1.7.1

Changelog

Fixes

Gateway

• Nil pinter exception without any timeout (#4550)
• Use remote address for Gateway (#4538)

kumactl

• Update demo to latest version (#4587)

Control plane

• Grant delete Pods in kuma-system namespace to control plane (#4575)
• Don't fail generation if other mesh CAs are misconfigured (#4517)
• Don't override timeout values for ExternalServices (#4568)

Data plane proxy

• Access log path on windows when cp is on linux (#4518)

Helm

• Fix extraConfigMap and cp labels (#4541)

General

• Avoid -<arch> in version of the binaries (#4527)

1.7.0

Notable changes

🚀 Streamlined cross-mesh communication through Kuma’s builtin gateway. There’s a bit to unpack here – details are in the following section.
🚀 Support for ARM-based Linux and MacOS environments. You can continue to connect services across your environment with Kuma as you modernize onto microservices with ARM architectures.
🚀 Observability implementation in one command. You can instrument metrics, traces, and logs with a single [observability] command line tool.
🚀 Simplified application metrics collection. You can now enable metrics collection from your services without deploying Prometheus inside the mesh.
🚀 Graceful Data Plane Proxy shutdowns. You won’t see occasional data plane proxy error metrics from your services and DPPs as they spin down.
🚀 Multiple Helm refinements. You can now use Helm charts to customize image tags, expose the control plane’s metrics for self-deployed Prometheus scraping, and more.

Checkout the blog post about Kuma 1.7.0

Changelog

New features:

Cross Mesh Communication:

• add cross-mesh MeshGateway listeners #4274#4405 @michaelbeaumont

ContainerPatch:

• allow custom configuration of Kubernetes' kuma-init and kuma-sidecar containers by introducing ContainerPatch CRD #4280 #4362 / #4366 #4369 / #4370 @parkanzky, @bartsmykla

Observability:

• hijack application metrics to enable scraping metrics from mTLSed applications without prometheus in the mesh #4286 #4388/#4406 @lukidzi
• unified installation of metrics/logging/tracing into one command observability #4308 #4411/#4418 @lukidzi, @lahabana

ARM64 support:

• added arm build and release pipeline #4231 @lukidzi
• release for arm64 now publish correct arch image #4276 @lukidzi
• upgrade kubectl to version with ARM support #4180 @lukidzi
• support ARM Linux/Darwin for dev/tools #4199 @lukidzi
• introduced map of arch for a specific build #4321 @lukidzi
• do not exclude arm64 files from docker #4265 @lukidzi

Gateway:

• add GatewayClass.Spec.ParametersRef support #4157 @michaelbeaumont
• cp annotations from gateway to svc #4327 @johnharris85
• only reconcile Gateway when GatewayClass is Ready #4162 @michaelbeaumont
• auto generate hostname for crossMesh listeners #4421/#4424 @michaelbeaumont

Helm:

• set host network var in helm/cp-deployment.yaml #4209 @SallyBlichWalkMe
• add resource management for jobs #4254 @gdasson
• option for automountSAT=false on cp #4309 @gdasson
• helm chart improvements #4337 @bartsmykla

CP:

• experimental transparent proxy annotation #4240 @parkanzky
• graceful shutdown on Universal using HDS #4246 @jakubdyszkiewicz
• intercept signal for different platforms #4283 @jakubdyszkiewicz
• XDS config dump on Global CP #4301 @jakubdyszkiewicz
• validate DP compat on kuma backend #4236 @parkanzky

DP:

• graceful shutdown of kuma-dp #4229 @jakubdyszkiewicz

Fixes:

Gateway:

• use MeshGatewayInstance mesh annotation when matching #4361/#4371 @michaelbeaumont

Helm:

• remove replica from cp-deployment.yaml when autoscaling enabled #4447/#4454 @gustoliv

CP:

• fix '/config_dump' request if Global CP is on Kubernetes #4363/#4372 @lobkovilya
• add the latest version to compatibility matrix #4232 @parkanzky

DP:

• clarify error log message when kuma-dp is wrongly connecting to global-cp #4269 @slonka

Kumactl:

• fix transparent proxy --skip-conntrack-zone-split flag value #4334 @bartsmykla

Other notable changes:

Gateway:

