Changelog

chore(deps): bump Envoy from 1.22.2 to 1.22.7 @mergify
chore(deps): security update #5965 @kumahq
chore(deps): use latest kumahq/kuma-gui #5915 @kumahq
feat(api-server): manual mTLS (backport #5979) #5981 @mergify
fix(helm): use custom CA in egress and ingress too (backport #5980) @mergify
fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) #5953 @mergify

2.0.3

Released on 2023/02/14

chore(deps): bump Envoy from 1.22.2 to 1.22.7 #5986 @mergify
chore(deps): security update #5969 @kumahq
fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) @mergify

1.8.4

Released on 2023/02/14

chore(deps): bump Envoy from 1.22.2 to 1.22.7 @mergify
chore(deps): security update #5763 @kumahq
fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) #5955 @mergify

1.7.5

Released on 2023/02/14

chore(deps): bump Envoy from 1.22.2 to 1.22.7 #5988 @mergify
chore(deps): security update #5966 @kumahq

1.6.5

Released on 2023/02/14

chore(deps): bump Envoy from 1.22.2 to 1.22.7 #5989 @mergify
chore(deps): security update #5964 @kumahq

2.1.0

Released on 2023/01/30

chore(deps): bump alpine from 3.16.2 to 3.17.0 #5308 @dependabot
chore(deps): bump github.com/Masterminds/semver/v3 from 3.1.1 to 3.2.0 #5377 @dependabot
chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 @dependabot
chore(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12 #5600 @dependabot
chore(deps): bump github.com/containernetworking/plugins from 1.1.1 to 1.2.0 @dependabot
chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.13 to 0.9.1 #5277 #5460 @dependabot
chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.4.3 @dependabot
chore(deps): bump github.com/gruntwork-io/terratest from 0.40.24 to 0.41.8 #5310 #5426 #5688 @dependabot,@lahabana
chore(deps): bump github.com/kumahq/kuma-net from 0.8.7 to 0.8.10 #5513 @lukidzi
chore(deps): bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.7.0 #5351 @dependabot
chore(deps): bump github.com/onsi/gomega from 1.23.0 to 1.25.0 #5275 #5539 @dependabot
chore(deps): bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0 #5274 @dependabot
chore(deps): bump github.com/prometheus/common from 0.37.0 to 0.39.0 #5483 @dependabot
chore(deps): bump github.com/prometheus/prometheus from 0.39.1 to 0.41.0 #5320 #5376 #5526 @dependabot
chore(deps): bump github.com/sethvargo/go-retry from 0.2.3 to 0.2.4 #5524 @dependabot
chore(deps): bump github.com/shopspring/decimal from 1.2.0 to 1.3.1 @dependabot
chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.15.0 #5273 @dependabot
chore(deps): bump go.uber.org/multierr from 1.8.0 to 1.9.0 #5525 @dependabot
chore(deps): bump go.uber.org/zap from 1.23.0 to 1.24.0 @dependabot
chore(deps): bump golang.org/x/net from 0.1.0 to 0.5.0 #5315 #5623 @dependabot
chore(deps): bump golang.org/x/sys from 0.1.0 to 0.4.0 #5430 @dependabot
chore(deps): bump golang.org/x/text from 0.4.0 to 0.6.0 #5458 @dependabot
chore(deps): bump golang.org/x/time from 0.1.0 to 0.3.0 #5325 @dependabot
chore(deps): bump google.golang.org/grpc from 1.50.1 to 1.52.0 #5352 @dependabot
chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.11.0 #5592 @dependabot
chore(deps): bump istio.io/pkg from v0.0.0-20201202160453-b7f8c8c88ca3 to v0.0.0-20221115183735-2aabb09bf0bb #5330 @mmorel-35
chore(deps): bump k8s.io/apiextensions-apiserver from 0.25.3 to 0.25.4 @mmorel-35
chore(deps): bump k8s.io/client-go from 0.25.3 to 0.25.4 #5316 @dependabot
chore(deps): bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 @dependabot
chore(deps): bump sigs.k8s.io/controller-runtime from 0.13.0 to 0.13.1 #5276 @dependabot
chore(deps): bump sigs.k8s.io/controller-tools from 0.10.0 to 0.11.1, @dependabot
chore(deps): bump tibdex/github-app-token from 1.6.0 to 1.8.0 #5434 @dependabot
chore(deps): install dev tools and split if more repos #5528 @lukidzi
chore(deps): security update @kumahq
chore(deps): update coreDNS to 1.10.0 #5626 @lahabana
chore(deps): update to emicklei/go-restful/v3 v3.10.1 and remove @dependabot
chore(deps): upgrade k3d #5518 @lukidzi
chore(deps): use latest kumahq/kuma-gui #5272 #5307 #5332 #5371 #5405 #5486 #5572 #5619 #5675 #5700 #5732 #5772 #5805 #5826 #5851 #5866 @kumahq
chore(deps): use sigs.k8s.io/yaml #5215 @mmorel-35
feat(MeshAccessLog): add OmitEmptyValues to MeshAccessLog format @mmorel-35
feat(MeshGatewayInstance): respect kuma.io/mesh label #5256 @michaelbeaumont
feat(MeshGatewayRoute): response header filter @michaelbeaumont
feat(api-server): ability to set rootUrl for GUI and API #5295 @lahabana
feat(api-server): add name search to dataplane overview @lahabana
feat(api-server): contain matches on name and tags #5606 @lahabana
feat(build): consistent docker images @slonka
feat(build): idempotent build #5291 #5403 #5407 @slonka
feat(gateway): add support for match header PRESENT and ABSENT #5739 @lahabana
feat(gui): serve index from all paths without extension @lahabana
feat(helm): add tolerations to Helm chart #5549 @KrustyHack
feat(helm): allow injecting env from parent projects @slonka
feat(helm): use object instead of list for plugins.policies #5735 @michaelbeaumont
feat(kuma-cp): add possibility to run diagnostics on TLS @mmorel-35
feat(kuma-cp): added configuration of plugins and its order #5472 @lukidzi
feat(kuma-cp): intOrString as decimal in the API @jakubdyszkiewicz
feat(kuma-cp): intercp communication protocol #5445 @jakubdyszkiewicz
feat(kuma-cp): recover from watchdog panics #5581 @jakubdyszkiewicz
feat(kuma-cp): remove value of secret when logging Secret Resources @Automaat
feat(kumactl): added option to install transparent proxy with docker #5284 @lukidzi
feat(policy): allow merging by a complex key @michaelbeaumont
feat(policy): append policy slices #5515 @jakubdyszkiewicz
feat(policy): don’t use protobuf for DataSource in policies #5756 @Automaat
feat(policy): implement MeshCircuitBreaker policy #5493 @bartsmykla,@lobkovilya
feat(policy): implement MeshFaultInjection policy #5723 @lukidzi
feat(policy): implement MeshHTTPRoute policy #5530 #5653 @michaelbeaumont,@slonka
feat(policy): implement MeshHealthCheck policy #5369 #5503 #5713 @lahabana,@lobkovilya,@michaelbeaumont,@slonka
feat(policy): implement MeshProxyPatch policy #5578 @jakubdyszkiewicz
feat(policy): implement MeshRateLimit policy #5362 #5710 @lobkovilya,@lukidzi
feat(policy): implement MeshRetry policy #5478 #5583 #5808 @lobkovilya,@slonka
feat(policy): implement MeshTimeout policy #5364 @Automaat,@michaelbeaumont
feat(policy): improve rules api #5785 @lahabana
feat(policy): validate schema only during the user’s input unmarshal @lobkovilya
feat(security): add dependabot security updates to release branches #5731 #5758 #5778 @slonka
fix(MeshAccessLog): update API to align with the memo #5580 @lobkovilya
fix(MeshGateway): properly apply Service template annotations to existing Service @michaelbeaumont
fix(MeshTrace): adjust MeshTrace to follow the memo #5743 @lobkovilya
fix(api-server): fix tags filter value with : @lahabana
fix(api-server): remove spec from inspect policy output #5491 @lahabana
fix(api-server): return 400 on invalid resource name @lahabana
fix(gateway): be more lenient with prefix paths trailing slashes #5299 @michaelbeaumont
fix(gui): add version and basedOnKuma to index.html @lahabana
fix(kuma-cp): add option to disable sslsni in universal #5318 @michaelbeaumont
fix(kuma-cp): allow to set policies order from others projects @lukidzi
fix(kuma-cp): change way of setting if resource is read only #5345 @lukidzi
fix(kuma-cp): concurrent mesh cache map write @michaelbeaumont
fix(kuma-cp): don’t cache filtered data #5574 @lukidzi
fix(kuma-cp): filtering of name prefix on K8S @jakubdyszkiewicz
fix(kuma-cp): fix appending of pointer to slice in policies config #5784 @Automaat
fix(kuma-cp): fix kafka_type tag creation regex @Automaat
fix(kuma-cp): fixed error when logging ExternalServiceResourceList and MeshResourceList #5423 @Automaat
fix(kuma-cp): forward envoy admin operations to proper instance @jakubdyszkiewicz
fix(kuma-cp): increase kuma-init memory limit when using ebpf #5579 @lukidzi
fix(kuma-cp): kds deadlock @jakubdyszkiewicz
fix(kuma-cp): make validate list aware of the mesh #5280 @slonka
fix(kuma-cp): memory store keeps children after owner update @jakubdyszkiewicz
fix(kuma-cp): only put policies in MeshInsight #5577 @lahabana
fix(kuma-cp): retrieve name from owner not parsing pod name for Deployments/CronJob @lukidzi
fix(kuma-cp): use sni to verify upstream certificate san when specified instead of address #5347 @jamesdbloom
fix(kuma-cp): warn when using deprecated token id @lahabana
fix(kuma-dp): allow to configure address of application to scrape #5326 @lukidzi
fix(kuma-dp): tolerate endline in token file @lahabana
fix(kumactl): remove PodSecurityPolicy from install observability #5382 @michaelbeaumont
fix(kumactl): set klog to avoid logs from k8s @lahabana
fix(kumactl): use the same client in kumactl apply #5327 @lahabana
fix(policy): change percentage field from int to intOrString @lukidzi
fix(policy): fix schema.yaml to have correct metadata #5349 @lahabana
fix(policy): make targetRef required @AyushSenapati
fix(policy): remove superfluous var usage #5627 @AyushSenapati
fix(policy): use GatewayAPI style header modifier in all policies @lahabana
fix(policy): use PascalCase for all constants #5747 @lahabana
fix(universal): don’t set sslsni option if not disabled (backport #5419) @mergify
fix(xds): don’t read metadata in ProxyBuilders #5414 @lahabana
fix(xds): sort resources when building MeshContext @lobkovilya

