Changelog
2.1.1
Released on 2023/02/14
- chore(deps): bump Envoy from 1.22.2 to 1.22.7 #5985 @mergify
- chore(deps): security update #5965 @kumahq
- chore(deps): use latest kumahq/kuma-gui #5912 #5915 #5977 @kumahq
- feat(api-server): manual mTLS (backport #5979) #5981 @mergify
- fix(helm): use custom CA in egress and ingress too (backport #5980) #5993 @mergify
- fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) #5953 @mergify
2.0.3
Released on 2023/02/14
- chore(deps): bump Envoy from 1.22.2 to 1.22.7 #5986 @mergify
- chore(deps): security update #5762 #5969 @kumahq
- fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) #5954 @mergify
1.8.4
Released on 2023/02/14
- chore(deps): bump Envoy from 1.22.2 to 1.22.7 #5987 @mergify
- chore(deps): security update #5763 #5963 @kumahq
- fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) #5955 @mergify
1.7.5
Released on 2023/02/14
- chore(deps): bump Envoy from 1.22.2 to 1.22.7 #5988 @mergify
- chore(deps): security update #5766 #5966 @kumahq
1.6.5
Released on 2023/02/14
- chore(deps): bump Envoy from 1.22.2 to 1.22.7 #5989 @mergify
- chore(deps): security update #5764 #5964 @kumahq
2.1.0
Released on 2023/01/30
- chore(deps): bump alpine from 3.16.2 to 3.17.0 #5308 #5375 @dependabot
- chore(deps): bump github.com/Masterminds/semver/v3 from 3.1.1 to 3.2.0 #5377 @dependabot
- chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 #5457 @dependabot
- chore(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12 #5600 @dependabot
- chore(deps): bump github.com/containernetworking/plugins from 1.1.1 to 1.2.0 #5733 @dependabot
- chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.13 to 0.9.1 #5277 #5311 #5460 @dependabot
- chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.4.3 #5428 @dependabot
- chore(deps): bump github.com/gruntwork-io/terratest from 0.40.24 to 0.41.8 #5310 #5354 #5426 #5542 #5688 @dependabot,@lahabana
- chore(deps): bump github.com/kumahq/kuma-net from 0.8.7 to 0.8.10 #5298 #5513 @lukidzi
- chore(deps): bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.7.0 #5319 #5351 #5687 @dependabot
- chore(deps): bump github.com/onsi/gomega from 1.23.0 to 1.25.0 #5275 #5313 #5539 #5789 @dependabot
- chore(deps): bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0 #5274 #5323 @dependabot
- chore(deps): bump github.com/prometheus/common from 0.37.0 to 0.39.0 #5483 #5523 @dependabot
- chore(deps): bump github.com/prometheus/prometheus from 0.39.1 to 0.41.0 #5320 #5353 #5376 #5456 #5526 #5546 @dependabot
- chore(deps): bump github.com/sethvargo/go-retry from 0.2.3 to 0.2.4 #5524 @dependabot
- chore(deps): bump github.com/shopspring/decimal from 1.2.0 to 1.3.1 #5790 @dependabot
- chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.15.0 #5273 #5788 @dependabot
- chore(deps): bump go.uber.org/multierr from 1.8.0 to 1.9.0 #5525 @dependabot
- chore(deps): bump go.uber.org/zap from 1.23.0 to 1.24.0 #5427 @dependabot
- chore(deps): bump golang.org/x/net from 0.1.0 to 0.5.0 #5315 #5459 #5623 @dependabot
- chore(deps): bump golang.org/x/sys from 0.1.0 to 0.4.0 #5312 #5430 #5621 @dependabot
- chore(deps): bump golang.org/x/text from 0.4.0 to 0.6.0 #5458 #5624 @dependabot
- chore(deps): bump golang.org/x/time from 0.1.0 to 0.3.0 #5325 #5429 @dependabot
- chore(deps): bump google.golang.org/grpc from 1.50.1 to 1.52.0 #5352 #5686 @dependabot
- chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.11.0 #5592 #5791 @dependabot
- chore(deps): bump istio.io/pkg from v0.0.0-20201202160453-b7f8c8c88ca3 to v0.0.0-20221115183735-2aabb09bf0bb #5330 @mmorel-35
- chore(deps): bump k8s.io/apiextensions-apiserver from 0.25.3 to 0.25.4 #5328 @mmorel-35
- chore(deps): bump k8s.io/client-go from 0.25.3 to 0.25.4 #5316 @dependabot
- chore(deps): bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 #5812 @dependabot
- chore(deps): bump sigs.k8s.io/controller-runtime from 0.13.0 to 0.13.1 #5276 @dependabot
- chore(deps): bump sigs.k8s.io/controller-tools from 0.10.0 to 0.11.1, #5541 @dependabot
- chore(deps): bump tibdex/github-app-token from 1.6.0 to 1.8.0 #5434 #5879 @dependabot
- chore(deps): install dev tools and split if more repos #5528 @lukidzi
- chore(deps): security update #5761 @kumahq
- chore(deps): update coreDNS to 1.10.0 #5626 @lahabana
- chore(deps): update to emicklei/go-restful/v3 v3.10.1 and remove
/tokens
#5324 @dependabot - chore(deps): upgrade k3d #5518 @lukidzi
- chore(deps): use latest kumahq/kuma-gui #5265 #5272 #5281 #5307 #5321 #5332 #5346 #5371 #5388 #5405 #5484 #5486 #5509 #5572 #5589 #5619 #5628 #5675 #5685 #5700 #5724 #5732 #5737 #5772 #5800 #5805 #5823 #5826 #5843 #5851 #5863 #5866 #5883 @kumahq
- chore(deps): use sigs.k8s.io/yaml #5215 @mmorel-35
- feat(MeshAccessLog): add OmitEmptyValues to MeshAccessLog format #5302 @mmorel-35
- feat(MeshGatewayInstance): respect
kuma.io/mesh
label #5256 @michaelbeaumont - feat(MeshGatewayRoute): response header filter #5334 @michaelbeaumont
- feat(api-server): ability to set rootUrl for GUI and API #5295 @lahabana
- feat(api-server): add name search to dataplane overview #5340 @lahabana
- feat(api-server): contain matches on name and tags #5606 @lahabana
- feat(build): consistent docker images #5343 @slonka
- feat(build): idempotent build #5291 #5358 #5403 #5404 #5407 #5440 @slonka
- feat(gateway): add support for match header PRESENT and ABSENT #5739 @lahabana
- feat(gui): serve index from all paths without extension #5357 @lahabana
- feat(helm): add tolerations to Helm chart #5549 @KrustyHack
- feat(helm): allow injecting env from parent projects #5677 @slonka
- feat(helm): use object instead of list for plugins.policies #5735 @michaelbeaumont
- feat(kuma-cp): add possibility to run diagnostics on TLS #5344 @mmorel-35
- feat(kuma-cp): added configuration of plugins and its order #5472 @lukidzi
- feat(kuma-cp): intOrString as decimal in the API #5768 @jakubdyszkiewicz
- feat(kuma-cp): intercp communication protocol #5445 #5492 @jakubdyszkiewicz
- feat(kuma-cp): recover from watchdog panics #5581 @jakubdyszkiewicz
- feat(kuma-cp): remove value of secret when logging Secret Resources #5384 @Automaat
- feat(kumactl): added option to install transparent proxy with docker #5284 @lukidzi
- feat(policy): allow merging by a complex key #5650 @michaelbeaumont
- feat(policy): append policy slices #5515 @jakubdyszkiewicz
- feat(policy): don’t use protobuf for DataSource in policies #5668 #5756 @Automaat
- feat(policy): implement MeshCircuitBreaker policy #5454 #5493 #5651 @bartsmykla,@lobkovilya
- feat(policy): implement MeshFaultInjection policy #5723 #5773 @lukidzi
- feat(policy): implement MeshHTTPRoute policy #5530 #5625 #5653 #5746 @michaelbeaumont,@slonka
- feat(policy): implement MeshHealthCheck policy #5369 #5415 #5503 #5654 #5713 #5722 @lahabana,@lobkovilya,@michaelbeaumont,@slonka
- feat(policy): implement MeshProxyPatch policy #5578 #5604 @jakubdyszkiewicz
- feat(policy): implement MeshRateLimit policy #5362 #5463 #5710 #5742 @lobkovilya,@lukidzi
- feat(policy): implement MeshRetry policy #5478 #5522 #5583 #5749 #5808 @lobkovilya,@slonka
- feat(policy): implement MeshTimeout policy #5294 #5364 #5568 @Automaat,@michaelbeaumont
- feat(policy): improve rules api #5785 @lahabana
- feat(policy): validate schema only during the user’s input unmarshal #5566 @lobkovilya
- feat(security): add dependabot security updates to release branches #5731 #5734 #5758 #5767 #5778 #5783 @slonka
- fix(MeshAccessLog): update API to align with the memo #5580 @lobkovilya
- fix(MeshGateway): properly apply Service template annotations to existing Service #5674 @michaelbeaumont
- fix(MeshTrace): adjust MeshTrace to follow the memo #5743 @lobkovilya
- fix(api-server): fix tags filter value with
:
#5339 @lahabana - fix(api-server): remove spec from inspect policy output #5491 @lahabana
- fix(api-server): return 400 on invalid resource name #5719 @lahabana