• add /finalizers permission for OwnerReferencesPermissionEnforcement plugin #4239 @michaelbeaumont
• don't match on ALPN in gateway (#4198) #4272 @wjrbetts

Helm:

• delete 'kubernetes.io/arch' node selector #4335 @lobkovilya

CP:

• don't always recompute mesh contexts #4267 @michaelbeaumont
• don't run dataplane gc in global #4184 @lahabana
• graceful components #4277 @jakubdyszkiewicz
• memory store cannot delete a parent #4194 @jakubdyszkiewicz
• protocol check should be case-insensitive #4248 @lukidzi
• remove dns server from control plane #4192 @lahabana
• automatically detect dns lookup family for cp cluster #4275 @slonka

ZoneIngress:

• graceful start of many ZoneIngresses #4305 @jakubdyszkiewicz

ZoneEgress:

• resolve zone-ingress advertized address #4219 @lahabana
• do not change ip to ZoneEgress address #4193 @lukidzi

Kumactl:

• remove flag '--experimental-meshgateway' #4315 @lobkovilya

Timeout Policy:

• deprecate 'timeout.grpc' section #4365/#4449 @lobkovilya

Other:

• delete dns-server 5653 port from configuration and helm files #4339/#4345 @lobkovilya
• support kube-linter tools to analyze Kubernetes YAML files #4294 @mangoGoForward

Dependency upgrades:

• upgrade envoy to 1.22.1 #4288 #4464/#4465 @lobkovilya
• upgrade kuma-cni to 0.0.10 #4313 @lobkovilya
• upgrade tproxy iptables to v0.2.2 #4328 @bartsmykla
• upgrade GUI to the latest version #4316 #4338 #4389/#4390 @jakubdyszkiewicz, @lahabana, @bartsmykla
• upgrade protoc and regenerate files #4169 @lukidzi
• bump github.com/golang-migrate/migrate/v4 from 4.15.1 to 4.15.2 #4234 @dependabot
• bump github.com/gruntwork-io/terratest from 0.40.6 to 0.40.10 #4178 #4260 #4322 @dependabot
• bump github.com/lib/pq from 1.10.5 to 1.10.6 #4299 @dependabot
• bump github.com/miekg/dns from 1.1.48 to 1.1.49 #4291 @dependabot
• bump github.com/onsi/ginkgo/v2 from 2.1.3 to 2.1.4 #4233 @dependabot
• bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 #4290 @dependabot
• bump github.com/prometheus/common from 0.33.0 to 0.34.0 #4235 @dependabot
• bump github.com/spf13/viper from 1.10.0 to 1.11.0 #4177 @dependabot
• bump google.golang.org/grpc from 1.45.0 to 1.46.2 #4213 #4289 @dependabot
• bump k8s.io/apiextensions-apiserver from 0.23.5 to 0.24.0 #4216 @dependabot #4302/#4378
• bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.1 #4302/#4378 @dependabot

Other:

• automate policy generation #4197 @lobkovilya

1.6.1

Changelog

Fixes:

CP:

• do not change ip to ZoneEgress address (backport #4193) #4195
• memory store cannot delete a parent (backport #4194) #4196

Dependency upgrades:

• upgrade envoy to 1.21.3 #4457 @lobkovilya

1.5.2

This is a patch release that everyone should update to.
It includes an important security patch on Envoy.

Changelog

Dependency upgrades:

• upgrade envoy to 1.21.3 #4456 @lobkovilya

1.6.0

👉 Read the full announcement on the Kuma blog

We are happy to announce Kuma's latest release, which is packed with features and improvements.
We strongly suggest upgrading, in order to take advantage of the latest and greatest when it comes to service mesh.

Notable Features

• 🚀 We provide a preview of Kubernetes Gateway API (opens new window)support for our builtin gateway. This makes it easier than to provide a gateway to lead traffic through your mesh.
• 🚀 Full support for the "inspect API" on builtin gateway resources. This enables users to see which policies impact which gateway routes.
• 🚀 ZoneEgress received many improvements like: support for Standalone, locality aware routing on external services and support for FaultInjection and RateLimit policies on external services.
• 🚀 A preview of the completely rewritten transparent proxy, this aims to make transparent proxy more stable and provide us with pathways for further innovation.
• Many improvements to the Helm charts like: exposing the CP with an ingress, providing resource limits to components, and customizing image tags and security context.
• A new metric to see how long configuration changes take to propagate to data plane proxies.

