Changelog

v1.8.17

Continuous Integration

ci: restrict permissions for gh workflows (#1428)
ci: remove nightly and load test pipeline (#1432)

Documentation

docs: Update RELEASE.md to clarify September EOL (#1433)

Maintenance

chore: use ubuntu-latest gh runner (#1427)
chore: update debian-iptables to bullseye-v1.5.7 (#1435)

v1.8.16

Maintenance

chore: bump github.com/Azure/go-autorest/autorest/adal from 0.9.22 to 0.9.23 (#1415)
chore: bump actions/stale from 7 to 8 (#1416)
chore: update debian-iptables to bullseye-v1.5.4 (#1417)
chore: update bug report template for deprecation notice (#1419)
chore: update golangci-lint to v1.52.2 (#1424)
chore: update docker base image to registry.k8s.io/build-image/debian-iptables:bullseye-v1.5.6 (#1425)

v1.8.15

Continuous Integration

ci: increase retries in identity validator (#1412)
ci: update codecov config (#1413)

Documentation

docs: fix changelog for v1.8.12 release (#1378)

Maintenance

chore: bump k8s.io/client-go from 0.23.14 to 0.23.15 (#1374)
chore: bump github.com/Azure/azure-sdk-for-go from 67.1.0+incompatible to 67.2.0+incompatible (#1377)
chore: bump actions/stale from 6 to 7 (#1379)
chore: bump github.com/Azure/go-autorest/autorest/adal from 0.9.21 to 0.9.22 (#1383)
chore: bump k8s.io/component-base from 0.23.14 to 0.23.17 (#1406)
chore: bump autoprefixer from 10.4.13 to 10.4.14 in /website (#1410)
chore: bump actions/setup-go from 3 to 4 (#1411)
chore: update debian-iptables to bullseye-v1.5.3 (#1414)

Other Improvements

Update NMI server resource id query key (#1401)
update to github issues and pr templates for deprecation notice (#1409)

Security Fix

security: fix CVE-2022-41717 (#1376)

v1.8.14

Continuous Integration

ci: exclude .github path and README.md in tests (#1343)
ci: remove aks-engine soak clusters from pr and nightly (#1346)

Documentation

docs: add deprecation notice to readme (#1345)
Link to full description of Standard and Managed modes (#1348)
docs: add an anchor for deprecation announcement (#1353)

Maintenance

chore: add dependabot.yml (#1331)
chore: bump actions/stale from 4 to 6 (#1332)
chore: bump actions/setup-go from 2 to 3 (#1333)
chore: bump codecov/codecov-action from 2 to 3 (#1334)
chore: bump actions/checkout from 2 to 3 (#1335)
chore: bump postcss-cli from 7.1.2 to 10.0.0 in /website (#1336)
chore: bump autoprefixer from 9.8.6 to 10.4.13 in /website (#1351)
chore: bump k8s.io/client-go from 0.23.0 to 0.23.14 (#1359)
chore: bump github.com/Azure/go-autorest/autorest from 0.11.23 to 0.11.28 (#1363)
chore: bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#1364)
chore: bump postcss-cli from 10.0.0 to 10.1.0 in /website (#1365)
chore: bump github.com/Azure/go-autorest/autorest/adal from 0.9.18 to 0.9.21 (#1367)
chore: bump k8s.io/component-base from 0.23.0 to 0.23.14 (#1368)
chore: bump github.com/Azure/azure-sdk-for-go from 57.2.0+incompatible to 67.1.0+incompatible (#1369)

Security Fix

security: fix CVE-2022-32149 (#1330)

v1.8.13

Bug Fixes

add handler for invalid token requests (#1325)

Security Fix

fix CVE-2022-27664 (#1326)

Maintenance

run apt update && apt upgrade -y in Dockerfile (#1317)

v1.8.12

Security Fix

fix CVE-2021-46828 (#1306)
fix CVE-2022-37434 (#1310)

Maintenance

update to go 1.19 (#1307)
update debian-iptables to bullseye-v1.5.1 (#1309)

v1.8.11

Bug Fixes

set Content-Length header in NMI response (#1297)

Security Fix

fix CVE-2021-4209 (#1294)
fix multiple CVEs (#1299)

Documentation

add release cadence to readme (#1296)

v1.8.10

Security Fix

fix CVE-2022-1664 (#1285)
fix CVE-2022-2068 (#1290)

Documentation

add release cadence (#1286)

