Release v0.7.0

Release Images

Changes

Major Changes

• The Concierge now supports most managed Kubernetes clusters including EKS, AKS, and GKE. This works by using a new strategy that employs Kubernetes impersonation. For more information about this new feature, see our blog post.

• The Pinniped command-line tool now supports a whoami subcommand, which returns the currently-authenticated user identity. This functionality is also available in a new WhoAmIRequest API served by the Concierge.

• The pinniped get kubeconfig command now waits for the Concierge to become stable and validates that the final generated kubeconfig is valid. It also prints more verbose log output describing any parameters that are autodetected.

Minor Changes

• Added several new optional flags to the pinniped get kubeconfig command, including --concierge-mode, --concierge-skip-wait, --skip-validation, --timeout, and --output. For a full list of new options, see the CLI reference documentation.

• Added new API fields to the CredentialIssuer API to support the impersonation proxy strategy. The status.kubeConfigInfo field is now deprecated and will be removed in a future release.

• Fixed Homebrew installation of the main branch using --HEAD.

• Upgraded Debian base images from 10.8 to 10.9.

• Upgraded Go from 1.15.8 to 1.16.2.

• Upgraded Kubernetes runtime library dependencies from v1.20.1 to v1.20.5 plus some additional unreleased commits to address CVE-2021-3121 (a potential denial-of-service vulnerability).

• Improved the stability of several integration tests.

Diffs

A complete list of changes (377 commits, 862 changed files with 33,098 additions and 4,917 deletions!) can be found here.

Updates

The attached yaml files were updated on May 6, 2024 to use ghcr.io/vmware-tanzu/pinniped/pinniped-server instead of projects.registry.vmware.com/pinniped/pinniped-server.