19 Dec 15:05

github-actions

d6e59cc

v0.35.0 Latest

Latest

[github.com/gardener/gardener-extension-shoot-oidc-service:v0.35.0]

✨ New Features

[DEVELOPER] It is now possible to deploy the extension, via make extension-up, in a locally running gardener installation managed with gardener-operator. by @vpnachev [#399]

🏃 Others

[OPERATOR] The container image base layer has been updated to Debian 13 (trixie). by @dimityrmirchev [#401]
[DEPENDENCY] The following third party dependencies have been updated:
- github.com/gardener/gardener v1.132.1 -> v1.134.0
- golang.org/x/tools v0.38.0 -> v0.40.0
- golang.org/x/crypto v0.44.0 -> v0.46.0
- golang.org/x/mod v0.29.0 -> v0.31.0
- golang.org/x/net v0.46.0 -> v0.48.0
- golang.org/x/sync v0.18.0 -> v0.19.0
- golang.org/x/sys v0.38.0 -> v0.39.0
- golang.org/x/term v0.37.0 -> v0.38.0
- golang.org/x/text v0.31.0 -> v0.32.0
- helm.sh/helm/v3 v3.19.1 -> v3.19.2
- istio.io/api v1.27.3 -> v1.27.4
- k8s.io/api v0.34.1 -> v0.34.3
- k8s.io/apiextensions-apiserver v0.34.1 -> v0.34.3
- k8s.io/apimachinery v0.34.1 -> v0.34.3
- k8s.io/apiserver v0.34.1 -> v0.34.3
- k8s.io/client-go v0.34.1 -> v0.34.3
- k8s.io/code-generator v0.34.1 -> v0.34.3
- k8s.io/component-base v0.34.1 -> v0.34.3
- k8s.io/component-helpers v0.34.1 -> v0.34.3
- k8s.io/cluster-bootstrap v0.34.1 -> v0.34.3
- k8s.io/kube-aggregator v0.34.1 -> v0.34.3
- k8s.io/kubelet v0.34.1 -> v0.34.3
- k8s.io/metrics v0.34.1 -> v0.34.3 by @dependabot[bot] [#400]
[DEPENDENCY] The following third party dependencies have been updated:
- github.com/gardener/gardener v1.132.0 -> v1.132.1 by @dependabot[bot] [#393]

Helm Charts

shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-oidc-service:v0.35.0

Container (OCI) Images

gardener-extension-shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-oidc-service:v0.35.0

Contributors

vpnachev, dependabot, and dimityrmirchev

Assets 3

12 Nov 15:31

github-actions

v0.34.0

83002c0

v0.34.0

[github.com/gardener/gardener-extension-shoot-oidc-service:v0.34.0]

🏃 Others

[OPERATOR] The extension is now built using go version 1.25.4. by @dependabot[bot] [#384]
[DEPENDENCY] The following third party dependencies have been updated:
- github.com/gardener/gardener v1.131.1 -> v1.131.2 by @dependabot[bot] [#386]

Helm Charts

shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-oidc-service:v0.34.0

Container (OCI) Images

gardener-extension-shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-oidc-service:v0.34.0

Contributors

dependabot

Assets 3

06 Oct 12:46

gardener-robot-ci-2

v0.33.0

24d7543

v0.33.0

[github.com/gardener/gardener-extension-shoot-oidc-service:v0.33.0]

✨ New Features

[USER] shoot-oidc-service no longer supports Shoots with Кubernetes version <= 1.28. by @georgibaltiev [#340]

🏃 Others

[DEVELOPER] migrate CICD-Pipeline to GitHub-Actions by @ccwienk [#333]
[OPERATOR] An example Extension manifest for extension registration has been added. It can be found at example/extension.yaml by @timuthy [#353]
[OPERATOR] Migrate the extension VPAs from the deprecated update mode Auto to its only fallback strategy - update mode Recreate. by @vitanovs [#365]
[OPERATOR] Test results are now exported as inlined ocm-resource. by @heldkat [#342]

