Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time

Changelog

[2.0.1]

Released on 2022/12/05

  • chore: back-ports api base path fix #5341 @kleinfreund
  • feat(kuma-cp): remove value of secret when logging Secret Resources (backport #5384) #5392 @mergify
  • fix(kuma-cp): add option to disable sslsni in universal (backport #5318) #5322 @mergify
  • fix(kuma-cp): change way of setting if resource is read only (backport #5345) #5348 @mergify
  • fix(kuma-cp): kds deadlock (backport #5373) #5397 @mergify
  • fix(kuma-cp): use sni to verify upstream certificate san when specified along with address (backport #5347) #5378 @mergify
  • fix(xds): don't read metadata in ProxyBuilders (backport #5414) #5416 @mergify
  • fix: sort resources when building MeshContext (backport #5391) #5409 @mergify

[2.0.0]

Released on 2022/11/04

  • chore(.github): remove old release workflow #4836 @lobkovilya
  • chore(api): remove DENY_WITH_SHADOW_ALLOW #5220 @lobkovilya
  • chore(api): remove unused method and types #5148 @lobkovilya
  • chore(api): remove unused timestamp.proto import #4906 @michaelbeaumont
  • chore(api): skip Compute when building inbound access logs #5181 @jakubdyszkiewicz
  • chore(bootstrap): improve validator policy bootstrap #5014 @lahabana
  • chore(deps): bump actions/setup-go from 2 to 3 #5024 @dependabot
  • chore(deps): bump cirello.io/pglock from 1.9.0 to 1.10.0 #5239 @dependabot
  • chore(deps): bump github.com/Masterminds/sprig to 3.2.2 #5190 @mmorel-35
  • chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.7 to 0.6.13 #5023 #5067 #5131 @dependabot
  • chore(deps): bump github.com/google/go-cmp from 0.5.8 to 0.5.9 #4996 @dependabot
  • chore(deps): bump github.com/gruntwork-io/terratest from 0.40.20 to 0.40.24 #4969 #4993 #5162 @dependabot
  • chore(deps): bump github.com/kumahq/kuma-net from 0.8.1 to 0.8.2 #5188 @dependabot
  • chore(deps): bump github.com/lib/pq from 1.10.6 to 1.10.7 #4995 @dependabot
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.4.0 #4939 #4949 #5021 #5145 #5204 @dependabot
  • chore(deps): bump github.com/onsi/gomega from 1.20.0 to 1.23.0 #4933 #4970 #5133 #5146 #5240 @dependabot
  • chore(deps): bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 #5203 @dependabot
  • chore(deps): bump github.com/prometheus/prometheus from 0.37.0 to 0.39.1 #4887 #5134 @dependabot
  • chore(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.1 #5155 #5241 @dependabot
  • chore(deps): bump github.com/spf13/viper from 1.12.0 to 1.13.0 #4994 @dependabot
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.13.0 to 0.15.0 #5020 #5205 @dependabot
  • chore(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 #4930 @dependabot
  • chore(deps): bump golang.org/x/text from 0.3.7 to 0.4.0 #5147 #5163 @dependabot
  • chore(deps): bump google.golang.org/grpc from 1.48.0 to 1.50.1 #4927 #5132 #5156 @dependabot
  • chore(deps): bump k8s.io dependencies from 0.24.3 to 0.25.3 #4934 #5026 #5153 @michaelbeaumont
  • chore(deps): bump k8s.io/client-go from 0.25.1 to 0.25.2 #5062 @dependabot
  • chore(deps): bump kumahq/kuma-gui to f3dba73d4c264b094b6b351a8b44f2d5a0dc4ecb #4842 #4925 #5092 #5106 #5109 #5139 #5141 #5167 #5179 #5197 #5214 #5232 #5234 #5248 #5251 @kleinfreund,@kumahq
  • chore(deps): bump sigs.k8s.io/controller-runtime from 0.12.3 to 0.13.0 #4968 @dependabot
  • chore(deps): bump sigs.k8s.io/controller-tools from 0.9.2 to 0.10.0 #5059 @dependabot
  • chore(deps): update kuma-grafana-datasource #4856 @bartsmykla
  • chore(gateway): remove invalid options for MeshGatewayRoute #4890 @michaelbeaumont
  • chore(gui): removes update/gui command #4954 @kleinfreund
  • chore(helm): remove unused critical-pod annotation #4952 @michaelbeaumont
  • chore(helm): switch merbridge image registry to upstream #4838 @bartsmykla
  • chore(kuma-cp): adjust timeout in cp probes #4983 @jakubdyszkiewicz
  • chore(kuma-cp): config cleanup #4855 @jakubdyszkiewicz
  • chore(kuma-cp): improve logging in K8S controllers #4982 @jakubdyszkiewicz
  • chore(kuma-cp): improve test xds client #4976 @jakubdyszkiewicz
  • chore(kuma-cp): remove disabling metrics from kuma-cp.defaults #4894 @lahabana
  • chore(kuma-cp): resource manager wrapper #5057 @jakubdyszkiewicz
  • chore(kuma-init): use iptables-legacy in kuma-init #5040 @bartsmykla
  • chore(pkg/gc): don't rely on core.Now var for time #4918 @lahabana
  • chore(plugins): remove some unecessary interfaces and methods #4997 @lahabana
  • chore(proto): remove protos for new policies #5218 @lobkovilya
  • chore(test): added resource builder #5123 #5195 @jakubdyszkiewicz
  • chore(test): added support for GRPC to test-server #4904 @lobkovilya
  • chore(test): make unit test compatible with IPV6 host #5198 @jakubdyszkiewicz
  • chore(xds): drop deprecated envoy.config.route.v3.HeaderMatcher.exact_match #4953 @michaelbeaumont
  • docs(MADR): new tracing policy proposal #4938 @michaelbeaumont
  • docs(MADR): update MADR 007 #5129 @lobkovilya
  • docs(gateway): explain the semantics of a PREFIX match #5013 @michaelbeaumont
  • docs(gateway): explain the semantics of a prefix rewrite to / #5016 @michaelbeaumont
  • docs(proto): fixed default serviceAddress and upgrade docs #5236 @lukidzi
  • docs(proto): rewrite dataplane proto docs #5219 @jakubdyszkiewicz
  • feat(ebpf): CNI uses libbpf CO:RE #5233 @lukidzi
  • feat(ebpf): refactor merbridge using libbpf with CO:RE #5034 @bartsmykla
  • feat(ebpf): transparent proxy with eBPF in init containers #4919 #5046 #5066 #5095 @bartsmykla
  • feat(gateway): add MeshGateway support to MeshAccessLog #5101 @michaelbeaumont
  • feat(gateway): add crossMesh to MeshGatewayConfig #5183 @michaelbeaumont
  • feat(gateway): add service-upstream annotation for delegated nginx #4913 @michaelbeaumont
  • feat(gateway): install kuma GatewayClass if gateway API CRDs present #5001 @michaelbeaumont
  • feat(gateway): match new policies to MeshGateways #5110 @michaelbeaumont
  • feat(inspect): implement rule-based view for new policies #5000 #5184 #5189 #5202 @jakubdyszkiewicz,@lobkovilya
  • feat(kuma-cp): add flag to disable taint controller #4852 @jakubdyszkiewicz
  • feat(kuma-cp): add possibility to restrict TLS version and ciphers #5186 @lahabana
  • feat(kuma-cp): add possibility to run MADS on TLS #5210 @lahabana
  • feat(kuma-cp): add possibility to split datadog services based on traffic direction and destination #5063 @Automaat
  • feat(kuma-cp): added validation for backend name #5081 @Automaat
  • feat(kuma-cp): created default control plane user #5064 @jakubdyszkiewicz
  • feat(kuma-cp): extensible token issuers #5083 @jakubdyszkiewicz
  • feat(kuma-cp): move Mesh Cache to runtime #5140 @Automaat
  • feat(kuma-cp): universal resources schema validation #5107 @slonka
  • feat(kuma-cp): use zone token to auth zone ingress #5103 @jakubdyszkiewicz
  • feat(kuma-dp): publish metrics with text_readouts from envoy #5159 @Automaat
  • feat(kumactl): add option to install with experimental transparent proxy #4958 @michaelbeaumont
  • feat(kumactl): use exclude ports for uids from kuma-net #4975 @slonka
  • feat(policy): Add MeshAccessLog policy #4908 #4998 #5035 #5168 #5177 @michaelbeaumont,@slonka
  • feat(policy): Add MeshTrace policy #5069 #5085 #5243 @michaelbeaumont,@slonka
  • feat(policy): Add MeshTrafficPermission policy #4835 #5009 #5075 @lobkovilya
  • feat(policy): add interfaces for policy plugins #4909 @lahabana
  • feat(policy): reimplemented matching for new policies #4780 #4950 #4957 #4977 #5068 #5084 #5166 #5172 #5174 @lahabana,@lobkovilya
  • feat(service-insights): add external service in api #5119 @lahabana
  • fix(.github): links in PR template #4905 @michaelbeaumont
  • fix(.github): use github app in pr-comment action #5164 @lahabana
  • fix(api): nil dereference in MeshAccessLog configurer #5258 @lobkovilya
  • fix(cni): add empty registry to experimental cni #4847 @slonka
  • fix(cni): hook up log level to cni #4849 @slonka
  • fix(cni): make cni logs available via kubectl logs #4845 @slonka
  • fix(cni): retry loading images #4860 @slonka
  • fix(docs): fixed location of developer tools in DEVELOPER.md docs #4988 @Automaat
  • fix(gateway): add support for retryOn #5091 @lahabana
  • fix(gateway): cross-mesh gateways with same service #5247 @michaelbeaumont
  • fix(gateway): don't create invalid envoy config when routes and listeners don't match #4837 @michaelbeaumont
  • fix(gateway): route URL prefix rewriting #5006 @michaelbeaumont
  • fix(gateway): skip ExternalService if none match #5207 @michaelbeaumont
  • fix(gateway): sort routes #5007 @michaelbeaumont
  • fix(gatewayapi): don't NPE if the GatewayClass ref doesn't exist #5187 @michaelbeaumont
  • fix(gatewayapi): reconcile Gateways and HTTPRoutes on ReferenceGrant changes #4944 @michaelbeaumont
  • fix(gatewayapi): update gateway-api and fix failing RouteKind tests #5175 @michaelbeaumont
  • fix(helm): customize location of kuma-init repository for ebpf cleanup #5230 @lukidzi
  • fix(helm): use podAnnotations everywhere possible #4991 @lahabana
  • fix(kuma-cp): collapsed grafana dashboards #4839 @jakubdyszkiewicz
  • fix(kuma-cp): deep copy tags when gen. outbounds #5070 @bartsmykla
  • fix(kuma-cp): disable statsForAllMethods in grpc stats #5226 @jakubdyszkiewicz
  • fix(kuma-cp): do not override source address when TP is not enabled #4951 @lukidzi
  • fix(kuma-cp): multiple external services pointing to same address #5185 @slonka
  • fix(kuma-cp): override grafana plugin files by default #5208 @slonka
  • fix(kuma-cp): reissue admin tls cert on dp address change #5222 @jakubdyszkiewicz
  • fix(kuma-cp): remove Dataplane for Pod without IP #4964 @jakubdyszkiewicz
  • fix(kuma-cp): return content type of inspect endpoints #4965 @jakubdyszkiewicz
  • fix(kuma-dp): resilient TCP access log streamer #4862 @jakubdyszkiewicz
  • fix(kumactl): get APIVersions from k8s server #5182 @michaelbeaumont
  • fix(tools): add 'v' prefix to preview version format #5004 @michaelbeaumont
  • fix(tools): support both GitHub app tokens and PATs #4869 @michaelbeaumont
  • perf(kuma-cp): avoid rebuilding endpoint map #4974 @jakubdyszkiewicz
  • refactor(kuma-dp): add xds authentication customization #4990 @michaelbeaumont