1.5.4

Released on 2023/01/12

chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 @mergify
chore(deps): update coreDNS to 1.10.0 (backport #5626) #5659 @mergify
chore(helm): remove duplicate keys in resources (backport #4681) @mergify
chore: remove Apache license header from generated files (backport #5565) #5622 @mergify
chore: upgrade golang to 1.18.9 (backport #5607) @mergify
fix(kuma-cp): don’t cache filtered data (backport #5574) #5636 @mergify

2.0.2

Released on 2023/01/11

chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 #5597 @mergify
chore(deps): update coreDNS to 1.10.0 (backport #5626) @mergify
chore: remove Apache license header from generated files (backport #5565) #5616 @mergify
chore: upgrade golang to 1.18.9 (backport #5607) @mergify
fix(kuma-cp): don’t cache filtered data (backport #5574) #5632 @mergify

1.8.3

Released on 2023/01/11

chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 #5598 @mergify
chore(deps): update coreDNS to 1.10.0 (backport #5626) @mergify
chore: remove Apache license header from generated files (backport #5565) #5617 @mergify
chore: upgrade golang to 1.18.9 (backport #5607) @mergify
fix(kuma-cp): don’t cache filtered data (backport #5574) #5633 @mergify

1.7.4

Released on 2023/01/11

chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 #5599 @mergify
chore(deps): update coreDNS to 1.10.0 (backport #5626) @mergify
chore(helm): remove duplicate keys in resources (backport #4681) #5640 @mergify
chore: remove Apache license header from generated files (backport #5565) @mergify
chore: upgrade golang to 1.18.9 (backport #5607) #5611 @mergify
fix(kuma-cp): don’t cache filtered data (backport #5574) @mergify

1.6.4

Released on 2023/01/11

chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 @mergify
chore(deps): update coreDNS to 1.10.0 (backport #5626) #5658 @mergify
chore(helm): remove duplicate keys in resources (backport #4681) @mergify
chore: remove Apache license header from generated files (backport #5565) #5620 @mergify
chore: upgrade golang to 1.18.9 (backport #5607) @mergify
fix(kuma-cp): don’t cache filtered data (backport #5574) #5635 @mergify

2.0.1

Released on 2022/12/05

chore: back-ports api base path fix #5341 @kleinfreund
feat(kuma-cp): remove value of secret when logging Secret Resources (backport #5384) @mergify
fix(kuma-cp): add option to disable sslsni in universal (backport #5318) #5322 @mergify
fix(kuma-cp): change way of setting if resource is read only (backport #5345) @mergify
fix(kuma-cp): kds deadlock (backport #5373) #5397 @mergify
fix(kuma-cp): use sni to verify upstream certificate san when specified along with address (backport #5347) @mergify
fix(xds): don’t read metadata in ProxyBuilders (backport #5414) #5416 @mergify
fix: sort resources when building MeshContext (backport #5391) @mergify

