0.5.0

We are happy to announce the release of Kuma 0.5! We are particularly proud for this release since it introduces about 30 new features and many improvements and - as usual - every Kuma improvement is always available on both Kubernetes and Universal (VMs) modes.

This version of Kuma also ships with a new logo for the project!

Notable Features:

• Support for multiple mTLS backends with automatic certificate rotation.
• A new FaultInjection policy.
• Significant improvements in the GUI including more scalable tables and wizards.
• Updated support to latest Kubernetes (v1.18) and Envoy (v1.14.1) versions.
• Official OpenShift 3.x and 4.x (via CNI) and Amazon Linux distributions.

For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

Download and Run:

• Try Kuma 0.5.0

0.4.0

We are happy to announce the release of Kuma 0.4! This is a major release focused on significantly better observability capabilities that also includes many new features and improvements across the board.

Notable Features:

• A new TrafficTrace policy that allows users to configure tracing on L7 HTTP traffic
• Three official Grafana dashboards to visualize traffic metrics collected by Prometheus
• For Kubernetes, a new selective sidecar injection capability
• For Universal deployments, a new data plane format to better support gateway use cases
• A new protocol tag to support different L7 protocols

For a complete list of features and updates, take a look at the full changelog. Also check the upgrade path.

Download and Run:

• Try Kuma 0.4.0

0.3.2

A new Kuma release that brings in many highly-requested features:

• support for ingress traffic into the service mesh - it is now possible to re-use
  existing, feature-rich API Gateway solutions at the front doors of
  your service mesh.
  E.g., check out our instructions how to leverage Kuma and Kong together. Or, if you're a hands-on kind of person, play with our demos for kubernetes and universal.
• access to Prometheus metrics collected by individual dataplanes (Envoys) -
  as a user, you only need to enable Prometheus metrics as part of your Mesh policy,
  and that's it - every dataplane (Envoy) will automatically make its metrics available for scraping. Read more about it in the docs.
• native integration with Prometheus auto-discovery - be it kubernetes or universal (😮), Prometheus will automatically find all dataplanes in your mesh and scrape metrics out of them. Sounds interesting? See our docs and play with our demos for kubernetes and universal.
• brand new Kuma GUI - following the very first preview release, Kuma GUI have been significantly overhauled to include more features, like support for every Kuma policy. Read more about it in the docs, see it live as part of our demos for kubernetes and universal.

Download Kuma 0.3.2 and run it now:

• https://kuma.io/install/0.3.2/

CHANGELOG:

Changes:

• feature: enable proxying of Kuma REST API via Kuma GUI
  #542
• feature: add a brand new version of Kuma GUI
  #538
• feature: add support for MonitoringAssignments with arbitrary Target labels (rather than only __address__) to kuma-prometheus-sd
  #540
• feature: on kuma-prometheus-sd start-up, check write permissions on the output dir
  #539
• feature: implement MADS xDS client and integrate kuma-prometheus-sd with Prometheus via file_sd discovery
  #537
• feature: add configuration options to kuma-prometheus-sd run
  #536
• feature: add kuma-prometheus-sd binary
  #535
• feature: advertise MonitoringAssignment server via API Catalog
  #534
• feature: generate MonitoringAssignment for each Dataplane in a Mesh
  #532
• feature: add a Monitoring Assignment Discovery Service (MADS) server
  #531
• feature: add a generic watchdog for xDS streams
  #530
• feature: add a generic versioner for xDS Snapshots
  #529
• feature: add a custom version of SnapshotCache that supports arbitrary xDS resources
  #528
• feature: add proto definition for Monitoring Assignment Discovery Service (MADS)
  #525
• feature: enable Envoy Admin API by default with an option to opt out
  #523
• feature: add integration with Prometheus on K8S
  #524
• feature: redirect requests to /api path on GUI server to API Server
  #520
• feature: generate Envoy configuration that exposes Prometheus metrics
  #510
• feature: make port of Envoy Admin API available to Envoy config generators
  #508
• feature: add option to run dataplane as a gateway without inbounds
  #503
• feature: add METRICS column to the table output of kumactl get meshes to make it visible whether Prometheus settings have been configured
  #502
• feature: automatically set default values for Prometheus settings in the Mesh resource
  #501
• feature: add proto definitions for metrics that should be collected and exposed by dataplanes
  #500
• chore: encapsulate proxy init into kuma-init container
  #495
• feature: display CA type in kumactl get meshes
  #494
• chore: update Envoy to v1.12.2
  #493

Breaking changes:

• ⚠️ An --dataplane-init-version argument was removed. Init container was changed to kuma-init which version is in sync with the rest of the Kuma containers.