[1.8.1]

Released on 2022/10/07

  • fix(tools): support both GitHub app tokens and PATs (backport #4869) by @mergify in #4872
  • fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in #4980
  • fix(*): do not override source address when TP is not enabled (backport #4951) by @mergify in #4961
  • fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in #5071
  • fix(gateway): add support for retryOn (backport #5091) by @mergify in #5098

[1.6.2]

Released on 2022/10/06

  • fix(core): validate both old and new objects on Update (backport #4589) by @michaelbeaumont in #4593
  • fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in #5090
  • fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in #5097

[1.7.2]

Released on 2022/10/06

  • fix(helm): always run Helm version update by @michaelbeaumont in #4604
  • chore(helm): update to 1.7.1 by @michaelbeaumont in #4603
  • Revert "fix(helm): always run Helm version update (#4604)" by @michaelbeaumont in #4609
  • fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in #5072
  • fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in #5096

[1.8.0]

Released on 2022/08/22

New features:

CNI v2 with lots of improvements:

  • taint controller to prevent race condition #4650 @slonka
  • all logs are easily accessible via kubectl logs command which greatly simplifies observability #4845 @slonka
  • it uses new transparent engine implemented in kuma-net #4481 @slonka

URL rewrite in Builtin Gateway:

  • support URL rewriting #4638 @michaelbeaumont

Stats and Clusters in the GUI:

  • execute stats and clusters from the control plane #4557 #333 @jakubdyszkiewicz

Extra retryOn options for Retry:

  • add extra http retryOn options #4744 @johnharris85

Better support for TCP logging:

  • resilient tcp TCP access log streamer #4511 @parkanzky #4862 @jakubdyszkiewicz

Filtering Envoy metrics:

  • added option to define filter for Envoy metrics #4503 @lukidzi

Projected service account token:

  • support for projected service account token #4453 @lukidzi

Fixes:

Helm:

  • remove duplicate keys in resources #4681 @michaelbeaumont
  • add containersecuritycontext to CNI daemonset #4677 @jakubdyszkiewicz
  • fix extraConfigMap and cp labels #4531 @lahabana
  • use image.global.registry for imageExperimental #4641 @jakubdyszkiewicz

Gateway:

