Releases: uswitch/kiam
v4.2 Release
Please note from now on we will only be releasing patches or bug fixes, no more features.
We would encourage everyone to switch to Amazon's official solution instead: IAM roles for Service Accounts
Fixes:
- Fix missing Kiam events on Pods #507
Thanks to @jjo for this fix
v4 Release
I'm happy to say we've finished a few major things for this release.
It contains breaking changes so please read our upgrade notes before upgrading: https://github.com/uswitch/kiam/blob/master/docs/UPGRADING.md
Notable changes:
- External ID and Session Name annotations #430 #447
- Deleted deprecated APIs #426.
- More inclusive naming of parameters #427
- Delete StatsD support #431
- Stricter namespace annotation regex behaviour #329
Fixes:
The gRPC changes help overcome some issues #217 people have reported with agents being unable to resolve servers. The recommended solution is for servers to reduce their keep-alive/connection age durations to require agents to re-initiate connections.
A huge thank you to those that have helped pull this together (especially @stefansedich):
v3.6 Release
Notable Changes:
- #381 Support for AWS IMDS v2
- #366 Support for dynamic reloading of TLS certificates
- #364 Metrics for TLS certificate expiration
- #402 Retries for removing the iptables rule added by the kiam agent when the pod is terminated
- #387 Upgrade container image to Alpine linux 3.11
- #382 Kiam is now built with Go 1.13
Fixes:
- #346 Constrain the regional endpoint resolver so that it only resolves endpoints for the STS service. This will resolve issues retrieving credentials when using the
--region
flag with the kiam server
Thanks to these contributors for this release:
v3.5 Release
Notable Changes:
- #337 Enable gRPC keepalive to detect dead TCP connections between agent and server
- #330 Update AWS SDK to allow for use of IAM Roles for Service Accounts for kiam-server
- #315 Switch to using go modules
Thanks to these contributors for this release:
v3.4 Release
Notable Changes:
- #250 Policy forbidden errors (namespace annotation regex) are no longer retried
- #268 You can now healthcheck the agent with
/health?deep=anything
that will only return ok if the agent is up AND it can communicate with Kiam server successfully - #276 Allow AssumeRoleArn prefix to be autodetected
- #279 grpc-go has been upgraded from 1.14.0 to 1.23.0
- #281 Kiam is now built with Go 1.12
Thanks to these contributors for this release:
v3.3 Release
Hi!
It's been a while since our last release. Most changes have focused around documentation but there are 2 notable changes:
Kiam v3.2 Release
Notable changes:
#229 Support for Regional STS endpoint, this adds a new optional flag --region to the server.
A huge thanks to the following contributors for this release:
@cjbradfield
@gwhorleyGH
Kiam v3.0 Release
I'm delighted to say that v3.0 is tagged and available on Quay. It brings a few nice improvements (native Prometheus metrics, reduced CPU load, IAM errors reported via Kubernetes Events API, default blocking of the AWS Metadata API) and a few other behind-the-scenes tweaks.
There are a few breaking changes so if you're upgrading from v2 it's worth reviewing the CHANGELOG.md and reading docs/UPGRADE.md.
It's also amazing to see that we've had contributions from 16 people for v3, thank you to everyone that's contributed in some way!
Notable changes:
- #109 v3 API
- #110 Restrict metadata routes. Everything other than credentials will be blocked by default
- #122 Record Server error messages as Events on Pod
- #131 Replace go-metrics with native Prometheus metrics client
- #140 Example Grafana dashboard for Prometheus metrics
- #163 Server manifests use 127.0.0.1 rather than localhost to avoid DNS
- #173 Metadata Agent uses 301 rather than 308 redirects
- #180 Fix race condition with xtables.lock
- #193 Add optional pprof http handler to add monitoring in live clusters
A huge thanks to the following contributors for this release: