Changelog

2.9.1

Released on 2024/11/14

  • chore(deps): algin forked go-control-plane version with upstream #12029 @kumahq
  • chore(deps): bump envoy from 1.30.6 to 1.30.7 #11958 @lukidzi
  • chore(deps): security update #11982 @kumahq
  • chore(deps): use latest kumahq/kuma-gui #11944 @kumahq
  • fix(cni): delegated gateway was not correctly injected (backport of #11922) #11928 @kumahq
  • fix(k8s): set annotation kuma.io/display-name for Secrets and Configs (backport of #11923) #11942 @kumahq
  • fix(kuma-cp): avoid concurrent access on resource meta (backport of #11997) #12024 @kumahq
  • fix(meshtimeout): don’t set default timeouts on inbound cluster and listener (backport of #12043) #12049 @kumahq

2.6.13

Released on 2024/11/13

  • chore(deps): bump envoy from 1.28.7 to 1.29.10 #11960 @lukidzi
  • chore(deps): security update #11975 @kumahq
  • fix(k8s): set annotation kuma.io/display-name for Secrets and Configs (backport of #11923) #11940 @kumahq
  • fix(kuma-cp): avoid concurrent access on resource meta (backport of #11997) #12021 @kumahq
  • fix(store): preserve existing labels when update #11953 @kumahq

2.8.5

Released on 2024/11/12

  • chore(deps): bump envoy from 1.30.6 to 1.30.7 #11957 @lukidzi
  • chore(deps): security update #11973 @kumahq
  • fix(k8s): set annotation kuma.io/display-name for Secrets and Configs (backport of #11923) #11943 @kumahq
  • fix(kuma-cp): avoid concurrent access on resource meta (backport of #11997) #12022 @kumahq

2.7.9

Released on 2024/11/12

  • chore(deps): bump envoy from 1.29.9 to 1.29.10 #11956 @lukidzi
  • chore(deps): security update #11972 @kumahq
  • fix(k8s): set annotation kuma.io/display-name for Secrets and Configs (backport of #11923) #11941 @kumahq
  • fix(kuma-cp): avoid concurrent access on resource meta (backport of #11997) #12023 @kumahq
  • fix(store): preserve existing labels when update #11954 @kumahq

2.9.0

Released on 2024/10/18

  • chore(deps): bump Kong/public-shared-actions from 2.3.0 to 2.7.3 #11139 #11218 #11263 #11310 #11518 #11598 #11696 @dependabot
  • chore(deps): bump coredns from v1.11.1 to v1.11.3 #11568 @michaelbeaumont
  • chore(deps): bump debian from 12.5 to 27586f4 #10756 #11007 #11142 #11357 #11596 @dependabot
  • chore(deps): bump distroless/base-nossl-debian11 from 1dcd82e to d66c60e #10823 @dependabot
  • chore(deps): bump distroless/static-debian11 from 459f8ab to 55716e8 #10824 @dependabot
  • chore(deps): bump envoy from 1.30.2 to 1.30.6 #10645 #10692 #11488 @lukidzi
  • chore(deps): bump github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0 #11259 @dependabot
  • chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 #11281 @dependabot
  • chore(deps): bump github.com/cilium/ebpf from 0.15.0 to 0.16.0 #11006 @dependabot
  • chore(deps): bump github.com/containernetworking/cni from 1.2.1 to 1.2.3 #10703 #10939 @dependabot
  • chore(deps): bump github.com/docker/docker from 27.0.3+incompatible to 27.1.1+incompatible #11012 #11084 @dependabot
  • chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 1.0.4 to 1.1.0 #11097 @dependabot
  • chore(deps): bump github.com/exaring/otelpgx from 0.6.1 to 0.6.2 #10701 @dependabot
  • chore(deps): bump github.com/golang-migrate/migrate/v4 from 4.17.1 to 4.18.1 #11353 @dependabot
  • chore(deps): bump github.com/gruntwork-io/terratest from 0.46.15 to 0.47.2 #10700 #10899 #11282 #11677 @dependabot
  • chore(deps): bump github.com/jackc/pgx/v5 from 5.6.0 to 5.7.1 #11358 #11436 @dependabot
  • chore(deps): bump github.com/miekg/dns from 1.1.61 to 1.1.62 #11117 @dependabot
  • chore(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2 #10938 @dependabot
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.20.2 #11005 #11099 #11212 #11258 @dependabot
  • chore(deps): bump github.com/onsi/gomega from 1.33.1 to 1.34.2 #11004 #11048 #11262 @dependabot
  • chore(deps): bump github.com/prometheus/client_golang from 1.19.1 to 1.20.4 #11119 #11215 #11352 #11522 @dependabot
  • chore(deps): bump github.com/prometheus/common from 0.54.0 to 0.60.0 #10702 #11260 #11313 #11356 #11681 @dependabot
  • chore(deps): bump github.com/sethvargo/go-retry from 0.2.4 to 0.3.0 #11046 @dependabot
  • chore(deps): bump github.com/slok/go-http-metrics from 0.11.0 to 0.13.0 #10037 #11354 @dependabot
  • chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.3.0 to 2.4.0 #11680 @dependabot
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.31.0 to 0.33.0 #10827 #11214 @dependabot
  • chore(deps): bump github.com/tonglil/opentelemetry-go-datadog-propagator from 0.1.2 to 0.1.3 #10699 @dependabot
  • chore(deps): bump github.com/vishvananda/netlink from 1.2.1-beta.2 to 1.3.0 #11213 @dependabot
  • chore(deps): bump go from 1.22.7 to 1.23.2 #11363 #11631 @michaelbeaumont,@slonka
  • chore(deps): bump golang.org/x/net from 0.26.0 to 0.30.0 #10826 #11096 #11355 #11683 @dependabot
  • chore(deps): bump golang.org/x/sys from 0.21.0 to 0.26.0 #10825 #11047 #11098 #11314 #11679 @dependabot
  • chore(deps): bump golang.org/x/text from 0.16.0 to 0.19.0 #11100 #11315 #11678 @dependabot
  • chore(deps): bump gonum.org/v1/gonum from 0.15.0 to 0.15.1 #11138 @dependabot
  • chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.67.0 #10758 #11521 @dependabot
  • chore(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 #11699 @dependabot
  • chore(deps): bump helm.sh/helm/v3 from 3.14.4 to 3.16.1 #10531 #10898 #11118 #11435 @dependabot
  • chore(deps): bump kumahq/ubuntu-netools from 8675216 to 4243009 #10704 @dependabot
  • chore(deps): bump postgres from 46aa2ee to 4ec37d2 #10755 #11008 #11101 #11136 #11351 #11600 @dependabot
  • chore(deps): bump sigs.k8s.io/controller-tools from 0.16.1 to 0.16.2 #11280 @dependabot
  • chore(deps): bump sigs.k8s.io/gateway-api from 1.1.0 to 1.2.0 #11676 @dependabot
  • chore(deps): bump the go-opentelemetry-io group across 1 directory with 9 updates #10767 @dependabot
  • chore(deps): bump the go-opentelemetry-io group with 9 updates #11211 #11433 @dependabot
  • chore(deps): bump the k8s-libs group across 1 directory with 10 updates #10759 @dependabot
  • chore(deps): bump the k8s-libs group with 5 updates #10937 @dependabot
  • chore(deps): bump the k8s-libs group with 6 updates #11432 @dependabot
  • chore(deps): bump the k8s-libs group with 8 updates #11137 @dependabot
  • chore(deps): bump ubuntu from jammy-20240530 to jammy-20240808 #11141 @dependabot
  • chore(deps): security update #11331 @kumahq
  • chore(deps): use latest kumahq/kuma-gui #10587 #10627 #10629 #10632 #10633 #10635 #10636 #10644 #10647 #10650 #10666 #10673 #10674 #10687 #10718 #10720 #10727 #10795 #10797 #10838 #10840 #10843 #10846 #10861 #10881 #10895 #10902 #10909 #10911 #10912 #10950 #10967 #10971 #10985 #10986 #11011 #11015 #11016 #11030 #11243 #11269 #11271 #11290 #11291 #11295 #11299 #11303 #11306 #11320 #11340 #11366 #11368 #11370 #11374 #11376 #11411 #11419 #11446 #11451 #11453 #11454 #11480 #11495 #11530 #11535 #11536 #11559 #11577 #11580 #11594 #11595 #11603 #11622 #11647 #11751 @kumahq
  • feat(GatewayAPI): support port in parentRef #10828 @michaelbeaumont
  • feat(HostnameGenerator): automatically create default generators #11017 @jakubdyszkiewicz
  • feat(Mesh*Route): require port with MeshMultiZoneService backends #11479 @michaelbeaumont
  • feat(Mesh*Service): add first hostname as kubectl column #11714 @michaelbeaumont
  • feat(MeshExternalService): added option to disable allow-all RBAC #11073 @lukidzi
  • feat(MeshMultiZoneService): add support to MeshCircuitBreaker, MeshAccessLog, MeshHealthCheck, MeshRetry #11322 @michaelbeaumont
  • feat(MeshMultiZoneService): support as target #11205 @michaelbeaumont
  • feat(MeshMultizoneService): support multizone deployments of mesh services. #10643 #10648 #10667 #10683 #10883 #10984 @jakubdyszkiewicz
  • feat(MeshService): add Mesh.MeshServices.Enabled to control behavior #11279 @michaelbeaumont
  • feat(MeshService): add event to the Service that an unsupported port is being ignored #11033 @michaelbeaumont
  • feat(MeshService): add grace period before deleting generated MeshServices on universal #11018 @michaelbeaumont
  • feat(MeshService): automatically add port name when generating #11210 @michaelbeaumont
  • feat(MeshService): create different clusters for real MeshServices #11251 @michaelbeaumont
  • feat(MeshService): disable available services on disabled vips #10612 @jakubdyszkiewicz
  • feat(MeshService): generate MeshService from Dataplanes on universal #10917 @michaelbeaumont
  • feat(MeshService): mitigate and handle resource conflicts #11385 @jakubdyszkiewicz
  • feat(MeshService): permissive mtls #10929 @jakubdyszkiewicz
  • feat(MeshService): proxies stats and state #10970 @jakubdyszkiewicz
  • feat(MeshTimeout): support MeshMultiZoneService #11206 @michaelbeaumont
  • feat(api-server): extend Inspect API with new ResourceRules #11040 @Automaat
  • feat(autoreachableservices): support kuma.io/service in mesh subset #11244 @jakubdyszkiewicz
  • feat(helm): add possibility to configure env vars with value form referenced field #10716 @Automaat
  • feat(insights): add resources to global insights #11216 @jakubdyszkiewicz
  • feat(insights): count new services as resources #11083 @jakubdyszkiewicz
  • feat(kds): remove kds v1 #10946 @Icarus9913
  • feat(kuma-cp): add backendRef indexes to rules #11175 @lobkovilya
  • feat(kuma-cp): add possibility to omit top level targetRef in policies #11321 @Automaat
  • feat(kuma-cp): add resource owner to resources in ResourceSet #11043 @Automaat
  • feat(kuma-cp): don’t trace intercp pings #10936 @michaelbeaumont
  • feat(kuma-cp): exit with 0 when kubernetes leader election is lost #11106 @michaelbeaumont
  • feat(kuma-cp): introduce ResourceRules #10886 @lobkovilya
  • feat(kuma-cp): make loggers naming from xds package consistent #10965 @Automaat
  • feat(kuma-cp): resolve labels for backendref #11360 @jakubdyszkiewicz
  • feat(kuma-cp): set kuma.io/env label #11053 @michaelbeaumont
  • feat(kuma-cp): set kuma.io/mesh label using ComputeLabels func #11104 @lobkovilya
  • feat(kuma-cp): set kuma.io/mesh on universal resource labels #11037 @michaelbeaumont
  • feat(kuma-cp): standarize cluster name for Mesh*Service #11398 @lukidzi
  • feat(kuma-cp): support producer policy flow #11308 @lobkovilya
  • feat(kuma-cp): use ResourceIdentifier in MeshContext structs #11203 @lobkovilya
  • feat(kuma-dp): respond probes of kuma-sidecar from kuma-dp process instead of Envoy #11107 @jijiechen
  • feat(kuma-dp): support TCP and gRPC probes for data planes running on Kubernetes #10624 @jijiechen
  • feat(kumactl): add no-dataplanes profile and skip secrets when exporting #10964 @lahabana
  • feat(kumactl): add server info when doing export #10914 @lahabana
  • feat(meshexternalservice): make egress optional on the mesh to pass the traffic of mesh external service through egress. #11445 @jakubdyszkiewicz
  • feat(meshexternalservice): remove MeshTrafficPermission support for MeshExternalService and allow traffic when using egress #11075 @lukidzi
  • feat(meshexternalservice): remove unix support #11350 @slonka
  • feat(meshexternalservice): route traffic through egress only #11080 @lukidzi
  • feat(meshexternalservice): support MeshExternalService in MeshGateway and MeshHTTPRoute #11383 @slonka
  • feat(meshexternalservice): use common protocol field #11378 @slonka
  • feat(meshloadbalancingstrategy): support for multizoneservice #11276 @jakubdyszkiewicz
  • feat(meshpassthrough): add support for delegated gateway #10675 @lukidzi
  • feat(meshtls): implement policy for granular mtls configuration #11229 #11233 #11254 #11437 #11447 #11468 #11469 @lukidzi,@slonka
  • feat(observability): default installation with exclusive mesh services #11452 @jakubdyszkiewicz
  • feat(policy): implicitly reference MeshService objects with kuma.io/service #11230 @michaelbeaumont
  • feat(policy): support targeting real MeshExternalService in MeshAccessLog, MeshCircuitBreaker, MeshHTTPRoute, MeshHealthCheck, MeshLoadBalancingStrategy, MeshRetry, MeshTCPRoute, MeshTimeout #11162 #11163 #11220 #11231 #11232 #11236 #11272 #11273 @lukidzi
  • feat(policy): support targeting real MeshService in MeshAccessLog, MeshCircuitBreaker, MeshHTTPRoute, MeshHealthCheck, MeshRetry, MeshTCPRoute, MeshTimeout #11060 #11063 #11068 #11070 #11154 #11161 #11222 @Automaat
  • feat(reachableservices): support defining reachable services for MeshService and MeshExternalService #10869 @lukidzi
  • feat(transparent-proxy): add comments to tproxy iptables rules #10809 #10811 @bartsmykla
  • feat(transparent-proxy): add iptables logging with new flag and annotation #10743 @bartsmykla
  • feat(transparent-proxy): add option to exclude inbound ip addresses from transparent proxy #10884 @bartsmykla
  • feat(transparent-proxy): add option to exclude ip addresses from outbound redirection #10867 @bartsmykla
  • feat(transparent-proxy): add option to uninstall transparent proxy #10890 @bartsmykla
  • feat(transparent-proxy): allow --kuma-dp-user to accept UIDs and deprecate --kuma-dp-uid flag #10920 @bartsmykla
  • feat(transparent-proxy): allow configure transparent proxy from config file #11089 #11403 @bartsmykla
  • feat(transparent-proxy): allow insert instead of append redirect rules #11267 @bartsmykla
  • feat(transparent-proxy): enforce root privileges for (un)install commands #11166 @bartsmykla
  • feat(transparent-proxy): handle option to drop invalid packets #10676 @bartsmykla
  • feat(transparent-proxy): improve the way identifying/locating iptables binaries #11207 #11277 @bartsmykla
  • feat(transparent-proxy): improve the way picking iptables executables/binaries #11165 #11302 @bartsmykla
  • feat(transparent-proxy): remove deprecated flags and annotations for outbound port exclusions for UIDs #10983 @bartsmykla
  • feat(transparent-proxy): remove deprecated redirect inbound port IPv6 #10906 @bartsmykla
  • fix(HostnameGenerator): fix issues syncing HostnameGenerator policies from global CP to zone CPs #11062 @jakubdyszkiewicz
  • fix(HostnameGenerator): selectors validation and matching #10688 @jakubdyszkiewicz
  • fix(HostnameGenerator): sort resources before generating hostnames #11010 @michaelbeaumont
  • fix(MeshAccessLog): strengthen validation for MeshAccessLog and MeshGateway #11560 @michaelbeaumont
  • fix(MeshGateway): apply policies to clusters from real backendRefs #11531 @michaelbeaumont
  • fix(MeshGateway): handle unresolved real backendRefs #11461 @michaelbeaumont
  • fix(MeshGateway): prevent duplicate virtual hosts #10866 @michaelbeaumont
  • fix(MeshLoadBalancingStrategy): apply to real resource targeted policies with MeshGateway #11582 @michaelbeaumont
  • fix(MeshLoadBalancingStrategy): only allow loadBalancer with MeshGateway and to.targetRef.kind: Mesh #11563 @michaelbeaumont
  • fix(MeshPassthrough): Route / as a prefix instead of the whole path #11204 @michaelbeaumont
  • fix(MeshService): add port name when converting from Service #10638 @michaelbeaumont
  • fix(MeshService): don’t duplicate headless service VIPs #10682 @michaelbeaumont
  • fix(MeshService): don’t exclude kuma.io/service if using reachableBackends #11301 @michaelbeaumont
  • fix(MeshService): don’t skip endpoints for headless #10684 @michaelbeaumont
  • fix(MeshService): don’t skip endpoints for headless with ZoneIngress #10735 @michaelbeaumont
  • fix(MeshService): don’t sync deletion grace period label #11064 @michaelbeaumont
  • fix(MeshService): limit display name to 63 characters #10719 @michaelbeaumont
  • fix(api): when resource has origin zone assume is local #11766 @lukidzi
  • fix(api-server): make clearer error messages for “method not allowed” errors on the global CP #11069 @michaelbeaumont
  • fix(autoreachableservices): do not filter out MeshMultiZoneService #11747 @lukidzi
  • fix(cni): set proper namespace for the taint controller #10651 @slonka
  • fix(cni): set proper namespace for the taint controller (backport of #10651) #10662 @kumahq
  • fix(e2e): loosen up assertion on traffic route test #11764 @Automaat
  • fix(egress): same external service tag in multiple meshes #11667 @jakubdyszkiewicz
  • fix(federation): export mesh secrets before Mesh objects #11497 @michaelbeaumont
  • fix(federation): set skipCreatingInitialPolicies on exported Meshes #11501 @michaelbeaumont
  • fix(injector): set allowPrivilegeEscalation: false on kuma-validation container #11178 @voidlily
  • fix(inspect-api): add missing resources to BaseMeshContext #11482 @lobkovilya
  • fix(inspect-api): added check if dpp is affected by zone policy #11425 @lukidzi
  • fix(inspect-api): amend openapi types for arbitrary objects #11515 @johncowen
  • fix(inspect-api): correct resource types in the inspect API to types of the policy, not the type of targetRef #11438 @lobkovilya
  • fix(inspect-api): don’t panic when outbound doesn’t have ‘kuma.io/service’ tag #11613 @lobkovilya
  • fix(inspect-api): don’t set ‘toRules’ when meshServices.mode: Exclusive #11623 @lobkovilya
  • fix(inspect-api): make conf an array of unknown structs in OpenAPI spec #11528 @johncowen
  • fix(k8s): always authenticate with latest service account token #11399 @michaelbeaumont
  • fix(k8s): avoid nil TargetRef pointer dereference (backport of #10746) #10763 @kumahq
  • fix(k8s): avoid nil TargetRef pointer dereference in pod controller #10746 @czeslavo
  • fix(k8s): check if labels has changed when reconciling #11758 @lukidzi
  • fix(k8s): reenable deep copies when interacting with k8s resources #10561 @michaelbeaumont
  • fix(kds): do not log an error when context cancelled #10923 @lukidzi
  • fix(kuma-cp): Global Inspect API returns incorrect list of affected gateways dataplanes #11790 @lobkovilya
  • fix(kuma-cp): add labels to dataplane object on universal #11449 @lukidzi
  • fix(kuma-cp): allow specifying namespace when targeting MeshExternalService in policies #11474 @Automaat
  • fix(kuma-cp): check if zone is online before forwarding request #10919 @lukidzi
  • fix(kuma-cp): consumer scoped policies should be applied only on dpps from the same namespace #11300 @Automaat
  • fix(kuma-cp): couldn’t use to[].targetRef: Mesh on non-federated zones #11428 @lobkovilya
  • fix(kuma-cp): deprecate use kuma.io/mesh annotation and use label instead #11690 @lukidzi
  • fix(kuma-cp): do not sync policies with empty topLevel targetRef to zones that does not support it #11457 @Automaat
  • fix(kuma-cp): don’t add namespace labels when resource was synced from universal zone #10913 #11020 @Automaat
  • fix(kuma-cp): don’t allow namespace-scoped policies with ‘to’ and ‘from’ arrays at the same time #11750 @lobkovilya
  • fix(kuma-cp): don’t override owner and creation time Create opts #11009 @michaelbeaumont
  • fix(kuma-cp): don’t wait before ticking the first time in watchdog #11105 @michaelbeaumont
  • fix(kuma-cp): fix conn closed error on transaction rollback #10665 @Automaat
  • fix(kuma-cp): handle cases when requested BackendRefIdentifier contains ports #11278 @lobkovilya
  • fix(kuma-cp): map port to section name for reachable backends #11736 @lukidzi
  • fix(kuma-cp): paginate Secrets correctly in universal #10954 @michaelbeaumont
  • fix(kuma-cp): panic when DPP uses outbounds with ‘backendRef.Labels’ and no meshservices were matched #11604 @lobkovilya
  • fix(kuma-cp): pass future meta to Validate when creating a resource #10927 @michaelbeaumont
  • fix(kuma-cp): properly match policies to gateway when calling _rules endpoint #11504 @Automaat
  • fix(kuma-cp): remove automatically created MeshServices when mode is switched to Disabled #11675 @lobkovilya
  • fix(kuma-cp): resources that were created on 2.7.x are missing namespace labels when synced on global #11794 @lobkovilya
  • fix(kuma-cp): use contexts instead of channels in watchdog #11110 @lahabana
  • fix(kuma-cp): validation for explicit DPP outbounds with BackendRef #11415 @lobkovilya
  • fix(kuma-dp): don’t fail if envoy version is not semver #11095 @lahabana
  • fix(kumactl): fix flag in information banner for kumactl generate tls-certificate #11318 @f100024
  • fix(kumactl): remove service in prometheus config #10969 @lahabana
  • fix(kumactl): support empty docs in in kumactl apply #10951 @lahabana
  • fix(mads): add mutex when checking if reconcile is needed and reconciling #11578 @lobkovilya
  • fix(meshexternalservice): allow defining only name or labels #11502 @lukidzi
  • fix(meshexternalservice): generate correct sni for sidecar and egress #11382 @lukidzi
  • fix(meshexternalservice): map from/to policy to resource rule for Egress #11384 @lukidzi
  • fix(meshgateway): do not override annotations from deployment #10698 @Automaat
  • fix(meshgatewayinstance): remove required since we generate serviceName #11151 @lukidzi
  • fix(meshhttproute): deref pointer to weight or use default 1 #11051 @lukidzi
  • fix(meshmetric): add missing timestamp in mapper #10966 @slonka
  • fix(meshmultizoneservice): order of matched mesh services #11475 @jakubdyszkiewicz
  • fix(meshpassthrough): do not require port #10941 @lukidzi
  • fix(meshpassthrough): don’t remove all filters chains #11540 @lukidzi
  • fix(meshservice): do not wipe out identities of synced service #10655 @jakubdyszkiewicz
  • fix(meshservice): permissive mTLS of synced services #11749 @jakubdyszkiewicz
  • fix(meshservice): use only labels to index services #11450 @jakubdyszkiewicz
  • fix(observability): use internal and external requests in outgoing status code panel #10974 @michaelbeaumont
  • fix(policy): don’t fail once cannot map MeshExternalService to tags rules #11155 @lukidzi
  • fix(policy): verify zone if dpp origin is zone and metadata exists #11462 @lukidzi
  • fix(resourcerules): add own mesh to the MeshContext, so it could be successfully resolved #11525 @lobkovilya
  • fix(transparent-proxy): avoid mounting xtables.lock for newer versions of legacy iptables #11113 @bartsmykla
  • fix(transparent-proxy): check DNS related CLI flags earlier #11402 @bartsmykla
  • fix(transparent-proxy): conntrack zone splitting in docker containers with custom network #11684 @bartsmykla
  • fix(transparent-proxy): enable kuma.io/transparent-proxying-ip-family-mode annotation per pod #10905 @bartsmykla
  • fix(transparent-proxy): fix IPv6 iptables rules when no IPv6 DNS servers #10800 @bartsmykla
  • fix(transparent-proxy): fix pod delay when CNI on GKE with OS Login #11050 @bartsmykla
  • fix(transparent-proxy): refactor and make validation to work on IPv6 #11395 @bartsmykla
  • fix(utils): enhance the logic to check if a channel is closed #10894 @sjmshsh
  • fix(xds): accelerate universal dp XDS generation #11180 @Icarus9913
  • fix(xds): explicitly set initial fetch timeout to zero to keep Envoy wait for xds resources #11024 @jijiechen
  • fix(xds): make sure ADS are ordered #11579 @jakubdyszkiewicz
  • fix(xds): resolve eds deadlock introduced by initial fetch timeout #11602 @jakubdyszkiewicz
  • perf(k8s): do not update resource on control-plane restart #11327 @lukidzi
  • perf(kuma-cp): faster service to dpp matching #10628 @jakubdyszkiewicz
  • revert(kuma-cp): do not use additional addresses #11601 @lukidzi

2.8.4

Released on 2024/10/07

  • chore(deps): bump coredns from v1.11.1 to v1.11.3 #11574 @kumahq
  • chore(deps): bump golang from 1.22.7 to 1.22.8 #11630 @Icarus9913
  • chore(deps): security update #11330 @kumahq
  • chore(deps): upgrade envoy to 1.30.6 #11487 @lukidzi
  • fix(MeshTrace): invalid sampling default values (backport of #11548) #11551 @kumahq
  • fix(egress): same external service tag in multiple meshes (backport of #11667) #11671 @kumahq
  • fix(meshgateway): do not override annotations from deployment (backport of #10698) #11616 @kumahq
  • fix(xds): eds deadlock on initial fetch timeout (backport of #11602) #11606 @kumahq
  • revert(kuma-cp): do not use additional addresses (backport of #11601) #11609 @kumahq

2.7.8

Released on 2024/10/07

  • chore(deps): bump coredns from v1.11.1 to v1.11.3 #11575 @kumahq
  • chore(deps): bump golang from 1.22.7 to 1.22.8 #11629 @Icarus9913
  • chore(deps): security update #11329 @kumahq
  • chore(deps): upgrade envoy to 1.29.9 #11486 @lukidzi
  • fix(MeshTrace): invalid sampling default values (backport of #11548) #11552 @kumahq
  • fix(egress): same external service tag in multiple meshes (backport of #11667) #11670 @kumahq
  • fix(meshgateway): do not override annotations from deployment (backport of #10698) #11618 @kumahq
  • fix(xds): eds deadlock on initial fetch timeout (backport of #11602) #11605 @kumahq
  • revert(kuma-cp): do not use additional addresses (backport of #11601) #11612 @kumahq

2.6.12

Released on 2024/10/06

  • chore(deps): bump coredns from v1.11.1 to v1.11.3 #11576 @kumahq
  • chore(deps): bump golang from 1.22.7 to 1.22.8 #11628 @Icarus9913
  • chore(deps): security update #11333 @kumahq
  • chore(deps): upgrade envoy to 1.28.7 #11485 @lukidzi
  • fix(MeshTrace): invalid sampling default values (backport of #11548) #11553 @kumahq
  • fix(egress): same external service tag in multiple meshes (backport of #11667) #11669 @kumahq
  • fix(meshgateway): do not override annotations from deployment (backport of #10698) #11619 @kumahq
  • fix(xds): eds deadlock on initial fetch timeout (backport of #11602) #11607 @kumahq
  • revert(kuma-cp): do not use additional addresses (backport of #11601) #11611 @kumahq

2.5.11

Released on 2024/10/06

  • chore(deps): bump coredns from v1.11.1 to v1.11.3 #11573 @kumahq
  • chore(deps): bump golang from 1.22.7 to 1.22.8 #11627 @Icarus9913
  • chore(deps): security update #11332 @kumahq
  • chore(deps): upgrade envoy to 1.28.7 #11484 @lukidzi
  • fix(egress): same external service tag in multiple meshes (backport of #11667) #11668 @kumahq
  • fix(meshgateway): do not override annotations from deployment (backport of #10698) #11617 @kumahq
  • fix(xds): eds deadlock on initial fetch timeout (backport of #11602) #11608 @kumahq

