v3.0.0

What's Changed

• Support new API version for ClientIntents: v2beta1 by @omris94 in #552

We have revamped the format for ClientIntents to make them easier to understand and make it possible to generate more restrictive policies by default. Read more on the docs >>

The two primary changes is that the word service is no longer used, except to mean a Kubernetes Service; before, it could mean an Otterize Service or a Kubernetes Service, which was confusing. Instead, we now use workload . calls have also been renamed targets , and many smaller changes to the structure to improve

What happens to your existing ClientIntents? Don’t worry, the change is backwards compatible, and nothing changes unless you explicitly upgrade. If you’re a customer, we’ll reach out to explain and plan together. If you’re using the open source, upgrading to the next major version of the otterize-kubernetes Helm chart, vX.X.X will make ClientIntents v2 the default. You can still continue applying ClientIntents with apiVersion v1alpha3, and they will be converted by the Intents Operator to v2beta1.

Full Changelog: v2.0.42...v3.0.0

v2.0.42

What's Changed

• Solve a potential race on AWS IAM integration where policy deletion would error because the related IAM role was not found by @otterobert in #551

Full Changelog: v2.0.41...v2.0.42

v2.0.41

What's Changed

• Fix ConcurrentModification errors for aws policies by @otterobert in #550
• Report linkerd configuration to Otterize Cloud by @evyatarmeged in #547

Full Changelog: v2.0.40...v2.0.41

v2.0.40

What's Changed

• Fixed possible panic caused by calling wrong event recorder when handling effective policy for Linkerd by @evyatarmeged in #548
• Fix bug where AWS IAM roles could be created for a particular workload even when disabled for that particular workload by @amitlicht in #549

Full Changelog: v2.0.39...v2.0.40

v2.0.39

What's Changed

• Update terminology: Rename annotation intents.otterize.com/service-name to intents.otterize.com/workload-name, retaining support for backward compatibility by @omris94 in #542
• Fix Azure API version error when applying Azure ClientIntents on KeyVault scopes, by querying for supported API versions by resource type by @amitlicht in #546

Full Changelog: v2.0.38...v2.0.39

v2.0.38

What's Changed

• Fixing no authrization error for PostgreSQL in managed databases by @evyatarmeged in #539
• Fixed bug where pod label updates fail on short-lived containers by @evyatarmeged in #541
• Rename spec.service to spec.workload in KafkaServerConfig API version v2alpha1 by @omris94 in #540
• Align linkerd RBAC permissions for the intents-operator cluster role with the helm-chart by @omris94 in #544
• Support reporting applied ClientIntents targeting Kubernetes services to the cloud by @omris94 in #545

Full Changelog: v2.0.37...v2.0.38

v2.0.37

What's Changed

• Improve CPU consumption by skipping populateReferencedKubernetesServices logic when egress enforcement is disabled by @omris94 in #538

Full Changelog: v2.0.36...v2.0.37

v2.0.36

What's Changed

• Solved bug where creating an external network policy would sometimes error with an "Already Exists" K8s error by @evyatarmeged in #535
• Reduce CPU consumption by removing redundant calls to the external network policies handler by @omris94 in #537

Full Changelog: v2.0.35...v2.0.36

v2.0.35

What's Changed

• Prevent duplicate azure custom role update by @otterobert in #533
• Adding exception for '*' chars for DNS names in validating webhook by @evyatarmeged in #531
• Prevent nil pointer access in otterize crds by @otterobert in #534
• Allow TCP port 53 when creating an allow all NetworkPolicy to kube-dns - to support TCP DNS by @omris94 in #536

Full Changelog: v2.0.34...v2.0.35

v2.0.34

What's Changed

• Align error type check when deleting a user assigned identity by @otterobert in #524
• Pass version down to error reporter code by @orishavit in #525
• Create custom roles at subscription scope by @otterobert in #527
• Linkerd support by @aerosouund in #526
• Add support for Azure cross-subscription access by @otterobert in #528
• Add support to partial azure identity scopes by @otterobert in #529
• Bump golang.org/x/crypto from 0.17.0 to 0.31.0 in /src by @dependabot in #532

Full Changelog: v2.0.33...v2.0.34