1.8.2

Released on 2022/12/05

feat(kuma-cp): remove value of secret when logging Secret Resources (backport #5384) @mergify
fix(kuma-cp): kds deadlock (backport #5373) #5398 @mergify
fix: sort resources when building MeshContext (backport #5391) @mergify

1.8.1

Released on 2022/10/07

fix(tools): support both GitHub app tokens and PATs (backport #4869) by @mergify in https://github.com/kumahq/kuma/pull/4872
fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in
fix(*): do not override source address when TP is not enabled (backport #4951) by @mergify in https://github.com/kumahq/kuma/pull/4961
fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in
fix(gateway): add support for retryOn (backport #5091) by @mergify in https://github.com/kumahq/kuma/pull/5098

1.7.2

Released on 2022/10/06

fix(helm): always run Helm version update by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4604
chore(helm): update to 1.7.1 by @michaelbeaumont in
Revert “fix(helm): always run Helm version update (#4604)” by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4609
fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in
fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/5096

1.6.2

Released on 2022/10/06

fix(core): validate both old and new objects on Update (backport #4589) by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4593
fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in
fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/5097

1.8.0

Released on 2022/08/22

CNI v2 with lots of improvements:

taint controller to prevent race condition @slonka
all logs are easily accessible via kubectl logs command which greatly simplifies observability #4845 @slonka
it uses new transparent engine implemented in kuma-net @slonka

URL rewrite in Builtin Gateway:

support URL rewriting #4638 @michaelbeaumont

Stats and Clusters in the GUI:

execute stats and clusters from the control plane #333 @jakubdyszkiewicz

Extra retryOn options for Retry:

add extra http retryOn options @johnharris85

Better support for TCP logging:

resilient tcp TCP access log streamer #4511 @parkanzky @jakubdyszkiewicz

Filtering Envoy metrics:

added option to define filter for Envoy metrics #4503 @lukidzi

Projected service account token:

support for projected service account token @lukidzi

Fixes:

Helm:

remove duplicate keys in resources #4681 @michaelbeaumont
add containersecuritycontext to CNI daemonset @jakubdyszkiewicz
fix extraConfigMap and cp labels #4531 @lahabana
use image.global.registry for imageExperimental @jakubdyszkiewicz

Gateway:

ListenerReason for unresolved certificate refs, enable ReferenceGrant conformance tests @michaelbeaumont
check hostname intersection between HTTPRoute and Gateway listener #4537 @michaelbeaumont
create MeshGatewayInstance in same Mesh as Gateway @michaelbeaumont
don’t create invalid envoy config when routes and listeners don’t match (backport #4837) #4841 @mergify
hostname intersections, use new RouteReasons @michaelbeaumont
improve HTTPRoute statuses with unresolved BackendRefs #4635 @michaelbeaumont
npe without any timeout @michaelbeaumont
rbac permissions for ReferenceGrant #4628 @michaelbeaumont
workaround label value max length with hash @michaelbeaumont

Control Plane:

check if kuma annotation or label is set but ignore value @lukidzi
delete an empty TimeoutConfigurer #4554 @lobkovilya
do not modify external service tags @jakubdyszkiewicz
don’t deploy Pod/Service webhooks in global #4673 @michaelbeaumont
don’t fail generation if other mesh CAs are misconfigured @michaelbeaumont
external service datasource validation #4652 @jakubdyszkiewicz
fix builtdns annotations for kubernetes @lahabana
generate cluster name hash based on tags not config #4598 @lukidzi
grant delete Pods in kuma-system namespace to control plane @michaelbeaumont
localhost exposed application shouldn’t be reachable #4750 @lukidzi
make options for policies simpler @lahabana
protect sort from empty locality #4820 @jakubdyszkiewicz
registering dp on reconnect @jakubdyszkiewicz
support GC service account #4483 @lobkovilya
validate both old and new objects on Update @michaelbeaumont
validation error with user tokens #4507 @jakubdyszkiewicz

Data Plane:

access log path on windows when cp is on linux #4518 @jakubdyszkiewicz
fix multi OS build of accesslogs @lahabana
have envoy version check always work #4564 @lahabana
propagate context for metrics aggregate @lukidzi
set prometheus content-type when returning metrics #4706 @lukidzi

Other:

add operations now create non-existent path elements #4595 @michaelbeaumont

Docs:

new policy matching proposal #4474 @lobkovilya

Other changes:

Gateway:

mention mesh name in gateway instance status @lahabana
add listener connection limits #4755 @michaelbeaumont
add loadBalancerIP to MeshGatewayInstance @michaelbeaumont
allow MeshGateway Dataplane Pods to bind privileged ports #4535 @michaelbeaumont
configure overload_manager based on max memory @michaelbeaumont
multi-zone cross-mesh MeshGateway #4443 @michaelbeaumont
propagate x-kuma-tags from MeshGateways @michaelbeaumont
send default static payload for empty gateway #4617 @tharun208
set path_with_escaped_slashes_action @michaelbeaumont
set cluster HTTP2 stream and connection window size #4779 @michaelbeaumont
set cluster per_connection_buffer_limit_bytes @michaelbeaumont
set global_downstream_max_connections to 50000 #4724 @michaelbeaumont
update to Gateway API v0.5.0, support v1beta1 resources @michaelbeaumont
validate listeners for collapsibility #4765 @michaelbeaumont
add MeshGateway dashboard @michaelbeaumont

Control Plane:

config cleanup (backport #4855) @mergify
don’t set deprecated dns_resolver_config #4702 @michaelbeaumont
don’t set deprecated known_suffixes @michaelbeaumont
remove deprecated Cluster.Http2ProtocolOptions #4528 @michaelbeaumont
remove versions_ws @lahabana
replace deprecated admin_access_log_path #4552 @lahabana
add /policies endpoint to list all registered policies @lahabana
authenticate DP every time #4685 @jakubdyszkiewicz
enrich policies endpoint @jakubdyszkiewicz
identify gateway service by deployment #4703 @parkanzky
separate CA for Envoy Admin communication @jakubdyszkiewicz
use remote address for Gateway #4530 @jakubdyszkiewicz
add operations now create non-existent path elements @michaelbeaumont

Data Plane:

remove envoy admin port flag @tharun208
detect memory limit only on linux #4715 @jakubdyszkiewicz

kumactl:

add a limit to the prom TSDB size #4651 @lahabana
remove old flags in install tp @lahabana
add MeshGateway to install demo #4679 @michaelbeaumont
add install control-plane —registry flag @michaelbeaumont