  • ListenerReason for unresolved certificate refs, enable ReferenceGrant conformance tests #4806 @michaelbeaumont
  • check hostname intersection between HTTPRoute and Gateway listener #4537 @michaelbeaumont
  • create MeshGatewayInstance in same Mesh as Gateway #4794 @michaelbeaumont
  • don't create invalid envoy config when routes and listeners don't match (backport #4837) #4841 @mergify
  • hostname intersections, use new RouteReasons #4544 @michaelbeaumont
  • improve HTTPRoute statuses with unresolved BackendRefs #4635 @michaelbeaumont
  • npe without any timeout #4548 @michaelbeaumont
  • rbac permissions for ReferenceGrant #4628 @michaelbeaumont
  • workaround label value max length with hash #4545 @michaelbeaumont

Control Plane:

  • check if kuma annotation or label is set but ignore value #4731 @lukidzi
  • delete an empty TimeoutConfigurer #4554 @lobkovilya
  • do not modify external service tags #4591 @jakubdyszkiewicz
  • don't deploy Pod/Service webhooks in global #4673 @michaelbeaumont
  • don't fail generation if other mesh CAs are misconfigured #4501 @michaelbeaumont
  • external service datasource validation #4652 @jakubdyszkiewicz
  • fix builtdns annotations for kubernetes #4660 @lahabana
  • generate cluster name hash based on tags not config #4598 @lukidzi
  • grant delete Pods in kuma-system namespace to control plane #4571 @michaelbeaumont
  • localhost exposed application shouldn't be reachable #4750 @lukidzi
  • make options for policies simpler #4722 @lahabana
  • protect sort from empty locality #4820 @jakubdyszkiewicz
  • registering dp on reconnect #4647 @jakubdyszkiewicz
  • support GC service account #4483 @lobkovilya
  • validate both old and new objects on Update #4589 @michaelbeaumont
  • validation error with user tokens #4507 @jakubdyszkiewicz

Data Plane:

  • access log path on windows when cp is on linux #4518 @jakubdyszkiewicz
  • fix multi OS build of accesslogs #4767 @lahabana
  • have envoy version check always work #4564 @lahabana
  • propagate context for metrics aggregate #4640 @lukidzi
  • set prometheus content-type when returning metrics #4706 @lukidzi

Other:

  • add operations now create non-existent path elements #4595 @michaelbeaumont

Docs:

  • new policy matching proposal #4474 @lobkovilya

Other changes:

Gateway:
  • mention mesh name in gateway instance status #4678 @lahabana
  • add listener connection limits #4755 @michaelbeaumont
  • add loadBalancerIP to MeshGatewayInstance #4519 @michaelbeaumont
  • allow MeshGateway Dataplane Pods to bind privileged ports #4535 @michaelbeaumont
  • configure overload_manager based on max memory #4694 @michaelbeaumont
  • multi-zone cross-mesh MeshGateway #4443 @michaelbeaumont
  • propagate x-kuma-tags from MeshGateways #4476 @michaelbeaumont
  • send default static payload for empty gateway #4617 @tharun208
  • set path_with_escaped_slashes_action #4719 @michaelbeaumont
  • set cluster HTTP2 stream and connection window size #4779 @michaelbeaumont
  • set cluster per_connection_buffer_limit_bytes #4696 @michaelbeaumont
  • set global_downstream_max_connections to 50000 #4724 @michaelbeaumont
  • update to Gateway API v0.5.0, support v1beta1 resources #4599 @michaelbeaumont
  • validate listeners for collapsibility #4765 @michaelbeaumont
  • add MeshGateway dashboard #4555 @michaelbeaumont
Control Plane:
  • config cleanup (backport #4855) #4857 @mergify
  • don't set deprecated dns_resolver_config #4702 @michaelbeaumont
  • don't set deprecated known_suffixes #4701 @michaelbeaumont
  • remove deprecated Cluster.Http2ProtocolOptions #4528 @michaelbeaumont
  • remove versions_ws #4512 @lahabana
  • replace deprecated admin_access_log_path #4552 @lahabana
  • add /policies endpoint to list all registered policies #4708 @lahabana
  • authenticate DP every time #4685 @jakubdyszkiewicz
  • enrich policies endpoint #4791 @jakubdyszkiewicz
  • identify gateway service by deployment #4703 @parkanzky
  • separate CA for Envoy Admin communication #4676 @jakubdyszkiewicz
  • use remote address for Gateway #4530 @jakubdyszkiewicz
  • add operations now create non-existent path elements #4595 @michaelbeaumont
Data Plane:
  • remove envoy admin port flag #4574 @tharun208
  • detect memory limit only on linux #4715 @jakubdyszkiewicz
kumactl:
  • add a limit to the prom TSDB size #4651 @lahabana
  • remove old flags in install tp #4760 @lahabana
  • add MeshGateway to install demo #4679 @michaelbeaumont
  • add install control-plane --registry flag #4533 @michaelbeaumont
Documentation:
  • create MADR for MeshTrafficPermission #4666 @lobkovilya
  • new policy matching proposal #4474 @lobkovilya
  • policy matching, replace 'conf' with 'default' #4693 @lobkovilya
CNI:

Dependency updates:

  • update demo to latest version #4572 @lahabana
  • update Kuma GUI #4815 @kleinfreund #4723 @lahabana
  • use github.com/emicklei/go-restful/v3 #4665 @mmorel-35
  • bump alpine from 3.16.0 to 3.16.2 in /tools/releases/dockerfiles #4670 #4827 @dependabot
  • bump github.com/containerd/cgroups from 1.0.3 to 1.0.4 #4717 @dependabot
  • bump github.com/containernetworking/cni from 0.8.1 to 1.1.2 #4632 #4716 @dependabot
  • bump github.com/golang-jwt/jwt/v4 from 4.4.1 to 4.4.2 #4499 @dependabot
  • bump github.com/golang-migrate/migrate/v4 from 4.15.0 to 4.15.2 #4672 @dependabot
  • bump github.com/gruntwork-io/terratest from 0.40.15 to 0.40.20 #4469 #4480 @dependabot
  • bump github.com/miekg/dns from 1.1.49 to 1.1.50 #4492 @dependabot
  • bump github.com/onsi/gomega from 1.19.0 to 1.20.0 #4671 @dependabot
  • bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 #4783 @dependabot
  • bump github.com/prometheus/common from 0.34.0 to 0.37.0 #4489 #4627 @dependabot
  • bump github.com/spf13/cobra from 1.4.0 to 1.5.0 #4491 @dependabot
  • bump go.uber.org/zap from 1.21.0 to 1.22.0 #4829 @dependabot
  • bump google.golang.org/grpc from 1.47.0 to 1.48.0 #4631 @dependabot
  • bump google.golang.org/protobuf from 1.28.0 to 1.28.1 #4718 @dependabot
  • bump k8s.io/apiextensions-apiserver from 0.24.0 to 0.24.3 #4493 #4624 @dependabot
  • bump sigs.k8s.io/controller-runtime from 0.12.1 to 0.12.3 #4498 #4581 @dependabot
  • bump sigs.k8s.io/controller-tools from 0.9.0 to 0.9.2 #4549 @dependabot

[1.7.1]

Released on 2022/07/13

Fixes

Gateway

  • Nil pinter exception without any timeout (#4550)
  • Use remote address for Gateway (#4538)

kumactl

  • Update demo to latest version (#4587)

Control plane

  • Grant delete Pods in kuma-system namespace to control plane (#4575)
  • Don't fail generation if other mesh CAs are misconfigured (#4517)
  • Don't override timeout values for ExternalServices (#4568)