2.8.3

Released on 2024/08/30

  • chore(deps): bump Kong/public-shared-actions from 2.3.0 to 2.4.0 #11147 @kumahq
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.31.0 to 0.32.0 #11158 @kumahq
  • chore(deps): security update #11199 @kumahq
  • feat(kuma-dp): respond probes of kuma-sidecar from kuma-dp process instead of Envoy (backport of #11107) #11238 @kumahq
  • fix(kuma-cp): paginate Secrets correctly in universal (backport of #10954) #10959 @kumahq
  • fix(meshhttproute): deref pointer to weight or use default 1 (backport of #11051) #11130 @kumahq
  • fix(meshmetric): add missing timestamp in mapper (backport of #10966) #10980 @kumahq
  • fix(xds): explicitly set initial fetch timeout to zero to keep Envoy wait for xds resources (backport of #11024) #11025 @kumahq

2.7.7

Released on 2024/08/30

  • chore(deps): bump Kong/public-shared-actions from 2.3.0 to 2.4.0 #11150 @kumahq
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.31.0 to 0.32.0 #11156 @kumahq
  • chore(deps): security update #11198 @kumahq
  • feat(kuma-dp): respond probes of kuma-sidecar from kuma-dp process instead of Envoy (backport of #11107) #11242 @kumahq
  • fix(kuma-cp): paginate Secrets correctly in universal (backport of #10954) #10958 @kumahq
  • fix(meshhttproute): deref pointer to weight or use default 1 (backport of #11051) #11129 @kumahq
  • fix(meshmetric): add missing timestamp in mapper (backport of #10966) #10978 @kumahq
  • fix(xds): explicitly set initial fetch timeout to zero to keep Envoy wait for xds resources (backport of #11024) #11026 @kumahq

2.6.11

Released on 2024/08/30

  • chore(deps): security update #11200 @kumahq
  • feat(kuma-dp): respond probes of kuma-sidecar from kuma-dp process instead of Envoy #11241 @kumahq
  • fix(kuma-cp): paginate Secrets correctly in universal (backport of #10954) #10955 @kumahq
  • fix(meshhttproute): deref pointer to weight or use default 1 (backport of #11051) #11127 @kumahq
  • fix(meshmetric): add missing timestamp in mapper (backport of #10966) #10977 @kumahq
  • fix(xds): explicitly set initial fetch timeout to zero to keep Envoy wait for xds resources (backport of #11024) #11028 @kumahq

2.5.10

Released on 2024/08/30

  • chore(deps): security update #11196 @kumahq
  • feat(kuma-dp): respond probes of kuma-sidecar from kuma-dp process instead of Envoy #11239 @kumahq
  • fix(kuma-cp): paginate Secrets correctly in universal (backport of #10954) #10957 @kumahq
  • fix(xds): explicitly set initial fetch timeout to zero to keep Envoy wait for xds resources (backport of #11024) #11029 @kumahq

2.4.10

Released on 2024/07/23

  • chore(deps): update go to 1.22.5 (backport of #10096) #10855 @kumahq
  • chore(deps): upgrade envoy with DNS fix #10930 @michaelbeaumont

2.5.9

Released on 2024/07/22

  • chore(deps): update go to 1.22.5 and kube controller-tools to v0.14.0 (backport of #10096) #10854 @kumahq
  • chore(deps): upgrade envoy with DNS fix #10931 @michaelbeaumont
  • fix(transparent-proxy): allow iptables executable without mode #10794 @bartsmykla

2.8.2

Released on 2024/07/18

  • chore(deps): update go to 1.22.5 (backport of #10096) #10856 @kumahq
  • chore(deps): upgrade envoy with DNS fix #10934 @michaelbeaumont
  • fix(k8s): avoid nil TargetRef pointer dereference (backport of #10746) #10763 @kumahq

2.7.6

Released on 2024/07/18

  • chore(deps): update go to 1.22.5 (backport of #10096) #10857 @kumahq
  • chore(deps): upgrade envoy with DNS fix #10933 @michaelbeaumont
  • fix(transparent-proxy): allow iptables executables without mode #10792 @bartsmykla

2.6.10

Released on 2024/07/18

  • chore(deps): update go to 1.22.5 (backport of #10096) #10853 @kumahq
  • chore(deps): upgrade envoy with DNS fix #10932 @michaelbeaumont
  • fix(transparent-proxy): allow iptables executables without mode #10793 @bartsmykla

2.8.1

Released on 2024/07/03

  • chore(deps): upgrade envoy to 1.30.3 #10645 @lukidzi
  • chore(deps): upgrade envoy to 1.30.4 #10692 @lukidzi
  • chore(deps): use latest kumahq/kuma-gui #10647 @kumahq
  • fix(cni): set proper namespace for the taint controller (backport of #10651) #10662 @kumahq
  • fix(hostnamegenerator): selectors validation and matching #10688 @jakubdyszkiewicz
  • fix(meshservice): do not wipe out identities of synced service #10655 @jakubdyszkiewicz

2.7.5

Released on 2024/07/03

  • chore(deps): bump envoy from 1.29.5 to 1.29.7 #10641 #10691 @lukidzi
  • fix(cni): set proper namespace for the taint controller (backport of #10651) #10661 @kumahq

2.6.9

Released on 2024/07/02

  • chore(deps): upgrade envoy to 1.28.5 #10685 @lukidzi
  • fix(cni): set proper namespace for the taint controller (backport of #10651) #10659 @kumahq

2.5.8

Released on 2024/07/02

  • chore(deps): upgrade envoy to 1.28.5 #10686 @lukidzi
  • chore(deps): upgrade go to 1.21.11 (backport of #10401) #10406 @kumahq
  • chore(deps): use latest kumahq/kuma-gui #10066 #10090 @kumahq
  • fix(cni): set proper namespace for the taint controller (backport of #10651) #10663 @kumahq
  • fix(gatewayapi): validate presence of all required Gateway API resources (backport of #10079) #10080 @kumahq
  • fix(jobs): jobs termination after CP restart (backport of #10085) #10088 @kumahq
  • fix(kds): fix retry on NACK and add backoff (backport of #9736) #9858 @kumahq
  • fix(kds): fix the case when webhook/db reject resource (backport of #10315) #10352 @kumahq
  • fix(kuma-cp): consistently check for expiring ZoneIngress/ZoneEgress certs (backport of #10160, #10162, #10161) #10166 @kumahq
  • fix(transparent-proxy): stop logging all to stderr when installing tproxy (backport of #10045) #10050 @kumahq

2.4.9

Released on 2024/07/02

  • chore(deps): upgrade envoy to 1.27.7 #10690 @lukidzi
  • chore(deps): upgrade go from 1.21.10 to 1.21.11 (backport of #10401) #10407 @kumahq
  • fix(cni): set proper namespace for the taint controller (backport of #10651) #10660 @kumahq
  • fix(gatewayapi): validate presence of all required Gateway API resources (backport of #10079) #10081 @kumahq
  • fix(kuma-cp): consistently check for expiring ZoneIngress/ZoneEgress certs (backport of #10160, #10162, #10161) #10170 @kumahq
  • fix(jobs): jobs termination after CP restart (backport of https://github.com/kumahq/kuma/pull/10085) https://github.com/kumahq/kuma/pull/10087 @kumahq

2.8.0

Released on 2024/06/24

  • chore(build): add possibility to configure extra args for shellcheck #10331 @Automaat
  • chore(build): set envoy version conditionally #10538 @lukidzi
  • chore(deps): bump Kong/public-shared-actions from 2.2.0 to 2.2.3 #9995 #10126 #10197 @dependabot
  • chore(deps): bump actions/checkout from 4.1.2 to 4.1.7 #10036 #10123 #10195 #10263 #10521 @dependabot
  • chore(deps): bump actions/create-github-app-token from 1.9.3 to 1.10.1 #10175 #10372 @dependabot
  • chore(deps): bump actions/download-artifact from 4.1.4 to 4.1.7 #9993 #10122 @dependabot
  • chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 #10173 @dependabot
  • chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.3 #9994 #10035 #10127 @dependabot
  • chore(deps): bump cloudsmith-io/action from 0.6.6 to 0.6.9 #10324 #10427 #10523 @dependabot
  • chore(deps): bump debian from b37bc25 to a92ed51 #10120 #10264 #10520 @dependabot
  • chore(deps): bump distroless/base-nossl-debian11 from 4cba3ac to 1dcd82e #10183 @dependabot
  • chore(deps): bump envoy version from 1.29.3 to 1.30.2 #10453 @lukidzi
  • chore(deps): bump github.com/cilium/ebpf from 0.14.0 to 0.15.0 #10039 @dependabot
  • chore(deps): bump github.com/containernetworking/cni from 1.2.0 to 1.2.1 #10526 @dependabot
  • chore(deps): bump github.com/containernetworking/plugins from 1.4.1 to 1.5.0 #10282 @dependabot
  • chore(deps): bump github.com/emicklei/go-restful/v3 from 3.12.0 to 3.12.1 #10375 @dependabot
  • chore(deps): bump github.com/exaring/otelpgx from 0.5.4 to 0.6.1 #10528 @dependabot
  • chore(deps): bump github.com/go-logr/logr from 1.4.1 to 1.4.2 #10295 @dependabot
  • chore(deps): bump github.com/golang-migrate/migrate/v4 from 4.17.0 to 4.17.1 #10038 @dependabot
  • chore(deps): bump github.com/gruntwork-io/terratest from 0.46.13 to 0.46.15 #10118 #10297 @dependabot
  • chore(deps): bump github.com/jackc/pgx/v5 from 5.5.5 to 5.6.0 #10325 @dependabot
  • chore(deps): bump github.com/miekg/dns from 1.1.58 to 1.1.61 #9990 #10527 @dependabot
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.19.0 #10119 #10223 #10296 #10326 @dependabot
  • chore(deps): bump github.com/onsi/gomega from 1.32.0 to 1.33.1 #9991 #10180 @dependabot
  • chore(deps): bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 #10226 @dependabot
  • chore(deps): bump github.com/prometheus/common from 0.52.3 to 0.54.0 #9989 #10374 @dependabot
  • chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 #10530 @dependabot
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.30.0 to 0.31.0 #10222 @dependabot
  • chore(deps): bump github/codeql-action from 3.25.0 to 3.25.10 #9996 #10128 #10227 #10286 #10373 #10396 #10522 @dependabot
  • chore(deps): bump go.opentelemetry.io/proto/otlp from 1.2.0 to 1.3.1 #10524 @dependabot
  • chore(deps): bump golang.org/x/net from 0.24.0 to 0.26.0 #10225 #10398 @dependabot
  • chore(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 #10181 @dependabot
  • chore(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 #10176 @dependabot
  • chore(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1 #10129 #10174 #10196 @dependabot
  • chore(deps): bump google.golang.org/grpc from 1.63.2 to 1.64.0 #10266 @dependabot
  • chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.2 #10177 #10525 @dependabot
  • chore(deps): bump kumahq/ubuntu-netools from 9eba4ba to 8675216 #10131 #10182 #10285 @dependabot
  • chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 #10228 @dependabot
  • chore(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.5 #9997 #10125 @dependabot
  • chore(deps): bump postgres from 5c58707 to 46aa2ee #10041 #10132 #10221 #10284 #10514 @dependabot
  • chore(deps): bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 #10124 @dependabot
  • chore(deps): bump the go-opentelemetry-io group with 9 updates #10115 #10294 @dependabot
  • chore(deps): bump ubuntu from jammy-20240227 to jammy-20240530 #9987 #10121 #10184 #10413 @dependabot
  • chore(deps): ignore go-control-plane updates by dependabot #10412 @bartsmykla
  • chore(deps): update CNI to v1.2.0 #10101 @Icarus9913
  • chore(deps): upgrade go to 1.21.11 #10401 @lukidzi
  • chore(deps): use latest kumahq/kuma-gui #9978 #9980 #9985 #9998 #10001 #10009 #10010 #10043 #10044 #10052 #10053 #10060 #10061 #10062 #10064 #10092 #10093 #10105 #10108 #10111 #10112 #10135 #10136 #10143 #10187 #10188 #10190 #10198 #10199 #10201 #10210 #10213 #10231 #10232 #10240 #10242 #10249 #10262 #10269 #10281 #10283 #10289 #10292 #10302 #10305 #10307 #10310 #10311 #10423 #10424 #10425 #10429 #10431 #10432 #10450 #10456 #10465 #10473 #10479 #10493 #10505 #10536 #10556 #10596 #10603 @kumahq
  • feat(Mesh*Service): validate name length #10544 @michaelbeaumont
  • feat(MeshExternalService): implement a new resource #10239 #10293 #10306 #10336 #10444 #10445 #10568 #10570 #10578 #10594 @lukidzi,@slonka
  • feat(MeshRetry): allow setting numRetries to 0 to disable retries #10250 @lahabana
  • feat(MeshService): add events when generating from Kubernetes Service #10290 @michaelbeaumont
  • feat(MeshService): add port names #10287 @michaelbeaumont
  • feat(MeshService): handle headless Services #10308 @michaelbeaumont
  • feat(MeshService): set kuma.io/managed-by for converted MeshServices #10481 @michaelbeaumont
  • feat(MeshService): support mTLS #10403 @michaelbeaumont
  • feat(MeshService): tag with headlessness, add pod-name/pod-index labels #10472 @michaelbeaumont
  • feat(MeshService): use hostnames for DNS #10387 @michaelbeaumont
  • feat(api-server): update policies api response structure #10428 @Icarus9913
  • feat(hostnamegenerator): add display name to HostnameGenerator #10476 @slonka
  • feat(hostnamegenerator): add zone and namespace variables #10533 @jakubdyszkiewicz
  • feat(hostnamegenerator): apply templates to MeshServices #10362 @michaelbeaumont
  • feat(hostnamegenerator): implement MeshExternalService support #10379 @lukidzi
  • feat(hostnamegenerator): prevent template being empty #10548 @slonka
  • feat(k8s): add kubernetes.io/hostname to default node labels to copy #10243 @slonka
  • feat(k8s): opt-in to support tls for GAPI in all namespaces #10015 @jakubdyszkiewicz
  • feat(kds): add a flag to avoid creating a zone on connection on kds #10298 @lahabana
  • feat(kds): create first, then remove synced resources #10562 @Automaat
  • feat(kds): sync mesh service status #10337 @jakubdyszkiewicz
  • feat(kuma-cni): add readOnlyRootFilesystem into securityContext of the container kuma-validation #10394 @jijiechen
  • feat(kuma-cp): add error type to nack metric #10013 @slonka
  • feat(kuma-cp): add policy matching api for meshservice #10378 @Automaat
  • feat(kuma-cp): always add kuma.io/zone label to resource #10457 @Automaat
  • feat(kuma-cp): consumer policies on app’s namespace #10361 @lobkovilya
  • feat(kuma-dp): add function to find default CA #10367 @lukidzi
  • feat(meshexternalservice): add IP allocator for meshexternalservice #10376 @lukidzi
  • feat(meshpassthrough): create API and validators #10314 @lukidzi
  • feat(meshpassthrough): implement new policy #10363 #10458 #10466 #10532 #10576 #10595 @lukidzi
  • feat(meshservice): cross-zone connectivity #10411 @jakubdyszkiewicz
  • feat(meshservice): ipam #10320 @jakubdyszkiewicz
  • feat(meshservice): prefer MeshService over kuma.io/service routing #10564 @jakubdyszkiewicz
  • feat(meshservice): rename protocol to appprotocol #10539 @jakubdyszkiewicz
  • feat(meshservice): sync identity cross zones #10451 @jakubdyszkiewicz
  • feat(meshservice): sync mesh service to other zones #10380 @jakubdyszkiewicz
  • feat(report): add more info in the report #10270 @lahabana
  • feat(store): update does not wipe out labels #10335 @jakubdyszkiewicz
  • fix(GatewayAPI): only enqueue Gateway reconciliations from routes if parent is a Gateway #10316 @spacewander
  • fix(HostnameGenerator): don’t exit component on error #10392 @michaelbeaumont
  • fix(Mesh*Service): rename HostnameGenerator ref name to coreName #10597 @michaelbeaumont
  • fix(MeshHttpRoute): don’t split header value prematurely #10191 @spacewander
  • fix(MeshRoute): properly map listener TLS certs to DownstreamTlsContext #10272 @michaelbeaumont
  • fix(ZoneIngress): fix no pointer panic for advertised address resolving #10475 @Icarus9913
  • fix(api-server): check for tenant just before logging #10377 @michaelbeaumont
  • fix(api-server): fix trace/span ID processing in logs #10100 @bartsmykla
  • fix(gateway): handle implicit kuma.io/service in pod annotation #10076 @jakubdyszkiewicz
  • fix(gateway): run validating webhook on MeshGatewayInstance #10330 @Icarus9913
  • fix(gateway): support inlineString in TLS certificates #10159 @michaelbeaumont
  • fix(gatewayapi): reconcile HTTPRoutes when relevant Services change #10192 @michaelbeaumont
  • fix(gatewayapi): validate presence of all required Gateway API resources #10079 @bartsmykla
  • fix(helm): don’t fail when webhook doesn’t exist #10098 @lahabana
  • fix(helm): include GatewayClass only if installing a zone CP in Kubernetes mode #10012 @michaelbeaumont
  • fix(jobs): jobs termination after CP restart #10085 @jakubdyszkiewicz
  • fix(k8s): don’t error if a service doesn’t expose any ports we can handle #9982 @michaelbeaumont
  • fix(k8s): take mesh from label of the namespace #10580 @jakubdyszkiewicz
  • fix(k8s): use EndpointSlices to determine identity for Service without selectors #10134 @michaelbeaumont
  • fix(k8s): virtual probes for sidecar initContainer ports also exposed by a Service #9971 @michaelbeaumont
  • fix(kds): change version label for kds_clint_versions metric #10323 @Automaat
  • fix(kds): clone resource on update meta #10460 @jakubdyszkiewicz
  • fix(kds): fix resource name hashing on global #10452 @Automaat
  • fix(kds): fix the case when webhook/db reject resource #10315 @lukidzi
  • fix(kds): fix updating metric of kds client version #10312 @Automaat
  • fix(kds): make error handling similar between GlobalToZoneSync and ZoneToGlobalSync #10056 @michaelbeaumont
  • fix(kds): send NACK only when resource is invalid and do not retry #10480 @lukidzi
  • fix(kuma-cp): allow MES / HG to only be created in SystemNamespace #10577 @lobkovilya
  • fix(kuma-cp): cleanup generated egress certs #10162 @michaelbeaumont
  • fix(kuma-cp): consistently check for expiring ZoneIngress/ZoneEgress certs #10160 @michaelbeaumont
  • fix(kuma-cp): consistently update ZoneIngress available services #10426 @michaelbeaumont
  • fix(kuma-cp): filter out old dangling zone resources in global (backport of #10245) #10268 @michaelbeaumont
  • fix(kuma-cp): index generated certs by proxy type #10161 @michaelbeaumont
  • fix(kuma-cp): mistakenly setting ‘kuma.io/display-name’ as label #10430 @lobkovilya
  • fix(kuma-cp): panic on mesh delete #10604 @jakubdyszkiewicz
  • fix(kuma-cp): validate the bandwidth strictly #10371 @spacewander
  • fix(kuma-dp): set systemCaPath when requesting config from kuma-cp #10443 @lukidzi
  • fix(kumactl): fix bad escape on regex #10420 @lahabana
  • fix(meshservice): tags and selector #10535 @jakubdyszkiewicz
  • fix(transparent-proxy): stop logging all to stderr when installing tproxy #10045 @bartsmykla
  • fix(validation): don’t prefix validation errors with spec. for core plugin resources #10543 @michaelbeaumont

2.7.4

Released on 2024/06/19

  • chore(deps): bump envoy version from 1.29.4 to 1.29.5 #10390 @lukidzi
  • chore(deps): ignore go-control-plane updates by dependabot (backport of #10412) #10416 @kumahq
  • chore(deps): upgrade go from 1.21.10 to 1.21.11 (backport of #10401) #10405 @kumahq
  • fix(MeshRoute): properly map listener TLS certs to DownstreamTlsContext (backport of #10272) #10340 @kumahq
  • fix(ZoneIngress): fix no pointer panic for advertised address resolving (backport of #10475) #10495 @kumahq
  • fix(kds): fix the case when webhook/db reject resource (backport of #10315) #10353 @kumahq
  • fix(kds): send NACK only when resource is invalid and do not retry (backport of #10480) #10516 @kumahq
  • fix(kuma-cp): consistently update ZoneIngress available services (backport of #10426) #10483 @kumahq

2.6.8

Released on 2024/06/19

  • chore(deps): bump envoy version from 1.28.3 to 1.28.4 #10386 @lukidzi
  • chore(deps): ignore go-control-plane updates by dependabot (backport of #10412) #10418 @kumahq
  • chore(deps): upgrade go from 1.21.10 to 1.21.11 (backport of #10401) #10408 @kumahq
  • feat(k8s): do not set mesh owner reference on synced resources (backport of #9882) #10504 @kumahq
  • fix(ZoneIngress): fix no pointer panic for advertised address resolving (backport of #10475) #10498 @kumahq
  • fix(kds): send NACK only when resource is invalid and do not retry (backport of #10480) #10517 @kumahq
  • fix(kuma-cp): consistently update ZoneIngress available services (backport of #10426) #10486 @kumahq

2.6.7

Released on 2024/05/29

  • fix(MeshRoute): properly map listener TLS certs to DownstreamTlsContext (backport of #10272) #10344 @kumahq
  • fix(kds): fix the case when webhook/db reject resource (backport of #10315) #10351 @kumahq

2.7.3

Released on 2024/05/17

  • chore(deps): bump go to 1.21.10 (backport of #10209) #10258 @kumahq
  • chore(deps): use latest kumahq/kuma-gui #10092 #10199 @kumahq
  • fix(kuma-cp): consistently check for expiring ZoneIngress/ZoneEgress certs (backport of #10160, #10162, #10161) #10168 @kumahq
  • fix(kuma-cp): filter out old dangling zone resources in global (backport of #10245) #10268 @michaelbeaumont

2.6.6

Released on 2024/05/17

  • chore(deps): manually bump go to 1.21.10 (backport of #10209) #10255 @kumahq
  • chore(deps): upgrade Envoy to version 1.28.3 #10019 @lukidzi
  • chore(deps): use latest kumahq/kuma-gui #10065 #10091 @kumahq
  • fix(gatewayapi): validate presence of all required Gateway API resources (backport of #10079) #10084 @kumahq
  • fix(jobs): jobs termination after CP restart (backport of #10085) #10089 @kumahq
  • fix(kds): fix retry on NACK and add backoff (backport of #9736) #9861 @kumahq
  • fix(kuma-cp): consistently check for expiring ZoneIngress/ZoneEgress certs (backport of #10160, #10162, #10161) #10169 @kumahq
  • fix(kuma-cp): filter out old dangling zone resources in global #10245 @michaelbeaumont
  • fix(transparent-proxy): stop logging all to stderr when installing tproxy (backport of #10045) #10048 @kumahq

2.7.2

Released on 2024/04/25

  • fix(jobs): jobs termination after CP restart (#10085)
  • fix(gatewayapi): validate presence of all required Gateway API resources (backport of #10079) (#10082)
  • fix(gateway): handle implicit kuma.io/service in pod annotation (#10076)
  • fix(transparent-proxy): stop logging all to stderr when installing tproxy (backport of #10045) (#10047)

2.7.1

Released on 2024/04/23

  • chore(deps): upgrade Envoy to version 1.29.4 #10033 @lukidzi
  • feat(k8s): opt-in to support tls for GAPI in all namespaces #10015 @jakubdyszkiewicz
  • fix(helm): include GatewayClass only if installing a zone CP in Kubernetes mode #10012 @michaelbeaumont

