edge-21.9.1
This release includes various improvements and feature additions across the policy
feature i.e, New validating webhook for policy resources. This also includes changes
in the proxy i.e, terminating TCP connections when a authorization is revoked, improvements
in the proxy authorization metrics. In addition, proxy injector has also been updated
to set the right opaque-ports annotation on services with default opaque ports.
- Added a new validating admission controller to validate the policy resources
- Updated the proxy-init to remove a rule which caused the packets from the proxy
with destination != 127.0.0.1 on localhost to be sent to the inbound proxy - Updated inbound policy enforcement to interrupt TCP forwarding if a previously
established authorization is revoked - Added new proxy metrics to expose authorization decisions
- Updated inbound TCP metrics to only include a
srv_namelabel - Updated the proxy to export route-oriented metrics only when a ServiceProfile
is enabled - Updated the proxy's release build configuration to improve CPU and memory
utilization - Added DNS name validation to the
proxy-identitybinary which creates the
read-only private key required by the proxy (thanks @yorkijr!) - Updated the identity controller's default policy to be
cluster-unauthenticated - Updated the proxy injector to include the correct default ports as opaque with
services - Deprecated the usage of
vis stat tsand print a warning about the SMI extension - Updated various dependencies across the dashboard, policy-controller
(thanks @dependabot!)