Based on Nebula's 1.7.2 release
Features
Support for Domains
Implements domains
features in nebula
to isolate nodes belonging to same domain, nodes that have matching domains can only communicate (inbound/outbound), this is checked first and only after domain matches are firewall rules compared.
- The
nebula-cert ca
command now includes support for mapping the CA to a list of domains that it accepts, with support for wildcards. - The
nebula-cert sign
command now includes support for mapping domains to the node. One or more domain can be assigned. - The firewall rules for incoming and outgoing traffic now checks for at least one domain match between the host and peer certificates.
What's Changed
- feat: adds support for domain isolation in nebula by @shoaibmerchant in #1
- fix: enabled workflow for v1.7.x branch by @shoaibmerchant in #2
- fix: enabled workflow for v1.7.x branch by @shoaibmerchant in #3
- tests: existing tests are now running, added tests for domain matching by @shoaibmerchant in #4
- tests: fixes e2e tests by @shoaibmerchant in #5
- tests: fixes smoke tests by @shoaibmerchant in #6
- tests: fixes smoke test with matching domains by @shoaibmerchant in #7
New Contributors
- @shoaibmerchant made their first contribution in #1
Full Changelog: https://github.com/mecha-org/nebula/commits/v1.7.2