Data plane proxy

  • Access log path on windows when cp is on linux (#4518)

Helm

  • Fix extraConfigMap and cp labels (#4541)

General

  • Avoid -<arch> in version of the binaries (#4527)

[1.7.0]

Released on 2022/06/13

New features:

Cross Mesh Communication:

  • add cross-mesh MeshGateway listeners #4274#4405 @michaelbeaumont

ContainerPatch:

  • allow custom configuration of Kubernetes' kuma-init and kuma-sidecar containers by introducing ContainerPatch CRD #4280 #4362 / #4366 #4369 / #4370 @parkanzky, @bartsmykla

Observability:

  • hijack application metrics to enable scraping metrics from mTLSed applications without prometheus in the mesh #4286 #4388/#4406 @lukidzi
  • unified installation of metrics/logging/tracing into one command observability #4308 #4411/#4418 @lukidzi, @lahabana

ARM64 support:

  • added arm build and release pipeline #4231 @lukidzi
  • release for arm64 now publish correct arch image #4276 @lukidzi
  • upgrade kubectl to version with ARM support #4180 @lukidzi
  • support ARM Linux/Darwin for dev/tools #4199 @lukidzi
  • introduced map of arch for a specific build #4321 @lukidzi
  • do not exclude arm64 files from docker #4265 @lukidzi

Gateway:

  • add GatewayClass.Spec.ParametersRef support #4157 @michaelbeaumont
  • cp annotations from gateway to svc #4327 @johnharris85
  • only reconcile Gateway when GatewayClass is Ready #4162 @michaelbeaumont
  • auto generate hostname for crossMesh listeners #4421/#4424 @michaelbeaumont

Helm:

  • set host network var in helm/cp-deployment.yaml #4209 @SallyBlichWalkMe
  • add resource management for jobs #4254 @gdasson
  • option for automountSAT=false on cp #4309 @gdasson
  • helm chart improvements #4337 @bartsmykla

CP:

  • experimental transparent proxy annotation #4240 @parkanzky
  • graceful shutdown on Universal using HDS #4246 @jakubdyszkiewicz
  • intercept signal for different platforms #4283 @jakubdyszkiewicz
  • XDS config dump on Global CP #4301 @jakubdyszkiewicz
  • validate DP compat on kuma backend #4236 @parkanzky

DP:

  • graceful shutdown of kuma-dp #4229 @jakubdyszkiewicz

Fixes:

Gateway:

  • use MeshGatewayInstance mesh annotation when matching #4361/#4371 @michaelbeaumont

Helm:

  • remove replica from cp-deployment.yaml when autoscaling enabled #4447/#4454 @gustoliv

CP:

  • fix '/config_dump' request if Global CP is on Kubernetes #4363/#4372 @lobkovilya
  • add the latest version to compatibility matrix #4232 @parkanzky

DP:

  • clarify error log message when kuma-dp is wrongly connecting to global-cp #4269 @slonka

Kumactl:

  • fix transparent proxy --skip-conntrack-zone-split flag value #4334 @bartsmykla

Other notable changes:

Gateway:

  • add /finalizers permission for OwnerReferencesPermissionEnforcement plugin #4239 @michaelbeaumont
  • don't match on ALPN in gateway (#4198) #4272 @wjrbetts

Helm:

  • delete 'kubernetes.io/arch' node selector #4335 @lobkovilya

CP:

  • don't always recompute mesh contexts #4267 @michaelbeaumont
  • don't run dataplane gc in global #4184 @lahabana
  • graceful components #4277 @jakubdyszkiewicz
  • memory store cannot delete a parent #4194 @jakubdyszkiewicz
  • protocol check should be case-insensitive #4248 @lukidzi
  • remove dns server from control plane #4192 @lahabana
  • automatically detect dns lookup family for cp cluster #4275 @slonka

ZoneIngress:

  • graceful start of many ZoneIngresses #4305 @jakubdyszkiewicz

ZoneEgress:

  • resolve zone-ingress advertized address #4219 @lahabana
  • do not change ip to ZoneEgress address #4193 @lukidzi

Kumactl:

  • remove flag '--experimental-meshgateway' #4315 @lobkovilya

Timeout Policy:

  • deprecate 'timeout.grpc' section #4365/#4449 @lobkovilya

Other:

  • delete dns-server 5653 port from configuration and helm files #4339/#4345 @lobkovilya
  • support kube-linter tools to analyze Kubernetes YAML files #4294 @mangoGoForward

Dependency upgrades:

  • upgrade envoy to 1.22.1 #4288 #4464/#4465 @lobkovilya
  • upgrade kuma-cni to 0.0.10 #4313 @lobkovilya
  • upgrade tproxy iptables to v0.2.2 #4328 @bartsmykla
  • upgrade GUI to the latest version #4316 #4338 #4389/#4390 @jakubdyszkiewicz, @lahabana, @bartsmykla
  • upgrade protoc and regenerate files #4169 @lukidzi
  • bump github.com/golang-migrate/migrate/v4 from 4.15.1 to 4.15.2 #4234 @dependabot
  • bump github.com/gruntwork-io/terratest from 0.40.6 to 0.40.10 #4178 #4260 #4322 @dependabot
  • bump github.com/lib/pq from 1.10.5 to 1.10.6 #4299 @dependabot
  • bump github.com/miekg/dns from 1.1.48 to 1.1.49 #4291 @dependabot
  • bump github.com/onsi/ginkgo/v2 from 2.1.3 to 2.1.4 #4233 @dependabot
  • bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 #4290 @dependabot
  • bump github.com/prometheus/common from 0.33.0 to 0.34.0 #4235 @dependabot
  • bump github.com/spf13/viper from 1.10.0 to 1.11.0 #4177 @dependabot
  • bump google.golang.org/grpc from 1.45.0 to 1.46.2 #4213 #4289 @dependabot
  • bump k8s.io/apiextensions-apiserver from 0.23.5 to 0.24.0 #4216 @dependabot #4302/#4378
  • bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.1 #4302/#4378 @dependabot

Other:

  • automate policy generation #4197 @lobkovilya

[1.5.2]

Released on 2022/06/10

Dependency upgrades:

  • upgrade envoy to 1.21.3 #4456 @lobkovilya

[1.6.1]

Released on 2022/06/10

Fixes:

CP:

  • do not change ip to ZoneEgress address (backport #4193) #4195
  • memory store cannot delete a parent (backport #4194) #4196

Dependency upgrades:

  • upgrade envoy to 1.21.3 #4457 @lobkovilya

[1.6.0]

Released on 2022/04/11

New features:

Gateway:

  • release K8s GatewayAPI as preview 4072 4022 4045 4014 3956 @jakubdyszkiewicz,@michaelbeaumont
  • use MeshGatewayInstance name for generated objects 4097 @michaelbeaumont

Inspect api:

ZoneEgress:

  • Make zoneegress available in standalone mode 4100 @lahabana
  • added locality aware lb for external service 4048 @lukidzi
  • make zoneegress routing opt-in 4109 4013 @lukidzi
  • support RateLimit and FaultInjections 4000 @lobkovilya

Helm:

