Release Notes
version 2.5.2 (2023-03-16)​
- change of base OS from Ubuntu 18.04 to Ubuntu 20.04
version 2.5.1 (2023-01-29)​
- External IPs can now be pinned to specific deployments. If the value of a DiscrimiNAT instance VM label
discriminat
matches the label-key & value of an External IP, that External IP will be preferred for self-attaching. Fallback behaviour remains to self-attaching any allocated but unassociated External IPs with the label-keydiscriminat
set to any value. - Terraform module updated to support custom deployment IDs (see variable
custom_deployment_id
), to optionally override the randomly generated ones. This allows fine-grained control over naming and can also be used for matching allocated External IPs to a specific fleet of DiscrimiNAT instances. - replaced google-fluentd with ops-agent. Ops Agent requires the Monitoring Metric Writer predefined role to be added to the service account. See our Service Account page for more details.
version 2.4.2 (2022-10-05)​
- added support for Network Tags in Cloud Composer v2 GKE Clusters
- improved audit (config) logging for subnets
- improved connection handling for very short lived TLS connections with specific server-side implementations (such as Envoy Proxy)
version 2.4.1 (2022-05-05)​
- fixed an excessive retries issue with automatic config building where the service account's role allowed querying of Service Projects but the Host Project did not have shared VPC setup enabled
- fixed a sporadic connection reset issue, that emitted
unexpected response
in the logs, and which only occurred in thesee-thru
monitoring mode while connecting to a destination at very high latency
version 2.4.0 (2022-03-13)​
- new warning message in config logs when a connection test to an FQDN, carried out by discrimiNAT itself, in any allowlist fails
- serverless support introduced; VPC connectors from Cloud Functions etc. will have their outbound traffic filtered
- added support for self-attaching an allocated External IP
- change of one of the default scopes, when the service account is not overridden,from
compute-ro
tocompute-rw
; this is to support self-assignment of labelled external IPs - discrimiNAT's own instance ID added to every log line under the key
instance
, indicating which instance the log line was emitted from - updated TLS ECH draft extension identifiers
version 2.3.0 (2021-11-02)​
- added support for shared VPC; now Service Projects can use a discrimiNAT instance deployed in their Host Project
version 2.2.0 (2021-08-31)​
- see-thru mode introduced; build allowlists super-quick by putting a Firewall Rule in monitor mode first
- improved handling for a large number of FQDNs in the allowlists
- full bypass hook added; please reach out to support for instructions on this
- updated TLS ECH draft extension identifiers
version 2.0.5 (2021-05-03)​
- restricted firewall rule scanning to the same VPC as discrimiNAT firewall was deployed in
version 2.0.4 (2021-04-03)​
- set compute image family to
discriminat
- updated TLS ECH draft extension identifiers
version 2.0.3 (2020-11-05)​
- v2 launch
- completely new architecture addressing the potential for mismatch of IPs addresses as looked up by a protected workload from the VPC resolver and as looked up by the discrimiNAT firewall
- rewritten in Rust
version 20200529 (2020-05-29)​
available on request; v1 is now deprecated; please upgrade to v2
version 20200524 (2020-05-24)​
available on request; v1 is now deprecated; please upgrade to v2
version 20200516 (2020-05-16)​
available on request; v1 is now deprecated; please upgrade to v2
version 20191207 (2019-12-07)​
available on request; v1 is now deprecated; please upgrade to v2
version 20191107 (2019-11-07)​
- v1 launch