kumahq/kuma 2.1.0

on GitHub

We are excited to announce the release of Kuma 2.1! This new release is shipping with the full suite of new and improved policies that we announced (and started) in 2.0, in addition to some more great UX improvements in the UI and a host of smaller fixes.

Notable changes

• 🚀 Completed implementation of all next-generation policies, adding:
  • MeshHTTPRoute
  • MeshCircuitBreaker
  • MeshFaultInjection
  • MeshHealthCheck
  • MeshProxyPatch
  • MeshRateLimit
  • MeshRetry
  • MeshTimeout
• 🚀 Added support for header absence matching in traffic routes
• 🚀 Ability to filter admin API output
• 🚀 Added gateway view to the UI
• 🚀 Ability to filter by tags and types in the UI
• 🚀 Cross control-plane API to be able to use inspect API on global when there are multiple instances of the CP
• Various other bug fixes and quality-of-life improvements across the product

Checkout the blog post about Kuma 2.1.0

Changelog

• chore(deps): bump alpine from 3.16.2 to 3.17.0 #5308 #5375 @dependabot
• chore(deps): bump github.com/Masterminds/semver/v3 from 3.1.1 to 3.2.0 #5377 @dependabot
• chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 #5457 @dependabot
• chore(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12 #5600 @dependabot
• chore(deps): bump github.com/containernetworking/plugins from 1.1.1 to 1.2.0 #5733 @dependabot
• chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.13 to 0.9.1 #5277 #5311 #5460 @dependabot
• chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.4.3 #5428 @dependabot
• chore(deps): bump github.com/gruntwork-io/terratest from 0.40.24 to 0.41.8 #5310 #5354 #5426 #5542 #5688 @dependabot,@lahabana
• chore(deps): bump github.com/kumahq/kuma-net from 0.8.7 to 0.8.10 #5298 #5513 @lukidzi
• chore(deps): bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.7.0 #5319 #5351 #5687 @dependabot
• chore(deps): bump github.com/onsi/gomega from 1.23.0 to 1.25.0 #5275 #5313 #5539 #5789 @dependabot
• chore(deps): bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0 #5274 #5323 @dependabot
• chore(deps): bump github.com/prometheus/common from 0.37.0 to 0.39.0 #5483 #5523 @dependabot
• chore(deps): bump github.com/prometheus/prometheus from 0.39.1 to 0.41.0 #5320 #5353 #5376 #5456 #5526 #5546 @dependabot
• chore(deps): bump github.com/sethvargo/go-retry from 0.2.3 to 0.2.4 #5524 @dependabot
• chore(deps): bump github.com/shopspring/decimal from 1.2.0 to 1.3.1 #5790 @dependabot
• chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.15.0 #5273 #5788 @dependabot
• chore(deps): bump go.uber.org/multierr from 1.8.0 to 1.9.0 #5525 @dependabot
• chore(deps): bump go.uber.org/zap from 1.23.0 to 1.24.0 #5427 @dependabot
• chore(deps): bump golang.org/x/net from 0.1.0 to 0.5.0 #5315 #5459 #5623 @dependabot
• chore(deps): bump golang.org/x/sys from 0.1.0 to 0.4.0 #5312 #5430 #5621 @dependabot
• chore(deps): bump golang.org/x/text from 0.4.0 to 0.6.0 #5458 #5624 @dependabot
• chore(deps): bump golang.org/x/time from 0.1.0 to 0.3.0 #5325 #5429 @dependabot
• chore(deps): bump google.golang.org/grpc from 1.50.1 to 1.52.0 #5352 #5686 @dependabot
• chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.11.0 #5592 #5791 @dependabot
• chore(deps): bump istio.io/pkg from v0.0.0-20201202160453-b7f8c8c88ca3 to v0.0.0-20221115183735-2aabb09bf0bb #5330 @mmorel-35
• chore(deps): bump k8s.io/apiextensions-apiserver from 0.25.3 to 0.25.4 #5328 @mmorel-35
