Releases: sky-uk/osprey
Releases · sky-uk/osprey
v2.7.0
v2.6.0
Changelog
- 5d411c4 Add goreleaser (#72)
- 8c1abbb Fetch API server URL from GKE OIDC ClientConfig (#73)
This allows osprey client to fetch the API server URL from thekube-public/ClientConfigresource. This is created when the OIDC Identity Service is enabled in GKE - 47439f3 Some fixes (#63)
- d5795a3 Update dependencies (#71)
v2.5.0
- Add ability for osprey client to fetch the API server CA from the API server itself, rather than needing an osprey server deployment to serve it. #69
This is controlled by a new api-server field in the Osprey config file. The target Kubernetes cluster must have the feature gate RootCAConfigMap enabled. It was introduced in v1.13 and became enabled by default in v1.20.
RootCAConfigMap: Configure thekube-controller-managerto publish a ConfigMap namedkube-root-ca.crtto every namespace. This ConfigMap contains a CA bundle used for verifying connections to the kube-apiserver. See Bound Service Account Tokens for more details.
Anonymous access needs to be enabled for the API server and a suitable RoleBinding in place to allow access to system:anonymous users.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: anonymous-kube-root-ca
namespace: kube-public
rules:
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
- kube-root-ca.crt
verbs:
- getapiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: anonymous-kube-root-ca
namespace: kube-public
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: anonymous-kube-root-ca
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: system:anonymousv2.4.0
v2.3.0
v2.2.0: Automatic browser popup for OIDC login
v2.1.0
v2.1.0
v2.0.0: Support AzureAD (#36)
Release 2.0.0
- Adds support for authentication using Azure Active Directory as the OIDC.
- This release introduces a breaking change to osprey config files. This is due to functionality to support multiple
identity providers in the same configuration file.