Helm Charts

shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-oidc-service:v0.33.0

Container (OCI) Images

gardener-extension-shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-oidc-service:v0.33.0

Contributors

ccwienk, vitanovs, and 3 other contributors

Assets 3

09 Jul 09:51

gardener-robot-ci-3

v0.32.0

0f8e2ad

v0.32.0

[gardener/gardener-extension-shoot-oidc-service]

🏃 Others

[OPERATOR] The extension is now built using go version 1.24.5. by @dependabot[bot] [#335]
[DEPENDENCY] The following third party dependencies have been updated:
- github.com/gardener/gardener v1.121.2 -> v1.122.1
- k8s.io/api v0.32.5 -> v0.33.2
- k8s.io/apimachinery v0.32.5 -> v0.33.2
- k8s.io/autoscaler/vertical-pod-autoscaler v1.3.1 -> v1.4.1
- k8s.io/client-go v0.32.5 -> v0.33.2
- k8s.io/code-generator v0.32.5 -> v0.33.2
- k8s.io/component-base v0.32.5 -> v0.33.2
- k8s.io/apiserver v0.32.5 -> v0.33.2
- sigs.k8s.io/controller-runtime v0.20.4 -> v0.21.0
- sigs.k8s.io/controller-tools v0.17.3 -> v0.18.0
- helm.sh/helm/v3 v3.17.3 -> v3.18.3 by @dependabot[bot] [#334]

[gardener/oidc-webhook-authenticator]

✨ New Features

[USER] Containers, which do not require privilege escalations, now forbid privilege escalations explicitly. by @georgibaltiev [gardener/oidc-webhook-authenticator#179]

🏃 Others

[OPERATOR] oidc-webhook-authenticator is now built with go 1.24.5. by @vpnachev [gardener/oidc-webhook-authenticator#185]
[OPERATOR] OWA is now built using go version 1.24.4. by @dimityrmirchev [gardener/oidc-webhook-authenticator#180]
[DEPENDENCY] The following 3rd party dependencies have been updated:
- k8s.io/api v0.31.1 -> v0.33.2
- k8s.io/apiextensions-apiserver v0.31.0 -> v0.33.2
- k8s.io/apimachinery v0.31.1 -> v0.33.2
- k8s.io/apiserver v0.31.0 -> v0.33.2
- k8s.io/client-go v0.31.1 -> v0.33.2
- k8s.io/component-base v0.31.1 -> v0.33.2
- sigs.k8s.io/controller-runtime v0.19.0 -> v0.21.0
- golang.org/x/crypto v0.36.0 -> v0.39.0
- golang.org/x/net v0.38.0 -> v0.41.0
- golang.org/x/oauth2 v0.21.0 -> v0.30.0
- golang.org/x/sync v0.12.0 -> v0.15.0
- golang.org/x/sys v0.31.0 -> v0.33.0
- golang.org/x/term v0.30.0 -> v0.32.0
- golang.org/x/text v0.23.0 -> v0.26.0
- golang.org/x/time v0.6.0 -> v0.12.0 by @vpnachev [gardener/oidc-webhook-authenticator#182]

Helm Charts

shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-oidc-service:v0.32.0

Container (OCI) Images

gardener-extension-shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-oidc-service:v0.32.0

Contributors

vpnachev, dependabot, and 2 other contributors

Assets 3

08 May 05:55

gardener-robot-ci-1

v0.31.0

1418ccb

v0.31.0

[gardener/oidc-webhook-authenticator]

⚠️ Breaking Changes

[OPERATOR] The default CPU and memory limits on the oidc-webhook-authenticator container have been removed, please set your own limits via the helm chart value .runtime.resources if needed. by @vpnachev [gardener/oidc-webhook-authenticator#173]

🏃 Others

[OPERATOR] OWA is now built using go version 1.24.2. by @dimityrmirchev [gardener/oidc-webhook-authenticator#177]

[gardener/gardener-extension-shoot-oidc-service]