• chore(deps): bump k8s.io/client-go from 0.25.3 to 0.25.4 #5316 @dependabot
• chore(deps): bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 #5812 @dependabot
• chore(deps): bump sigs.k8s.io/controller-runtime from 0.13.0 to 0.13.1 #5276 @dependabot
• chore(deps): bump sigs.k8s.io/controller-tools from 0.10.0 to 0.11.1, #5541 @dependabot
• chore(deps): bump tibdex/github-app-token from 1.6.0 to 1.8.0 #5434 #5879 @dependabot
• chore(deps): install dev tools and split if more repos #5528 @lukidzi
• chore(deps): security update #5761 @kumahq
• chore(deps): update coreDNS to 1.10.0 #5626 @lahabana
• chore(deps): update to emicklei/go-restful/v3 v3.10.1 and remove /tokens #5324 @dependabot
• chore(deps): upgrade k3d #5518 @lukidzi
• chore(deps): use latest kumahq/kuma-gui #5265 #5272 #5281 #5307 #5321 #5332 #5346 #5371 #5388 #5405 #5484 #5486 #5509 #5572 #5589 #5619 #5628 #5675 #5685 #5700 #5724 #5732 #5737 #5772 #5800 #5805 #5823 #5826 #5843 #5851 #5863 #5866 #5883 @kumahq
• chore(deps): use sigs.k8s.io/yaml #5215 @mmorel-35
• feat(MeshAccessLog): add OmitEmptyValues to MeshAccessLog format #5302 @mmorel-35
• feat(MeshGatewayInstance): respect kuma.io/mesh label #5256 @michaelbeaumont
• feat(MeshGatewayRoute): response header filter #5334 @michaelbeaumont
• feat(api-server): ability to set rootUrl for GUI and API #5295 @lahabana
• feat(api-server): add name search to dataplane overview #5340 @lahabana
• feat(api-server): contain matches on name and tags #5606 @lahabana
• feat(build): consistent docker images #5343 @slonka
• feat(build): idempotent build #5291 #5358 #5403 #5404 #5407 #5440 @slonka
• feat(gateway): add support for match header PRESENT and ABSENT #5739 @lahabana
• feat(gui): serve index from all paths without extension #5357 @lahabana
• feat(helm): add tolerations to Helm chart #5549 @KrustyHack
• feat(helm): allow injecting env from parent projects #5677 @slonka
• feat(helm): use object instead of list for plugins.policies #5735 @michaelbeaumont
• feat(kuma-cp): add possibility to run diagnostics on TLS #5344 @mmorel-35
• feat(kuma-cp): added configuration of plugins and its order #5472 @lukidzi
• feat(kuma-cp): intOrString as decimal in the API #5768 @jakubdyszkiewicz
• feat(kuma-cp): intercp communication protocol #5445 #5492 @jakubdyszkiewicz
• feat(kuma-cp): recover from watchdog panics #5581 @jakubdyszkiewicz
• feat(kuma-cp): remove value of secret when logging Secret Resources #5384 @Automaat
• feat(kumactl): added option to install transparent proxy with docker #5284 @lukidzi
• feat(policy): allow merging by a complex key #5650 @michaelbeaumont
• feat(policy): append policy slices #5515 @jakubdyszkiewicz
• feat(policy): don't use protobuf for DataSource in policies #5668 #5756 @Automaat
• feat(policy): implement MeshCircuitBreaker policy #5454 #5493 #5651 @bartsmykla,@lobkovilya
• feat(policy): implement MeshFaultInjection policy #5723 #5773 @lukidzi
• feat(policy): implement MeshHTTPRoute policy #5530 #5625 #5653 #5746 @michaelbeaumont,@slonka
• feat(policy): implement MeshHealthCheck policy #5369 #5415 #5503 #5654 #5713 #5722 @lahabana,@lobkovilya,@michaelbeaumont,@slonka
• feat(policy): implement MeshProxyPatch policy #5578 #5604 @jakubdyszkiewicz
• feat(policy): implement MeshRateLimit policy #5362 #5463 #5710 #5742 @lobkovilya,@lukidzi
• feat(policy): implement MeshRetry policy #5478 #5522 #5583 #5749 #5808 @lobkovilya,@slonka
