Update release notes to version 0.1.0-main-04-10-2024-7067ac84 (#48)

Add release notes 2024-04-10

RELEASENOTES.md

@@ -1,5 +1,16 @@
 # AAD Auth Proxy
 
+## Release 04-10-2024
+
+- Image: `mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-04-10-2024-7067ac84`
+- Helm chart: `mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/helmchart/aad-auth-proxy:0.1.0-main-04-10-2024-7067ac84`
+- Change log:
+  - Add DefaultAzureCredential support
+  - Add workload identity support via DefaultAzureCredential
+  - Bump github.com/Azure/azure-sdk-for-go/sdk/azcore from 1.1.1 to 1.11.0 (+ dependent packages)
+  - Bump github.com/Azure/azure-sdk-for-go/sdk/azidentity from 1.1.0 to 1.5.0  (+ dependent packages)
+  - Bump google.golang.org/protobuf from 1.30.0 to 1.33.0
+
 ## Release 01-10-2024
 
 - Image: `mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-01-10-2024-08b31473`

docs/getting-started/GETTING_STARTED.md

@@ -31,6 +31,7 @@ Below sample command can be modified with user specific parameters and deployed
 | OTEL_SERVICE_NAME | otelServiceName | this will be set as the service name for OTEL traces and metrics. Default value is aad_auth_proxy | | No |
 | OTEL_GRPC_ENDPOINT | otelGrpcEndpoint | proxy will push OTEL telemetry to this endpoint. Default values is http://localhost:4317 | | No |
 | OVERRIDE_REQUEST_HEADERS | overrideRequestHeaders | (Experimental) proxy will override these headers while forwarding requests. This expects headers to be in JSON, example {"header1": "value1", "header2": "value2" }:  Default values is {} | | No |
+|  | addWorkloadIdentityLabel | This can be used to set metadata label 'azure.workload.identity/use:"true"' when using workload identity and deployed using helm chart, example --set addWorkloadIdentityLabel=azure  | azure | No |
 
 ## Liveness and readiness probes
 Proxy supports readiness and liveness probes. [Sample configuration](../samples/sample-proxy-deployment.yaml) uses these checks to monitor health of the proxy.
@@ -39,6 +40,13 @@ Proxy supports readiness and liveness probes. [Sample configuration](../samples/
 DefaultAzureCredential is intended to simplify getting started by relying on default behaviors of azidentity. Developers who want more control or whose scenario isn't served by the default settings should use other credential types by setting parameter: IDENTITY_TYPE.
 Proxy supports workload identity via [DefaultAzureCredential](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#readme-defaultazurecredential). [sample configuration using workload indentity via default Azure credentials](../samples/sample-proxy-using-workload-identity-default.yaml) has example configurations to make workload indetity work.
 
+### Sample helm command for deploying proxy using helm chart with workload identity:
+
+`helm install aad-auth-proxy oci://mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/helmchart/aad-auth-proxy --version 0.1.0-main-04-10-2024-7067ac84 -n obs --set targetHost=https://azure-monitor-workspace.eastus.prometheus.monitor.azure.com --set audience=https://prometheus.monitor.azure.com/.default --set listeningPort=8083 --set serviceAccount.create=false --set serviceAccount.name=aad-auth-proxy-sa --set addWorkloadIdentityLabel=azure`
+
+By default when aad-auth-proxy is deployed using helm chart, it creates a service account, this can be overridden by setting service account name to an existing one, example: `--set serviceAccount.create=false --set serviceAccount.name=aad-auth-proxy-sa`.
+[Azure AD workload identity webhook](https://azure.github.io/azure-workload-identity/docs/installation/mutating-admission-webhook.html) can be used to ensure necessary properties are set.
+
 ## Example scenarios
 ### [Query prometheus metrics for KEDA or Kubecost](EXAMPLE_SCENARIOS.md#query-prometheus-metrics-for-kubecost)
 ### [Ingest prometheus metrics via prometheus remote write](EXAMPLE_SCENARIOS.md#ingest-prometheus-metrics-via-remote-write)

docs/samples/sample-docker-compose-ingestion-aadapplication.yaml

@@ -1,7 +1,7 @@
 version: "1"
 services:
   azuremonitor-ingestion-proxy:
-    image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-01-10-2024-08b31473
+    image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-04-10-2024-7067ac84
     restart: always
     volumes:
       - ./:/certs
@@ -16,7 +16,7 @@ services:
       AAD_TENANT_ID: "f511a6a4-1052-44eb-aec8-182e2b604c7f"
       AAD_CLIENT_CERTIFICATE_PATH: "/certs/AuthProxyPem.pem"
   azuremonitor-query-proxy:
-    image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-01-10-2024-08b31473
+    image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-04-10-2024-7067ac84
     restart: always
     volumes:
       - ./:/certs

docs/samples/sample-proxy-deployment.yaml

@@ -18,7 +18,7 @@ spec:
         spec:
             containers:
             - name: aad-auth-proxy
-              image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-01-10-2024-08b31473
+              image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-04-10-2024-7067ac84
               imagePullPolicy: Always
               ports:
               - name: auth-port

docs/samples/sample-proxy-ingestion-aadapplication.yaml

@@ -18,7 +18,7 @@ spec:
         spec:
             containers:
             - name: aad-auth-proxy
-              image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-01-10-2024-08b31473
+              image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-04-10-2024-7067ac84
               imagePullPolicy: Always
               ports:
               - name: auth-port

docs/samples/sample-proxy-ingestion.yaml

@@ -18,7 +18,7 @@ spec:
         spec:
             containers:
             - name: aad-auth-proxy
-              image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-01-10-2024-08b31473
+              image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-04-10-2024-7067ac84
               imagePullPolicy: Always
               ports:
               - name: auth-port

docs/samples/sample-proxy-query.yaml

@@ -18,7 +18,7 @@ spec:
         spec:
             containers:
             - name: aad-auth-proxy
-              image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-01-10-2024-08b31473
+              image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-04-10-2024-7067ac84
               imagePullPolicy: Always
               ports:
               - name: auth-port

docs/samples/sample-proxy-using-workload-identity-default.yaml

@@ -20,7 +20,7 @@ spec:
             serviceAccountName: aad-auth-proxy-sa
             containers:
             - name: aad-auth-proxy
-              image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-01-10-2024-08b31473
+              image: mcr.microsoft.com/azuremonitor/auth-proxy/prod/aad-auth-proxy/images/aad-auth-proxy:0.1.0-main-04-10-2024-7067ac84
               imagePullPolicy: Always
               ports:
               - name: auth-port