This release includes the following features:
- Continued work towards achieving parity between Dynamic Egress Policy Configuration with ASGs
- General maintenance and continued work towards Istio/Envoy integration
- New vxlan-policy-agent-windows job, with limited support for dynamic egress (c2c policy is WIP)
- operator no longer needs to specify the VIPCIDR range in the bosh-dns-adapter. It can now be retrieved from a bosh-link provided by the Cloud Controller.
Tested with silk-release v2.21.0
Significant Changes
Istio/Envoy integration
Dynamic Egress Policy Configuration parity with ASG
- User can configure a group of rules for Dynamic Egress Destinations
- User can set a default Dynamic Egress Policy
- User can set a Dynamic Egress Policy to "all" for network protocols
- User can set one IP range as a string when creating egress destinations
- User can configure a description per rule for Dynamic Egress Destinations
- User can supply one port range as a string when creating egress destination
- BUG FIX User should not be able to enable container-to-container communication through Dynamic Egress Policies
Miscellaneous
- Golang version updated to Golang 1.11
- operator no longer needs to specify the VIPCIDR range in the bosh-dns-adapter. It can now be retrieved from a bosh-link provided by the Cloud Controller
- cc ca cert optional when pulling it from cc provided link
- Cloud Controller to policy server communication should use TLS when available via Bosh links