Skip to content

3.2.0.azl1.genpolicy0
Compare
Choose a tag to compare
@Redent0r Redent0r released this 09 Jul 16:27
· 73 commits to msft-main since this release
3.2.0.azl1.genpolicy0
2d32df1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Release Notes

  • Added support new confidential CSI driver types (cc-managed-csi, cc-local-csi driver, cc-azurefile-csi drivers)
  • Added support for pulling container image layers using containerd (-d). This enables:
    • Managed identity authentication to private registries
    • Support for images with v1 manifest and prettyjws media type
  • Added support for read-only hostPath in pod spec
  • Updated caching mechanism for image layers to allow to run in parallel
  • Added version flag (-v)
  • Added support for non-default namespace names. It may now be specified in the genpolicy-settings.json file.
  • You may now also specify persistent volume claims (PVCs) using -c param (for e.g. CSI driver)
  • Improved handling of images that have layers with special symlinks (tarfsindex crate)
  • Added persistent storage support for statefulsets

What's Changed

Limitations and important notes

  • This release is only compatible with Kata components based on release 3.2.0.azl0 and onwards
  • Building method has been updated from cargo build to LIBC=gnu BUILD_TYPE= make
  • Removed -i option. Simplify path handling with explicit flags for rules.rego (-p) and genpolicy-settings.json (-j)
  • Authentication to private registries is not supported on Windows
  • Windows support will be deprecated next release
  • Doesn't support CronJob deployment
  • Doesn't support the UDP protocol for Services, LoadBalancers, and EndpointSlices
  • Only supports pods that use IPv4 addresses

Full Changelog: 3.2.0.azl0.genpolicy1...3.2.0.azl1.genpolicy0

Contributors

sprt, Redent0r, and arc9693
Assets 7
Loading