github kyma-project/kyma 2.18.0

latest releases: 2.20.0, 2.20.0-rc1, 2.19.3...
14 months ago

With some of its offspring having left the parent ship as fully-grown, independent modules and more getting ready to follow suit, Kyma’s sailing, Kyma’s sailing… and still evolving. To understand its journey towards enhanced functionality, look at the latest updates and fixes.

Application Connectivity

With this release, all 5XX codes passing through Central Application Gateway are now rewritten to 502. The original error code is returned in a Target-System-Status header.

Telemetry

Kyma 2.18 brings the following improvements:

Service Mesh

As a significant step in our journey towards the Istio module’s release, we have introduced a new, stable, and reliable method of installing Istio - Kyma Istio Operator. This release also includes improvements to the installation and upgrade processes of Istio, as well as a new version of the Istio custom resource that provides additional configuration options. To learn more about it, visit the Kyma Istio Operator repository.

Security

Cluster Users removal

The Cluster Users component has been deprecated since Kyma 2.7 and will be removed with Kyma 2.19.
The component includes predefined Kubernetes ClusterRoles such as kyma-admin, kyma-namespace-admin, kyma-edit, kyma-developer, kyma-view, and kyma-essentials. These Roles specify permissions for accessing Kyma resources that you can assign to users. For example, if you bind a user to the kyma-admin ClusterRole, it grants them full admin access to the entire cluster, and if you bind a user to the kyma-view ClusterRole, they are only allowed to view and list the resources within the cluster.
Once the component is removed, these Roles will no longer be available for newly created clusters. This means that you won’t be able to use these predefined sets of rights and will be required to specify yourself which users or groups should have access to which of your resources. However, for clusters created before the release of Kyma 2.19, the already-defined Roles will not be deleted.

Cipher suits removal

As a part of security hardening and Kyma security team recommendations, ECDHE-RSA-AES256-SHA and ECDHE-RSA-AES128-SHA cipher suites used in default Kyma Gateway have been deprecated since the 2.15 Kyma version. Although we initially planned to remove these cipher suites with Kyma 2.18, we have decided to delay their removal until version 2.19. After the Kyma 2.19 release, clients dependent on the mentioned cipher suites won't be accepted.

Eventing

NATS

The following NATS Images have been updated:

Serverless

Kyma 2.18 brings more observability into Node.js-based Functions.
They are now exposing a metrics endpoint containing the following auto-instrumented metrics:

  • histogram for Function execution duration: function_duration_seconds
  • number of calls in total: function_calls_total
  • number of exceptions in total: function_failures_total

User Interface

From now on, you have the opportunity to give feedback about our product directly in Kyma Dashboard. To do that, use the shiny new button in the top right corner of the shell bar. Read the UX Scorecard in Kyma Dashboard blog post for more details.

2.18.0-rc3 (2023-08-30)

Eventing

Committers: 2

2.18.0-rc2 (2023-08-29)

Eventing

  • #18075 Added feature flag to disable provisioning of NATS as part of eventing (@mfaizanse)

Committers: 3

2.18.0-rc1 (2023-08-28)

Api Gateway

Application Connector

  • #18065 bumps images for application-connector components tests (@Disper)
  • #18030 bumps application connector images before 2.18 release (@Disper)
  • #18007 Handle 5XX statuses in gateway (@VOID404)
  • #17957 fix application-connector-validator caching (@m00g3n)
  • #17914 bump kyma-project/prod/external/golang from 1.20.5-alpine3.18 to 1.20.6-alpine3.18 in application connector components (@Disper)

Serverless

Eventing

Service Mesh

Monitoring

  • #18026 no usage of kymas global priorityclass in telemetry and monitoring component (@a-thaler)
  • #18019 fix formatting for Grafana tip (@NHingerl)
  • #17996 updated monitoring images to alpine 1.18.3 and golang 1.20.7 (@a-thaler)

Logging

  • #17999 Bump telemetry manager to fix metric exposure which is not following prometheus specification (@hisarbalik)

Tracing

  • #18035 Update telemetry-manager to enable mTLS for traces (@chrkl)

Telemetry

Documentation

Committers: 26

Don't miss a new kyma release

NewReleases is sending notifications on new releases.