diff --git a/app/assets/dev/raw/crds/kuma.io_meshgatewayinstances.yaml b/app/assets/dev/raw/crds/kuma.io_meshgatewayinstances.yaml index b0056e5ad..0c12d6d2f 100644 --- a/app/assets/dev/raw/crds/kuma.io_meshgatewayinstances.yaml +++ b/app/assets/dev/raw/crds/kuma.io_meshgatewayinstances.yaml @@ -285,6 +285,17 @@ spec: description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) type: string + ipMode: + description: IPMode specifies how the load-balancer IP behaves, + and may only be specified when the ip field is specified. + Setting this to "VIP" indicates that traffic is delivered + to the node with the destination set to the load-balancer's + IP and port. Setting this to "Proxy" indicates that traffic + is delivered to the node or pod with the destination set + to the node's IP and node port or the pod's IP and port. + Service implementations may use this information to adjust + traffic routing. + type: string ports: description: Ports is a list of records of service ports If used, every port defined in the service should have diff --git a/app/assets/dev/raw/crds/kuma.io_meshmetrics.yaml b/app/assets/dev/raw/crds/kuma.io_meshmetrics.yaml index 9819753a5..c025c75b7 100644 --- a/app/assets/dev/raw/crds/kuma.io_meshmetrics.yaml +++ b/app/assets/dev/raw/crds/kuma.io_meshmetrics.yaml @@ -102,7 +102,6 @@ spec: - mode type: object required: - - clientId - path - port type: object diff --git a/app/assets/dev/raw/kuma-cp.yaml b/app/assets/dev/raw/kuma-cp.yaml index 7ab3db917..8136a224b 100644 --- a/app/assets/dev/raw/kuma-cp.yaml +++ b/app/assets/dev/raw/kuma-cp.yaml @@ -504,7 +504,7 @@ multizone: responseBackoff: 0s # ENV: KUMA_MULTIZONE_GLOBAL_KDS_RESPONSE_BACKOFF zone: # Kuma Zone name used to mark the zone dataplane resources - name: "" # ENV: KUMA_MULTIZONE_ZONE_NAME + name: "default" # ENV: KUMA_MULTIZONE_ZONE_NAME # GlobalAddress URL of Global Kuma CP globalAddress: # ENV KUMA_MULTIZONE_ZONE_GLOBAL_ADDRESS kds: diff --git a/app/assets/dev/raw/protos/KumaResource.json b/app/assets/dev/raw/protos/KumaResource.json index a4781295d..28f5ce5d1 100644 --- a/app/assets/dev/raw/protos/KumaResource.json +++ b/app/assets/dev/raw/protos/KumaResource.json @@ -39,6 +39,12 @@ }, "version": { "type": "string" + }, + "labels": { + "additionalProperties": { + "type": "string" + }, + "type": "object" } }, "additionalProperties": true, diff --git a/app/assets/raw/CHANGELOG.md b/app/assets/raw/CHANGELOG.md new file mode 100644 index 000000000..7aa78df04 --- /dev/null +++ b/app/assets/raw/CHANGELOG.md @@ -0,0 +1,2101 @@ +# Changelog + + +## 2.5.1 +> Released on 2023/12/05 + +* feat(dataplane): ignored listeners with ignored labels in selector (backport of #8463) [#8544](https://github.com/kumahq/kuma/pull/8544) @kumahq +* fix(ZoneIngress): subset routing when tag is present on all subsets (backport of #8443) [#8475](https://github.com/kumahq/kuma/pull/8475) @kumahq +* fix(metrics): fix kds metrics for simple watchdog (backport of #8428) [#8430](https://github.com/kumahq/kuma/pull/8430) @kumahq + + +## 2.5.0 +> Released on 2023/11/15 + +* chore(deps): bump actions/checkout from 3 to 4 [#7639](https://github.com/kumahq/kuma/pull/7639) @dependabot +* chore(deps): bump actions/setup-node from 3 to 4 [#8109](https://github.com/kumahq/kuma/pull/8109) @dependabot +* chore(deps): bump cirello.io/pglock from 1.14.0 to 1.14.1 [#7914](https://github.com/kumahq/kuma/pull/7914) @dependabot +* chore(deps): bump debian from `b91baba` to `7d3e881` [#7697](https://github.com/kumahq/kuma/pull/7697) [#7852](https://github.com/kumahq/kuma/pull/7852) [#8053](https://github.com/kumahq/kuma/pull/8053) @dependabot +* chore(deps): bump distroless/base-nossl-debian11 from `6579e1f` to `1ae8df5` [#7635](https://github.com/kumahq/kuma/pull/7635) [#7985](https://github.com/kumahq/kuma/pull/7985) @dependabot +* chore(deps): bump distroless/static-debian11 from `312a533` to `cdb2034` [#7636](https://github.com/kumahq/kuma/pull/7636) [#7987](https://github.com/kumahq/kuma/pull/7987) @dependabot +* chore(deps): bump envoy from 1.27.0 to 1.27.1 [#8023](https://github.com/kumahq/kuma/pull/8023) @lahabana +* chore(deps): bump github.com/cilium/ebpf from 0.11.0 to 0.12.2 [#8093](https://github.com/kumahq/kuma/pull/8093) @dependabot +* chore(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 [#7712](https://github.com/kumahq/kuma/pull/7712) @dependabot +* chore(deps): bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible [#8183](https://github.com/kumahq/kuma/pull/8183) @dependabot +* chore(deps): bump github.com/evanphx/json-patch/v5 from 5.6.0 to 5.7.0 [#7786](https://github.com/kumahq/kuma/pull/7786) @dependabot +* chore(deps): bump github.com/exaring/otelpgx from 0.5.1 to 0.5.2 [#7857](https://github.com/kumahq/kuma/pull/7857) @dependabot +* chore(deps): bump github.com/go-logr/logr from 1.2.4 to 1.3.0 [#8184](https://github.com/kumahq/kuma/pull/8184) @dependabot +* chore(deps): bump github.com/google/uuid from 1.3.0 to 1.4.0 [#7609](https://github.com/kumahq/kuma/pull/7609) [#8188](https://github.com/kumahq/kuma/pull/8188) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.43.13 to 0.46.1 [#7792](https://github.com/kumahq/kuma/pull/7792) [#7993](https://github.com/kumahq/kuma/pull/7993) [#8090](https://github.com/kumahq/kuma/pull/8090) @dependabot +* chore(deps): bump github.com/miekg/dns from 1.1.55 to 1.1.56 [#7785](https://github.com/kumahq/kuma/pull/7785) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.11.0 to 2.13.0 [#7611](https://github.com/kumahq/kuma/pull/7611) [#7854](https://github.com/kumahq/kuma/pull/7854) [#7991](https://github.com/kumahq/kuma/pull/7991) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.27.10 to 1.29.0 [#7917](https://github.com/kumahq/kuma/pull/7917) [#8094](https://github.com/kumahq/kuma/pull/8094) [#8185](https://github.com/kumahq/kuma/pull/8185) @dependabot +* chore(deps): bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0 [#7916](https://github.com/kumahq/kuma/pull/7916) @dependabot +* chore(deps): bump github.com/prometheus/client_model from 0.4.1-0.20230718164431-9a2bf3000d16 to 0.5.0 [#7992](https://github.com/kumahq/kuma/pull/7992) @dependabot +* chore(deps): bump github.com/slok/go-http-metrics from 0.10.0 to 0.11.0 [#8091](https://github.com/kumahq/kuma/pull/8091) @dependabot +* chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.17.0 [#7989](https://github.com/kumahq/kuma/pull/7989) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.23.0 to 0.26.0 [#7791](https://github.com/kumahq/kuma/pull/7791) [#7945](https://github.com/kumahq/kuma/pull/7945) [#8186](https://github.com/kumahq/kuma/pull/8186) @dependabot +* chore(deps): bump github.com/tonglil/opentelemetry-go-datadog-propagator from 0.1.0 to 0.1.1 [#7641](https://github.com/kumahq/kuma/pull/7641) @dependabot +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7799](https://github.com/kumahq/kuma/pull/7799) @lukidzi +* chore(deps): bump go version to 1.21.3 [#8001](https://github.com/kumahq/kuma/pull/8001) @slonka +* chore(deps): bump go.uber.org/zap from 1.25.0 to 1.26.0 [#7789](https://github.com/kumahq/kuma/pull/7789) @dependabot +* chore(deps): bump golang.org/x/net from 0.14.0 to 0.16.0 [#7699](https://github.com/kumahq/kuma/pull/7699) [#7988](https://github.com/kumahq/kuma/pull/7988) @dependabot +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.58.3 [#8034](https://github.com/kumahq/kuma/pull/8034) @michaelbeaumont +* chore(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0 [#7642](https://github.com/kumahq/kuma/pull/7642) @dependabot +* chore(deps): bump golang.org/x/text from 0.12.0 to 0.13.0 [#7640](https://github.com/kumahq/kuma/pull/7640) @dependabot +* chore(deps): bump golangci-lint from v1.53.3 to v1.54.1 [#7837](https://github.com/kumahq/kuma/pull/7837) @michaelbeaumont +* chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.59.0 [#7698](https://github.com/kumahq/kuma/pull/7698) [#7788](https://github.com/kumahq/kuma/pull/7788) [#7856](https://github.com/kumahq/kuma/pull/7856) [#8097](https://github.com/kumahq/kuma/pull/8097) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.12.3 to 3.13.1 [#7915](https://github.com/kumahq/kuma/pull/7915) [#8089](https://github.com/kumahq/kuma/pull/8089) @dependabot +* chore(deps): bump k8s.io/apiextensions-apiserver from v0.28.1 to v0.28.2 [#7918](https://github.com/kumahq/kuma/pull/7918) @michaelbeaumont +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.1 to 0.16.3 [#7643](https://github.com/kumahq/kuma/pull/7643) [#7787](https://github.com/kumahq/kuma/pull/7787) [#8095](https://github.com/kumahq/kuma/pull/8095) @dependabot +* chore(deps): bump sigs.k8s.io/gateway-api from 0.8.0-rc1 to v1.0.0 [#7644](https://github.com/kumahq/kuma/pull/7644) [#7781](https://github.com/kumahq/kuma/pull/7781) [#8150](https://github.com/kumahq/kuma/pull/8150) @dependabot,@michaelbeaumont +* chore(deps): bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 [#8187](https://github.com/kumahq/kuma/pull/8187) @dependabot +* chore(deps): bump the go-opentelemetry-io group with 3 updates [#7784](https://github.com/kumahq/kuma/pull/7784) [#7920](https://github.com/kumahq/kuma/pull/7920) @dependabot +* chore(deps): bump the go-opentelemetry-io group with 3 updates [#8347](https://github.com/kumahq/kuma/pull/8347) @slonka +* chore(deps): bump the go-opentelemetry-io-contrib group with 2 updates [#7613](https://github.com/kumahq/kuma/pull/7613) @dependabot +* chore(deps): bump the go-opentelemetry-io-otel group with 2 updates [#7607](https://github.com/kumahq/kuma/pull/7607) @dependabot +* chore(deps): bump the k8s-libs group with 3 updates [#7606](https://github.com/kumahq/kuma/pull/7606) [#7790](https://github.com/kumahq/kuma/pull/7790) [#8088](https://github.com/kumahq/kuma/pull/8088) @dependabot +* chore(deps): bump tibdex/github-app-token from 1.8.0 to 2.1.0 [#7638](https://github.com/kumahq/kuma/pull/7638) [#7731](https://github.com/kumahq/kuma/pull/7731) [#7853](https://github.com/kumahq/kuma/pull/7853) @dependabot +* chore(deps): bump ubuntu from `ec050c3` to `2b7412e` [#7637](https://github.com/kumahq/kuma/pull/7637) [#7986](https://github.com/kumahq/kuma/pull/7986) [#8052](https://github.com/kumahq/kuma/pull/8052) @dependabot +* chore(deps): downgrade testcontainers-go from v0.24.0 to v0.23.0 [#7800](https://github.com/kumahq/kuma/pull/7800) @jakubdyszkiewicz +* chore(deps): update gateway-api [#8270](https://github.com/kumahq/kuma/pull/8270) @michaelbeaumont +* chore(deps): update go to 1.21.4 [#8341](https://github.com/kumahq/kuma/pull/8341) @slonka +* chore(deps): upgrade envoy to 1.28.0 [#8158](https://github.com/kumahq/kuma/pull/8158) @lukidzi +* chore(deps): upgrade github.com/gruntwork-io/terratest to v0.43.13 [#7706](https://github.com/kumahq/kuma/pull/7706) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#7603](https://github.com/kumahq/kuma/pull/7603) [#7604](https://github.com/kumahq/kuma/pull/7604) [#7605](https://github.com/kumahq/kuma/pull/7605) [#7612](https://github.com/kumahq/kuma/pull/7612) [#7614](https://github.com/kumahq/kuma/pull/7614) [#7617](https://github.com/kumahq/kuma/pull/7617) [#7619](https://github.com/kumahq/kuma/pull/7619) [#7620](https://github.com/kumahq/kuma/pull/7620) [#7622](https://github.com/kumahq/kuma/pull/7622) [#7626](https://github.com/kumahq/kuma/pull/7626) [#7627](https://github.com/kumahq/kuma/pull/7627) [#7628](https://github.com/kumahq/kuma/pull/7628) [#7629](https://github.com/kumahq/kuma/pull/7629) [#7631](https://github.com/kumahq/kuma/pull/7631) [#7646](https://github.com/kumahq/kuma/pull/7646) [#7647](https://github.com/kumahq/kuma/pull/7647) [#7648](https://github.com/kumahq/kuma/pull/7648) [#7650](https://github.com/kumahq/kuma/pull/7650) [#7653](https://github.com/kumahq/kuma/pull/7653) [#7658](https://github.com/kumahq/kuma/pull/7658) [#7659](https://github.com/kumahq/kuma/pull/7659) [#7689](https://github.com/kumahq/kuma/pull/7689) [#7700](https://github.com/kumahq/kuma/pull/7700) [#7710](https://github.com/kumahq/kuma/pull/7710) [#7713](https://github.com/kumahq/kuma/pull/7713) [#7721](https://github.com/kumahq/kuma/pull/7721) [#7727](https://github.com/kumahq/kuma/pull/7727) [#7729](https://github.com/kumahq/kuma/pull/7729) [#7730](https://github.com/kumahq/kuma/pull/7730) [#7732](https://github.com/kumahq/kuma/pull/7732) [#7733](https://github.com/kumahq/kuma/pull/7733) [#7738](https://github.com/kumahq/kuma/pull/7738) [#7739](https://github.com/kumahq/kuma/pull/7739) [#7749](https://github.com/kumahq/kuma/pull/7749) [#7750](https://github.com/kumahq/kuma/pull/7750) [#7754](https://github.com/kumahq/kuma/pull/7754) [#7755](https://github.com/kumahq/kuma/pull/7755) [#7766](https://github.com/kumahq/kuma/pull/7766) [#7777](https://github.com/kumahq/kuma/pull/7777) [#7779](https://github.com/kumahq/kuma/pull/7779) [#7795](https://github.com/kumahq/kuma/pull/7795) [#7797](https://github.com/kumahq/kuma/pull/7797) [#7798](https://github.com/kumahq/kuma/pull/7798) [#7802](https://github.com/kumahq/kuma/pull/7802) [#7804](https://github.com/kumahq/kuma/pull/7804) [#7806](https://github.com/kumahq/kuma/pull/7806) [#7811](https://github.com/kumahq/kuma/pull/7811) [#7812](https://github.com/kumahq/kuma/pull/7812) [#7822](https://github.com/kumahq/kuma/pull/7822) [#7866](https://github.com/kumahq/kuma/pull/7866) [#7867](https://github.com/kumahq/kuma/pull/7867) [#7899](https://github.com/kumahq/kuma/pull/7899) [#7900](https://github.com/kumahq/kuma/pull/7900) [#7902](https://github.com/kumahq/kuma/pull/7902) [#7935](https://github.com/kumahq/kuma/pull/7935) [#7953](https://github.com/kumahq/kuma/pull/7953) [#7966](https://github.com/kumahq/kuma/pull/7966) [#7973](https://github.com/kumahq/kuma/pull/7973) [#7979](https://github.com/kumahq/kuma/pull/7979) [#7980](https://github.com/kumahq/kuma/pull/7980) [#7983](https://github.com/kumahq/kuma/pull/7983) [#7984](https://github.com/kumahq/kuma/pull/7984) [#7996](https://github.com/kumahq/kuma/pull/7996) [#7998](https://github.com/kumahq/kuma/pull/7998) [#8009](https://github.com/kumahq/kuma/pull/8009) [#8010](https://github.com/kumahq/kuma/pull/8010) [#8041](https://github.com/kumahq/kuma/pull/8041) [#8045](https://github.com/kumahq/kuma/pull/8045) [#8048](https://github.com/kumahq/kuma/pull/8048) [#8049](https://github.com/kumahq/kuma/pull/8049) [#8057](https://github.com/kumahq/kuma/pull/8057) [#8059](https://github.com/kumahq/kuma/pull/8059) [#8061](https://github.com/kumahq/kuma/pull/8061) [#8074](https://github.com/kumahq/kuma/pull/8074) [#8080](https://github.com/kumahq/kuma/pull/8080) [#8083](https://github.com/kumahq/kuma/pull/8083) [#8085](https://github.com/kumahq/kuma/pull/8085) [#8104](https://github.com/kumahq/kuma/pull/8104) [#8115](https://github.com/kumahq/kuma/pull/8115) [#8118](https://github.com/kumahq/kuma/pull/8118) [#8120](https://github.com/kumahq/kuma/pull/8120) [#8126](https://github.com/kumahq/kuma/pull/8126) [#8145](https://github.com/kumahq/kuma/pull/8145) [#8146](https://github.com/kumahq/kuma/pull/8146) [#8147](https://github.com/kumahq/kuma/pull/8147) [#8201](https://github.com/kumahq/kuma/pull/8201) [#8207](https://github.com/kumahq/kuma/pull/8207) [#8210](https://github.com/kumahq/kuma/pull/8210) [#8213](https://github.com/kumahq/kuma/pull/8213) [#8214](https://github.com/kumahq/kuma/pull/8214) [#8215](https://github.com/kumahq/kuma/pull/8215) [#8217](https://github.com/kumahq/kuma/pull/8217) [#8219](https://github.com/kumahq/kuma/pull/8219) [#8220](https://github.com/kumahq/kuma/pull/8220) [#8221](https://github.com/kumahq/kuma/pull/8221) [#8232](https://github.com/kumahq/kuma/pull/8232) [#8236](https://github.com/kumahq/kuma/pull/8236) [#8238](https://github.com/kumahq/kuma/pull/8238) [#8239](https://github.com/kumahq/kuma/pull/8239) @kumahq +* feat(ExternalService): add skip hostname verification for external services [#7633](https://github.com/kumahq/kuma/pull/7633) @alparslanavci +* feat(MeshLoadBalancingStrategy): new locality aware api [#8082](https://github.com/kumahq/kuma/pull/8082) [#8112](https://github.com/kumahq/kuma/pull/8112) @Automaat,@lukidzi +* feat(MeshProxyPatch): allow policy to target MeshGateway resources [#8044](https://github.com/kumahq/kuma/pull/8044) @bartsmykla +* feat(api-server): add /_overview for all types that have overviews [#7999](https://github.com/kumahq/kuma/pull/7999) [#8173](https://github.com/kumahq/kuma/pull/8173) @lahabana +* feat(api-server): add filtering on list external-services and dataplanes [#7810](https://github.com/kumahq/kuma/pull/7810) @lahabana +* feat(api-server): added query parameter to filter services by name [#8154](https://github.com/kumahq/kuma/pull/8154) @lukidzi +* feat(api-server): implement new Global Insight endpoint [#7775](https://github.com/kumahq/kuma/pull/7775) [#7872](https://github.com/kumahq/kuma/pull/7872) @Automaat +* feat(api-server): new inspect api [#8148](https://github.com/kumahq/kuma/pull/8148) @lahabana +* feat(docs): add generated openapi docs [#7975](https://github.com/kumahq/kuma/pull/7975) @lahabana +* feat(dp-token): allow validator to define keys not scoped to a mesh [#8169](https://github.com/kumahq/kuma/pull/8169) @nicoche +* feat(events): configurable buffers and predicates [#7735](https://github.com/kumahq/kuma/pull/7735) @jakubdyszkiewicz +* feat(gui): adds storeType index.html variable [#7965](https://github.com/kumahq/kuma/pull/7965) @johncowen +* feat(helm): add configurable service port for cp ingress [#8263](https://github.com/kumahq/kuma/pull/8263) @lahabana +* feat(helm): add loadBalancerSourceRanges on global zone sync service [#7978](https://github.com/kumahq/kuma/pull/7978) @slavogiez +* feat(helm): add possibility to run universal zone cp on kubernetes [#7924](https://github.com/kumahq/kuma/pull/7924) @Automaat +* feat(helm): add service-account features to egress and ingress [#7864](https://github.com/kumahq/kuma/pull/7864) @lahabana +* feat(helm): add support for controlplane deployment annotations [#7959](https://github.com/kumahq/kuma/pull/7959) @slavogiez +* feat(helm): allow to define service accounts annotations [#7724](https://github.com/kumahq/kuma/pull/7724) @lukidzi +* feat(helm): allow to disable tls-checksum generation [#7955](https://github.com/kumahq/kuma/pull/7955) @lukidzi +* feat(helm): minReadySeconds for control plane [#7931](https://github.com/kumahq/kuma/pull/7931) @jakubdyszkiewicz +* feat(insights): jitter zone insights upsert [#7925](https://github.com/kumahq/kuma/pull/7925) @jakubdyszkiewicz +* feat(insights): metrics of reason and result [#7752](https://github.com/kumahq/kuma/pull/7752) @jakubdyszkiewicz +* feat(insights): multiple workers [#7778](https://github.com/kumahq/kuma/pull/7778) @jakubdyszkiewicz +* feat(kds): add metrics to event based watchdog [#7651](https://github.com/kumahq/kuma/pull/7651) @jakubdyszkiewicz +* feat(kds): add user-agent with useful version info [#7886](https://github.com/kumahq/kuma/pull/7886) @lahabana +* feat(kds): allow to delay full resync when ticker [#7782](https://github.com/kumahq/kuma/pull/7782) @lukidzi +* feat(kds): allow to disable KDS SOTW grpc api [#7961](https://github.com/kumahq/kuma/pull/7961) @lukidzi +* feat(kds): better error handling [#7868](https://github.com/kumahq/kuma/pull/7868) @jakubdyszkiewicz +* feat(kds): compact subscriptions in insights [#7962](https://github.com/kumahq/kuma/pull/7962) @jakubdyszkiewicz +* feat(kds): enable delta by default [#8262](https://github.com/kumahq/kuma/pull/8262) @lahabana +* feat(kds): execute filters on envoy admin streams [#7905](https://github.com/kumahq/kuma/pull/7905) @jakubdyszkiewicz +* feat(kds): experimental event based watchdog [#7624](https://github.com/kumahq/kuma/pull/7624) @jakubdyszkiewicz +* feat(kds): introduce zone health checks [#7821](https://github.com/kumahq/kuma/pull/7821) @michaelbeaumont +* feat(kds): pass resource keys to resourceStore for delta kds [#7654](https://github.com/kumahq/kuma/pull/7654) @lukidzi +* feat(kds): resource sync metric [#7794](https://github.com/kumahq/kuma/pull/7794) @jakubdyszkiewicz +* feat(kds): response backoff [#7997](https://github.com/kumahq/kuma/pull/7997) @jakubdyszkiewicz +* feat(kds): use hash-suffix for KDS sync [#7519](https://github.com/kumahq/kuma/pull/7519) @lobkovilya +* feat(kuma-cp): add HealthCheck unary endpoint [#7815](https://github.com/kumahq/kuma/pull/7815) @michaelbeaumont +* feat(kuma-cp): add basedOnKuma in cp_info metric [#8218](https://github.com/kumahq/kuma/pull/8218) @lahabana +* feat(kuma-cp): add locality aware implementation for egress [#8233](https://github.com/kumahq/kuma/pull/8233) @Automaat +* feat(kuma-cp): add support for Gateway in MeshLoadBalancingStrategy [#8309](https://github.com/kumahq/kuma/pull/8309) @Automaat +* feat(kuma-cp): allow to disable backend validation [#7901](https://github.com/kumahq/kuma/pull/7901) @lukidzi +* feat(kuma-cp): make OpenTelemetry control plane tracing fully configurable [#7936](https://github.com/kumahq/kuma/pull/7936) @michaelbeaumont +* feat(kuma-cp): move KDS hash suffix under a feature flag [#8363](https://github.com/kumahq/kuma/pull/8363) @lobkovilya +* feat(kuma-dp): support setting Envoy's --component-log-level [#8241](https://github.com/kumahq/kuma/pull/8241) @michaelbeaumont +* feat(kumactl): support new inspect api [#8192](https://github.com/kumahq/kuma/pull/8192) @lahabana +* feat(rsa): add support for PKIX encoded pubkeys [#8179](https://github.com/kumahq/kuma/pull/8179) @nicoche +* feat(store): add owner reference to the secrets [#7770](https://github.com/kumahq/kuma/pull/7770) @slonka +* feat(store): added postgres index for owner columns [#7625](https://github.com/kumahq/kuma/pull/7625) @lukidzi +* feat(store): allow ResourceStore to be customized [#7743](https://github.com/kumahq/kuma/pull/7743) @bartsmykla +* feat(store): conflict metrics [#7753](https://github.com/kumahq/kuma/pull/7753) @jakubdyszkiewicz +* feat(store): consistent gets for read replica [#7923](https://github.com/kumahq/kuma/pull/7923) @jakubdyszkiewicz +* feat(store): support postgres reader replica [#7763](https://github.com/kumahq/kuma/pull/7763) @jakubdyszkiewicz +* feat(tenants): add extension points for sharding [#7502](https://github.com/kumahq/kuma/pull/7502) @jakubdyszkiewicz +* feat(transparent-proxy): add `--exclude-outbound-ports-for-uids` [#7588](https://github.com/kumahq/kuma/pull/7588) @lahabana +* feat(transparent-proxy): allow to wait for xtables lock and retry when installing tproxy fails [#7870](https://github.com/kumahq/kuma/pull/7870) @bartsmykla +* feat(xds): auto reachable services based on MeshTrafficPermission [#8125](https://github.com/kumahq/kuma/pull/8125) @jakubdyszkiewicz +* fix(MeshFaultInjection): include tags negation in header matching [#8043](https://github.com/kumahq/kuma/pull/8043) @bartsmykla +* fix(MeshGateway): ensure that duplicate listeners are not added when crossMesh is enabled on a listener and Routes specify hostnames [#8156](https://github.com/kumahq/kuma/pull/8156) @ttreptow +* fix(MeshTrafficPermission): support permissive mtls [#8171](https://github.com/kumahq/kuma/pull/8171) @jakubdyszkiewicz +* fix(TrafficRoute): use default value when choiceCount is 0 [#7938](https://github.com/kumahq/kuma/pull/7938) @lukidzi +* fix(api-server): 400 error on admin operations on not yet connected stream [#8039](https://github.com/kumahq/kuma/pull/8039) @slonka +* fix(api-server): always remove empty array in inspect gw api [#8209](https://github.com/kumahq/kuma/pull/8209) @lahabana +* fix(api-server): avoid panic when there no insight for entity [#8068](https://github.com/kumahq/kuma/pull/8068) @lahabana +* fix(api-server): dataplane overview pagination [#7803](https://github.com/kumahq/kuma/pull/7803) @jakubdyszkiewicz +* fix(api-server): empty list instead of null [#7780](https://github.com/kumahq/kuma/pull/7780) @jakubdyszkiewicz +* fix(api-server): improve HandleError to handle rest_errors.Error and fix Unauthenticated error handling [#7818](https://github.com/kumahq/kuma/pull/7818) @bartsmykla +* fix(api-server): improve error handling and return status [#7937](https://github.com/kumahq/kuma/pull/7937) @lahabana +* fix(core): better lifecycle when context is getting cancelled [#8268](https://github.com/kumahq/kuma/pull/8268) @lahabana +* fix(envoy): remove apple flag [#8314](https://github.com/kumahq/kuma/pull/8314) @lukidzi +* fix(gatewayapi): don't set RefNotPermitted for GAMMA routes [#7771](https://github.com/kumahq/kuma/pull/7771) @michaelbeaumont +* fix(gatewayapi): don't set listener ResolvedRefs based on routes ResolvedRefs [#7809](https://github.com/kumahq/kuma/pull/7809) @michaelbeaumont +* fix(helm): do not run webhooks on kube-system [#8157](https://github.com/kumahq/kuma/pull/8157) @lahabana +* fix(helm): make CNI configmap and serviceaccount support custom namespace [#7956](https://github.com/kumahq/kuma/pull/7956) @slavogiez +* fix(helm): use bitnami/kubectl image for helm hooks [#7656](https://github.com/kumahq/kuma/pull/7656) @lahabana +* fix(insights): have subscription gc also work for zoneEgress insights [#7954](https://github.com/kumahq/kuma/pull/7954) @lahabana +* fix(insights): improve ZoneInsight subscription management [#8153](https://github.com/kumahq/kuma/pull/8153) @michaelbeaumont +* fix(k8s): add namespace to `deleteObjectIfExist` in pod controller [#8063](https://github.com/kumahq/kuma/pull/8063) @slonka +* fix(k8s): don't temporarily remove all AvailableServices on ZoneIngress Pod reconciliations [#8301](https://github.com/kumahq/kuma/pull/8301) @slonka +* fix(k8s): fix VIPs configmap entries with invalid keys for ExternalName services [#8168](https://github.com/kumahq/kuma/pull/8168) @bartsmykla +* fix(kds): call CloseSend and exit a goroutine when sync fails to start [#7869](https://github.com/kumahq/kuma/pull/7869) @lukidzi +* fix(kds): delta delivery metric [#7793](https://github.com/kumahq/kuma/pull/7793) @jakubdyszkiewicz +* fix(kds): don't inc KdsGenerationErrors when context canceled [#7913](https://github.com/kumahq/kuma/pull/7913) @michaelbeaumont +* fix(kds): experimental watchdog concurrent map write [#7630](https://github.com/kumahq/kuma/pull/7630) @jakubdyszkiewicz +* fix(kds): set error when KDS clients fails in goroutine [#7725](https://github.com/kumahq/kuma/pull/7725) @lukidzi +* fix(kds): try returning unavailable on app context finish [#8050](https://github.com/kumahq/kuma/pull/8050) @slonka +* fix(kds): use deprecated method in otel [#8366](https://github.com/kumahq/kuma/pull/8366) @slonka +* fix(kuma-cni): support port exclusion for UIDs [#8319](https://github.com/kumahq/kuma/pull/8319) @lobkovilya +* fix(kuma-cp): change affinityTag field in MeshLoadBalancingStrategy t… [#8294](https://github.com/kumahq/kuma/pull/8294) @Automaat +* fix(kuma-cp): cleanup interval should be calculated based on "expirationTime" for hashCache [#8065](https://github.com/kumahq/kuma/pull/8065) @lobkovilya +* fix(kuma-cp): don't add `postStart` hook to builtin gateway even if `waitForDataplaneReady: true` [#7939](https://github.com/kumahq/kuma/pull/7939) @lobkovilya +* fix(kuma-cp): don't configure RBAC rules on Prometheus listener [#8172](https://github.com/kumahq/kuma/pull/8172) @lobkovilya +* fix(kuma-cp): fix Zone{In|E}gress sync when no mesh [#8129](https://github.com/kumahq/kuma/pull/8129) @bartsmykla +* fix(kuma-cp): meta validation compatible with Kubernetes naming rules [#7976](https://github.com/kumahq/kuma/pull/7976) @lobkovilya +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes [#7909](https://github.com/kumahq/kuma/pull/7909) @lobkovilya +* fix(kuma-cp): take proper context for resync [#7805](https://github.com/kumahq/kuma/pull/7805) @lukidzi +* fix(kuma-cp): use GetConsistent store when validating default mesh resources [#7949](https://github.com/kumahq/kuma/pull/7949) @lukidzi +* fix(kuma-cp): using policy name with "." causes hash to be inserted in the wrong place on the zone [#8240](https://github.com/kumahq/kuma/pull/8240) @lobkovilya +* fix(kuma-dp): advise user to check pod events when data plane rejected by webhooks [#8257](https://github.com/kumahq/kuma/pull/8257) @jijiechen +* fix(kuma-dp): fix build [#8282](https://github.com/kumahq/kuma/pull/8282) @Automaat +* fix(kuma-dp): fix incorrect dataplane name due to mangled env vars [#8199](https://github.com/kumahq/kuma/pull/8199) @bartsmykla +* fix(kumactl): add `--mesh` parameter to `inspect ` [#7696](https://github.com/kumahq/kuma/pull/7696) @lahabana +* fix(observability): add annotation to make observability while running CNI work [#8330](https://github.com/kumahq/kuma/pull/8330) @slonka +* fix(policy): improve targetRef name and tags validation [#7972](https://github.com/kumahq/kuma/pull/7972) @alparslanavci +* fix(store): fix passing logs to pglock [#8040](https://github.com/kumahq/kuma/pull/8040) @slonka +* fix(store): use customizer for postgres ro pool [#7769](https://github.com/kumahq/kuma/pull/7769) @jakubdyszkiewicz +* fix(transparent-proxy): fix --wait flags for iptables legacy [#8364](https://github.com/kumahq/kuma/pull/8364) @bartsmykla +* fix(xds): backwards compatibility on access logs paths [#7662](https://github.com/kumahq/kuma/pull/7662) @jakubdyszkiewicz +* fix(xds): use stable hashes for outbound cluster names [#8081](https://github.com/kumahq/kuma/pull/8081) @michaelbeaumont +* perf(insights): fetch dp overviews once [#7652](https://github.com/kumahq/kuma/pull/7652) @jakubdyszkiewicz +* perf(insights): fetch external services once [#7796](https://github.com/kumahq/kuma/pull/7796) @lukidzi +* perf(insights): refresh only changed [#7737](https://github.com/kumahq/kuma/pull/7737) @jakubdyszkiewicz +* perf(store): postgres transactions [#7995](https://github.com/kumahq/kuma/pull/7995) @jakubdyszkiewicz +* perf(xds): put the Gatewaylisteners in the Proxy [#8051](https://github.com/kumahq/kuma/pull/8051) @lahabana + + +## 2.4.4 +> Released on 2023/11/06 + +* chore(deps): security update [#8054](https://github.com/kumahq/kuma/pull/8054) [#8205](https://github.com/kumahq/kuma/pull/8205) @kumahq +* fix(MeshTrafficPermission): support permissive mtls (backport of #8171) [#8176](https://github.com/kumahq/kuma/pull/8176) @kumahq +* fix(k8s): fix VIPs configmap entries with invalid keys for ExternalName services (backport of #8168) [#8198](https://github.com/kumahq/kuma/pull/8198) @kumahq +* fix(kuma-cp): fix ZoneIngress/ZoneEgress sync when no mesh (backport of #8129) [#8134](https://github.com/kumahq/kuma/pull/8134) @kumahq + + +## 2.4.3 +> Released on 2023/10/11 + +* chore(deps): bump envoy from 1.27.0 to 1.27.1 [#8025](https://github.com/kumahq/kuma/pull/8025) @lahabana +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8012](https://github.com/kumahq/kuma/pull/8012) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8032](https://github.com/kumahq/kuma/pull/8032) @michaelbeaumont + + +## 2.3.3 +> Released on 2023/10/11 + +* chore(deps): bump envoy from 1.26.4 to 1.26.5 [#8024](https://github.com/kumahq/kuma/pull/8024) @lahabana +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7825](https://github.com/kumahq/kuma/pull/7825) @kumahq +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8016](https://github.com/kumahq/kuma/pull/8016) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8033](https://github.com/kumahq/kuma/pull/8033) @michaelbeaumont +* chore(deps): bump golangci-lint from v1.53.3 to v1.53.3 [#7838](https://github.com/kumahq/kuma/pull/7838) [#7848](https://github.com/kumahq/kuma/pull/7848) @kumahq +* chore(deps): security update [#7734](https://github.com/kumahq/kuma/pull/7734) @kumahq +* chore(deps): update CoreDNS to v1.11.1 (backport of #7523) [#7529](https://github.com/kumahq/kuma/pull/7529) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7833](https://github.com/kumahq/kuma/pull/7833) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7927](https://github.com/kumahq/kuma/pull/7927) @kumahq +* fix(metrics): hijacker should not pass accept-encoding (backport of #7572) [#7576](https://github.com/kumahq/kuma/pull/7576) @kumahq + + +## 2.2.5 +> Released on 2023/10/11 + +* chore(deps): bump envoy from 1.25.9 to 1.25.10 [#8026](https://github.com/kumahq/kuma/pull/8026) @lahabana +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7827](https://github.com/kumahq/kuma/pull/7827) @kumahq +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8013](https://github.com/kumahq/kuma/pull/8013) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8031](https://github.com/kumahq/kuma/pull/8031) @michaelbeaumont +* chore(deps): bump golangci-lint from v1.53.3 to v1.53.3 [#7842](https://github.com/kumahq/kuma/pull/7842) [#7844](https://github.com/kumahq/kuma/pull/7844) @kumahq +* chore(deps): security update [#7718](https://github.com/kumahq/kuma/pull/7718) @kumahq +* chore(deps): update CoreDNS to v1.11.1 (backport of #7523) [#7531](https://github.com/kumahq/kuma/pull/7531) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7832](https://github.com/kumahq/kuma/pull/7832) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7928](https://github.com/kumahq/kuma/pull/7928) @kumahq +* fix(metrics): hijacker should not pass accept-encoding (backport of #7572) [#7579](https://github.com/kumahq/kuma/pull/7579) @kumahq + + +## 2.1.7 +> Released on 2023/10/11 + +* chore(deps): bump envoy from 1.24.10 to 1.24.11 [#8027](https://github.com/kumahq/kuma/pull/8027) @lahabana +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7829](https://github.com/kumahq/kuma/pull/7829) @kumahq +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8015](https://github.com/kumahq/kuma/pull/8015) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8030](https://github.com/kumahq/kuma/pull/8030) @michaelbeaumont +* chore(deps): security update [#7716](https://github.com/kumahq/kuma/pull/7716) @kumahq +* chore(deps): update CoreDNS to v1.11.1 (backport of #7523) [#7532](https://github.com/kumahq/kuma/pull/7532) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7830](https://github.com/kumahq/kuma/pull/7830) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7926](https://github.com/kumahq/kuma/pull/7926) @kumahq +* fix(metrics): hijacker should not pass accept-encoding (backport of #7572) [#7577](https://github.com/kumahq/kuma/pull/7577) @kumahq + + +## 2.0.8 +> Released on 2023/10/11 + +* chore(deps): bump envoy from 1.24.10 to 1.24.11 [#8028](https://github.com/kumahq/kuma/pull/8028) @lahabana +* chore(deps): bump go from 1.18 to 1.21.1 [#7533](https://github.com/kumahq/kuma/pull/7533) [#7828](https://github.com/kumahq/kuma/pull/7828) @kumahq,@michaelbeaumont +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8014](https://github.com/kumahq/kuma/pull/8014) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8029](https://github.com/kumahq/kuma/pull/8029) @michaelbeaumont +* chore(deps): bump golangci-lint from v1.53.3 to v1.53.3 [#7841](https://github.com/kumahq/kuma/pull/7841) [#7847](https://github.com/kumahq/kuma/pull/7847) @kumahq +* chore(deps): security update [#7406](https://github.com/kumahq/kuma/pull/7406) [#7453](https://github.com/kumahq/kuma/pull/7453) [#7717](https://github.com/kumahq/kuma/pull/7717) @kumahq +* chore(deps): update CoreDNS to v1.11.1 (backport of #7523) [#7528](https://github.com/kumahq/kuma/pull/7528) @kumahq +* fix(containerd): only build cgroups on linux (backport of #7408) [#7423](https://github.com/kumahq/kuma/pull/7423) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7831](https://github.com/kumahq/kuma/pull/7831) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7930](https://github.com/kumahq/kuma/pull/7930) @kumahq +* fix(metrics): hijacker should not pass accept-encoding (backport of #7572) [#7580](https://github.com/kumahq/kuma/pull/7580) @kumahq +* fix(sec): get rid of dependency on containerd (backport of #7387) [#7389](https://github.com/kumahq/kuma/pull/7389) @kumahq + + +## 2.4.2 +> Released on 2023/10/02 + +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7826](https://github.com/kumahq/kuma/pull/7826) @kumahq +* chore(deps): security update [#7719](https://github.com/kumahq/kuma/pull/7719) @kumahq +* feat(kds): add user-agent with useful version info (backport of #7886) [#7897](https://github.com/kumahq/kuma/pull/7897) @kumahq +* feat(kds): better error handling (backport of #7868) [#7877](https://github.com/kumahq/kuma/pull/7877) @kumahq +* feat(transparent-proxy): allow to wait for xtables lock and retry when installing tproxy fails (backport of #7870) [#7892](https://github.com/kumahq/kuma/pull/7892) @kumahq +* fix(kds): call CloseSend and exit a goroutine when sync fails to start (backport of #7869) [#7883](https://github.com/kumahq/kuma/pull/7883) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7834](https://github.com/kumahq/kuma/pull/7834) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7929](https://github.com/kumahq/kuma/pull/7929) @kumahq + + +## 2.4.1 +> Released on 2023/09/07 + +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.1 to 0.16.1 [#7680](https://github.com/kumahq/kuma/pull/7680) @kumahq +* chore(deps): bump sigs.k8s.io/gateway-api from 0.8.0-rc1 to 0.8.0 [#7664](https://github.com/kumahq/kuma/pull/7664) @kumahq +* chore(deps): bump the go-opentelemetry-io-contrib group with 2 updates (backport of #7613) [#7678](https://github.com/kumahq/kuma/pull/7678) @kumahq +* chore(deps): bump the go-opentelemetry-io-otel group with 2 updates (backport of #7607) [#7670](https://github.com/kumahq/kuma/pull/7670) @kumahq +* chore(deps): bump the k8s-libs group with 3 updates (backport of #7606) [#7688](https://github.com/kumahq/kuma/pull/7688) @kumahq +* fix(kumactl): add `--mesh` parameter to `inspect ` (backport of #7696) [#7703](https://github.com/kumahq/kuma/pull/7703) @kumahq +* fix(xds): backwards compatibility on access logs paths (backport of #7662) [#7694](https://github.com/kumahq/kuma/pull/7694) @kumahq + + +## 2.4.0 +> Released on 2023/08/28 + +* chore(deps): bump CoreDNS from v1.10.1 to v1.11.1 [#7493](https://github.com/kumahq/kuma/pull/7493) [#7523](https://github.com/kumahq/kuma/pull/7523) @michaelbeaumont +* chore(deps): bump cirello.io/pglock from 1.13.0 to 1.14.0 [#7554](https://github.com/kumahq/kuma/pull/7554) @dependabot +* chore(deps): bump debian from `3d868b5` to `b91baba` [#7403](https://github.com/kumahq/kuma/pull/7403) [#7547](https://github.com/kumahq/kuma/pull/7547) @dependabot +* chore(deps): bump envoy to 1.26.3 [#7267](https://github.com/kumahq/kuma/pull/7267) @lukidzi +* chore(deps): bump github.com/cilium/ebpf from 0.10.0 to 0.11.0 [#7205](https://github.com/kumahq/kuma/pull/7205) @dependabot +* chore(deps): bump github.com/emicklei/go-restful/v3 from 3.10.2 to 3.11.0 [#7552](https://github.com/kumahq/kuma/pull/7552) @dependabot +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 1.0.1 to 1.0.2 [#7159](https://github.com/kumahq/kuma/pull/7159) @dependabot +* chore(deps): bump github.com/exaring/otelpgx from 0.5.0 to 0.5.1 [#7337](https://github.com/kumahq/kuma/pull/7337) @dependabot +* chore(deps): bump github.com/jackc/pgx/v5 from 5.4.1 to 5.4.3 [#7273](https://github.com/kumahq/kuma/pull/7273) [#7474](https://github.com/kumahq/kuma/pull/7474) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.27.8 to 1.27.10 [#7336](https://github.com/kumahq/kuma/pull/7336) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.20.1 to 0.23.0 [#7122](https://github.com/kumahq/kuma/pull/7122) [#7514](https://github.com/kumahq/kuma/pull/7514) @dependabot +* chore(deps): bump go.opentelemetry.io/proto/otlp from 0.20.0 to 1.0.0 [#7272](https://github.com/kumahq/kuma/pull/7272) @dependabot +* chore(deps): bump go.uber.org/zap from 1.24.0 to 1.25.0 [#7472](https://github.com/kumahq/kuma/pull/7472) @dependabot +* chore(deps): bump golang.org/x/net from 0.11.0 to 0.14.0 [#7206](https://github.com/kumahq/kuma/pull/7206) [#7475](https://github.com/kumahq/kuma/pull/7475) @dependabot +* chore(deps): bump golang.org/x/sys from 0.9.0 to 0.11.0 [#7204](https://github.com/kumahq/kuma/pull/7204) [#7471](https://github.com/kumahq/kuma/pull/7471) @dependabot +* chore(deps): bump golang.org/x/text from 0.10.0 to 0.12.0 [#7203](https://github.com/kumahq/kuma/pull/7203) [#7476](https://github.com/kumahq/kuma/pull/7476) @dependabot +* chore(deps): bump golangci-lint from v1.51.2 to v1.53.3 [#7334](https://github.com/kumahq/kuma/pull/7334) @lahabana +* chore(deps): bump gonum.org/v1/gonum from 0.13.0 to 0.14.0 [#7553](https://github.com/kumahq/kuma/pull/7553) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.56.0 to 1.57.0 [#7123](https://github.com/kumahq/kuma/pull/7123) [#7202](https://github.com/kumahq/kuma/pull/7202) [#7373](https://github.com/kumahq/kuma/pull/7373) @dependabot +* chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 [#7124](https://github.com/kumahq/kuma/pull/7124) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.12.1 to 3.12.3 [#7270](https://github.com/kumahq/kuma/pull/7270) [#7515](https://github.com/kumahq/kuma/pull/7515) @dependabot +* chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.3 to 0.27.4 [#7372](https://github.com/kumahq/kuma/pull/7372) @michaelbeaumont +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.0 to 0.15.1 [#7470](https://github.com/kumahq/kuma/pull/7470) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.12.0 to 0.13.0 [#7271](https://github.com/kumahq/kuma/pull/7271) [#7550](https://github.com/kumahq/kuma/pull/7550) @dependabot +* chore(deps): bump sigs.k8s.io/gateway-api from 0.7.1-0.20230727082008-1764e458047d to 0.8.0-rc1 [#7371](https://github.com/kumahq/kuma/pull/7371) [#7513](https://github.com/kumahq/kuma/pull/7513) @dependabot,@michaelbeaumont +* chore(deps): bump the k8s-libs group with 3 updates [#7335](https://github.com/kumahq/kuma/pull/7335) [#7549](https://github.com/kumahq/kuma/pull/7549) @dependabot +* chore(deps): bump ubuntu from `0bced47` to `ec050c3` [#7546](https://github.com/kumahq/kuma/pull/7546) @dependabot +* chore(deps): update go from 1.20.5 to 1.20.6 [#7414](https://github.com/kumahq/kuma/pull/7414) @slonka +* chore(deps): update testcontainers-go to 0.22.0 [#7477](https://github.com/kumahq/kuma/pull/7477) @slonka +* chore(deps): update to go 1.20.7 [#7429](https://github.com/kumahq/kuma/pull/7429) @slonka +* chore(deps): upgrade envoy to 1.26.4 [#7367](https://github.com/kumahq/kuma/pull/7367) @lukidzi +* chore(deps): upgrade envoy to 1.27.0 [#7411](https://github.com/kumahq/kuma/pull/7411) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#7095](https://github.com/kumahq/kuma/pull/7095) [#7096](https://github.com/kumahq/kuma/pull/7096) [#7097](https://github.com/kumahq/kuma/pull/7097) [#7100](https://github.com/kumahq/kuma/pull/7100) [#7113](https://github.com/kumahq/kuma/pull/7113) [#7127](https://github.com/kumahq/kuma/pull/7127) [#7128](https://github.com/kumahq/kuma/pull/7128) [#7156](https://github.com/kumahq/kuma/pull/7156) [#7169](https://github.com/kumahq/kuma/pull/7169) [#7171](https://github.com/kumahq/kuma/pull/7171) [#7193](https://github.com/kumahq/kuma/pull/7193) [#7219](https://github.com/kumahq/kuma/pull/7219) [#7255](https://github.com/kumahq/kuma/pull/7255) [#7260](https://github.com/kumahq/kuma/pull/7260) [#7261](https://github.com/kumahq/kuma/pull/7261) [#7274](https://github.com/kumahq/kuma/pull/7274) [#7279](https://github.com/kumahq/kuma/pull/7279) [#7284](https://github.com/kumahq/kuma/pull/7284) [#7305](https://github.com/kumahq/kuma/pull/7305) [#7308](https://github.com/kumahq/kuma/pull/7308) [#7320](https://github.com/kumahq/kuma/pull/7320) [#7322](https://github.com/kumahq/kuma/pull/7322) [#7328](https://github.com/kumahq/kuma/pull/7328) [#7331](https://github.com/kumahq/kuma/pull/7331) [#7340](https://github.com/kumahq/kuma/pull/7340) [#7341](https://github.com/kumahq/kuma/pull/7341) [#7343](https://github.com/kumahq/kuma/pull/7343) [#7345](https://github.com/kumahq/kuma/pull/7345) [#7350](https://github.com/kumahq/kuma/pull/7350) [#7357](https://github.com/kumahq/kuma/pull/7357) [#7369](https://github.com/kumahq/kuma/pull/7369) [#7370](https://github.com/kumahq/kuma/pull/7370) [#7376](https://github.com/kumahq/kuma/pull/7376) [#7378](https://github.com/kumahq/kuma/pull/7378) [#7379](https://github.com/kumahq/kuma/pull/7379) [#7385](https://github.com/kumahq/kuma/pull/7385) [#7388](https://github.com/kumahq/kuma/pull/7388) [#7413](https://github.com/kumahq/kuma/pull/7413) [#7421](https://github.com/kumahq/kuma/pull/7421) [#7430](https://github.com/kumahq/kuma/pull/7430) [#7444](https://github.com/kumahq/kuma/pull/7444) [#7478](https://github.com/kumahq/kuma/pull/7478) [#7479](https://github.com/kumahq/kuma/pull/7479) [#7480](https://github.com/kumahq/kuma/pull/7480) [#7481](https://github.com/kumahq/kuma/pull/7481) [#7482](https://github.com/kumahq/kuma/pull/7482) [#7487](https://github.com/kumahq/kuma/pull/7487) [#7498](https://github.com/kumahq/kuma/pull/7498) [#7499](https://github.com/kumahq/kuma/pull/7499) [#7503](https://github.com/kumahq/kuma/pull/7503) [#7509](https://github.com/kumahq/kuma/pull/7509) [#7510](https://github.com/kumahq/kuma/pull/7510) [#7511](https://github.com/kumahq/kuma/pull/7511) [#7517](https://github.com/kumahq/kuma/pull/7517) [#7518](https://github.com/kumahq/kuma/pull/7518) [#7522](https://github.com/kumahq/kuma/pull/7522) [#7524](https://github.com/kumahq/kuma/pull/7524) [#7537](https://github.com/kumahq/kuma/pull/7537) [#7538](https://github.com/kumahq/kuma/pull/7538) [#7548](https://github.com/kumahq/kuma/pull/7548) [#7557](https://github.com/kumahq/kuma/pull/7557) [#7566](https://github.com/kumahq/kuma/pull/7566) [#7568](https://github.com/kumahq/kuma/pull/7568) [#7569](https://github.com/kumahq/kuma/pull/7569) [#7571](https://github.com/kumahq/kuma/pull/7571) [#7575](https://github.com/kumahq/kuma/pull/7575) [#7581](https://github.com/kumahq/kuma/pull/7581) [#7582](https://github.com/kumahq/kuma/pull/7582) [#7584](https://github.com/kumahq/kuma/pull/7584) @kumahq +* chore(release): merge release-2.3 [#7099](https://github.com/kumahq/kuma/pull/7099) @michaelbeaumont +* feat(MeshHealthCheck): allow top level targetRef kind MeshGateway [#7194](https://github.com/kumahq/kuma/pull/7194) @michaelbeaumont +* feat(MeshRetry): allow top level targetRef kind MeshGateway [#7190](https://github.com/kumahq/kuma/pull/7190) @michaelbeaumont +* feat(MeshTimeout): allow top level targetRef.kind MeshGateway [#7137](https://github.com/kumahq/kuma/pull/7137) @michaelbeaumont +* feat(VirtualOutbound): support multizone [#7407](https://github.com/kumahq/kuma/pull/7407) @jakubdyszkiewicz +* feat(api-server): add isTargetRefBased in /policies [#7561](https://github.com/kumahq/kuma/pull/7561) @lahabana +* feat(api-server): add service unavailable error [#7501](https://github.com/kumahq/kuma/pull/7501) @slonka +* feat(api-server): allow WebService customization in plugins [#7497](https://github.com/kumahq/kuma/pull/7497) @michaelbeaumont +* feat(api-server): error status is an int [#7162](https://github.com/kumahq/kuma/pull/7162) @jakubdyszkiewicz +* feat(cni): add retry for CNI config file check [#7215](https://github.com/kumahq/kuma/pull/7215) @StuAtKong +* feat(insights): add event to trigger computation [#7506](https://github.com/kumahq/kuma/pull/7506) @jakubdyszkiewicz +* feat(insights): change metrics to milliseconds [#7491](https://github.com/kumahq/kuma/pull/7491) @jakubdyszkiewicz +* feat(k8s): show `targetRef` `kind`/`name` in kubectl output [#7116](https://github.com/kumahq/kuma/pull/7116) @michaelbeaumont +* feat(kuma-cp): add 'renewDeadline' and 'leaseDuration' config params [#7448](https://github.com/kumahq/kuma/pull/7448) @lobkovilya +* feat(kuma-cp): add info about presence of auth token in zoneInsight [#7598](https://github.com/kumahq/kuma/pull/7598) @Automaat +* feat(kuma-cp): add observability to k8s auth cache [#7192](https://github.com/kumahq/kuma/pull/7192) @jakubdyszkiewicz +* feat(kuma-cp): add opentelemetry traces to pgx [#7216](https://github.com/kumahq/kuma/pull/7216) @michaelbeaumont +* feat(kuma-cp): add tracing to KDS server [#7160](https://github.com/kumahq/kuma/pull/7160) @michaelbeaumont +* feat(kuma-cp): allow to disable resources count metrics [#7304](https://github.com/kumahq/kuma/pull/7304) @lukidzi +* feat(kuma-cp): better xds metrics [#7208](https://github.com/kumahq/kuma/pull/7208) @jakubdyszkiewicz +* feat(kuma-cp): block application container start until dp is ready [#7583](https://github.com/kumahq/kuma/pull/7583) @lukidzi +* feat(kuma-cp): extend ZoneInsight api with information about usage of… [#7563](https://github.com/kumahq/kuma/pull/7563) @Automaat +* feat(kuma-cp): force routing through zone egress [#7558](https://github.com/kumahq/kuma/pull/7558) @jakubdyszkiewicz +* feat(kuma-cp): implement TLS listener for prometheus [#7534](https://github.com/kumahq/kuma/pull/7534) @lukidzi +* feat(kuma-cp): introduce OpenTelemetry tracing [#7153](https://github.com/kumahq/kuma/pull/7153) @michaelbeaumont +* feat(kuma-cp): support Datadog propagation for tracing [#7168](https://github.com/kumahq/kuma/pull/7168) @michaelbeaumont +* feat(kuma-dp): don't require NET_BIND_SERVICE capability [#7276](https://github.com/kumahq/kuma/pull/7276) @michaelbeaumont +* feat(kumactl): define User-Agent [#7307](https://github.com/kumahq/kuma/pull/7307) @mmorel-35 +* feat(metrics): expose kube controller manager metrics [#7158](https://github.com/kumahq/kuma/pull/7158) @jakubdyszkiewicz +* feat(metrics): support OpenMetrics from applications [#7125](https://github.com/kumahq/kuma/pull/7125) @AyushSenapati +* feat(observability): add traceId in error messages [#7329](https://github.com/kumahq/kuma/pull/7329) @lahabana +* feat(observability): components metrics [#7209](https://github.com/kumahq/kuma/pull/7209) @jakubdyszkiewicz +* feat(policy): add `targetRef.kind` `MeshGateway` [#7114](https://github.com/kumahq/kuma/pull/7114) @michaelbeaumont +* feat(watchdog): don't call onError if error was Canceled [#7401](https://github.com/kumahq/kuma/pull/7401) @michaelbeaumont +* feat(xds): filter-chain builder constructor require name [#7131](https://github.com/kumahq/kuma/pull/7131) @mmorel-35 +* feat(xds): named resources (clusters) builders require name [#7104](https://github.com/kumahq/kuma/pull/7104) @mmorel-35 +* feat(xds): named resources (listeners) builders require name [#7105](https://github.com/kumahq/kuma/pull/7105) @mmorel-35 +* feat(xds): named resources (routes configuration) builders require name [#7106](https://github.com/kumahq/kuma/pull/7106) @mmorel-35 +* feat(zoneproxies): check empty listeners [#7562](https://github.com/kumahq/kuma/pull/7562) @jakubdyszkiewicz +* fix(MeshTrafficPermission): use serviceName instead of resource name for egress MTP [#7225](https://github.com/kumahq/kuma/pull/7225) @lukidzi +* fix(api-server): return 400 when PUT/POST resource is invalid [#7560](https://github.com/kumahq/kuma/pull/7560) @lahabana +* fix(containerd): only build cgroups on linux [#7408](https://github.com/kumahq/kuma/pull/7408) @slonka +* fix(dataplane_watchdog): fix outdated comment [#7565](https://github.com/kumahq/kuma/pull/7565) @nicoche +* fix(egress): routing using MeshHTTPRoute and VirtualOutbound [#7536](https://github.com/kumahq/kuma/pull/7536) @jakubdyszkiewicz +* fix(insights): rewrite insights to allow more efficiency [#7375](https://github.com/kumahq/kuma/pull/7375) @lahabana +* fix(intercp): properly track idleness of pool connections [#7323](https://github.com/kumahq/kuma/pull/7323) @michaelbeaumont +* fix(k8s): tolerate unknown `appProtocol` [#7133](https://github.com/kumahq/kuma/pull/7133) @michaelbeaumont +* fix(kuma-cp): cancel OnTick when watchdog stopped [#7221](https://github.com/kumahq/kuma/pull/7221) @michaelbeaumont +* fix(kuma-cp): do not require certs on https api port [#7102](https://github.com/kumahq/kuma/pull/7102) @jakubdyszkiewicz +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service [#7282](https://github.com/kumahq/kuma/pull/7282) @lukidzi +* fix(kuma-cp): don't leak goroutine on every tick in SimpleWatchdog [#7348](https://github.com/kumahq/kuma/pull/7348) @lukidzi +* fix(kuma-cp): don't return from opentelemetry Start [#7157](https://github.com/kumahq/kuma/pull/7157) @michaelbeaumont +* fix(kuma-cp): handle advertised address in zone ingress [#7332](https://github.com/kumahq/kuma/pull/7332) @jakubdyszkiewicz +* fix(kuma-cp): handle external services with permissive mtls [#7179](https://github.com/kumahq/kuma/pull/7179) @jakubdyszkiewicz +* fix(kuma-cp): order resources for building VIPs [#7333](https://github.com/kumahq/kuma/pull/7333) @lukidzi +* fix(kuma-cp): pass context via snapshot reconciler to generateCerts [#7231](https://github.com/kumahq/kuma/pull/7231) @michaelbeaumont +* fix(kuma-cp): put metadata xds callbacks before sync [#7230](https://github.com/kumahq/kuma/pull/7230) @lobkovilya +* fix(kuma-cp): universal mode don't log on every lock acquire attempt [#7593](https://github.com/kumahq/kuma/pull/7593) @michaelbeaumont +* fix(kuma-dp): pass sockets in metadata from dp to cp [#7218](https://github.com/kumahq/kuma/pull/7218) @lahabana +* fix(kumactl): treat 404 as resource not found error [#7297](https://github.com/kumahq/kuma/pull/7297) @slonka +* fix(metrics): hijacker should not pass accept-encoding [#7572](https://github.com/kumahq/kuma/pull/7572) @jakubdyszkiewicz +* fix(sec): get rid of dependency on containerd [#7387](https://github.com/kumahq/kuma/pull/7387) @slonka +* perf(kuma-cp): trim zone ingress and service insights [#7098](https://github.com/kumahq/kuma/pull/7098) @jakubdyszkiewicz +* perf(xds): use aggregated mesh context for zone proxies [#7449](https://github.com/kumahq/kuma/pull/7449) @jakubdyszkiewicz +* perf(zoneingress): only pick resources from proper mesh [#7415](https://github.com/kumahq/kuma/pull/7415) @jakubdyszkiewicz + + +## 2.1.6 +> Released on 2023/08/09 + +* chore(deps): bump go from 1.18 to 1.20.7 [#7446](https://github.com/kumahq/kuma/pull/7446) [#7489](https://github.com/kumahq/kuma/pull/7489) @michaelbeaumont +* chore(deps): security update [#7405](https://github.com/kumahq/kuma/pull/7405) [#7442](https://github.com/kumahq/kuma/pull/7442) @kumahq +* fix(sec): get rid of dependency on containerd (backport of #7387) [#7390](https://github.com/kumahq/kuma/pull/7390) @kumahq + + +## 2.2.4 +> Released on 2023/08/04 + +* chore(deps): security update [#7454](https://github.com/kumahq/kuma/pull/7454) @kumahq +* chore(deps): update go from 1.20.5 to 1.20.6 (backport of #7414) [#7417](https://github.com/kumahq/kuma/pull/7417) @kumahq +* chore(deps): update to go 1.20.7 (backport of #7429) [#7432](https://github.com/kumahq/kuma/pull/7432) @kumahq +* chore(deps): upgrade envoy to 1.25.9 [#7366](https://github.com/kumahq/kuma/pull/7366) @lukidzi +* fix(containerd): only build cgroups on linux (backport of #7408) [#7422](https://github.com/kumahq/kuma/pull/7422) @kumahq +* fix(kuma-cp): don't leak goroutine on every tick in SimpleWatchdog (backport of #7348) [#7355](https://github.com/kumahq/kuma/pull/7355) @kumahq +* fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7362](https://github.com/kumahq/kuma/pull/7362) @kumahq +* fix(sec): get rid of dependency on containerd (backport of #7387) [#7391](https://github.com/kumahq/kuma/pull/7391) @kumahq + + +## 2.3.2 +> Released on 2023/08/03 + +* chore(deps): security update [#7443](https://github.com/kumahq/kuma/pull/7443) @kumahq +* chore(deps): update go from 1.20.5 to 1.20.6 (backport of #7414) [#7419](https://github.com/kumahq/kuma/pull/7419) @kumahq +* chore(deps): update to go 1.20.7 (backport of #7429) [#7435](https://github.com/kumahq/kuma/pull/7435) @kumahq +* chore(deps): upgrade envoy to 1.26.4 [#7368](https://github.com/kumahq/kuma/pull/7368) @lukidzi +* fix(containerd): only build cgroups on linux (backport of #7408) [#7425](https://github.com/kumahq/kuma/pull/7425) @kumahq +* fix(kuma-cp): don't leak goroutine on every tick in SimpleWatchdog (backport of #7348) [#7351](https://github.com/kumahq/kuma/pull/7351) @kumahq +* fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7359](https://github.com/kumahq/kuma/pull/7359) @kumahq +* fix(sec): get rid of dependency on containerd (backport of #7387) [#7392](https://github.com/kumahq/kuma/pull/7392) @kumahq + + +## 2.1.5 +> Released on 2023/07/27 + +* chore(deps): upgrade envoy to 1.24.10 [#7363](https://github.com/kumahq/kuma/pull/7363) @lukidzi +* fix(kuma-cp): don't leak goroutine on every tick in SimpleWatchdog (backport of #7348) [#7352](https://github.com/kumahq/kuma/pull/7352) @kumahq +* fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7361](https://github.com/kumahq/kuma/pull/7361) @kumahq + + +## 2.0.7 +> Released on 2023/07/27 + +* chore(deps): upgrade envoy to 1.24.10 [#7364](https://github.com/kumahq/kuma/pull/7364) @lukidzi +* fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7358](https://github.com/kumahq/kuma/pull/7358) @kumahq + + +## 1.8.8 +> Released on 2023/07/27 + +* chore(deps): upgrade envoy to 1.24.10 [#7365](https://github.com/kumahq/kuma/pull/7365) @lukidzi +* fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7360](https://github.com/kumahq/kuma/pull/7360) @kumahq + +## 2.3.1 +> Released on 2023/07/21 + +* chore(deps): bump envoy to 1.26.3 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7266](https://github.com/kumahq/kuma/pull/7266) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#7096](https://github.com/kumahq/kuma/pull/7096) @kumahq +* fix(MeshTrafficPermission): use serviceName instead of resource name for egress MTP (backport of #7225) [#7233](https://github.com/kumahq/kuma/pull/7233) @kumahq +* fix(kuma-cp): cancel OnTick when watchdog stopped (backport of #7221) [#7241](https://github.com/kumahq/kuma/pull/7241) @kumahq +* fix(kuma-cp): do not require certs on https api port (backport of #7102) [#7111](https://github.com/kumahq/kuma/pull/7111) @kumahq +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7295](https://github.com/kumahq/kuma/pull/7295) @kumahq +* fix(kuma-cp): handle external services with permissive mtls (backport of #7179) [#7187](https://github.com/kumahq/kuma/pull/7187) @kumahq +* fix(kuma-cp): pass context via snapshot reconciler to generateCerts (backport of #7231) [#7250](https://github.com/kumahq/kuma/pull/7250) @kumahq +* fix(kuma-cp): put metadata xds callbacks before sync (backport of #7230) [#7244](https://github.com/kumahq/kuma/pull/7244) @kumahq +* fix(kumactl): treat 404 as resource not found error (backport of #7297) [#7303](https://github.com/kumahq/kuma/pull/7303) @kumahq + + +## 2.2.3 +> Released on 2023/07/21 + +* chore(deps): bump envoy to 1.25.8 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7265](https://github.com/kumahq/kuma/pull/7265) @lukidzi +* fix(kuma-cp): cancel OnTick when watchdog stopped (backport of #7221) [#7242](https://github.com/kumahq/kuma/pull/7242) @kumahq +* fix(kuma-cp): do not require certs on https api port (backport of #7102) [#7110](https://github.com/kumahq/kuma/pull/7110) @kumahq +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7291](https://github.com/kumahq/kuma/pull/7291) @kumahq +* fix(kuma-cp): handle external services with permissive mtls (backport of #7179) [#7185](https://github.com/kumahq/kuma/pull/7185) @kumahq +* fix(kuma-cp): pass context via snapshot reconciler to generateCerts (backport of #7231) [#7254](https://github.com/kumahq/kuma/pull/7254) @kumahq +* fix(kuma-cp): put metadata xds callbacks before sync (backport of #7230) [#7245](https://github.com/kumahq/kuma/pull/7245) @kumahq + + +## 2.1.4 +> Released on 2023/07/19 + +* chore(deps): bump envoy to 1.24.9 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7264](https://github.com/kumahq/kuma/pull/7264) @lukidzi +* fix(kuma-cp): cancel OnTick when watchdog stopped (backport of #7221) [#7240](https://github.com/kumahq/kuma/pull/7240) @kumahq +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7294](https://github.com/kumahq/kuma/pull/7294) @kumahq +* fix(kuma-cp): handle external services with permissive mtls (backport of #7179) [#7188](https://github.com/kumahq/kuma/pull/7188) @kumahq +* fix(kuma-cp): pass context via snapshot reconciler to generateCerts (backport of #7231) [#7251](https://github.com/kumahq/kuma/pull/7251) @kumahq +* fix(kuma-cp): put metadata xds callbacks before sync (backport of #7230) [#7247](https://github.com/kumahq/kuma/pull/7247) @kumahq + + +## 2.0.6 +> Released on 2023/07/19 + +* chore(deps): bump envoy to 1.24.9 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7263](https://github.com/kumahq/kuma/pull/7263) @lukidzi +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7293](https://github.com/kumahq/kuma/pull/7293) @kumahq +* fix(kuma-cp): handle external services with permissive mtls (backport of #7179) [#7186](https://github.com/kumahq/kuma/pull/7186) @kumahq + + +## 1.8.7 +> Released on 2023/07/19 + +* chore(deps): bump envoy to 1.24.9 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7262](https://github.com/kumahq/kuma/pull/7262) @lukidzi +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7292](https://github.com/kumahq/kuma/pull/7292) @kumahq + + +## 2.3.0 +> Released on 2023/06/22 + +* chore(deps): bump Envoy from v1.25.4 to v1.26.2 [#6638](https://github.com/kumahq/kuma/pull/6638) [#6938](https://github.com/kumahq/kuma/pull/6938) @lukidzi,@michaelbeaumont +* chore(deps): bump cirello.io/pglock from 1.11.0 to 1.13.0 [#6817](https://github.com/kumahq/kuma/pull/6817) [#6927](https://github.com/kumahq/kuma/pull/6927) @dependabot +* chore(deps): bump controller-runtime from v0.14.6 to v0.15.0 [#6809](https://github.com/kumahq/kuma/pull/6809) [#6832](https://github.com/kumahq/kuma/pull/6832) @dependabot,@michaelbeaumont +* chore(deps): bump gateway-api from v0.7.0 to c9540a9cf448 [#6614](https://github.com/kumahq/kuma/pull/6614) [#6674](https://github.com/kumahq/kuma/pull/6674) [#6735](https://github.com/kumahq/kuma/pull/6735) [#6771](https://github.com/kumahq/kuma/pull/6771) [#6840](https://github.com/kumahq/kuma/pull/6840) [#6912](https://github.com/kumahq/kuma/pull/6912) [#7020](https://github.com/kumahq/kuma/pull/7020) @dependabot,@michaelbeaumont +* chore(deps): bump github.com/containernetworking/plugins from 1.2.0 to 1.3.0 [#6738](https://github.com/kumahq/kuma/pull/6738) @dependabot +* chore(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible [#6751](https://github.com/kumahq/kuma/pull/6751) @dependabot +* chore(deps): bump github.com/envoyproxy/go-control-plane from 0.11.0 to 0.11.1 [#6866](https://github.com/kumahq/kuma/pull/6866) @dependabot +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.10.1 to 1.0.1 [#6617](https://github.com/kumahq/kuma/pull/6617) [#6737](https://github.com/kumahq/kuma/pull/6737) @dependabot +* chore(deps): bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 [#6742](https://github.com/kumahq/kuma/pull/6742) @dependabot +* chore(deps): bump github.com/golang-migrate/migrate/v4 from 4.15.2 to 4.16.2 [#6864](https://github.com/kumahq/kuma/pull/6864) [#6928](https://github.com/kumahq/kuma/pull/6928) [#7000](https://github.com/kumahq/kuma/pull/7000) @dependabot +* chore(deps): bump github.com/lib/pq from 1.10.7 to 1.10.9 [#6554](https://github.com/kumahq/kuma/pull/6554) [#6650](https://github.com/kumahq/kuma/pull/6650) @dependabot +* chore(deps): bump github.com/miekg/dns from 1.1.53 to 1.1.54 [#6651](https://github.com/kumahq/kuma/pull/6651) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.10.0 [#6689](https://github.com/kumahq/kuma/pull/6689) [#6768](https://github.com/kumahq/kuma/pull/6768) [#6925](https://github.com/kumahq/kuma/pull/6925) [#7002](https://github.com/kumahq/kuma/pull/7002) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.8 [#6818](https://github.com/kumahq/kuma/pull/6818) [#7001](https://github.com/kumahq/kuma/pull/7001) @dependabot +* chore(deps): bump github.com/prometheus/client_golang from 1.14.0 to 1.15.1 [#6555](https://github.com/kumahq/kuma/pull/6555) [#6692](https://github.com/kumahq/kuma/pull/6692) @dependabot +* chore(deps): bump github.com/prometheus/client_model from 0.3.0 to 0.4.0 [#6691](https://github.com/kumahq/kuma/pull/6691) @dependabot +* chore(deps): bump github.com/prometheus/common from 0.42.0 to 0.44.0 [#6690](https://github.com/kumahq/kuma/pull/6690) [#6814](https://github.com/kumahq/kuma/pull/6814) @dependabot +* chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 [#6926](https://github.com/kumahq/kuma/pull/6926) @dependabot +* chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.4 to 2.1.6 [#6867](https://github.com/kumahq/kuma/pull/6867) [#7003](https://github.com/kumahq/kuma/pull/7003) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.18.0 to 0.20.1 [#6708](https://github.com/kumahq/kuma/pull/6708) [#6736](https://github.com/kumahq/kuma/pull/6736) @dependabot +* chore(deps): bump go.opentelemetry.io/proto/otlp from 0.19.0 to 0.20.0 [#7004](https://github.com/kumahq/kuma/pull/7004) @dependabot +* chore(deps): bump golang from 1.20.4 to 1.20.5 [#6587](https://github.com/kumahq/kuma/pull/6587) [#6828](https://github.com/kumahq/kuma/pull/6828) [#6959](https://github.com/kumahq/kuma/pull/6959) @lahabana,@lukidzi +* chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 [#6712](https://github.com/kumahq/kuma/pull/6712) @dependabot +* chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 [#6693](https://github.com/kumahq/kuma/pull/6693) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 [#6687](https://github.com/kumahq/kuma/pull/6687) @dependabot +* chore(deps): bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 [#6652](https://github.com/kumahq/kuma/pull/6652) @dependabot +* chore(deps): bump k8s.io/kubectl from 0.26.3 to 0.27.2 [#6813](https://github.com/kumahq/kuma/pull/6813) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.11.3 to 0.12.0 [#6586](https://github.com/kumahq/kuma/pull/6586) [#6688](https://github.com/kumahq/kuma/pull/6688) @dependabot +* chore(deps): use latest kumahq/kuma-gui [#6548](https://github.com/kumahq/kuma/pull/6548) [#6552](https://github.com/kumahq/kuma/pull/6552) [#6562](https://github.com/kumahq/kuma/pull/6562) [#6576](https://github.com/kumahq/kuma/pull/6576) [#6606](https://github.com/kumahq/kuma/pull/6606) [#6616](https://github.com/kumahq/kuma/pull/6616) [#6629](https://github.com/kumahq/kuma/pull/6629) [#6640](https://github.com/kumahq/kuma/pull/6640) [#6655](https://github.com/kumahq/kuma/pull/6655) [#6656](https://github.com/kumahq/kuma/pull/6656) [#6659](https://github.com/kumahq/kuma/pull/6659) [#6661](https://github.com/kumahq/kuma/pull/6661) [#6662](https://github.com/kumahq/kuma/pull/6662) [#6664](https://github.com/kumahq/kuma/pull/6664) [#6675](https://github.com/kumahq/kuma/pull/6675) [#6678](https://github.com/kumahq/kuma/pull/6678) [#6701](https://github.com/kumahq/kuma/pull/6701) [#6702](https://github.com/kumahq/kuma/pull/6702) [#6710](https://github.com/kumahq/kuma/pull/6710) [#6715](https://github.com/kumahq/kuma/pull/6715) [#6753](https://github.com/kumahq/kuma/pull/6753) [#6756](https://github.com/kumahq/kuma/pull/6756) [#6762](https://github.com/kumahq/kuma/pull/6762) [#6774](https://github.com/kumahq/kuma/pull/6774) [#6775](https://github.com/kumahq/kuma/pull/6775) [#6776](https://github.com/kumahq/kuma/pull/6776) [#6777](https://github.com/kumahq/kuma/pull/6777) [#6791](https://github.com/kumahq/kuma/pull/6791) [#6798](https://github.com/kumahq/kuma/pull/6798) [#6801](https://github.com/kumahq/kuma/pull/6801) [#6803](https://github.com/kumahq/kuma/pull/6803) [#6807](https://github.com/kumahq/kuma/pull/6807) [#6811](https://github.com/kumahq/kuma/pull/6811) [#6821](https://github.com/kumahq/kuma/pull/6821) [#6822](https://github.com/kumahq/kuma/pull/6822) [#6823](https://github.com/kumahq/kuma/pull/6823) [#6824](https://github.com/kumahq/kuma/pull/6824) [#6830](https://github.com/kumahq/kuma/pull/6830) [#6833](https://github.com/kumahq/kuma/pull/6833) [#6834](https://github.com/kumahq/kuma/pull/6834) [#6835](https://github.com/kumahq/kuma/pull/6835) [#6837](https://github.com/kumahq/kuma/pull/6837) [#6847](https://github.com/kumahq/kuma/pull/6847) [#6850](https://github.com/kumahq/kuma/pull/6850) [#6851](https://github.com/kumahq/kuma/pull/6851) [#6871](https://github.com/kumahq/kuma/pull/6871) [#6875](https://github.com/kumahq/kuma/pull/6875) [#6877](https://github.com/kumahq/kuma/pull/6877) [#6878](https://github.com/kumahq/kuma/pull/6878) [#6879](https://github.com/kumahq/kuma/pull/6879) [#6882](https://github.com/kumahq/kuma/pull/6882) [#6885](https://github.com/kumahq/kuma/pull/6885) [#6904](https://github.com/kumahq/kuma/pull/6904) [#6914](https://github.com/kumahq/kuma/pull/6914) [#6919](https://github.com/kumahq/kuma/pull/6919) [#6921](https://github.com/kumahq/kuma/pull/6921) [#6932](https://github.com/kumahq/kuma/pull/6932) [#6933](https://github.com/kumahq/kuma/pull/6933) [#6937](https://github.com/kumahq/kuma/pull/6937) [#6939](https://github.com/kumahq/kuma/pull/6939) [#6941](https://github.com/kumahq/kuma/pull/6941) [#6946](https://github.com/kumahq/kuma/pull/6946) [#6949](https://github.com/kumahq/kuma/pull/6949) [#6954](https://github.com/kumahq/kuma/pull/6954) [#6958](https://github.com/kumahq/kuma/pull/6958) [#6975](https://github.com/kumahq/kuma/pull/6975) [#6978](https://github.com/kumahq/kuma/pull/6978) [#6980](https://github.com/kumahq/kuma/pull/6980) [#6982](https://github.com/kumahq/kuma/pull/6982) [#6984](https://github.com/kumahq/kuma/pull/6984) [#6994](https://github.com/kumahq/kuma/pull/6994) [#6998](https://github.com/kumahq/kuma/pull/6998) [#7005](https://github.com/kumahq/kuma/pull/7005) [#7009](https://github.com/kumahq/kuma/pull/7009) [#7011](https://github.com/kumahq/kuma/pull/7011) [#7012](https://github.com/kumahq/kuma/pull/7012) [#7013](https://github.com/kumahq/kuma/pull/7013) [#7015](https://github.com/kumahq/kuma/pull/7015) [#7038](https://github.com/kumahq/kuma/pull/7038) [#7060](https://github.com/kumahq/kuma/pull/7060) [#7074](https://github.com/kumahq/kuma/pull/7074) [#7096](https://github.com/kumahq/kuma/pull/7096) @kumahq +* feat(MeshCircuitBreaker): support MeshGateways [#6706](https://github.com/kumahq/kuma/pull/6706) @michaelbeaumont +* feat(MeshGateway): add TLS passthrough listeners [#6922](https://github.com/kumahq/kuma/pull/6922) @michaelbeaumont +* feat(MeshGateway): support termination on TLS listeners [#6952](https://github.com/kumahq/kuma/pull/6952) @michaelbeaumont +* feat(MeshHealthCheck): support MeshGateway [#6743](https://github.com/kumahq/kuma/pull/6743) @michaelbeaumont +* feat(MeshLoadBalancingStrategy): add builtin gateway support [#6800](https://github.com/kumahq/kuma/pull/6800) @michaelbeaumont +* feat(MeshRetry): add host selection predicates [#6346](https://github.com/kumahq/kuma/pull/6346) @johnharris85 +* feat(api-server): add ability to get k8s format of a resource [#6673](https://github.com/kumahq/kuma/pull/6673) @lahabana +* feat(api-server): make errors compliant with aip 193 [#7017](https://github.com/kumahq/kuma/pull/7017) @lahabana +* feat(client): Consolidate HTTP Client [#6849](https://github.com/kumahq/kuma/pull/6849) @mmorel-35 +* feat(cni): k8s make namespace configurable [#6721](https://github.com/kumahq/kuma/pull/6721) @mmorel-35 +* feat(config): improve configurability [#6583](https://github.com/kumahq/kuma/pull/6583) @slonka +* feat(docker/kumactl): make entrypoint consistent with kuma-cp and kuma-dp images [#6596](https://github.com/kumahq/kuma/pull/6596) @bartsmykla +* feat(envoyadmin): support passing kds envoy operations via http proxy [#6915](https://github.com/kumahq/kuma/pull/6915) @jakubdyszkiewicz +* feat(helm): Add logOutputPath support to chart [#6649](https://github.com/kumahq/kuma/pull/6649) @ashman1984 +* feat(helm): add possibility to extend secrets for cp in helm charts when reusing kuma charts [#6883](https://github.com/kumahq/kuma/pull/6883) @Automaat +* feat(helm): enable NodePort customization [#6770](https://github.com/kumahq/kuma/pull/6770) @mmorel-35 +* feat(helm): remove hostNetwork: true from CNI DaemonSet [#6599](https://github.com/kumahq/kuma/pull/6599) @michaelbeaumont +* feat(helm): set readOnlyRootFilesystem on CNI, more explicit templates [#6604](https://github.com/kumahq/kuma/pull/6604) @michaelbeaumont +* feat(helm): validate zone name on install [#6739](https://github.com/kumahq/kuma/pull/6739) @mmorel-35 +* feat(insights): include tenant id in insights info key [#6804](https://github.com/kumahq/kuma/pull/6804) @jakubdyszkiewicz +* feat(insights): include tenant id in rate limitter key [#6808](https://github.com/kumahq/kuma/pull/6808) @jakubdyszkiewicz +* feat(intercp): pass tenant id [#6856](https://github.com/kumahq/kuma/pull/6856) @jakubdyszkiewicz +* feat(intercp): use global tenant for catalog request [#6863](https://github.com/kumahq/kuma/pull/6863) @jakubdyszkiewicz +* feat(k8s): add read-only root FS to sidecar [#6681](https://github.com/kumahq/kuma/pull/6681) @dascole +* feat(k8s): show `Dataplane` services in `kubectl` output [#6725](https://github.com/kumahq/kuma/pull/6725) @michaelbeaumont +* feat(kds): configurable server stream interceptors [#6697](https://github.com/kumahq/kuma/pull/6697) @jakubdyszkiewicz +* feat(kds): multitenancy [#6723](https://github.com/kumahq/kuma/pull/6723) @jakubdyszkiewicz +* feat(kds): opt-in insecure skip verify in zone cp client [#6991](https://github.com/kumahq/kuma/pull/6991) @jakubdyszkiewicz +* feat(kuma-cp): top-level MeshHTTPRoute targetRef for MeshTimeout [#7016](https://github.com/kumahq/kuma/pull/7016) @lobkovilya +* feat(kuma-cp): add possibility to configure concurrent reconciliation… [#7010](https://github.com/kumahq/kuma/pull/7010) @Automaat +* feat(kuma-cp): add possibility to configure kubernetes client qps and… [#6951](https://github.com/kumahq/kuma/pull/6951) @Automaat +* feat(kuma-cp): allow to override resource store plugin [#6887](https://github.com/kumahq/kuma/pull/6887) @jakubdyszkiewicz +* feat(kuma-cp): allow to specify protocol for globalZone sync service [#6842](https://github.com/kumahq/kuma/pull/6842) @lukidzi +* feat(kuma-cp): implement MeshTrafficPermisson for ExternalServices with ZoneEgress [#7061](https://github.com/kumahq/kuma/pull/7061) @lukidzi +* feat(kuma-cp): improve BuildRules algorithm [#6973](https://github.com/kumahq/kuma/pull/6973) @lobkovilya +* feat(kuma-cp): introduce tag first Virtual Outbound model [#7076](https://github.com/kumahq/kuma/pull/7076) @Automaat +* feat(kuma-cp): multitenancy adjustments [#6705](https://github.com/kumahq/kuma/pull/6705) @jakubdyszkiewicz +* feat(kuma-cp): multitenant counter metrics [#6707](https://github.com/kumahq/kuma/pull/6707) @jakubdyszkiewicz +* feat(kuma-cp): remove unnecessary reconciliation of pods on configmap… [#7014](https://github.com/kumahq/kuma/pull/7014) @Automaat +* feat(kuma-cp): support MeshHTTPRoute targetRef [#6983](https://github.com/kumahq/kuma/pull/6983) @lobkovilya +* feat(mesh): allow disabling default policy creation [#6481](https://github.com/kumahq/kuma/pull/6481) [#6931](https://github.com/kumahq/kuma/pull/6931) @johnharris85 +* feat(meshaccesslog): use "type" to express oneof [#6676](https://github.com/kumahq/kuma/pull/6676) @lobkovilya +* feat(meshtrace): use "type" to express oneof [#6679](https://github.com/kumahq/kuma/pull/6679) @lobkovilya +* feat(mtls): generate certificates for Address and AdvertisedAddress for Dataplane and Ingress [#6584](https://github.com/kumahq/kuma/pull/6584) @mmorel-35 +* feat(multitenancy): postgres events [#6799](https://github.com/kumahq/kuma/pull/6799) @jakubdyszkiewicz +* feat(policy): add MeshTCPRoute [#6806](https://github.com/kumahq/kuma/pull/6806) [#6873](https://github.com/kumahq/kuma/pull/6873) [#6888](https://github.com/kumahq/kuma/pull/6888) @bartsmykla +* feat(resources): retry upsert on resource already exist [#7022](https://github.com/kumahq/kuma/pull/7022) @jakubdyszkiewicz +* feat(tls): remove commonName in certificate generation [#6627](https://github.com/kumahq/kuma/pull/6627) @mmorel-35 +* feat(ui): add mode in the config in the index.html [#6942](https://github.com/kumahq/kuma/pull/6942) @lahabana +* feat(webhook): make init ordering configurable first/last [#7070](https://github.com/kumahq/kuma/pull/7070) @johnharris85 +* feat(webhook): warn/fail if containers use same UID as sidecar [#7042](https://github.com/kumahq/kuma/pull/7042) @johnharris85 +* fix(GatewayAPI): convert HTTP header names to lowercase [#6704](https://github.com/kumahq/kuma/pull/6704) @michaelbeaumont +* fix(GatewayAPI): don't panic if an HTTPRoute references a Gateway with a nonexistent GatewayClass [#6722](https://github.com/kumahq/kuma/pull/6722) @michaelbeaumont +* fix(GatewayAPI): don't share HTTPRoute conditions between parentRefs [#6537](https://github.com/kumahq/kuma/pull/6537) @michaelbeaumont +* fix(GatewayAPI): npe errors [#6852](https://github.com/kumahq/kuma/pull/6852) @michaelbeaumont +* fix(GatewayAPI): reconcile Gateways on Secret changes [#6754](https://github.com/kumahq/kuma/pull/6754) @michaelbeaumont +* fix(MeshGateway): don't strip ports from host [#6755](https://github.com/kumahq/kuma/pull/6755) @michaelbeaumont +* fix(MeshGateway): tweak route precedence to match Gateway API [#6843](https://github.com/kumahq/kuma/pull/6843) @michaelbeaumont +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service [#7069](https://github.com/kumahq/kuma/pull/7069) @michaelbeaumont +* fix(MeshHTTPRoute): assume default catch all path (any path starting with "/") in route match when not explicitly set [#6993](https://github.com/kumahq/kuma/pull/6993) @bartsmykla +* fix(MeshHTTPRoute): only configure HTTP outbounds or with an explicit matching rule [#6876](https://github.com/kumahq/kuma/pull/6876) @michaelbeaumont +* fix(MeshHTTPRoute): rename Prefix to PathPrefix [#6578](https://github.com/kumahq/kuma/pull/6578) @michaelbeaumont +* fix(MeshHTTPRoute): require at least one match [#6796](https://github.com/kumahq/kuma/pull/6796) @michaelbeaumont +* fix(MeshRetry): set MeshGateway retry on routes not virtual hosts [#7029](https://github.com/kumahq/kuma/pull/7029) @michaelbeaumont +* fix(MeshRetry): support MeshGateway [#6779](https://github.com/kumahq/kuma/pull/6779) @lobkovilya +* fix(MeshTimeout): only apply Mesh targeted HTTP timeouts for MeshGateway [#6981](https://github.com/kumahq/kuma/pull/6981) @michaelbeaumont +* fix(MeshTimeout): set idle timeout on gateways, use route action instead of hcm [#6884](https://github.com/kumahq/kuma/pull/6884) @michaelbeaumont +* fix(MeshTrace): create spans with MeshGateway [#7043](https://github.com/kumahq/kuma/pull/7043) @michaelbeaumont +* fix(api-server): service-insights should never return items: null [#6648](https://github.com/kumahq/kuma/pull/6648) @lahabana +* fix(config): add delta xds flag to defaults [#7085](https://github.com/kumahq/kuma/pull/7085) @johnharris85 +* fix(gateway): don't skip retry policy with retry methods [#6896](https://github.com/kumahq/kuma/pull/6896) @bartsmykla +* fix(helm): change CNI priorityClass from system-cluster-critical to system-node-critical [#6634](https://github.com/kumahq/kuma/pull/6634) @michaelbeaumont +* fix(helm): correct appProtocol configurations for https [#7087](https://github.com/kumahq/kuma/pull/7087) @johnharris85 +* fix(helm): update HPA API version [#6792](https://github.com/kumahq/kuma/pull/6792) @johnharris85 +* fix(helm): use correct secret for CP CA in ingress/egress [#6663](https://github.com/kumahq/kuma/pull/6663) @michaelbeaumont +* fix(insights): react on events [#6826](https://github.com/kumahq/kuma/pull/6826) @jakubdyszkiewicz +* fix(kds): trim system namespace suffix from names of plugin originated policies when syncing resources from global to zones in multizone mode. [#7019](https://github.com/kumahq/kuma/pull/7019) @bartsmykla +* fix(kuma-cp): add backward compatible reading of virtual outbound from config [#7088](https://github.com/kumahq/kuma/pull/7088) @Automaat +* fix(kuma-cp): add missing validation for MeshTimeout [#7035](https://github.com/kumahq/kuma/pull/7035) @lobkovilya +* fix(kuma-cp): make finalizer tenant aware [#6929](https://github.com/kumahq/kuma/pull/6929) @lukidzi +* fix(kuma-cp): make store changes processing more reliable [#6728](https://github.com/kumahq/kuma/pull/6728) @lukidzi +* fix(kuma-cp): make zone insight context independent from parent [#6909](https://github.com/kumahq/kuma/pull/6909) @lukidzi +* fix(kuma-cp): race condition when proxy connects to the same CP in less than KUMA_XDS_DATAPLANE_DEREGISTRATION_DELAY [#6568](https://github.com/kumahq/kuma/pull/6568) @lobkovilya +* fix(kuma-cp): replace err with log when TargetRef can't be resolved [#7032](https://github.com/kumahq/kuma/pull/7032) @lobkovilya +* fix(kuma-cp): reset idleTimeout from the old Timeout policy [#6747](https://github.com/kumahq/kuma/pull/6747) @lobkovilya +* fix(kuma-cp): use port instead of target port of a headless service [#7063](https://github.com/kumahq/kuma/pull/7063) @jakubdyszkiewicz +* fix(kuma-cp): wait between the proxy termination and its deregistration [#6533](https://github.com/kumahq/kuma/pull/6533) @lobkovilya +* fix(kuma-dp): honour app content-type [#6783](https://github.com/kumahq/kuma/pull/6783) @AyushSenapati +* fix(kumactl): return after loading configuration from memory [#6518](https://github.com/kumahq/kuma/pull/6518) @lukidzi +* fix(multitenancy): global tenant in intercp when creating certs [#6789](https://github.com/kumahq/kuma/pull/6789) @jakubdyszkiewicz +* perf(k8s): don't reconcile all pods when a service changes [#6986](https://github.com/kumahq/kuma/pull/6986) @lahabana +* perf(k8s): omit fetching other dataplanes when vips are in the config map [#6940](https://github.com/kumahq/kuma/pull/6940) @jakubdyszkiewicz +* refactor(kds): remove unnecessary function nesting for MapZoneTokenSigningKeyGlobalToPublicKey resource mapper in kds context [#7018](https://github.com/kumahq/kuma/pull/7018) @bartsmykla + + +## 2.2.2 +> Released on 2023/06/21 + +* chore(deps): bump go version from 1.20.3 to 1.20.5 [#6987](https://github.com/kumahq/kuma/pull/6987) @lukidzi +* chore(deps): upgrade envoy to 1.25.7 [#6967](https://github.com/kumahq/kuma/pull/6967) @lukidzi +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service (backport of #7069) [#7081](https://github.com/kumahq/kuma/pull/7081) @kumahq +* fix(gateway): don't skip retry policy with retry methods (backport of #6896) [#6899](https://github.com/kumahq/kuma/pull/6899) @kumahq +* fix(kuma-cp): make store changes processing more reliable (backport of #6728) [#6765](https://github.com/kumahq/kuma/pull/6765) @kumahq + + +## 2.1.3 +> Released on 2023/06/21 + +* chore(deps): upgrade envoy to 1.24.8 [#6969](https://github.com/kumahq/kuma/pull/6969) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#6573](https://github.com/kumahq/kuma/pull/6573) [#6575](https://github.com/kumahq/kuma/pull/6575) [#6886](https://github.com/kumahq/kuma/pull/6886) @kumahq +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service (backport of #7069) [#7078](https://github.com/kumahq/kuma/pull/7078) @kumahq +* fix(docker/kumactl): add entrypoint to kumactl img (backport #6593) [#6595](https://github.com/kumahq/kuma/pull/6595) @mergify +* fix(gateway): don't skip retry policy with retry methods (backport of #6896) [#6900](https://github.com/kumahq/kuma/pull/6900) @kumahq +* fix(kuma-cp): make store changes processing more reliable (backport of #6728) [#6767](https://github.com/kumahq/kuma/pull/6767) @kumahq + + +## 2.0.5 +> Released on 2023/06/21 + +* chore(deps): upgrade envoy to 1.24.8 [#6968](https://github.com/kumahq/kuma/pull/6968) @lukidzi +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service (backport of #7069) [#7080](https://github.com/kumahq/kuma/pull/7080) @kumahq +* fix(gateway): don't skip retry policy with retry methods (backport of #6896) [#6901](https://github.com/kumahq/kuma/pull/6901) @kumahq +* fix(kuma-cp): make store changes processing more reliable (backport of #6728) [#6763](https://github.com/kumahq/kuma/pull/6763) @kumahq + + +## 1.8.6 +> Released on 2023/06/21 + +* chore(deps): upgrade envoy to 1.24.8 [#6966](https://github.com/kumahq/kuma/pull/6966) @lukidzi +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service (backport of #7069) [#7079](https://github.com/kumahq/kuma/pull/7079) @kumahq +* fix(gateway): don't skip retry policy with retry methods (backport of #6896) [#6902](https://github.com/kumahq/kuma/pull/6902) @kumahq +* fix(kuma-cp): make store changes processing more reliable (backport of #6728) [#6764](https://github.com/kumahq/kuma/pull/6764) @kumahq + + +## 2.2.1 +> Released on 2023/05/03 + +* chore(deps): bump golang from 1.20.2 to 1.20.3 [#6597](https://github.com/kumahq/kuma/pull/6597) @mergify +* chore(deps): use latest kumahq/kuma-gui [#6574](https://github.com/kumahq/kuma/pull/6574) @kumahq +* fix(docker/kumactl): add entrypoint to kumactl img (backport #6593) [#6594](https://github.com/kumahq/kuma/pull/6594) @mergify + + +## 2.2.0 +> Released on 2023/04/14 + +* Modify helm.sh script to make sure no duplicate manifests will be present in packaged chart [#6512](https://github.com/kumahq/kuma/pull/6512) @bartsmykla +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5982](https://github.com/kumahq/kuma/pull/5982) @lahabana +* chore(deps): bump actions/setup-go from 3 to 4 [#6311](https://github.com/kumahq/kuma/pull/6311) @dependabot +* chore(deps): bump cirello.io/pglock from 1.10.0 to 1.11.0 [#6149](https://github.com/kumahq/kuma/pull/6149) @dependabot +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6227](https://github.com/kumahq/kuma/pull/6227) @michaelbeaumont +* chore(deps): bump github.com/cilium/ebpf from 0.9.1 to 0.10.0 [#6152](https://github.com/kumahq/kuma/pull/6152) @dependabot +* chore(deps): bump github.com/containerd/cgroups from 1.0.4 to 1.1.0 [#5878](https://github.com/kumahq/kuma/pull/5878) @dependabot +* chore(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.18 [#6051](https://github.com/kumahq/kuma/pull/6051) @dependabot +* chore(deps): bump github.com/emicklei/go-restful/v3 from 3.10.1 to 3.10.2 [#6261](https://github.com/kumahq/kuma/pull/6261) @dependabot +* chore(deps): bump github.com/envoyproxy/go-control-plane from 0.10.3 to 0.11.0 [#5947](https://github.com/kumahq/kuma/pull/5947) @dependabot +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.9.1 to 0.10.1 [#6307](https://github.com/kumahq/kuma/pull/6307) [#6316](https://github.com/kumahq/kuma/pull/6316) @dependabot +* chore(deps): bump github.com/go-logr/logr from 1.2.3 to 1.2.4 [#6454](https://github.com/kumahq/kuma/pull/6454) @dependabot +* chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.3 to 4.5.0 [#6071](https://github.com/kumahq/kuma/pull/6071) @dependabot +* chore(deps): bump github.com/golang/protobuf from 1.5.2 to 1.5.3 [#6263](https://github.com/kumahq/kuma/pull/6263) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.41.9 to 0.41.15 [#5924](https://github.com/kumahq/kuma/pull/5924) [#6076](https://github.com/kumahq/kuma/pull/6076) [#6258](https://github.com/kumahq/kuma/pull/6258) @dependabot +* chore(deps): bump github.com/miekg/dns from 1.1.50 to 1.1.53 [#6150](https://github.com/kumahq/kuma/pull/6150) [#6262](https://github.com/kumahq/kuma/pull/6262) [#6453](https://github.com/kumahq/kuma/pull/6453) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.7.0 to 2.9.2 [#5928](https://github.com/kumahq/kuma/pull/5928) [#6043](https://github.com/kumahq/kuma/pull/6043) [#6074](https://github.com/kumahq/kuma/pull/6074) [#6172](https://github.com/kumahq/kuma/pull/6172) [#6208](https://github.com/kumahq/kuma/pull/6208) [#6260](https://github.com/kumahq/kuma/pull/6260) [#6355](https://github.com/kumahq/kuma/pull/6355) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.25.0 to 1.27.6 [#5874](https://github.com/kumahq/kuma/pull/5874) [#6072](https://github.com/kumahq/kuma/pull/6072) [#6167](https://github.com/kumahq/kuma/pull/6167) [#6259](https://github.com/kumahq/kuma/pull/6259) [#6271](https://github.com/kumahq/kuma/pull/6271) [#6353](https://github.com/kumahq/kuma/pull/6353) [#6450](https://github.com/kumahq/kuma/pull/6450) @dependabot +* chore(deps): bump github.com/prometheus/common from 0.39.0 to 0.42.0 [#6073](https://github.com/kumahq/kuma/pull/6073) [#6273](https://github.com/kumahq/kuma/pull/6273) @dependabot +* chore(deps): bump github.com/prometheus/prometheus from 0.41.0 to 0.42.0 [#5927](https://github.com/kumahq/kuma/pull/5927) @dependabot +* chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 [#6475](https://github.com/kumahq/kuma/pull/6475) @dependabot +* chore(deps): bump github.com/spiffe/go-spiffe from 0.0.0-20190820222348-6adcf1eecbcc to github.com/spiffe/go-spiffe/v2 [#6151](https://github.com/kumahq/kuma/pull/6151) @dependabot +* chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.2 to 2.1.4 [#6313](https://github.com/kumahq/kuma/pull/6313) [#6451](https://github.com/kumahq/kuma/pull/6451) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.15.0 to 0.18.0 [#6075](https://github.com/kumahq/kuma/pull/6075) @dependabot +* chore(deps): bump github.com/vishvananda/netns to 0.0.4 [#6103](https://github.com/kumahq/kuma/pull/6103) @mmorel-35 +* chore(deps): bump go from 1.18 to 1.20.2 [#6179](https://github.com/kumahq/kuma/pull/6179) [#6279](https://github.com/kumahq/kuma/pull/6279) @jakubdyszkiewicz,@lahabana +* chore(deps): bump go.uber.org/multierr from 1.9.0 to 1.11.0 [#6264](https://github.com/kumahq/kuma/pull/6264) [#6452](https://github.com/kumahq/kuma/pull/6452) @dependabot +* chore(deps): bump golang.org/x/net from 0.5.0 to 0.8.0 [#6003](https://github.com/kumahq/kuma/pull/6003) [#6042](https://github.com/kumahq/kuma/pull/6042) [#6209](https://github.com/kumahq/kuma/pull/6209) @dependabot +* chore(deps): bump golang.org/x/sys from 0.4.0 to 0.7.0 [#5948](https://github.com/kumahq/kuma/pull/5948) [#6476](https://github.com/kumahq/kuma/pull/6476) @dependabot +* chore(deps): bump golang.org/x/text from 0.6.0 to 0.8.0 [#6004](https://github.com/kumahq/kuma/pull/6004) [#6211](https://github.com/kumahq/kuma/pull/6211) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.52.0 to 1.54.0 [#5877](https://github.com/kumahq/kuma/pull/5877) [#5946](https://github.com/kumahq/kuma/pull/5946) [#6354](https://github.com/kumahq/kuma/pull/6354) @dependabot +* chore(deps): bump google.golang.org/protobuf from 1.28.1 to 1.30.0 [#6274](https://github.com/kumahq/kuma/pull/6274) [#6309](https://github.com/kumahq/kuma/pull/6309) @dependabot +* chore(deps): bump gopkg.in/natefinch/lumberjack.v2 from 2.0.0 to 2.2.1 [#5949](https://github.com/kumahq/kuma/pull/5949) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.11.0 to 3.11.2 [#5962](https://github.com/kumahq/kuma/pull/5962) [#6265](https://github.com/kumahq/kuma/pull/6265) @dependabot +* chore(deps): bump k8s.io/apiextensions-apiserver from 0.26.1 to 0.26.3 [#6168](https://github.com/kumahq/kuma/pull/6168) [#6318](https://github.com/kumahq/kuma/pull/6318) @dependabot +* chore(deps): bump k8s.io/klog/v2 from 2.90.0 to 2.90.1 [#6207](https://github.com/kumahq/kuma/pull/6207) @dependabot +* chore(deps): bump k8s.io/kubectl from 0.26.1 to 0.26.3 [#6171](https://github.com/kumahq/kuma/pull/6171) [#6308](https://github.com/kumahq/kuma/pull/6308) @dependabot +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.1 to 0.14.6 [#5875](https://github.com/kumahq/kuma/pull/5875) [#5926](https://github.com/kumahq/kuma/pull/5926) [#6210](https://github.com/kumahq/kuma/pull/6210) [#6455](https://github.com/kumahq/kuma/pull/6455) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.11.1 to 0.11.3 [#5876](https://github.com/kumahq/kuma/pull/5876) [#5925](https://github.com/kumahq/kuma/pull/5925) @dependabot +* chore(deps): bump sigs.k8s.io/gateway-api from v0.5.1 to v0.6.0 [#5559](https://github.com/kumahq/kuma/pull/5559) @michaelbeaumont +* chore(deps): bump tibdex/github-app-token from 1.7.0 to 1.8.0 [#5879](https://github.com/kumahq/kuma/pull/5879) @dependabot +* chore(deps): remove dependency on github.com/prometheus/prometheus [#6204](https://github.com/kumahq/kuma/pull/6204) @lahabana +* chore(deps): security update [#6397](https://github.com/kumahq/kuma/pull/6397) [#6473](https://github.com/kumahq/kuma/pull/6473) @kumahq +* chore(deps): use latest kumahq/kuma-gui [#5866](https://github.com/kumahq/kuma/pull/5866) [#5883](https://github.com/kumahq/kuma/pull/5883) [#5911](https://github.com/kumahq/kuma/pull/5911) [#5931](https://github.com/kumahq/kuma/pull/5931) [#5937](https://github.com/kumahq/kuma/pull/5937) [#5940](https://github.com/kumahq/kuma/pull/5940) [#5952](https://github.com/kumahq/kuma/pull/5952) [#5958](https://github.com/kumahq/kuma/pull/5958) [#6002](https://github.com/kumahq/kuma/pull/6002) [#6067](https://github.com/kumahq/kuma/pull/6067) [#6078](https://github.com/kumahq/kuma/pull/6078) [#6155](https://github.com/kumahq/kuma/pull/6155) [#6158](https://github.com/kumahq/kuma/pull/6158) [#6161](https://github.com/kumahq/kuma/pull/6161) [#6176](https://github.com/kumahq/kuma/pull/6176) [#6197](https://github.com/kumahq/kuma/pull/6197) [#6216](https://github.com/kumahq/kuma/pull/6216) [#6243](https://github.com/kumahq/kuma/pull/6243) [#6302](https://github.com/kumahq/kuma/pull/6302) [#6317](https://github.com/kumahq/kuma/pull/6317) [#6345](https://github.com/kumahq/kuma/pull/6345) [#6360](https://github.com/kumahq/kuma/pull/6360) [#6373](https://github.com/kumahq/kuma/pull/6373) [#6400](https://github.com/kumahq/kuma/pull/6400) [#6402](https://github.com/kumahq/kuma/pull/6402) [#6425](https://github.com/kumahq/kuma/pull/6425) @kumahq +* feat(GatewayAPI): support HTTPRoutePathRedirect [#6437](https://github.com/kumahq/kuma/pull/6437) @michaelbeaumont +* feat(GatewayAPI): support ResponseHeaderModifier in HTTPRoute [#6000](https://github.com/kumahq/kuma/pull/6000) @michaelbeaumont +* feat(GatewayAPI): update to v0.6.2 [#6293](https://github.com/kumahq/kuma/pull/6293) @michaelbeaumont +* feat(MeshAccessLog): support OpenTelemetry [#5999](https://github.com/kumahq/kuma/pull/5999) @michaelbeaumont +* feat(MeshGateway): auto host rewrite for gateway route [#6328](https://github.com/kumahq/kuma/pull/6328) @bartsmykla +* feat(MeshGateway): support deployment customization for MeshGatewayInstance [#6348](https://github.com/kumahq/kuma/pull/6348) [#6388](https://github.com/kumahq/kuma/pull/6388) @johnharris85 +* feat(MeshHTTPRoute): add RequestMirror filter [#6064](https://github.com/kumahq/kuma/pull/6064) @lobkovilya +* feat(MeshHTTPRoute): add header matching [#5943](https://github.com/kumahq/kuma/pull/5943) @michaelbeaumont +* feat(MeshHTTPRoute): add path modifier to redirect [#5918](https://github.com/kumahq/kuma/pull/5918) @lobkovilya +* feat(MeshHTTPRoute): cross-zone support [#5984](https://github.com/kumahq/kuma/pull/5984) @michaelbeaumont +* feat(MeshProxyPatch): add json patch support [#6281](https://github.com/kumahq/kuma/pull/6281) @bartsmykla +* feat(MeshRetry): add host selection predicates [#6465](https://github.com/kumahq/kuma/pull/6465) @johnharris85 +* feat(MeshTrace): add support for opentelemetry trace backend [#5992](https://github.com/kumahq/kuma/pull/5992) @frzifus +* feat(api-server): manual mTLS [#5979](https://github.com/kumahq/kuma/pull/5979) @jakubdyszkiewicz +* feat(api-server): whoami endpoint [#6120](https://github.com/kumahq/kuma/pull/6120) @jakubdyszkiewicz +* feat(auth): separate authenticators for dp and zone proxy [#5991](https://github.com/kumahq/kuma/pull/5991) @jakubdyszkiewicz +* feat(helm): add default CNI resources [#6287](https://github.com/kumahq/kuma/pull/6287) @michaelbeaumont +* feat(helm): dynamic admission server port [#6344](https://github.com/kumahq/kuma/pull/6344) @d4kine +* feat(helm): make egress resources configurable [#6286](https://github.com/kumahq/kuma/pull/6286) @dascole +* feat(helm): make it possbile to install universal cp on k8s [#5913](https://github.com/kumahq/kuma/pull/5913) @slonka +* feat(k8s): add a configuration option to list allowed service accounts [#6505](https://github.com/kumahq/kuma/pull/6505) @slonka +* feat(k8s): add annotation `prometheus.metrics.kuma.io/aggregate-application-address` to scrape custom address on k8s [#6289](https://github.com/kumahq/kuma/pull/6289) @slonka +* feat(k8s): set `kubectl.kubernetes.io/default-container` pod annotation [#6055](https://github.com/kumahq/kuma/pull/6055) @michaelbeaumont +* feat(kds): allow running non-tls KDS server [#6145](https://github.com/kumahq/kuma/pull/6145) @slonka +* feat(kds): delta KDS [#6278](https://github.com/kumahq/kuma/pull/6278) [#6358](https://github.com/kumahq/kuma/pull/6358) @lukidzi +* feat(kds): enable nack backoff [#5894](https://github.com/kumahq/kuma/pull/5894) @jakubdyszkiewicz +* feat(kuma-cp): allow Mesh default resources regeneration without deletion and restart [#6223](https://github.com/kumahq/kuma/pull/6223) @michaelbeaumont +* feat(kuma-cp): init container first by default [#5857](https://github.com/kumahq/kuma/pull/5857) @zekth +* feat(kumactl): generate public key command [#5917](https://github.com/kumahq/kuma/pull/5917) @jakubdyszkiewicz +* feat(kumactl): remove ca-cert or skip-verify requirement [#6140](https://github.com/kumahq/kuma/pull/6140) @jakubdyszkiewicz +* feat(persistence): change lib/pq to pgx [#6257](https://github.com/kumahq/kuma/pull/6257) @slonka +* feat(persistence): create pgx store [#6359](https://github.com/kumahq/kuma/pull/6359) [#6457](https://github.com/kumahq/kuma/pull/6457) @slonka +* feat(policies): extend policy matching API to work with egress and external services [#6379](https://github.com/kumahq/kuma/pull/6379) @lobkovilya +* feat(policies): implement MeshLoadBalancingStrategy [#6117](https://github.com/kumahq/kuma/pull/6117) [#6163](https://github.com/kumahq/kuma/pull/6163) [#6202](https://github.com/kumahq/kuma/pull/6202) [#6390](https://github.com/kumahq/kuma/pull/6390) @lobkovilya +* feat(tokens): allow kid to be a string [#5944](https://github.com/kumahq/kuma/pull/5944) @jakubdyszkiewicz +* feat(tokens): issue tokens offline [#5919](https://github.com/kumahq/kuma/pull/5919) @jakubdyszkiewicz +* feat(tokens): offline validation [#6085](https://github.com/kumahq/kuma/pull/6085) @jakubdyszkiewicz +* feat(tproxy): make tproxy v2 and CNI v2 default [#6083](https://github.com/kumahq/kuma/pull/6083) @bartsmykla +* fix(GatewayAPI): always set an explicit