Other Improvements

Allow selecting bind address for NMI (#1284)
update debian-iptables to bullseye-v1.5.0 (#1292)

v1.8.9

Security Fix

fix CVE-2018-25032 (#1261)
fix CVE-2022-1271 (#1270)

Other Improvements

upgrade to debian-iptables:bullseye-v1.3.0 (#1263)
update to go 1.18 (#1273)
bump ansi-regex from 5.0.0 to 5.0.1 in /website (#1275)

v1.8.8

Security Fix

fix CVE-2022-23218 (#1259)

Helm

use policy/v1 for PodDisruptionBudget (#1254)
update nmi affinity sample in charts (#1256)

Other Improvements

remove redundant token get from demo (#1258)

v1.8.7

Bug Fixes

make metadata header required configurable in helm (#1240)
delete conntrack entries after adding iptables rules on initialization (#1243)

Documentation

add disclaimer for current project status (#1231)

Security Fix

fix CVE-2021-43618 (#1224)
enable readOnlyRootFilesystem for MIC (#1225)
fix CVE-2021-3995, CVE-2021-3996 (#1241)

Other Improvements

add semantic.yml (#1214)

v1.8.6

Features

return http 503 when IMDS healthcheck fails (#1206)

Maintenance

remove armv7 from build platforms (#1180)
update debian-iptables to bullseye-v1.1.0 (#1200)
upgrade various packages to remove jwt-go v3.2.0 dependency (#1205)
update adal deps to v0.9.18 (#1208)

Helm

support custom cloud configuration in helm chart (#1203)

v1.8.5

Documentation

Fix typo in homepage docs (#1169)
add note about managed mode in role assignments doc (#1173)

Maintenance

replace deprecated codecov uploader with GitHub Actions (#1167)
update nmi to bullseye (#1170) (#1169)
bootstrap buildx builder after creating (#1175)
install qemu instead of docker/binfmt (#1176)

Security Fix

fix CVE-2021-37750 (#1178)

v1.8.4

Breaking Changes

The metadata header required flag is enabled by default to prevent SSRF attacks. Check Metadata Header Required for more information. To disable the metadata header check, set --metadata-header-required=false in NMI container args.

Bug Fixes

update the node name label as part of AzureAssignedIdentity update (#1161)

Documentation

specify the latest version number containing the breaking changes (#1150)

Maintenance

set –metadata-header-required to true by default (#1158)
update debian-iptables to buster-v1.6.7 (#1160)
bump dependencies to newer versions (#1159)
update to go 1.17 (#1153)

Security Fix

bump go.mongodb.org/mongo-driver to v1.5.1 and add SECURITY.md (#1156)

Testing

add an option to test metadata header (#1155)

v1.8.3

Documentations

add set-retry-after-header feature flag (#1128)
fix doc links (#1131)

Helm

Expose updateStrategy configuration for NMI daemonset (#1138)

Security

fix CVE-2021-33910, CVE-2021-3712 (#1144)

Test Improvements

exclude website changes for pr trigger (#1129))

Other Improvements

update debian-iptables base to buster-v1.6.6 (#1134))
add redacted client ID in the error log (#1141))

v1.8.2

Security

dockerfile: fix CVE-2021-33910 (#1116)

Other Improvements

Create stale.yml (b2fdbfde42c5fa8da68622f87d023c7dcf2dddfd)
chore: update .github/stale.yml (#1117)
chore: switch from probot/stale to actions/stale (#1118)

Bug Fixes

fix: change stale bot trigger frequency to every day (#1119)

Features

feat: option to set Retry-After in NMI responses (#1114)

Test Improvements

test: reuse helm values during helm upgrade (#1121)

v1.8.1

Features

Add additional columns to kubectl output (#1093)

Documentations

docs: fix managed mode URL (#1066)
Update documentation to use separator between output flag & argument (#1081)
docs: fix typo in feature flags (#1083)

Helm

Automatically checksum the mic-secret secret to roll mic deployment (#1061)
helm: correct spec field for AzureIdentityBinding (#1069)
release: helm charts 4.1.1 (#1076)
Adds a default affinity rule to values.yaml (#1082)

Security

chore: bump golang.org/x/crypto to v0.0.0-20201216223049-8b5274cf687f (#1073)
dockerfile: fix CVE-2021-3520 (#1078)
chore(deps): bump browserslist from 4.14.5 to 4.16.6 in /website (#1080)
chore(deps): bump glob-parent from 5.1.1 to 5.1.2 in /website (#1091)
chore(deps): bump postcss from 7.0.35 to 7.0.36 in /website (#1096)
dockerfile: upgrade multiple packages due to CVEs (#1097)
chore: update debian base to buster-v1.6.5 (#1101)

