Still warm, as the June sun at noon, comes Kyma 2.15. The hot season has already started, so juicy improvements are here to refresh your experience with our product. Sip the strawberry-Telemetry, watermelon-Security, raspberry-API Gateway, and peach-Serverless cool punch news as if you were on a Hawaiian beach. Read on to see what we prepared for you!
Telemetry
Manager
- In preparation for turning the Telemetry component into a module, resources have been consolidated. As a result, you must run a cleanup script when you upgrade to Kyma version 2.15. For more details, read the 2.14-2.15 Migration Guide.
- Handling of webhook certificates has been improved.
Tracing
Logging
Security
With the 2.15 Kyma version, ECDHE-RSA-AES256-SHA and ECDHE-RSA-AES128-SHA cipher suites used in the default Kyma gateway become deprecated as part of security hardening and following Kyma security team recommendations. The configurations will be removed with Kyma version 2.18, and clients dependent on the cipher suites won’t be accepted.
API Gateway
Default timeout for HTTP requests
This Kyma release brings a unified timeout for workloads exposed with APIRules. The default timeout for HTTP requests is now 180s, and it’s defined on the Istio VirtualService level.
Ory Hydra OAuth2 client migration
The Ory stack has been deprecated since Kyma version 2.2. The recently published blog post explains how to migrate from the Ory Hydra client to the application created in SAP Cloud Identity Services. Start the migration process as soon as possible.
Serverless
Simplified internal Docker registry setup
With Kyma 2.15, we simplified Serverless configuration for the internal Docker registry. From now on, the images for Function runtime Pods are pulled from the internal Docker registry with NodePort.
With this change, we improve security as the internal Docker registry is no longer exposed outside of the Kubernetes cluster. Additionally, it makes Serverless fully independent from the Istio module in all installation modes.
Deployment profiles removed
In preparation for an independent installation model, we removed the predefined deployment profiles, namely evaluation and production for Serverless. We are shifting from profiled overrides used during module installation towards runtime-configurable resources.
Changelog
2.15.0 (2023-06-07)
Api Gateway
Application Connector
- #17607 bumps application connector images (@Disper)
- #17544 Bumps dependencies in application-connector components (@Disper)
- #17528 bump application connector dependencies (@Disper)
- #17458 bumps golang to 1.20.4 in application connectivity components (@Disper)
Serverless
- #17602 Serverless: merge production and remove profiles (@dbadura)
- #17488 Remove annotation from webhook (@dbadura)
- #17566 Function UI should list subscriptions via new apiversion (@kwiatekus)
- #17553 Fix serverless endless deletion/creation build job loop when using customRuntimeOverride (@dbadura)
- #17257 Remove istio deps (@dbadura)
- #17470 Serverless internal docker registry node port - docs (@dbadura)
- #17253 Use nodeport as pull addr for internal registry (@dbadura)
- #17531 Fix path for the synced keda images (@kwiatekus)
- #17512 Scan keda images from external dir (@kwiatekus)
- #17504 Fix ssh cert callback (@kwiatekus)
- #17502 Bump k8s-tools image (@halamix2)
- #17481 disable create subscriptions in serverless busola extension (@anoipm)
Eventing
- #17450 update eventing-crd documentation (@k15r)
- #17471 add deprecation warning to subscription crd (@k15r)
Security
Monitoring
- #17494 increased cpu limit for grafana sidecars (@a-thaler)
- #17472 Add alertmanagers/status to prometheus-operator clusterrole (@shorim)
Logging
- #17595 Increase loki chunk cleaner target size percentage (@hisarbalik)
- #17551 Fix loki chunk cleaner cause high CPU usage (@hisarbalik)
- #17485 update to fluent-bit 2.1.2 (@a-thaler)
Tracing
Telemetry
- #17563 Increase memory limit for telemetry operator (@rakesh-garimella)
- #17609 [Telemetry Manager] Only rotate server cert upon expiry (@skhalash)
- #17587 Update Alertmanager image to add missing CA bundles (@chrkl)
- #17574 Update telemetry-operator to cleanup Fluent Bit volume mounts (@chrkl)
- #17576 Update telemetry-operator to introduce re-usable webhook CA bundle (@chrkl)
- #17575 Remove Fluentbit peerAuthentication (@shorim)
- #17546 use new telemetry priority class for fluent-bit (@rakesh-garimella)
- #17550 Remove logpipeline-editor-role and logpipeline-viewer-role (@shorim)
- #17529 fix: Logparser and log pipeline extension (@mrCherry97)
- #17487 Update Telemetry-related Busola extensions (@shorim)
- #17494 increased cpu limit for grafana sidecars (@a-thaler)
- #17486 Add Telemetry Helm Chart migration guide (@hisarbalik)
- #17485 update to fluent-bit 2.1.2 (@a-thaler)
- #17469 update to otel-collector 0.77.0 (@a-thaler)
- #17400 Bump telemetry-operator image to support multiple pipelines (@chrkl)
Documentation
- #17470 Serverless internal docker registry node port - docs (@dbadura)
- #17450 update eventing-crd documentation (@k15r)
- #17486 Add Telemetry Helm Chart migration guide (@hisarbalik)
- #17473 add deprecation warning to generated documentation (@k15r)
- #17421 CRD documentation list all versions (@k15r)
Committers: 23
- Aleksei Chernyshov (@Teneroy)
- Andreas Thaler (@a-thaler)
- Christoph Kleineweber (@chrkl)
- Damian Badura (@dbadura)
- Friedrich (@friedrichwilken)
- Grzegorz Karaluch (@grego952)
- Hisar Balik (@hisarbalik)
- Iwona Langer (@IwonaLanger)
- Korbinian Stoemmer (@k15r)
- Krzysztof Kwiatosz (@kwiatekus)
- Magda Stręk (@strekm)
- Marcin Dobrochowski (@anoipm)
- Marek Michali (@MarekMichali)
- Mateusz Wisniewski (@mrCherry97)
- Małgorzata Świeca (@mmitoraj)
- Michał 'Disper' Drzewiecki (@Disper)
- Mostafa Shorim (@shorim)
- Natalia Sitko (@nataliasitko)
- Piotr Halama (@halamix2)
- Rakesh Garimella (@rakesh-garimella)
- Stanislav Khalash (@skhalash)
- Vladimir Videlov (@videlov)
- Zsolt Kis (@zralt)