release-v1.2.3

Notable Changes

• Custom trust domains (i.e. certificate CommonNames) are now supported.
• The authentication token used to configure the Hashicorp Vault certificate provider can now be passed in using a secretRef
• Envoy has been updated to v1.22 and uses the envoyproxy/envoy-distroless image instead of the deprecated envoyproxy/envoy-alpine image.
  • This means that kubectl exec -c envoy ... -- sh will no longer work for the Envoy sidecar.
• Added support for Kubernetes 1.23 and 1.24.
• Rate limiting: Added capability to perform local per-instance rate limiting of TCP connections and HTTP requests.
• Statefulsets and headless services have been fixed and work as expected.

Breaking Changes

• The following metrics no longer use the label common_name, due to the fact that the common name's trust domain can rotate. Instead 2 new labels, proxy_uuid and identity have been added.
  • osm_proxy_response_send_success_count
  • osm_proxy_response_send_error_count
  • osm_proxy_xds_request_count
• Support for Kubernetes 1.20 and 1.21 has been dropped.
• Multi-arch installation supported by the Chart Helm by customizing the affinity and nodeSelector fields.
• Root service in a TrafficSplit configuration must have a selector matching the pods backing the leaf services. The legacy behavior where a root service without a selector matching the pods backing the leaf services is able to split traffic, has been removed.

release-v1.1.1-1

Notable Changes

• Circuit breaking support for traffic directed to in-mesh and external destinations
• A new spec.sidecar.localProxyMode field in the MeshConfig API allows users
  to specify whether traffic from Envoy sidecars to application containers is
  redirected via 127.0.0.1 (the previous behavior and current default) or the
  Pod's IP address
• A new spec.traffic.networkInterfaceExclusionList field in the MeshConfig API
  allows users to specify names of network interfaces on Pods that should not
  have traffic proxied through Envoy sidecars
• The installed MeshConfig resource can now be updated with kubectl apply

Breaking Changes

The following changes are not backward compatible with the previous release.

• The osm_proxy_response_send_success_count and osm_proxy_response_send_error_count metrics are now labeled with the proxy certificate's common name and XDS type, so queries to match the previous equivalent need to sum for all values of each of those labels.

Deprecation Notes

The following capabilities have been deprecated and cannot be used.

• The osm_injector_injector_sidecar_count and osm_injector_injector_rq_time metrics have been removed. The osm_admission_webhook_response_total and osm_http_response_duration metrics should be used instead.
• OSM will no longer support installation on Kubernetes version v1.19.

CRD Updates

• No CRD changes between tags v1.0.0-1 and v1.1.1-1

release-v1.0.0-1

This release is for v1.0.0-1 of osm-arc

No significant updates from v1.0.0.

release-v1.0.0

Notable Changes:

• New internal control plane event management framework to handle changes to the Kubernetes cluster and policies
• Validations to reject/ignore invalid SMI TrafficTarget resources
• Control plane memory utilization improvements
• Support for TCP server-first protocols for in-mesh traffic
• Updates to Grafana dashboards to reflect accurate metrics
• OSM control plane images, and third party images for envoy, grafana, grafana-image-renderer, and jaegertracing-all-in-one are now multi-architecture, built for linux/amd64 and linux/arm64

Breaking Changes

• Top level upstream Helm chart keys are renamed from OpenServiceMesh to osm

Deprecation Notes

The following capabilities have been deprecated and cannot be used.

• Kubernetes Ingress API to configure a service mesh backend to authorize ingress traffic. OSM's IngressBackend API must be used to authorize ingress traffic between an ingress gateway and service mesh backend.

CRD Changes (between v0.9.2 and v1.0.0)

• charts/osm/crds/access/yaml
• charts/osm/crds/httproutegroup.yaml
• charts/osm/crds/meshconfig.yaml
• charts/osm/crds/policy.yaml
• charts/osm/crds/split.yaml
• charts/osm/crds/tcproute.yaml

release-v0.9.2

This release is for OSM Arc v0.9.2. For upstream OSM v0.9.2, please refer to openservicemesh/osm releases.

Notable Changes

• Support for Kubernetes v1.22.0
• osm support bug-report added to be able to generate a bug report
• preset-mesh-config changed to ConfigMap (read more about mesh configuration here)

CRD Updates

charts/osm/crds/meshconfig.yaml

release-v0.9.1

This release is for v0.9.1 of osm-arc.

Notable Changes:

1. Added the support for OSM to work in Pod Security Policy enabled clusters
2. Support for Egress traffic policies, to provide fine-grained access control of traffic destined to external services and endpoints. Read documentation.
3. MeshConfig CRD is added to replace the osm-config ConfigMap as the OSM configuration object. Read more about OSM MeshConfig.
4. Envoy sidecar image is upgraded to 1.18.3
5. Deprecated the validating webhook as a part of configmap removal
6. Support for OPA to work with OSM in the same cluster
7. Support for Integrating with Dapr. Read documentation for more details.
8. Enabled garbage collection of secrets created by OSM
9. Feature flags are configurable through the MeshConfig custom resource. Note that these are experimental features made available for testing purposes.
10. OSM log level is configurable through the MeshConfig custom resource
11. High availability is added to OSM control plane with support for multiple replicas, autoscaling, and Pod Disruption Budget. Refer documentation for more details.
12. Ability to ignore an ingress resource using a label. Read documentation for details.
13. Node selectors for Linux OS are added for installation of OSM control plane pods and demo applications
14. Helm reconciliation is introduced in this version so that any user driven deployment or config changes are reverted to the intended settings. This helps maintain a healthy control plane.
15. Added a pre-install job to enforce that only one mesh is present on the cluster prior to installing osm-arc

CRD Updates:

charts/osm/crds/access.yaml
charts/osm/crds/httproutegroup.yaml
charts/osm/crds/meshconfig.yaml
charts/osm/crds/policy.yaml
charts/osm/crds/specs.yaml
charts/osm/crds/split.yaml
charts/osm/crds/tcproute.yaml

release-v0.8.4

This release is for v0.8.4 of osm-arc.

release-v0.8.3

This release is for v0.8.3 of osm-arc.

release-v0.8.2

This release is for v0.8.2 of osm-arc.

release-v0.7.0

CRD Upgrades:

charts/osm/crds/access.yaml
charts/osm/crds/specs.yaml