Bug Fixes

fix: use correct flags for demo image (#1087)
fix: Remove incorrect fields from gatekeeper e2e test (#1090)
fix: prevent overwriting of AzureAssignedIdentity when creating it (#1100)
fix: mount kubelet config to /var/lib/kubelet for non-rbac deployment (#1098)

Other Improvements

ci: switch to staging-pool (#1095)
chore: enable scale features by default (#1099)

v1.8.0

Breaking Changes

The API version of Pod Identity’s CRDs (AzureIdentity, AzureIdentityBinding, AzureAssignedIdentity, AzurePodIdentityException) have been upgraded from apiextensions.k8s.io/v1beta1 to apiextensions.k8s.io/v1. For Kubernetes clsuters with < 1.16, apiextensions.k8s.io/v1 CRDs would not work. You can either:
1. Continue using AAD Pod Identity v1.7.5 or
2. Upgrade your cluster to 1.16+, then upgrade AAD Pod Identity.
If AAD Pod Identity was previously installed using Helm, subsequent helm install or helm upgrade would not upgrade the CRD API version from apiextensions.k8s.io/v1beta1 to apiextensions.k8s.io/v1 (although kubectl get crd -oyaml would display apiextensions.k8s.io/v1 since the API server internally converts v1beta1 CRDs to v1, it lacks a structural schema, which is what AAD Pod Identity introduced in v1.8.0). If you wish to upgrade to the official v1 CRDs for AAD Pod Identity:
```
kubectl apply -f https://raw.githubusercontent.com/Azure/aad-pod-identity/master/charts/aad-pod-identity/crds/crd.yaml
```
With managed mode enabled, you can remove the unused AzureAssignedIdentity CRD if you wish.
```
# MANAGED MODE ONLY!
kubectl delete crd azureassignedidentities.aadpodidentity.k8s.io
```

Features

feat: add register.go to add crds to scheme (#1053)

Documentations

docs: add standard to managed mode migration doc (#1055)
docs: add installation steps for Azure RedHat Openshift (#1056)

Bug Fixes

fix: remove ImagePullPolicy: Always (#1046)
fix: inject TypeMeta during type upgrade (#1057)

Helm

helm: ability to add AzureIdentities with the same name across different namespaces (#1036)
helm: ability to parameterize the number replicas MIC deployment (#1041)
helm: create optional user roles for AAD Pod Identity (#1043)

Security

dockerfile: upgrade debian-iptables to buster-v1.6.0 (#1038)
migrate from satori uuid (#1062)
chore(deps): bump lodash from 4.17.20 to 4.17.21 in /website (#1063)

Other Improvements

chore: add stale.yml (#1032)
chore: promote crd to apiextensions.k8s.io/v1 and remove role assignments after e2e test (#1035)
chore: remove vmss list from demo (#1037)
ci: remove CODECOV_TOKEN env var (#1045)
ci: create a make target to automate manifest promotion (#1047)

v1.7.5

Breaking Changes

(Only apply to app version ≥ v1.7.5 / chart version ≥ 4.0.0) AAD Pod Identity has dropped Helm 2 starting from chart version 4.0.0/app version 1.7.5. To install or upgrade to the latest version of AAD Pod Identity, please use Helm 3 instead. Refer to this guide on how to migrate from Helm 2 to Helm 3.

Helm

helm: Add missing weight key in node affinity example (#996)
helm: Added Pod Security Policy (#998)
helm: remove helm 2 support (#1001)

Features

feat: add cluster identity to immutable list (#981)

Bug Fixes

fix: skip kubenet check if allowed is true (#999)
fix: skip PATCH call if no identities to assign or un-assign (#1007)
fix: add case insensitive handler pattern (#1021)
fix: add FileOrCreate to kubelet config file (#1024)

Documentation

docs: add note about system-assigned not supported (#973)
docs: improve documentations on multiple areas (#991)
docs: vmss typo (#1016)

Test Improvements

ci: switch from service principal to managed identity for e2e test (#974)
ci: use Upstream Pool for soak & load test (#982)
test: make backward compat test deterministic (#986)
flake: change mic sync interval from 1h to 30s (#989)
test: use kubectl to get vmss name (#1027)

Other Improvements

chore: update to go 1.16 (#983)
chore: update k8s lib versions (#1010)
chore(deps): bump y18n from 4.0.0 to 4.0.1 in /website (#1028)

v1.7.4

Helm

helm: add podLabels parameter (#963)

Bug Fixes

fix: prevent errors from being overwritten by metric report function (#967)

Features

feat: add configuration for custom user agent (#965)

v1.7.3

Bug Fixes

fix: check if provisioning state is not nil (#960)

v1.7.2

Breaking Changes

The forceNameSpaced helm configuration variable is removed. Use forceNamespaced instead to configure pod identity to run in namespaced mode.

