Skip to content

Venafi Kubernetes Agent releases

Learn about current and past releases of Venafi Kubernetes Agent. ​

Latest release

​ The latest stable version of Venafi Kubernetes Agent is v1.4.0.

Downloads

  • Container Image: private-registry.venafi.cloud/venafi-agent/venafi-agent:v1.4.0
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v1.4.0
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:1.4.0
  • Helm Chart: oci://private-registry.venafi.cloud/charts/venafi-kubernetes-agent:1.4.0
  • Container Image: private-registry.venafi.eu/venafi-agent/venafi-agent:v1.4.0
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v1.4.0
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:1.4.0
  • Helm Chart: oci://private-registry.venafi.eu/charts/venafi-kubernetes-agent:1.4.0

Release v1.4.0

Venafi Kubernetes Agent v1.4.0 was released on November 25, 2024.

Key features

Important

If you installed v1.2.0 or v1.3.0, it is strongly recommended that you upgrade to version v1.4.0.

  • The HTTP compression feature introduced in v1.2.0 has been disabled due to interoperability issues.
  • This release also fixes an issue where Venafi Kubernetes Agent was unable to discover OpenShift Routes objects.
  • The Helm chart no longer prints an extra newline after the fields exclude-annotation-keys-regex and exclude-label-keys-regex as the extra newline was breaking Octant's and OpenShift object editor's code highlighters.
Downloads
  • Container Image: private-registry.venafi.cloud/venafi-agent/venafi-agent:v1.4.0
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v1.4.0
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:1.4.0
  • Helm Chart: oci://private-registry.venafi.cloud/charts/venafi-kubernetes-agent:1.4.0
  • Container Image: private-registry.venafi.eu/venafi-agent/venafi-agent:v1.4.0
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v1.4.0
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:1.4.0
  • Helm Chart: oci://private-registry.venafi.eu/charts/venafi-kubernetes-agent:1.4.0

Release v1.3.0

Venafi Kubernetes Agent v1.3.0 was released on November 14, 2024.

Key features

  • Venafi Kubernetes Agent discovers and reports metadata, such as labels and annotations, set on Kubernetes resources like Secrets. You can now customize discovery by excluding specific labels and annotations from being reported to Venafi Control Plane. For more information, see Configuring annotations.
  • The Agent's output logs have been enhanced to be structured, providing more detailed and readable information. By default, the logs are in the textual format. To output logs in JSON format, use the --logging-format=json flag. You can also change the verbosity level using the -v flag.

    Format comparison

    Before:

    2024/11/14 13:53:38 Preflight agent version: development ()
    2024/11/14 13:53:38 Using the Venafi Cloud Key Pair Service Account auth mode since --client-id and --private-key-path were specified.
    2024/11/14 13:53:38 Using period from config 5m0s
    2024/11/14 13:53:38 Loading upload_path from "venafi-cloud" configuration.
    2024/11/14 13:53:38 error messages will not show in the pod's events because the POD_NAME environment variable is empty
    2024/11/14 13:53:38 starting "k8s/namespaces" datagatherer
    2024/11/14 13:53:38 starting "k8s/secrets" datagatherer
    2024/11/14 13:54:47 server missing resource for datagatherer of "cert-manager.io/v1, Resource=issuers"
    W1114 13:54:47.844087   31016 reflector.go:561] pkg/mod/k8s.io/client-go@v0.31.1/tools/cache/reflector.go:243: failed to list networking.istio.io/v1alpha3, Resource=virtualservices: the server could not find the requested resource
    2024/11/14 13:54:47 server missing resource for datagatherer of "networking.istio.io/v1alpha3, Resource=virtualservices"
    W1114 13:54:48.042893   31016 reflector.go:561] pkg/mod/k8s.io/client-go@v0.31.1/tools/cache/reflector.go:243: failed to list jetstack.io/v1alpha1, Resource=venafiissuers: the server could not find the requested resource
    2024/11/14 13:53:38 successfully gathered 7 items from "k8s/namespaces" datagatherer
    2024/11/14 13:53:38 successfully gathered 5 items from "k8s/secrets" datagatherer
    2024/11/14 13:53:38 Posting data to: https://api.venafi.cloud/
    2024/11/14 13:53:39 Data sent successfully.
    

    After:

    I1114 13:52:48.941205   30246 run.go:59] "Starting" logger="Run" version="development" commit=""
    I1114 13:52:48.941655   30246 config.go:404] "Using the Venafi Cloud Key Pair Service Account auth mode since --client-id and --private-key-path were specified." logger="Run"
    I1114 13:52:48.941666   30246 config.go:540] "Using period from config" logger="Run" period="5m0s"
    I1114 13:52:48.941680   30246 config.go:767] "Loading upload_path from \"venafi-cloud\" configuration." logger="Run"
    I1114 13:52:48.941880   30246 run.go:117] "Healthz endpoints enabled" logger="Run.APIServer" addr=":8081" path="/healthz"
    I1114 13:52:48.941889   30246 run.go:121] "Readyz endpoints enabled" logger="Run.APIServer" addr=":8081" path="/readyz"
    E1114 13:52:48.943810   30246 run.go:269] "Error messages will not show in the pod's events because the POD_NAME environment variable is empty" logger="Run"
    I1114 13:52:49.655153   30246 run.go:409] "Data sent successfully" logger="Run.gatherAndOutputData.postData"
    

Downloads
  • Container Image: private-registry.venafi.cloud/venafi-agent/venafi-agent:v1.3.0
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v1.3.0
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:1.3.0
  • Helm Chart: oci://private-registry.venafi.cloud/charts/venafi-kubernetes-agent:1.3.0
  • Container Image: private-registry.venafi.eu/venafi-agent/venafi-agent:v1.3.0
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v1.3.0
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:1.3.0
  • Helm Chart: oci://private-registry.venafi.eu/charts/venafi-kubernetes-agent:1.3.0

Release v1.2.0

​ Venafi Kubernetes Agent v1.2.0 was released on October 31, 2024.

Key features

  • You can now diagnose issues with the Venafi Kubernetes Agent by looking at the Kubernetes events attached to its pod.
  • Venafi Kubernetes Agent now compresses its requests made to the Venafi Control Plane API, reducing the network traffic by 90%.
Downloads
  • Container Image: private-registry.venafi.cloud/venafi-agent/venafi-agent:v1.2.0
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v1.2.0
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:1.2.0
  • Helm Chart: oci://private-registry.venafi.cloud/charts/venafi-kubernetes-agent:1.2.0
  • Container Image: private-registry.venafi.eu/venafi-agent/venafi-agent:v1.2.0
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v1.2.0
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:1.2.0
  • Helm Chart: oci://private-registry.venafi.eu/charts/venafi-kubernetes-agent:1.2.0

Release v1.1.0

​ Venafi Kubernetes Agent v1.1.0 was released on October 7, 2024.

Key features

  • The agent now reports the annotations and labels of namespaces and secrets to the Venafi Control Plane.
  • The agent now exposes readiness and liveness probes.
  • In Venafi Cloud Key Pair Service Account mode, you can now omit the server field in the configuration file. It defaults to the URL https://api.venafi.cloud. If you are in the European region, you still need to set server: https://api.venafi.eu field in the configuration file.
  • It is now possible to use the --period flag without giving the period field.
  • The --help flag content has been re-written to help explain how authentication flags interact with each other.
  • You can no longer use --private-key-path along with --credentials-path. Previously, --private-key-path was ignored if --credentials-path was provided. Now, the two options are mutually exclusive and a helpful message is shown when trying to use both.
  • Helm chart values are now validated to alert you if they contain errors to help you quickly identify typos in fields.
  • The --private-key-path flag now defaults to an empty string. It previously defaulted to /etc/venafi/agent/key/privatekey.pem and the flag was omitted from the deployment manifest. This was confusing to users trying to understand how this private key was being configured. A helpful message is now shown when trying to run --client-id without --private-key-path.
  • The uploader_id field in the configuration file is now deprecated. Setting this field will no longer do anything. A warning is now shown when using this field. This field was deprecated as it was never used by the Venafi Cloud API. Behind the scenes, the uploader_id is arbitrarily set to no so that the API doesn't raise errors.
  • The Docker image is now built using cert-manager's base image based on apko's alpine image using ko. As a result, the binary's location in the image is now at /ko-app/preflight instead of /bin/preflight.
  • The binary's size has been reduced from 77MB to 55MB.
Downloads
  • Container Image: private-registry.venafi.cloud/venafi-agent/venafi-agent:v1.1.0
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v1.1.0
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:1.1.0
  • Helm Chart: oci://private-registry.venafi.cloud/charts/venafi-kubernetes-agent:1.1.0
  • Container Image: private-registry.venafi.eu/venafi-agent/venafi-agent:v1.1.0
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v1.1.0
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:1.1.0
  • Helm Chart: oci://private-registry.venafi.eu/charts/venafi-kubernetes-agent:1.1.0

Release v1.0.0

​ Venafi Kubernetes Agent v1.0.0 was released on September 3, 2024.

Key features

  • Secretless authentication

    You can now use the Venafi Connection CRD to authenticate to Venafi Control Plane. With the Venafi Connection CRD, you can choose to authenticate using a Workload Identity Federation service account ("secretless").

  • Memory usage improvements

    The memory usage of Venafi Kubernetes Agent has been reduced by excluding Helm release Secrets and some standard Secret types. You can configure the ignored types with the Helm value config.ignoredSecretTypes.

  • Logging improvements

    The configuration manifest is no longer dumped on startup, uncluttering the logs.

Downloads
  • Container Image: private-registry.venafi.cloud/venafi-agent/venafi-agent:v1.0.0
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v1.0.0
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:1.0.0
  • Helm Chart: oci://private-registry.venafi.cloud/charts/venafi-kubernetes-agent:1.0.0
  • Container Image: private-registry.venafi.eu/venafi-agent/venafi-agent:v1.0.0
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v1.0.0
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:1.0.0
  • Helm Chart: oci://private-registry.venafi.eu/charts/venafi-kubernetes-agent:1.0.0

Release v0.1.49

​ Venafi Kubernetes Agent v0.1.49 was released on July 11, 2024.

