Kritis 0.2.0: Attestations in separate GCP projects, towards highly available Kritis

50 views
Skip to first unread message

Aysylu Greenberg

unread,
Nov 7, 2019, 5:51:33 PM11/7/19
to Kritis users
Dear Kritis Users,

We've released Kritis 0.2.0 with the following important features:
  • Added support for separating attestations into different GCP projects for images and AttestationAuthority.
  • Improvements for highly available Kritis:
    • namespaceSelector to allowlist critical namespaces, e.g. kube-system, in the event Kritis is unavailable.
  • No-op refactoring to use two new interfaces to work with attestations:
    • ValidatedAttestation -- a trusted, verified attestion.
    • ValidatingTransport -- allows caller to obtain ValidatedAttestation for a given image.
  • Added clarifications for guarantees in ListNoteOccurrences when retrieving attestations.
  • Cleanup:
    • removed API version from NoteReference.
    • s/Occurence/Occurrence where applicable.
Big thanks to Marco LanciniVishal BanthiaNenad Dedic, Qifan Pu, and Henry Jenkins for your valuable contributions!

Cheers,
Aysylu
Reply all
Reply to author
Forward
0 new messages