Kong Mesh Changelog
Changelog
2.8.4
Released on 2024/10/07
- chore(deps): bump kumahq/kuma from 2.8.3 to 2.8.4 @kong-mesh
- chore(deps): security update @kong-mesh
- chore(deps): upgrade envoy for windows to 1.28.7 @lukidzi
2.7.8
Released on 2024/10/07
- chore(deps): bump kumahq/kuma from 2.7.7 to 2.7.8 @kong-mesh
- chore(deps): security update @kong-mesh
- chore(deps): upgrade envoy for windows to 1.28.7 @lukidzi
2.6.12
Released on 2024/10/07
- chore(deps): bump kumahq/kuma from 2.6.11 to 2.6.12 @kong-mesh
- chore(deps): security update @kong-mesh
2.5.11
Released on 2024/10/07
- chore(deps): bump kumahq/kuma from 2.5.10 to 2.5.11 @kong-mesh
- chore(deps): security update @kong-mesh
2.8.3
Released on 2024/09/04
- chore(deps): bump kumahq/kuma from ffb0a135b832 to 2.8.3 @kong-mesh
- chore(deps): security update @kong-mesh
2.7.7
Released on 2024/09/03
- chore(deps): bump kumahq/kuma from 90b2732876d1 to 2.7.7 @kong-mesh
- chore(deps): downgrade envoy for windows to 1.28.5 @lukidzi
2.6.11
Released on 2024/09/03
- chore(deps): bump kumahq/kuma from fbafe3de5ac5 to 2.6.11 @kong-mesh
2.5.10
Released on 2024/09/03
- chore(deps): bump kumahq/kuma from fab8179dfe37 to 2.5.10 @kong-mesh
2.5.9
Released on 2024/07/25
- chore(deps): bump kumahq/kuma from e39c5430659a to fab8179df @kong-mesh
2.4.10
Released on 2024/07/25
- chore(deps): bump kumahq/kuma from 124fc3eb91b0 to fde462d37 @kong-mesh
2.7.6
Released on 2024/07/24
- chore(deps): bump kumahq/kuma from bab1af2f8583 to 90b273287 @kong-mesh
- chore(deps): security update @kong-mesh
2.6.10
Released on 2024/07/24
- chore(deps): bump kumahq/kuma from e28b7339e639 to fbafe3de5 @kong-mesh
2.8.2
Released on 2024/07/23
- chore(deps): bump kumahq/kuma from c3a2cada28e3 to ffb0a135b @kong-mesh
- chore(deps): security update @kong-mesh
2.5.8
Released on 2024/07/05
- chore(deps): bump kumahq/kuma from 2a7e5013eb2c to e39c54306 @kong-mesh
- chore(deps): security update @kong-mesh
- fix(kuma-cp): downgrade go-control-plane to mitigate potential deadlock (backport of #6094) @kong-mesh
- fix(license): don’t fail if we ever saw a valid license (backport of #5968) @kong-mesh
- fix(ubi): upgrade from non-existent iptables-nft version (backport of #5910) @kong-mesh
- fix(kuma-cp): fixed an issue that breaks license propagation from the global control plane to zone control planes
2.4.9
Released on 2024/07/05
- chore(deps): bump kumahq/kuma from 304050ffd4f5 to 124fc3eb9 @kong-mesh
- chore(deps): security update @kong-mesh
- fix(license): don’t fail if we ever saw a valid license (backport of #5968) @kong-mesh
- fix(ubi): upgrade from non-existent iptables-nft version (backport of #5910) @kong-mesh
2.6.9
Released on 2024/07/04
- chore(deps): bump kumahq/kuma from 498d86f27ece to e28b7339e @kong-mesh
- chore(deps): security update @kong-mesh
2.8.1
Released on 2024/07/03
- chore(deps): bump kumahq/kuma from 1110a0305eec to c3a2cada2 @kong-mesh
- chore(deps): upgrade envoy to 1.28.5 for windows @lukidzi
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
2.7.5
Released on 2024/07/03
- chore(deps): bump kumahq/kuma from f19b85337222 to bab1af2f8 @kong-mesh
- chore(deps): security update @kong-mesh
2.8.0
Released on 2024/06/24
- chore(deps): bump Kong/public-shared-actions from 2.1.0 to 2.3.0 @dependabot
- chore(deps): bump actions/create-github-app-token from 1.9.3 to 1.10.1 @dependabot
- chore(deps): bump actions/create-github-app-token to 1.10.0 in sync_ci.sh @michaelbeaumont
- chore(deps): bump github.com/Kong/kauth-api from 1.139.0 to 1.142.0 @dependabot
- chore(deps): bump github.com/Kong/shared-go/kauth from 1.4.54 to 1.4.85 @dependabot
- chore(deps): bump github.com/Kong/shared-go/rest from 1.13.2 to 1.13.17 @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go from 1.50.12 to 1.53.21 @dependabot
- chore(deps): bump github.com/cert-manager/cert-manager from 1.14.1 to 1.14.5 @dependabot
- chore(deps): bump github.com/docker/docker from 25.0.5+incompatible to 26.1.4+incompatible @dependabot
- chore(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.5 to 0.7.7 @dependabot
- chore(deps): bump github.com/hashicorp/vault/api from 1.11.0 to 1.14.0 @dependabot
- chore(deps): bump github.com/hashicorp/vault/api/auth/aws from 0.5.0 to 0.7.0 @dependabot
- chore(deps): bump github.com/hashicorp/vault/sdk from 0.10.2 to 0.13.0 @dependabot
- chore(deps): bump github.com/yalue/merged_fs from 1.2.3 to 1.3.0 @dependabot
- chore(deps): bump go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp from 0.49.0 to 0.52.0 @dependabot
- chore(deps): bump golang.org/x/sync from 0.6.0 to 0.7.0 @dependabot
- chore(deps): bump kumahq/kuma from 396f0a557853 to 17e4c2097 @jakubdyszkiewicz,@kong-mesh,@lahabana
- chore(deps): bump kumahq/ubuntu-netools from
9eba4ba
to8675216
@dependabot - chore(deps): bump the opa group with 2 updates @dependabot
- chore(deps): bump ubi9-minimal from 9.3-1612 to 9.4-949.1717074713 @dependabot
- chore(deps): downgrade envoy to 1.28.4 for Windows @lukidzi
- chore(deps): security update @kong-mesh
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
- feat(kumactl): restrict the default admin role binding by default when installing the control plane @jijiechen
- fix(docs): fix outdated url for backend store @Icarus9913
- fix(kuma-cp): downgrade go-control-plane to mitigate potential deadlock @bartsmykla
- fix(kuma-cp): override system namespace when running Universal @lobkovilya
- fix(license): don’t fail if we ever saw a valid license @lahabana
- fix(ubi): upgrade iptables-nft version @michaelbeaumont
2.7.4
Released on 2024/06/19
- chore(deps): bump kumahq/kuma from 413bddfb40f2 to f19b85337 @kong-mesh
- chore(deps): security update @kong-mesh
- fix(kuma-cp): downgrade go-control-plane to mitigate potential deadlock (backport of #6094) @kong-mesh
- fix(kuma-cp): fixed an issue that breaks license propagation from the global control plane to zone control planes
2.6.8
Released on 2024/06/19
- chore(deps): bump kumahq/kuma from 68fa9292c542 to 498d86f27 @kong-mesh