Features

feat: add arm64 build (#950)

Bug Fixes

fix: fix typos in stats variables (#919)
fix: drop all unnecessary root capabilities for NMI (#940)
fix: copy response header and status code to http.ResponseWriter (#946)

Security

dockerfile: fix CVE-2020-29362, CVE-2020-29363, CVE-2020-29361 (#924)
dockerfile: upgrade debian-iptables to buster-v1.4.0 (#948)

Helm

helm: remove deprecated forceNameSpaced from values.yaml (#927)
helm: skip MIC exception installation when using managed mode (#936)

Documentation

docs: document breaking change on azureIdentities (#944)

Other Improvements

chore: update github pr template (#925)
cleanup: refactor demo code (#930)
chore: switch to using golang builder (#952)

v1.7.1

Breaking Changes

(Only apply to app version ≥ v1.7.1 / chart version ≥ 3.0.0) azureIdentities in values.yaml is converted to a map instead of a list of identities.

The following is an example of the required change in values.yaml from helm chart 2.x.x to 3.x.x:

-azureIdentities:
-  - name: "azure-identity"
-    # if not defined, then the azure identity will be deployed in the same namespace as the chart
-    namespace: ""
-    # type 0: MSI, type 1: Service Principal
-    type: 0
-    # /subscriptions/subscription-id/resourcegroups/resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity-name
-    resourceID: "resource-id"
-    clientID: "client-id"
-    binding:
-      name: "azure-identity-binding"
-      # The selector will also need to be included in labels for app deployment
-      selector: "demo"
+azureIdentities:
+  "azure-identity":
+    # if not defined, then the azure identity will be deployed in the same namespace as the chart
+    namespace: ""
+    # type 0: MSI, type 1: Service Principal
+    type: 0
+    # /subscriptions/subscription-id/resourcegroups/resource-group/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identity-name
+    resourceID: "resource-id"
+    clientID: "client-id"
+    binding:
+      name: "azure-identity-binding"
+      # The selector will also need to be included in labels for app deployment
+      selector: "demo"

Bug Fixes

allow overwriting NODE_RESOURCE_GROUP in role-assignment.sh (#873)

Other Improvements

fix CVE-2020-1971 (#905)
fix CVE-2020-27350 (#909)

Documentation

add note about specifying which identity to use (#869)
fix | in markdown table (#882)
use az aks show for node resource group & more convenient command to run role assignment script (#879)
reduce number of role assignments (#883)
add spring boot example which interacts with blob storage (#878)
add changelog & development section and move java-blob example to website (#891)
Added instructions how to mitigate ARP spoofing on kubenet clusters with OPA/Gatekeeper (#894)
add warning note to kubenet docs (#911)

Helm

rename forceNameSpaced to forceNamespaced (#874)
bump helm chart version to 2.1.0 for aad-pod-identity v1.7.0 (#884)
add topologySpreadConstraints and PodDisruptionBudget in helm chart (#886)
adding option to configure kubeletConfig (#906)
deprecate forceNameSpaced value (#914)
add notes (#916)
use map for azureIdentities instead of list in helm chart (#899)

Test Improvements

remove getIdentityValidatorArgs (#910)
less error-prone identityvalidator (#901)

v1.7.0

Breaking Changes

With Azure/aad-pod-identity#842, aad-pod-identity no longer works on clusters with kubenet as the network plugin. For more details, please see Deploy AAD Pod Identity in a Cluster with Kubenet.
If you still wish to install aad-pod-identity on a kubenet-enabled cluster, set the helm chart value nmi.allowNetworkPluginKubenet to true in the helm command:
```
helm (install|upgrade) ... --set nmi.allowNetworkPluginKubenet=true ...
```

Features

support JSON logging format (#839)
disable aad-pod-identity by default for kubenet (#842)
add auxiliary tenant ids for service principal (#843)

