9.0 KiB
9.0 KiB
⚠️ v1.6.0+ contains breaking changes. Please carefully review this doc before upgrade from 1.x.x versions of pod-identity.
v1.6.3
Features
Bug Fixes
- add certs volume for non-rbac manifests (#713)
- Report original error from getPodListRetry (#762)
- initialize klog flags for NMI (#767)
- ensure stats collector doesn't aggregate stats from multiple runs (#750)
Other Improvements
- add deploy manifests and helm charts to staging dir (#736)
- fix miscellaneous linting problem in the codebase (#733)
- remove privileged: true for NMI daemonset (#745)
- Update to go1.15 (#751)
- automate role assignments and improve troubleshooting guide (#754)
- set dnspolicy to clusterfirstwithhostnet for NMI (#776)
- bump debian-base to v2.1.3 and debian-iptables to v12.1.2 (#783)
- add logs for ignored pods (#785)
Documentation
- docs: fix broken test standard link in GitHub Pull Request template (#710)
- Fixed typo (#757)
- Fixed Grammar (#758)
- add doc for deleting/recreating identity with same name (#786)
- add best practices documentation (#779)
Helm
- add release namespace to chart manifests (#741)
- Add imagePullSecretes to the Helm chart (#774)
- Expose metrics port (#777)
- add user managed identity support to helm charts (#781)
Test Improvements
- add e2e test for block-instance-metadata (#715)
- add aks as part of pr and nightly test (#717)
- add load test pipeline to nightly job (#744)
- install aad-pod-identity in kube-system namespace (#747)
- bump golangci-lint to v1.30.0 (#759)
v1.6.2
Features
- Acquire an token with the certificate of service principal (#517)
- Handle MSI auth requests by ResourceID (#540)
- make NMI listen only on localhost (#658)
- trigger MIC sync when a pod label changes (#682)
Bug Fixes
- check iptable rules match expected (#663)
Other Improvements
- update base image with debian base (#641)
- update node selector label to kubernetes.io/os (#652)
- better error messages and handling (#666)
- add default known types to scheme (#668)
- Remove unused cert volumes from mic deployment (#670)
Documentation
- update typed namespacedname case for sp example (#649)
- list components prometheus enpoints (#660)
- add helm upgrade guide and known issues (#683)
- add requirements to PR template and test standard to CONTRIBUTING.md (#706)
Helm
- add aks add-on exception in kube-system (#634)
- disable crd-install when using Helm 3 (#642)
- update default http probe port at deploy to 8085 (#708)
Test Improvements
- new test framework for aad-pod-identity (#640)
- convert e2e test cases from old to new framework (#650), (#656), (#662), (#664), (#667), (#680)
- add soak testing as part of nightly build & test and remove Jenkinsfile (#687)
- update e2e suite to remove flakes (#693), (#695), (#697), (#699), (#701)
- add e2e tests with resource id (#696)
- add code coverage as part of CI (#705)
v1.6.1
Features
- re-initialize MIC cloud client when cloud config is updated (#590)
- add finalizer for assigned identity (#593)
- make update user msi calls retriable (#601)
Bug Fixes
- Fix issue that caused failures with long pod name > 63 chars (#545)
- Fix updating assigned identity when azure identity updated (#559)
Other Improvements
- Add linting tools in Makefile (#551)
- Code clean up and enable linting tools in CI (#597)
- change to 404 instead if no azure identity found (#629)
Documentation
- document required role assignments (#592)
- add
--subscriptionparameter to az cli commands (#602) - add mic pod exception to deployment (#611)
- reduce ambiguity in demo and role assignment docs (#620)
- add support information to readme (#623)
- update docs for pod-identity exception (#624)
Helm
- make cloud config configurable in helm chart (#598)
- Support multiple identities in helm chart (#457)
v1.6.0
Features
- Add support for pod-identity managed mode (#486)
- Deny requests without metadata header to avoid SSRF (#500)
Bug Fixes
- Fix issue that caused failures with long pod name > 63 chars (#545)
- Fix updating assigned identity when azure identity updated (#559)