Documentation:

create MADR for MeshTrafficPermission @lobkovilya
new policy matching proposal #4474 @lobkovilya
policy matching, replace ‘conf’ with ‘default’ @lobkovilya

CNI:

add cni ebpf plugin @bartsmykla
implement the cni plugin #4481 @slonka @slonka #4613 @slonka @mergify #4642 @slonka @slonka #4858 @mergify @slonka #4695 @slonka @mergify
taint controller #4852 @jakubdyszkiewicz
use our cni with calico @slonka

Dependency updates:

update demo to latest version @lahabana
update Kuma GUI #4815 @kleinfreund @lahabana
use github.com/emicklei/go-restful/v3 #4665 @mmorel-35
bump alpine from 3.16.0 to 3.16.2 in /tools/releases/dockerfiles #4827 @dependabot
bump github.com/containerd/cgroups from 1.0.3 to 1.0.4 @dependabot
bump github.com/containernetworking/cni from 0.8.1 to 1.1.2 #4632 @dependabot
bump github.com/golang-jwt/jwt/v4 from 4.4.1 to 4.4.2 #4499 @dependabot
bump github.com/golang-migrate/migrate/v4 from 4.15.0 to 4.15.2 @dependabot
bump github.com/gruntwork-io/terratest from 0.40.15 to 0.40.20 #4469 @dependabot
bump github.com/miekg/dns from 1.1.49 to 1.1.50 #4492 @dependabot
bump github.com/onsi/gomega from 1.19.0 to 1.20.0 @dependabot
bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 #4783 @dependabot
bump github.com/prometheus/common from 0.34.0 to 0.37.0 #4627 @dependabot
bump github.com/spf13/cobra from 1.4.0 to 1.5.0 @dependabot
bump go.uber.org/zap from 1.21.0 to 1.22.0 #4829 @dependabot
bump google.golang.org/grpc from 1.47.0 to 1.48.0 @dependabot
bump google.golang.org/protobuf from 1.28.0 to 1.28.1 #4718 @dependabot
bump k8s.io/apiextensions-apiserver from 0.24.0 to 0.24.3 #4624 @dependabot
bump sigs.k8s.io/controller-runtime from 0.12.1 to 0.12.3 #4581 @dependabot
bump sigs.k8s.io/controller-tools from 0.9.0 to 0.9.2 @dependabot

1.7.1

Released on 2022/07/13

Fixes

Gateway

Nil pinter exception without any timeout (#4550)
Use remote address for Gateway (#4538)

kumactl

Update demo to latest version (#4587)

Control plane

Grant delete Pods in kuma-system namespace to control plane (#4575)
Don’t fail generation if other mesh CAs are misconfigured (#4517)
Don’t override timeout values for ExternalServices (#4568)

Data plane proxy

Access log path on windows when cp is on linux (#4518)

Helm

Fix extraConfigMap and cp labels (#4541)

General

Avoid -<arch> in version of the binaries (#4527)

1.7.0

Released on 2022/06/13

add cross-mesh MeshGateway listeners #4274 @michaelbeaumont

ContainerPatch:

allow custom configuration of Kubernetes’ and kuma-sidecar containers by introducing ContainerPatch CRD #4280 / #4366 / #4370 @parkanzky, @bartsmykla

Observability:

hijack application metrics to enable scraping metrics from mTLSed applications without prometheus in the mesh #4388/ @lukidzi
unified installation of metrics/logging/tracing into one command observability #4308 /#4418 @lukidzi, @lahabana

ARM64 support:

added arm build and release pipeline @lukidzi
release for arm64 now publish correct arch image #4276 @lukidzi
upgrade kubectl to version with ARM support @lukidzi
support ARM Linux/Darwin for dev/tools #4199 @lukidzi
introduced map of arch for a specific build @lukidzi
do not exclude arm64 files from docker #4265 @lukidzi

Gateway:

add GatewayClass.Spec.ParametersRef support @michaelbeaumont
cp annotations from gateway to svc #4327 @johnharris85
only reconcile Gateway when GatewayClass is Ready @michaelbeaumont
auto generate hostname for crossMesh listeners #4421/ @michaelbeaumont

Helm:

set host network var in helm/cp-deployment.yaml #4209 @SallyBlichWalkMe
add resource management for jobs @gdasson
option for automountSAT=false on cp #4309 @gdasson
helm chart improvements @bartsmykla

CP:

experimental transparent proxy annotation #4240 @parkanzky
graceful shutdown on Universal using HDS @jakubdyszkiewicz
intercept signal for different platforms #4283 @jakubdyszkiewicz
XDS config dump on Global CP @jakubdyszkiewicz
validate DP compat on kuma backend #4236 @parkanzky

DP:

graceful shutdown of kuma-dp @jakubdyszkiewicz

Fixes:

Gateway:

use MeshGatewayInstance mesh annotation when matching /#4371 @michaelbeaumont

Helm:

remove replica from cp-deployment.yaml when autoscaling enabled /#4454 @gustoliv

CP:

fix ‘/config_dump’ request if Global CP is on Kubernetes /#4372 @lobkovilya
add the latest version to compatibility matrix @parkanzky

DP:

clarify error log message when kuma-dp is wrongly connecting to global-cp #4269 @slonka

Kumactl:

fix transparent proxy —skip-conntrack-zone-split flag value @bartsmykla

Other notable changes:

Gateway:

add /finalizers permission for OwnerReferencesPermissionEnforcement plugin @michaelbeaumont
don’t match on ALPN in gateway (#4198) #4272 @wjrbetts

Helm:

delete ‘kubernetes.io/arch’ node selector @lobkovilya

CP:

don’t always recompute mesh contexts #4267 @michaelbeaumont
don’t run dataplane gc in global @lahabana
graceful components #4277 @jakubdyszkiewicz
memory store cannot delete a parent @jakubdyszkiewicz
protocol check should be case-insensitive #4248 @lukidzi
remove dns server from control plane @lahabana
automatically detect dns lookup family for cp cluster #4275 @slonka

ZoneIngress:

graceful start of many ZoneIngresses @jakubdyszkiewicz

ZoneEgress:

resolve zone-ingress advertized address #4219 @lahabana
do not change ip to ZoneEgress address @lukidzi

Kumactl:

remove flag ‘—experimental-meshgateway’ #4315 @lobkovilya

Timeout Policy:

deprecate ‘timeout.grpc’ section /#4449 @lobkovilya

Other:

delete dns-server 5653 port from configuration and helm files /#4345 @lobkovilya
support kube-linter tools to analyze Kubernetes YAML files @mangoGoForward