  • Allow customization of image tags in Helm chart 4068 @gdasson
  • Expose kuma-cp's metric port so it can be scraped by self-deployed prometheus. 4047 @jbehrends
  • add resource limits option for control plane deployment 4049 @gdasson
  • fail if global.image.tag and appVersion incompatible 4085 @michaelbeaumont
  • set version to track appVersion 4083 @michaelbeaumont
  • expose kuma-cp gui through ingress 4101 @lukidzi
  • allow specifying security context 4153 @gdasson @bartsmykla

Other:

  • feat(k8s): ability to set custom service account token volume 4036 @johnharris85
  • feat(k8s): shutdown kuma-dp container for any owner kind 4079 @lukidzi
  • feat(k8s): support startupProbes 4090 @lahabana
  • feat(kuma-cp): add uptime, policies, gateway dps to reports 3933 @parkanzky
  • feat(kuma-cp): add metrics and timeouts to CA interface 4089 @parkanzky
  • feat(kumactl): add --values and --set to kumactl install control-plane 4086 @lahabana
  • feat(transparent-proxy): add experimental tproxy iptables generation 4114 @bartsmykla

Dependency upgrades:

  • bump alpine from 3.15.0 to 3.15.2 in /tools/releases/dockerfiles 4060 4023 @dependabot
  • bump github.com/envoyproxy/protoc-gen-validate from 0.6.3 to 0.6.7 3978 3976 @dependabot
  • bump github.com/go-logr/logr from 1.2.2 to 1.2.3 4040 @dependabot
  • bump github.com/golang-jwt/jwt/v4 from 4.3.0 to 4.4.1 4061 4025 @dependabot
  • bump github.com/k8s/* from 0.23.4 to 0.23.5 4043 @lahabana
  • bump github.com/miekg/dns from 1.1.46 to 1.1.47 3998 @dependabot
  • bump github.com/onsi/gomega from 1.18.1 to 1.19.0 4062 @dependabot
  • bump github.com/spf13/cobra from 1.3.0 to 1.4.0 3995 @dependabot
  • bump go.uber.org/multierr from 1.7.0 to 1.8.0 3974 @dependabot
  • bump google.golang.org/grpc from 1.44.0 to 1.45.0 3993 @dependabot
  • bump google.golang.org/protobuf from 1.27.1 to 1.28.0 4046 @dependabot
  • bump helm.sh/helm/v3 from 3.8.0 to 3.8.1 3994 @dependabot
  • bump sigs.k8s.io/gateway-api from 0.4.1 to 0.4.2 3997 @dependabot
  • remove dependency on spire 4044 @lahabana

Other notable changes:

  • chore(k8s): replace cni registry 4070 @lobkovilya
  • chore(k8s): use appProtocol from service by default 4015 @jakubdyszkiewicz
  • chore(kuma-dp): cleanup bootstrap version field 3670 @tharun208
  • fix(gateway): fix status updating in MeshGatewayInstance reconciliation 4051 @michaelbeaumont
  • fix(gateway): gateway instance service reconciliation loops forever 4035 @jakubdyszkiewicz
  • fix(gateway): gateway reconciliation loops forever 4034 @jakubdyszkiewicz
  • fix(gateway): gateway tls listeners without hostnames 4093 @jakubdyszkiewicz
  • fix(gateway): ignore non TCP protocol for provided gateway 4067 @lahabana
  • fix(gateway): mesh gateway instance service target port 4071 @jakubdyszkiewicz
  • fix(gateway): skip creating MeshGateways without proper attachment 4011 @jakubdyszkiewicz
  • fix(helm): add prefix to app label in ingress/egress deployment 4123 @lahabana
  • fix(helm): fix other template prefix in ingress/egress 4124 @lahabana
  • fix(helm): remove wildcard rbac version 4148 @johnharris85
  • fix(k8s): reconcile serviceMaps when using mesh namespace annotation 3815 @lahabana
  • fix(kuma-cp): avoid generating excessive envoy clusters 3984 @lobkovilya
  • fix(kuma-cp): default policy creation 4073 @lobkovilya
  • fix(kuma-cp): guard the nil version in metadata 3969 @jakubdyszkiewicz
  • fix(kuma-cp): provide better message when running with an in-memory database 3982 @lukidzi
  • fix(kuma-dp): better error message when the token is invalid 3961 @lahabana
  • fix(kumactl): add mesh flag to only commands that uses it 3788 @tharun208
  • fix(kumactl): split yaml correctly in kumactl apply 4107 @lahabana
  • fix(proxytemplate): avoid validation error 3937 @marcoferrer
  • fix(proxytemplate): execute hooks before proxy template modifications 4055 @jakubdyszkiewicz
  • perf(k8s): move outbounds from Dataplane to Config 3986 @jakubdyszkiewicz

[1.5.1]

Released on 2022/04/06

  • chore(k8s): replace cni registry (backport #4070) 4076
  • fix(kuma-cp): default policy creation (backport #4073) 4080
  • fix(kuma-cp): guard the nil version in metadata (backport #3969) 3970

[1.5.0]

Released on 2022/02/23

  • feat(*): zone egress #3809 #3757

  • feat(kuma-cp) data plane proxy membership #3619

  • feat(kuma-cp): reachable services in transparent proxying #3791

  • feat(inspect-api): retrieve full XDS config #3768

  • feat(*): inspect api support #3805 #3568 #3462

  • feat(kuma-cp): add proxytemplate to matched policies for inspect poli鈥 #3786 馃憤contributed by @tharun208

  • feat(kuma-cp): enable traffic route for inspect endpoints #3735 馃憤contributed by @tharun208

  • feat(*): move adminPort to DPP resource #3739

  • feat(helm): add imagePullSecrets support #3755 馃憤contributed by @johnharris85

  • feat(*): enable Gateway with runtime flag #3736

  • feat(kumactl): add --api-timeout flag #3723

  • feat: allow for ca/identity secrets for every mesh #3696

  • feat(kuma-cp): allow extra cm in kuma cp chart #3671 馃憤contributed by @wjrbetts

  • feat(kuma-cp): add gui link in index api response #3675 馃憤contributed by @tharun208

  • feat(*): allow ca.crt to be in separate k8s secret #3638

  • feat(kumactl): add type of logging and tracing backends with name in table output #3636 馃憤contributed by @tharun208

  • feat(kuma-cp): enable client side gRPC keepalive #3574

  • feat(gui): new onboarding view kumahq/kuma-gui#194

  • feat(gui): link to documentation from policy view kumahq/kuma-gui#289

  • fix(kuma-cp): do not update unchanged insights #3819

  • fix(*): do not annotate gateway services with ingress upstream #3816

  • fix(*): properly escape DB password when creating postgres connection string #3804

  • fix(kuma-cp): fix missing label sidecar injection #3740

  • fix(kuma-dp): fix conntrack collisions #3459 馃憤contributed by @johnharris85

  • fix(conf): remove invalid health check fields from example #3697 馃憤contributed by @tharun208

  • fix(kuma-dp): binary lookup function skips not available directories #3667

  • fix(k8s): make sure controllers start after leader election #3666

  • fix(build): fix gomega matchers for inspect resources command test #3660 #3651 馃憤contributed by @tharun208

  • fix(kumactl): ignore any unregistered CRDs, not only from the root chart #3643

  • fix(kumactl): print meta before spec for Kuma resources #3637

  • fix(kuma-cp): add cp selector to global sync service #3579

  • fix(kuma-cp) do not override other dataplane with dp lifecycle #3507

  • fix(helm) Add support to customize nodeport #1944 馃憤contributed by @bhiravabhatla