- fix(gateway): be more lenient with prefix paths trailing slashes #5299 @michaelbeaumont
- fix(gui): add version and basedOnKuma to index.html #5448 @lahabana
- fix(kuma-cp): add option to disable
sslsni
in universal #5318 @michaelbeaumont - fix(kuma-cp): allow to set policies order from others projects #5535 @lukidzi
- fix(kuma-cp): change way of setting if resource is read only #5345 @lukidzi
- fix(kuma-cp): concurrent mesh cache map write #5282 @michaelbeaumont
- fix(kuma-cp): don’t cache filtered data #5574 @lukidzi
- fix(kuma-cp): filtering of name prefix on K8S #5517 @jakubdyszkiewicz
- fix(kuma-cp): fix appending of pointer to slice in policies config #5784 @Automaat
- fix(kuma-cp): fix kafka_type tag creation regex #5507 @Automaat
- fix(kuma-cp): fixed error when logging ExternalServiceResourceList and MeshResourceList #5423 @Automaat
- fix(kuma-cp): forward envoy admin operations to proper instance #5466 @jakubdyszkiewicz
- fix(kuma-cp): increase kuma-init memory limit when using ebpf #5579 @lukidzi
- fix(kuma-cp): kds deadlock #5373 @jakubdyszkiewicz
- fix(kuma-cp): make validate list aware of the mesh #5280 @slonka
- fix(kuma-cp): memory store keeps children after owner update #5372 @jakubdyszkiewicz
- fix(kuma-cp): only put policies in MeshInsight #5577 @lahabana
- fix(kuma-cp): retrieve name from owner not parsing pod name for Deployments/CronJob #5569 @lukidzi
- fix(kuma-cp): use sni to verify upstream certificate san when specified instead of address #5347 @jamesdbloom
- fix(kuma-cp): warn when using deprecated token id #5520 @lahabana
- fix(kuma-dp): allow to configure address of application to scrape #5326 @lukidzi
- fix(kuma-dp): tolerate endline in token file #5591 @lahabana
- fix(kumactl): remove PodSecurityPolicy from install observability #5382 @michaelbeaumont
- fix(kumactl): set klog to avoid logs from k8s #5590 @lahabana
- fix(kumactl): use the same client in
kumactl apply
#5327 @lahabana - fix(policy): change percentage field from int to intOrString #5810 @lukidzi
- fix(policy): fix schema.yaml to have correct metadata #5349 @lahabana
- fix(policy): make targetRef required #5593 @AyushSenapati
- fix(policy): remove superfluous var usage #5627 @AyushSenapati
- fix(policy): use GatewayAPI style header modifier in all policies #5757 @lahabana
- fix(policy): use PascalCase for all constants #5747 @lahabana
- fix(universal): don’t set sslsni option if not disabled (backport #5419) #5439 @mergify
- fix(xds): don’t read metadata in ProxyBuilders #5414 @lahabana
- fix(xds): sort resources when building MeshContext #5391 @lobkovilya
1.5.4
Released on 2023/01/12
- chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 #5602 @mergify
- chore(deps): update coreDNS to 1.10.0 (backport #5626) #5659 @mergify
- chore(helm): remove duplicate keys in resources (backport #4681) #5642 @mergify
- chore: remove Apache license header from generated files (backport #5565) #5622 @mergify
- chore: upgrade golang to 1.18.9 (backport #5607) #5613 @mergify
- fix(kuma-cp): don’t cache filtered data (backport #5574) #5636 @mergify
2.0.2
Released on 2023/01/11
- chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 #5597 @mergify
- chore(deps): update coreDNS to 1.10.0 (backport #5626) #5655 @mergify
- chore: remove Apache license header from generated files (backport #5565) #5616 @mergify
- chore: upgrade golang to 1.18.9 (backport #5607) #5609 @mergify
- fix(kuma-cp): don’t cache filtered data (backport #5574) #5632 @mergify
1.8.3
Released on 2023/01/11
- chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 #5598 @mergify
- chore(deps): update coreDNS to 1.10.0 (backport #5626) #5656 @mergify
- chore: remove Apache license header from generated files (backport #5565) #5617 @mergify
- chore: upgrade golang to 1.18.9 (backport #5607) #5610 @mergify
- fix(kuma-cp): don’t cache filtered data (backport #5574) #5633 @mergify
1.7.4
Released on 2023/01/11
- chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 #5599 @mergify
- chore(deps): update coreDNS to 1.10.0 (backport #5626) #5657 @mergify
- chore(helm): remove duplicate keys in resources (backport #4681) #5640 @mergify
- chore: remove Apache license header from generated files (backport #5565) #5618 @mergify
- chore: upgrade golang to 1.18.9 (backport #5607) #5611 @mergify
- fix(kuma-cp): don’t cache filtered data (backport #5574) #5634 @mergify
1.6.4
Released on 2023/01/11
- chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 #5601 @mergify
- chore(deps): update coreDNS to 1.10.0 (backport #5626) #5658 @mergify
- chore(helm): remove duplicate keys in resources (backport #4681) #5641 @mergify
- chore: remove Apache license header from generated files (backport #5565) #5620 @mergify
- chore: upgrade golang to 1.18.9 (backport #5607) #5612 @mergify
- fix(kuma-cp): don’t cache filtered data (backport #5574) #5635 @mergify
2.0.1
Released on 2022/12/05
- chore: back-ports api base path fix #5341 @kleinfreund
- feat(kuma-cp): remove value of secret when logging Secret Resources (backport #5384) #5392 @mergify
- fix(kuma-cp): add option to disable
sslsni
in universal (backport #5318) #5322 @mergify - fix(kuma-cp): change way of setting if resource is read only (backport #5345) #5348 @mergify
- fix(kuma-cp): kds deadlock (backport #5373) #5397 @mergify
- fix(kuma-cp): use sni to verify upstream certificate san when specified along with address (backport #5347) #5378 @mergify
- fix(xds): don’t read metadata in ProxyBuilders (backport #5414) #5416 @mergify
- fix: sort resources when building MeshContext (backport #5391) #5409 @mergify
1.8.2
Released on 2022/12/05
- feat(kuma-cp): remove value of secret when logging Secret Resources (backport #5384) #5393 @mergify
- fix(kuma-cp): kds deadlock (backport #5373) #5398 @mergify
- fix: sort resources when building MeshContext (backport #5391) #5410 @mergify
2.0.0
Released on 2022/11/04
- chore(.github): remove old release workflow #4836 @lobkovilya
- chore(api): remove DENY_WITH_SHADOW_ALLOW #5220 @lobkovilya
- chore(api): remove unused method and types #5148 @lobkovilya
- chore(api): remove unused timestamp.proto import #4906 @michaelbeaumont
- chore(api): skip Compute when building inbound access logs #5181 @jakubdyszkiewicz
- chore(bootstrap): improve validator policy bootstrap #5014 @lahabana
- chore(deps): bump actions/setup-go from 2 to 3 #5024 @dependabot
- chore(deps): bump cirello.io/pglock from 1.9.0 to 1.10.0 #5239 @dependabot
- chore(deps): bump github.com/Masterminds/sprig to 3.2.2 #5190 @mmorel-35
- chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.7 to 0.6.13 #5023 #5067 #5131 @dependabot
- chore(deps): bump github.com/google/go-cmp from 0.5.8 to 0.5.9 #4996 @dependabot
- chore(deps): bump github.com/gruntwork-io/terratest from 0.40.20 to 0.40.24 #4969 #4993 #5162 @dependabot
- chore(deps): bump github.com/kumahq/kuma-net from 0.8.1 to 0.8.2 #5188 @dependabot
- chore(deps): bump github.com/lib/pq from 1.10.6 to 1.10.7 #4995 @dependabot
- chore(deps): bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.4.0 #4939 #4949 #5021 #5145 #5204 @dependabot
- chore(deps): bump github.com/onsi/gomega from 1.20.0 to 1.23.0 #4933 #4970 #5133 #5146 #5240 @dependabot
- chore(deps): bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 #5203 @dependabot
- chore(deps): bump github.com/prometheus/prometheus from 0.37.0 to 0.39.1 #4887 #5134 @dependabot
- chore(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.1 #5155 #5241 @dependabot
- chore(deps): bump github.com/spf13/viper from 1.12.0 to 1.13.0 #4994 @dependabot
- chore(deps): bump github.com/testcontainers/testcontainers-go from 0.13.0 to 0.15.0 #5020 #5205 @dependabot
- chore(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 #4930 @dependabot
- chore(deps): bump golang.org/x/text from 0.3.7 to 0.4.0 #5147 #5163 @dependabot
- chore(deps): bump google.golang.org/grpc from 1.48.0 to 1.50.1 #4927 #5132 #5156 @dependabot
