We’re excited to announce the release of Kuma 2.4, a new minor release improves cross zone routing, adds a new alternative metrics TLS setup and improves observability further.
Notable Changes
- 🚀 Support for user provided certificates to be used to scrape from prometheus securely.
- 🚀 Add multi-zone support for VirtualOutbound.
- 🚀 Wait for sidecar to be ready before starting the app.
- 🚀 Add MeshGateway targetRef support to: MeshHealthCheck, MeshRetry and MeshTimeout.
- 🚀 Many improvements to the GUI.
- 🚀 Improved kubectl support with targetRef policies.
- 🚀 Upgrade to Envoy 1.27.
And a lot more! Check out the blog post to learn more about the release.
Changelog
- chore(deps): bump CoreDNS from v1.10.1 to v1.11.1 #7493 #7523 @michaelbeaumont
- chore(deps): bump cirello.io/pglock from 1.13.0 to 1.14.0 #7554 @dependabot
- chore(deps): bump debian from
3d868b5
tob91baba
#7403 #7547 @dependabot - chore(deps): bump envoy to 1.26.3 #7267 @lukidzi
- chore(deps): bump github.com/cilium/ebpf from 0.10.0 to 0.11.0 #7205 @dependabot
- chore(deps): bump github.com/emicklei/go-restful/v3 from 3.10.2 to 3.11.0 #7552 @dependabot
- chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 1.0.1 to 1.0.2 #7159 @dependabot
- chore(deps): bump github.com/exaring/otelpgx from 0.5.0 to 0.5.1 #7337 @dependabot
- chore(deps): bump github.com/jackc/pgx/v5 from 5.4.1 to 5.4.3 #7273 #7474 @dependabot
- chore(deps): bump github.com/onsi/gomega from 1.27.8 to 1.27.10 #7336 @dependabot
- chore(deps): bump github.com/testcontainers/testcontainers-go from 0.20.1 to 0.23.0 #7122 #7514 @dependabot
- chore(deps): bump go.opentelemetry.io/proto/otlp from 0.20.0 to 1.0.0 #7272 @dependabot
- chore(deps): bump go.uber.org/zap from 1.24.0 to 1.25.0 #7472 @dependabot
- chore(deps): bump golang.org/x/net from 0.11.0 to 0.14.0 #7206 #7475 @dependabot
- chore(deps): bump golang.org/x/sys from 0.9.0 to 0.11.0 #7204 #7471 @dependabot
- chore(deps): bump golang.org/x/text from 0.10.0 to 0.12.0 #7203 #7476 @dependabot
- chore(deps): bump golangci-lint from v1.51.2 to v1.53.3 #7334 @lahabana
- chore(deps): bump gonum.org/v1/gonum from 0.13.0 to 0.14.0 #7553 @dependabot
- chore(deps): bump google.golang.org/grpc from 1.56.0 to 1.57.0 #7123 #7202 #7373 @dependabot
- chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 #7124 @dependabot
- chore(deps): bump helm.sh/helm/v3 from 3.12.1 to 3.12.3 #7270 #7515 @dependabot
- chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.3 to 0.27.4 #7372 @michaelbeaumont
- chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.0 to 0.15.1 #7470 @dependabot
- chore(deps): bump sigs.k8s.io/controller-tools from 0.12.0 to 0.13.0 #7271 #7550 @dependabot
- chore(deps): bump sigs.k8s.io/gateway-api from 0.7.1-0.20230727082008-1764e458047d to 0.8.0-rc1 #7371 #7513 @dependabot,@michaelbeaumont
- chore(deps): bump the k8s-libs group with 3 updates #7335 #7549 @dependabot
- chore(deps): bump ubuntu from
0bced47
toec050c3
#7546 @dependabot - chore(deps): update go from 1.20.5 to 1.20.6 #7414 @slonka
- chore(deps): update testcontainers-go to 0.22.0 #7477 @slonka
- chore(deps): update to go 1.20.7 #7429 @slonka
- chore(deps): upgrade envoy to 1.26.4 #7367 @lukidzi
- chore(deps): upgrade envoy to 1.27.0 #7411 @lukidzi
- chore(deps): use latest kumahq/kuma-gui #7095 #7096 #7097 #7100 #7113 #7127 #7128 #7156 #7169 #7171 #7193 #7219 #7255 #7260 #7261 #7274 #7279 #7284 #7305 #7308 #7320 #7322 #7328 #7331 #7340 #7341 #7343 #7345 #7350 #7357 #7369 #7370 #7376 #7378 #7379 #7385 #7388 #7413 #7421 #7430 #7444 #7478 #7479 #7480 #7481 #7482 #7487 #7498 #7499 #7503 #7509 #7510 #7511 #7517 #7518 #7522 #7524 #7537 #7538 #7548 #7557 #7566 #7568 #7569 #7571 #7575 #7581 #7582 #7584 @kumahq
- chore(release): merge release-2.3 #7099 @michaelbeaumont
- feat(MeshHealthCheck): allow top level targetRef kind MeshGateway #7194 @michaelbeaumont
- feat(MeshRetry): allow top level targetRef kind MeshGateway #7190 @michaelbeaumont
- feat(MeshTimeout): allow top level targetRef.kind MeshGateway #7137 @michaelbeaumont
- feat(VirtualOutbound): support multizone #7407 @jakubdyszkiewicz
- feat(api-server): add isTargetRefBased in /policies #7561 @lahabana
- feat(api-server): add service unavailable error #7501 @slonka
- feat(api-server): allow WebService customization in plugins #7497 @michaelbeaumont