  • perf(kuma-cp): use mesh snapshot in proxy builder #3700

  • perf(kuma-cp): use mesh snapshot in gateway #3710

  • perf(kuma-cp): share mesh context #3659

  • improvement(metadata): include name of annotation to parse error message #3677 馃憤contributed by @ChinYing-Li

  • refactor(insights): delete method GetLatestSubscription for insights #3656 馃憤contributed by @tharun208

  • refactor(kuma-cp): unify mesh determination for k8s objects #3708

  • refactor(*): replace ensureDefaultXXX functions with a single generic function #3662 馃憤contributed by @tharun208

  • chore(zone-ingress): delete deprecated env KUMA_DATAPLANE_ADMIN_PORT #3766

  • chore(k8s): remove GetBool method and use GetEnabled #3698 馃憤contributed by @tharun208

  • chore(*): generate CRD types #3453

  • chore(dataplane)!: disallow using 0.0.0.0 in networking.address for dp #3691

  • chore(kuma-cp): consolidate mesh defaults creation #3678

  • chore(config): remove ability to disable insights #3501

  • chore(*): remove old Ingress #3435

  • chore(*): upgrade Envoy to v1.21.1 #3909

  • chore(grafana): update to latest grafana plugin version #3812

  • ci(*): release on every commit in master and release branches #3712

[1.4.1]

Released on 2021/12/15

  • feat: add kubernetes tags automatically #3439
  • perf: update Mesh and ServiceInsights only when really needed #3463
  • perf: eliminate uneccessary JSON marshalling #3483
  • feat: sidecar injection webhook based on labels #3417
  • chore: upgrade gui to new version #3454
  • test: fix postgress tests permissions #3443
  • feat: add affinity to CP and Ingress pods #3036 馃憤contributed by @andrey-dubnik
  • chore: bump github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.2.0 #3432
  • feat: consolidate tokens logic to support expiration, rotation, revocation and RSA256 #3376
  • fix: simplify cluster creation with endpoints #3403
  • fix: enable metrics hijacker for current version of Kuma #3405
  • fix: switch to mTLS when CP communicates with Envoy Admin #3353
  • chore: bump github.com/spiffe/spire from 0.12.3 to 1.1.1 #3388
  • chore: bump github.com/spf13/viper from 1.8.1 to 1.9.0 #3389
  • fix: validate cp url in dp conf #3357
  • chore: send reports to tls endpoint #3361
  • chore: check explicit service account name #3228
  • feat: inspect other dependencies versions #3352
  • chore: add area/gateway label #3263
  • chore: remove dp token from xds metadata #3282
  • refactor: move from io/ioutil to io and os packages #3265 馃憤contributed by @Juneezee
  • fix: validate newly generated xDS snapshots #3195
  • chore: bump k8s.io/apiextensions-apiserver from 0.22.3 to 0.22.4 #3218
  • chore: bump helm chart version to 0.8 #3202

[1.4.0]

Released on 2021/11/19

  • chore(*) scripts for build, publish and fetch Envoy binaries #3110 #3182
  • chore(kuma-cp) upgrade gui to new version #3178 #3179
  • chore(kuma-cp) Use go structs instead of gotemplate for bootstrap #3156 #3173
  • chore(deps): bump github.com/slok/go-http-metrics from 0.9.0 to 0.10.0 #3170
  • Disable reporting by default #3070 #3159
  • chore(kumactl) remove install CRDs filter function #3139
  • feat(kuma-dp) Add conf to disable service vip #3143
  • chore(kuma-cp) update some TODO comments #3141
  • feat(kuma-cp) Add kuma.io/ignore annotation #3142
  • fix(kuma-dp) match gateway cluster names in the hijacker #3106
  • feat: add ECDSA certificate generator support #3093
  • feat: add more global resources to GlobalInsights #3094
  • feat: allow creating secrets for the not yet existing mesh #3076 馃憤contributed by cloudwiz
  • feat: don't add v6 in DNS when v6 is disabled #3089
  • fix: explicitly disable dns in env when disabled in injector #3077
  • feat: added support for https tracing endpoint #3057 馃憤contributed by sudeeptoroy
  • fix: normalize generating TLS certificates #3027
  • fix: zero downtime when enabling permissive mTLS #3019
  • feat: add deprecation notice for kuma-prometheus-sd #2994
  • feat: add GlobalInsights api endpoint #3018
  • fix: duplicate TLS certificate usage #3008
  • chore: add command argument count parameters #3010
  • feat: aggregate dp stats by type in MeshInsight #2999
  • chore: delete CLI flag '--bootstrap-version' #2965
  • feat: show the effective Dataplane address #2977
  • feat: aggregate services in MeshInsight #2974
  • fix: allow only one healthcheck #2972
  • feat: give CA managers all backends at once #2956
  • chore: normalize timeout configurer API #2934
  • fix: locality-aware lb for external-services #2903
  • feat: add install control-plane --version flag for all components #2904
  • feat: add zone selector to Kuma Mesh dashboard #2860
  • fix: possible to delete resources on Zone CP #2665
  • fix: make cluster names contextually unique #3098
  • feat: automatically enable gzip content on gateways #3104
  • feat: add Gateway TLS termination support #3044
  • feat: add gateway support for external services #2990
  • fix: enable secrets support for Gateway resources #2953
  • feat: initial connection policy support for Gateway #2933
  • feat: add access to generate zone ingress token #3075
  • feat: user token with RSA256 #2992
  • feat: prefix system users and groups with mesh-system #3013
  • feat: localhost is not an admin on kubernetes #3003
  • feat: user token enabled by default #2941
  • feat: Admin User Token bootstrap #2923
  • chore: refactor access control for individual access #2983
  • feat: support plugin based authentication including user tokens #2895
  • feat: User Token for API Server authentication #2892
  • chore: refactor authz and authn to plugins #2837
  • chore(kuma-cp) upgrade gui to new version #3148
  • chore(*) upgrade to Go 1.17.3 #3147
  • chore(deps): bump github.com/operator-framework/operator-lib #3158
  • chore(deps): bump github.com/gruntwork-io/terratest #3130
  • chore: update helm and controller-runtime #2764
  • chore: bump github.com/lib/pq from 1.10.3 to 1.10.4 #3131
  • chore: bump google.golang.org/grpc from 1.41.0 to 1.42.0 #3101
  • chore: bump github.com/prometheus/common from 0.31.1 to 0.32.1 #3006
  • chore: bump github.com/envoyproxy/protoc-gen-validate #3007
  • chore: bump github.com/google/uuid from 1.2.0 to 1.3.0 #2839
  • chore: bump sigs.k8s.io/controller-runtime from 0.10.2 to 0.10.3 #3132
  • chore: bump k8s.io/client-go from 0.22.2 to 0.22.3 #3061
  • chore: bump k8s.io/apiextensions-apiserver from 0.22.2 to 0.22.3 #3059
  • chore: bump k8s.io/api from 0.22.2 to 0.22.3 #3058
  • chore: bump github.com/golang-migrate/migrate/v4 #2970
  • chore: bump helm.sh/helm/v3 from 3.6.1 to 3.7.1 #2968
  • chore: bump github.com/miekg/dns from 1.0.14 to 1.1.43 in /pkg/transparentproxy/istio #2752