Dependency upgrades:

upgrade envoy to 1.22.1 #4464/ @lobkovilya
upgrade kuma-cni to 0.0.10 #4313 @lobkovilya
upgrade tproxy iptables to v0.2.2 @bartsmykla
upgrade GUI to the latest version #4316 #4389/ @jakubdyszkiewicz, @lahabana, @bartsmykla
upgrade protoc and regenerate files #4169 @lukidzi
bump github.com/golang-migrate/migrate/v4 from 4.15.1 to 4.15.2 @dependabot
bump github.com/gruntwork-io/terratest from 0.40.6 to 0.40.10 #4178 #4322 @dependabot
bump github.com/lib/pq from 1.10.5 to 1.10.6 @dependabot
bump github.com/miekg/dns from 1.1.48 to 1.1.49 #4291 @dependabot
bump github.com/onsi/ginkgo/v2 from 2.1.3 to 2.1.4 @dependabot
bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 #4290 @dependabot
bump github.com/prometheus/common from 0.33.0 to 0.34.0 @dependabot
bump github.com/spf13/viper from 1.10.0 to 1.11.0 #4177 @dependabot
bump google.golang.org/grpc from 1.45.0 to 1.46.2 #4289 @dependabot
bump k8s.io/apiextensions-apiserver from 0.23.5 to 0.24.0 @dependabot #4302/
bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.1 #4302/ @dependabot

Other:

automate policy generation @lobkovilya

1.6.1

Released on 2022/06/10

CP:

do not change ip to ZoneEgress address (backport #4193) #4195
memory store cannot delete a parent (backport #4194)

Dependency upgrades:

upgrade envoy to 1.21.3 @lobkovilya

1.5.2

Released on 2022/06/10

Dependency upgrades:

upgrade envoy to 1.21.3 #4456 @lobkovilya

1.6.0

Released on 2022/04/11

New features:

Gateway:

release K8s GatewayAPI as preview 4022 4014 @jakubdyszkiewicz,@michaelbeaumont
use MeshGatewayInstance name for generated objects 4097 @michaelbeaumont

Inspect api:

add gateways to policy inspect 4104 4088 4064 3973 @michaelbeaumont

Make zoneegress available in standalone mode 4100 @lahabana
added locality aware lb for external service @lukidzi
make zoneegress routing opt-in 4109 @lukidzi
support RateLimit and FaultInjections 4000 @lobkovilya

Helm:

Allow customization of image tags in Helm chart @gdasson
Expose kuma-cp’s metric port so it can be scraped by self-deployed prometheus. 4047 @jbehrends
add resource limits option for control plane deployment @gdasson
fail if global.image.tag and appVersion incompatible 4085 @michaelbeaumont
set version to track appVersion @michaelbeaumont
expose kuma-cp gui through ingress 4101 @lukidzi
allow specifying security context @gdasson @bartsmykla

Other:

feat(k8s): ability to set custom service account token volume 4036 @johnharris85
feat(k8s): shutdown kuma-dp container for any owner kind @lukidzi
feat(k8s): support startupProbes 4090 @lahabana
feat(kuma-cp): add uptime, policies, gateway dps to reports @parkanzky
feat(kuma-cp): add metrics and timeouts to CA interface 4089 @parkanzky
feat(kumactl): add —values and —set to kumactl install control-plane @lahabana
feat(transparent-proxy): add experimental tproxy iptables generation 4114 @bartsmykla

Dependency upgrades:

bump alpine from 3.15.0 to 3.15.2 in /tools/releases/dockerfiles 4060 @dependabot
bump github.com/envoyproxy/protoc-gen-validate from 0.6.3 to 0.6.7 3978 @dependabot
bump github.com/go-logr/logr from 1.2.2 to 1.2.3 4040 @dependabot
bump github.com/golang-jwt/jwt/v4 from 4.3.0 to 4.4.1 4025 @dependabot
bump github.com/k8s/* from 0.23.4 to 0.23.5 @lahabana
bump github.com/miekg/dns from 1.1.46 to 1.1.47 3998 @dependabot
bump github.com/onsi/gomega from 1.18.1 to 1.19.0 @dependabot
bump github.com/spf13/cobra from 1.3.0 to 1.4.0 3995 @dependabot
bump go.uber.org/multierr from 1.7.0 to 1.8.0 @dependabot
bump google.golang.org/grpc from 1.44.0 to 1.45.0 3993 @dependabot
bump google.golang.org/protobuf from 1.27.1 to 1.28.0 @dependabot
bump helm.sh/helm/v3 from 3.8.0 to 3.8.1 3994 @dependabot
bump sigs.k8s.io/gateway-api from 0.4.1 to 0.4.2 @dependabot
remove dependency on spire 4044 @lahabana

chore(k8s): replace cni registry 4070 @lobkovilya
chore(k8s): use appProtocol from service by default @jakubdyszkiewicz
chore(kuma-dp): cleanup bootstrap version field 3670 @tharun208
fix(gateway): fix status updating in MeshGatewayInstance reconciliation @michaelbeaumont
fix(gateway): gateway instance service reconciliation loops forever 4035 @jakubdyszkiewicz
fix(gateway): gateway reconciliation loops forever @jakubdyszkiewicz
fix(gateway): gateway tls listeners without hostnames 4093 @jakubdyszkiewicz
fix(gateway): ignore non TCP protocol for provided gateway @lahabana
fix(gateway): mesh gateway instance service target port 4071 @jakubdyszkiewicz
fix(gateway): skip creating MeshGateways without proper attachment @jakubdyszkiewicz
fix(helm): add prefix to app label in ingress/egress deployment 4123 @lahabana
fix(helm): fix other template prefix in ingress/egress @lahabana
fix(helm): remove wildcard rbac version 4148 @johnharris85
fix(k8s): reconcile serviceMaps when using mesh namespace annotation @lahabana
fix(kuma-cp): avoid generating excessive envoy clusters 3984 @lobkovilya
fix(kuma-cp): default policy creation @lobkovilya
fix(kuma-cp): guard the nil version in metadata 3969 @jakubdyszkiewicz
fix(kuma-cp): provide better message when running with an in-memory database @lukidzi
fix(kuma-dp): better error message when the token is invalid 3961 @lahabana
fix(kumactl): add mesh flag to only commands that uses it @tharun208
fix(kumactl): split yaml correctly in kumactl apply 4107 @lahabana
fix(proxytemplate): avoid validation error @marcoferrer
fix(proxytemplate): execute hooks before proxy template modifications 4055 @jakubdyszkiewicz
perf(k8s): move outbounds from Dataplane to Config @jakubdyszkiewicz

1.5.1

Released on 2022/04/06

chore(k8s): replace cni registry (backport #4070)
fix(kuma-cp): default policy creation (backport #4073) 4080
fix(kuma-cp): guard the nil version in metadata (backport #3969)

