v0.26.0

0.26.0 (2024-08-21)

⚠ BREAKING CHANGES

• client attribute allow list (#676)

Features

• azure: azure blob storage support for velero (#644) (eff9a82)
• support authservice with redis, switch to pepr helm chart (#658) (e2fe58a)

Bug Fixes

• client attribute allow list (#676) (100321e)
• handle client id names with special characters (#659) (a84769e)
• pull lula main for threshold update (#638) (5a34ce8)
• release-please config bump minor pre-major (#680) (3f824c1)

Miscellaneous

• add watch config to exemption watch (#682) (7714ff8)
• deps: update grafana helm chart to v8.4.4 (#664) (77ea6f5)
• deps: update pepr to 0.34.1 (#654) (6d4655d)
• deps: update promtail to v3.1.1 (#657) (c009e5f)
• deps: update test-infra (#412) (a4c8fe9)
• deps: update test-infra (kms) to v0.0.5 (#667) (bd68637)
• deps: update test-infra KMS to v0.0.4 (#663) (3c30b9f)
• deps: update uds to v0.14.1 (#677) (12ec8a1)
• deps: update velero kubectl image to v1.31.0 (#669) (d6b2f12)
• deps: update velero to v7.1.5 (#671) (10ab714)
• deps: update zarf to v0.38.1 (#616) (e0cb85d)
• deps: update zarf to v0.38.2 (#668) (3328925)
• generate a schema for keycloak helm chart (#627) (cf3a9e7)
• mute pepr on deploy action for migrating to helm chart (#683) (9d05ddd)
• neuvector: update source for unicorn images (#675) (568efa2)

v0.25.2

0.25.2 (2024-08-09)

Bug Fixes

• add backoff to operator retry mechanism (#650) (52c97fd)
• network allows for core netpols (#652) (e9b69e8)

Miscellaneous

• allow for extra keycloak gateway usage with client certs (#648) (7b1c474)
• deps: update dependency defenseunicorns/uds-common to v0.11.1 (#647) (768aa1c)
• deps: update dependency defenseunicorns/uds-common to v0.11.2 (#653) (f7d1ce8)
• deps: update grafana helm chart to v8.4.3 (#660) (81c7af0)
• deps: update grafana to 11.1.3 ([#607](#607)) (7b343ac)
• deps: update neuvector to 5.3.4 (#606) (526bff4)
• deps: update pepr to 0.33.0 (#588) (6eee8f0)
• update identity config to 0.6.0 (#661) (469fed8)

v0.25.1

0.25.1 (2024-08-06)

⚠ BREAKING CHANGES

• change metric server to optional (#611) - note that the initial implementation/plan for this was 0.25.0 but there was a bug in the rollout of this change

Bug Fixes

• switch metrics-server to optional everywhere (#641) (43c5bd5)

Miscellaneous

• add debug logs for istio injection logic (#602) (9075436)
• add support for public clients and disabling standard auth flow (#630) (38151d7)
• deps: update dependency defenseunicorns/uds-common to v0.11.0 (#617) (997cf37)
• deps: update dependency weaveworks/eksctl to v0.188.0 (#623) (3081044)
• deps: update uds to v0.14.0 (#612) (7fe927e)
• update codeowners (#637) (eec5017)

v0.25.0

0.25.0 (2024-08-02)

⚠ BREAKING CHANGES

• change metric server to optional (#611)

Upgrade Note

• Note the 0.5.2 realm changes for identity-config if upgrading an existing installation. Realm upgrades are not currently automated; however, the upgrade for 0.5.2 is not required for functionality. Realm changes for 0.5.2 add additional audit logging to Keycloak and a new bare-groups client scope.

Features

• add json logging for keycloak (#610) (29ed934)
• istio: add configurable TLS version (#624) (cd2b87e)

Bug Fixes

• account for keycloak HA ports (#619) (434f349)
• add google saml to slim-dev (#613) (f2164e1)
• address network policy generation inter-namespace bug (#564) (9b14c2c)
• reference root scope (#633) (5de6915)