[1.3.1]

Released on 2021/10/06

  • fix: disable zone #2884
  • fix: limit number of postgres connection by default #2866
  • feat: add zone selector to Kuma Service to Service dashboard #2876
  • feat: add zone selector to Kuma Service dashboard #2865
  • feat: add zone selector to Kuma Dataplane dashboard #2864
  • fix: fix duplicates in dataplane list in Kuma Services dashboard #2845
  • chore: migrate install resources from rbac API v1beta1 to v1 #2875
  • fix: fault injection matching #2757
  • fix: delete kuma.io/region and kuma.io/sub-zone #2824
  • feat: print control plane version with version cmd #2834
  • fix: Only warn about version compatibility where it makes sense #2828
  • perf: remove insight update rate limit burst #2825
  • perf: apply ratelimit to service insights #2815
  • feat: adds support for specifying specific IP for cloud provider load balancers for ingress service #2779 馃憤contributed by @jamesdbloom
  • fix: send tool output to stdout #2787
  • fix: switch to a Kuma fork of go-control-plane #2771
  • chore: parametrize label on the deployment #2765
  • perf: set Node only on first DiscoveryRequest #2741
  • feat: verify ServiceAccountToken bound to a Pod #2745
  • feat: internal dns should resolve AAAA records #2760
  • fix: Add FORMERR and NOTIMP in alternate default coredns conf #2756
  • fix: virtual probes with query #2706
  • fix: Avoid calling Send() from different goroutines #2573
  • feat: automatically set proxy concurrency #2691
  • feat: Improve builtin grafana setup to have traces and logs linked #2716
  • fix: Show gateway services in service-insights #2711
  • fix: Correct bad merging of duration #2700
  • fix: Ensure outbounds are set when migrating from old to new #2698
  • fix: get rid of regex for parsing IPs #2681
  • feat: add CP config to ZoneInsights #2661
  • feat: generate GatewayRoute clusters #2819
  • feat: add GatewayRoute route generation #2782
  • feat: match gateway routes #2758
  • feat: initial gateway TrafficRoute support #2547
  • feat: add a GatewayRoute resource #2591
  • chore: update base image for kuma-dp #2881
  • chore: change Go JWT version to fix security vunerability #2844
  • chore: bump go.uber.org/zap from 1.17.0 to 1.19.1 #2768
  • chore: bump google.golang.org/grpc from 1.38.0 to 1.40.0 #2737
  • chore: bump github.com/miekg/dns from 1.1.42 to 1.1.43 #2769
  • chore: upgrade github.com/spf13/cobra #2732
  • chore: bump alpine in /tools/releases/dockerfiles #2705
  • chore: bump github.com/onsi/gomega from 1.13.0 to 1.16.0 #2657
  • chore: update envoy to 1.18.4 #2667

[1.3.0]

Released on 2021/08/24

  • feat: remove provided ca cert validation #2663 馃憤contributed by Nikita Pande (@nikita15p)
  • feat: Use kuma-sd in kumactl install metrics #2654
  • feat: Add new datasource to kumactl install metrics #2640
  • fix: remove extra endline in traffic log default template #2514
  • fix: TLSInspector is causing tcp healthcheck failures #2639
  • feat: Add rate-limit to outbound interfaces #2435
  • fix: print a newline with transparent proxy setup message #2634
  • chore: bump alpine in /tools/releases/dockerfiles #2531
  • chore: annotate required fields in proto files #2556
  • chore: remove MADS v1alpha1 #2632
  • chore: parametrize kuma tracing in ZipkinCollectorURL #2635
  • chore: Add the number of services to usage stats #2628
  • feat: Add the permissive mTLS mode #2579
  • chore: open CAProvider and MeshValidator for extensions #2618
  • feat: Add entity for virtual-outbound #2576
  • fix: Don't set zap.Development() in debug log #2608
  • chore(kuma-cp) upgrade gui to new version #2611, #2452, #2554, #2528, #2497, #2490, #2481
  • feat: Build kuma on Windows #2597, #2606, #2559
  • feat: Add CA backend stats in Dataplane and Mesh Insights #2562
  • fix: missing key for kv in reports logging #2598
  • chore: split listener configurers across source files #2592
  • feat: add simple HTTP connection configurers #2593
  • feat: add virtual host domain name configurer #2590
  • feat: return instance and cluster IDs in kuma-cp API statuses #2589
  • tests: allow kuma-specific const to be overridden #2582
  • feat: Intermediate CA support #2575
  • fix: Avoid nil dereferencing in dp validator #2578
  • chore: consistently use utils package for protobuf wrappers #2570
  • fix: subscription finalizer, rev 2 #2526
  • tests: fix flaky test for locality aware loadbalancing #2564
  • fix: DP tracking lock consistency fix #2567
  • chore: Certificates over ADS #2558
  • chore: migrate DiscoveryRequest/Response in KDS to V3 #2541
  • feat: Rewrite dns persistence to allow virtual-outbound to be added #2484
  • fix: deleted default policy is created on Kuma CP restart #2507
  • chore: Move kumactl logging arguments to where they can be parameterized #2544
  • chore: add route and virtual host configuration helpers #2517
  • chore: fix kumactl generate dataplane proxy-type flag deprecation message #2522 馃憤contributed by Tharun Rajendran
  • chore: Simplify resource-gen.go by generating ResourceDescriptor #2511
  • chore: Replace netcat with test server #2510
  • feat: configure SNI on ExternalService #2467
  • chore: add importas to golangci-lint #2516 馃憤contributed by Tharun Rajendran
  • chore: add to resource-gen.go generation of kds options #2487
  • chore: add to resource-gen.go generation of kumactl options #2469
  • fix: add owner when create ZoneIngressInsight #2456
  • fix: hijacker merge labels #2476
  • chore: improve resource-gen by auto generating ws code #2466
  • fix: clarify invalid resource type message #2473
  • fix: implement TextMarshaler for JSON keys #2475
  • chore: simplify resourceWsDefinition and server init #2477
  • fix: Stop adding outbounds to dp for vips #2421
  • chore(*) make port validation consistent #2448

[1.2.3]

Released on 2021/07/29

  • fix(kumactl) warn about fail to check the CP version #2438
  • fix(kuma-cp) handle missing connection info #2439
  • chore(xds) rename logger to have consistent naming style #2375 馃憤contributed by burntcarrot
  • fix(kuma-cp) set better keep-alive for bootstrap #2432
  • fix(kuma-dp) validate the DP proxy type #2186
  • fix(kuma-cp) use the typed config for TLS Inspector #2373

[1.2.2]

Released on 2021/07/16

  • feat: add datadog traffic tracing #2269
  • refactor: add kumactl install tracing context #2343
  • chore: improve kumactl install transparent-proxy flags description, add extra validation #2352
  • fix: broken SDS auth and XDS generation on rapid DP restarts #2342
  • fix: allow verbose log levels #2351
  • chore: use resource types for DataplaneInsight tracking #2324
  • chore: improve resource manager initialization readability #2316
  • chore: upgrade gui to new version #2340, #2325, #2315
  • fix: allocate a new VIP for ExternalService host #2302
  • fix: stop components on leader election lost #2318
  • chore: generate system resource wrappers #2282, #2311
  • chore: remove access log V2 #2301
  • chore: generate DeepCopy interfaces #2222
  • chore: disable log sampling #2273
  • chore: upgrade Protocol Buffers #2244
  • chore: change default number of insights subscriptions #2266
  • chore: make the authentication interface type oblivious #2271
  • fix: fix hds disabled on dpserver #2268 馃憤contributed by Bastien Chatelard
  • chore: refactor xDS metadata to store a generic resource #2264
  • feat: change KDS max message limit #2265

