v0.40.0

[github.com/gardener/oidc-webhook-authenticator:v0.40.0]

🏃 Others

• [OPERATOR] OWA is now built with Go 1.25.5 by @dependabot[bot] [#209]
• [OPERATOR] The container image base layer has been updated to Debian 13 (trixie). by @dimityrmirchev [#212]
• [DEPENDENCY] The following third party dependencies have been updated:
  • sigs.k8s.io/controller-runtime from v0.22.1 -> v0.22.4 by @dependabot[bot] [#210]
• [DEPENDENCY] The following third party dependencies have been updated:
  • golang.org/x/crypto v0.42.0 -> v0.45.0
  • golang.org/x/net v0.44.0 -> v0.47.0
  • golang.org/x/sync v0.17.0 -> v0.18.0
  • golang.org/x/sys v0.36.0 -> v0.38.0
  • golang.org/x/term v0.35.0 -> v0.37.0
  • golang.org/x/text v0.29.0 -> v0.31.0
  • golang.org/x/tools v0.37.0 -> v0.38.0 by @dependabot[bot] [#205]

Helm Charts

• oidc-webhook-authenticator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/oidc-webhook-authenticator:v0.40.0

Container (OCI) Images

• oidc-webhook-authenticator: europe-docker.pkg.dev/gardener-project/releases/gardener/oidc-webhook-authenticator:v0.40.0

v0.39.0

[github.com/gardener/oidc-webhook-authenticator:v0.39.0]

⚠️ Breaking Changes

• [USER] The clientID field in the OpenIDConnect CRD is now deprecated and replaced by the new audiences field, which accepts a list of acceptable audience values for the ID token. by @theoddora [#200]

🏃 Others

• [OPERATOR] OWA is now built using go version 1.25.4. by @dimityrmirchev [#203]
• [OPERATOR] Migrate the test framework from (deprecated) Ginkgo v1 to Ginkgo v2. by @theoddora [#198]

Helm Charts

• oidc-webhook-authenticator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/oidc-webhook-authenticator:v0.39.0

Container (OCI) Images

• oidc-webhook-authenticator: europe-docker.pkg.dev/gardener-project/releases/gardener/oidc-webhook-authenticator:v0.39.0

v0.38.0

[github.com/gardener/oidc-webhook-authenticator:v0.38.0]

✨ New Features

• [OPERATOR] Helm charts of OWA are now published as OCI artifacts. by @dimityrmirchev [#188]

🏃 Others

• [DEVELOPER] GHA build workflow now also runs the tests. by @vpnachev [#193]
• [OPERATOR] OWA is now built using go version 1.25.1. by @dimityrmirchev [#190]
• [DEPENDENCY] The following 3rd party dependencies have been updated:
  • github.com/coreos/go-oidc/v3 v3.14.1 -> v3.15.0
  • github.com/go-jose/go-jose/v4 v4.1.1 -> v4.1.2
  • golang.org/x/time v0.12.0 -> v0.13.0
  • k8s.io/api v0.33.2 -> v0.34.1
  • k8s.io/apimachinery v0.33.2 -> v0.34.1
  • k8s.io/apiserver v0.33.2 -> v0.34.1
  • k8s.io/client-go v0.33.2 -> v0.34.1
  • k8s.io/component-base v0.33.2 -> v0.34.1
  • sigs.k8s.io/controller-runtime v0.21.0 -> v0.22.1
  • golang.org/x/crypto v0.39.0 -> v0.42.0
  • golang.org/x/net v0.41.0 -> v0.44.0
  • golang.org/x/oauth2 v0.30.0 -> v0.31.0
  • golang.org/x/sync v0.15.0 -> v0.17.0
  • golang.org/x/sys v0.33.0 -> v0.36.0
  • golang.org/x/term v0.32.0 -> v0.35.0
  • golang.org/x/text v0.26.0 -> v0.29.0 by @vpnachev [#194]
• [DEVELOPER] migrate CICD-Pipelines to GitHub-Actions by @ccwienk [#184]
• [OPERATOR] Test results are now exported as inlined ocm-resource. by @Franziska-Schallhorn [#186]

Helm Charts

• oidc-webhook-authenticator: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/oidc-webhook-authenticator:v0.38.0

Container (OCI) Images

• oidc-webhook-authenticator: europe-docker.pkg.dev/gardener-project/releases/gardener/oidc-webhook-authenticator:v0.38.0

v0.37.0

[gardener/oidc-webhook-authenticator]