And a lot more!

Also check the upgrade path.

Changelog

New features:

Gateway:

• release K8s GatewayAPI as preview 4072 4022 4045 4014 3956 @jakubdyszkiewicz,@michaelbeaumont
• use MeshGatewayInstance name for generated objects 4097 @michaelbeaumont

Inspect api:

• add gateways to policy inspect 4125 4104 4092 4088 4077 4064 4065 3973 3966 @michaelbeaumont

ZoneEgress:

• Make zoneegress available in standalone mode 4100 @lahabana
• added locality aware lb for external service 4048 @lukidzi
• make zoneegress routing opt-in 4109 4013 @lukidzi
• support RateLimit and FaultInjections 4000 @lobkovilya

Helm:

• Allow customization of image tags in Helm chart 4068 @gdasson
• Expose kuma-cp's metric port so it can be scraped by self-deployed prometheus. 4047 @jbehrends
• add resource limits option for control plane deployment 4049 @gdasson
• fail if global.image.tag and appVersion incompatible 4085 @michaelbeaumont
• set version to track appVersion 4083 @michaelbeaumont
• expose kuma-cp gui through ingress 4101 @lukidzi
• allow specifying security context 4153 @gdasson @bartsmykla

Other:

• feat(k8s): ability to set custom service account token volume 4036 @johnharris85
• feat(k8s): shutdown kuma-dp container for any owner kind 4079 @lukidzi
• feat(k8s): support startupProbes 4090 @lahabana
• feat(kuma-cp): add uptime, policies, gateway dps to reports 3933 @parkanzky
• feat(kuma-cp): add metrics and timeouts to CA interface 4089 @parkanzky
• feat(kumactl): add --values and --set to kumactl install control-plane 4086 @lahabana
• feat(transparent-proxy): add experimental tproxy iptables generation 4114 @bartsmykla

Dependency upgrades:

• bump alpine from 3.15.0 to 3.15.2 in /tools/releases/dockerfiles 4060 4023 @dependabot
• bump github.com/envoyproxy/protoc-gen-validate from 0.6.3 to 0.6.7 3978 3976 @dependabot
• bump github.com/go-logr/logr from 1.2.2 to 1.2.3 4040 @dependabot
• bump github.com/golang-jwt/jwt/v4 from 4.3.0 to 4.4.1 4061 4025 @dependabot
• bump github.com/k8s/* from 0.23.4 to 0.23.5 4043 @lahabana
• bump github.com/miekg/dns from 1.1.46 to 1.1.47 3998 @dependabot
• bump github.com/onsi/gomega from 1.18.1 to 1.19.0 4062 @dependabot
• bump github.com/spf13/cobra from 1.3.0 to 1.4.0 3995 @dependabot
• bump go.uber.org/multierr from 1.7.0 to 1.8.0 3974 @dependabot
• bump google.golang.org/grpc from 1.44.0 to 1.45.0 3993 @dependabot
• bump google.golang.org/protobuf from 1.27.1 to 1.28.0 4046 @dependabot
• bump helm.sh/helm/v3 from 3.8.0 to 3.8.1 3994 @dependabot
• bump sigs.k8s.io/gateway-api from 0.4.1 to 0.4.2 3997 @dependabot
• remove dependency on spire 4044 @lahabana

Other notable changes:

