Use Github Actions to grant just-in-time access

1 March 2023

`zli v. 6.16.3`

New

Github Actions. Automate granting just-in-time access to your targets through the BastionZero integration with Github Actions

Fixes

[Released 20 February] Proxy policies. This release of the zli contains changes needed to support the issue with modifying proxy policies from web app

`bzero v. 7.6.3`

For those who install bzero using Helm, for this release only, you must:

Uninstall the bzero agent: helm uninstall bctl-agent -n {namespace-you-installed-the-agent-under-if-any}
Update to the latest chart version: helm repo update bastionzero
Re-install using Helm as before. Detailed instructions are here

It is important to note that as long as you register your cluster with the same name as before, re-installation of the bzero agent will not create a duplicate cluster in your organization. All existing policies pertaining to your cluster will also be maintained.

With the fix to helm upgrade in this bzero release, you can upgrade the bzero agent in the future by using helm upgrade. The updated docs here explain how to use the upgrade command. They also include a Terraform example as well as some guidance on how to use a Kubernetes secret rather than passing the registration secret directly.

This change has no impact on existing clusters. However, in the future, when you are ready to consume the latest Helm chart, you must uninstall the bzero agent, pull the latest Helm chart, and then reinstall bzero before you will be able to use helm upgrade.

Helm does not automatically update the Helm chart when there are changes. Check our latest release to stay up-to-date.

Run helm repo update bastionzero to update to the latest chart version.

Enhancements

Log level. For Kubernetes targets that are installed through Helm, you can specify what log level you would like the agent set to through logLevel in the installation command. Valid options include: disabled, trace, debug, info, warn, and error. PLEASE NOTE that you must be using the newest chart version and be running bzero v. 7.6.3+ to use this new functionality

Fixes

Kube agent shutdown. Resolved issue with Kube agent that was preventing graceful shutdown
Helm upgrade. Resolved issue with using the helm upgrade path to update the bzero agent. PLEASE NOTE that you must be using the newest chart version and be running bzero v. 7.6.3+ for the fixed upgrade functionality

Web app & backend

New

Self-service signup. Users can independently sign up to try BastionZero with a free tier of the product
Github Actions. This backend release contains the changes needed to support granting just-in-time access through Github Actions

Enhancements

Log level. This backend release contains the changes needed to support setting the Kube agent log levels from the Helm install command

Fixes

[Released 21 February] Proxy policies. Resolved issue with modifying proxy policies from web app
Agent auth. Resolved issue with agent identity token for authentication and authorization to BastionZero
BastionZero app for Slack. Resolved issues with BastionZero app to ready it for listing on the Slack App Directory
bzero agent status change API. Resolved a typo in the API reference docs for the bzero agent status change endpoint
Web app caching. Resolved issue with former version of web app caching incorrectly once a new version is available

For questions or to provide feedback on how we can improve our updates, reach out to product@bastionzero.com.

PreviousFixed Kube connection stability NextImproved ZLI error messaging

Last updated 1 year ago

Was this helpful?

bzero v. 7.6.3

For those who install bzero using Helm, for this release only, you must:

Uninstall the bzero agent: helm uninstall bctl-agent -n {namespace-you-installed-the-agent-under-if-any}
Update to the latest chart version: helm repo update bastionzero
Re-install using Helm as before. Detailed instructions are here

Helm does not automatically update the Helm chart when there are changes. Check our latest release to stay up-to-date.

Run helm repo update bastionzero to update to the latest chart version.

Enhancements

Log level. For Kubernetes targets that are installed through Helm, you can specify what log level you would like the agent set to through logLevel in the installation command. Valid options include: disabled, trace, debug, info, warn, and error. PLEASE NOTE that you must be using the newest chart version and be running bzero v. 7.6.3+ to use this new functionality

Fixes

Kube agent shutdown. Resolved issue with Kube agent that was preventing graceful shutdown

Helm upgrade. Resolved issue with using the helm upgrade path to update the bzero agent. PLEASE NOTE that you must be using the newest chart version and be running bzero v. 7.6.3+ for the fixed upgrade functionality

Web app & backend

New

Self-service signup. Users can independently sign up to try BastionZero with a free tier of the product

Github Actions. This backend release contains the changes needed to support granting just-in-time access through Github Actions

Enhancements

Log level. This backend release contains the changes needed to support setting the Kube agent log levels from the Helm install command

Fixes

[Released 21 February] Proxy policies. Resolved issue with modifying proxy policies from web app

Agent auth. Resolved issue with agent identity token for authentication and authorization to BastionZero

BastionZero app for Slack. Resolved issues with BastionZero app to ready it for listing on the Slack App Directory

bzero agent status change API. Resolved a typo in the API reference docs for the bzero agent status change endpoint

Web app caching. Resolved issue with former version of web app caching incorrectly once a new version is available

For questions or to provide feedback on how we can improve our updates, reach out to product@bastionzero.com.