HTTPRoute Parents in status [#6367](https://github.com/kumahq/kuma/pull/6367) @michaelbeaumont +* fix(GatewayAPI): correctly handle invalid backendRefs [#6428](https://github.com/kumahq/kuma/pull/6428) @michaelbeaumont +* fix(MeshHTTPRoute): filter URLRewrite should be configured with ClusterSpecifier [#5920](https://github.com/kumahq/kuma/pull/5920) @lobkovilya +* fix(MeshRetry): guard against multiple previous priorities [#6496](https://github.com/kumahq/kuma/pull/6496) @johnharris85 +* fix(MeshTimeout): apply MeshTimeout defaults when one of `from` or `to` section is missing [#5902](https://github.com/kumahq/kuma/pull/5902) @Automaat +* fix(ca/builtin): be less verbose when creating CA secrets [#6217](https://github.com/kumahq/kuma/pull/6217) @michaelbeaumont +* fix(docker): set `SHELL` to an existing binary [#6192](https://github.com/kumahq/kuma/pull/6192) @michaelbeaumont +* fix(docker): use no ssl image [#5560](https://github.com/kumahq/kuma/pull/5560) @slonka +* fix(helm): add appProtocol to services we create [#6157](https://github.com/kumahq/kuma/pull/6157) @lahabana +* fix(helm): don't include taint controller env when cni disabled [#6148](https://github.com/kumahq/kuma/pull/6148) @lukidzi +* fix(helm): dont specify a default type for extraSecrets [#5932](https://github.com/kumahq/kuma/pull/5932) @wheelerlaw +* fix(helm): make it possible to use custom CA in egress and ingress [#5980](https://github.com/kumahq/kuma/pull/5980) @lahabana +* fix(helm): postgres client cert setup [#6335](https://github.com/kumahq/kuma/pull/6335) @slonka +* fix(helm): remove universal on kubernetes env vars that are supposed to be provided via secrets [#5938](https://github.com/kumahq/kuma/pull/5938) @slonka +* fix(helm): security contexts for ebpf cleanup hook [#6235](https://github.com/kumahq/kuma/pull/6235) @bartsmykla +* fix(helm): set CP memory limits, by default equal to memory request, set CP CPU requests [#6127](https://github.com/kumahq/kuma/pull/6127) @michaelbeaumont +* fix(helm): set migration container resources and securityContext [#6255](https://github.com/kumahq/kuma/pull/6255) @michaelbeaumont +* fix(helm): set readOnlyRootFilesystem/runAsNonRoot, create a ServiceAccount in correct release namespace [#6121](https://github.com/kumahq/kuma/pull/6121) @michaelbeaumont +* fix(helm): set readOnlyRootFilesystem/runAsUser/runAsGroup on ingress/egress deployments [#6164](https://github.com/kumahq/kuma/pull/6164) @michaelbeaumont +* fix(helm): upgrade CRDs instead of installing missing CRDs [#6403](https://github.com/kumahq/kuma/pull/6403) @jakubdyszkiewicz +* fix(helm): use emptyDir at /tmp with CP [#6162](https://github.com/kumahq/kuma/pull/6162) @michaelbeaumont +* fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 [#6374](https://github.com/kumahq/kuma/pull/6374) @jakubdyszkiewicz +* fix(kuma-cp): allow names of the resource to be longer and validate the length [#6123](https://github.com/kumahq/kuma/pull/6123) @lukidzi +* fix(kuma-cp): change default value for KubeOutboundsAsVIPs [#6057](https://github.com/kumahq/kuma/pull/6057) @Automaat +* fix(kuma-cp): change validation of resources synced to global [#6178](https://github.com/kumahq/kuma/pull/6178) @jakubdyszkiewicz +* fix(kuma-cp): don't let CA requests for other meshes block generation [#6282](https://github.com/kumahq/kuma/pull/6282) @michaelbeaumont +* fix(kuma-cp): traffic split with internal and external service [#5904](https://github.com/kumahq/kuma/pull/5904) @lobkovilya +* fix(kuma-cp): zone ingress mixes services with the same name in different meshes [#6364](https://github.com/kumahq/kuma/pull/6364) @lobkovilya +* fix(kumactl): don't check compatibility when talking to a preview version [#6143](https://github.com/kumahq/kuma/pull/6143) @lahabana +* fix(policy): merging of policies results in not applying policy on some outbounds [#6460](https://github.com/kumahq/kuma/pull/6460) @jakubdyszkiewicz +* fix(tproxy): allow disabling ipv6 for tproxy [#5923](https://github.com/kumahq/kuma/pull/5923) @bartsmykla + + +## 2.0.4 +> Released on 2023/04/07 + +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6238](https://github.com/kumahq/kuma/pull/6238) @mergify +* chore(deps): bump gorestful and jwt [#6221](https://github.com/kumahq/kuma/pull/6221) @lahabana +* chore(deps): remove dependency on github.com/prometheus/prometheus (backport #6204) [#6206](https://github.com/kumahq/kuma/pull/6206) @mergify +* chore(deps): security update [#6063](https://github.com/kumahq/kuma/pull/6063) [#6395](https://github.com/kumahq/kuma/pull/6395) [#6472](https://github.com/kumahq/kuma/pull/6472) @kumahq +* chore(deps): upgrade envoy to v1.22.10 (backport #6483) [#6484](https://github.com/kumahq/kuma/pull/6484) @mergify +* fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 (backport #6374) [#6377](https://github.com/kumahq/kuma/pull/6377) @mergify +* fix(policy): matcher with same key not the same value (backport #6460) [#6467](https://github.com/kumahq/kuma/pull/6467) @mergify + + +## 2.1.2 +> Released on 2023/04/06 + +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6237](https://github.com/kumahq/kuma/pull/6237) @mergify +* chore(deps): remove dependency on github.com/prometheus/prometheus (backport #6204) [#6205](https://github.com/kumahq/kuma/pull/6205) @mergify +* chore(deps): security update [#6062](https://github.com/kumahq/kuma/pull/6062) [#6392](https://github.com/kumahq/kuma/pull/6392) [#6471](https://github.com/kumahq/kuma/pull/6471) @kumahq +* chore(deps): upgrade envoy to v1.22.10 [#6483](https://github.com/kumahq/kuma/pull/6483) @michaelbeaumont +* fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 (backport #6374) [#6376](https://github.com/kumahq/kuma/pull/6376) @mergify +* fix(kuma-cp): add components in runtime (backport #6350) [#6381](https://github.com/kumahq/kuma/pull/6381) @mergify +* fix(kuma-cp): don't let CA requests for other meshes block generation (backport #6282) [#6284](https://github.com/kumahq/kuma/pull/6284) @mergify +* fix(policy): matcher with same key not the same value (backport #6460) [#6466](https://github.com/kumahq/kuma/pull/6466) @mergify + + +## 1.8.5 +> Released on 2023/04/06 + +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6239](https://github.com/kumahq/kuma/pull/6239) @mergify +* chore(deps): bump gorestful and jwt [#6203](https://github.com/kumahq/kuma/pull/6203) @lahabana +* chore(deps): security update [#6059](https://github.com/kumahq/kuma/pull/6059) [#6396](https://github.com/kumahq/kuma/pull/6396) [#6468](https://github.com/kumahq/kuma/pull/6468) @kumahq +* chore(deps): upgrade envoy to v1.22.10 (backport #6483) [#6485](https://github.com/kumahq/kuma/pull/6485) @mergify +* fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 (backport #6374) [#6378](https://github.com/kumahq/kuma/pull/6378) @mergify + + +## 1.7.6 +> Released on 2023/04/06 + +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6240](https://github.com/kumahq/kuma/pull/6240) @mergify +* chore(deps): bump gorestful and jwt (backport #6203) [#6212](https://github.com/kumahq/kuma/pull/6212) @mergify +* chore(deps): security update [#6058](https://github.com/kumahq/kuma/pull/6058) [#6394](https://github.com/kumahq/kuma/pull/6394) [#6469](https://github.com/kumahq/kuma/pull/6469) @kumahq +* chore(deps): upgrade envoy to v1.22.10 (backport #6483) [#6486](https://github.com/kumahq/kuma/pull/6486) @mergify + + +## 2.1.1 +> Released on 2023/02/14 + +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5985](https://github.com/kumahq/kuma/pull/5985) @mergify +* chore(deps): security update [#5965](https://github.com/kumahq/kuma/pull/5965) @kumahq +* chore(deps): use latest kumahq/kuma-gui [#5912](https://github.com/kumahq/kuma/pull/5912) [#5915](https://github.com/kumahq/kuma/pull/5915) [#5977](https://github.com/kumahq/kuma/pull/5977) @kumahq +* feat(api-server): manual mTLS (backport #5979) [#5981](https://github.com/kumahq/kuma/pull/5981) @mergify +* fix(helm): use custom CA in egress and ingress too (backport #5980) [#5993](https://github.com/kumahq/kuma/pull/5993) @mergify +* fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) [#5953](https://github.com/kumahq/kuma/pull/5953) @mergify + + +## 2.0.3 +> Released on 2023/02/14 + +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5986](https://github.com/kumahq/kuma/pull/5986) @mergify +* chore(deps): security update [#5762](https://github.com/kumahq/kuma/pull/5762) [#5969](https://github.com/kumahq/kuma/pull/5969) @kumahq +* fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) [#5954](https://github.com/kumahq/kuma/pull/5954) @mergify + + +## 1.8.4 +> Released on 2023/02/14 + +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5987](https://github.com/kumahq/kuma/pull/5987) @mergify +* chore(deps): security update [#5763](https://github.com/kumahq/kuma/pull/5763) [#5963](https://github.com/kumahq/kuma/pull/5963) @kumahq +* fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) [#5955](https://github.com/kumahq/kuma/pull/5955) @mergify + + +## 1.7.5 +> Released on 2023/02/14 + +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5988](https://github.com/kumahq/kuma/pull/5988) @mergify +* chore(deps): security update [#5766](https://github.com/kumahq/kuma/pull/5766) [#5966](https://github.com/kumahq/kuma/pull/5966) @kumahq + + +## 1.6.5 +> Released on 2023/02/14 + +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5989](https://github.com/kumahq/kuma/pull/5989) @mergify +* chore(deps): security update [#5764](https://github.com/kumahq/kuma/pull/5764) [#5964](https://github.com/kumahq/kuma/pull/5964) @kumahq + + +## 2.1.0 +> Released on 2023/01/30 + +* chore(deps): bump alpine from 3.16.2 to 3.17.0 [#5308](https://github.com/kumahq/kuma/pull/5308) [#5375](https://github.com/kumahq/kuma/pull/5375) @dependabot +* chore(deps): bump github.com/Masterminds/semver/v3 from 3.1.1 to 3.2.0 [#5377](https://github.com/kumahq/kuma/pull/5377) @dependabot +* chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 [#5457](https://github.com/kumahq/kuma/pull/5457) @dependabot +* chore(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12 [#5600](https://github.com/kumahq/kuma/pull/5600) @dependabot +* chore(deps): bump github.com/containernetworking/plugins from 1.1.1 to 1.2.0 [#5733](https://github.com/kumahq/kuma/pull/5733) @dependabot +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.13 to 0.9.1 [#5277](https://github.com/kumahq/kuma/pull/5277) [#5311](https://github.com/kumahq/kuma/pull/5311) [#5460](https://github.com/kumahq/kuma/pull/5460) @dependabot +* chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.4.3 [#5428](https://github.com/kumahq/kuma/pull/5428) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.40.24 to 0.41.8 [#5310](https://github.com/kumahq/kuma/pull/5310) [#5354](https://github.com/kumahq/kuma/pull/5354) [#5426](https://github.com/kumahq/kuma/pull/5426) [#5542](https://github.com/kumahq/kuma/pull/5542) [#5688](https://github.com/kumahq/kuma/pull/5688) @dependabot,@lahabana +* chore(deps): bump github.com/kumahq/kuma-net from 0.8.7 to 0.8.10 [#5298](https://github.com/kumahq/kuma/pull/5298) [#5513](https://github.com/kumahq/kuma/pull/5513) @lukidzi +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.7.0 [#5319](https://github.com/kumahq/kuma/pull/5319) [#5351](https://github.com/kumahq/kuma/pull/5351) [#5687](https://github.com/kumahq/kuma/pull/5687) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.23.0 to 1.25.0 [#5275](https://github.com/kumahq/kuma/pull/5275) [#5313](https://github.com/kumahq/kuma/pull/5313) [#5539](https://github.com/kumahq/kuma/pull/5539) [#5789](https://github.com/kumahq/kuma/pull/5789) @dependabot +* chore(deps): bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0 [#5274](https://github.com/kumahq/kuma/pull/5274) [#5323](https://github.com/kumahq/kuma/pull/5323) @dependabot +* chore(deps): bump github.com/prometheus/common from 0.37.0 to 0.39.0 [#5483](https://github.com/kumahq/kuma/pull/5483) [#5523](https://github.com/kumahq/kuma/pull/5523) @dependabot +* chore(deps): bump github.com/prometheus/prometheus from 0.39.1 to 0.41.0 [#5320](https://github.com/kumahq/kuma/pull/5320) [#5353](https://github.com/kumahq/kuma/pull/5353) [#5376](https://github.com/kumahq/kuma/pull/5376) [#5456](https://github.com/kumahq/kuma/pull/5456) [#5526](https://github.com/kumahq/kuma/pull/5526) [#5546](https://github.com/kumahq/kuma/pull/5546) @dependabot +* chore(deps): bump github.com/sethvargo/go-retry from 0.2.3 to 0.2.4 [#5524](https://github.com/kumahq/kuma/pull/5524) @dependabot +* chore(deps): bump github.com/shopspring/decimal from 1.2.0 to 1.3.1 [#5790](https://github.com/kumahq/kuma/pull/5790) @dependabot +* chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.15.0 [#5273](https://github.com/kumahq/kuma/pull/5273) [#5788](https://github.com/kumahq/kuma/pull/5788) @dependabot +* chore(deps): bump go.uber.org/multierr from 1.8.0 to 1.9.0 [#5525](https://github.com/kumahq/kuma/pull/5525) @dependabot +* chore(deps): bump go.uber.org/zap from 1.23.0 to 1.24.0 [#5427](https://github.com/kumahq/kuma/pull/5427) @dependabot +* chore(deps): bump golang.org/x/net from 0.1.0 to 0.5.0 [#5315](https://github.com/kumahq/kuma/pull/5315) [#5459](https://github.com/kumahq/kuma/pull/5459) [#5623](https://github.com/kumahq/kuma/pull/5623) @dependabot +* chore(deps): bump golang.org/x/sys from 0.1.0 to 0.4.0 [#5312](https://github.com/kumahq/kuma/pull/5312) [#5430](https://github.com/kumahq/kuma/pull/5430) [#5621](https://github.com/kumahq/kuma/pull/5621) @dependabot +* chore(deps): bump golang.org/x/text from 0.4.0 to 0.6.0 [#5458](https://github.com/kumahq/kuma/pull/5458) [#5624](https://github.com/kumahq/kuma/pull/5624) @dependabot +* chore(deps): bump golang.org/x/time from 0.1.0 to 0.3.0 [#5325](https://github.com/kumahq/kuma/pull/5325) [#5429](https://github.com/kumahq/kuma/pull/5429) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.50.1 to 1.52.0 [#5352](https://github.com/kumahq/kuma/pull/5352) [#5686](https://github.com/kumahq/kuma/pull/5686) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.11.0 [#5592](https://github.com/kumahq/kuma/pull/5592) [#5791](https://github.com/kumahq/kuma/pull/5791) @dependabot +* chore(deps): bump istio.io/pkg from v0.0.0-20201202160453-b7f8c8c88ca3 to v0.0.0-20221115183735-2aabb09bf0bb [#5330](https://github.com/kumahq/kuma/pull/5330) @mmorel-35 +* chore(deps): bump k8s.io/apiextensions-apiserver from 0.25.3 to 0.25.4 [#5328](https://github.com/kumahq/kuma/pull/5328) @mmorel-35 +* chore(deps): bump k8s.io/client-go from 0.25.3 to 0.25.4 [#5316](https://github.com/kumahq/kuma/pull/5316) @dependabot +* chore(deps): bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 [#5812](https://github.com/kumahq/kuma/pull/5812) @dependabot +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.13.0 to 0.13.1 [#5276](https://github.com/kumahq/kuma/pull/5276) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.10.0 to 0.11.1, [#5541](https://github.com/kumahq/kuma/pull/5541) @dependabot +* chore(deps): bump tibdex/github-app-token from 1.6.0 to 1.8.0 [#5434](https://github.com/kumahq/kuma/pull/5434) [#5879](https://github.com/kumahq/kuma/pull/5879) @dependabot +* chore(deps): install dev tools and split if more repos [#5528](https://github.com/kumahq/kuma/pull/5528) @lukidzi +* chore(deps): security update [#5761](https://github.com/kumahq/kuma/pull/5761) @kumahq +* chore(deps): update coreDNS to 1.10.0 [#5626](https://github.com/kumahq/kuma/pull/5626) @lahabana +* chore(deps): update to emicklei/go-restful/v3 v3.10.1 and remove `/tokens` [#5324](https://github.com/kumahq/kuma/pull/5324) @dependabot +* chore(deps): upgrade k3d [#5518](https://github.com/kumahq/kuma/pull/5518) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#5265](https://github.com/kumahq/kuma/pull/5265) [#5272](https://github.com/kumahq/kuma/pull/5272) [#5281](https://github.com/kumahq/kuma/pull/5281) [#5307](https://github.com/kumahq/kuma/pull/5307) [#5321](https://github.com/kumahq/kuma/pull/5321) [#5332](https://github.com/kumahq/kuma/pull/5332) [#5346](https://github.com/kumahq/kuma/pull/5346) [#5371](https://github.com/kumahq/kuma/pull/5371) [#5388](https://github.com/kumahq/kuma/pull/5388) [#5405](https://github.com/kumahq/kuma/pull/5405) [#5484](https://github.com/kumahq/kuma/pull/5484) [#5486](https://github.com/kumahq/kuma/pull/5486) [#5509](https://github.com/kumahq/kuma/pull/5509) [#5572](https://github.com/kumahq/kuma/pull/5572) [#5589](https://github.com/kumahq/kuma/pull/5589) [#5619](https://github.com/kumahq/kuma/pull/5619) [#5628](https://github.com/kumahq/kuma/pull/5628) [#5675](https://github.com/kumahq/kuma/pull/5675) [#5685](https://github.com/kumahq/kuma/pull/5685) [#5700](https://github.com/kumahq/kuma/pull/5700) [#5724](https://github.com/kumahq/kuma/pull/5724) [#5732](https://github.com/kumahq/kuma/pull/5732) [#5737](https://github.com/kumahq/kuma/pull/5737) [#5772](https://github.com/kumahq/kuma/pull/5772) [#5800](https://github.com/kumahq/kuma/pull/5800) [#5805](https://github.com/kumahq/kuma/pull/5805) [#5823](https://github.com/kumahq/kuma/pull/5823) [#5826](https://github.com/kumahq/kuma/pull/5826) [#5843](https://github.com/kumahq/kuma/pull/5843) [#5851](https://github.com/kumahq/kuma/pull/5851) [#5863](https://github.com/kumahq/kuma/pull/5863) [#5866](https://github.com/kumahq/kuma/pull/5866) [#5883](https://github.com/kumahq/kuma/pull/5883) @kumahq +* chore(deps): use sigs.k8s.io/yaml [#5215](https://github.com/kumahq/kuma/pull/5215) @mmorel-35 +* feat(MeshAccessLog): add OmitEmptyValues to MeshAccessLog format [#5302](https://github.com/kumahq/kuma/pull/5302) @mmorel-35 +* feat(MeshGatewayInstance): respect `kuma.io/mesh` label [#5256](https://github.com/kumahq/kuma/pull/5256) @michaelbeaumont +* feat(MeshGatewayRoute): response header filter [#5334](https://github.com/kumahq/kuma/pull/5334) @michaelbeaumont +* feat(api-server): ability to set rootUrl for GUI and API [#5295](https://github.com/kumahq/kuma/pull/5295) @lahabana +* feat(api-server): add name search to dataplane overview [#5340](https://github.com/kumahq/kuma/pull/5340) @lahabana +* feat(api-server): contain matches on name and tags [#5606](https://github.com/kumahq/kuma/pull/5606) @lahabana +* feat(build): consistent docker images [#5343](https://github.com/kumahq/kuma/pull/5343) @slonka +* feat(build): idempotent build [#5291](https://github.com/kumahq/kuma/pull/5291) [#5358](https://github.com/kumahq/kuma/pull/5358) [#5403](https://github.com/kumahq/kuma/pull/5403) [#5404](https://github.com/kumahq/kuma/pull/5404) [#5407](https://github.com/kumahq/kuma/pull/5407) [#5440](https://github.com/kumahq/kuma/pull/5440) @slonka +* feat(gateway): add support for match header PRESENT and ABSENT [#5739](https://github.com/kumahq/kuma/pull/5739) @lahabana +* feat(gui): serve index from all paths without extension [#5357](https://github.com/kumahq/kuma/pull/5357) @lahabana +* feat(helm): add tolerations to Helm chart [#5549](https://github.com/kumahq/kuma/pull/5549) @KrustyHack +* feat(helm): allow injecting env from parent projects [#5677](https://github.com/kumahq/kuma/pull/5677) @slonka +* feat(helm): use object instead of list for plugins.policies [#5735](https://github.com/kumahq/kuma/pull/5735) @michaelbeaumont +* feat(kuma-cp): add possibility to run diagnostics on TLS [#5344](https://github.com/kumahq/kuma/pull/5344) @mmorel-35 +* feat(kuma-cp): added configuration of plugins and its order [#5472](https://github.com/kumahq/kuma/pull/5472) @lukidzi +* feat(kuma-cp): intOrString as decimal in the API [#5768](https://github.com/kumahq/kuma/pull/5768) @jakubdyszkiewicz +* feat(kuma-cp): intercp communication protocol [#5445](https://github.com/kumahq/kuma/pull/5445) [#5492](https://github.com/kumahq/kuma/pull/5492) @jakubdyszkiewicz +* feat(kuma-cp): recover from watchdog panics [#5581](https://github.com/kumahq/kuma/pull/5581) @jakubdyszkiewicz +* feat(kuma-cp): remove value of secret when logging Secret Resources [#5384](https://github.com/kumahq/kuma/pull/5384) @Automaat +* feat(kumactl): added option to install transparent proxy with docker [#5284](https://github.com/kumahq/kuma/pull/5284) @lukidzi +* feat(policy): allow merging by a complex key [#5650](https://github.com/kumahq/kuma/pull/5650) @michaelbeaumont +* feat(policy): append policy slices [#5515](https://github.com/kumahq/kuma/pull/5515) @jakubdyszkiewicz +* feat(policy): don't use protobuf for DataSource in policies [#5668](https://github.com/kumahq/kuma/pull/5668) [#5756](https://github.com/kumahq/kuma/pull/5756) @Automaat +* feat(policy): implement MeshCircuitBreaker policy [#5454](https://github.com/kumahq/kuma/pull/5454) [#5493](https://github.com/kumahq/kuma/pull/5493) [#5651](https://github.com/kumahq/kuma/pull/5651) @bartsmykla,@lobkovilya +* feat(policy): implement MeshFaultInjection policy [#5723](https://github.com/kumahq/kuma/pull/5723) [#5773](https://github.com/kumahq/kuma/pull/5773) @lukidzi +* feat(policy): implement MeshHTTPRoute policy [#5530](https://github.com/kumahq/kuma/pull/5530) [#5625](https://github.com/kumahq/kuma/pull/5625) [#5653](https://github.com/kumahq/kuma/pull/5653) [#5746](https://github.com/kumahq/kuma/pull/5746) @michaelbeaumont,@slonka +* feat(policy): implement MeshHealthCheck policy [#5369](https://github.com/kumahq/kuma/pull/5369) [#5415](https://github.com/kumahq/kuma/pull/5415) [#5503](https://github.com/kumahq/kuma/pull/5503) [#5654](https://github.com/kumahq/kuma/pull/5654) [#5713](https://github.com/kumahq/kuma/pull/5713) [#5722](https://github.com/kumahq/kuma/pull/5722) @lahabana,@lobkovilya,@michaelbeaumont,@slonka +* feat(policy): implement MeshProxyPatch policy [#5578](https://github.com/kumahq/kuma/pull/5578) [#5604](https://github.com/kumahq/kuma/pull/5604) @jakubdyszkiewicz +* feat(policy): implement MeshRateLimit policy [#5362](https://github.com/kumahq/kuma/pull/5362) [#5463](https://github.com/kumahq/kuma/pull/5463) [#5710](https://github.com/kumahq/kuma/pull/5710) [#5742](https://github.com/kumahq/kuma/pull/5742) @lobkovilya,@lukidzi +* feat(policy): implement MeshRetry policy [#5478](https://github.com/kumahq/kuma/pull/5478) [#5522](https://github.com/kumahq/kuma/pull/5522) [#5583](https://github.com/kumahq/kuma/pull/5583) [#5749](https://github.com/kumahq/kuma/pull/5749) [#5808](https://github.com/kumahq/kuma/pull/5808) @lobkovilya,@slonka +* feat(policy): implement MeshTimeout policy [#5294](https://github.com/kumahq/kuma/pull/5294) [#5364](https://github.com/kumahq/kuma/pull/5364) [#5568](https://github.com/kumahq/kuma/pull/5568) @Automaat,@michaelbeaumont +* feat(policy): improve rules api [#5785](https://github.com/kumahq/kuma/pull/5785) @lahabana +* feat(policy): validate schema only during the user's input unmarshal [#5566](https://github.com/kumahq/kuma/pull/5566) @lobkovilya +* feat(security): add dependabot security updates to release branches [#5731](https://github.com/kumahq/kuma/pull/5731) [#5734](https://github.com/kumahq/kuma/pull/5734) [#5758](https://github.com/kumahq/kuma/pull/5758) [#5767](https://github.com/kumahq/kuma/pull/5767) [#5778](https://github.com/kumahq/kuma/pull/5778) [#5783](https://github.com/kumahq/kuma/pull/5783) @slonka +* fix(MeshAccessLog): update API to align with the memo [#5580](https://github.com/kumahq/kuma/pull/5580) @lobkovilya +* fix(MeshGateway): properly apply Service template annotations to existing Service [#5674](https://github.com/kumahq/kuma/pull/5674) @michaelbeaumont +* fix(MeshTrace): adjust MeshTrace to follow the memo [#5743](https://github.com/kumahq/kuma/pull/5743) @lobkovilya +* fix(api-server): fix tags filter value with `:` [#5339](https://github.com/kumahq/kuma/pull/5339) @lahabana +* fix(api-server): remove spec from inspect policy output [#5491](https://github.com/kumahq/kuma/pull/5491) @lahabana +* fix(api-server): return 400 on invalid resource name [#5719](https://github.com/kumahq/kuma/pull/5719) @lahabana +* fix(gateway): be more lenient with prefix paths trailing slashes [#5299](https://github.com/kumahq/kuma/pull/5299) @michaelbeaumont +* fix(gui): add version and basedOnKuma to index.html [#5448](https://github.com/kumahq/kuma/pull/5448) @lahabana +* fix(kuma-cp): add option to disable `sslsni` in universal [#5318](https://github.com/kumahq/kuma/pull/5318) @michaelbeaumont +* fix(kuma-cp): allow to set policies order from others projects [#5535](https://github.com/kumahq/kuma/pull/5535) @lukidzi +* fix(kuma-cp): change way of setting if resource is read only [#5345](https://github.com/kumahq/kuma/pull/5345) @lukidzi +* fix(kuma-cp): concurrent mesh cache map write [#5282](https://github.com/kumahq/kuma/pull/5282) @michaelbeaumont +* fix(kuma-cp): don't cache filtered data [#5574](https://github.com/kumahq/kuma/pull/5574) @lukidzi +* fix(kuma-cp): filtering of name prefix on K8S [#5517](https://github.com/kumahq/kuma/pull/5517) @jakubdyszkiewicz +* fix(kuma-cp): fix appending of pointer to slice in policies config [#5784](https://github.com/kumahq/kuma/pull/5784) @Automaat +* fix(kuma-cp): fix kafka_type tag creation regex [#5507](https://github.com/kumahq/kuma/pull/5507) @Automaat +* fix(kuma-cp): fixed error when logging ExternalServiceResourceList and MeshResourceList [#5423](https://github.com/kumahq/kuma/pull/5423) @Automaat +* fix(kuma-cp): forward envoy admin operations to proper instance [#5466](https://github.com/kumahq/kuma/pull/5466) @jakubdyszkiewicz +* fix(kuma-cp): increase kuma-init memory limit when using ebpf [#5579](https://github.com/kumahq/kuma/pull/5579) @lukidzi +* fix(kuma-cp): kds deadlock [#5373](https://github.com/kumahq/kuma/pull/5373) @jakubdyszkiewicz +* fix(kuma-cp): make validate list aware of the mesh [#5280](https://github.com/kumahq/kuma/pull/5280) @slonka +* fix(kuma-cp): memory store keeps children after owner update [#5372](https://github.com/kumahq/kuma/pull/5372) @jakubdyszkiewicz +* fix(kuma-cp): only put policies in MeshInsight [#5577](https://github.com/kumahq/kuma/pull/5577) @lahabana +* fix(kuma-cp): retrieve name from owner not parsing pod name for Deployments/CronJob [#5569](https://github.com/kumahq/kuma/pull/5569) @lukidzi +* fix(kuma-cp): use sni to verify upstream certificate san when specified instead of address [#5347](https://github.com/kumahq/kuma/pull/5347) @jamesdbloom +* fix(kuma-cp): warn when using deprecated token id [#5520](https://github.com/kumahq/kuma/pull/5520) @lahabana +* fix(kuma-dp): allow to configure address of application to scrape [#5326](https://github.com/kumahq/kuma/pull/5326) @lukidzi +* fix(kuma-dp): tolerate endline in token file [#5591](https://github.com/kumahq/kuma/pull/5591) @lahabana +* fix(kumactl): remove PodSecurityPolicy from install observability [#5382](https://github.com/kumahq/kuma/pull/5382) @michaelbeaumont +* fix(kumactl): set klog to avoid logs from k8s [#5590](https://github.com/kumahq/kuma/pull/5590) @lahabana +* fix(kumactl): use the same client in `kumactl apply` [#5327](https://github.com/kumahq/kuma/pull/5327) @lahabana +* fix(policy): change percentage field from int to intOrString [#5810](https://github.com/kumahq/kuma/pull/5810) @lukidzi +* fix(policy): fix schema.yaml to have correct metadata [#5349](https://github.com/kumahq/kuma/pull/5349) @lahabana +* fix(policy): make targetRef required [#5593](https://github.com/kumahq/kuma/pull/5593) @AyushSenapati +* fix(policy): remove superfluous var usage [#5627](https://github.com/kumahq/kuma/pull/5627) @AyushSenapati +* fix(policy): use GatewayAPI style header modifier in all policies [#5757](https://github.com/kumahq/kuma/pull/5757) @lahabana +* fix(policy): use PascalCase for all constants [#5747](https://github.com/kumahq/kuma/pull/5747) @lahabana +* fix(universal): don't set sslsni option if not disabled (backport #5419) [#5439](https://github.com/kumahq/kuma/pull/5439) @mergify +* fix(xds): don't read metadata in ProxyBuilders [#5414](https://github.com/kumahq/kuma/pull/5414) @lahabana +* fix(xds): sort resources when building MeshContext [#5391](https://github.com/kumahq/kuma/pull/5391) @lobkovilya + +## 1.5.4 +> Released on 2023/01/12 + +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 [#5602](https://github.com/kumahq/kuma/pull/5602) @mergify +* chore(deps): update coreDNS to 1.10.0 (backport #5626) [#5659](https://github.com/kumahq/kuma/pull/5659) @mergify +* chore(helm): remove duplicate keys in resources (backport #4681) [#5642](https://github.com/kumahq/kuma/pull/5642) @mergify +* chore: remove Apache license header from generated files (backport #5565) [#5622](https://github.com/kumahq/kuma/pull/5622) @mergify +* chore: upgrade golang to 1.18.9 (backport #5607) [#5613](https://github.com/kumahq/kuma/pull/5613) @mergify +* fix(kuma-cp): don't cache filtered data (backport #5574) [#5636](https://github.com/kumahq/kuma/pull/5636) @mergify + +## 2.0.2 +> Released on 2023/01/11 + +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 [#5597](https://github.com/kumahq/kuma/pull/5597) @mergify +* chore(deps): update coreDNS to 1.10.0 (backport #5626) [#5655](https://github.com/kumahq/kuma/pull/5655) @mergify +* chore: remove Apache license header from generated files (backport #5565) [#5616](https://github.com/kumahq/kuma/pull/5616) @mergify +* chore: upgrade golang to 1.18.9 (backport #5607) [#5609](https://github.com/kumahq/kuma/pull/5609) @mergify +* fix(kuma-cp): don't cache filtered data (backport #5574) [#5632](https://github.com/kumahq/kuma/pull/5632) @mergify + +## 1.8.3 +> Released on 2023/01/11 + +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 [#5598](https://github.com/kumahq/kuma/pull/5598) @mergify +* chore(deps): update coreDNS to 1.10.0 (backport #5626) [#5656](https://github.com/kumahq/kuma/pull/5656) @mergify +* chore: remove Apache license header from generated files (backport #5565) [#5617](https://github.com/kumahq/kuma/pull/5617) @mergify +* chore: upgrade golang to 1.18.9 (backport #5607) [#5610](https://github.com/kumahq/kuma/pull/5610) @mergify +* fix(kuma-cp): don't cache filtered data (backport #5574) [#5633](https://github.com/kumahq/kuma/pull/5633) @mergify + +## 1.7.4 +> Released on 2023/01/11 + +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 [#5599](https://github.com/kumahq/kuma/pull/5599) @mergify +* chore(deps): update coreDNS to 1.10.0 (backport #5626) [#5657](https://github.com/kumahq/kuma/pull/5657) @mergify +* chore(helm): remove duplicate keys in resources (backport #4681) [#5640](https://github.com/kumahq/kuma/pull/5640) @mergify +* chore: remove Apache license header from generated files (backport #5565) [#5618](https://github.com/kumahq/kuma/pull/5618) @mergify +* chore: upgrade golang to 1.18.9 (backport #5607) [#5611](https://github.com/kumahq/kuma/pull/5611) @mergify +* fix(kuma-cp): don't cache filtered data (backport #5574) [#5634](https://github.com/kumahq/kuma/pull/5634) @mergify + +## 1.6.4 +> Released on 2023/01/11 + +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 [#5601](https://github.com/kumahq/kuma/pull/5601) @mergify +* chore(deps): update coreDNS to 1.10.0 (backport #5626) [#5658](https://github.com/kumahq/kuma/pull/5658) @mergify +* chore(helm): remove duplicate keys in resources (backport #4681) [#5641](https://github.com/kumahq/kuma/pull/5641) @mergify +* chore: remove Apache license header from generated files (backport #5565) [#5620](https://github.com/kumahq/kuma/pull/5620) @mergify +* chore: upgrade golang to 1.18.9 (backport #5607) [#5612](https://github.com/kumahq/kuma/pull/5612) @mergify +* fix(kuma-cp): don't cache filtered data (backport #5574) [#5635](https://github.com/kumahq/kuma/pull/5635) @mergify + +## 2.0.1 +> Released on 2022/12/05 + +* chore: back-ports api base path fix [#5341](https://github.com/kumahq/kuma/pull/5341) @kleinfreund +* feat(kuma-cp): remove value of secret when logging Secret Resources (backport #5384) [#5392](https://github.com/kumahq/kuma/pull/5392) @mergify +* fix(kuma-cp): add option to disable `sslsni` in universal (backport #5318) [#5322](https://github.com/kumahq/kuma/pull/5322) @mergify +* fix(kuma-cp): change way of setting if resource is read only (backport #5345) [#5348](https://github.com/kumahq/kuma/pull/5348) @mergify +* fix(kuma-cp): kds deadlock (backport #5373) [#5397](https://github.com/kumahq/kuma/pull/5397) @mergify +* fix(kuma-cp): use sni to verify upstream certificate san when specified along with address (backport #5347) [#5378](https://github.com/kumahq/kuma/pull/5378) @mergify +* fix(xds): don't read metadata in ProxyBuilders (backport #5414) [#5416](https://github.com/kumahq/kuma/pull/5416) @mergify +* fix: sort resources when building MeshContext (backport #5391) [#5409](https://github.com/kumahq/kuma/pull/5409) @mergify + +## 1.8.2 +> Released on 2022/12/05 + +* feat(kuma-cp): remove