Miscellaneous

• change metric server to optional (#611) (bc2d673)
• deps: update dependency defenseunicorns/uds-common to v0.9.0 (#592) (44ea2d7)
• deps: update dependency weaveworks/eksctl to v0.187.0 (#539) (9002a94)
• deps: update githubactions (#553) (2a9e29a)
• deps: update grafana curl image to v8.9.0 (#596) (64f9408)
• deps: update grafana helm chart to v8.3.6 (#594) (1f2005b)
• deps: update istio to v1.22.3 (#580) (7aba89e)
• deps: update lula to v0.4.4 (#615) (b02b305)
• deps: update neuvector-updater/curl to v8.9.0 (#597) (b4bd660)
• deps: update promtail configmap-reload to v0.13.1 (#608) (d98bbae)
• deps: update promtail helm chart to v6.16.4 (#574) (bf9f65c)
• deps: update to identity-config 0.5.2 (#635) (6474d16)
• deps: update uds cli to v0.13.1 (#569) (4339c89)
• deps: update zarf to v0.36.1 (#562) (058cfb3)
• disable telemetry/analytics for loki/grafana (#601) (ad785bc)
• update zarf to new repo location, 0.37.0 (#631) (29f9fd0)

Known Issues with this Release

• Metrics Server was not properly set to optional everywhere (#640), this will be resolved in 0.25.1

v0.24.1

0.24.1 (2024-07-22)

Upgrade Note

• See 0.5.1 upgrade documentation on identity-config if upgrading an existing installation.

Bug Fixes

• ci: snapshot release publish, passthrough test on upgrade (#575) (d4afe00)
• ci: workflow permissions (cacf1b5)
• only allow istio gateways to set x509 client certificate header (#572) (5c62279)
• sso: delete orphaned SSO secrets (#578) (5a6b9ef)
• unicorn flavor proxy image reference (#590) (db081fa)
• update monitor mutation to not overwrite explicitly defined scrape class (#582) (7e550d3)

Miscellaneous

• deps: update grafana chart + sidecar image (#567) (85b6de4)
• deps: update pepr to v0.32.7 (#556) (e594f13)
• deps: update uds-identity-config to v0.5.1 (#591) (b9c5bd3)
• deps: update uds-k3d to v0.8.0 (#581) (fab8919)
• loki: default query settings, config as secret (#579) (5fa889c)
• oscal: begin integration of composed oscal with validations (#496) (047fd30)

v0.24.0

0.24.0 (2024-07-12)

⚠ BREAKING CHANGES

• set istio passthrough gateway as optional component (#547)
• Keycloak's postgresql.database and postgresql.username must be explicitly set for deploy if trying to use a database with Keycloak - previously if unset these values would default to keycloak as hidden defaults (#554)

Features

• add unicorn flavor to uds-core (#507) (a412581)
• added standalone dns service for loki (#548) (e2efdf9)
• enable authservice integration (#201) (1d4df64)
• set istio passthrough gateway as optional component (#547) (e1cab61)
• update to using default scrapeclass for tls config (#517) (258bb6b)

Bug Fixes

• decouple devMode and postgres egress (#554) (1a98779)
• grafana logout not working in some environments (#559) (ccb9d9e)
• initial creation of child logging (#533) (00a5140)
• podmonitor mTLS mutations (#566) (eb613e1)

Miscellaneous

• add util function for purging orphans (#565) (e84229a)
• allow istio proxy injection in zarf ignored namespaces (#513) (8921b58)
• deps: update githubactions upload-artifact to v4.3.4 (#543) (20889f2)
• deps: update grafana helm chart to v8.3.2 (#542) (8ec260c)
• deps: update pepr dependencies (jest, uds-common) (#537) (547c0bf)
• deps: update promtail helm chart to v6.16.3 (#538) (48b3fea)

v0.23.0

0.23.0 (2024-07-04)

⚠ BREAKING CHANGES

• remove emulated gitlab endpoints from keycloak (#483)

Features

• ALPHA Functionality: identity group auth (#497) (d71d83e) - this is provided as an alpha feature and may not be stable. To use this functionality on an existing installation (upgrade) make sure to follow the Identity Config upgrade documentation.

Bug Fixes

• docs: re-ordered small paragraphs, clarified wording, and added links to tech homepages (#531) (6b2b46b)
• docs: removed double-link which broke the markdown formatting in pr template (#532) (f41ced4)
• docs: uds-config.yaml example in k3d-slim-dev README (#530) (2e1c53e)
• operator retries and error logging (#511) (cae5aab)

