v2.0.24

What's Changed

• Handling some edge cases for network policy creation errors that are legitimate and should not break reconciliation by @evyatarmeged in #498
• Support creating separate network policies for ingress and egress by setting the value of intentsOperator.operator.separateNetpolsForIngressAndEgress to true by @omris94 in #500

Full Changelog: v2.0.23...v2.0.24

v2.0.23

What's Changed

• Bugfix in AWS IAM roles anywhere integration: nextToken is not used when listing AWS IAM roles anywhere profiles by @amitlicht in #495
• Workaround AWS VPC CNI egress network policy agent bug: only allows traffic to ClusterIP if exact service selector is specified, auto-allow egress DNS whenever an egress policy is created by @orishoshan in #488
• Fix a rare bug where external network policies were not deleted due to a race condition when the enforcement was turned off by @omris94 in #496

Full Changelog: v2.0.22...v2.0.23

v2.0.22

What's Changed

• Fix bug where "external allow" policies were created if "AllowExternalTraffic" was set to "Always" even though the enforcement was disabled by @omris94 in #487
• Bugfix in AWS IAM Roles Anywhere: last page of IAM roles anywhere profiles was not loaded into cache by @amitlicht in #489
• Bugfix: fix wrong handling of non-existing PostgreSQL users when attempting to alter their passwords by @amitlicht in #490
• Fix Kubernetes API 'Forbidden' errors during update, being wrongly reported as errors on the resource by @amitlicht in #491
• Bugfix on external policy reconciler: catch NotFound errors when attempting to delete a network policy by @amitlicht in #492
• Bugfix in validating webhook configuration controller: catch and retry update on Conflict errors by @amitlicht in #493
• Bugfix: increase ClientIntent events cache first sync time limit to 60 seconds to prevent errors on large environments by @amitlicht in #494

Full Changelog: v2.0.21...v2.0.22

v2.0.21

What's Changed

• Bugfix in ClientIntent events reporting: mute NotFound errors on querying IntentEvents for ClientIntents that were already deleted by @amitlicht in #486

Full Changelog: v2.0.20...v2.0.21

v2.0.20

What's Changed

• Fix MalformedPolicyDocument error when applying AWS IAM policies with 0 statements by @amitlicht in #481
• Report AllowExternalTrafficPolicy to the cloud to improve access status calculation for non-default config by @omris94 in #482
• Bugfixes to AWS IAM policy creation and deletion edge cases by @amitlicht in #483
• Improve ClientIntent status & event reporting robustness by using LRU cache & caching only after successful report by @amitlicht in #484

Full Changelog: v2.0.19...v2.0.20

v2.0.19

What's Changed

• Fix bug where Istio policy would incorrectly report an error before retrying and succeeding by @orishoshan in #477
• Report intent statuses and events to the cloud to provide a better understanding of enforcement state by @omris94 in #479

Full Changelog: v2.0.18...v2.0.19

v2.0.18

What's Changed

• Use "alb.ingress.kubernetes.io/target-type" instead of "alb.ingress.kubernetes.io/scheme" to detect AWS ALB presence on Ingress by @orishoshan in #480

Full Changelog: v2.0.17...v2.0.18

v2.0.17

What's Changed

• Add support for detecting AWS ALB ingress resources and auto-allowing traffic by @orishoshan in #476, #478

Full Changelog: v2.0.16...v2.0.17

v2.0.16

What's Changed

• Fix bug where a race condition could cause the operator to fail wathcing but still pass health checks by @omris94 in #475

Full Changelog: v2.0.15...v2.0.16

v2.0.15

What's Changed

• Fix validation webhook paths for api version v1beta1 by @omris94 in #472
• Fix a bug where using clientIntents conversion webhook from v2 to v1 could crash if it uses a service target to kubernetes.default by @omris94 in #473

Full Changelog: v2.0.14...v2.0.15