✨ New Features

[USER] The legacy method of providing monitoring configuration via ConfigMaps labeled with extensions.gardener.cloud/configuration=monitoring has been removed. The extension does now only uses the new contract for providing monitoring configuration. Before upgrading to this version of the extension, make sure that the deployed Gardener version supports the new monitoring contract. by @RadaBDimitrova [#307]

🏃 Others

[OPERATOR] The following 3rd party dependencies have been updated:
- github.com/gardener/gardener v1.110.1 -> v1.117.1
- github.com/spf13/cobra v1.8.1 -> v1.9.1
- github.com/spf13/pflag v1.0.5 -> v1.0.6
- go.uber.org/mock v0.5.0 -> v0.5.0
- golang.org/x/tools v0.28.0 -> v0.32.0
- k8s.io/api v0.31.3 -> v0.32.3
- k8s.io/apimachinery v0.31.3 -> v0.32.3
- k8s.io/autoscaler/vertical-pod-autoscaler v1.2.1 -> v1.3.0
- k8s.io/client-go v0.31.3 -> v0.32.3
- k8s.io/code-generator v0.31.3 -> v0.32.3
- k8s.io/component-base v0.31.3 -> v0.32.3
- sigs.k8s.io/controller-runtime v0.19.3 -> v0.20.4
- golang.org/x/crypto v0.35.0 -> golang.org/x/crypto v0.37.0
- golang.org/x/mod v0.22.0 -> golang.org/x/mod v0.24.0
- golang.org/x/net v0.32.0 -> golang.org/x/net v0.39.0
- golang.org/x/oauth2 v0.24.0 -> golang.org/x/oauth2 v0.28.0
- golang.org/x/sync v0.11.0 -> golang.org/x/sync v0.13.0
- golang.org/x/sys v0.30.0 -> golang.org/x/sys v0.32.0
- golang.org/x/term v0.29.0 -> golang.org/x/term v0.31.0
- golang.org/x/text v0.22.0 -> golang.org/x/text v0.24.0
- golang.org/x/time v0.8.0 -> golang.org/x/time v0.11.0 by @dependabot[bot] [#312]
[OPERATOR] extension-shoot-oidc-service no longer supports Shoots with Кubernetes version <= 1.26. by @RadaBDimitrova [#253]
[OPERATOR] The extension no longer has permissions over configmaps as it does not require such access. by @dimityrmirchev [#308]
[OPERATOR] RBAC resources now explicitly state resources and verbs, replaced use of wildcards *. by @georgibaltiev [#298]
[OPERATOR] The extension is now built using go version 1.24.3. by @dependabot[bot] [#316]
[OPERATOR] Fix the service annotation to reconcile the network policies that allow scraping extension metrics in the seed by @vicwicker [#290]
[OPERATOR] The extension is now built using go version 1.24.2. by @dependabot[bot] [#301]
[DEPENDENCY] Dependency to golang.org/x/crypto was upgraded to version v0.35.0. by @dimityrmirchev [#309]

Helm Charts

shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-oidc-service:v0.31.0

Container (OCI) Images

gardener-extension-shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-oidc-service:v0.31.0

Contributors

vicwicker, vpnachev, and 4 other contributors

Assets 4

17 Feb 10:20

gardener-robot-ci-2

v0.30.0

455b3d9

v0.30.0

[gardener/oidc-webhook-authenticator]

✨ New Features

[USER] OWA is built using go version 1.23.5. by @dimityrmirchev [gardener/oidc-webhook-authenticator#171]

🏃 Others

[USER] Dependency to gopkg.in/square/go-jose.v2 was replaced with github.com/go-jose/go-jose/v4 by @dimityrmirchev [gardener/oidc-webhook-authenticator#169]
[USER] OWA is now built using go version 1.23.6. by @dimityrmirchev [gardener/oidc-webhook-authenticator#172]
[DEPENDENCY] golang.org/x/crypto was updated to v0.31.0 by @dimityrmirchev [gardener/oidc-webhook-authenticator#168]

[gardener/gardener-extension-shoot-oidc-service]