2.7.0

Released on 2024/04/17

  • chore(deps): bump Envoy from 1.28.0 to 1.29.3 #9134 #9222 #9600 #9853 @lukidzi
  • chore(deps): bump Kong/public-shared-actions from 2.0.2 to 2.1.0 #9556 #9711 @dependabot
  • chore(deps): bump actions/cache from 3 to 4.0.2 #9205 #9491 #9712 @dependabot
  • chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 #9639 @dependabot
  • chore(deps): bump actions/create-github-app-token from 1.8.0 to 1.9.3 #9416 #9490 #9772 #9873 @dependabot
  • chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 #9306 @dependabot
  • chore(deps): bump cirello.io/pglock from 1.14.1 to 1.14.2 #9562 @dependabot
  • chore(deps): bump debian from b16cef8 to b37bc25 #9139 #9304 #9642 #9900 @dependabot
  • chore(deps): bump distroless/base-nossl-debian11 from 61c9d7a to 4cba3ac #9202 #9302 #9413 #9567 #9643 #9875 @dependabot
  • chore(deps): bump distroless/static-debian11 from 1e5b9bb to 459f8ab #9203 #9303 #9414 #9566 #9644 #9874 @dependabot
  • chore(deps): bump github.com/cilium/ebpf from 0.12.3 to 0.14.0 #9313 #9401 #9771 @dependabot
  • chore(deps): bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 #9649 @dependabot
  • chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible #9678 @dependabot
  • chore(deps): bump github.com/emicklei/go-restful/v3 from 3.11.2 to 3.12.0 #9400 #9650 @dependabot
  • chore(deps): bump github.com/exaring/otelpgx from 0.5.3 to 0.5.4 #9312 @dependabot
  • chore(deps): bump github.com/golang/protobuf from 1.5.3 to 1.5.4 #9561 @dependabot
  • chore(deps): bump github.com/gruntwork-io/terratest from 0.46.11 to 0.46.13 #9716 @dependabot
  • chore(deps): bump github.com/jackc/pgx/v5 from 5.5.2 to 5.5.5 #9143 #9493 #9560 @dependabot
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 #9564 #9646 #9715 @dependabot
  • chore(deps): bump github.com/onsi/gomega from 1.31.1 to 1.32.0 #9651 @dependabot
  • chore(deps): bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 #9467 @dependabot
  • chore(deps): bump github.com/prometheus/client_model from 0.5.0 to 0.6.1 #9314 #9871 @dependabot
  • chore(deps): bump github.com/prometheus/common from 0.46.0 to 0.52.2 #9309 #9465 #9563 #9714 #9870 @dependabot
  • chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.7 to 2.2.0 #9868 @dependabot
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.27.0 to 0.30.0 #9310 #9558 #9867 @dependabot
  • chore(deps): bump github.com/tonglil/opentelemetry-go-datadog-propagator from 0.1.1 to 0.1.2 #9466 @dependabot
  • chore(deps): bump github/codeql-action from 3.23.2 to 3.24.10 #9142 #9307 #9415 #9489 #9641 #9710 #9872 @dependabot
  • chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 #9399 @dependabot
  • chore(deps): bump golang.org/x/net from 0.20.0 to 0.24.0 #9210 #9869 @dependabot
  • chore(deps): bump golang.org/x/sys from 0.17.0 to 0.19.0 #9492 #9865 @dependabot
  • chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 #9204 @dependabot
  • chore(deps): bump gonum.org/v1/gonum from 0.14.0 to 0.15.0 #9648 @dependabot
  • chore(deps): bump google.golang.org/grpc from 1.61.0 to 1.63.2 #9315 #9402 #9559 #9866 #9902 @dependabot
  • chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.3 #9277 #9647 @dependabot
  • chore(deps): bump iptables version #9200 @slonka
  • chore(deps): bump kumahq/ubuntu-netools from 3f0fefb to 9eba4ba #9898 @dependabot
  • chore(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.2 #9141 #9488 #9640 @dependabot
  • chore(deps): bump postgres from 49c276f to 5b06192 #9116 #9130 #9162 #9241 #9256 #9278 #9292 #9358 #9390 #9444 #9577 #9601 #9614 #9899 @dependabot
  • chore(deps): bump prometheus/common to v0.48.0 #9462 @slonka
  • chore(deps): bump sigs.k8s.io/controller-runtime from 0.17.0 to 0.17.3 #9207 #9311 #9901 @dependabot
  • chore(deps): bump sigs.k8s.io/gateway-api #9454 @michaelbeaumont
  • chore(deps): bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 #9713 @dependabot
  • chore(deps): bump the go-opentelemetry-io group with 1 update #9464 @dependabot
  • chore(deps): bump the go-opentelemetry-io group with 10 updates #9864 @dependabot
  • chore(deps): bump the go-opentelemetry-io group with 8 updates #9206 #9398 @dependabot
  • chore(deps): bump the k8s-libs group with 5 updates #9308 #9645 @dependabot
  • chore(deps): bump ubuntu from jammy-20240111 to jammy-20240227 #9140 #9305 #9565 @dependabot
  • chore(deps): downgrade go-control-plane to v0.11.2-0.20231010133108-1dfbe83bcebc #9163 @lobkovilya
  • chore(deps): downgrade to golang v1.21.7 #9443 @michaelbeaumont
  • chore(deps): security update #9102 #9369 #9516 #9819 @kumahq
  • chore(deps): update golang to v1.22, golangci-lint to v1.56.1 #9316 @michaelbeaumont
  • chore(deps): upload sbom to gh release/tag assets #9966 @Automaat
  • chore(deps): use latest kumahq/kuma-gui #9071 #9135 #9156 #9159 #9181 #9183 #9187 #9223 #9224 #9227 #9244 #9247 #9253 #9266 #9267 #9275 #9279 #9290 #9297 #9299 #9318 #9319 #9320 #9337 #9344 #9347 #9355 #9377 #9407 #9408 #9410 #9418 #9420 #9422 #9425 #9426 #9439 #9442 #9451 #9460 #9471 #9486 #9499 #9549 #9572 #9584 #9590 #9605 #9609 #9611 #9613 #9615 #9622 #9625 #9627 #9638 #9654 #9668 #9691 #9700 #9703 #9717 #9719 #9723 #9733 #9735 #9740 #9744 #9751 #9773 #9775 #9777 #9778 #9781 #9783 #9822 #9823 #9824 #9827 #9836 #9837 #9838 #9839 #9852 #9854 #9855 #9878 #9880 #9883 #9906 #9921 @kumahq
  • feat(GatewayAPI): promote our Gateway API implementation to GA #9939 @bartsmykla
  • feat(GatewayAPI): use MeshHTTPRoutes instead of MeshGatewayRoutes internally #9732 @bartsmykla
  • feat(MeshGatewayInstance): deprecate kuma.io/service and generate serviceName #9504 @lukidzi
  • feat(MeshHTTPRoute): set name of route action equal to hash of matches #9391 @lukidzi
  • feat(MeshMetric) profiles #9579 #9624 @slonka
  • feat(MeshMetric): add possibility to configure multiple opentelemetry backends #9445 @Automaat
  • feat(MeshMetric): add possibility to configure refresh interval for open telemetry backend in meshmetric #9452 @Automaat
  • feat(MeshMetric): disable rollup of clusters #9768 @slonka
  • feat(MeshMetric): filter out internal clusters #9754 @slonka
  • feat(MeshMetric): manually remove regex #9793 @slonka
  • feat(MeshMetric): properly handle appendProfiles #9915 @slonka
  • feat(MeshMetric): usedonly filters #9406 @slonka
  • feat(MeshRateLimit): support targetRef: MeshHTTPRoute for Gateway #9396 @lukidzi
  • feat(MeshRetry): allow configuration for MeshHTTPRoute #9365 @lukidzi
  • feat(MeshService): add first iteration of resource #9510 @michaelbeaumont
  • feat(MeshService): backend ref outbound to mesh service on Dataplane #9653 @jakubdyszkiewicz
  • feat(MeshService): k8s controller to convert service #9702 @jakubdyszkiewicz
  • feat(MeshService): xds generation #9583 @michaelbeaumont
  • feat(MeshTimeout): added possibility to target MeshHTTPRoute for MeshGateway #9446 @lukidzi
  • feat(MeshTrafficPermission): apply default deny #9110 @jakubdyszkiewicz
  • feat(ServiceInsight): add zones to service insights #9677 @jakubdyszkiewicz
  • feat(ZoneIngress): generate an empty direct response listener for empty zone ingress gateway #9745 @jijiechen
  • feat(api-server): add format and include_eds to admin api #9814 @lahabana
  • feat(api-server): add type filter to service-insights #9212 @lahabana
  • feat(api-server): return config_dump response in the same format as envoy admin #9519 @lukidzi
  • feat(auth): add possibility to restrict /config access #9826 @lahabana
  • feat(components): exponential backoff for resilient components #9767 @jakubdyszkiewicz
  • feat(k8s): add experimental.sidecarContainers to Helm chart #9626 @michaelbeaumont
  • feat(k8s): add drain when using native sidecars #9904 @michaelbeaumont
  • feat(k8s): add possibility to not add owner reference #9794 @lahabana
  • feat(k8s): add sidecar startup probe with sidecar feature #9494 @michaelbeaumont
  • feat(k8s): copy node topology labels #9690 @lukidzi
  • feat(k8s): do not set mesh owner reference on synced resources #9882 @jakubdyszkiewicz
  • feat(k8s): enable init container mesh access by default when using native sidecars #9746 @michaelbeaumont
  • feat(k8s): sidecar containers #9321 @michaelbeaumont
  • feat(kds): add kds client version to outgoing context #9501 @slonka
  • feat(kds): add span for admin requests to zone CPs #9411 @michaelbeaumont
  • feat(kds): stats of kds client versions #9749 @jakubdyszkiewicz
  • feat(kuma-cni): add a init container to validate that iptables rules are applied #9699 @jijiechen
  • feat(kuma-cp): add a helper function to get all kuma targetRef kinds to be used in child repos #9687 @jijiechen
  • feat(kuma-cp): add ability to selectively enable core resources #9555 @michaelbeaumont
  • feat(kuma-cp): add plugin policy toggles #8828 @slonka
  • feat(kuma-cp): remove grpc support from mads #9527 @Automaat
  • feat(kuma-cp): resilient component backoff config #9892 @Automaat
  • feat(kuma-dp): migrate to prometheus otel sdk when using meshmetric #9424 @Automaat
  • feat(kuma-dp): use Envoy --drain-strategy immediate #9741 @michaelbeaumont
  • feat(kumactl): support for new Inspect API endpoint _config #9887 @lobkovilya
  • feat(pgx): configure idle timeout #9675 @lukidzi
  • feat(policies): deprecated from[].targetRef.kind: MeshService #9881 @lobkovilya
  • feat(policies): shadow mode for policies #9850 @lobkovilya
  • feat(resources): add status #9676 @jakubdyszkiewicz
  • feat(resources): generate core resource #9405 @jakubdyszkiewicz
  • feat(tracing): add tracing to intercp gRPC server and client #9383 @michaelbeaumont
  • feat(transparent-proxy): add automatic iptables type detection #9750 @bartsmykla
  • feat(transparent-proxy): deprecate argument ‘redirect-inbound-port-v6’ and introduce ‘ip-family-mode’ #8939 @jijiechen
  • feat(transparent-proxy): drop all capabilities for sidecar containers #9656 @jijiechen
  • feat(transparent-proxy): init container scc hardening #9688 @jijiechen
  • fix(GatewayAPI): add missing Name param to query params matcher on MeshHTTPRoute #9662 @bartsmykla
  • fix(GatewayAPI): don’t add HTTPRoute status if Kuma isn’t the controller #9228 @michaelbeaumont
  • fix(GatewayAPI): make MeshHTTPRoute conversion port redirect gapi conformant #9669 @bartsmykla
  • fix(GatewayAPI): set mesh properly during owned object reconciliation #9664 @bartsmykla
  • fix(MeshGateway): don’t rewrite / with trailing slash #9243 @michaelbeaumont
  • fix(MeshGateway): fix MeshTCPRoute on MeshGateway #9167 @lahabana
  • fix(MeshHTTPRoute): allow “kuma.io/unresolved-backend” service name for GAMMA compliance #9670 @bartsmykla
  • fix(MeshHTTPRoute): allow no backendRefs when RequestRedirect filter present #9671 @bartsmykla
  • fix(MeshHTTPRoute): fix response headers filter in gateway route generation #9652 @bartsmykla
  • fix(MeshHTTPRoute): order rules by match priority #9472 @michaelbeaumont
  • fix(MeshHTTPRoute): trim “/” path match suffix when converting HTTPRoute #9686 @bartsmykla
  • fix(MeshHealthCheck): isolate MeshGateway config based on hostname #9612 @michaelbeaumont
  • fix(MeshLoadBalancingStrategy): configure builtin gateway #9877 @lukidzi
  • fix(MeshMetric): otel endpoint validation #9634 @Automaat
  • fix(MeshTCPRoute): allow MeshGateway listener tags #9240 @michaelbeaumont
  • fix(api-server): return 404 when a mesh doesn’t exist #9175 @lahabana
  • fix(defaults): change meshsubset to mesh for gateway’s meshtimeout #9192 @lukidzi
  • fix(helm): missing postgres tls mode when it is set to verifyNone #9665 @AyushSenapati
  • fix(helm): use kuma name in ingress and egress pdb selectors #9211 @slavogiez
  • fix(k8s): create builtin CA once #9124 @jakubdyszkiewicz
  • fix(kds): fix memory leak on kds error #9742 @Automaat
  • fix(kds): fix retry on NACK and add backoff #9736 @slonka
  • fix(kds): run filters before ZoneWatcher #9119 @lukidzi
  • fix(kuma-cni): fix the subject namespace reference in Helm Chart #9933 @jijiechen
  • fix(kuma-cp): change the “direction” of the diff in inspect shadow responses #9914 @lobkovilya
  • fix(kuma-cp): clone outbound tags #9592 @lukidzi
  • fix(kuma-cp): copy annotations when adding/update k8s object #9254 @lukidzi
  • fix(kuma-cp): fix long polling issues in mads #9586 @Automaat
  • fix(kuma-cp): ignore shadow policies on ZoneEgress #9930 @lobkovilya
  • fix(kuma-cp): kds sync on upgrade doubles the number of policies #9259 @lobkovilya
  • fix(kuma-cp): prevent violating kubernetes label limit #9191 @jakubdyszkiewicz
  • fix(kuma-cp): return wrapped forward KDS client errors #9160 @lukidzi
  • fix(kuma-cp): use display-name label to check if resource is referenced #9962 @lobkovilya
  • fix(kumactl): correctly print new style resources #9779 @lahabana
  • fix(kumactl): npe when creating new core resources #9593 @michaelbeaumont
  • fix(pgx): use default MaxConnLifetimeJitter value for jitter #9674 @lukidzi
  • fix(policies): don’t set empty kuma.io service when using MeshHTTPRoute #9394 @lukidzi
  • fix(policies): fix metrics labels #9913 @Automaat
  • fix(transparent-proxy): make iptables mode detection more defensive #9776 @bartsmykla
  • fix(xds): duplicated listeners #9542 @jakubdyszkiewicz
  • perf(k8s): ignore serviceless pods from vips list #9907 @jakubdyszkiewicz
  • perf(vips): group DB calls for CreateOrUpdateVIPConfigs #9062 @nicoche

2.6.5

Released on 2024/04/07

  • chore(deps): security update #9820 @kumahq
  • chore(deps): update Envoy to v1.28.2 #9843 #9848 @michaelbeaumont

2.5.7

Released on 2024/04/07

  • chore(deps): security update #9818 @kumahq
  • chore(deps): update Envoy to v1.28.2 #9845 #9847 @michaelbeaumont

2.4.8

Released on 2024/04/05

  • Revert “feat(images/kuma-init): use iptables-wrapper to use correct iptables version (backport of #9701) (#9726)” #9757 @bartsmykla
  • chore(deps): security update #9684 #9696 #9815 @kumahq
  • chore(deps): update Envoy to v1.27.4 #9844 @michaelbeaumont

2.3.7

Released on 2024/04/05

  • Revert “feat(images/kuma-init): use iptables-wrapper to use correct iptables version (backport of #9701) (#9725)” #9758 @bartsmykla
  • chore(deps): security update #9683 #9694 #9817 @kumahq
  • chore(deps): update Envoy to v1.26.8 #9842 @michaelbeaumont

2.2.9

Released on 2024/04/05

  • Revert “feat(images/kuma-init): use iptables-wrapper to use correct iptables version (backport of #9701) (#9727)” #9759 @bartsmykla
  • chore(deps): security update #9680 #9695 #9816 @kumahq
  • chore(deps): update Envoy to v1.26.8 #9841 @michaelbeaumont

2.6.4

Released on 2024/04/02

  • fix(transparent-proxy): make iptables mode detection more defensive (backport of #9776) #9785 @kumahq

2.5.6

Released on 2024/04/02

  • fix(transparent-proxy): make iptables mode detection more defensive (backport of #9776) #9788 @kumahq

2.6.3

Released on 2024/03/29

  • chore(deps): security update #9621 #9681 #9697 @kumahq
  • feat(transparent-proxy): add automatic iptables type detection (backport of #9750) #9765 @kumahq
  • fix(MeshHTTPRoute): fix response headers filter in gateway route generation (backport of #9652) #9660 @kumahq

2.5.5

Released on 2024/03/29

  • chore(deps): security update #9682 #9698 @kumahq
  • feat(transparent-proxy): add automatic iptables type detection (backport of #9750) #9764 @kumahq

2.5.4

Released on 2024/03/15

2.4.7

Released on 2024/03/15

  • chore(deps): security update #9513 #9620 @kumahq
  • chore(deps): use latest kumahq/kuma-gui #9409 @kumahq

2.3.6

Released on 2024/03/15

  • chore(deps): security update #9515 #9618 @kumahq

2.2.8

Released on 2024/03/15

  • chore(deps): manual security update release-2.2 #9523 @lobkovilya
  • chore(deps): security update #9537 #9617 @kumahq

2.6.2

Released on 2024/03/13

  • chore(deps): security update #9368 #9514 #9621 @kumahq
  • fix(kuma-cp): clone outbound tags (backport of #9592) #9599 @kumahq
  • fix(xds): duplicated listeners (backport of #9542) #9552 @kumahq

2.5.3

Released on 2024/02/20

  • chore(deps): security update #9287 @kumahq
  • chore(deps): update iptables version (backport of #9200) #9215 @kumahq
  • chore(deps): upgrade envoy to v1.28.1 #9219 @lukidzi
  • fix(gatewayapi): don’t add HTTPRoute status if Kuma isn’t the controller (backport of #9228) #9235 @kumahq

2.4.6

Released on 2024/02/20

  • chore(deps): update iptables version (backport of #9200) #9214 @kumahq
  • chore(deps): upgrade envoy to v1.27.3 #9220 @lukidzi

2.3.5

Released on 2024/02/20

  • chore(deps): update iptables version (backport of #9200) #9213 @kumahq
  • chore(deps): upgrade envoy to v1.26.7 #9221 @lukidzi

2.2.7

Released on 2024/02/20

  • chore(deps): update iptables version (backport of #9200) #9217 @kumahq
  • chore(deps): upgrade envoy to v1.26.7 #9294 @lukidzi

2.6.1

Released on 2024/02/16

  • chore(deps): downgrade go-control-plane to v0.11.2-0.20231010133108-1dfbe83bcebc (backport of #9163) #9285 @kumahq
  • chore(deps): security update #9288 @kumahq
  • chore(deps): update iptables version (backport of #9200) #9216 @kumahq
  • chore(deps): upgrade envoy to v1.28.1 #9218 @lukidzi
  • chore(deps): use latest kumahq/kuma-gui #9174 #9194 @kumahq
  • fix(MeshGateway): fix MeshTCPRoute on MeshGateway (backport of #9167) #9180 @kumahq
  • fix(MeshTCPRoute): allow MeshGateway listener tags #9239 @michaelbeaumont
  • fix(defaults): change meshsubset to mesh for gateway’s meshtimeout (backport of #9192) #9199 @kumahq
  • fix(gatewayapi): don’t add HTTPRoute status if Kuma isn’t the controller (backport of #9228) #9236 @kumahq
  • fix(kubernetes): create builtin CA once (backport of #9124) #9129 @kumahq
  • fix(kuma-cp): copy annotations when adding/update k8s object (backport of #9254) #9263 @kumahq
  • fix(kuma-cp): kds sync on upgrade doubles the number of policies (backport of #9259) #9273 @kumahq
  • fix(kuma-cp): prevent violating kubernetes label limit (backport of #9191) #9233 @kumahq

2.4.5

Released on 2024/02/02

  • chore(deps): bump the go-opentelemetry-io group with 3 updates (backport of #8347) #8352 @kumahq
  • chore(deps): security update #8672 #8699 #9100 @kumahq
  • chore(deps): update go from 1.21.5 to 1.21.6 (backport of #8944) #8961 @kumahq
  • chore(deps): update go to 1.21.4 (backport of #8341) #8345 @kumahq
  • chore(deps): update go to 1.21.5 (backport of #8616) #8626 @kumahq
  • fix(ZoneIngress): subset routing when tag is present on all subsets (backport of #8443) #8473 @kumahq
  • fix(k8s): don’t temporarily remove all AvailableServices on ZoneIngress Pod reconciliations (backport of #8301) #8307 @kumahq
  • fix(kds): race condition on fill metadata (backport of #8872) #9000 @kumahq

2.3.4

Released on 2024/02/02

  • chore(deps): security update #8204 #8674 #8697 #9099 @kumahq
  • chore(deps): update go from 1.21.5 to 1.21.6 (backport of #8944) #8958 @kumahq
  • chore(deps): update go to 1.21.4 (backport of #8341) #8343 @kumahq
  • chore(deps): update go to 1.21.5 (backport of #8616) #8624 @kumahq
  • chore(deps): upgrade envoy to 1.26.6 #8162 @lukidzi
  • fix(MeshTrafficPermission): support permissive mtls (backport of #8171) #8175 @kumahq
  • fix(k8s): don’t temporarily remove all AvailableServices on ZoneIngress Pod reconciliations (backport of #8301) #8306 @kumahq
  • fix(k8s): fix VIPs configmap entries with invalid keys for ExternalName services (backport of #8168) #8196 @kumahq
  • fix(kds): race condition on fill metadata (backport of #8872) #8997 @kumahq

2.6.0

Released on 2024/02/01

  • chore(deps): bump actions/cache from 3.3.2 to 4.0.0 #8865 #8985 @dependabot
  • chore(deps): bump actions/checkout from 3.1.0 to 4.1.1 #8862 @dependabot
  • chore(deps): bump actions/download-artifact and actions/upload-artifact from 3 to 4 #8701 @michaelbeaumont
  • chore(deps): bump actions/github-script from 6 to 7 #8422 #8530 @dependabot
  • chore(deps): bump actions/setup-go from 4 to 5 #8586 @dependabot
  • chore(deps): bump actions/upload-artifact from 3.1.0 to 4.2.0 #8863 #8986 @dependabot
  • chore(deps): bump debian from fab22df to b16cef8 #8465 #8685 #8853 @dependabot
  • chore(deps): bump distroless/base-nossl-debian11 from 1ae8df5 to 61c9d7a #8659 @dependabot
  • chore(deps): bump distroless/static-debian11 from cdb2034 to 1e5b9bb #8657 @dependabot
  • chore(deps): bump github.com/bakito/go-log-logr-adapter from v0.0.2 to latest #8646 @michaelbeaumont
  • chore(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11 #8693 @dependabot
  • chore(deps): bump github.com/containernetworking/plugins from 1.3.0 to 1.4.0 #8588 @dependabot
  • chore(deps): bump github.com/emicklei/go-restful/v3 from 3.11.0 to 3.11.2 #8791 @dependabot
  • chore(deps): bump github.com/envoyproxy/go-control-plane from 0.11.1 to 0.12.0 #8738 @dependabot
  • chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 1.0.2 to 1.0.4 #8857 #8971 @dependabot
  • chore(deps): bump github.com/evanphx/json-patch/v5 from 5.7.0 to 5.8.1 #8883 @dependabot
  • chore(deps): bump github.com/exaring/otelpgx from 0.5.2 to 0.5.3 #8975 @dependabot
  • chore(deps): bump github.com/go-logr/logr from 1.3.0 to 1.4.1 #8726 @dependabot
  • chore(deps): bump github.com/golang-migrate/migrate/v4 from 4.16.2 to 4.17.0 #8724 @dependabot
  • chore(deps): bump github.com/google/uuid from 1.4.0 to 1.6.0 #8644 #9018 @dependabot
  • chore(deps): bump github.com/gruntwork-io/terratest from 0.46.7 to 0.46.11 #8589 #8790 #8968 @dependabot
  • chore(deps): bump github.com/jackc/pgx/v5 from 5.5.0 to 5.5.2 #8587 #8860 @dependabot
  • chore(deps): bump github.com/miekg/dns from 1.1.56 to 1.1.58 #8421 #8970 @dependabot
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.13.1 to 2.15.0 #8520 #8859 #8973 @dependabot
  • chore(deps): bump github.com/onsi/gomega from 1.30.0 to 1.31.1 #8976 @dependabot
  • chore(deps): bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0 #8728 @dependabot
  • chore(deps): bump github.com/prometheus/common from 0.45.0 to 0.46.0 #8858 @dependabot
  • chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.6 to 2.1.7 #8974 @dependabot
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.26.0 to 0.27.0 #8725 @dependabot
  • chore(deps): bump github/codeql-action from 2 to 3.23.1 #8662 #8864 #8984 @dependabot
  • chore(deps): bump golang from 1.21.4 to 1.21.6 #8616 #8944 @jakubdyszkiewicz,@michaelbeaumont
  • chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 #8665 @dependabot
  • chore(deps): bump golang.org/x/net from 0.18.0 to 0.20.0 #8519 #8789 @dependabot
  • chore(deps): bump golang.org/x/sys from 0.14.1-0.20231108175955-e4099bfacb8c to 0.16.0 #8521 #8774 @dependabot
  • chore(deps): bump google.golang.org/grpc from 1.59.0 to 1.61.0 #8645 #8686 #9017 @dependabot
  • chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 #8727 @dependabot
  • chore(deps): bump helm.sh/helm/v3 from 3.13.2 to 3.14.0 #8643 #8969 @dependabot
  • chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.3.1 #8861 @dependabot
  • chore(deps): bump postgres from e213539 to 49c276f #8785 #8842 #8866 @dependabot
  • chore(deps): bump sigs.k8s.io/controller-runtime from 0.16.3 to 0.17.0 #8972 @dependabot
  • chore(deps): bump sigs.k8s.io/controller-tools from 0.13.0 to 0.14.0 #8856 @dependabot
  • chore(deps): bump the go-opentelemetry-io group with 3 updates #8420 @dependabot
  • chore(deps): bump the go-opentelemetry-io group with 5 updates #8967 @dependabot
  • chore(deps): bump the k8s-libs group from 0.28.3 to 0.28.4 #8419 @dependabot
  • chore(deps): bump the k8s-libs group with 1 update #8854 @dependabot
  • chore(deps): bump the k8s-libs group with 3 updates #8642 @dependabot
  • chore(deps): bump the k8s-libs group with 4 updates #8966 @dependabot
  • chore(deps): bump ubuntu from 2b7412e to 6042500 #8518 #8658 @dependabot
  • chore(deps): fix update insecure dependencies by setting bigger swap #8677 @slonka
  • chore(deps): more explicit image tag in envoy.Dockerfile #8482 @michaelbeaumont
  • chore(deps): security update #8696 #9104 @kumahq
  • chore(deps): tag ubuntu image more explicitly #8988 @michaelbeaumont
  • chore(deps): use latest kumahq/kuma-gui #8400 #8401 #8405 #8418 #8425 #8434 #8440 #8441 #8446 #8452 #8453 #8454 #8470 #8480 #8481 #8488 #8496 #8501 #8504 #8507 #8531 #8534 #8538 #8546 #8550 #8554 #8561 #8564 #8577 #8579 #8583 #8585 #8590 #8592 #8594 #8600 #8601 #8619 #8620 #8637 #8638 #8684 #8709 #8712 #8714 #8735 #8751 #8758 #8779 #8784 #8794 #8797 #8802 #8803 #8810 #8835 #8841 #8848 #8850 #8869 #8870 #8871 #8886 #8895 #8899 #8903 #8910 #8914 #8917 #8941 #8948 #8987 #9003 #9004 #9008 #9040 #9052 #9055 @kumahq
  • feat(ExternalService): make ExternalServices independent of TrafficPermission #8745 @lukidzi
  • feat(ExternalService): validate same value for service and address #8641 @jakubdyszkiewicz
  • feat(MeshAccessLog): select gateway listeners #8560 @michaelbeaumont
  • feat(MeshCircuitBreaker): select MeshGateway listeners #8562 @michaelbeaumont
  • feat(MeshFaultInjection): select MeshGateway listeners #8574 @michaelbeaumont
  • feat(MeshFaultInjection): support ExternalServices with ZoneEgress #8742 @lukidzi
  • feat(MeshHTTPRoute): add basic gRPC support #8752 @lukidzi
  • feat(MeshHTTPRoute): add hostToBackendHostname rewrite with MeshGateway #8772 @michaelbeaumont
  • feat(MeshHTTPRoute): basic MeshGateway support #8402 @michaelbeaumont
  • feat(MeshHTTPRoute): support hostnames with MeshGateway #8663 @michaelbeaumont
  • feat(MeshHealthCheck): select MeshGateway listeners #8570 @michaelbeaumont
  • feat(MeshLoadBalancingStrategy): add option to configure ActiveRequestBias #8553 @lukidzi
  • feat(MeshLoadBalancingStrategy): select MeshGateway listeners #8571 @michaelbeaumont
  • feat(MeshLoadBalancingStrategy): support kind MeshGateway #8889 @michaelbeaumont
  • feat(MeshMetric): add create conflicts to the metric #8894 @jakubdyszkiewicz
  • feat(MeshMetric): implement OpenTelemetry API for MeshMetric #8874 @Automaat
  • feat(MeshRateLimit): select MeshGateway listeners #8733 @michaelbeaumont
  • feat(MeshRateLimit): support ExternalServices with ZoneEgress #8743 @lukidzi
  • feat(MeshRetry): select MeshGateway listeners #8734 @michaelbeaumont
  • feat(MeshTCPRoute): add kafka protocol support #8781 @lukidzi
  • feat(MeshTCPRoute): support MeshGateway #8817 @michaelbeaumont
  • feat(MeshTimeout): add RequestHeadersTimeout option and configure MeshGateway #8896 @lukidzi
  • feat(MeshTimeout): select MeshGateway listeners #8573 @michaelbeaumont
  • feat(MeshTrace): select MeshGateway listeners #8595 @michaelbeaumont
  • feat(MeshTrace): support kind MeshGateway #8888 @michaelbeaumont
  • feat(api-server): add /_resources endpoint #8529 @lahabana
  • feat(api-server): add _rules api to MeshGateways #8540 @lahabana
  • feat(api-server): add dataplanes/_rules new inspect api #8442 @lahabana
  • feat(api-server): skip auth on specific endpoints #8458 @jakubdyszkiewicz
  • feat(bootstrap): support customizing corefile template from kuma-cp #8634 @jijiechen
  • feat(dataplane): ignored listeners with ignored labels in selector #8463 @jakubdyszkiewicz
  • feat(grafana): change fixed interval to rate interval variable #8713 @jakubdyszkiewicz
  • feat(gui): add disabled in the index.html and remove disabled page #8813 @lahabana
  • feat(injector): add ephemeral-storage resource request/limit for sidecars #8882 @jijiechen
  • feat(intercp): drop leader on cp shutdown #9046 @jakubdyszkiewicz
  • feat(k8s): show ZoneEgress zone as column #8913 @michaelbeaumont
  • feat(k8s): show ZoneIngress zone as column #8906 @michaelbeaumont
  • feat(kds): add zoneCP info in zone-insights #8720 @lahabana
  • feat(kds): log additional gRPC status codes at info level #8502 @michaelbeaumont
  • feat(kuma-cp): added comment and more explicit structure #8753 @lukidzi
  • feat(kuma-cp): create default target ref policies #8920 @lukidzi
  • feat(kuma-cp): deprecate standalone mode #8478 @jakubdyszkiewicz
  • feat(kuma-cp): disable the default creation of TrafficPermission and TrafficRoute #8964 @lukidzi
  • feat(kuma-cp): enable zone-originated MeshGateway #8919 @lobkovilya
  • feat(kuma-cp): enable zone-originated policies #8801 @lobkovilya
  • feat(kuma-cp): hash-suffix remove feature flag #8461 @lobkovilya
  • feat(kuma-cp): move protocol information to mesh context #8479 @lukidzi
  • feat(kuma-cp): require kuma.io/origin: zone label when creating zone-origination policies #8873 @lobkovilya
  • feat(kuma-cp): support cross-zone MeshTCPRoute #8509 @michaelbeaumont
  • feat(kuma-cp): support labels in ResourceMeta #8516 @lobkovilya
  • feat(kuma-cp): use labels for KDS sync #8762 @lobkovilya
  • feat(kuma-dp): add coredns logging flag #8485 @timothy-spencer
  • feat(kumactl): basic export command #8718 #9009 @jakubdyszkiewicz,@slonka
  • feat(kumactl): export in kube format #8747 @jakubdyszkiewicz
  • feat(kumactl): make k8s resources applicable on other clusters #8775 @jakubdyszkiewicz
  • feat(kumactl): more profiles in export #8780 @jakubdyszkiewicz
  • feat(mads): extend MADS service to use data from MeshMetric policy #8608 @slonka
  • feat(policy): Add MeshMetric api #8576 @Automaat
  • feat(policy): Implement dynamic DPP configuration based on MeshMetric policy #8793 @Automaat
  • feat(policy): add OpenTelemetry support for MeshMetric #8893 @Automaat
  • feat(policy): add MeshMetric policy e2e tests #8750 @Automaat
  • feat(policy): add possibility to target only gateways/sidecars #8868 @lukidzi
  • feat(policy): add tags to backends for support VirtualOutbounds #8744 @lukidzi
  • feat(policy): allow policies with from and to configuring egress #8739 @lukidzi
  • feat(policy): implement MeshMetric xds #8617 @Automaat
  • feat(policy): support MeshGateway listener matching #8551 @michaelbeaumont
  • feat(resources): add kuma.io/display-name label #8705 @jakubdyszkiewicz
  • feat(routes): handle routing if there are no TrafficRoutes #8614 @michaelbeaumont
  • feat(universal): add VIP_REFRESH_INTERVAL #9042 @nicoche
  • feat(vip): record generation metrics #9047 @nicoche
  • feat(xds): do not generate independent listener for vips, use additional_addresses instead #8796 @jijiechen
  • feat(zone): create Zone resources on zone cp automatically and generate ZoneInsights #8584 @jakubdyszkiewicz
  • fix(MeshCircuitBreaker): revert validator and check if config is empty #9028 @lukidzi
  • fix(MeshFaultInjection): handle listener protocol correctly #8815 @michaelbeaumont
  • fix(MeshHTTPRoute): generate better resources when using HTTPS #9038 @michaelbeaumont
  • fix(MeshHTTPRoute): make ordering more consistent #8715 @michaelbeaumont
  • fix(MeshHTTPRoute): use 302 as default status code on Universal to match Kubernetes #8409 @michaelbeaumont
  • fix(MeshHealthCheck): handle gateway listener protocol correctly #8812 @michaelbeaumont
  • fix(MeshRateLimit): remove validation of Mesh type and proxyTypes for… #9041 @lukidzi
  • fix(MeshRetry): handle gateway listener protocol correctly #8811 @michaelbeaumont
  • fix(ZoneEgress): rewrite host header on ExternalService requests #8403 @michaelbeaumont
  • fix(ZoneIngress): subset routing when tag is present on all subsets #8443 @michaelbeaumont
  • fix(ZoneWatch): stop watching Zone if ZoneInsight not found #8766 @michaelbeaumont
  • fix(api): secret in k8s format #8741 @jakubdyszkiewicz
  • fix(gateway): check if external service from context when no trafficpermission #8957 @lukidzi
  • fix(gateway): isolate routes to SNI matches #9054 @michaelbeaumont
  • fix(k8s): support injection with label kuma.io/sidecar-injection: ‘true’ #8464 @michaelbeaumont
  • fix(kds): avoid rare cases where onStreamClosed is called with no state #8703 @lahabana
  • fix(kds): fix deletion of previous zones in components #8867 @lahabana
  • fix(kds): fix resource sync #9014 @lukidzi
  • fix(kds): make status tracker work when there’s no metadata #8711 @lahabana
  • fix(kds): race condition on fill metadata #8872 @jakubdyszkiewicz
  • fix(kuma-cp): assign extensions in ZoneInsightSink constructor #8940 @bartsmykla
  • fix(kuma-cp): don’t remove Service if MeshGateway is absent for a while (i.e. due to renaming) #8450 @lobkovilya
  • fix(kuma-cp): don’t run outbound proxy generator when there is no TrafficRoute #9082 @michaelbeaumont
  • fix(kuma-cp): enable hash-suffix only if Zone has KDS feature #8460 @lobkovilya
  • fix(kuma-cp): failure during the migration from non-federated to federated zone #8938 @lobkovilya
  • fix(kuma-cp): fix address check to not be loopback ipv4 and ipv6 #8490 @lukidzi
  • fix(kuma-cp): global upgrade #8890 @lobkovilya
  • fix(kuma-cp): make metadata retrieve method public #8918 @lukidzi
  • fix(kuma-cp): return sorted list of k8s secrets #9030 @lukidzi
  • fix(kuma-cp): set creationTime on KDS sync #8945 @lobkovilya
  • fix(kuma-cp): treat envoy admin errors as 4xx #8615 @lobkovilya
  • fix(kuma-cp): upgrade from Zone CP without labels to new one #8839 @lobkovilya
  • fix(kuma-cp): use column names in sql insert #8688 @lobkovilya
  • fix(kuma-cp): use pagination store for secret store #9033 @lukidzi
  • fix(metrics): fix kds metrics for simple watchdog #8428 @slonka
  • fix(metrics): unify zone name in metrics for k8s and universal #8435 @slonka
  • fix(policy): allow period in targetRef names #8754 @michaelbeaumont
  • fix(policy): first lexicographically wins, kind MeshGateway with tags over kind MeshGateway #8691 @michaelbeaumont
  • fix(policy): improve validator messages, allow string failoverthreshold #8929 @lahabana
  • fix(policy): support delegated gateways #8740 @michaelbeaumont
  • fix(vips): skip ignored listeners #8937 @jakubdyszkiewicz

2.5.2

Released on 2024/02/01

  • chore(deps): security update #8678 #8694 #9103 @kumahq
  • chore(deps): update go from 1.21.5 to 1.21.6 (backport of #8944) #8962 @kumahq
  • chore(deps): update go to 1.21.5 (backport of #8616) #8627 @kumahq
  • fix(kds): race condition on fill metadata (backport of #8872) #8999 @kumahq
  • fix(kuma-cp): assign extensions in ZoneInsightSink constructor (backport of #8940) #8956 @kumahq
  • fix(vips): skip ignored listeners (backport of #8937) #8982 @kumahq

2.2.6

Released on 2024/02/01

  • chore(deps): security update #8202 #8673 #8698 #9105 @kumahq
  • chore(deps): update go from 1.21.5 to 1.21.6 (backport of #8944) #8960 @kumahq
  • chore(deps): update go to 1.21.4 (backport of #8341) #8346 @kumahq
  • chore(deps): update go to 1.21.5 (backport of #8616) #8623 @kumahq
  • chore(deps): upgrade envoy to 1.25.11 #8163 @lukidzi
  • fix(MeshTrafficPermission): support permissive mtls (backport of #8171) #8178 @kumahq
  • fix(k8s): don’t temporarily remove all AvailableServices on ZoneIngress Pod reconciliations (backport of #8301) #8305 @kumahq
  • fix(k8s): fix VIPs configmap entries with invalid keys for ExternalName services (backport of #8168) #8195 @kumahq

2.5.1

Released on 2023/12/05

  • feat(dataplane): ignored listeners with ignored labels in selector (backport of #8463) #8544 @kumahq
  • fix(ZoneIngress): subset routing when tag is present on all subsets (backport of #8443) #8475 @kumahq
  • fix(metrics): fix kds metrics for simple watchdog (backport of #8428) #8430 @kumahq

2.5.0

Released on 2023/11/15

  • chore(deps): bump actions/checkout from 3 to 4 #7639 @dependabot
  • chore(deps): bump actions/setup-node from 3 to 4 #8109 @dependabot
  • chore(deps): bump cirello.io/pglock from 1.14.0 to 1.14.1 #7914 @dependabot
  • chore(deps): bump debian from b91baba to 7d3e881 #7697 #7852 #8053 @dependabot
  • chore(deps): bump distroless/base-nossl-debian11 from 6579e1f to 1ae8df5 #7635 #7985 @dependabot
  • chore(deps): bump distroless/static-debian11 from 312a533 to cdb2034 #7636 #7987 @dependabot
  • chore(deps): bump envoy from 1.27.0 to 1.27.1 #8023 @lahabana
  • chore(deps): bump github.com/cilium/ebpf from 0.11.0 to 0.12.2 #8093 @dependabot
  • chore(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 #7712 @dependabot
  • chore(deps): bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible #8183 @dependabot
  • chore(deps): bump github.com/evanphx/json-patch/v5 from 5.6.0 to 5.7.0 #7786 @dependabot
  • chore(deps): bump github.com/exaring/otelpgx from 0.5.1 to 0.5.2 #7857 @dependabot
  • chore(deps): bump github.com/go-logr/logr from 1.2.4 to 1.3.0 #8184 @dependabot
  • chore(deps): bump github.com/google/uuid from 1.3.0 to 1.4.0 #7609 #8188 @dependabot
  • chore(deps): bump github.com/gruntwork-io/terratest from 0.43.13 to 0.46.1 #7792 #7993 #8090 @dependabot
  • chore(deps): bump github.com/miekg/dns from 1.1.55 to 1.1.56 #7785 @dependabot
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.11.0 to 2.13.0 #7611 #7854 #7991 @dependabot
  • chore(deps): bump github.com/onsi/gomega from 1.27.10 to 1.29.0 #7917 #8094 #8185 @dependabot
  • chore(deps): bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0 #7916 @dependabot
  • chore(deps): bump github.com/prometheus/client_model from 0.4.1-0.20230718164431-9a2bf3000d16 to 0.5.0 #7992 @dependabot
  • chore(deps): bump github.com/slok/go-http-metrics from 0.10.0 to 0.11.0 #8091 @dependabot
  • chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.17.0 #7989 @dependabot
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.23.0 to 0.26.0 #7791 #7945 #8186 @dependabot
  • chore(deps): bump github.com/tonglil/opentelemetry-go-datadog-propagator from 0.1.0 to 0.1.1 #7641 @dependabot
  • chore(deps): bump go from 1.20.7 to 1.21.1 #7799 @lukidzi
  • chore(deps): bump go version to 1.21.3 #8001 @slonka
  • chore(deps): bump go.uber.org/zap from 1.25.0 to 1.26.0 #7789 @dependabot
  • chore(deps): bump golang.org/x/net from 0.14.0 to 0.16.0 #7699 #7988 @dependabot
  • chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.58.3 #8034 @michaelbeaumont
  • chore(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0 #7642 @dependabot
  • chore(deps): bump golang.org/x/text from 0.12.0 to 0.13.0 #7640 @dependabot
  • chore(deps): bump golangci-lint from v1.53.3 to v1.54.1 #7837 @michaelbeaumont
  • chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.59.0 #7698 #7788 #7856 #8097 @dependabot
  • chore(deps): bump helm.sh/helm/v3 from 3.12.3 to 3.13.1 #7915 #8089 @dependabot
  • chore(deps): bump k8s.io/apiextensions-apiserver from v0.28.1 to v0.28.2 #7918 @michaelbeaumont
  • chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.1 to 0.16.3 #7643 #7787 #8095 @dependabot
  • chore(deps): bump sigs.k8s.io/gateway-api from 0.8.0-rc1 to v1.0.0 #7644 #7781 #8150 @dependabot,@michaelbeaumont
  • chore(deps): bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 #8187 @dependabot
  • chore(deps): bump the go-opentelemetry-io group with 3 updates #7784 #7920 @dependabot
  • chore(deps): bump the go-opentelemetry-io group with 3 updates #8347 @slonka
  • chore(deps): bump the go-opentelemetry-io-contrib group with 2 updates #7613 @dependabot
  • chore(deps): bump the go-opentelemetry-io-otel group with 2 updates #7607 @dependabot
  • chore(deps): bump the k8s-libs group with 3 updates #7606 #7790 #8088 @dependabot
  • chore(deps): bump tibdex/github-app-token from 1.8.0 to 2.1.0 #7638 #7731 #7853 @dependabot
  • chore(deps): bump ubuntu from ec050c3 to 2b7412e #7637 #7986 #8052 @dependabot
  • chore(deps): downgrade testcontainers-go from v0.24.0 to v0.23.0 #7800 @jakubdyszkiewicz
  • chore(deps): update gateway-api #8270 @michaelbeaumont
  • chore(deps): update go to 1.21.4 #8341 @slonka
  • chore(deps): upgrade envoy to 1.28.0 #8158 @lukidzi
  • chore(deps): upgrade github.com/gruntwork-io/terratest to v0.43.13 #7706 @lukidzi
  • chore(deps): use latest kumahq/kuma-gui #7603 #7604 #7605 #7612 #7614 #7617 #7619 #7620 #7622 #7626 #7627 #7628 #7629 #7631 #7646 #7647 #7648 #7650 #7653 #7658 #7659 #7689 #7700 #7710 #7713 #7721 #7727 #7729 #7730 #7732 #7733 #7738 #7739 #7749 #7750 #7754 #7755 #7766 #7777 #7779 #7795 #7797 #7798 #7802 #7804 #7806 #7811 #7812 #7822 #7866 #7867 #7899 #7900 #7902 #7935 #7953 #7966 #7973 #7979 #7980 #7983 #7984 #7996 #7998 #8009 #8010 #8041 #8045 #8048 #8049 #8057 #8059 #8061 #8074 #8080 #8083 #8085 #8104 #8115 #8118 #8120 #8126 #8145 #8146 #8147 #8201 #8207 #8210 #8213 #8214 #8215 #8217 #8219 #8220 #8221 #8232 #8236 #8238 #8239 @kumahq
  • feat(ExternalService): add skip hostname verification for external services #7633 @alparslanavci
  • feat(MeshLoadBalancingStrategy): new locality aware api #8082 #8112 @Automaat,@lukidzi
  • feat(MeshProxyPatch): allow policy to target MeshGateway resources #8044 @bartsmykla
  • feat(api-server): add /_overview for all types that have overviews #7999 #8173 @lahabana
  • feat(api-server): add filtering on list external-services and dataplanes #7810 @lahabana
  • feat(api-server): added query parameter to filter services by name #8154 @lukidzi
  • feat(api-server): implement new Global Insight endpoint #7775 #7872 @Automaat
  • feat(api-server): new inspect api #8148 @lahabana
  • feat(docs): add generated openapi docs #7975 @lahabana
  • feat(dp-token): allow validator to define keys not scoped to a mesh #8169 @nicoche
  • feat(events): configurable buffers and predicates #7735 @jakubdyszkiewicz
  • feat(gui): adds storeType index.html variable #7965 @johncowen
  • feat(helm): add configurable service port for cp ingress #8263 @lahabana
  • feat(helm): add loadBalancerSourceRanges on global zone sync service #7978 @slavogiez
  • feat(helm): add possibility to run universal zone cp on kubernetes #7924 @Automaat
  • feat(helm): add service-account features to egress and ingress #7864 @lahabana
  • feat(helm): add support for controlplane deployment annotations #7959 @slavogiez
  • feat(helm): allow to define service accounts annotations #7724 @lukidzi
  • feat(helm): allow to disable tls-checksum generation #7955 @lukidzi
  • feat(helm): minReadySeconds for control plane #7931 @jakubdyszkiewicz
  • feat(insights): jitter zone insights upsert #7925 @jakubdyszkiewicz
  • feat(insights): metrics of reason and result #7752 @jakubdyszkiewicz
  • feat(insights): multiple workers #7778 @jakubdyszkiewicz
  • feat(kds): add metrics to event based watchdog #7651 @jakubdyszkiewicz
  • feat(kds): add user-agent with useful version info #7886 @lahabana
  • feat(kds): allow to delay full resync when ticker #7782 @lukidzi
  • feat(kds): allow to disable KDS SOTW grpc api #7961 @lukidzi
  • feat(kds): better error handling #7868 @jakubdyszkiewicz
  • feat(kds): compact subscriptions in insights #7962 @jakubdyszkiewicz
  • feat(kds): enable delta by default #8262 @lahabana
  • feat(kds): execute filters on envoy admin streams #7905 @jakubdyszkiewicz
  • feat(kds): experimental event based watchdog #7624 @jakubdyszkiewicz
  • feat(kds): introduce zone health checks #7821 @michaelbeaumont
  • feat(kds): pass resource keys to resourceStore for delta kds #7654 @lukidzi
  • feat(kds): resource sync metric #7794 @jakubdyszkiewicz
  • feat(kds): response backoff #7997 @jakubdyszkiewicz
  • feat(kds): use hash-suffix for KDS sync #7519 @lobkovilya
  • feat(kuma-cp): add HealthCheck unary endpoint #7815 @michaelbeaumont
  • feat(kuma-cp): add basedOnKuma in cp_info metric #8218 @lahabana
  • feat(kuma-cp): add locality aware implementation for egress #8233 @Automaat
  • feat(kuma-cp): add support for Gateway in MeshLoadBalancingStrategy #8309 @Automaat
  • feat(kuma-cp): allow to disable backend validation #7901 @lukidzi
  • feat(kuma-cp): make OpenTelemetry control plane tracing fully configurable #7936 @michaelbeaumont
  • feat(kuma-cp): move KDS hash suffix under a feature flag #8363 @lobkovilya
  • feat(kuma-dp): support setting Envoy’s –component-log-level #8241 @michaelbeaumont
  • feat(kumactl): support new inspect api #8192 @lahabana
  • feat(rsa): add support for PKIX encoded pubkeys #8179 @nicoche
  • feat(store): add owner reference to the secrets #7770 @slonka
  • feat(store): added postgres index for owner columns #7625 @lukidzi
  • feat(store): allow ResourceStore to be customized #7743 @bartsmykla
  • feat(store): conflict metrics #7753 @jakubdyszkiewicz
  • feat(store): consistent gets for read replica #7923 @jakubdyszkiewicz
  • feat(store): support postgres reader replica #7763 @jakubdyszkiewicz
  • feat(tenants): add extension points for sharding #7502 @jakubdyszkiewicz
  • feat(transparent-proxy): add --exclude-outbound-ports-for-uids #7588 @lahabana
  • feat(transparent-proxy): allow to wait for xtables lock and retry when installing tproxy fails #7870 @bartsmykla
  • feat(xds): auto reachable services based on MeshTrafficPermission #8125 @jakubdyszkiewicz
  • fix(MeshFaultInjection): include tags negation in header matching #8043 @bartsmykla
  • fix(MeshGateway): ensure that duplicate listeners are not added when crossMesh is enabled on a listener and Routes specify hostnames #8156 @ttreptow
  • fix(MeshTrafficPermission): support permissive mtls #8171 @jakubdyszkiewicz
  • fix(TrafficRoute): use default value when choiceCount is 0 #7938 @lukidzi
  • fix(api-server): 400 error on admin operations on not yet connected stream #8039 @slonka
  • fix(api-server): always remove empty array in inspect gw api #8209 @lahabana
  • fix(api-server): avoid panic when there no insight for entity #8068 @lahabana
  • fix(api-server): dataplane overview pagination #7803 @jakubdyszkiewicz
  • fix(api-server): empty list instead of null #7780 @jakubdyszkiewicz
  • fix(api-server): improve HandleError to handle rest_errors.Error and fix Unauthenticated error handling #7818 @bartsmykla
  • fix(api-server): improve error handling and return status #7937 @lahabana
  • fix(core): better lifecycle when context is getting cancelled #8268 @lahabana
  • fix(envoy): remove apple flag #8314 @lukidzi
  • fix(gatewayapi): don’t set RefNotPermitted for GAMMA routes #7771 @michaelbeaumont
  • fix(gatewayapi): don’t set listener ResolvedRefs based on routes ResolvedRefs #7809 @michaelbeaumont
  • fix(helm): do not run webhooks on kube-system #8157 @lahabana
  • fix(helm): make CNI configmap and serviceaccount support custom namespace #7956 @slavogiez
  • fix(helm): use bitnami/kubectl image for helm hooks #7656 @lahabana
  • fix(insights): have subscription gc also work for zoneEgress insights #7954 @lahabana
  • fix(insights): improve ZoneInsight subscription management #8153 @michaelbeaumont
  • fix(k8s): add namespace to deleteObjectIfExist in pod controller #8063 @slonka
  • fix(k8s): don’t temporarily remove all AvailableServices on ZoneIngress Pod reconciliations #8301 @slonka
  • fix(k8s): fix VIPs configmap entries with invalid keys for ExternalName services #8168 @bartsmykla
  • fix(kds): call CloseSend and exit a goroutine when sync fails to start #7869 @lukidzi
  • fix(kds): delta delivery metric #7793 @jakubdyszkiewicz
  • fix(kds): don’t inc KdsGenerationErrors when context canceled #7913 @michaelbeaumont
  • fix(kds): experimental watchdog concurrent map write #7630 @jakubdyszkiewicz
  • fix(kds): set error when KDS clients fails in goroutine #7725 @lukidzi
  • fix(kds): try returning unavailable on app context finish #8050 @slonka
  • fix(kds): use deprecated method in otel #8366 @slonka
  • fix(kuma-cni): support port exclusion for UIDs #8319 @lobkovilya
  • fix(kuma-cp): change affinityTag field in MeshLoadBalancingStrategy t… #8294 @Automaat
  • fix(kuma-cp): cleanup interval should be calculated based on “expirationTime” for hashCache #8065 @lobkovilya
  • fix(kuma-cp): don’t add postStart hook to builtin gateway even if waitForDataplaneReady: true #7939 @lobkovilya
  • fix(kuma-cp): don’t configure RBAC rules on Prometheus listener #8172 @lobkovilya
  • fix(kuma-cp): fix Zone{In E}gress sync when no mesh #8129 @bartsmykla
  • fix(kuma-cp): meta validation compatible with Kubernetes naming rules #7976 @lobkovilya
  • fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes #7909 @lobkovilya
  • fix(kuma-cp): take proper context for resync #7805 @lukidzi
  • fix(kuma-cp): use GetConsistent store when validating default mesh resources #7949 @lukidzi
  • fix(kuma-cp): using policy name with “.” causes hash to be inserted in the wrong place on the zone #8240 @lobkovilya
  • fix(kuma-dp): advise user to check pod events when data plane rejected by webhooks #8257 @jijiechen
  • fix(kuma-dp): fix build #8282 @Automaat
  • fix(kuma-dp): fix incorrect dataplane name due to mangled env vars #8199 @bartsmykla
  • fix(kumactl): add --mesh parameter to inspect <policy> #7696 @lahabana
  • fix(observability): add annotation to make observability while running CNI work #8330 @slonka
  • fix(policy): improve targetRef name and tags validation #7972 @alparslanavci
  • fix(store): fix passing logs to pglock #8040 @slonka
  • fix(store): use customizer for postgres ro pool #7769 @jakubdyszkiewicz
  • fix(transparent-proxy): fix –wait flags for iptables legacy #8364 @bartsmykla
  • fix(xds): backwards compatibility on access logs paths #7662 @jakubdyszkiewicz
  • fix(xds): use stable hashes for outbound cluster names #8081 @michaelbeaumont
  • perf(insights): fetch dp overviews once #7652 @jakubdyszkiewicz
  • perf(insights): fetch external services once #7796 @lukidzi
  • perf(insights): refresh only changed #7737 @jakubdyszkiewicz
  • perf(store): postgres transactions #7995 @jakubdyszkiewicz
  • perf(xds): put the Gatewaylisteners in the Proxy #8051 @lahabana

2.4.4

Released on 2023/11/06

  • chore(deps): security update #8054 #8205 @kumahq
  • fix(MeshTrafficPermission): support permissive mtls (backport of #8171) #8176 @kumahq
  • fix(k8s): fix VIPs configmap entries with invalid keys for ExternalName services (backport of #8168) #8198 @kumahq
  • fix(kuma-cp): fix ZoneIngress/ZoneEgress sync when no mesh (backport of #8129) #8134 @kumahq

2.4.3

Released on 2023/10/11

  • chore(deps): bump envoy from 1.27.0 to 1.27.1 #8025 @lahabana
  • chore(deps): bump go version to 1.21.3 (backport of #8001) #8012 @kumahq
  • chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 #8032 @michaelbeaumont

2.3.3

Released on 2023/10/11

  • chore(deps): bump envoy from 1.26.4 to 1.26.5 #8024 @lahabana
  • chore(deps): bump go from 1.20.7 to 1.21.1 #7825 @kumahq
  • chore(deps): bump go version to 1.21.3 (backport of #8001) #8016 @kumahq
  • chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 #8033 @michaelbeaumont
  • chore(deps): bump golangci-lint from v1.53.3 to v1.53.3 #7838 #7848 @kumahq
  • chore(deps): security update #7734 @kumahq
  • chore(deps): update CoreDNS to v1.11.1 (backport of #7523) #7529 @kumahq
  • fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) #7833 @kumahq
  • fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) #7927 @kumahq
  • fix(metrics): hijacker should not pass accept-encoding (backport of #7572) #7576 @kumahq

2.2.5

Released on 2023/10/11

  • chore(deps): bump envoy from 1.25.9 to 1.25.10 #8026 @lahabana
  • chore(deps): bump go from 1.20.7 to 1.21.1 #7827 @kumahq
  • chore(deps): bump go version to 1.21.3 (backport of #8001) #8013 @kumahq
  • chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 #8031 @michaelbeaumont
  • chore(deps): bump golangci-lint from v1.53.3 to v1.53.3 #7842 #7844 @kumahq
  • chore(deps): security update #7718 @kumahq
  • chore(deps): update CoreDNS to v1.11.1 (backport of #7523) #7531 @kumahq
  • fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) #7832 @kumahq
  • fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) #7928 @kumahq
  • fix(metrics): hijacker should not pass accept-encoding (backport of #7572) #7579 @kumahq

2.1.7

Released on 2023/10/11

  • chore(deps): bump envoy from 1.24.10 to 1.24.11 #8027 @lahabana
  • chore(deps): bump go from 1.20.7 to 1.21.1 #7829 @kumahq
  • chore(deps): bump go version to 1.21.3 (backport of #8001) #8015 @kumahq
  • chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 #8030 @michaelbeaumont
  • chore(deps): security update #7716 @kumahq
  • chore(deps): update CoreDNS to v1.11.1 (backport of #7523) #7532 @kumahq
  • fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) #7830 @kumahq
  • fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) #7926 @kumahq
  • fix(metrics): hijacker should not pass accept-encoding (backport of #7572) #7577 @kumahq

2.0.8

Released on 2023/10/11

  • chore(deps): bump envoy from 1.24.10 to 1.24.11 #8028 @lahabana
  • chore(deps): bump go from 1.18 to 1.21.1 #7533 #7828 @kumahq,@michaelbeaumont
  • chore(deps): bump go version to 1.21.3 (backport of #8001) #8014 @kumahq
  • chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 #8029 @michaelbeaumont
  • chore(deps): bump golangci-lint from v1.53.3 to v1.53.3 #7841 #7847 @kumahq
  • chore(deps): security update #7406 #7453 #7717 @kumahq
  • chore(deps): update CoreDNS to v1.11.1 (backport of #7523) #7528 @kumahq
  • fix(containerd): only build cgroups on linux (backport of #7408) #7423 @kumahq
  • fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) #7831 @kumahq
  • fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) #7930 @kumahq
  • fix(metrics): hijacker should not pass accept-encoding (backport of #7572) #7580 @kumahq
  • fix(sec): get rid of dependency on containerd (backport of #7387) #7389 @kumahq

2.4.2

Released on 2023/10/02

  • chore(deps): bump go from 1.20.7 to 1.21.1 #7826 @kumahq
  • chore(deps): security update #7719 @kumahq
  • feat(kds): add user-agent with useful version info (backport of #7886) #7897 @kumahq
  • feat(kds): better error handling (backport of #7868) #7877 @kumahq
  • feat(transparent-proxy): allow to wait for xtables lock and retry when installing tproxy fails (backport of #7870) #7892 @kumahq
  • fix(kds): call CloseSend and exit a goroutine when sync fails to start (backport of #7869) #7883 @kumahq
  • fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) #7834 @kumahq
  • fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) #7929 @kumahq

2.4.1

Released on 2023/09/07

  • chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.1 to 0.16.1 #7680 @kumahq
  • chore(deps): bump sigs.k8s.io/gateway-api from 0.8.0-rc1 to 0.8.0 #7664 @kumahq
  • chore(deps): bump the go-opentelemetry-io-contrib group with 2 updates (backport of #7613) #7678 @kumahq
  • chore(deps): bump the go-opentelemetry-io-otel group with 2 updates (backport of #7607) #7670 @kumahq
  • chore(deps): bump the k8s-libs group with 3 updates (backport of #7606) #7688 @kumahq
  • fix(kumactl): add --mesh parameter to inspect <policy> (backport of #7696) #7703 @kumahq
  • fix(xds): backwards compatibility on access logs paths (backport of #7662) #7694 @kumahq

