Skip to content

Releases: metalbear-co/mirrord

3.113.0

13 Aug 14:41
fe8cb6c
Compare
Choose a tag to compare

3.113.0 - 2024-08-12

Added

  • Add new api to run mirrord inside container

    mirrord container [options] -- <docker/podman> run ...
    

    Because we need to run internal proxy process on the same network as the
    process loaded with mirrord-layer, to keep config and kubernetes
    comparability the communication to mirrord agent is made via external proxy
    that will run on the host machine.

                       ┌────────────────┐
                   k8s │ mirrord agent  │
                       └─────┬────▲─────┘
                             │    │
                             │    │
                       ┌─────▼────┴─────┐
        container host │ external proxy │
                       └─────┬────▲─────┘
                             │    │
                             │    │
                       ┌─────▼────┴─────┐◄──────┐
     sidecar container │ internal proxy │       │
                       └──┬─────────────┴──┐    │
            run container │ mirrord-layer  ├────┘
                          └────────────────┘
    

    #1658

Fixed

  • Add custom handling for istio ambient mode where we set
    /proc/sys/net/ipv4/conf/all/route_localnet to 1 so it does require
    agent.privileged = true to work. (See
    #2456)
    #2456
  • Fix issue introduced in #2612 that broke configs with one-value definition
    for IncomingConfig for network feature.
    #2647

3.112.1

05 Aug 12:23
c64b4ae
Compare
Choose a tag to compare

3.112.1 - 2024-08-05

Added

  • Added experimental.enable_exec_hooks_linux switch to the mirrord config.

Changed

  • Change operator port from 3000 to 443 to work without any FW exceptions

Fixed

  • Fixed execve hook (fix data race on process initialization, might fix more stuff)
    #2624
  • Added new VSCode debugpy args layout to debugger port detection

3.112.0

31 Jul 06:49
992f379
Compare
Choose a tag to compare

3.112.0 - 2024-07-30

Added

  • Add fs mapping, under feature.fs.mapping now it's possible to specify regex
    match and replace for paths while running mirrord exec.

    Example:

    [feature.fs.mapping]
    "/var/app/temp" = "/tmp" # Will replace all calls to read/write/scan for
    "/var/app/temp/sample.txt" to "/tmp/sample.txt"
    "/var/app/.cache" = "/workspace/mirrord$0" # Will replace
    "/var/app/.cache/sample.txt" to
    "/workspace/mirrord/var/app/.cache/sample.txt" see
    [Regex::replace](https://docs.rs/regex/latest/regex/struct.Regex.html#method.replace)
    ``` [#2068](https://github.com/metalbear-co/mirrord/issues/2068)
  • Warning when mirrord automatically picked one of multiple containers on the
    target.

Changed

  • Allows targeting StatefulSet without the copy_target feature (still requires
    operator though).

Fixed

  • Remove invalid schema doc mentioning podname as a valid pod target selector.
    #721
  • Pass the list of UserSocket to child processes when exec is called through an
    env var MIRRORD_SHARED_SOCKETS.
    #864
  • Fixed an issue where operator license was incorrectly recognized as expired
    when it was expiring later the same day.
  • Fixed new exec hooks breaking execution of Flask apps.

3.111.0

17 Jul 11:14
60fa79e
Compare
Choose a tag to compare

3.111.0 - 2024-07-17

Added

  • Extended feature.network.dns config with an optional local/remote filter,
    following feature.network.outgoing pattern.
    #2581

Fixed

  • Update loopback detection to include pod ip's
    #2572
  • Fixed a bug where enabling remote DNS prevented making a local connection
    with telnet. #2579
  • Remove automatic ignore of incoming/outgoing traffic for ports 50000-60000
    #2597

3.110.0

12 Jul 08:34
6d59418
Compare
Choose a tag to compare

3.110.0 - 2024-07-12

Added

  • Added experimental.trust_any_certificate to enable making app trust any
    certificate on macOS
    #2576

Fixed

  • Fix empty request streaming hanging forever
    #2590

3.109.0

10 Jul 11:40
8f5aba5
Compare
Choose a tag to compare

3.109.0 - 2024-07-10

Changed

  • mirrord commands now provide a nicer error message when the operator required
    but not installed.
    #1730
  • Add Unknown target variant for forwards compatibility.
    #2515

Fixed

  • Improved agent performance when mirroring is under high load.
    #2529
  • Don't include non-running pods in node capacity check
    #2582
  • Add exclusion for DOTNET_EnableDiagnostics to make DotNet debugging work by
    default

3.108.0

02 Jul 12:01
2121901
Compare
Choose a tag to compare

3.108.0 - 2024-07-02

Added

  • Added support for streaming HTTP responses.
    #2557

Changed

  • Changed http path filter to include query params in match
    #2551
  • Configuration documentation contents order.
  • Errors that occur when using discovery API to detect mirrord operator are no
    longer fatal. When such error is encountered, mirrord command falls back to
    using the OSS version.

Fixed

  • When using mesh use lo interface for mirroring traffic.
    #2452

3.107.0

25 Jun 07:27
7eea823
Compare
Choose a tag to compare

3.107.0 - 2024-06-25

Added

  • Added support for intercepting streaming HTTP requests with an HTTP filter.
    #2478
  • mirrord now queries kube discovery API to confirm that mirrord operator is
    not installed (when an attempt to use operator API fails).
    #2487

Fixed

  • Fix network interface configuration not propagating to agent
    #2539

3.106.0

18 Jun 11:49
5a7b846
Compare
Choose a tag to compare

3.106.0 - 2024-06-18

Added

  • Add cronjobs and statefulsets(/scale) to operator role setup.
  • Allows a CronJob and StatefulSet to be used as a target when copy_target is
    enabled.

Changed

  • Put the copy_target config example in the proper place on the main complete
    config sample. #2508
  • Dependencies update

Fixed

  • A few changes to medschool - refactored the code, changed the algorithm
    taking into consideration we don't ever drop fields.
    #1580
  • Kill the intproxy child process when mirrord-cli execvp fails.
    #2386
  • mirrord CLI no longer incorrectly warns the user about soon license
    expiration (renewing licenses).
    #2526
  • Downgrade certificate dependency to avoid loss of support for older
    certificates
  • Fix json snippets in configuration docs by escaping backslashes and removing
    trailing commas.
  • Fixed crash on missing cwd/exe
  • Fixed rustls initialization.

3.105.0

12 Jun 09:50
45fdeb9
Compare
Choose a tag to compare

3.105.0 - 2024-06-12

Added

  • Add readlink hook (under experimental config).
    #2488
  • Display filtered and unfiltered stolen ports when filter is set.
  • When an http filter is set and a port is bound that is not included in the
    filtered ports, and there are no unfiltered ports specified, emit a warning.

Changed

  • Now not accepting configs with the same port in
    feature.network.incoming.ports and in
    feature.network.incoming.http_filter.ports.

Fixed

  • Fixed SIP issue with Turbo
    #2500
  • Fixed mirrord-agent/cli protocol negotation