🏃 Others

• [OPERATOR] oidc-webhook-authenticator is now built with go 1.24.5. by @vpnachev [#185]
• [DEPENDENCY] The following 3rd party dependencies have been updated:
  • k8s.io/api v0.31.1 -> v0.33.2
  • k8s.io/apiextensions-apiserver v0.31.0 -> v0.33.2
  • k8s.io/apimachinery v0.31.1 -> v0.33.2
  • k8s.io/apiserver v0.31.0 -> v0.33.2
  • k8s.io/client-go v0.31.1 -> v0.33.2
  • k8s.io/component-base v0.31.1 -> v0.33.2
  • sigs.k8s.io/controller-runtime v0.19.0 -> v0.21.0
  • golang.org/x/crypto v0.36.0 -> v0.39.0
  • golang.org/x/net v0.38.0 -> v0.41.0
  • golang.org/x/oauth2 v0.21.0 -> v0.30.0
  • golang.org/x/sync v0.12.0 -> v0.15.0
  • golang.org/x/sys v0.31.0 -> v0.33.0
  • golang.org/x/term v0.30.0 -> v0.32.0
  • golang.org/x/text v0.23.0 -> v0.26.0
  • golang.org/x/time v0.6.0 -> v0.12.0 by @vpnachev [#182]

Container (OCI) Images

• oidc-webhook-authenticator: europe-docker.pkg.dev/gardener-project/releases/gardener/oidc-webhook-authenticator:v0.37.0

v0.36.0

[gardener/oidc-webhook-authenticator]

✨ New Features

• [USER] Containers, which do not require privilege escalations, now forbid privilege escalations explicitly. by @georgibaltiev [#179]

🏃 Others

• [OPERATOR] OWA is now built using go version 1.24.4. by @dimityrmirchev [#180]

Container (OCI) Images

• oidc-webhook-authenticator: europe-docker.pkg.dev/gardener-project/releases/gardener/oidc-webhook-authenticator:v0.36.0

v0.35.0

[gardener/oidc-webhook-authenticator]

⚠️ Breaking Changes

• [OPERATOR] The default CPU and memory limits on the oidc-webhook-authenticator container have been removed, please set your own limits via the helm chart value .runtime.resources if needed. by @vpnachev [#173]

🏃 Others

• [OPERATOR] OWA is now built using go version 1.24.2. by @dimityrmirchev [#177]

Docker Images

• oidc-webhook-authenticator: europe-docker.pkg.dev/gardener-project/releases/gardener/oidc-webhook-authenticator:v0.35.0

v0.34.0

[gardener/oidc-webhook-authenticator]

✨ New Features

• [USER] OWA is built using go version 1.23.5. by @dimityrmirchev [#171]

🏃 Others

• [USER] OWA is now built using go version 1.23.6. by @dimityrmirchev [#172]
• [USER] Dependency to gopkg.in/square/go-jose.v2 was replaced with github.com/go-jose/go-jose/v4 by @dimityrmirchev [#169]
• [DEPENDENCY] golang.org/x/crypto was updated to v0.31.0 by @dimityrmirchev [#168]

Docker Images

• oidc-webhook-authenticator: europe-docker.pkg.dev/gardener-project/releases/gardener/oidc-webhook-authenticator:v0.34.0

v0.33.0

[gardener/oidc-webhook-authenticator]

🏃 Others

• [DEVELOPER] gosec is made available for SAST(static application security testing), it can be run with make sast or make sast-report. by @vpnachev [#165]
• [OPERATOR] OWA is now built using go version 1.23.3. by @dimityrmirchev [#167]

Docker Images

• oidc-webhook-authenticator: europe-docker.pkg.dev/gardener-project/releases/gardener/oidc-webhook-authenticator:v0.33.0

v0.32.0

[gardener/oidc-webhook-authenticator]

🏃 Others

• [OPERATOR] OWA is now built using go version 1.23.2. by @dimityrmirchev [#162]
• [OPERATOR] OWA is now built with go version 1.23.1. by @dimityrmirchev [#160]

Docker Images

• oidc-webhook-authenticator: europe-docker.pkg.dev/gardener-project/releases/gardener/oidc-webhook-authenticator:v0.32.0

v0.31.0

[gardener/oidc-webhook-authenticator]

🏃 Others

• [DEPENDENCY] OWA is now built using go version 1.22.5. by @dimityrmirchev [#158]
• [DEVELOPER] The following dependencies have been updated:
  • github.com/coreos/go-oidc/v3 v3.1.0 -> v3.10.0
  • golang.org/x/time v0.3.0 -> v0.5.0
  • k8s.io/* v0.27.9 -> v0.30.1
  • sigs.k8s.io/controller-runtime v0.15.3 -> v0.18.4
  • golang.org/x/crypto v0.21.0 -> v0.24.0
  • golang.org/x/net v0.23.0 -> v0.26.0 by @vpnachev [#157]

Docker Images

• oidc-webhook-authenticator: europe-docker.pkg.dev/gardener-project/releases/gardener/oidc-webhook-authenticator:v0.31.0