This release includes the following features
- You can now configure egress policies from app/space without having to restart the app. This release contains an experimental feature that can be activated with a feature flag in the bosh manifest. This has new network policy APIs to configure destination objects for external services and manage egress policies to them at the app and space levels (Currently done through Application Security Groups). You can find more instructions on our Github page.
Tested with silk-release v2.17.0
Significant Changes
Dynamic Egress Policy Configuration
- Feature flag enforcing DE policies
- As an operator with network.admin, I can list all egress policies - Github
- As an operator, I want to add a new destination object in order to configure an egress policy - Error cases
- As an operator, I want to delete a destination object - Happy path
- As an operator, I want to delete a destination object - Error cases
- As an operator, I want to update a destination object - Happy path
- As an operator, I want to update a destination object - No permission
- As an operator with network.admin, I can add an egress policy from an app/space to a destination object - Happy path
- As an operator with network.admin, I can add an egress policy from an app/space to a destination object - Error Cases
- As an operator with network.admin, I can delete an egress policy - Happy path
- As an operator with network.admin, I can delete an egress policy - No permission
- As an operator with network.admin, I can list all egress policies - No filters
- As an operator with network.admin, I can list all egress policies - No permission
- Add acceptance test for initial dynamic egress policies
- Acceptance Test for ASG and Dynamic Egress Interaction
- Should not get a 502 error from bad request body