Releases: pomerium/ingress-controller
Releases · pomerium/ingress-controller
v0.24.0
Installation
To install, run the following command:
kubectl apply -k github.com/pomerium/ingress-controller/config/default\?ref=v0.24.0
Refer to the Pomerium Configuration Guide to complete your installation.
What's Changed
Core Update
This release upgrades the core to v0.24. Performance improvements are observed specifically when configurations are driven by the Pomerium Enterprise. These enhancements are particularly beneficial in environments with a high number of routes, certificates, and policies, or in dynamically changing configurations.
Memory Usage Reduction
Most users should observe less memory used compared to v0.23. Please see the related GitHub issue: pomerium/pomerium#4652.
Fixes
Dependency Updates
- Bump actions/setup-go from 4.0.1 to 4.1.0 by @dependabot in #749
- Bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in #748
- Bump tibdex/github-app-token from 1.8.0 to 1.8.2 by @dependabot in #746
- Bump docker/setup-buildx-action from 2.9.1 to 2.10.0 by @dependabot in #747
- Bump github.com/open-policy-agent/opa from 0.55.0 to 0.56.0 by @dependabot in #741
- Bump github.com/go-playground/validator/v10 from 10.15.1 to 10.15.3 by @dependabot in #738
- Bump distroless/base from
de8fb01to6691be5by @dependabot in #737 - Bump golang from 1.20.6 to 1.21.0 by @dependabot in #736
- Bump node from
3801c22tof41231bby @dependabot in #735 - Bump node from
f41231bto2daec43by @dependabot in #770 - Bump docker/build-push-action from 4.1.1 to 5.0.0 by @dependabot in #769
- Bump docker/login-action from 2.2.0 to 3.0.0 by @dependabot in #767
- Bump docker/setup-qemu-action from 2.2.0 to 3.0.0 by @dependabot in #766
- Bump tibdex/github-app-token from 1.8.2 to 2.1.0 by @dependabot in #764
- Bump github.com/go-playground/validator/v10 from 10.15.3 to 10.15.4 by @dependabot in #756
- Bump google.golang.org/grpc from 1.57.0 to 1.58.2 by @dependabot in #753
- Bump docker/metadata-action from 4.6.0 to 5.0.0 by @dependabot in #768
- Bump actions/cache from 3.3.1 to 3.3.2 by @dependabot in #765
- Bump actions/checkout from 3.6.0 to 4.1.0 by @dependabot in #763
- Bump github.com/rs/zerolog from 1.30.0 to 1.31.0 by @dependabot in #760
- Bump docker/setup-buildx-action from 2.10.0 to 3.0.0 by @dependabot in #762
- Bump go.uber.org/zap from 1.25.0 to 1.26.0 by @dependabot in #759
- Bump github.com/open-policy-agent/opa from 0.56.0 to 0.57.0 by @dependabot in #758
- Bump golang.org/x/net from 0.15.0 to 0.17.0 by @dependabot in #772
- Bump golang from 1.21.0 to 1.21.1 by @dependabot in #771
- upgrade envoy to v1.28.0 by @kenjenkins in #774
- Bump google.golang.org/grpc from 1.58.2 to 1.58.3 by @dependabot in #777
- Bump golang from 1.21.1 to 1.21.3 by @dependabot in #796
- upgrade go to 1.21 by @calebdoxsey in #799
- Bump actions/setup-python from 4.7.0 to 4.7.1 by @dependabot in #797
New Contributors
- @kenjenkins made their first contribution in #773
Full Changelog: v0.23.1...v0.24.0
Contributors
calebdoxsey, wasaga, and 2 other contributors
Assets 2
v0.23.1
v0.23.0
Changelog
v0.23.0 (2023-08-29)
New
- settings: add access_log_fields and authorize_log_fields #701 (@calebdoxsey)
- config: add cookie_same_site option #620 (@calebdoxsey)
- add global timeout customization #651 (@wasaga)
Dependency
- Bump github.com/golangci/golangci-lint from 1.53.3 to 1.54.2 #724 (@dependabot[bot])