Key features

  • When the Venafi Kubernetes Agent requires a proxy for outbound connections, and the proxy uses a certificate issued by a private certificate authority, you can now add the certificate authority to a custom CA bundle that will be trusted by the agent. The Helm chart now supports specifying volumes and volume mounts to streamline this process. For more information, see the Venafi Kubernetes Agent Helm values reference page.
  • The Helm chart has been enhanced to allow users to control the metrics settings. For more information, see the Venafi Kubernetes Agent Helm values reference page.
  • An error preventing Venafi Kubernetes Agent deployment on Red Hat OpenShift clusters has been resolved. The error "runAsUser: Invalid value: 1000", is no longer encountered.
  • Following best practices, the default CPU limit for the Agent pod has been removed. This allows for more dynamic resource allocation by Kubernetes.
  • Logging improvements have been made for faster issue resolution. For example, the last log message now explicitly identifies the reason a process terminates, helping in troubleshooting.
Downloads
  • Container Image: private-registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.49
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.49
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.49
  • Helm Chart: oci://private-registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.49
  • Container Image: private-registry.venafi.eu/venafi-agent/venafi-agent:v0.1.49
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.49
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.49
  • Helm Chart: oci://private-registry.venafi.eu/charts/venafi-kubernetes-agent:0.1.49

Release v0.1.48

​ Venafi Kubernetes Agent v0.1.48 was released on May 14, 2024.

Key features

  • This release adds three new environment variables to the available Helm values:

    • HTTP_PROXY: Configures the HTTP_PROXY environment variable where a HTTP proxy is required.
    • HTTPS_PROXY: Configures the HTTPS_PROXY environment variable where a HTTP proxy is required.
    • NO_PROXY: Configures the NO_PROXY environment variable where a HTTP proxy is required, but certain domains should be excluded.

    For more information on Venafi Kubernetes Agent Helm values, see Reference: Venafi Kubernetes Agent Helm values.

Downloads
  • Container Image: private-registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.48
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.48
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.48
  • Helm Chart: oci://private-registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.48
  • Container Image: private-registry.venafi.eu/venafi-agent/venafi-agent:v0.1.48
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.48
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.48
  • Helm Chart: oci://private-registry.venafi.eu/charts/venafi-kubernetes-agent:0.1.48

Release v0.1.47

​ Venafi Kubernetes Agent v0.1.47 was released on March 28, 2024.

Key features

  • This release adds the namespace to the configmap, deployment, and serviceaccount Helm templates.

  • This release also mitigates a start-up memory spike issue.

Downloads
  • Container Image: private-registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.47
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.47
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.47
  • Helm Chart: oci://private-registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.47
  • Container Image: private-registry.venafi.eu/venafi-agent/venafi-agent:v0.1.47
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.47
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.47
  • Helm Chart: oci://private-registry.venafi.eu/charts/venafi-kubernetes-agent:0.1.47

Release v0.1.46

​ Venafi Kubernetes Agent v0.1.46 was released on March 15, 2024.

Key features

  • This release adds an optional PodDisruptionBudget helm value that can be used in your values.yaml file:

        podDisruptionBudget:
            enabled: true
    
  • Labels for Venafi Enhanced Issuer clusterrole / clusterrolebinding were added.

Downloads
  • Container Image: private-registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.46
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.46
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.46
  • Helm Chart: oci://private-registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.46
  • Container Image: private-registry.venafi.eu/venafi-agent/venafi-agent:v0.1.46
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.46
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.46
  • Helm Chart: oci://private-registry.venafi.eu/charts/venafi-kubernetes-agent:0.1.46

Release v0.1.45

​ Venafi Kubernetes Agent v0.1.45 was released on February 6, 2024.

Key features

  • You can now add cluster name and description information to the Venafi Kubernetes Agent helm chart so that you can connect a cluster to Venafi Control Plane without going using the UI or the Venafi CLI tool.
Downloads
  • Container Image: private-registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.45
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.45
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.45
  • Helm Chart: oci://private-registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.45
  • Container Image: private-registry.venafi.eu/venafi-agent/venafi-agent:v0.1.45
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.45
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.45
  • Helm Chart: oci://private-registry.venafi.eu/charts/venafi-kubernetes-agent:0.1.45

Release v0.1.43

​ Venafi Kubernetes Agent v0.1.43 was released on October 24, 2023.

Key features

  • Dependencies updates to latest compatible version.
Downloads
  • Container Image: private-registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.43
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.43
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.43
  • Helm Chart: oci://private-registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.43
  • Container Image: private-registry.venafi.eu/venafi-agent/venafi-agent:v0.1.43
  • Container Image: registry.venafi.cloud/venafi-agent/venafi-agent:v0.1.43
  • Helm Chart: oci://registry.venafi.cloud/charts/venafi-kubernetes-agent:0.1.43
  • Helm Chart: oci://private-registry.venafi.eu/charts/venafi-kubernetes-agent:0.1.43