Notable changes
๐ Streamlined cross-mesh communication through Kumaโs builtin gateway. Thereโs a bit to unpack here โ details are in the following section.
๐ Support for ARM-based Linux and MacOS environments. You can continue to connect services across your environment with Kuma as you modernize onto microservices with ARM architectures.
๐ Observability implementation in one command. You can instrument metrics, traces, and logs with a single [observability] command line tool.
๐ Simplified application metrics collection. You can now enable metrics collection from your services without deploying Prometheus inside the mesh.
๐ Graceful Data Plane Proxy shutdowns. You wonโt see occasional data plane proxy error metrics from your services and DPPs as they spin down.
๐ Multiple Helm refinements. You can now use Helm charts to customize image tags, expose the control planeโs metrics for self-deployed Prometheus scraping, and more.
Checkout the blog post about Kuma 1.7.0
Changelog
New features:
Cross Mesh Communication:
- add cross-mesh
MeshGateway
listeners #4274#4405 @michaelbeaumont
ContainerPatch:
- allow custom configuration of Kubernetes'
kuma-init
andkuma-sidecar
containers by introducingContainerPatch
CRD #4280 #4362 / #4366 #4369 / #4370 @parkanzky, @bartsmykla
Observability:
- hijack application metrics to enable scraping metrics from mTLSed applications without prometheus in the mesh #4286 #4388/#4406 @lukidzi
- unified installation of
metrics/logging/tracing
into one commandobservability
#4308 #4411/#4418 @lukidzi, @lahabana
ARM64 support:
- added arm build and release pipeline #4231 @lukidzi
- release for arm64 now publish correct arch image #4276 @lukidzi
- upgrade kubectl to version with ARM support #4180 @lukidzi
- support ARM Linux/Darwin for dev/tools #4199 @lukidzi
- introduced map of arch for a specific build #4321 @lukidzi
- do not exclude arm64 files from docker #4265 @lukidzi
Gateway:
- add
GatewayClass.Spec.ParametersRef
support #4157 @michaelbeaumont - cp annotations from gateway to svc #4327 @johnharris85
- only reconcile Gateway when GatewayClass is Ready #4162 @michaelbeaumont
- auto generate hostname for crossMesh listeners #4421/#4424 @michaelbeaumont
Helm:
- set host network var in helm/cp-deployment.yaml #4209 @SallyBlichWalkMe
- add resource management for jobs #4254 @gdasson
- option for automountSAT=false on cp #4309 @gdasson
- helm chart improvements #4337 @bartsmykla
CP:
- experimental transparent proxy annotation #4240 @parkanzky
- graceful shutdown on Universal using HDS #4246 @jakubdyszkiewicz
- intercept signal for different platforms #4283 @jakubdyszkiewicz
- XDS config dump on Global CP #4301 @jakubdyszkiewicz
- validate DP compat on kuma backend #4236 @parkanzky
DP:
- graceful shutdown of kuma-dp #4229 @jakubdyszkiewicz
Fixes:
Gateway:
- use MeshGatewayInstance mesh annotation when matching #4361/#4371 @michaelbeaumont
Helm:
CP:
- fix '/config_dump' request if Global CP is on Kubernetes #4363/#4372 @lobkovilya
- add the latest version to compatibility matrix #4232 @parkanzky
DP:
Kumactl:
- fix transparent proxy --skip-conntrack-zone-split flag value #4334 @bartsmykla
Other notable changes:
Gateway:
- add /finalizers permission for OwnerReferencesPermissionEnforcement plugin #4239 @michaelbeaumont
- don't match on ALPN in gateway (#4198) #4272 @wjrbetts
Helm:
- delete 'kubernetes.io/arch' node selector #4335 @lobkovilya
CP:
- don't always recompute mesh contexts #4267 @michaelbeaumont
- don't run dataplane gc in global #4184 @lahabana
- graceful components #4277 @jakubdyszkiewicz
- memory store cannot delete a parent #4194 @jakubdyszkiewicz
- protocol check should be case-insensitive #4248 @lukidzi
- remove dns server from control plane #4192 @lahabana
- automatically detect dns lookup family for cp cluster #4275 @slonka
ZoneIngress:
- graceful start of many ZoneIngresses #4305 @jakubdyszkiewicz
ZoneEgress:
- resolve zone-ingress advertized address #4219 @lahabana
- do not change ip to ZoneEgress address #4193 @lukidzi
Kumactl:
- remove flag '--experimental-meshgateway' #4315 @lobkovilya
Timeout Policy:
- deprecate 'timeout.grpc' section #4365/#4449 @lobkovilya
Other:
- delete dns-server 5653 port from configuration and helm files #4339/#4345 @lobkovilya
- support kube-linter tools to analyze Kubernetes YAML files #4294 @mangoGoForward
Dependency upgrades:
- upgrade envoy to 1.22.1 #4288 #4464/#4465 @lobkovilya
- upgrade kuma-cni to 0.0.10 #4313 @lobkovilya
- upgrade tproxy iptables to v0.2.2 #4328 @bartsmykla
- upgrade GUI to the latest version #4316 #4338 #4389/#4390 @jakubdyszkiewicz, @lahabana, @bartsmykla
- upgrade protoc and regenerate files #4169 @lukidzi
- bump github.com/golang-migrate/migrate/v4 from 4.15.1 to 4.15.2 #4234 @dependabot
- bump github.com/gruntwork-io/terratest from 0.40.6 to 0.40.10 #4178 #4260 #4322 @dependabot
- bump github.com/lib/pq from 1.10.5 to 1.10.6 #4299 @dependabot
- bump github.com/miekg/dns from 1.1.48 to 1.1.49 #4291 @dependabot
- bump github.com/onsi/ginkgo/v2 from 2.1.3 to 2.1.4 #4233 @dependabot
- bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 #4290 @dependabot
- bump github.com/prometheus/common from 0.33.0 to 0.34.0 #4235 @dependabot
- bump github.com/spf13/viper from 1.10.0 to 1.11.0 #4177 @dependabot
- bump google.golang.org/grpc from 1.45.0 to 1.46.2 #4213 #4289 @dependabot
- bump k8s.io/apiextensions-apiserver from 0.23.5 to 0.24.0 #4216 @dependabot #4302/#4378
- bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.1 #4302/#4378 @dependabot
Other:
- automate policy generation #4197 @lobkovilya