1.1.10 (February 15, 2024)
IMPROVEMENTS:
- Upgrade to use Go 1.21.7. [GH-3591]
- cni: When CNI is enabled, set ReadOnlyRootFilesystem=true and AllowPrivilegeEscalation=false for mesh pod init containers and AllowPrivilegeEscalation=false for consul-dataplane containers (ReadOnlyRootFilesystem was already true for consul-dataplane containers). [GH-3498]
- helm: Change
/bin/sh -ec "<command>"to/bin/sh -ec "exec <command>"in helm deployments [GH-3548]
BUG FIXES:
- mesh-gw: update capabilities on the security context needed for the dataplane container.
Adds NET_BIND_SERVICE to capabilities.add
Adds ALL to capabilities.drop unless .Values.meshGateway.hostNetwork is true [GH-3549]