- chore(deps): bump k8s.io dependencies from 0.24.3 to 0.25.3 #4934 #5026 #5153 @michaelbeaumont
- chore(deps): bump k8s.io/client-go from 0.25.1 to 0.25.2 #5062 @dependabot
- chore(deps): bump kumahq/kuma-gui to f3dba73d4c264b094b6b351a8b44f2d5a0dc4ecb #4842 #4925 #5092 #5106 #5109 #5139 #5141 #5167 #5179 #5197 #5214 #5232 #5234 #5248 #5251 @kleinfreund,@kumahq
- chore(deps): bump sigs.k8s.io/controller-runtime from 0.12.3 to 0.13.0 #4968 @dependabot
- chore(deps): bump sigs.k8s.io/controller-tools from 0.9.2 to 0.10.0 #5059 @dependabot
- chore(deps): update kuma-grafana-datasource #4856 @bartsmykla
- chore(gateway): remove invalid options for MeshGatewayRoute #4890 @michaelbeaumont
- chore(gui): removes update/gui command #4954 @kleinfreund
- chore(helm): remove unused
critical-pod
annotation #4952 @michaelbeaumont- chore(helm): switch merbridge image registry to upstream #4838 @bartsmykla
- chore(kuma-cp): adjust timeout in cp probes #4983 @jakubdyszkiewicz
- chore(kuma-cp): config cleanup #4855 @jakubdyszkiewicz
- chore(kuma-cp): improve logging in K8S controllers #4982 @jakubdyszkiewicz
- chore(kuma-cp): improve test xds client #4976 @jakubdyszkiewicz
- chore(kuma-cp): remove disabling metrics from kuma-cp.defaults #4894 @lahabana
- chore(kuma-cp): resource manager wrapper #5057 @jakubdyszkiewicz
- chore(kuma-init): use iptables-legacy in kuma-init #5040 @bartsmykla
- chore(pkg/gc): don’t rely on core.Now var for time #4918 @lahabana
- chore(plugins): remove some unecessary interfaces and methods #4997 @lahabana
- chore(proto): remove protos for new policies #5218 @lobkovilya
- chore(test): added resource builder #5123 #5195 @jakubdyszkiewicz
- chore(test): added support for GRPC to test-server #4904 @lobkovilya
- chore(test): make unit test compatible with IPV6 host #5198 @jakubdyszkiewicz
- chore(xds): drop deprecated envoy.config.route.v3.HeaderMatcher.exact_match #4953 @michaelbeaumont
- docs(MADR): new tracing policy proposal #4938 @michaelbeaumont
- docs(MADR): update MADR 007 #5129 @lobkovilya
- docs(gateway): explain the semantics of a PREFIX match #5013 @michaelbeaumont
- docs(gateway): explain the semantics of a prefix rewrite to / #5016 @michaelbeaumont
- docs(proto): fixed default serviceAddress and upgrade docs #5236 @lukidzi
- docs(proto): rewrite dataplane proto docs #5219 @jakubdyszkiewicz
- feat(ebpf): CNI uses libbpf CO:RE #5233 @lukidzi
- feat(ebpf): refactor merbridge using libbpf with CO:RE #5034 @bartsmykla
- feat(ebpf): transparent proxy with eBPF in init containers #4919 #5046 #5066 #5095 @bartsmykla
- feat(gateway): add MeshGateway support to MeshAccessLog #5101 @michaelbeaumont
- feat(gateway): add
crossMesh
toMeshGatewayConfig
#5183 @michaelbeaumont- feat(gateway): add service-upstream annotation for delegated nginx #4913 @michaelbeaumont
- feat(gateway): install
kuma
GatewayClass
if gateway API CRDs present #5001 @michaelbeaumont- feat(gateway): match new policies to MeshGateways #5110 @michaelbeaumont
- feat(inspect): implement rule-based view for new policies #5000 #5184 #5189 #5202 @jakubdyszkiewicz,@lobkovilya
- feat(kuma-cp): add flag to disable taint controller #4852 @jakubdyszkiewicz
- feat(kuma-cp): add possibility to restrict TLS version and ciphers #5186 @lahabana
- feat(kuma-cp): add possibility to run MADS on TLS #5210 @lahabana
- feat(kuma-cp): add possibility to split datadog services based on traffic direction and destination #5063 @Automaat
- feat(kuma-cp): added validation for backend name #5081 @Automaat
- feat(kuma-cp): created default control plane user #5064 @jakubdyszkiewicz
- feat(kuma-cp): extensible token issuers #5083 @jakubdyszkiewicz
- feat(kuma-cp): move Mesh Cache to runtime #5140 @Automaat
- feat(kuma-cp): universal resources schema validation #5107 @slonka
- feat(kuma-cp): use zone token to auth zone ingress #5103 @jakubdyszkiewicz
- feat(kuma-dp): publish metrics with text_readouts from envoy #5159 @Automaat
- feat(kumactl): add option to install with experimental transparent proxy #4958 @michaelbeaumont
- feat(kumactl): use exclude ports for uids from kuma-net #4975 @slonka
- feat(policy): Add MeshAccessLog policy #4908 #4998 #5035 #5168 #5177 @michaelbeaumont,@slonka
- feat(policy): Add MeshTrace policy #5069 #5085 #5243 @michaelbeaumont,@slonka
- feat(policy): Add MeshTrafficPermission policy #4835 #5009 #5075 @lobkovilya
- feat(policy): add interfaces for policy plugins #4909 @lahabana
- feat(policy): reimplemented matching for new policies #4780 #4950 #4957 #4977 #5068 #5084 #5166 #5172 #5174 @lahabana,@lobkovilya
- feat(service-insights): add external service in api #5119 @lahabana
- fix(.github): links in PR template #4905 @michaelbeaumont
- fix(.github): use github app in pr-comment action #5164 @lahabana
- fix(api): nil dereference in MeshAccessLog configurer #5258 @lobkovilya
- fix(cni): add empty registry to experimental cni #4847 @slonka
- fix(cni): hook up log level to cni #4849 @slonka
- fix(cni): make cni logs available via kubectl logs #4845 @slonka
- fix(cni): retry loading images #4860 @slonka
- fix(docs): fixed location of developer tools in DEVELOPER.md docs #4988 @Automaat
- fix(gateway): add support for retryOn #5091 @lahabana
- fix(gateway): cross-mesh gateways with same service #5247 @michaelbeaumont
- fix(gateway): don’t create invalid envoy config when routes and listeners don’t match #4837 @michaelbeaumont
- fix(gateway): route URL prefix rewriting #5006 @michaelbeaumont
- fix(gateway): skip ExternalService if none match #5207 @michaelbeaumont
- fix(gateway): sort routes #5007 @michaelbeaumont
- fix(gatewayapi): don’t NPE if the
GatewayClass
ref doesn’t exist #5187 @michaelbeaumont- fix(gatewayapi): reconcile Gateways and HTTPRoutes on ReferenceGrant changes #4944 @michaelbeaumont
- fix(gatewayapi): update gateway-api and fix failing RouteKind tests #5175 @michaelbeaumont
- fix(helm): customize location of kuma-init repository for ebpf cleanup #5230 @lukidzi
- fix(helm): use
podAnnotations
everywhere possible #4991 @lahabana- fix(kuma-cp): collapsed grafana dashboards #4839 @jakubdyszkiewicz
- fix(kuma-cp): deep copy tags when gen. outbounds #5070 @bartsmykla
- fix(kuma-cp): disable statsForAllMethods in grpc stats #5226 @jakubdyszkiewicz
- fix(kuma-cp): do not override source address when TP is not enabled #4951 @lukidzi
- fix(kuma-cp): multiple external services pointing to same address #5185 @slonka
- fix(kuma-cp): override grafana plugin files by default #5208 @slonka
- fix(kuma-cp): reissue admin tls cert on dp address change #5222 @jakubdyszkiewicz
- fix(kuma-cp): remove Dataplane for Pod without IP #4964 @jakubdyszkiewicz
- fix(kuma-cp): return content type of inspect endpoints #4965 @jakubdyszkiewicz
- fix(kuma-dp): resilient TCP access log streamer #4862 @jakubdyszkiewicz
- fix(kumactl): get APIVersions from k8s server #5182 @michaelbeaumont
- fix(tools): add ‘v’ prefix to preview version format #5004 @michaelbeaumont
- fix(tools): support both GitHub app tokens and PATs #4869 @michaelbeaumont
- perf(kuma-cp): avoid rebuilding endpoint map #4974 @jakubdyszkiewicz
- refactor(kuma-dp): add xds authentication customization #4990 @michaelbeaumont
1.8.1
Released on 2022/10/07
- fix(tools): support both GitHub app tokens and PATs (backport #4869) by @mergify in https://github.com/kumahq/kuma/pull/4872
- fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/4980
- fix(*): do not override source address when TP is not enabled (backport #4951) by @mergify in https://github.com/kumahq/kuma/pull/4961
- fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in https://github.com/kumahq/kuma/pull/5071
- fix(gateway): add support for retryOn (backport #5091) by @mergify in https://github.com/kumahq/kuma/pull/5098
1.7.2
Released on 2022/10/06
- fix(helm): always run Helm version update by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4604
- chore(helm): update to 1.7.1 by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4603