2.4.0

Released on 2023/08/28

  • chore(deps): bump CoreDNS from v1.10.1 to v1.11.1 #7493 #7523 @michaelbeaumont
  • chore(deps): bump cirello.io/pglock from 1.13.0 to 1.14.0 #7554 @dependabot
  • chore(deps): bump debian from 3d868b5 to b91baba #7403 #7547 @dependabot
  • chore(deps): bump envoy to 1.26.3 #7267 @lukidzi
  • chore(deps): bump github.com/cilium/ebpf from 0.10.0 to 0.11.0 #7205 @dependabot
  • chore(deps): bump github.com/emicklei/go-restful/v3 from 3.10.2 to 3.11.0 #7552 @dependabot
  • chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 1.0.1 to 1.0.2 #7159 @dependabot
  • chore(deps): bump github.com/exaring/otelpgx from 0.5.0 to 0.5.1 #7337 @dependabot
  • chore(deps): bump github.com/jackc/pgx/v5 from 5.4.1 to 5.4.3 #7273 #7474 @dependabot
  • chore(deps): bump github.com/onsi/gomega from 1.27.8 to 1.27.10 #7336 @dependabot
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.20.1 to 0.23.0 #7122 #7514 @dependabot
  • chore(deps): bump go.opentelemetry.io/proto/otlp from 0.20.0 to 1.0.0 #7272 @dependabot
  • chore(deps): bump go.uber.org/zap from 1.24.0 to 1.25.0 #7472 @dependabot
  • chore(deps): bump golang.org/x/net from 0.11.0 to 0.14.0 #7206 #7475 @dependabot
  • chore(deps): bump golang.org/x/sys from 0.9.0 to 0.11.0 #7204 #7471 @dependabot
  • chore(deps): bump golang.org/x/text from 0.10.0 to 0.12.0 #7203 #7476 @dependabot
  • chore(deps): bump golangci-lint from v1.51.2 to v1.53.3 #7334 @lahabana
  • chore(deps): bump gonum.org/v1/gonum from 0.13.0 to 0.14.0 #7553 @dependabot
  • chore(deps): bump google.golang.org/grpc from 1.56.0 to 1.57.0 #7123 #7202 #7373 @dependabot
  • chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 #7124 @dependabot
  • chore(deps): bump helm.sh/helm/v3 from 3.12.1 to 3.12.3 #7270 #7515 @dependabot
  • chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.3 to 0.27.4 #7372 @michaelbeaumont
  • chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.0 to 0.15.1 #7470 @dependabot
  • chore(deps): bump sigs.k8s.io/controller-tools from 0.12.0 to 0.13.0 #7271 #7550 @dependabot
  • chore(deps): bump sigs.k8s.io/gateway-api from 0.7.1-0.20230727082008-1764e458047d to 0.8.0-rc1 #7371 #7513 @dependabot,@michaelbeaumont
  • chore(deps): bump the k8s-libs group with 3 updates #7335 #7549 @dependabot
  • chore(deps): bump ubuntu from 0bced47 to ec050c3 #7546 @dependabot
  • chore(deps): update go from 1.20.5 to 1.20.6 #7414 @slonka
  • chore(deps): update testcontainers-go to 0.22.0 #7477 @slonka
  • chore(deps): update to go 1.20.7 #7429 @slonka
  • chore(deps): upgrade envoy to 1.26.4 #7367 @lukidzi
  • chore(deps): upgrade envoy to 1.27.0 #7411 @lukidzi
  • chore(deps): use latest kumahq/kuma-gui #7095 #7096 #7097 #7100 #7113 #7127 #7128 #7156 #7169 #7171 #7193 #7219 #7255 #7260 #7261 #7274 #7279 #7284 #7305 #7308 #7320 #7322 #7328 #7331 #7340 #7341 #7343 #7345 #7350 #7357 #7369 #7370 #7376 #7378 #7379 #7385 #7388 #7413 #7421 #7430 #7444 #7478 #7479 #7480 #7481 #7482 #7487 #7498 #7499 #7503 #7509 #7510 #7511 #7517 #7518 #7522 #7524 #7537 #7538 #7548 #7557 #7566 #7568 #7569 #7571 #7575 #7581 #7582 #7584 @kumahq
  • chore(release): merge release-2.3 #7099 @michaelbeaumont
  • feat(MeshHealthCheck): allow top level targetRef kind MeshGateway #7194 @michaelbeaumont
  • feat(MeshRetry): allow top level targetRef kind MeshGateway #7190 @michaelbeaumont
  • feat(MeshTimeout): allow top level targetRef.kind MeshGateway #7137 @michaelbeaumont
  • feat(VirtualOutbound): support multizone #7407 @jakubdyszkiewicz
  • feat(api-server): add isTargetRefBased in /policies #7561 @lahabana
  • feat(api-server): add service unavailable error #7501 @slonka
  • feat(api-server): allow WebService customization in plugins #7497 @michaelbeaumont
  • feat(api-server): error status is an int #7162 @jakubdyszkiewicz
  • feat(cni): add retry for CNI config file check #7215 @StuAtKong
  • feat(insights): add event to trigger computation #7506 @jakubdyszkiewicz
  • feat(insights): change metrics to milliseconds #7491 @jakubdyszkiewicz
  • feat(k8s): show targetRef kind/name in kubectl output #7116 @michaelbeaumont
  • feat(kuma-cp): add ‘renewDeadline’ and ‘leaseDuration’ config params #7448 @lobkovilya
  • feat(kuma-cp): add info about presence of auth token in zoneInsight #7598 @Automaat
  • feat(kuma-cp): add observability to k8s auth cache #7192 @jakubdyszkiewicz
  • feat(kuma-cp): add opentelemetry traces to pgx #7216 @michaelbeaumont
  • feat(kuma-cp): add tracing to KDS server #7160 @michaelbeaumont
  • feat(kuma-cp): allow to disable resources count metrics #7304 @lukidzi
  • feat(kuma-cp): better xds metrics #7208 @jakubdyszkiewicz
  • feat(kuma-cp): block application container start until dp is ready #7583 @lukidzi
  • feat(kuma-cp): extend ZoneInsight api with information about usage of… #7563 @Automaat
  • feat(kuma-cp): force routing through zone egress #7558 @jakubdyszkiewicz
  • feat(kuma-cp): implement TLS listener for prometheus #7534 @lukidzi
  • feat(kuma-cp): introduce OpenTelemetry tracing #7153 @michaelbeaumont
  • feat(kuma-cp): support Datadog propagation for tracing #7168 @michaelbeaumont
  • feat(kuma-dp): don’t require NET_BIND_SERVICE capability #7276 @michaelbeaumont
  • feat(kumactl): define User-Agent #7307 @mmorel-35
  • feat(metrics): expose kube controller manager metrics #7158 @jakubdyszkiewicz
  • feat(metrics): support OpenMetrics from applications #7125 @AyushSenapati
  • feat(observability): add traceId in error messages #7329 @lahabana
  • feat(observability): components metrics #7209 @jakubdyszkiewicz
  • feat(policy): add targetRef.kind MeshGateway #7114 @michaelbeaumont
  • feat(watchdog): don’t call onError if error was Canceled #7401 @michaelbeaumont
  • feat(xds): filter-chain builder constructor require name #7131 @mmorel-35
  • feat(xds): named resources (clusters) builders require name #7104 @mmorel-35
  • feat(xds): named resources (listeners) builders require name #7105 @mmorel-35
  • feat(xds): named resources (routes configuration) builders require name #7106 @mmorel-35
  • feat(zoneproxies): check empty listeners #7562 @jakubdyszkiewicz
  • fix(MeshTrafficPermission): use serviceName instead of resource name for egress MTP #7225 @lukidzi
  • fix(api-server): return 400 when PUT/POST resource is invalid #7560 @lahabana
  • fix(containerd): only build cgroups on linux #7408 @slonka
  • fix(dataplane_watchdog): fix outdated comment #7565 @nicoche
  • fix(egress): routing using MeshHTTPRoute and VirtualOutbound #7536 @jakubdyszkiewicz
  • fix(insights): rewrite insights to allow more efficiency #7375 @lahabana
  • fix(intercp): properly track idleness of pool connections #7323 @michaelbeaumont
  • fix(k8s): tolerate unknown appProtocol #7133 @michaelbeaumont
  • fix(kuma-cp): cancel OnTick when watchdog stopped #7221 @michaelbeaumont
  • fix(kuma-cp): do not require certs on https api port #7102 @jakubdyszkiewicz
  • fix(kuma-cp): don’t fail when 2 headless services pointing to the same service #7282 @lukidzi
  • fix(kuma-cp): don’t leak goroutine on every tick in SimpleWatchdog #7348 @lukidzi
  • fix(kuma-cp): don’t return from opentelemetry Start #7157 @michaelbeaumont
  • fix(kuma-cp): handle advertised address in zone ingress #7332 @jakubdyszkiewicz
  • fix(kuma-cp): handle external services with permissive mtls #7179 @jakubdyszkiewicz
  • fix(kuma-cp): order resources for building VIPs #7333 @lukidzi
  • fix(kuma-cp): pass context via snapshot reconciler to generateCerts #7231 @michaelbeaumont
  • fix(kuma-cp): put metadata xds callbacks before sync #7230 @lobkovilya
  • fix(kuma-cp): universal mode don’t log on every lock acquire attempt #7593 @michaelbeaumont
  • fix(kuma-dp): pass sockets in metadata from dp to cp #7218 @lahabana
  • fix(kumactl): treat 404 as resource not found error #7297 @slonka
  • fix(metrics): hijacker should not pass accept-encoding #7572 @jakubdyszkiewicz
  • fix(sec): get rid of dependency on containerd #7387 @slonka
  • perf(kuma-cp): trim zone ingress and service insights #7098 @jakubdyszkiewicz
  • perf(xds): use aggregated mesh context for zone proxies #7449 @jakubdyszkiewicz
  • perf(zoneingress): only pick resources from proper mesh #7415 @jakubdyszkiewicz

2.1.6

Released on 2023/08/09

  • chore(deps): bump go from 1.18 to 1.20.7 #7446 #7489 @michaelbeaumont
  • chore(deps): security update #7405 #7442 @kumahq
  • fix(sec): get rid of dependency on containerd (backport of #7387) #7390 @kumahq

2.2.4

Released on 2023/08/04

  • chore(deps): security update #7454 @kumahq
  • chore(deps): update go from 1.20.5 to 1.20.6 (backport of #7414) #7417 @kumahq
  • chore(deps): update to go 1.20.7 (backport of #7429) #7432 @kumahq
  • chore(deps): upgrade envoy to 1.25.9 #7366 @lukidzi
  • fix(containerd): only build cgroups on linux (backport of #7408) #7422 @kumahq
  • fix(kuma-cp): don’t leak goroutine on every tick in SimpleWatchdog (backport of #7348) #7355 @kumahq
  • fix(kuma-cp): order resources for building VIPs (backport of #7333) #7362 @kumahq
  • fix(sec): get rid of dependency on containerd (backport of #7387) #7391 @kumahq

2.3.2

Released on 2023/08/03

  • chore(deps): security update #7443 @kumahq
  • chore(deps): update go from 1.20.5 to 1.20.6 (backport of #7414) #7419 @kumahq
  • chore(deps): update to go 1.20.7 (backport of #7429) #7435 @kumahq
  • chore(deps): upgrade envoy to 1.26.4 #7368 @lukidzi
  • fix(containerd): only build cgroups on linux (backport of #7408) #7425 @kumahq
  • fix(kuma-cp): don’t leak goroutine on every tick in SimpleWatchdog (backport of #7348) #7351 @kumahq
  • fix(kuma-cp): order resources for building VIPs (backport of #7333) #7359 @kumahq
  • fix(sec): get rid of dependency on containerd (backport of #7387) #7392 @kumahq

2.1.5

Released on 2023/07/27

  • chore(deps): upgrade envoy to 1.24.10 #7363 @lukidzi
  • fix(kuma-cp): don’t leak goroutine on every tick in SimpleWatchdog (backport of #7348) #7352 @kumahq
  • fix(kuma-cp): order resources for building VIPs (backport of #7333) #7361 @kumahq

2.0.7

Released on 2023/07/27

  • chore(deps): upgrade envoy to 1.24.10 #7364 @lukidzi
  • fix(kuma-cp): order resources for building VIPs (backport of #7333) #7358 @kumahq

1.8.8

Released on 2023/07/27

  • chore(deps): upgrade envoy to 1.24.10 #7365 @lukidzi
  • fix(kuma-cp): order resources for building VIPs (backport of #7333) #7360 @kumahq

2.3.1

Released on 2023/07/21

  • chore(deps): bump envoy to 1.26.3 which fix CVE-2023-35945 #7266 @lukidzi
  • chore(deps): use latest kumahq/kuma-gui #7096 @kumahq
  • fix(MeshTrafficPermission): use serviceName instead of resource name for egress MTP (backport of #7225) #7233 @kumahq
  • fix(kuma-cp): cancel OnTick when watchdog stopped (backport of #7221) #7241 @kumahq
  • fix(kuma-cp): do not require certs on https api port (backport of #7102) #7111 @kumahq
  • fix(kuma-cp): don’t fail when 2 headless services pointing to the same service (backport of #7282) #7295 @kumahq
  • fix(kuma-cp): handle external services with permissive mtls (backport of #7179) #7187 @kumahq
  • fix(kuma-cp): pass context via snapshot reconciler to generateCerts (backport of #7231) #7250 @kumahq
  • fix(kuma-cp): put metadata xds callbacks before sync (backport of #7230) #7244 @kumahq
  • fix(kumactl): treat 404 as resource not found error (backport of #7297) #7303 @kumahq

2.2.3

Released on 2023/07/21

  • chore(deps): bump envoy to 1.25.8 which fix CVE-2023-35945 #7265 @lukidzi
  • fix(kuma-cp): cancel OnTick when watchdog stopped (backport of #7221) #7242 @kumahq
  • fix(kuma-cp): do not require certs on https api port (backport of #7102) #7110 @kumahq
  • fix(kuma-cp): don’t fail when 2 headless services pointing to the same service (backport of #7282) #7291 @kumahq
  • fix(kuma-cp): handle external services with permissive mtls (backport of #7179) #7185 @kumahq
  • fix(kuma-cp): pass context via snapshot reconciler to generateCerts (backport of #7231) #7254 @kumahq
  • fix(kuma-cp): put metadata xds callbacks before sync (backport of #7230) #7245 @kumahq

2.1.4

Released on 2023/07/19

  • chore(deps): bump envoy to 1.24.9 which fix CVE-2023-35945 #7264 @lukidzi
  • fix(kuma-cp): cancel OnTick when watchdog stopped (backport of #7221) #7240 @kumahq
  • fix(kuma-cp): don’t fail when 2 headless services pointing to the same service (backport of #7282) #7294 @kumahq
  • fix(kuma-cp): handle external services with permissive mtls (backport of #7179) #7188 @kumahq
  • fix(kuma-cp): pass context via snapshot reconciler to generateCerts (backport of #7231) #7251 @kumahq
  • fix(kuma-cp): put metadata xds callbacks before sync (backport of #7230) #7247 @kumahq

2.0.6

Released on 2023/07/19

  • chore(deps): bump envoy to 1.24.9 which fix CVE-2023-35945 #7263 @lukidzi
  • fix(kuma-cp): don’t fail when 2 headless services pointing to the same service (backport of #7282) #7293 @kumahq
  • fix(kuma-cp): handle external services with permissive mtls (backport of #7179) #7186 @kumahq

1.8.7

Released on 2023/07/19

  • chore(deps): bump envoy to 1.24.9 which fix CVE-2023-35945 #7262 @lukidzi
  • fix(kuma-cp): don’t fail when 2 headless services pointing to the same service (backport of #7282) #7292 @kumahq

2.3.0

Released on 2023/06/22

  • chore(deps): bump Envoy from v1.25.4 to v1.26.2 #6638 #6938 @lukidzi,@michaelbeaumont
  • chore(deps): bump cirello.io/pglock from 1.11.0 to 1.13.0 #6817 #6927 @dependabot
  • chore(deps): bump controller-runtime from v0.14.6 to v0.15.0 #6809 #6832 @dependabot,@michaelbeaumont
  • chore(deps): bump gateway-api from v0.7.0 to c9540a9cf448 #6614 #6674 #6735 #6771 #6840 #6912 #7020 @dependabot,@michaelbeaumont
  • chore(deps): bump github.com/containernetworking/plugins from 1.2.0 to 1.3.0 #6738 @dependabot
  • chore(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible #6751 @dependabot
  • chore(deps): bump github.com/envoyproxy/go-control-plane from 0.11.0 to 0.11.1 #6866 @dependabot
  • chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.10.1 to 1.0.1 #6617 #6737 @dependabot
  • chore(deps): bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 #6742 @dependabot
  • chore(deps): bump github.com/golang-migrate/migrate/v4 from 4.15.2 to 4.16.2 #6864 #6928 #7000 @dependabot
  • chore(deps): bump github.com/lib/pq from 1.10.7 to 1.10.9 #6554 #6650 @dependabot
  • chore(deps): bump github.com/miekg/dns from 1.1.53 to 1.1.54 #6651 @dependabot
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.10.0 #6689 #6768 #6925 #7002 @dependabot
  • chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.8 #6818 #7001 @dependabot
  • chore(deps): bump github.com/prometheus/client_golang from 1.14.0 to 1.15.1 #6555 #6692 @dependabot
  • chore(deps): bump github.com/prometheus/client_model from 0.3.0 to 0.4.0 #6691 @dependabot
  • chore(deps): bump github.com/prometheus/common from 0.42.0 to 0.44.0 #6690 #6814 @dependabot
  • chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 #6926 @dependabot
  • chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.4 to 2.1.6 #6867 #7003 @dependabot
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.18.0 to 0.20.1 #6708 #6736 @dependabot
  • chore(deps): bump go.opentelemetry.io/proto/otlp from 0.19.0 to 0.20.0 #7004 @dependabot
  • chore(deps): bump golang from 1.20.4 to 1.20.5 #6587 #6828 #6959 @lahabana,@lukidzi
  • chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 #6712 @dependabot
  • chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 #6693 @dependabot
  • chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 #6687 @dependabot
  • chore(deps): bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 #6652 @dependabot
  • chore(deps): bump k8s.io/kubectl from 0.26.3 to 0.27.2 #6813 @dependabot
  • chore(deps): bump sigs.k8s.io/controller-tools from 0.11.3 to 0.12.0 #6586 #6688 @dependabot
  • chore(deps): use latest kumahq/kuma-gui #6548 #6552 #6562 #6576 #6606 #6616 #6629 #6640 #6655 #6656 #6659 #6661 #6662 #6664 #6675 #6678 #6701 #6702 #6710 #6715 #6753 #6756 #6762 #6774 #6775 #6776 #6777 #6791 #6798 #6801 #6803 #6807 #6811 #6821 #6822 #6823 #6824 #6830 #6833 #6834 #6835 #6837 #6847 #6850 #6851 #6871 #6875 #6877 #6878 #6879 #6882 #6885 #6904 #6914 #6919 #6921 #6932 #6933 #6937 #6939 #6941 #6946 #6949 #6954 #6958 #6975 #6978 #6980 #6982 #6984 #6994 #6998 #7005 #7009 #7011 #7012 #7013 #7015 #7038 #7060 #7074 #7096 @kumahq
  • feat(MeshCircuitBreaker): support MeshGateways #6706 @michaelbeaumont
  • feat(MeshGateway): add TLS passthrough listeners #6922 @michaelbeaumont
  • feat(MeshGateway): support termination on TLS listeners #6952 @michaelbeaumont
  • feat(MeshHealthCheck): support MeshGateway #6743 @michaelbeaumont
  • feat(MeshLoadBalancingStrategy): add builtin gateway support #6800 @michaelbeaumont
  • feat(MeshRetry): add host selection predicates #6346 @johnharris85
  • feat(api-server): add ability to get k8s format of a resource #6673 @lahabana
  • feat(api-server): make errors compliant with aip 193 #7017 @lahabana
  • feat(client): Consolidate HTTP Client #6849 @mmorel-35
  • feat(cni): k8s make namespace configurable #6721 @mmorel-35
  • feat(config): improve configurability #6583 @slonka
  • feat(docker/kumactl): make entrypoint consistent with kuma-cp and kuma-dp images #6596 @bartsmykla
  • feat(envoyadmin): support passing kds envoy operations via http proxy #6915 @jakubdyszkiewicz
  • feat(helm): Add logOutputPath support to chart #6649 @ashman1984
  • feat(helm): add possibility to extend secrets for cp in helm charts when reusing kuma charts #6883 @Automaat
  • feat(helm): enable NodePort customization #6770 @mmorel-35
  • feat(helm): remove hostNetwork: true from CNI DaemonSet #6599 @michaelbeaumont
  • feat(helm): set readOnlyRootFilesystem on CNI, more explicit templates #6604 @michaelbeaumont
  • feat(helm): validate zone name on install #6739 @mmorel-35
  • feat(insights): include tenant id in insights info key #6804 @jakubdyszkiewicz
  • feat(insights): include tenant id in rate limitter key #6808 @jakubdyszkiewicz
  • feat(intercp): pass tenant id #6856 @jakubdyszkiewicz
  • feat(intercp): use global tenant for catalog request #6863 @jakubdyszkiewicz
  • feat(k8s): add read-only root FS to sidecar #6681 @dascole
  • feat(k8s): show Dataplane services in kubectl output #6725 @michaelbeaumont
  • feat(kds): configurable server stream interceptors #6697 @jakubdyszkiewicz
  • feat(kds): multitenancy #6723 @jakubdyszkiewicz
  • feat(kds): opt-in insecure skip verify in zone cp client #6991 @jakubdyszkiewicz
  • feat(kuma-cp): top-level MeshHTTPRoute targetRef for MeshTimeout #7016 @lobkovilya
  • feat(kuma-cp): add possibility to configure concurrent reconciliation… #7010 @Automaat
  • feat(kuma-cp): add possibility to configure kubernetes client qps and… #6951 @Automaat
  • feat(kuma-cp): allow to override resource store plugin #6887 @jakubdyszkiewicz
  • feat(kuma-cp): allow to specify protocol for globalZone sync service #6842 @lukidzi
  • feat(kuma-cp): implement MeshTrafficPermisson for ExternalServices with ZoneEgress #7061 @lukidzi
  • feat(kuma-cp): improve BuildRules algorithm #6973 @lobkovilya
  • feat(kuma-cp): introduce tag first Virtual Outbound model #7076 @Automaat
  • feat(kuma-cp): multitenancy adjustments #6705 @jakubdyszkiewicz
  • feat(kuma-cp): multitenant counter metrics #6707 @jakubdyszkiewicz
  • feat(kuma-cp): remove unnecessary reconciliation of pods on configmap… #7014 @Automaat
  • feat(kuma-cp): support MeshHTTPRoute targetRef #6983 @lobkovilya
  • feat(mesh): allow disabling default policy creation #6481 #6931 @johnharris85
  • feat(meshaccesslog): use “type” to express oneof #6676 @lobkovilya
  • feat(meshtrace): use “type” to express oneof #6679 @lobkovilya
  • feat(mtls): generate certificates for Address and AdvertisedAddress for Dataplane and Ingress #6584 @mmorel-35
  • feat(multitenancy): postgres events #6799 @jakubdyszkiewicz
  • feat(policy): add MeshTCPRoute #6806 #6873 #6888 @bartsmykla
  • feat(resources): retry upsert on resource already exist #7022 @jakubdyszkiewicz
  • feat(tls): remove commonName in certificate generation #6627 @mmorel-35
  • feat(ui): add mode in the config in the index.html #6942 @lahabana
  • feat(webhook): make init ordering configurable first/last #7070 @johnharris85
  • feat(webhook): warn/fail if containers use same UID as sidecar #7042 @johnharris85
  • fix(GatewayAPI): convert HTTP header names to lowercase #6704 @michaelbeaumont
  • fix(GatewayAPI): don’t panic if an HTTPRoute references a Gateway with a nonexistent GatewayClass #6722 @michaelbeaumont
  • fix(GatewayAPI): don’t share HTTPRoute conditions between parentRefs #6537 @michaelbeaumont
  • fix(GatewayAPI): npe errors #6852 @michaelbeaumont
  • fix(GatewayAPI): reconcile Gateways on Secret changes #6754 @michaelbeaumont
  • fix(MeshGateway): don’t strip ports from host #6755 @michaelbeaumont
  • fix(MeshGateway): tweak route precedence to match Gateway API #6843 @michaelbeaumont
  • fix(MeshGatewayInstance): don’t overwrite annotations/labels in managed Service #7069 @michaelbeaumont
  • fix(MeshHTTPRoute): assume default catch all path (any path starting with “/”) in route match when not explicitly set #6993 @bartsmykla
  • fix(MeshHTTPRoute): only configure HTTP outbounds or with an explicit matching rule #6876 @michaelbeaumont
  • fix(MeshHTTPRoute): rename Prefix to PathPrefix #6578 @michaelbeaumont
  • fix(MeshHTTPRoute): require at least one match #6796 @michaelbeaumont
  • fix(MeshRetry): set MeshGateway retry on routes not virtual hosts #7029 @michaelbeaumont
  • fix(MeshRetry): support MeshGateway #6779 @lobkovilya
  • fix(MeshTimeout): only apply Mesh targeted HTTP timeouts for MeshGateway #6981 @michaelbeaumont
  • fix(MeshTimeout): set idle timeout on gateways, use route action instead of hcm #6884 @michaelbeaumont
  • fix(MeshTrace): create spans with MeshGateway #7043 @michaelbeaumont
  • fix(api-server): service-insights should never return items: null #6648 @lahabana
  • fix(config): add delta xds flag to defaults #7085 @johnharris85
  • fix(gateway): don’t skip retry policy with retry methods #6896 @bartsmykla
  • fix(helm): change CNI priorityClass from system-cluster-critical to system-node-critical #6634 @michaelbeaumont
  • fix(helm): correct appProtocol configurations for https #7087 @johnharris85
  • fix(helm): update HPA API version #6792 @johnharris85
  • fix(helm): use correct secret for CP CA in ingress/egress #6663 @michaelbeaumont
  • fix(insights): react on events #6826 @jakubdyszkiewicz
  • fix(kds): trim system namespace suffix from names of plugin originated policies when syncing resources from global to zones in multizone mode. #7019 @bartsmykla
  • fix(kuma-cp): add backward compatible reading of virtual outbound from config #7088 @Automaat
  • fix(kuma-cp): add missing validation for MeshTimeout #7035 @lobkovilya
  • fix(kuma-cp): make finalizer tenant aware #6929 @lukidzi
  • fix(kuma-cp): make store changes processing more reliable #6728 @lukidzi
  • fix(kuma-cp): make zone insight context independent from parent #6909 @lukidzi
  • fix(kuma-cp): race condition when proxy connects to the same CP in less than KUMA_XDS_DATAPLANE_DEREGISTRATION_DELAY #6568 @lobkovilya
  • fix(kuma-cp): replace err with log when TargetRef can’t be resolved #7032 @lobkovilya
  • fix(kuma-cp): reset idleTimeout from the old Timeout policy #6747 @lobkovilya
  • fix(kuma-cp): use port instead of target port of a headless service #7063 @jakubdyszkiewicz
  • fix(kuma-cp): wait between the proxy termination and its deregistration #6533 @lobkovilya
  • fix(kuma-dp): honour app content-type #6783 @AyushSenapati
  • fix(kumactl): return after loading configuration from memory #6518 @lukidzi
  • fix(multitenancy): global tenant in intercp when creating certs #6789 @jakubdyszkiewicz
  • perf(k8s): don’t reconcile all pods when a service changes #6986 @lahabana
  • perf(k8s): omit fetching other dataplanes when vips are in the config map #6940 @jakubdyszkiewicz
  • refactor(kds): remove unnecessary function nesting for MapZoneTokenSigningKeyGlobalToPublicKey resource mapper in kds context #7018 @bartsmykla

2.2.2

Released on 2023/06/21

  • chore(deps): bump go version from 1.20.3 to 1.20.5 #6987 @lukidzi
  • chore(deps): upgrade envoy to 1.25.7 #6967 @lukidzi
  • fix(MeshGatewayInstance): don’t overwrite annotations/labels in managed Service (backport of #7069) #7081 @kumahq
  • fix(gateway): don’t skip retry policy with retry methods (backport of #6896) #6899 @kumahq
  • fix(kuma-cp): make store changes processing more reliable (backport of #6728) #6765 @kumahq

2.1.3

Released on 2023/06/21

  • chore(deps): upgrade envoy to 1.24.8 #6969 @lukidzi
  • chore(deps): use latest kumahq/kuma-gui #6573 #6575 #6886 @kumahq
  • fix(MeshGatewayInstance): don’t overwrite annotations/labels in managed Service (backport of #7069) #7078 @kumahq
  • fix(docker/kumactl): add entrypoint to kumactl img (backport #6593) #6595 @mergify
  • fix(gateway): don’t skip retry policy with retry methods (backport of #6896) #6900 @kumahq
  • fix(kuma-cp): make store changes processing more reliable (backport of #6728) #6767 @kumahq

2.0.5

Released on 2023/06/21

  • chore(deps): upgrade envoy to 1.24.8 #6968 @lukidzi
  • fix(MeshGatewayInstance): don’t overwrite annotations/labels in managed Service (backport of #7069) #7080 @kumahq
  • fix(gateway): don’t skip retry policy with retry methods (backport of #6896) #6901 @kumahq
  • fix(kuma-cp): make store changes processing more reliable (backport of #6728) #6763 @kumahq

1.8.6

Released on 2023/06/21

  • chore(deps): upgrade envoy to 1.24.8 #6966 @lukidzi
  • fix(MeshGatewayInstance): don’t overwrite annotations/labels in managed Service (backport of #7069) #7079 @kumahq
  • fix(gateway): don’t skip retry policy with retry methods (backport of #6896) #6902 @kumahq
  • fix(kuma-cp): make store changes processing more reliable (backport of #6728) #6764 @kumahq

2.2.1

Released on 2023/05/03

  • chore(deps): bump golang from 1.20.2 to 1.20.3 #6597 @mergify
  • chore(deps): use latest kumahq/kuma-gui #6574 @kumahq
  • fix(docker/kumactl): add entrypoint to kumactl img (backport #6593) #6594 @mergify

2.2.0

Released on 2023/04/14

  • Modify helm.sh script to make sure no duplicate manifests will be present in packaged chart #6512 @bartsmykla
  • chore(deps): bump Envoy from 1.22.2 to 1.22.7 #5982 @lahabana
  • chore(deps): bump actions/setup-go from 3 to 4 #6311 @dependabot
  • chore(deps): bump cirello.io/pglock from 1.10.0 to 1.11.0 #6149 @dependabot
  • chore(deps): bump coredns from 1.10.0 to 1.10.1 #6227 @michaelbeaumont
  • chore(deps): bump github.com/cilium/ebpf from 0.9.1 to 0.10.0 #6152 @dependabot
  • chore(deps): bump github.com/containerd/cgroups from 1.0.4 to 1.1.0 #5878 @dependabot
  • chore(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.18 #6051 @dependabot
  • chore(deps): bump github.com/emicklei/go-restful/v3 from 3.10.1 to 3.10.2 #6261 @dependabot
  • chore(deps): bump github.com/envoyproxy/go-control-plane from 0.10.3 to 0.11.0 #5947 @dependabot
  • chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.9.1 to 0.10.1 #6307 #6316 @dependabot
  • chore(deps): bump github.com/go-logr/logr from 1.2.3 to 1.2.4 #6454 @dependabot
  • chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.3 to 4.5.0 #6071 @dependabot
  • chore(deps): bump github.com/golang/protobuf from 1.5.2 to 1.5.3 #6263 @dependabot
  • chore(deps): bump github.com/gruntwork-io/terratest from 0.41.9 to 0.41.15 #5924 #6076 #6258 @dependabot
  • chore(deps): bump github.com/miekg/dns from 1.1.50 to 1.1.53 #6150 #6262 #6453 @dependabot
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.7.0 to 2.9.2 #5928 #6043 #6074 #6172 #6208 #6260 #6355 @dependabot
  • chore(deps): bump github.com/onsi/gomega from 1.25.0 to 1.27.6 #5874 #6072 #6167 #6259 #6271 #6353 #6450 @dependabot
  • chore(deps): bump github.com/prometheus/common from 0.39.0 to 0.42.0 #6073 #6273 @dependabot
  • chore(deps): bump github.com/prometheus/prometheus from 0.41.0 to 0.42.0 #5927 @dependabot
  • chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 #6475 @dependabot
  • chore(deps): bump github.com/spiffe/go-spiffe from 0.0.0-20190820222348-6adcf1eecbcc to github.com/spiffe/go-spiffe/v2 #6151 @dependabot
  • chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.2 to 2.1.4 #6313 #6451 @dependabot
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.15.0 to 0.18.0 #6075 @dependabot
  • chore(deps): bump github.com/vishvananda/netns to 0.0.4 #6103 @mmorel-35
  • chore(deps): bump go from 1.18 to 1.20.2 #6179 #6279 @jakubdyszkiewicz,@lahabana
  • chore(deps): bump go.uber.org/multierr from 1.9.0 to 1.11.0 #6264 #6452 @dependabot
  • chore(deps): bump golang.org/x/net from 0.5.0 to 0.8.0 #6003 #6042 #6209 @dependabot
  • chore(deps): bump golang.org/x/sys from 0.4.0 to 0.7.0 #5948 #6476 @dependabot
  • chore(deps): bump golang.org/x/text from 0.6.0 to 0.8.0 #6004 #6211 @dependabot
  • chore(deps): bump google.golang.org/grpc from 1.52.0 to 1.54.0 #5877 #5946 #6354 @dependabot
  • chore(deps): bump google.golang.org/protobuf from 1.28.1 to 1.30.0 #6274 #6309 @dependabot
  • chore(deps): bump gopkg.in/natefinch/lumberjack.v2 from 2.0.0 to 2.2.1 #5949 @dependabot
  • chore(deps): bump helm.sh/helm/v3 from 3.11.0 to 3.11.2 #5962 #6265 @dependabot
  • chore(deps): bump k8s.io/apiextensions-apiserver from 0.26.1 to 0.26.3 #6168 #6318 @dependabot
  • chore(deps): bump k8s.io/klog/v2 from 2.90.0 to 2.90.1 #6207 @dependabot
  • chore(deps): bump k8s.io/kubectl from 0.26.1 to 0.26.3 #6171 #6308 @dependabot
  • chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.1 to 0.14.6 #5875 #5926 #6210 #6455 @dependabot
  • chore(deps): bump sigs.k8s.io/controller-tools from 0.11.1 to 0.11.3 #5876 #5925 @dependabot
  • chore(deps): bump sigs.k8s.io/gateway-api from v0.5.1 to v0.6.0 #5559 @michaelbeaumont
  • chore(deps): bump tibdex/github-app-token from 1.7.0 to 1.8.0 #5879 @dependabot
  • chore(deps): remove dependency on github.com/prometheus/prometheus #6204 @lahabana
  • chore(deps): security update #6397 #6473 @kumahq
  • chore(deps): use latest kumahq/kuma-gui #5866 #5883 #5911 #5931 #5937 #5940 #5952 #5958 #6002 #6067 #6078 #6155 #6158 #6161 #6176 #6197 #6216 #6243 #6302 #6317 #6345 #6360 #6373 #6400 #6402 #6425 @kumahq
  • feat(GatewayAPI): support HTTPRoutePathRedirect #6437 @michaelbeaumont
  • feat(GatewayAPI): support ResponseHeaderModifier in HTTPRoute #6000 @michaelbeaumont
  • feat(GatewayAPI): update to v0.6.2 #6293 @michaelbeaumont
  • feat(MeshAccessLog): support OpenTelemetry #5999 @michaelbeaumont
  • feat(MeshGateway): auto host rewrite for gateway route #6328 @bartsmykla
  • feat(MeshGateway): support deployment customization for MeshGatewayInstance #6348 #6388 @johnharris85
  • feat(MeshHTTPRoute): add RequestMirror filter #6064 @lobkovilya
  • feat(MeshHTTPRoute): add header matching #5943 @michaelbeaumont
  • feat(MeshHTTPRoute): add path modifier to redirect #5918 @lobkovilya
  • feat(MeshHTTPRoute): cross-zone support #5984 @michaelbeaumont
  • feat(MeshProxyPatch): add json patch support #6281 @bartsmykla
  • feat(MeshRetry): add host selection predicates #6465 @johnharris85
  • feat(MeshTrace): add support for opentelemetry trace backend #5992 @frzifus
  • feat(api-server): manual mTLS #5979 @jakubdyszkiewicz
  • feat(api-server): whoami endpoint #6120 @jakubdyszkiewicz
  • feat(auth): separate authenticators for dp and zone proxy #5991 @jakubdyszkiewicz
  • feat(helm): add default CNI resources #6287 @michaelbeaumont
  • feat(helm): dynamic admission server port #6344 @d4kine
  • feat(helm): make egress resources configurable #6286 @dascole
  • feat(helm): make it possbile to install universal cp on k8s #5913 @slonka
  • feat(k8s): add a configuration option to list allowed service accounts #6505 @slonka
  • feat(k8s): add annotation prometheus.metrics.kuma.io/aggregate-application-address to scrape custom address on k8s #6289 @slonka
  • feat(k8s): set kubectl.kubernetes.io/default-container pod annotation #6055 @michaelbeaumont
  • feat(kds): allow running non-tls KDS server #6145 @slonka
  • feat(kds): delta KDS #6278 #6358 @lukidzi
  • feat(kds): enable nack backoff #5894 @jakubdyszkiewicz
  • feat(kuma-cp): allow Mesh default resources regeneration without deletion and restart #6223 @michaelbeaumont
  • feat(kuma-cp): init container first by default #5857 @zekth
  • feat(kumactl): generate public key command #5917 @jakubdyszkiewicz
  • feat(kumactl): remove ca-cert or skip-verify requirement #6140 @jakubdyszkiewicz
  • feat(persistence): change lib/pq to pgx #6257 @slonka
  • feat(persistence): create pgx store #6359 #6457 @slonka
  • feat(policies): extend policy matching API to work with egress and external services #6379 @lobkovilya
  • feat(policies): implement MeshLoadBalancingStrategy #6117 #6163 #6202 #6390 @lobkovilya
  • feat(tokens): allow kid to be a string #5944 @jakubdyszkiewicz
  • feat(tokens): issue tokens offline #5919 @jakubdyszkiewicz
  • feat(tokens): offline validation #6085 @jakubdyszkiewicz
  • feat(tproxy): make tproxy v2 and CNI v2 default #6083 @bartsmykla
  • fix(GatewayAPI): always set an explicit HTTPRoute Parents in status #6367 @michaelbeaumont
  • fix(GatewayAPI): correctly handle invalid backendRefs #6428 @michaelbeaumont
  • fix(MeshHTTPRoute): filter URLRewrite should be configured with ClusterSpecifier #5920 @lobkovilya
  • fix(MeshRetry): guard against multiple previous priorities #6496 @johnharris85
  • fix(MeshTimeout): apply MeshTimeout defaults when one of from or to section is missing #5902 @Automaat
  • fix(ca/builtin): be less verbose when creating CA secrets #6217 @michaelbeaumont
  • fix(docker): set SHELL to an existing binary #6192 @michaelbeaumont
  • fix(docker): use no ssl image #5560 @slonka
  • fix(helm): add appProtocol to services we create #6157 @lahabana
  • fix(helm): don’t include taint controller env when cni disabled #6148 @lukidzi
  • fix(helm): dont specify a default type for extraSecrets #5932 @wheelerlaw
  • fix(helm): make it possible to use custom CA in egress and ingress #5980 @lahabana
  • fix(helm): postgres client cert setup #6335 @slonka
  • fix(helm): remove universal on kubernetes env vars that are supposed to be provided via secrets #5938 @slonka
  • fix(helm): security contexts for ebpf cleanup hook #6235 @bartsmykla
  • fix(helm): set CP memory limits, by default equal to memory request, set CP CPU requests #6127 @michaelbeaumont
  • fix(helm): set migration container resources and securityContext #6255 @michaelbeaumont
  • fix(helm): set readOnlyRootFilesystem/runAsNonRoot, create a ServiceAccount in correct release namespace #6121 @michaelbeaumont
  • fix(helm): set readOnlyRootFilesystem/runAsUser/runAsGroup on ingress/egress deployments #6164 @michaelbeaumont
  • fix(helm): upgrade CRDs instead of installing missing CRDs #6403 @jakubdyszkiewicz
  • fix(helm): use emptyDir at /tmp with CP #6162 @michaelbeaumont
  • fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 #6374 @jakubdyszkiewicz
  • fix(kuma-cp): allow names of the resource to be longer and validate the length #6123 @lukidzi
  • fix(kuma-cp): change default value for KubeOutboundsAsVIPs #6057 @Automaat
  • fix(kuma-cp): change validation of resources synced to global #6178 @jakubdyszkiewicz
  • fix(kuma-cp): don’t let CA requests for other meshes block generation #6282 @michaelbeaumont
  • fix(kuma-cp): traffic split with internal and external service #5904 @lobkovilya
  • fix(kuma-cp): zone ingress mixes services with the same name in different meshes #6364 @lobkovilya
  • fix(kumactl): don’t check compatibility when talking to a preview version #6143 @lahabana
  • fix(policy): merging of policies results in not applying policy on some outbounds #6460 @jakubdyszkiewicz
  • fix(tproxy): allow disabling ipv6 for tproxy #5923 @bartsmykla

2.0.4

Released on 2023/04/07

  • chore(deps): bump coredns from 1.10.0 to 1.10.1 #6238 @mergify
  • chore(deps): bump gorestful and jwt #6221 @lahabana
  • chore(deps): remove dependency on github.com/prometheus/prometheus (backport #6204) #6206 @mergify
  • chore(deps): security update #6063 #6395 #6472 @kumahq
  • chore(deps): upgrade envoy to v1.22.10 (backport #6483) #6484 @mergify
  • fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 (backport #6374) #6377 @mergify
  • fix(policy): matcher with same key not the same value (backport #6460) #6467 @mergify

2.1.2

Released on 2023/04/06

  • chore(deps): bump coredns from 1.10.0 to 1.10.1 #6237 @mergify
  • chore(deps): remove dependency on github.com/prometheus/prometheus (backport #6204) #6205 @mergify
  • chore(deps): security update #6062 #6392 #6471 @kumahq
  • chore(deps): upgrade envoy to v1.22.10 #6483 @michaelbeaumont
  • fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 (backport #6374) #6376 @mergify
  • fix(kuma-cp): add components in runtime (backport #6350) #6381 @mergify
  • fix(kuma-cp): don’t let CA requests for other meshes block generation (backport #6282) #6284 @mergify
  • fix(policy): matcher with same key not the same value (backport #6460) #6466 @mergify

1.8.5

Released on 2023/04/06

  • chore(deps): bump coredns from 1.10.0 to 1.10.1 #6239 @mergify
  • chore(deps): bump gorestful and jwt #6203 @lahabana
  • chore(deps): security update #6059 #6396 #6468 @kumahq
  • chore(deps): upgrade envoy to v1.22.10 (backport #6483) #6485 @mergify
  • fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 (backport #6374) #6378 @mergify

1.7.6

Released on 2023/04/06

  • chore(deps): bump coredns from 1.10.0 to 1.10.1 #6240 @mergify
  • chore(deps): bump gorestful and jwt (backport #6203) #6212 @mergify
  • chore(deps): security update #6058 #6394 #6469 @kumahq
  • chore(deps): upgrade envoy to v1.22.10 (backport #6483) #6486 @mergify

2.1.1

Released on 2023/02/14

  • chore(deps): bump Envoy from 1.22.2 to 1.22.7 #5985 @mergify
  • chore(deps): security update #5965 @kumahq
  • chore(deps): use latest kumahq/kuma-gui #5912 #5915 #5977 @kumahq
  • feat(api-server): manual mTLS (backport #5979) #5981 @mergify
  • fix(helm): use custom CA in egress and ingress too (backport #5980) #5993 @mergify
  • fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) #5953 @mergify

2.0.3

Released on 2023/02/14

  • chore(deps): bump Envoy from 1.22.2 to 1.22.7 #5986 @mergify
  • chore(deps): security update #5762 #5969 @kumahq
  • fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) #5954 @mergify

1.8.4

Released on 2023/02/14

  • chore(deps): bump Envoy from 1.22.2 to 1.22.7 #5987 @mergify
  • chore(deps): security update #5763 #5963 @kumahq
  • fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) #5955 @mergify

1.7.5

Released on 2023/02/14

  • chore(deps): bump Envoy from 1.22.2 to 1.22.7 #5988 @mergify
  • chore(deps): security update #5766 #5966 @kumahq

1.6.5

Released on 2023/02/14

  • chore(deps): bump Envoy from 1.22.2 to 1.22.7 #5989 @mergify
  • chore(deps): security update #5764 #5964 @kumahq

2.1.0

Released on 2023/01/30

  • chore(deps): bump alpine from 3.16.2 to 3.17.0 #5308 #5375 @dependabot
  • chore(deps): bump github.com/Masterminds/semver/v3 from 3.1.1 to 3.2.0 #5377 @dependabot
  • chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 #5457 @dependabot
  • chore(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12 #5600 @dependabot
  • chore(deps): bump github.com/containernetworking/plugins from 1.1.1 to 1.2.0 #5733 @dependabot
  • chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.13 to 0.9.1 #5277 #5311 #5460 @dependabot
  • chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.4.3 #5428 @dependabot
  • chore(deps): bump github.com/gruntwork-io/terratest from 0.40.24 to 0.41.8 #5310 #5354 #5426 #5542 #5688 @dependabot,@lahabana
  • chore(deps): bump github.com/kumahq/kuma-net from 0.8.7 to 0.8.10 #5298 #5513 @lukidzi
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.7.0 #5319 #5351 #5687 @dependabot
  • chore(deps): bump github.com/onsi/gomega from 1.23.0 to 1.25.0 #5275 #5313 #5539 #5789 @dependabot
  • chore(deps): bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0 #5274 #5323 @dependabot
  • chore(deps): bump github.com/prometheus/common from 0.37.0 to 0.39.0 #5483 #5523 @dependabot
  • chore(deps): bump github.com/prometheus/prometheus from 0.39.1 to 0.41.0 #5320 #5353 #5376 #5456 #5526 #5546 @dependabot
  • chore(deps): bump github.com/sethvargo/go-retry from 0.2.3 to 0.2.4 #5524 @dependabot
  • chore(deps): bump github.com/shopspring/decimal from 1.2.0 to 1.3.1 #5790 @dependabot
  • chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.15.0 #5273 #5788 @dependabot
  • chore(deps): bump go.uber.org/multierr from 1.8.0 to 1.9.0 #5525 @dependabot
  • chore(deps): bump go.uber.org/zap from 1.23.0 to 1.24.0 #5427 @dependabot
  • chore(deps): bump golang.org/x/net from 0.1.0 to 0.5.0 #5315 #5459 #5623 @dependabot
  • chore(deps): bump golang.org/x/sys from 0.1.0 to 0.4.0 #5312 #5430 #5621 @dependabot
  • chore(deps): bump golang.org/x/text from 0.4.0 to 0.6.0 #5458 #5624 @dependabot
  • chore(deps): bump golang.org/x/time from 0.1.0 to 0.3.0 #5325 #5429 @dependabot
  • chore(deps): bump google.golang.org/grpc from 1.50.1 to 1.52.0 #5352 #5686 @dependabot
  • chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.11.0 #5592 #5791 @dependabot
  • chore(deps): bump istio.io/pkg from v0.0.0-20201202160453-b7f8c8c88ca3 to v0.0.0-20221115183735-2aabb09bf0bb #5330 @mmorel-35
  • chore(deps): bump k8s.io/apiextensions-apiserver from 0.25.3 to 0.25.4 #5328 @mmorel-35
  • chore(deps): bump k8s.io/client-go from 0.25.3 to 0.25.4 #5316 @dependabot
  • chore(deps): bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 #5812 @dependabot
  • chore(deps): bump sigs.k8s.io/controller-runtime from 0.13.0 to 0.13.1 #5276 @dependabot
  • chore(deps): bump sigs.k8s.io/controller-tools from 0.10.0 to 0.11.1, #5541 @dependabot
  • chore(deps): bump tibdex/github-app-token from 1.6.0 to 1.8.0 #5434 #5879 @dependabot
  • chore(deps): install dev tools and split if more repos #5528 @lukidzi
  • chore(deps): security update #5761 @kumahq
  • chore(deps): update coreDNS to 1.10.0 #5626 @lahabana
  • chore(deps): update to emicklei/go-restful/v3 v3.10.1 and remove /tokens #5324 @dependabot
  • chore(deps): upgrade k3d #5518 @lukidzi
  • chore(deps): use latest kumahq/kuma-gui #5265 #5272 #5281 #5307 #5321 #5332 #5346 #5371 #5388 #5405 #5484 #5486 #5509 #5572 #5589 #5619 #5628 #5675 #5685 #5700 #5724 #5732 #5737 #5772 #5800 #5805 #5823 #5826 #5843 #5851 #5863 #5866 #5883 @kumahq
  • chore(deps): use sigs.k8s.io/yaml #5215 @mmorel-35
  • feat(MeshAccessLog): add OmitEmptyValues to MeshAccessLog format #5302 @mmorel-35
  • feat(MeshGatewayInstance): respect kuma.io/mesh label #5256 @michaelbeaumont
  • feat(MeshGatewayRoute): response header filter #5334 @michaelbeaumont
  • feat(api-server): ability to set rootUrl for GUI and API #5295 @lahabana
  • feat(api-server): add name search to dataplane overview #5340 @lahabana
  • feat(api-server): contain matches on name and tags #5606 @lahabana
  • feat(build): consistent docker images #5343 @slonka
  • feat(build): idempotent build #5291 #5358 #5403 #5404 #5407 #5440 @slonka
  • feat(gateway): add support for match header PRESENT and ABSENT #5739 @lahabana
  • feat(gui): serve index from all paths without extension #5357 @lahabana
  • feat(helm): add tolerations to Helm chart #5549 @KrustyHack
  • feat(helm): allow injecting env from parent projects #5677 @slonka
  • feat(helm): use object instead of list for plugins.policies #5735 @michaelbeaumont
  • feat(kuma-cp): add possibility to run diagnostics on TLS #5344 @mmorel-35
  • feat(kuma-cp): added configuration of plugins and its order #5472 @lukidzi
  • feat(kuma-cp): intOrString as decimal in the API #5768 @jakubdyszkiewicz
  • feat(kuma-cp): intercp communication protocol #5445 #5492 @jakubdyszkiewicz
  • feat(kuma-cp): recover from watchdog panics #5581 @jakubdyszkiewicz
  • feat(kuma-cp): remove value of secret when logging Secret Resources #5384 @Automaat
  • feat(kumactl): added option to install transparent proxy with docker #5284 @lukidzi
  • feat(policy): allow merging by a complex key #5650 @michaelbeaumont
  • feat(policy): append policy slices #5515 @jakubdyszkiewicz
  • feat(policy): don’t use protobuf for DataSource in policies #5668 #5756 @Automaat
  • feat(policy): implement MeshCircuitBreaker policy #5454 #5493 #5651 @bartsmykla,@lobkovilya
  • feat(policy): implement MeshFaultInjection policy #5723 #5773 @lukidzi
  • feat(policy): implement MeshHTTPRoute policy #5530 #5625 #5653 #5746 @michaelbeaumont,@slonka
  • feat(policy): implement MeshHealthCheck policy #5369 #5415 #5503 #5654 #5713 #5722 @lahabana,@lobkovilya,@michaelbeaumont,@slonka
  • feat(policy): implement MeshProxyPatch policy #5578 #5604 @jakubdyszkiewicz
  • feat(policy): implement MeshRateLimit policy #5362 #5463 #5710 #5742 @lobkovilya,@lukidzi
  • feat(policy): implement MeshRetry policy #5478 #5522 #5583 #5749 #5808 @lobkovilya,@slonka
  • feat(policy): implement MeshTimeout policy #5294 #5364 #5568 @Automaat,@michaelbeaumont
  • feat(policy): improve rules api #5785 @lahabana
  • feat(policy): validate schema only during the user’s input unmarshal #5566 @lobkovilya
  • feat(security): add dependabot security updates to release branches #5731 #5734 #5758 #5767 #5778 #5783 @slonka
  • fix(MeshAccessLog): update API to align with the memo #5580 @lobkovilya
  • fix(MeshGateway): properly apply Service template annotations to existing Service #5674 @michaelbeaumont
  • fix(MeshTrace): adjust MeshTrace to follow the memo #5743 @lobkovilya
  • fix(api-server): fix tags filter value with : #5339 @lahabana
  • fix(api-server): remove spec from inspect policy output #5491 @lahabana
  • fix(api-server): return 400 on invalid resource name #5719 @lahabana
  • fix(gateway): be more lenient with prefix paths trailing slashes #5299 @michaelbeaumont
  • fix(gui): add version and basedOnKuma to index.html #5448 @lahabana
  • fix(kuma-cp): add option to disable sslsni in universal #5318 @michaelbeaumont
  • fix(kuma-cp): allow to set policies order from others projects #5535 @lukidzi
  • fix(kuma-cp): change way of setting if resource is read only #5345 @lukidzi
  • fix(kuma-cp): concurrent mesh cache map write #5282 @michaelbeaumont
  • fix(kuma-cp): don’t cache filtered data #5574 @lukidzi
  • fix(kuma-cp): filtering of name prefix on K8S #5517 @jakubdyszkiewicz
  • fix(kuma-cp): fix appending of pointer to slice in policies config #5784 @Automaat
  • fix(kuma-cp): fix kafka_type tag creation regex #5507 @Automaat
  • fix(kuma-cp): fixed error when logging ExternalServiceResourceList and MeshResourceList #5423 @Automaat
  • fix(kuma-cp): forward envoy admin operations to proper instance #5466 @jakubdyszkiewicz
  • fix(kuma-cp): increase kuma-init memory limit when using ebpf #5579 @lukidzi
  • fix(kuma-cp): kds deadlock #5373 @jakubdyszkiewicz
  • fix(kuma-cp): make validate list aware of the mesh #5280 @slonka
  • fix(kuma-cp): memory store keeps children after owner update #5372 @jakubdyszkiewicz
  • fix(kuma-cp): only put policies in MeshInsight #5577 @lahabana
  • fix(kuma-cp): retrieve name from owner not parsing pod name for Deployments/CronJob #5569 @lukidzi
  • fix(kuma-cp): use sni to verify upstream certificate san when specified instead of address #5347 @jamesdbloom
  • fix(kuma-cp): warn when using deprecated token id #5520 @lahabana
  • fix(kuma-dp): allow to configure address of application to scrape #5326 @lukidzi
  • fix(kuma-dp): tolerate endline in token file #5591 @lahabana
  • fix(kumactl): remove PodSecurityPolicy from install observability #5382 @michaelbeaumont
  • fix(kumactl): set klog to avoid logs from k8s #5590 @lahabana
  • fix(kumactl): use the same client in kumactl apply #5327 @lahabana
  • fix(policy): change percentage field from int to intOrString #5810 @lukidzi
  • fix(policy): fix schema.yaml to have correct metadata #5349 @lahabana
  • fix(policy): make targetRef required #5593 @AyushSenapati
  • fix(policy): remove superfluous var usage #5627 @AyushSenapati
  • fix(policy): use GatewayAPI style header modifier in all policies #5757 @lahabana
  • fix(policy): use PascalCase for all constants #5747 @lahabana
  • fix(universal): don’t set sslsni option if not disabled (backport #5419) #5439 @mergify
  • fix(xds): don’t read metadata in ProxyBuilders #5414 @lahabana
  • fix(xds): sort resources when building MeshContext #5391 @lobkovilya

1.5.4

Released on 2023/01/12

  • chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 #5602 @mergify
  • chore(deps): update coreDNS to 1.10.0 (backport #5626) #5659 @mergify
  • chore(helm): remove duplicate keys in resources (backport #4681) #5642 @mergify
  • chore: remove Apache license header from generated files (backport #5565) #5622 @mergify
  • chore: upgrade golang to 1.18.9 (backport #5607) #5613 @mergify
  • fix(kuma-cp): don’t cache filtered data (backport #5574) #5636 @mergify

2.0.2

Released on 2023/01/11

  • chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 #5597 @mergify
  • chore(deps): update coreDNS to 1.10.0 (backport #5626) #5655 @mergify
  • chore: remove Apache license header from generated files (backport #5565) #5616 @mergify
  • chore: upgrade golang to 1.18.9 (backport #5607) #5609 @mergify
  • fix(kuma-cp): don’t cache filtered data (backport #5574) #5632 @mergify

1.8.3

Released on 2023/01/11

  • chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 #5598 @mergify
  • chore(deps): update coreDNS to 1.10.0 (backport #5626) #5656 @mergify
  • chore: remove Apache license header from generated files (backport #5565) #5617 @mergify
  • chore: upgrade golang to 1.18.9 (backport #5607) #5610 @mergify
  • fix(kuma-cp): don’t cache filtered data (backport #5574) #5633 @mergify

1.7.4

Released on 2023/01/11

  • chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 #5599 @mergify
  • chore(deps): update coreDNS to 1.10.0 (backport #5626) #5657 @mergify
  • chore(helm): remove duplicate keys in resources (backport #4681) #5640 @mergify
  • chore: remove Apache license header from generated files (backport #5565) #5618 @mergify
  • chore: upgrade golang to 1.18.9 (backport #5607) #5611 @mergify
  • fix(kuma-cp): don’t cache filtered data (backport #5574) #5634 @mergify

1.6.4

Released on 2023/01/11

  • chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 #5601 @mergify
  • chore(deps): update coreDNS to 1.10.0 (backport #5626) #5658 @mergify
  • chore(helm): remove duplicate keys in resources (backport #4681) #5641 @mergify
  • chore: remove Apache license header from generated files (backport #5565) #5620 @mergify
  • chore: upgrade golang to 1.18.9 (backport #5607) #5612 @mergify
  • fix(kuma-cp): don’t cache filtered data (backport #5574) #5635 @mergify

2.0.1

Released on 2022/12/05

  • chore: back-ports api base path fix #5341 @kleinfreund
  • feat(kuma-cp): remove value of secret when logging Secret Resources (backport #5384) #5392 @mergify
  • fix(kuma-cp): add option to disable sslsni in universal (backport #5318) #5322 @mergify
  • fix(kuma-cp): change way of setting if resource is read only (backport #5345) #5348 @mergify
  • fix(kuma-cp): kds deadlock (backport #5373) #5397 @mergify
  • fix(kuma-cp): use sni to verify upstream certificate san when specified along with address (backport #5347) #5378 @mergify
  • fix(xds): don’t read metadata in ProxyBuilders (backport #5414) #5416 @mergify
  • fix: sort resources when building MeshContext (backport #5391) #5409 @mergify

1.8.2

Released on 2022/12/05

  • feat(kuma-cp): remove value of secret when logging Secret Resources (backport #5384) #5393 @mergify
  • fix(kuma-cp): kds deadlock (backport #5373) #5398 @mergify
  • fix: sort resources when building MeshContext (backport #5391) #5410 @mergify

2.0.0

Released on 2022/11/04

  • chore(.github): remove old release workflow #4836 @lobkovilya
  • chore(api): remove DENY_WITH_SHADOW_ALLOW #5220 @lobkovilya
  • chore(api): remove unused method and types #5148 @lobkovilya
  • chore(api): remove unused timestamp.proto import #4906 @michaelbeaumont
  • chore(api): skip Compute when building inbound access logs #5181 @jakubdyszkiewicz
  • chore(bootstrap): improve validator policy bootstrap #5014 @lahabana
  • chore(deps): bump actions/setup-go from 2 to 3 #5024 @dependabot
  • chore(deps): bump cirello.io/pglock from 1.9.0 to 1.10.0 #5239 @dependabot
  • chore(deps): bump github.com/Masterminds/sprig to 3.2.2 #5190 @mmorel-35
  • chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.7 to 0.6.13 #5023 #5067 #5131 @dependabot
  • chore(deps): bump github.com/google/go-cmp from 0.5.8 to 0.5.9 #4996 @dependabot
  • chore(deps): bump github.com/gruntwork-io/terratest from 0.40.20 to 0.40.24 #4969 #4993 #5162 @dependabot
  • chore(deps): bump github.com/kumahq/kuma-net from 0.8.1 to 0.8.2 #5188 @dependabot
  • chore(deps): bump github.com/lib/pq from 1.10.6 to 1.10.7 #4995 @dependabot
  • chore(deps): bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.4.0 #4939 #4949 #5021 #5145 #5204 @dependabot
  • chore(deps): bump github.com/onsi/gomega from 1.20.0 to 1.23.0 #4933 #4970 #5133 #5146 #5240 @dependabot
  • chore(deps): bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 #5203 @dependabot
  • chore(deps): bump github.com/prometheus/prometheus from 0.37.0 to 0.39.1 #4887 #5134 @dependabot
  • chore(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.1 #5155 #5241 @dependabot
  • chore(deps): bump github.com/spf13/viper from 1.12.0 to 1.13.0 #4994 @dependabot
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.13.0 to 0.15.0 #5020 #5205 @dependabot
  • chore(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 #4930 @dependabot
  • chore(deps): bump golang.org/x/text from 0.3.7 to 0.4.0 #5147 #5163 @dependabot
  • chore(deps): bump google.golang.org/grpc from 1.48.0 to 1.50.1 #4927 #5132 #5156 @dependabot
  • chore(deps): bump k8s.io dependencies from 0.24.3 to 0.25.3 #4934 #5026 #5153 @michaelbeaumont
  • chore(deps): bump k8s.io/client-go from 0.25.1 to 0.25.2 #5062 @dependabot
  • chore(deps): bump kumahq/kuma-gui to f3dba73d4c264b094b6b351a8b44f2d5a0dc4ecb #4842 #4925 #5092 #5106 #5109 #5139 #5141 #5167 #5179 #5197 #5214 #5232 #5234 #5248 #5251 @kleinfreund,@kumahq
  • chore(deps): bump sigs.k8s.io/controller-runtime from 0.12.3 to 0.13.0 #4968 @dependabot
  • chore(deps): bump sigs.k8s.io/controller-tools from 0.9.2 to 0.10.0 #5059 @dependabot
  • chore(deps): update kuma-grafana-datasource #4856 @bartsmykla
  • chore(gateway): remove invalid options for MeshGatewayRoute #4890 @michaelbeaumont
  • chore(gui): removes update/gui command #4954 @kleinfreund
  • chore(helm): remove unused critical-pod annotation #4952 @michaelbeaumont
  • chore(helm): switch merbridge image registry to upstream #4838 @bartsmykla
  • chore(kuma-cp): adjust timeout in cp probes #4983 @jakubdyszkiewicz
  • chore(kuma-cp): config cleanup #4855 @jakubdyszkiewicz
  • chore(kuma-cp): improve logging in K8S controllers #4982 @jakubdyszkiewicz
  • chore(kuma-cp): improve test xds client #4976 @jakubdyszkiewicz
  • chore(kuma-cp): remove disabling metrics from kuma-cp.defaults #4894 @lahabana
  • chore(kuma-cp): resource manager wrapper #5057 @jakubdyszkiewicz
  • chore(kuma-init): use iptables-legacy in kuma-init #5040 @bartsmykla
  • chore(pkg/gc): don’t rely on core.Now var for time #4918 @lahabana
  • chore(plugins): remove some unecessary interfaces and methods #4997 @lahabana
  • chore(proto): remove protos for new policies #5218 @lobkovilya
  • chore(test): added resource builder #5123 #5195 @jakubdyszkiewicz
  • chore(test): added support for GRPC to test-server #4904 @lobkovilya
  • chore(test): make unit test compatible with IPV6 host #5198 @jakubdyszkiewicz
  • chore(xds): drop deprecated envoy.config.route.v3.HeaderMatcher.exact_match #4953 @michaelbeaumont
  • docs(MADR): new tracing policy proposal #4938 @michaelbeaumont
  • docs(MADR): update MADR 007 #5129 @lobkovilya
  • docs(gateway): explain the semantics of a PREFIX match #5013 @michaelbeaumont
  • docs(gateway): explain the semantics of a prefix rewrite to / #5016 @michaelbeaumont
  • docs(proto): fixed default serviceAddress and upgrade docs #5236 @lukidzi
  • docs(proto): rewrite dataplane proto docs #5219 @jakubdyszkiewicz
  • feat(ebpf): CNI uses libbpf CO:RE #5233 @lukidzi
  • feat(ebpf): refactor merbridge using libbpf with CO:RE #5034 @bartsmykla
  • feat(ebpf): transparent proxy with eBPF in init containers #4919 #5046 #5066 #5095 @bartsmykla
  • feat(gateway): add MeshGateway support to MeshAccessLog #5101 @michaelbeaumont
  • feat(gateway): add crossMesh to MeshGatewayConfig #5183 @michaelbeaumont
  • feat(gateway): add service-upstream annotation for delegated nginx #4913 @michaelbeaumont
  • feat(gateway): install kuma GatewayClass if gateway API CRDs present #5001 @michaelbeaumont
  • feat(gateway): match new policies to MeshGateways #5110 @michaelbeaumont
  • feat(inspect): implement rule-based view for new policies #5000 #5184 #5189 #5202 @jakubdyszkiewicz,@lobkovilya
  • feat(kuma-cp): add flag to disable taint controller #4852 @jakubdyszkiewicz
  • feat(kuma-cp): add possibility to restrict TLS version and ciphers #5186 @lahabana
  • feat(kuma-cp): add possibility to run MADS on TLS #5210 @lahabana
  • feat(kuma-cp): add possibility to split datadog services based on traffic direction and destination #5063 @Automaat
  • feat(kuma-cp): added validation for backend name #5081 @Automaat
  • feat(kuma-cp): created default control plane user #5064 @jakubdyszkiewicz
  • feat(kuma-cp): extensible token issuers #5083 @jakubdyszkiewicz
  • feat(kuma-cp): move Mesh Cache to runtime #5140 @Automaat
  • feat(kuma-cp): universal resources schema validation #5107 @slonka
  • feat(kuma-cp): use zone token to auth zone ingress #5103 @jakubdyszkiewicz
  • feat(kuma-dp): publish metrics with text_readouts from envoy #5159 @Automaat
  • feat(kumactl): add option to install with experimental transparent proxy #4958 @michaelbeaumont
  • feat(kumactl): use exclude ports for uids from kuma-net #4975 @slonka
  • feat(policy): Add MeshAccessLog policy #4908 #4998 #5035 #5168 #5177 @michaelbeaumont,@slonka
  • feat(policy): Add MeshTrace policy #5069 #5085 #5243 @michaelbeaumont,@slonka
  • feat(policy): Add MeshTrafficPermission policy #4835 #5009 #5075 @lobkovilya
  • feat(policy): add interfaces for policy plugins #4909 @lahabana
  • feat(policy): reimplemented matching for new policies #4780 #4950 #4957 #4977 #5068 #5084 #5166 #5172 #5174 @lahabana,@lobkovilya
  • feat(service-insights): add external service in api #5119 @lahabana
  • fix(.github): links in PR template #4905 @michaelbeaumont
  • fix(.github): use github app in pr-comment action #5164 @lahabana
  • fix(api): nil dereference in MeshAccessLog configurer #5258 @lobkovilya
  • fix(cni): add empty registry to experimental cni #4847 @slonka
  • fix(cni): hook up log level to cni #4849 @slonka
  • fix(cni): make cni logs available via kubectl logs #4845 @slonka
  • fix(cni): retry loading images #4860 @slonka
  • fix(docs): fixed location of developer tools in DEVELOPER.md docs #4988 @Automaat
  • fix(gateway): add support for retryOn #5091 @lahabana
  • fix(gateway): cross-mesh gateways with same service #5247 @michaelbeaumont
  • fix(gateway): don’t create invalid envoy config when routes and listeners don’t match #4837 @michaelbeaumont
  • fix(gateway): route URL prefix rewriting #5006 @michaelbeaumont
  • fix(gateway): skip ExternalService if none match #5207 @michaelbeaumont
  • fix(gateway): sort routes #5007 @michaelbeaumont
  • fix(gatewayapi): don’t NPE if the GatewayClass ref doesn’t exist #5187 @michaelbeaumont
  • fix(gatewayapi): reconcile Gateways and HTTPRoutes on ReferenceGrant changes #4944 @michaelbeaumont
  • fix(gatewayapi): update gateway-api and fix failing RouteKind tests #5175 @michaelbeaumont
  • fix(helm): customize location of kuma-init repository for ebpf cleanup #5230 @lukidzi
  • fix(helm): use podAnnotations everywhere possible #4991 @lahabana
  • fix(kuma-cp): collapsed grafana dashboards #4839 @jakubdyszkiewicz
  • fix(kuma-cp): deep copy tags when gen. outbounds #5070 @bartsmykla
  • fix(kuma-cp): disable statsForAllMethods in grpc stats #5226 @jakubdyszkiewicz
  • fix(kuma-cp): do not override source address when TP is not enabled #4951 @lukidzi
  • fix(kuma-cp): multiple external services pointing to same address #5185 @slonka
  • fix(kuma-cp): override grafana plugin files by default #5208 @slonka
  • fix(kuma-cp): reissue admin tls cert on dp address change #5222 @jakubdyszkiewicz
  • fix(kuma-cp): remove Dataplane for Pod without IP #4964 @jakubdyszkiewicz
  • fix(kuma-cp): return content type of inspect endpoints #4965 @jakubdyszkiewicz
  • fix(kuma-dp): resilient TCP access log streamer #4862 @jakubdyszkiewicz
  • fix(kumactl): get APIVersions from k8s server #5182 @michaelbeaumont
  • fix(tools): add ‘v’ prefix to preview version format #5004 @michaelbeaumont
  • fix(tools): support both GitHub app tokens and PATs #4869 @michaelbeaumont
  • perf(kuma-cp): avoid rebuilding endpoint map #4974 @jakubdyszkiewicz
  • refactor(kuma-dp): add xds authentication customization #4990 @michaelbeaumont

1.8.1

Released on 2022/10/07

  • fix(tools): support both GitHub app tokens and PATs (backport #4869) by @mergify in https://github.com/kumahq/kuma/pull/4872
  • fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/4980
  • fix(*): do not override source address when TP is not enabled (backport #4951) by @mergify in https://github.com/kumahq/kuma/pull/4961
  • fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in https://github.com/kumahq/kuma/pull/5071
  • fix(gateway): add support for retryOn (backport #5091) by @mergify in https://github.com/kumahq/kuma/pull/5098

1.7.2

Released on 2022/10/06

  • fix(helm): always run Helm version update by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4604
  • chore(helm): update to 1.7.1 by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4603
  • Revert “fix(helm): always run Helm version update (#4604)” by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4609
  • fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in https://github.com/kumahq/kuma/pull/5072
  • fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/5096

1.6.2

Released on 2022/10/06

  • fix(core): validate both old and new objects on Update (backport #4589) by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4593
  • fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in https://github.com/kumahq/kuma/pull/5090
  • fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/5097

1.8.0

Released on 2022/08/22

New features:

CNI v2 with lots of improvements:

  • taint controller to prevent race condition #4650 @slonka
  • all logs are easily accessible via kubectl logs command which greatly simplifies observability #4845 @slonka
  • it uses new transparent engine implemented in kuma-net #4481 @slonka

URL rewrite in Builtin Gateway:

  • support URL rewriting #4638 @michaelbeaumont

Stats and Clusters in the GUI:

  • execute stats and clusters from the control plane #4557 #333 @jakubdyszkiewicz

Extra retryOn options for Retry:

  • add extra http retryOn options #4744 @johnharris85

Better support for TCP logging:

  • resilient tcp TCP access log streamer #4511 @parkanzky #4862 @jakubdyszkiewicz

Filtering Envoy metrics:

  • added option to define filter for Envoy metrics #4503 @lukidzi

Projected service account token:

  • support for projected service account token #4453 @lukidzi

Fixes:

Helm:

  • remove duplicate keys in resources #4681 @michaelbeaumont
  • add containersecuritycontext to CNI daemonset #4677 @jakubdyszkiewicz
  • fix extraConfigMap and cp labels #4531 @lahabana
  • use image.global.registry for imageExperimental #4641 @jakubdyszkiewicz

Gateway:

  • ListenerReason for unresolved certificate refs, enable ReferenceGrant conformance tests #4806 @michaelbeaumont
  • check hostname intersection between HTTPRoute and Gateway listener #4537 @michaelbeaumont
  • create MeshGatewayInstance in same Mesh as Gateway #4794 @michaelbeaumont
  • don’t create invalid envoy config when routes and listeners don’t match (backport #4837) #4841 @mergify
  • hostname intersections, use new RouteReasons #4544 @michaelbeaumont
  • improve HTTPRoute statuses with unresolved BackendRefs #4635 @michaelbeaumont
  • npe without any timeout #4548 @michaelbeaumont
  • rbac permissions for ReferenceGrant #4628 @michaelbeaumont
  • workaround label value max length with hash #4545 @michaelbeaumont

Control Plane:

  • check if kuma annotation or label is set but ignore value #4731 @lukidzi
  • delete an empty TimeoutConfigurer #4554 @lobkovilya
  • do not modify external service tags #4591 @jakubdyszkiewicz
  • don’t deploy Pod/Service webhooks in global #4673 @michaelbeaumont
  • don’t fail generation if other mesh CAs are misconfigured #4501 @michaelbeaumont
  • external service datasource validation #4652 @jakubdyszkiewicz
  • fix builtdns annotations for kubernetes #4660 @lahabana
  • generate cluster name hash based on tags not config #4598 @lukidzi
  • grant delete Pods in kuma-system namespace to control plane #4571 @michaelbeaumont
  • localhost exposed application shouldn’t be reachable #4750 @lukidzi
  • make options for policies simpler #4722 @lahabana
  • protect sort from empty locality #4820 @jakubdyszkiewicz
  • registering dp on reconnect #4647 @jakubdyszkiewicz
  • support GC service account #4483 @lobkovilya
  • validate both old and new objects on Update #4589 @michaelbeaumont
  • validation error with user tokens #4507 @jakubdyszkiewicz

Data Plane:

  • access log path on windows when cp is on linux #4518 @jakubdyszkiewicz
  • fix multi OS build of accesslogs #4767 @lahabana
  • have envoy version check always work #4564 @lahabana
  • propagate context for metrics aggregate #4640 @lukidzi
  • set prometheus content-type when returning metrics #4706 @lukidzi

Other:

  • add operations now create non-existent path elements #4595 @michaelbeaumont

Docs:

  • new policy matching proposal #4474 @lobkovilya

Other changes:

Gateway:
  • mention mesh name in gateway instance status #4678 @lahabana
  • add listener connection limits #4755 @michaelbeaumont
  • add loadBalancerIP to MeshGatewayInstance #4519 @michaelbeaumont
  • allow MeshGateway Dataplane Pods to bind privileged ports #4535 @michaelbeaumont
  • configure overload_manager based on max memory #4694 @michaelbeaumont
  • multi-zone cross-mesh MeshGateway #4443 @michaelbeaumont
  • propagate x-kuma-tags from MeshGateways #4476 @michaelbeaumont
  • send default static payload for empty gateway #4617 @tharun208
  • set path_with_escaped_slashes_action #4719 @michaelbeaumont
  • set cluster HTTP2 stream and connection window size #4779 @michaelbeaumont
  • set cluster per_connection_buffer_limit_bytes #4696 @michaelbeaumont
  • set global_downstream_max_connections to 50000 #4724 @michaelbeaumont
  • update to Gateway API v0.5.0, support v1beta1 resources #4599 @michaelbeaumont
  • validate listeners for collapsibility #4765 @michaelbeaumont
  • add MeshGateway dashboard #4555 @michaelbeaumont
Control Plane:
  • config cleanup (backport #4855) #4857 @mergify
  • don’t set deprecated dns_resolver_config #4702 @michaelbeaumont
  • don’t set deprecated known_suffixes #4701 @michaelbeaumont
  • remove deprecated Cluster.Http2ProtocolOptions #4528 @michaelbeaumont
  • remove versions_ws #4512 @lahabana
  • replace deprecated admin_access_log_path #4552 @lahabana
  • add /policies endpoint to list all registered policies #4708 @lahabana
  • authenticate DP every time #4685 @jakubdyszkiewicz
  • enrich policies endpoint #4791 @jakubdyszkiewicz
  • identify gateway service by deployment #4703 @parkanzky
  • separate CA for Envoy Admin communication #4676 @jakubdyszkiewicz
  • use remote address for Gateway #4530 @jakubdyszkiewicz
  • add operations now create non-existent path elements #4595 @michaelbeaumont
Data Plane:
  • remove envoy admin port flag #4574 @tharun208
  • detect memory limit only on linux #4715 @jakubdyszkiewicz
kumactl:
  • add a limit to the prom TSDB size #4651 @lahabana
  • remove old flags in install tp #4760 @lahabana
  • add MeshGateway to install demo #4679 @michaelbeaumont
  • add install control-plane –registry flag #4533 @michaelbeaumont
Documentation:
  • create MADR for MeshTrafficPermission #4666 @lobkovilya
  • new policy matching proposal #4474 @lobkovilya
  • policy matching, replace ‘conf’ with ‘default’ #4693 @lobkovilya
CNI:

Dependency updates:

  • update demo to latest version #4572 @lahabana
  • update Kuma GUI #4815 @kleinfreund #4723 @lahabana
  • use github.com/emicklei/go-restful/v3 #4665 @mmorel-35
  • bump alpine from 3.16.0 to 3.16.2 in /tools/releases/dockerfiles #4670 #4827 @dependabot
  • bump github.com/containerd/cgroups from 1.0.3 to 1.0.4 #4717 @dependabot
  • bump github.com/containernetworking/cni from 0.8.1 to 1.1.2 #4632 #4716 @dependabot
  • bump github.com/golang-jwt/jwt/v4 from 4.4.1 to 4.4.2 #4499 @dependabot
  • bump github.com/golang-migrate/migrate/v4 from 4.15.0 to 4.15.2 #4672 @dependabot
  • bump github.com/gruntwork-io/terratest from 0.40.15 to 0.40.20 #4469 #4480 @dependabot
  • bump github.com/miekg/dns from 1.1.49 to 1.1.50 #4492 @dependabot
  • bump github.com/onsi/gomega from 1.19.0 to 1.20.0 #4671 @dependabot
  • bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 #4783 @dependabot
  • bump github.com/prometheus/common from 0.34.0 to 0.37.0 #4489 #4627 @dependabot
  • bump github.com/spf13/cobra from 1.4.0 to 1.5.0 #4491 @dependabot
  • bump go.uber.org/zap from 1.21.0 to 1.22.0 #4829 @dependabot
  • bump google.golang.org/grpc from 1.47.0 to 1.48.0 #4631 @dependabot
  • bump google.golang.org/protobuf from 1.28.0 to 1.28.1 #4718 @dependabot
  • bump k8s.io/apiextensions-apiserver from 0.24.0 to 0.24.3 #4493 #4624 @dependabot
  • bump sigs.k8s.io/controller-runtime from 0.12.1 to 0.12.3 #4498 #4581 @dependabot
  • bump sigs.k8s.io/controller-tools from 0.9.0 to 0.9.2 #4549 @dependabot

1.7.1

Released on 2022/07/13

Fixes

Gateway

  • Nil pinter exception without any timeout (#4550)
  • Use remote address for Gateway (#4538)

kumactl

  • Update demo to latest version (#4587)

Control plane

  • Grant delete Pods in kuma-system namespace to control plane (#4575)
  • Don’t fail generation if other mesh CAs are misconfigured (#4517)
  • Don’t override timeout values for ExternalServices (#4568)

Data plane proxy

  • Access log path on windows when cp is on linux (#4518)

Helm

  • Fix extraConfigMap and cp labels (#4541)

General

  • Avoid -<arch> in version of the binaries (#4527)

1.7.0

Released on 2022/06/13

New features:

Cross Mesh Communication:

  • add cross-mesh MeshGateway listeners #4274#4405 @michaelbeaumont

ContainerPatch:

  • allow custom configuration of Kubernetes’ kuma-init and kuma-sidecar containers by introducing ContainerPatch CRD #4280 #4362 / #4366 #4369 / #4370 @parkanzky, @bartsmykla

Observability:

  • hijack application metrics to enable scraping metrics from mTLSed applications without prometheus in the mesh #4286 #4388/#4406 @lukidzi
  • unified installation of metrics/logging/tracing into one command observability #4308 #4411/#4418 @lukidzi, @lahabana

ARM64 support:

  • added arm build and release pipeline #4231 @lukidzi
  • release for arm64 now publish correct arch image #4276 @lukidzi
  • upgrade kubectl to version with ARM support #4180 @lukidzi
  • support ARM Linux/Darwin for dev/tools #4199 @lukidzi
  • introduced map of arch for a specific build #4321 @lukidzi
  • do not exclude arm64 files from docker #4265 @lukidzi

Gateway:

  • add GatewayClass.Spec.ParametersRef support #4157 @michaelbeaumont
  • cp annotations from gateway to svc #4327 @johnharris85
  • only reconcile Gateway when GatewayClass is Ready #4162 @michaelbeaumont
  • auto generate hostname for crossMesh listeners #4421/#4424 @michaelbeaumont

Helm:

  • set host network var in helm/cp-deployment.yaml #4209 @SallyBlichWalkMe
  • add resource management for jobs #4254 @gdasson
  • option for automountSAT=false on cp #4309 @gdasson
  • helm chart improvements #4337 @bartsmykla

CP:

  • experimental transparent proxy annotation #4240 @parkanzky
  • graceful shutdown on Universal using HDS #4246 @jakubdyszkiewicz
  • intercept signal for different platforms #4283 @jakubdyszkiewicz
  • XDS config dump on Global CP #4301 @jakubdyszkiewicz
  • validate DP compat on kuma backend #4236 @parkanzky

DP:

  • graceful shutdown of kuma-dp #4229 @jakubdyszkiewicz

Fixes:

Gateway:

  • use MeshGatewayInstance mesh annotation when matching #4361/#4371 @michaelbeaumont

Helm:

  • remove replica from cp-deployment.yaml when autoscaling enabled #4447/#4454 @gustoliv

CP:

  • fix ‘/config_dump’ request if Global CP is on Kubernetes #4363/#4372 @lobkovilya
  • add the latest version to compatibility matrix #4232 @parkanzky

DP:

  • clarify error log message when kuma-dp is wrongly connecting to global-cp #4269 @slonka

Kumactl:

  • fix transparent proxy –skip-conntrack-zone-split flag value #4334 @bartsmykla

Other notable changes:

Gateway:

  • add /finalizers permission for OwnerReferencesPermissionEnforcement plugin #4239 @michaelbeaumont
  • don’t match on ALPN in gateway (#4198) #4272 @wjrbetts

Helm:

  • delete ‘kubernetes.io/arch’ node selector #4335 @lobkovilya

CP:

  • don’t always recompute mesh contexts #4267 @michaelbeaumont
  • don’t run dataplane gc in global #4184 @lahabana
  • graceful components #4277 @jakubdyszkiewicz
  • memory store cannot delete a parent #4194 @jakubdyszkiewicz
  • protocol check should be case-insensitive #4248 @lukidzi
  • remove dns server from control plane #4192 @lahabana
  • automatically detect dns lookup family for cp cluster #4275 @slonka

ZoneIngress:

  • graceful start of many ZoneIngresses #4305 @jakubdyszkiewicz

ZoneEgress:

  • resolve zone-ingress advertized address #4219 @lahabana
  • do not change ip to ZoneEgress address #4193 @lukidzi

Kumactl:

  • remove flag ‘–experimental-meshgateway’ #4315 @lobkovilya

Timeout Policy:

  • deprecate ‘timeout.grpc’ section #4365/#4449 @lobkovilya

Other:

  • delete dns-server 5653 port from configuration and helm files #4339/#4345 @lobkovilya
  • support kube-linter tools to analyze Kubernetes YAML files #4294 @mangoGoForward

Dependency upgrades:

  • upgrade envoy to 1.22.1 #4288 #4464/#4465 @lobkovilya
  • upgrade kuma-cni to 0.0.10 #4313 @lobkovilya
  • upgrade tproxy iptables to v0.2.2 #4328 @bartsmykla
  • upgrade GUI to the latest version #4316 #4338 #4389/#4390 @jakubdyszkiewicz, @lahabana, @bartsmykla
  • upgrade protoc and regenerate files #4169 @lukidzi
  • bump github.com/golang-migrate/migrate/v4 from 4.15.1 to 4.15.2 #4234 @dependabot
  • bump github.com/gruntwork-io/terratest from 0.40.6 to 0.40.10 #4178 #4260 #4322 @dependabot
  • bump github.com/lib/pq from 1.10.5 to 1.10.6 #4299 @dependabot
  • bump github.com/miekg/dns from 1.1.48 to 1.1.49 #4291 @dependabot
  • bump github.com/onsi/ginkgo/v2 from 2.1.3 to 2.1.4 #4233 @dependabot
  • bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 #4290 @dependabot
  • bump github.com/prometheus/common from 0.33.0 to 0.34.0 #4235 @dependabot
  • bump github.com/spf13/viper from 1.10.0 to 1.11.0 #4177 @dependabot
  • bump google.golang.org/grpc from 1.45.0 to 1.46.2 #4213 #4289 @dependabot
  • bump k8s.io/apiextensions-apiserver from 0.23.5 to 0.24.0 #4216 @dependabot #4302/#4378
  • bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.1 #4302/#4378 @dependabot

Other:

  • automate policy generation #4197 @lobkovilya

1.6.1

Released on 2022/06/10

Fixes:

CP:

  • do not change ip to ZoneEgress address (backport #4193) #4195
  • memory store cannot delete a parent (backport #4194) #4196

Dependency upgrades:

  • upgrade envoy to 1.21.3 #4457 @lobkovilya

1.5.2

Released on 2022/06/10

Dependency upgrades:

  • upgrade envoy to 1.21.3 #4456 @lobkovilya

1.6.0

Released on 2022/04/11

New features:

Gateway:

  • release K8s GatewayAPI as preview 4072 4022 4045 4014 3956 @jakubdyszkiewicz,@michaelbeaumont
  • use MeshGatewayInstance name for generated objects 4097 @michaelbeaumont

