From c99fd35637be003133aa7a651c2c1a80c901253f Mon Sep 17 00:00:00 2001 From: "kumahq[bot]" <110050114+kumahq[bot]@users.noreply.github.com> Date: Wed, 15 Jan 2025 15:00:15 +0000 Subject: [PATCH] chore(deps): update docs from repo source Signed-off-by: kumahq[bot] <110050114+kumahq[bot]@users.noreply.github.com> --- .../dev/raw/crds/kuma.io_circuitbreakers.yaml | 2 +- .../raw/crds/kuma.io_containerpatches.yaml | 2 +- .../raw/crds/kuma.io_dataplaneinsights.yaml | 2 +- .../mesh/dev/raw/crds/kuma.io_dataplanes.yaml | 2 +- .../raw/crds/kuma.io_externalservices.yaml | 2 +- .../dev/raw/crds/kuma.io_faultinjections.yaml | 2 +- .../dev/raw/crds/kuma.io_healthchecks.yaml | 2 +- .../raw/crds/kuma.io_hostnamegenerators.yaml | 2 +- .../dev/raw/crds/kuma.io_meshaccesslogs.yaml | 2 +- .../raw/crds/kuma.io_meshcircuitbreakers.yaml | 2 +- .../mesh/dev/raw/crds/kuma.io_meshes.yaml | 4 +- .../crds/kuma.io_meshexternalservices.yaml | 2 +- .../raw/crds/kuma.io_meshfaultinjections.yaml | 2 +- .../raw/crds/kuma.io_meshgatewayconfigs.yaml | 2 +- .../crds/kuma.io_meshgatewayinstances.yaml | 2 +- .../raw/crds/kuma.io_meshgatewayroutes.yaml | 2 +- .../dev/raw/crds/kuma.io_meshgateways.yaml | 2 +- .../crds/kuma.io_meshglobalratelimits.yaml | 2 +- .../raw/crds/kuma.io_meshhealthchecks.yaml | 2 +- .../dev/raw/crds/kuma.io_meshhttproutes.yaml | 2 +- .../dev/raw/crds/kuma.io_meshinsights.yaml | 2 +- .../kuma.io_meshloadbalancingstrategies.yaml | 2 +- .../dev/raw/crds/kuma.io_meshmetrics.yaml | 2 +- .../crds/kuma.io_meshmultizoneservices.yaml | 2 +- .../mesh/dev/raw/crds/kuma.io_meshopas.yaml | 2 +- .../raw/crds/kuma.io_meshpassthroughs.yaml | 2 +- .../raw/crds/kuma.io_meshproxypatches.yaml | 2 +- .../dev/raw/crds/kuma.io_meshratelimits.yaml | 2 +- .../dev/raw/crds/kuma.io_meshretries.yaml | 2 +- .../dev/raw/crds/kuma.io_meshservices.yaml | 2 +- .../dev/raw/crds/kuma.io_meshtcproutes.yaml | 2 +- .../dev/raw/crds/kuma.io_meshtimeouts.yaml | 60 +- .../mesh/dev/raw/crds/kuma.io_meshtlses.yaml | 2 +- .../mesh/dev/raw/crds/kuma.io_meshtraces.yaml | 2 +- .../crds/kuma.io_meshtrafficpermissions.yaml | 2 +- .../dev/raw/crds/kuma.io_proxytemplates.yaml | 2 +- .../mesh/dev/raw/crds/kuma.io_ratelimits.yaml | 2 +- .../mesh/dev/raw/crds/kuma.io_retries.yaml | 2 +- .../dev/raw/crds/kuma.io_serviceinsights.yaml | 2 +- .../mesh/dev/raw/crds/kuma.io_timeouts.yaml | 2 +- .../dev/raw/crds/kuma.io_trafficlogs.yaml | 2 +- .../raw/crds/kuma.io_trafficpermissions.yaml | 2 +- .../dev/raw/crds/kuma.io_trafficroutes.yaml | 2 +- .../dev/raw/crds/kuma.io_traffictraces.yaml | 2 +- .../raw/crds/kuma.io_virtualoutbounds.yaml | 2 +- .../dev/raw/crds/kuma.io_zoneegresses.yaml | 2 +- .../raw/crds/kuma.io_zoneegressinsights.yaml | 2 +- .../dev/raw/crds/kuma.io_zoneingresses.yaml | 2 +- .../raw/crds/kuma.io_zoneingressinsights.yaml | 2 +- .../dev/raw/crds/kuma.io_zoneinsights.yaml | 2 +- .../mesh/dev/raw/crds/kuma.io_zones.yaml | 2 +- app/assets/mesh/raw/CHANGELOG.md | 3356 ++++++++++++++++- 52 files changed, 3263 insertions(+), 255 deletions(-) diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_circuitbreakers.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_circuitbreakers.yaml index a0e14ab8ed48..d6b2a67595f1 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_circuitbreakers.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_circuitbreakers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: circuitbreakers.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_containerpatches.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_containerpatches.yaml index e40b071dc41a..4ce4c08728c6 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_containerpatches.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_containerpatches.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: containerpatches.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_dataplaneinsights.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_dataplaneinsights.yaml index f4d1315b0579..25b83f5d4152 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_dataplaneinsights.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_dataplaneinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: dataplaneinsights.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_dataplanes.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_dataplanes.yaml index 9ec1b3525b58..be838dd1fc16 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_dataplanes.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_dataplanes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: dataplanes.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_externalservices.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_externalservices.yaml index 6fdedf392698..a876952806c6 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_externalservices.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_externalservices.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: externalservices.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_faultinjections.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_faultinjections.yaml index d9613d6c9688..a7563c7c95d1 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_faultinjections.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_faultinjections.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: faultinjections.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_healthchecks.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_healthchecks.yaml index 9c378d9e4732..dd8c6aa7a4bb 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_healthchecks.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_healthchecks.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: healthchecks.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_hostnamegenerators.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_hostnamegenerators.yaml index eff06ce8f988..4a382b1d4d28 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_hostnamegenerators.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_hostnamegenerators.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: hostnamegenerators.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshaccesslogs.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshaccesslogs.yaml index 3f75a0d39f49..337cd7ed0c3e 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshaccesslogs.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshaccesslogs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshaccesslogs.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshcircuitbreakers.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshcircuitbreakers.yaml index a29e81afd986..32be9df59144 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshcircuitbreakers.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshcircuitbreakers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshcircuitbreakers.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshes.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshes.yaml index 143e104eb553..cdc88ed49172 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshes.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshes.kuma.io spec: group: kuma.io @@ -13,6 +13,8 @@ spec: kind: Mesh listKind: MeshList plural: meshes + shortNames: + - m singular: mesh scope: Cluster versions: diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshexternalservices.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshexternalservices.yaml index e36f1fea5d56..5bdd9d870625 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshexternalservices.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshexternalservices.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshexternalservices.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshfaultinjections.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshfaultinjections.yaml index 80099483d908..865bbe9c3380 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshfaultinjections.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshfaultinjections.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshfaultinjections.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshgatewayconfigs.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshgatewayconfigs.yaml index c77d5cfe3d2a..47e6ab0dac72 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshgatewayconfigs.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshgatewayconfigs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshgatewayconfigs.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshgatewayinstances.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshgatewayinstances.yaml index 38cdcdc098c0..5fb53e871ce3 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshgatewayinstances.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshgatewayinstances.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshgatewayinstances.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshgatewayroutes.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshgatewayroutes.yaml index 27c2bfde6d7e..c4d0dd8543be 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshgatewayroutes.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshgatewayroutes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshgatewayroutes.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshgateways.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshgateways.yaml index db82bafff626..788f8356b903 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshgateways.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshgateways.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshgateways.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshglobalratelimits.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshglobalratelimits.yaml index f5f4a85961ed..fa43e1f38663 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshglobalratelimits.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshglobalratelimits.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshglobalratelimits.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshhealthchecks.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshhealthchecks.yaml index 4e37fc1fd125..fd08de242d21 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshhealthchecks.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshhealthchecks.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshhealthchecks.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshhttproutes.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshhttproutes.yaml index 912895e1ad35..3c2b848285f4 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshhttproutes.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshhttproutes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshhttproutes.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshinsights.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshinsights.yaml index ea8423f79897..120f16a072ca 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshinsights.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshinsights.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshloadbalancingstrategies.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshloadbalancingstrategies.yaml index 07d2fdad96b5..5068296b610b 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshloadbalancingstrategies.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshloadbalancingstrategies.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshloadbalancingstrategies.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshmetrics.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshmetrics.yaml index 5d047cd9db72..5becaf6a906a 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshmetrics.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshmetrics.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshmetrics.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshmultizoneservices.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshmultizoneservices.yaml index 44fe7bccaa71..3113e1c67f89 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshmultizoneservices.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshmultizoneservices.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshmultizoneservices.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshopas.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshopas.yaml index 5797cb8995ae..9fb35e8b63ee 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshopas.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshopas.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshopas.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshpassthroughs.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshpassthroughs.yaml index 1eaac22c164c..ee0d4ca26527 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshpassthroughs.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshpassthroughs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshpassthroughs.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshproxypatches.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshproxypatches.yaml index 8c7b3b4130f4..64df27827b21 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshproxypatches.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshproxypatches.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshproxypatches.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshratelimits.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshratelimits.yaml index 30d300e3e40b..74504ac065e0 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshratelimits.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshratelimits.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshratelimits.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshretries.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshretries.yaml index 6a2afe4132dd..6df5a4f7e84a 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshretries.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshretries.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshretries.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshservices.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshservices.yaml index eeec7bd51162..72ac8db3bbb4 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshservices.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshservices.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshservices.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshtcproutes.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshtcproutes.yaml index ee70c8c86b14..6da914c67068 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshtcproutes.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshtcproutes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshtcproutes.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshtimeouts.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshtimeouts.yaml index 0acdf36531bb..60292a2e8753 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshtimeouts.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshtimeouts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshtimeouts.kuma.io spec: group: kuma.io @@ -172,6 +172,64 @@ spec: - targetRef type: object type: array + rules: + description: |- + Rules defines inbound timeout configurations. Currently limited to exactly one rule containing + default timeouts that apply to all inbound traffic, as L7 matching is not yet implemented. + items: + properties: + default: + description: Default contains configuration of the inbound timeouts + properties: + connectionTimeout: + description: |- + ConnectionTimeout specifies the amount of time proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: |- + MaxConnectionDuration is the time after which a connection will be drained and/or closed, + starting from when it was first established. Setting this timeout to 0 will disable it. + Disabled by default. + type: string + maxStreamDuration: + description: |- + MaxStreamDuration is the maximum time that a stream’s lifetime will span. + Setting this timeout to 0 will disable it. Disabled by default. + type: string + requestHeadersTimeout: + description: |- + RequestHeadersTimeout The amount of time that proxy will wait for the request headers to be received. The timer is + activated when the first byte of the headers is received, and is disarmed when the last byte of + the headers has been received. If not specified or set to 0, this timeout is disabled. + Disabled by default. + type: string + requestTimeout: + description: |- + RequestTimeout The amount of time that proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, and is disarmed when the last byte of the request is sent, + OR when the response is initiated. Setting this timeout to 0 will disable it. + Default is 15s. + type: string + streamIdleTimeout: + description: |- + StreamIdleTimeout is the amount of time that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default is 30m + type: string + type: object + idleTimeout: + description: |- + IdleTimeout is defined as the period in which there are no bytes sent or received on connection + Setting this timeout to 0 will disable it. Be cautious when disabling it because + it can lead to connection leaking. Default value is 1h. + type: string + type: object + type: object + type: array targetRef: description: |- TargetRef is a reference to the resource the policy takes an effect on. diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshtlses.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshtlses.yaml index d46cdd37a86a..cd26a997d97e 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshtlses.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshtlses.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshtlses.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshtraces.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshtraces.yaml index 10b794b23d14..394dc7552a68 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshtraces.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshtraces.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshtraces.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_meshtrafficpermissions.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_meshtrafficpermissions.yaml index d4721600a235..91836e36190a 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_meshtrafficpermissions.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_meshtrafficpermissions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: meshtrafficpermissions.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_proxytemplates.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_proxytemplates.yaml index 36668cf6f620..41d9a0ad0bf1 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_proxytemplates.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_proxytemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: proxytemplates.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_ratelimits.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_ratelimits.yaml index 4afc6f810825..f77aca8419ab 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_ratelimits.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_ratelimits.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: ratelimits.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_retries.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_retries.yaml index bc7f00f9c323..33edfbd610bf 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_retries.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_retries.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: retries.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_serviceinsights.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_serviceinsights.yaml index 7bdb467f7af6..287b41cb3665 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_serviceinsights.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_serviceinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: serviceinsights.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_timeouts.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_timeouts.yaml index 7776edd6d4e3..44b83172b34c 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_timeouts.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_timeouts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: timeouts.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_trafficlogs.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_trafficlogs.yaml index ed0b73cb6f1b..9c3d91c9d778 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_trafficlogs.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_trafficlogs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: trafficlogs.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_trafficpermissions.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_trafficpermissions.yaml index 7a027bac8555..50d2bc990cca 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_trafficpermissions.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_trafficpermissions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: trafficpermissions.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_trafficroutes.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_trafficroutes.yaml index b6f3c29c0045..4c91a7b3b42f 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_trafficroutes.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_trafficroutes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: trafficroutes.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_traffictraces.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_traffictraces.yaml index fbbdec1cb097..34f8825b7b09 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_traffictraces.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_traffictraces.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: traffictraces.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_virtualoutbounds.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_virtualoutbounds.yaml index 050c0226d07f..b0013e59e12e 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_virtualoutbounds.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_virtualoutbounds.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: virtualoutbounds.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_zoneegresses.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_zoneegresses.yaml index 706c2f73a85b..970ba3a7f617 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_zoneegresses.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_zoneegresses.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: zoneegresses.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_zoneegressinsights.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_zoneegressinsights.yaml index 99d7ef282d31..5c018ac7ff76 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_zoneegressinsights.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_zoneegressinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: zoneegressinsights.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_zoneingresses.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_zoneingresses.yaml index bea6dde685c0..0902d259d058 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_zoneingresses.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_zoneingresses.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: zoneingresses.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_zoneingressinsights.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_zoneingressinsights.yaml index f7664e164096..a5e9412ec315 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_zoneingressinsights.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_zoneingressinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: zoneingressinsights.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_zoneinsights.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_zoneinsights.yaml index 1a25cf8a9731..745d7638085f 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_zoneinsights.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_zoneinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: zoneinsights.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/dev/raw/crds/kuma.io_zones.yaml b/app/assets/mesh/dev/raw/crds/kuma.io_zones.yaml index f67341c4621c..745545891f89 100644 --- a/app/assets/mesh/dev/raw/crds/kuma.io_zones.yaml +++ b/app/assets/mesh/dev/raw/crds/kuma.io_zones.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.1 name: zones.kuma.io spec: group: kuma.io diff --git a/app/assets/mesh/raw/CHANGELOG.md b/app/assets/mesh/raw/CHANGELOG.md index 9d3e23a9230d..b43994e0f312 100644 --- a/app/assets/mesh/raw/CHANGELOG.md +++ b/app/assets/mesh/raw/CHANGELOG.md @@ -2,11 +2,17 @@ ## 2.9.2 -> Released on 2024/12/09 +> Released on 2024/12/10 * chore(deps): bump kumahq/kuma from 2.9.1 to 2.9.2 [#6988](https://github.com/Kong/kong-mesh/pull/6988) [#6997](https://github.com/Kong/kong-mesh/pull/6997) [#7005](https://github.com/Kong/kong-mesh/pull/7005) [#7033](https://github.com/Kong/kong-mesh/pull/7033) [#7034](https://github.com/Kong/kong-mesh/pull/7034) [#7054](https://github.com/Kong/kong-mesh/pull/7054) @kong-mesh * chore(deps): security update [#6981](https://github.com/Kong/kong-mesh/pull/6981) @kong-mesh +### Includes [kumahq/kuma@2.9.2](https://github.com/kumahq/kuma/releases/tag/2.9.2) changelog + +* chore(deps): bump golang from 1.23.2 to 1.23.3 [#12084](https://github.com/kumahq/kuma/pull/12084) @lukidzi +* fix(meshpassthrough): Refactor MeshPassthrough implementation to generate correct route [#12157](https://github.com/kumahq/kuma/pull/12157) @kumahq +* fix(meshtrafficpermission): nil pointer for autoreachableservice when no top targetRef (backport of #12152) [#12161](https://github.com/kumahq/kuma/pull/12161) @kumahq + ## 2.6.14 > Released on 2024/12/10 @@ -14,45 +20,89 @@ * chore(deps): bump kumahq/kuma from 2.6.13 to 2.6.14 [#6968](https://github.com/Kong/kong-mesh/pull/6968) [#7058](https://github.com/Kong/kong-mesh/pull/7058) @kong-mesh * chore(deps): security update [#6979](https://github.com/Kong/kong-mesh/pull/6979) @kong-mesh +### Includes [kumahq/kuma@2.6.14](https://github.com/kumahq/kuma/releases/tag/2.6.14) changelog + +* chore(deps): upgrade go from 1.22.8 to 1.22.9 [#12087](https://github.com/kumahq/kuma/pull/12087) @lukidzi +* fix(kds): clone resource on update meta (backport of #10460) [#12121](https://github.com/kumahq/kuma/pull/12121) @kumahq + ## 2.7.10 > Released on 2024/12/09 * chore(deps): bump kumahq/kuma from 2.7.10 to 2.7.10 [#7053](https://github.com/Kong/kong-mesh/pull/7053) @kong-mesh +### Includes [kumahq/kuma@2.7.10](https://github.com/kumahq/kuma/releases/tag/2.7.10) changelog + +* chore(deps): upgrade go from 1.22.8 to 1.22.9 [#12086](https://github.com/kumahq/kuma/pull/12086) @lukidzi +* fix(kds): clone resource on update meta (backport of #10460) [#12122](https://github.com/kumahq/kuma/pull/12122) @kumahq + ## 2.9.1 -> Released on 2024/11/15 +> Released on 2024/11/18 * chore(deps): bump kumahq/kuma from 2.9.0 to 2.9.1 [#6844](https://github.com/Kong/kong-mesh/pull/6844) [#6846](https://github.com/Kong/kong-mesh/pull/6846) [#6854](https://github.com/Kong/kong-mesh/pull/6854) [#6865](https://github.com/Kong/kong-mesh/pull/6865) [#6870](https://github.com/Kong/kong-mesh/pull/6870) [#6873](https://github.com/Kong/kong-mesh/pull/6873) [#6887](https://github.com/Kong/kong-mesh/pull/6887) [#6892](https://github.com/Kong/kong-mesh/pull/6892) [#6901](https://github.com/Kong/kong-mesh/pull/6901) [#6920](https://github.com/Kong/kong-mesh/pull/6920) [#6931](https://github.com/Kong/kong-mesh/pull/6931) [#6953](https://github.com/Kong/kong-mesh/pull/6953) [#6956](https://github.com/Kong/kong-mesh/pull/6956) @kong-mesh * chore(deps): change go-control-plane version [#6940](https://github.com/Kong/kong-mesh/pull/6940) @lukidzi * chore(deps): upgrade shadow-utils after minimal version upgrade (backport of #6942) [#6944](https://github.com/Kong/kong-mesh/pull/6944) @kong-mesh * chore(deps): use latest Kong/kong-mesh-gui [#6904](https://github.com/Kong/kong-mesh/pull/6904) @kong-mesh +### Includes [kumahq/kuma@2.9.1](https://github.com/kumahq/kuma/releases/tag/2.9.1) changelog + +* chore(deps): algin forked go-control-plane version with upstream [#12029](https://github.com/kumahq/kuma/pull/12029) @kumahq +* chore(deps): bump envoy from 1.30.6 to 1.30.7 [#11958](https://github.com/kumahq/kuma/pull/11958) @lukidzi +* chore(deps): security update [#11982](https://github.com/kumahq/kuma/pull/11982) @kumahq +* chore(deps): use latest kumahq/kuma-gui [#11944](https://github.com/kumahq/kuma/pull/11944) @kumahq +* fix(cni): delegated gateway was not correctly injected (backport of #11922) [#11928](https://github.com/kumahq/kuma/pull/11928) @kumahq +* fix(k8s): set annotation kuma.io/display-name for Secrets and Configs (backport of #11923) [#11942](https://github.com/kumahq/kuma/pull/11942) @kumahq +* fix(kuma-cp): avoid concurrent access on resource meta (backport of #11997) [#12024](https://github.com/kumahq/kuma/pull/12024) @kumahq +* fix(meshtimeout): don't set default timeouts on inbound cluster and listener (backport of #12043) [#12049](https://github.com/kumahq/kuma/pull/12049) @kumahq + ## 2.8.5 -> Released on 2024/11/15 +> Released on 2024/11/18 * chore(deps): bump kumahq/kuma from 2.8.4 to 2.8.5 [#6778](https://github.com/Kong/kong-mesh/pull/6778) [#6782](https://github.com/Kong/kong-mesh/pull/6782) [#6798](https://github.com/Kong/kong-mesh/pull/6798) [#6847](https://github.com/Kong/kong-mesh/pull/6847) [#6856](https://github.com/Kong/kong-mesh/pull/6856) [#6863](https://github.com/Kong/kong-mesh/pull/6863) [#6872](https://github.com/Kong/kong-mesh/pull/6872) [#6891](https://github.com/Kong/kong-mesh/pull/6891) [#6894](https://github.com/Kong/kong-mesh/pull/6894) [#6900](https://github.com/Kong/kong-mesh/pull/6900) [#6907](https://github.com/Kong/kong-mesh/pull/6907) [#6932](https://github.com/Kong/kong-mesh/pull/6932) [#6955](https://github.com/Kong/kong-mesh/pull/6955) @kong-mesh * chore(deps): upgrade shadow-utils after minimal version upgrade (backport of #6942) [#6948](https://github.com/Kong/kong-mesh/pull/6948) @kong-mesh +### Includes [kumahq/kuma@2.8.5](https://github.com/kumahq/kuma/releases/tag/2.8.5) changelog + +* chore(deps): bump envoy from 1.30.6 to 1.30.7 [#11957](https://github.com/kumahq/kuma/pull/11957) @lukidzi +* chore(deps): security update [#11973](https://github.com/kumahq/kuma/pull/11973) @kumahq +* fix(k8s): set annotation kuma.io/display-name for Secrets and Configs (backport of #11923) [#11943](https://github.com/kumahq/kuma/pull/11943) @kumahq +* fix(kuma-cp): avoid concurrent access on resource meta (backport of #11997) [#12022](https://github.com/kumahq/kuma/pull/12022) @kumahq + ## 2.7.9 -> Released on 2024/11/14 +> Released on 2024/11/18 * chore(deps): bump kumahq/kuma from 2.7.8 to 2.7.9 [#6775](https://github.com/Kong/kong-mesh/pull/6775) [#6781](https://github.com/Kong/kong-mesh/pull/6781) [#6797](https://github.com/Kong/kong-mesh/pull/6797) [#6848](https://github.com/Kong/kong-mesh/pull/6848) [#6855](https://github.com/Kong/kong-mesh/pull/6855) [#6861](https://github.com/Kong/kong-mesh/pull/6861) [#6871](https://github.com/Kong/kong-mesh/pull/6871) [#6890](https://github.com/Kong/kong-mesh/pull/6890) [#6899](https://github.com/Kong/kong-mesh/pull/6899) [#6906](https://github.com/Kong/kong-mesh/pull/6906) [#6925](https://github.com/Kong/kong-mesh/pull/6925) [#6933](https://github.com/Kong/kong-mesh/pull/6933) [#6950](https://github.com/Kong/kong-mesh/pull/6950) @kong-mesh * chore(deps): upgrade shadow-utils after minimal version upgrade (backport of #6942) [#6947](https://github.com/Kong/kong-mesh/pull/6947) @kong-mesh +### Includes [kumahq/kuma@2.7.9](https://github.com/kumahq/kuma/releases/tag/2.7.9) changelog + +* chore(deps): bump envoy from 1.29.9 to 1.29.10 [#11956](https://github.com/kumahq/kuma/pull/11956) @lukidzi +* chore(deps): security update [#11972](https://github.com/kumahq/kuma/pull/11972) @kumahq +* fix(k8s): set annotation kuma.io/display-name for Secrets and Configs (backport of #11923) [#11941](https://github.com/kumahq/kuma/pull/11941) @kumahq +* fix(kuma-cp): avoid concurrent access on resource meta (backport of #11997) [#12023](https://github.com/kumahq/kuma/pull/12023) @kumahq +* fix(store): preserve existing labels when update [#11954](https://github.com/kumahq/kuma/pull/11954) @kumahq + ## 2.6.13 -> Released on 2024/11/14 +> Released on 2024/11/18 * chore(deps): bump kumahq/kuma from 2.6.12 to 2.6.13 [#6776](https://github.com/Kong/kong-mesh/pull/6776) [#6784](https://github.com/Kong/kong-mesh/pull/6784) [#6796](https://github.com/Kong/kong-mesh/pull/6796) [#6845](https://github.com/Kong/kong-mesh/pull/6845) [#6853](https://github.com/Kong/kong-mesh/pull/6853) [#6864](https://github.com/Kong/kong-mesh/pull/6864) [#6869](https://github.com/Kong/kong-mesh/pull/6869) [#6897](https://github.com/Kong/kong-mesh/pull/6897) [#6905](https://github.com/Kong/kong-mesh/pull/6905) [#6938](https://github.com/Kong/kong-mesh/pull/6938) [#6949](https://github.com/Kong/kong-mesh/pull/6949) @kong-mesh * chore(deps): upgrade shadow-utils after minimal version upgrade (backport of #6942) [#6946](https://github.com/Kong/kong-mesh/pull/6946) @kong-mesh +### Includes [kumahq/kuma@2.6.13](https://github.com/kumahq/kuma/releases/tag/2.6.13) changelog + +* chore(deps): bump envoy from 1.28.7 to 1.29.10 [#11960](https://github.com/kumahq/kuma/pull/11960) @lukidzi +* chore(deps): security update [#11975](https://github.com/kumahq/kuma/pull/11975) @kumahq +* fix(k8s): set annotation kuma.io/display-name for Secrets and Configs (backport of #11923) [#11940](https://github.com/kumahq/kuma/pull/11940) @kumahq +* fix(kuma-cp): avoid concurrent access on resource meta (backport of #11997) [#12021](https://github.com/kumahq/kuma/pull/12021) @kumahq +* fix(store): preserve existing labels when update [#11953](https://github.com/kumahq/kuma/pull/11953) @kumahq + ## 2.9.0 -> Released on 2024/10/21 +> Released on 2024/10/22 * chore(deps): bump Kong/public-shared-actions from 2.3.0 to 2.7.3 [#6492](https://github.com/Kong/kong-mesh/pull/6492) [#6535](https://github.com/Kong/kong-mesh/pull/6535) [#6574](https://github.com/Kong/kong-mesh/pull/6574) [#6672](https://github.com/Kong/kong-mesh/pull/6672) [#6714](https://github.com/Kong/kong-mesh/pull/6714) @dependabot * chore(deps): bump actions/create-github-app-token from 1.10.1 to 1.11.0 [#6204](https://github.com/Kong/kong-mesh/pull/6204) [#6252](https://github.com/Kong/kong-mesh/pull/6252) [#6572](https://github.com/Kong/kong-mesh/pull/6572) [#6636](https://github.com/Kong/kong-mesh/pull/6636) @dependabot @@ -84,36 +134,305 @@ * chore(deps): use latest Kong/kong-mesh-gui [#6172](https://github.com/Kong/kong-mesh/pull/6172) [#6193](https://github.com/Kong/kong-mesh/pull/6193) [#6221](https://github.com/Kong/kong-mesh/pull/6221) [#6224](https://github.com/Kong/kong-mesh/pull/6224) [#6228](https://github.com/Kong/kong-mesh/pull/6228) [#6238](https://github.com/Kong/kong-mesh/pull/6238) [#6251](https://github.com/Kong/kong-mesh/pull/6251) [#6284](https://github.com/Kong/kong-mesh/pull/6284) [#6301](https://github.com/Kong/kong-mesh/pull/6301) [#6312](https://github.com/Kong/kong-mesh/pull/6312) [#6322](https://github.com/Kong/kong-mesh/pull/6322) [#6327](https://github.com/Kong/kong-mesh/pull/6327) [#6334](https://github.com/Kong/kong-mesh/pull/6334) [#6347](https://github.com/Kong/kong-mesh/pull/6347) [#6360](https://github.com/Kong/kong-mesh/pull/6360) [#6382](https://github.com/Kong/kong-mesh/pull/6382) [#6391](https://github.com/Kong/kong-mesh/pull/6391) [#6400](https://github.com/Kong/kong-mesh/pull/6400) [#6460](https://github.com/Kong/kong-mesh/pull/6460) [#6540](https://github.com/Kong/kong-mesh/pull/6540) [#6546](https://github.com/Kong/kong-mesh/pull/6546) [#6554](https://github.com/Kong/kong-mesh/pull/6554) [#6575](https://github.com/Kong/kong-mesh/pull/6575) [#6578](https://github.com/Kong/kong-mesh/pull/6578) [#6593](https://github.com/Kong/kong-mesh/pull/6593) [#6596](https://github.com/Kong/kong-mesh/pull/6596) [#6602](https://github.com/Kong/kong-mesh/pull/6602) [#6620](https://github.com/Kong/kong-mesh/pull/6620) [#6624](https://github.com/Kong/kong-mesh/pull/6624) [#6637](https://github.com/Kong/kong-mesh/pull/6637) [#6640](https://github.com/Kong/kong-mesh/pull/6640) [#6645](https://github.com/Kong/kong-mesh/pull/6645) [#6669](https://github.com/Kong/kong-mesh/pull/6669) [#6685](https://github.com/Kong/kong-mesh/pull/6685) [#6686](https://github.com/Kong/kong-mesh/pull/6686) [#6697](https://github.com/Kong/kong-mesh/pull/6697) [#6699](https://github.com/Kong/kong-mesh/pull/6699) [#6710](https://github.com/Kong/kong-mesh/pull/6710) [#6711](https://github.com/Kong/kong-mesh/pull/6711) [#6723](https://github.com/Kong/kong-mesh/pull/6723) [#6750](https://github.com/Kong/kong-mesh/pull/6750) [#6804](https://github.com/Kong/kong-mesh/pull/6804) @kong-mesh * feat(kuma-dp): add windows deprecation notice [#6770](https://github.com/Kong/kong-mesh/pull/6770) @johnharris85 +### Includes [kumahq/kuma@2.9.0](https://github.com/kumahq/kuma/releases/tag/2.9.0) changelog + +* chore(deps): bump Kong/public-shared-actions from 2.3.0 to 2.7.3 [#11139](https://github.com/kumahq/kuma/pull/11139) [#11218](https://github.com/kumahq/kuma/pull/11218) [#11263](https://github.com/kumahq/kuma/pull/11263) [#11310](https://github.com/kumahq/kuma/pull/11310) [#11518](https://github.com/kumahq/kuma/pull/11518) [#11598](https://github.com/kumahq/kuma/pull/11598) [#11696](https://github.com/kumahq/kuma/pull/11696) @dependabot +* chore(deps): bump coredns from v1.11.1 to v1.11.3 [#11568](https://github.com/kumahq/kuma/pull/11568) @michaelbeaumont +* chore(deps): bump debian from 12.5 to `27586f4` [#10756](https://github.com/kumahq/kuma/pull/10756) [#11007](https://github.com/kumahq/kuma/pull/11007) [#11142](https://github.com/kumahq/kuma/pull/11142) [#11357](https://github.com/kumahq/kuma/pull/11357) [#11596](https://github.com/kumahq/kuma/pull/11596) @dependabot +* chore(deps): bump distroless/base-nossl-debian11 from `1dcd82e` to `d66c60e` [#10823](https://github.com/kumahq/kuma/pull/10823) @dependabot +* chore(deps): bump distroless/static-debian11 from `459f8ab` to `55716e8` [#10824](https://github.com/kumahq/kuma/pull/10824) @dependabot +* chore(deps): bump envoy from 1.30.2 to 1.30.6 [#10645](https://github.com/kumahq/kuma/pull/10645) [#10692](https://github.com/kumahq/kuma/pull/10692) [#11488](https://github.com/kumahq/kuma/pull/11488) @lukidzi +* chore(deps): bump github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0 [#11259](https://github.com/kumahq/kuma/pull/11259) @dependabot +* chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.3 to 3.3.0 [#11281](https://github.com/kumahq/kuma/pull/11281) @dependabot +* chore(deps): bump github.com/cilium/ebpf from 0.15.0 to 0.16.0 [#11006](https://github.com/kumahq/kuma/pull/11006) @dependabot +* chore(deps): bump github.com/containernetworking/cni from 1.2.1 to 1.2.3 [#10703](https://github.com/kumahq/kuma/pull/10703) [#10939](https://github.com/kumahq/kuma/pull/10939) @dependabot +* chore(deps): bump github.com/docker/docker from 27.0.3+incompatible to 27.1.1+incompatible [#11012](https://github.com/kumahq/kuma/pull/11012) [#11084](https://github.com/kumahq/kuma/pull/11084) @dependabot +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 1.0.4 to 1.1.0 [#11097](https://github.com/kumahq/kuma/pull/11097) @dependabot +* chore(deps): bump github.com/exaring/otelpgx from 0.6.1 to 0.6.2 [#10701](https://github.com/kumahq/kuma/pull/10701) @dependabot +* chore(deps): bump github.com/golang-migrate/migrate/v4 from 4.17.1 to 4.18.1 [#11353](https://github.com/kumahq/kuma/pull/11353) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.46.15 to 0.47.2 [#10700](https://github.com/kumahq/kuma/pull/10700) [#10899](https://github.com/kumahq/kuma/pull/10899) [#11282](https://github.com/kumahq/kuma/pull/11282) [#11677](https://github.com/kumahq/kuma/pull/11677) @dependabot +* chore(deps): bump github.com/jackc/pgx/v5 from 5.6.0 to 5.7.1 [#11358](https://github.com/kumahq/kuma/pull/11358) [#11436](https://github.com/kumahq/kuma/pull/11436) @dependabot +* chore(deps): bump github.com/miekg/dns from 1.1.61 to 1.1.62 [#11117](https://github.com/kumahq/kuma/pull/11117) @dependabot +* chore(deps): bump github.com/moby/sys/mountinfo from 0.7.1 to 0.7.2 [#10938](https://github.com/kumahq/kuma/pull/10938) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.20.2 [#11005](https://github.com/kumahq/kuma/pull/11005) [#11099](https://github.com/kumahq/kuma/pull/11099) [#11212](https://github.com/kumahq/kuma/pull/11212) [#11258](https://github.com/kumahq/kuma/pull/11258) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.33.1 to 1.34.2 [#11004](https://github.com/kumahq/kuma/pull/11004) [#11048](https://github.com/kumahq/kuma/pull/11048) [#11262](https://github.com/kumahq/kuma/pull/11262) @dependabot +* chore(deps): bump github.com/prometheus/client_golang from 1.19.1 to 1.20.4 [#11119](https://github.com/kumahq/kuma/pull/11119) [#11215](https://github.com/kumahq/kuma/pull/11215) [#11352](https://github.com/kumahq/kuma/pull/11352) [#11522](https://github.com/kumahq/kuma/pull/11522) @dependabot +* chore(deps): bump github.com/prometheus/common from 0.54.0 to 0.60.0 [#10702](https://github.com/kumahq/kuma/pull/10702) [#11260](https://github.com/kumahq/kuma/pull/11260) [#11313](https://github.com/kumahq/kuma/pull/11313) [#11356](https://github.com/kumahq/kuma/pull/11356) [#11681](https://github.com/kumahq/kuma/pull/11681) @dependabot +* chore(deps): bump github.com/sethvargo/go-retry from 0.2.4 to 0.3.0 [#11046](https://github.com/kumahq/kuma/pull/11046) @dependabot +* chore(deps): bump github.com/slok/go-http-metrics from 0.11.0 to 0.13.0 [#10037](https://github.com/kumahq/kuma/pull/10037) [#11354](https://github.com/kumahq/kuma/pull/11354) @dependabot +* chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.3.0 to 2.4.0 [#11680](https://github.com/kumahq/kuma/pull/11680) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.31.0 to 0.33.0 [#10827](https://github.com/kumahq/kuma/pull/10827) [#11214](https://github.com/kumahq/kuma/pull/11214) @dependabot +* chore(deps): bump github.com/tonglil/opentelemetry-go-datadog-propagator from 0.1.2 to 0.1.3 [#10699](https://github.com/kumahq/kuma/pull/10699) @dependabot +* chore(deps): bump github.com/vishvananda/netlink from 1.2.1-beta.2 to 1.3.0 [#11213](https://github.com/kumahq/kuma/pull/11213) @dependabot +* chore(deps): bump go from 1.22.7 to 1.23.2 [#11363](https://github.com/kumahq/kuma/pull/11363) [#11631](https://github.com/kumahq/kuma/pull/11631) @michaelbeaumont,@slonka +* chore(deps): bump golang.org/x/net from 0.26.0 to 0.30.0 [#10826](https://github.com/kumahq/kuma/pull/10826) [#11096](https://github.com/kumahq/kuma/pull/11096) [#11355](https://github.com/kumahq/kuma/pull/11355) [#11683](https://github.com/kumahq/kuma/pull/11683) @dependabot +* chore(deps): bump golang.org/x/sys from 0.21.0 to 0.26.0 [#10825](https://github.com/kumahq/kuma/pull/10825) [#11047](https://github.com/kumahq/kuma/pull/11047) [#11098](https://github.com/kumahq/kuma/pull/11098) [#11314](https://github.com/kumahq/kuma/pull/11314) [#11679](https://github.com/kumahq/kuma/pull/11679) @dependabot +* chore(deps): bump golang.org/x/text from 0.16.0 to 0.19.0 [#11100](https://github.com/kumahq/kuma/pull/11100) [#11315](https://github.com/kumahq/kuma/pull/11315) [#11678](https://github.com/kumahq/kuma/pull/11678) @dependabot +* chore(deps): bump gonum.org/v1/gonum from 0.15.0 to 0.15.1 [#11138](https://github.com/kumahq/kuma/pull/11138) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.64.0 to 1.67.0 [#10758](https://github.com/kumahq/kuma/pull/10758) [#11521](https://github.com/kumahq/kuma/pull/11521) @dependabot +* chore(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 [#11699](https://github.com/kumahq/kuma/pull/11699) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.14.4 to 3.16.1 [#10531](https://github.com/kumahq/kuma/pull/10531) [#10898](https://github.com/kumahq/kuma/pull/10898) [#11118](https://github.com/kumahq/kuma/pull/11118) [#11435](https://github.com/kumahq/kuma/pull/11435) @dependabot +* chore(deps): bump kumahq/ubuntu-netools from `8675216` to `4243009` [#10704](https://github.com/kumahq/kuma/pull/10704) @dependabot +* chore(deps): bump postgres from `46aa2ee` to `4ec37d2` [#10755](https://github.com/kumahq/kuma/pull/10755) [#11008](https://github.com/kumahq/kuma/pull/11008) [#11101](https://github.com/kumahq/kuma/pull/11101) [#11136](https://github.com/kumahq/kuma/pull/11136) [#11351](https://github.com/kumahq/kuma/pull/11351) [#11600](https://github.com/kumahq/kuma/pull/11600) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.16.1 to 0.16.2 [#11280](https://github.com/kumahq/kuma/pull/11280) @dependabot +* chore(deps): bump sigs.k8s.io/gateway-api from 1.1.0 to 1.2.0 [#11676](https://github.com/kumahq/kuma/pull/11676) @dependabot +* chore(deps): bump the go-opentelemetry-io group across 1 directory with 9 updates [#10767](https://github.com/kumahq/kuma/pull/10767) @dependabot +* chore(deps): bump the go-opentelemetry-io group with 9 updates [#11211](https://github.com/kumahq/kuma/pull/11211) [#11433](https://github.com/kumahq/kuma/pull/11433) @dependabot +* chore(deps): bump the k8s-libs group across 1 directory with 10 updates [#10759](https://github.com/kumahq/kuma/pull/10759) @dependabot +* chore(deps): bump the k8s-libs group with 5 updates [#10937](https://github.com/kumahq/kuma/pull/10937) @dependabot +* chore(deps): bump the k8s-libs group with 6 updates [#11432](https://github.com/kumahq/kuma/pull/11432) @dependabot +* chore(deps): bump the k8s-libs group with 8 updates [#11137](https://github.com/kumahq/kuma/pull/11137) @dependabot +* chore(deps): bump ubuntu from jammy-20240530 to jammy-20240808 [#11141](https://github.com/kumahq/kuma/pull/11141) @dependabot +* chore(deps): security update [#11331](https://github.com/kumahq/kuma/pull/11331) @kumahq +* chore(deps): use latest kumahq/kuma-gui [#10587](https://github.com/kumahq/kuma/pull/10587) [#10627](https://github.com/kumahq/kuma/pull/10627) [#10629](https://github.com/kumahq/kuma/pull/10629) [#10632](https://github.com/kumahq/kuma/pull/10632) [#10633](https://github.com/kumahq/kuma/pull/10633) [#10635](https://github.com/kumahq/kuma/pull/10635) [#10636](https://github.com/kumahq/kuma/pull/10636) [#10644](https://github.com/kumahq/kuma/pull/10644) [#10647](https://github.com/kumahq/kuma/pull/10647) [#10650](https://github.com/kumahq/kuma/pull/10650) [#10666](https://github.com/kumahq/kuma/pull/10666) [#10673](https://github.com/kumahq/kuma/pull/10673) [#10674](https://github.com/kumahq/kuma/pull/10674) [#10687](https://github.com/kumahq/kuma/pull/10687) [#10718](https://github.com/kumahq/kuma/pull/10718) [#10720](https://github.com/kumahq/kuma/pull/10720) [#10727](https://github.com/kumahq/kuma/pull/10727) [#10795](https://github.com/kumahq/kuma/pull/10795) [#10797](https://github.com/kumahq/kuma/pull/10797) [#10838](https://github.com/kumahq/kuma/pull/10838) [#10840](https://github.com/kumahq/kuma/pull/10840) [#10843](https://github.com/kumahq/kuma/pull/10843) [#10846](https://github.com/kumahq/kuma/pull/10846) [#10861](https://github.com/kumahq/kuma/pull/10861) [#10881](https://github.com/kumahq/kuma/pull/10881) [#10895](https://github.com/kumahq/kuma/pull/10895) [#10902](https://github.com/kumahq/kuma/pull/10902) [#10909](https://github.com/kumahq/kuma/pull/10909) [#10911](https://github.com/kumahq/kuma/pull/10911) [#10912](https://github.com/kumahq/kuma/pull/10912) [#10950](https://github.com/kumahq/kuma/pull/10950) [#10967](https://github.com/kumahq/kuma/pull/10967) [#10971](https://github.com/kumahq/kuma/pull/10971) [#10985](https://github.com/kumahq/kuma/pull/10985) [#10986](https://github.com/kumahq/kuma/pull/10986) [#11011](https://github.com/kumahq/kuma/pull/11011) [#11015](https://github.com/kumahq/kuma/pull/11015) [#11016](https://github.com/kumahq/kuma/pull/11016) [#11030](https://github.com/kumahq/kuma/pull/11030) [#11243](https://github.com/kumahq/kuma/pull/11243) [#11269](https://github.com/kumahq/kuma/pull/11269) [#11271](https://github.com/kumahq/kuma/pull/11271) [#11290](https://github.com/kumahq/kuma/pull/11290) [#11291](https://github.com/kumahq/kuma/pull/11291) [#11295](https://github.com/kumahq/kuma/pull/11295) [#11299](https://github.com/kumahq/kuma/pull/11299) [#11303](https://github.com/kumahq/kuma/pull/11303) [#11306](https://github.com/kumahq/kuma/pull/11306) [#11320](https://github.com/kumahq/kuma/pull/11320) [#11340](https://github.com/kumahq/kuma/pull/11340) [#11366](https://github.com/kumahq/kuma/pull/11366) [#11368](https://github.com/kumahq/kuma/pull/11368) [#11370](https://github.com/kumahq/kuma/pull/11370) [#11374](https://github.com/kumahq/kuma/pull/11374) [#11376](https://github.com/kumahq/kuma/pull/11376) [#11411](https://github.com/kumahq/kuma/pull/11411) [#11419](https://github.com/kumahq/kuma/pull/11419) [#11446](https://github.com/kumahq/kuma/pull/11446) [#11451](https://github.com/kumahq/kuma/pull/11451) [#11453](https://github.com/kumahq/kuma/pull/11453) [#11454](https://github.com/kumahq/kuma/pull/11454) [#11480](https://github.com/kumahq/kuma/pull/11480) [#11495](https://github.com/kumahq/kuma/pull/11495) [#11530](https://github.com/kumahq/kuma/pull/11530) [#11535](https://github.com/kumahq/kuma/pull/11535) [#11536](https://github.com/kumahq/kuma/pull/11536) [#11559](https://github.com/kumahq/kuma/pull/11559) [#11577](https://github.com/kumahq/kuma/pull/11577) [#11580](https://github.com/kumahq/kuma/pull/11580) [#11594](https://github.com/kumahq/kuma/pull/11594) [#11595](https://github.com/kumahq/kuma/pull/11595) [#11603](https://github.com/kumahq/kuma/pull/11603) [#11622](https://github.com/kumahq/kuma/pull/11622) [#11647](https://github.com/kumahq/kuma/pull/11647) [#11751](https://github.com/kumahq/kuma/pull/11751) @kumahq +* feat(GatewayAPI): support port in parentRef [#10828](https://github.com/kumahq/kuma/pull/10828) @michaelbeaumont +* feat(HostnameGenerator): automatically create default generators [#11017](https://github.com/kumahq/kuma/pull/11017) @jakubdyszkiewicz +* feat(Mesh*Route): require port with MeshMultiZoneService backends [#11479](https://github.com/kumahq/kuma/pull/11479) @michaelbeaumont +* feat(Mesh*Service): add first hostname as kubectl column [#11714](https://github.com/kumahq/kuma/pull/11714) @michaelbeaumont +* feat(MeshExternalService): added option to disable allow-all RBAC [#11073](https://github.com/kumahq/kuma/pull/11073) @lukidzi +* feat(MeshMultiZoneService): add support to MeshCircuitBreaker, MeshAccessLog, MeshHealthCheck, MeshRetry [#11322](https://github.com/kumahq/kuma/pull/11322) @michaelbeaumont +* feat(MeshMultiZoneService): support as target [#11205](https://github.com/kumahq/kuma/pull/11205) @michaelbeaumont +* feat(MeshMultizoneService): support multizone deployments of mesh services. [#10643](https://github.com/kumahq/kuma/pull/10643) [#10648](https://github.com/kumahq/kuma/pull/10648) [#10667](https://github.com/kumahq/kuma/pull/10667) [#10683](https://github.com/kumahq/kuma/pull/10683) [#10883](https://github.com/kumahq/kuma/pull/10883) [#10984](https://github.com/kumahq/kuma/pull/10984) @jakubdyszkiewicz +* feat(MeshService): add Mesh.MeshServices.Enabled to control behavior [#11279](https://github.com/kumahq/kuma/pull/11279) @michaelbeaumont +* feat(MeshService): add event to the Service that an unsupported port is being ignored [#11033](https://github.com/kumahq/kuma/pull/11033) @michaelbeaumont +* feat(MeshService): add grace period before deleting generated MeshServices on universal [#11018](https://github.com/kumahq/kuma/pull/11018) @michaelbeaumont +* feat(MeshService): automatically add port name when generating [#11210](https://github.com/kumahq/kuma/pull/11210) @michaelbeaumont +* feat(MeshService): create different clusters for real MeshServices [#11251](https://github.com/kumahq/kuma/pull/11251) @michaelbeaumont +* feat(MeshService): disable available services on disabled vips [#10612](https://github.com/kumahq/kuma/pull/10612) @jakubdyszkiewicz +* feat(MeshService): generate MeshService from Dataplanes on universal [#10917](https://github.com/kumahq/kuma/pull/10917) @michaelbeaumont +* feat(MeshService): mitigate and handle resource conflicts [#11385](https://github.com/kumahq/kuma/pull/11385) @jakubdyszkiewicz +* feat(MeshService): permissive mtls [#10929](https://github.com/kumahq/kuma/pull/10929) @jakubdyszkiewicz +* feat(MeshService): proxies stats and state [#10970](https://github.com/kumahq/kuma/pull/10970) @jakubdyszkiewicz +* feat(MeshTimeout): support MeshMultiZoneService [#11206](https://github.com/kumahq/kuma/pull/11206) @michaelbeaumont +* feat(api-server): extend Inspect API with new ResourceRules [#11040](https://github.com/kumahq/kuma/pull/11040) @Automaat +* feat(autoreachableservices): support kuma.io/service in mesh subset [#11244](https://github.com/kumahq/kuma/pull/11244) @jakubdyszkiewicz +* feat(helm): add possibility to configure env vars with value form referenced field [#10716](https://github.com/kumahq/kuma/pull/10716) @Automaat +* feat(insights): add resources to global insights [#11216](https://github.com/kumahq/kuma/pull/11216) @jakubdyszkiewicz +* feat(insights): count new services as resources [#11083](https://github.com/kumahq/kuma/pull/11083) @jakubdyszkiewicz +* feat(kds): remove kds v1 [#10946](https://github.com/kumahq/kuma/pull/10946) @Icarus9913 +* feat(kuma-cp): add backendRef indexes to rules [#11175](https://github.com/kumahq/kuma/pull/11175) @lobkovilya +* feat(kuma-cp): add possibility to omit top level targetRef in policies [#11321](https://github.com/kumahq/kuma/pull/11321) @Automaat +* feat(kuma-cp): add resource owner to resources in ResourceSet [#11043](https://github.com/kumahq/kuma/pull/11043) @Automaat +* feat(kuma-cp): don't trace intercp pings [#10936](https://github.com/kumahq/kuma/pull/10936) @michaelbeaumont +* feat(kuma-cp): exit with 0 when kubernetes leader election is lost [#11106](https://github.com/kumahq/kuma/pull/11106) @michaelbeaumont +* feat(kuma-cp): introduce ResourceRules [#10886](https://github.com/kumahq/kuma/pull/10886) @lobkovilya +* feat(kuma-cp): make loggers naming from xds package consistent [#10965](https://github.com/kumahq/kuma/pull/10965) @Automaat +* feat(kuma-cp): resolve labels for backendref [#11360](https://github.com/kumahq/kuma/pull/11360) @jakubdyszkiewicz +* feat(kuma-cp): set `kuma.io/env` label [#11053](https://github.com/kumahq/kuma/pull/11053) @michaelbeaumont +* feat(kuma-cp): set `kuma.io/mesh` label using ComputeLabels func [#11104](https://github.com/kumahq/kuma/pull/11104) @lobkovilya +* feat(kuma-cp): set `kuma.io/mesh` on universal resource labels [#11037](https://github.com/kumahq/kuma/pull/11037) @michaelbeaumont +* feat(kuma-cp): standarize cluster name for Mesh*Service [#11398](https://github.com/kumahq/kuma/pull/11398) @lukidzi +* feat(kuma-cp): support producer policy flow [#11308](https://github.com/kumahq/kuma/pull/11308) @lobkovilya +* feat(kuma-cp): use ResourceIdentifier in MeshContext structs [#11203](https://github.com/kumahq/kuma/pull/11203) @lobkovilya +* feat(kuma-dp): respond probes of kuma-sidecar from kuma-dp process instead of Envoy [#11107](https://github.com/kumahq/kuma/pull/11107) @jijiechen +* feat(kuma-dp): support TCP and gRPC probes for data planes running on Kubernetes [#10624](https://github.com/kumahq/kuma/pull/10624) @jijiechen +* feat(kumactl): add no-dataplanes profile and skip secrets when exporting [#10964](https://github.com/kumahq/kuma/pull/10964) @lahabana +* feat(kumactl): add server info when doing export [#10914](https://github.com/kumahq/kuma/pull/10914) @lahabana +* feat(meshexternalservice): make egress optional on the mesh to pass the traffic of mesh external service through egress. [#11445](https://github.com/kumahq/kuma/pull/11445) @jakubdyszkiewicz +* feat(meshexternalservice): remove MeshTrafficPermission support for MeshExternalService and allow traffic when using egress [#11075](https://github.com/kumahq/kuma/pull/11075) @lukidzi +* feat(meshexternalservice): remove unix support [#11350](https://github.com/kumahq/kuma/pull/11350) @slonka +* feat(meshexternalservice): route traffic through egress only [#11080](https://github.com/kumahq/kuma/pull/11080) @lukidzi +* feat(meshexternalservice): support MeshExternalService in MeshGateway and MeshHTTPRoute [#11383](https://github.com/kumahq/kuma/pull/11383) @slonka +* feat(meshexternalservice): use common protocol field [#11378](https://github.com/kumahq/kuma/pull/11378) @slonka +* feat(meshloadbalancingstrategy): support for multizoneservice [#11276](https://github.com/kumahq/kuma/pull/11276) @jakubdyszkiewicz +* feat(meshpassthrough): add support for delegated gateway [#10675](https://github.com/kumahq/kuma/pull/10675) @lukidzi +* feat(meshtls): implement policy for granular mtls configuration [#11229](https://github.com/kumahq/kuma/pull/11229) [#11233](https://github.com/kumahq/kuma/pull/11233) [#11254](https://github.com/kumahq/kuma/pull/11254) [#11437](https://github.com/kumahq/kuma/pull/11437) [#11447](https://github.com/kumahq/kuma/pull/11447) [#11468](https://github.com/kumahq/kuma/pull/11468) [#11469](https://github.com/kumahq/kuma/pull/11469) @lukidzi,@slonka +* feat(observability): default installation with exclusive mesh services [#11452](https://github.com/kumahq/kuma/pull/11452) @jakubdyszkiewicz +* feat(policy): implicitly reference MeshService objects with kuma.io/service [#11230](https://github.com/kumahq/kuma/pull/11230) @michaelbeaumont +* feat(policy): support targeting real MeshExternalService in MeshAccessLog, MeshCircuitBreaker, MeshHTTPRoute, MeshHealthCheck, MeshLoadBalancingStrategy, MeshRetry, MeshTCPRoute, MeshTimeout [#11162](https://github.com/kumahq/kuma/pull/11162) [#11163](https://github.com/kumahq/kuma/pull/11163) [#11220](https://github.com/kumahq/kuma/pull/11220) [#11231](https://github.com/kumahq/kuma/pull/11231) [#11232](https://github.com/kumahq/kuma/pull/11232) [#11236](https://github.com/kumahq/kuma/pull/11236) [#11272](https://github.com/kumahq/kuma/pull/11272) [#11273](https://github.com/kumahq/kuma/pull/11273) @lukidzi +* feat(policy): support targeting real MeshService in MeshAccessLog, MeshCircuitBreaker, MeshHTTPRoute, MeshHealthCheck, MeshRetry, MeshTCPRoute, MeshTimeout [#11060](https://github.com/kumahq/kuma/pull/11060) [#11063](https://github.com/kumahq/kuma/pull/11063) [#11068](https://github.com/kumahq/kuma/pull/11068) [#11070](https://github.com/kumahq/kuma/pull/11070) [#11154](https://github.com/kumahq/kuma/pull/11154) [#11161](https://github.com/kumahq/kuma/pull/11161) [#11222](https://github.com/kumahq/kuma/pull/11222) @Automaat +* feat(reachableservices): support defining reachable services for MeshService and MeshExternalService [#10869](https://github.com/kumahq/kuma/pull/10869) @lukidzi +* feat(transparent-proxy): add comments to tproxy iptables rules [#10809](https://github.com/kumahq/kuma/pull/10809) [#10811](https://github.com/kumahq/kuma/pull/10811) @bartsmykla +* feat(transparent-proxy): add iptables logging with new flag and annotation [#10743](https://github.com/kumahq/kuma/pull/10743) @bartsmykla +* feat(transparent-proxy): add option to exclude inbound ip addresses from transparent proxy [#10884](https://github.com/kumahq/kuma/pull/10884) @bartsmykla +* feat(transparent-proxy): add option to exclude ip addresses from outbound redirection [#10867](https://github.com/kumahq/kuma/pull/10867) @bartsmykla +* feat(transparent-proxy): add option to uninstall transparent proxy [#10890](https://github.com/kumahq/kuma/pull/10890) @bartsmykla +* feat(transparent-proxy): allow `--kuma-dp-user` to accept UIDs and deprecate `--kuma-dp-uid` flag [#10920](https://github.com/kumahq/kuma/pull/10920) @bartsmykla +* feat(transparent-proxy): allow configure transparent proxy from config file [#11089](https://github.com/kumahq/kuma/pull/11089) [#11403](https://github.com/kumahq/kuma/pull/11403) @bartsmykla +* feat(transparent-proxy): allow insert instead of append redirect rules [#11267](https://github.com/kumahq/kuma/pull/11267) @bartsmykla +* feat(transparent-proxy): enforce root privileges for (un)install commands [#11166](https://github.com/kumahq/kuma/pull/11166) @bartsmykla +* feat(transparent-proxy): handle option to drop invalid packets [#10676](https://github.com/kumahq/kuma/pull/10676) @bartsmykla +* feat(transparent-proxy): improve the way identifying/locating iptables binaries [#11207](https://github.com/kumahq/kuma/pull/11207) [#11277](https://github.com/kumahq/kuma/pull/11277) @bartsmykla +* feat(transparent-proxy): improve the way picking iptables executables/binaries [#11165](https://github.com/kumahq/kuma/pull/11165) [#11302](https://github.com/kumahq/kuma/pull/11302) @bartsmykla +* feat(transparent-proxy): remove deprecated flags and annotations for outbound port exclusions for UIDs [#10983](https://github.com/kumahq/kuma/pull/10983) @bartsmykla +* feat(transparent-proxy): remove deprecated redirect inbound port IPv6 [#10906](https://github.com/kumahq/kuma/pull/10906) @bartsmykla +* fix(HostnameGenerator): fix issues syncing HostnameGenerator policies from global CP to zone CPs [#11062](https://github.com/kumahq/kuma/pull/11062) @jakubdyszkiewicz +* fix(HostnameGenerator): selectors validation and matching [#10688](https://github.com/kumahq/kuma/pull/10688) @jakubdyszkiewicz +* fix(HostnameGenerator): sort resources before generating hostnames [#11010](https://github.com/kumahq/kuma/pull/11010) @michaelbeaumont +* fix(MeshAccessLog): strengthen validation for MeshAccessLog and MeshGateway [#11560](https://github.com/kumahq/kuma/pull/11560) @michaelbeaumont +* fix(MeshGateway): apply policies to clusters from real backendRefs [#11531](https://github.com/kumahq/kuma/pull/11531) @michaelbeaumont +* fix(MeshGateway): handle unresolved real backendRefs [#11461](https://github.com/kumahq/kuma/pull/11461) @michaelbeaumont +* fix(MeshGateway): prevent duplicate virtual hosts [#10866](https://github.com/kumahq/kuma/pull/10866) @michaelbeaumont +* fix(MeshLoadBalancingStrategy): apply to real resource targeted policies with MeshGateway [#11582](https://github.com/kumahq/kuma/pull/11582) @michaelbeaumont +* fix(MeshLoadBalancingStrategy): only allow `loadBalancer` with MeshGateway and to.targetRef.kind: Mesh [#11563](https://github.com/kumahq/kuma/pull/11563) @michaelbeaumont +* fix(MeshPassthrough): Route / as a prefix instead of the whole path [#11204](https://github.com/kumahq/kuma/pull/11204) @michaelbeaumont +* fix(MeshService): add port name when converting from Service [#10638](https://github.com/kumahq/kuma/pull/10638) @michaelbeaumont +* fix(MeshService): don't duplicate headless service VIPs [#10682](https://github.com/kumahq/kuma/pull/10682) @michaelbeaumont +* fix(MeshService): don't exclude kuma.io/service if using reachableBackends [#11301](https://github.com/kumahq/kuma/pull/11301) @michaelbeaumont +* fix(MeshService): don't skip endpoints for headless [#10684](https://github.com/kumahq/kuma/pull/10684) @michaelbeaumont +* fix(MeshService): don't skip endpoints for headless with ZoneIngress [#10735](https://github.com/kumahq/kuma/pull/10735) @michaelbeaumont +* fix(MeshService): don't sync deletion grace period label [#11064](https://github.com/kumahq/kuma/pull/11064) @michaelbeaumont +* fix(MeshService): limit display name to 63 characters [#10719](https://github.com/kumahq/kuma/pull/10719) @michaelbeaumont +* fix(api): when resource has origin zone assume is local [#11766](https://github.com/kumahq/kuma/pull/11766) @lukidzi +* fix(api-server): make clearer error messages for "method not allowed" errors on the global CP [#11069](https://github.com/kumahq/kuma/pull/11069) @michaelbeaumont +* fix(autoreachableservices): do not filter out MeshMultiZoneService [#11747](https://github.com/kumahq/kuma/pull/11747) @lukidzi +* fix(cni): set proper namespace for the taint controller [#10651](https://github.com/kumahq/kuma/pull/10651) @slonka +* fix(cni): set proper namespace for the taint controller (backport of #10651) [#10662](https://github.com/kumahq/kuma/pull/10662) @kumahq +* fix(e2e): loosen up assertion on traffic route test [#11764](https://github.com/kumahq/kuma/pull/11764) @Automaat +* fix(egress): same external service tag in multiple meshes [#11667](https://github.com/kumahq/kuma/pull/11667) @jakubdyszkiewicz +* fix(federation): export mesh secrets before Mesh objects [#11497](https://github.com/kumahq/kuma/pull/11497) @michaelbeaumont +* fix(federation): set skipCreatingInitialPolicies on exported Meshes [#11501](https://github.com/kumahq/kuma/pull/11501) @michaelbeaumont +* fix(injector): set allowPrivilegeEscalation: false on `kuma-validation` container [#11178](https://github.com/kumahq/kuma/pull/11178) @voidlily +* fix(inspect-api): add missing resources to BaseMeshContext [#11482](https://github.com/kumahq/kuma/pull/11482) @lobkovilya +* fix(inspect-api): added check if dpp is affected by zone policy [#11425](https://github.com/kumahq/kuma/pull/11425) @lukidzi +* fix(inspect-api): amend openapi types for arbitrary objects [#11515](https://github.com/kumahq/kuma/pull/11515) @johncowen +* fix(inspect-api): correct resource types in the inspect API to types of the policy, not the type of targetRef [#11438](https://github.com/kumahq/kuma/pull/11438) @lobkovilya +* fix(inspect-api): don't panic when outbound doesn't have 'kuma.io/service' tag [#11613](https://github.com/kumahq/kuma/pull/11613) @lobkovilya +* fix(inspect-api): don't set 'toRules' when `meshServices.mode: Exclusive` [#11623](https://github.com/kumahq/kuma/pull/11623) @lobkovilya +* fix(inspect-api): make `conf` an array of unknown structs in OpenAPI spec [#11528](https://github.com/kumahq/kuma/pull/11528) @johncowen +* fix(k8s): always authenticate with latest service account token [#11399](https://github.com/kumahq/kuma/pull/11399) @michaelbeaumont +* fix(k8s): avoid nil TargetRef pointer dereference (backport of #10746) [#10763](https://github.com/kumahq/kuma/pull/10763) @kumahq +* fix(k8s): avoid nil TargetRef pointer dereference in pod controller [#10746](https://github.com/kumahq/kuma/pull/10746) @czeslavo +* fix(k8s): check if labels has changed when reconciling [#11758](https://github.com/kumahq/kuma/pull/11758) @lukidzi +* fix(k8s): reenable deep copies when interacting with k8s resources [#10561](https://github.com/kumahq/kuma/pull/10561) @michaelbeaumont +* fix(kds): do not log an error when context cancelled [#10923](https://github.com/kumahq/kuma/pull/10923) @lukidzi +* fix(kuma-cp): Global Inspect API returns incorrect list of affected gateways dataplanes [#11790](https://github.com/kumahq/kuma/pull/11790) @lobkovilya +* fix(kuma-cp): add labels to dataplane object on universal [#11449](https://github.com/kumahq/kuma/pull/11449) @lukidzi +* fix(kuma-cp): allow specifying namespace when targeting MeshExternalService in policies [#11474](https://github.com/kumahq/kuma/pull/11474) @Automaat +* fix(kuma-cp): check if zone is online before forwarding request [#10919](https://github.com/kumahq/kuma/pull/10919) @lukidzi +* fix(kuma-cp): consumer scoped policies should be applied only on dpps from the same namespace [#11300](https://github.com/kumahq/kuma/pull/11300) @Automaat +* fix(kuma-cp): couldn't use `to[].targetRef: Mesh` on non-federated zones [#11428](https://github.com/kumahq/kuma/pull/11428) @lobkovilya +* fix(kuma-cp): deprecate use kuma.io/mesh annotation and use label instead [#11690](https://github.com/kumahq/kuma/pull/11690) @lukidzi +* fix(kuma-cp): do not sync policies with empty topLevel targetRef to zones that does not support it [#11457](https://github.com/kumahq/kuma/pull/11457) @Automaat +* fix(kuma-cp): don't add namespace labels when resource was synced from universal zone [#10913](https://github.com/kumahq/kuma/pull/10913) [#11020](https://github.com/kumahq/kuma/pull/11020) @Automaat +* fix(kuma-cp): don't allow namespace-scoped policies with 'to' and 'from' arrays at the same time [#11750](https://github.com/kumahq/kuma/pull/11750) @lobkovilya +* fix(kuma-cp): don't override owner and creation time Create opts [#11009](https://github.com/kumahq/kuma/pull/11009) @michaelbeaumont +* fix(kuma-cp): don't wait before ticking the first time in watchdog [#11105](https://github.com/kumahq/kuma/pull/11105) @michaelbeaumont +* fix(kuma-cp): fix conn closed error on transaction rollback [#10665](https://github.com/kumahq/kuma/pull/10665) @Automaat +* fix(kuma-cp): handle cases when requested BackendRefIdentifier contains ports [#11278](https://github.com/kumahq/kuma/pull/11278) @lobkovilya +* fix(kuma-cp): map port to section name for reachable backends [#11736](https://github.com/kumahq/kuma/pull/11736) @lukidzi +* fix(kuma-cp): paginate Secrets correctly in universal [#10954](https://github.com/kumahq/kuma/pull/10954) @michaelbeaumont +* fix(kuma-cp): panic when DPP uses outbounds with 'backendRef.Labels' and no meshservices were matched [#11604](https://github.com/kumahq/kuma/pull/11604) @lobkovilya +* fix(kuma-cp): pass future meta to Validate when creating a resource [#10927](https://github.com/kumahq/kuma/pull/10927) @michaelbeaumont +* fix(kuma-cp): properly match policies to gateway when calling _rules endpoint [#11504](https://github.com/kumahq/kuma/pull/11504) @Automaat +* fix(kuma-cp): remove automatically created MeshServices when mode is switched to `Disabled` [#11675](https://github.com/kumahq/kuma/pull/11675) @lobkovilya +* fix(kuma-cp): resources that were created on 2.7.x are missing namespace labels when synced on global [#11794](https://github.com/kumahq/kuma/pull/11794) @lobkovilya +* fix(kuma-cp): use contexts instead of channels in watchdog [#11110](https://github.com/kumahq/kuma/pull/11110) @lahabana +* fix(kuma-cp): validation for explicit DPP outbounds with BackendRef [#11415](https://github.com/kumahq/kuma/pull/11415) @lobkovilya +* fix(kuma-dp): don't fail if envoy version is not semver [#11095](https://github.com/kumahq/kuma/pull/11095) @lahabana +* fix(kumactl): fix flag in information banner for `kumactl generate tls-certificate` [#11318](https://github.com/kumahq/kuma/pull/11318) @f100024 +* fix(kumactl): remove service in prometheus config [#10969](https://github.com/kumahq/kuma/pull/10969) @lahabana +* fix(kumactl): support empty docs in in kumactl apply [#10951](https://github.com/kumahq/kuma/pull/10951) @lahabana +* fix(mads): add mutex when checking if reconcile is needed and reconciling [#11578](https://github.com/kumahq/kuma/pull/11578) @lobkovilya +* fix(meshexternalservice): allow defining only name or labels [#11502](https://github.com/kumahq/kuma/pull/11502) @lukidzi +* fix(meshexternalservice): generate correct sni for sidecar and egress [#11382](https://github.com/kumahq/kuma/pull/11382) @lukidzi +* fix(meshexternalservice): map from/to policy to resource rule for Egress [#11384](https://github.com/kumahq/kuma/pull/11384) @lukidzi +* fix(meshgateway): do not override annotations from deployment [#10698](https://github.com/kumahq/kuma/pull/10698) @Automaat +* fix(meshgatewayinstance): remove required since we generate serviceName [#11151](https://github.com/kumahq/kuma/pull/11151) @lukidzi +* fix(meshhttproute): deref pointer to weight or use default 1 [#11051](https://github.com/kumahq/kuma/pull/11051) @lukidzi +* fix(meshmetric): add missing timestamp in mapper [#10966](https://github.com/kumahq/kuma/pull/10966) @slonka +* fix(meshmultizoneservice): order of matched mesh services [#11475](https://github.com/kumahq/kuma/pull/11475) @jakubdyszkiewicz +* fix(meshpassthrough): do not require port [#10941](https://github.com/kumahq/kuma/pull/10941) @lukidzi +* fix(meshpassthrough): don't remove all filters chains [#11540](https://github.com/kumahq/kuma/pull/11540) @lukidzi +* fix(meshservice): do not wipe out identities of synced service [#10655](https://github.com/kumahq/kuma/pull/10655) @jakubdyszkiewicz +* fix(meshservice): permissive mTLS of synced services [#11749](https://github.com/kumahq/kuma/pull/11749) @jakubdyszkiewicz +* fix(meshservice): use only labels to index services [#11450](https://github.com/kumahq/kuma/pull/11450) @jakubdyszkiewicz +* fix(observability): use internal and external requests in outgoing status code panel [#10974](https://github.com/kumahq/kuma/pull/10974) @michaelbeaumont +* fix(policy): don't fail once cannot map MeshExternalService to tags rules [#11155](https://github.com/kumahq/kuma/pull/11155) @lukidzi +* fix(policy): verify zone if dpp origin is zone and metadata exists [#11462](https://github.com/kumahq/kuma/pull/11462) @lukidzi +* fix(resourcerules): add own mesh to the MeshContext, so it could be successfully resolved [#11525](https://github.com/kumahq/kuma/pull/11525) @lobkovilya +* fix(transparent-proxy): avoid mounting xtables.lock for newer versions of legacy iptables [#11113](https://github.com/kumahq/kuma/pull/11113) @bartsmykla +* fix(transparent-proxy): check DNS related CLI flags earlier [#11402](https://github.com/kumahq/kuma/pull/11402) @bartsmykla +* fix(transparent-proxy): conntrack zone splitting in docker containers with custom network [#11684](https://github.com/kumahq/kuma/pull/11684) @bartsmykla +* fix(transparent-proxy): enable `kuma.io/transparent-proxying-ip-family-mode` annotation per pod [#10905](https://github.com/kumahq/kuma/pull/10905) @bartsmykla +* fix(transparent-proxy): fix IPv6 iptables rules when no IPv6 DNS servers [#10800](https://github.com/kumahq/kuma/pull/10800) @bartsmykla +* fix(transparent-proxy): fix pod delay when CNI on GKE with OS Login [#11050](https://github.com/kumahq/kuma/pull/11050) @bartsmykla +* fix(transparent-proxy): refactor and make validation to work on IPv6 [#11395](https://github.com/kumahq/kuma/pull/11395) @bartsmykla +* fix(utils): enhance the logic to check if a channel is closed [#10894](https://github.com/kumahq/kuma/pull/10894) @sjmshsh +* fix(xds): accelerate universal dp XDS generation [#11180](https://github.com/kumahq/kuma/pull/11180) @Icarus9913 +* fix(xds): explicitly set initial fetch timeout to zero to keep Envoy wait for xds resources [#11024](https://github.com/kumahq/kuma/pull/11024) @jijiechen +* fix(xds): make sure ADS are ordered [#11579](https://github.com/kumahq/kuma/pull/11579) @jakubdyszkiewicz +* fix(xds): resolve eds deadlock introduced by initial fetch timeout [#11602](https://github.com/kumahq/kuma/pull/11602) @jakubdyszkiewicz +* perf(k8s): do not update resource on control-plane restart [#11327](https://github.com/kumahq/kuma/pull/11327) @lukidzi +* perf(kuma-cp): faster service to dpp matching [#10628](https://github.com/kumahq/kuma/pull/10628) @jakubdyszkiewicz +* revert(kuma-cp): do not use additional addresses [#11601](https://github.com/kumahq/kuma/pull/11601) @lukidzi + ## 2.8.4 -> Released on 2024/10/07 +> Released on 2024/10/08 * chore(deps): bump kumahq/kuma from 2.8.3 to 2.8.4 [#6583](https://github.com/Kong/kong-mesh/pull/6583) [#6595](https://github.com/Kong/kong-mesh/pull/6595) [#6619](https://github.com/Kong/kong-mesh/pull/6619) [#6651](https://github.com/Kong/kong-mesh/pull/6651) [#6678](https://github.com/Kong/kong-mesh/pull/6678) [#6705](https://github.com/Kong/kong-mesh/pull/6705) [#6709](https://github.com/Kong/kong-mesh/pull/6709) [#6717](https://github.com/Kong/kong-mesh/pull/6717) [#6725](https://github.com/Kong/kong-mesh/pull/6725) [#6737](https://github.com/Kong/kong-mesh/pull/6737) [#6753](https://github.com/Kong/kong-mesh/pull/6753) [#6758](https://github.com/Kong/kong-mesh/pull/6758) [#6763](https://github.com/Kong/kong-mesh/pull/6763) [#6768](https://github.com/Kong/kong-mesh/pull/6768) @kong-mesh * chore(deps): security update [#6661](https://github.com/Kong/kong-mesh/pull/6661) @kong-mesh * chore(deps): upgrade envoy for windows to 1.28.7 [#6647](https://github.com/Kong/kong-mesh/pull/6647) @lukidzi +### Includes [kumahq/kuma@2.8.4](https://github.com/kumahq/kuma/releases/tag/2.8.4) changelog + +* chore(deps): bump coredns from v1.11.1 to v1.11.3 [#11574](https://github.com/kumahq/kuma/pull/11574) @kumahq +* chore(deps): bump golang from 1.22.7 to 1.22.8 [#11630](https://github.com/kumahq/kuma/pull/11630) @Icarus9913 +* chore(deps): security update [#11330](https://github.com/kumahq/kuma/pull/11330) @kumahq +* chore(deps): upgrade envoy to 1.30.6 [#11487](https://github.com/kumahq/kuma/pull/11487) @lukidzi +* fix(MeshTrace): invalid sampling default values (backport of #11548) [#11551](https://github.com/kumahq/kuma/pull/11551) @kumahq +* fix(egress): same external service tag in multiple meshes (backport of #11667) [#11671](https://github.com/kumahq/kuma/pull/11671) @kumahq +* fix(meshgateway): do not override annotations from deployment (backport of #10698) [#11616](https://github.com/kumahq/kuma/pull/11616) @kumahq +* fix(xds): eds deadlock on initial fetch timeout (backport of #11602) [#11606](https://github.com/kumahq/kuma/pull/11606) @kumahq +* revert(kuma-cp): do not use additional addresses (backport of #11601) [#11609](https://github.com/kumahq/kuma/pull/11609) @kumahq + ## 2.7.8 -> Released on 2024/10/07 +> Released on 2024/10/08 * chore(deps): bump kumahq/kuma from 2.7.7 to 2.7.8 [#6584](https://github.com/Kong/kong-mesh/pull/6584) [#6653](https://github.com/Kong/kong-mesh/pull/6653) [#6677](https://github.com/Kong/kong-mesh/pull/6677) [#6689](https://github.com/Kong/kong-mesh/pull/6689) [#6704](https://github.com/Kong/kong-mesh/pull/6704) [#6708](https://github.com/Kong/kong-mesh/pull/6708) [#6715](https://github.com/Kong/kong-mesh/pull/6715) [#6724](https://github.com/Kong/kong-mesh/pull/6724) [#6736](https://github.com/Kong/kong-mesh/pull/6736) [#6748](https://github.com/Kong/kong-mesh/pull/6748) [#6752](https://github.com/Kong/kong-mesh/pull/6752) [#6759](https://github.com/Kong/kong-mesh/pull/6759) [#6764](https://github.com/Kong/kong-mesh/pull/6764) [#6767](https://github.com/Kong/kong-mesh/pull/6767) @kong-mesh * chore(deps): security update [#6662](https://github.com/Kong/kong-mesh/pull/6662) @kong-mesh * chore(deps): upgrade envoy for windows to 1.28.7 [#6648](https://github.com/Kong/kong-mesh/pull/6648) @lukidzi +### Includes [kumahq/kuma@2.7.8](https://github.com/kumahq/kuma/releases/tag/2.7.8) changelog + +* chore(deps): bump coredns from v1.11.1 to v1.11.3 [#11575](https://github.com/kumahq/kuma/pull/11575) @kumahq +* chore(deps): bump golang from 1.22.7 to 1.22.8 [#11629](https://github.com/kumahq/kuma/pull/11629) @Icarus9913 +* chore(deps): security update [#11329](https://github.com/kumahq/kuma/pull/11329) @kumahq +* chore(deps): upgrade envoy to 1.29.9 [#11486](https://github.com/kumahq/kuma/pull/11486) @lukidzi +* fix(MeshTrace): invalid sampling default values (backport of #11548) [#11552](https://github.com/kumahq/kuma/pull/11552) @kumahq +* fix(egress): same external service tag in multiple meshes (backport of #11667) [#11670](https://github.com/kumahq/kuma/pull/11670) @kumahq +* fix(meshgateway): do not override annotations from deployment (backport of #10698) [#11618](https://github.com/kumahq/kuma/pull/11618) @kumahq +* fix(xds): eds deadlock on initial fetch timeout (backport of #11602) [#11605](https://github.com/kumahq/kuma/pull/11605) @kumahq +* revert(kuma-cp): do not use additional addresses (backport of #11601) [#11612](https://github.com/kumahq/kuma/pull/11612) @kumahq + ## 2.6.12 -> Released on 2024/10/07 +> Released on 2024/10/08 * chore(deps): bump kumahq/kuma from 2.6.11 to 2.6.12 [#6585](https://github.com/Kong/kong-mesh/pull/6585) [#6650](https://github.com/Kong/kong-mesh/pull/6650) [#6680](https://github.com/Kong/kong-mesh/pull/6680) [#6703](https://github.com/Kong/kong-mesh/pull/6703) [#6706](https://github.com/Kong/kong-mesh/pull/6706) [#6713](https://github.com/Kong/kong-mesh/pull/6713) [#6726](https://github.com/Kong/kong-mesh/pull/6726) [#6735](https://github.com/Kong/kong-mesh/pull/6735) [#6738](https://github.com/Kong/kong-mesh/pull/6738) [#6747](https://github.com/Kong/kong-mesh/pull/6747) [#6755](https://github.com/Kong/kong-mesh/pull/6755) [#6760](https://github.com/Kong/kong-mesh/pull/6760) [#6765](https://github.com/Kong/kong-mesh/pull/6765) @kong-mesh * chore(deps): security update [#6659](https://github.com/Kong/kong-mesh/pull/6659) @kong-mesh +### Includes [kumahq/kuma@2.6.12](https://github.com/kumahq/kuma/releases/tag/2.6.12) changelog + +* chore(deps): bump coredns from v1.11.1 to v1.11.3 [#11576](https://github.com/kumahq/kuma/pull/11576) @kumahq +* chore(deps): bump golang from 1.22.7 to 1.22.8 [#11628](https://github.com/kumahq/kuma/pull/11628) @Icarus9913 +* chore(deps): security update [#11333](https://github.com/kumahq/kuma/pull/11333) @kumahq +* chore(deps): upgrade envoy to 1.28.7 [#11485](https://github.com/kumahq/kuma/pull/11485) @lukidzi +* fix(MeshTrace): invalid sampling default values (backport of #11548) [#11553](https://github.com/kumahq/kuma/pull/11553) @kumahq +* fix(egress): same external service tag in multiple meshes (backport of #11667) [#11669](https://github.com/kumahq/kuma/pull/11669) @kumahq +* fix(meshgateway): do not override annotations from deployment (backport of #10698) [#11619](https://github.com/kumahq/kuma/pull/11619) @kumahq +* fix(xds): eds deadlock on initial fetch timeout (backport of #11602) [#11607](https://github.com/kumahq/kuma/pull/11607) @kumahq +* revert(kuma-cp): do not use additional addresses (backport of #11601) [#11611](https://github.com/kumahq/kuma/pull/11611) @kumahq + ## 2.5.11 -> Released on 2024/10/07 +> Released on 2024/10/08 * chore(deps): bump kumahq/kuma from 2.5.10 to 2.5.11 [#6605](https://github.com/Kong/kong-mesh/pull/6605) [#6652](https://github.com/Kong/kong-mesh/pull/6652) [#6688](https://github.com/Kong/kong-mesh/pull/6688) [#6707](https://github.com/Kong/kong-mesh/pull/6707) [#6716](https://github.com/Kong/kong-mesh/pull/6716) [#6733](https://github.com/Kong/kong-mesh/pull/6733) [#6739](https://github.com/Kong/kong-mesh/pull/6739) [#6743](https://github.com/Kong/kong-mesh/pull/6743) [#6749](https://github.com/Kong/kong-mesh/pull/6749) [#6756](https://github.com/Kong/kong-mesh/pull/6756) [#6761](https://github.com/Kong/kong-mesh/pull/6761) [#6766](https://github.com/Kong/kong-mesh/pull/6766) @kong-mesh * chore(deps): security update [#6660](https://github.com/Kong/kong-mesh/pull/6660) @kong-mesh +### Includes [kumahq/kuma@2.5.11](https://github.com/kumahq/kuma/releases/tag/2.5.11) changelog + +* chore(deps): bump coredns from v1.11.1 to v1.11.3 [#11573](https://github.com/kumahq/kuma/pull/11573) @kumahq +* chore(deps): bump golang from 1.22.7 to 1.22.8 [#11627](https://github.com/kumahq/kuma/pull/11627) @Icarus9913 +* chore(deps): security update [#11332](https://github.com/kumahq/kuma/pull/11332) @kumahq +* chore(deps): upgrade envoy to 1.28.7 [#11484](https://github.com/kumahq/kuma/pull/11484) @lukidzi +* fix(egress): same external service tag in multiple meshes (backport of #11667) [#11668](https://github.com/kumahq/kuma/pull/11668) @kumahq +* fix(meshgateway): do not override annotations from deployment (backport of #10698) [#11617](https://github.com/kumahq/kuma/pull/11617) @kumahq +* fix(xds): eds deadlock on initial fetch timeout (backport of #11602) [#11608](https://github.com/kumahq/kuma/pull/11608) @kumahq + ## 2.8.3 > Released on 2024/09/04 @@ -121,6 +440,17 @@ * chore(deps): bump kumahq/kuma from ffb0a135b832 to 2.8.3 [#6368](https://github.com/Kong/kong-mesh/pull/6368) [#6441](https://github.com/Kong/kong-mesh/pull/6441) [#6453](https://github.com/Kong/kong-mesh/pull/6453) [#6474](https://github.com/Kong/kong-mesh/pull/6474) [#6482](https://github.com/Kong/kong-mesh/pull/6482) [#6490](https://github.com/Kong/kong-mesh/pull/6490) [#6501](https://github.com/Kong/kong-mesh/pull/6501) [#6505](https://github.com/Kong/kong-mesh/pull/6505) [#6514](https://github.com/Kong/kong-mesh/pull/6514) [#6519](https://github.com/Kong/kong-mesh/pull/6519) [#6528](https://github.com/Kong/kong-mesh/pull/6528) [#6532](https://github.com/Kong/kong-mesh/pull/6532) [#6542](https://github.com/Kong/kong-mesh/pull/6542) [#6549](https://github.com/Kong/kong-mesh/pull/6549) [#6558](https://github.com/Kong/kong-mesh/pull/6558) @kong-mesh * chore(deps): security update [#6405](https://github.com/Kong/kong-mesh/pull/6405) @kong-mesh +### Includes [kumahq/kuma@2.8.3](https://github.com/kumahq/kuma/releases/tag/2.8.3) changelog + +* chore(deps): bump Kong/public-shared-actions from 2.3.0 to 2.4.0 [#11147](https://github.com/kumahq/kuma/pull/11147) @kumahq +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.31.0 to 0.32.0 [#11158](https://github.com/kumahq/kuma/pull/11158) @kumahq +* chore(deps): security update [#11199](https://github.com/kumahq/kuma/pull/11199) @kumahq +* feat(kuma-dp): respond probes of kuma-sidecar from kuma-dp process instead of Envoy (backport of #11107) [#11238](https://github.com/kumahq/kuma/pull/11238) @kumahq +* fix(kuma-cp): paginate Secrets correctly in universal (backport of #10954) [#10959](https://github.com/kumahq/kuma/pull/10959) @kumahq +* fix(meshhttproute): deref pointer to weight or use default 1 (backport of #11051) [#11130](https://github.com/kumahq/kuma/pull/11130) @kumahq +* fix(meshmetric): add missing timestamp in mapper (backport of #10966) [#10980](https://github.com/kumahq/kuma/pull/10980) @kumahq +* fix(xds): explicitly set initial fetch timeout to zero to keep Envoy wait for xds resources (backport of #11024) [#11025](https://github.com/kumahq/kuma/pull/11025) @kumahq + ## 2.7.7 > Released on 2024/09/03 @@ -128,30 +458,93 @@ * chore(deps): bump kumahq/kuma from 90b2732876d1 to 2.7.7 [#6367](https://github.com/Kong/kong-mesh/pull/6367) [#6385](https://github.com/Kong/kong-mesh/pull/6385) [#6440](https://github.com/Kong/kong-mesh/pull/6440) [#6452](https://github.com/Kong/kong-mesh/pull/6452) [#6475](https://github.com/Kong/kong-mesh/pull/6475) [#6483](https://github.com/Kong/kong-mesh/pull/6483) [#6502](https://github.com/Kong/kong-mesh/pull/6502) [#6504](https://github.com/Kong/kong-mesh/pull/6504) [#6511](https://github.com/Kong/kong-mesh/pull/6511) [#6518](https://github.com/Kong/kong-mesh/pull/6518) [#6527](https://github.com/Kong/kong-mesh/pull/6527) [#6548](https://github.com/Kong/kong-mesh/pull/6548) [#6557](https://github.com/Kong/kong-mesh/pull/6557) @kong-mesh * chore(deps): downgrade envoy for windows to 1.28.5 [#6380](https://github.com/Kong/kong-mesh/pull/6380) @lukidzi +### Includes [kumahq/kuma@2.7.7](https://github.com/kumahq/kuma/releases/tag/2.7.7) changelog + +* chore(deps): bump Kong/public-shared-actions from 2.3.0 to 2.4.0 [#11150](https://github.com/kumahq/kuma/pull/11150) @kumahq +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.31.0 to 0.32.0 [#11156](https://github.com/kumahq/kuma/pull/11156) @kumahq +* chore(deps): security update [#11198](https://github.com/kumahq/kuma/pull/11198) @kumahq +* feat(kuma-dp): respond probes of kuma-sidecar from kuma-dp process instead of Envoy (backport of #11107) [#11242](https://github.com/kumahq/kuma/pull/11242) @kumahq +* fix(kuma-cp): paginate Secrets correctly in universal (backport of #10954) [#10958](https://github.com/kumahq/kuma/pull/10958) @kumahq +* fix(meshhttproute): deref pointer to weight or use default 1 (backport of #11051) [#11129](https://github.com/kumahq/kuma/pull/11129) @kumahq +* fix(meshmetric): add missing timestamp in mapper (backport of #10966) [#10978](https://github.com/kumahq/kuma/pull/10978) @kumahq +* fix(xds): explicitly set initial fetch timeout to zero to keep Envoy wait for xds resources (backport of #11024) [#11026](https://github.com/kumahq/kuma/pull/11026) @kumahq + ## 2.6.11 > Released on 2024/09/03 * chore(deps): bump kumahq/kuma from fbafe3de5ac5 to 2.6.11 [#6366](https://github.com/Kong/kong-mesh/pull/6366) [#6415](https://github.com/Kong/kong-mesh/pull/6415) [#6454](https://github.com/Kong/kong-mesh/pull/6454) [#6476](https://github.com/Kong/kong-mesh/pull/6476) [#6506](https://github.com/Kong/kong-mesh/pull/6506) [#6512](https://github.com/Kong/kong-mesh/pull/6512) [#6522](https://github.com/Kong/kong-mesh/pull/6522) [#6525](https://github.com/Kong/kong-mesh/pull/6525) [#6550](https://github.com/Kong/kong-mesh/pull/6550) [#6555](https://github.com/Kong/kong-mesh/pull/6555) @kong-mesh +### Includes [kumahq/kuma@2.6.11](https://github.com/kumahq/kuma/releases/tag/2.6.11) changelog + +* chore(deps): security update [#11200](https://github.com/kumahq/kuma/pull/11200) @kumahq +* feat(kuma-dp): respond probes of kuma-sidecar from kuma-dp process instead of Envoy [#11241](https://github.com/kumahq/kuma/pull/11241) @kumahq +* fix(kuma-cp): paginate Secrets correctly in universal (backport of #10954) [#10955](https://github.com/kumahq/kuma/pull/10955) @kumahq +* fix(meshhttproute): deref pointer to weight or use default 1 (backport of #11051) [#11127](https://github.com/kumahq/kuma/pull/11127) @kumahq +* fix(meshmetric): add missing timestamp in mapper (backport of #10966) [#10977](https://github.com/kumahq/kuma/pull/10977) @kumahq +* fix(xds): explicitly set initial fetch timeout to zero to keep Envoy wait for xds resources (backport of #11024) [#11028](https://github.com/kumahq/kuma/pull/11028) @kumahq + ## 2.5.10 > Released on 2024/09/03 * chore(deps): bump kumahq/kuma from fab8179dfe37 to 2.5.10 [#6379](https://github.com/Kong/kong-mesh/pull/6379) [#6416](https://github.com/Kong/kong-mesh/pull/6416) [#6508](https://github.com/Kong/kong-mesh/pull/6508) [#6515](https://github.com/Kong/kong-mesh/pull/6515) [#6521](https://github.com/Kong/kong-mesh/pull/6521) [#6526](https://github.com/Kong/kong-mesh/pull/6526) [#6551](https://github.com/Kong/kong-mesh/pull/6551) [#6556](https://github.com/Kong/kong-mesh/pull/6556) @kong-mesh +### Includes [kumahq/kuma@2.5.10](https://github.com/kumahq/kuma/releases/tag/2.5.10) changelog + +* chore(deps): security update [#11196](https://github.com/kumahq/kuma/pull/11196) @kumahq +* feat(kuma-dp): respond probes of kuma-sidecar from kuma-dp process instead of Envoy [#11239](https://github.com/kumahq/kuma/pull/11239) @kumahq +* fix(kuma-cp): paginate Secrets correctly in universal (backport of #10954) [#10957](https://github.com/kumahq/kuma/pull/10957) @kumahq +* fix(xds): explicitly set initial fetch timeout to zero to keep Envoy wait for xds resources (backport of #11024) [#11029](https://github.com/kumahq/kuma/pull/11029) @kumahq + + +## 2.6.10 +> Released on 2024/07/25 + +* chore(deps): bump kumahq/kuma from e28b7339e639 to fbafe3de5 [#6288](https://github.com/Kong/kong-mesh/pull/6288) [#6343](https://github.com/Kong/kong-mesh/pull/6343) [#6358](https://github.com/Kong/kong-mesh/pull/6358) @kong-mesh + +### Includes [kumahq/kuma@2.6.10](https://github.com/kumahq/kuma/releases/tag/2.6.10) changelog + +* chore(deps): update go to 1.22.5 (backport of #10096) [#10853](https://github.com/kumahq/kuma/pull/10853) @kumahq +* chore(deps): upgrade envoy with DNS fix [#10932](https://github.com/kumahq/kuma/pull/10932) @michaelbeaumont +* fix(transparent-proxy): allow iptables executables without mode [#10793](https://github.com/kumahq/kuma/pull/10793) @bartsmykla + ## 2.5.9 > Released on 2024/07/25 * chore(deps): bump kumahq/kuma from e39c5430659a to fab8179df [#6295](https://github.com/Kong/kong-mesh/pull/6295) [#6346](https://github.com/Kong/kong-mesh/pull/6346) [#6349](https://github.com/Kong/kong-mesh/pull/6349) @kong-mesh +### Includes [kumahq/kuma@2.5.9](https://github.com/kumahq/kuma/releases/tag/2.5.9) changelog + +* chore(deps): update go to 1.22.5 and kube controller-tools to v0.14.0 (backport of #10096) [#10854](https://github.com/kumahq/kuma/pull/10854) @kumahq +* chore(deps): upgrade envoy with DNS fix [#10931](https://github.com/kumahq/kuma/pull/10931) @michaelbeaumont +* fix(transparent-proxy): allow iptables executable without mode [#10794](https://github.com/kumahq/kuma/pull/10794) @bartsmykla + ## 2.4.10 > Released on 2024/07/25 * chore(deps): bump kumahq/kuma from 124fc3eb91b0 to fde462d37 [#6342](https://github.com/Kong/kong-mesh/pull/6342) [#6353](https://github.com/Kong/kong-mesh/pull/6353) @kong-mesh +### Includes [kumahq/kuma@2.4.10](https://github.com/kumahq/kuma/releases/tag/2.4.10) changelog + +* chore(deps): update go to 1.22.5 (backport of #10096) [#10855](https://github.com/kumahq/kuma/pull/10855) @kumahq +* chore(deps): upgrade envoy with DNS fix [#10930](https://github.com/kumahq/kuma/pull/10930) @michaelbeaumont + + +## 2.8.2 +> Released on 2024/07/24 + +* chore(deps): bump kumahq/kuma from c3a2cada28e3 to ffb0a135b [#6274](https://github.com/Kong/kong-mesh/pull/6274) [#6283](https://github.com/Kong/kong-mesh/pull/6283) [#6317](https://github.com/Kong/kong-mesh/pull/6317) [#6344](https://github.com/Kong/kong-mesh/pull/6344) [#6350](https://github.com/Kong/kong-mesh/pull/6350) @kong-mesh +* chore(deps): security update [#6271](https://github.com/Kong/kong-mesh/pull/6271) [#6330](https://github.com/Kong/kong-mesh/pull/6330) @kong-mesh + +### Includes [kumahq/kuma@2.8.2](https://github.com/kumahq/kuma/releases/tag/2.8.2) changelog + +* chore(deps): update go to 1.22.5 (backport of #10096) [#10856](https://github.com/kumahq/kuma/pull/10856) @kumahq +* chore(deps): upgrade envoy with DNS fix [#10934](https://github.com/kumahq/kuma/pull/10934) @michaelbeaumont +* fix(k8s): avoid nil TargetRef pointer dereference (backport of #10746) [#10763](https://github.com/kumahq/kuma/pull/10763) @kumahq + ## 2.7.6 > Released on 2024/07/24 @@ -159,19 +552,23 @@ * chore(deps): bump kumahq/kuma from bab1af2f8583 to 90b273287 [#6276](https://github.com/Kong/kong-mesh/pull/6276) [#6299](https://github.com/Kong/kong-mesh/pull/6299) [#6345](https://github.com/Kong/kong-mesh/pull/6345) [#6359](https://github.com/Kong/kong-mesh/pull/6359) @kong-mesh * chore(deps): security update [#6270](https://github.com/Kong/kong-mesh/pull/6270) @kong-mesh +### Includes [kumahq/kuma@2.7.6](https://github.com/kumahq/kuma/releases/tag/2.7.6) changelog -## 2.6.10 -> Released on 2024/07/24 +* chore(deps): update go to 1.22.5 (backport of #10096) [#10857](https://github.com/kumahq/kuma/pull/10857) @kumahq +* chore(deps): upgrade envoy with DNS fix [#10933](https://github.com/kumahq/kuma/pull/10933) @michaelbeaumont +* fix(transparent-proxy): allow iptables executables without mode [#10792](https://github.com/kumahq/kuma/pull/10792) @bartsmykla -* chore(deps): bump kumahq/kuma from e28b7339e639 to fbafe3de5 [#6288](https://github.com/Kong/kong-mesh/pull/6288) [#6343](https://github.com/Kong/kong-mesh/pull/6343) [#6358](https://github.com/Kong/kong-mesh/pull/6358) @kong-mesh +## 2.6.9 +> Released on 2024/07/05 -## 2.8.2 -> Released on 2024/07/23 +* chore(deps): bump kumahq/kuma from 498d86f27ece to e28b7339e [#6212](https://github.com/Kong/kong-mesh/pull/6212) [#6230](https://github.com/Kong/kong-mesh/pull/6230) [#6244](https://github.com/Kong/kong-mesh/pull/6244) [#6285](https://github.com/Kong/kong-mesh/pull/6285) @kong-mesh +* chore(deps): security update [#6197](https://github.com/Kong/kong-mesh/pull/6197) [#6272](https://github.com/Kong/kong-mesh/pull/6272) @kong-mesh -* chore(deps): bump kumahq/kuma from c3a2cada28e3 to ffb0a135b [#6274](https://github.com/Kong/kong-mesh/pull/6274) [#6283](https://github.com/Kong/kong-mesh/pull/6283) [#6317](https://github.com/Kong/kong-mesh/pull/6317) [#6344](https://github.com/Kong/kong-mesh/pull/6344) [#6350](https://github.com/Kong/kong-mesh/pull/6350) @kong-mesh -* chore(deps): security update [#6271](https://github.com/Kong/kong-mesh/pull/6271) [#6330](https://github.com/Kong/kong-mesh/pull/6330) @kong-mesh +### Includes [kumahq/kuma@2.6.9](https://github.com/kumahq/kuma/releases/tag/2.6.9) changelog +* chore(deps): upgrade envoy to 1.28.5 [#10685](https://github.com/kumahq/kuma/pull/10685) @lukidzi +* fix(cni): set proper namespace for the taint controller (backport of #10651) [#10659](https://github.com/kumahq/kuma/pull/10659) @kumahq ## 2.5.8 > Released on 2024/07/05 @@ -184,6 +581,19 @@ * fix(kuma-cp): fixed an issue that breaks license propagation from the global control plane to zone control planes +### Includes [kumahq/kuma@2.5.8](https://github.com/kumahq/kuma/releases/tag/2.5.8) changelog + +* chore(deps): upgrade envoy to 1.28.5 [#10686](https://github.com/kumahq/kuma/pull/10686) @lukidzi +* chore(deps): upgrade go to 1.21.11 (backport of #10401) [#10406](https://github.com/kumahq/kuma/pull/10406) @kumahq +* chore(deps): use latest kumahq/kuma-gui [#10066](https://github.com/kumahq/kuma/pull/10066) [#10090](https://github.com/kumahq/kuma/pull/10090) @kumahq +* fix(cni): set proper namespace for the taint controller (backport of #10651) [#10663](https://github.com/kumahq/kuma/pull/10663) @kumahq +* fix(gatewayapi): validate presence of all required Gateway API resources (backport of #10079) [#10080](https://github.com/kumahq/kuma/pull/10080) @kumahq +* fix(jobs): jobs termination after CP restart (backport of #10085) [#10088](https://github.com/kumahq/kuma/pull/10088) @kumahq +* fix(kds): fix retry on NACK and add backoff (backport of #9736) [#9858](https://github.com/kumahq/kuma/pull/9858) @kumahq +* fix(kds): fix the case when webhook/db reject resource (backport of #10315) [#10352](https://github.com/kumahq/kuma/pull/10352) @kumahq +* fix(kuma-cp): consistently check for expiring ZoneIngress/ZoneEgress certs (backport of #10160, #10162, #10161) [#10166](https://github.com/kumahq/kuma/pull/10166) @kumahq +* fix(transparent-proxy): stop logging all to stderr when installing tproxy (backport of #10045) [#10050](https://github.com/kumahq/kuma/pull/10050) @kumahq + ## 2.4.9 > Released on 2024/07/05 @@ -193,28 +603,43 @@ * fix(license): don't fail if we ever saw a valid license (backport of #5968) [#5971](https://github.com/Kong/kong-mesh/pull/5971) @kong-mesh * fix(ubi): upgrade from non-existent iptables-nft version (backport of #5910) [#6007](https://github.com/Kong/kong-mesh/pull/6007) @kong-mesh +### Includes [kumahq/kuma@2.4.9](https://github.com/kumahq/kuma/releases/tag/2.4.9) changelog -## 2.6.9 -> Released on 2024/07/04 - -* chore(deps): bump kumahq/kuma from 498d86f27ece to e28b7339e [#6212](https://github.com/Kong/kong-mesh/pull/6212) [#6230](https://github.com/Kong/kong-mesh/pull/6230) [#6244](https://github.com/Kong/kong-mesh/pull/6244) [#6285](https://github.com/Kong/kong-mesh/pull/6285) @kong-mesh -* chore(deps): security update [#6197](https://github.com/Kong/kong-mesh/pull/6197) [#6272](https://github.com/Kong/kong-mesh/pull/6272) @kong-mesh - +* chore(deps): upgrade envoy to 1.27.7 [#10690](https://github.com/kumahq/kuma/pull/10690) @lukidzi +* chore(deps): upgrade go from 1.21.10 to 1.21.11 (backport of #10401) [#10407](https://github.com/kumahq/kuma/pull/10407) @kumahq +* fix(cni): set proper namespace for the taint controller (backport of #10651) [#10660](https://github.com/kumahq/kuma/pull/10660) @kumahq +* fix(gatewayapi): validate presence of all required Gateway API resources (backport of #10079) [#10081](https://github.com/kumahq/kuma/pull/10081) @kumahq +* fix(kuma-cp): consistently check for expiring ZoneIngress/ZoneEgress certs (backport of #10160, #10162, #10161) [#10170](https://github.com/kumahq/kuma/pull/10170) @kumahq +* fix(jobs): jobs termination after CP restart (backport of https://github.com/kumahq/kuma/pull/10085) https://github.com/kumahq/kuma/pull/10087 @kumahq ## 2.8.1 -> Released on 2024/07/03 +> Released on 2024/07/04 * chore(deps): bump kumahq/kuma from 1110a0305eec to c3a2cada2 [#6207](https://github.com/Kong/kong-mesh/pull/6207) [#6211](https://github.com/Kong/kong-mesh/pull/6211) [#6233](https://github.com/Kong/kong-mesh/pull/6233) [#6236](https://github.com/Kong/kong-mesh/pull/6236) [#6247](https://github.com/Kong/kong-mesh/pull/6247) @kong-mesh * chore(deps): upgrade envoy to 1.28.5 for windows [#6234](https://github.com/Kong/kong-mesh/pull/6234) @lukidzi * chore(deps): use latest Kong/kong-mesh-gui [#6206](https://github.com/Kong/kong-mesh/pull/6206) @kong-mesh +### Includes [kumahq/kuma@2.8.1](https://github.com/kumahq/kuma/releases/tag/2.8.1) changelog + +* chore(deps): upgrade envoy to 1.30.3 [#10645](https://github.com/kumahq/kuma/pull/10645) @lukidzi +* chore(deps): upgrade envoy to 1.30.4 [#10692](https://github.com/kumahq/kuma/pull/10692) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#10647](https://github.com/kumahq/kuma/pull/10647) @kumahq +* fix(cni): set proper namespace for the taint controller (backport of #10651) [#10662](https://github.com/kumahq/kuma/pull/10662) @kumahq +* fix(hostnamegenerator): selectors validation and matching [#10688](https://github.com/kumahq/kuma/pull/10688) @jakubdyszkiewicz +* fix(meshservice): do not wipe out identities of synced service [#10655](https://github.com/kumahq/kuma/pull/10655) @jakubdyszkiewicz + ## 2.7.5 -> Released on 2024/07/03 +> Released on 2024/07/04 * chore(deps): bump kumahq/kuma from f19b85337222 to bab1af2f8 [#6208](https://github.com/Kong/kong-mesh/pull/6208) [#6232](https://github.com/Kong/kong-mesh/pull/6232) [#6246](https://github.com/Kong/kong-mesh/pull/6246) @kong-mesh * chore(deps): security update [#6195](https://github.com/Kong/kong-mesh/pull/6195) @kong-mesh +### Includes [kumahq/kuma@2.7.5](https://github.com/kumahq/kuma/releases/tag/2.7.5) changelog + +* chore(deps): bump envoy from 1.29.5 to 1.29.7 [#10641](https://github.com/kumahq/kuma/pull/10641) [#10691](https://github.com/kumahq/kuma/pull/10691) @lukidzi +* fix(cni): set proper namespace for the taint controller (backport of #10651) [#10661](https://github.com/kumahq/kuma/pull/10661) @kumahq + ## 2.8.0 > Released on 2024/06/24 @@ -249,9 +674,138 @@ * fix(license): don't fail if we ever saw a valid license [#5968](https://github.com/Kong/kong-mesh/pull/5968) @lahabana * fix(ubi): upgrade iptables-nft version [#5910](https://github.com/Kong/kong-mesh/pull/5910) @michaelbeaumont +### Includes [kumahq/kuma@2.8.0](https://github.com/kumahq/kuma/releases/tag/2.8.0) changelog + +* chore(build): add possibility to configure extra args for shellcheck [#10331](https://github.com/kumahq/kuma/pull/10331) @Automaat +* chore(build): set envoy version conditionally [#10538](https://github.com/kumahq/kuma/pull/10538) @lukidzi +* chore(deps): bump Kong/public-shared-actions from 2.2.0 to 2.2.3 [#9995](https://github.com/kumahq/kuma/pull/9995) [#10126](https://github.com/kumahq/kuma/pull/10126) [#10197](https://github.com/kumahq/kuma/pull/10197) @dependabot +* chore(deps): bump actions/checkout from 4.1.2 to 4.1.7 [#10036](https://github.com/kumahq/kuma/pull/10036) [#10123](https://github.com/kumahq/kuma/pull/10123) [#10195](https://github.com/kumahq/kuma/pull/10195) [#10263](https://github.com/kumahq/kuma/pull/10263) [#10521](https://github.com/kumahq/kuma/pull/10521) @dependabot +* chore(deps): bump actions/create-github-app-token from 1.9.3 to 1.10.1 [#10175](https://github.com/kumahq/kuma/pull/10175) [#10372](https://github.com/kumahq/kuma/pull/10372) @dependabot +* chore(deps): bump actions/download-artifact from 4.1.4 to 4.1.7 [#9993](https://github.com/kumahq/kuma/pull/9993) [#10122](https://github.com/kumahq/kuma/pull/10122) @dependabot +* chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 [#10173](https://github.com/kumahq/kuma/pull/10173) @dependabot +* chore(deps): bump actions/upload-artifact from 4.3.1 to 4.3.3 [#9994](https://github.com/kumahq/kuma/pull/9994) [#10035](https://github.com/kumahq/kuma/pull/10035) [#10127](https://github.com/kumahq/kuma/pull/10127) @dependabot +* chore(deps): bump cloudsmith-io/action from 0.6.6 to 0.6.9 [#10324](https://github.com/kumahq/kuma/pull/10324) [#10427](https://github.com/kumahq/kuma/pull/10427) [#10523](https://github.com/kumahq/kuma/pull/10523) @dependabot +* chore(deps): bump debian from `b37bc25` to `a92ed51` [#10120](https://github.com/kumahq/kuma/pull/10120) [#10264](https://github.com/kumahq/kuma/pull/10264) [#10520](https://github.com/kumahq/kuma/pull/10520) @dependabot +* chore(deps): bump distroless/base-nossl-debian11 from `4cba3ac` to `1dcd82e` [#10183](https://github.com/kumahq/kuma/pull/10183) @dependabot +* chore(deps): bump envoy version from 1.29.3 to 1.30.2 [#10453](https://github.com/kumahq/kuma/pull/10453) @lukidzi +* chore(deps): bump github.com/cilium/ebpf from 0.14.0 to 0.15.0 [#10039](https://github.com/kumahq/kuma/pull/10039) @dependabot +* chore(deps): bump github.com/containernetworking/cni from 1.2.0 to 1.2.1 [#10526](https://github.com/kumahq/kuma/pull/10526) @dependabot +* chore(deps): bump github.com/containernetworking/plugins from 1.4.1 to 1.5.0 [#10282](https://github.com/kumahq/kuma/pull/10282) @dependabot +* chore(deps): bump github.com/emicklei/go-restful/v3 from 3.12.0 to 3.12.1 [#10375](https://github.com/kumahq/kuma/pull/10375) @dependabot +* chore(deps): bump github.com/exaring/otelpgx from 0.5.4 to 0.6.1 [#10528](https://github.com/kumahq/kuma/pull/10528) @dependabot +* chore(deps): bump github.com/go-logr/logr from 1.4.1 to 1.4.2 [#10295](https://github.com/kumahq/kuma/pull/10295) @dependabot +* chore(deps): bump github.com/golang-migrate/migrate/v4 from 4.17.0 to 4.17.1 [#10038](https://github.com/kumahq/kuma/pull/10038) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.46.13 to 0.46.15 [#10118](https://github.com/kumahq/kuma/pull/10118) [#10297](https://github.com/kumahq/kuma/pull/10297) @dependabot +* chore(deps): bump github.com/jackc/pgx/v5 from 5.5.5 to 5.6.0 [#10325](https://github.com/kumahq/kuma/pull/10325) @dependabot +* chore(deps): bump github.com/miekg/dns from 1.1.58 to 1.1.61 [#9990](https://github.com/kumahq/kuma/pull/9990) [#10527](https://github.com/kumahq/kuma/pull/10527) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.19.0 [#10119](https://github.com/kumahq/kuma/pull/10119) [#10223](https://github.com/kumahq/kuma/pull/10223) [#10296](https://github.com/kumahq/kuma/pull/10296) [#10326](https://github.com/kumahq/kuma/pull/10326) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.32.0 to 1.33.1 [#9991](https://github.com/kumahq/kuma/pull/9991) [#10180](https://github.com/kumahq/kuma/pull/10180) @dependabot +* chore(deps): bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 [#10226](https://github.com/kumahq/kuma/pull/10226) @dependabot +* chore(deps): bump github.com/prometheus/common from 0.52.3 to 0.54.0 [#9989](https://github.com/kumahq/kuma/pull/9989) [#10374](https://github.com/kumahq/kuma/pull/10374) @dependabot +* chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 [#10530](https://github.com/kumahq/kuma/pull/10530) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.30.0 to 0.31.0 [#10222](https://github.com/kumahq/kuma/pull/10222) @dependabot +* chore(deps): bump github/codeql-action from 3.25.0 to 3.25.10 [#9996](https://github.com/kumahq/kuma/pull/9996) [#10128](https://github.com/kumahq/kuma/pull/10128) [#10227](https://github.com/kumahq/kuma/pull/10227) [#10286](https://github.com/kumahq/kuma/pull/10286) [#10373](https://github.com/kumahq/kuma/pull/10373) [#10396](https://github.com/kumahq/kuma/pull/10396) [#10522](https://github.com/kumahq/kuma/pull/10522) @dependabot +* chore(deps): bump go.opentelemetry.io/proto/otlp from 1.2.0 to 1.3.1 [#10524](https://github.com/kumahq/kuma/pull/10524) @dependabot +* chore(deps): bump golang.org/x/net from 0.24.0 to 0.26.0 [#10225](https://github.com/kumahq/kuma/pull/10225) [#10398](https://github.com/kumahq/kuma/pull/10398) @dependabot +* chore(deps): bump golang.org/x/sys from 0.19.0 to 0.20.0 [#10181](https://github.com/kumahq/kuma/pull/10181) @dependabot +* chore(deps): bump golang.org/x/text from 0.14.0 to 0.15.0 [#10176](https://github.com/kumahq/kuma/pull/10176) @dependabot +* chore(deps): bump golangci/golangci-lint-action from 4.0.0 to 6.0.1 [#10129](https://github.com/kumahq/kuma/pull/10129) [#10174](https://github.com/kumahq/kuma/pull/10174) [#10196](https://github.com/kumahq/kuma/pull/10196) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.63.2 to 1.64.0 [#10266](https://github.com/kumahq/kuma/pull/10266) @dependabot +* chore(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.2 [#10177](https://github.com/kumahq/kuma/pull/10177) [#10525](https://github.com/kumahq/kuma/pull/10525) @dependabot +* chore(deps): bump kumahq/ubuntu-netools from `9eba4ba` to `8675216` [#10131](https://github.com/kumahq/kuma/pull/10131) [#10182](https://github.com/kumahq/kuma/pull/10182) [#10285](https://github.com/kumahq/kuma/pull/10285) @dependabot +* chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 [#10228](https://github.com/kumahq/kuma/pull/10228) @dependabot +* chore(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.5 [#9997](https://github.com/kumahq/kuma/pull/9997) [#10125](https://github.com/kumahq/kuma/pull/10125) @dependabot +* chore(deps): bump postgres from `5c58707` to `46aa2ee` [#10041](https://github.com/kumahq/kuma/pull/10041) [#10132](https://github.com/kumahq/kuma/pull/10132) [#10221](https://github.com/kumahq/kuma/pull/10221) [#10284](https://github.com/kumahq/kuma/pull/10284) [#10514](https://github.com/kumahq/kuma/pull/10514) @dependabot +* chore(deps): bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 [#10124](https://github.com/kumahq/kuma/pull/10124) @dependabot +* chore(deps): bump the go-opentelemetry-io group with 9 updates [#10115](https://github.com/kumahq/kuma/pull/10115) [#10294](https://github.com/kumahq/kuma/pull/10294) @dependabot +* chore(deps): bump ubuntu from jammy-20240227 to jammy-20240530 [#9987](https://github.com/kumahq/kuma/pull/9987) [#10121](https://github.com/kumahq/kuma/pull/10121) [#10184](https://github.com/kumahq/kuma/pull/10184) [#10413](https://github.com/kumahq/kuma/pull/10413) @dependabot +* chore(deps): ignore go-control-plane updates by dependabot [#10412](https://github.com/kumahq/kuma/pull/10412) @bartsmykla +* chore(deps): update CNI to v1.2.0 [#10101](https://github.com/kumahq/kuma/pull/10101) @Icarus9913 +* chore(deps): upgrade go to 1.21.11 [#10401](https://github.com/kumahq/kuma/pull/10401) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#9978](https://github.com/kumahq/kuma/pull/9978) [#9980](https://github.com/kumahq/kuma/pull/9980) [#9985](https://github.com/kumahq/kuma/pull/9985) [#9998](https://github.com/kumahq/kuma/pull/9998) [#10001](https://github.com/kumahq/kuma/pull/10001) [#10009](https://github.com/kumahq/kuma/pull/10009) [#10010](https://github.com/kumahq/kuma/pull/10010) [#10043](https://github.com/kumahq/kuma/pull/10043) [#10044](https://github.com/kumahq/kuma/pull/10044) [#10052](https://github.com/kumahq/kuma/pull/10052) [#10053](https://github.com/kumahq/kuma/pull/10053) [#10060](https://github.com/kumahq/kuma/pull/10060) [#10061](https://github.com/kumahq/kuma/pull/10061) [#10062](https://github.com/kumahq/kuma/pull/10062) [#10064](https://github.com/kumahq/kuma/pull/10064) [#10092](https://github.com/kumahq/kuma/pull/10092) [#10093](https://github.com/kumahq/kuma/pull/10093) [#10105](https://github.com/kumahq/kuma/pull/10105) [#10108](https://github.com/kumahq/kuma/pull/10108) [#10111](https://github.com/kumahq/kuma/pull/10111) [#10112](https://github.com/kumahq/kuma/pull/10112) [#10135](https://github.com/kumahq/kuma/pull/10135) [#10136](https://github.com/kumahq/kuma/pull/10136) [#10143](https://github.com/kumahq/kuma/pull/10143) [#10187](https://github.com/kumahq/kuma/pull/10187) [#10188](https://github.com/kumahq/kuma/pull/10188) [#10190](https://github.com/kumahq/kuma/pull/10190) [#10198](https://github.com/kumahq/kuma/pull/10198) [#10199](https://github.com/kumahq/kuma/pull/10199) [#10201](https://github.com/kumahq/kuma/pull/10201) [#10210](https://github.com/kumahq/kuma/pull/10210) [#10213](https://github.com/kumahq/kuma/pull/10213) [#10231](https://github.com/kumahq/kuma/pull/10231) [#10232](https://github.com/kumahq/kuma/pull/10232) [#10240](https://github.com/kumahq/kuma/pull/10240) [#10242](https://github.com/kumahq/kuma/pull/10242) [#10249](https://github.com/kumahq/kuma/pull/10249) [#10262](https://github.com/kumahq/kuma/pull/10262) [#10269](https://github.com/kumahq/kuma/pull/10269) [#10281](https://github.com/kumahq/kuma/pull/10281) [#10283](https://github.com/kumahq/kuma/pull/10283) [#10289](https://github.com/kumahq/kuma/pull/10289) [#10292](https://github.com/kumahq/kuma/pull/10292) [#10302](https://github.com/kumahq/kuma/pull/10302) [#10305](https://github.com/kumahq/kuma/pull/10305) [#10307](https://github.com/kumahq/kuma/pull/10307) [#10310](https://github.com/kumahq/kuma/pull/10310) [#10311](https://github.com/kumahq/kuma/pull/10311) [#10423](https://github.com/kumahq/kuma/pull/10423) [#10424](https://github.com/kumahq/kuma/pull/10424) [#10425](https://github.com/kumahq/kuma/pull/10425) [#10429](https://github.com/kumahq/kuma/pull/10429) [#10431](https://github.com/kumahq/kuma/pull/10431) [#10432](https://github.com/kumahq/kuma/pull/10432) [#10450](https://github.com/kumahq/kuma/pull/10450) [#10456](https://github.com/kumahq/kuma/pull/10456) [#10465](https://github.com/kumahq/kuma/pull/10465) [#10473](https://github.com/kumahq/kuma/pull/10473) [#10479](https://github.com/kumahq/kuma/pull/10479) [#10493](https://github.com/kumahq/kuma/pull/10493) [#10505](https://github.com/kumahq/kuma/pull/10505) [#10536](https://github.com/kumahq/kuma/pull/10536) [#10556](https://github.com/kumahq/kuma/pull/10556) [#10596](https://github.com/kumahq/kuma/pull/10596) [#10603](https://github.com/kumahq/kuma/pull/10603) @kumahq +* feat(Mesh*Service): validate name length [#10544](https://github.com/kumahq/kuma/pull/10544) @michaelbeaumont +* feat(MeshExternalService): implement a new resource [#10239](https://github.com/kumahq/kuma/pull/10239) [#10293](https://github.com/kumahq/kuma/pull/10293) [#10306](https://github.com/kumahq/kuma/pull/10306) [#10336](https://github.com/kumahq/kuma/pull/10336) [#10444](https://github.com/kumahq/kuma/pull/10444) [#10445](https://github.com/kumahq/kuma/pull/10445) [#10568](https://github.com/kumahq/kuma/pull/10568) [#10570](https://github.com/kumahq/kuma/pull/10570) [#10578](https://github.com/kumahq/kuma/pull/10578) [#10594](https://github.com/kumahq/kuma/pull/10594) @lukidzi,@slonka +* feat(MeshRetry): allow setting numRetries to 0 to disable retries [#10250](https://github.com/kumahq/kuma/pull/10250) @lahabana +* feat(MeshService): add events when generating from Kubernetes Service [#10290](https://github.com/kumahq/kuma/pull/10290) @michaelbeaumont +* feat(MeshService): add port names [#10287](https://github.com/kumahq/kuma/pull/10287) @michaelbeaumont +* feat(MeshService): handle headless Services [#10308](https://github.com/kumahq/kuma/pull/10308) @michaelbeaumont +* feat(MeshService): set kuma.io/managed-by for converted MeshServices [#10481](https://github.com/kumahq/kuma/pull/10481) @michaelbeaumont +* feat(MeshService): support mTLS [#10403](https://github.com/kumahq/kuma/pull/10403) @michaelbeaumont +* feat(MeshService): tag with headlessness, add pod-name/pod-index labels [#10472](https://github.com/kumahq/kuma/pull/10472) @michaelbeaumont +* feat(MeshService): use hostnames for DNS [#10387](https://github.com/kumahq/kuma/pull/10387) @michaelbeaumont +* feat(api-server): update policies api response structure [#10428](https://github.com/kumahq/kuma/pull/10428) @Icarus9913 +* feat(hostnamegenerator): add display name to HostnameGenerator [#10476](https://github.com/kumahq/kuma/pull/10476) @slonka +* feat(hostnamegenerator): add zone and namespace variables [#10533](https://github.com/kumahq/kuma/pull/10533) @jakubdyszkiewicz +* feat(hostnamegenerator): apply templates to MeshServices [#10362](https://github.com/kumahq/kuma/pull/10362) @michaelbeaumont +* feat(hostnamegenerator): implement MeshExternalService support [#10379](https://github.com/kumahq/kuma/pull/10379) @lukidzi +* feat(hostnamegenerator): prevent template being empty [#10548](https://github.com/kumahq/kuma/pull/10548) @slonka +* feat(k8s): add kubernetes.io/hostname to default node labels to copy [#10243](https://github.com/kumahq/kuma/pull/10243) @slonka +* feat(k8s): opt-in to support tls for GAPI in all namespaces [#10015](https://github.com/kumahq/kuma/pull/10015) @jakubdyszkiewicz +* feat(kds): add a flag to avoid creating a zone on connection on kds [#10298](https://github.com/kumahq/kuma/pull/10298) @lahabana +* feat(kds): create first, then remove synced resources [#10562](https://github.com/kumahq/kuma/pull/10562) @Automaat +* feat(kds): sync mesh service status [#10337](https://github.com/kumahq/kuma/pull/10337) @jakubdyszkiewicz +* feat(kuma-cni): add readOnlyRootFilesystem into securityContext of the container kuma-validation [#10394](https://github.com/kumahq/kuma/pull/10394) @jijiechen +* feat(kuma-cp): add error type to nack metric [#10013](https://github.com/kumahq/kuma/pull/10013) @slonka +* feat(kuma-cp): add policy matching api for meshservice [#10378](https://github.com/kumahq/kuma/pull/10378) @Automaat +* feat(kuma-cp): always add kuma.io/zone label to resource [#10457](https://github.com/kumahq/kuma/pull/10457) @Automaat +* feat(kuma-cp): consumer policies on app's namespace [#10361](https://github.com/kumahq/kuma/pull/10361) @lobkovilya +* feat(kuma-dp): add function to find default CA [#10367](https://github.com/kumahq/kuma/pull/10367) @lukidzi +* feat(meshexternalservice): add IP allocator for meshexternalservice [#10376](https://github.com/kumahq/kuma/pull/10376) @lukidzi +* feat(meshpassthrough): create API and validators [#10314](https://github.com/kumahq/kuma/pull/10314) @lukidzi +* feat(meshpassthrough): implement new policy [#10363](https://github.com/kumahq/kuma/pull/10363) [#10458](https://github.com/kumahq/kuma/pull/10458) [#10466](https://github.com/kumahq/kuma/pull/10466) [#10532](https://github.com/kumahq/kuma/pull/10532) [#10576](https://github.com/kumahq/kuma/pull/10576) [#10595](https://github.com/kumahq/kuma/pull/10595) @lukidzi +* feat(meshservice): cross-zone connectivity [#10411](https://github.com/kumahq/kuma/pull/10411) @jakubdyszkiewicz +* feat(meshservice): ipam [#10320](https://github.com/kumahq/kuma/pull/10320) @jakubdyszkiewicz +* feat(meshservice): prefer MeshService over kuma.io/service routing [#10564](https://github.com/kumahq/kuma/pull/10564) @jakubdyszkiewicz +* feat(meshservice): rename protocol to appprotocol [#10539](https://github.com/kumahq/kuma/pull/10539) @jakubdyszkiewicz +* feat(meshservice): sync identity cross zones [#10451](https://github.com/kumahq/kuma/pull/10451) @jakubdyszkiewicz +* feat(meshservice): sync mesh service to other zones [#10380](https://github.com/kumahq/kuma/pull/10380) @jakubdyszkiewicz +* feat(report): add more info in the report [#10270](https://github.com/kumahq/kuma/pull/10270) @lahabana +* feat(store): update does not wipe out labels [#10335](https://github.com/kumahq/kuma/pull/10335) @jakubdyszkiewicz +* fix(GatewayAPI): only enqueue Gateway reconciliations from routes if parent is a Gateway [#10316](https://github.com/kumahq/kuma/pull/10316) @spacewander +* fix(HostnameGenerator): don't exit component on error [#10392](https://github.com/kumahq/kuma/pull/10392) @michaelbeaumont +* fix(Mesh*Service): rename HostnameGenerator ref `name` to `coreName` [#10597](https://github.com/kumahq/kuma/pull/10597) @michaelbeaumont +* fix(MeshHttpRoute): don't split header value prematurely [#10191](https://github.com/kumahq/kuma/pull/10191) @spacewander +* fix(MeshRoute): properly map listener TLS certs to DownstreamTlsContext [#10272](https://github.com/kumahq/kuma/pull/10272) @michaelbeaumont +* fix(ZoneIngress): fix no pointer panic for advertised address resolving [#10475](https://github.com/kumahq/kuma/pull/10475) @Icarus9913 +* fix(api-server): check for tenant just before logging [#10377](https://github.com/kumahq/kuma/pull/10377) @michaelbeaumont +* fix(api-server): fix trace/span ID processing in logs [#10100](https://github.com/kumahq/kuma/pull/10100) @bartsmykla +* fix(gateway): handle implicit kuma.io/service in pod annotation [#10076](https://github.com/kumahq/kuma/pull/10076) @jakubdyszkiewicz +* fix(gateway): run validating webhook on MeshGatewayInstance [#10330](https://github.com/kumahq/kuma/pull/10330) @Icarus9913 +* fix(gateway): support `inlineString` in TLS certificates [#10159](https://github.com/kumahq/kuma/pull/10159) @michaelbeaumont +* fix(gatewayapi): reconcile HTTPRoutes when relevant Services change [#10192](https://github.com/kumahq/kuma/pull/10192) @michaelbeaumont +* fix(gatewayapi): validate presence of all required Gateway API resources [#10079](https://github.com/kumahq/kuma/pull/10079) @bartsmykla +* fix(helm): don't fail when webhook doesn't exist [#10098](https://github.com/kumahq/kuma/pull/10098) @lahabana +* fix(helm): include GatewayClass only if installing a zone CP in Kubernetes mode [#10012](https://github.com/kumahq/kuma/pull/10012) @michaelbeaumont +* fix(jobs): jobs termination after CP restart [#10085](https://github.com/kumahq/kuma/pull/10085) @jakubdyszkiewicz +* fix(k8s): don't error if a service doesn't expose any ports we can handle [#9982](https://github.com/kumahq/kuma/pull/9982) @michaelbeaumont +* fix(k8s): take mesh from label of the namespace [#10580](https://github.com/kumahq/kuma/pull/10580) @jakubdyszkiewicz +* fix(k8s): use EndpointSlices to determine identity for Service without selectors [#10134](https://github.com/kumahq/kuma/pull/10134) @michaelbeaumont +* fix(k8s): virtual probes for sidecar initContainer ports also exposed by a Service [#9971](https://github.com/kumahq/kuma/pull/9971) @michaelbeaumont +* fix(kds): change version label for kds_clint_versions metric [#10323](https://github.com/kumahq/kuma/pull/10323) @Automaat +* fix(kds): clone resource on update meta [#10460](https://github.com/kumahq/kuma/pull/10460) @jakubdyszkiewicz +* fix(kds): fix resource name hashing on global [#10452](https://github.com/kumahq/kuma/pull/10452) @Automaat +* fix(kds): fix the case when webhook/db reject resource [#10315](https://github.com/kumahq/kuma/pull/10315) @lukidzi +* fix(kds): fix updating metric of kds client version [#10312](https://github.com/kumahq/kuma/pull/10312) @Automaat +* fix(kds): make error handling similar between GlobalToZoneSync and ZoneToGlobalSync [#10056](https://github.com/kumahq/kuma/pull/10056) @michaelbeaumont +* fix(kds): send NACK only when resource is invalid and do not retry [#10480](https://github.com/kumahq/kuma/pull/10480) @lukidzi +* fix(kuma-cp): allow MES / HG to only be created in SystemNamespace [#10577](https://github.com/kumahq/kuma/pull/10577) @lobkovilya +* fix(kuma-cp): cleanup generated egress certs [#10162](https://github.com/kumahq/kuma/pull/10162) @michaelbeaumont +* fix(kuma-cp): consistently check for expiring ZoneIngress/ZoneEgress certs [#10160](https://github.com/kumahq/kuma/pull/10160) @michaelbeaumont +* fix(kuma-cp): consistently update ZoneIngress available services [#10426](https://github.com/kumahq/kuma/pull/10426) @michaelbeaumont +* fix(kuma-cp): filter out old dangling zone resources in global (backport of #10245) [#10268](https://github.com/kumahq/kuma/pull/10268) @michaelbeaumont +* fix(kuma-cp): index generated certs by proxy type [#10161](https://github.com/kumahq/kuma/pull/10161) @michaelbeaumont +* fix(kuma-cp): mistakenly setting 'kuma.io/display-name' as label [#10430](https://github.com/kumahq/kuma/pull/10430) @lobkovilya +* fix(kuma-cp): panic on mesh delete [#10604](https://github.com/kumahq/kuma/pull/10604) @jakubdyszkiewicz +* fix(kuma-cp): validate the bandwidth strictly [#10371](https://github.com/kumahq/kuma/pull/10371) @spacewander +* fix(kuma-dp): set systemCaPath when requesting config from kuma-cp [#10443](https://github.com/kumahq/kuma/pull/10443) @lukidzi +* fix(kumactl): fix bad escape on regex [#10420](https://github.com/kumahq/kuma/pull/10420) @lahabana +* fix(meshservice): tags and selector [#10535](https://github.com/kumahq/kuma/pull/10535) @jakubdyszkiewicz +* fix(transparent-proxy): stop logging all to stderr when installing tproxy [#10045](https://github.com/kumahq/kuma/pull/10045) @bartsmykla +* fix(validation): don't prefix validation errors with `spec.