value of secret when logging Secret Resources (backport #5384) [#5393](https://github.com/kumahq/kuma/pull/5393) @mergify +* fix(kuma-cp): kds deadlock (backport #5373) [#5398](https://github.com/kumahq/kuma/pull/5398) @mergify +* fix: sort resources when building MeshContext (backport #5391) [#5410](https://github.com/kumahq/kuma/pull/5410) @mergify + +## 2.0.0 +> Released on 2022/11/04 +* chore(.github): remove old release workflow [#4836](https://github.com/kumahq/kuma/pull/4836) @lobkovilya +* chore(api): remove DENY_WITH_SHADOW_ALLOW [#5220](https://github.com/kumahq/kuma/pull/5220) @lobkovilya +* chore(api): remove unused method and types [#5148](https://github.com/kumahq/kuma/pull/5148) @lobkovilya +* chore(api): remove unused timestamp.proto import [#4906](https://github.com/kumahq/kuma/pull/4906) @michaelbeaumont +* chore(api): skip Compute when building inbound access logs [#5181](https://github.com/kumahq/kuma/pull/5181) @jakubdyszkiewicz +* chore(bootstrap): improve validator policy bootstrap [#5014](https://github.com/kumahq/kuma/pull/5014) @lahabana +* chore(deps): bump actions/setup-go from 2 to 3 [#5024](https://github.com/kumahq/kuma/pull/5024) @dependabot +* chore(deps): bump cirello.io/pglock from 1.9.0 to 1.10.0 [#5239](https://github.com/kumahq/kuma/pull/5239) @dependabot +* chore(deps): bump github.com/Masterminds/sprig to 3.2.2 [#5190](https://github.com/kumahq/kuma/pull/5190) @mmorel-35 +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.7 to 0.6.13 [#5023](https://github.com/kumahq/kuma/pull/5023) [#5067](https://github.com/kumahq/kuma/pull/5067) [#5131](https://github.com/kumahq/kuma/pull/5131) @dependabot +* chore(deps): bump github.com/google/go-cmp from 0.5.8 to 0.5.9 [#4996](https://github.com/kumahq/kuma/pull/4996) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.40.20 to 0.40.24 [#4969](https://github.com/kumahq/kuma/pull/4969) [#4993](https://github.com/kumahq/kuma/pull/4993) [#5162](https://github.com/kumahq/kuma/pull/5162) @dependabot +* chore(deps): bump github.com/kumahq/kuma-net from 0.8.1 to 0.8.2 [#5188](https://github.com/kumahq/kuma/pull/5188) @dependabot +* chore(deps): bump github.com/lib/pq from 1.10.6 to 1.10.7 [#4995](https://github.com/kumahq/kuma/pull/4995) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.4.0 [#4939](https://github.com/kumahq/kuma/pull/4939) [#4949](https://github.com/kumahq/kuma/pull/4949) [#5021](https://github.com/kumahq/kuma/pull/5021) [#5145](https://github.com/kumahq/kuma/pull/5145) [#5204](https://github.com/kumahq/kuma/pull/5204) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.20.0 to 1.23.0 [#4933](https://github.com/kumahq/kuma/pull/4933) [#4970](https://github.com/kumahq/kuma/pull/4970) [#5133](https://github.com/kumahq/kuma/pull/5133) [#5146](https://github.com/kumahq/kuma/pull/5146) [#5240](https://github.com/kumahq/kuma/pull/5240) @dependabot +* chore(deps): bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 [#5203](https://github.com/kumahq/kuma/pull/5203) @dependabot +* chore(deps): bump github.com/prometheus/prometheus from 0.37.0 to 0.39.1 [#4887](https://github.com/kumahq/kuma/pull/4887) [#5134](https://github.com/kumahq/kuma/pull/5134) @dependabot +* chore(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.1 [#5155](https://github.com/kumahq/kuma/pull/5155) [#5241](https://github.com/kumahq/kuma/pull/5241) @dependabot +* chore(deps): bump github.com/spf13/viper from 1.12.0 to 1.13.0 [#4994](https://github.com/kumahq/kuma/pull/4994) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.13.0 to 0.15.0 [#5020](https://github.com/kumahq/kuma/pull/5020) [#5205](https://github.com/kumahq/kuma/pull/5205) @dependabot +* chore(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 [#4930](https://github.com/kumahq/kuma/pull/4930) @dependabot +* chore(deps): bump golang.org/x/text from 0.3.7 to 0.4.0 [#5147](https://github.com/kumahq/kuma/pull/5147) [#5163](https://github.com/kumahq/kuma/pull/5163) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.48.0 to 1.50.1 [#4927](https://github.com/kumahq/kuma/pull/4927) [#5132](https://github.com/kumahq/kuma/pull/5132) [#5156](https://github.com/kumahq/kuma/pull/5156) @dependabot +* chore(deps): bump k8s.io dependencies from 0.24.3 to 0.25.3 [#4934](https://github.com/kumahq/kuma/pull/4934) [#5026](https://github.com/kumahq/kuma/pull/5026) [#5153](https://github.com/kumahq/kuma/pull/5153) @michaelbeaumont +* chore(deps): bump k8s.io/client-go from 0.25.1 to 0.25.2 [#5062](https://github.com/kumahq/kuma/pull/5062) @dependabot +* chore(deps): bump kumahq/kuma-gui to f3dba73d4c264b094b6b351a8b44f2d5a0dc4ecb [#4842](https://github.com/kumahq/kuma/pull/4842) [#4925](https://github.com/kumahq/kuma/pull/4925) [#5092](https://github.com/kumahq/kuma/pull/5092) [#5106](https://github.com/kumahq/kuma/pull/5106) [#5109](https://github.com/kumahq/kuma/pull/5109) [#5139](https://github.com/kumahq/kuma/pull/5139) [#5141](https://github.com/kumahq/kuma/pull/5141) [#5167](https://github.com/kumahq/kuma/pull/5167) [#5179](https://github.com/kumahq/kuma/pull/5179) [#5197](https://github.com/kumahq/kuma/pull/5197) [#5214](https://github.com/kumahq/kuma/pull/5214) [#5232](https://github.com/kumahq/kuma/pull/5232) [#5234](https://github.com/kumahq/kuma/pull/5234) [#5248](https://github.com/kumahq/kuma/pull/5248) [#5251](https://github.com/kumahq/kuma/pull/5251) @kleinfreund,@kumahq +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.12.3 to 0.13.0 [#4968](https://github.com/kumahq/kuma/pull/4968) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.9.2 to 0.10.0 [#5059](https://github.com/kumahq/kuma/pull/5059) @dependabot +* chore(deps): update kuma-grafana-datasource [#4856](https://github.com/kumahq/kuma/pull/4856) @bartsmykla +* chore(gateway): remove invalid options for MeshGatewayRoute [#4890](https://github.com/kumahq/kuma/pull/4890) @michaelbeaumont +* chore(gui): removes update/gui command [#4954](https://github.com/kumahq/kuma/pull/4954) @kleinfreund +* chore(helm): remove unused `critical-pod` annotation [#4952](https://github.com/kumahq/kuma/pull/4952) @michaelbeaumont +* chore(helm): switch merbridge image registry to upstream [#4838](https://github.com/kumahq/kuma/pull/4838) @bartsmykla +* chore(kuma-cp): adjust timeout in cp probes [#4983](https://github.com/kumahq/kuma/pull/4983) @jakubdyszkiewicz +* chore(kuma-cp): config cleanup [#4855](https://github.com/kumahq/kuma/pull/4855) @jakubdyszkiewicz +* chore(kuma-cp): improve logging in K8S controllers [#4982](https://github.com/kumahq/kuma/pull/4982) @jakubdyszkiewicz +* chore(kuma-cp): improve test xds client [#4976](https://github.com/kumahq/kuma/pull/4976) @jakubdyszkiewicz +* chore(kuma-cp): remove disabling metrics from kuma-cp.defaults [#4894](https://github.com/kumahq/kuma/pull/4894) @lahabana +* chore(kuma-cp): resource manager wrapper [#5057](https://github.com/kumahq/kuma/pull/5057) @jakubdyszkiewicz +* chore(kuma-init): use iptables-legacy in kuma-init [#5040](https://github.com/kumahq/kuma/pull/5040) @bartsmykla +* chore(pkg/gc): don't rely on core.Now var for time [#4918](https://github.com/kumahq/kuma/pull/4918) @lahabana +* chore(plugins): remove some unecessary interfaces and methods [#4997](https://github.com/kumahq/kuma/pull/4997) @lahabana +* chore(proto): remove protos for new policies [#5218](https://github.com/kumahq/kuma/pull/5218) @lobkovilya +* chore(test): added resource builder [#5123](https://github.com/kumahq/kuma/pull/5123) [#5195](https://github.com/kumahq/kuma/pull/5195) @jakubdyszkiewicz +* chore(test): added support for GRPC to test-server [#4904](https://github.com/kumahq/kuma/pull/4904) @lobkovilya +* chore(test): make unit test compatible with IPV6 host [#5198](https://github.com/kumahq/kuma/pull/5198) @jakubdyszkiewicz +* chore(xds): drop deprecated envoy.config.route.v3.HeaderMatcher.exact_match [#4953](https://github.com/kumahq/kuma/pull/4953) @michaelbeaumont +* docs(MADR): new tracing policy proposal [#4938](https://github.com/kumahq/kuma/pull/4938) @michaelbeaumont +* docs(MADR): update MADR 007 [#5129](https://github.com/kumahq/kuma/pull/5129) @lobkovilya +* docs(gateway): explain the semantics of a PREFIX match [#5013](https://github.com/kumahq/kuma/pull/5013) @michaelbeaumont +* docs(gateway): explain the semantics of a prefix rewrite to / [#5016](https://github.com/kumahq/kuma/pull/5016) @michaelbeaumont +* docs(proto): fixed default serviceAddress and upgrade docs [#5236](https://github.com/kumahq/kuma/pull/5236) @lukidzi +* docs(proto): rewrite dataplane proto docs [#5219](https://github.com/kumahq/kuma/pull/5219) @jakubdyszkiewicz +* feat(ebpf): CNI uses libbpf CO:RE [#5233](https://github.com/kumahq/kuma/pull/5233) @lukidzi +* feat(ebpf): refactor merbridge using libbpf with CO:RE [#5034](https://github.com/kumahq/kuma/pull/5034) @bartsmykla +* feat(ebpf): transparent proxy with eBPF in init containers [#4919](https://github.com/kumahq/kuma/pull/4919) [#5046](https://github.com/kumahq/kuma/pull/5046) [#5066](https://github.com/kumahq/kuma/pull/5066) [#5095](https://github.com/kumahq/kuma/pull/5095) @bartsmykla +* feat(gateway): add MeshGateway support to MeshAccessLog [#5101](https://github.com/kumahq/kuma/pull/5101) @michaelbeaumont +* feat(gateway): add `crossMesh` to `MeshGatewayConfig` [#5183](https://github.com/kumahq/kuma/pull/5183) @michaelbeaumont +* feat(gateway): add service-upstream annotation for delegated nginx [#4913](https://github.com/kumahq/kuma/pull/4913) @michaelbeaumont +* feat(gateway): install `kuma` `GatewayClass` if gateway API CRDs present [#5001](https://github.com/kumahq/kuma/pull/5001) @michaelbeaumont +* feat(gateway): match new policies to MeshGateways [#5110](https://github.com/kumahq/kuma/pull/5110) @michaelbeaumont +* feat(inspect): implement rule-based view for new policies [#5000](https://github.com/kumahq/kuma/pull/5000) [#5184](https://github.com/kumahq/kuma/pull/5184) [#5189](https://github.com/kumahq/kuma/pull/5189) [#5202](https://github.com/kumahq/kuma/pull/5202) @jakubdyszkiewicz,@lobkovilya +* feat(kuma-cp): add flag to disable taint controller [#4852](https://github.com/kumahq/kuma/pull/4852) @jakubdyszkiewicz +* feat(kuma-cp): add possibility to restrict TLS version and ciphers [#5186](https://github.com/kumahq/kuma/pull/5186) @lahabana +* feat(kuma-cp): add possibility to run MADS on TLS [#5210](https://github.com/kumahq/kuma/pull/5210) @lahabana +* feat(kuma-cp): add possibility to split datadog services based on traffic direction and destination [#5063](https://github.com/kumahq/kuma/pull/5063) @Automaat +* feat(kuma-cp): added validation for backend name [#5081](https://github.com/kumahq/kuma/pull/5081) @Automaat +* feat(kuma-cp): created default control plane user [#5064](https://github.com/kumahq/kuma/pull/5064) @jakubdyszkiewicz +* feat(kuma-cp): extensible token issuers [#5083](https://github.com/kumahq/kuma/pull/5083) @jakubdyszkiewicz +* feat(kuma-cp): move Mesh Cache to runtime [#5140](https://github.com/kumahq/kuma/pull/5140) @Automaat +* feat(kuma-cp): universal resources schema validation [#5107](https://github.com/kumahq/kuma/pull/5107) @slonka +* feat(kuma-cp): use zone token to auth zone ingress [#5103](https://github.com/kumahq/kuma/pull/5103) @jakubdyszkiewicz +* feat(kuma-dp): publish metrics with text_readouts from envoy [#5159](https://github.com/kumahq/kuma/pull/5159) @Automaat +* feat(kumactl): add option to install with experimental transparent proxy [#4958](https://github.com/kumahq/kuma/pull/4958) @michaelbeaumont +* feat(kumactl): use exclude ports for uids from kuma-net [#4975](https://github.com/kumahq/kuma/pull/4975) @slonka +* feat(policy): Add MeshAccessLog policy [#4908](https://github.com/kumahq/kuma/pull/4908) [#4998](https://github.com/kumahq/kuma/pull/4998) [#5035](https://github.com/kumahq/kuma/pull/5035) [#5168](https://github.com/kumahq/kuma/pull/5168) [#5177](https://github.com/kumahq/kuma/pull/5177) @michaelbeaumont,@slonka +* feat(policy): Add MeshTrace policy [#5069](https://github.com/kumahq/kuma/pull/5069) [#5085](https://github.com/kumahq/kuma/pull/5085) [#5243](https://github.com/kumahq/kuma/pull/5243) @michaelbeaumont,@slonka +* feat(policy): Add MeshTrafficPermission policy [#4835](https://github.com/kumahq/kuma/pull/4835) [#5009](https://github.com/kumahq/kuma/pull/5009) [#5075](https://github.com/kumahq/kuma/pull/5075) @lobkovilya +* feat(policy): add interfaces for policy plugins [#4909](https://github.com/kumahq/kuma/pull/4909) @lahabana +* feat(policy): reimplemented matching for new policies [#4780](https://github.com/kumahq/kuma/pull/4780) [#4950](https://github.com/kumahq/kuma/pull/4950) [#4957](https://github.com/kumahq/kuma/pull/4957) [#4977](https://github.com/kumahq/kuma/pull/4977) [#5068](https://github.com/kumahq/kuma/pull/5068) [#5084](https://github.com/kumahq/kuma/pull/5084) [#5166](https://github.com/kumahq/kuma/pull/5166) [#5172](https://github.com/kumahq/kuma/pull/5172) [#5174](https://github.com/kumahq/kuma/pull/5174) @lahabana,@lobkovilya +* feat(service-insights): add external service in api [#5119](https://github.com/kumahq/kuma/pull/5119) @lahabana +* fix(.github): links in PR template [#4905](https://github.com/kumahq/kuma/pull/4905) @michaelbeaumont +* fix(.github): use github app in pr-comment action [#5164](https://github.com/kumahq/kuma/pull/5164) @lahabana +* fix(api): nil dereference in MeshAccessLog configurer [#5258](https://github.com/kumahq/kuma/pull/5258) @lobkovilya +* fix(cni): add empty registry to experimental cni [#4847](https://github.com/kumahq/kuma/pull/4847) @slonka +* fix(cni): hook up log level to cni [#4849](https://github.com/kumahq/kuma/pull/4849) @slonka +* fix(cni): make cni logs available via kubectl logs [#4845](https://github.com/kumahq/kuma/pull/4845) @slonka +* fix(cni): retry loading images [#4860](https://github.com/kumahq/kuma/pull/4860) @slonka +* fix(docs): fixed location of developer tools in DEVELOPER.md docs [#4988](https://github.com/kumahq/kuma/pull/4988) @Automaat +* fix(gateway): add support for retryOn [#5091](https://github.com/kumahq/kuma/pull/5091) @lahabana +* fix(gateway): cross-mesh gateways with same service [#5247](https://github.com/kumahq/kuma/pull/5247) @michaelbeaumont +* fix(gateway): don't create invalid envoy config when routes and listeners don't match [#4837](https://github.com/kumahq/kuma/pull/4837) @michaelbeaumont +* fix(gateway): route URL prefix rewriting [#5006](https://github.com/kumahq/kuma/pull/5006) @michaelbeaumont +* fix(gateway): skip ExternalService if none match [#5207](https://github.com/kumahq/kuma/pull/5207) @michaelbeaumont +* fix(gateway): sort routes [#5007](https://github.com/kumahq/kuma/pull/5007) @michaelbeaumont +* fix(gatewayapi): don't NPE if the `GatewayClass` ref doesn't exist [#5187](https://github.com/kumahq/kuma/pull/5187) @michaelbeaumont +* fix(gatewayapi): reconcile Gateways and HTTPRoutes on ReferenceGrant changes [#4944](https://github.com/kumahq/kuma/pull/4944) @michaelbeaumont +* fix(gatewayapi): update gateway-api and fix failing RouteKind tests [#5175](https://github.com/kumahq/kuma/pull/5175) @michaelbeaumont +* fix(helm): customize location of kuma-init repository for ebpf cleanup [#5230](https://github.com/kumahq/kuma/pull/5230) @lukidzi +* fix(helm): use `podAnnotations` everywhere possible [#4991](https://github.com/kumahq/kuma/pull/4991) @lahabana +* fix(kuma-cp): collapsed grafana dashboards [#4839](https://github.com/kumahq/kuma/pull/4839) @jakubdyszkiewicz +* fix(kuma-cp): deep copy tags when gen. outbounds [#5070](https://github.com/kumahq/kuma/pull/5070) @bartsmykla +* fix(kuma-cp): disable statsForAllMethods in grpc stats [#5226](https://github.com/kumahq/kuma/pull/5226) @jakubdyszkiewicz +* fix(kuma-cp): do not override source address when TP is not enabled [#4951](https://github.com/kumahq/kuma/pull/4951) @lukidzi +* fix(kuma-cp): multiple external services pointing to same address [#5185](https://github.com/kumahq/kuma/pull/5185) @slonka +* fix(kuma-cp): override grafana plugin files by default [#5208](https://github.com/kumahq/kuma/pull/5208) @slonka +* fix(kuma-cp): reissue admin tls cert on dp address change [#5222](https://github.com/kumahq/kuma/pull/5222) @jakubdyszkiewicz +* fix(kuma-cp): remove Dataplane for Pod without IP [#4964](https://github.com/kumahq/kuma/pull/4964) @jakubdyszkiewicz +* fix(kuma-cp): return content type of inspect endpoints [#4965](https://github.com/kumahq/kuma/pull/4965) @jakubdyszkiewicz +* fix(kuma-dp): resilient TCP access log streamer [#4862](https://github.com/kumahq/kuma/pull/4862) @jakubdyszkiewicz +* fix(kumactl): get APIVersions from k8s server [#5182](https://github.com/kumahq/kuma/pull/5182) @michaelbeaumont +* fix(tools): add 'v' prefix to preview version format [#5004](https://github.com/kumahq/kuma/pull/5004) @michaelbeaumont +* fix(tools): support both GitHub app tokens and PATs [#4869](https://github.com/kumahq/kuma/pull/4869) @michaelbeaumont +* perf(kuma-cp): avoid rebuilding endpoint map [#4974](https://github.com/kumahq/kuma/pull/4974) @jakubdyszkiewicz +* refactor(kuma-dp): add xds authentication customization [#4990](https://github.com/kumahq/kuma/pull/4990) @michaelbeaumont + +## 1.8.1 +> Released on 2022/10/07 +* fix(tools): support both GitHub app tokens and PATs (backport #4869) by @mergify in https://github.com/kumahq/kuma/pull/4872 +* fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/4980 +* fix(*): do not override source address when TP is not enabled (backport #4951) by @mergify in https://github.com/kumahq/kuma/pull/4961 +* fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in https://github.com/kumahq/kuma/pull/5071 +* fix(gateway): add support for retryOn (backport #5091) by @mergify in https://github.com/kumahq/kuma/pull/5098 + +## 1.7.2 +> Released on 2022/10/06 +* fix(helm): always run Helm version update by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4604 +* chore(helm): update to 1.7.1 by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4603 +* Revert "fix(helm): always run Helm version update (#4604)" by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4609 +* fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in https://github.com/kumahq/kuma/pull/5072 +* fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/5096 + + +## 1.6.2 +> Released on 2022/10/06 +* fix(core): validate both old and new objects on Update (backport #4589) by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4593 +* fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in https://github.com/kumahq/kuma/pull/5090 +* fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/5097 + + +## 1.8.0 +> Released on 2022/08/22 + +### New features: + +CNI v2 with lots of improvements: + +* taint controller to prevent race condition [#4650](https://github.com/kumahq/kuma/pull/4650) @slonka +* all logs are easily accessible via `kubectl logs` command which greatly simplifies observability [#4845](https://github.com/kumahq/kuma/pull/4845) @slonka +* it uses new transparent engine implemented in kuma-net [#4481](https://github.com/kumahq/kuma/pull/4481) @slonka + +URL rewrite in Builtin Gateway: + +* support URL rewriting [#4638](https://github.com/kumahq/kuma/pull/4638) @michaelbeaumont + +Stats and Clusters in the GUI: + +* execute stats and clusters from the control plane [#4557](https://github.com/kumahq/kuma/pull/4557) [#333](https://github.com/kumahq/kuma-gui/pull/333) @jakubdyszkiewicz + +Extra `retryOn` options for Retry: + +* add extra http retryOn options [#4744](https://github.com/kumahq/kuma/pull/4744) @johnharris85 + +Better support for TCP logging: + +* resilient tcp TCP access log streamer [#4511](https://github.com/kumahq/kuma/pull/4511) @parkanzky [#4862](https://github.com/kumahq/kuma/pull/4862) @jakubdyszkiewicz + +Filtering Envoy metrics: + +* added option to define filter for Envoy metrics [#4503](https://github.com/kumahq/kuma/pull/4503) @lukidzi + +Projected service account token: + +* support for projected service account token [#4453](https://github.com/kumahq/kuma/pull/4453) @lukidzi + +### Fixes: + +#### Helm: + +* remove duplicate keys in resources [#4681](https://github.com/kumahq/kuma/pull/4681) @michaelbeaumont +* add containersecuritycontext to CNI daemonset [#4677](https://github.com/kumahq/kuma/pull/4677) @jakubdyszkiewicz +* fix extraConfigMap and cp labels [#4531](https://github.com/kumahq/kuma/pull/4531) @lahabana +* use image.global.registry for imageExperimental [#4641](https://github.com/kumahq/kuma/pull/4641) @jakubdyszkiewicz + +#### Gateway: + +* `ListenerReason` for unresolved certificate refs, enable ReferenceGrant conformance tests [#4806](https://github.com/kumahq/kuma/pull/4806) @michaelbeaumont +* check hostname intersection between HTTPRoute and Gateway listener [#4537](https://github.com/kumahq/kuma/pull/4537) @michaelbeaumont +* create MeshGatewayInstance in same Mesh as Gateway [#4794](https://github.com/kumahq/kuma/pull/4794) @michaelbeaumont +* don't create invalid envoy config when routes and listeners don't match (backport #4837) [#4841](https://github.com/kumahq/kuma/pull/4841) @mergify +* hostname intersections, use new RouteReasons [#4544](https://github.com/kumahq/kuma/pull/4544) @michaelbeaumont +* improve HTTPRoute statuses with unresolved BackendRefs [#4635](https://github.com/kumahq/kuma/pull/4635) @michaelbeaumont +* npe without any timeout [#4548](https://github.com/kumahq/kuma/pull/4548) @michaelbeaumont +* rbac permissions for ReferenceGrant [#4628](https://github.com/kumahq/kuma/pull/4628) @michaelbeaumont +* workaround label value max length with hash [#4545](https://github.com/kumahq/kuma/pull/4545) @michaelbeaumont + +#### Control Plane: + +* check if kuma annotation or label is set but ignore value [#4731](https://github.com/kumahq/kuma/pull/4731) @lukidzi +* delete an empty TimeoutConfigurer [#4554](https://github.com/kumahq/kuma/pull/4554) @lobkovilya +* do not modify external service tags [#4591](https://github.com/kumahq/kuma/pull/4591) @jakubdyszkiewicz +* don't deploy Pod/Service webhooks in global [#4673](https://github.com/kumahq/kuma/pull/4673) @michaelbeaumont +* don't fail generation if other mesh CAs are misconfigured [#4501](https://github.com/kumahq/kuma/pull/4501) @michaelbeaumont +* external service datasource validation [#4652](https://github.com/kumahq/kuma/pull/4652) @jakubdyszkiewicz +* fix builtdns annotations for kubernetes [#4660](https://github.com/kumahq/kuma/pull/4660) @lahabana +* generate cluster name hash based on tags not config [#4598](https://github.com/kumahq/kuma/pull/4598) @lukidzi +* grant delete Pods in kuma-system namespace to control plane [#4571](https://github.com/kumahq/kuma/pull/4571) @michaelbeaumont +* localhost exposed application shouldn't be reachable [#4750](https://github.com/kumahq/kuma/pull/4750) @lukidzi +* make options for policies simpler [#4722](https://github.com/kumahq/kuma/pull/4722) @lahabana +* protect sort from empty locality [#4820](https://github.com/kumahq/kuma/pull/4820) @jakubdyszkiewicz +* registering dp on reconnect [#4647](https://github.com/kumahq/kuma/pull/4647) @jakubdyszkiewicz +* support GC service account [#4483](https://github.com/kumahq/kuma/pull/4483) @lobkovilya +* validate both old and new objects on Update [#4589](https://github.com/kumahq/kuma/pull/4589) @michaelbeaumont +* validation error with user tokens [#4507](https://github.com/kumahq/kuma/pull/4507) @jakubdyszkiewicz + +#### Data Plane: + +* access log path on windows when cp is on linux [#4518](https://github.com/kumahq/kuma/pull/4518) @jakubdyszkiewicz +* fix multi OS build of accesslogs [#4767](https://github.com/kumahq/kuma/pull/4767) @lahabana +* have envoy version check always work [#4564](https://github.com/kumahq/kuma/pull/4564) @lahabana +* propagate context for metrics aggregate [#4640](https://github.com/kumahq/kuma/pull/4640) @lukidzi +* set prometheus content-type when returning metrics [#4706](https://github.com/kumahq/kuma/pull/4706) @lukidzi + +### Other: + +* add operations now create non-existent path elements [#4595](https://github.com/kumahq/kuma/pull/4595) @michaelbeaumont + +#### Docs: + +* new policy matching proposal [#4474](https://github.com/kumahq/kuma/pull/4474) @lobkovilya + +#### Other changes: + +##### Gateway: + +* mention mesh name in gateway instance status [#4678](https://github.com/kumahq/kuma/pull/4678) @lahabana +* add listener connection limits [#4755](https://github.com/kumahq/kuma/pull/4755) @michaelbeaumont +* add loadBalancerIP to MeshGatewayInstance [#4519](https://github.com/kumahq/kuma/pull/4519) @michaelbeaumont +* allow MeshGateway Dataplane Pods to bind privileged ports [#4535](https://github.com/kumahq/kuma/pull/4535) @michaelbeaumont +* configure overload_manager based on max memory [#4694](https://github.com/kumahq/kuma/pull/4694) @michaelbeaumont +* multi-zone cross-mesh MeshGateway [#4443](https://github.com/kumahq/kuma/pull/4443) @michaelbeaumont +* propagate x-kuma-tags from MeshGateways [#4476](https://github.com/kumahq/kuma/pull/4476) @michaelbeaumont +* send default static payload for empty gateway [#4617](https://github.com/kumahq/kuma/pull/4617) @tharun208 +* set `path_with_escaped_slashes_action` [#4719](https://github.com/kumahq/kuma/pull/4719) @michaelbeaumont +* set cluster HTTP2 stream and connection window size [#4779](https://github.com/kumahq/kuma/pull/4779) @michaelbeaumont +* set cluster per_connection_buffer_limit_bytes [#4696](https://github.com/kumahq/kuma/pull/4696) @michaelbeaumont +* set global_downstream_max_connections to 50000 [#4724](https://github.com/kumahq/kuma/pull/4724) @michaelbeaumont +* update to Gateway API v0.5.0, support v1beta1 resources [#4599](https://github.com/kumahq/kuma/pull/4599) @michaelbeaumont +* validate listeners for collapsibility [#4765](https://github.com/kumahq/kuma/pull/4765) @michaelbeaumont +* add MeshGateway dashboard [#4555](https://github.com/kumahq/kuma/pull/4555) @michaelbeaumont + +##### Control Plane: + +* config cleanup (backport #4855) [#4857](https://github.com/kumahq/kuma/pull/4857) @mergify +* don't set deprecated dns_resolver_config [#4702](https://github.com/kumahq/kuma/pull/4702) @michaelbeaumont +* don't set deprecated known_suffixes [#4701](https://github.com/kumahq/kuma/pull/4701) @michaelbeaumont +* remove deprecated Cluster.Http2ProtocolOptions [#4528](https://github.com/kumahq/kuma/pull/4528) @michaelbeaumont +* remove versions_ws [#4512](https://github.com/kumahq/kuma/pull/4512) @lahabana +* replace deprecated admin_access_log_path [#4552](https://github.com/kumahq/kuma/pull/4552) @lahabana +* add /policies endpoint to list all registered policies [#4708](https://github.com/kumahq/kuma/pull/4708) @lahabana +* authenticate DP every time [#4685](https://github.com/kumahq/kuma/pull/4685) @jakubdyszkiewicz +* enrich policies endpoint [#4791](https://github.com/kumahq/kuma/pull/4791) @jakubdyszkiewicz +* identify gateway service by deployment [#4703](https://github.com/kumahq/kuma/pull/4703) @parkanzky +* separate CA for Envoy Admin communication [#4676](https://github.com/kumahq/kuma/pull/4676) @jakubdyszkiewicz +* use remote address for Gateway [#4530](https://github.com/kumahq/kuma/pull/4530) @jakubdyszkiewicz +* add operations now create non-existent path elements [#4595](https://github.com/kumahq/kuma/pull/4595) @michaelbeaumont + +##### Data Plane: + +* remove envoy admin port flag [#4574](https://github.com/kumahq/kuma/pull/4574) @tharun208 +* detect memory limit only on linux [#4715](https://github.com/kumahq/kuma/pull/4715) @jakubdyszkiewicz + +##### kumactl: + +* add a limit to the prom TSDB size [#4651](https://github.com/kumahq/kuma/pull/4651) @lahabana +* remove old flags in install tp [#4760](https://github.com/kumahq/kuma/pull/4760) @lahabana +* add MeshGateway to `install demo` [#4679](https://github.com/kumahq/kuma/pull/4679) @michaelbeaumont +* add install control-plane --registry flag [#4533](https://github.com/kumahq/kuma/pull/4533) @michaelbeaumont + +##### Documentation: + +* create MADR for MeshTrafficPermission [#4666](https://github.com/kumahq/kuma/pull/4666) @lobkovilya +* new policy matching proposal [#4474](https://github.com/kumahq/kuma/pull/4474) @lobkovilya +* policy matching, replace 'conf' with 'default' [#4693](https://github.com/kumahq/kuma/pull/4693) @lobkovilya + +##### CNI: + +* add cni ebpf plugin [#4810](https://github.com/kumahq/kuma/pull/4810) @bartsmykla +* implement the cni plugin [#4481](https://github.com/kumahq/kuma/pull/4481) @slonka [#4618](https://github.com/kumahq/kuma/pull/4618) @slonka [#4613](https://github.com/kumahq/kuma/pull/4613) @slonka [#4850](https://github.com/kumahq/kuma/pull/4850) @mergify [#4642](https://github.com/kumahq/kuma/pull/4642) @slonka [#4788](https://github.com/kumahq/kuma/pull/4788) @slonka [#4858](https://github.com/kumahq/kuma/pull/4858) @mergify [#4826](https://github.com/kumahq/kuma/pull/4826) @slonka [#4695](https://github.com/kumahq/kuma/pull/4695) @slonka [#4846](https://github.com/kumahq/kuma/pull/4846) @mergify +* taint controller [#4852](https://github.com/kumahq/kuma/pull/4852) @jakubdyszkiewicz +* use our cni with calico [#4801](https://github.com/kumahq/kuma/pull/4801) @slonka + +### Dependency updates: + +* update demo to latest version [#4572](https://github.com/kumahq/kuma/pull/4572) @lahabana +* update Kuma GUI [#4815](https://github.com/kumahq/kuma/pull/4815) @kleinfreund [#4723](https://github.com/kumahq/kuma/pull/4723) @lahabana +* use github.com/emicklei/go-restful/v3 [#4665](https://github.com/kumahq/kuma/pull/4665) @mmorel-35 +* bump alpine from 3.16.0 to 3.16.2 in /tools/releases/dockerfiles [#4670](https://github.com/kumahq/kuma/pull/4670) [#4827](https://github.com/kumahq/kuma/pull/4827) @dependabot +* bump github.com/containerd/cgroups from 1.0.3 to 1.0.4 [#4717](https://github.com/kumahq/kuma/pull/4717) @dependabot +* bump github.com/containernetworking/cni from 0.8.1 to 1.1.2 [#4632](https://github.com/kumahq/kuma/pull/4632) [#4716](https://github.com/kumahq/kuma/pull/4716) @dependabot +* bump github.com/golang-jwt/jwt/v4 from 4.4.1 to 4.4.2 [#4499](https://github.com/kumahq/kuma/pull/4499) @dependabot +* bump github.com/golang-migrate/migrate/v4 from 4.15.0 to 4.15.2 [#4672](https://github.com/kumahq/kuma/pull/4672) @dependabot +* bump github.com/gruntwork-io/terratest from 0.40.15 to 0.40.20 [#4469](https://github.com/kumahq/kuma/pull/4469) [#4480](https://github.com/kumahq/kuma/pull/4480) @dependabot +* bump github.com/miekg/dns from 1.1.49 to 1.1.50 [#4492](https://github.com/kumahq/kuma/pull/4492) @dependabot +* bump github.com/onsi/gomega from 1.19.0 to 1.20.0 [#4671](https://github.com/kumahq/kuma/pull/4671) @dependabot +* bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 [#4783](https://github.com/kumahq/kuma/pull/4783) @dependabot +* bump github.com/prometheus/common from 0.34.0 to 0.37.0 [#4489](https://github.com/kumahq/kuma/pull/4489) [#4627](https://github.com/kumahq/kuma/pull/4627) @dependabot +* bump github.com/spf13/cobra from 1.4.0 to 1.5.0 [#4491](https://github.com/kumahq/kuma/pull/4491) @dependabot +* bump go.uber.org/zap from 1.21.0 to 1.22.0 [#4829](https://github.com/kumahq/kuma/pull/4829) @dependabot +* bump google.golang.org/grpc from 1.47.0 to 1.48.0 [#4631](https://github.com/kumahq/kuma/pull/4631) @dependabot +* bump google.golang.org/protobuf from 1.28.0 to 1.28.1 [#4718](https://github.com/kumahq/kuma/pull/4718) @dependabot +* bump k8s.io/apiextensions-apiserver from 0.24.0 to 0.24.3 [#4493](https://github.com/kumahq/kuma/pull/4493) [#4624](https://github.com/kumahq/kuma/pull/4624) @dependabot +* bump sigs.k8s.io/controller-runtime from 0.12.1 to 0.12.3 [#4498](https://github.com/kumahq/kuma/pull/4498) [#4581](https://github.com/kumahq/kuma/pull/4581) @dependabot +* bump sigs.k8s.io/controller-tools from 0.9.0 to 0.9.2 [#4549](https://github.com/kumahq/kuma/pull/4549) @dependabot + +## 1.7.1 +> Released on 2022/07/13 + +### Fixes + +#### Gateway + +* Nil pinter exception without any timeout (#4550) +* Use remote address for Gateway (#4538) + +#### kumactl + +* Update demo to latest version (#4587) + +#### Control plane + +* Grant delete Pods in kuma-system namespace to control plane (#4575) +* Don't fail generation if other mesh CAs are misconfigured (#4517) +* Don't override timeout values for ExternalServices (#4568) + +#### Data plane proxy + +* Access log path on windows when cp is on linux (#4518) + +#### Helm + +* Fix extraConfigMap and cp labels (#4541) + +#### General + +* Avoid `-` in version of the binaries (#4527) + +## 1.7.0 +> Released on 2022/06/13 + +### New features: + +Cross Mesh Communication: +* add cross-mesh `MeshGateway` listeners [#4274](https://github.com/kumahq/kuma/pull/4274)[#4405](https://github.com/kumahq/kuma/pull/4405) @michaelbeaumont + +ContainerPatch: +* allow custom configuration of Kubernetes' `kuma-init` and `kuma-sidecar` containers by introducing `ContainerPatch` CRD [#4280](https://github.com/kumahq/kuma/pull/4280) [#4362](https://github.com/kumahq/kuma/pull/4362) / [#4366](https://github.com/kumahq/kuma/pull/4366) [#4369](https://github.com/kumahq/kuma/pull/4369) / [#4370](https://github.com/kumahq/kuma/pull/4370) @parkanzky, @bartsmykla + +Observability: +* hijack application metrics to enable scraping metrics from mTLSed applications without prometheus in the mesh [#4286](https://github.com/kumahq/kuma/pull/4286) [#4388](https://github.com/kumahq/kuma/pull/4388)/[#4406](https://github.com/kumahq/kuma/pull/4406) @lukidzi +* unified installation of `metrics/logging/tracing` into one command `observability` [#4308](https://github.com/kumahq/kuma/pull/4308) [#4411](https://github.com/kumahq/kuma/pull/4411)/[#4418](https://github.com/kumahq/kuma/pull/4418) @lukidzi, @lahabana + +ARM64 support: +* added arm build and release pipeline [#4231](https://github.com/kumahq/kuma/pull/4231) @lukidzi +* release for arm64 now publish correct arch image [#4276](https://github.com/kumahq/kuma/pull/4276) @lukidzi +* upgrade kubectl to version with ARM support [#4180](https://github.com/kumahq/kuma/pull/4180) @lukidzi +* support ARM Linux/Darwin for dev/tools [#4199](https://github.com/kumahq/kuma/pull/4199) @lukidzi +* introduced map of arch for a specific build [#4321](https://github.com/kumahq/kuma/pull/4321) @lukidzi +* do not exclude arm64 files from docker [#4265](https://github.com/kumahq/kuma/pull/4265) @lukidzi + +Gateway: +* add `GatewayClass.Spec.ParametersRef` support [#4157](https://github.com/kumahq/kuma/pull/4157) @michaelbeaumont +* cp annotations from gateway to svc [#4327](https://github.com/kumahq/kuma/pull/4327) @johnharris85 +* only reconcile Gateway when GatewayClass is Ready [#4162](https://github.com/kumahq/kuma/pull/4162) @michaelbeaumont +* auto generate hostname for crossMesh listeners [#4421](https://github.com/kumahq/kuma/pull/4421)/[#4424](https://github.com/kumahq/kuma/pull/4424) @michaelbeaumont + +Helm: +* set host network var in helm/cp-deployment.yaml [#4209](https://github.com/kumahq/kuma/pull/4209) @SallyBlichWalkMe +* add resource management for jobs [#4254](https://github.com/kumahq/kuma/pull/4254) @gdasson +* option for automountSAT=false on cp [#4309](https://github.com/kumahq/kuma/pull/4309) @gdasson +* helm chart improvements [#4337](https://github.com/kumahq/kuma/pull/4337) @bartsmykla + +CP: +* experimental transparent proxy annotation [#4240](https://github.com/kumahq/kuma/pull/4240) @parkanzky +* graceful shutdown on Universal using HDS [#4246](https://github.com/kumahq/kuma/pull/4246) @jakubdyszkiewicz +* intercept signal for different platforms [#4283](https://github.com/kumahq/kuma/pull/4283) @jakubdyszkiewicz +* XDS config dump on Global CP [#4301](https://github.com/kumahq/kuma/pull/4301) @jakubdyszkiewicz +* validate DP compat on kuma backend [#4236](https://github.com/kumahq/kuma/pull/4236) @parkanzky + +DP: +* graceful shutdown of kuma-dp [#4229](https://github.com/kumahq/kuma/pull/4229) @jakubdyszkiewicz + +### Fixes: + +Gateway: +* use MeshGatewayInstance mesh annotation when matching [#4361](https://github.com/kumahq/kuma/pull/4361)/[#4371](https://github.com/kumahq/kuma/pull/4371) @michaelbeaumont + +Helm: +* remove replica from cp-deployment.yaml when autoscaling enabled [#4447](https://github.com/kumahq/kuma/pull/4447)/[#4454](https://github.com/kumahq/kuma/pull/4454) @gustoliv + +CP: +* fix '/config_dump' request if Global CP is on Kubernetes [#4363](https://github.com/kumahq/kuma/pull/4363)/[#4372](https://github.com/kumahq/kuma/pull/4372) @lobkovilya +* add the latest version to compatibility matrix [#4232](https://github.com/kumahq/kuma/pull/4232) @parkanzky + +DP: +* clarify error log message when kuma-dp is wrongly connecting to global-cp [#4269](https://github.com/kumahq/kuma/pull/4269) @slonka + +Kumactl: +* fix transparent proxy --skip-conntrack-zone-split flag value [#4334](https://github.com/kumahq/kuma/pull/4334) @bartsmykla + +### Other notable changes: + +Gateway: +* add /finalizers permission for OwnerReferencesPermissionEnforcement plugin [#4239](https://github.com/kumahq/kuma/pull/4239) @michaelbeaumont +* don't match on ALPN in gateway (#4198) [#4272](https://github.com/kumahq/kuma/pull/4272) @wjrbetts + +Helm: +* delete 'kubernetes.io/arch' node selector [#4335](https://github.com/kumahq/kuma/pull/4335) @lobkovilya + +CP: +* don't always recompute mesh contexts [#4267](https://github.com/kumahq/kuma/pull/4267) @michaelbeaumont +* don't run dataplane gc in global [#4184](https://github.com/kumahq/kuma/pull/4184) @lahabana +* graceful components [#4277](https://github.com/kumahq/kuma/pull/4277) @jakubdyszkiewicz +* memory store cannot delete a parent [#4194](https://github.com/kumahq/kuma/pull/4194) @jakubdyszkiewicz +* protocol check should be case-insensitive [#4248](https://github.com/kumahq/kuma/pull/4248) @lukidzi +* remove dns server from control plane [#4192](https://github.com/kumahq/kuma/pull/4192) @lahabana +* automatically detect dns lookup family for cp cluster [#4275](https://github.com/kumahq/kuma/pull/4275) @slonka + +ZoneIngress: +* graceful start of many ZoneIngresses [#4305](https://github.com/kumahq/kuma/pull/4305) @jakubdyszkiewicz + +ZoneEgress: +* resolve zone-ingress advertized address [#4219](https://github.com/kumahq/kuma/pull/4219) @lahabana +* do not change ip to ZoneEgress address [#4193](https://github.com/kumahq/kuma/pull/4193) @lukidzi + +Kumactl: +* remove flag '--experimental-meshgateway' [#4315](https://github.com/kumahq/kuma/pull/4315) @lobkovilya + +Timeout Policy: +* deprecate 'timeout.grpc' section [#4365](https://github.com/kumahq/kuma/pull/4365)/[#4449](https://github.com/kumahq/kuma/pull/4449) @lobkovilya + +Other: +* delete dns-server 5653 port from configuration and helm files [#4339](https://github.com/kumahq/kuma/pull/4339)/[#4345](https://github.com/kumahq/kuma/pull/4345) @lobkovilya +* support kube-linter tools to analyze Kubernetes YAML files [#4294](https://github.com/kumahq/kuma/pull/4294) @mangoGoForward + +### Dependency upgrades: + +* upgrade envoy to 1.22.1 [#4288](https://github.com/kumahq/kuma/pull/4288) [#4464](https://github.com/kumahq/kuma/pull/4464)/[#4465](https://github.com/kumahq/kuma/pull/4465) @lobkovilya +* upgrade kuma-cni to 0.0.10 [#4313](https://github.com/kumahq/kuma/pull/4313) @lobkovilya +* upgrade tproxy iptables to v0.2.2 [#4328](https://github.com/kumahq/kuma/pull/4328) @bartsmykla +* upgrade GUI to the latest version [#4316](https://github.com/kumahq/kuma/pull/4316) [#4338](https://github.com/kumahq/kuma/pull/4338) [#4389](https://github.com/kumahq/kuma/pull/4389)/[#4390](https://github.com/kumahq/kuma/pull/4390) @jakubdyszkiewicz, @lahabana, @bartsmykla +* upgrade protoc and regenerate files [#4169](https://github.com/kumahq/kuma/pull/4169) @lukidzi +* bump github.com/golang-migrate/migrate/v4 from 4.15.1 to 4.15.2 [#4234](https://github.com/kumahq/kuma/pull/4234) @dependabot +* bump github.com/gruntwork-io/terratest from 0.40.6 to 0.40.10 [#4178](https://github.com/kumahq/kuma/pull/4178) [#4260](https://github.com/kumahq/kuma/pull/4260) [#4322](https://github.com/kumahq/kuma/pull/4322) @dependabot +* bump github.com/lib/pq from 1.10.5 to 1.10.6 [#4299](https://github.com/kumahq/kuma/pull/4299) @dependabot +* bump github.com/miekg/dns from 1.1.48 to 1.1.49 [#4291](https://github.com/kumahq/kuma/pull/4291) @dependabot +* bump github.com/onsi/ginkgo/v2 from 2.1.3 to 2.1.4 [#4233](https://github.com/kumahq/kuma/pull/4233) @dependabot +* bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 [#4290](https://github.com/kumahq/kuma/pull/4290) @dependabot +* bump github.com/prometheus/common from 0.33.0 to 0.34.0 [#4235](https://github.com/kumahq/kuma/pull/4235) @dependabot +* bump github.com/spf13/viper from 1.10.0 to 1.11.0 [#4177](https://github.com/kumahq/kuma/pull/4177) @dependabot +* bump google.golang.org/grpc from 1.45.0 to 1.46.2 [#4213](https://github.com/kumahq/kuma/pull/4213) [#4289](https://github.com/kumahq/kuma/pull/4289) @dependabot +* bump k8s.io/apiextensions-apiserver from 0.23.5 to 0.24.0 [#4216](https://github.com/kumahq/kuma/pull/4216) @dependabot [#4302](https://github.com/kumahq/kuma/pull/4302)/[#4378](https://github.com/kumahq/kuma/pull/4378) +* bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.1 [#4302](https://github.com/kumahq/kuma/pull/4302)/[#4378](https://github.com/kumahq/kuma/pull/4378) @dependabot + +### Other: + +* automate policy generation [#4197](https://github.com/kumahq/kuma/pull/4197) @lobkovilya + +## 1.6.1 +> Released on 2022/06/10 + +### Fixes: + +CP: +* do not change ip to ZoneEgress address (backport #4193) [#4195](https://github.com/kumahq/kuma/pull/4195) +* memory store cannot delete a parent (backport #4194) [#4196](https://github.com/kumahq/kuma/pull/4196) + +### Dependency upgrades: + +* upgrade envoy to 1.21.3 [#4457](https://github.com/kumahq/kuma/pull/4457) @lobkovilya + +## 1.5.2 +> Released on 2022/06/10 + +### Dependency upgrades: + +* upgrade envoy to 1.21.3 [#4456](https://github.com/kumahq/kuma/pull/4456) @lobkovilya + +## 1.6.0 +> Released on 2022/04/11 + + +### New features: + +Gateway: +* release K8s GatewayAPI as preview [4072](https://github.com/kumahq/kuma/pull/4072) [4022](https://github.com/kumahq/kuma/pull/4022) [4045](https://github.com/kumahq/kuma/pull/4045) [4014](https://github.com/kumahq/kuma/pull/4014) [3956](https://github.com/kumahq/kuma/pull/3956) @jakubdyszkiewicz,@michaelbeaumont +* use MeshGatewayInstance name for generated objects [4097](https://github.com/kumahq/kuma/pull/4097) @michaelbeaumont + +Inspect api: +* add gateways to policy inspect [4125](https://github.com/kumahq/kuma/pull/4125) [4104](https://github.com/kumahq/kuma/pull/4104) [4092](https://github.com/kumahq/kuma/pull/4092) [4088](https://github.com/kumahq/kuma/pull/4088) [4077](https://github.com/kumahq/kuma/pull/4077) [4064](https://github.com/kumahq/kuma/pull/4064) [4065](https://github.com/kumahq/kuma/pull/4065) [3973](https://github.com/kumahq/kuma/pull/3973) [3966](https://github.com/kumahq/kuma/pull/3966) @michaelbeaumont + +ZoneEgress: +* Make zoneegress available in standalone mode [4100](https://github.com/kumahq/kuma/pull/4100) @lahabana +* added locality aware lb for external service [4048](https://github.com/kumahq/kuma/pull/4048) @lukidzi +* make zoneegress routing opt-in [4109](https://github.com/kumahq/kuma/pull/4109) [4013](https://github.com/kumahq/kuma/pull/4013) @lukidzi +* support RateLimit and FaultInjections [4000](https://github.com/kumahq/kuma/pull/4000) @lobkovilya + +Helm: +* Allow customization of image tags in Helm chart [4068](https://github.com/kumahq/kuma/pull/4068) @gdasson +* Expose kuma-cp's metric port so it can be scraped by self-deployed prometheus. [4047](https://github.com/kumahq/kuma/pull/4047) @jbehrends +* add resource limits option for control plane deployment [4049](https://github.com/kumahq/kuma/pull/4049) @gdasson +* fail if global.image.tag and appVersion incompatible [4085](https://github.com/kumahq/kuma/pull/4085) @michaelbeaumont +* set version to track appVersion [4083](https://github.com/kumahq/kuma/pull/4083) @michaelbeaumont +* expose kuma-cp gui through ingress [4101](https://github.com/kumahq/kuma/pull/4101) @lukidzi +* allow specifying security context [4153](https://github.com/kumahq/kuma/pull/4153) @gdasson @bartsmykla + +Other: +* feat(k8s): ability to set custom service account token volume [4036](https://github.com/kumahq/kuma/pull/4036) @johnharris85 +* feat(k8s): shutdown kuma-dp container for any owner kind [4079](https://github.com/kumahq/kuma/pull/4079) @lukidzi +* feat(k8s): support startupProbes [4090](https://github.com/kumahq/kuma/pull/4090) @lahabana +* feat(kuma-cp): add uptime, policies, gateway dps to reports [3933](https://github.com/kumahq/kuma/pull/3933) @parkanzky +* feat(kuma-cp): add metrics and timeouts to CA interface [4089](https://github.com/kumahq/kuma/pull/4089) @parkanzky +* feat(kumactl): add --values and --set to kumactl install control-plane [4086](https://github.com/kumahq/kuma/pull/4086) @lahabana +* feat(transparent-proxy): add experimental tproxy iptables generation [4114](https://github.com/kumahq/kuma/pull/4114) @bartsmykla + +### Dependency upgrades: + +* bump alpine from 3.15.0 to 3.15.2 in /tools/releases/dockerfiles [4060](https://github.com/kumahq/kuma/pull/4060) [4023](https://github.com/kumahq/kuma/pull/4023) @dependabot +* bump github.com/envoyproxy/protoc-gen-validate from 0.6.3 to 0.6.7 [3978](https://github.com/kumahq/kuma/pull/3978) [3976](https://github.com/kumahq/kuma/pull/3976) @dependabot +* bump github.com/go-logr/logr from 1.2.2 to 1.2.3 [4040](https://github.com/kumahq/kuma/pull/4040) @dependabot +* bump github.com/golang-jwt/jwt/v4 from 4.3.0 to 4.4.1 [4061](https://github.com/kumahq/kuma/pull/4061) [4025](https://github.com/kumahq/kuma/pull/4025) @dependabot +* bump github.com/k8s/* from 0.23.4 to 0.23.5 [4043](https://github.com/kumahq/kuma/pull/4043) @lahabana +* bump github.com/miekg/dns from 1.1.46 to 1.1.47 [3998](https://github.com/kumahq/kuma/pull/3998) @dependabot +* bump github.com/onsi/gomega from 1.18.1 to 1.19.0 [4062](https://github.com/kumahq/kuma/pull/4062) @dependabot +* bump github.com/spf13/cobra from 1.3.0 to 1.4.0 [3995](https://github.com/kumahq/kuma/pull/3995) @dependabot +* bump go.uber.org/multierr from 1.7.0 to 1.8.0 [3974](https://github.com/kumahq/kuma/pull/3974) @dependabot +* bump google.golang.org/grpc from 1.44.0 to 1.45.0 [3993](https://github.com/kumahq/kuma/pull/3993) @dependabot +* bump google.golang.org/protobuf from 1.27.1 to 1.28.0 [4046](https://github.com/kumahq/kuma/pull/4046) @dependabot +* bump helm.sh/helm/v3 from 3.8.0 to 3.8.1 [3994](https://github.com/kumahq/kuma/pull/3994) @dependabot +* bump sigs.k8s.io/gateway-api from 0.4.1 to 0.4.2 [3997](https://github.com/kumahq/kuma/pull/3997) @dependabot +* remove dependency on spire [4044](https://github.com/kumahq/kuma/pull/4044) @lahabana + +### Other notable changes: + +* chore(k8s): replace cni registry [4070](https://github.com/kumahq/kuma/pull/4070) @lobkovilya +* chore(k8s): use appProtocol from service by default [4015](https://github.com/kumahq/kuma/pull/4015) @jakubdyszkiewicz +* chore(kuma-dp): cleanup bootstrap version field [3670](https://github.com/kumahq/kuma/pull/3670) @tharun208 +* fix(gateway): fix status updating in MeshGatewayInstance reconciliation [4051](https://github.com/kumahq/kuma/pull/4051) @michaelbeaumont +* fix(gateway): gateway instance service reconciliation loops forever [4035](https://github.com/kumahq/kuma/pull/4035) @jakubdyszkiewicz +* fix(gateway): gateway reconciliation loops forever [4034](https://github.com/kumahq/kuma/pull/4034) @jakubdyszkiewicz +* fix(gateway): gateway tls listeners without hostnames [4093](https://github.com/kumahq/kuma/pull/4093) @jakubdyszkiewicz +* fix(gateway): ignore non TCP protocol for provided gateway [4067](https://github.com/kumahq/kuma/pull/4067) @lahabana +* fix(gateway): mesh gateway instance service target port [4071](https://github.com/kumahq/kuma/pull/4071) @jakubdyszkiewicz +* fix(gateway): skip creating MeshGateways without proper attachment [4011](https://github.com/kumahq/kuma/pull/4011) @jakubdyszkiewicz +* fix(helm): add prefix to `app` label in ingress/egress deployment [4123](https://github.com/kumahq/kuma/pull/4123) @lahabana +* fix(helm): fix other template prefix in ingress/egress [4124](https://github.com/kumahq/kuma/pull/4124) @lahabana +* fix(helm): remove wildcard rbac version [4148](https://github.com/kumahq/kuma/pull/4148) @johnharris85 +* fix(k8s): reconcile serviceMaps when using mesh namespace annotation [3815](https://github.com/kumahq/kuma/pull/3815) @lahabana +* fix(kuma-cp): avoid generating excessive envoy clusters [3984](https://github.com/kumahq/kuma/pull/3984) @lobkovilya +* fix(kuma-cp): default policy creation [4073](https://github.com/kumahq/kuma/pull/4073) @lobkovilya +* fix(kuma-cp): guard the nil version in metadata [3969](https://github.com/kumahq/kuma/pull/3969) @jakubdyszkiewicz +* fix(kuma-cp): provide better message when running with an in-memory database [3982](https://github.com/kumahq/kuma/pull/3982) @lukidzi +* fix(kuma-dp): better error message when the token is invalid [3961](https://github.com/kumahq/kuma/pull/3961) @lahabana +* fix(kumactl): add mesh flag to only commands that uses it [3788](https://github.com/kumahq/kuma/pull/3788) @tharun208 +* fix(kumactl): split yaml correctly in `kumactl apply` [4107](https://github.com/kumahq/kuma/pull/4107) @lahabana +* fix(proxytemplate): avoid validation error [3937](https://github.com/kumahq/kuma/pull/3937) @marcoferrer +* fix(proxytemplate): execute hooks before proxy template modifications [4055](https://github.com/kumahq/kuma/pull/4055) @jakubdyszkiewicz +* perf(k8s): move outbounds from Dataplane to Config [3986](https://github.com/kumahq/kuma/pull/3986) @jakubdyszkiewicz + + +## 1.5.1 +> Released on 2022/04/06 + +* chore(k8s): replace cni registry (backport #4070) [4076](https://github.com/kumahq/kuma/pull/4076) +* fix(kuma-cp): default policy creation (backport #4073) [4080](https://github.com/kumahq/kuma/pull/4080) +* fix(kuma-cp): guard the nil version in metadata (backport #3969) [3970](https://github.com/kumahq/kuma/pull/3970) + +## 1.5.0 +> Released on 2022/02/23 + +* feat(*): zone egress [#3809](https://github.com//kumahq/kuma/pull/3809) [#3757](https://github.com//kumahq/kuma/pull/3757) +* feat(kuma-cp) data plane proxy membership [#3619](https://github.com//kumahq/kuma/pull/3619) +* feat(kuma-cp): reachable services in transparent proxying [#3791](https://github.com//kumahq/kuma/pull/3791) +* feat(inspect-api): retrieve full XDS config [#3768](https://github.com//kumahq/kuma/pull/3768) +* feat(*): inspect api support [#3805](https://github.com//kumahq/kuma/pull/3805) [#3568](https://github.com//kumahq/kuma/pull/3568) [#3462](https://github.com//kumahq/kuma/pull/3462) +* feat(kuma-cp): add proxytemplate to matched policies for inspect poli… [#3786](https://github.com//kumahq/kuma/pull/3786) 👍contributed by @tharun208 +* feat(kuma-cp): enable traffic route for inspect endpoints [#3735](https://github.com//kumahq/kuma/pull/3735) 👍contributed by @tharun208 +* feat(*): move adminPort to DPP resource [#3739](https://github.com//kumahq/kuma/pull/3739) +* feat(helm): add imagePullSecrets support [#3755](https://github.com//kumahq/kuma/pull/3755) 👍contributed by @johnharris85 +* feat(*): enable Gateway with runtime flag [#3736](https://github.com//kumahq/kuma/pull/3736) +* feat(kumactl): add --api-timeout flag [#3723](https://github.com//kumahq/kuma/pull/3723) +* feat: allow for ca/identity secrets for every mesh [#3696](https://github.com//kumahq/kuma/pull/3696) +* feat(kuma-cp): allow extra cm in kuma cp chart [#3671](https://github.com//kumahq/kuma/pull/3671) 👍contributed by @wjrbetts +* feat(kuma-cp): add gui link in index api response [#3675](https://github.com//kumahq/kuma/pull/3675) 👍contributed by @tharun208 +* feat(*): allow ca.crt to be in separate k8s secret [#3638](https://github.com//kumahq/kuma/pull/3638) +* feat(kumactl): add type of logging and tracing backends with name in table output [#3636](https://github.com//kumahq/kuma/pull/3636) 👍contributed by @tharun208 +* feat(kuma-cp): enable client side gRPC keepalive [#3574](https://github.com//kumahq/kuma/pull/3574) +* feat(gui): new onboarding view [kumahq/kuma-gui#194](https://github.com/kumahq/kuma-gui/pull/194) +* feat(gui): link to documentation from policy view [kumahq/kuma-gui#289](https://github.com/kumahq/kuma-gui/pull/289) + +* fix(kuma-cp): do not update unchanged insights [#3819](https://github.com//kumahq/kuma/pull/3819) +* fix(*): do not annotate gateway services with ingress upstream [#3816](https://github.com//kumahq/kuma/pull/3816) +* fix(*): properly escape DB password when creating postgres connection string [#3804](https://github.com//kumahq/kuma/pull/3804) +* fix(kuma-cp): fix missing label sidecar injection [#3740](https://github.com//kumahq/kuma/pull/3740) +* fix(kuma-dp): fix conntrack collisions [#3459](https://github.com//kumahq/kuma/pull/3459) 👍contributed by @johnharris85 +* fix(conf): remove invalid health check fields from example [#3697](https://github.com//kumahq/kuma/pull/3697) 👍contributed by @tharun208 +* fix(kuma-dp): binary lookup function skips not available directories [#3667](https://github.com//kumahq/kuma/pull/3667) +* fix(k8s): make sure controllers start after leader election [#3666](https://github.com//kumahq/kuma/pull/3666) +* fix(build): fix gomega matchers for inspect resources command test [#3660](https://github.com//kumahq/kuma/pull/3660) [#3651](https://github.com//kumahq/kuma/pull/3651) 👍contributed by @tharun208 +* fix(kumactl): ignore any unregistered CRDs, not only from the root chart [#3643](https://github.com//kumahq/kuma/pull/3643) +* fix(kumactl): print meta before spec for Kuma resources [#3637](https://github.com//kumahq/kuma/pull/3637) +* fix(kuma-cp): add cp selector to global sync service [#3579](https://github.com//kumahq/kuma/pull/3579) +* fix(kuma-cp) do not override other dataplane with dp lifecycle [#3507](https://github.com//kumahq/kuma/pull/3507) +* fix(helm) Add support to customize nodeport [#1944](https://github.com//kumahq/kuma/pull/1944) 👍contributed by @bhiravabhatla + +* perf(kuma-cp): use mesh snapshot in proxy builder [#3700](https://github.com//kumahq/kuma/pull/3700) +* perf(kuma-cp): use mesh snapshot in gateway [#3710](https://github.com//kumahq/kuma/pull/3710) +* perf(kuma-cp): share mesh context [#3659](https://github.com//kumahq/kuma/pull/3659) + +* improvement(metadata): include name of annotation to parse error message [#3677](https://github.com//kumahq/kuma/pull/3677) 👍contributed by @ChinYing-Li +* refactor(insights): delete method GetLatestSubscription for insights [#3656](https://github.com//kumahq/kuma/pull/3656) 👍contributed by @tharun208 +* refactor(kuma-cp): unify mesh determination for k8s objects [#3708](https://github.com//kumahq/kuma/pull/3708) +* refactor(*): replace ensureDefaultXXX functions with a single generic function [#3662](https://github.com//kumahq/kuma/pull/3662) 👍contributed by @tharun208 +* chore(zone-ingress): delete deprecated env KUMA_DATAPLANE_ADMIN_PORT [#3766](https://github.com//kumahq/kuma/pull/3766) +* chore(k8s): remove GetBool method and use GetEnabled [#3698](https://github.com//kumahq/kuma/pull/3698) 👍contributed by @tharun208 +* chore(*): generate CRD types [#3453](https://github.com//kumahq/kuma/pull/3453) +* chore(dataplane)!: disallow using 0.0.0.0 in networking.address for dp [#3691](https://github.com//kumahq/kuma/pull/3691) +* chore(kuma-cp): consolidate mesh defaults creation [#3678](https://github.com//kumahq/kuma/pull/3678) +* chore(config): remove ability to disable insights [#3501](https://github.com//kumahq/kuma/pull/3501) +* chore(*): remove old Ingress [#3435](https://github.com//kumahq/kuma/pull/3435) +* chore(*): upgrade Envoy to v1.21.1 [#3909](https://github.com//kumahq/kuma/pull/3909) +* chore(grafana): update to latest grafana plugin version [#3812](https://github.com//kumahq/kuma/pull/3812) +* ci(*): release on every commit in master and release branches [#3712](https://github.com//kumahq/kuma/pull/3712) + +## 1.4.1 +> Released on 2021/12/15 + +* feat: add kubernetes tags automatically [#3439](https://github.com//kumahq/kuma/pull/3439) +* perf: update Mesh and ServiceInsights only when really needed [#3463](https://github.com//kumahq/kuma/pull/3463) +* perf: eliminate uneccessary JSON marshalling [#3483](https://github.com//kumahq/kuma/pull/3483) +* feat: sidecar injection webhook based on labels [#3417](https://github.com//kumahq/kuma/pull/3417) +* chore: upgrade gui to new version [#3454](https://github.com//kumahq/kuma/pull/3454) +* test: fix postgress tests permissions [#3443](https://github.com//kumahq/kuma/pull/3443) +* feat: add affinity to CP and Ingress pods [#3036](https://github.com//kumahq/kuma/pull/3036) + 👍contributed by @andrey-dubnik +* chore: bump github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.2.0 [#3432](https://github.com//kumahq/kuma/pull/3432) +* feat: consolidate tokens logic to support expiration, rotation, revocation and RSA256 [#3376](https://github.com/kumahq/kuma/pull/3376) +* fix: simplify cluster creation with endpoints [#3403](https://github.com//kumahq/kuma/pull/3403) +* fix: enable metrics hijacker for current version of Kuma [#3405](https://github.com//kumahq/kuma/pull/3405) +* fix: switch to mTLS when CP communicates with Envoy Admin [#3353](https://github.com//kumahq/kuma/pull/3353) +* chore: bump github.com/spiffe/spire from 0.12.3 to 1.1.1 [#3388](https://github.com//kumahq/kuma/pull/3388) +* chore: bump github.com/spf13/viper from 1.8.1 to 1.9.0 [#3389](https://github.com//kumahq/kuma/pull/3389) +* fix: validate cp url in dp conf [#3357](https://github.com//kumahq/kuma/pull/3357) +* chore: send reports to tls endpoint [#3361](https://github.com//kumahq/kuma/pull/3361) +* chore: check explicit service account name [#3228](https://github.com//kumahq/kuma/pull/3228) +* feat: inspect other dependencies versions [#3352](https://github.com//kumahq/kuma/pull/3352) +* chore: add area/gateway label [#3263](https://github.com//kumahq/kuma/pull/3263) +* chore: remove dp token from xds metadata [#3282](https://github.com//kumahq/kuma/pull/3282) +* refactor: move from io/ioutil to io and os packages [#3265](https://github.com//kumahq/kuma/pull/3265) + 👍contributed by @Juneezee +* fix: validate newly generated xDS snapshots [#3195](https://github.com//kumahq/kuma/pull/3195) +* chore: bump k8s.io/apiextensions-apiserver from 0.22.3 to 0.22.4 [#3218](https://github.com//kumahq/kuma/pull/3218) +* chore: bump helm chart version to 0.8 [#3202](https://github.com//kumahq/kuma/pull/3202) + +## 1.4.0 +> Released on 2021/11/19 + +* chore(*) scripts for build, publish and fetch Envoy binaries [#3110](https://github.com//kumahq/kuma/pull/3110) [#3182](https://github.com//kumahq/kuma/pull/3182) +* chore(kuma-cp) upgrade gui to new version [#3178](https://github.com//kumahq/kuma/pull/3178) [#3179](https://github.com//kumahq/kuma/pull/3179) +* chore(kuma-cp) Use go structs instead of gotemplate for bootstrap [#3156](https://github.com//kumahq/kuma/pull/3156) [#3173](https://github.com//kumahq/kuma/pull/3173) +* chore(deps): bump github.com/slok/go-http-metrics from 0.9.0 to 0.10.0 [#3170](https://github.com//kumahq/kuma/pull/3170) +* Disable reporting by default [#3070](https://github.com//kumahq/kuma/pull/3070) [#3159](https://github.com//kumahq/kuma/pull/3159) +* chore(kumactl) remove install CRDs filter function [#3139](https://github.com//kumahq/kuma/pull/3139) +* feat(kuma-dp) Add conf to disable service vip [#3143](https://github.com//kumahq/kuma/pull/3143) +* chore(kuma-cp) update some TODO comments [#3141](https://github.com//kumahq/kuma/pull/3141) +* feat(kuma-cp) Add kuma.io/ignore annotation [#3142](https://github.com//kumahq/kuma/pull/3142) +* fix(kuma-dp) match gateway cluster names in the hijacker [#3106](https://github.com//kumahq/kuma/pull/3106) +* feat: add ECDSA certificate generator support [#3093](https://github.com//kumahq/kuma/pull/3093) +* feat: add more global resources to GlobalInsights [#3094](https://github.com//kumahq/kuma/pull/3094) +* feat: allow creating secrets for the not yet existing mesh [#3076](https://github.com//kumahq/kuma/pull/3076) + 👍contributed by cloudwiz +* feat: don't add v6 in DNS when v6 is disabled [#3089](https://github.com//kumahq/kuma/pull/3089) +* fix: explicitly disable dns in env when disabled in injector [#3077](https://github.com//kumahq/kuma/pull/3077) +* feat: added support for https tracing endpoint [#3057](https://github.com//kumahq/kuma/pull/3057) + 👍contributed by sudeeptoroy +* fix: normalize generating TLS certificates [#3027](https://github.com//kumahq/kuma/pull/3027) +* fix: zero downtime when enabling permissive mTLS [#3019](https://github.com//kumahq/kuma/pull/3019) +* feat: add deprecation notice for kuma-prometheus-sd [#2994](https://github.com//kumahq/kuma/pull/2994) +* feat: add GlobalInsights api endpoint [#3018](https://github.com//kumahq/kuma/pull/3018) +* fix: duplicate TLS certificate usage [#3008](https://github.com//kumahq/kuma/pull/3008) +* chore: add command argument count parameters [#3010](https://github.com//kumahq/kuma/pull/3010) +* feat: aggregate dp stats by type in MeshInsight [#2999](https://github.com//kumahq/kuma/pull/2999) +* chore: delete CLI flag '--bootstrap-version' [#2965](https://github.com//kumahq/kuma/pull/2965) +* feat: show the effective Dataplane address [#2977](https://github.com//kumahq/kuma/pull/2977) +* feat: aggregate services in MeshInsight [#2974](https://github.com//kumahq/kuma/pull/2974) +* fix: allow only one healthcheck [#2972](https://github.com//kumahq/kuma/pull/2972) +* feat: give CA managers all backends at once [#2956](https://github.com//kumahq/kuma/pull/2956) +* chore: normalize timeout configurer API [#2934](https://github.com//kumahq/kuma/pull/2934) +* fix: locality-aware lb for external-services [#2903](https://github.com//kumahq/kuma/pull/2903) +* feat: add install control-plane --version flag for all components [#2904](https://github.com//kumahq/kuma/pull/2904) +* feat: add zone selector to Kuma Mesh dashboard [#2860](https://github.com//kumahq/kuma/pull/2860) +* fix: possible to delete resources on Zone CP [#2665](https://github.com//kumahq/kuma/pull/2665) +* fix: make cluster names contextually unique [#3098](https://github.com//kumahq/kuma/pull/3098) +* feat: automatically enable gzip content on gateways [#3104](https://github.com//kumahq/kuma/pull/3104) +* feat: add Gateway TLS termination support [#3044](https://github.com//kumahq/kuma/pull/3044) +* feat: add gateway support for external services [#2990](https://github.com//kumahq/kuma/pull/2990) +* fix: enable secrets support for Gateway resources [#2953](https://github.com//kumahq/kuma/pull/2953) +* feat: initial connection policy support for Gateway [#2933](https://github.com//kumahq/kuma/pull/2933) +* feat: add access to generate zone ingress token [#3075](https://github.com//kumahq/kuma/pull/3075) +* feat: user token with RSA256 [#2992](https://github.com//kumahq/kuma/pull/2992) +* feat: prefix system users and groups with mesh-system [#3013](https://github.com//kumahq/kuma/pull/3013) +* feat: localhost is not an admin on kubernetes [#3003](https://github.com//kumahq/kuma/pull/3003) +* feat: user token enabled by default [#2941](https://github.com//kumahq/kuma/pull/2941) +* feat: Admin User Token bootstrap [#2923](https://github.com//kumahq/kuma/pull/2923) +* chore: refactor access control for individual access [#2983](https://github.com//kumahq/kuma/pull/2983) +* feat: support plugin based authentication including user tokens [#2895](https://github.com//kumahq/kuma/pull/2895) +* feat: User Token for API Server authentication [#2892](https://github.com//kumahq/kuma/pull/2892) +* chore: refactor authz and authn to plugins [#2837](https://github.com//kumahq/kuma/pull/2837) +* chore(kuma-cp) upgrade gui to new version [#3148](https://github.com//kumahq/kuma/pull/3148) +* chore(*) upgrade to Go 1.17.3 [#3147](https://github.com//kumahq/kuma/pull/3147) +* chore(deps): bump github.com/operator-framework/operator-lib [#3158](https://github.com//kumahq/kuma/pull/3158) +* chore(deps): bump github.com/gruntwork-io/terratest [#3130](https://github.com//kumahq/kuma/pull/3130) +* chore: update helm and controller-runtime [#2764](https://github.com//kumahq/kuma/pull/2764) +* chore: bump github.com/lib/pq from 1.10.3 to 1.10.4 [#3131](https://github.com//kumahq/kuma/pull/3131) +* chore: bump google.golang.org/grpc from 1.41.0 to 1.42.0 [#3101](https://github.com//kumahq/kuma/pull/3101) +* chore: bump github.com/prometheus/common from 0.31.1 to 0.32.1 [#3006](https://github.com//kumahq/kuma/pull/3006) +* chore: bump github.com/envoyproxy/protoc-gen-validate [#3007](https://github.com//kumahq/kuma/pull/3007) +* chore: bump github.com/google/uuid from 1.2.0 to 1.3.0 [#2839](https://github.com//kumahq/kuma/pull/2839) +* chore: bump sigs.k8s.io/controller-runtime from 0.10.2 to 0.10.3 [#3132](https://github.com//kumahq/kuma/pull/3132) +* chore: bump k8s.io/client-go from 0.22.2 to 0.22.3 [#3061](https://github.com//kumahq/kuma/pull/3061) +* chore: bump k8s.io/apiextensions-apiserver from 0.22.2 to 0.22.3 [#3059](https://github.com//kumahq/kuma/pull/3059) +* chore: bump k8s.io/api from 0.22.2 to 0.22.3 [#3058](https://github.com//kumahq/kuma/pull/3058) +* chore: bump github.com/golang-migrate/migrate/v4 [#2970](https://github.com//kumahq/kuma/pull/2970) +* chore: bump helm.sh/helm/v3 from 3.6.1 to 3.7.1 [#2968](https://github.com//kumahq/kuma/pull/2968) +* chore: bump github.com/miekg/dns from 1.0.14 to 1.1.43 in /pkg/transparentproxy/istio [#2752](https://github.com//kumahq/kuma/pull/2752) + +## 1.3.1 +> Released on 2021/10/06 + +* fix: disable zone [#2884](https://github.com//kumahq/kuma/pull/2884) +* fix: limit number of postgres connection by default [#2866](https://github.com//kumahq/kuma/pull/2866) +* feat: add zone selector to Kuma Service to Service dashboard [#2876](https://github.com//kumahq/kuma/pull/2876) +* feat: add zone selector to Kuma Service dashboard [#2865](https://github.com//kumahq/kuma/pull/2865) +* feat: add zone selector to Kuma Dataplane dashboard [#2864](https://github.com//kumahq/kuma/pull/2864) +* fix: fix duplicates in dataplane list in Kuma Services dashboard [#2845](https://github.com//kumahq/kuma/pull/2845) +* chore: migrate install resources from rbac API v1beta1 to v1 [#2875](https://github.com//kumahq/kuma/pull/2875) +* fix: fault injection matching [#2757](https://github.com//kumahq/kuma/pull/2757) +* fix: delete kuma.io/region and kuma.io/sub-zone [#2824](https://github.com//kumahq/kuma/pull/2824) +* feat: print control plane version with version cmd [#2834](https://github.com//kumahq/kuma/pull/2834) +* fix: Only warn about version compatibility where it makes sense [#2828](https://github.com//kumahq/kuma/pull/2828) +* perf: remove insight update rate limit burst [#2825](https://github.com//kumahq/kuma/pull/2825) +* perf: apply ratelimit to service insights [#2815](https://github.com//kumahq/kuma/pull/2815) +* feat: adds support for specifying specific IP for cloud provider load balancers for ingress service [#2779](https://github.com//kumahq/kuma/pull/2779) + 👍contributed by @jamesdbloom +* fix: send tool output to stdout [#2787](https://github.com//kumahq/kuma/pull/2787) +* fix: switch to a Kuma fork of go-control-plane [#2771](https://github.com//kumahq/kuma/pull/2771) +* chore: parametrize label on the deployment [#2765](https://github.com//kumahq/kuma/pull/2765) +* perf: set Node only on first DiscoveryRequest [#2741](https://github.com//kumahq/kuma/pull/2741) +* feat: verify ServiceAccountToken bound to a Pod [#2745](https://github.com//kumahq/kuma/pull/2745) +* feat: internal dns should resolve AAAA records [#2760](https://github.com//kumahq/kuma/pull/2760) +* fix: Add FORMERR and NOTIMP in alternate default coredns conf [#2756](https://github.com//kumahq/kuma/pull/2756) +* fix: virtual probes with query [#2706](https://github.com//kumahq/kuma/pull/2706) +* fix: Avoid calling `Send()` from different goroutines [#2573](https://github.com//kumahq/kuma/pull/2573) +* feat: automatically set proxy concurrency [#2691](https://github.com//kumahq/kuma/pull/2691) +* feat: Improve builtin grafana setup to have traces and logs linked [#2716](https://github.com//kumahq/kuma/pull/2716) +* fix: Show gateway services in service-insights [#2711](https://github.com//kumahq/kuma/pull/2711) +* fix: Correct bad merging of duration [#2700](https://github.com//kumahq/kuma/pull/2700) +* fix: Ensure outbounds are set when migrating from old to new [#2698](https://github.com//kumahq/kuma/pull/2698) +* fix: get rid of regex for parsing IPs [#2681](https://github.com//kumahq/kuma/pull/2681) +* feat: add CP config to ZoneInsights [#2661](https://github.com//kumahq/kuma/pull/2661) +* feat: generate GatewayRoute clusters [#2819](https://github.com//kumahq/kuma/pull/2819) +* feat: add GatewayRoute route generation [#2782](https://github.com//kumahq/kuma/pull/2782) +* feat: match gateway routes [#2758](https://github.com//kumahq/kuma/pull/2758) +* feat: initial gateway TrafficRoute support [#2547](https://github.com//kumahq/kuma/pull/2547) +* feat: add a GatewayRoute resource [#2591](https://github.com//kumahq/kuma/pull/2591) +* chore: update base image for kuma-dp [#2881](https://github.com//kumahq/kuma/pull/2881) +* chore: change Go JWT version to fix security vunerability [#2844](https://github.com//kumahq/kuma/pull/2844) +* chore: bump go.uber.org/zap from 1.17.0 to 1.19.1 [#2768](https://github.com//kumahq/kuma/pull/2768) +* chore: bump google.golang.org/grpc from 1.38.0 to 1.40.0 [#2737](https://github.com//kumahq/kuma/pull/2737) +* chore: bump github.com/miekg/dns from 1.1.42 to 1.1.43 [#2769](https://github.com//kumahq/kuma/pull/2769) +* chore: upgrade github.com/spf13/cobra [#2732](https://github.com//kumahq/kuma/pull/2732) +* chore: bump alpine in /tools/releases/dockerfiles [#2705](https://github.com//kumahq/kuma/pull/2705) +* chore: bump github.com/onsi/gomega from 1.13.0 to 1.16.0 [#2657](https://github.com//kumahq/kuma/pull/2657) +* chore: update envoy to 1.18.4 [#2667](https://github.com//kumahq/kuma/pull/2667) + + +## 1.3.0 +> Released on 2021/08/24 + +* feat: remove provided ca cert validation [#2663](https://github.com/kumahq/kuma/pull/2663) + 👍contributed by Nikita Pande (@nikita15p) +* feat: Use kuma-sd in kumactl install metrics [#2654](https://github.com/kumahq/kuma/pull/2654) +* feat: Add new datasource to kumactl install metrics [#2640](https://github.com/kumahq/kuma/pull/2640) +* fix: remove extra endline in traffic log default template [#2514](https://github.com//kumahq/kuma/pull/2514) +* fix: TLSInspector is causing tcp healthcheck failures [#2639](https://github.com//kumahq/kuma/pull/2639) +* feat: Add rate-limit to outbound interfaces [#2435](https://github.com//kumahq/kuma/pull/2435) +* fix: print a newline with transparent proxy setup message [#2634](https://github.com//kumahq/kuma/pull/2634) +* chore: bump alpine in /tools/releases/dockerfiles [#2531](https://github.com//kumahq/kuma/pull/2531) +* chore: annotate required fields in proto files [#2556](https://github.com//kumahq/kuma/pull/2556) +* chore: remove MADS v1alpha1 [#2632](https://github.com//kumahq/kuma/pull/2632) +* chore: parametrize kuma tracing in ZipkinCollectorURL [#2635](https://github.com//kumahq/kuma/pull/2635) +* chore: Add the number of services to usage stats [#2628](https://github.com//kumahq/kuma/pull/2628) +* feat: Add the permissive mTLS mode [#2579](https://github.com//kumahq/kuma/pull/2579) +* chore: open CAProvider and MeshValidator for extensions [#2618](https://github.com//kumahq/kuma/pull/2618) +* feat: Add entity for virtual-outbound [#2576](https://github.com//kumahq/kuma/pull/2576) +* fix: Don't set zap.Development() in debug log [#2608](https://github.com//kumahq/kuma/pull/2608) +* chore(kuma-cp) upgrade gui to new version [#2611](https://github.com//kumahq/kuma/pull/2611), [#2452](https://github.com//kumahq/kuma/pull/2452), [#2554](https://github.com//kumahq/kuma/pull/2554), [#2528](https://github.com//kumahq/kuma/pull/2528), [#2497](https://github.com//kumahq/kuma/pull/2497), [#2490](https://github.com//kumahq/kuma/pull/2490), [#2481](https://github.com//kumahq/kuma/pull/2481) +* feat: Build kuma on Windows [#2597](https://github.com//kumahq/kuma/pull/2597), [#2606](https://github.com//kumahq/kuma/pull/2606), [#2559](https://github.com//kumahq/kuma/pull/2559) +* feat: Add CA backend stats in Dataplane and Mesh Insights [#2562](https://github.com//kumahq/kuma/pull/2562) +* fix: missing key for kv in reports logging [#2598](https://github.com//kumahq/kuma/pull/2598) +* chore: split listener configurers across source files [#2592](https://github.com//kumahq/kuma/pull/2592) +* feat: add simple HTTP connection configurers [#2593](https://github.com//kumahq/kuma/pull/2593) +* feat: add virtual host domain name configurer [#2590](https://github.com//kumahq/kuma/pull/2590) +* feat: return instance and cluster IDs in kuma-cp API statuses [#2589](https://github.com//kumahq/kuma/pull/2589) +* tests: allow kuma-specific const to be overridden [#2582](https://github.com//kumahq/kuma/pull/2582) +* feat: Intermediate CA support [#2575](https://github.com//kumahq/kuma/pull/2575) +* fix: Avoid nil dereferencing in dp validator [#2578](https://github.com//kumahq/kuma/pull/2578) +* chore: consistently use utils package for protobuf wrappers [#2570](https://github.com//kumahq/kuma/pull/2570) +* fix: subscription finalizer, rev 2 [#2526](https://github.com//kumahq/kuma/pull/2526) +* tests: fix flaky test for locality aware loadbalancing [#2564](https://github.com//kumahq/kuma/pull/2564) +* fix: DP tracking lock consistency fix [#2567](https://github.com//kumahq/kuma/pull/2567) +* chore: Certificates over ADS [#2558](https://github.com//kumahq/kuma/pull/2558) +* chore: migrate DiscoveryRequest/Response in KDS to V3 [#2541](https://github.com//kumahq/kuma/pull/2541) +* feat: Rewrite dns persistence to allow virtual-outbound to be added [#2484](https://github.com//kumahq/kuma/pull/2484) +* fix: deleted default policy is created on Kuma CP restart [#2507](https://github.com//kumahq/kuma/pull/2507) +* chore: Move kumactl logging arguments to where they can be parameterized [#2544](https://github.com//kumahq/kuma/pull/2544) +* chore: add route and virtual host configuration helpers [#2517](https://github.com//kumahq/kuma/pull/2517) +* chore: fix kumactl generate dataplane proxy-type flag deprecation message [#2522](https://github.com//kumahq/kuma/pull/2522) + 👍contributed by Tharun Rajendran +* chore: Simplify resource-gen.go by generating `ResourceDescriptor` [#2511](https://github.com//kumahq/kuma/pull/2511) +* chore: Replace netcat with test server [#2510](https://github.com//kumahq/kuma/pull/2510) +* feat: configure SNI on ExternalService [#2467](https://github.com//kumahq/kuma/pull/2467) +* chore: add importas to golangci-lint [#2516](https://github.com//kumahq/kuma/pull/2516) + 👍contributed by Tharun Rajendran +* chore: add to resource-gen.go generation of kds options [#2487](https://github.com//kumahq/kuma/pull/2487) +* chore: add to resource-gen.go generation of kumactl options [#2469](https://github.com//kumahq/kuma/pull/2469) +* fix: add owner when create ZoneIngressInsight [#2456](https://github.com//kumahq/kuma/pull/2456) +* fix: hijacker merge labels [#2476](https://github.com//kumahq/kuma/pull/2476) +* chore: improve resource-gen by auto generating ws code [#2466](https://github.com//kumahq/kuma/pull/2466) +* fix: clarify invalid resource type message [#2473](https://github.com//kumahq/kuma/pull/2473) +* fix: implement TextMarshaler for JSON keys [#2475](https://github.com//kumahq/kuma/pull/2475) +* chore: simplify resourceWsDefinition and server init [#2477](https://github.com//kumahq/kuma/pull/2477) +* fix: Stop adding outbounds to dp for vips [#2421](https://github.com//kumahq/kuma/pull/2421) +* chore(*) make port validation consistent [#2448](https://github.com//kumahq/kuma/pull/2448) + +## 1.2.3 +> Released on 2021/07/29 + +* fix(kumactl) warn about fail to check the CP version [#2438](https://github.com//kumahq/kuma/pull/2438) +* fix(kuma-cp) handle missing connection info [#2439](https://github.com//kumahq/kuma/pull/2439) +* chore(xds) rename logger to have consistent naming style [#2375](https://github.com//kumahq/kuma/pull/2375) + 👍contributed by burntcarrot +* fix(kuma-cp) set better keep-alive for bootstrap [#2432](https://github.com//kumahq/kuma/pull/2432) +* fix(kuma-dp) validate the DP proxy type [#2186](https://github.com//kumahq/kuma/pull/2186) +* fix(kuma-cp) use the typed config for TLS Inspector [#2373](https://github.com//kumahq/kuma/pull/2373) + +## 1.2.2 +> Released on 2021/07/16 + +* feat: add datadog traffic tracing [#2269](https://github.com//kumahq/kuma/pull/2247) +* refactor: add kumactl install tracing context [#2343](https://github.com//kumahq/kuma/pull/2343) +* chore: improve kumactl install transparent-proxy flags description, add extra validation [#2352](https://github.com//kumahq/kuma/pull/2352) +* fix: broken SDS auth and XDS generation on rapid DP restarts [#2342](https://github.com//kumahq/kuma/pull/2342) +* fix: allow verbose log levels [#2351](https://github.com//kumahq/kuma/pull/2351) +* chore: use resource types for DataplaneInsight tracking [#2324](https://github.com//kumahq/kuma/pull/2324) +* chore: improve resource manager initialization readability [#2316](https://github.com//kumahq/kuma/pull/2316) +* chore: upgrade gui to new version [#2340](https://github.com//kumahq/kuma/pull/2340), [#2325](https://github.com//kumahq/kuma/pull/2325), [#2315](https://github.com//kumahq/kuma/pull/2315) +* fix: allocate a new VIP for ExternalService host [#2302](https://github.com//kumahq/kuma/pull/2302) +* fix: stop components on leader election lost [#2318](https://github.com//kumahq/kuma/pull/2318) +* chore: generate system resource wrappers [#2282](https://github.com//kumahq/kuma/pull/2282), [#2311](https://github.com//kumahq/kuma/pull/2311) +* chore: remove access log V2 [#2301](https://github.com//kumahq/kuma/pull/2301) +* chore: generate DeepCopy interfaces [#2222](https://github.com//kumahq/kuma/pull/2222) +* chore: disable log sampling [#2273](https://github.com//kumahq/kuma/pull/2273) +* chore: upgrade Protocol Buffers [#2244](https://github.com//kumahq/kuma/pull/2244) +* chore: change default number of insights subscriptions [#2266](https://github.com//kumahq/kuma/pull/2266) +* chore: make the authentication interface type oblivious [#2271](https://github.com//kumahq/kuma/pull/2271) +* fix: fix hds disabled on dpserver [#2268](https://github.com//kumahq/kuma/pull/2268) + 👍contributed by Bastien Chatelard +* chore: refactor xDS metadata to store a generic resource [#2264](https://github.com//kumahq/kuma/pull/2264) +* feat: change KDS max message limit [#2265](https://github.com//kumahq/kuma/pull/2265) + +## 1.2.1 +> Released on 2021/06/30 + +* fix: Dataplane/ZoneIngress/Zone status problem when control plane forcefully exits [#2246](https://github.com//kumahq/kuma/pull/2246) +* chore: reduce memory usage by reducing cache key size [#2214](https://github.com//kumahq/kuma/pull/2214) [#2230](https://github.com//kumahq/kuma/pull/2230) + 👍contributed by nhamlh +* fix: ZoneIngress always shows up as 'offline' [#2209](https://github.com//kumahq/kuma/pull/2209) +* feat: dataplane use advertise address to add a routable ip if address is not public ip [#2116](https://github.com//kumahq/kuma/pull/2116) + 👍contributed by sudeeptoroy +* fix: builtin DNS resolve alias with dots [#2208](https://github.com//kumahq/kuma/pull/2208) +* feat: add SNI to TLSed ExternalServices [#2211](https://github.com//kumahq/kuma/pull/2211) +* fix: fix race condition in cache [#2202](https://github.com//kumahq/kuma/pull/2202) + 👍contributed by nhamlh +* fix: supported versions of Kuma DP in the GUI [#2193](https://github.com//kumahq/kuma/pull/2193) + +## 1.2.0 +> Released on 2021/06/17 + +* feat: Introduce ZoneIngress [#2147](https://github.com//kumahq/kuma/pull/2147) [#2169](https://github.com//kumahq/kuma/pull/2169) +* feat: enable dataplane dns by default [#2152](https://github.com//kumahq/kuma/pull/2152) +* feat: add --verbose flag to kuma-init [#2156](https://github.com//kumahq/kuma/pull/2156) +* feat: log rotation [#2100](https://github.com//kumahq/kuma/pull/2100) + 👍contributed by @nikita15p +* feat: mads, allow specifying fetch-timeout via query param [#2148](https://github.com//kumahq/kuma/pull/2148) + 👍contributed by @austince +* feat: mads, add support for HTTP long polling [#2121](https://github.com//kumahq/kuma/pull/2121) + 👍contributed by @austince +* feat(mads) implement v1 API [#1753](https://github.com//kumahq/kuma/pull/1753) + 👍contributed by @austince +* feat: add RateLimit policy [#2083](https://github.com//kumahq/kuma/pull/2083) +* feat: TrafficRoute L7 [#2013](https://github.com//kumahq/kuma/pull/2013) + [#2042](https://github.com//kumahq/kuma/pull/2042) [#2062](https://github.com//kumahq/kuma/pull/2062) + [#2072](https://github.com//kumahq/kuma/pull/2072) [#2168](https://github.com//kumahq/kuma/pull/2168) + +* feat: allow renegotiation for TLS in ExternalServices [#2135](https://github.com//kumahq/kuma/pull/2135) +* feat: pass header when communicating with CP [#2049](https://github.com//kumahq/kuma/pull/2049) + 👍contributed by sudeeptoroy +* feat: change default traffic route policy [#2075](https://github.com//kumahq/kuma/pull/2075) +* feat: command to install kong enterprise ingress [#1999](https://github.com//kumahq/kuma/pull/1999) +* feat: add postgres max idle connections configuration [#2020](https://github.com//kumahq/kuma/pull/2020) + 👍contributed by @nikita15p +* feat: add kumactl --no-config flag [#2048](https://github.com//kumahq/kuma/pull/2048) +* feat: nodeselector across all pods with HELM [#2012](https://github.com//kumahq/kuma/pull/2012) +* feat: enable forwarding XFCC header [#1941](https://github.com//kumahq/kuma/pull/1941) + 👍contributed by @jewertow +* feat: TrafficPermission for ExternalServices [#1957](https://github.com//kumahq/kuma/pull/1957) +* feat: metrics hijacker [#1899](https://github.com//kumahq/kuma/pull/1899) +* feat: extend CircuitBreaker [#1655](https://github.com//kumahq/kuma/pull/1655) +* chore: remove API V2 [#2119](https://github.com//kumahq/kuma/pull/2119) +* chore: bump webhooks version [#2126](https://github.com//kumahq/kuma/pull/2126) +* chore: drop deprecated Envoy options [#2143](https://github.com//kumahq/kuma/pull/2143) +* chore: dockerfiles, add a user for kuma-cp [#2129](https://github.com//kumahq/kuma/pull/2129) +* chore: bump cni version to 0.0.9 [#2137](https://github.com//kumahq/kuma/pull/2137) +* chore: rename remote cp to zone cp [#2125](https://github.com//kumahq/kuma/pull/2125) +* chore: bump versions of logging, metrics, tracing [#2178](https://github.com//kumahq/kuma/pull/2178) +* chore: parametrize bitnami/kubectl [#2151](https://github.com//kumahq/kuma/pull/2151) +* chore: backwards compatible metrics [#2173](https://github.com//kumahq/kuma/pull/2173) +* chore: upgrade Envoy version to 1.18.3 [#2145](https://github.com//kumahq/kuma/pull/2145) +* chore updated go-control-plane [#2082](https://github.com//kumahq/kuma/pull/2082) + 👍contributed by @sudeeptoroy +* chore: fix misspelled words [#1984](https://github.com//kumahq/kuma/pull/1984) + 👍contributed by @tharun208 +* chore: upgrade GUI [#2157](https://github.com//kumahq/kuma/pull/2157) +* chore namespace source names for v1 API [#1896](https://github.com//kumahq/kuma/pull/1896) + 👍contributed by @austince +* chore: use cmux for MADS server [#1887](https://github.com//kumahq/kuma/pull/1887) +* chore: Add internal support for outbound UDP listeners [#1618](https://github.com//kumahq/kuma/pull/1618) + 👍contributed by @lahabana +* chore: Avoid generating duplicate subsets in ingress + 👍contributed by @lahabana +* chore: upgrade to apiextensions.k8s.io/v1 [#1108](https://github.com//kumahq/kuma/pull/1108) + 👍contributed by @austince +* fix: Clear snapshots from cache on disconnect [#2172](https://github.com//kumahq/kuma/pull/2172) + 👍contributed by @lahabana +* fix: use service account name to identify sync [#2127](https://github.com//kumahq/kuma/pull/2127) +* fix: raise the regex program size limit [#2139](https://github.com//kumahq/kuma/pull/2139) +* fix: pass query parameters through the metrics hijacker [#2124](https://github.com//kumahq/kuma/pull/2124) +* fix: matching endpoints by tags [#2096](https://github.com//kumahq/kuma/pull/2096) +* fix: manage and warn on control plane file limits [#2057](https://github.com//kumahq/kuma/pull/2057) [#2106](https://github.com//kumahq/kuma/pull/2106) +* fix: fix transparent-proxy for GCP/GKE [#2051](https://github.com//kumahq/kuma/pull/2051) +* fix: set death signal on child processes [#2045](https://github.com//kumahq/kuma/pull/2045) +* fix: TrafficRoute in multizone issue [#1979](https://github.com//kumahq/kuma/pull/1979) + +## 1.1.6 +> Released on 2021/05/13 + +* feat: expose reuse_connection in healthchecks [#1952](https://github.com//kumahq/kuma/pull/1952) +* feat: allow tcp/http healthchecks together [#1951](https://github.com//kumahq/kuma/pull/1951) +* feat: kumactl option to install gateway types [#1950](https://github.com//kumahq/kuma/pull/1950) +* feat: kumactl option to install kuma demo app [#1932](https://github.com//kumahq/kuma/pull/1932) +* feat: kumactl option to install Kong ingress [#1929](https://github.com//kumahq/kuma/pull/1929) +* feat: support all tags in traffic permission [#1902](https://github.com//kumahq/kuma/pull/1902) +* fix: gateway status was always reporting offline [#1946](https://github.com//kumahq/kuma/pull/1946) +* fix: don't cache failed calls [#1894](https://github.com//kumahq/kuma/pull/1894) + 👍contributed by @lahabana +* chore: add hostname when sending traces to the collector [#1962](https://github.com//kumahq/kuma/pull/1962) +* docs: prepare api docs generation [#1741](https://github.com//kumahq/kuma/pull/1741) +* test: azure aks and e2e improvements for the CI [#1880](https://github.com//kumahq/kuma/pull/1880) + [#1871](https://github.com//kumahq/kuma/pull/1871) + [#1933](https://github.com//kumahq/kuma/pull/1933) + [#1953](https://github.com//kumahq/kuma/pull/1953) + [#1972](https://github.com//kumahq/kuma/pull/1972) + +## 1.1.5 +> Released on 2021/04/29 + +* feat: generate outbounds for itself [#1900](https://github.com//kumahq/kuma/pull/1900) +* chore: migrate from bintray [#1901](https://github.com//kumahq/kuma/pull/1901) +* chore: GUI updates and fixes [#1897](https://github.com//kumahq/kuma/pull/1897) +* chore: kumactl check version after loading config [#1879](https://github.com/kumahq/kuma/pull/1879) +* chore: transparent proxy improvements [#1852](https://github.com//kumahq/kuma/pull/1852) +* chore upgrade Go to 16.3 and use go embed [#1864](https://github.com//kumahq/kuma/pull/1864) [#1865](https://github.com//kumahq/kuma/pull/1865) +* fix: always set locality in multizone [#1863](https://github.com//kumahq/kuma/pull/1863) +* fix: Envoy config is created based on old Dataplane [#1848](https://github.com//kumahq/kuma/pull/1848) + + +## 1.1.4 +> Released on 2021/04/19 + +* chore: force all DNS traffic capture [#1842](https://github.com//kumahq/kuma/pull/1842) + +## 1.1.3 +> Released on 2021/04/16 + +* feat: support External Services with original hostname and port (built-in DNS) + [#1807](https://github.com//kumahq/kuma/pull/1807) [#1811](https://github.com//kumahq/kuma/pull/1811) [#1817](https://github.com//kumahq/kuma/pull/1817) [#1812](https://github.com//kumahq/kuma/pull/1812) [#1821](https://github.com//kumahq/kuma/pull/1821) [#1824](https://github.com//kumahq/kuma/pull/1824) [#1828](https://github.com//kumahq/kuma/pull/1828) [#1822](https://github.com//kumahq/kuma/pull/1822) +* fix: pass validation of V3 specific configs in ProxyTemplate [#1819](https://github.com//kumahq/kuma/pull/1819) +* chore: support ingress annotations (kuma.io/ingress-public-address and kuma.io/ingress-public-port) in HELM [#1796](https://github.com//kumahq/kuma/pull/1796) + + +## 1.1.2 +> Released on 2021/04/09 + +* feat: extend CircuitBreaker policy with Thresholds [#1688](https://github.com//kumahq/kuma/pull/1688) +* feat: enable IPv6 support and tests [#1726](https://github.com//kumahq/kuma/pull/1726) [#1734](https://github.com//kumahq/kuma/pull/1734) +* feat: unuversal mode transparent-proxy firewalld support [#1702](https://github.com//kumahq/kuma/pull/1702) +* feat: new Grafana charts for golden signals and L7 metrics [#1739](https://github.com//kumahq/kuma/pull/1739) [#1786](https://github.com//kumahq/kuma/pull/1786) +* chore: verify e2e tests run in EKS [#1684](https://github.com//kumahq/kuma/pull/1684) [#1685](https://github.com//kumahq/kuma/pull/1685) [#1744](https://github.com//kumahq/kuma/pull/1744) +* chore: upgrade CRDS to apiextensions.k8s.io/v1 [#1108](https://github.com//kumahq/kuma/pull/1108) +* fix: helm cp service annotations [#1767](https://github.com//kumahq/kuma/pull/1767) + 👍contributed by nbrink91 +* fix: gui fixes [#1773](https://github.com//kumahq/kuma/pull/1773) +* fix: KDS may delete ConfigMaps on Control Plane restarts [#1769](https://github.com//kumahq/kuma/pull/1769) +* fix: Kuma CP restart may cause stale Envoy configs on Universal [#1749](https://github.com//kumahq/kuma/pull/1749) +* fix: use EnvoyGRPC to fix DNS resolving [#1740](https://github.com//kumahq/kuma/pull/1740) +* fix: fix ingress-enabled [#1725](https://github.com//kumahq/kuma/pull/1725) +* fix: pick HTTP health checker version depending on outbound's protocol [#1714](https://github.com//kumahq/kuma/pull/1714) +* fix: improve the DNS server bind message [#1701](https://github.com//kumahq/kuma/pull/1701) +* fix: validate --name and --mesh when dataplane is provided [#1771](https://github.com//kumahq/kuma/pull/1771) +* fix: better error messages when there is problem with pod dataplane convertion [#1743](https://github.com//kumahq/kuma/pull/1743) +* fix: crashes under load [#1694](https://github.com//kumahq/kuma/pull/1694) [#1695](https://github.com//kumahq/kuma/pull/1695) + +## 1.1.1 +> Released on 2021/03/11 + +* fix: make sure we enumerate all types in kumactl [#1673](https://github.com//kumahq/kuma/pull/1673) +* fix: annnotate service with ingress that has no annotations [#1671](https://github.com//kumahq/kuma/pull/1671) +* fix: improve err message if $HOME is not defined [#1664](https://github.com//kumahq/kuma/pull/1664) +* feat: zipkin config add shared span context option [#1660](https://github.com//kumahq/kuma/pull/1660) + 👍contributed by @ericmustin +* feat: get rid of 'changed' check [#1663](https://github.com//kumahq/kuma/pull/1663) diff --git a/app/assets/raw/UPGRADE.md b/app/assets/raw/UPGRADE.md new file mode 100644 index 000000000..a22c16452 --- /dev/null +++ b/app/assets/raw/UPGRADE.md @@ -0,0 +1,1135 @@ +This document guides you through the process of upgrading `Kuma`. + +First, check if a section named `Upgrade to x.y.z` exists, +with `x.y.z` being the version you are planning to upgrade to. + +If such a section does not exist, the upgrade you want to perform +does not have any particular instructions. + +## Upgrade to `2.6.x` + +### Unifying Default Connection Timeout Values + +To simplify configuration and provide a more consistent user experience, we've unified the default connection timeout values. When no `MeshTimeout` or `Timeout` policy is specified, the connection timeout will now be the same as the default `connectTimeout` values for `MeshTimeout` and `Timeout` policies. This value is now `5s`, which is a decrease from the previous default of `10s`. + +The connection timeout specifies the amount of time Envoy will wait for an upstream TCP connection to be established. + +The only users who need to take action are those who are explicitly relying on the previous default connection timeout value of `10s`. These users will need to create a new `MeshTimeout` policy with the appropriate `connectTimeout` value to maintain their desired behavior. + +We encourage all users to review their configuration, but we do not anticipate that this change will require any action for most users. + +## Upgrade to `2.5.x` + +### Transparent-proxy and CNI v1 removal + +v2 has been default since 2.2.x. We are therefore removing v1. + +### Deprecated argument to transparent-proxy + +Parameters `--exclude-outbound-tcp-ports-for-uids` and `--exclude-outbound-udp-ports-for-uids` are now merged into `--exclude-outbound-ports-for-uids` for `kumactl install transparent-proxy`. +We've also added the matching Kubernetes annotation: `traffic.kuma.io/exclude-outbound-ports-for-uids`. +The previous versions will still work but will be removed in the future. + +### More strict validation rules for resource names + +In order to be compatible with Kubernetes naming policy we updated the validation rules. Old rule: + +> Valid characters are numbers, lowercase latin letters and '-', '_' symbols. + +New rule: + +> A lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character + +New rule is applied for CREATE operations. The old rule is still applied for UPDATE, but this is going to change in Kuma 2.7.x or later. + +### API + +#### overview API coherency + +These endpoints are getting replaced to achieve more coherency on the API: + +- `/meshes/{mesh}/zoneegressoverviews` moves to `/meshes/{mesh}/zoneegresses/_overview` +- `/meshes/{mesh}/zoneingresses+insights` moves to `/meshes/{mesh}/zone-ingresses/_overview` +- `/meshes/{mesh}/dataplanes+insights` moves to `/meshes/{mesh}/dataplanes/_overview` +- `/zones+insights` moves to `/zones/_overview` + +While you can use the old API they will be removed in a future version + +### Prometheus inbound listener is not secured by TrafficPermission anymore + +Due to the shadowing [issue](https://github.com/kumahq/kuma/issues/2417) with old TrafficPermission it was quite impossible to protect Prometheus inbound listener as expected. +RBAC rules on the Prometheus inbound listener were blocking users from fully migrate to the new MeshTrafficPermission policy. +That's why we decided to discontinue TrafficPermission support on the Prometheus inbound listener starting 2.5.x. + +### Gateway API + +We support `v1` resources and `v1.0.0` of `gateway-api`. `v1beta1` resources are +still supported but support for these WILL be removed in a future release. + +### KDS Delta enabled by default + +KDS Delta is enabled by default. You can fallback to SOTW KDS by setting `KUMA_EXPERIMENTAL_KDS_DELTA_ENABLED=false`. +As a side effect, on kubernetes policies synced will be persisted in the `kuma-system` namespace instead of `default`. + +## Upgrade to `2.4.x` + +### Configuration change + +The configuration: `Metrics.Mesh.MinResyncTimeout` and `Metrics.Mesh.MaxResyncTimeout` are replaced by `Metrics.Mesh.MinResyncInterval` and `Metrics.Mesh.FullResyncInterval`. +You can still use the current configs but it will be removed in the future. + +### **Breaking changes** + +#### Removal of service field in Dataplane outbound + +After a period of depreciation, the service field in now removed. The service name is only defined by the value of `kuma.io/service` in the outbound tags field. + +## Upgrade to `2.3.x` + +### **Breaking changes** + +#### `MeshHTTPRoute` + +* Changed path match `type` from `Prefix` to `PathPrefix` + +#### `MeshAccessLog` + +* Added a new field `Type` for `Backend` as a [Discriminator Field](https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/1027-api-unions/README.md#discriminator-field) +* Added a new field `Type` for `Format` as a [Discriminator Field](https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/1027-api-unions/README.md#discriminator-field) + +#### `MeshTrace` + +* Added a new field `Type` for `Backend` as a [Discriminator Field](https://github.com/kubernetes/enhancements/blob/master/keps/sig-api-machinery/1027-api-unions/README.md#discriminator-field) + +#### `kumactl` container image + +* Changed image's entrypoint to `/usr/bin/kumactl` + +This change was introduced to be consistent with `kuma-cp` and `kuma-dp` images, +where names of images refer to binaries set in entrypoint. + +Example valid before: +```sh +docker run kumahq/kumactl:2.2.1 kumactl install transparent-proxy --help +``` + +Equivalent example valid now: +```sh +docker run kumahq/kumactl:2.3.0 install transparent-proxy --help +``` + +#### TLS verification between Zone CP and Global CP + +If the CA used to sign the Global CP sync server is not provided to a Zone CP (HELM `controlPlane.tls.kdsZoneClient`, ENV: `KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE`), and the certificate is signed by a CA that is not included in the system's CA bundle on the Zone CP machine, you must do one of the following: +* Provide the CA to the Zone CP, see https://kuma.io/docs/2.2.x/production/secure-deployment/certificates/#control-plane-to-control-plane-multizone . +* Configure Zone CP. Set `KUMA_MULTIZONE_ZONE_KDS_TLS_SKIP_VERIFY` or HELM value of `controlPlane.tls.kdsZoneClient.skipVerify` to `true`. + +#### Removal of Common Name from generated certificates + +This only affects users who rely on generated certificates having a common name set. + +* `kumactl generate tls-certificate` generates certificates without CN +* autogenerated TLS certificate for kuma-cp (when `general.tlsCertFile` is not provided) won't have CN + +## Upgrade to `2.2.x` + +### Universal + +#### CentOS 7 + +We are dropping support for running Envoy on CentOS 7 with this release and will +not release CentOS 7 compatible Envoy builds. + +#### Changed default postgres driver to pgx + +- If you encounter any problems with the persistence layer please [submit an issue](https://github.com/kumahq/kuma/issues/new) and temporarily switch to the previous driver (`lib/pq`) by setting +`DriverName=postgres` configuration option or `KUMA_STORE_POSTGRES_DRIVER_NAME='postgres'` env variable. +- Several configuration settings are not supported by the new driver right now, if used to configure them please try running with new defaults or [submit an issue](https://github.com/kumahq/kuma/issues/new). +List of unsupported configuration options: + - MaxIdleConnections (used in store) + - MinReconnectInterval (used in events listener) + - MaxReconnectInterval (used in events listener) + +#### Longer name of the resource in postgres + +Kuma now permits the creation of a resource with a name of up to 253 characters, which is an increase from the previous limit of 100 characters. This adjustment brings our system in line with the naming convention supported by Kubernetes. +This change requires to run `kuma-cp migrate up` to apply changes to the postgres database. + +### K8s + +#### Removed deprecated annotations + +- `kuma.io/builtindns` and `kuma.io/builtindnsport` are removed in favour of `kuma.io/builtin-dns` and `kuma.io/builtin-dns-port` introduced in 1.8.0. If you are using the legacy CNI you main need to set these old annotations manually in your pod definition. +- `kuma.io/sidecar-injection` is no longer supported as an annotation, you should use it as a label. + +#### Helm + +All containers now have defaults for `resources.requests.