Release v0.34.0

Release Image

Image	Registry
`ghcr.io/vmware-tanzu/pinniped/pinniped-server:v0.34.0`	GitHub Container Registry
`docker.io/getpinniped/pinniped-server:v0.34.0`	DockerHub

These images can also be referenced by their digest: sha256:fe17d873d146347defe440ee53b7b4b31416e56a66c6e73312cc482f93e2c898.

Changes

This release fixes a bug when calculating status conditions for WebhookAuthenticators and GitHubIdentityProviders in the presence of HTTPS_PROXY. It also includes some other minor changes, bug fixes, and upgrades all project dependencies.

Minor Changes

Updates Go to v1.23.2, updates the Kubernetes libraries to v0.31.1, and updates all other project dependencies. (#2071, #2068, #2067, #2064, #2063, #2059, #2058, #2057, #2052, #2047, #2048, #2046, #2045, #2044, #2042, #2041)
Some developer tooling, log statements, and comments were improved for the project maintainers and contributors. (#2061, #2049, #2037)
Some small documentation updates. (#2050, #2038, #2039)

Bug Fixes

When the HTTPS_PROXY environment variable was set for the Concierge pods, the Concierge would not use the proxy setting while calculating the status conditions of WebhookAuthenticators. This could cause the connection probe to fail and the WebhookAuthenticator to be incorrectly put into an error status, making it unusable. This bug was introduced in v0.30.0 when the WebhookAuthenticator status conditions were introduced. This release fixes the bug by automatically skipping the connection probe when the HTTPS_PROXY and NO_PROXY environment variable values would cause requests to the WebhookAuthenticator's configured URL to be made through the proxy. (#2069) Additionally, the tls.Dial used in this connection probe was assigned a timeout. (#2056, #2065)
When the HTTPS_PROXY environment variable was set for the Supervisor pods, the Supervisor would not use the proxy setting while calculating the status conditions of GitHubIdentityProviders. This could cause the connection probe to fail and the GitHubIdentityProvider to be incorrectly put into an error status, making it unusable. This bug was introduced in v0.31.0 when GitHubIdentityProviders were first introduced. This release fixes the bug by respecting the values of the HTTPS_PROXY and NO_PROXY environment variables during the connection probe to the configured GitHub server. (#2069)
When the Concierge finds a controller-manager pod and tries to parse its configured command-line flags, it previously looked for the flags --cluster-signing-cert-file and --cluster-signing-key-file. Now it will also look for the alternate flags --cluster-signing-kube-apiserver-client-key-file and --cluster-signing-kube-apiserver-client-cert-file. This could potentially help make the Concierge compatible with more Kubernetes distributions. For more information, please see the PR description. (#2043)

Diffs

A complete list of changes (113 commits, 421 changed files with 25,654 additions and 11,665 deletions) can be found here.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v0.34.0