- Bump go.uber.org/zap from 1.24.0 to 1.25.0 #722 (@dependabot[bot])
- Bump github.com/google/uuid from 1.3.0 to 1.3.1 #720 (@dependabot[bot])
- Bump github.com/go-playground/validator/v10 from 10.14.1 to 10.15.1 #719 (@dependabot[bot])
- Bump docker/setup-buildx-action from 2.8.0 to 2.9.1 #716 (@dependabot[bot])
- Bump actions/setup-python from 4.6.1 to 4.7.0 #715 (@dependabot[bot])
- Bump golang from 1.20.5 to 1.20.6 #714 (@dependabot[bot])
- Bump github.com/rs/zerolog from 1.29.1 to 1.30.0 #713 (@dependabot[bot])
- Bump github.com/open-policy-agent/opa from 0.54.0 to 0.55.0 #709 (@dependabot[bot])
- Bump google.golang.org/grpc from 1.56.1 to 1.57.0 #706 (@dependabot[bot])
- Bump github.com/iancoleman/strcase from 0.2.0 to 0.3.0 #704 (@dependabot[bot])
- dependencies: upgrade core #702 (@calebdoxsey)
- Bump github.com/open-policy-agent/opa from 0.53.1 to 0.54.0 #691 (@dependabot[bot])
- Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 #689 (@dependabot[bot])
- Bump docker/setup-buildx-action from 2.7.0 to 2.8.0 #688 (@dependabot[bot])
- Bump node from
05824f7to3801c22#687 (@dependabot[bot]) - Bump golang from
6b3fa4bto344193a#686 (@dependabot[bot]) - Bump golang.org/x/sync from 0.2.0 to 0.3.0 #680 (@dependabot[bot])
- Bump github.com/golangci/golangci-lint from 1.52.2 to 1.53.3 #679 (@dependabot[bot])
- Bump k8s.io/apimachinery from 0.27.2 to 0.27.3 #676 (@dependabot[bot])
- Bump google.golang.org/grpc from 1.55.0 to 1.56.0 #675 (@dependabot[bot])
- Bump docker/build-push-action from 4.1.0 to 4.1.1 #674 (@dependabot[bot])
- Bump docker/setup-buildx-action from 2.6.0 to 2.7.0 #673 (@dependabot[bot])
- Bump docker/metadata-action from 4.4.0 to 4.6.0 #672 (@dependabot[bot])
- Bump node from
df5a66eto05824f7#671 (@dependabot[bot]) - Bump golang from
4b1fc02to6b3fa4b#670 (@dependabot[bot]) - Bump github.com/stretchr/testify from 1.8.3 to 1.8.4 #667 (@dependabot[bot])
- Bump docker/setup-buildx-action from 2.5.0 to 2.6.0 #666 (@dependabot[bot])
- Bump github.com/open-policy-agent/opa from 0.53.0 to 0.53.1 #665 (@dependabot[bot])
- Bump github.com/spf13/viper from 1.15.0 to 1.16.0 #664 (@dependabot[bot])
- Bump golang from 1.20.4 to 1.20.5 #663 (@dependabot[bot])
- Bump docker/login-action from 2.1.0 to 2.2.0 #662 (@dependabot[bot])
- Bump actions/checkout from 3.5.2 to 3.5.3 #661 (@dependabot[bot])
- Bump docker/setup-qemu-action from 2.1.0 to 2.2.0 #660 (@dependabot[bot])
- Bump docker/build-push-action from 4.0.0 to 4.1.0 #659 (@dependabot[bot])
- Bump github.com/envoyproxy/go-control-plane from 0.11.0 to 0.11.1 #657 (@dependabot[bot])
- Bump github.com/golangci/golangci-lint from 1.52.2 to 1.53.2 #656 (@dependabot[bot])
- Bump k8s.io/apimachinery from 0.26.3 to 0.27.2 #655 (@dependabot[bot])
- Bump github.com/go-playground/validator/v10 from 10.14.0 to 10.14.1 #654 (@dependabot[bot])
- Bump distroless/base from
bff68cetode8fb01#653 (@dependabot[bot]) - pin node to lts #652 (@wasaga)
- Bump github.com/stretchr/testify from 1.8.2 to 1.8.3 #648 (@dependabot[bot])
- Bump github.com/open-policy-agent/opa from 0.52.0 to 0.53.0 #645 (@dependabot[bot])
- Bump golang from
685a22eto690e413#644 (@dependabot[bot]) - Bump actions/setup-python from 4.6.0 to 4.6.1 #643 (@dependabot[bot])
- Bump github.com/go-playground/validator/v10 from 10.13.0 to 10.14.0 #637 (@dependabot[bot])
- Bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 #634 (@dependabot[bot])
- Bump golang from
31a8f92to685a22e#633 (@dependabot[bot]) - Bump actions/setup-go from 4.0.0 to 4.0.1 #632 (@dependabot[bot])
- Bump github.com/cloudflare/circl from 1.3.2 to 1.3.3 #631 (@dependabot[bot])
- Bump google.golang.org/grpc from 1.54.0 to 1.55.0 #628 (@dependabot[bot])
- Bump golang.org/x/sync from 0.1.0 to 0.2.0 #627 (@dependabot[bot])
- Bump golang from 1.20.3 to 1.20.4 #625 (@dependabot[bot])
- Bump distroless/base from
766c538tobff68ce#624 (@dependabot[bot])
Changed
- ci: another place to increase yarn timeout #734 (@backport-actions-token[bot])
- ci: increase yarn network timeout #732 (@backport-actions-token[bot])
- add docs refs to log fields options #718 (@wasaga)
- fix manifests, fix publish docs action #693 (@wasaga)
- update dependabot #669 (@calebdoxsey)
- remove depguard #668 (@calebdoxsey)
- bump core main reference #642 (@wasaga)
- upgrade core to current main branch, including #4192, #4187, #4186, #4190 #639 (@wasaga)
Contributors
calebdoxsey, wasaga, and dependabot
Assets 2
v0.22.3
v0.22.2
Security
This release fixes a bug whereby specially crafted requests could result in incorrect authorization decisions made by Pomerium. CVE-2023-33189.
v0.21.3
Security
This release fixes a bug whereby specially crafted requests could result in incorrect authorization decisions made by Pomerium. CVE-2023-33189.
v0.20.1
Security
This release fixes a bug whereby specially crafted requests could result in incorrect authorization decisions made by Pomerium. CVE-2023-33189.
v0.22.1
v0.22.0
Changelog
v0.22.0 (2023-05-03)
New
- add programmatic login options to the CRD #613 (@wasaga)
- add stress test #609 (@wasaga)
- add set response headers global option #599 (@wasaga)
- support external authenticate #534 (@wasaga)
- support for wildcard hosts in
Ingress - this release should significantly reduce RAM consumption for large number of
Ingressresources
Fixed
Changed
- bump core to v0.22.0 #617 (@wasaga)
- allow to omit authenticate params, that would default to hosted authentication #612 (@wasaga)
- debug: add some additional runtime flags #602 (@wasaga)
- setResponseHeaders: fix typo #601 (@wasaga)
- bump linter to v1.52.2 and resolve warnings #598 (@wasaga)
- use updated envoy config #589 (@calebdoxsey)
- bump core #556 (@wasaga)
- set main manifests to point to main docker image #541 (@wasaga)
- ci: use large gh runners #540 (@wasaga)
- set core to main and envoy to 1.25 #531 (@wasaga)
Dependency
- Bump distroless/base from
344ef23to766c538#616 (@dependabot[bot]) - Bump github.com/go-playground/validator/v10 from 10.12.0 to 10.13.0 #615 (@dependabot[bot])
- Bump github.com/open-policy-agent/opa from 0.51.0 to 0.52.0 #614 (@dependabot[bot])
- Bump github.com/rs/zerolog from 1.29.0 to 1.29.1 #611 (@dependabot[bot])
- Bump github.com/cenkalti/backoff/v4 from 4.2.0 to 4.2.1 #610 (@dependabot[bot])
- Bump docker/metadata-action from 4.3.0 to 4.4.0 #607 (@dependabot[bot])
- Bump actions/setup-python from 4.5.0 to 4.6.0 #606 (@dependabot[bot])
- Bump sigs.k8s.io/controller-tools from 0.11.3 to 0.11.4 #604 (@dependabot[bot])
- set core to main #597 (@wasaga)
- upgrade go and envoy #595 (@calebdoxsey)
- Bump actions/checkout from 3.5.0 to 3.5.2 #591 (@dependabot[bot])
- Bump golang from
23050c2to403f486#590 (@dependabot[bot]) - Bump golang from 1.20.2 to 1.20.3 #588 (@dependabot[bot])