Miscellaneous

• deps: update checkout action to latest sha (#481) (c6f0137)
• deps: update dependency weaveworks/eksctl to v0.183.0 (#499) (9cb8e4d)
• deps: update grafana to 11.1.0 (#380) (499058a)
• deps: update istio to v1.22.2 (#512) (dcdadb4)
• deps: update jest to v29.1.5 (#485) (9c392b9)
• deps: update neuvector to 5.3.3 (#467) (261057d)
• deps: update pepr to 0.32.2 (#473) (ab4bee9)
• deps: update pepr to 0.32.3 (#494) (2e28897)
• deps: update pepr to 0.32.6 (#516) (a9d3eec)
• deps: update promtail to 3.1.0 (#335) (4457fce)
• deps: update uds to v0.12.0 (#521) (8e587ff)
• deps: update uds-common tasks to 0.6.1 (#498) (4aa6e33)
• deps: update zarf to v0.35.0 (#490) (86957cf)
• docs linting changes (#505) (0fe2015)
• remove emulated gitlab endpoints from keycloak (#483) (495960c)
• update docs for group auth and readme for docs site (#540) (ace7041)

v0.22.2

0.22.2 (2024-06-13)

Bug Fixes

• check if exemption exists before cleanup (#468) (735288b)
• pepr operator derived netpol name collisions (#480) (de60e25)
• typo in comment (#462) (582b1f4)

Miscellaneous

• deps: update checkout to v4.1.7 (#478) (e91a0a3)
• deps: update githubactions to v4.1.3 (#471) (2a9f44d)
• deps: update uds to v0.11.1 (#472) (12fd798)
• deps: update uds to v0.11.2 (#479) (f967f9a)
• deps: update velero to v1.30.2 (#476) (89bbda9)

v0.22.1

0.22.1 (2024-06-06)

Bug Fixes

• add saml configuration to k3d standard bundle (#425) (15b41d7)
• de-duplicate renovate matches (#435) (4f9dbbb)
• default keycloak realm envs (#455) (3a2b48f)
• exemption race conditions (#407) (d1b3b56)
• integrated docs (#431) (72238fa)
• keycloak schema for package cr (#436) (e32ce9a)
• networkpolicy for keycloak smtp egress (4059954)
• nightly testing eks config architecture (#452) (a0bbd1f)
• remove deprecated registry login and add env setup (#443) (ca6b76f)
• remove go mod (#441) (0de9693)
• remove no-tea and update uds version (#446) (434844b)
• use updated k3s (#426) (1da1c49)

Miscellaneous

• add checks before killing pods when updating istio annotations (#457) (a62f9a0)
• add debug logs to save logs for easier searching (#430) (319101b)
• add velero csi plugin (#424) (c7e49e9)
• deps: update githubactions (#413) (ebd834e)
• deps: update istio to v1.22.1 (#405) (ad4b861)
• deps: update jest to v29.1.4 (#438) (c3ecc8b)
• deps: update keycloak to v0.4.4 (#460) (936f40b)
• deps: update keycloak to v0.4.5 (#461) (3592012)
• deps: update keycloak to v24.0.5 (#453) (6b0c6fc)
• deps: update keycloak to v24.0.5 (#454) (89911f0)
• deps: update pepr (#419) (d8f0309)
• deps: update pepr to v0.4.5 (#447) (f1dba17)
• deps: update prometheus-stack (#422) (a96193e)
• deps: update uds-common to v0.4.4 (#442) (bf6debd)
• deps: update uds-k3d to v0.7.0 (#428) (23b59a2)
• deps: update velero (#408) (ffbefda)
• deps: update velero (#440) (4b1a3ea)
• deps: update velero to v6.6.0 (#456) (aff37c1)
• deps: update zarf to v0.34.0 (#434) (9badf9d)

Known Issues with this release

• Pepr Store deletions cause excessive log spam: #463

v0.22.0

0.22.0 (2024-05-22)

Features

• add expose service entry for internal cluster traffic (#356) (1bde4cc)
• add reconciliation retries for CRs (#423) (424b57b)
• uds common renovate config (#391) (035786c)
• uds core docs (#414) (a35ca7b)

Bug Fixes

• mismatched exemption/policy for DropAllCapabilities (#384) (d8ec278)
• pepr mutation annotation overwrite (#385) (6e56b2a)
• renovate config grouping, test-infra (#411) (05fd407)
• renovate pepr comment (#410) (a825388)

Miscellaneous

• deps: update keycloak (#390) (3e82c4e)
• deps: update keycloak to v24.0.4 (#397) (c0420ea)
• deps: update keycloak to v24.0.4 (#402) (e454576)
• deps: update neuvector to v9.4 (#381) (20d4170)
• deps: update pepr to 0.31.0 (#360) (fbd61ea)
• deps: update prometheus-stack (#348) (49cb11a)
• deps: update prometheus-stack (#392) (2e656f5)
• deps: update uds to v0.10.4 (#228) (1750b23)
• deps: update uds-k3d to v0.6.0 (#398) (288f009)
• deps: update velero (#350) (e7cb33e)
• deps: update zarf to v0.33.2 (#394) (201a37b)