Releases: k8snetworkplumbingwg/network-resources-injector
v1.5
What's Changed
- health check for webhook server by @rthakur-est in #125
New Contributors
- @rthakur-est made their first contribution in #125
Full Changelog: v1.4...v1.5
Contributors
Assets 2
v1.4
What's Changed
- Merge two config maps into one that defines control switches and user defined injections by @MichalGuzieniuk in #113
- E2E tests for numerous NRI features by @MichalGuzieniuk in #121
- Use deployment for network-resource-injector and support pdb by @VivekThrivikraman-est in #122
- Bump golang 1.18 and k8s 1.24 by @SchSeba in #123
Container Image
ghcr.io/k8snetworkplumbingwg/network-resources-injector:v1.4
Full Changelog: v1.3...v1.4
Contributors
Assets 2
v1.3
What's Changed
- set default failure policy to fail by @pperiyasamy in #110
- Update multus deployment URL by @martinkennelly in #115
- Remove usage of k8s api certificates/v1beta1 and use self signed certificate by @VivekThrivikraman-est in #114
- Handle nri pod restarts by @VivekThrivikraman-est in #120
Full Changelog: v1.2...v1.3
Container Image
ghcr.io/k8snetworkplumbingwg/network-resources-injector:v1.3
Contributors
Assets 2
New features & bug fixes & test improvements
New features:
#96 Switch to admission v1
#103 Configurable failure policy
#105 Bump Multus version
#106 make webhook to use local net-attach-def cache
#108 Add controlSwitches package to toggle feature state at runtime
Bug fixes:
#51 mount podnetinfo in all containers
#100 Ignore AdmissionReview request with empty namespace
#104 Allow multiple add patch Ops for UDI annotations
Test improvements:
#107 Add absolute path of support scripts to PATH
v1.1 New features & bug / vulnerability fixes
Feature/enhancements:
#59 Enable customized injection for pod annotations
#29 Honor the existing resources quantity
#83 #72 #66 Add github workflows for image creation, build & test. Add E2E testing using KinD
Bug / vulnerability fixes:
#76 CVE-2021-20206 - Update containernetworking/cni to v0.8.1
#77 CVE-2021-3121 - update protobuf to v1.3.2
#63 CVE-2020-29652 - golang: crypto/ssh: crafted authentication request can
lead to nil pointer dereference
#74 Fix Golang 1.16 build issue
#79 add nod selector even though resource requests empty
v1.0: New features and security improvements
Project has moved from Intel to Network Plumbing Working Group with new URL https://github.com/k8snetworkplumbingwg/network-resources-injector
New features:
- Inject resource name in default network #47
- Add NodeSelector support #21
- Expose hugepages requests/limits to container via Downward API #42
- Security improvement including: Allow addition of client CA to NRI TLS endpoint, Restrict acceptable HTTP verbs to POST only, limit max message body, request timeouts, limit to TLS 1.2/1.3 only, limit curve preferences and cipher suits, omit symbol table and debug info when building binary, decrease necessiary pod linux privilages needed to only CAP_NET_BIND_SERVICE, introduce requests/limits to prevent DOS of limited resources on host (cpu, mem)