• chore(k8s): replace cni registry 4070 @lobkovilya
• chore(k8s): use appProtocol from service by default 4015 @jakubdyszkiewicz
• chore(kuma-dp): cleanup bootstrap version field 3670 @tharun208
• fix(gateway): fix status updating in MeshGatewayInstance reconciliation 4051 @michaelbeaumont
• fix(gateway): gateway instance service reconciliation loops forever 4035 @jakubdyszkiewicz
• fix(gateway): gateway reconciliation loops forever 4034 @jakubdyszkiewicz
• fix(gateway): gateway tls listeners without hostnames 4093 @jakubdyszkiewicz
• fix(gateway): ignore non TCP protocol for provided gateway 4067 @lahabana
• fix(gateway): mesh gateway instance service target port 4071 @jakubdyszkiewicz
• fix(gateway): skip creating MeshGateways without proper attachment 4011 @jakubdyszkiewicz
• fix(helm): add prefix to app label in ingress/egress deployment 4123 @lahabana
• fix(helm): fix other template prefix in ingress/egress 4124 @lahabana
• fix(helm): remove wildcard rbac version 4148 @johnharris85
• fix(k8s): reconcile serviceMaps when using mesh namespace annotation 3815 @lahabana
• fix(kuma-cp): avoid generating excessive envoy clusters 3984 @lobkovilya
• fix(kuma-cp): default policy creation 4073 @lobkovilya
• fix(kuma-cp): guard the nil version in metadata 3969 @jakubdyszkiewicz
• fix(kuma-cp): provide better message when running with an in-memory database 3982 @lukidzi
• fix(kuma-dp): better error message when the token is invalid 3961 @lahabana
• fix(kumactl): add mesh flag to only commands that uses it 3788 @tharun208
• fix(kumactl): split yaml correctly in kumactl apply 4107 @lahabana
• fix(proxytemplate): avoid validation error 3937 @marcoferrer
• fix(proxytemplate): execute hooks before proxy template modifications 4055 @jakubdyszkiewicz
• perf(k8s): move outbounds from Dataplane to Config 3986 @jakubdyszkiewicz

1.5.1

This is a patch release that everyone should update.
It includes fixes to important issues in Kuma 1.5.0,

Changelog

• chore(k8s): replace cni registry (backport #4070) 4076
• fix(kuma-cp): default policy creation (backport #4073) 4080
• fix(kuma-cp): guard the nil version in metadata (backport #3969) 3970

1.5.0

👉 Read the full announcement on the Kuma blog

We are happy to announce Kuma's first release in 2022, which is packed with features and improvements, including substantial performance improvements when running at scale.
We strongly suggest to upgrade, in order to take advantage of the latest and greatest when it comes to service mesh.

Notable Features

• 🚀 A new Zone Egress resource to create a single egress point from a Zone, that goes in hand with the pre-existing Kuma Ingress. This new features has been added in addition to the pre-existing egress behavior, which means that Kuma now allows to configure two egress modes: centralized via Zone Egress, or decentralized from the sidecars.
• 🚀 A new builtin gateway mode in addition to delegated mode. Kuma now ships with an Envoy-based gateway implementation to expose services from within the service mesh to the outside world - or to other meshes - using an Envoy based ingress. This is currently a preview and can be enabled by starting the control-plane with --experimental-meshgateway.
• 🚀 This new version ships with a 90% decrease in memory consumption when running Kuma at scale, as part of our ongoing effort to make Kuma the fastest service mesh in the world.
• New troubleshooting tooling in the CLI and GUI to help identify issues faster.
• A new Mesh membership capability that determines, top-down, what DPPs should be part of a Mesh (in addition to the bottom-up membership mode that is already supported, where a DPP can choose what Mesh it belongs to).
• Helm chart improvements to provide custom imagePullSecrets.
• Updated Envoy proxy to v1.21.1.

Also check the upgrade path.

Changelog

• feat(*): zone egress #3809 #3757

• feat(kuma-cp) data plane proxy membership #3619

• feat(kuma-cp): reachable services in transparent proxying #3791

• feat(inspect-api): retrieve full XDS config #3768

• feat(*): inspect api support #3805 #3568 #3462

• feat(kuma-cp): add proxytemplate to matched policies for inspect poli… #3786 👍contributed by @tharun208

• feat(kuma-cp): enable traffic route for inspect endpoints #3735 👍contributed by @tharun208

• feat(*): move adminPort to DPP resource #3739

• feat(helm): add imagePullSecrets support #3755 👍contributed by @johnharris85

• feat(*): enable Gateway with runtime flag #3736

• feat(kumactl): add --api-timeout flag #3723

• feat: allow for ca/identity secrets for every mesh #3696

• feat(kuma-cp): allow extra cm in kuma cp chart #3671 👍contributed by @wjrbetts

• feat(kuma-cp): add gui link in index api response #3675 👍contributed by @tharun208

• feat(*): allow ca.crt to be in separate k8s secret #3638

• feat(kumactl): add type of logging and tracing backends with name in table output #3636 👍contributed by @tharun208

