Release v1.9.0
Changes in this Release:
- Most queries can now output their results in JSON/YAML formats. In a scheme file set
outputConfiguration.outputFormat
to eitherjson
oryaml
. From the command-line, use the-o
flag with eitherjson
oryaml
value. - Query results will no longer refer to IPv6 address space, unless there are network-connectivity resources (e.g., NetworkPolicy) that explicitly refer to such addresses. To force including IPv6 addresses in query results, use the
--print_ipv6
command line flag. Alternatively, setoutputConfiguration.excludeIPv6Range
tofalse
in your scheme file. - Improved connectivity-map output whenever Istio resources are present. Two connectivity maps will be produced now: one for TCP connections and another one for all other protocols.
- Improved usability for shift-left analysis: when policies refer to certain resources missing from the input config, check if they can be added to enable the analysis. Taking into account resources that are usually visible in a live cluster mode: Ingress-controller pod, Istio ingress gateway pod, and kube-dns pod. Documentation is available here.
- Queries will not execute if there are no endpoints in a given network configuration. An error message is printed in such a case.
- Removed support for running as a REST-API server (the
--daemon
flag). Instead, use nca-rest-server. - Not printing back-trace on errors such as syntax errors.
- Avoiding crash on a malformed yaml
- Avoiding crash in the presence of helm charts if
helm
executable cannot be found. - Handle YAML files with UTF-8 characters
- Ingress resource parsing: issue warning instead of error when service referenced by backed is missing
- Query all-captured output: consider Istio layer as well