` for core plugin resources [#10543](https://github.com/kumahq/kuma/pull/10543) @michaelbeaumont + ## 2.7.4 -> Released on 2024/06/19 +> Released on 2024/06/20 * chore(deps): bump kumahq/kuma from 413bddfb40f2 to f19b85337 [#6056](https://github.com/Kong/kong-mesh/pull/6056) [#6088](https://github.com/Kong/kong-mesh/pull/6088) [#6107](https://github.com/Kong/kong-mesh/pull/6107) [#6115](https://github.com/Kong/kong-mesh/pull/6115) [#6119](https://github.com/Kong/kong-mesh/pull/6119) [#6142](https://github.com/Kong/kong-mesh/pull/6142) [#6151](https://github.com/Kong/kong-mesh/pull/6151) [#6164](https://github.com/Kong/kong-mesh/pull/6164) @kong-mesh * chore(deps): security update [#6078](https://github.com/Kong/kong-mesh/pull/6078) @kong-mesh @@ -259,14 +813,35 @@ * fix(kuma-cp): fixed an issue that breaks license propagation from the global control plane to zone control planes +### Includes [kumahq/kuma@2.7.4](https://github.com/kumahq/kuma/releases/tag/2.7.4) changelog + +* chore(deps): bump envoy version from 1.29.4 to 1.29.5 [#10390](https://github.com/kumahq/kuma/pull/10390) @lukidzi +* chore(deps): ignore go-control-plane updates by dependabot (backport of #10412) [#10416](https://github.com/kumahq/kuma/pull/10416) @kumahq +* chore(deps): upgrade go from 1.21.10 to 1.21.11 (backport of #10401) [#10405](https://github.com/kumahq/kuma/pull/10405) @kumahq +* fix(MeshRoute): properly map listener TLS certs to DownstreamTlsContext (backport of #10272) [#10340](https://github.com/kumahq/kuma/pull/10340) @kumahq +* fix(ZoneIngress): fix no pointer panic for advertised address resolving (backport of #10475) [#10495](https://github.com/kumahq/kuma/pull/10495) @kumahq +* fix(kds): fix the case when webhook/db reject resource (backport of #10315) [#10353](https://github.com/kumahq/kuma/pull/10353) @kumahq +* fix(kds): send NACK only when resource is invalid and do not retry (backport of #10480) [#10516](https://github.com/kumahq/kuma/pull/10516) @kumahq +* fix(kuma-cp): consistently update ZoneIngress available services (backport of #10426) [#10483](https://github.com/kumahq/kuma/pull/10483) @kumahq + ## 2.6.8 -> Released on 2024/06/19 +> Released on 2024/06/20 * chore(deps): bump kumahq/kuma from 68fa9292c542 to 498d86f27 [#6089](https://github.com/Kong/kong-mesh/pull/6089) [#6108](https://github.com/Kong/kong-mesh/pull/6108) [#6114](https://github.com/Kong/kong-mesh/pull/6114) [#6145](https://github.com/Kong/kong-mesh/pull/6145) [#6152](https://github.com/Kong/kong-mesh/pull/6152) [#6163](https://github.com/Kong/kong-mesh/pull/6163) @kong-mesh * chore(deps): security update [#6083](https://github.com/Kong/kong-mesh/pull/6083) @kong-mesh * fix(kuma-cp): downgrade go-control-plane to mitigate potential deadlock (backport of #6094) [#6100](https://github.com/Kong/kong-mesh/pull/6100) @kong-mesh +### Includes [kumahq/kuma@2.6.8](https://github.com/kumahq/kuma/releases/tag/2.6.8) changelog + +* chore(deps): bump envoy version from 1.28.3 to 1.28.4 [#10386](https://github.com/kumahq/kuma/pull/10386) @lukidzi +* chore(deps): ignore go-control-plane updates by dependabot (backport of #10412) [#10418](https://github.com/kumahq/kuma/pull/10418) @kumahq +* chore(deps): upgrade go from 1.21.10 to 1.21.11 (backport of #10401) [#10408](https://github.com/kumahq/kuma/pull/10408) @kumahq +* feat(k8s): do not set mesh owner reference on synced resources (backport of #9882) [#10504](https://github.com/kumahq/kuma/pull/10504) @kumahq +* fix(ZoneIngress): fix no pointer panic for advertised address resolving (backport of #10475) [#10498](https://github.com/kumahq/kuma/pull/10498) @kumahq +* fix(kds): send NACK only when resource is invalid and do not retry (backport of #10480) [#10517](https://github.com/kumahq/kuma/pull/10517) @kumahq +* fix(kuma-cp): consistently update ZoneIngress available services (backport of #10426) [#10486](https://github.com/kumahq/kuma/pull/10486) @kumahq + ## 2.6.7 > Released on 2024/05/30 @@ -274,6 +849,11 @@ * chore(deps): bump kumahq/kuma from 946233ed1fe6 to 68fa9292c [#6055](https://github.com/Kong/kong-mesh/pull/6055) [#6058](https://github.com/Kong/kong-mesh/pull/6058) [#6060](https://github.com/Kong/kong-mesh/pull/6060) @kong-mesh * fix(kuma-cp): fixed an issue that breaks license propagation from the global control plane to zone control planes +### Includes [kumahq/kuma@2.6.7](https://github.com/kumahq/kuma/releases/tag/2.6.7) changelog + +* fix(MeshRoute): properly map listener TLS certs to DownstreamTlsContext (backport of #10272) [#10344](https://github.com/kumahq/kuma/pull/10344) @kumahq +* fix(kds): fix the case when webhook/db reject resource (backport of #10315) [#10351](https://github.com/kumahq/kuma/pull/10351) @kumahq + ## 2.7.3 > Released on 2024/05/20 @@ -283,6 +863,13 @@ * chore(deps): use latest Kong/kong-mesh-gui [#5967](https://github.com/Kong/kong-mesh/pull/5967) @kong-mesh * fix(license): don't fail if we ever saw a valid license (backport of #5968) [#5973](https://github.com/Kong/kong-mesh/pull/5973) @kong-mesh +### Includes [kumahq/kuma@2.7.3](https://github.com/kumahq/kuma/releases/tag/2.7.3) changelog + +* chore(deps): bump go to 1.21.10 (backport of #10209) [#10258](https://github.com/kumahq/kuma/pull/10258) @kumahq +* chore(deps): use latest kumahq/kuma-gui [#10092](https://github.com/kumahq/kuma/pull/10092) [#10199](https://github.com/kumahq/kuma/pull/10199) @kumahq +* fix(kuma-cp): consistently check for expiring ZoneIngress/ZoneEgress certs (backport of #10160, #10162, #10161) [#10168](https://github.com/kumahq/kuma/pull/10168) @kumahq +* fix(kuma-cp): filter out old dangling zone resources in global (backport of #10245) [#10268](https://github.com/kumahq/kuma/pull/10268) @michaelbeaumont + ## 2.6.6 > Released on 2024/05/17 @@ -292,6 +879,18 @@ * fix(license): don't fail if we ever saw a valid license (backport of #5968) [#5974](https://github.com/Kong/kong-mesh/pull/5974) @kong-mesh * fix(ubi): upgrade from non-existent iptables-nft version (backport of #5910) [#6010](https://github.com/Kong/kong-mesh/pull/6010) @kong-mesh +### Includes [kumahq/kuma@2.6.6](https://github.com/kumahq/kuma/releases/tag/2.6.6) changelog + +* chore(deps): manually bump go to 1.21.10 (backport of #10209) [#10255](https://github.com/kumahq/kuma/pull/10255) @kumahq +* chore(deps): upgrade Envoy to version 1.28.3 [#10019](https://github.com/kumahq/kuma/pull/10019) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#10065](https://github.com/kumahq/kuma/pull/10065) [#10091](https://github.com/kumahq/kuma/pull/10091) @kumahq +* fix(gatewayapi): validate presence of all required Gateway API resources (backport of #10079) [#10084](https://github.com/kumahq/kuma/pull/10084) @kumahq +* fix(jobs): jobs termination after CP restart (backport of #10085) [#10089](https://github.com/kumahq/kuma/pull/10089) @kumahq +* fix(kds): fix retry on NACK and add backoff (backport of #9736) [#9861](https://github.com/kumahq/kuma/pull/9861) @kumahq +* fix(kuma-cp): consistently check for expiring ZoneIngress/ZoneEgress certs (backport of #10160, #10162, #10161) [#10169](https://github.com/kumahq/kuma/pull/10169) @kumahq +* fix(kuma-cp): filter out old dangling zone resources in global [#10245](https://github.com/kumahq/kuma/pull/10245) @michaelbeaumont +* fix(transparent-proxy): stop logging all to stderr when installing tproxy (backport of #10045) [#10048](https://github.com/kumahq/kuma/pull/10048) @kumahq + ## 2.7.2 > Released on 2024/05/02 @@ -300,15 +899,27 @@ * chore(deps): use latest Kong/kong-mesh-gui [#5859](https://github.com/Kong/kong-mesh/pull/5859) [#5872](https://github.com/Kong/kong-mesh/pull/5872) @kong-mesh * fix(ubi): upgrade from non-existent iptables-nft version [#5910](https://github.com/Kong/kong-mesh/pull/5910) @michaelbeaumont +### Includes [kumahq/kuma@2.7.2](https://github.com/kumahq/kuma/releases/tag/2.7.2) changelog + +* fix(jobs): jobs termination after CP restart (#10085) +* fix(gatewayapi): validate presence of all required Gateway API resources (backport of #10079) (#10082) +* fix(gateway): handle implicit kuma.io/service in pod annotation (#10076) +* fix(transparent-proxy): stop logging all to stderr when installing tproxy (backport of #10045) (#10047) ## 2.7.1 > Released on 2024/04/23 * chore(deps): bump kumahq/kuma from 77f3a8badc84 to 5a2d836dc [#5826](https://github.com/Kong/kong-mesh/pull/5826) [#5832](https://github.com/Kong/kong-mesh/pull/5832) [#5833](https://github.com/Kong/kong-mesh/pull/5833) @kong-mesh +### Includes [kumahq/kuma@2.7.1](https://github.com/kumahq/kuma/releases/tag/2.7.1) changelog + +* chore(deps): upgrade Envoy to version 1.29.4 [#10033](https://github.com/kumahq/kuma/pull/10033) @lukidzi +* feat(k8s): opt-in to support tls for GAPI in all namespaces [#10015](https://github.com/kumahq/kuma/pull/10015) @jakubdyszkiewicz +* fix(helm): include GatewayClass only if installing a zone CP in Kubernetes mode [#10012](https://github.com/kumahq/kuma/pull/10012) @michaelbeaumont + ## 2.7.0 -> Released on 2024/04/18 +> Released on 2024/04/19 * chore(deps): bump Kong/public-shared-actions from 1.15.0 to 2.1.0 [#5461](https://github.com/Kong/kong-mesh/pull/5461) [#5542](https://github.com/Kong/kong-mesh/pull/5542) [#5608](https://github.com/Kong/kong-mesh/pull/5608) @dependabot * chore(deps): bump actions/cache from 3 to 4 [#5541](https://github.com/Kong/kong-mesh/pull/5541) @dependabot @@ -334,93 +945,319 @@ * fix(MeshOPA): remove log for composable policies [#5646](https://github.com/Kong/kong-mesh/pull/5646) @jakubdyszkiewicz * fix(rbac): allow system:authenticated on zone cp [#5391](https://github.com/Kong/kong-mesh/pull/5391) @lukidzi +### Includes [kumahq/kuma@2.7.0](https://github.com/kumahq/kuma/releases/tag/2.7.0) changelog + +* chore(deps): bump Envoy from 1.28.0 to 1.29.3 [#9134](https://github.com/kumahq/kuma/pull/9134) [#9222](https://github.com/kumahq/kuma/pull/9222) [#9600](https://github.com/kumahq/kuma/pull/9600) [#9853](https://github.com/kumahq/kuma/pull/9853) @lukidzi +* chore(deps): bump Kong/public-shared-actions from 2.0.2 to 2.1.0 [#9556](https://github.com/kumahq/kuma/pull/9556) [#9711](https://github.com/kumahq/kuma/pull/9711) @dependabot +* chore(deps): bump actions/cache from 3 to 4.0.2 [#9205](https://github.com/kumahq/kuma/pull/9205) [#9491](https://github.com/kumahq/kuma/pull/9491) [#9712](https://github.com/kumahq/kuma/pull/9712) @dependabot +* chore(deps): bump actions/checkout from 4.1.1 to 4.1.2 [#9639](https://github.com/kumahq/kuma/pull/9639) @dependabot +* chore(deps): bump actions/create-github-app-token from 1.8.0 to 1.9.3 [#9416](https://github.com/kumahq/kuma/pull/9416) [#9490](https://github.com/kumahq/kuma/pull/9490) [#9772](https://github.com/kumahq/kuma/pull/9772) [#9873](https://github.com/kumahq/kuma/pull/9873) @dependabot +* chore(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 [#9306](https://github.com/kumahq/kuma/pull/9306) @dependabot +* chore(deps): bump cirello.io/pglock from 1.14.1 to 1.14.2 [#9562](https://github.com/kumahq/kuma/pull/9562) @dependabot +* chore(deps): bump debian from `b16cef8` to `b37bc25` [#9139](https://github.com/kumahq/kuma/pull/9139) [#9304](https://github.com/kumahq/kuma/pull/9304) [#9642](https://github.com/kumahq/kuma/pull/9642) [#9900](https://github.com/kumahq/kuma/pull/9900) @dependabot +* chore(deps): bump distroless/base-nossl-debian11 from `61c9d7a` to `4cba3ac` [#9202](https://github.com/kumahq/kuma/pull/9202) [#9302](https://github.com/kumahq/kuma/pull/9302) [#9413](https://github.com/kumahq/kuma/pull/9413) [#9567](https://github.com/kumahq/kuma/pull/9567) [#9643](https://github.com/kumahq/kuma/pull/9643) [#9875](https://github.com/kumahq/kuma/pull/9875) @dependabot +* chore(deps): bump distroless/static-debian11 from `1e5b9bb` to `459f8ab` [#9203](https://github.com/kumahq/kuma/pull/9203) [#9303](https://github.com/kumahq/kuma/pull/9303) [#9414](https://github.com/kumahq/kuma/pull/9414) [#9566](https://github.com/kumahq/kuma/pull/9566) [#9644](https://github.com/kumahq/kuma/pull/9644) [#9874](https://github.com/kumahq/kuma/pull/9874) @dependabot +* chore(deps): bump github.com/cilium/ebpf from 0.12.3 to 0.14.0 [#9313](https://github.com/kumahq/kuma/pull/9313) [#9401](https://github.com/kumahq/kuma/pull/9401) [#9771](https://github.com/kumahq/kuma/pull/9771) @dependabot +* chore(deps): bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 [#9649](https://github.com/kumahq/kuma/pull/9649) @dependabot +* chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 25.0.5+incompatible [#9678](https://github.com/kumahq/kuma/pull/9678) @dependabot +* chore(deps): bump github.com/emicklei/go-restful/v3 from 3.11.2 to 3.12.0 [#9400](https://github.com/kumahq/kuma/pull/9400) [#9650](https://github.com/kumahq/kuma/pull/9650) @dependabot +* chore(deps): bump github.com/exaring/otelpgx from 0.5.3 to 0.5.4 [#9312](https://github.com/kumahq/kuma/pull/9312) @dependabot +* chore(deps): bump github.com/golang/protobuf from 1.5.3 to 1.5.4 [#9561](https://github.com/kumahq/kuma/pull/9561) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.46.11 to 0.46.13 [#9716](https://github.com/kumahq/kuma/pull/9716) @dependabot +* chore(deps): bump github.com/jackc/pgx/v5 from 5.5.2 to 5.5.5 [#9143](https://github.com/kumahq/kuma/pull/9143) [#9493](https://github.com/kumahq/kuma/pull/9493) [#9560](https://github.com/kumahq/kuma/pull/9560) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.17.1 [#9564](https://github.com/kumahq/kuma/pull/9564) [#9646](https://github.com/kumahq/kuma/pull/9646) [#9715](https://github.com/kumahq/kuma/pull/9715) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.31.1 to 1.32.0 [#9651](https://github.com/kumahq/kuma/pull/9651) @dependabot +* chore(deps): bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 [#9467](https://github.com/kumahq/kuma/pull/9467) @dependabot +* chore(deps): bump github.com/prometheus/client_model from 0.5.0 to 0.6.1 [#9314](https://github.com/kumahq/kuma/pull/9314) [#9871](https://github.com/kumahq/kuma/pull/9871) @dependabot +* chore(deps): bump github.com/prometheus/common from 0.46.0 to 0.52.2 [#9309](https://github.com/kumahq/kuma/pull/9309) [#9465](https://github.com/kumahq/kuma/pull/9465) [#9563](https://github.com/kumahq/kuma/pull/9563) [#9714](https://github.com/kumahq/kuma/pull/9714) [#9870](https://github.com/kumahq/kuma/pull/9870) @dependabot +* chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.7 to 2.2.0 [#9868](https://github.com/kumahq/kuma/pull/9868) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.27.0 to 0.30.0 [#9310](https://github.com/kumahq/kuma/pull/9310) [#9558](https://github.com/kumahq/kuma/pull/9558) [#9867](https://github.com/kumahq/kuma/pull/9867) @dependabot +* chore(deps): bump github.com/tonglil/opentelemetry-go-datadog-propagator from 0.1.1 to 0.1.2 [#9466](https://github.com/kumahq/kuma/pull/9466) @dependabot +* chore(deps): bump github/codeql-action from 3.23.2 to 3.24.10 [#9142](https://github.com/kumahq/kuma/pull/9142) [#9307](https://github.com/kumahq/kuma/pull/9307) [#9415](https://github.com/kumahq/kuma/pull/9415) [#9489](https://github.com/kumahq/kuma/pull/9489) [#9641](https://github.com/kumahq/kuma/pull/9641) [#9710](https://github.com/kumahq/kuma/pull/9710) [#9872](https://github.com/kumahq/kuma/pull/9872) @dependabot +* chore(deps): bump go.uber.org/zap from 1.26.0 to 1.27.0 [#9399](https://github.com/kumahq/kuma/pull/9399) @dependabot +* chore(deps): bump golang.org/x/net from 0.20.0 to 0.24.0 [#9210](https://github.com/kumahq/kuma/pull/9210) [#9869](https://github.com/kumahq/kuma/pull/9869) @dependabot +* chore(deps): bump golang.org/x/sys from 0.17.0 to 0.19.0 [#9492](https://github.com/kumahq/kuma/pull/9492) [#9865](https://github.com/kumahq/kuma/pull/9865) @dependabot +* chore(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 [#9204](https://github.com/kumahq/kuma/pull/9204) @dependabot +* chore(deps): bump gonum.org/v1/gonum from 0.14.0 to 0.15.0 [#9648](https://github.com/kumahq/kuma/pull/9648) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.61.0 to 1.63.2 [#9315](https://github.com/kumahq/kuma/pull/9315) [#9402](https://github.com/kumahq/kuma/pull/9402) [#9559](https://github.com/kumahq/kuma/pull/9559) [#9866](https://github.com/kumahq/kuma/pull/9866) [#9902](https://github.com/kumahq/kuma/pull/9902) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.14.0 to 3.14.3 [#9277](https://github.com/kumahq/kuma/pull/9277) [#9647](https://github.com/kumahq/kuma/pull/9647) @dependabot +* chore(deps): bump iptables version [#9200](https://github.com/kumahq/kuma/pull/9200) @slonka +* chore(deps): bump kumahq/ubuntu-netools from `3f0fefb` to `9eba4ba` [#9898](https://github.com/kumahq/kuma/pull/9898) @dependabot +* chore(deps): bump peter-evans/create-pull-request from 5.0.2 to 6.0.2 [#9141](https://github.com/kumahq/kuma/pull/9141) [#9488](https://github.com/kumahq/kuma/pull/9488) [#9640](https://github.com/kumahq/kuma/pull/9640) @dependabot +* chore(deps): bump postgres from `49c276f` to `5b06192` [#9116](https://github.com/kumahq/kuma/pull/9116) [#9130](https://github.com/kumahq/kuma/pull/9130) [#9162](https://github.com/kumahq/kuma/pull/9162) [#9241](https://github.com/kumahq/kuma/pull/9241) [#9256](https://github.com/kumahq/kuma/pull/9256) [#9278](https://github.com/kumahq/kuma/pull/9278) [#9292](https://github.com/kumahq/kuma/pull/9292) [#9358](https://github.com/kumahq/kuma/pull/9358) [#9390](https://github.com/kumahq/kuma/pull/9390) [#9444](https://github.com/kumahq/kuma/pull/9444) [#9577](https://github.com/kumahq/kuma/pull/9577) [#9601](https://github.com/kumahq/kuma/pull/9601) [#9614](https://github.com/kumahq/kuma/pull/9614) [#9899](https://github.com/kumahq/kuma/pull/9899) @dependabot +* chore(deps): bump prometheus/common to v0.48.0 [#9462](https://github.com/kumahq/kuma/pull/9462) @slonka +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.17.0 to 0.17.3 [#9207](https://github.com/kumahq/kuma/pull/9207) [#9311](https://github.com/kumahq/kuma/pull/9311) [#9901](https://github.com/kumahq/kuma/pull/9901) @dependabot +* chore(deps): bump sigs.k8s.io/gateway-api [#9454](https://github.com/kumahq/kuma/pull/9454) @michaelbeaumont +* chore(deps): bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 [#9713](https://github.com/kumahq/kuma/pull/9713) @dependabot +* chore(deps): bump the go-opentelemetry-io group with 1 update [#9464](https://github.com/kumahq/kuma/pull/9464) @dependabot +* chore(deps): bump the go-opentelemetry-io group with 10 updates [#9864](https://github.com/kumahq/kuma/pull/9864) @dependabot +* chore(deps): bump the go-opentelemetry-io group with 8 updates [#9206](https://github.com/kumahq/kuma/pull/9206) [#9398](https://github.com/kumahq/kuma/pull/9398) @dependabot +* chore(deps): bump the k8s-libs group with 5 updates [#9308](https://github.com/kumahq/kuma/pull/9308) [#9645](https://github.com/kumahq/kuma/pull/9645) @dependabot +* chore(deps): bump ubuntu from jammy-20240111 to jammy-20240227 [#9140](https://github.com/kumahq/kuma/pull/9140) [#9305](https://github.com/kumahq/kuma/pull/9305) [#9565](https://github.com/kumahq/kuma/pull/9565) @dependabot +* chore(deps): downgrade go-control-plane to v0.11.2-0.20231010133108-1dfbe83bcebc [#9163](https://github.com/kumahq/kuma/pull/9163) @lobkovilya +* chore(deps): downgrade to golang v1.21.7 [#9443](https://github.com/kumahq/kuma/pull/9443) @michaelbeaumont +* chore(deps): security update [#9102](https://github.com/kumahq/kuma/pull/9102) [#9369](https://github.com/kumahq/kuma/pull/9369) [#9516](https://github.com/kumahq/kuma/pull/9516) [#9819](https://github.com/kumahq/kuma/pull/9819) @kumahq +* chore(deps): update golang to v1.22, golangci-lint to v1.56.1 [#9316](https://github.com/kumahq/kuma/pull/9316) @michaelbeaumont +* chore(deps): upload sbom to gh release/tag assets [#9966](https://github.com/kumahq/kuma/pull/9966) @Automaat +* chore(deps): use latest kumahq/kuma-gui [#9071](https://github.com/kumahq/kuma/pull/9071) [#9135](https://github.com/kumahq/kuma/pull/9135) [#9156](https://github.com/kumahq/kuma/pull/9156) [#9159](https://github.com/kumahq/kuma/pull/9159) [#9181](https://github.com/kumahq/kuma/pull/9181) [#9183](https://github.com/kumahq/kuma/pull/9183) [#9187](https://github.com/kumahq/kuma/pull/9187) [#9223](https://github.com/kumahq/kuma/pull/9223) [#9224](https://github.com/kumahq/kuma/pull/9224) [#9227](https://github.com/kumahq/kuma/pull/9227) [#9244](https://github.com/kumahq/kuma/pull/9244) [#9247](https://github.com/kumahq/kuma/pull/9247) [#9253](https://github.com/kumahq/kuma/pull/9253) [#9266](https://github.com/kumahq/kuma/pull/9266) [#9267](https://github.com/kumahq/kuma/pull/9267) [#9275](https://github.com/kumahq/kuma/pull/9275) [#9279](https://github.com/kumahq/kuma/pull/9279) [#9290](https://github.com/kumahq/kuma/pull/9290) [#9297](https://github.com/kumahq/kuma/pull/9297) [#9299](https://github.com/kumahq/kuma/pull/9299) [#9318](https://github.com/kumahq/kuma/pull/9318) [#9319](https://github.com/kumahq/kuma/pull/9319) [#9320](https://github.com/kumahq/kuma/pull/9320) [#9337](https://github.com/kumahq/kuma/pull/9337) [#9344](https://github.com/kumahq/kuma/pull/9344) [#9347](https://github.com/kumahq/kuma/pull/9347) [#9355](https://github.com/kumahq/kuma/pull/9355) [#9377](https://github.com/kumahq/kuma/pull/9377) [#9407](https://github.com/kumahq/kuma/pull/9407) [#9408](https://github.com/kumahq/kuma/pull/9408) [#9410](https://github.com/kumahq/kuma/pull/9410) [#9418](https://github.com/kumahq/kuma/pull/9418) [#9420](https://github.com/kumahq/kuma/pull/9420) [#9422](https://github.com/kumahq/kuma/pull/9422) [#9425](https://github.com/kumahq/kuma/pull/9425) [#9426](https://github.com/kumahq/kuma/pull/9426) [#9439](https://github.com/kumahq/kuma/pull/9439) [#9442](https://github.com/kumahq/kuma/pull/9442) [#9451](https://github.com/kumahq/kuma/pull/9451) [#9460](https://github.com/kumahq/kuma/pull/9460) [#9471](https://github.com/kumahq/kuma/pull/9471) [#9486](https://github.com/kumahq/kuma/pull/9486) [#9499](https://github.com/kumahq/kuma/pull/9499) [#9549](https://github.com/kumahq/kuma/pull/9549) [#9572](https://github.com/kumahq/kuma/pull/9572) [#9584](https://github.com/kumahq/kuma/pull/9584) [#9590](https://github.com/kumahq/kuma/pull/9590) [#9605](https://github.com/kumahq/kuma/pull/9605) [#9609](https://github.com/kumahq/kuma/pull/9609) [#9611](https://github.com/kumahq/kuma/pull/9611) [#9613](https://github.com/kumahq/kuma/pull/9613) [#9615](https://github.com/kumahq/kuma/pull/9615) [#9622](https://github.com/kumahq/kuma/pull/9622) [#9625](https://github.com/kumahq/kuma/pull/9625) [#9627](https://github.com/kumahq/kuma/pull/9627) [#9638](https://github.com/kumahq/kuma/pull/9638) [#9654](https://github.com/kumahq/kuma/pull/9654) [#9668](https://github.com/kumahq/kuma/pull/9668) [#9691](https://github.com/kumahq/kuma/pull/9691) [#9700](https://github.com/kumahq/kuma/pull/9700) [#9703](https://github.com/kumahq/kuma/pull/9703) [#9717](https://github.com/kumahq/kuma/pull/9717) [#9719](https://github.com/kumahq/kuma/pull/9719) [#9723](https://github.com/kumahq/kuma/pull/9723) [#9733](https://github.com/kumahq/kuma/pull/9733) [#9735](https://github.com/kumahq/kuma/pull/9735) [#9740](https://github.com/kumahq/kuma/pull/9740) [#9744](https://github.com/kumahq/kuma/pull/9744) [#9751](https://github.com/kumahq/kuma/pull/9751) [#9773](https://github.com/kumahq/kuma/pull/9773) [#9775](https://github.com/kumahq/kuma/pull/9775) [#9777](https://github.com/kumahq/kuma/pull/9777) [#9778](https://github.com/kumahq/kuma/pull/9778) [#9781](https://github.com/kumahq/kuma/pull/9781) [#9783](https://github.com/kumahq/kuma/pull/9783) [#9822](https://github.com/kumahq/kuma/pull/9822) [#9823](https://github.com/kumahq/kuma/pull/9823) [#9824](https://github.com/kumahq/kuma/pull/9824) [#9827](https://github.com/kumahq/kuma/pull/9827) [#9836](https://github.com/kumahq/kuma/pull/9836) [#9837](https://github.com/kumahq/kuma/pull/9837) [#9838](https://github.com/kumahq/kuma/pull/9838) [#9839](https://github.com/kumahq/kuma/pull/9839) [#9852](https://github.com/kumahq/kuma/pull/9852) [#9854](https://github.com/kumahq/kuma/pull/9854) [#9855](https://github.com/kumahq/kuma/pull/9855) [#9878](https://github.com/kumahq/kuma/pull/9878) [#9880](https://github.com/kumahq/kuma/pull/9880) [#9883](https://github.com/kumahq/kuma/pull/9883) [#9906](https://github.com/kumahq/kuma/pull/9906) [#9921](https://github.com/kumahq/kuma/pull/9921) @kumahq +* feat(GatewayAPI): promote our Gateway API implementation to GA [#9939](https://github.com/kumahq/kuma/pull/9939) @bartsmykla +* feat(GatewayAPI): use MeshHTTPRoutes instead of MeshGatewayRoutes internally [#9732](https://github.com/kumahq/kuma/pull/9732) @bartsmykla +* feat(MeshGatewayInstance): deprecate kuma.io/service and generate serviceName [#9504](https://github.com/kumahq/kuma/pull/9504) @lukidzi +* feat(MeshHTTPRoute): set name of route action equal to hash of matches [#9391](https://github.com/kumahq/kuma/pull/9391) @lukidzi +* feat(MeshMetric) profiles [#9579](https://github.com/kumahq/kuma/pull/9579) [#9624](https://github.com/kumahq/kuma/pull/9624) @slonka +* feat(MeshMetric): add possibility to configure multiple opentelemetry backends [#9445](https://github.com/kumahq/kuma/pull/9445) @Automaat +* feat(MeshMetric): add possibility to configure refresh interval for open telemetry backend in meshmetric [#9452](https://github.com/kumahq/kuma/pull/9452) @Automaat +* feat(MeshMetric): disable rollup of clusters [#9768](https://github.com/kumahq/kuma/pull/9768) @slonka +* feat(MeshMetric): filter out internal clusters [#9754](https://github.com/kumahq/kuma/pull/9754) @slonka +* feat(MeshMetric): manually remove regex [#9793](https://github.com/kumahq/kuma/pull/9793) @slonka +* feat(MeshMetric): properly handle `appendProfiles` [#9915](https://github.com/kumahq/kuma/pull/9915) @slonka +* feat(MeshMetric): usedonly filters [#9406](https://github.com/kumahq/kuma/pull/9406) @slonka +* feat(MeshRateLimit): support targetRef: MeshHTTPRoute for Gateway [#9396](https://github.com/kumahq/kuma/pull/9396) @lukidzi +* feat(MeshRetry): allow configuration for MeshHTTPRoute [#9365](https://github.com/kumahq/kuma/pull/9365) @lukidzi +* feat(MeshService): add first iteration of resource [#9510](https://github.com/kumahq/kuma/pull/9510) @michaelbeaumont +* feat(MeshService): backend ref outbound to mesh service on Dataplane [#9653](https://github.com/kumahq/kuma/pull/9653) @jakubdyszkiewicz +* feat(MeshService): k8s controller to convert service [#9702](https://github.com/kumahq/kuma/pull/9702) @jakubdyszkiewicz +* feat(MeshService): xds generation [#9583](https://github.com/kumahq/kuma/pull/9583) @michaelbeaumont +* feat(MeshTimeout): added possibility to target MeshHTTPRoute for MeshGateway [#9446](https://github.com/kumahq/kuma/pull/9446) @lukidzi +* feat(MeshTrafficPermission): apply default deny [#9110](https://github.com/kumahq/kuma/pull/9110) @jakubdyszkiewicz +* feat(ServiceInsight): add zones to service insights [#9677](https://github.com/kumahq/kuma/pull/9677) @jakubdyszkiewicz +* feat(ZoneIngress): generate an empty direct response listener for empty zone ingress gateway [#9745](https://github.com/kumahq/kuma/pull/9745) @jijiechen +* feat(api-server): add format and include_eds to admin api [#9814](https://github.com/kumahq/kuma/pull/9814) @lahabana +* feat(api-server): add type filter to service-insights [#9212](https://github.com/kumahq/kuma/pull/9212) @lahabana +* feat(api-server): return `config_dump` response in the same format as envoy admin [#9519](https://github.com/kumahq/kuma/pull/9519) @lukidzi +* feat(auth): add possibility to restrict /config access [#9826](https://github.com/kumahq/kuma/pull/9826) @lahabana +* feat(components): exponential backoff for resilient components [#9767](https://github.com/kumahq/kuma/pull/9767) @jakubdyszkiewicz +* feat(k8s): add `experimental.sidecarContainers` to Helm chart [#9626](https://github.com/kumahq/kuma/pull/9626) @michaelbeaumont +* feat(k8s): add drain when using native sidecars [#9904](https://github.com/kumahq/kuma/pull/9904) @michaelbeaumont +* feat(k8s): add possibility to not add owner reference [#9794](https://github.com/kumahq/kuma/pull/9794) @lahabana +* feat(k8s): add sidecar startup probe with sidecar feature [#9494](https://github.com/kumahq/kuma/pull/9494) @michaelbeaumont +* feat(k8s): copy node topology labels [#9690](https://github.com/kumahq/kuma/pull/9690) @lukidzi +* feat(k8s): do not set mesh owner reference on synced resources [#9882](https://github.com/kumahq/kuma/pull/9882) @jakubdyszkiewicz +* feat(k8s): enable init container mesh access by default when using native sidecars [#9746](https://github.com/kumahq/kuma/pull/9746) @michaelbeaumont +* feat(k8s): sidecar containers [#9321](https://github.com/kumahq/kuma/pull/9321) @michaelbeaumont +* feat(kds): add kds client version to outgoing context [#9501](https://github.com/kumahq/kuma/pull/9501) @slonka +* feat(kds): add span for admin requests to zone CPs [#9411](https://github.com/kumahq/kuma/pull/9411) @michaelbeaumont +* feat(kds): stats of kds client versions [#9749](https://github.com/kumahq/kuma/pull/9749) @jakubdyszkiewicz +* feat(kuma-cni): add a init container to validate that iptables rules are applied [#9699](https://github.com/kumahq/kuma/pull/9699) @jijiechen +* feat(kuma-cp): add a helper function to get all kuma targetRef kinds to be used in child repos [#9687](https://github.com/kumahq/kuma/pull/9687) @jijiechen +* feat(kuma-cp): add ability to selectively enable core resources [#9555](https://github.com/kumahq/kuma/pull/9555) @michaelbeaumont +* feat(kuma-cp): add plugin policy toggles [#8828](https://github.com/kumahq/kuma/pull/8828) @slonka +* feat(kuma-cp): remove grpc support from mads [#9527](https://github.com/kumahq/kuma/pull/9527) @Automaat +* feat(kuma-cp): resilient component backoff config [#9892](https://github.com/kumahq/kuma/pull/9892) @Automaat +* feat(kuma-dp): migrate to prometheus otel sdk when using meshmetric [#9424](https://github.com/kumahq/kuma/pull/9424) @Automaat +* feat(kuma-dp): use Envoy `--drain-strategy immediate` [#9741](https://github.com/kumahq/kuma/pull/9741) @michaelbeaumont +* feat(kumactl): support for new Inspect API endpoint `_config` [#9887](https://github.com/kumahq/kuma/pull/9887) @lobkovilya +* feat(pgx): configure idle timeout [#9675](https://github.com/kumahq/kuma/pull/9675) @lukidzi +* feat(policies): deprecated `from[].targetRef.kind: MeshService` [#9881](https://github.com/kumahq/kuma/pull/9881) @lobkovilya +* feat(policies): shadow mode for policies [#9850](https://github.com/kumahq/kuma/pull/9850) @lobkovilya +* feat(resources): add status [#9676](https://github.com/kumahq/kuma/pull/9676) @jakubdyszkiewicz +* feat(resources): generate core resource [#9405](https://github.com/kumahq/kuma/pull/9405) @jakubdyszkiewicz +* feat(tracing): add tracing to intercp gRPC server and client [#9383](https://github.com/kumahq/kuma/pull/9383) @michaelbeaumont +* feat(transparent-proxy): add automatic iptables type detection [#9750](https://github.com/kumahq/kuma/pull/9750) @bartsmykla +* feat(transparent-proxy): deprecate argument 'redirect-inbound-port-v6' and introduce 'ip-family-mode' [#8939](https://github.com/kumahq/kuma/pull/8939) @jijiechen +* feat(transparent-proxy): drop all capabilities for sidecar containers [#9656](https://github.com/kumahq/kuma/pull/9656) @jijiechen +* feat(transparent-proxy): init container scc hardening [#9688](https://github.com/kumahq/kuma/pull/9688) @jijiechen +* fix(GatewayAPI): add missing Name param to query params matcher on MeshHTTPRoute [#9662](https://github.com/kumahq/kuma/pull/9662) @bartsmykla +* fix(GatewayAPI): don't add HTTPRoute status if Kuma isn't the controller [#9228](https://github.com/kumahq/kuma/pull/9228) @michaelbeaumont +* fix(GatewayAPI): make MeshHTTPRoute conversion port redirect gapi conformant [#9669](https://github.com/kumahq/kuma/pull/9669) @bartsmykla +* fix(GatewayAPI): set mesh properly during owned object reconciliation [#9664](https://github.com/kumahq/kuma/pull/9664) @bartsmykla +* fix(MeshGateway): don't rewrite / with trailing slash [#9243](https://github.com/kumahq/kuma/pull/9243) @michaelbeaumont +* fix(MeshGateway): fix MeshTCPRoute on MeshGateway [#9167](https://github.com/kumahq/kuma/pull/9167) @lahabana +* fix(MeshHTTPRoute): allow "kuma.io/unresolved-backend" service name for GAMMA compliance [#9670](https://github.com/kumahq/kuma/pull/9670) @bartsmykla +* fix(MeshHTTPRoute): allow no backendRefs when RequestRedirect filter present [#9671](https://github.com/kumahq/kuma/pull/9671) @bartsmykla +* fix(MeshHTTPRoute): fix response headers filter in gateway route generation [#9652](https://github.com/kumahq/kuma/pull/9652) @bartsmykla +* fix(MeshHTTPRoute): order rules by match priority [#9472](https://github.com/kumahq/kuma/pull/9472) @michaelbeaumont +* fix(MeshHTTPRoute): trim "/" path match suffix when converting HTTPRoute [#9686](https://github.com/kumahq/kuma/pull/9686) @bartsmykla +* fix(MeshHealthCheck): isolate MeshGateway config based on hostname [#9612](https://github.com/kumahq/kuma/pull/9612) @michaelbeaumont +* fix(MeshLoadBalancingStrategy): configure builtin gateway [#9877](https://github.com/kumahq/kuma/pull/9877) @lukidzi +* fix(MeshMetric): otel endpoint validation [#9634](https://github.com/kumahq/kuma/pull/9634) @Automaat +* fix(MeshTCPRoute): allow MeshGateway listener tags [#9240](https://github.com/kumahq/kuma/pull/9240) @michaelbeaumont +* fix(api-server): return 404 when a mesh doesn't exist [#9175](https://github.com/kumahq/kuma/pull/9175) @lahabana +* fix(defaults): change meshsubset to mesh for gateway's meshtimeout [#9192](https://github.com/kumahq/kuma/pull/9192) @lukidzi +* fix(helm): missing postgres tls mode when it is set to verifyNone [#9665](https://github.com/kumahq/kuma/pull/9665) @AyushSenapati +* fix(helm): use kuma name in ingress and egress pdb selectors [#9211](https://github.com/kumahq/kuma/pull/9211) @slavogiez +* fix(k8s): create builtin CA once [#9124](https://github.com/kumahq/kuma/pull/9124) @jakubdyszkiewicz +* fix(kds): fix memory leak on kds error [#9742](https://github.com/kumahq/kuma/pull/9742) @Automaat +* fix(kds): fix retry on NACK and add backoff [#9736](https://github.com/kumahq/kuma/pull/9736) @slonka +* fix(kds): run filters before ZoneWatcher [#9119](https://github.com/kumahq/kuma/pull/9119) @lukidzi +* fix(kuma-cni): fix the subject namespace reference in Helm Chart [#9933](https://github.com/kumahq/kuma/pull/9933) @jijiechen +* fix(kuma-cp): change the "direction" of the diff in inspect shadow responses [#9914](https://github.com/kumahq/kuma/pull/9914) @lobkovilya +* fix(kuma-cp): clone outbound tags [#9592](https://github.com/kumahq/kuma/pull/9592) @lukidzi +* fix(kuma-cp): copy annotations when adding/update k8s object [#9254](https://github.com/kumahq/kuma/pull/9254) @lukidzi +* fix(kuma-cp): fix long polling issues in mads [#9586](https://github.com/kumahq/kuma/pull/9586) @Automaat +* fix(kuma-cp): ignore shadow policies on ZoneEgress [#9930](https://github.com/kumahq/kuma/pull/9930) @lobkovilya +* fix(kuma-cp): kds sync on upgrade doubles the number of policies [#9259](https://github.com/kumahq/kuma/pull/9259) @lobkovilya +* fix(kuma-cp): prevent violating kubernetes label limit [#9191](https://github.com/kumahq/kuma/pull/9191) @jakubdyszkiewicz +* fix(kuma-cp): return wrapped forward KDS client errors [#9160](https://github.com/kumahq/kuma/pull/9160) @lukidzi +* fix(kuma-cp): use display-name label to check if resource is referenced [#9962](https://github.com/kumahq/kuma/pull/9962) @lobkovilya +* fix(kumactl): correctly print new style resources [#9779](https://github.com/kumahq/kuma/pull/9779) @lahabana +* fix(kumactl): npe when creating new core resources [#9593](https://github.com/kumahq/kuma/pull/9593) @michaelbeaumont +* fix(pgx): use default MaxConnLifetimeJitter value for jitter [#9674](https://github.com/kumahq/kuma/pull/9674) @lukidzi +* fix(policies): don't set empty kuma.io service when using MeshHTTPRoute [#9394](https://github.com/kumahq/kuma/pull/9394) @lukidzi +* fix(policies): fix metrics labels [#9913](https://github.com/kumahq/kuma/pull/9913) @Automaat +* fix(transparent-proxy): make iptables mode detection more defensive [#9776](https://github.com/kumahq/kuma/pull/9776) @bartsmykla +* fix(xds): duplicated listeners [#9542](https://github.com/kumahq/kuma/pull/9542) @jakubdyszkiewicz +* perf(k8s): ignore serviceless pods from vips list [#9907](https://github.com/kumahq/kuma/pull/9907) @jakubdyszkiewicz +* perf(vips): group DB calls for CreateOrUpdateVIPConfigs [#9062](https://github.com/kumahq/kuma/pull/9062) @nicoche + ## 2.6.5 -> Released on 2024/04/08 +> Released on 2024/04/09 * chore(deps): bump kumahq/kuma from b203130df372 to 9b95497f2 [#5662](https://github.com/Kong/kong-mesh/pull/5662) [#5666](https://github.com/Kong/kong-mesh/pull/5666) [#5674](https://github.com/Kong/kong-mesh/pull/5674) [#5680](https://github.com/Kong/kong-mesh/pull/5680) [#5694](https://github.com/Kong/kong-mesh/pull/5694) [#5701](https://github.com/Kong/kong-mesh/pull/5701) @kong-mesh +### Includes [kumahq/kuma@2.6.5](https://github.com/kumahq/kuma/releases/tag/2.6.5) changelog + +* chore(deps): security update [#9820](https://github.com/kumahq/kuma/pull/9820) @kumahq +* chore(deps): update Envoy to v1.28.2 [#9843](https://github.com/kumahq/kuma/pull/9843) [#9848](https://github.com/kumahq/kuma/pull/9848) @michaelbeaumont + ## 2.5.7 -> Released on 2024/04/08 +> Released on 2024/04/09 * chore(deps): bump kumahq/kuma from 35f57c23ecdd to 2a7e5013e [#5664](https://github.com/Kong/kong-mesh/pull/5664) [#5679](https://github.com/Kong/kong-mesh/pull/5679) [#5696](https://github.com/Kong/kong-mesh/pull/5696) [#5705](https://github.com/Kong/kong-mesh/pull/5705) @kong-mesh +### Includes [kumahq/kuma@2.5.7](https://github.com/kumahq/kuma/releases/tag/2.5.7) changelog + +* chore(deps): security update [#9818](https://github.com/kumahq/kuma/pull/9818) @kumahq +* chore(deps): update Envoy to v1.28.2 [#9845](https://github.com/kumahq/kuma/pull/9845) [#9847](https://github.com/kumahq/kuma/pull/9847) @michaelbeaumont + ## 2.4.8 -> Released on 2024/04/08 +> Released on 2024/04/09 * chore(deps): bump kumahq/kuma from 4d60a91e01d8 to 304050ffd [#5618](https://github.com/Kong/kong-mesh/pull/5618) [#5637](https://github.com/Kong/kong-mesh/pull/5637) [#5660](https://github.com/Kong/kong-mesh/pull/5660) [#5676](https://github.com/Kong/kong-mesh/pull/5676) [#5695](https://github.com/Kong/kong-mesh/pull/5695) [#5703](https://github.com/Kong/kong-mesh/pull/5703) @kong-mesh +### Includes [kumahq/kuma@2.4.8](https://github.com/kumahq/kuma/releases/tag/2.4.8) changelog + +* Revert "feat(images/kuma-init): use iptables-wrapper to use correct iptables version (backport of #9701) (#9726)" [#9757](https://github.com/kumahq/kuma/pull/9757) @bartsmykla +* chore(deps): security update [#9684](https://github.com/kumahq/kuma/pull/9684) [#9696](https://github.com/kumahq/kuma/pull/9696) [#9815](https://github.com/kumahq/kuma/pull/9815) @kumahq +* chore(deps): update Envoy to v1.27.4 [#9844](https://github.com/kumahq/kuma/pull/9844) @michaelbeaumont + ## 2.3.7 -> Released on 2024/04/08 +> Released on 2024/04/09 * chore(deps): bump kumahq/kuma from 04377e548c39 to b0ad06967 [#5620](https://github.com/Kong/kong-mesh/pull/5620) [#5636](https://github.com/Kong/kong-mesh/pull/5636) [#5663](https://github.com/Kong/kong-mesh/pull/5663) [#5677](https://github.com/Kong/kong-mesh/pull/5677) [#5692](https://github.com/Kong/kong-mesh/pull/5692) [#5704](https://github.com/Kong/kong-mesh/pull/5704) @kong-mesh +### Includes [kumahq/kuma@2.3.7](https://github.com/kumahq/kuma/releases/tag/2.3.7) changelog + +* Revert "feat(images/kuma-init): use iptables-wrapper to use correct iptables version (backport of #9701) (#9725)" [#9758](https://github.com/kumahq/kuma/pull/9758) @bartsmykla +* chore(deps): security update [#9683](https://github.com/kumahq/kuma/pull/9683) [#9694](https://github.com/kumahq/kuma/pull/9694) [#9817](https://github.com/kumahq/kuma/pull/9817) @kumahq +* chore(deps): update Envoy to v1.26.8 [#9842](https://github.com/kumahq/kuma/pull/9842) @michaelbeaumont + ## 2.2.9 -> Released on 2024/04/08 +> Released on 2024/04/09 * chore(deps): bump kumahq/kuma from 4a4e4a6c37b2 to 811da1748 [#5619](https://github.com/Kong/kong-mesh/pull/5619) [#5638](https://github.com/Kong/kong-mesh/pull/5638) [#5661](https://github.com/Kong/kong-mesh/pull/5661) [#5678](https://github.com/Kong/kong-mesh/pull/5678) [#5693](https://github.com/Kong/kong-mesh/pull/5693) [#5702](https://github.com/Kong/kong-mesh/pull/5702) @kong-mesh +### Includes [kumahq/kuma@2.2.9](https://github.com/kumahq/kuma/releases/tag/2.2.9) changelog + +* Revert "feat(images/kuma-init): use iptables-wrapper to use correct iptables version (backport of #9701) (#9727)" [#9759](https://github.com/kumahq/kuma/pull/9759) @bartsmykla +* chore(deps): security update [#9680](https://github.com/kumahq/kuma/pull/9680) [#9695](https://github.com/kumahq/kuma/pull/9695) [#9816](https://github.com/kumahq/kuma/pull/9816) @kumahq +* chore(deps): update Envoy to v1.26.8 [#9841](https://github.com/kumahq/kuma/pull/9841) @michaelbeaumont + ## 2.6.4 > Released on 2024/04/02 * chore(deps): bump kumahq/kuma from ba48fe1f1a50 to b203130df [#5651](https://github.com/Kong/kong-mesh/pull/5651) @kong-mesh +### Includes [kumahq/kuma@2.6.4](https://github.com/kumahq/kuma/releases/tag/2.6.4) changelog + +* fix(transparent-proxy): make iptables mode detection more defensive (backport of #9776) [#9785](https://github.com/kumahq/kuma/pull/9785) @kumahq + ## 2.5.6 > Released on 2024/04/02 * chore(deps): bump kumahq/kuma from 35e9401bfab3 to 35f57c23e [#5650](https://github.com/Kong/kong-mesh/pull/5650) @kong-mesh +### Includes [kumahq/kuma@2.5.6](https://github.com/kumahq/kuma/releases/tag/2.5.6) changelog + +* fix(transparent-proxy): make iptables mode detection more defensive (backport of #9776) [#9788](https://github.com/kumahq/kuma/pull/9788) @kumahq + ## 2.6.3 > Released on 2024/03/29 * chore(deps): bump kumahq/kuma from 4cef8d860e7a to ba48fe1f1 [#5598](https://github.com/Kong/kong-mesh/pull/5598) [#5639](https://github.com/Kong/kong-mesh/pull/5639) [#5641](https://github.com/Kong/kong-mesh/pull/5641) @kong-mesh +### Includes [kumahq/kuma@2.6.3](https://github.com/kumahq/kuma/releases/tag/2.6.3) changelog + +* chore(deps): security update [#9621](https://github.com/kumahq/kuma/pull/9621) [#9681](https://github.com/kumahq/kuma/pull/9681) [#9697](https://github.com/kumahq/kuma/pull/9697) @kumahq +* feat(transparent-proxy): add automatic iptables type detection (backport of #9750) [#9765](https://github.com/kumahq/kuma/pull/9765) @kumahq +* fix(MeshHTTPRoute): fix response headers filter in gateway route generation (backport of #9652) [#9660](https://github.com/kumahq/kuma/pull/9660) @kumahq + ## 2.5.5 > Released on 2024/03/29 * chore(deps): bump kumahq/kuma from ea82d4e6d5ad to 35e9401bf [#5617](https://github.com/Kong/kong-mesh/pull/5617) [#5635](https://github.com/Kong/kong-mesh/pull/5635) [#5642](https://github.com/Kong/kong-mesh/pull/5642) @kong-mesh +### Includes [kumahq/kuma@2.5.5](https://github.com/kumahq/kuma/releases/tag/2.5.5) changelog + +* chore(deps): security update [#9682](https://github.com/kumahq/kuma/pull/9682) [#9698](https://github.com/kumahq/kuma/pull/9698) @kumahq +* feat(transparent-proxy): add automatic iptables type detection (backport of #9750) [#9764](https://github.com/kumahq/kuma/pull/9764) @kumahq + + +## 2.6.2 +> Released on 2024/03/19 + +* chore(deps): bump kumahq/kuma from 7b1269d6f957 to 4cef8d860 [#5467](https://github.com/Kong/kong-mesh/pull/5467) [#5477](https://github.com/Kong/kong-mesh/pull/5477) [#5481](https://github.com/Kong/kong-mesh/pull/5481) [#5487](https://github.com/Kong/kong-mesh/pull/5487) [#5511](https://github.com/Kong/kong-mesh/pull/5511) [#5555](https://github.com/Kong/kong-mesh/pull/5555) [#5563](https://github.com/Kong/kong-mesh/pull/5563) [#5568](https://github.com/Kong/kong-mesh/pull/5568) [#5588](https://github.com/Kong/kong-mesh/pull/5588) [#5591](https://github.com/Kong/kong-mesh/pull/5591) @kong-mesh +* chore(deps): use latest Kong/kong-mesh-gui [#5502](https://github.com/Kong/kong-mesh/pull/5502) @kong-mesh + +### Includes [kumahq/kuma@2.6.2](https://github.com/kumahq/kuma/releases/tag/2.6.2) changelog + +* chore(deps): security update [#9368](https://github.com/kumahq/kuma/pull/9368) [#9514](https://github.com/kumahq/kuma/pull/9514) [#9621](https://github.com/kumahq/kuma/pull/9621) @kumahq +* fix(kuma-cp): clone outbound tags (backport of #9592) [#9599](https://github.com/kumahq/kuma/pull/9599) @kumahq +* fix(xds): duplicated listeners (backport of #9542) [#9552](https://github.com/kumahq/kuma/pull/9552) @kumahq + ## 2.5.4 -> Released on 2024/03/18 +> Released on 2024/03/19 * chore(deps): bump kumahq/kuma from 23764bbca70d to ea82d4e6d [#5466](https://github.com/Kong/kong-mesh/pull/5466) [#5478](https://github.com/Kong/kong-mesh/pull/5478) [#5516](https://github.com/Kong/kong-mesh/pull/5516) [#5556](https://github.com/Kong/kong-mesh/pull/5556) [#5564](https://github.com/Kong/kong-mesh/pull/5564) [#5569](https://github.com/Kong/kong-mesh/pull/5569) [#5594](https://github.com/Kong/kong-mesh/pull/5594) [#5602](https://github.com/Kong/kong-mesh/pull/5602) @kong-mesh * chore(deps): security update [#5573](https://github.com/Kong/kong-mesh/pull/5573) @kong-mesh * chore(deps): use latest Kong/kong-mesh-gui [#5503](https://github.com/Kong/kong-mesh/pull/5503) @kong-mesh +### Includes [kumahq/kuma@2.5.4](https://github.com/kumahq/kuma/releases/tag/2.5.4) changelog + +* chore(deps): security update [#9366](https://github.com/kumahq/kuma/pull/9366) [#9512](https://github.com/kumahq/kuma/pull/9512) [#9619](https://github.com/kumahq/kuma/pull/9619) @kumahq + ## 2.4.7 -> Released on 2024/03/18 +> Released on 2024/03/19 * chore(deps): bump kumahq/kuma from e5ffd4dc7dc3 to 4d60a91e0 [#5465](https://github.com/Kong/kong-mesh/pull/5465) [#5514](https://github.com/Kong/kong-mesh/pull/5514) [#5562](https://github.com/Kong/kong-mesh/pull/5562) [#5567](https://github.com/Kong/kong-mesh/pull/5567) [#5595](https://github.com/Kong/kong-mesh/pull/5595) [#5599](https://github.com/Kong/kong-mesh/pull/5599) @kong-mesh * chore(deps): use latest Kong/kong-mesh-gui [#5504](https://github.com/Kong/kong-mesh/pull/5504) @kong-mesh +### Includes [kumahq/kuma@2.4.7](https://github.com/kumahq/kuma/releases/tag/2.4.7) changelog + +* chore(deps): security update [#9513](https://github.com/kumahq/kuma/pull/9513) [#9620](https://github.com/kumahq/kuma/pull/9620) @kumahq +* chore(deps): use latest kumahq/kuma-gui [#9409](https://github.com/kumahq/kuma/pull/9409) @kumahq + ## 2.3.6 -> Released on 2024/03/18 +> Released on 2024/03/19 * chore(deps): bump kumahq/kuma from 59b52bb35d2a to 04377e548 [#5464](https://github.com/Kong/kong-mesh/pull/5464) [#5513](https://github.com/Kong/kong-mesh/pull/5513) [#5561](https://github.com/Kong/kong-mesh/pull/5561) [#5576](https://github.com/Kong/kong-mesh/pull/5576) [#5585](https://github.com/Kong/kong-mesh/pull/5585) [#5596](https://github.com/Kong/kong-mesh/pull/5596) [#5600](https://github.com/Kong/kong-mesh/pull/5600) @kong-mesh +### Includes [kumahq/kuma@2.3.6](https://github.com/kumahq/kuma/releases/tag/2.3.6) changelog + +* chore(deps): security update [#9515](https://github.com/kumahq/kuma/pull/9515) [#9618](https://github.com/kumahq/kuma/pull/9618) @kumahq + ## 2.2.8 -> Released on 2024/03/18 +> Released on 2024/03/19 * chore(deps): bump kumahq/kuma from fc2c17ee51d4 to 4a4e4a6c3 [#5463](https://github.com/Kong/kong-mesh/pull/5463) [#5512](https://github.com/Kong/kong-mesh/pull/5512) [#5560](https://github.com/Kong/kong-mesh/pull/5560) [#5575](https://github.com/Kong/kong-mesh/pull/5575) [#5584](https://github.com/Kong/kong-mesh/pull/5584) [#5597](https://github.com/Kong/kong-mesh/pull/5597) [#5601](https://github.com/Kong/kong-mesh/pull/5601) @kong-mesh +### Includes [kumahq/kuma@2.2.8](https://github.com/kumahq/kuma/releases/tag/2.2.8) changelog -## 2.6.2 -> Released on 2024/03/14 - -* chore(deps): bump kumahq/kuma from 7b1269d6f957 to 4cef8d860 [#5467](https://github.com/Kong/kong-mesh/pull/5467) [#5477](https://github.com/Kong/kong-mesh/pull/5477) [#5481](https://github.com/Kong/kong-mesh/pull/5481) [#5487](https://github.com/Kong/kong-mesh/pull/5487) [#5511](https://github.com/Kong/kong-mesh/pull/5511) [#5555](https://github.com/Kong/kong-mesh/pull/5555) [#5563](https://github.com/Kong/kong-mesh/pull/5563) [#5568](https://github.com/Kong/kong-mesh/pull/5568) [#5588](https://github.com/Kong/kong-mesh/pull/5588) [#5591](https://github.com/Kong/kong-mesh/pull/5591) @kong-mesh -* chore(deps): use latest Kong/kong-mesh-gui [#5502](https://github.com/Kong/kong-mesh/pull/5502) @kong-mesh +* chore(deps): manual security update release-2.2 [#9523](https://github.com/kumahq/kuma/pull/9523) @lobkovilya +* chore(deps): security update [#9537](https://github.com/kumahq/kuma/pull/9537) [#9617](https://github.com/kumahq/kuma/pull/9617) @kumahq ## 2.5.3 @@ -428,24 +1265,46 @@ * chore(deps): bump kumahq/kuma from bd64b43ef337 to 23764bbca [#5376](https://github.com/Kong/kong-mesh/pull/5376) [#5390](https://github.com/Kong/kong-mesh/pull/5390) [#5450](https://github.com/Kong/kong-mesh/pull/5450) [#5457](https://github.com/Kong/kong-mesh/pull/5457) @kong-mesh +### Includes [kumahq/kuma@2.5.3](https://github.com/kumahq/kuma/releases/tag/2.5.3) changelog + +* chore(deps): security update [#9287](https://github.com/kumahq/kuma/pull/9287) @kumahq +* chore(deps): update iptables version (backport of #9200) [#9215](https://github.com/kumahq/kuma/pull/9215) @kumahq +* chore(deps): upgrade envoy to v1.28.1 [#9219](https://github.com/kumahq/kuma/pull/9219) @lukidzi +* fix(gatewayapi): don't add HTTPRoute status if Kuma isn't the controller (backport of #9228) [#9235](https://github.com/kumahq/kuma/pull/9235) @kumahq + ## 2.4.6 > Released on 2024/02/20 * chore(deps): bump kumahq/kuma from 41284773c8df to e5ffd4dc7 [#5378](https://github.com/Kong/kong-mesh/pull/5378) [#5453](https://github.com/Kong/kong-mesh/pull/5453) @kong-mesh +### Includes [kumahq/kuma@2.4.6](https://github.com/kumahq/kuma/releases/tag/2.4.6) changelog + +* chore(deps): update iptables version (backport of #9200) [#9214](https://github.com/kumahq/kuma/pull/9214) @kumahq +* chore(deps): upgrade envoy to v1.27.3 [#9220](https://github.com/kumahq/kuma/pull/9220) @lukidzi + ## 2.3.5 > Released on 2024/02/20 * chore(deps): bump kumahq/kuma from baa08aefa319 to 59b52bb35 [#5377](https://github.com/Kong/kong-mesh/pull/5377) [#5454](https://github.com/Kong/kong-mesh/pull/5454) @kong-mesh +### Includes [kumahq/kuma@2.3.5](https://github.com/kumahq/kuma/releases/tag/2.3.5) changelog + +* chore(deps): update iptables version (backport of #9200) [#9213](https://github.com/kumahq/kuma/pull/9213) @kumahq +* chore(deps): upgrade envoy to v1.26.7 [#9221](https://github.com/kumahq/kuma/pull/9221) @lukidzi + ## 2.2.7 > Released on 2024/02/20 * chore(deps): bump kumahq/kuma from e4d77e6a0553 to fc2c17ee5 [#5379](https://github.com/Kong/kong-mesh/pull/5379) [#5451](https://github.com/Kong/kong-mesh/pull/5451) [#5455](https://github.com/Kong/kong-mesh/pull/5455) @kong-mesh +### Includes [kumahq/kuma@2.2.7](https://github.com/kumahq/kuma/releases/tag/2.2.7) changelog + +* chore(deps): update iptables version (backport of #9200) [#9217](https://github.com/kumahq/kuma/pull/9217) @kumahq +* chore(deps): upgrade envoy to v1.26.7 [#9294](https://github.com/kumahq/kuma/pull/9294) @lukidzi + ## 2.6.1 > Released on 2024/02/19 @@ -456,36 +1315,95 @@ * feat(rbac): set the same permission on zone and global (backport of #5432) [#5442](https://github.com/Kong/kong-mesh/pull/5442) @kong-mesh * fix(rbac): allow system:authenticated on zone cp (backport of #5391) [#5397](https://github.com/Kong/kong-mesh/pull/5397) @kong-mesh +### Includes [kumahq/kuma@2.6.1](https://github.com/kumahq/kuma/releases/tag/2.6.1) changelog + +* chore(deps): downgrade go-control-plane to v0.11.2-0.20231010133108-1dfbe83bcebc (backport of #9163) [#9285](https://github.com/kumahq/kuma/pull/9285) @kumahq +* chore(deps): security update [#9288](https://github.com/kumahq/kuma/pull/9288) @kumahq +* chore(deps): update iptables version (backport of #9200) [#9216](https://github.com/kumahq/kuma/pull/9216) @kumahq +* chore(deps): upgrade envoy to v1.28.1 [#9218](https://github.com/kumahq/kuma/pull/9218) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#9174](https://github.com/kumahq/kuma/pull/9174) [#9194](https://github.com/kumahq/kuma/pull/9194) @kumahq +* fix(MeshGateway): fix MeshTCPRoute on MeshGateway (backport of #9167) [#9180](https://github.com/kumahq/kuma/pull/9180) @kumahq +* fix(MeshTCPRoute): allow MeshGateway listener tags [#9239](https://github.com/kumahq/kuma/pull/9239) @michaelbeaumont +* fix(defaults): change meshsubset to mesh for gateway's meshtimeout (backport of #9192) [#9199](https://github.com/kumahq/kuma/pull/9199) @kumahq +* fix(gatewayapi): don't add HTTPRoute status if Kuma isn't the controller (backport of #9228) [#9236](https://github.com/kumahq/kuma/pull/9236) @kumahq +* fix(kubernetes): create builtin CA once (backport of #9124) [#9129](https://github.com/kumahq/kuma/pull/9129) @kumahq +* fix(kuma-cp): copy annotations when adding/update k8s object (backport of #9254) [#9263](https://github.com/kumahq/kuma/pull/9263) @kumahq +* fix(kuma-cp): kds sync on upgrade doubles the number of policies (backport of #9259) [#9273](https://github.com/kumahq/kuma/pull/9273) @kumahq +* fix(kuma-cp): prevent violating kubernetes label limit (backport of #9191) [#9233](https://github.com/kumahq/kuma/pull/9233) @kumahq + ## 2.5.2 -> Released on 2024/02/05 +> Released on 2024/02/06 * chore(deps): bump kumahq/kuma from d2ced55cd241 to bd64b43ef [#5028](https://github.com/Kong/kong-mesh/pull/5028) [#5039](https://github.com/Kong/kong-mesh/pull/5039) [#5064](https://github.com/Kong/kong-mesh/pull/5064) [#5069](https://github.com/Kong/kong-mesh/pull/5069) [#5087](https://github.com/Kong/kong-mesh/pull/5087) [#5220](https://github.com/Kong/kong-mesh/pull/5220) [#5226](https://github.com/Kong/kong-mesh/pull/5226) [#5231](https://github.com/Kong/kong-mesh/pull/5231) [#5299](https://github.com/Kong/kong-mesh/pull/5299) [#5340](https://github.com/Kong/kong-mesh/pull/5340) @kong-mesh +### Includes [kumahq/kuma@2.5.2](https://github.com/kumahq/kuma/releases/tag/2.5.2) changelog + +* chore(deps): security update [#8678](https://github.com/kumahq/kuma/pull/8678) [#8694](https://github.com/kumahq/kuma/pull/8694) [#9103](https://github.com/kumahq/kuma/pull/9103) @kumahq +* chore(deps): update go from 1.21.5 to 1.21.6 (backport of #8944) [#8962](https://github.com/kumahq/kuma/pull/8962) @kumahq +* chore(deps): update go to 1.21.5 (backport of #8616) [#8627](https://github.com/kumahq/kuma/pull/8627) @kumahq +* fix(kds): race condition on fill metadata (backport of #8872) [#8999](https://github.com/kumahq/kuma/pull/8999) @kumahq +* fix(kuma-cp): assign `extensions` in `ZoneInsightSink` constructor (backport of #8940) [#8956](https://github.com/kumahq/kuma/pull/8956) @kumahq +* fix(vips): skip ignored listeners (backport of #8937) [#8982](https://github.com/kumahq/kuma/pull/8982) @kumahq + ## 2.4.5 -> Released on 2024/02/05 +> Released on 2024/02/06 * chore(deps): bump kumahq/kuma from b3131e7b6555 to 41284773c [#4799](https://github.com/Kong/kong-mesh/pull/4799) [#4825](https://github.com/Kong/kong-mesh/pull/4825) [#4830](https://github.com/Kong/kong-mesh/pull/4830) [#4865](https://github.com/Kong/kong-mesh/pull/4865) [#4869](https://github.com/Kong/kong-mesh/pull/4869) [#4934](https://github.com/Kong/kong-mesh/pull/4934) [#5031](https://github.com/Kong/kong-mesh/pull/5031) [#5062](https://github.com/Kong/kong-mesh/pull/5062) [#5088](https://github.com/Kong/kong-mesh/pull/5088) [#5091](https://github.com/Kong/kong-mesh/pull/5091) [#5225](https://github.com/Kong/kong-mesh/pull/5225) [#5297](https://github.com/Kong/kong-mesh/pull/5297) [#5314](https://github.com/Kong/kong-mesh/pull/5314) [#5338](https://github.com/Kong/kong-mesh/pull/5338) @kong-mesh * chore(deps): bump shadow-utils (backport of #4768) [#4772](https://github.com/Kong/kong-mesh/pull/4772) @kong-mesh * chore(deps): security update [#4907](https://github.com/Kong/kong-mesh/pull/4907) @kong-mesh +### Includes [kumahq/kuma@2.4.5](https://github.com/kumahq/kuma/releases/tag/2.4.5) changelog + +* chore(deps): bump the go-opentelemetry-io group with 3 updates (backport of #8347) [#8352](https://github.com/kumahq/kuma/pull/8352) @kumahq +* chore(deps): security update [#8672](https://github.com/kumahq/kuma/pull/8672) [#8699](https://github.com/kumahq/kuma/pull/8699) [#9100](https://github.com/kumahq/kuma/pull/9100) @kumahq +* chore(deps): update go from 1.21.5 to 1.21.6 (backport of #8944) [#8961](https://github.com/kumahq/kuma/pull/8961) @kumahq +* chore(deps): update go to 1.21.4 (backport of #8341) [#8345](https://github.com/kumahq/kuma/pull/8345) @kumahq +* chore(deps): update go to 1.21.5 (backport of #8616) [#8626](https://github.com/kumahq/kuma/pull/8626) @kumahq +* fix(ZoneIngress): subset routing when tag is present on all subsets (backport of #8443) [#8473](https://github.com/kumahq/kuma/pull/8473) @kumahq +* fix(k8s): don't temporarily remove all AvailableServices on ZoneIngress Pod reconciliations (backport of #8301) [#8307](https://github.com/kumahq/kuma/pull/8307) @kumahq +* fix(kds): race condition on fill metadata (backport of #8872) [#9000](https://github.com/kumahq/kuma/pull/9000) @kumahq + ## 2.3.4 -> Released on 2024/02/05 +> Released on 2024/02/06 * chore(deps): bump kumahq/kuma from 815b26399692 to baa08aefa [#4618](https://github.com/Kong/kong-mesh/pull/4618) [#4666](https://github.com/Kong/kong-mesh/pull/4666) [#4676](https://github.com/Kong/kong-mesh/pull/4676) [#4687](https://github.com/Kong/kong-mesh/pull/4687) [#4798](https://github.com/Kong/kong-mesh/pull/4798) [#4826](https://github.com/Kong/kong-mesh/pull/4826) [#4867](https://github.com/Kong/kong-mesh/pull/4867) [#4888](https://github.com/Kong/kong-mesh/pull/4888) [#5029](https://github.com/Kong/kong-mesh/pull/5029) [#5061](https://github.com/Kong/kong-mesh/pull/5061) [#5065](https://github.com/Kong/kong-mesh/pull/5065) [#5089](https://github.com/Kong/kong-mesh/pull/5089) [#5223](https://github.com/Kong/kong-mesh/pull/5223) [#5298](https://github.com/Kong/kong-mesh/pull/5298) [#5315](https://github.com/Kong/kong-mesh/pull/5315) [#5339](https://github.com/Kong/kong-mesh/pull/5339) @kong-mesh * chore(deps): bump shadow-utils (backport of #4768) [#4773](https://github.com/Kong/kong-mesh/pull/4773) @kong-mesh * chore(deps): security update [#4654](https://github.com/Kong/kong-mesh/pull/4654) [#4707](https://github.com/Kong/kong-mesh/pull/4707) [#4839](https://github.com/Kong/kong-mesh/pull/4839) @kong-mesh +### Includes [kumahq/kuma@2.3.4](https://github.com/kumahq/kuma/releases/tag/2.3.4) changelog + +* chore(deps): security update [#8204](https://github.com/kumahq/kuma/pull/8204) [#8674](https://github.com/kumahq/kuma/pull/8674) [#8697](https://github.com/kumahq/kuma/pull/8697) [#9099](https://github.com/kumahq/kuma/pull/9099) @kumahq +* chore(deps): update go from 1.21.5 to 1.21.6 (backport of #8944) [#8958](https://github.com/kumahq/kuma/pull/8958) @kumahq +* chore(deps): update go to 1.21.4 (backport of #8341) [#8343](https://github.com/kumahq/kuma/pull/8343) @kumahq +* chore(deps): update go to 1.21.5 (backport of #8616) [#8624](https://github.com/kumahq/kuma/pull/8624) @kumahq +* chore(deps): upgrade envoy to 1.26.6 [#8162](https://github.com/kumahq/kuma/pull/8162) @lukidzi +* fix(MeshTrafficPermission): support permissive mtls (backport of #8171) [#8175](https://github.com/kumahq/kuma/pull/8175) @kumahq +* fix(k8s): don't temporarily remove all AvailableServices on ZoneIngress Pod reconciliations (backport of #8301) [#8306](https://github.com/kumahq/kuma/pull/8306) @kumahq +* fix(k8s): fix VIPs configmap entries with invalid keys for ExternalName services (backport of #8168) [#8196](https://github.com/kumahq/kuma/pull/8196) @kumahq +* fix(kds): race condition on fill metadata (backport of #8872) [#8997](https://github.com/kumahq/kuma/pull/8997) @kumahq + ## 2.2.6 -> Released on 2024/02/05 +> Released on 2024/02/06 * chore(deps): bump kumahq/kuma from 467b9011abcf to e4d77e6a0 [#4617](https://github.com/Kong/kong-mesh/pull/4617) [#4665](https://github.com/Kong/kong-mesh/pull/4665) [#4679](https://github.com/Kong/kong-mesh/pull/4679) [#4688](https://github.com/Kong/kong-mesh/pull/4688) [#4699](https://github.com/Kong/kong-mesh/pull/4699) [#4800](https://github.com/Kong/kong-mesh/pull/4800) [#4827](https://github.com/Kong/kong-mesh/pull/4827) [#4874](https://github.com/Kong/kong-mesh/pull/4874) [#4930](https://github.com/Kong/kong-mesh/pull/4930) [#5030](https://github.com/Kong/kong-mesh/pull/5030) [#5063](https://github.com/Kong/kong-mesh/pull/5063) [#5066](https://github.com/Kong/kong-mesh/pull/5066) [#5094](https://github.com/Kong/kong-mesh/pull/5094) [#5095](https://github.com/Kong/kong-mesh/pull/5095) [#5224](https://github.com/Kong/kong-mesh/pull/5224) [#5300](https://github.com/Kong/kong-mesh/pull/5300) [#5337](https://github.com/Kong/kong-mesh/pull/5337) @kong-mesh * chore(deps): bump shadow-utils (backport of #4768) [#4770](https://github.com/Kong/kong-mesh/pull/4770) @kong-mesh * chore(deps): security update [#4655](https://github.com/Kong/kong-mesh/pull/4655) [#4840](https://github.com/Kong/kong-mesh/pull/4840) @kong-mesh +### Includes [kumahq/kuma@2.2.6](https://github.com/kumahq/kuma/releases/tag/2.2.6) changelog + +* chore(deps): security update [#8202](https://github.com/kumahq/kuma/pull/8202) [#8673](https://github.com/kumahq/kuma/pull/8673) [#8698](https://github.com/kumahq/kuma/pull/8698) [#9105](https://github.com/kumahq/kuma/pull/9105) @kumahq +* chore(deps): update go from 1.21.5 to 1.21.6 (backport of #8944) [#8960](https://github.com/kumahq/kuma/pull/8960) @kumahq +* chore(deps): update go to 1.21.4 (backport of #8341) [#8346](https://github.com/kumahq/kuma/pull/8346) @kumahq +* chore(deps): update go to 1.21.5 (backport of #8616) [#8623](https://github.com/kumahq/kuma/pull/8623) @kumahq +* chore(deps): upgrade envoy to 1.25.11 [#8163](https://github.com/kumahq/kuma/pull/8163) @lukidzi +* fix(MeshTrafficPermission): support permissive mtls (backport of #8171) [#8178](https://github.com/kumahq/kuma/pull/8178) @kumahq +* fix(k8s): don't temporarily remove all AvailableServices on ZoneIngress Pod reconciliations (backport of #8301) [#8305](https://github.com/kumahq/kuma/pull/8305) @kumahq +* fix(k8s): fix VIPs configmap entries with invalid keys for ExternalName services (backport of #8168) [#8195](https://github.com/kumahq/kuma/pull/8195) @kumahq + ## 2.6.0 > Released on 2024/02/01 @@ -517,6 +1435,175 @@ * fix(kumactl): customize demo namespace [#5273](https://github.com/Kong/kong-mesh/pull/5273) @jakubdyszkiewicz * fix(vault): remove error when renewing token on removed mesh [#5162](https://github.com/Kong/kong-mesh/pull/5162) @lahabana +### Includes [kumahq/kuma@2.6.0](https://github.com/kumahq/kuma/releases/tag/2.6.0) changelog + +* chore(deps): bump actions/cache from 3.3.2 to 4.0.0 [#8865](https://github.com/kumahq/kuma/pull/8865) [#8985](https://github.com/kumahq/kuma/pull/8985) @dependabot +* chore(deps): bump actions/checkout from 3.1.0 to 4.1.1 [#8862](https://github.com/kumahq/kuma/pull/8862) @dependabot +* chore(deps): bump actions/download-artifact and actions/upload-artifact from 3 to 4 [#8701](https://github.com/kumahq/kuma/pull/8701) @michaelbeaumont +* chore(deps): bump actions/github-script from 6 to 7 [#8422](https://github.com/kumahq/kuma/pull/8422) [#8530](https://github.com/kumahq/kuma/pull/8530) @dependabot +* chore(deps): bump actions/setup-go from 4 to 5 [#8586](https://github.com/kumahq/kuma/pull/8586) @dependabot +* chore(deps): bump actions/upload-artifact from 3.1.0 to 4.2.0 [#8863](https://github.com/kumahq/kuma/pull/8863) [#8986](https://github.com/kumahq/kuma/pull/8986) @dependabot +* chore(deps): bump debian from `fab22df` to `b16cef8` [#8465](https://github.com/kumahq/kuma/pull/8465) [#8685](https://github.com/kumahq/kuma/pull/8685) [#8853](https://github.com/kumahq/kuma/pull/8853) @dependabot +* chore(deps): bump distroless/base-nossl-debian11 from `1ae8df5` to `61c9d7a` [#8659](https://github.com/kumahq/kuma/pull/8659) @dependabot +* chore(deps): bump distroless/static-debian11 from `cdb2034` to `1e5b9bb` [#8657](https://github.com/kumahq/kuma/pull/8657) @dependabot +* chore(deps): bump github.com/bakito/go-log-logr-adapter from v0.0.2 to latest [#8646](https://github.com/kumahq/kuma/pull/8646) @michaelbeaumont +* chore(deps): bump github.com/containerd/containerd from 1.7.7 to 1.7.11 [#8693](https://github.com/kumahq/kuma/pull/8693) @dependabot +* chore(deps): bump github.com/containernetworking/plugins from 1.3.0 to 1.4.0 [#8588](https://github.com/kumahq/kuma/pull/8588) @dependabot +* chore(deps): bump github.com/emicklei/go-restful/v3 from 3.11.0 to 3.11.2 [#8791](https://github.com/kumahq/kuma/pull/8791) @dependabot +* chore(deps): bump github.com/envoyproxy/go-control-plane from 0.11.1 to 0.12.0 [#8738](https://github.com/kumahq/kuma/pull/8738) @dependabot +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 1.0.2 to 1.0.4 [#8857](https://github.com/kumahq/kuma/pull/8857) [#8971](https://github.com/kumahq/kuma/pull/8971) @dependabot +* chore(deps): bump github.com/evanphx/json-patch/v5 from 5.7.0 to 5.8.1 [#8883](https://github.com/kumahq/kuma/pull/8883) @dependabot +* chore(deps): bump github.com/exaring/otelpgx from 0.5.2 to 0.5.3 [#8975](https://github.com/kumahq/kuma/pull/8975) @dependabot +* chore(deps): bump github.com/go-logr/logr from 1.3.0 to 1.4.1 [#8726](https://github.com/kumahq/kuma/pull/8726) @dependabot +* chore(deps): bump github.com/golang-migrate/migrate/v4 from 4.16.2 to 4.17.0 [#8724](https://github.com/kumahq/kuma/pull/8724) @dependabot +* chore(deps): bump github.com/google/uuid from 1.4.0 to 1.6.0 [#8644](https://github.com/kumahq/kuma/pull/8644) [#9018](https://github.com/kumahq/kuma/pull/9018) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.46.7 to 0.46.11 [#8589](https://github.com/kumahq/kuma/pull/8589) [#8790](https://github.com/kumahq/kuma/pull/8790) [#8968](https://github.com/kumahq/kuma/pull/8968) @dependabot +* chore(deps): bump github.com/jackc/pgx/v5 from 5.5.0 to 5.5.2 [#8587](https://github.com/kumahq/kuma/pull/8587) [#8860](https://github.com/kumahq/kuma/pull/8860) @dependabot +* chore(deps): bump github.com/miekg/dns from 1.1.56 to 1.1.58 [#8421](https://github.com/kumahq/kuma/pull/8421) [#8970](https://github.com/kumahq/kuma/pull/8970) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.13.1 to 2.15.0 [#8520](https://github.com/kumahq/kuma/pull/8520) [#8859](https://github.com/kumahq/kuma/pull/8859) [#8973](https://github.com/kumahq/kuma/pull/8973) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.30.0 to 1.31.1 [#8976](https://github.com/kumahq/kuma/pull/8976) @dependabot +* chore(deps): bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0 [#8728](https://github.com/kumahq/kuma/pull/8728) @dependabot +* chore(deps): bump github.com/prometheus/common from 0.45.0 to 0.46.0 [#8858](https://github.com/kumahq/kuma/pull/8858) @dependabot +* chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.6 to 2.1.7 [#8974](https://github.com/kumahq/kuma/pull/8974) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.26.0 to 0.27.0 [#8725](https://github.com/kumahq/kuma/pull/8725) @dependabot +* chore(deps): bump github/codeql-action from 2 to 3.23.1 [#8662](https://github.com/kumahq/kuma/pull/8662) [#8864](https://github.com/kumahq/kuma/pull/8864) [#8984](https://github.com/kumahq/kuma/pull/8984) @dependabot +* chore(deps): bump golang from 1.21.4 to 1.21.6 [#8616](https://github.com/kumahq/kuma/pull/8616) [#8944](https://github.com/kumahq/kuma/pull/8944) @jakubdyszkiewicz,@michaelbeaumont +* chore(deps): bump golang.org/x/crypto from 0.16.0 to 0.17.0 [#8665](https://github.com/kumahq/kuma/pull/8665) @dependabot +* chore(deps): bump golang.org/x/net from 0.18.0 to 0.20.0 [#8519](https://github.com/kumahq/kuma/pull/8519) [#8789](https://github.com/kumahq/kuma/pull/8789) @dependabot +* chore(deps): bump golang.org/x/sys from 0.14.1-0.20231108175955-e4099bfacb8c to 0.16.0 [#8521](https://github.com/kumahq/kuma/pull/8521) [#8774](https://github.com/kumahq/kuma/pull/8774) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.59.0 to 1.61.0 [#8645](https://github.com/kumahq/kuma/pull/8645) [#8686](https://github.com/kumahq/kuma/pull/8686) [#9017](https://github.com/kumahq/kuma/pull/9017) @dependabot +* chore(deps): bump google.golang.org/protobuf from 1.31.0 to 1.32.0 [#8727](https://github.com/kumahq/kuma/pull/8727) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.13.2 to 3.14.0 [#8643](https://github.com/kumahq/kuma/pull/8643) [#8969](https://github.com/kumahq/kuma/pull/8969) @dependabot +* chore(deps): bump ossf/scorecard-action from 2.1.2 to 2.3.1 [#8861](https://github.com/kumahq/kuma/pull/8861) @dependabot +* chore(deps): bump postgres from `e213539` to `49c276f` [#8785](https://github.com/kumahq/kuma/pull/8785) [#8842](https://github.com/kumahq/kuma/pull/8842) [#8866](https://github.com/kumahq/kuma/pull/8866) @dependabot +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.16.3 to 0.17.0 [#8972](https://github.com/kumahq/kuma/pull/8972) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.13.0 to 0.14.0 [#8856](https://github.com/kumahq/kuma/pull/8856) @dependabot +* chore(deps): bump the go-opentelemetry-io group with 3 updates [#8420](https://github.com/kumahq/kuma/pull/8420) @dependabot +* chore(deps): bump the go-opentelemetry-io group with 5 updates [#8967](https://github.com/kumahq/kuma/pull/8967) @dependabot +* chore(deps): bump the k8s-libs group from 0.28.3 to 0.28.4 [#8419](https://github.com/kumahq/kuma/pull/8419) @dependabot +* chore(deps): bump the k8s-libs group with 1 update [#8854](https://github.com/kumahq/kuma/pull/8854) @dependabot +* chore(deps): bump the k8s-libs group with 3 updates [#8642](https://github.com/kumahq/kuma/pull/8642) @dependabot +* chore(deps): bump the k8s-libs group with 4 updates [#8966](https://github.com/kumahq/kuma/pull/8966) @dependabot +* chore(deps): bump ubuntu from `2b7412e` to `6042500` [#8518](https://github.com/kumahq/kuma/pull/8518) [#8658](https://github.com/kumahq/kuma/pull/8658) @dependabot +* chore(deps): fix update insecure dependencies by setting bigger swap [#8677](https://github.com/kumahq/kuma/pull/8677) @slonka +* chore(deps): more explicit image tag in envoy.Dockerfile [#8482](https://github.com/kumahq/kuma/pull/8482) @michaelbeaumont +* chore(deps): security update [#8696](https://github.com/kumahq/kuma/pull/8696) [#9104](https://github.com/kumahq/kuma/pull/9104) @kumahq +* chore(deps): tag ubuntu image more explicitly [#8988](https://github.com/kumahq/kuma/pull/8988) @michaelbeaumont +* chore(deps): use latest kumahq/kuma-gui [#8400](https://github.com/kumahq/kuma/pull/8400) [#8401](https://github.com/kumahq/kuma/pull/8401) [#8405](https://github.com/kumahq/kuma/pull/8405) [#8418](https://github.com/kumahq/kuma/pull/8418) [#8425](https://github.com/kumahq/kuma/pull/8425) [#8434](https://github.com/kumahq/kuma/pull/8434) [#8440](https://github.com/kumahq/kuma/pull/8440) [#8441](https://github.com/kumahq/kuma/pull/8441) [#8446](https://github.com/kumahq/kuma/pull/8446) [#8452](https://github.com/kumahq/kuma/pull/8452) [#8453](https://github.com/kumahq/kuma/pull/8453) [#8454](https://github.com/kumahq/kuma/pull/8454) [#8470](https://github.com/kumahq/kuma/pull/8470) [#8480](https://github.com/kumahq/kuma/pull/8480) [#8481](https://github.com/kumahq/kuma/pull/8481) [#8488](https://github.com/kumahq/kuma/pull/8488) [#8496](https://github.com/kumahq/kuma/pull/8496) [#8501](https://github.com/kumahq/kuma/pull/8501) [#8504](https://github.com/kumahq/kuma/pull/8504) [#8507](https://github.com/kumahq/kuma/pull/8507) [#8531](https://github.com/kumahq/kuma/pull/8531) [#8534](https://github.com/kumahq/kuma/pull/8534) [#8538](https://github.com/kumahq/kuma/pull/8538) [#8546](https://github.com/kumahq/kuma/pull/8546) [#8550](https://github.com/kumahq/kuma/pull/8550) [#8554](https://github.com/kumahq/kuma/pull/8554) [#8561](https://github.com/kumahq/kuma/pull/8561) [#8564](https://github.com/kumahq/kuma/pull/8564) [#8577](https://github.com/kumahq/kuma/pull/8577) [#8579](https://github.com/kumahq/kuma/pull/8579) [#8583](https://github.com/kumahq/kuma/pull/8583) [#8585](https://github.com/kumahq/kuma/pull/8585) [#8590](https://github.com/kumahq/kuma/pull/8590) [#8592](https://github.com/kumahq/kuma/pull/8592) [#8594](https://github.com/kumahq/kuma/pull/8594) [#8600](https://github.com/kumahq/kuma/pull/8600) [#8601](https://github.com/kumahq/kuma/pull/8601) [#8619](https://github.com/kumahq/kuma/pull/8619) [#8620](https://github.com/kumahq/kuma/pull/8620) [#8637](https://github.com/kumahq/kuma/pull/8637) [#8638](https://github.com/kumahq/kuma/pull/8638) [#8684](https://github.com/kumahq/kuma/pull/8684) [#8709](https://github.com/kumahq/kuma/pull/8709) [#8712](https://github.com/kumahq/kuma/pull/8712) [#8714](https://github.com/kumahq/kuma/pull/8714) [#8735](https://github.com/kumahq/kuma/pull/8735) [#8751](https://github.com/kumahq/kuma/pull/8751) [#8758](https://github.com/kumahq/kuma/pull/8758) [#8779](https://github.com/kumahq/kuma/pull/8779) [#8784](https://github.com/kumahq/kuma/pull/8784) [#8794](https://github.com/kumahq/kuma/pull/8794) [#8797](https://github.com/kumahq/kuma/pull/8797) [#8802](https://github.com/kumahq/kuma/pull/8802) [#8803](https://github.com/kumahq/kuma/pull/8803) [#8810](https://github.com/kumahq/kuma/pull/8810) [#8835](https://github.com/kumahq/kuma/pull/8835) [#8841](https://github.com/kumahq/kuma/pull/8841) [#8848](https://github.com/kumahq/kuma/pull/8848) [#8850](https://github.com/kumahq/kuma/pull/8850) [#8869](https://github.com/kumahq/kuma/pull/8869) [#8870](https://github.com/kumahq/kuma/pull/8870) [#8871](https://github.com/kumahq/kuma/pull/8871) [#8886](https://github.com/kumahq/kuma/pull/8886) [#8895](https://github.com/kumahq/kuma/pull/8895) [#8899](https://github.com/kumahq/kuma/pull/8899) [#8903](https://github.com/kumahq/kuma/pull/8903) [#8910](https://github.com/kumahq/kuma/pull/8910) [#8914](https://github.com/kumahq/kuma/pull/8914) [#8917](https://github.com/kumahq/kuma/pull/8917) [#8941](https://github.com/kumahq/kuma/pull/8941) [#8948](https://github.com/kumahq/kuma/pull/8948) [#8987](https://github.com/kumahq/kuma/pull/8987) [#9003](https://github.com/kumahq/kuma/pull/9003) [#9004](https://github.com/kumahq/kuma/pull/9004) [#9008](https://github.com/kumahq/kuma/pull/9008) [#9040](https://github.com/kumahq/kuma/pull/9040) [#9052](https://github.com/kumahq/kuma/pull/9052) [#9055](https://github.com/kumahq/kuma/pull/9055) @kumahq +* feat(ExternalService): make ExternalServices independent of TrafficPermission [#8745](https://github.com/kumahq/kuma/pull/8745) @lukidzi +* feat(ExternalService): validate same value for service and address [#8641](https://github.com/kumahq/kuma/pull/8641) @jakubdyszkiewicz +* feat(MeshAccessLog): select gateway listeners [#8560](https://github.com/kumahq/kuma/pull/8560) @michaelbeaumont +* feat(MeshCircuitBreaker): select MeshGateway listeners [#8562](https://github.com/kumahq/kuma/pull/8562) @michaelbeaumont +* feat(MeshFaultInjection): select MeshGateway listeners [#8574](https://github.com/kumahq/kuma/pull/8574) @michaelbeaumont +* feat(MeshFaultInjection): support ExternalServices with ZoneEgress [#8742](https://github.com/kumahq/kuma/pull/8742) @lukidzi +* feat(MeshHTTPRoute): add basic gRPC support [#8752](https://github.com/kumahq/kuma/pull/8752) @lukidzi +* feat(MeshHTTPRoute): add hostToBackendHostname rewrite with MeshGateway [#8772](https://github.com/kumahq/kuma/pull/8772) @michaelbeaumont +* feat(MeshHTTPRoute): basic MeshGateway support [#8402](https://github.com/kumahq/kuma/pull/8402) @michaelbeaumont +* feat(MeshHTTPRoute): support hostnames with MeshGateway [#8663](https://github.com/kumahq/kuma/pull/8663) @michaelbeaumont +* feat(MeshHealthCheck): select MeshGateway listeners [#8570](https://github.com/kumahq/kuma/pull/8570) @michaelbeaumont +* feat(MeshLoadBalancingStrategy): add option to configure ActiveRequestBias [#8553](https://github.com/kumahq/kuma/pull/8553) @lukidzi +* feat(MeshLoadBalancingStrategy): select MeshGateway listeners [#8571](https://github.com/kumahq/kuma/pull/8571) @michaelbeaumont +* feat(MeshLoadBalancingStrategy): support kind MeshGateway [#8889](https://github.com/kumahq/kuma/pull/8889) @michaelbeaumont +* feat(MeshMetric): add create conflicts to the metric [#8894](https://github.com/kumahq/kuma/pull/8894) @jakubdyszkiewicz +* feat(MeshMetric): implement OpenTelemetry API for MeshMetric [#8874](https://github.com/kumahq/kuma/pull/8874) @Automaat +* feat(MeshRateLimit): select MeshGateway listeners [#8733](https://github.com/kumahq/kuma/pull/8733) @michaelbeaumont +* feat(MeshRateLimit): support ExternalServices with ZoneEgress [#8743](https://github.com/kumahq/kuma/pull/8743) @lukidzi +* feat(MeshRetry): select MeshGateway listeners [#8734](https://github.com/kumahq/kuma/pull/8734) @michaelbeaumont +* feat(MeshTCPRoute): add kafka protocol support [#8781](https://github.com/kumahq/kuma/pull/8781) @lukidzi +* feat(MeshTCPRoute): support MeshGateway [#8817](https://github.com/kumahq/kuma/pull/8817) @michaelbeaumont +* feat(MeshTimeout): add RequestHeadersTimeout option and configure MeshGateway [#8896](https://github.com/kumahq/kuma/pull/8896) @lukidzi +* feat(MeshTimeout): select MeshGateway listeners [#8573](https://github.com/kumahq/kuma/pull/8573) @michaelbeaumont +* feat(MeshTrace): select MeshGateway listeners [#8595](https://github.com/kumahq/kuma/pull/8595) @michaelbeaumont +* feat(MeshTrace): support kind MeshGateway [#8888](https://github.com/kumahq/kuma/pull/8888) @michaelbeaumont +* feat(api-server): add /_resources endpoint [#8529](https://github.com/kumahq/kuma/pull/8529) @lahabana +* feat(api-server): add _rules api to MeshGateways [#8540](https://github.com/kumahq/kuma/pull/8540) @lahabana +* feat(api-server): add dataplanes/_rules new inspect api [#8442](https://github.com/kumahq/kuma/pull/8442) @lahabana +* feat(api-server): skip auth on specific endpoints [#8458](https://github.com/kumahq/kuma/pull/8458) @jakubdyszkiewicz +* feat(bootstrap): support customizing corefile template from kuma-cp [#8634](https://github.com/kumahq/kuma/pull/8634) @jijiechen +* feat(dataplane): ignored listeners with ignored labels in selector [#8463](https://github.com/kumahq/kuma/pull/8463) @jakubdyszkiewicz +* feat(grafana): change fixed interval to rate interval variable [#8713](https://github.com/kumahq/kuma/pull/8713) @jakubdyszkiewicz +* feat(gui): add disabled in the index.html and remove disabled page [#8813](https://github.com/kumahq/kuma/pull/8813) @lahabana +* feat(injector): add ephemeral-storage resource request/limit for sidecars [#8882](https://github.com/kumahq/kuma/pull/8882) @jijiechen +* feat(intercp): drop leader on cp shutdown [#9046](https://github.com/kumahq/kuma/pull/9046) @jakubdyszkiewicz +* feat(k8s): show ZoneEgress zone as column [#8913](https://github.com/kumahq/kuma/pull/8913) @michaelbeaumont +* feat(k8s): show ZoneIngress zone as column [#8906](https://github.com/kumahq/kuma/pull/8906) @michaelbeaumont +* feat(kds): add zoneCP info in zone-insights [#8720](https://github.com/kumahq/kuma/pull/8720) @lahabana +* feat(kds): log additional gRPC status codes at info level [#8502](https://github.com/kumahq/kuma/pull/8502) @michaelbeaumont +* feat(kuma-cp): added comment and more explicit structure [#8753](https://github.com/kumahq/kuma/pull/8753) @lukidzi +* feat(kuma-cp): create default target ref policies [#8920](https://github.com/kumahq/kuma/pull/8920) @lukidzi +* feat(kuma-cp): deprecate standalone mode [#8478](https://github.com/kumahq/kuma/pull/8478) @jakubdyszkiewicz +* feat(kuma-cp): disable the default creation of TrafficPermission and TrafficRoute [#8964](https://github.com/kumahq/kuma/pull/8964) @lukidzi +* feat(kuma-cp): enable zone-originated MeshGateway [#8919](https://github.com/kumahq/kuma/pull/8919) @lobkovilya +* feat(kuma-cp): enable zone-originated policies [#8801](https://github.com/kumahq/kuma/pull/8801) @lobkovilya +* feat(kuma-cp): hash-suffix remove feature flag [#8461](https://github.com/kumahq/kuma/pull/8461) @lobkovilya +* feat(kuma-cp): move protocol information to mesh context [#8479](https://github.com/kumahq/kuma/pull/8479) @lukidzi +* feat(kuma-cp): require `kuma.io/origin: zone` label when creating zone-origination policies [#8873](https://github.com/kumahq/kuma/pull/8873) @lobkovilya +* feat(kuma-cp): support cross-zone MeshTCPRoute [#8509](https://github.com/kumahq/kuma/pull/8509) @michaelbeaumont +* feat(kuma-cp): support labels in ResourceMeta [#8516](https://github.com/kumahq/kuma/pull/8516) @lobkovilya +* feat(kuma-cp): use labels for KDS sync [#8762](https://github.com/kumahq/kuma/pull/8762) @lobkovilya +* feat(kuma-dp): add coredns logging flag [#8485](https://github.com/kumahq/kuma/pull/8485) @timothy-spencer +* feat(kumactl): basic export command [#8718](https://github.com/kumahq/kuma/pull/8718) [#9009](https://github.com/kumahq/kuma/pull/9009) @jakubdyszkiewicz,@slonka +* feat(kumactl): export