Inspect api:

ZoneEgress:

  • Make zoneegress available in standalone mode 4100 @lahabana
  • added locality aware lb for external service 4048 @lukidzi
  • make zoneegress routing opt-in 4109 4013 @lukidzi
  • support RateLimit and FaultInjections 4000 @lobkovilya

Helm:

  • Allow customization of image tags in Helm chart 4068 @gdasson
  • Expose kuma-cp’s metric port so it can be scraped by self-deployed prometheus. 4047 @jbehrends
  • add resource limits option for control plane deployment 4049 @gdasson
  • fail if global.image.tag and appVersion incompatible 4085 @michaelbeaumont
  • set version to track appVersion 4083 @michaelbeaumont
  • expose kuma-cp gui through ingress 4101 @lukidzi
  • allow specifying security context 4153 @gdasson @bartsmykla

Other:

  • feat(k8s): ability to set custom service account token volume 4036 @johnharris85
  • feat(k8s): shutdown kuma-dp container for any owner kind 4079 @lukidzi
  • feat(k8s): support startupProbes 4090 @lahabana
  • feat(kuma-cp): add uptime, policies, gateway dps to reports 3933 @parkanzky
  • feat(kuma-cp): add metrics and timeouts to CA interface 4089 @parkanzky
  • feat(kumactl): add –values and –set to kumactl install control-plane 4086 @lahabana
  • feat(transparent-proxy): add experimental tproxy iptables generation 4114 @bartsmykla

Dependency upgrades:

  • bump alpine from 3.15.0 to 3.15.2 in /tools/releases/dockerfiles 4060 4023 @dependabot
  • bump github.com/envoyproxy/protoc-gen-validate from 0.6.3 to 0.6.7 3978 3976 @dependabot
  • bump github.com/go-logr/logr from 1.2.2 to 1.2.3 4040 @dependabot
  • bump github.com/golang-jwt/jwt/v4 from 4.3.0 to 4.4.1 4061 4025 @dependabot
  • bump github.com/k8s/* from 0.23.4 to 0.23.5 4043 @lahabana
  • bump github.com/miekg/dns from 1.1.46 to 1.1.47 3998 @dependabot
  • bump github.com/onsi/gomega from 1.18.1 to 1.19.0 4062 @dependabot
  • bump github.com/spf13/cobra from 1.3.0 to 1.4.0 3995 @dependabot
  • bump go.uber.org/multierr from 1.7.0 to 1.8.0 3974 @dependabot
  • bump google.golang.org/grpc from 1.44.0 to 1.45.0 3993 @dependabot
  • bump google.golang.org/protobuf from 1.27.1 to 1.28.0 4046 @dependabot
  • bump helm.sh/helm/v3 from 3.8.0 to 3.8.1 3994 @dependabot
  • bump sigs.k8s.io/gateway-api from 0.4.1 to 0.4.2 3997 @dependabot
  • remove dependency on spire 4044 @lahabana

Other notable changes:

  • chore(k8s): replace cni registry 4070 @lobkovilya
  • chore(k8s): use appProtocol from service by default 4015 @jakubdyszkiewicz
  • chore(kuma-dp): cleanup bootstrap version field 3670 @tharun208
  • fix(gateway): fix status updating in MeshGatewayInstance reconciliation 4051 @michaelbeaumont
  • fix(gateway): gateway instance service reconciliation loops forever 4035 @jakubdyszkiewicz
  • fix(gateway): gateway reconciliation loops forever 4034 @jakubdyszkiewicz
  • fix(gateway): gateway tls listeners without hostnames 4093 @jakubdyszkiewicz
  • fix(gateway): ignore non TCP protocol for provided gateway 4067 @lahabana
  • fix(gateway): mesh gateway instance service target port 4071 @jakubdyszkiewicz
  • fix(gateway): skip creating MeshGateways without proper attachment 4011 @jakubdyszkiewicz
  • fix(helm): add prefix to app label in ingress/egress deployment 4123 @lahabana
  • fix(helm): fix other template prefix in ingress/egress 4124 @lahabana
  • fix(helm): remove wildcard rbac version 4148 @johnharris85
  • fix(k8s): reconcile serviceMaps when using mesh namespace annotation 3815 @lahabana
  • fix(kuma-cp): avoid generating excessive envoy clusters 3984 @lobkovilya
  • fix(kuma-cp): default policy creation 4073 @lobkovilya
  • fix(kuma-cp): guard the nil version in metadata 3969 @jakubdyszkiewicz
  • fix(kuma-cp): provide better message when running with an in-memory database 3982 @lukidzi
  • fix(kuma-dp): better error message when the token is invalid 3961 @lahabana
  • fix(kumactl): add mesh flag to only commands that uses it 3788 @tharun208
  • fix(kumactl): split yaml correctly in kumactl apply 4107 @lahabana
  • fix(proxytemplate): avoid validation error 3937 @marcoferrer
  • fix(proxytemplate): execute hooks before proxy template modifications 4055 @jakubdyszkiewicz
  • perf(k8s): move outbounds from Dataplane to Config 3986 @jakubdyszkiewicz

1.5.1

Released on 2022/04/06

  • chore(k8s): replace cni registry (backport #4070) 4076
  • fix(kuma-cp): default policy creation (backport #4073) 4080
  • fix(kuma-cp): guard the nil version in metadata (backport #3969) 3970

1.5.0

Released on 2022/02/23

  • feat(*): zone egress #3809 #3757
  • feat(kuma-cp) data plane proxy membership #3619
  • feat(kuma-cp): reachable services in transparent proxying #3791
  • feat(inspect-api): retrieve full XDS config #3768
  • feat(*): inspect api support #3805 #3568 #3462
  • feat(kuma-cp): add proxytemplate to matched policies for inspect poli… #3786 👍contributed by @tharun208
  • feat(kuma-cp): enable traffic route for inspect endpoints #3735 👍contributed by @tharun208
  • feat(*): move adminPort to DPP resource #3739
  • feat(helm): add imagePullSecrets support #3755 👍contributed by @johnharris85
  • feat(*): enable Gateway with runtime flag #3736
  • feat(kumactl): add –api-timeout flag #3723
  • feat: allow for ca/identity secrets for every mesh #3696
  • feat(kuma-cp): allow extra cm in kuma cp chart #3671 👍contributed by @wjrbetts
  • feat(kuma-cp): add gui link in index api response #3675 👍contributed by @tharun208
  • feat(*): allow ca.crt to be in separate k8s secret #3638
  • feat(kumactl): add type of logging and tracing backends with name in table output #3636 👍contributed by @tharun208
  • feat(kuma-cp): enable client side gRPC keepalive #3574
  • feat(gui): new onboarding view kumahq/kuma-gui#194
  • feat(gui): link to documentation from policy view kumahq/kuma-gui#289

  • fix(kuma-cp): do not update unchanged insights #3819
  • fix(*): do not annotate gateway services with ingress upstream #3816
  • fix(*): properly escape DB password when creating postgres connection string #3804
  • fix(kuma-cp): fix missing label sidecar injection #3740
  • fix(kuma-dp): fix conntrack collisions #3459 👍contributed by @johnharris85
  • fix(conf): remove invalid health check fields from example #3697 👍contributed by @tharun208
  • fix(kuma-dp): binary lookup function skips not available directories #3667
  • fix(k8s): make sure controllers start after leader election #3666
  • fix(build): fix gomega matchers for inspect resources command test #3660 #3651 👍contributed by @tharun208
  • fix(kumactl): ignore any unregistered CRDs, not only from the root chart #3643
  • fix(kumactl): print meta before spec for Kuma resources #3637
  • fix(kuma-cp): add cp selector to global sync service #3579
  • fix(kuma-cp) do not override other dataplane with dp lifecycle #3507
  • fix(helm) Add support to customize nodeport #1944 👍contributed by @bhiravabhatla

  • perf(kuma-cp): use mesh snapshot in proxy builder #3700
  • perf(kuma-cp): use mesh snapshot in gateway #3710
  • perf(kuma-cp): share mesh context #3659

  • improvement(metadata): include name of annotation to parse error message #3677 👍contributed by @ChinYing-Li
  • refactor(insights): delete method GetLatestSubscription for insights #3656 👍contributed by @tharun208
  • refactor(kuma-cp): unify mesh determination for k8s objects #3708
  • refactor(*): replace ensureDefaultXXX functions with a single generic function #3662 👍contributed by @tharun208
  • chore(zone-ingress): delete deprecated env KUMA_DATAPLANE_ADMIN_PORT #3766
  • chore(k8s): remove GetBool method and use GetEnabled #3698 👍contributed by @tharun208
  • chore(*): generate CRD types #3453
  • chore(dataplane)!: disallow using 0.0.0.0 in networking.address for dp #3691
  • chore(kuma-cp): consolidate mesh defaults creation #3678
  • chore(config): remove ability to disable insights #3501
  • chore(*): remove old Ingress #3435
  • chore(*): upgrade Envoy to v1.21.1 #3909
  • chore(grafana): update to latest grafana plugin version #3812
  • ci(*): release on every commit in master and release branches #3712

1.4.1

Released on 2021/12/15

  • feat: add kubernetes tags automatically #3439
  • perf: update Mesh and ServiceInsights only when really needed #3463
  • perf: eliminate uneccessary JSON marshalling #3483
  • feat: sidecar injection webhook based on labels #3417
  • chore: upgrade gui to new version #3454
  • test: fix postgress tests permissions #3443
  • feat: add affinity to CP and Ingress pods #3036 👍contributed by @andrey-dubnik
  • chore: bump github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.2.0 #3432
  • feat: consolidate tokens logic to support expiration, rotation, revocation and RSA256 #3376
  • fix: simplify cluster creation with endpoints #3403
  • fix: enable metrics hijacker for current version of Kuma #3405
  • fix: switch to mTLS when CP communicates with Envoy Admin #3353
  • chore: bump github.com/spiffe/spire from 0.12.3 to 1.1.1 #3388
  • chore: bump github.com/spf13/viper from 1.8.1 to 1.9.0 #3389
  • fix: validate cp url in dp conf #3357
  • chore: send reports to tls endpoint #3361
  • chore: check explicit service account name #3228
  • feat: inspect other dependencies versions #3352
  • chore: add area/gateway label #3263
  • chore: remove dp token from xds metadata #3282
  • refactor: move from io/ioutil to io and os packages #3265 👍contributed by @Juneezee
  • fix: validate newly generated xDS snapshots #3195
  • chore: bump k8s.io/apiextensions-apiserver from 0.22.3 to 0.22.4 #3218
  • chore: bump helm chart version to 0.8 #3202

1.4.0

Released on 2021/11/19

  • chore(*) scripts for build, publish and fetch Envoy binaries #3110 #3182
  • chore(kuma-cp) upgrade gui to new version #3178 #3179
  • chore(kuma-cp) Use go structs instead of gotemplate for bootstrap #3156 #3173
  • chore(deps): bump github.com/slok/go-http-metrics from 0.9.0 to 0.10.0 #3170
  • Disable reporting by default #3070 #3159
  • chore(kumactl) remove install CRDs filter function #3139
  • feat(kuma-dp) Add conf to disable service vip #3143
  • chore(kuma-cp) update some TODO comments #3141
  • feat(kuma-cp) Add kuma.io/ignore annotation #3142
  • fix(kuma-dp) match gateway cluster names in the hijacker #3106
  • feat: add ECDSA certificate generator support #3093
  • feat: add more global resources to GlobalInsights #3094
  • feat: allow creating secrets for the not yet existing mesh #3076 👍contributed by cloudwiz
  • feat: don’t add v6 in DNS when v6 is disabled #3089
  • fix: explicitly disable dns in env when disabled in injector #3077
  • feat: added support for https tracing endpoint #3057 👍contributed by sudeeptoroy
  • fix: normalize generating TLS certificates #3027
  • fix: zero downtime when enabling permissive mTLS #3019
  • feat: add deprecation notice for kuma-prometheus-sd #2994
  • feat: add GlobalInsights api endpoint #3018
  • fix: duplicate TLS certificate usage #3008
  • chore: add command argument count parameters #3010
  • feat: aggregate dp stats by type in MeshInsight #2999
  • chore: delete CLI flag ‘–bootstrap-version’ #2965
  • feat: show the effective Dataplane address #2977
  • feat: aggregate services in MeshInsight #2974
  • fix: allow only one healthcheck #2972
  • feat: give CA managers all backends at once #2956
  • chore: normalize timeout configurer API #2934
  • fix: locality-aware lb for external-services #2903
  • feat: add install control-plane –version flag for all components #2904
  • feat: add zone selector to Kuma Mesh dashboard #2860
  • fix: possible to delete resources on Zone CP #2665
  • fix: make cluster names contextually unique #3098
  • feat: automatically enable gzip content on gateways #3104
  • feat: add Gateway TLS termination support #3044
  • feat: add gateway support for external services #2990
  • fix: enable secrets support for Gateway resources #2953
  • feat: initial connection policy support for Gateway #2933
  • feat: add access to generate zone ingress token #3075
  • feat: user token with RSA256 #2992
  • feat: prefix system users and groups with mesh-system #3013
  • feat: localhost is not an admin on kubernetes #3003
  • feat: user token enabled by default #2941
  • feat: Admin User Token bootstrap #2923
  • chore: refactor access control for individual access #2983
  • feat: support plugin based authentication including user tokens #2895
  • feat: User Token for API Server authentication #2892
  • chore: refactor authz and authn to plugins #2837
  • chore(kuma-cp) upgrade gui to new version #3148
  • chore(*) upgrade to Go 1.17.3 #3147
  • chore(deps): bump github.com/operator-framework/operator-lib #3158
  • chore(deps): bump github.com/gruntwork-io/terratest #3130
  • chore: update helm and controller-runtime #2764
  • chore: bump github.com/lib/pq from 1.10.3 to 1.10.4 #3131
  • chore: bump google.golang.org/grpc from 1.41.0 to 1.42.0 #3101
  • chore: bump github.com/prometheus/common from 0.31.1 to 0.32.1 #3006
  • chore: bump github.com/envoyproxy/protoc-gen-validate #3007
  • chore: bump github.com/google/uuid from 1.2.0 to 1.3.0 #2839
  • chore: bump sigs.k8s.io/controller-runtime from 0.10.2 to 0.10.3 #3132
  • chore: bump k8s.io/client-go from 0.22.2 to 0.22.3 #3061
  • chore: bump k8s.io/apiextensions-apiserver from 0.22.2 to 0.22.3 #3059
  • chore: bump k8s.io/api from 0.22.2 to 0.22.3 #3058
  • chore: bump github.com/golang-migrate/migrate/v4 #2970
  • chore: bump helm.sh/helm/v3 from 3.6.1 to 3.7.1 #2968
  • chore: bump github.com/miekg/dns from 1.0.14 to 1.1.43 in /pkg/transparentproxy/istio #2752

1.3.1

Released on 2021/10/06

  • fix: disable zone #2884
  • fix: limit number of postgres connection by default #2866
  • feat: add zone selector to Kuma Service to Service dashboard #2876
  • feat: add zone selector to Kuma Service dashboard #2865
  • feat: add zone selector to Kuma Dataplane dashboard #2864
  • fix: fix duplicates in dataplane list in Kuma Services dashboard #2845
  • chore: migrate install resources from rbac API v1beta1 to v1 #2875
  • fix: fault injection matching #2757
  • fix: delete kuma.io/region and kuma.io/sub-zone #2824
  • feat: print control plane version with version cmd #2834
  • fix: Only warn about version compatibility where it makes sense #2828
  • perf: remove insight update rate limit burst #2825
  • perf: apply ratelimit to service insights #2815
  • feat: adds support for specifying specific IP for cloud provider load balancers for ingress service #2779 👍contributed by @jamesdbloom
  • fix: send tool output to stdout #2787
  • fix: switch to a Kuma fork of go-control-plane #2771
  • chore: parametrize label on the deployment #2765
  • perf: set Node only on first DiscoveryRequest #2741
  • feat: verify ServiceAccountToken bound to a Pod #2745
  • feat: internal dns should resolve AAAA records #2760
  • fix: Add FORMERR and NOTIMP in alternate default coredns conf #2756
  • fix: virtual probes with query #2706
  • fix: Avoid calling Send() from different goroutines #2573
  • feat: automatically set proxy concurrency #2691
  • feat: Improve builtin grafana setup to have traces and logs linked #2716
  • fix: Show gateway services in service-insights #2711
  • fix: Correct bad merging of duration #2700
  • fix: Ensure outbounds are set when migrating from old to new #2698
  • fix: get rid of regex for parsing IPs #2681
  • feat: add CP config to ZoneInsights #2661
  • feat: generate GatewayRoute clusters #2819
  • feat: add GatewayRoute route generation #2782
  • feat: match gateway routes #2758
  • feat: initial gateway TrafficRoute support #2547
  • feat: add a GatewayRoute resource #2591
  • chore: update base image for kuma-dp #2881
  • chore: change Go JWT version to fix security vunerability #2844
  • chore: bump go.uber.org/zap from 1.17.0 to 1.19.1 #2768
  • chore: bump google.golang.org/grpc from 1.38.0 to 1.40.0 #2737
  • chore: bump github.com/miekg/dns from 1.1.42 to 1.1.43 #2769
  • chore: upgrade github.com/spf13/cobra #2732
  • chore: bump alpine in /tools/releases/dockerfiles #2705
  • chore: bump github.com/onsi/gomega from 1.13.0 to 1.16.0 #2657
  • chore: update envoy to 1.18.4 #2667

1.3.0

Released on 2021/08/24

  • feat: remove provided ca cert validation #2663 👍contributed by Nikita Pande (@nikita15p)
  • feat: Use kuma-sd in kumactl install metrics #2654
  • feat: Add new datasource to kumactl install metrics #2640
  • fix: remove extra endline in traffic log default template #2514
  • fix: TLSInspector is causing tcp healthcheck failures #2639
  • feat: Add rate-limit to outbound interfaces #2435
  • fix: print a newline with transparent proxy setup message #2634
  • chore: bump alpine in /tools/releases/dockerfiles #2531
  • chore: annotate required fields in proto files #2556
  • chore: remove MADS v1alpha1 #2632
  • chore: parametrize kuma tracing in ZipkinCollectorURL #2635
  • chore: Add the number of services to usage stats #2628
  • feat: Add the permissive mTLS mode #2579
  • chore: open CAProvider and MeshValidator for extensions #2618
  • feat: Add entity for virtual-outbound #2576
  • fix: Don’t set zap.Development() in debug log #2608
  • chore(kuma-cp) upgrade gui to new version #2611, #2452, #2554, #2528, #2497, #2490, #2481
  • feat: Build kuma on Windows #2597, #2606, #2559
  • feat: Add CA backend stats in Dataplane and Mesh Insights #2562
  • fix: missing key for kv in reports logging #2598
  • chore: split listener configurers across source files #2592
  • feat: add simple HTTP connection configurers #2593
  • feat: add virtual host domain name configurer #2590
  • feat: return instance and cluster IDs in kuma-cp API statuses #2589
  • tests: allow kuma-specific const to be overridden #2582
  • feat: Intermediate CA support #2575
  • fix: Avoid nil dereferencing in dp validator #2578
  • chore: consistently use utils package for protobuf wrappers #2570
  • fix: subscription finalizer, rev 2 #2526
  • tests: fix flaky test for locality aware loadbalancing #2564
  • fix: DP tracking lock consistency fix #2567
  • chore: Certificates over ADS #2558
  • chore: migrate DiscoveryRequest/Response in KDS to V3 #2541
  • feat: Rewrite dns persistence to allow virtual-outbound to be added #2484
  • fix: deleted default policy is created on Kuma CP restart #2507
  • chore: Move kumactl logging arguments to where they can be parameterized #2544
  • chore: add route and virtual host configuration helpers #2517
  • chore: fix kumactl generate dataplane proxy-type flag deprecation message #2522 👍contributed by Tharun Rajendran
  • chore: Simplify resource-gen.go by generating ResourceDescriptor #2511
  • chore: Replace netcat with test server #2510
  • feat: configure SNI on ExternalService #2467
  • chore: add importas to golangci-lint #2516 👍contributed by Tharun Rajendran
  • chore: add to resource-gen.go generation of kds options #2487
  • chore: add to resource-gen.go generation of kumactl options #2469
  • fix: add owner when create ZoneIngressInsight #2456
  • fix: hijacker merge labels #2476
  • chore: improve resource-gen by auto generating ws code #2466
  • fix: clarify invalid resource type message #2473
  • fix: implement TextMarshaler for JSON keys #2475
  • chore: simplify resourceWsDefinition and server init #2477
  • fix: Stop adding outbounds to dp for vips #2421
  • chore(*) make port validation consistent #2448

1.2.3

Released on 2021/07/29

  • fix(kumactl) warn about fail to check the CP version #2438
  • fix(kuma-cp) handle missing connection info #2439
  • chore(xds) rename logger to have consistent naming style #2375 👍contributed by burntcarrot
  • fix(kuma-cp) set better keep-alive for bootstrap #2432
  • fix(kuma-dp) validate the DP proxy type #2186
  • fix(kuma-cp) use the typed config for TLS Inspector #2373

1.2.2

Released on 2021/07/16

  • feat: add datadog traffic tracing #2269
  • refactor: add kumactl install tracing context #2343
  • chore: improve kumactl install transparent-proxy flags description, add extra validation #2352
  • fix: broken SDS auth and XDS generation on rapid DP restarts #2342
  • fix: allow verbose log levels #2351
  • chore: use resource types for DataplaneInsight tracking #2324
  • chore: improve resource manager initialization readability #2316
  • chore: upgrade gui to new version #2340, #2325, #2315
  • fix: allocate a new VIP for ExternalService host #2302
  • fix: stop components on leader election lost #2318
  • chore: generate system resource wrappers #2282, #2311
  • chore: remove access log V2 #2301
  • chore: generate DeepCopy interfaces #2222
  • chore: disable log sampling #2273
  • chore: upgrade Protocol Buffers #2244
  • chore: change default number of insights subscriptions #2266
  • chore: make the authentication interface type oblivious #2271
  • fix: fix hds disabled on dpserver #2268 👍contributed by Bastien Chatelard
  • chore: refactor xDS metadata to store a generic resource #2264
  • feat: change KDS max message limit #2265

1.2.1

Released on 2021/06/30

  • fix: Dataplane/ZoneIngress/Zone status problem when control plane forcefully exits #2246
  • chore: reduce memory usage by reducing cache key size #2214 #2230 👍contributed by nhamlh
  • fix: ZoneIngress always shows up as ‘offline’ #2209
  • feat: dataplane use advertise address to add a routable ip if address is not public ip #2116 👍contributed by sudeeptoroy
  • fix: builtin DNS resolve alias with dots #2208
  • feat: add SNI to TLSed ExternalServices #2211
  • fix: fix race condition in cache #2202 👍contributed by nhamlh
  • fix: supported versions of Kuma DP in the GUI #2193

1.2.0

Released on 2021/06/17

  • feat: Introduce ZoneIngress #2147 #2169
  • feat: enable dataplane dns by default #2152
  • feat: add –verbose flag to kuma-init #2156
  • feat: log rotation #2100 👍contributed by @nikita15p
  • feat: mads, allow specifying fetch-timeout via query param #2148 👍contributed by @austince
  • feat: mads, add support for HTTP long polling #2121 👍contributed by @austince
  • feat(mads) implement v1 API #1753 👍contributed by @austince
  • feat: add RateLimit policy #2083
  • feat: TrafficRoute L7 #2013 #2042 #2062 #2072 #2168

  • feat: allow renegotiation for TLS in ExternalServices #2135
  • feat: pass header when communicating with CP #2049 👍contributed by sudeeptoroy
  • feat: change default traffic route policy #2075
  • feat: command to install kong enterprise ingress #1999
  • feat: add postgres max idle connections configuration #2020 👍contributed by @nikita15p
  • feat: add kumactl –no-config flag #2048
  • feat: nodeselector across all pods with HELM #2012
  • feat: enable forwarding XFCC header #1941 👍contributed by @jewertow
  • feat: TrafficPermission for ExternalServices #1957
  • feat: metrics hijacker #1899
  • feat: extend CircuitBreaker #1655
  • chore: remove API V2 #2119
  • chore: bump webhooks version #2126
  • chore: drop deprecated Envoy options #2143
  • chore: dockerfiles, add a user for kuma-cp #2129
  • chore: bump cni version to 0.0.9 #2137
  • chore: rename remote cp to zone cp #2125
  • chore: bump versions of logging, metrics, tracing #2178
  • chore: parametrize bitnami/kubectl #2151
  • chore: backwards compatible metrics #2173
  • chore: upgrade Envoy version to 1.18.3 #2145
  • chore updated go-control-plane #2082 👍contributed by @sudeeptoroy
  • chore: fix misspelled words #1984 👍contributed by @tharun208
  • chore: upgrade GUI #2157
  • chore namespace source names for v1 API #1896 👍contributed by @austince
  • chore: use cmux for MADS server #1887
  • chore: Add internal support for outbound UDP listeners #1618 👍contributed by @lahabana
  • chore: Avoid generating duplicate subsets in ingress 👍contributed by @lahabana
  • chore: upgrade to apiextensions.k8s.io/v1 #1108 👍contributed by @austince
  • fix: Clear snapshots from cache on disconnect #2172 👍contributed by @lahabana
  • fix: use service account name to identify sync #2127
  • fix: raise the regex program size limit #2139
  • fix: pass query parameters through the metrics hijacker #2124
  • fix: matching endpoints by tags #2096
  • fix: manage and warn on control plane file limits #2057 #2106
  • fix: fix transparent-proxy for GCP/GKE #2051
  • fix: set death signal on child processes #2045
  • fix: TrafficRoute in multizone issue #1979

1.1.6

Released on 2021/05/13

  • feat: expose reuse_connection in healthchecks #1952
  • feat: allow tcp/http healthchecks together #1951
  • feat: kumactl option to install gateway types #1950
  • feat: kumactl option to install kuma demo app #1932
  • feat: kumactl option to install Kong ingress #1929
  • feat: support all tags in traffic permission #1902
  • fix: gateway status was always reporting offline #1946
  • fix: don’t cache failed calls #1894 👍contributed by @lahabana
  • chore: add hostname when sending traces to the collector #1962
  • docs: prepare api docs generation #1741
  • test: azure aks and e2e improvements for the CI #1880 #1871 #1933 #1953 #1972

1.1.5

Released on 2021/04/29

  • feat: generate outbounds for itself #1900
  • chore: migrate from bintray #1901
  • chore: GUI updates and fixes #1897
  • chore: kumactl check version after loading config #1879
  • chore: transparent proxy improvements #1852
  • chore upgrade Go to 16.3 and use go embed #1864 #1865
  • fix: always set locality in multizone #1863
  • fix: Envoy config is created based on old Dataplane #1848

1.1.4

Released on 2021/04/19

  • chore: force all DNS traffic capture #1842

1.1.3

Released on 2021/04/16

  • feat: support External Services with original hostname and port (built-in DNS) #1807 #1811 #1817 #1812 #1821 #1824 #1828 #1822
  • fix: pass validation of V3 specific configs in ProxyTemplate #1819
  • chore: support ingress annotations (kuma.io/ingress-public-address and kuma.io/ingress-public-port) in HELM #1796

1.1.2

Released on 2021/04/09

  • feat: extend CircuitBreaker policy with Thresholds #1688
  • feat: enable IPv6 support and tests #1726 #1734
  • feat: unuversal mode transparent-proxy firewalld support #1702
  • feat: new Grafana charts for golden signals and L7 metrics #1739 #1786
  • chore: verify e2e tests run in EKS #1684 #1685 #1744
  • chore: upgrade CRDS to apiextensions.k8s.io/v1 #1108
  • fix: helm cp service annotations #1767 👍contributed by nbrink91
  • fix: gui fixes #1773
  • fix: KDS may delete ConfigMaps on Control Plane restarts #1769
  • fix: Kuma CP restart may cause stale Envoy configs on Universal #1749
  • fix: use EnvoyGRPC to fix DNS resolving #1740
  • fix: fix ingress-enabled #1725
  • fix: pick HTTP health checker version depending on outbound’s protocol #1714
  • fix: improve the DNS server bind message #1701
  • fix: validate –name and –mesh when dataplane is provided #1771
  • fix: better error messages when there is problem with pod dataplane convertion #1743
  • fix: crashes under load #1694 #1695

1.1.1

Released on 2021/03/11

  • fix: make sure we enumerate all types in kumactl #1673
  • fix: annnotate service with ingress that has no annotations #1671
  • fix: improve err message if $HOME is not defined #1664
  • feat: zipkin config add shared span context option #1660 👍contributed by @ericmustin
  • feat: get rid of ‘changed’ check #1663
Last Updated: 1/24/2024, 03:55:56 AM