{cpu,memory}` and `resources.limits.{memory}`. +There are new default values for `*.podSecurityContext` and `*.containerSecurityContext`, see `values.yaml`. + +#### Gateway API + +We now support version `v0.6.0` of the Gateway API. See the [upstream API +changes](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v0.6.0) for +more info. + +### Auth configuration of DP server in Kuma CP + +`dpServer.auth` configuration of Kuma CP was deprecated. You can still set config in this section, but it will be removed in the future. +It's recommended to migrate to `dpServer.authn` if you explicitly set any of the configuration in this config section. +* `dpServer.auth.type` is now split into two: `dpServer.authn.dpProxy.type` and `dpServer.authn.zoneProxy.type` and is still autoconfigured based on the environment. +* `dpServer.auth.useTokenPath` is now `dpServer.authn.enableReloadableTokens` + +### Transparent Proxy Engine v2 and CNI v2 as default + +As they matured, in the upcoming release Kuma will by default use transparent +proxy engine v2 and CNI v2. + +If you want to still use v1 versions of these components, you will have to install +Kuma with provided `legacy.transparentProxy=true` or `legacy.cni.enabled=true` +options. + +#### Examples + +##### CNI + +*Helm* + +```sh +helm upgrade --install --create-namespace --namespace kuma-system \ + --set "legacy.cni.enabled=true" \ + --set "cni.enabled=true" \ + --set "cni.chained=true" \ + --set "cni.netDir=/etc/cni/net.d" \ + --set "cni.binDir=/opt/cni/bin" \ + --set "cni.confName=10-calico.conflist" + kuma kuma/kuma +``` + +*kumactl* + +```sh +kumactl install control-plane \ + --set "legacy.cni.enabled=true" \ + --set "cni.enabled=true" \ + --set "cni.chained=true" \ + --set "cni.netDir=/etc/cni/net.d" \ + --set "cni.binDir=/opt/cni/bin" \ + --set "cni.confName=10-calico.conflist" \ + | kubectl apply -f- +``` + +##### Transparent Proxy Engine + +*Helm* + +```sh +helm upgrade --install --create-namespace --namespace kuma-system \ + --set "legacy.transparentProxy=true" kuma kuma/kuma +``` + +*kumactl* + +```sh +kumactl install control-plane --set "legacy.transparentProxy=true" | kubectl apply -f- +``` + +### Removal of deprecated options to reach applications bound to `localhost` + +The deprecated options `KUMA_DEFAULTS_ENABLE_LOCALHOST_INBOUND_CLUSTERS` and +`defaults.enableLocalhostInboundClusters` were removed. + +This change affects only applications using transparent proxy. + +Applications that are binding to `localhost` won't be reachable anymore. +This is the default behaviour from Kuma 1.8.0. Until now, it was possible to set +a deprecated kuma-cp configurations `KUMA_DEFAULTS_ENABLE_LOCALHOST_INBOUND_CLUSTERS` +or `defaults.enableLocalhostInboundClusters` to `true`, which was allowing to +still reach these applications. + +One of the options to upgrade change address which the application is +listening on, to `0.0.0.0`. +Other option is to define `dataplane.networking.inbound[].serviceAddress` +to the address which service is binding to. + +## Upgrade to `2.1.x` + +### **Breaking changes** + +#### **Naming Serviceless dataplanes has changed** + +Currently, the `kuma.io/service` value of the inbound of a `Dataplane` generated for a `Pod` without a `Service` is based on the `Pod` name. The Kuma CP takes the pod's name and removes 2 last elements after splitting by `-`. This behavior is correct when the `Pod` is owned by a `Deployment` or `CronJob` but not for other owner kinds. Kuma will now use the name of the owner resource as the `kuma.io/service` value. +Before upgrade: +1. Identify all `Service`less `Pods` that are not managed by a `Deployment` or `CronJob`. +2. Create copies of policies that were created for the services corresponding to these `Pods`. The `kuma.io/service` value is the name of the owner resource. If there is no owner, `Kuma` uses the `Pod`'s name. + +This breaking change is required to provide correct naming. The previous behavior could produce the same `kuma.io/service` value of the inbound of a `Dataplane` for many different serviceless Dataplanes. + +#### MeshTrafficPermission + +Action value have switched to PascalCase. ALLOW is Allow, DENY is Deny and ALLOW_WITH_SHADOW_DENY is AllowWithShadowDeny. + +### HTTP api + +We've removed the deprecated endpoint `POST /tokens`, use the `POST /tokens/dataplane` endpoint instead (same request and response). +Make sure you are using a recent `kumactl` or that you use the right path if using the API directly to upgrade with no issues. + +### Kubernetes + +The sidecar container is always injected first (since [#5436](https://github.com/kumahq/kuma/pull/5436)). This should only impact you when modifying the sidecar container with a container-patch. If you do so, upgrade Kuma and then change your container patch to modify the right container. + +This version changes the leader election mechanism from leader for life to the more robust leader with lease. +As the result, during the upgrade you may have two leaders in the cluster. +This should not impact the system in any significant way other than logs like `resource was already updated`. + +### Kumactl + +`--valid-for` must be set for all token types, before it was defaulting to 10 years. + +## Upgrade to `2.0.x` + +### Built-in gateway + +If you're using the `PREFIX` path match for `MeshGatewayRoute`, +note that validation is now stricter. +If you try to update an existing `MeshGatewayRoute` or create a new one, +make sure your `PREFIX` matching `value` does not include a trailing slash. +All prefix matches are checked path-separated, +meaning that `/prefix` only matches +if the request's path is `/prefix` or begins with `/prefix/`. +This has always been the case, +so no behavior has been changed +and existing resources with a trailing slash are not affected. + +### Universal + +A `lib/pq` change enables SNI by default when connecting to Postgres over TLS. +Either make sure your certificates contain a valid CN or SANs for the hostname +you're using +or update to `2.0.1` and disable `sslsni` by setting the +`KUMA_STORE_POSTGRES_TLS_DISABLE_SSLSNI` environment variable or +`store.postgres.tls.disableSSLSNI` in the config to `true`. + +### `kuma-prometheus-sd` + +This component has been removed +after [a long period of deprecation](https://github.com/kumahq/kuma/issues/2851). + +### Zone Ingress Token migration + +This is only relevant to Multizone deployment with Universal zones. +Zone Token that was previously used for authenticating Zone Egress, can now be used to authenticate Zone Ingress. +Please regenerate Zone Ingress token using `kumactl generate zone-token --scope=ingress`. +For the time being you can still use the old Zone Ingress token and Zone Token with scope ingress. +However, Zone Ingress Token is now deprecated and will be removed in the future. + +### Helm + +`ingress.annotations` and `egress.annotations` are deprecated in favour of `ingress.podAnnotations` and `egress.podAnnotations` which is a better name and aligne with the existing `controlPlane.podAnnoations`. + + +### Kuma-cp + +- By default, the minimum TLS version allowed on servers is TLSv1.2. If you require using TLS < 1.2 you can set `KUMA_GENERAL_TLS_MIN_VERSION`. +- `KUMA_MONITORING_ASSIGNMENT_SERVER_GRPC_PORT` was removed after a long deprecation period use `KUMA_MONITORING_ASSIGNMENT_SERVER_PORT` instead. + +### gRPC metrics + +With this release, emitting separate statistics for every gRPC method is disabled. +gRPC metrics from different methods are now aggregated under `envoy_cluster_grpc_request_message_count`. +It will be re-enabled again in the future once Envoy with [`replace_dots_in_grpc_service_name`](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/http/grpc_stats/v3/config.proto#envoy-v3-api-field-extensions-filters-http-grpc-stats-v3-filterconfig-stats-for-all-methods) feature is released. +If you need to enable this setting, you can use ProxyTemplate to patch `envoy.filters.http.grpc_stats` http filter. + +## Upgrade to `1.8.x` + +### Kumactl + +* `kumactl inspect dataplane --config-dump` was deprecated in favour of `kumactl inspect dataplane --type config-dump`. The behaviour of the new flag is unchanged but you should migrate. +* `kumactl install transparent-proxy --skip-resolv-conf` was deprecated as there's no reason for us to update the `/etc/resolv.conf` of the user. +* `kumactl install transparent-proxy --kuma-cp-ip` was removed as it's not possible to run a DNS server on the cp. + +### Helm + +* Under `cni.image`, the default values for `repository` and `registry` have been +changed to agree with the other `image` values. + +### CP + +* The `/versions` endpoint was removed. This is not something that was reliable enough and version compatibility +is checked inside the DP +* We are deprecating `kuma.io/builtindns` and `kuma.io/builtindnsport` annotations in favour of the clearer `kuma.io/builtin-dns` and `kuma.io/builtin-dns-port`. The behavior of the new annotations is unchanged but you should migrate (a warning is present on the log if you are using the deprecated version). +* By default, applications binding to `localhost` are not reachable anymore. A `Dataplane` inbound's default `serviceAddress` is now the inbound's `address`. Before upgrade, if you have applications listening on `localhost` that you want to expose on: + * Kubernetes: listen on `0.0.0.0` instead + * Universal: listen on `inbound.address` instead or set `dataplane.networking.inbound[].serviceAddress: "127.0.0.1"` +To make migration easier you can temporarily disable this new behavior by setting `KUMA_DEFAULTS_ENABLE_LOCALHOST_INBOUND_CLUSTERS=true` on `kuma-cp`, this option will be removed in a future version. + +## Upgrade to `1.7.x` + +### Kumactl + +* We're deprecating `kumactl install metrics/tracing/logging`, please use `kumactl install observability` instead + +### DNS + +The `control-plane` no longer hosts a builtin DNS server. You should always rely on the embedded DNS in the dataplane proxy and VIPs can't be used without transparent proxy. + +### Timeout policy + +'grpc' section is deprecated. +Timeouts for HTTP, HTTP2 and GRPC should be set in 'http' section: + +```yaml +tcp: + idleTimeout: 1h +http: # http, http2, grpc + requestTimeout: 15s + idleTimeout: 1h + streamIdleTimeout: 30m + maxStreamDuration: 0s +grpc: # DEPRECATED + streamIdleTimeout: 30m # DEPRECATED, use 'http.streamIdleTimeout' + maxStreamDuration: 0s # DEPRECATED, use 'http.maxStreamDuration' +``` + +## Upgrade to `1.6.x` + +### Helm + +* the Helm chart for this release requires at least Helm version `3.8.0`. +* `controlPlane.resources` is now on object instead of a string. Any existing value should be adapted accordingly. + +### Zone egress and ExternalService + +When an `ExternalService` has the tag `kuma.io/zone` and `ZoneEgress` is enabled then the request flow will be different after upgrading Kuma to the newest version. +Previously, the request to the `ExternalService` goes through the `ZoneEgress` in the current zone. The newest version flow is different, and when `ExternalService` is defined in a different zone then the request will go through local `ZoneEgress` to `ZoneIngress` in zone where `ExternalService` is defined and leave the cluster through `ZoneEgress` in this cluster. To keep previous behavior, remove the `kuma.io/zone` tag from the `ExternalService` definition. + +### Zone egress + +Previously, when mTLS was configured and `ZoneEgress` deployed, requests were routed automatically through `ZoneEgress`. Now it's required to +explicitly set that traffic should be routed through `ZoneEgress` by setting `Mesh` configuration property `routing.zoneEgress: true`. The +default value of the property is set to `false` so in case your network policies don't allow you to reach other external services/zone without +using `ZoneEgress`, set `routing.zoneEgress: true`. + +```yaml +type: Mesh +name: default +mtls: # mTLS is required for zoneEgress + [...] +routing: + zoneEgress: true +``` + +The new approach changes the flow of requests to external services. Previously when there was no instance of `ZoneEgress` traffic was routed +directly to the destination, now it won't reach the destination. + +### Gateway (experimental) + +Previously, a `MeshGatewayInstance` generated a `Deployment` and `Service` whose +names ended with a unique suffix. With this release, those objects will have the +same name as the `MeshGatewayInstance`. + +### Inspect API + +In connection with the changes around `MeshGateway` and `MeshGatewayRoute`, the output +schema of the `//dataplanes` has changed. Every policy can +now affect both normal `Dataplane`s and `Dataplane`s configured as builtin gateways. +The configuration for the latter type is done via `MeshGateway` resources. + +Every item in the `items` array now has a `kind` property of either: + +* `SidecarDataplane`: a normal `Dataplane` with outbounds, inbounds, + etc. +* `MeshGatewayDataplane`: a `MeshGateway`-configured `Dataplane` with a new + structure representing the `MeshGateway` it serves. + +Some examples can be found in the [Inspect API +docs](https://kuma.io/docs/1.6.x/documentation/http-api/#inspect-api). + +## Upgrade to `1.5.x` + +### Any type + +The `kuma.metrics.dataplane.enabled` and `kuma.metrics.zone.enabled` configurations have been removed. + +Kuma always generate the corresponding metrics. + +### Kubernetes + +- Please migrate your `kuma.io/sidecar-injection` annotations to labels. + The new version still supports annotation, but to have a guarantee that applications can only start with sidecar, you must use label instead of annotation. +- Configuration parameter `kuma.runtime.kubernetes.injector.sidecarContainer.adminPort` and environment variable `KUMA_RUNTIME_KUBERNETES_INJECTOR_SIDECAR_CONTAINER_ADMIN_PORT` + have been deprecated in favor of `kuma.bootstrapServer.params.adminPort` and `KUMA_BOOTSTRAP_SERVER_PARAMS_ADMIN_PORT`. + +### Universal + +- We removed support for old Ingress (`Dataplane#networking.ingress`) from pre 1.2 days. + If you are still using it, please migrate to `ZoneIngress` first (see `Upgrade to 1.2.0` section). +- You can't use 0.0.0.0 or :: in `networking.address` most of the time using loopback is what people intended. +- Kuma DP flag `--admin-port` and environment variable `KUMA_DATAPLANE_ADMIN_PORT` have been deprecated, + admin port should be specified in Dataplane or ZoneIngress resources. + +## Upgrade to `1.4.0` + +Starting with this version, the default API server authentication method is user +tokens. In order to continue using client certificates (the previous default +method), you'll need to explicitly set the authentication method to client +certificates. This can be done by setting the `KUMA_API_SERVER_AUTHN_TYPE` variable to +`"clientCerts"`. + +See [Configuration - Control plane](https://kuma.io/docs/1.3.1/documentation/configuration/#control-plane) +for how to set this variable. + +## Upgrade to `1.3.0` + +Starting with this version `Mesh` resource will limit the maximal number of mtls backends to 1, so please make sure your `Mesh` has correct backend applied before the upgrade. + +Outbound generated internally are no longer listed in `dataplane.network.outbound[]`. For Kubernetes, they will automatically disappear. For universal to remove them you should recreate your dataplane resources (either with `kumactl apply` or by restarting your services if the dataplanes lifecycle is managed by Kuma). + +Kuma 1.3.0 has additional mechanism for tracking data plane proxies and zone statuses in a more reliable way. This mechanism works as a heartbeat and periodically increments the `generation` counter for the Insights. If the overall time for upgrading all Kuma CP instances is more than 5 minutes, then some data plane proxies or zones may become Offline in the GUI, but this doesn't affect real connectivity, only view. This unwanted effect will disappear as soon as all Kuma CP instances will be upgraded to 1.3.0. + +## Upgrade to `1.2.1` + +When Global is upgraded to `1.2.1` and Zone CP is still `1.2.0`, ZoneIngresses will always be listed as offline. +After Zone CPs are upgraded to `1.2.1`, the status will work again. ZoneIngress status does not affect cross-zone traffic. + +## Upgrade to `1.2.0` + +One of the changes introduced by Kuma 1.2.0 is renaming `Remote Control Planes` to `Zone Control Planes` and `Dataplane Ingress` to `Zone Ingress`. +We think this change makes the naming more consistent with the rest of the application and also removes some of unnecessary confusion. + +As a result of this renaming, some values and arguments in multizone/kubernetes environment changed. You can read below more. + +### Upgrading with `kumactl` on Kubernetes + +1. Changes in arguments/flags for `kumactl install control-plane` + + * `--mode` accepts now values: `standalone`, `zone` and `global` (`remote` changed to `zone`) + + * `--tls-kds-remote-client-secret` flag was renamed to `--tls-kds-zone-client-secret` + +2. Service `kuma-global-remote-sync` changed to `kuma-global-zone-sync` so after upgrading `global` control plane you have to manually remote old service. For example: + + ```sh + kubectl delete -n kuma-system service/kuma-global-remote-sync + ``` + + Hint: It's worth to remember that often at this point the IP address/hostname which is used as a KDS address when installing Kuma Zone Control Planes will change. Make sure that you update the address when upgrading the Remote CPs to the newest version. + +### Upgrading with `helm` on Kubernetes + +Changes in values in Kuma's HELM chart + +* `controlPlane.mode` accepts now values: `standalone`, `zone` and `global` (`remote` changed to `zone`) + +* `controlPlane.globalRemoteSyncService` was renamed to `controlPlane.globalZoneSyncService` + +* `controlPlane.tls.kdsRemoteClient` was renamed to `controlPlane.tls.kdsZoneClient` + +### Suggested Upgrade Path on Universal + +1. Zone Control Planes should be started using new environment variables + + * `KUMA_MODE` accepts now values: `standalone`, `zone` and `global` (`remote` changed to `zone`) + + Old: + ```sh + KUMA_MODE="remote" [...] kuma-cp run + ``` + + New: + ```sh + KUMA_MODE="zone" [...] kuma-cp run + ``` + + * `KUMA_MULTIZONE_REMOTE_ZONE` was renamed to `KUMA_MULTIZONE_ZONE_NAME` + + Old: + ```sh + KUMA_MULTIZONE_REMOTE_ZONE="remote-1" [...] kuma-cp run + ``` + + New: + ```sh + KUMA_MULTIZONE_ZONE_NAME="remote-1" [...] kuma-cp run + ``` + + * `KUMA_MULTIZONE_REMOTE_GLOBAL_ADDRESS` was renamed to `KUMA_MULTIZONE_ZONE_GLOBAL_ADDRESS` + + Old: + ```sh + KUMA_MULTIZONE_REMOTE_GLOBAL_ADDRESS="grpcs://localhost:5685" [...] kuma-cp run + ``` + + New: + ```sh + KUMA_MULTIZONE_ZONE_GLOBAL_ADDRESS="grpcs://localhost:5685" [...] kuma-cp run + ``` + + * `KUMA_MULTIZONE_REMOTE_KDS_ROOT_CA_FILE` was renamed to `KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE` + + Old: + ```sh + KUMA_MULTIZONE_REMOTE_KDS_ROOT_CA_FILE="/rootCa" [...] kuma-cp run + ``` + + New: + ```sh + KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE="/rootCa" [...] kuma-cp run + ``` + + * `KUMA_MULTIZONE_REMOTE_KDS_ROOT_CA_FILE` was renamed to `KUMA_MULTIZONE_ZONE_KDS_ROOT_CA_FILE` + + Old: + ```sh + KUMA_MULTIZONE_REMOTE_KDS_REFRESH_INTERVAL="9s" [...] kuma-cp run + ``` + + New: + ```sh + KUMA_MULTIZONE_ZONE_KDS_REFRESH_INTERVAL="9s" [...] kuma-cp run + ``` + +2. Dataplane Ingress resource should be replaced with ZoneIngress resource: + + Old: + ```yaml + type: Dataplane + name: dp-ingress + mesh: default + networking: + address:
+ ingress: + publicAddress: + publicPort: + inbound: + - port: + tags: + kuma.io/service: ingress + ``` + + New: + ```yaml + type: ZoneIngress + name: zone-ingress + networking: + address:
+ port: + advertisedAddress: + advertisedPort: + ``` + + NOTE: ZoneIngress resource is a global scoped resource, it's not bound to a Mesh + The old Dataplane resource is still supported but it's considered deprecated and will be removed in the next major version of Kuma + + +3. Since ZoneIngress resource is not bound to a Mesh, it requires another token type that is bound to a Zone: + + ```shell + kumactl generate zone-ingress-token --zone=zone-1 > /tmp/zone-ingress-token + ``` + +4. `kuma-dp run` command should be updated with a new flag `--proxy-type=ingress`: + + ```sh + kuma-dp run \ + --proxy-type=ingress \ + --dataplane-token-file=/tmp/zone-ingress-token \ + --dataplane-file=zone-ingress.yaml + ``` + + +## Upgrade to `1.1.0` + +The major change in this release is the migration to XDSv3 for the `kuma-cp` to `envoy` data plane proxy communication. The +previous XDSv2 is still available and will continue working. All the existing data plane proxies will still use XDSv2 until +being restarted. The newly deployed `kuma-dp` instances will automatically get bootstrapped to XDSv3. In case that needs to be +changed, `kuma-cp` needs to be started with `KUMA_BOOTSTRAP_SERVER_API_VERSION=v2`. + +With Kuma 1.1.0, the `kuma-cp` will installs default [retry](https://kuma.io/docs/1.1.0/policies/retry/) and [timeout](https://kuma.io/docs/1.1.0/policies/timeout/) policies for each new +created Mesh object. The pre-existing meshes will not automatically get these default policies. If needed, they should be created accordingly. + +This version removes the deprecated `--dataplane` flag in `kumactl generate dataplane-token`, please consider migrating to use `--name` instead. + +## Upgrade to `1.0.0` + +This release introduces a number of breaking changes. If Kuma is being deployed in production we strongly suggest to backup the current configuration, tear down the whole cluster and zones, and install in a clean setup. However, we enumerate the details of these changes below. + +### Suggested Upgrade Path on Kubernetes + * Drop k8s 1.13 support + + Take this into account if you run Kuma on an old Kubernetes version. + + * `kumactl` merged `install ingress` into `install control-plane` + + This change impacts any deployment pipelines that are based on `kumactl` and are used for multi-zone deployments. + + * Change policies on K8S to scope global + + All the CRDs are now in the global scope, therefore all policies need to be backed up. The relevant CRDs need to be deleted, which will clear all the policies. After the upgrade, you can apply the policies again. We do recommend to keep all the Kuma Control Planes down while doing these operations. + + * Autoconfigure single cert for all services + + Deployment flags for providing TLS certificates in Helm and `kumactl` have changed, refer to the relevant [documentation](https://github.com/kumahq/kuma/blob/release-1.0/deployments/charts/kuma/README.md#values) to verify the new naming. + + * Create default resources for Mesh + + The following default resources will be created upon the first start of Kuma Control Plane + - default signing key + - default [Allow All traffic permission](https://kuma.io/docs/1.0.0/policies/traffic-permissions/#traffic-permissions) policy `allow-all-` + - Default [Allow All traffic route](https://kuma.io/docs/1.0.0/policies/traffic-route/#default-trafficroute) policy `allow-all-` + + Please verify if this conflicts with your deployment and expected policies. + + * New Multizone deployment flow + + Deploying Multizone clusters is now simplified, please refer to the deployment [documentation](https://kuma.io/docs/1.0.0/documentation/deployments/#multi-zone-mode) of the updated procedure. + + * Improved control plane communication security + + Kuma Control Plane exposed ports are reduced, please revise the [documentation](https://kuma.io/docs/1.0.0/documentation/networking/#kuma-cp-ports) for detailed list. + Consider reinstalling the metrics due to the port changes in Kuma Prometheus SD. + + * Traffic route format + + The format of the [TrafficRoute](https://kuma.io/docs/1.0.0/policies/traffic-route) has changed. Please check the documentation and adapt your resources. + +### Suggested Upgrade Path on Universal + * Get rid of advertised hostname + `KUMA_GENERAL_ADVERTISED_HOSTNAME` was removed and not needed now. + + * Autoconfigure single cert for all services + Deployment flags for providing TLS certificates in Helm and `kumactl` have changed, refer to the [documentation](https://github.com/kumahq/kuma/blob/release-1.0/pkg/config/app/kuma-cp/kuma-cp.defaults.yaml) to verify the new naming. + + * Create default resources for Mesh + + The following default resources will be created upon the first start of Kuma Control Plane + - default signing key + - default [Allow All traffic permission](https://kuma.io/docs/1.0.0/policies/traffic-permissions/#traffic-permissions) policy `allow-all-` + - Default [Allow All traffic route](https://kuma.io/docs/1.0.0/policies/traffic-route/#default-trafficroute) policy `allow-all-` + + Please verify if this conflicts with your deployment and expected policies. + +* New Multizone deployment flow + + Deploying Multizone clusters is now simplified, please refer to the deployment [documentation](https://kuma.io/docs/1.0.0/documentation/deployments/#multi-zone-mode) of the updated procedure. + + * Improved control plane communication security + + `kuma-dp` invocation has changed and now [allows](https://kuma.io/docs/1.0.1/documentation/dps-and-data-model/#dataplane-entity) for a more flexible usage leveraging automated, template based Dataplane resource creation, customizable data-plane token boundaries and additional CA ceritficate validation for the Kuma Control plane boostrap server. + Kuma Control Plane exposed ports are reduced, please revise the [documentation](https://kuma.io/docs/1.0.0/documentation/networking/#kuma-cp-ports) for detailed list. + + * Traffic route format + + The format of the [TrafficRoute](https://kuma.io/docs/1.0.0/policies/traffic-route) has changed. Please check the documentation and adapt your resources. + + +## Upgrade to `0.7.0` +Support for `kuma.io/sidecar-injection` annotation. On Kubernetes change the namespace resources that host Kuma mesh services with the aforementioned annotation and delete the label. + +Prefix the Kuma built-in tags with `kuma.io/` as follows: `kuma.io/service`, `kuma.io/protocol`, `kuma.io/zone`. + +### Suggested Upgrade Path on Kubernetes + +Update the applied policy tag selector to include the `kuma.io/` prefix. A sample traffic resource follows: + +```yaml +apiVersion: kuma.io/v1alpha1 +kind: TrafficPermission +mesh: default +metadata: + namespace: default + name: allow-all-traffic +spec: + sources: + - match: + kuma.io/service: '*' + destinations: + - match: + kuma.io/service: '*' +``` + +The Kuma Control Plane will update the relevant Dataplane resources accordingly + +### Suggested Upgrade Path on Universal + +Update the applied policy tag selector to include the `kuma.io/` prefix. A sample traffic resource follows: + +```yaml +type: TrafficPermission +name: allow-all-traffic +mesh: default +sources: + - match: + kuma.io/service: '*' +destinations: + - match: + kuma.io/service: '*' +``` + +Update the dataplane resources with the new tag format as well. Example: + +```bash +echo "type: Dataplane +mesh: default +name: redis-1 +networking: + address: 192.168.0.1 + inbound: + - port: 9000 + servicePort: 6379 + tags: + kuma.io/service: redis" | kumactl apply -f - +``` + +This release changes the way that Distributed and Hybrid Kuma Control planes are deployed. Please refer to the [documentation](https://kuma.io/docs/0.7.0/documentation/deployments/#usage) for more details. + +## Upgrade to `0.6.0` + +[Passive Health Check](https://kuma.io/docs/0.5.1/policies/health-check/) were removed in favor of [Circuit Breaking](https://kuma.io/docs/0.6.0/policies/circuit-breaker/). + +Format of Active Health Check changed from : +```yaml +apiVersion: kuma.io/v1alpha1 +kind: HealthCheck +mesh: default +metadata: + namespace: default + name: web-to-backend-check +mesh: default +spec: + sources: + - match: + service: web + destinations: + - match: + service: backend + conf: + activeChecks: + interval: 10s + timeout: 2s + unhealthyThreshold: 3 + healthyThreshold: 1 + passiveChecks: + unhealthyThreshold: 3 + penaltyInterval: 5s +``` +to +```yaml +apiVersion: kuma.io/v1alpha1 +kind: HealthCheck +mesh: default +metadata: + namespace: default + name: web-to-backend-check +mesh: default +spec: + sources: + - match: + service: web + destinations: + - match: + service: backend + conf: + interval: 10s + timeout: 2s + unhealthyThreshold: 3 + healthyThreshold: 1 +``` + +### Suggested Upgrade Path on Kubernetes + +In the new Kuma version serivce tag format has been changed. Instead of `backend.kuma-demo.svc:5678` service tag will look like this `backend_kuma-demo_svc_5678`. This is a breaking change and Policies should be updated to be compatible with the new Kuma version. + +Please re-install Prometheus via `kubectl install metrics` and make sure that `skipMTLS` is set to `false` or omitted. +```yaml +apiVersion: kuma.io/v1alpha1 +kind: Mesh +metadata: + name: default +spec: + metrics: + enabledBackend: prometheus-1 + backends: + - name: prometheus-1 + type: prometheus + conf: + skipMTLS: false +``` + +### Suggested Upgrade Path on Universal + +Make sure that `skipMTLS` is set to `true`. + +```yaml +type: Mesh +name: default +metrics: + enabledBackend: prometheus-1 + backends: + - name: prometheus-1 + type: prometheus + conf: + skipMTLS: true +``` + + +## Upgrade to `0.5.0` +### Suggested Upgrade Path on Kubernetes + +#### Mesh resource format changes + +The Mesh resource format in Kubernetes changed from +```yaml +apiVersion: kuma.io/v1alpha1 +kind: Mesh +metadata: + name: default +spec: + mtls: + enabled: true + ca: + builtin: {} + metrics: + prometheus: {} + logging: + backends: + - name: file-1 + file: + path: /var/log/access.log + tracing: + backends: + - name: zipkin-1 + zipkin: + url: http://zipkin.local:9411/api/v1/spans +``` +to +```yaml +apiVersion: kuma.io/v1alpha1 +kind: Mesh +metadata: + name: default +spec: + mtls: + enabledBackend: ca-1 + backends: + - name: ca-1 + type: builtin + metrics: + enabledBackend: prom-1 + backends: + - name: prom-1 + type: prometheus + logging: + backends: + - name: file-1 + type: file + conf: + path: /var/log/access.log + tracing: + backends: + - name: zipkin-1 + type: zipkin + conf: + url: http://zipkin.local:9411/api/v1/spans +``` + +#### Removing `kuma-injector` + +Kuma 0.5.0 ships with `kuma-injector` embedded into the `kuma-cp`, which makes its previously created resources obsolete and potentially + can cause problems with the deployments. Before deploying the new version, it is strongly advised to run a cleanup script [kuma-0.5.0-k8s-remove_injector_resources.sh](tools/migrations/0.5.0/kuma-0.5.0-k8s-remove_injector_resources.sh). + + NOTE: if Kuma was deployed in a namespace other than `kuma-system`, please run `export KUMA_SYSTEM= backup.yaml + ``` + 2. Uninstall previous version of `Kuma Control Plane` + ```shell + # using previous version of `kumactl` + + kumactl install control-plane | kubectl delete -f - + ``` + 3. Install new version of `Kuma Control Plane` + ```shell + # using new version of `kumactl` + + kumactl install control-plane | kubectl apply -f - + ``` + 4. Re-apply `Kuma` resources back again + ```shell + kubectl apply -f backup.yaml + ``` + +### Suggested Upgrade Path on Universal + +* Those users who used `--dataplane-token-client-cert` and `--dataplane-token-client-key` command line options in the past will have to re-run + + ``` + kumactl config control-planes add + ``` + + this time with + + ```shell + --admin-client-cert --admin-client-cert --overwrite + ``` +* all components of `Kuma Control Plane` - `kuma-cp`, `kuma-dp`, `envoy` - have to be re-deployed