kyma-project/kyma 2.18.0

on GitHub

With some of its offspring having left the parent ship as fully-grown, independent modules and more getting ready to follow suit, Kyma’s sailing, Kyma’s sailing… and still evolving. To understand its journey towards enhanced functionality, look at the latest updates and fixes.

Application Connectivity

With this release, all 5XX codes passing through Central Application Gateway are now rewritten to 502. The original error code is returned in a Target-System-Status header.

Telemetry

Kyma 2.18 brings the following improvements:

• We’ve fixed the bug that caused problems scraping the metrics of the Fluent Bit component by third-party vendors.
• We‘ve added mTLS support for TracePipeline OTLP outputs.
• We‘ve updated the following software stack:
  • OTel Collector 0.83.0
  • Fluent Bit 2.1.8

Service Mesh

As a significant step in our journey towards the Istio module’s release, we have introduced a new, stable, and reliable method of installing Istio - Kyma Istio Operator. This release also includes improvements to the installation and upgrade processes of Istio, as well as a new version of the Istio custom resource that provides additional configuration options. To learn more about it, visit the Kyma Istio Operator repository.

Security

Cluster Users removal

The Cluster Users component has been deprecated since Kyma 2.7 and will be removed with Kyma 2.19.
The component includes predefined Kubernetes ClusterRoles such as kyma-admin, kyma-namespace-admin, kyma-edit, kyma-developer, kyma-view, and kyma-essentials. These Roles specify permissions for accessing Kyma resources that you can assign to users. For example, if you bind a user to the kyma-admin ClusterRole, it grants them full admin access to the entire cluster, and if you bind a user to the kyma-view ClusterRole, they are only allowed to view and list the resources within the cluster.
Once the component is removed, these Roles will no longer be available for newly created clusters. This means that you won’t be able to use these predefined sets of rights and will be required to specify yourself which users or groups should have access to which of your resources. However, for clusters created before the release of Kyma 2.19, the already-defined Roles will not be deleted.

Cipher suits removal

As a part of security hardening and Kyma security team recommendations, ECDHE-RSA-AES256-SHA and ECDHE-RSA-AES128-SHA cipher suites used in default Kyma Gateway have been deprecated since the 2.15 Kyma version. Although we initially planned to remove these cipher suites with Kyma 2.18, we have decided to delay their removal until version 2.19. After the Kyma 2.19 release, clients dependent on the mentioned cipher suites won't be accepted.

Eventing

NATS

The following NATS Images have been updated:

• prometheus-nats-exporter v0.12.0
• nats-config-reloader v0.12.0

Serverless

Kyma 2.18 brings more observability into Node.js-based Functions.
They are now exposing a metrics endpoint containing the following auto-instrumented metrics:

• histogram for Function execution duration: function_duration_seconds
• number of calls in total: function_calls_total
• number of exceptions in total: function_failures_total

User Interface

From now on, you have the opportunity to give feedback about our product directly in Kyma Dashboard. To do that, use the shiny new button in the top right corner of the shell bar. Read the UX Scorecard in Kyma Dashboard blog post for more details.

2.18.0-rc3 (2023-08-30)

Eventing

• #18076 Image bump for eventing (@mfaizanse)

Committers: 2

• Muhammad Faizan (@mfaizanse)
• Wojciech Sołtys (@Sawthis)

2.18.0-rc2 (2023-08-29)

Eventing

• #18075 Added feature flag to disable provisioning of NATS as part of eventing (@mfaizanse)

Committers: 3

• Grzegorz Karaluch (@grego952)
• Muhammad Faizan (@mfaizanse)
• Wojciech Sołtys (@Sawthis)

2.18.0-rc1 (2023-08-28)

Api Gateway

• #17928 API Gateway 1.8.0 (@barchw)
• #17915 Update RBAC for api-exposure (@barchw)

Application Connector

• #18065 bumps images for application-connector components tests (@Disper)
• #18030 bumps application connector images before 2.18 release (@Disper)
• #18007 Handle 5XX statuses in gateway (@VOID404)
• #17957 fix application-connector-validator caching (@m00g3n)
• #17914 bump kyma-project/prod/external/golang from 1.20.5-alpine3.18 to 1.20.6-alpine3.18 in application connector components (@Disper)

Serverless

• #18052 Bump serverless runtime images before 2.18 (@kwiatekus)
• #18048 Fix response handling for non string, non object response payloads (@kwiatekus)
• #18032 Adjust Serverless controller resource limits (@kwiatekus)
• #17955 Bump k8s-tools image (@halamix2)
• #17952 Unify sample function in docs (@kwiatekus)
• #17942 Remove deprecated JaegerServiceEndpoint (@kwiatekus)
• #17917 Expose metrics endpoint in nodejs functions (@kwiatekus)
• #17913 Add serverless-contract-tests scenario (@MichalKalke)
• #17894 Contract test between api-gateway and serverless (@MichalKalke)

Eventing

• #18028 Use configured webhook auth secret in eventing-controller (@grischperl)
• #18036 Fix Eventing tests (@marcobebway)
• #18024 add dedicated eventing-priority-class (@k15r)
• #18006 Reduce Eventing resources (@marcobebway)
• #17959 Preserve EventMesh precomputed hashes (@marcobebway)
• #17843 introduce subscription status as a metric (@k15r)
• #17932 Fix the APIRule OwnerReferences equality check (@marcobebway)
• #17888 Fix bug dispatching messages to old sink (@marcobebway)
• #17933 Skip failing tests for EventMesh (@marcobebway)

Service Mesh

• #17967 Update documentation of Istio component (@barchw)
• #17963 Configuration for installation of Istio operator (@barchw)

Monitoring

• #18026 no usage of kymas global priorityclass in telemetry and monitoring component (@a-thaler)
• #18019 fix formatting for Grafana tip (@NHingerl)
• #17996 updated monitoring images to alpine 1.18.3 and golang 1.20.7 (@a-thaler)

Logging

• #17999 Bump telemetry manager to fix metric exposure which is not following prometheus specification (@hisarbalik)

Tracing

• #18035 Update telemetry-manager to enable mTLS for traces (@chrkl)

Telemetry

• #18045 Update Telemetry images to use Golang 1.21.0 (@chrkl)
• #18043 Update telemetry-operator to make insecure flag optional (@chrkl)
• #18021 update to otel-collector 0.83.0 and fluent-bit 2.1.8 (@a-thaler)
• #17950 sync telemetry docs in module repo and kyma repo (@NHingerl)
• #17917 Expose metrics endpoint in nodejs functions (@kwiatekus)

Documentation

• #18025 replace outdated blog links (@NHingerl)
• #18019 fix formatting for Grafana tip (@NHingerl)
• #18022 Add serverless docs to index.html (@grego952)
• #17988 update link to Telemetry docs (@NHingerl)
• #17950 sync telemetry docs in module repo and kyma repo (@NHingerl)
• #17958 Fix the link to the BTP Operator documentation in the _sidebar.md file (@IwonaLanger)
• #17952 Unify sample function in docs (@kwiatekus)
• #17949 Add the link to the BTP Operator module (@IwonaLanger)
• #17916 Small fixes in Quick Install docs (@grego952)

Committers: 26

• Andreas Thaler (@a-thaler)
• Andrzej Pankowski (@Cortey)
• Bartosz Chwila (@barchw)
• Carina Kothe (@grischperl)
• Christoph Kleineweber (@chrkl)
• Damian Badura (@dbadura)
• Edrilan Berisha (@ECasio)
• Friedrich (@friedrichwilken)
• Grzegorz Karaluch (@grego952)
• Hisar Balik (@hisarbalik)
• Iwona Langer (@IwonaLanger)
• Korbinian Stoemmer (@k15r)
• Krzysztof Kwiatosz (@kwiatekus)
• Marco Bebway (@marcobebway)
• Marek Kołodziejczak (@kolodziejczak)
• Małgorzata Świeca (@mmitoraj)
• Michał 'Disper' Drzewiecki (@Disper)
• Michał Kalke (@MichalKalke)
• Natalia Sitko (@nataliasitko)
• Nina Hingerl (@NHingerl)
• Piotr Bochyński (@pbochynski)
• Piotr Halama (@halamix2)
• Valentin Vieriu (@valentinvieriu)
• Wojciech Nawa (@VOID404)
• Wojciech Sołtys (@Sawthis)
• marcin witalis (@m00g3n)