- Revert “fix(helm): always run Helm version update (#4604)” by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4609
- fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in https://github.com/kumahq/kuma/pull/5072
- fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/5096
1.6.2
Released on 2022/10/06
- fix(core): validate both old and new objects on Update (backport #4589) by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4593
- fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in https://github.com/kumahq/kuma/pull/5090
- fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/5097
1.8.0
Released on 2022/08/22
New features:
CNI v2 with lots of improvements:
- taint controller to prevent race condition #4650 @slonka
- all logs are easily accessible via
kubectl logs
command which greatly simplifies observability #4845 @slonka - it uses new transparent engine implemented in kuma-net #4481 @slonka
URL rewrite in Builtin Gateway:
- support URL rewriting #4638 @michaelbeaumont
Stats and Clusters in the GUI:
Extra retryOn
options for Retry:
- add extra http retryOn options #4744 @johnharris85
Better support for TCP logging:
Filtering Envoy metrics:
- added option to define filter for Envoy metrics #4503 @lukidzi
Projected service account token:
- support for projected service account token #4453 @lukidzi
Fixes:
Helm:
- remove duplicate keys in resources #4681 @michaelbeaumont
- add containersecuritycontext to CNI daemonset #4677 @jakubdyszkiewicz
- fix extraConfigMap and cp labels #4531 @lahabana
- use image.global.registry for imageExperimental #4641 @jakubdyszkiewicz
Gateway:
ListenerReason
for unresolved certificate refs, enable ReferenceGrant conformance tests #4806 @michaelbeaumont- check hostname intersection between HTTPRoute and Gateway listener #4537 @michaelbeaumont
- create MeshGatewayInstance in same Mesh as Gateway #4794 @michaelbeaumont
- don’t create invalid envoy config when routes and listeners don’t match (backport #4837) #4841 @mergify
- hostname intersections, use new RouteReasons #4544 @michaelbeaumont
- improve HTTPRoute statuses with unresolved BackendRefs #4635 @michaelbeaumont
- npe without any timeout #4548 @michaelbeaumont
- rbac permissions for ReferenceGrant #4628 @michaelbeaumont
- workaround label value max length with hash #4545 @michaelbeaumont
Control Plane:
- check if kuma annotation or label is set but ignore value #4731 @lukidzi
- delete an empty TimeoutConfigurer #4554 @lobkovilya
- do not modify external service tags #4591 @jakubdyszkiewicz
- don’t deploy Pod/Service webhooks in global #4673 @michaelbeaumont
- don’t fail generation if other mesh CAs are misconfigured #4501 @michaelbeaumont
- external service datasource validation #4652 @jakubdyszkiewicz
- fix builtdns annotations for kubernetes #4660 @lahabana
- generate cluster name hash based on tags not config #4598 @lukidzi
- grant delete Pods in kuma-system namespace to control plane #4571 @michaelbeaumont
- localhost exposed application shouldn’t be reachable #4750 @lukidzi
- make options for policies simpler #4722 @lahabana
- protect sort from empty locality #4820 @jakubdyszkiewicz
- registering dp on reconnect #4647 @jakubdyszkiewicz
- support GC service account #4483 @lobkovilya
- validate both old and new objects on Update #4589 @michaelbeaumont
- validation error with user tokens #4507 @jakubdyszkiewicz
Data Plane:
- access log path on windows when cp is on linux #4518 @jakubdyszkiewicz
- fix multi OS build of accesslogs #4767 @lahabana
- have envoy version check always work #4564 @lahabana
- propagate context for metrics aggregate #4640 @lukidzi
- set prometheus content-type when returning metrics #4706 @lukidzi
Other:
- add operations now create non-existent path elements #4595 @michaelbeaumont
Docs:
- new policy matching proposal #4474 @lobkovilya
Other changes:
Gateway:
- mention mesh name in gateway instance status #4678 @lahabana
- add listener connection limits #4755 @michaelbeaumont
- add loadBalancerIP to MeshGatewayInstance #4519 @michaelbeaumont
- allow MeshGateway Dataplane Pods to bind privileged ports #4535 @michaelbeaumont
- configure overload_manager based on max memory #4694 @michaelbeaumont
- multi-zone cross-mesh MeshGateway #4443 @michaelbeaumont
- propagate x-kuma-tags from MeshGateways #4476 @michaelbeaumont
- send default static payload for empty gateway #4617 @tharun208
- set
path_with_escaped_slashes_action
#4719 @michaelbeaumont - set cluster HTTP2 stream and connection window size #4779 @michaelbeaumont
- set cluster per_connection_buffer_limit_bytes #4696 @michaelbeaumont
- set global_downstream_max_connections to 50000 #4724 @michaelbeaumont
- update to Gateway API v0.5.0, support v1beta1 resources #4599 @michaelbeaumont
- validate listeners for collapsibility #4765 @michaelbeaumont
- add MeshGateway dashboard #4555 @michaelbeaumont
Control Plane:
- config cleanup (backport #4855) #4857 @mergify
- don’t set deprecated dns_resolver_config #4702 @michaelbeaumont
- don’t set deprecated known_suffixes #4701 @michaelbeaumont
- remove deprecated Cluster.Http2ProtocolOptions #4528 @michaelbeaumont
- remove versions_ws #4512 @lahabana
- replace deprecated admin_access_log_path #4552 @lahabana
- add /policies endpoint to list all registered policies #4708 @lahabana
- authenticate DP every time #4685 @jakubdyszkiewicz
- enrich policies endpoint #4791 @jakubdyszkiewicz
- identify gateway service by deployment #4703 @parkanzky
- separate CA for Envoy Admin communication #4676 @jakubdyszkiewicz
- use remote address for Gateway #4530 @jakubdyszkiewicz
- add operations now create non-existent path elements #4595 @michaelbeaumont
Data Plane:
- remove envoy admin port flag #4574 @tharun208
- detect memory limit only on linux #4715 @jakubdyszkiewicz
kumactl:
- add a limit to the prom TSDB size #4651 @lahabana
- remove old flags in install tp #4760 @lahabana
- add MeshGateway to
install demo
#4679 @michaelbeaumont - add install control-plane —registry flag #4533 @michaelbeaumont
Documentation:
- create MADR for MeshTrafficPermission #4666 @lobkovilya
- new policy matching proposal #4474 @lobkovilya
- policy matching, replace ‘conf’ with ‘default’ #4693 @lobkovilya
CNI:
- add cni ebpf plugin #4810 @bartsmykla
- implement the cni plugin #4481 @slonka #4618 @slonka #4613 @slonka #4850 @mergify #4642 @slonka #4788 @slonka #4858 @mergify #4826 @slonka #4695 @slonka #4846 @mergify
- taint controller #4852 @jakubdyszkiewicz
- use our cni with calico #4801 @slonka
Dependency updates:
- update demo to latest version #4572 @lahabana
- update Kuma GUI #4815 @kleinfreund #4723 @lahabana
- use github.com/emicklei/go-restful/v3 #4665 @mmorel-35
- bump alpine from 3.16.0 to 3.16.2 in /tools/releases/dockerfiles #4670 #4827 @dependabot
- bump github.com/containerd/cgroups from 1.0.3 to 1.0.4 #4717 @dependabot
- bump github.com/containernetworking/cni from 0.8.1 to 1.1.2 #4632 #4716 @dependabot
- bump github.com/golang-jwt/jwt/v4 from 4.4.1 to 4.4.2 #4499 @dependabot
- bump github.com/golang-migrate/migrate/v4 from 4.15.0 to 4.15.2 #4672 @dependabot
- bump github.com/gruntwork-io/terratest from 0.40.15 to 0.40.20 #4469 #4480 @dependabot
- bump github.com/miekg/dns from 1.1.49 to 1.1.50 #4492 @dependabot
- bump github.com/onsi/gomega from 1.19.0 to 1.20.0 #4671 @dependabot
- bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 #4783 @dependabot
- bump github.com/prometheus/common from 0.34.0 to 0.37.0 #4489 #4627 @dependabot
- bump github.com/spf13/cobra from 1.4.0 to 1.5.0 #4491 @dependabot
- bump go.uber.org/zap from 1.21.0 to 1.22.0 #4829 @dependabot
- bump google.golang.org/grpc from 1.47.0 to 1.48.0 #4631 @dependabot
- bump google.golang.org/protobuf from 1.28.0 to 1.28.1 #4718 @dependabot
- bump k8s.io/apiextensions-apiserver from 0.24.0 to 0.24.3 #4493 #4624 @dependabot
- bump sigs.k8s.io/controller-runtime from 0.12.1 to 0.12.3 #4498 #4581 @dependabot