✨ New Features

[USER] Containers, which do not require privilege escalations, now forbid privilege escalations explicitly. by @georgibaltiev [#276]

🏃 Others

[OPERATOR] Extension reconciliation and kube-apiserver deployment mutation flows are improved to not consider hibernation status of the shoot cluster as OWA is no longer authenticating itself in-front of the kube-apiserver and the dead lock around issuing access tokens cannot occur anymore. by @vpnachev [#277]

Helm Charts

shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-oidc-service:v0.30.0

Docker Images

gardener-extension-shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-oidc-service:v0.30.0

Contributors

vpnachev, dimityrmirchev, and georgibaltiev

Assets 4

22 Nov 10:23

gardener-robot-ci-1

v0.29.0

564c459

v0.29.0

[gardener/oidc-webhook-authenticator]

🏃 Others

[OPERATOR] OWA is now built using go version 1.23.3. by @dimityrmirchev [gardener/oidc-webhook-authenticator#167]
[DEVELOPER] gosec is made available for SAST(static application security testing), it can be run with make sast or make sast-report. by @vpnachev [gardener/oidc-webhook-authenticator#165]

[gardener/gardener-extension-shoot-oidc-service]

⚠️ Breaking Changes

[OPERATOR] The type of the imageVectorOverwrite helm chart value is changed from string to object. by @dimityrmirchev [#251]

🏃 Others

[OPERATOR] The following dependencies have been updated:
- github.com/gardener/gardener v1.105.0 -> v1.106.0
- k8s.io/api v0.29.8 -> v0.31.1
- k8s.io/apimachinery v0.29.9 -> v0.31.1
- k8s.io/client-go v0.29.9 -> v0.31.1
- k8s.io/code-generator v0.29.9 -> v0.31.1
- k8s.io/component-base v0.29.9 -> v0.31.1
- sigs.k8s.io/controller-runtime v0.17.6 -> v0.19.0 by @vpnachev [#248]
[DEVELOPER] gosec is made available for SAST(static application security testing), it can be run with make sast or make sast-report, but is also incorporated in the verify and verify-extended makefile targets. by @vpnachev [#248]

📖 Documentation

[USER] Documentation now clarifies when Structured Authentication should be preferred over the Gardener OIDC extension. by @dimityrmirchev [#259]

Helm Charts

shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-oidc-service:v0.29.0

Docker Images

gardener-extension-shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-oidc-service:v0.29.0

Contributors

vpnachev and dimityrmirchev

Assets 3

24 Oct 06:52

gardener-robot-ci-1

v0.28.0

f86c1cc

v0.28.0

[gardener/gardener-extension-shoot-oidc-service]

🏃 Others

[OPERATOR] The extension and OWA do not set cpu and memory limits. VPA is utilised to set proper recommendations. by @dimityrmirchev [#243]

[gardener/oidc-webhook-authenticator]

🏃 Others

[OPERATOR] OWA is now built with go version 1.23.1. by @dimityrmirchev [gardener/oidc-webhook-authenticator#160]
[OPERATOR] OWA is now built using go version 1.23.2. by @dimityrmirchev [gardener/oidc-webhook-authenticator#162]

Helm Charts

shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-oidc-service:v0.28.0

Docker Images

gardener-extension-shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-oidc-service:v0.28.0

Contributors

dimityrmirchev

Assets 3

06 Aug 11:23

gardener-robot-ci-1

v0.27.0

4305ede

v0.27.0

[gardener/gardener-extension-shoot-oidc-service]

✨ New Features

[OPERATOR] The extension mutating webhook now uses object selector to reduce the number of calls. by @dimityrmirchev [#224]
[OPERATOR] Helm charts of extension and admission controller are published as OCI artifacts now. by @oliver-goetz [#222]

🏃 Others

[DEPENDENCY] The extension is now built using go version 1.22.5. by @dimityrmirchev [#220]

[gardener/oidc-webhook-authenticator]

