Skip to main content

SPIRL System Releases

Latest Assets

AssetTypeLatest Release VersionLocation
SPIRL System Helm ChartHelm Chart0.21.0oci://ghcr.io/spirl/charts/spirl-system:0.21.0
SPIRL AgentContainer Image0.21.0ghcr.io/spirl/spirl-agent:v0.21.0
SPIRL ControllerContainer Image0.21.0ghcr.io/spirl/spirl-controller:v0.21.0
SPIRL AgentAMD64 Debian Package0.21.0https://spirl-releases.s3.us-west-2.amazonaws.com/spirl-agent/0.21.0/spirl-agent_0.21.0_amd64.deb
SPIRL AgentARM64 Debian Package0.21.0https://spirl-releases.s3.us-west-2.amazonaws.com/spirl-agent/0.21.0/spirl-agent_0.21.0_arm64.deb
ReflectorContainer Image0.21.0ghcr.io/spirl/reflector:v0.21.0

Additionally, the SPIRL Agent uses the SPIFFE CSI Driver and CSI Node Driver Registrar at the following pinned versions:

AssetTypeLatest Release VersionLocation
SPIFFE CSI DriverContainer Imagev0.2.3ghcr.io/spiffe/spiffe-csi-driver:0.2.3
CSI Node Driver RegistrarContainer Imagev2.6.0registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.6.0

Release Notes

spirl-system 0.21.0

Bug Fixes

  • Reflector now accepts startup arguments for ConnectionMaxAge and UseGRPCFastRedial and includes those when initializing its TD server client
  • spirl-system Helm chart configuration values for ConnectionMaxAge and UseGRPCFastRedial are copied from the agent.endpoint section when deploying the Reflector

Enhancements

  • Reflector enabled clusters don't count reflectors as agents
  • Reflector enabled clusters correctly issue agent heartbeats
  • Reflector can now be configured with a Pod Distribution Budget to ensure health during maintenance activities

spirl-system 0.20.0

Enhancements

  • spirldbg: Adds identity-exchange-token flag to svid-jwt and svid-x509 commands to support OIDC JWT attestation for CI/CD clusters
  • Updated EC2 instance identity certificates
  • Reflector support multiple upstream endpoints in priority order
  • Reflector logs serving from cache at Info level

spirl-system 0.19.0

Enhancements

  • Azure Key Vault: a validation check during key wrapping initialization is now performed to verify that keys support the required 256-bit AES-GCM algorithm, failing fast when an incompatible keys is encountered.
  • Reflector replica count and resource requests/limits can now be customized in Helm chart

spirl-system 0.18.0

Breaking Changes

  • Removed deprecated GetTrustBundle API from trust domain server. SPIRL agent v0.3.0 (released Jul 19, 2023) and newer use a different API and therefore are unaffected by this change.

spirl-system 0.17.1

All changes in this release are internal only

spirl-system 0.17.0

Enhancements

  • Attribute allow lists can now be configured through the chart.
  • Use the RSA-2048 instance verification method to attest AWS EC2 instances.
  • Reflector supports managing a self-signed CA
  • Make it possible to set additional labels for the agent pod in the spirl-system chart.

spirl-controller 0.6.1

All changes in this release are internal only

spirl-system-helm-chart 0.9.0

Enhancements

  • SPIRL server now emits latency gRPC metrics by default if telemetry is enabled.
  • Prometheus scraping annotations are added as pod annotations if telemetry is enabled
  • Upgrades SPIFFE CSI driver to version 0.2.7.
  • Improves the spirl-agent daemonset update strategy to replace agent pods with less impact to the workload API

spirl-agent 0.16.0

  • SPIRL agents will now generate app info prometheus metrics including trust domain and trust domain deployment as labels.
  • SPIRL server and agent now include three labels in the generated Prometheus metrics that can be used for filtering and dashboard building. gRPC metrics include spirl_component (agent | server), spirl_trust_domain (trust domain name), and spirl_trust_domain_deployment (trust domain deployment name) as labels. Besides that, a new metric (spirl_application_info) is generated during initialization, it also includes the aforementioned labels and the binary version as well.
  • Add a flag to have the agent test and wait for the kubelet pod list API to become available during startup

spirl-system-helm-chart 0.8.0

Enhancements

  • You can specify imagePullSecrets now for all pods in the helm chart.
  • Introduces a useGRPCFastRedial endpoint configuration option to spirl-agent that will trigger faster redialing of the endpoint when using DNS based load balancers.
  • Improves the spirl-agent daemonset update strategy to replace agent pods with less impact to the workload API
  • Annotation collection on Kubernetes collections is now supported using the includeAnnotations option

spirl-agent v0.15.1

Enhancements

  • Introduces a useGRPCFastRedial endpoint configuration option to spirl-agent that will trigger faster redialing of the endpoint when using DNS based load balancers.
  • Improves the spirl-agent daemonset update strategy to replace agent pods with less impact to the workload API
  • Annotation collection on Kubernetes collections is now supported using the includeAnnotations option