Bug Fixes

account for 150+ identity assignment and unassignment (#847)

Other Improvements

include image scanning as part of CI & set non-root user in Dockerfile (#803)

Documentation

initial layout for static site (#801)
update website theme to docsy (#828)
update invalid URLs in website (#832)
fix casing of “priorityClassName” parameters in README.md (#856)
add docs for various topics (#858)
s/cluster resource group/node resource group (#862)
add docs for configuring in custom cloud (#863)
fix broken links and typo (#864)

Helm

remove extra indentation in crd.yaml (#833)
make runAsUser conditional for MIC in helm (#844)

Test Improvements

remove aks cluster version in e2e (#808)
decrease length of RG name to allow cluster creation in eastus2euap (#810)
health check with podIP from the busybox container (#840)
add gosec as part of linting (#850)
remove –ignore-unfixed for trivy (#854)

v1.6.3

Features

throttling - honor retry after header (#742)
reconcile identity assignment on Azure (#734)

Bug Fixes

add certs volume for non-rbac manifests (#713)
Report original error from getPodListRetry (#762)
initialize klog flags for NMI (#767)
ensure stats collector doesn’t aggregate stats from multiple runs (#750)

Other Improvements

add deploy manifests and helm charts to staging dir (#736)
fix miscellaneous linting problem in the codebase (#733)
remove privileged: true for NMI daemonset (#745)
Update to go1.15 (#751)
automate role assignments and improve troubleshooting guide (#754)
set dnspolicy to clusterfirstwithhostnet for NMI (#776)
bump debian-base to v2.1.3 and debian-iptables to v12.1.2 (#783)
add logs for ignored pods (#785)

Documentation

docs: fix broken test standard link in GitHub Pull Request template (#710)
Fixed typo (#757)
Fixed Grammar (#758)
add doc for deleting/recreating identity with same name (#786)
add best practices documentation (#779)

Helm

add release namespace to chart manifests (#741)
Add imagePullSecretes to the Helm chart (#774)
Expose metrics port (#777)
add user managed identity support to helm charts (#781)

Test Improvements

add e2e test for block-instance-metadata (#715)
add aks as part of pr and nightly test (#717)
add load test pipeline to nightly job (#744)
install aad-pod-identity in kube-system namespace (#747)
bump golangci-lint to v1.30.0 (#759)

v1.6.2

Features

Acquire an token with the certificate of service principal (#517)
Handle MSI auth requests by ResourceID (#540)
make NMI listen only on localhost (#658)
trigger MIC sync when a pod label changes (#682)

Bug Fixes

check iptable rules match expected (#663)

Other Improvements

update base image with debian base (#641)
update node selector label to kubernetes.io/os (#652)
better error messages and handling (#666)
add default known types to scheme (#668)
Remove unused cert volumes from mic deployment (#670)

Documentation

update typed namespacedname case for sp example (#649)
list components prometheus enpoints (#660)
add helm upgrade guide and known issues (#683)
add requirements to PR template and test standard to CONTRIBUTING.md (#706)

Helm

add aks add-on exception in kube-system (#634)
disable crd-install when using Helm 3 (#642)
update default http probe port at deploy to 8085 (#708)

Test Improvements

new test framework for aad-pod-identity (#640)
convert e2e test cases from old to new framework (#650), (#656), (#662), (#664), (#667), (#680)
add soak testing as part of nightly build & test and remove Jenkinsfile (#687)
update e2e suite to remove flakes (#693), (#695), (#697), (#699), (#701)
add e2e tests with resource id (#696)
add code coverage as part of CI (#705)

v1.6.1

Features

re-initialize MIC cloud client when cloud config is updated (#590)
add finalizer for assigned identity (#593)
make update user msi calls retriable (#601)

Bug Fixes

Fix issue that caused failures with long pod name > 63 chars (#545)
Fix updating assigned identity when azure identity updated (#559)

Other Improvements

Add linting tools in Makefile (#551)
Code clean up and enable linting tools in CI (#597)
change to 404 instead if no azure identity found (#629)

Documentation

document required role assignments (#592)
add --subscription parameter to az cli commands (#602)
add mic pod exception to deployment (#611)
reduce ambiguity in demo and role assignment docs (#620)
add support information to readme (#623)
update docs for pod-identity exception (#624)

Helm

make cloud config configurable in helm chart (#598)
Support multiple identities in helm chart (#457)

v1.6.0

Breaking Changes

With Azure/aad-pod-identity#398, the client-go library is upgraded to v0.17.2, where CRD fields are now case sensitive. If you are upgrading MIC and NMI from v1.x.x to v1.6.0, MIC v1.6.0+ will upgrade the fields of existing AzureIdentity and AzureIdentityBinding on startup to the new format to ensure backward compatibility. A configmap called aad-pod-identity-config is created to record and confirm the successful type upgrade.