1.5.0

Released on 2022/02/23

feat(*): zone egress #3757
feat(kuma-cp) data plane proxy membership
feat(kuma-cp): reachable services in transparent proxying #3791
feat(inspect-api): retrieve full XDS config
feat(*): inspect api support #3805 #3462
feat(kuma-cp): add proxytemplate to matched policies for inspect poli… 👍contributed by @tharun208
feat(kuma-cp): enable traffic route for inspect endpoints #3735 👍contributed by @tharun208
feat(*): move adminPort to DPP resource
feat(helm): add imagePullSecrets support #3755 👍contributed by @johnharris85
feat(*): enable Gateway with runtime flag
feat(kumactl): add —api-timeout flag #3723
feat: allow for ca/identity secrets for every mesh
feat(kuma-cp): allow extra cm in kuma cp chart #3671 👍contributed by @wjrbetts
feat(kuma-cp): add gui link in index api response 👍contributed by @tharun208
feat(*): allow ca.crt to be in separate k8s secret #3638
feat(kumactl): add type of logging and tracing backends with name in table output 👍contributed by @tharun208
feat(kuma-cp): enable client side gRPC keepalive #3574
feat(gui): new onboarding view
feat(gui): link to documentation from policy view kumahq/kuma-gui#289
fix(kuma-cp): do not update unchanged insights
fix(*): do not annotate gateway services with ingress upstream #3816
fix(*): properly escape DB password when creating postgres connection string
fix(kuma-cp): fix missing label sidecar injection #3740
fix(kuma-dp): fix conntrack collisions 👍contributed by @johnharris85
fix(conf): remove invalid health check fields from example #3697 👍contributed by @tharun208
fix(kuma-dp): binary lookup function skips not available directories
fix(k8s): make sure controllers start after leader election #3666
fix(build): fix gomega matchers for inspect resources command test #3651 👍contributed by @tharun208
fix(kumactl): ignore any unregistered CRDs, not only from the root chart
fix(kumactl): print meta before spec for Kuma resources #3637
fix(kuma-cp): add cp selector to global sync service
fix(kuma-cp) do not override other dataplane with dp lifecycle #3507
fix(helm) Add support to customize nodeport 👍contributed by @bhiravabhatla
perf(kuma-cp): use mesh snapshot in proxy builder #3700
perf(kuma-cp): use mesh snapshot in gateway
perf(kuma-cp): share mesh context #3659
refactor(insights): delete method GetLatestSubscription for insights 👍contributed by @tharun208
refactor(kuma-cp): unify mesh determination for k8s objects #3708
refactor(*): replace ensureDefaultXXX functions with a single generic function 👍contributed by @tharun208
chore(zone-ingress): delete deprecated env KUMA_DATAPLANE_ADMIN_PORT #3766
chore(k8s): remove GetBool method and use GetEnabled 👍contributed by @tharun208
chore(*): generate CRD types #3453
chore(dataplane)!: disallow using 0.0.0.0 in networking.address for dp
chore(kuma-cp): consolidate mesh defaults creation #3678
chore(config): remove ability to disable insights
chore(*): remove old Ingress #3435
chore(*): upgrade Envoy to v1.21.1
chore(grafana): update to latest grafana plugin version #3812
ci(*): release on every commit in master and release branches

1.4.1

Released on 2021/12/15

feat: add kubernetes tags automatically
perf: update Mesh and ServiceInsights only when really needed #3463
perf: eliminate uneccessary JSON marshalling
feat: sidecar injection webhook based on labels #3417
chore: upgrade gui to new version
test: fix postgress tests permissions #3443
feat: add affinity to CP and Ingress pods 👍contributed by @andrey-dubnik
chore: bump github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.2.0 #3432
feat: consolidate tokens logic to support expiration, rotation, revocation and RSA256
fix: simplify cluster creation with endpoints #3403
fix: enable metrics hijacker for current version of Kuma
fix: switch to mTLS when CP communicates with Envoy Admin #3353
chore: bump github.com/spiffe/spire from 0.12.3 to 1.1.1
chore: bump github.com/spf13/viper from 1.8.1 to 1.9.0 #3389
fix: validate cp url in dp conf
chore: send reports to tls endpoint #3361
chore: check explicit service account name
feat: inspect other dependencies versions #3352
chore: add area/gateway label
chore: remove dp token from xds metadata #3282
refactor: move from io/ioutil to io and os packages 👍contributed by @Juneezee
fix: validate newly generated xDS snapshots #3195
chore: bump k8s.io/apiextensions-apiserver from 0.22.3 to 0.22.4
chore: bump helm chart version to 0.8 #3202

chore(*) scripts for build, publish and fetch Envoy binaries #3110
chore(kuma-cp) upgrade gui to new version #3178
chore(kuma-cp) Use go structs instead of gotemplate for bootstrap #3156
chore(deps): bump github.com/slok/go-http-metrics from 0.9.0 to 0.10.0 #3170
Disable reporting by default #3159
chore(kumactl) remove install CRDs filter function
feat(kuma-dp) Add conf to disable service vip #3143
chore(kuma-cp) update some TODO comments
feat(kuma-cp) Add kuma.io/ignore annotation #3142
fix(kuma-dp) match gateway cluster names in the hijacker
feat: add ECDSA certificate generator support #3093
feat: add more global resources to GlobalInsights
feat: allow creating secrets for the not yet existing mesh #3076 👍contributed by cloudwiz
feat: don’t add v6 in DNS when v6 is disabled
fix: explicitly disable dns in env when disabled in injector #3077
feat: added support for https tracing endpoint 👍contributed by sudeeptoroy
fix: normalize generating TLS certificates #3027
fix: zero downtime when enabling permissive mTLS
feat: add deprecation notice for kuma-prometheus-sd #2994
feat: add GlobalInsights api endpoint
fix: duplicate TLS certificate usage #3008
chore: add command argument count parameters
feat: aggregate dp stats by type in MeshInsight #2999
chore: delete CLI flag ‘—bootstrap-version’
feat: show the effective Dataplane address #2977
feat: aggregate services in MeshInsight
fix: allow only one healthcheck #2972
feat: give CA managers all backends at once
chore: normalize timeout configurer API #2934
fix: locality-aware lb for external-services
feat: add install control-plane —version flag for all components #2904
feat: add zone selector to Kuma Mesh dashboard
fix: possible to delete resources on Zone CP #2665
fix: make cluster names contextually unique
feat: automatically enable gzip content on gateways #3104
feat: add Gateway TLS termination support
feat: add gateway support for external services #2990
fix: enable secrets support for Gateway resources
feat: initial connection policy support for Gateway #2933
feat: add access to generate zone ingress token
feat: user token with RSA256 #2992
feat: prefix system users and groups with mesh-system
feat: localhost is not an admin on kubernetes #3003
feat: user token enabled by default
feat: Admin User Token bootstrap #2923
chore: refactor access control for individual access
feat: support plugin based authentication including user tokens #2895
feat: User Token for API Server authentication
chore: refactor authz and authn to plugins #2837
chore(kuma-cp) upgrade gui to new version
chore(*) upgrade to Go 1.17.3 #3147
chore(deps): bump github.com/operator-framework/operator-lib
chore(deps): bump github.com/gruntwork-io/terratest #3130
chore: update helm and controller-runtime
chore: bump github.com/lib/pq from 1.10.3 to 1.10.4 #3131
chore: bump google.golang.org/grpc from 1.41.0 to 1.42.0
chore: bump github.com/prometheus/common from 0.31.1 to 0.32.1 #3006
chore: bump github.com/envoyproxy/protoc-gen-validate
chore: bump github.com/google/uuid from 1.2.0 to 1.3.0 #2839
chore: bump sigs.k8s.io/controller-runtime from 0.10.2 to 0.10.3
chore: bump k8s.io/client-go from 0.22.2 to 0.22.3 #3061
chore: bump k8s.io/apiextensions-apiserver from 0.22.2 to 0.22.3
chore: bump k8s.io/api from 0.22.2 to 0.22.3 #3058
chore: bump github.com/golang-migrate/migrate/v4
chore: bump helm.sh/helm/v3 from 3.6.1 to 3.7.1 #2968
chore: bump github.com/miekg/dns from 1.0.14 to 1.1.43 in /pkg/transparentproxy/istio

