Skip to content
This repository has been archived by the owner on Apr 2, 2024. It is now read-only.

Releases: AMRC-FactoryPlus/acs-krb-keys-operator

v1.3.1

21 Mar 15:59
d87a847
Compare
Choose a tag to compare

What's Changed

Full Changelog: v1.3.0...v1.3.1

Test cosign

21 Mar 12:13
d87a847
Compare
Choose a tag to compare
Test cosign Pre-release
Pre-release
v1.3.1-test.1

Update GH Actions

v1.3.0

21 Feb 13:30
8154137
Compare
Choose a tag to compare
  • Create Sparkplug address entries from KerberosKey CRs

Support for edge clusters

11 Jan 12:57
d7de652
Compare
Choose a tag to compare
  • Extend the KerberosKey CRD to allow Factory+ account information to be specified.
  • Create an account in the Factory+ services and link it to a Kerberos principal.
  • Provide a bootstrap script to set up a krbkeys operator on an edge cluster.

Test cosign

11 Jan 12:46
d7de652
Compare
Choose a tag to compare
Test cosign Pre-release
Pre-release
Fix cosign on build (#13)

Only run the build on releases, but run for any release.

Seal secrets to edge clusters.

03 Jul 10:22
9528384
Compare
Choose a tag to compare

Add a field to the CRD requesting that the generated secrets are passed to the Edge Deployment Operator for sealing and transport to an edge cluster.

What has changed

  • Become a full F+ client with our own credentials.
  • Update the CRD to allow specifying an edge cluster to transport the secret to.
  • Pass the secret to the EDO where requested.

Deployment notes

  • The required deployment configuration has changed:
    • The operator now requires two ccaches, one with kadmin/admin credentials and one with a TGT. This is because a kadmin ticket must be acquired as initial credentials.
    • The name of the kadmin ccache must be passed in the KADMIN_CCACHE environment variable.
    • The operator requires a DIRECTORY_URL to bootstrap F+ service discovery.
  • The CRD has changed and must be updated on the cluster. Note that the ACS Helm chart will not do this automatically.

Support creating cross-realm trusts.

16 Jun 12:02
9dc11f1
Compare
Choose a tag to compare
  • Support a new 'Trust' key type, which creates a JSON structure containing the information needed for a cross-realm trust key.
  • Support server key rotation better by allowing old keys to be left in the keytab for a period of time.
  • Don't re-key unless it's necessary. Support a forced re-key via an annotation.
  • Label our secrets, and refuse to edit secrets we didn't label.

Upgrading requires a few shell commands to be run to label any existing secrets.

v1.0.1

03 Apr 07:37
7b69550
Compare
Choose a tag to compare

What's Changed

  • Update bootstrap script to include namespace watching changes by @AlexGodbehere in #1

New Contributors

Full Changelog: v1.0.0...v1.0.1

v1.0.0

29 Mar 14:00
022528e
Compare
Choose a tag to compare