- Bump distroless/base from
6826ce1to344ef23#587 (@dependabot[bot]) - Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 #586 (@dependabot[bot])
- Bump github.com/open-policy-agent/opa from 0.50.2 to 0.51.0 #584 (@dependabot[bot])
- Bump sigs.k8s.io/controller-runtime from 0.14.5 to 0.14.6 #583 (@dependabot[bot])
- Bump github.com/go-logr/logr from 1.2.3 to 1.2.4 #582 (@dependabot[bot])
- Bump k8s.io/apiextensions-apiserver from 0.26.2 to 0.26.3 #580 (@dependabot[bot])
- Bump golang from
5990c4fto1724dc3#578 (@dependabot[bot]) - Bump google.golang.org/grpc from 1.53.0 to 1.54.0 #577 (@dependabot[bot])
- Bump actions/checkout from 3.4.0 to 3.5.0 #576 (@dependabot[bot])
- Bump github.com/open-policy-agent/opa from 0.50.1 to 0.50.2 #574 (@dependabot[bot])
- Bump golang from
74a3829to5990c4f#571 (@dependabot[bot]) - Bump actions/checkout from 3.3.0 to 3.4.0 #570 (@dependabot[bot])
- Bump actions/setup-go from 3.5.0 to 4.0.0 #569 (@dependabot[bot])
- Bump k8s.io/apiserver from 0.26.2 to 0.26.3 #568 (@dependabot[bot])
- Bump google.golang.org/protobuf from 1.29.1 to 1.30.0 #567 (@dependabot[bot])
- Bump github.com/go-playground/validator/v10 from 10.11.2 to 10.12.0 #566 (@dependabot[bot])
- Bump github.com/open-policy-agent/opa from 0.49.2 to 0.50.1 #563 (@dependabot[bot])
- Bump google.golang.org/protobuf from 1.29.0 to 1.29.1 #562 (@dependabot[bot])
- Bump golang from 1.20.1 to 1.20.2 #561 (@dependabot[bot])
- Bump google.golang.org/protobuf from 1.28.1 to 1.29.0 #560 (@dependabot[bot])
- Bump docker/setup-buildx-action from 2.4.1 to 2.5.0 #558 (@dependabot[bot])
- Bump actions/cache from 3.2.6 to 3.3.1 #557 (@dependabot[bot])
- Bump golang from
2edf6aato52921e6#555 (@dependabot[bot]) - Bump k8s.io/apiextensions-apiserver from 0.26.1 to 0.26.2 #554 (@dependabot[bot])
- Bump sigs.k8s.io/controller-runtime from 0.14.4 to 0.14.5 #550 (@dependabot[bot])
- Bump distroless/base from
b91cfa6to6826ce1#549 (@dependabot[bot]) - Bump actions/cache from 3.2.5 to 3.2.6 #548 (@dependabot[bot])
- Bump github.com/open-policy-agent/opa from 0.49.0 to 0.49.2 #547 (@dependabot[bot])
- Bump github.com/stretchr/testify from 1.8.1 to 1.8.2 #545 (@dependabot[bot])
- Bump github.com/go-playground/validator/v10 from 10.11.1 to 10.11.2 #544 (@dependabot[bot])
- upgrade kubernetes to v1.26 #543 (@wasaga)
- Bump golang from 1.20.0 to 1.20.1 #538 (@dependabot[bot])
- Bump distroless/base from
5119056tob91cfa6#537 (@dependabot[bot]) - Bump github.com/golangci/golangci-lint from 1.51.1 to 1.51.2 #536 (@dependabot[bot])
- bump golang.org/x/net from 0.6.0 to 0.7.0 #535 (@dependabot[bot])
- Bump golang from
9be8859to63c5d64#528 (@dependabot[bot]) - Bump distroless/base from
a59388cto5119056#527 (@dependabot[bot]) - Bump actions/cache from 3.2.4 to 3.2.5 #526 (@dependabot[bot])
- Bump github.com/open-policy-agent/opa from 0.48.0 to 0.49.0 #525 (@dependabot[bot])
- Bump github.com/pomerium/pomerium from 0.21.0-rc2 to 0.21.0 #524 (@dependabot[bot])
- Bump distroless/base from
010cc31toa59388c#520 (@dependabot[bot]) - Bump golang from 1.19.5 to 1.20.0 #519 (@dependabot[bot])
- Bump docker/setup-buildx-action from 2.4.0 to 2.4.1 #518 (@dependabot[bot])
- Bump docker/build-push-action from 3.3.0 to 4.0.0 #517 (@dependabot[bot])
- Bump github.com/golangci/golangci-lint from 1.50.1 to 1.51.1 #514 (@dependabot[bot])
- Bump distroless/base from
e0c57aato `...