• feat(kuma-cp): enable client side gRPC keepalive #3574

• feat(gui): new onboarding view kumahq/kuma-gui#194

• feat(gui): link to documentation from policy view kumahq/kuma-gui#289

• fix(kuma-cp): do not update unchanged insights #3819

• fix(*): do not annotate gateway services with ingress upstream #3816

• fix(*): properly escape DB password when creating postgres connection string #3804

• fix(kuma-cp): fix missing label sidecar injection #3740

• fix(kuma-dp): fix conntrack collisions #3459 👍contributed by @johnharris85

• fix(conf): remove invalid health check fields from example #3697 👍contributed by @tharun208

• fix(kuma-dp): binary lookup function skips not available directories #3667

• fix(k8s): make sure controllers start after leader election #3666

• fix(build): fix gomega matchers for inspect resources command test #3660 #3651 👍contributed by @tharun208

• fix(kumactl): ignore any unregistered CRDs, not only from the root chart #3643

• fix(kumactl): print meta before spec for Kuma resources #3637

• fix(kuma-cp): add cp selector to global sync service #3579

• fix(kuma-cp) do not override other dataplane with dp lifecycle #3507

• fix(helm) Add support to customize nodeport #1944 👍contributed by @bhiravabhatla

• perf(kuma-cp): use mesh snapshot in proxy builder #3700

• perf(kuma-cp): use mesh snapshot in gateway #3710

• perf(kuma-cp): share mesh context #3659

• improvement(metadata): include name of annotation to parse error message #3677 👍contributed by @ChinYing-Li

• refactor(insights): delete method GetLatestSubscription for insights #3656 👍contributed by @tharun208

• refactor(kuma-cp): unify mesh determination for k8s objects #3708

• refactor(*): replace ensureDefaultXXX functions with a single generic function #3662 👍contributed by @tharun208

• chore(zone-ingress): delete deprecated env KUMA_DATAPLANE_ADMIN_PORT #3766

• chore(k8s): remove GetBool method and use GetEnabled #3698 👍contributed by @tharun208

• chore(*): generate CRD types #3453

• chore(dataplane)!: disallow using 0.0.0.0 in networking.address for dp #3691

• chore(kuma-cp): consolidate mesh defaults creation #3678

• chore(config): remove ability to disable insights #3501

• chore(*): remove old Ingress #3435

• chore(*): upgrade Envoy to v1.21.1 #3909

• chore(grafana): update to latest grafana plugin version #3812

• ci(*): release on every commit in master and release branches #3712

1.4.1

👉 Read the full announcement on the Kuma blog

We are happy to announce a new release of Kuma! Kuma 1.4.1 is a new n release that ships with 25+ new features and significant performance improvements at scale. We strongly suggest to upgrade, in order to take advantage of the latest and greatest when it comes to service mesh.

Notable Features:

• 🚀 Performance continues to be significantly improved. We’ve streamlined some JSON marshalling, which cuts memory consumption in half.
• 🚀 Authentication tokens are now simpler to manage.
• 🚀 Kubernetes Pods are automatically tagged to identify the Pod’s namespace, so you can easily build policies around the Pod.

And much more!

Also check the upgrade path.

Changelog

• feat: add kubernetes tags automatically #3439
• perf: update Mesh and ServiceInsights only when really needed #3463
• perf: eliminate uneccessary JSON marshalling #3483
• feat: sidecar injection webhook based on labels #3417
• chore: upgrade gui to new version #3454
• test: fix postgress tests permissions #3443
• feat: add affinity to CP and Ingress pods #3036
  👍contributed by @andrey-dubnik
• chore: bump github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.2.0 #3432
• feat: consolidate tokens logic to support expiration, rotation, revocation and RSA256 #3376
• fix: simplify cluster creation with endpoints #3403
• fix: enable metrics hijacker for current version of Kuma #3405
• fix: switch to mTLS when CP communicates with Envoy Admin #3353
• chore: bump github.com/spiffe/spire from 0.12.3 to 1.1.1 #3388
• chore: bump github.com/spf13/viper from 1.8.1 to 1.9.0 #3389
• fix: validate cp url in dp conf #3357
• chore: send reports to tls endpoint #3361
• chore: check explicit service account name #3228
• feat: inspect other dependencies versions #3352
• chore: add area/gateway label #3263
• chore: remove dp token from xds metadata #3282
• refactor: move from io/ioutil to io and os packages #3265
  👍contributed by @Juneezee
• fix: validate newly generated xDS snapshots #3195
• chore: bump k8s.io/apiextensions-apiserver from 0.22.3 to 0.22.4 #3218
• chore: bump helm chart version to 0.8 #3202

1.4.0

👉 Read the full announcement on the Kuma blog

We are happy to announce a new release of Kuma! Kuma 1.4.1 ships with new features, more performance improvements, and bug fixes. We strongly suggest to upgrade, in order to take advantage of the latest and greatest when it comes to service mesh.