1.3.1

Released on 2021/10/06

fix: disable zone
fix: limit number of postgres connection by default #2866
feat: add zone selector to Kuma Service to Service dashboard
feat: add zone selector to Kuma Service dashboard #2865
feat: add zone selector to Kuma Dataplane dashboard
fix: fix duplicates in dataplane list in Kuma Services dashboard #2845
chore: migrate install resources from rbac API v1beta1 to v1
fix: fault injection matching #2757
fix: delete kuma.io/region and kuma.io/sub-zone
feat: print control plane version with version cmd #2834
fix: Only warn about version compatibility where it makes sense
perf: remove insight update rate limit burst #2825
perf: apply ratelimit to service insights
feat: adds support for specifying specific IP for cloud provider load balancers for ingress service #2779 👍contributed by @jamesdbloom
fix: send tool output to stdout
fix: switch to a Kuma fork of go-control-plane #2771
chore: parametrize label on the deployment
perf: set Node only on first DiscoveryRequest #2741
feat: verify ServiceAccountToken bound to a Pod
feat: internal dns should resolve AAAA records #2760
fix: Add FORMERR and NOTIMP in alternate default coredns conf
fix: virtual probes with query #2706
fix: Avoid calling Send() from different goroutines
feat: automatically set proxy concurrency #2691
feat: Improve builtin grafana setup to have traces and logs linked
fix: Show gateway services in service-insights #2711
fix: Correct bad merging of duration
fix: Ensure outbounds are set when migrating from old to new #2698
fix: get rid of regex for parsing IPs
feat: add CP config to ZoneInsights #2661
feat: generate GatewayRoute clusters
feat: add GatewayRoute route generation #2782
feat: match gateway routes
feat: initial gateway TrafficRoute support #2547
feat: add a GatewayRoute resource
chore: update base image for kuma-dp #2881
chore: change Go JWT version to fix security vunerability
chore: bump go.uber.org/zap from 1.17.0 to 1.19.1 #2768
chore: bump google.golang.org/grpc from 1.38.0 to 1.40.0
chore: bump github.com/miekg/dns from 1.1.42 to 1.1.43 #2769
chore: upgrade github.com/spf13/cobra
chore: bump alpine in /tools/releases/dockerfiles #2705
chore: bump github.com/onsi/gomega from 1.13.0 to 1.16.0
chore: update envoy to 1.18.4 #2667

1.3.0

Released on 2021/08/24

feat: remove provided ca cert validation #2663 👍contributed by Nikita Pande (@nikita15p)
feat: Use kuma-sd in kumactl install metrics
feat: Add new datasource to kumactl install metrics #2640
fix: remove extra endline in traffic log default template
fix: TLSInspector is causing tcp healthcheck failures #2639
feat: Add rate-limit to outbound interfaces
fix: print a newline with transparent proxy setup message #2634
chore: bump alpine in /tools/releases/dockerfiles
chore: annotate required fields in proto files #2556
chore: remove MADS v1alpha1
chore: parametrize kuma tracing in ZipkinCollectorURL #2635
chore: Add the number of services to usage stats
feat: Add the permissive mTLS mode #2579
chore: open CAProvider and MeshValidator for extensions
feat: Add entity for virtual-outbound #2576
fix: Don’t set zap.Development() in debug log
chore(kuma-cp) upgrade gui to new version #2611, , #2554, , #2497, , #2481
feat: Build kuma on Windows , #2606,
feat: Add CA backend stats in Dataplane and Mesh Insights #2562
fix: missing key for kv in reports logging
chore: split listener configurers across source files #2592
feat: add simple HTTP connection configurers
feat: add virtual host domain name configurer #2590
feat: return instance and cluster IDs in kuma-cp API statuses
tests: allow kuma-specific const to be overridden #2582
feat: Intermediate CA support
fix: Avoid nil dereferencing in dp validator #2578
chore: consistently use utils package for protobuf wrappers
fix: subscription finalizer, rev 2 #2526
tests: fix flaky test for locality aware loadbalancing
fix: DP tracking lock consistency fix #2567
chore: Certificates over ADS
chore: migrate DiscoveryRequest/Response in KDS to V3 #2541
feat: Rewrite dns persistence to allow virtual-outbound to be added
fix: deleted default policy is created on Kuma CP restart #2507
chore: Move kumactl logging arguments to where they can be parameterized
chore: add route and virtual host configuration helpers #2517
chore: fix kumactl generate dataplane proxy-type flag deprecation message 👍contributed by Tharun Rajendran
chore: Simplify resource-gen.go by generating ResourceDescriptor #2511
chore: Replace netcat with test server
feat: configure SNI on ExternalService #2467
chore: add importas to golangci-lint 👍contributed by Tharun Rajendran
chore: add to resource-gen.go generation of kds options #2487
chore: add to resource-gen.go generation of kumactl options
fix: add owner when create ZoneIngressInsight #2456
fix: hijacker merge labels
chore: improve resource-gen by auto generating ws code #2466
fix: clarify invalid resource type message
fix: implement TextMarshaler for JSON keys #2475
chore: simplify resourceWsDefinition and server init
fix: Stop adding outbounds to dp for vips #2421
chore(*) make port validation consistent

1.2.3

Released on 2021/07/29

fix(kumactl) warn about fail to check the CP version
fix(kuma-cp) handle missing connection info #2439
chore(xds) rename logger to have consistent naming style 👍contributed by burntcarrot
fix(kuma-cp) set better keep-alive for bootstrap #2432
fix(kuma-dp) validate the DP proxy type
fix(kuma-cp) use the typed config for TLS Inspector #2373