- chore(deps): security update @kong-mesh
- fix(kuma-cp): downgrade go-control-plane to mitigate potential deadlock (backport of #6094) @kong-mesh
2.6.7
Released on 2024/05/30
- chore(deps): bump kumahq/kuma from 946233ed1fe6 to 68fa9292c @kong-mesh
- fix(kuma-cp): fixed an issue that breaks license propagation from the global control plane to zone control planes
2.7.3
Released on 2024/05/20
- chore(deps): bump kumahq/kuma from 358de6f3e590 to 413bddfb4 @kong-mesh
- chore(deps): security update @kong-mesh
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
- fix(license): don’t fail if we ever saw a valid license (backport of #5968) @kong-mesh
2.6.6
Released on 2024/05/17
- chore(deps): bump kumahq/kuma from 9b95497f2dcf to 946233ed1 @kong-mesh
- chore(deps): security update @kong-mesh
- fix(license): don’t fail if we ever saw a valid license (backport of #5968) @kong-mesh
- fix(ubi): upgrade from non-existent iptables-nft version (backport of #5910) @kong-mesh
2.7.2
Released on 2024/05/02
- chore(deps): bump kumahq/kuma from 5a2d836dc6e5 to 684d3ddf6 @jakubdyszkiewicz,@kong-mesh
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
- fix(ubi): upgrade from non-existent iptables-nft version @michaelbeaumont
2.7.1
Released on 2024/04/23
- chore(deps): bump kumahq/kuma from 77f3a8badc84 to 5a2d836dc @kong-mesh
2.7.0
Released on 2024/04/18
- chore(deps): bump Kong/public-shared-actions from 1.15.0 to 2.1.0 @dependabot
- chore(deps): bump actions/cache from 3 to 4 @dependabot
- chore(deps): bump actions/create-github-app-token from 1.9.1 to 1.9.2 @dependabot
- chore(deps): bump github.com/Kong/shared-go/kauth from 1.4.10 to 1.4.13 @dependabot
- chore(deps): bump github.com/Kong/shared-go/rest from 1.11.4 to 1.11.6 @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go from 1.50.7 to 1.50.12 @dependabot
- chore(deps): bump github.com/cert-manager/cert-manager from 1.13.3 to 1.14.1 @dependabot
- chore(deps): bump github.com/docker/docker from 25.0.1+incompatible to 25.0.3+incompatible @dependabot
- chore(deps): bump kumahq/kuma from 2df58666a6a8 to 77f3a8bad @kong-mesh,@lukidzi
- chore(deps): bump peter-evans/create-pull-request from 5 to 6 @dependabot
- chore(deps): bump ubi9-minimal from 9.3-1552 to 9.3-1612 @dependabot
- chore(deps): security update @kong-mesh
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
- feat(MeshGlobalRateLimit): add kind: MeshGateway @michaelbeaumont
- feat(MeshOPA): allow kind: MeshGateway @michaelbeaumont
- feat(kuma-cp): rbac support more kuma targetRef kinds @jijiechen
- feat(opa): move the logic of apending persistence_directory into agentConfig from cp to dp so that we can use different tempDir based on dp settings @jijiechen
- feat(opa): add a default persistence_directory if not configured in agentConfig of mesh opa policies @jijiechen
- feat(rbac): add rbac for control-plane metadata access @lahabana
- feat(rbac): set the same permission on zone and global @lukidzi
- fix(MeshGlobalRateLimit): duplicated paths in errors, require
from
not to be empty @michaelbeaumont - fix(MeshOPA): remove log for composable policies @jakubdyszkiewicz
- fix(rbac): allow system:authenticated on zone cp @lukidzi
2.6.5
Released on 2024/04/08
- chore(deps): bump kumahq/kuma from b203130df372 to 9b95497f2 @kong-mesh
2.5.7
Released on 2024/04/08
- chore(deps): bump kumahq/kuma from 35f57c23ecdd to 2a7e5013e @kong-mesh
2.4.8
Released on 2024/04/08
- chore(deps): bump kumahq/kuma from 4d60a91e01d8 to 304050ffd @kong-mesh
2.3.7
Released on 2024/04/08
- chore(deps): bump kumahq/kuma from 04377e548c39 to b0ad06967 @kong-mesh
2.2.9
Released on 2024/04/08
- chore(deps): bump kumahq/kuma from 4a4e4a6c37b2 to 811da1748 @kong-mesh
2.6.4
Released on 2024/04/02
- chore(deps): bump kumahq/kuma from ba48fe1f1a50 to b203130df @kong-mesh
2.5.6
Released on 2024/04/02
- chore(deps): bump kumahq/kuma from 35e9401bfab3 to 35f57c23e @kong-mesh
2.6.3
Released on 2024/03/29
- chore(deps): bump kumahq/kuma from 4cef8d860e7a to ba48fe1f1 @kong-mesh
2.5.5
Released on 2024/03/29
- chore(deps): bump kumahq/kuma from ea82d4e6d5ad to 35e9401bf @kong-mesh
2.5.4
Released on 2024/03/18
- chore(deps): bump kumahq/kuma from 23764bbca70d to ea82d4e6d @kong-mesh
- chore(deps): security update @kong-mesh
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
2.4.7
Released on 2024/03/18
- chore(deps): bump kumahq/kuma from e5ffd4dc7dc3 to 4d60a91e0 @kong-mesh
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
2.3.6
Released on 2024/03/18
- chore(deps): bump kumahq/kuma from 59b52bb35d2a to 04377e548 @kong-mesh
2.2.8
Released on 2024/03/18
- chore(deps): bump kumahq/kuma from fc2c17ee51d4 to 4a4e4a6c3 @kong-mesh
2.6.2
Released on 2024/03/14
- chore(deps): bump kumahq/kuma from 7b1269d6f957 to 4cef8d860 @kong-mesh
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
2.5.3
Released on 2024/02/20
- chore(deps): bump kumahq/kuma from bd64b43ef337 to 23764bbca @kong-mesh
2.4.6
Released on 2024/02/20
- chore(deps): bump kumahq/kuma from 41284773c8df to e5ffd4dc7 @kong-mesh
2.3.5
Released on 2024/02/20
- chore(deps): bump kumahq/kuma from baa08aefa319 to 59b52bb35 @kong-mesh
2.2.7
Released on 2024/02/20
- chore(deps): bump kumahq/kuma from e4d77e6a0553 to fc2c17ee5 @kong-mesh
2.6.1
Released on 2024/02/19
- chore(deps): bump kumahq/kuma from d176c947ae41 to 7b1269d6f @kong-mesh
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
- feat(MeshOPA): allow kind: MeshGateway (backport of #5404) @kong-mesh
- feat(rbac): set the same permission on zone and global (backport of #5432) @kong-mesh
- fix(rbac): allow system:authenticated on zone cp (backport of #5391) @kong-mesh
2.5.2
Released on 2024/02/05
- chore(deps): bump kumahq/kuma from d2ced55cd241 to bd64b43ef @kong-mesh
2.4.5
Released on 2024/02/05
- chore(deps): bump kumahq/kuma from b3131e7b6555 to 41284773c @kong-mesh
- chore(deps): bump shadow-utils (backport of #4768) @kong-mesh
- chore(deps): security update @kong-mesh
2.3.4
Released on 2024/02/05
