v0.29.0

gardener-robot-ci-2 released this 14 Mar 09:55

· 23 commits to master since this release

265d57e

[gardener/oidc-webhook-authenticator]

⚠️ Breaking Changes

[OPERATOR] ⚠️ OWA no longer delegates authentication and authorization to a kube-apiserver. It now only supports optional client certificate authentication which can be configured via the "--client-ca-file" flag. Paths that do require authentication can be skipped by setting the flag "--authentication-always-allow-paths". The same flags can be configured with the helm chart via .Values.runtime.auth.clientCABundle and .Values.runtime.auth.authenticationAlwaysAllowPaths. Operators should remove residuals of roles and rolebindings that were used to authorize OWA callers. by @dimityrmirchev [#148]
[OPERATOR] Flags related to kube-apiserver authn/z delegation and kube-apiserver serving were removed. by @dimityrmirchev [#148]

🏃 Others

[DEPENDENCY] OWA is now built using go version 1.22.1. by @dimityrmirchev [#151]

Docker Images

oidc-webhook-authenticator: europe-docker.pkg.dev/gardener-project/releases/gardener/oidc-webhook-authenticator:v0.29.0

Contributors

dimityrmirchev

Assets 3