0.3.1

Download Kuma 0.3.1 and run it now:

• https://kuma.io/install/0.3.1/

CHANGELOG:

Changes:

• feature: added Kuma UI
  #461
• feature: support TLS in Postgres-based storage backend
  #472
• feature: prevent removal of a signing certificate from a "provided" CA in use
  #490
• feature: validate consistency of changes to "provided" CA on k8s
  #485
• feature: validate consistency of changes to "provided" CA on universal
  #475
• feature: add kumactl manage ca commands to support "provided" CA
  #474
  ⚠️ warning: api breaking change
• feature: include health checks into generated Envoy configuration (#483)
  #483
• feature: pick a single the most specific HealthCheck for every service reachable from a given Dataplane
  #481
• feature: add REST API for managing "provided" CA
  #473
• feature: reuse policy matching logic for TrafficLog resource
  #482
  ⚠️ warning: backwards-incompatible change of behaviour
• feature: refactor policy matching logic into reusable function
  #479
• feature: add kumactl get healthchecks command
  #477
• feature: validate HealthCheck resource
  #476
• feature: add HealthCheck CRD on kubernetes
  #471
• feature: add HealthCheck to core model
  #470
• feature: add proto definition for HealthCheck resource
  #446
• feature: ground work for "provided" CA support
  #467
• feature: remove "namespace" from core model
  #458
  ⚠️ warning: api breaking change
• feature: expose effective configuration of kuma-cp as part of REST API
  #454
• feature: improve error messages in kumactl config control-planes add
  #455
• feature: delete resource operation should return 404 if resource is not found
  #450
• feature: autoconfigure bootstrap server on kuma-cp startup
  #449
• feature: update envoy to v1.12.1
  #448

Breaking changes:

• ⚠️ a few arguments of kumactl config control-planes add have been renamed: --dataplane-token-client-cert => --admin-client-cert and --dataplane-token-client-key => --admin-client-key
  474
• ⚠️ instead of applying all matching TrafficLog policies to a given outbound interface of a Dataplane, only a single the most specific TrafficLog policy is now applied
  #482
• ⚠️ Mesh CRD on Kubernetes is now Cluster-scoped
  #458

0.3.0

Download Kuma 0.3.0 and run it now:

• https://kuma.io/install/0.3.0/

CHANGELOG:

Changes:

• fix: fixed discrepancy between ProxyTemplate documentation and actual implementation
  #422
• chore: dropped support for Mesh-wide logging settings
  #438
  ⚠️ warning: api breaking change
• feature: validate ProxyTemplate resource on CREATE/UPDATE in universal mode
  #431
  ⚠️ warning: api breaking change
• feature: add kumactl generate tls-certificate command
  #437
• feature: validate TrafficLog resource on CREATE/UPDATE in universal mode
  #435
• feature: validate TrafficPermission resource on CREATE/UPDATE in universal mode
  #436
• feature: dropped support for multiple rules per single TrafficPermission resource
  #434
  ⚠️ warning: api breaking change
• feature: added configuration for Kuma UI
  #428
• feature: included Kuma UI into kuma-cp
  #410
• feature: dropped support for multiple rules per single TrafficLog resource
  #433
  ⚠️ warning: api breaking change
• feature: validate Mesh resource on CREATE/UPDATE in universal mode
  #430
• feature: kumactl commands now do custom formating of errors returned by the Kuma REST API
  #411
• feature: tcp_proxy configuration now routes to a list of weighted clusters according to TrafficRoute
  #423
• feature: included tags of a dataplane into ClusterLoadAssignment
  #422
• feature: validate Kuma CRDs on Kubernetes
  #401
• feature: improved feedback given to a user when kuma-dp run is configured with an invalid dataplane token
  #418
• release: included Docker image with kumactl into release build
  #425
• feature: support enabling/disabling DataplaneToken server via a configuration flag
  #415
• feature: pick a single the most specific TrafficRoute for every outbound interface of a Dataplane
  #421
• feature: validate TrafficRoute resource on CREATE/UPDATE in universal mode
  #424
• feature: kumactl apply can now download a resource from URL
  #402
• chore: migrated to the latest version of go-control-plane
  #419
• feature: added kumactl get traffic-routes command
  #400
• feature: added TrafficRoute CRD on Kubernetes
  #398
• feature: added TrafficRoute resource to core model
  #397
• feature: added support for CORS to Kuma REST API
  #412
• feature: validate Dataplane resource on CREATE/UPDATE in universal mode
  #388
• feature: added support for client certificate-based authentication to kumactl generate dataplane-token command
  #372
• feature: added --overwrite flag to the kumactl config control-planes add command
  #381
  👍contributed by @Gabitchov
• feature: added MESH column into the output of kumactl get proxytemplates
  #399
  👍contributed by @programmer04
• feature: kuma-dp run is now configured with a URL of the API server instead of a former URL of the boostrap config server
  #417
  ⚠️ warning: interface breaking change
• feature: added a REST endpoint to advertize location of various sub-components of the control plane
  #369
• feature: added protobuf descriptor for TrafficRoute resource
  #396
• fix: added reconciliation on Dataplane delete to handle a case where a user manually deletes Dataplane on Kubernetes
  #392
• feature: Kuma REST API on Kubernetes is now restricted to READ operations only
  #377
  👍contributed by @sterchelen
• fix: ignored errors in unit tests
  #376
  👍contributed by @alrs
• feature: JSON output of kumactl is now pretty-printed
  #360
  👍contributed by @sterchelen
• feature: DataplaneToken server is now exposed for remote access over HTTPS with mandatory client certificate-based authentication
  #349
• feature: kuma-dp now passes a path to a file with a dataplane token as an argumenent for bootstrap config API
  #348
• feature: added support for mTLS on Kubernetes v1.13+
  #356
• feature: added kumactl delete command
  #343
  👍contributed by @pradeepmurugesan
• feature: added kumactl gerenerate dataplane-token command
  #342
• feature: added a DataplaneToken server to support dataplane authentication in universal mode
  #342
• feature: on removal of a Mesh remove all policies defined in it
  #332
• docs: documented release process
  #341
• docs: DEVELOPER.md was brought up to date
  #346
• docs: added instructions how to deploy kuma-demo on Kubernetes
  #347