- chore(deps): bump kumahq/kuma from 815b26399692 to baa08aefa @kong-mesh
- chore(deps): bump shadow-utils (backport of #4768) @kong-mesh
- chore(deps): security update @kong-mesh
2.2.6
Released on 2024/02/05
- chore(deps): bump kumahq/kuma from 467b9011abcf to e4d77e6a0 @kong-mesh
- chore(deps): bump shadow-utils (backport of #4768) @kong-mesh
- chore(deps): security update @kong-mesh
2.6.0
Released on 2024/02/01
- chore(deps): bump Kong/public-shared-actions from 1.13.0 to 1.14.0 @dependabot
- chore(deps): bump actions/setup-go from 4 to 5 @dependabot
- chore(deps): bump actions/upload-artifact from 4.0.0 to 4.1.0 @dependabot
- chore(deps): bump actions/{upload,download}-artifact from 3 to 4 @dependabot
- chore(deps): bump github.com/Kong/kauth-api from 1.118.0 to 1.126.0 @dependabot
- chore(deps): bump github.com/Kong/shared-go/kauth from 1.3.0 to 1.4.3 @dependabot
- chore(deps): bump github.com/Kong/shared-go/rest from 1.7.0 to 1.11.2 @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go from 1.47.11 to 1.50.2 @dependabot
- chore(deps): bump github.com/cert-manager/cert-manager from 1.13.2 to 1.13.3 @dependabot
- chore(deps): bump github.com/spf13/afero from 1.10.0 to 1.11.0 @dependabot
- chore(deps): bump golang.org/x/sync from 0.5.0 to 0.6.0 @dependabot
- chore(deps): bump kumahq/kuma from cbf23a65c840 to d176c947a @jakubdyszkiewicz,@kong-mesh,@michaelbeaumont
- chore(deps): bump the go-opentelemetry-io group with 1 update @dependabot
- chore(deps): bump the opa group with 2 updates @dependabot
- chore(deps): bump ubi9-minimal from 9.3-1361.1699548032 to 9.3-1475 @dependabot
- chore(deps): security update @kong-mesh
- chore(deps): upgrade Kuma manually @lahabana
- chore(deps): upgrade shared go components @jakubdyszkiewicz
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
- feat(kds): return error from HealthCheck if tenant is missing @michaelbeaumont
- feat(kds): use Unauthenticated/PermissionDenied gRPC status codes instead of InvalidArgument @michaelbeaumont
- feat(mtls): allow switching CAs when there is only one service and no existing certificate issues in the mesh @jijiechen
- fix(kuma-cp): actually call health check endpoint after auth @michaelbeaumont
- fix(kuma-cp): proxypatch should be the last policy @lukidzi
- fix(kumactl): customize demo namespace @jakubdyszkiewicz
- fix(vault): remove error when renewing token on removed mesh @lahabana
2.5.1
Released on 2023/12/12
- chore(deps): bump kumahq/kuma from bbfcb64fd56d to d2ced55cd @kong-mesh
- chore(deps): security update @kong-mesh
- fix(kuma-cp): proxypatch should be the last policy (backport of #4931) @kong-mesh
2.5.0
Released on 2023/11/15
Based on Kuma 2.5.0
- chore(deps): build without containerd @slonka
- chore(deps): bump Kong/public-shared-actions from 1.12.0 to 1.13.0 @dependabot
- chore(deps): bump actions/checkout from 3 to 4 @dependabot,@lukidzi
- chore(deps): bump github.com/Kong/kauth-api from 1.114.0 to 1.118.0 @dependabot
- chore(deps): bump github.com/Kong/shared-go/kauth from 1.0.9 to 1.2.5 @dependabot
- chore(deps): bump github.com/Kong/shared-go/rest from 1.1.2 to 1.6.2 @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go from 1.44.329 to 1.47.1 @dependabot
- chore(deps): bump github.com/cert-manager/cert-manager from 1.12.3 to 1.13.2 @dependabot
- chore(deps): bump github.com/docker/docker from 24.0.5+incompatible to 24.0.6+incompatible @dependabot
- chore(deps): bump github.com/gruntwork-io/terratest from 0.45.0 to 0.46.0 @dependabot
- chore(deps): bump github.com/hashicorp/vault/api/auth/aws from 0.4.1 to 0.5.0 @dependabot
- chore(deps): bump github.com/hashicorp/vault/sdk from 0.9.2 to 0.10.2 @dependabot
- chore(deps): bump github.com/open-policy-agent/opa from 0.55.0 to 0.56.0 @dependabot
- chore(deps): bump github.com/open-policy-agent/opa-envoy-plugin from 0.55.0-envoy to 0.58.0-envoy @dependabot
- chore(deps): bump github.com/spf13/afero from 1.9.5 to 1.10.0 @dependabot
- chore(deps): bump golang.org/x/net from 0.14.0 to 0.17.0 @dependabot
- chore(deps): bump google.golang.org/grpc from 1.58.3 to 1.59.0 @dependabot
- chore(deps): bump kuma and add missing dependency in
upgrade/kuma
@lahabana - chore(deps): bump kumahq/kuma from 40da07fcd075 to bbfcb64fd @kong-mesh
- chore(deps): bump shadow-utils (backport of #4768) @slonka
- chore(deps): bump the go-opentelemetry-io group with 1 update @dependabot
- chore(deps): bump the go-opentelemetry-io-contrib group with 1 update @dependabot
- chore(deps): bump tibdex/github-app-token from 1.8.0 to 2.1.0 @dependabot
- chore(deps): bump ubi9-minimal from 9.2-717 to 9.2-750.1697625013 @dependabot
- chore(deps): downgrade testcontainers from v0.24.0 to v0.23.0 @jakubdyszkiewicz
- chore(deps): remove pinned Helm version @michaelbeaumont
- chore(deps): remove ristretto pin @michaelbeaumont
- chore(deps): update shared-go @slonka
- chore(deps): update shared-go kauth dependency @Automaat
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
- feat(awsiam): add ability to assume roles for cross account auth @michaelbeaumont
- feat(awsiam): only require role name in rolesToAssumeForAccounts @michaelbeaumont
- feat(helm): remove license text for MinK zones @johnharris85
- feat(kuma-cp): allow to change mtls backends with skiping validation @lukidzi
- feat(kuma-cp): include tenant aware unary interceptor @michaelbeaumont
- feat(kuma-cp): introduce resource limiting capability @bartsmykla
- feat(kuma-cp): use ReadResourceManager for RBAC @lukidzi
- feat(tenants): do not ensure mesh default mesh resources manually @jakubdyszkiewicz
- feat(tenants): shard tenants for postgres @jakubdyszkiewicz
- fix(awsiam): refresh GetCallerIdentity request in DP @michaelbeaumont
- fix(certmanager): enable cert manager in universal global @kong-mesh
- fix(kmesh-cp): extend new zone name validation to be compliant with RFC1035 dns name @Automaat
- fix(kuma-cp): set cp mode for ACMCA plugin @lukidzi
- fix(tenants): sharding setup @jakubdyszkiewicz
2.4.4
Released on 2023/11/06
- chore(deps): bump kumahq/kuma from eeeb2a1eb7bd to b3131e7b6 @kong-mesh
- chore(deps): security update @kong-mesh
- fix(awsiam): refresh GetCallerIdentity request in DP (backport of #4674) @kong-mesh
2.4.3
Released on 2023/10/11
- chore(deps): bump kumahq/kuma from 80db656df125 to eeeb2a1eb @kong-mesh
- chore(deps): bump opa to 0.57 @slonka
2.3.3
Released on 2023/10/11
- chore(deps): build without containerd (backport of #4229) @kong-mesh
- chore(deps): bump kumahq/kuma from c56df80922be to 815b26399 @kong-mesh
- chore(deps): bump opa to 0.57 @slonka
- chore(deps): security update @kong-mesh
- fix(audit): use background context (backport of #4035) @kong-mesh
2.2.5
Released on 2023/10/11
- chore(deps): build without containerd (backport of #4229) @kong-mesh
- chore(deps): bump kumahq/kuma from 858fa348ff7f to 467b9011a @kong-mesh
- chore(deps): bump opa to 0.57 @slonka
- fix(audit): use background context (backport of #4035) @kong-mesh
2.1.7
Released on 2023/10/11
- chore(deps): bump kumahq/kuma from bc5859add936 to f8e669466 @kong-mesh
- fix(audit): use background context (backport of #4035) @kong-mesh
2.0.8
Released on 2023/10/11
- chore(deps): bump github.com/docker/distribution from 2.8.2-beta.1 to 2.8.2 @michaelbeaumont
- chore(deps): bump kumahq/kuma from 4ecbae54501e to 6ecaf21ff @kong-mesh,@michaelbeaumont
- chore(deps): security update @kong-mesh
- fix(audit): use background context (backport of #4035) @kong-mesh
2.4.2
Released on 2023/10/02
- chore(deps): build without containerd (backport of #4229) @kong-mesh
- chore(deps): bump kumahq/kuma from ecac076c0da2 to 80db656df @kong-mesh
- chore(deps): security update @kong-mesh
- feat(awsiam): add ability to assume roles for cross account auth (backport of #4344) @kong-mesh
- feat(awsiam): only require role name in rolesToAssumeForAccounts (backport of #4365) @kong-mesh
- fix(auth): better error message when invalid token supplied (backport of #4429) @kong-mesh
2.4.1
Released on 2023/09/07
- chore(deps): bump kumahq/kuma from d7115ca38696 to ecac076c0 @kong-mesh
2.4.0
Released on 2023/08/29
- chore(deps): bump github.com/Kong/kauth-api from 1.95.0 to 1.113.0 @dependabot
- chore(deps): bump github.com/Kong/shared-go/kauth from 1.0.1 to 1.0.5 @dependabot
- chore(deps): bump github.com/Kong/shared-go/rest from 1.0.3 to 1.1.2 @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go from 1.44.268 to 1.44.329 @dependabot
- chore(deps): bump github.com/cert-manager/cert-manager from 1.12.0 to 1.12.3 @dependabot
- chore(deps): bump github.com/docker/docker from 24.0.0+incompatible to 24.0.5+incompatible @dependabot
- chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 @dependabot
- chore(deps): bump github.com/gruntwork-io/terratest from 0.41.16 to 0.43.12 @dependabot
- chore(deps): bump github.com/hashicorp/go-retryablehttp from 0.7.2 to 0.7.4 @dependabot
- chore(deps): bump github.com/hashicorp/vault/api from 1.9.1 to 1.9.2 @dependabot
- chore(deps): bump github.com/hashicorp/vault/api/auth/aws from 0.4.0 to 0.4.1 @dependabot
- chore(deps): bump github.com/hashicorp/vault/sdk from 0.9.0 to 0.9.2 @dependabot
- chore(deps): bump github.com/kong/shared-go/kauth to 0.8.0 @michaelbeaumont
- chore(deps): bump github.com/open-policy-agent/opa from 0.51.0 to 0.55.0 @dependabot,@michaelbeaumont
- chore(deps): bump github.com/open-policy-agent/opa-envoy-plugin from 0.51.0-envoy to 0.55.0-envoy @dependabot
- chore(deps): bump kumahq/kuma from 0f4429297271 to d7115ca38 @bartsmykla,@kong-mesh
- chore(deps): bump the k8s-libs group with 1 update @dependabot
- chore(deps): bump ubi9-minimal from 9.2-484 to 9.2-717 @dependabot
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
- chore(release): merge release-2.3 @michaelbeaumont
- feat(insights): trigger computation @jakubdyszkiewicz
- feat(kmesh-cp): add information about authorization data in requests when connection from zone to global cp @Automaat
- feat(kmesh-cp): disable external CA validation on global @jakubdyszkiewicz
- feat(kmesh-cp): do not assert tenants activity update @jakubdyszkiewicz
- feat(kuma-cp): add opentelemetry instrumentation for api-server Konnect client @michaelbeaumont
- feat(kuma-cp): add trace spans for zone auth konnect calls @michaelbeaumont
- feat(kuma-cp): add tracing to kauth pdp calls @michaelbeaumont
- feat(kuma-cp): create tenants resources concurrently @lukidzi
- feat(kuma-cp): removed 2nd call and unused CP key @lukidzi
- feat(license): support zone licensing @lahabana
- feat(security): add action to scan images we build @slonka
- feat(security): fix typo @slonka
- feat(security): rename the workflow and remove dot slash @slonka
- feat(security): rename workflow run-name @slonka
- feat(security): switch to repo uses @slonka
- feat(tracing): add TenantsWs spans @michaelbeaumont
- fix(.github): fix scan docker images @lahabana
- fix(audit): use background context @jakubdyszkiewicz
- fix(kmesh-cp): revert “add information about authorization data in re… @Automaat
- fix(kmesh-cp): tenants activity context and proceed with filter chain @jakubdyszkiewicz
- fix(kuma-cp): refresh only specific mesh when event triggered @lukidzi
- fix(license): rename zones to mesh_zones @lahabana
2.1.6
Released on 2023/08/15
- chore(deps): bump github.com/docker/distribution from 2.8.2-beta.1 to 2.8.2 @michaelbeaumont
- chore(deps): bump kumahq/kuma from 9b24e08ef23a to bc5859add @kong-mesh,@michaelbeaumont
- chore(deps): security update @kong-mesh
2.3.2
Released on 2023/08/04
- chore(deps): bump kumahq/kuma from 45dd7ae494d4 to c56df8092 @kong-mesh
- chore(deps): update containerd to v1.7.3 @michaelbeaumont
2.2.4
Released on 2023/08/04
- chore(deps): bump github.com/docker/distribution from 2.8.1 to 2.8.2 @michaelbeaumont
- chore(deps): bump kumahq/kuma from 5a31d8ce5239 to 858fa348f @kong-mesh,@michaelbeaumont
- chore(deps): security update @kong-mesh
- chore(deps): update containerd to v1.7.3 @michaelbeaumont
2.1.5
Released on 2023/07/28
- chore(deps): upgrade envoy to 1.24.10 #7363 @lukidzi
- chore(deps): bump kumahq/kuma from 60a2d39e7d56 to 7ba3e3579 @kong-mesh
2.0.7
Released on 2023/07/28
- chore(deps): upgrade envoy to 1.24.10 #7364 @lukidzi
- chore(deps): bump kumahq/kuma from d8705e29be4c to 4ecbae545 @kong-mesh
1.9.8
Released on 2023/07/27
- chore(deps): upgrade envoy to 1.24.10 #7365 @lukidzi
- fix(kuma-cp): order resources for building VIPs (backport of #7333) #7360 @kumahq
2.3.1
Released on 2023/07/21
- update Envoy version to 1.26.3 which includes fix for CVE-2023-35945
- chore(deps): bump kumahq/kuma from bba743f5ae56 to 45dd7ae49 @kong-mesh,@michaelbeaumont
2.2.3
Released on 2023/07/21
- update Envoy version to 1.25.8 which includes fix for CVE-2023-35945
- chore(deps): bump kumahq/kuma from 2e775e96a30e to fd7bb16d0 @kong-mesh
2.0.6
Released on 2023/07/21
- update Envoy version to 1.24.9 which includes fix for CVE-2023-35945
- chore(deps): bump kumahq/kuma from c92a5afd5f13 to d8705e29b @kong-mesh
1.9.7
Released on 2023/07/21
- update Envoy version to 1.24.9 which includes fix for CVE-2023-35945
- chore(deps): bump kumahq/kuma from af41f882c68c to 0aaf921a0 @kong-mesh
2.1.4
Released on 2023/07/20
- update Envoy version to 1.24.9 which includes fix for CVE-2023-35945
- chore(deps): bump kumahq/kuma from a2cf8c765290 to 60a2d39e7 @kong-mesh
2.3.0
Released on 2023/06/23
- chore(deps): bump github.com/Kong/kauth-api from 1.94.0 to 1.100.0 @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go from 1.44.241 to 1.44.268 @dependabot
- chore(deps): bump github.com/cert-manager/cert-manager from 1.11.0 to 1.12.0 @dependabot
- chore(deps): bump github.com/docker/docker from 23.0.3+incompatible to 24.0.0+incompatible @dependabot
- chore(deps): bump github.com/hashicorp/vault/api from 1.9.0 to 1.9.1 @dependabot
- chore(deps): bump github.com/hashicorp/vault/sdk from 0.8.1 to 0.9.0 @dependabot
- chore(deps): bump github.com/testcontainers/testcontainers-go from 0.18.0 to 0.19.0 @dependabot
- chore(deps): bump kumahq/kuma from d98ca8aacc47 to c96910d2e @kong-mesh,@lahabana,@slonka
- chore(deps): bump otel @slonka
- chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.0-beta.0 to 0.15.0 @dependabot
- chore(deps): bump tibdex/github-app-token from 1.7.0 to 1.8.0 @dependabot
- chore(deps): bump ubi9-minimal from 9.1.0-1829 to 9.2-484 @dependabot
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
- chore(release): merge release-2.2 to master @slonka
- feat(MeshGlobalRateLimit): add header based rate limiting @Automaat
- feat(MeshGlobalRateLimit): add ratelimit service auth @bartsmykla
- feat(MeshGlobalRateLimit): allow to configure MeshSubset in top level… @Automaat
- feat(MeshGlobalRateLimit): secure communication between ratelimit service and DPP with TLS @Automaat
- feat(MeshGlobalRateLimit): securing communication between DPP and ratelimit service MADR @Automaat
- feat(MeshOPA): support builtin gateway listeners @michaelbeaumont
- feat(config): remove konnect section from config @jakubdyszkiewicz
- feat(kuma-cp): added authz integration with kauth-pdp for api-server @lukidzi
- feat(kuma-cp): alternative store that supports multitenancy @jakubdyszkiewicz
- feat(kuma-cp): rename variable and add helm config @lukidzi
- feat(kuma-cp): use kauth to validate KDS token @lukidzi
- feat(mink): add endpoint to provision a zone @slonka
- feat(mink): fix running memory storage type and rls @slonka
- feat(mink): only initialize konnect client when the auth type is konnect @slonka
- feat(mink): owner tenant id fix @slonka
- feat(mink): provisioning a zone with kauth token @slonka
- feat(mink): reenable konnect specific migrations test @slonka
- feat(mink): rename the endpoint and payload to match front-end @slonka
- feat(mink): skip authnz on konnect health endpoint @jakubdyszkiewicz
- feat(mink): skip vcp header check on /health @slonka
- feat(multitenancy): introduce RLS @slonka
- feat(multitenancy): put tenant id in postgres events @jakubdyszkiewicz
- feat(multitenancy): rls for existing user @jakubdyszkiewicz
- fix(MeshOPA): apply policy to correct inbounds @michaelbeaumont
- fix(deployment): turn off cancel in progress for mink charts update @slonka
- fix(helm): add cert-manager RBAC @johnharris85
- fix(helm): update HPA API version @johnharris85
- fix(kauth): refresh service client tokens @iamnande
- fix(konnect): remove Bearer from the token @lukidzi
- fix(kuma-cp): change the order of columns in primary key @lukidzi
- fix(kuma-cp): disable kds token component when deployment type konnect @lukidzi
- fix(kuma-cp): fixed naming of a path @lukidzi
- fix(kuma-cp): fixed naming of envs and added missing env def @lukidzi
- fix(kuma-cp/run): don’t fail if valid kuma-cp args are passed @michaelbeaumont
- fix(mink): properly quote rls user in migration @slonka
- fix(mink): properly quote user for rls double escape @slonka
- fix(mink): use shared go claims for konnect client @slonka
- fix(rls): do not recreate db conns in a loop @jakubdyszkiewicz
2.2.2
Released on 2023/06/21
- chore(deps): bump kumahq/kuma from e30ace1c5856 to 2e775e96a @kong-mesh
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
2.1.3
Released on 2023/06/21
- chore(deps): bump kumahq/kuma from 7233fbcad813 to a2cf8c765 @kong-mesh
- chore(deps): upgrade kuma version and Envoy to 1.24.8 @lukidzi
- chore(deps): upgrade ubi image from 8.7 to 9.1 @lukidzi
2.0.5
Released on 2023/06/21
- chore(deps): bump kumahq/kuma from f4117ec0c431 to c92a5afd5 @kong-mesh
- chore(deps): upgrade kuma version and Envoy to 1.24.8 @lukidzi
- chore(deps): upgrade ubi image from 8.7 to 9.1 @lukidzi
1.9.6
Released on 2023/06/21
- chore(deps): bump kumahq/kuma from 22ae8e02c752 to af41f882c @kong-mesh
- chore(deps): fix security update for 1.9 @slonka
- chore(deps): security update @kong-mesh
- chore(deps): upgrade kuma version and Envoy to 1.24.8 @lukidzi
- chore(deps): upgrade ubi image from 8.7 to 9.1 @lukidzi
2.2.1
Released on 2023/05/10
- chore(deps): bump kumahq/kuma from 9a2812c6b3a4 to e30ace1c5 @kong-mesh