Contributors
calebdoxsey, wasaga, and dependabot
Assets 2
v0.21.2
What's Changed
- enable backport bot by @wasaga in #443
- bump envoy to v1.24.0 by @wasaga in #444
- Bump actions/setup-go from 3.3.1 to 3.4.0 by @dependabot in #447
- Bump tibdex/github-app-token from 1.6.0 to 1.7.0 by @dependabot in #446
- Bump github.com/open-policy-agent/opa from 0.46.1 to 0.47.0 by @dependabot in #445
- update reference.md location by @wasaga in #448
- Bump distroless/base from
90d0605to485e1e5by @dependabot in #455 - Bump golang from 1.19.3 to 1.19.4 by @dependabot in #454
- Bump actions/setup-python from 4.3.0 to 4.3.1 by @dependabot in #456
- Bump github.com/open-policy-agent/opa from 0.47.0 to 0.47.3 by @dependabot in #450
- Bump actions/checkout from 3.1.0 to 3.2.0 by @dependabot in #462
- Bump actions/setup-go from 3.4.0 to 3.5.0 by @dependabot in #460
- Bump golang from
04f76f9to54184d6by @dependabot in #461 - Bump actions/setup-python from 4.3.1 to 4.4.0 by @dependabot in #470
- Bump distroless/base from
485e1e5tob76e5b6by @dependabot in #469 - Bump golang from
54184d6to660f138by @dependabot in #468 - Bump actions/cache from 3.0.11 to 3.2.1 by @dependabot in #467
- Bump github.com/open-policy-agent/opa from 0.47.3 to 0.47.4 by @dependabot in #464
- Bump actions/cache from 3.2.1 to 3.2.2 by @dependabot in #471
- add auto tls option by @wasaga in #474
- Bump actions/checkout from 3.2.0 to 3.3.0 by @dependabot in #481
- Bump actions/cache from 3.2.2 to 3.2.3 by @dependabot in #480
- Bump distroless/base from
b76e5b6toe0c57aaby @dependabot in #479 - Bump github.com/open-policy-agent/opa from 0.47.4 to 0.48.0 by @dependabot in #478
- crd: add gitlab by @calebdoxsey in #482
- Bump google.golang.org/grpc from 1.51.0 to 1.52.0 by @dependabot in #492
- Bump github.com/sergi/go-diff from 1.2.0 to 1.3.1 by @dependabot in #491
- Bump golang from 1.19.4 to 1.19.5 by @dependabot in #490
- Bump docker/build-push-action from 3.2.0 to 3.3.0 by @dependabot in #489
- Bump actions/setup-python from 4.4.0 to 4.5.0 by @dependabot in #488
- Bump docker/metadata-action from 4.1.1 to 4.3.0 by @dependabot in #487
- add cspell pre-commit hook by @wasaga in #484
- config: add certificate authorities by @calebdoxsey in #485
- bump core to v0.21.0-rc1 by @wasaga in #493
- Bump k8s.io/apimachinery from 0.25.4 to 0.26.1 by @dependabot in #499
- Bump github.com/spf13/viper from 1.14.0 to 1.15.0 by @dependabot in #498
- push release branches to the dockerhub by @backport-actions-token in #504
- bump core to v0.21.0-rc2 by @backport-actions-token in #503
- fix confusing logging by @wasaga in #532
- support external authenticate (#534) by @wasaga in #539
Full Changelog: v0.20.0...v0.21.2
Contributors
calebdoxsey, wasaga, and dependabot