• feat(policy): implement MeshTimeout policy #5294 #5364 #5568 @Automaat,@michaelbeaumont
• feat(policy): improve rules api #5785 @lahabana
• feat(policy): validate schema only during the user's input unmarshal #5566 @lobkovilya
• feat(security): add dependabot security updates to release branches #5731 #5734 #5758 #5767 #5778 #5783 @slonka
• fix(MeshAccessLog): update API to align with the memo #5580 @lobkovilya
• fix(MeshGateway): properly apply Service template annotations to existing Service #5674 @michaelbeaumont
• fix(MeshTrace): adjust MeshTrace to follow the memo #5743 @lobkovilya
• fix(api-server): fix tags filter value with : #5339 @lahabana
• fix(api-server): remove spec from inspect policy output #5491 @lahabana
• fix(api-server): return 400 on invalid resource name #5719 @lahabana
• fix(gateway): be more lenient with prefix paths trailing slashes #5299 @michaelbeaumont
• fix(gui): add version and basedOnKuma to index.html #5448 @lahabana
• fix(kuma-cp): add option to disable sslsni in universal #5318 @michaelbeaumont
• fix(kuma-cp): allow to set policies order from others projects #5535 @lukidzi
• fix(kuma-cp): change way of setting if resource is read only #5345 @lukidzi
• fix(kuma-cp): concurrent mesh cache map write #5282 @michaelbeaumont
• fix(kuma-cp): don't cache filtered data #5574 @lukidzi
• fix(kuma-cp): filtering of name prefix on K8S #5517 @jakubdyszkiewicz
• fix(kuma-cp): fix appending of pointer to slice in policies config #5784 @Automaat
• fix(kuma-cp): fix kafka_type tag creation regex #5507 @Automaat
• fix(kuma-cp): fixed error when logging ExternalServiceResourceList and MeshResourceList #5423 @Automaat
• fix(kuma-cp): forward envoy admin operations to proper instance #5466 @jakubdyszkiewicz
• fix(kuma-cp): increase kuma-init memory limit when using ebpf #5579 @lukidzi
• fix(kuma-cp): kds deadlock #5373 @jakubdyszkiewicz
• fix(kuma-cp): make validate list aware of the mesh #5280 @slonka
• fix(kuma-cp): memory store keeps children after owner update #5372 @jakubdyszkiewicz
• fix(kuma-cp): only put policies in MeshInsight #5577 @lahabana
• fix(kuma-cp): retrieve name from owner not parsing pod name for Deployments/CronJob #5569 @lukidzi
• fix(kuma-cp): use sni to verify upstream certificate san when specified instead of address #5347 @jamesdbloom
• fix(kuma-cp): warn when using deprecated token id #5520 @lahabana
• fix(kuma-dp): allow to configure address of application to scrape #5326 @lukidzi
• fix(kuma-dp): tolerate endline in token file #5591 @lahabana
• fix(kumactl): remove PodSecurityPolicy from install observability #5382 @michaelbeaumont
• fix(kumactl): set klog to avoid logs from k8s #5590 @lahabana
• fix(kumactl): use the same client in kumactl apply #5327 @lahabana
• fix(policy): change percentage field from int to intOrString #5810 @lukidzi
• fix(policy): fix schema.yaml to have correct metadata #5349 @lahabana
• fix(policy): make targetRef required #5593 @AyushSenapati
• fix(policy): remove superfluous var usage #5627 @AyushSenapati
• fix(policy): use GatewayAPI style header modifier in all policies #5757 @lahabana
• fix(policy): use PascalCase for all constants #5747 @lahabana
• fix(universal): don't set sslsni option if not disabled (backport #5419) #5439 @mergify
• fix(xds): don't read metadata in ProxyBuilders #5414 @lahabana
• fix(xds): sort resources when building MeshContext #5391 @lobkovilya