- feat(api-server): error status is an int #7162 @jakubdyszkiewicz
- feat(cni): add retry for CNI config file check #7215 @StuAtKong
- feat(insights): add event to trigger computation #7506 @jakubdyszkiewicz
- feat(insights): change metrics to milliseconds #7491 @jakubdyszkiewicz
- feat(k8s): show
targetRef
kind
/name
in kubectl output #7116 @michaelbeaumont - feat(kuma-cp): add 'renewDeadline' and 'leaseDuration' config params #7448 @lobkovilya
- feat(kuma-cp): add info about presence of auth token in zoneInsight #7598 @Automaat
- feat(kuma-cp): add observability to k8s auth cache #7192 @jakubdyszkiewicz
- feat(kuma-cp): add opentelemetry traces to pgx #7216 @michaelbeaumont
- feat(kuma-cp): add tracing to KDS server #7160 @michaelbeaumont
- feat(kuma-cp): allow to disable resources count metrics #7304 @lukidzi
- feat(kuma-cp): better xds metrics #7208 @jakubdyszkiewicz
- feat(kuma-cp): block application container start until dp is ready #7583 @lukidzi
- feat(kuma-cp): extend ZoneInsight api with information about usage of… #7563 @Automaat
- feat(kuma-cp): force routing through zone egress #7558 @jakubdyszkiewicz
- feat(kuma-cp): implement TLS listener for prometheus #7534 @lukidzi
- feat(kuma-cp): introduce OpenTelemetry tracing #7153 @michaelbeaumont
- feat(kuma-cp): support Datadog propagation for tracing #7168 @michaelbeaumont
- feat(kuma-dp): don't require NET_BIND_SERVICE capability #7276 @michaelbeaumont
- feat(kumactl): define User-Agent #7307 @mmorel-35
- feat(metrics): expose kube controller manager metrics #7158 @jakubdyszkiewicz
- feat(metrics): support OpenMetrics from applications #7125 @AyushSenapati
- feat(observability): add traceId in error messages #7329 @lahabana
- feat(observability): components metrics #7209 @jakubdyszkiewicz
- feat(policy): add
targetRef.kind
MeshGateway
#7114 @michaelbeaumont - feat(watchdog): don't call onError if error was Canceled #7401 @michaelbeaumont
- feat(xds): filter-chain builder constructor require name #7131 @mmorel-35
- feat(xds): named resources (clusters) builders require name #7104 @mmorel-35
- feat(xds): named resources (listeners) builders require name #7105 @mmorel-35
- feat(xds): named resources (routes configuration) builders require name #7106 @mmorel-35
- feat(zoneproxies): check empty listeners #7562 @jakubdyszkiewicz
- fix(MeshTrafficPermission): use serviceName instead of resource name for egress MTP #7225 @lukidzi
- fix(api-server): return 400 when PUT/POST resource is invalid #7560 @lahabana
- fix(containerd): only build cgroups on linux #7408 @slonka
- fix(dataplane_watchdog): fix outdated comment #7565 @nicoche
- fix(egress): routing using MeshHTTPRoute and VirtualOutbound #7536 @jakubdyszkiewicz
- fix(insights): rewrite insights to allow more efficiency #7375 @lahabana
- fix(intercp): properly track idleness of pool connections #7323 @michaelbeaumont
- fix(k8s): tolerate unknown
appProtocol
#7133 @michaelbeaumont - fix(kuma-cp): cancel OnTick when watchdog stopped #7221 @michaelbeaumont
- fix(kuma-cp): do not require certs on https api port #7102 @jakubdyszkiewicz
- fix(kuma-cp): don't fail when 2 headless services pointing to the same service #7282 @lukidzi
- fix(kuma-cp): don't leak goroutine on every tick in SimpleWatchdog #7348 @lukidzi
- fix(kuma-cp): don't return from opentelemetry Start #7157 @michaelbeaumont
- fix(kuma-cp): handle advertised address in zone ingress #7332 @jakubdyszkiewicz
- fix(kuma-cp): handle external services with permissive mtls #7179 @jakubdyszkiewicz
- fix(kuma-cp): order resources for building VIPs #7333 @lukidzi
- fix(kuma-cp): pass context via snapshot reconciler to generateCerts #7231 @michaelbeaumont
- fix(kuma-cp): put metadata xds callbacks before sync #7230 @lobkovilya
- fix(kuma-cp): universal mode don't log on every lock acquire attempt #7593 @michaelbeaumont
- fix(kuma-dp): pass sockets in metadata from dp to cp #7218 @lahabana
- fix(kumactl): treat 404 as resource not found error #7297 @slonka
- fix(metrics): hijacker should not pass accept-encoding #7572 @jakubdyszkiewicz
- fix(sec): get rid of dependency on containerd #7387 @slonka
- perf(kuma-cp): trim zone ingress and service insights #7098 @jakubdyszkiewicz
- perf(xds): use aggregated mesh context for zone proxies #7449 @jakubdyszkiewicz
- perf(zoneingress): only pick resources from proper mesh #7415 @jakubdyszkiewicz