- bump sigs.k8s.io/controller-tools from 0.9.0 to 0.9.2 #4549 @dependabot
1.7.1
Released on 2022/07/13
Fixes
Gateway
- Nil pinter exception without any timeout (#4550)
- Use remote address for Gateway (#4538)
kumactl
- Update demo to latest version (#4587)
Control plane
- Grant delete Pods in kuma-system namespace to control plane (#4575)
- Don’t fail generation if other mesh CAs are misconfigured (#4517)
- Don’t override timeout values for ExternalServices (#4568)
Data plane proxy
- Access log path on windows when cp is on linux (#4518)
Helm
- Fix extraConfigMap and cp labels (#4541)
General
- Avoid
-<arch>
in version of the binaries (#4527)
1.7.0
Released on 2022/06/13
New features:
Cross Mesh Communication:
ContainerPatch:
- allow custom configuration of Kubernetes’
kuma-init
andkuma-sidecar
containers by introducingContainerPatch
CRD #4280 #4362 / #4366 #4369 / #4370 @parkanzky, @bartsmykla
Observability:
- hijack application metrics to enable scraping metrics from mTLSed applications without prometheus in the mesh #4286 #4388/#4406 @lukidzi
- unified installation of
metrics/logging/tracing
into one commandobservability
#4308 #4411/#4418 @lukidzi, @lahabana
ARM64 support:
- added arm build and release pipeline #4231 @lukidzi
- release for arm64 now publish correct arch image #4276 @lukidzi
- upgrade kubectl to version with ARM support #4180 @lukidzi
- support ARM Linux/Darwin for dev/tools #4199 @lukidzi
- introduced map of arch for a specific build #4321 @lukidzi
- do not exclude arm64 files from docker #4265 @lukidzi
Gateway:
- add
GatewayClass.Spec.ParametersRef
support #4157 @michaelbeaumont - cp annotations from gateway to svc #4327 @johnharris85
- only reconcile Gateway when GatewayClass is Ready #4162 @michaelbeaumont
- auto generate hostname for crossMesh listeners #4421/#4424 @michaelbeaumont
Helm:
- set host network var in helm/cp-deployment.yaml #4209 @SallyBlichWalkMe
- add resource management for jobs #4254 @gdasson
- option for automountSAT=false on cp #4309 @gdasson
- helm chart improvements #4337 @bartsmykla
CP:
- experimental transparent proxy annotation #4240 @parkanzky
- graceful shutdown on Universal using HDS #4246 @jakubdyszkiewicz
- intercept signal for different platforms #4283 @jakubdyszkiewicz
- XDS config dump on Global CP #4301 @jakubdyszkiewicz
- validate DP compat on kuma backend #4236 @parkanzky
DP:
- graceful shutdown of kuma-dp #4229 @jakubdyszkiewicz
Fixes:
Gateway:
Helm:
CP:
- fix ‘/config_dump’ request if Global CP is on Kubernetes #4363/#4372 @lobkovilya
- add the latest version to compatibility matrix #4232 @parkanzky
DP:
- clarify error log message when kuma-dp is wrongly connecting to global-cp #4269 @slonka
Kumactl:
- fix transparent proxy —skip-conntrack-zone-split flag value #4334 @bartsmykla
Other notable changes:
Gateway:
- add /finalizers permission for OwnerReferencesPermissionEnforcement plugin #4239 @michaelbeaumont
- don’t match on ALPN in gateway (#4198) #4272 @wjrbetts
Helm:
- delete ‘kubernetes.io/arch’ node selector #4335 @lobkovilya
CP:
- don’t always recompute mesh contexts #4267 @michaelbeaumont
- don’t run dataplane gc in global #4184 @lahabana
- graceful components #4277 @jakubdyszkiewicz
- memory store cannot delete a parent #4194 @jakubdyszkiewicz
- protocol check should be case-insensitive #4248 @lukidzi
- remove dns server from control plane #4192 @lahabana
- automatically detect dns lookup family for cp cluster #4275 @slonka
ZoneIngress:
- graceful start of many ZoneIngresses #4305 @jakubdyszkiewicz
ZoneEgress:
- resolve zone-ingress advertized address #4219 @lahabana
- do not change ip to ZoneEgress address #4193 @lukidzi
Kumactl:
- remove flag ‘—experimental-meshgateway’ #4315 @lobkovilya
Timeout Policy:
Other:
- delete dns-server 5653 port from configuration and helm files #4339/#4345 @lobkovilya
- support kube-linter tools to analyze Kubernetes YAML files #4294 @mangoGoForward
Dependency upgrades:
- upgrade envoy to 1.22.1 #4288 #4464/#4465 @lobkovilya
- upgrade kuma-cni to 0.0.10 #4313 @lobkovilya
- upgrade tproxy iptables to v0.2.2 #4328 @bartsmykla
- upgrade GUI to the latest version #4316 #4338 #4389/#4390 @jakubdyszkiewicz, @lahabana, @bartsmykla
- upgrade protoc and regenerate files #4169 @lukidzi
- bump github.com/golang-migrate/migrate/v4 from 4.15.1 to 4.15.2 #4234 @dependabot
- bump github.com/gruntwork-io/terratest from 0.40.6 to 0.40.10 #4178 #4260 #4322 @dependabot
- bump github.com/lib/pq from 1.10.5 to 1.10.6 #4299 @dependabot
- bump github.com/miekg/dns from 1.1.48 to 1.1.49 #4291 @dependabot
- bump github.com/onsi/ginkgo/v2 from 2.1.3 to 2.1.4 #4233 @dependabot
- bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 #4290 @dependabot
- bump github.com/prometheus/common from 0.33.0 to 0.34.0 #4235 @dependabot
- bump github.com/spf13/viper from 1.10.0 to 1.11.0 #4177 @dependabot
- bump google.golang.org/grpc from 1.45.0 to 1.46.2 #4213 #4289 @dependabot
- bump k8s.io/apiextensions-apiserver from 0.23.5 to 0.24.0 #4216 @dependabot #4302/#4378
- bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.1 #4302/#4378 @dependabot
Other:
- automate policy generation #4197 @lobkovilya
1.6.1
Released on 2022/06/10
Fixes:
CP:
- do not change ip to ZoneEgress address (backport #4193) #4195
- memory store cannot delete a parent (backport #4194) #4196
Dependency upgrades:
- upgrade envoy to 1.21.3 #4457 @lobkovilya
1.5.2
Released on 2022/06/10
Dependency upgrades:
- upgrade envoy to 1.21.3 #4456 @lobkovilya
1.6.0
Released on 2022/04/11
New features:
Gateway:
- release K8s GatewayAPI as preview 4072 4022 4045 4014 3956 @jakubdyszkiewicz,@michaelbeaumont
- use MeshGatewayInstance name for generated objects 4097 @michaelbeaumont
Inspect api:
ZoneEgress:
- Make zoneegress available in standalone mode 4100 @lahabana
- added locality aware lb for external service 4048 @lukidzi
- make zoneegress routing opt-in 4109 4013 @lukidzi
- support RateLimit and FaultInjections 4000 @lobkovilya
Helm:
- Allow customization of image tags in Helm chart 4068 @gdasson
- Expose kuma-cp’s metric port so it can be scraped by self-deployed prometheus. 4047 @jbehrends
- add resource limits option for control plane deployment 4049 @gdasson
- fail if global.image.tag and appVersion incompatible 4085 @michaelbeaumont
- set version to track appVersion 4083 @michaelbeaumont
- expose kuma-cp gui through ingress 4101 @lukidzi
- allow specifying security context 4153 @gdasson @bartsmykla
Other:
- feat(k8s): ability to set custom service account token volume 4036 @johnharris85
- feat(k8s): shutdown kuma-dp container for any owner kind 4079 @lukidzi
- feat(k8s): support startupProbes 4090 @lahabana
- feat(kuma-cp): add uptime, policies, gateway dps to reports 3933 @parkanzky
- feat(kuma-cp): add metrics and timeouts to CA interface 4089 @parkanzky
- feat(kumactl): add —values and —set to kumactl install control-plane 4086 @lahabana
- feat(transparent-proxy): add experimental tproxy iptables generation 4114 @bartsmykla
Dependency upgrades:
- bump alpine from 3.15.0 to 3.15.2 in /tools/releases/dockerfiles 4060 4023 @dependabot
- bump github.com/envoyproxy/protoc-gen-validate from 0.6.3 to 0.6.7 3978 3976 @dependabot
- bump github.com/go-logr/logr from 1.2.2 to 1.2.3 4040 @dependabot
- bump github.com/golang-jwt/jwt/v4 from 4.3.0 to 4.4.1 4061 4025 @dependabot
- bump github.com/k8s/* from 0.23.4 to 0.23.5 4043 @lahabana
- bump github.com/miekg/dns from 1.1.46 to 1.1.47 3998 @dependabot
- bump github.com/onsi/gomega from 1.18.1 to 1.19.0 4062 @dependabot
- bump github.com/spf13/cobra from 1.3.0 to 1.4.0 3995 @dependabot
- bump go.uber.org/multierr from 1.7.0 to 1.8.0 3974 @dependabot
- bump google.golang.org/grpc from 1.44.0 to 1.45.0 3993 @dependabot
- bump google.golang.org/protobuf from 1.27.1 to 1.28.0 4046 @dependabot
- bump helm.sh/helm/v3 from 3.8.0 to 3.8.1 3994 @dependabot
- bump sigs.k8s.io/gateway-api from 0.4.1 to 0.4.2 3997 @dependabot
