v0.10.0

What's Changed

Version 0.10.0 marks a step forward in inter-cluster security.

This release introduces an inter-cluster traffic segregation optional mode that prevents remote workloads from accessing local not-offloaded services. Additionally, the local cluster will only be able to contact its offloaded pods and not other pods running remotely.

Another feature makes it possible to configure a per-resource allow-based or deny-based reflection mechanism. Two different reflection mechanisms can be selected for each resource at install time:

• DenyList: reflects all the resources available in the liqo-enabled namespaces, excluding the ones with the liqo.io/skip-reflection annotation.
• AllowList: do not reflect any resource in the liqo-enabled namespaces, but the ones with the liqo.io/allow-reflection annotation.

Other minor improvements and bug fixes have been introduced.

Thank you to everyone who tested our previous release, gave us hints to improve the project's usability, and contributed to this release!

🚀 New Features

• Enable Gateway leader election only if replicate gt 1 by @Sharathmk99 in #2029
• Force NodePort's port from Helm Values by @cheina97 in #2037
• Security Mode: traffic segregation by @francescodanzi in #1695
• Telemetry: security mode by @cheina97 in #2083
• AllowList-based and DenyList-based Resource Reflection by @fra98 in #1961

🐛 Bug Fixes

• Fix bug endpoints not reflected by @fra98 in #2032
• Overlay Operator test timeout by @cheina97 in #2034
• Fix nil pointer deference in pod Ready condition by @fra98 in #2039
• Endpointslices reflection fix by @fra98 in #2043
• Makefile: Improved MacOS compatibility by @cannarelladev in #2047
• Always reflect kube-root-ca.crt configmap in offloaded namespaces by @fra98 in #2044
• Fix - Liqo Gateway & Auth Loadbalancer Typo by @Sharathmk99 in #2052
• Metric Agent: cache fix by @cheina97 in #2080
• CI: Increased flannel wait by @cheina97 in #2090
• Security Mode: E2E tests by @cheina97 in #2084

🧹 Code Refactoring

• CI: added proxy by @cheina97 in #2041
• Liqo Proxy by @cheina97 in #2040
• Bump golangci-lint and gci by @fra98 in #2064
• Liqonet: connchecker refactoring by @cheina97 in #2076
• Liqonet: IPSet by @cheina97 in #2109
• Added pre-commit hook configuration by @cheina97 in #2117

📝 Documentation

• Docs: supported kubernetes versions by @cheina97 in #2063
• Docs: security modes by @francescodanzi in #2060
• Clarified the use of custom installation options by @frisso in #2086
• Docs: add warning for api server when security mode is enabled by @aleoli in #2111

Other Changes

• Bump controller-gen version from 0.9.2 to 0.13.0 by @cheina97 in #2030

New Contributors

• @francescodanzi made their first contribution in #1695

Full Changelog: v0.9.4...v0.10.0