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
2.2.0
Released on 2023/04/14
- chore(deps): bump actions/checkout from 2 to 3 @dependabot
- chore(deps): bump actions/github-script from 5 to 6 @dependabot
- chore(deps): bump actions/setup-go from 3 to 4 @dependabot
- chore(deps): bump github.com/aws/aws-sdk-go from 1.44.187 to 1.44.236 @dependabot
- chore(deps): bump github.com/emicklei/go-restful/v3 from 3.10.1 to 3.10.2 @dependabot
- chore(deps): bump github.com/golang/protobuf from 1.5.2 to 1.5.3 @dependabot
- chore(deps): bump github.com/gruntwork-io/terratest from 0.41.9 to 0.41.16 @dependabot
- chore(deps): bump github.com/hashicorp/vault/api from 1.8.3 to 1.9.0 @dependabot
- chore(deps): bump github.com/hashicorp/vault/api/auth/aws from 0.3.0 to 0.4.0 @dependabot
- chore(deps): bump github.com/hashicorp/vault/sdk from 0.7.0 to 0.8.1 @dependabot
- chore(deps): bump github.com/open-policy-agent/opa from 0.49.0 to 0.49.1 @dependabot
- chore(deps): bump github.com/open-policy-agent/opa-envoy-plugin from 0.48.0-envoy to 0.49.2-envoy @dependabot
- chore(deps): bump gopkg.in/natefinch/lumberjack.v2 from 2.0.0 to 2.2.1 @dependabot
- chore(deps): bump kumahq/kuma from c53b7eee1b7d to 9a2812c6b @kong-mesh,@lahabana
- chore(deps): bump peter-evans/create-pull-request from 4 to 5 @dependabot
- chore(deps): bump ubi8/ubi-minimal from 8.7 to 8.7-1085 @dependabot
- chore(deps): security update @kong-mesh
- chore(deps): use latest Kong/kong-mesh-gui @kong-mesh
- feat(MeshOPA): composable policies @jakubdyszkiewicz
- feat(authn): cache konnect auth tokens @jakubdyszkiewicz
- feat(authn): kauth integration @jakubdyszkiewicz
- feat(ca/certmanager): allow a CA to be provided in config @michaelbeaumont
- feat(ca/certmanager): option to set certificate dnsNames @michaelbeaumont
- feat(ca/certmanager): rename conf.ca to conf.caCert (backport #2963) @mergify
- feat(docker): update to UBI 9 images @michaelbeaumont
- feat(kuma-cp): add auth method for delta kds @lukidzi
- feat(policies): implement MeshGlobalRateLimit policy @Automaat,@michaelbeaumont
- fix(acm): use region of Private CA instead of control plane @michaelbeaumont
- fix(ca/certmanager): don’t block unnecessarily long, decrease wait interval @michaelbeaumont
- fix(ca/certmanager): don’t busy wait when getting certs @michaelbeaumont
- fix(ca/certmanager): don’t force common name to be set in CSRs @michaelbeaumont
- fix(docker): set entrypoint of base UBI image @michaelbeaumont
- fix(docker): set user as UID in image rather than name @lahabana
- fix(k8s): fix storage version migrator spinning @slonka
- fix(kuma-cp): don’t let CA requests for other meshes block generation @michaelbeaumont
- fix(vault): token renewal after secret change fix @bartsmykla
2.1.2
Released on 2023/04/07
- chore(deps): security update @kong-mesh
- feat(ca/certmanager): allow a CA to be provided in config (backport #2952) @mergify
- feat(ca/certmanager): rename conf.ca to conf.caCert @michaelbeaumont
- feat(cert-manager): option to set certificate dnsNames (backport #2855) @mergify
- fix(acm): use region of Private CA instead of control plane (backport #3101) @mergify
- fix(ca/certmanager): don’t block unnecessarily long, decrease wait interval (backport #2951) @mergify
- fix(ca/certmanager): don’t busy wait when getting certs (backport #2938) @mergify
- fix(kuma-cp): don’t let CA requests for other meshes block generation (backport #2953) @mergify
- fix(plugin/vault): token renew when secret change (backport #3025) @mergify
- fix(plugins/ca/certmanager): don’t force common name to be set in CSRs (backport #2795) @mergify
2.0.4
Released on 2023/04/07
- chore(deps): security update @kong-mesh
- fix(acm): use region of Private CA instead of control plane (backport #3101) @mergify
- fix(plugin/vault): token renew when secret change (backport #3025) @mergify
- fix(plugins/ca/certmanager): don’t force common name to be set in CSRs (backport #2795) @mergify
1.9.5
Released on 2023/04/06
- fix(plugin/vault): token renew when secret change (backport #3025) @mergify
- fix(plugins/ca/certmanager): don’t force common name to be set in CSRs (backport #2795) @mergify
1.8.7
Released on 2023/04/06
- fix(plugin/vault): token renew when secret change (backport #3025) @mergify
2.1.1
Released on 2023/02/16
- chore(deps): security update @kong-mesh
- chore(deps): use latest Kong/kong-mesh-gui @kongmesh
- feat(makefiles): remove explicit envoy version @jakubdyszkiewicz
- fix(ghaction): rename helm release action @jakubdyszkiewicz
- fix(makefiles): implicit BASE_KUMA_VERSION (backport #2720) @mergify
2.0.3
Released on 2023/02/16
- feat(makefiles): remove explicit envoy version @jakubdyszkiewicz
- fix(ghaction): rename helm release action (backport #2729) @mergify
- fix(makefiles): implicit BASE_KUMA_VERSION (backport #2720) @mergify
1.9.4
Released on 2023/02/16
- chore(deps): security update @kong-mesh
- feat(makefiles): remove explicit envoy version @jakubdyszkiewicz
- fix(ghaction): rename helm release action (backport #2729) @mergify
- fix(makefiles): implicit BASE_KUMA_VERSION (backport #2720) @mergify
1.8.6
Released on 2023/02/16
- chore(deps): security update @kong-mesh
- feat(makefiles): remove explicit envoy version @jakubdyszkiewicz
- fix(ghaction): rename helm release action (backport #2729) @mergify
- fix(makefiles): implicit BASE_KUMA_VERSION (backport #2720) @mergify
1.7.7
Released on 2023/02/16
- chore(deps): security update @kong-mesh
- feat(makefiles): remove explicit envoy version @jakubdyszkiewicz
- fix(ghaction): rename helm release action (backport #2729) @mergify
- fix(makefiles): implicit BASE_KUMA_VERSION (backport #2720) @mergify
2.1.0
Released on 2023/01/31
Built on top of Kuma 2.1.0
- Added the MeshOPA policy. This policy is compliant with new
targetRef
standard. This policy will replace OPA Policy. - RBAC now supports
to
andfrom
selectors intargetRef
based policies - Added the ability to specify list of users that have admin rights by default.
- Limited the number of OPA policies you can configure to one because of OPA limitations.
2.0.2
Released on 2023/01/13
Built on top of Kuma 2.0.2
- Upgraded the Helm library version.
- Upgraded the Go version to 1.18.9.
- Fixed data caching. This bug might have caused certificates to regenerate.
- Upgraded CoreDNS.
1.9.3
Released on 2023/01/13
Built on top of Kuma 1.8.3
- Upgraded the Helm library version.
- Upgraded the Go version to 1.18.9.
- Fixed data caching. This bug might have caused certificates to regenerate.
- Upgraded CoreDNS.
1.8.5
Released on 2023/01/13
Built on top of Kuma 1.7.4
- Upgraded the Helm library version.
- Upgraded the Go version to 1.18.9.
- Fixed data caching. This bug might have caused certificates to regenerate.
- Upgraded CoreDNS.
1.7.6
Released on 2023/01/13
Built on top of Kuma 1.6.4
- Upgraded the Helm library version.
- Upgraded the Go version to 1.18.9.
- Fixed data caching. This bug might have caused certificates to regenerate.
- Upgraded CoreDNS.
1.6.4
Released on 2023/01/13
Built on top of Kuma 1.5.4
- Upgraded the Helm library version.
- Upgraded the Go version to 1.18.9.
- Fixed data caching. This bug might have caused certificates to regenerate.
- Upgraded CoreDNS.
1.6.3
Released on 2022/12/13
Built on top of Kuma 1.5.3
- Fixed potential logging of secrets in kuma-cp.
- Fixed KDS instability.
- Fixed unnecessary CDS updates.
1.7.5
Released on 2022/12/08
Built on top of Kuma 1.6.3
- Fixed potential logging of secrets in kuma-cp.
- Fixed KDS instability.
- Fixed unnecessary CDS updates.
- Fixed a bug where the OPA Agent stops returning valid decisions after KM CP crashes.
1.9.2
Released on 2022/12/06
Built on top of Kuma 1.8.2
- Fixed potential logging of secrets in kuma-cp.
- Fixed KDS instability.
- Fixed unnecessary CDS updates.
- Fixed a bug where the OPA Agent stops returning valid decisions after KM CP crashes.
1.8.4
Released on 2022/12/06
Built on top of Kuma 1.7.3
- Fixed potential logging of secrets in kuma-cp.
- Fixed KDS instability.
- Fixed unnecessary CDS updates.
- Fixed a bug where the OPA Agent stops returning valid decisions after KM CP crashes.
2.0.1
Released on 2022/12/05
Built on top of Kuma 2.0.1
- Fixed potential logging of secrets in kuma-cp.
- Fixed KDS instability.
- Fixed unnecessary CDS updates.
- Fixed a bug where the OPA Agent stops returning valid decisions after KM CP crashes.
2.0.0
Released on 2022/11/04
Built on top of Kuma 2.0.0
Amazon ECS
You can now configure the sidecar to authenticate using the IAM role of the ECS task it’s running as instead of using a data plane token. The control plane interprets the tags on the role similar to how it interprets the data plane token. This simplifies the deployment and management of Kong Mesh on ECS.
For more information, see Kong Mesh on Amazon ECS.
1.9.1
Released on 2022/10/07
Built on top of Kuma 1.8.1
- Gateway: Added support for
retryOn
in retry policies. - Added support for evicted Pods.
- Added support for wildcard tag value match in RBAC.
- Prevents a potential data race by creating a deep copy of tags when generating outbounds.
1.8.3
Released on 2022/10/07
Built on top of Kuma 1.7.2
- Added support for evicted Pods.
- Prevents a potential data race by creating a deep copy of tags when generating outbounds.
1.7.4
Released on 2022/10/07
Built on top of Kuma 1.6.2
- Added support for evicted Pods.
- Prevents a potential data race by creating a deep copy of tags when generating outbounds.
1.9.0
Released on 2022/08/23
- Add “replace” function to CommonName template in CAs which support it (ACMPCA, cert-manager, Vault).
- Fix ZoneControlPlane token generation by setting access type to RBAC in the generated default.
- Improve RBAC logic by checking both old and new spec on updates.
- Add configuration option for RBAC validation result logging.
- Add cert-manager.io CA manager.
1.8.2
Released on 2022/08/05
Built on top of Kuma 1.7.1
- Fix RBAC: all tags specified in when section are required in policies.
- Fix RBAC:
*
value in tag specified in when section means that the tag is required, but can have any value.