Community contributions from:

• 👍@pradeepmurugesan
• 👍@alrs
• 👍@sterchelen
• 👍@programmer04
• 👍@Gabitchov

Breaking changes:

• ⚠️ fixed discrepancy between ProxyTemplate documentation and actual implementation
  #422
• ⚠️ selectors in ProxyTemplate now always require service tag
  #431
• ⚠️ dropped support for Mesh-wide logging settings
  #438
• ⚠️ dropped support for multiple rules per single TrafficPermission resource
  #434
• ⚠️ dropped support for multiple rules per single TrafficLog resource
  #433
• ⚠️ value of --cp-address parameter in kuma-dp run is now a URL of the API server instead of a former URL of the boostrap config server
  #417

0.2.2

Download Kuma 0.2.2 and run it now:

• https://kuma.io/install/0.2.2/

CHANGELOG:

Changes:

• Draining time is now configurable
  #310
• Validation that Control Plane is running when adding it with kumactl
  #181
• Upgraded version of go-control-plane
• Upgraded version of Envoy to 1.11.2
• Connection timeout to ADS server is now configurable (part of envoy bootstrap config)
  #340

Fixed issues:

• Cluster never went out warming state
  #331
• SDS server didn't handle requests with empty resources list
  #337

0.2.1

Download Kuma 0.2.1 and run it now:

• https://kuma.io/install/0.2.1/

CHANGELOG:

Fixed issues:

• Issue with Access Log Server (integrated into kuma-dp) on k8s:
  kuma-cp was configuring Envoy to use a Unix socket other than
  kuma-dp was actually listening on
  #307

0.2.0

Download Kuma 0.2.0 and run it now:

• https://kuma.io/install/0.2.0/

CHANGELOG:

• Fix an issue with Access Log Server (integrated into kuma-dp) on Kubernetes
  by replacing Google gRPC client with Envoy gRPC client
  #306
• Settings of a kuma-sidecar container, such as ReadinessProbe, LivenessProbe and Resources,
  are now configurable
  #304
• Added support for TCP logging backends, such as ELK and Splunk
  #300
• Builtin CA on Kubernetes is now (re-)generated by a Controller
  #299
• Default Mesh on Kubernetes is now (re-)generated by a Controller
  #298
• Added Kubernetes Admission WebHook to apply defaults to Mesh resources
  #297
• Upgraded version of kubernetes-sigs/controller-runtime dependency
  #293
• Added a concept of RuntimePlugin to kuma-cp
  #296
• Updated LDS to configure access_loggers on outbound listeners
  according to TrafficLog resources
  #276
• Changed default locations where kuma-dp is looking for envoy binary
  #268
• Added model for TrafficLog resource with File as a logging backend
  #266
• Added kumactl install database-schema command to generate DB schema
  used by kuma-cp on universal environment
  #236
• Automated release of Docker images
  #265
• Changed default location where auto-generated Envoy bootstrap configuration is saved to
  #261
• Added support for multiple kuma-dp instances on a single Linux machine
  #260
• Automated release of *.tar artifacts
  #250

0.1.2

Download Kuma 0.1.2 and run it now:

• https://kuma.io/install/0.1.2/

CHANGELOG:

• Upgraded version of Go to address CVE-2019-14809. #248
• Improved support for mTLS on kubernetes. #238

0.1.1

Download Kuma 0.1.1 and run it now:

• https://kuma.io/install/0.1.1/

CHANGELOG:

• Bugfix in the distribution process that caused kumactl install control-plane to not work properly.