github opensandbox-group/OpenSandbox docker/egress/v1.0.13
components/egress 1.0.13
on GitHub

7 hours ago

What's New

✨ Features

  • DELETE /policy endpoint for removing egress rules — new DELETE /policy handler accepts a JSON array of target strings and removes matching rules case-insensitively. Targets not found are silently ignored (idempotent). API spec and README updated. (#864)

  • Supervisor + cleanup hook — egress now runs under a dedicated single-worker supervisor (opensandbox-supervisor). Previously, a hard crash left stale iptables/nft rules and a zombie mitmdump holding port 18081; restarting the container would accumulate duplicate rules while the new mitmdump failed to bind, sending the in-process watchdog (#942) into a retry loop. The supervisor provides exponential backoff with jitter, a crashloop circuit breaker, JSONL event logging, and SIGTERM forwarding with a configurable grace period (20 s) before SIGKILL. A new cleanup.sh script runs as both pre-start and post-exit hook, idempotently resetting iptables DNS REDIRECT rules, transparent-HTTP rules, the nftables opensandbox table, and stray mitmdump processes. The script never exits non-zero so a misbehaving cleanup cannot block restarts. (#951)

  • OTLP endpoint auto-discovery from node IP — when neither OTEL_EXPORTER_OTLP_METRICS_ENDPOINT nor OTEL_EXPORTER_OTLP_ENDPOINT is set, egress now resolves the node IP from the HOST_IP env var (then /etc/hostinfo as fallback) and points the OTLP/HTTP exporter at <node-ip>:4318 over plaintext. No need to template the full endpoint URL in environments where only a node IP is available. (#963)

🐛 Bug Fixes

  • Retry mitmdump restart with backoff instead of giving up — previously, if Launch or WaitListenPort failed during a restart (e.g. under node memory pressure that just OOM-killed mitmdump), the watchdog goroutine would log "giving up" and return, leaving egress in a silent dead state with no future restarts. Replaced the one-shot restart with restartWithBackoff: retry forever with exponential backoff (1 s → 30 s), kill half-launched processes, drain stale exit signals on success, and respect context cancellation. The readiness gate stays false across the retry window so Kubernetes drains traffic until mitmdump is healthy again. (#942)

📦 Misc

  • Reduced outbound log verbosity. (#964)

👥 Contributors

Thanks to these contributors ❤️

  • Docker Hub: opensandbox/egress:v1.0.13
  • Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com/opensandbox/egress:v1.0.13
Check out latest releases or
releases around opensandbox-group/OpenSandbox docker/egress/v1.0.13

Don't miss a new OpenSandbox release

NewReleases is sending notifications on new releases.

Get notifications