Releases: kumahq/kuma
2.7.2
Changelog
- fix(jobs): jobs termination after CP restart (#10085)
- fix(gatewayapi): validate presence of all required Gateway API resources (backport of #10079) (#10082)
- fix(gateway): handle implicit kuma.io/service in pod annotation (#10076)
- fix(transparent-proxy): stop logging all to stderr when installing tproxy (backport of #10045) (#10047)
2.7.1
Changelog
- chore(deps): upgrade Envoy to version 1.29.4 #10033 @lukidzi
- feat(k8s): opt-in to support tls for GAPI in all namespaces #10015 @jakubdyszkiewicz
- fix(helm): include GatewayClass only if installing a zone CP in Kubernetes mode #10012 @michaelbeaumont
2.7.0
LTS
Kuma 2.7.0 focuses on improving your experience with observability, debugging, and policy migration. This release introduces new features and tools to help you gain deeper insights into your service mesh and streamline the transition from legacy policies.
Notable Changes
Boosted observability
- Visual Clarity: The GUI now displays names, namespaces, and zones for policies and dataplanes, providing a clear understanding of resource placement in multi-zone environments.
- Builtin Gateway: The GUI offers a dedicated view of routes managed by your built-in gateway.
- Detailed Dataplane Insights: The dataplane view now displays policies applied to inbound and outbound traffic, simplifying proxy behavior comprehension.
- Production-Ready MeshMetric: MeshMetric is now generally available and supports OpenTelemetry data collection. It also introduces profiles to significantly reduce metric volume, lowering observability storage costs.
Gateway API integration
Our Gateway API integration now uses MeshHTTPRoute, enabling us to retire MeshGatewayRoute which will be deprecated and removed in the future. Additionally, we're thrilled to announce that our entire Gateway API integration, including GAMMA support, is now Generally Available (GA) and no longer considered experimental.
Smoother policy migration
The introduction of shadow policies and additions to "inspect" policies eases the migration process from legacy policies to the recommended targetRef
policies.
Upgrading
We strongly suggest upgrading to Kuma 2.7.0. Upgrading is straightforward through kumactl or Helm.
Be sure to carefully read the Upgrade Guide before upgrading Kuma.
Changelog
- chore(deps): bump Envoy from 1.28.0 to 1.29.3 #9134 #9222 #9600 #9853 @lukidzi
- chore(deps): bump Kong/public-shared-actions from 2.0.2 to 2.1.0 #9556 #9711 @dependabot
- chore(deps): bump actions/cache from 3 to 4.0.2 #9205 #9491 #9712 @dependabot
- chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 #9639 @dependabot
- chore(deps): bump actions/create-github-app-token from 1.8.0 to 1.9.3 #9416 #9490 #9772 #9873 @dependabot
- chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 #9306 @dependabot
- chore(deps): bump cirello.io/pglock from 1.14.1 to 1.14.2 #9562 @dependabot
- chore(deps): bump debian from
b16cef8
tob37bc25
#9139 #9304 #9642 #9900 @dependabot - chore(deps): bump distroless/base-nossl-debian11 from
61c9d7a
to4cba3ac
#9202 #9302 #9413 #9567 #9643 #9875 @dependabot - chore(deps): bump distroless/static-debian11 from
1e5b9bb
to459f8ab
#9203 #9303 #9414 #9566 #9644 #9874 @dependabot - chore(deps): bump github.com/cilium/ebpf from 0.12.3 to 0.14.0 #9313 #9401 #9771 @dependabot
- chore(deps): bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 #9649 @dependabot
- chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible #9678 @dependabot
- chore(deps): bump github.com/emicklei/go-restful/v3 from 3.11.2 to 3.12.0 #9400 #9650 @dependabot
- chore(deps): bump github.com/exaring/otelpgx from 0.5.3 to 0.5.4 #9312 @dependabot