🏃 Others

[DEVELOPER] The following dependencies have been updated:
- github.com/coreos/go-oidc/v3 v3.1.0 -> v3.10.0
- golang.org/x/time v0.3.0 -> v0.5.0
- k8s.io/* v0.27.9 -> v0.30.1
- sigs.k8s.io/controller-runtime v0.15.3 -> v0.18.4
- golang.org/x/crypto v0.21.0 -> v0.24.0
- golang.org/x/net v0.23.0 -> v0.26.0 by @vpnachev [gardener/oidc-webhook-authenticator#157]
[DEPENDENCY] OWA is now built using go version 1.22.5. by @dimityrmirchev [gardener/oidc-webhook-authenticator#158]

Helm Charts

shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-oidc-service:v0.27.0

Docker Images

gardener-extension-shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-oidc-service:v0.27.0

Contributors

vpnachev, dimityrmirchev, and oliver-goetz

Assets 3

28 May 08:26

gardener-robot-ci-3

v0.26.0

ba682c3

v0.26.0

[gardener/oidc-webhook-authenticator]

🏃 Others

[OPERATOR] The default resync period between reconciliations of openidconnects is increased to 30min. by @dimityrmirchev [gardener/oidc-webhook-authenticator#156]
[DEPENDENCY] OWA is now built using go version 1.22.3. by @dimityrmirchev [gardener/oidc-webhook-authenticator#155]

[gardener/gardener-extension-shoot-oidc-service]

🏃 Others

[OPERATOR] OWA is now deployed with lower cpu and memory requests - 10m and 32Mi respectively. by @dimityrmirchev [#196]
[OPERATOR] This extension is now using the new way of providing monitoring configuration (ref GEP-19) in case a shoot cluster's Prometheus has been migrated to management via prometheus-operator. by @rfranzke [#193]

Docker Images

gardener-extension-shoot-oidc-service: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-oidc-service:v0.26.0

Contributors

rfranzke and dimityrmirchev

Assets 3

Releases: gardener/gardener-extension-shoot-oidc-service

v0.35.0

[github.com/gardener/gardener-extension-shoot-oidc-service:v0.35.0]

✨ New Features

🏃 Others

Helm Charts

Container (OCI) Images

Contributors

Uh oh!

v0.34.0

[github.com/gardener/gardener-extension-shoot-oidc-service:v0.34.0]

🏃 Others

Helm Charts

Container (OCI) Images

Contributors

Uh oh!

v0.33.0

[github.com/gardener/gardener-extension-shoot-oidc-service:v0.33.0]

✨ New Features

🏃 Others

Helm Charts

Container (OCI) Images

Contributors

Uh oh!

v0.32.0

[gardener/gardener-extension-shoot-oidc-service]

🏃 Others

[gardener/oidc-webhook-authenticator]

✨ New Features

🏃 Others

Helm Charts

Container (OCI) Images

Contributors

Uh oh!

v0.31.0

[gardener/oidc-webhook-authenticator]

⚠️ Breaking Changes

🏃 Others

[gardener/gardener-extension-shoot-oidc-service]

✨ New Features

🏃 Others

Helm Charts

Container (OCI) Images

Contributors

Uh oh!

v0.30.0

[gardener/oidc-webhook-authenticator]

✨ New Features

🏃 Others

[gardener/gardener-extension-shoot-oidc-service]

✨ New Features

🏃 Others

Helm Charts

Docker Images

Contributors

Uh oh!

v0.29.0

[gardener/oidc-webhook-authenticator]

🏃 Others

[gardener/gardener-extension-shoot-oidc-service]

⚠️ Breaking Changes

🏃 Others

📖 Documentation

Helm Charts

Docker Images

Contributors

Uh oh!

v0.28.0

[gardener/gardener-extension-shoot-oidc-service]

🏃 Others

[gardener/oidc-webhook-authenticator]

🏃 Others

Helm Charts

Docker Images

Contributors

Uh oh!

v0.27.0

[gardener/gardener-extension-shoot-oidc-service]

✨ New Features

🏃 Others