However, for future AzureIdentity and AzureIdentityBinding created using v1.6.0+, the following fields need to be changed:

`AzureIdentity`

< 1.6.0	>= 1.6.0
`ClientID`	`clientID`
`ClientPassword`	`clientPassword`
`ResourceID`	`resourceID`
`TenantID`	`tenantID`

`AzureIdentityBinding`

< 1.6.0	>= 1.6.0
`AzureIdentity`	`azureIdentity`
`Selector`	`selector`

`AzurePodIdentityException`

< 1.6.0	>= 1.6.0
`PodLabels`	`podLabels`

Features

Add support for pod-identity managed mode (#486)
Deny requests without metadata header to avoid SSRF (#500)

Bug Fixes

Fix issue that caused failures with long pod name > 63 chars (#545)
Fix updating assigned identity when azure identity updated (#559)

Other Improvements

Switch to using klog for logging (#449)
Create internal API for aadpodidentity (#459)
Switch to using PATCH instead of CreateOrUpdate for identities (#522)
Update client-go version to v0.17.2 (#398)
Update to go1.14 (#543)
Add validation for resource id format (#548)

v1.5.5

Bug Fixes

Prevent flushing custom iptable rules frequently (#474)

v1.5.4

Features

Add block-instance-metadata flag (#396)
Add metrics (#429)
Adding support for whitelisting of user-defined managed identities (#431)

Bug Fixes

Fix glog flag parse error in nmi (#435)

Other Improvements

Add application/json header for all return paths (#424)
Update golang used to build binaries (#426)
Reduce log verbosity for debug log (#433)
Move to latest Alpine 3.10.4 (#446)
Validate resource param exists in request (#450)

v1.5.3

Bug Fixes

Fix concurrent map read and map write while updating stats (#344)
Fix list calls to use local cache inorder to reduce api server load (#358)
Clean up assigned identities if node not found (#367)
Fixes to identity operations on VMSS (#379)
Fix namespaced multiple binding/identity handling and verbose logs (#388)
Fix panic issues while identity ids is nil (#403)

Other Improvements

Set Content-Type on token response (#341)
Redact client id in NMI logs (#343)
Add user agent to kube-api calls (#353)
Add resource and request limits (#372)
Add user agent to ARM calls (#387)
Scale and performance improvements (#408)
Remove unused GET in CreateOrUpdate (#411)
Remove deprecated API Version usages (#416)

v1.5.2

Bug Fixes

Fix the token backward compat in host based token fetching (#337)

v1.5.1

Bug Fixes

Append NMI version to the User-Agent for adal only once (#333)

Other Improvements

Change ‘updateStrategy’ for nmi DaemonSet to RollingUpdate (#334)

v1.5

Features

Support aad-pod-identity in init containers (#191)
Cleanup iptable chain and rule on uninstall (#211)
Remove dependency on azure.json (#221)
Add states for AzureAssignedIdentity and improve performance (#219)
System MSI cluster support (#265)
Leader election in MIC (#277)
Liveness probe for MIC and NMI (#309)
Application Exception (#310)

Bug Fixes

Fix AzureIdentity with service principal (#197)
Determine resource manager endpoint based on cloud name (#226)
Fix incorrect resource endpoint with sp (#251)
Fix vmss identity deletion for ID in use (#203)
Fix removal of user assigned identity from nodes with system assigned (#259)
Handle case sensitive id check (#271)
Fix assigned id deletion when no identity exists (#320)

Other Improvements

Use go modules (#179)
Log binary versions of MIC and NMI in logs (#216)
List CRDs via cache and avoid extra work on pod update (#232)
Reduce identity assignment times (#199)
NMI retries and ticker for periodic sync reconcile (#272)
Update error status code based on state (#292)
Process identity assignment/removal for nodes in parallel (#305)
Update base alpine image to 3.10.1 (#324)

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified June 16, 2023: release: update manifest and helm charts for v1.8.17 (#1435) (d17ea6a4)