Releases: k8snetworkplumbingwg/network-resources-injector
v1.6.0
What's Changed
- Add CodeQL workflow for GitHub code scanning by @lgtm-com in #128
- Bump golang.org/x/text from 0.3.7 to 0.3.8 by @dependabot in #131
- Bump golang.org/x/net from 0.0.0-20220127200216-cd36cc0744dd to 0.7.0 by @dependabot in #133
- Bump golang.org/x/crypto from 0.0.0-20220214200702-86341886e292 to 0.1.0 by @dependabot in #134
- Bump github.com/emicklei/go-restful from 2.10.0+incompatible to 2.16.0+incompatible by @dependabot in #130
- Fix CI cluster deployment by @SchSeba in #138
- Enable race detection in unit tests by @AlinaSecret in #136
- Support pods without volumes by @zeeke in #140
- Bump golang.org/x/net from 0.7.0 to 0.17.0 by @dependabot in #142
- Disable HTTP/2 by default by @cgoncalves in #143
- Fix HTTP/2 disablement by @cgoncalves in #145
- Bump golang 1.21 to k8s 1.28.3 by @cgoncalves in #144
- Bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #146
- add functional tests using the sriov operator by @SchSeba in #149
- use non root user by @SchSeba in #150
- bump deps by @SchSeba in #153
- Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 by @dependabot in #151
- Bump golang.org/x/net from 0.17.0 to 0.23.0 by @dependabot in #155
New Contributors
- @lgtm-com made their first contribution in #128
- @dependabot made their first contribution in #131
- @AlinaSecret made their first contribution in #136
- @zeeke made their first contribution in #140
- @cgoncalves made their first contribution in #143
Full Changelog: v1.5...v1.6.0
Contributors
Assets 2
v1.5
What's Changed
- health check for webhook server by @rthakur-est in #125
New Contributors
- @rthakur-est made their first contribution in #125
Full Changelog: v1.4...v1.5
Contributors
Assets 2
v1.4
What's Changed
- Merge two config maps into one that defines control switches and user defined injections by @MichalGuzieniuk in #113
- E2E tests for numerous NRI features by @MichalGuzieniuk in #121
- Use deployment for network-resource-injector and support pdb by @VivekThrivikraman-est in #122
- Bump golang 1.18 and k8s 1.24 by @SchSeba in #123
Container Image
ghcr.io/k8snetworkplumbingwg/network-resources-injector:v1.4
Full Changelog: v1.3...v1.4
Contributors
Assets 2
v1.3
What's Changed
- set default failure policy to fail by @pperiyasamy in #110
- Update multus deployment URL by @martinkennelly in #115
- Remove usage of k8s api certificates/v1beta1 and use self signed certificate by @VivekThrivikraman-est in #114
- Handle nri pod restarts by @VivekThrivikraman-est in #120
Full Changelog: v1.2...v1.3
Container Image
ghcr.io/k8snetworkplumbingwg/network-resources-injector:v1.3
Contributors
Assets 2
New features & bug fixes & test improvements
New features:
#96 Switch to admission v1
#103 Configurable failure policy
#105 Bump Multus version
#106 make webhook to use local net-attach-def cache
#108 Add controlSwitches package to toggle feature state at runtime
Bug fixes:
#51 mount podnetinfo in all containers
#100 Ignore AdmissionReview request with empty namespace
#104 Allow multiple add patch Ops for UDI annotations
Test improvements:
#107 Add absolute path of support scripts to PATH
v1.1 New features & bug / vulnerability fixes
Feature/enhancements:
#59 Enable customized injection for pod annotations
#29 Honor the existing resources quantity
#83 #72 #66 Add github workflows for image creation, build & test. Add E2E testing using KinD
Bug / vulnerability fixes:
#76 CVE-2021-20206 - Update containernetworking/cni to v0.8.1
#77 CVE-2021-3121 - update protobuf to v1.3.2
#63 CVE-2020-29652 - golang: crypto/ssh: crafted authentication request can
lead to nil pointer dereference
#74 Fix Golang 1.16 build issue
#79 add nod selector even though resource requests empty
v1.0: New features and security improvements
Project has moved from Intel to Network Plumbing Working Group with new URL https://github.com/k8snetworkplumbingwg/network-resources-injector
New features:
- Inject resource name in default network #47
- Add NodeSelector support #21
- Expose hugepages requests/limits to container via Downward API #42
- Security improvement including: Allow addition of client CA to NRI TLS endpoint, Restrict acceptable HTTP verbs to POST only, limit max message body, request timeouts, limit to TLS 1.2/1.3 only, limit curve preferences and cipher suits, omit symbol table and debug info when building binary, decrease necessiary pod linux privilages needed to only CAP_NET_BIND_SERVICE, introduce requests/limits to prevent DOS of limited resources on host (cpu, mem)