- chore(deps): bump github.com/golang/protobuf from 1.5.3 to 1.5.4 #9561 @dependabot
- chore(deps): bump github.com/gruntwork-io/terratest from 0.46.11 to 0.46.13 #9716 @dependabot
- chore(deps): bump github.com/jackc/pgx/v5 from 5.5.2 to 5.5.5 #9143 #9493 #9560 @dependabot
- chore(deps): bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 #9564 #9646 #9715 @dependabot
- chore(deps): bump github.com/onsi/gomega from 1.31.1 to 1.32.0 #9651 @dependabot
- chore(deps): bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 #9467 @dependabot
- chore(deps): bump github.com/prometheus/client_model from 0.5.0 to 0.6.1 #9314 #9871 @dependabot
- chore(deps): bump github.com/prometheus/common from 0.46.0 to 0.52.2 #9309 #9465 #9563 #9714 #9870 @dependabot
- chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.7 to 2.2.0 #9868 @dependabot
- chore(deps): bump github.com/testcontainers/testcontainers-go from 0.27.0 to 0.30.0 #9310 #9558 #9867 @dependabot
- chore(deps): bump github.com/tonglil/opentelemetry-go-datadog-propagator from 0.1.1 to 0.1.2 #9466 @dependabot
- chore(deps): bump github/codeql-action from 3.23.2 to 3.24.10 #9142 #9307 #9415 #9489 #9641 #9710 #9872 @dependabot
- chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 #9399 @dependabot
- chore(deps): bump golang.org/x/net from 0.20.0 to 0.24.0 #9210 #9869 @dependabot
- chore(deps): bump golang.org/x/sys from 0.17.0 to 0.19.0 #9492 #9865 @dependabot
- chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 #9204 @dependabot
- chore(deps): bump gonum.org/v1/gonum from 0.14.0 to 0.15.0 #9648 @dependabot
- chore(deps): bump google.golang.org/grpc from 1.61.0 to 1.63.2 #9315 #9402 #9559 #9866 #9902 @dependabot
- chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.3 #9277 #9647 @dependabot
- chore(deps): bump iptables version #9200 @slonka
- chore(deps): bump kumahq/ubuntu-netools from
3f0fefb
to9eba4ba
#9898 @dependabot - chore(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.2 #9141 #9488 #9640 @dependabot
- chore(deps): bump postgres from
49c276f
to5b06192
#9116 #9130 #9162 #9241 #9256 #9278 #9292 #9358 #9390 #9444 ...
2.6.5
This is a patch release that every user should upgrade to.
This release addresses 2 CVEs:
Changelog
- chore(deps): security update #9820 @kumahq
- chore(deps): update Envoy to v1.28.2 #9843 #9848 @michaelbeaumont
2.5.7
This is a patch release that every user should upgrade to.
This release addresses 2 CVEs:
Changelog
- chore(deps): security update #9818 @kumahq
- chore(deps): update Envoy to v1.28.2 #9845 #9847 @michaelbeaumont
2.4.8
This is a patch release that every user should upgrade to.
This release addresses 2 CVEs:
Changelog
- Revert "feat(images/kuma-init): use iptables-wrapper to use correct iptables version (backport of #9701) (#9726)" #9757 @bartsmykla
- chore(deps): security update #9684 #9696 #9815 @kumahq
- chore(deps): update Envoy to v1.27.4 #9844 @michaelbeaumont
2.3.7
This is a patch release that every user should upgrade to.
This release addresses 2 CVEs:
Changelog
- Revert "feat(images/kuma-init): use iptables-wrapper to use correct iptables version (backport of #9701) (#9725)" #9758 @bartsmykla
- chore(deps): security update #9683 #9694 #9817 @kumahq
- chore(deps): update Envoy to v1.26.8 #9842 @michaelbeaumont
2.2.9
This is a patch release that every user should upgrade to.
This release addresses 2 CVEs:
Changelog
- Revert "feat(images/kuma-init): use iptables-wrapper to use correct iptables version (backport of #9701) (#9727)" #9759 @bartsmykla
- chore(deps): security update #9680 #9695 #9816 @kumahq
- chore(deps): update Envoy to v1.26.8 #9841 @michaelbeaumont