Releases: np-guard/cluster-topology-analyzer
Releases · np-guard/cluster-topology-analyzer
v1.7.0
Changes from 1.6.0:
- Improved connection-detection algorithm now also scans the command-line flags of each image, looking for candidate network addresses.
PoliciesSynthesizernow has a new functional option:WithDNSPort(dnsPort int). This option allows specifying a non-default DNS port, to be used in egress rules of synthesized NetworkPolicies (default is 53).- Consequently, a new command-line flag,
-dnsportprovides the same functionality from the command line. - Simplified code for scanning YAML manifests improves performance and memory consumption.
- Improved end-to-end testing now also includes command-line arguments parsing.
- Bumped Kubernetes API version to 0.24.
v1.6.0
Changes from v1.5.0:
- API support for analyzing multiple directories together: the functions
ConnectionsFromFolderPathsandPoliciesFromFolderPathstake a slice of paths (as strings) and perform the analysis on all these directories as if they were a single path given toConnectionsFromFolderPathandPoliciesFromFolderPathrespectively. - Consequently, the
--dirpathcan be specified multiple times in the command-line to provide the tool with multiple directories to analyze. - Errors returned by
PoliciesSynthesizer.Errors()now have distinct types, allowing consumers to programmatically check for a specific error. - Testing improvements:
- Synthesized NetworkPolicies are applied to a live cluster to check for syntax errors
- Table-driven e2e testing
- Updating CONTRIBUTING.md and adding MAINTAINERS.md
v1.5.0
Changes from v1.4.1:
- README.md now contains much more information, including how the main algorithm works and the assumptions it makes.
- In generated NetworkPolicies with egress, the added rule to allow DNS queries now only allows queries within the cluster.
- User can now provide a specialized directory-scanning function to be used when searching for YAML files. Use the
WithWalkFn()functional option when constructing aPoliciesSynthesizer. E.g.,synthesizer := NewPoliciesSynthesizer(WithWalkFn(nonRecursiveWalk)). - Some code refactoring to avoid a global Logger.
v1.4.1
v1.4.0
Changes from v1.3.2:
- A new command-line flag,
-formatallows specifying the output format. Choices arejsonandyaml. - Now synthesizing a default-deny NetworkPolicy for every namespace specified by one of the workloads (which may also be the empty namespace). This will block ingress and egress for workloads without any identified connection.
- Required Go version is now 1.18 (was 1.17).
- Simplifying testing code using the
testifypackage.
v1.3.2
v1.3.1
v1.3.0
Changes from v1.2.2:
- Exposing API for the analysis and synthesis package: A
PoliciesSynthesizerclass exposes methods for extracting the topology and for synthesizing NetworkPolicies. The class also allows the user to set a custom logger, and to get a slice with all non-fatal errors/warnings encountered during the analysis. - Extracting network addresses from ConfigMap values referenced using
ConfigMapKeyRef - Matching network addresses without a target port
- Matching network addresses with a specified namespaces
- Egress and Ingress rules only expose the ports that are actually being used (and not all the ports exposed by the service)
- NetworkPolicies are now provided in a
NetworkPolicyListobject (rather than in a plain JSON list) - Fixed issues with splitting YAMLs to documents
- New
-q(quite) and-v(verbose) command-line switches to control verbosity level - Removed Git-related command-line switches
- A more precise detection of relevant K8s resources
- Improved OpenSSF score (hash pinning, setting proper permission to GitHub Actions, ...)
- Introduce linting checks for PRs
Release v1.2.2
Changes in this Release:
- Support for named ports
- Various bug-fixes
Release v1.2.1
Changes in this Release:
- Publishing release to pkg.go.dev in the release workflow