- remove dependency on spire 4044 @lahabana
Other notable changes:
- chore(k8s): replace cni registry 4070 @lobkovilya
- chore(k8s): use appProtocol from service by default 4015 @jakubdyszkiewicz
- chore(kuma-dp): cleanup bootstrap version field 3670 @tharun208
- fix(gateway): fix status updating in MeshGatewayInstance reconciliation 4051 @michaelbeaumont
- fix(gateway): gateway instance service reconciliation loops forever 4035 @jakubdyszkiewicz
- fix(gateway): gateway reconciliation loops forever 4034 @jakubdyszkiewicz
- fix(gateway): gateway tls listeners without hostnames 4093 @jakubdyszkiewicz
- fix(gateway): ignore non TCP protocol for provided gateway 4067 @lahabana
- fix(gateway): mesh gateway instance service target port 4071 @jakubdyszkiewicz
- fix(gateway): skip creating MeshGateways without proper attachment 4011 @jakubdyszkiewicz
- fix(helm): add prefix to
app
label in ingress/egress deployment 4123 @lahabana - fix(helm): fix other template prefix in ingress/egress 4124 @lahabana
- fix(helm): remove wildcard rbac version 4148 @johnharris85
- fix(k8s): reconcile serviceMaps when using mesh namespace annotation 3815 @lahabana
- fix(kuma-cp): avoid generating excessive envoy clusters 3984 @lobkovilya
- fix(kuma-cp): default policy creation 4073 @lobkovilya
- fix(kuma-cp): guard the nil version in metadata 3969 @jakubdyszkiewicz
- fix(kuma-cp): provide better message when running with an in-memory database 3982 @lukidzi
- fix(kuma-dp): better error message when the token is invalid 3961 @lahabana
- fix(kumactl): add mesh flag to only commands that uses it 3788 @tharun208
- fix(kumactl): split yaml correctly in
kumactl apply
4107 @lahabana - fix(proxytemplate): avoid validation error 3937 @marcoferrer
- fix(proxytemplate): execute hooks before proxy template modifications 4055 @jakubdyszkiewicz
- perf(k8s): move outbounds from Dataplane to Config 3986 @jakubdyszkiewicz
1.5.1
Released on 2022/04/06
- chore(k8s): replace cni registry (backport #4070) 4076
- fix(kuma-cp): default policy creation (backport #4073) 4080
- fix(kuma-cp): guard the nil version in metadata (backport #3969) 3970
1.5.0
Released on 2022/02/23
- feat(*): zone egress #3809 #3757
- feat(kuma-cp) data plane proxy membership #3619
- feat(kuma-cp): reachable services in transparent proxying #3791
- feat(inspect-api): retrieve full XDS config #3768
- feat(*): inspect api support #3805 #3568 #3462
- feat(kuma-cp): add proxytemplate to matched policies for inspect poli… #3786 👍contributed by @tharun208
- feat(kuma-cp): enable traffic route for inspect endpoints #3735 👍contributed by @tharun208
- feat(*): move adminPort to DPP resource #3739
- feat(helm): add imagePullSecrets support #3755 👍contributed by @johnharris85
- feat(*): enable Gateway with runtime flag #3736
- feat(kumactl): add —api-timeout flag #3723
- feat: allow for ca/identity secrets for every mesh #3696
- feat(kuma-cp): allow extra cm in kuma cp chart #3671 👍contributed by @wjrbetts
- feat(kuma-cp): add gui link in index api response #3675 👍contributed by @tharun208
- feat(*): allow ca.crt to be in separate k8s secret #3638
- feat(kumactl): add type of logging and tracing backends with name in table output #3636 👍contributed by @tharun208
- feat(kuma-cp): enable client side gRPC keepalive #3574
- feat(gui): new onboarding view kumahq/kuma-gui#194
feat(gui): link to documentation from policy view kumahq/kuma-gui#289
fix(kuma-cp): do not update unchanged insights #3819
- fix(*): do not annotate gateway services with ingress upstream #3816
- fix(*): properly escape DB password when creating postgres connection string #3804
- fix(kuma-cp): fix missing label sidecar injection #3740
- fix(kuma-dp): fix conntrack collisions #3459 👍contributed by @johnharris85
- fix(conf): remove invalid health check fields from example #3697 👍contributed by @tharun208
- fix(kuma-dp): binary lookup function skips not available directories #3667
- fix(k8s): make sure controllers start after leader election #3666
- fix(build): fix gomega matchers for inspect resources command test #3660 #3651 👍contributed by @tharun208
- fix(kumactl): ignore any unregistered CRDs, not only from the root chart #3643
- fix(kumactl): print meta before spec for Kuma resources #3637
- fix(kuma-cp): add cp selector to global sync service #3579
- fix(kuma-cp) do not override other dataplane with dp lifecycle #3507
fix(helm) Add support to customize nodeport #1944 👍contributed by @bhiravabhatla
perf(kuma-cp): use mesh snapshot in proxy builder #3700
- perf(kuma-cp): use mesh snapshot in gateway #3710
perf(kuma-cp): share mesh context #3659
improvement(metadata): include name of annotation to parse error message #3677 👍contributed by @ChinYing-Li
- refactor(insights): delete method GetLatestSubscription for insights #3656 👍contributed by @tharun208
- refactor(kuma-cp): unify mesh determination for k8s objects #3708
- refactor(*): replace ensureDefaultXXX functions with a single generic function #3662 👍contributed by @tharun208
- chore(zone-ingress): delete deprecated env KUMA_DATAPLANE_ADMIN_PORT #3766
- chore(k8s): remove GetBool method and use GetEnabled #3698 👍contributed by @tharun208
- chore(*): generate CRD types #3453
- chore(dataplane)!: disallow using 0.0.0.0 in networking.address for dp #3691
- chore(kuma-cp): consolidate mesh defaults creation #3678
- chore(config): remove ability to disable insights #3501
- chore(*): remove old Ingress #3435
- chore(*): upgrade Envoy to v1.21.1 #3909
- chore(grafana): update to latest grafana plugin version #3812
- ci(*): release on every commit in master and release branches #3712
1.4.1
Released on 2021/12/15
- feat: add kubernetes tags automatically #3439
- perf: update Mesh and ServiceInsights only when really needed #3463
- perf: eliminate uneccessary JSON marshalling #3483
- feat: sidecar injection webhook based on labels #3417
- chore: upgrade gui to new version #3454
- test: fix postgress tests permissions #3443
- feat: add affinity to CP and Ingress pods #3036 👍contributed by @andrey-dubnik
- chore: bump github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.2.0 #3432
- feat: consolidate tokens logic to support expiration, rotation, revocation and RSA256 #3376
- fix: simplify cluster creation with endpoints #3403
- fix: enable metrics hijacker for current version of Kuma #3405
- fix: switch to mTLS when CP communicates with Envoy Admin #3353
- chore: bump github.com/spiffe/spire from 0.12.3 to 1.1.1 #3388
- chore: bump github.com/spf13/viper from 1.8.1 to 1.9.0 #3389
- fix: validate cp url in dp conf #3357
- chore: send reports to tls endpoint #3361
- chore: check explicit service account name #3228
- feat: inspect other dependencies versions #3352
- chore: add area/gateway label #3263
- chore: remove dp token from xds metadata #3282
- refactor: move from io/ioutil to io and os packages #3265 👍contributed by @Juneezee
- fix: validate newly generated xDS snapshots #3195
- chore: bump k8s.io/apiextensions-apiserver from 0.22.3 to 0.22.4 #3218
- chore: bump helm chart version to 0.8 #3202
1.4.0
Released on 2021/11/19
- chore(*) scripts for build, publish and fetch Envoy binaries #3110 #3182
- chore(kuma-cp) upgrade gui to new version #3178 #3179
- chore(kuma-cp) Use go structs instead of gotemplate for bootstrap #3156 #3173
- chore(deps): bump github.com/slok/go-http-metrics from 0.9.0 to 0.10.0 #3170
- Disable reporting by default #3070 #3159
- chore(kumactl) remove install CRDs filter function #3139
- feat(kuma-dp) Add conf to disable service vip #3143
- chore(kuma-cp) update some TODO comments #3141
- feat(kuma-cp) Add kuma.io/ignore annotation #3142
- fix(kuma-dp) match gateway cluster names in the hijacker #3106
- feat: add ECDSA certificate generator support #3093
- feat: add more global resources to GlobalInsights #3094
- feat: allow creating secrets for the not yet existing mesh #3076 👍contributed by cloudwiz
