v1.5.3

What's Changed

• Bump flask from 2.2.2 to 2.2.5 in /app/imageswap by @dependabot in #97
• Bump certifi from 2022.12.7 to 2023.7.22 in /app/imageswap-init by @dependabot in #102
• Bump cryptography from 39.0.1 to 41.0.2 in /app/imageswap-init by @dependabot in #101
• Bump cryptography from 41.0.2 to 41.0.3 in /app/imageswap-init by @dependabot in #103
• BUGFIX: identity mapping with EXACT and REPLACE is ignored by @ferenc-hechler in #104
• Prepare v1.5.3 release by @phenixblue in #106

Full Changelog: v1.5.2...v1.5.3

v1.5.2

What's Changed

• Bump oauthlib from 3.2.0 to 3.2.1 in /app/imageswap-init by @dependabot in #79
• Introducing [REPLACE] by @M4C4R in #85
• Bump certifi from 2022.9.14 to 2022.12.7 in /app/imageswap-init by @dependabot in #91
• Fix detection of IMAGESWAP_DISABLE_AUTO_MWC by @howardburgess in #88
• Bump cryptography from 38.0.4 to 39.0.1 in /app/imageswap-init by @dependabot in #92
• Bump werkzeug from 2.2.2 to 2.2.3 in /app/imageswap by @dependabot in #93
• Prepare v1.5.2 release by @phenixblue in #96

New Contributors

• @M4C4R made their first contribution in #85
• @howardburgess made their first contribution in #88

Full Changelog: v1.5.1...v1.5.2

v1.5.1

Overview

This is primarily a maintenance release with a couple of small enhancements.

Enhancements

• Cleanup some legacy logic for detecting the K8s API Server CA Cert. This also enables support in K3S environments (#70)
• Adds the IMAGESWAP_DISABLE_AUTO_MWC environment variable to allow for disabling the automatic generation of the Mutating Webhook Configuration (MWC) in the imageswap-init container (#71)
• Adds the IMAGESWAP_CSR_SIGNER_NAME environmental variable to allow for customizing the signer used in the K8s CertificateSigningRequest resource. Defaults to kubernetes.io/kubelet-serving to maintain backwards compatibility (#76)

Acknowledgements

• Thanks to @jchanam for their work on #76
• Thanks to @howardburgess for suggesting #67
• Thanks to @rainsun for bringing #56 to our attention and supplying logs to help triage the issue

v1.5.0

Overview

This release is primarily focused on adding support for newer Kubernetes versions (v1.19+), but does introduce breaking changes for prior Kubernetes versions.

ImageSwap v1.4.2 should be used for Kubernetes versions below v1.19.0

ImageSwap v1.5.0 is using a newer release of the Kubernetes Python Client library which removed some previously deprecated API's and changed the way the CertificateSigningRequest resource is handled for the webhook Cert Bundle.

This release also moves to using a new syntax (::) to separate the key and value portions of a map definition in the maps file. Backwards compatibility is maintained for the existing : syntax, but this has been deprecated and should not be used. Please update any existing map configurations to use the new syntax.

This release also adds additional validation to catch errors associated with specifying a registry in a map definition key that includes the :<port_number> syntax. Previously this would result in an error and a stack trace. This is now handled gracefully and the new map separator syntax should allow for registries to include ports going forward.

Enhancements

• Add support for new map definition deparator syntax (#50)
• Bump Kubernetes Python Client to v23.3.0 to support new K8s versions (#68 / #65)
• Bump KinD node images/matrix to test aginst k8s v1.19, v1.20, v1.21, and v1.22 for CI (#68 / #65)
• Bump KinD Github Action to v0.12.0 for CI (#68 / #65)
• Move to admission.k8s.io/v1 for AdmissionReview (#68 / #65)
• Move to admissionregistration.k8s.io/v1 for VWC (#68 / #65)
• Add sign verb for cluster scoped RBAC (#68 / #65)
• Move to support v4.x of yq utility syntax for Makefile/CI (#68 / #65)
• Temporarily remove the linux/ppc64le platform from image builds. Ongoing issue that needs triage
• Move imageswap-init container image to lockstep versioning with image swap image

Acknowledgements

• Thanks to @sblair-metrostar for bringing the port number issue to our attention
• Thanks to @mariomcosta, @awoimbee, and @ilrudie for helping get k8s v1.22+ supported

v1.4.2

Overview

This release fixes a bug in the image swap logic related to a scenario where a library level image is used and the image tag contains .'s.