1.8.1
Released on 2022/07/15
Built on top of Kuma 1.7.1
- Check both old and new spec on Update
1.7.2
Released on 2022/07/15
Built on top of Kuma 1.6.1
- Check both old and new spec on Update
1.8.0
Released on 2022/06/15
New Features:
- Support for arm64
- Graceful shutdown of OPA
- Role-based AWS authentication for Vault
- Added a Vault AWS authentication option to set the server ID header
Dependency upgrades:
- Bump
github.com/aws/aws-sdk-go
from 1.40.56 to 1.44.21 - Bump
github.com/hashicorp/go-retryablehttp
from 0.6.6 to 0.7.1 - Bump
github.com/open-policy-agent/opa
from 0.38.1 to 0.40.0 - Bump
github.com/open-policy-agent/opa-envoy-plugin
from 0.38.1-envoy-3 to 0.40.0-envoy - Bump
k8s.io/api
from 0.23.6 to 0.24.1 - Bump
k8s.io/apimachinery
from 0.23.6 to 0.24.1 - Bump
sigs.k8s.io/controller-runtime
from 0.11.2 to 0.12.1
1.7.1
Released on 2022/06/14
Built on top of Kuma 1.6.1
- Allow graceful shutdown of OPA
1.7.0
Released on 2022/04/11
New Features:
- Add support for AWS Certificate Manager Private CA
- Inspect API support for Open Policy Agent
- Add license values to Mesh reports
Dependency upgrades:
- Bump
github.com/aws/aws-sdk-go
from 1.40.56 to 1.43.29 - Bump
github.com/hashicorp/vault/api
from 1.3.1 to 1.5.0 - Bump
github.com/open-policy-agent/opa
from 0.37.1 to 0.38.1 - Bump
github.com/open-policy-agent/opa-envoy-plugin
from 0.37.1-envoy to 0.38.1-envoy-3
1.6.1
Released on 2022/04/07
Built on top of Kuma 1.5.1
- Remove the old JWT library
- Make the Open Policy Agent timeout configurable
Dependency upgrades:
- Bump
github.com/open-policy-agent/opa
from 0.37.2 to 0.38.1
1.6.0
Released on 2022/02/24
Built on top of Kuma 1.5.0
- UBI images support.
- ECS EC2 and Fargate first party support.
- Update OPA agent to v0.37.2.
1.5.1
Released on 2021/12/16
Built on top of Kuma 1.4.1
- Default role-based access control (RBAC) for zone control planes is now restricted to the
admin
role. - Performance continues to be significantly improved.
- Authentication tokens are now more secure.
1.5.0
Released on 2021/11/22
Built on top of Kuma 1.4.0
- Role-based Access Control (RBAC) is now available.
- Support for Windows installation on Universal (VMs) is now available.
- Renewable tokens in Vault are now supported.
1.4.1
Released on 2021/10/06
Built on top of Kuma 1.3.1
- Common Name (CN) support for Vault certificate storage is now available.
- You can now disable zones as needed.
- The number of PostgreSQL connections is now limited to 50 by default. The default value was previously unlimited; you can still configure the limit if needed.
- You can now select a specific zone in the Kuma Service dashboard and in the Service to Service dashboard.
1.3.4
Released on 2021/09/15
Built on top of Kuma 1.2.3
- Moved to a Kuma fork of
go-control-plane
that fixes a Goroutine leak
1.4.0
Released on 2021/08/25
Built on top of Kuma 1.3.0
- You can now configure CA rotation in {{site.mesh_product_name}}.
- A service map topology view is available that provides visualization of service traffic dependencies.
- Support for mutual TLS in permissive mode is available, to support migrating applications into the service mesh.
- You can now customize hostnames and ports for data plane proxies with a new virtual outbound policy.
- You can more easily specify intermediate CAs with mTLS.
1.3.3
Released on 2021/07/29
Built on top of Kuma 1.2.3
- kumactl now always warns when the client and server versions cannot be confirmed to match.
- The data plane proxy type is now checked for a valid value (one of
ingress
ordataplane
). - Improvements to the control plane.
1.3.2
Released on 2021/07/16
Built on top of Kuma 1.2.2
- Datadog is now available as a traffic tracing option.
- Message limit for gRPC stream is increased to better support Kuma discovery service (KDS)
- Improved leader election during unexpected failures.
- Improved SDS and XDS on rapid DP restarts.
- Fixed HDS on the dataplane server when bootstrapping an ingress.
1.3.1
Released on 2021/06/30
Built on top of Kuma 1.2.1
- (Kuma) The data plane proxy now provides an advertised address to the control plane for communication in cases where the address is not directly reachable.
- (Kuma) An SNI header is now added when TLS is enabled, to permit communication with external services that require it.
- (Kong Mesh only) New parameters
pki
androle
are available for Vault. - (Kong Mesh only) The CNI config name is now always prefixed with
kuma-cni
. - (Kong Mesh only) TTL is no longer validated for Vault.
1.3.0
Released on 2021/06/17
Built on top of Kuma 1.2.0
- New L7 Traffic Routing policy to route and modify HTTP traffic per path, method, header, or any other combination, with support for regex. Traffic can be modified before reaching the final destination.
- New Rate-Limit policy to protect services from aggressive traffic. This policy can protect from downtime and improve the overall reliability of your applications.
- The “Remote” control plane is renamed to “Zone” control plane. This means the “Ingress” resource is renamed “ZoneIngress”. Thanks to community users for providing the feedback that drove this effort.
- Traffic Permissions now work with external services.
- Improved performance of our DNS resolution.
- More improvements, including a fix for GCP/GKE’s erratic IPv6 support.
- Updated to Envoy 1.18.3.
1.2.6
Released on 2021/05/13
Built on top of Kuma 1.1.6.
- Intermediate Certificate Authorities (CAs) are now supported with Vault integration.
- You can now specify any and all tags in a Traffic Permission policy for Vault integration.
- You can now specify TCP and HTTP health checks at the same time in the same policy. The health check policy also
now includes a
reuse_connection
option. - The
--gateway
flag is now available in the CLI. - You can now install an ingress controller with the CLI. {{site.base_gateway}} is the first supported ingress controller.
- You can now install the Kuma demo application with the CLI.
1.2.5
Released on 2021/04/30
Built on top of Kuma 1.1.5.
- ⚠️ All installation scripts are updated to a new location because Bintray is shutting down. If you’ve written automation scripts that refer to the Bintray location, you need to update your scripts to point to the new location.
- Transparent proxying is improved.
- The GUI is improved.
- The locality is now always set in a multi-zone deployment.
1.2.4
Released on 2021/04/19
Built on top of Kuma 1.1.4.
Includes important bug fixes to version 1.1.3 of Kuma, plus improvements to the web UI.
1.2.3
Released on 2021/04/16
Built on top of Kuma 1.1.3. Notably:
- Built-in DNS provides support for specifying external services by original hostname and port
1.2.2
Released on 2021/04/12
Built on top of Kuma 1.1.2 with fixes and improvements. Features include:
- 19 new observability charts and golden metrics.
- IPv6 support across the service mesh.
- New threshold configuration in the Circuit Breaker policy.
- Performance improvements, especially with external services.
- Stability improvements to kuma-cp and DNS resolution.
1.2.1
Released on 2021/03/15
- Fix to include the OPA CRD in the deployment
- Build on top of Kuma 1.1.1 with fixes and improvements
1.2.0
Released on 2021/03/09
- Added Open Policy Agent integration
- Improved authentication support for control planes in multi-zone deployments, with the Kuma Discovery Protocol (KDS)
- Added FIPS support to the data plane proxy sidecar
- Added XDSv3 for control plane to data plane proxy communication
- Build on top of Kuma 1.1.0 with fixes and improvements