wasmCloud
v2.0.3Orchestration & Managementv2.0.3 patches a NATS race condition, adds Kubernetes EndpointSlice support, hardens container security with non-root ownership, and expands Helm chart configurability.
securityUpgrade now: containers finally run as non-root by default
Previous releases ran with root ownership, which is a container security red flag. This release sets non-root ownership by default. If you have volume mounts or init containers with root-dependent file permissions, test before rolling to production — you may need to adjust fsGroup or runAsUser settings in your pod specs.
breakingHelm chart image tag behavior changed — audit your values files
The default image tag no longer falls back to a hardcoded value; it now uses the chart's appVersion. If you rely on overriding the tag in your values files, this likely works as-is. But if you were depending on the old default tag behavior for pinning, verify your deployed image versions after upgrading the chart.
enhancementEnable EndpointSlice support if running Kubernetes 1.21+
EndpointSlice is the modern replacement for Endpoints and scales better with large service backends. If your cluster runs Kubernetes 1.21 or later, enable this feature — it reduces load on kube-apiserver and avoids the scaling limits of the classic Endpoints API. Check your Helm values for the new endpointslice configuration option.
主な変更 (6)
- Fixed a race condition in NATS subscriber initialization that could cause intermittent connection failures
- Added Kubernetes EndpointSlice support for services — required for clusters with large service backends
- Container ownership set to non-root, improving security posture out of the box
- Helm chart now supports TLS configuration, custom annotations, and labels
- Helm chart default image tag now derives from chart.yaml appVersion instead of a hardcoded value
- WASIp3 support added behind a feature flag — experimental, not for production use yet