- Auto-detection for the cluster domain name (#90)
- Examples to use the downward API to locate the kubelet for Kubernetes workload attestation (#160)
- Migrated to the latest controller runtime (#151)
- Enforce TLS1.2 as a minimum version on the webhook server (#128)
- Multiarch docker images supporting both amd64 and arm64 (#51)
- Support for registration for downstream workloads (#44)
- Migration guide for migrating from the k8s-workload-registrer (#40)
- Status subresource yaml in demo preventing status from being updated (#38)
- Waits for 5 seconds for the SPIRE Server socket to become available (#80)
- Generated DNS Names are deduplicated before registration (#85)
- Bug causing entries to be recreated on every reconciliation (#32)
- Ability to configure the SPIRE Server API socket path via the
spireServerSocketPathvalue in the configuration file (#29)
- Various documentation fixes (#18, #23, #26)
- The
spire-api-socketCLI flag is deprecated in favor of thespireServerSocketPathvalue in the configuration file (#29)
First official release! The SPIRE controller manager supports:
- Registering workloads using the ClusterSPIFFEID custom resource
- Establishing federation relationships with foreign trust domains using the ClusterFederatedTrustDomain resource
- Full management of the Validating Admission Controller webhook credentials