Skip to main content

SPIRL Server Releases

Latest Assets

AssetTypeLatest Release VersionLocation
SPIRL Server Helm ChartHelm Chart0.15.0oci://ghcr.io/spirl/charts/spirl-server:0.15.0
SPIRL ServerContainer Imagev0.19.1ghcr.io/spirl/spirl-server:v0.19.1

Release Notes

spirl-server-helm-chart 0.15.0

Enhancements

  • SPIRL server now emits latency gRPC metrics by default if telemetry is enabled.
  • Prometheus scraping annotations are added as pod annotations if telemetry is enabled
  • SPIRL server and agent now include three labels in the generated Prometheus metrics that can be used for filtering and dashboard building. gRPC metrics include spirl_component (agent | server), spirl_trust_domain (trust domain name), and spirl_trust_domain_deployment (trust domain deployment name) as labels. Besides that, a new metric (spirl_application_info) is generated during initialization, it also includes the aforementioned labels and the binary version as well.
  • Add the ability to configure horizontal pod autoscaler in the server chart

spirl-server v0.19.1

Enhancements

  • SPIRL server now emits latency gRPC metrics by default if telemetry is enabled.
  • Prometheus scraping annotations are added as pod annotations if telemetry is enabled
  • SPIRL agents will now generate app info prometheus metrics including trust domain and trust domain deployment as labels.
  • td-server: add a self-refreshing cache that bundles the aws requests to save aws API quota

spirl-server-helm-chart 0.14.0

Bug Fixes

  • Fix issue where imagePullSecrets resulted in invalid Kubernetes objects.

Enhancements

  • Add Pod Disruption Budget to the server deployment.
  • You can now specify resources for the venafi firefly integration sidecar.

spirl-server v0.18.0

Bug Fixes

  • Fixed a bug loading data CR encryption keys generated before the 0.17.1 release.
  • Improved data CR garbage collection accuracy
  • Improved data CR resiliency under CPU throttled conditions

Enhancements

  • Improved reporting and recovery when data CRs are missing

spirl-server-helm-chart 0.13.0

Enhancements

  • Add GCP KMS integration into spirl-server allowing it to use GCP KMS encryption for locally stored, sensitive data.
  • Trust domain server metrics collection and telemetry server can now be toggled and configured with new helm chart values. Refer to https://d.spirl.com/configuration/spirl-system-telemetry for more information.
  • Add Azure KeyVault integration into spirl-server allowing it to use Azure KeyVault encryption for locally stored, sensitive data.
  • Use the latest spirl-server image release, version 0.17.1, by default when installing via Helm chart.

spirl-server 0.17.1

Bug Fixes

  • Add a dedicated timeout during startup for how long to wait for initial x509source to initialize
  • Avoids use of cached attestation if we're missing required attributes
  • Fix a bug which can in some conditions lead to high CPU usage when an unrecoverable error occurs.

Enhancements

  • Update to go 1.24
  • Add Azure KeyVault integration into spirl-server allowing it to use Azure KeyVault encryption for locally stored, sensitive data.
  • Add GCP KMS integration into spirl-server allowing it to use GCP KMS encryption for locally stored, sensitive data.
  • Trust domain server metrics collection and telemetry server can now be toggled and configured with new helm chart values. Refer to https://d.spirl.com/configuration/spirl-system-telemetry for more information.
  • spirl-agent and td-server: the td-server will challenge the agent with the type of provider attestation and the agent will respond to that (overrides the agent flag)
  • td-server: support attesting agents running in aws ec2 instances in multi regions

spirl-server-helm-chart 0.12.0

  • Adds support for Kubernetes topologySpreadConstraints.
  • Improves graceful shutdown behavior.
  • Adds ‘createRoles’ property to allow giving an existing service account the necessary roles.

spirl-server v0.16.0

  • Added a back-off mechanism to the cache of the SPIRL server improving resiliency.
  • Federated bundles are now synced during unified-access operations.
  • Improved the way we build multi-arch production images.
  • Improved graceful shutdown behavior.