Skip to content

Releases: jetstack/kube-oidc-proxy

v0.3.0

02 Apr 15:52
@JoshVanL JoshVanL
v0.3.0
46d2f79
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.3.0 Latest
Latest

This release brings a number of fixes and features, most notably auditing, similar to that of kube-apiserver.

Features

  • Adds auditing capabilities to near feature parity of kube-apiserver.
  • Fixes HTTP body flushing for long running requests such as watches. This defaults to 50ms.
  • Allows for extra-impersonation headers to be inserted for proxied requests.
  • Expanded helm value options.
  • Significantly improved the e2e testing suite and development environment.
  • Upgraded the build to Go 1.14.1 and Kubernetes dependencies to v1.18.0.

Contributions

This release has seen contributions from a number of people in the
community 😄
@binboum
@saiteja313
@simonswine
@phanama
@JoshVanL

Assets 2

v0.2.0

09 Jan 11:19
@JoshVanL JoshVanL
v0.2.0
52ceb13
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.2.0

This is the second release for kube-oidc-proxy which included a number of new features. We have also updated the build to use Go v1.3.5 and have halved the image size down to 14.8MB.

Features

  • Token Passthrough: If enabled, the proxy is able to fall back to using a Kubernetes TokenReview request on bearer tokens that fail OIDC verification. This is useful for also authenticating non-OIDC authentication tokens such as Kubernetes service accounts through the proxy.
  • Disable Impersonation: If enabled, the proxy can pass requests as is, with the bearer token removed from the request and without adding impersonation headers. This is useful for securing arbitrary backends with OIDC authentication.
  • Improved Probe: Previously, the readiness probe condition was set to true based on an arbitrary time. The readiness probe has now been improved so that the proxy is only set to ready once the OIDC discovery has succeeded and is therefore able to validate OIDC tokens.
  • Client Authentication Configuration: Previously when running the proxy inside a Kubernetes pod, it was impossible to configure the proxy to use any custom client configuration as the pod's service account was always used. Now, if any client flags are set they will override using an "in-cluster" client configuration.

Testing

We have greatly improved the end to end tests which are now being run using GINKGO which gives us a much better development experience adding new features as well as improving our confidence in the proxy's correctness.

Contributions

This release has seen contributions from a number of people in the
community 😄

Assets 2