Notable Features:

• 🚀 Performance is significantly improved, with ability to load 2x more data plane proxies, and less CPU consumption.
• 🚀 The number of Postgres connections is now limited to 50 by default. The default value was previously unlimited; you can still configure the limit if needed.
• 🚀 You can now disable zones as needed.
• 🚀 You can now select a specific zone in the "Kuma Service" dashboard and in the "Service to Service" dashboard.
• Internal DNS now properly resolves AAAA records.
• Improvements to the GUI and its sidebar menu.

And much more!

Also check the upgrade path.

Changelog

• chore(*) scripts for build, publish and fetch Envoy binaries #3110 #3182
• chore(kuma-cp) upgrade gui to new version #3178 #3179
• chore(kuma-cp) Use go structs instead of gotemplate for bootstrap #3156 #3173
• chore(deps): bump github.com/slok/go-http-metrics from 0.9.0 to 0.10.0 #3170
• Disable reporting by default #3070 #3159
• chore(kumactl) remove install CRDs filter function #3139
• feat(kuma-dp) Add conf to disable service vip #3143
• chore(kuma-cp) update some TODO comments #3141
• feat(kuma-cp) Add kuma.io/ignore annotation #3142
• fix(kuma-dp) match gateway cluster names in the hijacker #3106
• feat: add ECDSA certificate generator support #3093
• feat: add more global resources to GlobalInsights #3094
• feat: allow creating secrets for the not yet existing mesh #3076
  👍contributed by cloudwiz
• feat: don't add v6 in DNS when v6 is disabled #3089
• fix: explicitly disable dns in env when disabled in injector #3077
• feat: added support for https tracing endpoint #3057
  👍contributed by sudeeptoroy
• fix: normalize generating TLS certificates #3027
• fix: zero downtime when enabling permissive mTLS #3019
• feat: add deprecation notice for kuma-prometheus-sd #2994
• feat: add GlobalInsights api endpoint #3018
• fix: duplicate TLS certificate usage #3008
• chore: add command argument count parameters #3010
• feat: aggregate dp stats by type in MeshInsight #2999
• chore: delete CLI flag '--bootstrap-version' #2965
• feat: show the effective Dataplane address #2977
• feat: aggregate services in MeshInsight #2974
• fix: allow only one healthcheck #2972
• feat: give CA managers all backends at once #2956
• chore: normalize timeout configurer API #2934
• fix: locality-aware lb for external-services #2903
• feat: add install control-plane --version flag for all components #2904
• feat: add zone selector to Kuma Mesh dashboard #2860
• fix: possible to delete resources on Zone CP #2665
• fix: make cluster names contextually unique #3098
• feat: automatically enable gzip content on gateways #3104
• feat: add Gateway TLS termination support #3044
• feat: add gateway support for external services #2990
• fix: enable secrets support for Gateway resources #2953
• feat: initial connection policy support for Gateway #2933
• feat: add access to generate zone ingress token #3075
• feat: user token with RSA256 #2992
• feat: prefix system users and groups with mesh-system #3013
• feat: localhost is not an admin on kubernetes #3003
• feat: user token enabled by default #2941
• feat: Admin User Token bootstrap #2923
• chore: refactor access control for individual access #2983
• feat: support plugin based authentication including user tokens #2895
• feat: User Token for API Server authentication #2892
• chore: refactor authz and authn to plugins #2837
• chore(kuma-cp) upgrade gui to new version #3148
• chore(*) upgrade to Go 1.17.3 #3147
• chore(deps): bump github.com/operator-framework/operator-lib #3158
• chore(deps): bump github.com/gruntwork-io/terratest #3130
• chore: update helm and controller-runtime #2764
• chore: bump github.com/lib/pq from 1.10.3 to 1.10.4 #3131
• chore: bump google.golang.org/grpc from 1.41.0 to 1.42.0 #3101
• chore: bump github.com/prometheus/common from 0.31.1 to 0.32.1 #3006
• chore: bump github.com/envoyproxy/protoc-gen-validate #3007
• chore: bump github.com/google/uuid from 1.2.0 to 1.3.0 #2839
• chore: bump sigs.k8s.io/controller-runtime from 0.10.2 to 0.10.3 #3132
• chore: bump k8s.io/client-go from 0.22.2 to 0.22.3 #3061
• chore: bump k8s.io/apiextensions-apiserver from 0.22.2 to 0.22.3 #3059
• chore: bump k8s.io/api from 0.22.2 to 0.22.3 #3058
• chore: bump github.com/golang-migrate/migrate/v4 #2970
• chore: bump helm.sh/helm/v3 from 3.6.1 to 3.7.1 #2968
• chore: bump github.com/miekg/dns from 1.0.14 to 1.1.43 in /pkg/transparentproxy/istio #2752

