Network Service Mesh &ndash; Release v1.7.0

Release v1.7.0

2022 Dec 13

Table of contents

NSM v1.7.0 has been tested on

Added Path support for registry services.

The main difference registry Path with networkrservice.Path is that еру full path doesn’t store in the registry model. Instead of it, path a public and private Path.

The public path is a human-readable slice of strings that represents the Path of registry IDs that which model visited to reach the final registry.

See public path definition in this commit.

The private path is a data structure that is transported in grpcmetadata and contains all required information to be processed by OPA.

So public path is needed for these goals:

Restore a restarting registry client’s pods such as endpoints or forwarders.
Prevent replacement entries in the final registry by spy registry clients from aboard.

Since registry api was changed. Nowt NSM components of version v1.7.0 or higher are not backward compatible with older applications by default.

It means, that if needed to use NSM v1.7.0 with older NSM applications then needed to manually disable OPA policies for registry for each new NSM application.

Example, define these envs to disable OPA check for the registry services.

1
2
3
4


    - name: NSM_REGISTRY_SERVER_POLICIES
        value: ""
    - name: NSM_REGISTRY_CLIENT_POLICIES
        value: "" 

Note: Apply this for each new NSM commponent that is using registry.

See more details

Added a new remote mechanism for IPSec interfaces.

Now NSM supports the next remote mechanisms: [Wireguard, IPSec, Vxlan]. Note: Wireguard, IPSec both work with L3 and which means that you will need to configure a forwarder on the cluster to prefer which mechanism has more priority for you to use by default for IP services.

See at the workable example

Added a simple command for nsmctl that allows generating endpoints.

Try it by yourself:

1
2


$ go install github.com/networkservicemesh/nsmctl@latest
$ nsmctl gen nse --name 'my nse' --path './my-endpoint'

Added a support for IPv6 clusters.

Note: Previously we added the support for IPv6 networks that we tested on IPv4 clusters.

Now NSM is working with IPv4 and IPv6 networks on IPv6 and IPv4 clusters.

See more details

Improved and simplified NSM examples by reducing the count of repeatable setups and also made sure that we’re using webhook in each example (where it’s possible).

See mote details

Resolved bugs:

Table of contents

NSM v1.7.0

Public Cloud Capability

Zero trusted registry services

Backward compatibility

Add a new remote mechanism ‘IPSec’

Implement generator for NSE

Add support for IPv6 k8s clusters

Improve UX for NSM examples

Improve system stability