Skip to main content

SPIRL Server Releases

Latest Assets

AssetTypeLatest Release VersionLocation
SPIRL Server Helm ChartHelm Chart0.21.0oci://ghcr.io/spirl/charts/spirl-server:0.21.0
SPIRL ServerContainer Image0.21.0ghcr.io/spirl/spirl-server

Release Notes

spirl-server 0.21.0

Breaking Changes

  • Removed deprecated GetTrustBundle API from trust domain server. SPIRL agent v0.3.0 (released Jul 19, 2023) and newer use a different API and therefore are unaffected by this change.
  • signer: CraftGlobalBundle accepts cached up-to-date bundle from CP in case the TDD was offline for a long time

Enhancements

  • Event system may choose to flush events in a shorter interval in the case of a full buffer

spirl-server 0.20.0

Bug Fixes

  • Fixed a bug where the TD server was not properly filling in the ExpiresAt field when minting JWT SVIDs. This only impacts the API between Agent and Signer and the JWTs themselves had proper expiration fields present.

Enhancements

  • Attribute allow lists can now be configured through the chart.
  • Adds an API that reflectors will use to obtain cluster configuration.
  • Use the RSA-2048 instance verification method to attest AWS EC2 instances.
  • Rename AWS IMDSv2 provider attribute names. E.g. provider.aws.account_id->aws.account.id, provider.aws.instance_id->aws.ec2.instance.id

spirl-server-helm-chart 0.15.0

Enhancements

  • SPIRL server now emits latency gRPC metrics by default if telemetry is enabled.
  • Prometheus scraping annotations are added as pod annotations if telemetry is enabled
  • SPIRL server and agent now include three labels in the generated Prometheus metrics that can be used for filtering and dashboard building. gRPC metrics include spirl_component (agent | server), spirl_trust_domain (trust domain name), and spirl_trust_domain_deployment (trust domain deployment name) as labels. Besides that, a new metric (spirl_application_info) is generated during initialization, it also includes the aforementioned labels and the binary version as well.
  • Add the ability to configure horizontal pod autoscaler in the server chart

spirl-server v0.19.1

Enhancements

  • SPIRL server now emits latency gRPC metrics by default if telemetry is enabled.
  • Prometheus scraping annotations are added as pod annotations if telemetry is enabled
  • SPIRL agents will now generate app info prometheus metrics including trust domain and trust domain deployment as labels.
  • td-server: add a self-refreshing cache that bundles the aws requests to save aws API quota

spirl-server-helm-chart 0.14.0

Bug Fixes

  • Fix issue where imagePullSecrets resulted in invalid Kubernetes objects.

Enhancements

  • Add Pod Disruption Budget to the server deployment.
  • You can now specify resources for the venafi firefly integration sidecar.

spirl-server v0.18.0

Bug Fixes

  • Fixed a bug loading data CR encryption keys generated before the 0.17.1 release.
  • Improved data CR garbage collection accuracy
  • Improved data CR resiliency under CPU throttled conditions

Enhancements

  • Improved reporting and recovery when data CRs are missing

spirl-server-helm-chart 0.13.0

Enhancements

  • Add GCP KMS integration into spirl-server allowing it to use GCP KMS encryption for locally stored, sensitive data.
  • Trust domain server metrics collection and telemetry server can now be toggled and configured with new helm chart values. Refer to https://d.spirl.com/configuration/spirl-system-telemetry for more information.
  • Add Azure KeyVault integration into spirl-server allowing it to use Azure KeyVault encryption for locally stored, sensitive data.
  • Use the latest spirl-server image release, version 0.17.1, by default when installing via Helm chart.

spirl-server 0.17.1

Bug Fixes

  • Add a dedicated timeout during startup for how long to wait for initial x509source to initialize
  • Avoids use of cached attestation if we're missing required attributes
  • Fix a bug which can in some conditions lead to high CPU usage when an unrecoverable error occurs.

Enhancements

  • Update to go 1.24
  • Add Azure KeyVault integration into spirl-server allowing it to use Azure KeyVault encryption for locally stored, sensitive data.
  • Add GCP KMS integration into spirl-server allowing it to use GCP KMS encryption for locally stored, sensitive data.
  • Trust domain server metrics collection and telemetry server can now be toggled and configured with new helm chart values. Refer to https://d.spirl.com/configuration/spirl-system-telemetry for more information.
  • spirl-agent and td-server: the td-server will challenge the agent with the type of provider attestation and the agent will respond to that (overrides the agent flag)
  • td-server: support attesting agents running in aws ec2 instances in multi regions

spirl-server-helm-chart 0.12.0

  • Adds support for Kubernetes topologySpreadConstraints.
  • Improves graceful shutdown behavior.
  • Adds ‘createRoles’ property to allow giving an existing service account the necessary roles.

spirl-server v0.16.0

  • Added a back-off mechanism to the cache of the SPIRL server improving resiliency.
  • Federated bundles are now synced during unified-access operations.
  • Improved the way we build multi-arch production images.
  • Improved graceful shutdown behavior.