v1.9.0

disco-agent: Read Before Upgrading!

There are two important changes for disco-agent which you should be aware of before upgrading.

First, v1.9.0 and future releases will use AWS SigV4 unconditionally when uploading to S3. There have been reports of occasional bugs when using an old version of the disco-agent alongside a version which uses SigV4. If you see upload issues, ensure that all agents across your fleet are upgraded to the latest available version.

Second, there's a new required Helm value which must be set to confirm acceptance of the relevant Terms of Service (ToS). Either set the flag --set acceptTerms=true or use the value acceptTerms: true. Upgrading will be blocked until the ToS is accepted.

Major Feature Summary

• disco-agent: Support for External Secrets Operator and ConfigMap resource discovery
• disco-agent: Unconditionally use SigV4 when sending data to S3
• venafi-kubernetes-agent and disco-agent: Support for the new imageRegistry and imageNamespace Helm values, making it much easier to mirror the agent images to your own hub.
• disco-agent: Support for sending encrypted secret values to the Discovery and Context backend
  • This is disabled by default and not recommended to be enabled yet
  • A future release will enable this by default

OCI_PREFLIGHT_IMAGE: quay.io/jetstack/venafi-agent
OCI_PREFLIGHT_TAG: v1.9.0
HELM_CHART_IMAGE: quay.io/jetstack/charts/venafi-kubernetes-agent
HELM_CHART_VERSION: v1.9.0
ARK_IMAGE: quay.io/jetstack/disco-agent
ARK_IMAGE_TAG: v1.9.0
ARK_IMAGE_DIGEST: sha256:a296a1b8e6a13cfa88c623ec0bc2ac68181110bc6a93e3e5796154b6c786a037
ARK_CHART: quay.io/jetstack/charts/disco-agent
ARK_CHART_TAG: v1.9.0
ARK_CHART_DIGEST: sha256:b34d8f924d1bad90c8670e852caeb70791aed9b63c47b8fe340a5003dcbcb013

What's Changed

• Split the datagatherer/k8s package into k8sdiscovery and k8sdynamic by @inteon in #755
• Add initial (unused) RSA envelope encryption by @SgtCoDFish in #756
• Fix e2e test, which was broken due to helm4 upgrade by @inteon in #759
• Upgrade venctl to a version which supports Helm v4, to fix the E2E tests by @wallrj-cyberark in #760
• Enable CyberArk E2E and integration tests in CI by @wallrj-cyberark in #753
• OIDC datagatherer by @inteon in #758
• Move OIDCDiscoveryData to api/ by @inteon in #763
• Lift service discovery client out of CyberArkClient by @SgtCoDFish in #765
• Add a simple contributing file to help onboard new users by @SgtCoDFish in #766
• Convert RSA envelope encryption to JWE by @SgtCoDFish in #767
• Upload OIDC discovery data to disco backend by @inteon in #762
• Label selectors by @achuchev in #768
• Discovery of ConfigMaps by @achuchev in #769
• Add context to DataGatherer.Fetch by @SgtCoDFish in #771
• Use sigv4 for sending data to s3 by @SgtCoDFish in #772
• Add ability to send encrypted secrets to disco backend by @SgtCoDFish in #770
• Add support for ESO resources in disco-agent by @SgtCoDFish in #780
• add explicit permissions for ESO resources by @SgtCoDFish in #781
• Add support for fetching keys from a JWKS endpoint by @SgtCoDFish in #777
• [VC-48429] Helm chart updates for encrypted secrets by @SgtCoDFish in #783
• chore: make upgrade-klone && make generate by @SgtCoDFish in #784
• Add imageRegistry/imageNamespace to Helm chart image settings by @FelixPhipps in #782
• Minor cleanup after disco secrets work by @SgtCoDFish in #785
• Update links to non-broken page by @SgtCoDFish in #774
• Prepare for v1.9.0 release by @SgtCoDFish in #786

New Contributors

• @achuchev made their first contribution in #768

Full Changelog: v1.8.0...v1.9.0