Skip to content

Latest commit

 

History

History
143 lines (109 loc) · 7.18 KB

CHANGELOG.md

File metadata and controls

143 lines (109 loc) · 7.18 KB
Raw

Changelog

v3.6

9 July 2020

Notable Changes:

  • #381 Support for AWS IMDS v2
  • #366 Support for dynamic reloading of TLS certificates
  • #364 Metrics for TLS certificate expiration
  • #402 Retries for removing the iptables rule added by the kiam agent when the pod is terminated
  • #387 Upgrade container image to Alpine linux 3.11
  • #382 Kiam is now built with Go 1.13

Fixes:

  • #346 Constrain the regional endpoint resolver so that it only resolves endpoints for the STS service. This will resolve issues retrieving credentials when using the --region flag with the kiam server

Thanks to these contributors for this release:

v3.5

17 December 2019

Notable Changes:

Thanks to these contributors for this release:

v3.4

16 August 2019

Notable Changes:

  • #250 Policy forbidden errors (namespace annotation regex) are no longer retried
  • #268 You can now healthcheck the agent with /health?deep=anything that will only return ok if the agent is up AND it can communicate with Kiam server successfully
  • #276 Allow AssumeRoleArn prefix to be autodetected
  • #279 grpc-go has been upgraded from 1.14.0 to 1.23.0
  • #281 Kiam is now built with Go 1.12

Thanks to these contributors for this release:

v3.3

2 July 2019

Hi!

It's been a while since our last release. Most changes have focused around documentation but there are 2 notable changes:

Increase verbosity of credential chain errors Allow agent to not remove iptables rules on host Thanks to @mwmix and @theatrus for contributing the above.

v3.2

15 March 2019

Notable changes:

  • #229 Support for Regional STS endpoint, this adds a new optional flag --region to the server.

A huge thanks to the following contributors for this release:

v3.0

6 December 2018

v3 introduces a change to the gRPC API. Servers are compatible with v2.x Agents although v3 Agents require v3 Servers. Other breaking changes have been made so it's worth reading through docs/UPGRADING.md for more detail on moving from v2 to v3.

Notable changes:

  • #109 v3 API
  • #110 Restrict metadata routes. Everything other than credentials will be blocked by default
  • #122 Record Server error messages as Events on Pod
  • #131 Replace go-metrics with native Prometheus metrics client
  • #140 Example Grafana dashboard for Prometheus metrics
  • #163 Server manifests use 127.0.0.1 rather than localhost to avoid DNS
  • #173 Metadata Agent uses 301 rather than 308 redirects
  • #180 Fix race condition with xtables.lock
  • #193 Add optional pprof http handler to add monitoring in live clusters

A huge thanks to the following contributors for this release:

v2.8

1st June 2018

Notable changes:

  • #62 Documented interfaces to specify when using Kiam with amazon-vpc-cni.
  • #76 Wait for balancer to have addresses in Gateway. This helps prevent the following errors being reported by the health check command:
WARN[0000] error checking health: rpc error: code = Unavailable desc = there is no address available

Thanks to the following people for contributing in this release:

v2.7

30th April 2018

Notable changes:

  • Fix Issue 43: updates to metadata api paths on m5/c5 instances
  • #41: Server allows for custom STS session durations with --session-duration
  • Server uses cache.NewIndexerInformer to maintain pod and namespace caches, this also addresses an error identified in Issue 46.
  • #54 Agents can use a ! prefix on interfaces when configuring iptables rules. This makes it possible to use Kiam with Amazon and Lyft's CNI plugins.
  • Servers will wait for the pod and namespache caches to perform a sync with the Kubernetes API server before accepting gRPC connections. This may cause servers to take longer to start but ensures they have recent state before performing any operations.

Thanks to the following additional people for contributing/helping in this release: