3.2.0.azl0.genpolicy0
·
231 commits
to msft-main
since this release
Release notes
- Added support for following fields: envFrom, shareProcessNamespace, runAsUser, seccompProfile, priorityClassName, and podDisruptionBudget
- Fixed error where policy generation panics if cache file doesn't exists
- Block symlinks with directory traversal in CopyFileRequest
What's Changed
- genpolicy: Add support for envFrom by @Redent0r in #128
- genpolicy: pick up improvements from upstream by @danmihai1 in #149
- genpolicy: add shareProcessNamespace support by @danmihai1 in #150
- genpolicy: don't panic without cache file by @danmihai1 in #151
- genpolicy: add support for runAsUser by @danmihai1 in #153
- genpolicy: Add support for seccompProfile field by @Redent0r in #152
- genpolicy: add priorityClassName as a field in PodSpec interface by @arc9693 in #145
- genpolicy: add support for PodDisruptionBudget spec by @arc9693 in #156
- genpolicy: block all relative paths for copyFile requests by @Redent0r in #166
Limitations and Important Notes
- Doesn't support CronJob deployment
- Doesn't support the UDP protocol for Services, LoadBalancers, and EndpointSlices
- Only supports pods the use IPv4 addresses
- Doesn't support identity token based authentication for private registries
Full Changelog: genpolicy-0.6.2-5...genpolicy-0.6.2-6
Contributors
danmihai1, Redent0r, and arc9693