Skip to content

v0.10.0-cee.1
Compare
Choose a tag to compare
@chancez chancez released this 21 Jul 18:02
v0.10.0-cee.1
ca6b53e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

See open source notes for details.

Enterprise Features

  • hubble login now supports --token-file for specifying the path to an existing ID token to use for authentication.
  • hubble login now always uses ID tokens for authentication. Previously it would use the access token.
  • hubble login now lazily fetches credentials when an RPC is made, avoiding prompts when running commands which do not require credentials (eg; hubble --help).
  • hubble login now supports the browser based Authorization code flow. This method is recommended over password based authentication as it has better security, and is more widely supported by OIDC providers.
  • hubble login can be configured to request specific scopes using the --scopes flag.
  • hubble login can manually refresh tokens using the --refresh flag if the login credentials contains a refresh token.
  • hubble now supports specifying the OIDC issuer CA on all commands using the --issuer-ca flag. This is useful when connecting to an OIDC provider with a self-signed certificate.

Breaking changes

  • When using authentication, TLS is now required. Previously it was optional when connecting to a unix socket or localhost. Users can still bypass TLS verification with --tls-allow-insecure, but --tls will be required.
  • When using Okta, hubble now correctly uses the ID token for authentication to hubble-rbac instead of the Access Token. See the Hubble RBAC and Okta documentation for how to configure Okta, and hubble-rbac v1.1.0 release notes for details.
Assets 12
Loading