1.2.2

Released on 2021/07/16

feat: add datadog traffic tracing #2269
refactor: add kumactl install tracing context
chore: improve kumactl install transparent-proxy flags description, add extra validation #2352
fix: broken SDS auth and XDS generation on rapid DP restarts
fix: allow verbose log levels #2351
chore: use resource types for DataplaneInsight tracking
chore: improve resource manager initialization readability #2316
chore: upgrade gui to new version , #2325,
fix: allocate a new VIP for ExternalService host #2302
fix: stop components on leader election lost
chore: generate system resource wrappers #2282,
chore: remove access log V2 #2301
chore: generate DeepCopy interfaces
chore: disable log sampling #2273
chore: upgrade Protocol Buffers
chore: change default number of insights subscriptions #2266
chore: make the authentication interface type oblivious
fix: fix hds disabled on dpserver #2268 👍contributed by Bastien Chatelard
chore: refactor xDS metadata to store a generic resource
feat: change KDS max message limit #2265

1.2.1

Released on 2021/06/30

fix: Dataplane/ZoneIngress/Zone status problem when control plane forcefully exits #2246
chore: reduce memory usage by reducing cache key size #2230 👍contributed by nhamlh
fix: ZoneIngress always shows up as ‘offline’
feat: dataplane use advertise address to add a routable ip if address is not public ip #2116 👍contributed by sudeeptoroy
fix: builtin DNS resolve alias with dots
feat: add SNI to TLSed ExternalServices #2211
fix: fix race condition in cache 👍contributed by nhamlh
fix: supported versions of Kuma DP in the GUI #2193

1.2.0

Released on 2021/06/17

feat: Introduce ZoneIngress #2147
feat: enable dataplane dns by default #2152
feat: add —verbose flag to kuma-init
feat: log rotation #2100 👍contributed by @nikita15p
feat: mads, allow specifying fetch-timeout via query param 👍contributed by @austince
feat: mads, add support for HTTP long polling #2121 👍contributed by @austince
feat(mads) implement v1 API 👍contributed by @austince
feat: add RateLimit policy #2083
feat: TrafficRoute L7 #2042 #2072
feat: allow renegotiation for TLS in ExternalServices #2135
feat: pass header when communicating with CP 👍contributed by sudeeptoroy
feat: change default traffic route policy #2075
feat: command to install kong enterprise ingress
feat: add postgres max idle connections configuration #2020 👍contributed by @nikita15p
feat: add kumactl —no-config flag
feat: nodeselector across all pods with HELM #2012
feat: enable forwarding XFCC header 👍contributed by @jewertow
feat: TrafficPermission for ExternalServices #1957
feat: metrics hijacker
feat: extend CircuitBreaker #1655
chore: remove API V2
chore: bump webhooks version #2126
chore: drop deprecated Envoy options
chore: dockerfiles, add a user for kuma-cp #2129
chore: bump cni version to 0.0.9
chore: rename remote cp to zone cp #2125
chore: bump versions of logging, metrics, tracing
chore: parametrize bitnami/kubectl #2151
chore: backwards compatible metrics
chore: upgrade Envoy version to 1.18.3 #2145
chore updated go-control-plane 👍contributed by @sudeeptoroy
chore: fix misspelled words #1984 👍contributed by @tharun208
chore: upgrade GUI
chore namespace source names for v1 API #1896 👍contributed by @austince
chore: use cmux for MADS server
chore: Add internal support for outbound UDP listeners #1618 👍contributed by @lahabana
chore: Avoid generating duplicate subsets in ingress 👍contributed by @lahabana
chore: upgrade to apiextensions.k8s.io/v1 👍contributed by @austince
fix: Clear snapshots from cache on disconnect #2172 👍contributed by @lahabana
fix: use service account name to identify sync
fix: raise the regex program size limit #2139
fix: pass query parameters through the metrics hijacker
fix: matching endpoints by tags #2096
fix: manage and warn on control plane file limits #2106
fix: fix transparent-proxy for GCP/GKE
fix: set death signal on child processes #2045
fix: TrafficRoute in multizone issue

1.1.6

Released on 2021/05/13

feat: expose reuse_connection in healthchecks
feat: allow tcp/http healthchecks together #1951
feat: kumactl option to install gateway types
feat: kumactl option to install kuma demo app #1932
feat: kumactl option to install Kong ingress
feat: support all tags in traffic permission #1902
fix: gateway status was always reporting offline
fix: don’t cache failed calls #1894 👍contributed by @lahabana
chore: add hostname when sending traces to the collector
docs: prepare api docs generation #1741
test: azure aks and e2e improvements for the CI #1871 #1953

1.1.5

Released on 2021/04/29

feat: generate outbounds for itself
chore: migrate from bintray #1901
chore: GUI updates and fixes
chore: kumactl check version after loading config #1879
chore: transparent proxy improvements
chore upgrade Go to 16.3 and use go embed #1864
fix: always set locality in multizone #1863
fix: Envoy config is created based on old Dataplane

1.1.4

Released on 2021/04/19

chore: force all DNS traffic capture

1.1.3

Released on 2021/04/16

feat: support External Services with original hostname and port (built-in DNS) #1811 #1812 #1824 #1822
fix: pass validation of V3 specific configs in ProxyTemplate
chore: support ingress annotations (kuma.io/ingress-public-address and kuma.io/ingress-public-port) in HELM #1796

1.1.2

Released on 2021/04/09

feat: extend CircuitBreaker policy with Thresholds #1688
feat: enable IPv6 support and tests #1734
feat: unuversal mode transparent-proxy firewalld support
feat: new Grafana charts for golden signals and L7 metrics #1739
chore: verify e2e tests run in EKS #1684 #1744
chore: upgrade CRDS to apiextensions.k8s.io/v1
fix: helm cp service annotations #1767 👍contributed by nbrink91
fix: gui fixes
fix: KDS may delete ConfigMaps on Control Plane restarts #1769
fix: Kuma CP restart may cause stale Envoy configs on Universal
fix: use EnvoyGRPC to fix DNS resolving #1740
fix: fix ingress-enabled
fix: pick HTTP health checker version depending on outbound’s protocol #1714
fix: improve the DNS server bind message
fix: validate —name and —mesh when dataplane is provided #1771
fix: better error messages when there is problem with pod dataplane convertion
fix: crashes under load #1694

1.1.1

Released on 2021/03/11

fix: make sure we enumerate all types in kumactl
fix: annnotate service with ingress that has no annotations #1671
fix: improve err message if $HOME is not defined
feat: zipkin config add shared span context option #1660 👍contributed by @ericmustin
feat: get rid of ‘changed’ check