- feat: don’t add v6 in DNS when v6 is disabled #3089
- fix: explicitly disable dns in env when disabled in injector #3077
- feat: added support for https tracing endpoint #3057 👍contributed by sudeeptoroy
- fix: normalize generating TLS certificates #3027
- fix: zero downtime when enabling permissive mTLS #3019
- feat: add deprecation notice for kuma-prometheus-sd #2994
- feat: add GlobalInsights api endpoint #3018
- fix: duplicate TLS certificate usage #3008
- chore: add command argument count parameters #3010
- feat: aggregate dp stats by type in MeshInsight #2999
- chore: delete CLI flag ‘—bootstrap-version’ #2965
- feat: show the effective Dataplane address #2977
- feat: aggregate services in MeshInsight #2974
- fix: allow only one healthcheck #2972
- feat: give CA managers all backends at once #2956
- chore: normalize timeout configurer API #2934
- fix: locality-aware lb for external-services #2903
- feat: add install control-plane —version flag for all components #2904
- feat: add zone selector to Kuma Mesh dashboard #2860
- fix: possible to delete resources on Zone CP #2665
- fix: make cluster names contextually unique #3098
- feat: automatically enable gzip content on gateways #3104
- feat: add Gateway TLS termination support #3044
- feat: add gateway support for external services #2990
- fix: enable secrets support for Gateway resources #2953
- feat: initial connection policy support for Gateway #2933
- feat: add access to generate zone ingress token #3075
- feat: user token with RSA256 #2992
- feat: prefix system users and groups with mesh-system #3013
- feat: localhost is not an admin on kubernetes #3003
- feat: user token enabled by default #2941
- feat: Admin User Token bootstrap #2923
- chore: refactor access control for individual access #2983
- feat: support plugin based authentication including user tokens #2895
- feat: User Token for API Server authentication #2892
- chore: refactor authz and authn to plugins #2837
- chore(kuma-cp) upgrade gui to new version #3148
- chore(*) upgrade to Go 1.17.3 #3147
- chore(deps): bump github.com/operator-framework/operator-lib #3158
- chore(deps): bump github.com/gruntwork-io/terratest #3130
- chore: update helm and controller-runtime #2764
- chore: bump github.com/lib/pq from 1.10.3 to 1.10.4 #3131
- chore: bump google.golang.org/grpc from 1.41.0 to 1.42.0 #3101
- chore: bump github.com/prometheus/common from 0.31.1 to 0.32.1 #3006
- chore: bump github.com/envoyproxy/protoc-gen-validate #3007
- chore: bump github.com/google/uuid from 1.2.0 to 1.3.0 #2839
- chore: bump sigs.k8s.io/controller-runtime from 0.10.2 to 0.10.3 #3132
- chore: bump k8s.io/client-go from 0.22.2 to 0.22.3 #3061
- chore: bump k8s.io/apiextensions-apiserver from 0.22.2 to 0.22.3 #3059
- chore: bump k8s.io/api from 0.22.2 to 0.22.3 #3058
- chore: bump github.com/golang-migrate/migrate/v4 #2970
- chore: bump helm.sh/helm/v3 from 3.6.1 to 3.7.1 #2968
- chore: bump github.com/miekg/dns from 1.0.14 to 1.1.43 in /pkg/transparentproxy/istio #2752
1.3.1
Released on 2021/10/06
- fix: disable zone #2884
- fix: limit number of postgres connection by default #2866
- feat: add zone selector to Kuma Service to Service dashboard #2876
- feat: add zone selector to Kuma Service dashboard #2865
- feat: add zone selector to Kuma Dataplane dashboard #2864
- fix: fix duplicates in dataplane list in Kuma Services dashboard #2845
- chore: migrate install resources from rbac API v1beta1 to v1 #2875
- fix: fault injection matching #2757
- fix: delete kuma.io/region and kuma.io/sub-zone #2824
- feat: print control plane version with version cmd #2834
- fix: Only warn about version compatibility where it makes sense #2828
- perf: remove insight update rate limit burst #2825
- perf: apply ratelimit to service insights #2815
- feat: adds support for specifying specific IP for cloud provider load balancers for ingress service #2779 👍contributed by @jamesdbloom
- fix: send tool output to stdout #2787
- fix: switch to a Kuma fork of go-control-plane #2771
- chore: parametrize label on the deployment #2765
- perf: set Node only on first DiscoveryRequest #2741
- feat: verify ServiceAccountToken bound to a Pod #2745
- feat: internal dns should resolve AAAA records #2760
- fix: Add FORMERR and NOTIMP in alternate default coredns conf #2756
- fix: virtual probes with query #2706
- fix: Avoid calling
Send()
from different goroutines #2573 - feat: automatically set proxy concurrency #2691
- feat: Improve builtin grafana setup to have traces and logs linked #2716
- fix: Show gateway services in service-insights #2711
- fix: Correct bad merging of duration #2700
- fix: Ensure outbounds are set when migrating from old to new #2698
- fix: get rid of regex for parsing IPs #2681
- feat: add CP config to ZoneInsights #2661
- feat: generate GatewayRoute clusters #2819
- feat: add GatewayRoute route generation #2782
- feat: match gateway routes #2758
- feat: initial gateway TrafficRoute support #2547
- feat: add a GatewayRoute resource #2591
- chore: update base image for kuma-dp #2881
- chore: change Go JWT version to fix security vunerability #2844
- chore: bump go.uber.org/zap from 1.17.0 to 1.19.1 #2768
- chore: bump google.golang.org/grpc from 1.38.0 to 1.40.0 #2737
- chore: bump github.com/miekg/dns from 1.1.42 to 1.1.43 #2769
- chore: upgrade github.com/spf13/cobra #2732
- chore: bump alpine in /tools/releases/dockerfiles #2705
- chore: bump github.com/onsi/gomega from 1.13.0 to 1.16.0 #2657
- chore: update envoy to 1.18.4 #2667
1.3.0
Released on 2021/08/24
- feat: remove provided ca cert validation #2663 👍contributed by Nikita Pande (@nikita15p)
- feat: Use kuma-sd in kumactl install metrics #2654
- feat: Add new datasource to kumactl install metrics #2640
- fix: remove extra endline in traffic log default template #2514
- fix: TLSInspector is causing tcp healthcheck failures #2639
- feat: Add rate-limit to outbound interfaces #2435
- fix: print a newline with transparent proxy setup message #2634
- chore: bump alpine in /tools/releases/dockerfiles #2531
- chore: annotate required fields in proto files #2556
- chore: remove MADS v1alpha1 #2632
- chore: parametrize kuma tracing in ZipkinCollectorURL #2635
- chore: Add the number of services to usage stats #2628
- feat: Add the permissive mTLS mode #2579
- chore: open CAProvider and MeshValidator for extensions #2618
- feat: Add entity for virtual-outbound #2576
- fix: Don’t set zap.Development() in debug log #2608
- chore(kuma-cp) upgrade gui to new version #2611, #2452, #2554, #2528, #2497, #2490, #2481
- feat: Build kuma on Windows #2597, #2606, #2559
- feat: Add CA backend stats in Dataplane and Mesh Insights #2562
- fix: missing key for kv in reports logging #2598
- chore: split listener configurers across source files #2592
- feat: add simple HTTP connection configurers #2593
- feat: add virtual host domain name configurer #2590
- feat: return instance and cluster IDs in kuma-cp API statuses #2589
- tests: allow kuma-specific const to be overridden #2582
- feat: Intermediate CA support #2575
- fix: Avoid nil dereferencing in dp validator #2578
- chore: consistently use utils package for protobuf wrappers #2570
- fix: subscription finalizer, rev 2 #2526
- tests: fix flaky test for locality aware loadbalancing #2564
- fix: DP tracking lock consistency fix #2567
- chore: Certificates over ADS #2558
- chore: migrate DiscoveryRequest/Response in KDS to V3 #2541
- feat: Rewrite dns persistence to allow virtual-outbound to be added #2484
- fix: deleted default policy is created on Kuma CP restart #2507
- chore: Move kumactl logging arguments to where they can be parameterized #2544
- chore: add route and virtual host configuration helpers #2517
- chore: fix kumactl generate dataplane proxy-type flag deprecation message #2522 👍contributed by Tharun Rajendran
- chore: Simplify resource-gen.go by generating
ResourceDescriptor
#2511 - chore: Replace netcat with test server #2510
