Skip to content

v1.0: New features and security improvements
Compare
Choose a tag to compare
@martinkennelly martinkennelly released this 21 Dec 16:54
· 120 commits to master since this release
v1
6e882f6

Project has moved from Intel to Network Plumbing Working Group with new URL https://github.com/k8snetworkplumbingwg/network-resources-injector

New features:

  • Inject resource name in default network #47
  • Add NodeSelector support #21
  • Expose hugepages requests/limits to container via Downward API #42
  • Security improvement including: Allow addition of client CA to NRI TLS endpoint, Restrict acceptable HTTP verbs to POST only, limit max message body, request timeouts, limit to TLS 1.2/1.3 only, limit curve preferences and cipher suits, omit symbol table and debug info when building binary, decrease necessiary pod linux privilages needed to only CAP_NET_BIND_SERVICE, introduce requests/limits to prevent DOS of limited resources on host (cpu, mem)
Assets 2
Loading