More info can be found in this issue: #46

Enhancements

• Add fix for dotted tag on library image (#47)

Acknowledgements

• Thanks to @adavenpo for bringing this to our attention

v1.4.1

Overview

This release adds logic to process maps for library level images differently from images nested under a specific project/organization.

EXAMPLE:

docker.io:harbor.example.com
docker.io/library:harbor.example.com/library

This would be the output for the library vs. non-library images:

nginx:latest -> harbor.example.com/library/nginx:latest

tmobile/magtape:latest -> harbor.example.com/tmobile/magtape:latest

This is applicable for use cases such as the Harbor projects image pull-through cache

• See the maps examples for specific syntax on using the library map
• Docker documentation for image naming

Enhancements

• Add logic to handle maps for library level images (#42)

Acknowledgements

• Thanks to @fragolinux for the suggestion!

v1.4.0

Overview

This release addresses a few security fixes for dependent libraries and introduces some major enhancements.

!!! Please read carefully as there is new functoinality that is not directly backwards compatible !!!

ImageSwap v1.4.0 requires some new configuration settings and makes major changes to the default image swap logic.

Enhancements

• Introduces new MAPS swap mode logic (#29)
• Updates to logging when disable label is supplied (#29)
• Added a kustomize overlay for LEGACY swap mode (#29)
• Update image swap logic to preserve image org/project (#29)
• Update CI for Image Builds. Include multi-arch builds using buildx (#39)
• Bump KinD Version to 0.11.1 (#39)
• Bump KinD Node Images. Drop K8s v1.16 and add K8s v1.20 (#39)

MAPS LOGIC: There is a new MAPS mode logic that has been added to allow for more flexibility in the image swapping logic.
The existing logic, referred to as LEGACY mode, is still available, but has been deprecated.
To continue using the LEGACY mode logic set the IMAGESWAP_MODE environment variable accordingly. Please reference the configuration section for more information.

Image Definition Preservation: Updates have been made to how image definitions are processed during a swap. Previously the swap logic would drop the image org/project before adding the prefix (ie. nginx/nginx-ingress:latest would drop the nginx/ portion of the image definition).
In v1.4.0+ the swap logic will preserve all parts of the image except the Registry (ie. docker.io/nginx/nginx-ingress will drop the docker.io only from the image definition).

Security Fixes

• Bump jinja2 from 2.11.2 to 2.11.3 in /app/imageswap (#28 authored by dependabot)
• Bump urllib3 from 1.26.3 to 1.26.4 in /app/imageswap-init (#26 authored by dependabot)
• Bump urllib3 from 1.26.4 to 1.26.5 in /app/imageswap-init (#25 authored by dependabot)

v1.4.0-prerelease

Merge pull request #30 from phenixblue/update-changelog

Updates changelog for 1.4.0 release prep

v1.3.2

Overview

This release contains a single security related fix.

Enhancements

Bumps jinja2 from 2.11.2 to 2.11.3. in /app/imageswap (#25)

• Release notes
• Changelog
• Commits

v1.3.1

Overview

This release contains a single security related fix.

Enhancements

Bump cryptography from 3.2 to 3.3.2 in /app/imageswap-init (#24 )

Bumps [cryptography](https://github.com/pyca/cryptography) from 3.2 to 3.3.2.
- [Release notes](https://github.com/pyca/cryptography/releases)
- [Changelog](https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/3.2...3.3.2)