- feat: configure SNI on ExternalService #2467
- chore: add importas to golangci-lint #2516 👍contributed by Tharun Rajendran
- chore: add to resource-gen.go generation of kds options #2487
- chore: add to resource-gen.go generation of kumactl options #2469
- fix: add owner when create ZoneIngressInsight #2456
- fix: hijacker merge labels #2476
- chore: improve resource-gen by auto generating ws code #2466
- fix: clarify invalid resource type message #2473
- fix: implement TextMarshaler for JSON keys #2475
- chore: simplify resourceWsDefinition and server init #2477
- fix: Stop adding outbounds to dp for vips #2421
- chore(*) make port validation consistent #2448
1.2.3
Released on 2021/07/29
- fix(kumactl) warn about fail to check the CP version #2438
- fix(kuma-cp) handle missing connection info #2439
- chore(xds) rename logger to have consistent naming style #2375 👍contributed by burntcarrot
- fix(kuma-cp) set better keep-alive for bootstrap #2432
- fix(kuma-dp) validate the DP proxy type #2186
- fix(kuma-cp) use the typed config for TLS Inspector #2373
1.2.2
Released on 2021/07/16
- feat: add datadog traffic tracing #2269
- refactor: add kumactl install tracing context #2343
- chore: improve kumactl install transparent-proxy flags description, add extra validation #2352
- fix: broken SDS auth and XDS generation on rapid DP restarts #2342
- fix: allow verbose log levels #2351
- chore: use resource types for DataplaneInsight tracking #2324
- chore: improve resource manager initialization readability #2316
- chore: upgrade gui to new version #2340, #2325, #2315
- fix: allocate a new VIP for ExternalService host #2302
- fix: stop components on leader election lost #2318
- chore: generate system resource wrappers #2282, #2311
- chore: remove access log V2 #2301
- chore: generate DeepCopy interfaces #2222
- chore: disable log sampling #2273
- chore: upgrade Protocol Buffers #2244
- chore: change default number of insights subscriptions #2266
- chore: make the authentication interface type oblivious #2271
- fix: fix hds disabled on dpserver #2268 👍contributed by Bastien Chatelard
- chore: refactor xDS metadata to store a generic resource #2264
- feat: change KDS max message limit #2265
1.2.1
Released on 2021/06/30
- fix: Dataplane/ZoneIngress/Zone status problem when control plane forcefully exits #2246
- chore: reduce memory usage by reducing cache key size #2214 #2230 👍contributed by nhamlh
- fix: ZoneIngress always shows up as ‘offline’ #2209
- feat: dataplane use advertise address to add a routable ip if address is not public ip #2116 👍contributed by sudeeptoroy
- fix: builtin DNS resolve alias with dots #2208
- feat: add SNI to TLSed ExternalServices #2211
- fix: fix race condition in cache #2202 👍contributed by nhamlh
- fix: supported versions of Kuma DP in the GUI #2193
1.2.0
Released on 2021/06/17
- feat: Introduce ZoneIngress #2147 #2169
- feat: enable dataplane dns by default #2152
- feat: add —verbose flag to kuma-init #2156
- feat: log rotation #2100 👍contributed by @nikita15p
- feat: mads, allow specifying fetch-timeout via query param #2148 👍contributed by @austince
- feat: mads, add support for HTTP long polling #2121 👍contributed by @austince
- feat(mads) implement v1 API #1753 👍contributed by @austince
- feat: add RateLimit policy #2083
feat: allow renegotiation for TLS in ExternalServices #2135
- feat: pass header when communicating with CP #2049 👍contributed by sudeeptoroy
- feat: change default traffic route policy #2075
- feat: command to install kong enterprise ingress #1999
- feat: add postgres max idle connections configuration #2020 👍contributed by @nikita15p
- feat: add kumactl —no-config flag #2048
- feat: nodeselector across all pods with HELM #2012
- feat: enable forwarding XFCC header #1941 👍contributed by @jewertow
- feat: TrafficPermission for ExternalServices #1957
- feat: metrics hijacker #1899
- feat: extend CircuitBreaker #1655
- chore: remove API V2 #2119
- chore: bump webhooks version #2126
- chore: drop deprecated Envoy options #2143
- chore: dockerfiles, add a user for kuma-cp #2129
- chore: bump cni version to 0.0.9 #2137
- chore: rename remote cp to zone cp #2125
- chore: bump versions of logging, metrics, tracing #2178
- chore: parametrize bitnami/kubectl #2151
- chore: backwards compatible metrics #2173
- chore: upgrade Envoy version to 1.18.3 #2145
- chore updated go-control-plane #2082 👍contributed by @sudeeptoroy
- chore: fix misspelled words #1984 👍contributed by @tharun208
- chore: upgrade GUI #2157
- chore namespace source names for v1 API #1896 👍contributed by @austince
- chore: use cmux for MADS server #1887
- chore: Add internal support for outbound UDP listeners #1618 👍contributed by @lahabana
- chore: Avoid generating duplicate subsets in ingress 👍contributed by @lahabana
- chore: upgrade to apiextensions.k8s.io/v1 #1108 👍contributed by @austince
- fix: Clear snapshots from cache on disconnect #2172 👍contributed by @lahabana
- fix: use service account name to identify sync #2127
- fix: raise the regex program size limit #2139
- fix: pass query parameters through the metrics hijacker #2124
- fix: matching endpoints by tags #2096
- fix: manage and warn on control plane file limits #2057 #2106
- fix: fix transparent-proxy for GCP/GKE #2051
- fix: set death signal on child processes #2045
- fix: TrafficRoute in multizone issue #1979
1.1.6
Released on 2021/05/13
- feat: expose reuse_connection in healthchecks #1952
- feat: allow tcp/http healthchecks together #1951
- feat: kumactl option to install gateway types #1950
- feat: kumactl option to install kuma demo app #1932
- feat: kumactl option to install Kong ingress #1929
- feat: support all tags in traffic permission #1902
- fix: gateway status was always reporting offline #1946
- fix: don’t cache failed calls #1894 👍contributed by @lahabana
- chore: add hostname when sending traces to the collector #1962
- docs: prepare api docs generation #1741
- test: azure aks and e2e improvements for the CI #1880 #1871 #1933 #1953 #1972
1.1.5
Released on 2021/04/29
- feat: generate outbounds for itself #1900
- chore: migrate from bintray #1901
- chore: GUI updates and fixes #1897
- chore: kumactl check version after loading config #1879
- chore: transparent proxy improvements #1852
- chore upgrade Go to 16.3 and use go embed #1864 #1865
- fix: always set locality in multizone #1863
- fix: Envoy config is created based on old Dataplane #1848
1.1.4
Released on 2021/04/19
- chore: force all DNS traffic capture #1842
1.1.3
Released on 2021/04/16
- feat: support External Services with original hostname and port (built-in DNS) #1807 #1811 #1817 #1812 #1821 #1824 #1828 #1822
- fix: pass validation of V3 specific configs in ProxyTemplate #1819
- chore: support ingress annotations (kuma.io/ingress-public-address and kuma.io/ingress-public-port) in HELM #1796
1.1.2
Released on 2021/04/09
- feat: extend CircuitBreaker policy with Thresholds #1688
- feat: enable IPv6 support and tests #1726 #1734
- feat: unuversal mode transparent-proxy firewalld support #1702
- feat: new Grafana charts for golden signals and L7 metrics #1739 #1786
- chore: verify e2e tests run in EKS #1684 #1685 #1744
- chore: upgrade CRDS to apiextensions.k8s.io/v1 #1108
- fix: helm cp service annotations #1767 👍contributed by nbrink91
- fix: gui fixes #1773
- fix: KDS may delete ConfigMaps on Control Plane restarts #1769
- fix: Kuma CP restart may cause stale Envoy configs on Universal #1749
- fix: use EnvoyGRPC to fix DNS resolving #1740
- fix: fix ingress-enabled #1725
- fix: pick HTTP health checker version depending on outbound’s protocol #1714
- fix: improve the DNS server bind message #1701
- fix: validate —name and —mesh when dataplane is provided #1771
- fix: better error messages when there is problem with pod dataplane convertion #1743
- fix: crashes under load #1694 #1695
1.1.1
Released on 2021/03/11