1.3.1

👉 Read the full announcement on the Kuma blog

We are happy to announce a new release of Kuma! Kuma 1.3.1 ships with new features, performance improvements, and bug fixes. We strongly suggest to upgrade, in order to take advantage of the latest and greatest when it comes to service mesh.

Improvements in 1.3.1:

• 🚀 You can now disable zones as needed.
• 🚀 You can now select a specific zone in the Kuma Service dashboard and in the Service to Service dashboard.
• 🚀 The number of Postgres connections is now limited to 50 by default. The default value was previously unlimited; you can still configure the limit if needed.
• Performance is significantly improved.
• Internal DNS now properly resolves AAAA records.

And much more!

Also check the upgrade path.

Changelog

• fix: disable zone #2884
• fix: limit number of postgres connection by default #2866
• feat: add zone selector to Kuma Service to Service dashboard #2876
• feat: add zone selector to Kuma Service dashboard #2865
• feat: add zone selector to Kuma Dataplane dashboard #2864
• fix: fix duplicates in dataplane list in Kuma Services dashboard #2845
• chore: migrate install resources from rbac API v1beta1 to v1 #2875
• fix: fault injection matching #2757
• fix: delete kuma.io/region and kuma.io/sub-zone #2824
• feat: print control plane version with version cmd #2834
• fix: Only warn about version compatibility where it makes sense #2828
• perf: remove insight update rate limit burst #2825
• perf: apply ratelimit to service insights #2815
• feat: adds support for specifying specific IP for cloud provider load balancers for ingress service #2779
  👍contributed by @jamesdbloom
• fix: send tool output to stdout #2787
• fix: switch to a Kuma fork of go-control-plane #2771
• chore: parametrize label on the deployment #2765
• perf: set Node only on first DiscoveryRequest #2741
• feat: verify ServiceAccountToken bound to a Pod #2745
• feat: internal dns should resolve AAAA records #2760
• fix: Add FORMERR and NOTIMP in alternate default coredns conf #2756
• fix: virtual probes with query #2706
• fix: Avoid calling Send() from different goroutines #2573
• feat: automatically set proxy concurrency #2691
• feat: Improve builtin grafana setup to have traces and logs linked #2716
• fix: Show gateway services in service-insights #2711
• fix: Correct bad merging of duration #2700
• fix: Ensure outbounds are set when migrating from old to new #2698
• fix: get rid of regex for parsing IPs #2681
• feat: add CP config to ZoneInsights #2661
• feat: generate GatewayRoute clusters #2819
• feat: add GatewayRoute route generation #2782
• feat: match gateway routes #2758
• feat: initial gateway TrafficRoute support #2547
• feat: add a GatewayRoute resource #2591
• chore: update base image for kuma-dp #2881
• chore: change Go JWT version to fix security vunerability #2844
• chore: bump go.uber.org/zap from 1.17.0 to 1.19.1 #2768
• chore: bump google.golang.org/grpc from 1.38.0 to 1.40.0 #2737
• chore: bump github.com/miekg/dns from 1.1.42 to 1.1.43 #2769
• chore: upgrade github.com/spf13/cobra #2732
• chore: bump alpine in /tools/releases/dockerfiles #2705
• chore: bump github.com/onsi/gomega from 1.13.0 to 1.16.0 #2657
• chore: update envoy to 1.18.4 #2667