[1.2.1]

Released on 2021/06/30

  • fix: Dataplane/ZoneIngress/Zone status problem when control plane forcefully exits #2246
  • chore: reduce memory usage by reducing cache key size #2214 #2230 馃憤contributed by nhamlh
  • fix: ZoneIngress always shows up as 'offline' #2209
  • feat: dataplane use advertise address to add a routable ip if address is not public ip #2116 馃憤contributed by sudeeptoroy
  • fix: builtin DNS resolve alias with dots #2208
  • feat: add SNI to TLSed ExternalServices #2211
  • fix: fix race condition in cache #2202 馃憤contributed by nhamlh
  • fix: supported versions of Kuma DP in the GUI #2193

[1.2.0]

Released on 2021/06/17

  • feat: Introduce ZoneIngress #2147 #2169

  • feat: enable dataplane dns by default #2152

  • feat: add --verbose flag to kuma-init #2156

  • feat: log rotation #2100 馃憤contributed by @nikita15p

  • feat: mads, allow specifying fetch-timeout via query param #2148 馃憤contributed by @austince

  • feat: mads, add support for HTTP long polling #2121 馃憤contributed by @austince

  • feat(mads) implement v1 API #1753 馃憤contributed by @austince

  • feat: add RateLimit policy #2083

  • feat: TrafficRoute L7 #2013 #2042 #2062 #2072 #2168

  • feat: allow renegotiation for TLS in ExternalServices #2135

  • feat: pass header when communicating with CP #2049 馃憤contributed by sudeeptoroy

  • feat: change default traffic route policy #2075

  • feat: command to install kong enterprise ingress #1999

  • feat: add postgres max idle connections configuration #2020 馃憤contributed by @nikita15p

  • feat: add kumactl --no-config flag #2048

  • feat: nodeselector across all pods with HELM #2012

  • feat: enable forwarding XFCC header #1941 馃憤contributed by @jewertow

  • feat: TrafficPermission for ExternalServices #1957

  • feat: metrics hijacker #1899

  • feat: extend CircuitBreaker #1655

  • chore: remove API V2 #2119

  • chore: bump webhooks version #2126

  • chore: drop deprecated Envoy options #2143

  • chore: dockerfiles, add a user for kuma-cp #2129

  • chore: bump cni version to 0.0.9 #2137

  • chore: rename remote cp to zone cp #2125

  • chore: bump versions of logging, metrics, tracing #2178

  • chore: parametrize bitnami/kubectl #2151

  • chore: backwards compatible metrics #2173

  • chore: upgrade Envoy version to 1.18.3 #2145

  • chore updated go-control-plane #2082 馃憤contributed by @sudeeptoroy

  • chore: fix misspelled words #1984 馃憤contributed by @tharun208

  • chore: upgrade GUI #2157

  • chore namespace source names for v1 API #1896 馃憤contributed by @austince

  • chore: use cmux for MADS server #1887

  • chore: Add internal support for outbound UDP listeners #1618 馃憤contributed by @lahabana

  • chore: Avoid generating duplicate subsets in ingress 馃憤contributed by @lahabana

  • chore: upgrade to apiextensions.k8s.io/v1 #1108 馃憤contributed by @austince

  • fix: Clear snapshots from cache on disconnect #2172 馃憤contributed by @lahabana

  • fix: use service account name to identify sync #2127

  • fix: raise the regex program size limit #2139

  • fix: pass query parameters through the metrics hijacker #2124

  • fix: matching endpoints by tags #2096

  • fix: manage and warn on control plane file limits #2057 #2106

  • fix: fix transparent-proxy for GCP/GKE #2051

  • fix: set death signal on child processes #2045

  • fix: TrafficRoute in multizone issue #1979

[1.1.6]

Released on 2021/05/13

  • feat: expose reuse_connection in healthchecks #1952
  • feat: allow tcp/http healthchecks together #1951
  • feat: kumactl option to install gateway types #1950
  • feat: kumactl option to install kuma demo app #1932
  • feat: kumactl option to install Kong ingress #1929
  • feat: support all tags in traffic permission #1902
  • fix: gateway status was always reporting offline #1946
  • fix: don't cache failed calls #1894 馃憤contributed by @lahabana
  • chore: add hostname when sending traces to the collector #1962
  • docs: prepare api docs generation #1741
  • test: azure aks and e2e improvements for the CI #1880 #1871 #1933 #1953 #1972

[1.1.5]

Released on 2021/04/29

  • feat: generate outbounds for itself #1900
  • chore: migrate from bintray #1901
  • chore: GUI updates and fixes #1897
  • chore: kumactl check version after loading config #1879
  • chore: transparent proxy improvements #1852
  • chore upgrade Go to 16.3 and use go embed #1864 #1865
  • fix: always set locality in multizone #1863
  • fix: Envoy config is created based on old Dataplane #1848

[1.1.4]

Released on 2021/04/19

  • chore: force all DNS traffic capture #1842

[1.1.3]

Released on 2021/04/16

  • feat: support External Services with original hostname and port (built-in DNS) #1807 #1811 #1817 #1812 #1821 #1824 #1828 #1822
  • fix: pass validation of V3 specific configs in ProxyTemplate #1819
  • chore: support ingress annotations (kuma.io/ingress-public-address and kuma.io/ingress-public-port) in HELM #1796

[1.1.2]

Released on 2021/04/09

  • feat: extend CircuitBreaker policy with Thresholds #1688
  • feat: enable IPv6 support and tests #1726 #1734
  • feat: unuversal mode transparent-proxy firewalld support #1702
  • feat: new Grafana charts for golden signals and L7 metrics #1739 #1786
  • chore: verify e2e tests run in EKS #1684 #1685 #1744
  • chore: upgrade CRDS to apiextensions.k8s.io/v1 #1108
  • fix: helm cp service annotations #1767 馃憤contributed by nbrink91
  • fix: gui fixes #1773
  • fix: KDS may delete ConfigMaps on Control Plane restarts #1769
  • fix: Kuma CP restart may cause stale Envoy configs on Universal #1749
  • fix: use EnvoyGRPC to fix DNS resolving #1740
  • fix: fix ingress-enabled #1725
  • fix: pick HTTP health checker version depending on outbound's protocol #1714
  • fix: improve the DNS server bind message #1701
  • fix: validate --name and --mesh when dataplane is provided #1771
  • fix: better error messages when there is problem with pod dataplane convertion #1743
  • fix: crashes under load #1694 #1695

[1.1.1]

Released on 2021/03/11

  • fix: make sure we enumerate all types in kumactl #1673
  • fix: annnotate service with ingress that has no annotations #1671
  • fix: improve err message if $HOME is not defined #1664
  • feat: zipkin config add shared span context option #1660 馃憤contributed by @ericmustin
  • feat: get rid of 'changed' check #1663