/deployment.yaml
+++ b/templates/deployment.yaml
@@ -40,7 +40,7 @@
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
- image: "quay.io/jetstack/venafi-agent:v1.6.0"
+ image: "quay.io/jetstack/venafi-agent:v1.7.0"
imagePullPolicy: IfNotPresent
env:
- name: POD_NAMESPACE```
Docker image comparison
$ diffoci diff quay.io/jetstack/venafi-agent:v1.6.0 quay.io/jetstack/venafi-agent:v1.7.0 --semantic
TYPE NAME INPUT-0 INPUT-1
Cfg ctx:/manifests-0/config/config ? ?
File etc/apk/world b005d32b3c6437c7acc3dc372fd377180f028df42e35b8edaece5625828a3934 ccab516202f5c1747c0060362aa9652ccbf52236effcf0663c114e29154fe3fa
File usr/lib/apk/db/installed 066f1509b4133f5021e121da18eda3fc2a37cde6a0260167685d5b3b20efe9c4 1428b7aaf0d79c238df410b03badbd234e2762ec08c80a77dcf95d29e44f992a
File etc/apko.json 19d45daafeeb64b0943af80bca018ad41e0f4d6c389a08dba2d1c8a7a24e41f0 72d190d81d2ab81032d8899690429f1f21ffa1bc78644af134062cee263f8112
File etc/ssl/certs/ca-certificates.crt 756cdfe4c3affc2e460278cc65ab01f67c3f4fc05d43fc683d7ebbdeb644e5f4 657ca6ba4bc43138f89de75fb63794cbfaa897e0e110b069fd1367bd66a5bb6c
File ko-app/preflight 144c10c27ae5fb3dc5974dd4a648d48bd00bf8e29f83fdd3cd95b8093d975b74 b2453fed97b6041799436821ae56d88e12b272ad373cde0c87af8261dc5f27f5
File licenses/LICENSES a808d2a8c423671bc8be51030969d3fd89915e6097e09c0ffc2896a4c3741dc3 eba3b9d98369e17c83a1ee29798b663e14dd9b54bcf720b936127a06f104fed3
Mani ctx:/manifests-0/annotations field "Annotations"
Idx ctx:/annotations field "Annotations"
Contributors
SgtCoDFish, FelixPhipps, and 2 other contributors
Assets 2
v1.7.0-alpha.5
OCI_PREFLIGHT_IMAGE: quay.io/jetstack/venafi-agent
OCI_PREFLIGHT_TAG: v1.7.0-alpha.5
HELM_CHART_IMAGE: quay.io/jetstack/charts/venafi-kubernetes-agent
HELM_CHART_VERSION: v1.7.0-alpha.5
ARK_IMAGE: quay.io/jetstack/disco-agent
ARK_IMAGE_TAG: v1.7.0-alpha.5
ARK_IMAGE_DIGEST: sha256:1dab02346404580ca9e396ec4027c4ff4029f85041b246686328a615fed8d8e2
ARK_CHART: quay.io/jetstack/charts/disco-agent
ARK_CHART_TAG: v1.7.0-alpha.5
ARK_CHART_DIGEST: sha256:91fdaa5be1c044cdc45c2d72e52a54561ba9655a07d2a3553957d28ccd1f00e5
What's Changed
- [VC-46156] Bump makefile modules, base images, GH actions and tools by @wallrj-cyberark in #731
- Agent: Report Kubernetes Secret immutable attribute to DisCo by @FelixPhipps in #735
New Contributors
- @FelixPhipps made their first contribution in #735
Full Changelog: v1.7.0-alpha.3...v1.7.0-alpha.5
Contributors
FelixPhipps and wallrj-cyberark
Assets 2
v1.7.0-alpha.3
v1.7.0-alpha.3
This tag was signed with the committer’s verified signature.
wallrj-cyberark
Richard Wall
a8f7fe8
This commit was signed with the committer’s verified signature.
wallrj-cyberark
Richard Wall
OCI_PREFLIGHT_IMAGE: quay.io/jetstack/venafi-agent
OCI_PREFLIGHT_TAG: v1.7.0-alpha.3
HELM_CHART_IMAGE: quay.io/jetstack/charts/venafi-kubernetes-agent
HELM_CHART_VERSION: v1.7.0-alpha.3
ARK_IMAGE: quay.io/jetstack/disco-agent
ARK_IMAGE_TAG: v1.7.0-alpha.3
ARK_IMAGE_DIGEST: sha256:aeed02e2468464ad18932c9b73b9287a1a87c168c10f6c021267ed5924a1af99
ARK_CHART: quay.io/jetstack/charts/disco-agent
ARK_CHART_TAG: v1.7.0-alpha.3
ARK_CHART_DIGEST: sha256:0c92e8b4ac90ebd7490001ce1c3b66b5e0563fcda1480703de887668da0e6b91
What's Changed
- [VC-45349] Rename cyberark-disco-agent to disco-agent across repo by @wallrj-cyberark in #727
Full Changelog: v1.7.0-alpha.2...v1.7.0-alpha.3
Contributors
wallrj-cyberark
Assets 2
v1.7.0-alpha.2
v1.7.0-alpha.2
This tag was signed with the committer’s verified signature.
wallrj-cyberark
Richard Wall
85e9028
This commit was signed with the committer’s verified signature.
wallrj-cyberark
Richard Wall
OCI_PREFLIGHT_IMAGE: quay.io/jetstack/venafi-agent
OCI_PREFLIGHT_TAG: v1.7.0-alpha.2
HELM_CHART_IMAGE: quay.io/jetstack/charts/venafi-kubernetes-agent
HELM_CHART_VERSION: v1.7.0-alpha.2
ARK_IMAGE: quay.io/jetstack/disco-agent
ARK_IMAGE_TAG: v1.7.0-alpha.2
ARK_IMAGE_DIGEST: sha256:3224e9d1dc2234c14cc660388b125ea6d975169d47b2af799c39f02d9c7d8eec
ARK_CHART: quay.io/jetstack/charts/disco-agent
ARK_CHART_TAG: v1.7.0-alpha.2
ARK_CHART_DIGEST: sha256:7fec8e163bca52434b3991ecb3b55b04875edeffd53435fca865bb3b513b2491
v1.7.0-alpha.1
OCI_PREFLIGHT_IMAGE: quay.io/jetstack/venafi-agent
OCI_PREFLIGHT_TAG: v1.7.0-alpha.1
HELM_CHART_IMAGE: quay.io/jetstack/charts/venafi-kubernetes-agent
HELM_CHART_VERSION: v1.7.0-alpha.1
# cyberark-disco-agent
ARK_IMAGE: quay.io/jetstack/cyberark-disco-agent
ARK_IMAGE_TAG: v1.7.0-alpha.1
ARK_IMAGE_DIGEST: sha256:ac710aed72ca82c4094b6c0c239361ab218a011170bb3c60d794ffd87ba72b9d
ARK_CHART: quay.io/jetstack/charts/cyberark-disco-agent
ARK_CHART_TAG: v1.7.0-alpha.1
ARK_CHART_DIGEST: sha256:7f2009f335df8eb2ea42979cf61f0651b23b20eb2f39b56c9c45c3f3bcdafc67