Release v1.7.0
2022 Dec 13
Table of contents
NSM v1.7.0
Public Cloud Capability
NSM v1.7.0 has been tested on
Zero trusted registry services
Added Path support for registry services.
The main difference registry Path with networkrservice.Path is that еру full path doesn’t store in the registry model. Instead of it, path a public and private Path.
The public path is a human-readable slice of strings that represents the Path of registry IDs that which model visited to reach the final registry.
See public path definition in this commit.
The private path is a data structure that is transported in grpcmetadata and contains all required information to be processed by OPA.
So public path is needed for these goals:
- Restore a restarting registry client’s pods such as endpoints or forwarders.
- Prevent replacement entries in the final registry by spy registry clients from aboard.
Backward compatibility
Since registry api was changed. Nowt NSM components of version v1.7.0
or higher are not backward compatible with older applications by default.
It means, that if needed to use NSM v1.7.0
with older NSM applications then needed to manually disable OPA policies for registry for each new NSM application.
Example, define these envs to disable OPA check for the registry services.
|
|
Note: Apply this for each new NSM commponent that is using registry.
Add a new remote mechanism ‘IPSec’
Added a new remote mechanism for IPSec interfaces.
Now NSM supports the next remote mechanisms: [Wireguard
, IPSec
, Vxlan
].
Note: Wireguard
, IPSec
both work with L3 and which means that you will need to configure a forwarder on the cluster to prefer which mechanism has more priority for you to use by default for IP services.
Implement generator for NSE
Added a simple command for nsmctl
that allows generating endpoints.
Try it by yourself:
|
|
Add support for IPv6 k8s clusters
Added a support for IPv6 clusters.
Note: Previously we added the support for IPv6 networks that we tested on IPv4 clusters.
Now NSM is working with IPv4 and IPv6 networks on IPv6 and IPv4 clusters.
Improve UX for NSM examples
Improved and simplified NSM examples by reducing the count of repeatable setups and also made sure that we’re using webhook in each example (where it’s possible).
Improve system stability
Resolved bugs:
- https://github.com/networkservicemesh/deployments-k8s/issues/8187
- https://github.com/networkservicemesh/sdk/issues/1397
- https://github.com/networkservicemesh/deployments-k8s/pull/7686
- https://github.com/networkservicemesh/deployments-k8s/issues/7738
- https://github.com/networkservicemesh/deployments-k8s/issues/7673
- https://github.com/networkservicemesh/deployments-k8s/issues/7676
- https://github.com/networkservicemesh/.github/pull/23
- https://github.com/networkservicemesh/deployments-k8s/pull/7808
- https://github.com/networkservicemesh/integration-k8s-kind/issues/738
- https://github.com/networkservicemesh/deployments-k8s/issues/7660
- https://github.com/networkservicemesh/deployments-k8s/pull/7565
- https://github.com/networkservicemesh/integration-k8s-aws/issues/322
- https://github.com/networkservicemesh/deployments-k8s/issues/7896
- https://github.com/networkservicemesh/sdk/pull/1375
- https://github.com/networkservicemesh/deployments-k8s/pull/8100
- https://github.com/networkservicemesh/integration-k8s-aws/issues/324
- https://github.com/networkservicemesh/cmd-nse-vl3-vpp/issues/136
- https://github.com/networkservicemesh/deployments-k8s/issues/7792
- https://github.com/networkservicemesh/cmd-nse-l7-proxy/issues/55
- https://github.com/networkservicemesh/deployments-k8s/issues/7694
- https://github.com/networkservicemesh/deployments-k8s/issues/7433
- https://github.com/networkservicemesh/.github/pull/19
- https://github.com/networkservicemesh/integration-interdomain-k8s/issues/211
- https://github.com/networkservicemesh/integration-interdomain-k8s/pull/210
Table of contents