in kube format [#8747](https://github.com/kumahq/kuma/pull/8747) @jakubdyszkiewicz +* feat(kumactl): make k8s resources applicable on other clusters [#8775](https://github.com/kumahq/kuma/pull/8775) @jakubdyszkiewicz +* feat(kumactl): more profiles in export [#8780](https://github.com/kumahq/kuma/pull/8780) @jakubdyszkiewicz +* feat(mads): extend MADS service to use data from MeshMetric policy [#8608](https://github.com/kumahq/kuma/pull/8608) @slonka +* feat(policy): Add `MeshMetric` api [#8576](https://github.com/kumahq/kuma/pull/8576) @Automaat +* feat(policy): Implement dynamic DPP configuration based on `MeshMetric` policy [#8793](https://github.com/kumahq/kuma/pull/8793) @Automaat +* feat(policy): add OpenTelemetry support for MeshMetric [#8893](https://github.com/kumahq/kuma/pull/8893) @Automaat +* feat(policy): add `MeshMetric` policy e2e tests [#8750](https://github.com/kumahq/kuma/pull/8750) @Automaat +* feat(policy): add possibility to target only gateways/sidecars [#8868](https://github.com/kumahq/kuma/pull/8868) @lukidzi +* feat(policy): add tags to backends for support VirtualOutbounds [#8744](https://github.com/kumahq/kuma/pull/8744) @lukidzi +* feat(policy): allow policies with from and to configuring egress [#8739](https://github.com/kumahq/kuma/pull/8739) @lukidzi +* feat(policy): implement MeshMetric xds [#8617](https://github.com/kumahq/kuma/pull/8617) @Automaat +* feat(policy): support MeshGateway listener matching [#8551](https://github.com/kumahq/kuma/pull/8551) @michaelbeaumont +* feat(resources): add kuma.io/display-name label [#8705](https://github.com/kumahq/kuma/pull/8705) @jakubdyszkiewicz +* feat(routes): handle routing if there are no TrafficRoutes [#8614](https://github.com/kumahq/kuma/pull/8614) @michaelbeaumont +* feat(universal): add VIP_REFRESH_INTERVAL [#9042](https://github.com/kumahq/kuma/pull/9042) @nicoche +* feat(vip): record generation metrics [#9047](https://github.com/kumahq/kuma/pull/9047) @nicoche +* feat(xds): do not generate independent listener for vips, use additional_addresses instead [#8796](https://github.com/kumahq/kuma/pull/8796) @jijiechen +* feat(zone): create Zone resources on zone cp automatically and generate ZoneInsights [#8584](https://github.com/kumahq/kuma/pull/8584) @jakubdyszkiewicz +* fix(MeshCircuitBreaker): revert validator and check if config is empty [#9028](https://github.com/kumahq/kuma/pull/9028) @lukidzi +* fix(MeshFaultInjection): handle listener protocol correctly [#8815](https://github.com/kumahq/kuma/pull/8815) @michaelbeaumont +* fix(MeshHTTPRoute): generate better resources when using HTTPS [#9038](https://github.com/kumahq/kuma/pull/9038) @michaelbeaumont +* fix(MeshHTTPRoute): make ordering more consistent [#8715](https://github.com/kumahq/kuma/pull/8715) @michaelbeaumont +* fix(MeshHTTPRoute): use 302 as default status code on Universal to match Kubernetes [#8409](https://github.com/kumahq/kuma/pull/8409) @michaelbeaumont +* fix(MeshHealthCheck): handle gateway listener protocol correctly [#8812](https://github.com/kumahq/kuma/pull/8812) @michaelbeaumont +* fix(MeshRateLimit): remove validation of Mesh type and proxyTypes for… [#9041](https://github.com/kumahq/kuma/pull/9041) @lukidzi +* fix(MeshRetry): handle gateway listener protocol correctly [#8811](https://github.com/kumahq/kuma/pull/8811) @michaelbeaumont +* fix(ZoneEgress): rewrite host header on ExternalService requests [#8403](https://github.com/kumahq/kuma/pull/8403) @michaelbeaumont +* fix(ZoneIngress): subset routing when tag is present on all subsets [#8443](https://github.com/kumahq/kuma/pull/8443) @michaelbeaumont +* fix(ZoneWatch): stop watching Zone if ZoneInsight not found [#8766](https://github.com/kumahq/kuma/pull/8766) @michaelbeaumont +* fix(api): secret in k8s format [#8741](https://github.com/kumahq/kuma/pull/8741) @jakubdyszkiewicz +* fix(gateway): check if external service from context when no trafficpermission [#8957](https://github.com/kumahq/kuma/pull/8957) @lukidzi +* fix(gateway): isolate routes to SNI matches [#9054](https://github.com/kumahq/kuma/pull/9054) @michaelbeaumont +* fix(k8s): support injection with label kuma.io/sidecar-injection: 'true' [#8464](https://github.com/kumahq/kuma/pull/8464) @michaelbeaumont +* fix(kds): avoid rare cases where onStreamClosed is called with no state [#8703](https://github.com/kumahq/kuma/pull/8703) @lahabana +* fix(kds): fix deletion of previous zones in components [#8867](https://github.com/kumahq/kuma/pull/8867) @lahabana +* fix(kds): fix resource sync [#9014](https://github.com/kumahq/kuma/pull/9014) @lukidzi +* fix(kds): make status tracker work when there's no metadata [#8711](https://github.com/kumahq/kuma/pull/8711) @lahabana +* fix(kds): race condition on fill metadata [#8872](https://github.com/kumahq/kuma/pull/8872) @jakubdyszkiewicz +* fix(kuma-cp): assign `extensions` in `ZoneInsightSink` constructor [#8940](https://github.com/kumahq/kuma/pull/8940) @bartsmykla +* fix(kuma-cp): don't remove Service if MeshGateway is absent for a while (i.e. due to renaming) [#8450](https://github.com/kumahq/kuma/pull/8450) @lobkovilya +* fix(kuma-cp): don't run outbound proxy generator when there is no TrafficRoute [#9082](https://github.com/kumahq/kuma/pull/9082) @michaelbeaumont +* fix(kuma-cp): enable hash-suffix only if Zone has KDS feature [#8460](https://github.com/kumahq/kuma/pull/8460) @lobkovilya +* fix(kuma-cp): failure during the migration from non-federated to federated zone [#8938](https://github.com/kumahq/kuma/pull/8938) @lobkovilya +* fix(kuma-cp): fix address check to not be loopback ipv4 and ipv6 [#8490](https://github.com/kumahq/kuma/pull/8490) @lukidzi +* fix(kuma-cp): global upgrade [#8890](https://github.com/kumahq/kuma/pull/8890) @lobkovilya +* fix(kuma-cp): make metadata retrieve method public [#8918](https://github.com/kumahq/kuma/pull/8918) @lukidzi +* fix(kuma-cp): return sorted list of k8s secrets [#9030](https://github.com/kumahq/kuma/pull/9030) @lukidzi +* fix(kuma-cp): set creationTime on KDS sync [#8945](https://github.com/kumahq/kuma/pull/8945) @lobkovilya +* fix(kuma-cp): treat envoy admin errors as 4xx [#8615](https://github.com/kumahq/kuma/pull/8615) @lobkovilya +* fix(kuma-cp): upgrade from Zone CP without labels to new one [#8839](https://github.com/kumahq/kuma/pull/8839) @lobkovilya +* fix(kuma-cp): use column names in sql insert [#8688](https://github.com/kumahq/kuma/pull/8688) @lobkovilya +* fix(kuma-cp): use pagination store for secret store [#9033](https://github.com/kumahq/kuma/pull/9033) @lukidzi +* fix(metrics): fix kds metrics for simple watchdog [#8428](https://github.com/kumahq/kuma/pull/8428) @slonka +* fix(metrics): unify zone name in metrics for k8s and universal [#8435](https://github.com/kumahq/kuma/pull/8435) @slonka +* fix(policy): allow period in targetRef names [#8754](https://github.com/kumahq/kuma/pull/8754) @michaelbeaumont +* fix(policy): first lexicographically wins, kind MeshGateway with tags over kind MeshGateway [#8691](https://github.com/kumahq/kuma/pull/8691) @michaelbeaumont +* fix(policy): improve validator messages, allow string failoverthreshold [#8929](https://github.com/kumahq/kuma/pull/8929) @lahabana +* fix(policy): support delegated gateways [#8740](https://github.com/kumahq/kuma/pull/8740) @michaelbeaumont +* fix(vips): skip ignored listeners [#8937](https://github.com/kumahq/kuma/pull/8937) @jakubdyszkiewicz + ## 2.5.1 > Released on 2023/12/12 @@ -525,6 +1612,12 @@ * chore(deps): security update [#4908](https://github.com/Kong/kong-mesh/pull/4908) @kong-mesh * fix(kuma-cp): proxypatch should be the last policy (backport of #4931) [#4966](https://github.com/Kong/kong-mesh/pull/4966) @kong-mesh +### Includes [kumahq/kuma@2.5.1](https://github.com/kumahq/kuma/releases/tag/2.5.1) changelog + +* feat(dataplane): ignored listeners with ignored labels in selector (backport of #8463) [#8544](https://github.com/kumahq/kuma/pull/8544) @kumahq +* fix(ZoneIngress): subset routing when tag is present on all subsets (backport of #8443) [#8475](https://github.com/kumahq/kuma/pull/8475) @kumahq +* fix(metrics): fix kds metrics for simple watchdog (backport of #8428) [#8430](https://github.com/kumahq/kuma/pull/8430) @kumahq + ## 2.5.0 > Released on 2023/11/15 @@ -576,6 +1669,174 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * fix(kuma-cp): set cp mode for ACMCA plugin [#4635](https://github.com/Kong/kong-mesh/pull/4635) @lukidzi * fix(tenants): sharding setup [#4202](https://github.com/Kong/kong-mesh/pull/4202) @jakubdyszkiewicz +### Includes [kumahq/kuma@2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) changelog + +* chore(deps): bump actions/checkout from 3 to 4 [#7639](https://github.com/kumahq/kuma/pull/7639) @dependabot +* chore(deps): bump actions/setup-node from 3 to 4 [#8109](https://github.com/kumahq/kuma/pull/8109) @dependabot +* chore(deps): bump cirello.io/pglock from 1.14.0 to 1.14.1 [#7914](https://github.com/kumahq/kuma/pull/7914) @dependabot +* chore(deps): bump debian from `b91baba` to `7d3e881` [#7697](https://github.com/kumahq/kuma/pull/7697) [#7852](https://github.com/kumahq/kuma/pull/7852) [#8053](https://github.com/kumahq/kuma/pull/8053) @dependabot +* chore(deps): bump distroless/base-nossl-debian11 from `6579e1f` to `1ae8df5` [#7635](https://github.com/kumahq/kuma/pull/7635) [#7985](https://github.com/kumahq/kuma/pull/7985) @dependabot +* chore(deps): bump distroless/static-debian11 from `312a533` to `cdb2034` [#7636](https://github.com/kumahq/kuma/pull/7636) [#7987](https://github.com/kumahq/kuma/pull/7987) @dependabot +* chore(deps): bump envoy from 1.27.0 to 1.27.1 [#8023](https://github.com/kumahq/kuma/pull/8023) @lahabana +* chore(deps): bump github.com/cilium/ebpf from 0.11.0 to 0.12.2 [#8093](https://github.com/kumahq/kuma/pull/8093) @dependabot +* chore(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 [#7712](https://github.com/kumahq/kuma/pull/7712) @dependabot +* chore(deps): bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible [#8183](https://github.com/kumahq/kuma/pull/8183) @dependabot +* chore(deps): bump github.com/evanphx/json-patch/v5 from 5.6.0 to 5.7.0 [#7786](https://github.com/kumahq/kuma/pull/7786) @dependabot +* chore(deps): bump github.com/exaring/otelpgx from 0.5.1 to 0.5.2 [#7857](https://github.com/kumahq/kuma/pull/7857) @dependabot +* chore(deps): bump github.com/go-logr/logr from 1.2.4 to 1.3.0 [#8184](https://github.com/kumahq/kuma/pull/8184) @dependabot +* chore(deps): bump github.com/google/uuid from 1.3.0 to 1.4.0 [#7609](https://github.com/kumahq/kuma/pull/7609) [#8188](https://github.com/kumahq/kuma/pull/8188) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.43.13 to 0.46.1 [#7792](https://github.com/kumahq/kuma/pull/7792) [#7993](https://github.com/kumahq/kuma/pull/7993) [#8090](https://github.com/kumahq/kuma/pull/8090) @dependabot +* chore(deps): bump github.com/miekg/dns from 1.1.55 to 1.1.56 [#7785](https://github.com/kumahq/kuma/pull/7785) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.11.0 to 2.13.0 [#7611](https://github.com/kumahq/kuma/pull/7611) [#7854](https://github.com/kumahq/kuma/pull/7854) [#7991](https://github.com/kumahq/kuma/pull/7991) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.27.10 to 1.29.0 [#7917](https://github.com/kumahq/kuma/pull/7917) [#8094](https://github.com/kumahq/kuma/pull/8094) [#8185](https://github.com/kumahq/kuma/pull/8185) @dependabot +* chore(deps): bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0 [#7916](https://github.com/kumahq/kuma/pull/7916) @dependabot +* chore(deps): bump github.com/prometheus/client_model from 0.4.1-0.20230718164431-9a2bf3000d16 to 0.5.0 [#7992](https://github.com/kumahq/kuma/pull/7992) @dependabot +* chore(deps): bump github.com/slok/go-http-metrics from 0.10.0 to 0.11.0 [#8091](https://github.com/kumahq/kuma/pull/8091) @dependabot +* chore(deps): bump github.com/spf13/viper from 1.16.0 to 1.17.0 [#7989](https://github.com/kumahq/kuma/pull/7989) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.23.0 to 0.26.0 [#7791](https://github.com/kumahq/kuma/pull/7791) [#7945](https://github.com/kumahq/kuma/pull/7945) [#8186](https://github.com/kumahq/kuma/pull/8186) @dependabot +* chore(deps): bump github.com/tonglil/opentelemetry-go-datadog-propagator from 0.1.0 to 0.1.1 [#7641](https://github.com/kumahq/kuma/pull/7641) @dependabot +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7799](https://github.com/kumahq/kuma/pull/7799) @lukidzi +* chore(deps): bump go version to 1.21.3 [#8001](https://github.com/kumahq/kuma/pull/8001) @slonka +* chore(deps): bump go.uber.org/zap from 1.25.0 to 1.26.0 [#7789](https://github.com/kumahq/kuma/pull/7789) @dependabot +* chore(deps): bump golang.org/x/net from 0.14.0 to 0.16.0 [#7699](https://github.com/kumahq/kuma/pull/7699) [#7988](https://github.com/kumahq/kuma/pull/7988) @dependabot +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.58.3 [#8034](https://github.com/kumahq/kuma/pull/8034) @michaelbeaumont +* chore(deps): bump golang.org/x/sys from 0.11.0 to 0.12.0 [#7642](https://github.com/kumahq/kuma/pull/7642) @dependabot +* chore(deps): bump golang.org/x/text from 0.12.0 to 0.13.0 [#7640](https://github.com/kumahq/kuma/pull/7640) @dependabot +* chore(deps): bump golangci-lint from v1.53.3 to v1.54.1 [#7837](https://github.com/kumahq/kuma/pull/7837) @michaelbeaumont +* chore(deps): bump google.golang.org/grpc from 1.57.0 to 1.59.0 [#7698](https://github.com/kumahq/kuma/pull/7698) [#7788](https://github.com/kumahq/kuma/pull/7788) [#7856](https://github.com/kumahq/kuma/pull/7856) [#8097](https://github.com/kumahq/kuma/pull/8097) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.12.3 to 3.13.1 [#7915](https://github.com/kumahq/kuma/pull/7915) [#8089](https://github.com/kumahq/kuma/pull/8089) @dependabot +* chore(deps): bump k8s.io/apiextensions-apiserver from v0.28.1 to v0.28.2 [#7918](https://github.com/kumahq/kuma/pull/7918) @michaelbeaumont +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.1 to 0.16.3 [#7643](https://github.com/kumahq/kuma/pull/7643) [#7787](https://github.com/kumahq/kuma/pull/7787) [#8095](https://github.com/kumahq/kuma/pull/8095) @dependabot +* chore(deps): bump sigs.k8s.io/gateway-api from 0.8.0-rc1 to v1.0.0 [#7644](https://github.com/kumahq/kuma/pull/7644) [#7781](https://github.com/kumahq/kuma/pull/7781) [#8150](https://github.com/kumahq/kuma/pull/8150) @dependabot,@michaelbeaumont +* chore(deps): bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 [#8187](https://github.com/kumahq/kuma/pull/8187) @dependabot +* chore(deps): bump the go-opentelemetry-io group with 3 updates [#7784](https://github.com/kumahq/kuma/pull/7784) [#7920](https://github.com/kumahq/kuma/pull/7920) @dependabot +* chore(deps): bump the go-opentelemetry-io group with 3 updates [#8347](https://github.com/kumahq/kuma/pull/8347) @slonka +* chore(deps): bump the go-opentelemetry-io-contrib group with 2 updates [#7613](https://github.com/kumahq/kuma/pull/7613) @dependabot +* chore(deps): bump the go-opentelemetry-io-otel group with 2 updates [#7607](https://github.com/kumahq/kuma/pull/7607) @dependabot +* chore(deps): bump the k8s-libs group with 3 updates [#7606](https://github.com/kumahq/kuma/pull/7606) [#7790](https://github.com/kumahq/kuma/pull/7790) [#8088](https://github.com/kumahq/kuma/pull/8088) @dependabot +* chore(deps): bump tibdex/github-app-token from 1.8.0 to 2.1.0 [#7638](https://github.com/kumahq/kuma/pull/7638) [#7731](https://github.com/kumahq/kuma/pull/7731) [#7853](https://github.com/kumahq/kuma/pull/7853) @dependabot +* chore(deps): bump ubuntu from `ec050c3` to `2b7412e` [#7637](https://github.com/kumahq/kuma/pull/7637) [#7986](https://github.com/kumahq/kuma/pull/7986) [#8052](https://github.com/kumahq/kuma/pull/8052) @dependabot +* chore(deps): downgrade testcontainers-go from v0.24.0 to v0.23.0 [#7800](https://github.com/kumahq/kuma/pull/7800) @jakubdyszkiewicz +* chore(deps): update gateway-api [#8270](https://github.com/kumahq/kuma/pull/8270) @michaelbeaumont +* chore(deps): update go to 1.21.4 [#8341](https://github.com/kumahq/kuma/pull/8341) @slonka +* chore(deps): upgrade envoy to 1.28.0 [#8158](https://github.com/kumahq/kuma/pull/8158) @lukidzi +* chore(deps): upgrade github.com/gruntwork-io/terratest to v0.43.13 [#7706](https://github.com/kumahq/kuma/pull/7706) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#7603](https://github.com/kumahq/kuma/pull/7603) [#7604](https://github.com/kumahq/kuma/pull/7604) [#7605](https://github.com/kumahq/kuma/pull/7605) [#7612](https://github.com/kumahq/kuma/pull/7612) [#7614](https://github.com/kumahq/kuma/pull/7614) [#7617](https://github.com/kumahq/kuma/pull/7617) [#7619](https://github.com/kumahq/kuma/pull/7619) [#7620](https://github.com/kumahq/kuma/pull/7620) [#7622](https://github.com/kumahq/kuma/pull/7622) [#7626](https://github.com/kumahq/kuma/pull/7626) [#7627](https://github.com/kumahq/kuma/pull/7627) [#7628](https://github.com/kumahq/kuma/pull/7628) [#7629](https://github.com/kumahq/kuma/pull/7629) [#7631](https://github.com/kumahq/kuma/pull/7631) [#7646](https://github.com/kumahq/kuma/pull/7646) [#7647](https://github.com/kumahq/kuma/pull/7647) [#7648](https://github.com/kumahq/kuma/pull/7648) [#7650](https://github.com/kumahq/kuma/pull/7650) [#7653](https://github.com/kumahq/kuma/pull/7653) [#7658](https://github.com/kumahq/kuma/pull/7658) [#7659](https://github.com/kumahq/kuma/pull/7659) [#7689](https://github.com/kumahq/kuma/pull/7689) [#7700](https://github.com/kumahq/kuma/pull/7700) [#7710](https://github.com/kumahq/kuma/pull/7710) [#7713](https://github.com/kumahq/kuma/pull/7713) [#7721](https://github.com/kumahq/kuma/pull/7721) [#7727](https://github.com/kumahq/kuma/pull/7727) [#7729](https://github.com/kumahq/kuma/pull/7729) [#7730](https://github.com/kumahq/kuma/pull/7730) [#7732](https://github.com/kumahq/kuma/pull/7732) [#7733](https://github.com/kumahq/kuma/pull/7733) [#7738](https://github.com/kumahq/kuma/pull/7738) [#7739](https://github.com/kumahq/kuma/pull/7739) [#7749](https://github.com/kumahq/kuma/pull/7749) [#7750](https://github.com/kumahq/kuma/pull/7750) [#7754](https://github.com/kumahq/kuma/pull/7754) [#7755](https://github.com/kumahq/kuma/pull/7755) [#7766](https://github.com/kumahq/kuma/pull/7766) [#7777](https://github.com/kumahq/kuma/pull/7777) [#7779](https://github.com/kumahq/kuma/pull/7779) [#7795](https://github.com/kumahq/kuma/pull/7795) [#7797](https://github.com/kumahq/kuma/pull/7797) [#7798](https://github.com/kumahq/kuma/pull/7798) [#7802](https://github.com/kumahq/kuma/pull/7802) [#7804](https://github.com/kumahq/kuma/pull/7804) [#7806](https://github.com/kumahq/kuma/pull/7806) [#7811](https://github.com/kumahq/kuma/pull/7811) [#7812](https://github.com/kumahq/kuma/pull/7812) [#7822](https://github.com/kumahq/kuma/pull/7822) [#7866](https://github.com/kumahq/kuma/pull/7866) [#7867](https://github.com/kumahq/kuma/pull/7867) [#7899](https://github.com/kumahq/kuma/pull/7899) [#7900](https://github.com/kumahq/kuma/pull/7900) [#7902](https://github.com/kumahq/kuma/pull/7902) [#7935](https://github.com/kumahq/kuma/pull/7935) [#7953](https://github.com/kumahq/kuma/pull/7953) [#7966](https://github.com/kumahq/kuma/pull/7966) [#7973](https://github.com/kumahq/kuma/pull/7973) [#7979](https://github.com/kumahq/kuma/pull/7979) [#7980](https://github.com/kumahq/kuma/pull/7980) [#7983](https://github.com/kumahq/kuma/pull/7983) [#7984](https://github.com/kumahq/kuma/pull/7984) [#7996](https://github.com/kumahq/kuma/pull/7996) [#7998](https://github.com/kumahq/kuma/pull/7998) [#8009](https://github.com/kumahq/kuma/pull/8009) [#8010](https://github.com/kumahq/kuma/pull/8010) [#8041](https://github.com/kumahq/kuma/pull/8041) [#8045](https://github.com/kumahq/kuma/pull/8045) [#8048](https://github.com/kumahq/kuma/pull/8048) [#8049](https://github.com/kumahq/kuma/pull/8049) [#8057](https://github.com/kumahq/kuma/pull/8057) [#8059](https://github.com/kumahq/kuma/pull/8059) [#8061](https://github.com/kumahq/kuma/pull/8061) [#8074](https://github.com/kumahq/kuma/pull/8074) [#8080](https://github.com/kumahq/kuma/pull/8080) [#8083](https://github.com/kumahq/kuma/pull/8083) [#8085](https://github.com/kumahq/kuma/pull/8085) [#8104](https://github.com/kumahq/kuma/pull/8104) [#8115](https://github.com/kumahq/kuma/pull/8115) [#8118](https://github.com/kumahq/kuma/pull/8118) [#8120](https://github.com/kumahq/kuma/pull/8120) [#8126](https://github.com/kumahq/kuma/pull/8126) [#8145](https://github.com/kumahq/kuma/pull/8145) [#8146](https://github.com/kumahq/kuma/pull/8146) [#8147](https://github.com/kumahq/kuma/pull/8147) [#8201](https://github.com/kumahq/kuma/pull/8201) [#8207](https://github.com/kumahq/kuma/pull/8207) [#8210](https://github.com/kumahq/kuma/pull/8210) [#8213](https://github.com/kumahq/kuma/pull/8213) [#8214](https://github.com/kumahq/kuma/pull/8214) [#8215](https://github.com/kumahq/kuma/pull/8215) [#8217](https://github.com/kumahq/kuma/pull/8217) [#8219](https://github.com/kumahq/kuma/pull/8219) [#8220](https://github.com/kumahq/kuma/pull/8220) [#8221](https://github.com/kumahq/kuma/pull/8221) [#8232](https://github.com/kumahq/kuma/pull/8232) [#8236](https://github.com/kumahq/kuma/pull/8236) [#8238](https://github.com/kumahq/kuma/pull/8238) [#8239](https://github.com/kumahq/kuma/pull/8239) @kumahq +* feat(ExternalService): add skip hostname verification for external services [#7633](https://github.com/kumahq/kuma/pull/7633) @alparslanavci +* feat(MeshLoadBalancingStrategy): new locality aware api [#8082](https://github.com/kumahq/kuma/pull/8082) [#8112](https://github.com/kumahq/kuma/pull/8112) @Automaat,@lukidzi +* feat(MeshProxyPatch): allow policy to target MeshGateway resources [#8044](https://github.com/kumahq/kuma/pull/8044) @bartsmykla +* feat(api-server): add /_overview for all types that have overviews [#7999](https://github.com/kumahq/kuma/pull/7999) [#8173](https://github.com/kumahq/kuma/pull/8173) @lahabana +* feat(api-server): add filtering on list external-services and dataplanes [#7810](https://github.com/kumahq/kuma/pull/7810) @lahabana +* feat(api-server): added query parameter to filter services by name [#8154](https://github.com/kumahq/kuma/pull/8154) @lukidzi +* feat(api-server): implement new Global Insight endpoint [#7775](https://github.com/kumahq/kuma/pull/7775) [#7872](https://github.com/kumahq/kuma/pull/7872) @Automaat +* feat(api-server): new inspect api [#8148](https://github.com/kumahq/kuma/pull/8148) @lahabana +* feat(docs): add generated openapi docs [#7975](https://github.com/kumahq/kuma/pull/7975) @lahabana +* feat(dp-token): allow validator to define keys not scoped to a mesh [#8169](https://github.com/kumahq/kuma/pull/8169) @nicoche +* feat(events): configurable buffers and predicates [#7735](https://github.com/kumahq/kuma/pull/7735) @jakubdyszkiewicz +* feat(gui): adds storeType index.html variable [#7965](https://github.com/kumahq/kuma/pull/7965) @johncowen +* feat(helm): add configurable service port for cp ingress [#8263](https://github.com/kumahq/kuma/pull/8263) @lahabana +* feat(helm): add loadBalancerSourceRanges on global zone sync service [#7978](https://github.com/kumahq/kuma/pull/7978) @slavogiez +* feat(helm): add possibility to run universal zone cp on kubernetes [#7924](https://github.com/kumahq/kuma/pull/7924) @Automaat +* feat(helm): add service-account features to egress and ingress [#7864](https://github.com/kumahq/kuma/pull/7864) @lahabana +* feat(helm): add support for controlplane deployment annotations [#7959](https://github.com/kumahq/kuma/pull/7959) @slavogiez +* feat(helm): allow to define service accounts annotations [#7724](https://github.com/kumahq/kuma/pull/7724) @lukidzi +* feat(helm): allow to disable tls-checksum generation [#7955](https://github.com/kumahq/kuma/pull/7955) @lukidzi +* feat(helm): minReadySeconds for control plane [#7931](https://github.com/kumahq/kuma/pull/7931) @jakubdyszkiewicz +* feat(insights): jitter zone insights upsert [#7925](https://github.com/kumahq/kuma/pull/7925) @jakubdyszkiewicz +* feat(insights): metrics of reason and result [#7752](https://github.com/kumahq/kuma/pull/7752) @jakubdyszkiewicz +* feat(insights): multiple workers [#7778](https://github.com/kumahq/kuma/pull/7778) @jakubdyszkiewicz +* feat(kds): add metrics to event based watchdog [#7651](https://github.com/kumahq/kuma/pull/7651) @jakubdyszkiewicz +* feat(kds): add user-agent with useful version info [#7886](https://github.com/kumahq/kuma/pull/7886) @lahabana +* feat(kds): allow to delay full resync when ticker [#7782](https://github.com/kumahq/kuma/pull/7782) @lukidzi +* feat(kds): allow to disable KDS SOTW grpc api [#7961](https://github.com/kumahq/kuma/pull/7961) @lukidzi +* feat(kds): better error handling [#7868](https://github.com/kumahq/kuma/pull/7868) @jakubdyszkiewicz +* feat(kds): compact subscriptions in insights [#7962](https://github.com/kumahq/kuma/pull/7962) @jakubdyszkiewicz +* feat(kds): enable delta by default [#8262](https://github.com/kumahq/kuma/pull/8262) @lahabana +* feat(kds): execute filters on envoy admin streams [#7905](https://github.com/kumahq/kuma/pull/7905) @jakubdyszkiewicz +* feat(kds): experimental event based watchdog [#7624](https://github.com/kumahq/kuma/pull/7624) @jakubdyszkiewicz +* feat(kds): introduce zone health checks [#7821](https://github.com/kumahq/kuma/pull/7821) @michaelbeaumont +* feat(kds): pass resource keys to resourceStore for delta kds [#7654](https://github.com/kumahq/kuma/pull/7654) @lukidzi +* feat(kds): resource sync metric [#7794](https://github.com/kumahq/kuma/pull/7794) @jakubdyszkiewicz +* feat(kds): response backoff [#7997](https://github.com/kumahq/kuma/pull/7997) @jakubdyszkiewicz +* feat(kds): use hash-suffix for KDS sync [#7519](https://github.com/kumahq/kuma/pull/7519) @lobkovilya +* feat(kuma-cp): add HealthCheck unary endpoint [#7815](https://github.com/kumahq/kuma/pull/7815) @michaelbeaumont +* feat(kuma-cp): add basedOnKuma in cp_info metric [#8218](https://github.com/kumahq/kuma/pull/8218) @lahabana +* feat(kuma-cp): add locality aware implementation for egress [#8233](https://github.com/kumahq/kuma/pull/8233) @Automaat +* feat(kuma-cp): add support for Gateway in MeshLoadBalancingStrategy [#8309](https://github.com/kumahq/kuma/pull/8309) @Automaat +* feat(kuma-cp): allow to disable backend validation [#7901](https://github.com/kumahq/kuma/pull/7901) @lukidzi +* feat(kuma-cp): make OpenTelemetry control plane tracing fully configurable [#7936](https://github.com/kumahq/kuma/pull/7936) @michaelbeaumont +* feat(kuma-cp): move KDS hash suffix under a feature flag [#8363](https://github.com/kumahq/kuma/pull/8363) @lobkovilya +* feat(kuma-dp): support setting Envoy's --component-log-level [#8241](https://github.com/kumahq/kuma/pull/8241) @michaelbeaumont +* feat(kumactl): support new inspect api [#8192](https://github.com/kumahq/kuma/pull/8192) @lahabana +* feat(rsa): add support for PKIX encoded pubkeys [#8179](https://github.com/kumahq/kuma/pull/8179) @nicoche +* feat(store): add owner reference to the secrets [#7770](https://github.com/kumahq/kuma/pull/7770) @slonka +* feat(store): added postgres index for owner columns [#7625](https://github.com/kumahq/kuma/pull/7625) @lukidzi +* feat(store): allow ResourceStore to be customized [#7743](https://github.com/kumahq/kuma/pull/7743) @bartsmykla +* feat(store): conflict metrics [#7753](https://github.com/kumahq/kuma/pull/7753) @jakubdyszkiewicz +* feat(store): consistent gets for read replica [#7923](https://github.com/kumahq/kuma/pull/7923) @jakubdyszkiewicz +* feat(store): support postgres reader replica [#7763](https://github.com/kumahq/kuma/pull/7763) @jakubdyszkiewicz +* feat(tenants): add extension points for sharding [#7502](https://github.com/kumahq/kuma/pull/7502) @jakubdyszkiewicz +* feat(transparent-proxy): add `--exclude-outbound-ports-for-uids` [#7588](https://github.com/kumahq/kuma/pull/7588) @lahabana +* feat(transparent-proxy): allow to wait for xtables lock and retry when installing tproxy fails [#7870](https://github.com/kumahq/kuma/pull/7870) @bartsmykla +* feat(xds): auto reachable services based on MeshTrafficPermission [#8125](https://github.com/kumahq/kuma/pull/8125) @jakubdyszkiewicz +* fix(MeshFaultInjection): include tags negation in header matching [#8043](https://github.com/kumahq/kuma/pull/8043) @bartsmykla +* fix(MeshGateway): ensure that duplicate listeners are not added when crossMesh is enabled on a listener and Routes specify hostnames [#8156](https://github.com/kumahq/kuma/pull/8156) @ttreptow +* fix(MeshTrafficPermission): support permissive mtls [#8171](https://github.com/kumahq/kuma/pull/8171) @jakubdyszkiewicz +* fix(TrafficRoute): use default value when choiceCount is 0 [#7938](https://github.com/kumahq/kuma/pull/7938) @lukidzi +* fix(api-server): 400 error on admin operations on not yet connected stream [#8039](https://github.com/kumahq/kuma/pull/8039) @slonka +* fix(api-server): always remove empty array in inspect gw api [#8209](https://github.com/kumahq/kuma/pull/8209) @lahabana +* fix(api-server): avoid panic when there no insight for entity [#8068](https://github.com/kumahq/kuma/pull/8068) @lahabana +* fix(api-server): dataplane overview pagination [#7803](https://github.com/kumahq/kuma/pull/7803) @jakubdyszkiewicz +* fix(api-server): empty list instead of null [#7780](https://github.com/kumahq/kuma/pull/7780) @jakubdyszkiewicz +* fix(api-server): improve HandleError to handle rest_errors.Error and fix Unauthenticated error handling [#7818](https://github.com/kumahq/kuma/pull/7818) @bartsmykla +* fix(api-server): improve error handling and return status [#7937](https://github.com/kumahq/kuma/pull/7937) @lahabana +* fix(core): better lifecycle when context is getting cancelled [#8268](https://github.com/kumahq/kuma/pull/8268) @lahabana +* fix(envoy): remove apple flag [#8314](https://github.com/kumahq/kuma/pull/8314) @lukidzi +* fix(gatewayapi): don't set RefNotPermitted for GAMMA routes [#7771](https://github.com/kumahq/kuma/pull/7771) @michaelbeaumont +* fix(gatewayapi): don't set listener ResolvedRefs based on routes ResolvedRefs [#7809](https://github.com/kumahq/kuma/pull/7809) @michaelbeaumont +* fix(helm): do not run webhooks on kube-system [#8157](https://github.com/kumahq/kuma/pull/8157) @lahabana +* fix(helm): make CNI configmap and serviceaccount support custom namespace [#7956](https://github.com/kumahq/kuma/pull/7956) @slavogiez +* fix(helm): use bitnami/kubectl image for helm hooks [#7656](https://github.com/kumahq/kuma/pull/7656) @lahabana +* fix(insights): have subscription gc also work for zoneEgress insights [#7954](https://github.com/kumahq/kuma/pull/7954) @lahabana +* fix(insights): improve ZoneInsight subscription management [#8153](https://github.com/kumahq/kuma/pull/8153) @michaelbeaumont +* fix(k8s): add namespace to `deleteObjectIfExist` in pod controller [#8063](https://github.com/kumahq/kuma/pull/8063) @slonka +* fix(k8s): don't temporarily remove all AvailableServices on ZoneIngress Pod reconciliations [#8301](https://github.com/kumahq/kuma/pull/8301) @slonka +* fix(k8s): fix VIPs configmap entries with invalid keys for ExternalName services [#8168](https://github.com/kumahq/kuma/pull/8168) @bartsmykla +* fix(kds): call CloseSend and exit a goroutine when sync fails to start [#7869](https://github.com/kumahq/kuma/pull/7869) @lukidzi +* fix(kds): delta delivery metric [#7793](https://github.com/kumahq/kuma/pull/7793) @jakubdyszkiewicz +* fix(kds): don't inc KdsGenerationErrors when context canceled [#7913](https://github.com/kumahq/kuma/pull/7913) @michaelbeaumont +* fix(kds): experimental watchdog concurrent map write [#7630](https://github.com/kumahq/kuma/pull/7630) @jakubdyszkiewicz +* fix(kds): set error when KDS clients fails in goroutine [#7725](https://github.com/kumahq/kuma/pull/7725) @lukidzi +* fix(kds): try returning unavailable on app context finish [#8050](https://github.com/kumahq/kuma/pull/8050) @slonka +* fix(kds): use deprecated method in otel [#8366](https://github.com/kumahq/kuma/pull/8366) @slonka +* fix(kuma-cni): support port exclusion for UIDs [#8319](https://github.com/kumahq/kuma/pull/8319) @lobkovilya +* fix(kuma-cp): change affinityTag field in MeshLoadBalancingStrategy t… [#8294](https://github.com/kumahq/kuma/pull/8294) @Automaat +* fix(kuma-cp): cleanup interval should be calculated based on "expirationTime" for hashCache [#8065](https://github.com/kumahq/kuma/pull/8065) @lobkovilya +* fix(kuma-cp): don't add `postStart` hook to builtin gateway even if `waitForDataplaneReady: true` [#7939](https://github.com/kumahq/kuma/pull/7939) @lobkovilya +* fix(kuma-cp): don't configure RBAC rules on Prometheus listener [#8172](https://github.com/kumahq/kuma/pull/8172) @lobkovilya +* fix(kuma-cp): fix Zone{In|E}gress sync when no mesh [#8129](https://github.com/kumahq/kuma/pull/8129) @bartsmykla +* fix(kuma-cp): meta validation compatible with Kubernetes naming rules [#7976](https://github.com/kumahq/kuma/pull/7976) @lobkovilya +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes [#7909](https://github.com/kumahq/kuma/pull/7909) @lobkovilya +* fix(kuma-cp): take proper context for resync [#7805](https://github.com/kumahq/kuma/pull/7805) @lukidzi +* fix(kuma-cp): use GetConsistent store when validating default mesh resources [#7949](https://github.com/kumahq/kuma/pull/7949) @lukidzi +* fix(kuma-cp): using policy name with "." causes hash to be inserted in the wrong place on the zone [#8240](https://github.com/kumahq/kuma/pull/8240) @lobkovilya +* fix(kuma-dp): advise user to check pod events when data plane rejected by webhooks [#8257](https://github.com/kumahq/kuma/pull/8257) @jijiechen +* fix(kuma-dp): fix build [#8282](https://github.com/kumahq/kuma/pull/8282) @Automaat +* fix(kuma-dp): fix incorrect dataplane name due to mangled env vars [#8199](https://github.com/kumahq/kuma/pull/8199) @bartsmykla +* fix(kumactl): add `--mesh` parameter to `inspect ` [#7696](https://github.com/kumahq/kuma/pull/7696) @lahabana +* fix(observability): add annotation to make observability while running CNI work [#8330](https://github.com/kumahq/kuma/pull/8330) @slonka +* fix(policy): improve targetRef name and tags validation [#7972](https://github.com/kumahq/kuma/pull/7972) @alparslanavci +* fix(store): fix passing logs to pglock [#8040](https://github.com/kumahq/kuma/pull/8040) @slonka +* fix(store): use customizer for postgres ro pool [#7769](https://github.com/kumahq/kuma/pull/7769) @jakubdyszkiewicz +* fix(transparent-proxy): fix --wait flags for iptables legacy [#8364](https://github.com/kumahq/kuma/pull/8364) @bartsmykla +* fix(xds): backwards compatibility on access logs paths [#7662](https://github.com/kumahq/kuma/pull/7662) @jakubdyszkiewicz +* fix(xds): use stable hashes for outbound cluster names [#8081](https://github.com/kumahq/kuma/pull/8081) @michaelbeaumont +* perf(insights): fetch dp overviews once [#7652](https://github.com/kumahq/kuma/pull/7652) @jakubdyszkiewicz +* perf(insights): fetch external services once [#7796](https://github.com/kumahq/kuma/pull/7796) @lukidzi +* perf(insights): refresh only changed [#7737](https://github.com/kumahq/kuma/pull/7737) @jakubdyszkiewicz +* perf(store): postgres transactions [#7995](https://github.com/kumahq/kuma/pull/7995) @jakubdyszkiewicz +* perf(xds): put the Gatewaylisteners in the Proxy [#8051](https://github.com/kumahq/kuma/pull/8051) @lahabana + ## 2.4.4 > Released on 2023/11/06 @@ -584,16 +1845,29 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * chore(deps): security update [#4622](https://github.com/Kong/kong-mesh/pull/4622) [#4653](https://github.com/Kong/kong-mesh/pull/4653) @kong-mesh * fix(awsiam): refresh GetCallerIdentity request in DP (backport of #4674) [#4728](https://github.com/Kong/kong-mesh/pull/4728) @kong-mesh +### Includes [kumahq/kuma@2.4.4](https://github.com/kumahq/kuma/releases/tag/2.4.4) changelog + +* chore(deps): security update [#8054](https://github.com/kumahq/kuma/pull/8054) [#8205](https://github.com/kumahq/kuma/pull/8205) @kumahq +* fix(MeshTrafficPermission): support permissive mtls (backport of #8171) [#8176](https://github.com/kumahq/kuma/pull/8176) @kumahq +* fix(k8s): fix VIPs configmap entries with invalid keys for ExternalName services (backport of #8168) [#8198](https://github.com/kumahq/kuma/pull/8198) @kumahq +* fix(kuma-cp): fix ZoneIngress/ZoneEgress sync when no mesh (backport of #8129) [#8134](https://github.com/kumahq/kuma/pull/8134) @kumahq + ## 2.4.3 -> Released on 2023/10/11 +> Released on 2023/10/12 * chore(deps): bump kumahq/kuma from 80db656df125 to eeeb2a1eb [#4529](https://github.com/Kong/kong-mesh/pull/4529) [#4546](https://github.com/Kong/kong-mesh/pull/4546) [#4555](https://github.com/Kong/kong-mesh/pull/4555) @kong-mesh * chore(deps): bump opa to 0.57 [#4499](https://github.com/Kong/kong-mesh/pull/4499) @slonka +### Includes [kumahq/kuma@2.4.3](https://github.com/kumahq/kuma/releases/tag/2.4.3) changelog + +* chore(deps): bump envoy from 1.27.0 to 1.27.1 [#8025](https://github.com/kumahq/kuma/pull/8025) @lahabana +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8012](https://github.com/kumahq/kuma/pull/8012) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8032](https://github.com/kumahq/kuma/pull/8032) @michaelbeaumont + ## 2.3.3 -> Released on 2023/10/11 +> Released on 2023/10/12 * chore(deps): build without containerd (backport of #4229) [#4231](https://github.com/Kong/kong-mesh/pull/4231) @kong-mesh * chore(deps): bump kumahq/kuma from c56df80922be to 815b26399 [#4237](https://github.com/Kong/kong-mesh/pull/4237) [#4253](https://github.com/Kong/kong-mesh/pull/4253) [#4262](https://github.com/Kong/kong-mesh/pull/4262) [#4346](https://github.com/Kong/kong-mesh/pull/4346) [#4355](https://github.com/Kong/kong-mesh/pull/4355) [#4478](https://github.com/Kong/kong-mesh/pull/4478) [#4532](https://github.com/Kong/kong-mesh/pull/4532) [#4536](https://github.com/Kong/kong-mesh/pull/4536) [#4548](https://github.com/Kong/kong-mesh/pull/4548) [#4554](https://github.com/Kong/kong-mesh/pull/4554) @kong-mesh @@ -601,31 +1875,84 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * chore(deps): security update [#4236](https://github.com/Kong/kong-mesh/pull/4236) @kong-mesh * fix(audit): use background context (backport of #4035) [#4043](https://github.com/Kong/kong-mesh/pull/4043) @kong-mesh +### Includes [kumahq/kuma@2.3.3](https://github.com/kumahq/kuma/releases/tag/2.3.3) changelog + +* chore(deps): bump envoy from 1.26.4 to 1.26.5 [#8024](https://github.com/kumahq/kuma/pull/8024) @lahabana +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7825](https://github.com/kumahq/kuma/pull/7825) @kumahq +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8016](https://github.com/kumahq/kuma/pull/8016) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8033](https://github.com/kumahq/kuma/pull/8033) @michaelbeaumont +* chore(deps): bump golangci-lint from v1.53.3 to v1.53.3 [#7838](https://github.com/kumahq/kuma/pull/7838) [#7848](https://github.com/kumahq/kuma/pull/7848) @kumahq +* chore(deps): security update [#7734](https://github.com/kumahq/kuma/pull/7734) @kumahq +* chore(deps): update CoreDNS to v1.11.1 (backport of #7523) [#7529](https://github.com/kumahq/kuma/pull/7529) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7833](https://github.com/kumahq/kuma/pull/7833) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7927](https://github.com/kumahq/kuma/pull/7927) @kumahq +* fix(metrics): hijacker should not pass accept-encoding (backport of #7572) [#7576](https://github.com/kumahq/kuma/pull/7576) @kumahq + ## 2.2.5 -> Released on 2023/10/11 +> Released on 2023/10/12 * chore(deps): build without containerd (backport of #4229) [#4230](https://github.com/Kong/kong-mesh/pull/4230) @kong-mesh * chore(deps): bump kumahq/kuma from 858fa348ff7f to 467b9011a [#4063](https://github.com/Kong/kong-mesh/pull/4063) [#4102](https://github.com/Kong/kong-mesh/pull/4102) [#4226](https://github.com/Kong/kong-mesh/pull/4226) [#4254](https://github.com/Kong/kong-mesh/pull/4254) [#4263](https://github.com/Kong/kong-mesh/pull/4263) [#4347](https://github.com/Kong/kong-mesh/pull/4347) [#4357](https://github.com/Kong/kong-mesh/pull/4357) [#4490](https://github.com/Kong/kong-mesh/pull/4490) [#4535](https://github.com/Kong/kong-mesh/pull/4535) [#4538](https://github.com/Kong/kong-mesh/pull/4538) [#4545](https://github.com/Kong/kong-mesh/pull/4545) [#4550](https://github.com/Kong/kong-mesh/pull/4550) [#4553](https://github.com/Kong/kong-mesh/pull/4553) @kong-mesh * chore(deps): bump opa to 0.57 [#4501](https://github.com/Kong/kong-mesh/pull/4501) @slonka * fix(audit): use background context (backport of #4035) [#4045](https://github.com/Kong/kong-mesh/pull/4045) @kong-mesh +### Includes [kumahq/kuma@2.2.5](https://github.com/kumahq/kuma/releases/tag/2.2.5) changelog + +* chore(deps): bump envoy from 1.25.9 to 1.25.10 [#8026](https://github.com/kumahq/kuma/pull/8026) @lahabana +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7827](https://github.com/kumahq/kuma/pull/7827) @kumahq +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8013](https://github.com/kumahq/kuma/pull/8013) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8031](https://github.com/kumahq/kuma/pull/8031) @michaelbeaumont +* chore(deps): bump golangci-lint from v1.53.3 to v1.53.3 [#7842](https://github.com/kumahq/kuma/pull/7842) [#7844](https://github.com/kumahq/kuma/pull/7844) @kumahq +* chore(deps): security update [#7718](https://github.com/kumahq/kuma/pull/7718) @kumahq +* chore(deps): update CoreDNS to v1.11.1 (backport of #7523) [#7531](https://github.com/kumahq/kuma/pull/7531) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7832](https://github.com/kumahq/kuma/pull/7832) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7928](https://github.com/kumahq/kuma/pull/7928) @kumahq +* fix(metrics): hijacker should not pass accept-encoding (backport of #7572) [#7579](https://github.com/kumahq/kuma/pull/7579) @kumahq + ## 2.1.7 -> Released on 2023/10/11 +> Released on 2023/10/12 * chore(deps): bump kumahq/kuma from bc5859add936 to f8e669466 [#4064](https://github.com/Kong/kong-mesh/pull/4064) [#4107](https://github.com/Kong/kong-mesh/pull/4107) [#4224](https://github.com/Kong/kong-mesh/pull/4224) [#4265](https://github.com/Kong/kong-mesh/pull/4265) [#4348](https://github.com/Kong/kong-mesh/pull/4348) [#4350](https://github.com/Kong/kong-mesh/pull/4350) [#4362](https://github.com/Kong/kong-mesh/pull/4362) [#4367](https://github.com/Kong/kong-mesh/pull/4367) [#4375](https://github.com/Kong/kong-mesh/pull/4375) [#4492](https://github.com/Kong/kong-mesh/pull/4492) [#4494](https://github.com/Kong/kong-mesh/pull/4494) [#4543](https://github.com/Kong/kong-mesh/pull/4543) [#4544](https://github.com/Kong/kong-mesh/pull/4544) [#4551](https://github.com/Kong/kong-mesh/pull/4551) @kong-mesh * fix(audit): use background context (backport of #4035) [#4046](https://github.com/Kong/kong-mesh/pull/4046) @kong-mesh +### Includes [kumahq/kuma@2.1.7](https://github.com/kumahq/kuma/releases/tag/2.1.7) changelog + +* chore(deps): bump envoy from 1.24.10 to 1.24.11 [#8027](https://github.com/kumahq/kuma/pull/8027) @lahabana +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7829](https://github.com/kumahq/kuma/pull/7829) @kumahq +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8015](https://github.com/kumahq/kuma/pull/8015) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8030](https://github.com/kumahq/kuma/pull/8030) @michaelbeaumont +* chore(deps): security update [#7716](https://github.com/kumahq/kuma/pull/7716) @kumahq +* chore(deps): update CoreDNS to v1.11.1 (backport of #7523) [#7532](https://github.com/kumahq/kuma/pull/7532) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7830](https://github.com/kumahq/kuma/pull/7830) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7926](https://github.com/kumahq/kuma/pull/7926) @kumahq +* fix(metrics): hijacker should not pass accept-encoding (backport of #7572) [#7577](https://github.com/kumahq/kuma/pull/7577) @kumahq + ## 2.0.8 -> Released on 2023/10/11 +> Released on 2023/10/12 * chore(deps): bump github.com/docker/distribution from 2.8.2-beta.1 to 2.8.2 [#3926](https://github.com/Kong/kong-mesh/pull/3926) @michaelbeaumont * chore(deps): bump kumahq/kuma from 4ecbae54501e to 6ecaf21ff [#3897](https://github.com/Kong/kong-mesh/pull/3897) [#3922](https://github.com/Kong/kong-mesh/pull/3922) [#3948](https://github.com/Kong/kong-mesh/pull/3948) [#3970](https://github.com/Kong/kong-mesh/pull/3970) [#4023](https://github.com/Kong/kong-mesh/pull/4023) [#4070](https://github.com/Kong/kong-mesh/pull/4070) [#4100](https://github.com/Kong/kong-mesh/pull/4100) [#4105](https://github.com/Kong/kong-mesh/pull/4105) [#4225](https://github.com/Kong/kong-mesh/pull/4225) [#4266](https://github.com/Kong/kong-mesh/pull/4266) [#4349](https://github.com/Kong/kong-mesh/pull/4349) [#4364](https://github.com/Kong/kong-mesh/pull/4364) [#4378](https://github.com/Kong/kong-mesh/pull/4378) [#4479](https://github.com/Kong/kong-mesh/pull/4479) [#4537](https://github.com/Kong/kong-mesh/pull/4537) [#4547](https://github.com/Kong/kong-mesh/pull/4547) [#4552](https://github.com/Kong/kong-mesh/pull/4552) @kong-mesh,@michaelbeaumont * chore(deps): security update [#3910](https://github.com/Kong/kong-mesh/pull/3910) [#4235](https://github.com/Kong/kong-mesh/pull/4235) @kong-mesh * fix(audit): use background context (backport of #4035) [#4047](https://github.com/Kong/kong-mesh/pull/4047) @kong-mesh +### Includes [kumahq/kuma@2.0.8](https://github.com/kumahq/kuma/releases/tag/2.0.8) changelog + +* chore(deps): bump envoy from 1.24.10 to 1.24.11 [#8028](https://github.com/kumahq/kuma/pull/8028) @lahabana +* chore(deps): bump go from 1.18 to 1.21.1 [#7533](https://github.com/kumahq/kuma/pull/7533) [#7828](https://github.com/kumahq/kuma/pull/7828) @kumahq,@michaelbeaumont +* chore(deps): bump go version to 1.21.3 (backport of #8001) [#8014](https://github.com/kumahq/kuma/pull/8014) @kumahq +* chore(deps): bump golang.org/x/net to v0.17.0, google.golang.org/grpc to v1.57.1 [#8029](https://github.com/kumahq/kuma/pull/8029) @michaelbeaumont +* chore(deps): bump golangci-lint from v1.53.3 to v1.53.3 [#7841](https://github.com/kumahq/kuma/pull/7841) [#7847](https://github.com/kumahq/kuma/pull/7847) @kumahq +* chore(deps): security update [#7406](https://github.com/kumahq/kuma/pull/7406) [#7453](https://github.com/kumahq/kuma/pull/7453) [#7717](https://github.com/kumahq/kuma/pull/7717) @kumahq +* chore(deps): update CoreDNS to v1.11.1 (backport of #7523) [#7528](https://github.com/kumahq/kuma/pull/7528) @kumahq +* fix(containerd): only build cgroups on linux (backport of #7408) [#7423](https://github.com/kumahq/kuma/pull/7423) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7831](https://github.com/kumahq/kuma/pull/7831) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7930](https://github.com/kumahq/kuma/pull/7930) @kumahq +* fix(metrics): hijacker should not pass accept-encoding (backport of #7572) [#7580](https://github.com/kumahq/kuma/pull/7580) @kumahq +* fix(sec): get rid of dependency on containerd (backport of #7387) [#7389](https://github.com/kumahq/kuma/pull/7389) @kumahq + ## 2.4.2 > Released on 2023/10/02 @@ -637,12 +1964,33 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * feat(awsiam): only require role name in rolesToAssumeForAccounts (backport of #4365) [#4394](https://github.com/Kong/kong-mesh/pull/4394) @kong-mesh * fix(auth): better error message when invalid token supplied (backport of #4429) [#4452](https://github.com/Kong/kong-mesh/pull/4452) @kong-mesh +### Includes [kumahq/kuma@2.4.2](https://github.com/kumahq/kuma/releases/tag/2.4.2) changelog + +* chore(deps): bump go from 1.20.7 to 1.21.1 [#7826](https://github.com/kumahq/kuma/pull/7826) @kumahq +* chore(deps): security update [#7719](https://github.com/kumahq/kuma/pull/7719) @kumahq +* feat(kds): add user-agent with useful version info (backport of #7886) [#7897](https://github.com/kumahq/kuma/pull/7897) @kumahq +* feat(kds): better error handling (backport of #7868) [#7877](https://github.com/kumahq/kuma/pull/7877) @kumahq +* feat(transparent-proxy): allow to wait for xtables lock and retry when installing tproxy fails (backport of #7870) [#7892](https://github.com/kumahq/kuma/pull/7892) @kumahq +* fix(kds): call CloseSend and exit a goroutine when sync fails to start (backport of #7869) [#7883](https://github.com/kumahq/kuma/pull/7883) @kumahq +* fix(kuma-cp): set error when KDS clients fails in goroutine (backport of #7725) [#7834](https://github.com/kumahq/kuma/pull/7834) @kumahq +* fix(kuma-cp): specifying IPv6 Envoy Admin address breaks readiness/liveness probes (backport of #7909) [#7929](https://github.com/kumahq/kuma/pull/7929) @kumahq + ## 2.4.1 -> Released on 2023/09/07 +> Released on 2023/09/08 * chore(deps): bump kumahq/kuma from d7115ca38696 to ecac076c0 [#4191](https://github.com/Kong/kong-mesh/pull/4191) [#4192](https://github.com/Kong/kong-mesh/pull/4192) [#4193](https://github.com/Kong/kong-mesh/pull/4193) [#4194](https://github.com/Kong/kong-mesh/pull/4194) [#4195](https://github.com/Kong/kong-mesh/pull/4195) [#4204](https://github.com/Kong/kong-mesh/pull/4204) [#4206](https://github.com/Kong/kong-mesh/pull/4206) @kong-mesh +### Includes [kumahq/kuma@2.4.1](https://github.com/kumahq/kuma/releases/tag/2.4.1) changelog + +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.1 to 0.16.1 [#7680](https://github.com/kumahq/kuma/pull/7680) @kumahq +* chore(deps): bump sigs.k8s.io/gateway-api from 0.8.0-rc1 to 0.8.0 [#7664](https://github.com/kumahq/kuma/pull/7664) @kumahq +* chore(deps): bump the go-opentelemetry-io-contrib group with 2 updates (backport of #7613) [#7678](https://github.com/kumahq/kuma/pull/7678) @kumahq +* chore(deps): bump the go-opentelemetry-io-otel group with 2 updates (backport of #7607) [#7670](https://github.com/kumahq/kuma/pull/7670) @kumahq +* chore(deps): bump the k8s-libs group with 3 updates (backport of #7606) [#7688](https://github.com/kumahq/kuma/pull/7688) @kumahq +* fix(kumactl): add `--mesh` parameter to `inspect ` (backport of #7696) [#7703](https://github.com/kumahq/kuma/pull/7703) @kumahq +* fix(xds): backwards compatibility on access logs paths (backport of #7662) [#7694](https://github.com/kumahq/kuma/pull/7694) @kumahq + ## 2.4.0 > Released on 2023/08/29 @@ -690,6 +2038,107 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * fix(kuma-cp): refresh only specific mesh when event triggered [#3887](https://github.com/Kong/kong-mesh/pull/3887) @lukidzi * fix(license): rename zones to mesh_zones [#4084](https://github.com/Kong/kong-mesh/pull/4084) @lahabana +### Includes [kumahq/kuma@2.4.0](https://github.com/kumahq/kuma/releases/tag/2.4.0) changelog + +* chore(deps): bump CoreDNS from v1.10.1 to v1.11.1 [#7493](https://github.com/kumahq/kuma/pull/7493) [#7523](https://github.com/kumahq/kuma/pull/7523) @michaelbeaumont +* chore(deps): bump cirello.io/pglock from 1.13.0 to 1.14.0 [#7554](https://github.com/kumahq/kuma/pull/7554) @dependabot +* chore(deps): bump debian from `3d868b5` to `b91baba` [#7403](https://github.com/kumahq/kuma/pull/7403) [#7547](https://github.com/kumahq/kuma/pull/7547) @dependabot +* chore(deps): bump envoy to 1.26.3 [#7267](https://github.com/kumahq/kuma/pull/7267) @lukidzi +* chore(deps): bump github.com/cilium/ebpf from 0.10.0 to 0.11.0 [#7205](https://github.com/kumahq/kuma/pull/7205) @dependabot +* chore(deps): bump github.com/emicklei/go-restful/v3 from 3.10.2 to 3.11.0 [#7552](https://github.com/kumahq/kuma/pull/7552) @dependabot +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 1.0.1 to 1.0.2 [#7159](https://github.com/kumahq/kuma/pull/7159) @dependabot +* chore(deps): bump github.com/exaring/otelpgx from 0.5.0 to 0.5.1 [#7337](https://github.com/kumahq/kuma/pull/7337) @dependabot +* chore(deps): bump github.com/jackc/pgx/v5 from 5.4.1 to 5.4.3 [#7273](https://github.com/kumahq/kuma/pull/7273) [#7474](https://github.com/kumahq/kuma/pull/7474) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.27.8 to 1.27.10 [#7336](https://github.com/kumahq/kuma/pull/7336) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.20.1 to 0.23.0 [#7122](https://github.com/kumahq/kuma/pull/7122) [#7514](https://github.com/kumahq/kuma/pull/7514) @dependabot +* chore(deps): bump go.opentelemetry.io/proto/otlp from 0.20.0 to 1.0.0 [#7272](https://github.com/kumahq/kuma/pull/7272) @dependabot +* chore(deps): bump go.uber.org/zap from 1.24.0 to 1.25.0 [#7472](https://github.com/kumahq/kuma/pull/7472) @dependabot +* chore(deps): bump golang.org/x/net from 0.11.0 to 0.14.0 [#7206](https://github.com/kumahq/kuma/pull/7206) [#7475](https://github.com/kumahq/kuma/pull/7475) @dependabot +* chore(deps): bump golang.org/x/sys from 0.9.0 to 0.11.0 [#7204](https://github.com/kumahq/kuma/pull/7204) [#7471](https://github.com/kumahq/kuma/pull/7471) @dependabot +* chore(deps): bump golang.org/x/text from 0.10.0 to 0.12.0 [#7203](https://github.com/kumahq/kuma/pull/7203) [#7476](https://github.com/kumahq/kuma/pull/7476) @dependabot +* chore(deps): bump golangci-lint from v1.51.2 to v1.53.3 [#7334](https://github.com/kumahq/kuma/pull/7334) @lahabana +* chore(deps): bump gonum.org/v1/gonum from 0.13.0 to 0.14.0 [#7553](https://github.com/kumahq/kuma/pull/7553) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.56.0 to 1.57.0 [#7123](https://github.com/kumahq/kuma/pull/7123) [#7202](https://github.com/kumahq/kuma/pull/7202) [#7373](https://github.com/kumahq/kuma/pull/7373) @dependabot +* chore(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 [#7124](https://github.com/kumahq/kuma/pull/7124) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.12.1 to 3.12.3 [#7270](https://github.com/kumahq/kuma/pull/7270) [#7515](https://github.com/kumahq/kuma/pull/7515) @dependabot +* chore(deps): bump k8s.io/apiextensions-apiserver from 0.27.3 to 0.27.4 [#7372](https://github.com/kumahq/kuma/pull/7372) @michaelbeaumont +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.0 to 0.15.1 [#7470](https://github.com/kumahq/kuma/pull/7470) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.12.0 to 0.13.0 [#7271](https://github.com/kumahq/kuma/pull/7271) [#7550](https://github.com/kumahq/kuma/pull/7550) @dependabot +* chore(deps): bump sigs.k8s.io/gateway-api from 0.7.1-0.20230727082008-1764e458047d to 0.8.0-rc1 [#7371](https://github.com/kumahq/kuma/pull/7371) [#7513](https://github.com/kumahq/kuma/pull/7513) @dependabot,@michaelbeaumont +* chore(deps): bump the k8s-libs group with 3 updates [#7335](https://github.com/kumahq/kuma/pull/7335) [#7549](https://github.com/kumahq/kuma/pull/7549) @dependabot +* chore(deps): bump ubuntu from `0bced47` to `ec050c3` [#7546](https://github.com/kumahq/kuma/pull/7546) @dependabot +* chore(deps): update go from 1.20.5 to 1.20.6 [#7414](https://github.com/kumahq/kuma/pull/7414) @slonka +* chore(deps): update testcontainers-go to 0.22.0 [#7477](https://github.com/kumahq/kuma/pull/7477) @slonka +* chore(deps): update to go 1.20.7 [#7429](https://github.com/kumahq/kuma/pull/7429) @slonka +* chore(deps): upgrade envoy to 1.26.4 [#7367](https://github.com/kumahq/kuma/pull/7367) @lukidzi +* chore(deps): upgrade envoy to 1.27.0 [#7411](https://github.com/kumahq/kuma/pull/7411) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#7095](https://github.com/kumahq/kuma/pull/7095) [#7096](https://github.com/kumahq/kuma/pull/7096) [#7097](https://github.com/kumahq/kuma/pull/7097) [#7100](https://github.com/kumahq/kuma/pull/7100) [#7113](https://github.com/kumahq/kuma/pull/7113) [#7127](https://github.com/kumahq/kuma/pull/7127) [#7128](https://github.com/kumahq/kuma/pull/7128) [#7156](https://github.com/kumahq/kuma/pull/7156) [#7169](https://github.com/kumahq/kuma/pull/7169) [#7171](https://github.com/kumahq/kuma/pull/7171) [#7193](https://github.com/kumahq/kuma/pull/7193) [#7219](https://github.com/kumahq/kuma/pull/7219) [#7255](https://github.com/kumahq/kuma/pull/7255) [#7260](https://github.com/kumahq/kuma/pull/7260) [#7261](https://github.com/kumahq/kuma/pull/7261) [#7274](https://github.com/kumahq/kuma/pull/7274) [#7279](https://github.com/kumahq/kuma/pull/7279) [#7284](https://github.com/kumahq/kuma/pull/7284) [#7305](https://github.com/kumahq/kuma/pull/7305) [#7308](https://github.com/kumahq/kuma/pull/7308) [#7320](https://github.com/kumahq/kuma/pull/7320) [#7322](https://github.com/kumahq/kuma/pull/7322) [#7328](https://github.com/kumahq/kuma/pull/7328) [#7331](https://github.com/kumahq/kuma/pull/7331) [#7340](https://github.com/kumahq/kuma/pull/7340) [#7341](https://github.com/kumahq/kuma/pull/7341) [#7343](https://github.com/kumahq/kuma/pull/7343) [#7345](https://github.com/kumahq/kuma/pull/7345) [#7350](https://github.com/kumahq/kuma/pull/7350) [#7357](https://github.com/kumahq/kuma/pull/7357) [#7369](https://github.com/kumahq/kuma/pull/7369) [#7370](https://github.com/kumahq/kuma/pull/7370) [#7376](https://github.com/kumahq/kuma/pull/7376) [#7378](https://github.com/kumahq/kuma/pull/7378) [#7379](https://github.com/kumahq/kuma/pull/7379) [#7385](https://github.com/kumahq/kuma/pull/7385) [#7388](https://github.com/kumahq/kuma/pull/7388) [#7413](https://github.com/kumahq/kuma/pull/7413) [#7421](https://github.com/kumahq/kuma/pull/7421) [#7430](https://github.com/kumahq/kuma/pull/7430) [#7444](https://github.com/kumahq/kuma/pull/7444) [#7478](https://github.com/kumahq/kuma/pull/7478) [#7479](https://github.com/kumahq/kuma/pull/7479) [#7480](https://github.com/kumahq/kuma/pull/7480) [#7481](https://github.com/kumahq/kuma/pull/7481) [#7482](https://github.com/kumahq/kuma/pull/7482) [#7487](https://github.com/kumahq/kuma/pull/7487) [#7498](https://github.com/kumahq/kuma/pull/7498) [#7499](https://github.com/kumahq/kuma/pull/7499) [#7503](https://github.com/kumahq/kuma/pull/7503) [#7509](https://github.com/kumahq/kuma/pull/7509) [#7510](https://github.com/kumahq/kuma/pull/7510) [#7511](https://github.com/kumahq/kuma/pull/7511) [#7517](https://github.com/kumahq/kuma/pull/7517) [#7518](https://github.com/kumahq/kuma/pull/7518) [#7522](https://github.com/kumahq/kuma/pull/7522) [#7524](https://github.com/kumahq/kuma/pull/7524) [#7537](https://github.com/kumahq/kuma/pull/7537) [#7538](https://github.com/kumahq/kuma/pull/7538) [#7548](https://github.com/kumahq/kuma/pull/7548) [#7557](https://github.com/kumahq/kuma/pull/7557) [#7566](https://github.com/kumahq/kuma/pull/7566) [#7568](https://github.com/kumahq/kuma/pull/7568) [#7569](https://github.com/kumahq/kuma/pull/7569) [#7571](https://github.com/kumahq/kuma/pull/7571) [#7575](https://github.com/kumahq/kuma/pull/7575) [#7581](https://github.com/kumahq/kuma/pull/7581) [#7582](https://github.com/kumahq/kuma/pull/7582) [#7584](https://github.com/kumahq/kuma/pull/7584) @kumahq +* chore(release): merge release-2.3 [#7099](https://github.com/kumahq/kuma/pull/7099) @michaelbeaumont +* feat(MeshHealthCheck): allow top level targetRef kind MeshGateway [#7194](https://github.com/kumahq/kuma/pull/7194) @michaelbeaumont +* feat(MeshRetry): allow top level targetRef kind MeshGateway [#7190](https://github.com/kumahq/kuma/pull/7190) @michaelbeaumont +* feat(MeshTimeout): allow top level targetRef.kind MeshGateway [#7137](https://github.com/kumahq/kuma/pull/7137) @michaelbeaumont +* feat(VirtualOutbound): support multizone [#7407](https://github.com/kumahq/kuma/pull/7407) @jakubdyszkiewicz +* feat(api-server): add isTargetRefBased in /policies [#7561](https://github.com/kumahq/kuma/pull/7561) @lahabana +* feat(api-server): add service unavailable error [#7501](https://github.com/kumahq/kuma/pull/7501) @slonka +* feat(api-server): allow WebService customization in plugins [#7497](https://github.com/kumahq/kuma/pull/7497) @michaelbeaumont +* feat(api-server): error status is an int [#7162](https://github.com/kumahq/kuma/pull/7162) @jakubdyszkiewicz +* feat(cni): add retry for CNI config file check [#7215](https://github.com/kumahq/kuma/pull/7215) @StuAtKong +* feat(insights): add event to trigger computation [#7506](https://github.com/kumahq/kuma/pull/7506) @jakubdyszkiewicz +* feat(insights): change metrics to milliseconds [#7491](https://github.com/kumahq/kuma/pull/7491) @jakubdyszkiewicz +* feat(k8s): show `targetRef` `kind`/`name` in kubectl output [#7116](https://github.com/kumahq/kuma/pull/7116) @michaelbeaumont +* feat(kuma-cp): add 'renewDeadline' and 'leaseDuration' config params [#7448](https://github.com/kumahq/kuma/pull/7448) @lobkovilya +* feat(kuma-cp): add info about presence of auth token in zoneInsight [#7598](https://github.com/kumahq/kuma/pull/7598) @Automaat +* feat(kuma-cp): add observability to k8s auth cache [#7192](https://github.com/kumahq/kuma/pull/7192) @jakubdyszkiewicz +* feat(kuma-cp): add opentelemetry traces to pgx [#7216](https://github.com/kumahq/kuma/pull/7216) @michaelbeaumont +* feat(kuma-cp): add tracing to KDS server [#7160](https://github.com/kumahq/kuma/pull/7160) @michaelbeaumont +* feat(kuma-cp): allow to disable resources count metrics [#7304](https://github.com/kumahq/kuma/pull/7304) @lukidzi +* feat(kuma-cp): better xds metrics [#7208](https://github.com/kumahq/kuma/pull/7208) @jakubdyszkiewicz +* feat(kuma-cp): block application container start until dp is ready [#7583](https://github.com/kumahq/kuma/pull/7583) @lukidzi +* feat(kuma-cp): extend ZoneInsight api with information about usage of… [#7563](https://github.com/kumahq/kuma/pull/7563) @Automaat +* feat(kuma-cp): force routing through zone egress [#7558](https://github.com/kumahq/kuma/pull/7558) @jakubdyszkiewicz +* feat(kuma-cp): implement TLS listener for prometheus [#7534](https://github.com/kumahq/kuma/pull/7534) @lukidzi +* feat(kuma-cp): introduce OpenTelemetry tracing [#7153](https://github.com/kumahq/kuma/pull/7153) @michaelbeaumont +* feat(kuma-cp): support Datadog propagation for tracing [#7168](https://github.com/kumahq/kuma/pull/7168) @michaelbeaumont +* feat(kuma-dp): don't require NET_BIND_SERVICE capability [#7276](https://github.com/kumahq/kuma/pull/7276) @michaelbeaumont +* feat(kumactl): define User-Agent [#7307](https://github.com/kumahq/kuma/pull/7307) @mmorel-35 +* feat(metrics): expose kube controller manager metrics [#7158](https://github.com/kumahq/kuma/pull/7158) @jakubdyszkiewicz +* feat(metrics): support OpenMetrics from applications [#7125](https://github.com/kumahq/kuma/pull/7125) @AyushSenapati +* feat(observability): add traceId in error messages [#7329](https://github.com/kumahq/kuma/pull/7329) @lahabana +* feat(observability): components metrics [#7209](https://github.com/kumahq/kuma/pull/7209) @jakubdyszkiewicz +* feat(policy): add `targetRef.kind` `MeshGateway` [#7114](https://github.com/kumahq/kuma/pull/7114) @michaelbeaumont +* feat(watchdog): don't call onError if error was Canceled [#7401](https://github.com/kumahq/kuma/pull/7401) @michaelbeaumont +* feat(xds): filter-chain builder constructor require name [#7131](https://github.com/kumahq/kuma/pull/7131) @mmorel-35 +* feat(xds): named resources (clusters) builders require name [#7104](https://github.com/kumahq/kuma/pull/7104) @mmorel-35 +* feat(xds): named resources (listeners) builders require name [#7105](https://github.com/kumahq/kuma/pull/7105) @mmorel-35 +* feat(xds): named resources (routes configuration) builders require name [#7106](https://github.com/kumahq/kuma/pull/7106) @mmorel-35 +* feat(zoneproxies): check empty listeners [#7562](https://github.com/kumahq/kuma/pull/7562) @jakubdyszkiewicz +* fix(MeshTrafficPermission): use serviceName instead of resource name for egress MTP [#7225](https://github.com/kumahq/kuma/pull/7225) @lukidzi +* fix(api-server): return 400 when PUT/POST resource is invalid [#7560](https://github.com/kumahq/kuma/pull/7560) @lahabana +* fix(containerd): only build cgroups on linux [#7408](https://github.com/kumahq/kuma/pull/7408) @slonka +* fix(dataplane_watchdog): fix outdated comment [#7565](https://github.com/kumahq/kuma/pull/7565) @nicoche +* fix(egress): routing using MeshHTTPRoute and VirtualOutbound [#7536](https://github.com/kumahq/kuma/pull/7536) @jakubdyszkiewicz +* fix(insights): rewrite insights to allow more efficiency [#7375](https://github.com/kumahq/kuma/pull/7375) @lahabana +* fix(intercp): properly track idleness of pool connections [#7323](https://github.com/kumahq/kuma/pull/7323) @michaelbeaumont +* fix(k8s): tolerate unknown `appProtocol` [#7133](https://github.com/kumahq/kuma/pull/7133) @michaelbeaumont +* fix(kuma-cp): cancel OnTick when watchdog stopped [#7221](https://github.com/kumahq/kuma/pull/7221) @michaelbeaumont +* fix(kuma-cp): do not require certs on https api port [#7102](https://github.com/kumahq/kuma/pull/7102) @jakubdyszkiewicz +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service [#7282](https://github.com/kumahq/kuma/pull/7282) @lukidzi +* fix(kuma-cp): don't leak goroutine on every tick in SimpleWatchdog [#7348](https://github.com/kumahq/kuma/pull/7348) @lukidzi +* fix(kuma-cp): don't return from opentelemetry Start [#7157](https://github.com/kumahq/kuma/pull/7157) @michaelbeaumont +* fix(kuma-cp): handle advertised address in zone ingress [#7332](https://github.com/kumahq/kuma/pull/7332) @jakubdyszkiewicz +* fix(kuma-cp): handle external services with permissive mtls [#7179](https://github.com/kumahq/kuma/pull/7179) @jakubdyszkiewicz +* fix(kuma-cp): order resources for building VIPs [#7333](https://github.com/kumahq/kuma/pull/7333) @lukidzi +* fix(kuma-cp): pass context via snapshot reconciler to generateCerts [#7231](https://github.com/kumahq/kuma/pull/7231) @michaelbeaumont +* fix(kuma-cp): put metadata xds callbacks before sync [#7230](https://github.com/kumahq/kuma/pull/7230) @lobkovilya +* fix(kuma-cp): universal mode don't log on every lock acquire attempt [#7593](https://github.com/kumahq/kuma/pull/7593) @michaelbeaumont +* fix(kuma-dp): pass sockets in metadata from dp to cp [#7218](https://github.com/kumahq/kuma/pull/7218) @lahabana +* fix(kumactl): treat 404 as resource not found error [#7297](https://github.com/kumahq/kuma/pull/7297) @slonka +* fix(metrics): hijacker should not pass accept-encoding [#7572](https://github.com/kumahq/kuma/pull/7572) @jakubdyszkiewicz +* fix(sec): get rid of dependency on containerd [#7387](https://github.com/kumahq/kuma/pull/7387) @slonka +* perf(kuma-cp): trim zone ingress and service insights [#7098](https://github.com/kumahq/kuma/pull/7098) @jakubdyszkiewicz +* perf(xds): use aggregated mesh context for zone proxies [#7449](https://github.com/kumahq/kuma/pull/7449) @jakubdyszkiewicz +* perf(zoneingress): only pick resources from proper mesh [#7415](https://github.com/kumahq/kuma/pull/7415) @jakubdyszkiewicz + ## 2.1.6 > Released on 2023/08/15 @@ -698,29 +2147,63 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * chore(deps): bump kumahq/kuma from 9b24e08ef23a to bc5859add [#3895](https://github.com/Kong/kong-mesh/pull/3895) [#3924](https://github.com/Kong/kong-mesh/pull/3924) [#3953](https://github.com/Kong/kong-mesh/pull/3953) [#3977](https://github.com/Kong/kong-mesh/pull/3977) [#4004](https://github.com/Kong/kong-mesh/pull/4004) [#4016](https://github.com/Kong/kong-mesh/pull/4016) [#4030](https://github.com/Kong/kong-mesh/pull/4030) @kong-mesh,@michaelbeaumont * chore(deps): security update [#3899](https://github.com/Kong/kong-mesh/pull/3899) @kong-mesh +### Includes [kumahq/kuma@2.1.6](https://github.com/kumahq/kuma/releases/tag/2.1.6) changelog -## 2.3.2 -> Released on 2023/08/04 - -* chore(deps): bump kumahq/kuma from 45dd7ae494d4 to c56df8092 [#3856](https://github.com/Kong/kong-mesh/pull/3856) [#3863](https://github.com/Kong/kong-mesh/pull/3863) [#3867](https://github.com/Kong/kong-mesh/pull/3867) [#3881](https://github.com/Kong/kong-mesh/pull/3881) [#3896](https://github.com/Kong/kong-mesh/pull/3896) [#3931](https://github.com/Kong/kong-mesh/pull/3931) [#3936](https://github.com/Kong/kong-mesh/pull/3936) [#3947](https://github.com/Kong/kong-mesh/pull/3947) [#3951](https://github.com/Kong/kong-mesh/pull/3951) [#3967](https://github.com/Kong/kong-mesh/pull/3967) @kong-mesh -* chore(deps): update containerd to v1.7.3 [#3972](https://github.com/Kong/kong-mesh/pull/3972) @michaelbeaumont +* chore(deps): bump go from 1.18 to 1.20.7 [#7446](https://github.com/kumahq/kuma/pull/7446) [#7489](https://github.com/kumahq/kuma/pull/7489) @michaelbeaumont +* chore(deps): security update [#7405](https://github.com/kumahq/kuma/pull/7405) [#7442](https://github.com/kumahq/kuma/pull/7442) @kumahq +* fix(sec): get rid of dependency on containerd (backport of #7387) [#7390](https://github.com/kumahq/kuma/pull/7390) @kumahq ## 2.2.4 -> Released on 2023/08/04 +> Released on 2023/08/07 * chore(deps): bump github.com/docker/distribution from 2.8.1 to 2.8.2 [#3928](https://github.com/Kong/kong-mesh/pull/3928) @michaelbeaumont * chore(deps): bump kumahq/kuma from 5a31d8ce5239 to 858fa348f [#3857](https://github.com/Kong/kong-mesh/pull/3857) [#3862](https://github.com/Kong/kong-mesh/pull/3862) [#3882](https://github.com/Kong/kong-mesh/pull/3882) [#3946](https://github.com/Kong/kong-mesh/pull/3946) [#3964](https://github.com/Kong/kong-mesh/pull/3964) [#3974](https://github.com/Kong/kong-mesh/pull/3974) @kong-mesh,@michaelbeaumont * chore(deps): security update [#3959](https://github.com/Kong/kong-mesh/pull/3959) @kong-mesh * chore(deps): update containerd to v1.7.3 [#3973](https://github.com/Kong/kong-mesh/pull/3973) @michaelbeaumont +### Includes [kumahq/kuma@2.2.4](https://github.com/kumahq/kuma/releases/tag/2.2.4) changelog + +* chore(deps): security update [#7454](https://github.com/kumahq/kuma/pull/7454) @kumahq +* chore(deps): update go from 1.20.5 to 1.20.6 (backport of #7414) [#7417](https://github.com/kumahq/kuma/pull/7417) @kumahq +* chore(deps): update to go 1.20.7 (backport of #7429) [#7432](https://github.com/kumahq/kuma/pull/7432) @kumahq +* chore(deps): upgrade envoy to 1.25.9 [#7366](https://github.com/kumahq/kuma/pull/7366) @lukidzi +* fix(containerd): only build cgroups on linux (backport of #7408) [#7422](https://github.com/kumahq/kuma/pull/7422) @kumahq +* fix(kuma-cp): don't leak goroutine on every tick in SimpleWatchdog (backport of #7348) [#7355](https://github.com/kumahq/kuma/pull/7355) @kumahq +* fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7362](https://github.com/kumahq/kuma/pull/7362) @kumahq +* fix(sec): get rid of dependency on containerd (backport of #7387) [#7391](https://github.com/kumahq/kuma/pull/7391) @kumahq + + +## 2.3.2 +> Released on 2023/08/04 + +* chore(deps): bump kumahq/kuma from 45dd7ae494d4 to c56df8092 [#3856](https://github.com/Kong/kong-mesh/pull/3856) [#3863](https://github.com/Kong/kong-mesh/pull/3863) [#3867](https://github.com/Kong/kong-mesh/pull/3867) [#3881](https://github.com/Kong/kong-mesh/pull/3881) [#3896](https://github.com/Kong/kong-mesh/pull/3896) [#3931](https://github.com/Kong/kong-mesh/pull/3931) [#3936](https://github.com/Kong/kong-mesh/pull/3936) [#3947](https://github.com/Kong/kong-mesh/pull/3947) [#3951](https://github.com/Kong/kong-mesh/pull/3951) [#3967](https://github.com/Kong/kong-mesh/pull/3967) @kong-mesh +* chore(deps): update containerd to v1.7.3 [#3972](https://github.com/Kong/kong-mesh/pull/3972) @michaelbeaumont + +### Includes [kumahq/kuma@2.3.2](https://github.com/kumahq/kuma/releases/tag/2.3.2) changelog + +* chore(deps): security update [#7443](https://github.com/kumahq/kuma/pull/7443) @kumahq +* chore(deps): update go from 1.20.5 to 1.20.6 (backport of #7414) [#7419](https://github.com/kumahq/kuma/pull/7419) @kumahq +* chore(deps): update to go 1.20.7 (backport of #7429) [#7435](https://github.com/kumahq/kuma/pull/7435) @kumahq +* chore(deps): upgrade envoy to 1.26.4 [#7368](https://github.com/kumahq/kuma/pull/7368) @lukidzi +* fix(containerd): only build cgroups on linux (backport of #7408) [#7425](https://github.com/kumahq/kuma/pull/7425) @kumahq +* fix(kuma-cp): don't leak goroutine on every tick in SimpleWatchdog (backport of #7348) [#7351](https://github.com/kumahq/kuma/pull/7351) @kumahq +* fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7359](https://github.com/kumahq/kuma/pull/7359) @kumahq +* fix(sec): get rid of dependency on containerd (backport of #7387) [#7392](https://github.com/kumahq/kuma/pull/7392) @kumahq + ## 2.1.5 -> Released on 2023/07/28 +> Released on 2023/08/03 * chore(deps): upgrade envoy to 1.24.10 [#7363](https://github.com/kumahq/kuma/pull/7363) @lukidzi * chore(deps): bump kumahq/kuma from 60a2d39e7d56 to 7ba3e3579 [#3858](https://github.com/Kong/kong-mesh/pull/3858) [#3861](https://github.com/Kong/kong-mesh/pull/3861) [#3869](https://github.com/Kong/kong-mesh/pull/3869) [#3880](https://github.com/Kong/kong-mesh/pull/3880) @kong-mesh +### Includes [kumahq/kuma@2.1.5](https://github.com/kumahq/kuma/releases/tag/2.1.5) changelog + +* chore(deps): upgrade envoy to 1.24.10 [#7363](https://github.com/kumahq/kuma/pull/7363) @lukidzi +* fix(kuma-cp): don't leak goroutine on every tick in SimpleWatchdog (backport of #7348) [#7352](https://github.com/kumahq/kuma/pull/7352) @kumahq +* fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7361](https://github.com/kumahq/kuma/pull/7361) @kumahq + ## 2.0.7 > Released on 2023/07/28 @@ -728,9 +2211,14 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * chore(deps): upgrade envoy to 1.24.10 [#7364](https://github.com/kumahq/kuma/pull/7364) @lukidzi * chore(deps): bump kumahq/kuma from d8705e29be4c to 4ecbae545 [#3860](https://github.com/Kong/kong-mesh/pull/3860) [#3878](https://github.com/Kong/kong-mesh/pull/3878) @kong-mesh +### Includes [kumahq/kuma@2.0.7](https://github.com/kumahq/kuma/releases/tag/2.0.7) changelog + +* chore(deps): upgrade envoy to 1.24.10 [#7364](https://github.com/kumahq/kuma/pull/7364) @lukidzi +* fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7358](https://github.com/kumahq/kuma/pull/7358) @kumahq + ## 1.9.8 -> Released on 2023/07/27 +> Released on 2023/07/28 * chore(deps): upgrade envoy to 1.24.10 [#7365](https://github.com/kumahq/kuma/pull/7365) @lukidzi * fix(kuma-cp): order resources for building VIPs (backport of #7333) [#7360](https://github.com/kumahq/kuma/pull/7360) @kumahq @@ -741,34 +2229,72 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * update Envoy version to 1.26.3 which includes fix for [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) * chore(deps): bump kumahq/kuma from bba743f5ae56 to 45dd7ae49 [#3622](https://github.com/Kong/kong-mesh/pull/3622) [#3648](https://github.com/Kong/kong-mesh/pull/3648) [#3717](https://github.com/Kong/kong-mesh/pull/3717) [#3769](https://github.com/Kong/kong-mesh/pull/3769) [#3808](https://github.com/Kong/kong-mesh/pull/3808) [#3812](https://github.com/Kong/kong-mesh/pull/3812) [#3820](https://github.com/Kong/kong-mesh/pull/3820) @kong-mesh,@michaelbeaumont +### Includes [kumahq/kuma@2.3.1](https://github.com/kumahq/kuma/releases/tag/2.3.1) changelog + +* chore(deps): bump envoy to 1.26.3 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7266](https://github.com/kumahq/kuma/pull/7266) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#7096](https://github.com/kumahq/kuma/pull/7096) @kumahq +* fix(MeshTrafficPermission): use serviceName instead of resource name for egress MTP (backport of #7225) [#7233](https://github.com/kumahq/kuma/pull/7233) @kumahq +* fix(kuma-cp): cancel OnTick when watchdog stopped (backport of #7221) [#7241](https://github.com/kumahq/kuma/pull/7241) @kumahq +* fix(kuma-cp): do not require certs on https api port (backport of #7102) [#7111](https://github.com/kumahq/kuma/pull/7111) @kumahq +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7295](https://github.com/kumahq/kuma/pull/7295) @kumahq +* fix(kuma-cp): handle external services with permissive mtls (backport of #7179) [#7187](https://github.com/kumahq/kuma/pull/7187) @kumahq +* fix(kuma-cp): pass context via snapshot reconciler to generateCerts (backport of #7231) [#7250](https://github.com/kumahq/kuma/pull/7250) @kumahq +* fix(kuma-cp): put metadata xds callbacks before sync (backport of #7230) [#7244](https://github.com/kumahq/kuma/pull/7244) @kumahq +* fix(kumactl): treat 404 as resource not found error (backport of #7297) [#7303](https://github.com/kumahq/kuma/pull/7303) @kumahq + ## 2.2.3 > Released on 2023/07/21 * update Envoy version to 1.25.8 which includes fix for [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) * chore(deps): bump kumahq/kuma from 2e775e96a30e to fd7bb16d0 [#3623](https://github.com/Kong/kong-mesh/pull/3623) [#3649](https://github.com/Kong/kong-mesh/pull/3649) [#3685](https://github.com/Kong/kong-mesh/pull/3685) [#3692](https://github.com/Kong/kong-mesh/pull/3692) [#3702](https://github.com/Kong/kong-mesh/pull/3702) [#3752](https://github.com/Kong/kong-mesh/pull/3752) [#3761](https://github.com/Kong/kong-mesh/pull/3761) [#3767](https://github.com/Kong/kong-mesh/pull/3767) [#3807](https://github.com/Kong/kong-mesh/pull/3807) [#3810](https://github.com/Kong/kong-mesh/pull/3810) @kong-mesh +### Includes [kumahq/kuma@2.2.3](https://github.com/kumahq/kuma/releases/tag/2.2.3) changelog -## 2.0.6 +* chore(deps): bump envoy to 1.25.8 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7265](https://github.com/kumahq/kuma/pull/7265) @lukidzi +* fix(kuma-cp): cancel OnTick when watchdog stopped (backport of #7221) [#7242](https://github.com/kumahq/kuma/pull/7242) @kumahq +* fix(kuma-cp): do not require certs on https api port (backport of #7102) [#7110](https://github.com/kumahq/kuma/pull/7110) @kumahq +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7291](https://github.com/kumahq/kuma/pull/7291) @kumahq +* fix(kuma-cp): handle external services with permissive mtls (backport of #7179) [#7185](https://github.com/kumahq/kuma/pull/7185) @kumahq +* fix(kuma-cp): pass context via snapshot reconciler to generateCerts (backport of #7231) [#7254](https://github.com/kumahq/kuma/pull/7254) @kumahq +* fix(kuma-cp): put metadata xds callbacks before sync (backport of #7230) [#7245](https://github.com/kumahq/kuma/pull/7245) @kumahq + + +## 2.1.4 > Released on 2023/07/21 + * update Envoy version to 1.24.9 which includes fix for [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) -* chore(deps): bump kumahq/kuma from c92a5afd5f13 to d8705e29b [#3652](https://github.com/Kong/kong-mesh/pull/3652) [#3688](https://github.com/Kong/kong-mesh/pull/3688) [#3709](https://github.com/Kong/kong-mesh/pull/3709) [#3764](https://github.com/Kong/kong-mesh/pull/3764) [#3804](https://github.com/Kong/kong-mesh/pull/3804) [#3809](https://github.com/Kong/kong-mesh/pull/3809) @kong-mesh +* chore(deps): bump kumahq/kuma from a2cf8c765290 to 60a2d39e7 [#3650](https://github.com/Kong/kong-mesh/pull/3650) [#3687](https://github.com/Kong/kong-mesh/pull/3687) [#3691](https://github.com/Kong/kong-mesh/pull/3691) [#3708](https://github.com/Kong/kong-mesh/pull/3708) [#3753](https://github.com/Kong/kong-mesh/pull/3753) [#3766](https://github.com/Kong/kong-mesh/pull/3766) [#3805](https://github.com/Kong/kong-mesh/pull/3805) [#3811](https://github.com/Kong/kong-mesh/pull/3811) @kong-mesh +### Includes [kumahq/kuma@2.1.4](https://github.com/kumahq/kuma/releases/tag/2.1.4) changelog -## 1.9.7 +* chore(deps): bump envoy to 1.24.9 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7264](https://github.com/kumahq/kuma/pull/7264) @lukidzi +* fix(kuma-cp): cancel OnTick when watchdog stopped (backport of #7221) [#7240](https://github.com/kumahq/kuma/pull/7240) @kumahq +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7294](https://github.com/kumahq/kuma/pull/7294) @kumahq +* fix(kuma-cp): handle external services with permissive mtls (backport of #7179) [#7188](https://github.com/kumahq/kuma/pull/7188) @kumahq +* fix(kuma-cp): pass context via snapshot reconciler to generateCerts (backport of #7231) [#7251](https://github.com/kumahq/kuma/pull/7251) @kumahq +* fix(kuma-cp): put metadata xds callbacks before sync (backport of #7230) [#7247](https://github.com/kumahq/kuma/pull/7247) @kumahq + + +## 2.0.6 > Released on 2023/07/21 * update Envoy version to 1.24.9 which includes fix for [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) -* chore(deps): bump kumahq/kuma from af41f882c68c to 0aaf921a0 [#3651](https://github.com/Kong/kong-mesh/pull/3651) [#3689](https://github.com/Kong/kong-mesh/pull/3689) [#3762](https://github.com/Kong/kong-mesh/pull/3762) [#3806](https://github.com/Kong/kong-mesh/pull/3806) @kong-mesh +* chore(deps): bump kumahq/kuma from c92a5afd5f13 to d8705e29b [#3652](https://github.com/Kong/kong-mesh/pull/3652) [#3688](https://github.com/Kong/kong-mesh/pull/3688) [#3709](https://github.com/Kong/kong-mesh/pull/3709) [#3764](https://github.com/Kong/kong-mesh/pull/3764) [#3804](https://github.com/Kong/kong-mesh/pull/3804) [#3809](https://github.com/Kong/kong-mesh/pull/3809) @kong-mesh +### Includes [kumahq/kuma@2.0.6](https://github.com/kumahq/kuma/releases/tag/2.0.6) changelog + +* chore(deps): bump envoy to 1.24.9 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7263](https://github.com/kumahq/kuma/pull/7263) @lukidzi +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7293](https://github.com/kumahq/kuma/pull/7293) @kumahq +* fix(kuma-cp): handle external services with permissive mtls (backport of #7179) [#7186](https://github.com/kumahq/kuma/pull/7186) @kumahq -## 2.1.4 -> Released on 2023/07/20 +## 1.9.7 +> Released on 2023/07/21 * update Envoy version to 1.24.9 which includes fix for [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) -* chore(deps): bump kumahq/kuma from a2cf8c765290 to 60a2d39e7 [#3650](https://github.com/Kong/kong-mesh/pull/3650) [#3687](https://github.com/Kong/kong-mesh/pull/3687) [#3691](https://github.com/Kong/kong-mesh/pull/3691) [#3708](https://github.com/Kong/kong-mesh/pull/3708) [#3753](https://github.com/Kong/kong-mesh/pull/3753) [#3766](https://github.com/Kong/kong-mesh/pull/3766) [#3805](https://github.com/Kong/kong-mesh/pull/3805) [#3811](https://github.com/Kong/kong-mesh/pull/3811) @kong-mesh +* chore(deps): bump kumahq/kuma from af41f882c68c to 0aaf921a0 [#3651](https://github.com/Kong/kong-mesh/pull/3651) [#3689](https://github.com/Kong/kong-mesh/pull/3689) [#3762](https://github.com/Kong/kong-mesh/pull/3762) [#3806](https://github.com/Kong/kong-mesh/pull/3806) @kong-mesh ## 2.3.0 -> Released on 2023/06/23 +> Released on 2023/06/26 * chore(deps): bump github.com/Kong/kauth-api from 1.94.0 to 1.100.0 [#3394](https://github.com/Kong/kong-mesh/pull/3394) @dependabot * chore(deps): bump github.com/aws/aws-sdk-go from 1.44.241 to 1.44.268 [#3221](https://github.com/Kong/kong-mesh/pull/3221) [#3254](https://github.com/Kong/kong-mesh/pull/3254) [#3278](https://github.com/Kong/kong-mesh/pull/3278) [#3316](https://github.com/Kong/kong-mesh/pull/3316) [#3344](https://github.com/Kong/kong-mesh/pull/3344) [#3391](https://github.com/Kong/kong-mesh/pull/3391) @dependabot @@ -823,6 +2349,131 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * fix(mink): use shared go claims for konnect client [#3517](https://github.com/Kong/kong-mesh/pull/3517) @slonka * fix(rls): do not recreate db conns in a loop [#3475](https://github.com/Kong/kong-mesh/pull/3475) @jakubdyszkiewicz +### Includes [kumahq/kuma@2.3.0](https://github.com/kumahq/kuma/releases/tag/2.3.0) changelog + +* chore(deps): bump Envoy from v1.25.4 to v1.26.2 [#6638](https://github.com/kumahq/kuma/pull/6638) [#6938](https://github.com/kumahq/kuma/pull/6938) @lukidzi,@michaelbeaumont +* chore(deps): bump cirello.io/pglock from 1.11.0 to 1.13.0 [#6817](https://github.com/kumahq/kuma/pull/6817) [#6927](https://github.com/kumahq/kuma/pull/6927) @dependabot +* chore(deps): bump controller-runtime from v0.14.6 to v0.15.0 [#6809](https://github.com/kumahq/kuma/pull/6809) [#6832](https://github.com/kumahq/kuma/pull/6832) @dependabot,@michaelbeaumont +* chore(deps): bump gateway-api from v0.7.0 to c9540a9cf448 [#6614](https://github.com/kumahq/kuma/pull/6614) [#6674](https://github.com/kumahq/kuma/pull/6674) [#6735](https://github.com/kumahq/kuma/pull/6735) [#6771](https://github.com/kumahq/kuma/pull/6771) [#6840](https://github.com/kumahq/kuma/pull/6840) [#6912](https://github.com/kumahq/kuma/pull/6912) [#7020](https://github.com/kumahq/kuma/pull/7020) @dependabot,@michaelbeaumont +* chore(deps): bump github.com/containernetworking/plugins from 1.2.0 to 1.3.0 [#6738](https://github.com/kumahq/kuma/pull/6738) @dependabot +* chore(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible [#6751](https://github.com/kumahq/kuma/pull/6751) @dependabot +* chore(deps): bump github.com/envoyproxy/go-control-plane from 0.11.0 to 0.11.1 [#6866](https://github.com/kumahq/kuma/pull/6866) @dependabot +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.10.1 to 1.0.1 [#6617](https://github.com/kumahq/kuma/pull/6617) [#6737](https://github.com/kumahq/kuma/pull/6737) @dependabot +* chore(deps): bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 [#6742](https://github.com/kumahq/kuma/pull/6742) @dependabot +* chore(deps): bump github.com/golang-migrate/migrate/v4 from 4.15.2 to 4.16.2 [#6864](https://github.com/kumahq/kuma/pull/6864) [#6928](https://github.com/kumahq/kuma/pull/6928) [#7000](https://github.com/kumahq/kuma/pull/7000) @dependabot +* chore(deps): bump github.com/lib/pq from 1.10.7 to 1.10.9 [#6554](https://github.com/kumahq/kuma/pull/6554) [#6650](https://github.com/kumahq/kuma/pull/6650) @dependabot +* chore(deps): bump github.com/miekg/dns from 1.1.53 to 1.1.54 [#6651](https://github.com/kumahq/kuma/pull/6651) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.10.0 [#6689](https://github.com/kumahq/kuma/pull/6689) [#6768](https://github.com/kumahq/kuma/pull/6768) [#6925](https://github.com/kumahq/kuma/pull/6925) [#7002](https://github.com/kumahq/kuma/pull/7002) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.8 [#6818](https://github.com/kumahq/kuma/pull/6818) [#7001](https://github.com/kumahq/kuma/pull/7001) @dependabot +* chore(deps): bump github.com/prometheus/client_golang from 1.14.0 to 1.15.1 [#6555](https://github.com/kumahq/kuma/pull/6555) [#6692](https://github.com/kumahq/kuma/pull/6692) @dependabot +* chore(deps): bump github.com/prometheus/client_model from 0.3.0 to 0.4.0 [#6691](https://github.com/kumahq/kuma/pull/6691) @dependabot +* chore(deps): bump github.com/prometheus/common from 0.42.0 to 0.44.0 [#6690](https://github.com/kumahq/kuma/pull/6690) [#6814](https://github.com/kumahq/kuma/pull/6814) @dependabot +* chore(deps): bump github.com/spf13/viper from 1.15.0 to 1.16.0 [#6926](https://github.com/kumahq/kuma/pull/6926) @dependabot +* chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.4 to 2.1.6 [#6867](https://github.com/kumahq/kuma/pull/6867) [#7003](https://github.com/kumahq/kuma/pull/7003) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.18.0 to 0.20.1 [#6708](https://github.com/kumahq/kuma/pull/6708) [#6736](https://github.com/kumahq/kuma/pull/6736) @dependabot +* chore(deps): bump go.opentelemetry.io/proto/otlp from 0.19.0 to 0.20.0 [#7004](https://github.com/kumahq/kuma/pull/7004) @dependabot +* chore(deps): bump golang from 1.20.4 to 1.20.5 [#6587](https://github.com/kumahq/kuma/pull/6587) [#6828](https://github.com/kumahq/kuma/pull/6828) [#6959](https://github.com/kumahq/kuma/pull/6959) @lahabana,@lukidzi +* chore(deps): bump golang.org/x/net from 0.9.0 to 0.10.0 [#6712](https://github.com/kumahq/kuma/pull/6712) @dependabot +* chore(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0 [#6693](https://github.com/kumahq/kuma/pull/6693) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 [#6687](https://github.com/kumahq/kuma/pull/6687) @dependabot +* chore(deps): bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 [#6652](https://github.com/kumahq/kuma/pull/6652) @dependabot +* chore(deps): bump k8s.io/kubectl from 0.26.3 to 0.27.2 [#6813](https://github.com/kumahq/kuma/pull/6813) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.11.3 to 0.12.0 [#6586](https://github.com/kumahq/kuma/pull/6586) [#6688](https://github.com/kumahq/kuma/pull/6688) @dependabot +* chore(deps): use latest kumahq/kuma-gui [#6548](https://github.com/kumahq/kuma/pull/6548) [#6552](https://github.com/kumahq/kuma/pull/6552) [#6562](https://github.com/kumahq/kuma/pull/6562) [#6576](https://github.com/kumahq/kuma/pull/6576) [#6606](https://github.com/kumahq/kuma/pull/6606) [#6616](https://github.com/kumahq/kuma/pull/6616) [#6629](https://github.com/kumahq/kuma/pull/6629) [#6640](https://github.com/kumahq/kuma/pull/6640) [#6655](https://github.com/kumahq/kuma/pull/6655) [#6656](https://github.com/kumahq/kuma/pull/6656) [#6659](https://github.com/kumahq/kuma/pull/6659) [#6661](https://github.com/kumahq/kuma/pull/6661) [#6662](https://github.com/kumahq/kuma/pull/6662) [#6664](https://github.com/kumahq/kuma/pull/6664) [#6675](https://github.com/kumahq/kuma/pull/6675) [#6678](https://github.com/kumahq/kuma/pull/6678) [#6701](https://github.com/kumahq/kuma/pull/6701) [#6702](https://github.com/kumahq/kuma/pull/6702) [#6710](https://github.com/kumahq/kuma/pull/6710) [#6715](https://github.com/kumahq/kuma/pull/6715) [#6753](https://github.com/kumahq/kuma/pull/6753) [#6756](https://github.com/kumahq/kuma/pull/6756) [#6762](https://github.com/kumahq/kuma/pull/6762) [#6774](https://github.com/kumahq/kuma/pull/6774) [#6775](https://github.com/kumahq/kuma/pull/6775) [#6776](https://github.com/kumahq/kuma/pull/6776) [#6777](https://github.com/kumahq/kuma/pull/6777) [#6791](https://github.com/kumahq/kuma/pull/6791) [#6798](https://github.com/kumahq/kuma/pull/6798) [#6801](https://github.com/kumahq/kuma/pull/6801) [#6803](https://github.com/kumahq/kuma/pull/6803) [#6807](https://github.com/kumahq/kuma/pull/6807) [#6811](https://github.com/kumahq/kuma/pull/6811) [#6821](https://github.com/kumahq/kuma/pull/6821) [#6822](https://github.com/kumahq/kuma/pull/6822) [#6823](https://github.com/kumahq/kuma/pull/6823) [#6824](https://github.com/kumahq/kuma/pull/6824) [#6830](https://github.com/kumahq/kuma/pull/6830) [#6833](https://github.com/kumahq/kuma/pull/6833) [#6834](https://github.com/kumahq/kuma/pull/6834) [#6835](https://github.com/kumahq/kuma/pull/6835) [#6837](https://github.com/kumahq/kuma/pull/6837) [#6847](https://github.com/kumahq/kuma/pull/6847) [#6850](https://github.com/kumahq/kuma/pull/6850) [#6851](https://github.com/kumahq/kuma/pull/6851) [#6871](https://github.com/kumahq/kuma/pull/6871) [#6875](https://github.com/kumahq/kuma/pull/6875) [#6877](https://github.com/kumahq/kuma/pull/6877) [#6878](https://github.com/kumahq/kuma/pull/6878) [#6879](https://github.com/kumahq/kuma/pull/6879) [#6882](https://github.com/kumahq/kuma/pull/6882) [#6885](https://github.com/kumahq/kuma/pull/6885) [#6904](https://github.com/kumahq/kuma/pull/6904) [#6914](https://github.com/kumahq/kuma/pull/6914) [#6919](https://github.com/kumahq/kuma/pull/6919) [#6921](https://github.com/kumahq/kuma/pull/6921) [#6932](https://github.com/kumahq/kuma/pull/6932) [#6933](https://github.com/kumahq/kuma/pull/6933) [#6937](https://github.com/kumahq/kuma/pull/6937) [#6939](https://github.com/kumahq/kuma/pull/6939) [#6941](https://github.com/kumahq/kuma/pull/6941) [#6946](https://github.com/kumahq/kuma/pull/6946) [#6949](https://github.com/kumahq/kuma/pull/6949) [#6954](https://github.com/kumahq/kuma/pull/6954) [#6958](https://github.com/kumahq/kuma/pull/6958) [#6975](https://github.com/kumahq/kuma/pull/6975) [#6978](https://github.com/kumahq/kuma/pull/6978) [#6980](https://github.com/kumahq/kuma/pull/6980) [#6982](https://github.com/kumahq/kuma/pull/6982) [#6984](https://github.com/kumahq/kuma/pull/6984) [#6994](https://github.com/kumahq/kuma/pull/6994) [#6998](https://github.com/kumahq/kuma/pull/6998) [#7005](https://github.com/kumahq/kuma/pull/7005) [#7009](https://github.com/kumahq/kuma/pull/7009) [#7011](https://github.com/kumahq/kuma/pull/7011) [#7012](https://github.com/kumahq/kuma/pull/7012) [#7013](https://github.com/kumahq/kuma/pull/7013) [#7015](https://github.com/kumahq/kuma/pull/7015) [#7038](https://github.com/kumahq/kuma/pull/7038) [#7060](https://github.com/kumahq/kuma/pull/7060) [#7074](https://github.com/kumahq/kuma/pull/7074) [#7096](https://github.com/kumahq/kuma/pull/7096) @kumahq +* feat(MeshCircuitBreaker): support MeshGateways [#6706](https://github.com/kumahq/kuma/pull/6706) @michaelbeaumont +* feat(MeshGateway): add TLS passthrough listeners [#6922](https://github.com/kumahq/kuma/pull/6922) @michaelbeaumont +* feat(MeshGateway): support termination on TLS listeners [#6952](https://github.com/kumahq/kuma/pull/6952) @michaelbeaumont +* feat(MeshHealthCheck): support MeshGateway [#6743](https://github.com/kumahq/kuma/pull/6743) @michaelbeaumont +* feat(MeshLoadBalancingStrategy): add builtin gateway support [#6800](https://github.com/kumahq/kuma/pull/6800) @michaelbeaumont +* feat(MeshRetry): add host selection predicates [#6346](https://github.com/kumahq/kuma/pull/6346) @johnharris85 +* feat(api-server): add ability to get k8s format of a resource [#6673](https://github.com/kumahq/kuma/pull/6673) @lahabana +* feat(api-server): make errors compliant with aip 193 [#7017](https://github.com/kumahq/kuma/pull/7017) @lahabana +* feat(client): Consolidate HTTP Client [#6849](https://github.com/kumahq/kuma/pull/6849) @mmorel-35 +* feat(cni): k8s make namespace configurable [#6721](https://github.com/kumahq/kuma/pull/6721) @mmorel-35 +* feat(config): improve configurability [#6583](https://github.com/kumahq/kuma/pull/6583) @slonka +* feat(docker/kumactl): make entrypoint consistent with kuma-cp and kuma-dp images [#6596](https://github.com/kumahq/kuma/pull/6596) @bartsmykla +* feat(envoyadmin): support passing kds envoy operations via http proxy [#6915](https://github.com/kumahq/kuma/pull/6915) @jakubdyszkiewicz +* feat(helm): Add logOutputPath support to chart [#6649](https://github.com/kumahq/kuma/pull/6649) @ashman1984 +* feat(helm): add possibility to extend secrets for cp in helm charts when reusing kuma charts [#6883](https://github.com/kumahq/kuma/pull/6883) @Automaat +* feat(helm): enable NodePort customization [#6770](https://github.com/kumahq/kuma/pull/6770) @mmorel-35 +* feat(helm): remove hostNetwork: true from CNI DaemonSet [#6599](https://github.com/kumahq/kuma/pull/6599) @michaelbeaumont +* feat(helm): set readOnlyRootFilesystem on CNI, more explicit templates [#6604](https://github.com/kumahq/kuma/pull/6604) @michaelbeaumont +* feat(helm): validate zone name on install [#6739](https://github.com/kumahq/kuma/pull/6739) @mmorel-35 +* feat(insights): include tenant id in insights info key [#6804](https://github.com/kumahq/kuma/pull/6804) @jakubdyszkiewicz +* feat(insights): include tenant id in rate limitter key [#6808](https://github.com/kumahq/kuma/pull/6808) @jakubdyszkiewicz +* feat(intercp): pass tenant id [#6856](https://github.com/kumahq/kuma/pull/6856) @jakubdyszkiewicz +* feat(intercp): use global tenant for catalog request [#6863](https://github.com/kumahq/kuma/pull/6863) @jakubdyszkiewicz +* feat(k8s): add read-only root FS to sidecar [#6681](https://github.com/kumahq/kuma/pull/6681) @dascole +* feat(k8s): show `Dataplane` services in `kubectl` output [#6725](https://github.com/kumahq/kuma/pull/6725) @michaelbeaumont +* feat(kds): configurable server stream interceptors [#6697](https://github.com/kumahq/kuma/pull/6697) @jakubdyszkiewicz +* feat(kds): multitenancy [#6723](https://github.com/kumahq/kuma/pull/6723) @jakubdyszkiewicz +* feat(kds): opt-in insecure skip verify in zone cp client [#6991](https://github.com/kumahq/kuma/pull/6991) @jakubdyszkiewicz +* feat(kuma-cp): top-level MeshHTTPRoute targetRef for MeshTimeout [#7016](https://github.com/kumahq/kuma/pull/7016) @lobkovilya +* feat(kuma-cp): add possibility to configure concurrent reconciliation… [#7010](https://github.com/kumahq/kuma/pull/7010) @Automaat +* feat(kuma-cp): add possibility to configure kubernetes client qps and… [#6951](https://github.com/kumahq/kuma/pull/6951) @Automaat +* feat(kuma-cp): allow to override resource store plugin [#6887](https://github.com/kumahq/kuma/pull/6887) @jakubdyszkiewicz +* feat(kuma-cp): allow to specify protocol for globalZone sync service [#6842](https://github.com/kumahq/kuma/pull/6842) @lukidzi +* feat(kuma-cp): implement MeshTrafficPermisson for ExternalServices with ZoneEgress [#7061](https://github.com/kumahq/kuma/pull/7061) @lukidzi +* feat(kuma-cp): improve BuildRules algorithm [#6973](https://github.com/kumahq/kuma/pull/6973) @lobkovilya +* feat(kuma-cp): introduce tag first Virtual Outbound model [#7076](https://github.com/kumahq/kuma/pull/7076) @Automaat +* feat(kuma-cp): multitenancy adjustments [#6705](https://github.com/kumahq/kuma/pull/6705) @jakubdyszkiewicz +* feat(kuma-cp): multitenant counter metrics [#6707](https://github.com/kumahq/kuma/pull/6707) @jakubdyszkiewicz +* feat(kuma-cp): remove unnecessary reconciliation of pods on configmap… [#7014](https://github.com/kumahq/kuma/pull/7014) @Automaat +* feat(kuma-cp): support MeshHTTPRoute targetRef [#6983](https://github.com/kumahq/kuma/pull/6983) @lobkovilya +* feat(mesh): allow disabling default policy creation [#6481](https://github.com/kumahq/kuma/pull/6481) [#6931](https://github.com/kumahq/kuma/pull/6931) @johnharris85 +* feat(meshaccesslog): use "type" to express oneof [#6676](https://github.com/kumahq/kuma/pull/6676) @lobkovilya +* feat(meshtrace): use "type" to express oneof [#6679](https://github.com/kumahq/kuma/pull/6679) @lobkovilya +* feat(mtls): generate certificates for Address and AdvertisedAddress for Dataplane and Ingress [#6584](https://github.com/kumahq/kuma/pull/6584) @mmorel-35 +* feat(multitenancy): postgres events [#6799](https://github.com/kumahq/kuma/pull/6799) @jakubdyszkiewicz +* feat(policy): add MeshTCPRoute [#6806](https://github.com/kumahq/kuma/pull/6806) [#6873](https://github.com/kumahq/kuma/pull/6873) [#6888](https://github.com/kumahq/kuma/pull/6888) @bartsmykla +* feat(resources): retry upsert on resource already exist [#7022](https://github.com/kumahq/kuma/pull/7022) @jakubdyszkiewicz +* feat(tls): remove commonName in certificate generation [#6627](https://github.com/kumahq/kuma/pull/6627) @mmorel-35 +* feat(ui): add mode in the config in the index.html [#6942](https://github.com/kumahq/kuma/pull/6942) @lahabana +* feat(webhook): make init ordering configurable first/last [#7070](https://github.com/kumahq/kuma/pull/7070) @johnharris85 +* feat(webhook): warn/fail if containers use same UID as sidecar [#7042](https://github.com/kumahq/kuma/pull/7042) @johnharris85 +* fix(GatewayAPI): convert HTTP header names to lowercase [#6704](https://github.com/kumahq/kuma/pull/6704) @michaelbeaumont +* fix(GatewayAPI): don't panic if an HTTPRoute references a Gateway with a nonexistent GatewayClass [#6722](https://github.com/kumahq/kuma/pull/6722) @michaelbeaumont +* fix(GatewayAPI): don't share HTTPRoute conditions between parentRefs [#6537](https://github.com/kumahq/kuma/pull/6537) @michaelbeaumont +* fix(GatewayAPI): npe errors [#6852](https://github.com/kumahq/kuma/pull/6852) @michaelbeaumont +* fix(GatewayAPI): reconcile Gateways on Secret changes [#6754](https://github.com/kumahq/kuma/pull/6754) @michaelbeaumont +* fix(MeshGateway): don't strip ports from host [#6755](https://github.com/kumahq/kuma/pull/6755) @michaelbeaumont +* fix(MeshGateway): tweak route precedence to match Gateway API [#6843](https://github.com/kumahq/kuma/pull/6843) @michaelbeaumont +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service [#7069](https://github.com/kumahq/kuma/pull/7069) @michaelbeaumont +* fix(MeshHTTPRoute): assume default catch all path (any path starting with "/") in route match when not explicitly set [#6993](https://github.com/kumahq/kuma/pull/6993) @bartsmykla +* fix(MeshHTTPRoute): only configure HTTP outbounds or with an explicit matching rule [#6876](https://github.com/kumahq/kuma/pull/6876) @michaelbeaumont +* fix(MeshHTTPRoute): rename Prefix to PathPrefix [#6578](https://github.com/kumahq/kuma/pull/6578) @michaelbeaumont +* fix(MeshHTTPRoute): require at least one match [#6796](https://github.com/kumahq/kuma/pull/6796) @michaelbeaumont +* fix(MeshRetry): set MeshGateway retry on routes not virtual hosts [#7029](https://github.com/kumahq/kuma/pull/7029) @michaelbeaumont +* fix(MeshRetry): support MeshGateway [#6779](https://github.com/kumahq/kuma/pull/6779) @lobkovilya +* fix(MeshTimeout): only apply Mesh targeted HTTP timeouts for MeshGateway [#6981](https://github.com/kumahq/kuma/pull/6981) @michaelbeaumont +* fix(MeshTimeout): set idle timeout on gateways, use route action instead of hcm [#6884](https://github.com/kumahq/kuma/pull/6884) @michaelbeaumont +* fix(MeshTrace): create spans with MeshGateway [#7043](https://github.com/kumahq/kuma/pull/7043) @michaelbeaumont +* fix(api-server): service-insights should never return items: null [#6648](https://github.com/kumahq/kuma/pull/6648) @lahabana +* fix(config): add delta xds flag to defaults [#7085](https://github.com/kumahq/kuma/pull/7085) @johnharris85 +* fix(gateway): don't skip retry policy with retry methods [#6896](https://github.com/kumahq/kuma/pull/6896) @bartsmykla +* fix(helm): change CNI priorityClass from system-cluster-critical to system-node-critical [#6634](https://github.com/kumahq/kuma/pull/6634) @michaelbeaumont +* fix(helm): correct appProtocol configurations for https [#7087](https://github.com/kumahq/kuma/pull/7087) @johnharris85 +* fix(helm): update HPA API version [#6792](https://github.com/kumahq/kuma/pull/6792) @johnharris85 +* fix(helm): use correct secret for CP CA in ingress/egress [#6663](https://github.com/kumahq/kuma/pull/6663) @michaelbeaumont +* fix(insights): react on events [#6826](https://github.com/kumahq/kuma/pull/6826) @jakubdyszkiewicz +* fix(kds): trim system namespace suffix from names of plugin originated policies when syncing resources from global to zones in multizone mode. [#7019](https://github.com/kumahq/kuma/pull/7019) @bartsmykla +* fix(kuma-cp): add backward compatible reading of virtual outbound from config [#7088](https://github.com/kumahq/kuma/pull/7088) @Automaat +* fix(kuma-cp): add missing validation for MeshTimeout [#7035](https://github.com/kumahq/kuma/pull/7035) @lobkovilya +* fix(kuma-cp): make finalizer tenant aware [#6929](https://github.com/kumahq/kuma/pull/6929) @lukidzi +* fix(kuma-cp): make store changes processing more reliable [#6728](https://github.com/kumahq/kuma/pull/6728) @lukidzi +* fix(kuma-cp): make zone insight context independent from parent [#6909](https://github.com/kumahq/kuma/pull/6909) @lukidzi +* fix(kuma-cp): race condition when proxy connects to the same CP in less than KUMA_XDS_DATAPLANE_DEREGISTRATION_DELAY [#6568](https://github.com/kumahq/kuma/pull/6568) @lobkovilya +* fix(kuma-cp): replace err with log when TargetRef can't be resolved [#7032](https://github.com/kumahq/kuma/pull/7032) @lobkovilya +* fix(kuma-cp): reset idleTimeout from the old Timeout policy [#6747](https://github.com/kumahq/kuma/pull/6747) @lobkovilya +* fix(kuma-cp): use port instead of target port of a headless service [#7063](https://github.com/kumahq/kuma/pull/7063) @jakubdyszkiewicz +* fix(kuma-cp): wait between the proxy termination and its deregistration [#6533](https://github.com/kumahq/kuma/pull/6533) @lobkovilya +* fix(kuma-dp): honour app content-type [#6783](https://github.com/kumahq/kuma/pull/6783) @AyushSenapati +* fix(kumactl): return after loading configuration from memory [#6518](https://github.com/kumahq/kuma/pull/6518) @lukidzi +* fix(multitenancy): global tenant in intercp when creating certs [#6789](https://github.com/kumahq/kuma/pull/6789) @jakubdyszkiewicz +* perf(k8s): don't reconcile all pods when a service changes [#6986](https://github.com/kumahq/kuma/pull/6986) @lahabana +* perf(k8s): omit fetching other dataplanes when vips are in the config map [#6940](https://github.com/kumahq/kuma/pull/6940) @jakubdyszkiewicz +* refactor(kds): remove unnecessary function nesting for MapZoneTokenSigningKeyGlobalToPublicKey resource mapper in kds context [#7018](https://github.com/kumahq/kuma/pull/7018) @bartsmykla + ## 2.2.2 > Released on 2023/06/21 @@ -830,6 +2481,14 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * chore(deps): bump kumahq/kuma from e30ace1c5856 to 2e775e96a [#3334](https://github.com/Kong/kong-mesh/pull/3334) [#3466](https://github.com/Kong/kong-mesh/pull/3466) [#3530](https://github.com/Kong/kong-mesh/pull/3530) [#3538](https://github.com/Kong/kong-mesh/pull/3538) [#3580](https://github.com/Kong/kong-mesh/pull/3580) [#3591](https://github.com/Kong/kong-mesh/pull/3591) [#3596](https://github.com/Kong/kong-mesh/pull/3596) @kong-mesh * chore(deps): use latest Kong/kong-mesh-gui [#3508](https://github.com/Kong/kong-mesh/pull/3508) @kong-mesh +### Includes [kumahq/kuma@2.2.2](https://github.com/kumahq/kuma/releases/tag/2.2.2) changelog + +* chore(deps): bump go version from 1.20.3 to 1.20.5 [#6987](https://github.com/kumahq/kuma/pull/6987) @lukidzi +* chore(deps): upgrade envoy to 1.25.7 [#6967](https://github.com/kumahq/kuma/pull/6967) @lukidzi +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service (backport of #7069) [#7081](https://github.com/kumahq/kuma/pull/7081) @kumahq +* fix(gateway): don't skip retry policy with retry methods (backport of #6896) [#6899](https://github.com/kumahq/kuma/pull/6899) @kumahq +* fix(kuma-cp): make store changes processing more reliable (backport of #6728) [#6765](https://github.com/kumahq/kuma/pull/6765) @kumahq + ## 2.1.3 > Released on 2023/06/21 @@ -838,6 +2497,15 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * chore(deps): upgrade kuma version and Envoy to 1.24.8 [#3577](https://github.com/Kong/kong-mesh/pull/3577) @lukidzi * chore(deps): upgrade ubi image from 8.7 to 9.1 [#3587](https://github.com/Kong/kong-mesh/pull/3587) @lukidzi +### Includes [kumahq/kuma@2.1.3](https://github.com/kumahq/kuma/releases/tag/2.1.3) changelog + +* chore(deps): upgrade envoy to 1.24.8 [#6969](https://github.com/kumahq/kuma/pull/6969) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#6573](https://github.com/kumahq/kuma/pull/6573) [#6575](https://github.com/kumahq/kuma/pull/6575) [#6886](https://github.com/kumahq/kuma/pull/6886) @kumahq +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service (backport of #7069) [#7078](https://github.com/kumahq/kuma/pull/7078) @kumahq +* fix(docker/kumactl): add entrypoint to kumactl img (backport #6593) [#6595](https://github.com/kumahq/kuma/pull/6595) @mergify +* fix(gateway): don't skip retry policy with retry methods (backport of #6896) [#6900](https://github.com/kumahq/kuma/pull/6900) @kumahq +* fix(kuma-cp): make store changes processing more reliable (backport of #6728) [#6767](https://github.com/kumahq/kuma/pull/6767) @kumahq + ## 2.0.5 > Released on 2023/06/21 @@ -846,6 +2514,13 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * chore(deps): upgrade kuma version and Envoy to 1.24.8 [#3578](https://github.com/Kong/kong-mesh/pull/3578) @lukidzi * chore(deps): upgrade ubi image from 8.7 to 9.1 [#3585](https://github.com/Kong/kong-mesh/pull/3585) @lukidzi +### Includes [kumahq/kuma@2.0.5](https://github.com/kumahq/kuma/releases/tag/2.0.5) changelog + +* chore(deps): upgrade envoy to 1.24.8 [#6968](https://github.com/kumahq/kuma/pull/6968) @lukidzi +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service (backport of #7069) [#7080](https://github.com/kumahq/kuma/pull/7080) @kumahq +* fix(gateway): don't skip retry policy with retry methods (backport of #6896) [#6901](https://github.com/kumahq/kuma/pull/6901) @kumahq +* fix(kuma-cp): make store changes processing more reliable (backport of #6728) [#6763](https://github.com/kumahq/kuma/pull/6763) @kumahq + ## 1.9.6 > Released on 2023/06/21 @@ -858,11 +2533,17 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) ## 2.2.1 -> Released on 2023/05/10 +> Released on 2023/05/11 * chore(deps): bump kumahq/kuma from 9a2812c6b3a4 to e30ace1c5 [#3202](https://github.com/kong/kong-mesh/pull/3202) [#3217](https://github.com/kong/kong-mesh/pull/3217) [#3228](https://github.com/kong/kong-mesh/pull/3228) [#3233](https://github.com/kong/kong-mesh/pull/3233) [#3246](https://github.com/kong/kong-mesh/pull/3246) [#3286](https://github.com/kong/kong-mesh/pull/3286) [#3310](https://github.com/kong/kong-mesh/pull/3310) @kong-mesh * chore(deps): use latest Kong/kong-mesh-gui [#3225](https://github.com/kong/kong-mesh/pull/3225) @kong-mesh +### Includes [kumahq/kuma@2.2.1](https://github.com/kumahq/kuma/releases/tag/2.2.1) changelog + +* chore(deps): bump golang from 1.20.2 to 1.20.3 [#6597](https://github.com/kumahq/kuma/pull/6597) @mergify +* chore(deps): use latest kumahq/kuma-gui [#6574](https://github.com/kumahq/kuma/pull/6574) @kumahq +* fix(docker/kumactl): add entrypoint to kumactl img (backport #6593) [#6594](https://github.com/kumahq/kuma/pull/6594) @mergify + ## 2.2.0 > Released on 2023/04/14 @@ -904,6 +2585,122 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * fix(kuma-cp): don't let CA requests for other meshes block generation [#2953](https://github.com/Kong/kong-mesh/pull/2953) @michaelbeaumont * fix(vault): token renewal after secret change fix [#3025](https://github.com/Kong/kong-mesh/pull/3025) @bartsmykla +### Includes [kumahq/kuma@2.2.0](https://github.com/kumahq/kuma/releases/tag/2.2.0) changelog + +* Modify helm.sh script to make sure no duplicate manifests will be present in packaged chart [#6512](https://github.com/kumahq/kuma/pull/6512) @bartsmykla +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5982](https://github.com/kumahq/kuma/pull/5982) @lahabana +* chore(deps): bump actions/setup-go from 3 to 4 [#6311](https://github.com/kumahq/kuma/pull/6311) @dependabot +* chore(deps): bump cirello.io/pglock from 1.10.0 to 1.11.0 [#6149](https://github.com/kumahq/kuma/pull/6149) @dependabot +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6227](https://github.com/kumahq/kuma/pull/6227) @michaelbeaumont +* chore(deps): bump github.com/cilium/ebpf from 0.9.1 to 0.10.0 [#6152](https://github.com/kumahq/kuma/pull/6152) @dependabot +* chore(deps): bump github.com/containerd/cgroups from 1.0.4 to 1.1.0 [#5878](https://github.com/kumahq/kuma/pull/5878) @dependabot +* chore(deps): bump github.com/containerd/containerd from 1.6.15 to 1.6.18 [#6051](https://github.com/kumahq/kuma/pull/6051) @dependabot +* chore(deps): bump github.com/emicklei/go-restful/v3 from 3.10.1 to 3.10.2 [#6261](https://github.com/kumahq/kuma/pull/6261) @dependabot +* chore(deps): bump github.com/envoyproxy/go-control-plane from 0.10.3 to 0.11.0 [#5947](https://github.com/kumahq/kuma/pull/5947) @dependabot +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.9.1 to 0.10.1 [#6307](https://github.com/kumahq/kuma/pull/6307) [#6316](https://github.com/kumahq/kuma/pull/6316) @dependabot +* chore(deps): bump github.com/go-logr/logr from 1.2.3 to 1.2.4 [#6454](https://github.com/kumahq/kuma/pull/6454) @dependabot +* chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.3 to 4.5.0 [#6071](https://github.com/kumahq/kuma/pull/6071) @dependabot +* chore(deps): bump github.com/golang/protobuf from 1.5.2 to 1.5.3 [#6263](https://github.com/kumahq/kuma/pull/6263) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.41.9 to 0.41.15 [#5924](https://github.com/kumahq/kuma/pull/5924) [#6076](https://github.com/kumahq/kuma/pull/6076) [#6258](https://github.com/kumahq/kuma/pull/6258) @dependabot +* chore(deps): bump github.com/miekg/dns from 1.1.50 to 1.1.53 [#6150](https://github.com/kumahq/kuma/pull/6150) [#6262](https://github.com/kumahq/kuma/pull/6262) [#6453](https://github.com/kumahq/kuma/pull/6453) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.7.0 to 2.9.2 [#5928](https://github.com/kumahq/kuma/pull/5928) [#6043](https://github.com/kumahq/kuma/pull/6043) [#6074](https://github.com/kumahq/kuma/pull/6074) [#6172](https://github.com/kumahq/kuma/pull/6172) [#6208](https://github.com/kumahq/kuma/pull/6208) [#6260](https://github.com/kumahq/kuma/pull/6260) [#6355](https://github.com/kumahq/kuma/pull/6355) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.25.0 to 1.27.6 [#5874](https://github.com/kumahq/kuma/pull/5874) [#6072](https://github.com/kumahq/kuma/pull/6072) [#6167](https://github.com/kumahq/kuma/pull/6167) [#6259](https://github.com/kumahq/kuma/pull/6259) [#6271](https://github.com/kumahq/kuma/pull/6271) [#6353](https://github.com/kumahq/kuma/pull/6353) [#6450](https://github.com/kumahq/kuma/pull/6450) @dependabot +* chore(deps): bump github.com/prometheus/common from 0.39.0 to 0.42.0 [#6073](https://github.com/kumahq/kuma/pull/6073) [#6273](https://github.com/kumahq/kuma/pull/6273) @dependabot +* chore(deps): bump github.com/prometheus/prometheus from 0.41.0 to 0.42.0 [#5927](https://github.com/kumahq/kuma/pull/5927) @dependabot +* chore(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 [#6475](https://github.com/kumahq/kuma/pull/6475) @dependabot +* chore(deps): bump github.com/spiffe/go-spiffe from 0.0.0-20190820222348-6adcf1eecbcc to github.com/spiffe/go-spiffe/v2 [#6151](https://github.com/kumahq/kuma/pull/6151) @dependabot +* chore(deps): bump github.com/spiffe/go-spiffe/v2 from 2.1.2 to 2.1.4 [#6313](https://github.com/kumahq/kuma/pull/6313) [#6451](https://github.com/kumahq/kuma/pull/6451) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.15.0 to 0.18.0 [#6075](https://github.com/kumahq/kuma/pull/6075) @dependabot +* chore(deps): bump github.com/vishvananda/netns to 0.0.4 [#6103](https://github.com/kumahq/kuma/pull/6103) @mmorel-35 +* chore(deps): bump go from 1.18 to 1.20.2 [#6179](https://github.com/kumahq/kuma/pull/6179) [#6279](https://github.com/kumahq/kuma/pull/6279) @jakubdyszkiewicz,@lahabana +* chore(deps): bump go.uber.org/multierr from 1.9.0 to 1.11.0 [#6264](https://github.com/kumahq/kuma/pull/6264) [#6452](https://github.com/kumahq/kuma/pull/6452) @dependabot +* chore(deps): bump golang.org/x/net from 0.5.0 to 0.8.0 [#6003](https://github.com/kumahq/kuma/pull/6003) [#6042](https://github.com/kumahq/kuma/pull/6042) [#6209](https://github.com/kumahq/kuma/pull/6209) @dependabot +* chore(deps): bump golang.org/x/sys from 0.4.0 to 0.7.0 [#5948](https://github.com/kumahq/kuma/pull/5948) [#6476](https://github.com/kumahq/kuma/pull/6476) @dependabot +* chore(deps): bump golang.org/x/text from 0.6.0 to 0.8.0 [#6004](https://github.com/kumahq/kuma/pull/6004) [#6211](https://github.com/kumahq/kuma/pull/6211) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.52.0 to 1.54.0 [#5877](https://github.com/kumahq/kuma/pull/5877) [#5946](https://github.com/kumahq/kuma/pull/5946) [#6354](https://github.com/kumahq/kuma/pull/6354) @dependabot +* chore(deps): bump google.golang.org/protobuf from 1.28.1 to 1.30.0 [#6274](https://github.com/kumahq/kuma/pull/6274) [#6309](https://github.com/kumahq/kuma/pull/6309) @dependabot +* chore(deps): bump gopkg.in/natefinch/lumberjack.v2 from 2.0.0 to 2.2.1 [#5949](https://github.com/kumahq/kuma/pull/5949) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.11.0 to 3.11.2 [#5962](https://github.com/kumahq/kuma/pull/5962) [#6265](https://github.com/kumahq/kuma/pull/6265) @dependabot +* chore(deps): bump k8s.io/apiextensions-apiserver from 0.26.1 to 0.26.3 [#6168](https://github.com/kumahq/kuma/pull/6168) [#6318](https://github.com/kumahq/kuma/pull/6318) @dependabot +* chore(deps): bump k8s.io/klog/v2 from 2.90.0 to 2.90.1 [#6207](https://github.com/kumahq/kuma/pull/6207) @dependabot +* chore(deps): bump k8s.io/kubectl from 0.26.1 to 0.26.3 [#6171](https://github.com/kumahq/kuma/pull/6171) [#6308](https://github.com/kumahq/kuma/pull/6308) @dependabot +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.14.1 to 0.14.6 [#5875](https://github.com/kumahq/kuma/pull/5875) [#5926](https://github.com/kumahq/kuma/pull/5926) [#6210](https://github.com/kumahq/kuma/pull/6210) [#6455](https://github.com/kumahq/kuma/pull/6455) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.11.1 to 0.11.3 [#5876](https://github.com/kumahq/kuma/pull/5876) [#5925](https://github.com/kumahq/kuma/pull/5925) @dependabot +* chore(deps): bump sigs.k8s.io/gateway-api from v0.5.1 to v0.6.0 [#5559](https://github.com/kumahq/kuma/pull/5559) @michaelbeaumont +* chore(deps): bump tibdex/github-app-token from 1.7.0 to 1.8.0 [#5879](https://github.com/kumahq/kuma/pull/5879) @dependabot +* chore(deps): remove dependency on github.com/prometheus/prometheus [#6204](https://github.com/kumahq/kuma/pull/6204) @lahabana +* chore(deps): security update [#6397](https://github.com/kumahq/kuma/pull/6397) [#6473](https://github.com/kumahq/kuma/pull/6473) @kumahq +* chore(deps): use latest kumahq/kuma-gui [#5866](https://github.com/kumahq/kuma/pull/5866) [#5883](https://github.com/kumahq/kuma/pull/5883) [#5911](https://github.com/kumahq/kuma/pull/5911) [#5931](https://github.com/kumahq/kuma/pull/5931) [#5937](https://github.com/kumahq/kuma/pull/5937) [#5940](https://github.com/kumahq/kuma/pull/5940) [#5952](https://github.com/kumahq/kuma/pull/5952) [#5958](https://github.com/kumahq/kuma/pull/5958) [#6002](https://github.com/kumahq/kuma/pull/6002) [#6067](https://github.com/kumahq/kuma/pull/6067) [#6078](https://github.com/kumahq/kuma/pull/6078) [#6155](https://github.com/kumahq/kuma/pull/6155) [#6158](https://github.com/kumahq/kuma/pull/6158) [#6161](https://github.com/kumahq/kuma/pull/6161) [#6176](https://github.com/kumahq/kuma/pull/6176) [#6197](https://github.com/kumahq/kuma/pull/6197) [#6216](https://github.com/kumahq/kuma/pull/6216) [#6243](https://github.com/kumahq/kuma/pull/6243) [#6302](https://github.com/kumahq/kuma/pull/6302) [#6317](https://github.com/kumahq/kuma/pull/6317) [#6345](https://github.com/kumahq/kuma/pull/6345) [#6360](https://github.com/kumahq/kuma/pull/6360) [#6373](https://github.com/kumahq/kuma/pull/6373) [#6400](https://github.com/kumahq/kuma/pull/6400) [#6402](https://github.com/kumahq/kuma/pull/6402) [#6425](https://github.com/kumahq/kuma/pull/6425) @kumahq +* feat(GatewayAPI): support HTTPRoutePathRedirect [#6437](https://github.com/kumahq/kuma/pull/6437) @michaelbeaumont +* feat(GatewayAPI): support ResponseHeaderModifier in HTTPRoute [#6000](https://github.com/kumahq/kuma/pull/6000) @michaelbeaumont +* feat(GatewayAPI): update to v0.6.2 [#6293](https://github.com/kumahq/kuma/pull/6293) @michaelbeaumont +* feat(MeshAccessLog): support OpenTelemetry [#5999](https://github.com/kumahq/kuma/pull/5999) @michaelbeaumont +* feat(MeshGateway): auto host rewrite for gateway route [#6328](https://github.com/kumahq/kuma/pull/6328) @bartsmykla +* feat(MeshGateway): support deployment customization for MeshGatewayInstance [#6348](https://github.com/kumahq/kuma/pull/6348) [#6388](https://github.com/kumahq/kuma/pull/6388) @johnharris85 +* feat(MeshHTTPRoute): add RequestMirror filter [#6064](https://github.com/kumahq/kuma/pull/6064) @lobkovilya +* feat(MeshHTTPRoute): add header matching [#5943](https://github.com/kumahq/kuma/pull/5943) @michaelbeaumont +* feat(MeshHTTPRoute): add path modifier to redirect [#5918](https://github.com/kumahq/kuma/pull/5918) @lobkovilya +* feat(MeshHTTPRoute): cross-zone support [#5984](https://github.com/kumahq/kuma/pull/5984) @michaelbeaumont +* feat(MeshProxyPatch): add json patch support [#6281](https://github.com/kumahq/kuma/pull/6281) @bartsmykla +* feat(MeshRetry): add host selection predicates [#6465](https://github.com/kumahq/kuma/pull/6465) @johnharris85 +* feat(MeshTrace): add support for opentelemetry trace backend [#5992](https://github.com/kumahq/kuma/pull/5992) @frzifus +* feat(api-server): manual mTLS [#5979](https://github.com/kumahq/kuma/pull/5979) @jakubdyszkiewicz +* feat(api-server): whoami endpoint [#6120](https://github.com/kumahq/kuma/pull/6120) @jakubdyszkiewicz +* feat(auth): separate authenticators for dp and zone proxy [#5991](https://github.com/kumahq/kuma/pull/5991) @jakubdyszkiewicz +* feat(helm): add default CNI resources [#6287](https://github.com/kumahq/kuma/pull/6287) @michaelbeaumont +* feat(helm): dynamic admission server port [#6344](https://github.com/kumahq/kuma/pull/6344) @d4kine +* feat(helm): make egress resources configurable [#6286](https://github.com/kumahq/kuma/pull/6286) @dascole +* feat(helm): make it possbile to install universal cp on k8s [#5913](https://github.com/kumahq/kuma/pull/5913) @slonka +* feat(k8s): add a configuration option to list allowed service accounts [#6505](https://github.com/kumahq/kuma/pull/6505) @slonka +* feat(k8s): add annotation `prometheus.metrics.kuma.io/aggregate-application-address` to scrape custom address on k8s [#6289](https://github.com/kumahq/kuma/pull/6289) @slonka +* feat(k8s): set `kubectl.kubernetes.io/default-container` pod annotation [#6055](https://github.com/kumahq/kuma/pull/6055) @michaelbeaumont +* feat(kds): allow running non-tls KDS server [#6145](https://github.com/kumahq/kuma/pull/6145) @slonka +* feat(kds): delta KDS [#6278](https://github.com/kumahq/kuma/pull/6278) [#6358](https://github.com/kumahq/kuma/pull/6358) @lukidzi +* feat(kds): enable nack backoff [#5894](https://github.com/kumahq/kuma/pull/5894) @jakubdyszkiewicz +* feat(kuma-cp): allow Mesh default resources regeneration without deletion and restart [#6223](https://github.com/kumahq/kuma/pull/6223) @michaelbeaumont +* feat(kuma-cp): init container first by default [#5857](https://github.com/kumahq/kuma/pull/5857) @zekth +* feat(kumactl): generate public key command [#5917](https://github.com/kumahq/kuma/pull/5917) @jakubdyszkiewicz +* feat(kumactl): remove ca-cert or skip-verify requirement [#6140](https://github.com/kumahq/kuma/pull/6140) @jakubdyszkiewicz +* feat(persistence): change lib/pq to pgx [#6257](https://github.com/kumahq/kuma/pull/6257) @slonka +* feat(persistence): create pgx store [#6359](https://github.com/kumahq/kuma/pull/6359) [#6457](https://github.com/kumahq/kuma/pull/6457) @slonka +* feat(policies): extend policy matching API to work with egress and external services [#6379](https://github.com/kumahq/kuma/pull/6379) @lobkovilya +* feat(policies): implement MeshLoadBalancingStrategy [#6117](https://github.com/kumahq/kuma/pull/6117) [#6163](https://github.com/kumahq/kuma/pull/6163) [#6202](https://github.com/kumahq/kuma/pull/6202) [#6390](https://github.com/kumahq/kuma/pull/6390) @lobkovilya +* feat(tokens): allow kid to be a string [#5944](https://github.com/kumahq/kuma/pull/5944) @jakubdyszkiewicz +* feat(tokens): issue tokens offline [#5919](https://github.com/kumahq/kuma/pull/5919) @jakubdyszkiewicz +* feat(tokens): offline validation [#6085](https://github.com/kumahq/kuma/pull/6085) @jakubdyszkiewicz +* feat(tproxy): make tproxy v2 and CNI v2 default [#6083](https://github.com/kumahq/kuma/pull/6083) @bartsmykla +* fix(GatewayAPI): always set an explicit HTTPRoute Parents in status [#6367](https://github.com/kumahq/kuma/pull/6367) @michaelbeaumont +* fix(GatewayAPI): correctly handle invalid backendRefs [#6428](https://github.com/kumahq/kuma/pull/6428) @michaelbeaumont +* fix(MeshHTTPRoute): filter URLRewrite should be configured with ClusterSpecifier [#5920](https://github.com/kumahq/kuma/pull/5920) @lobkovilya +* fix(MeshRetry): guard against multiple previous priorities [#6496](https://github.com/kumahq/kuma/pull/6496) @johnharris85 +* fix(MeshTimeout): apply MeshTimeout defaults when one of `from` or `to` section is missing [#5902](https://github.com/kumahq/kuma/pull/5902) @Automaat +* fix(ca/builtin): be less verbose when creating CA secrets [#6217](https://github.com/kumahq/kuma/pull/6217) @michaelbeaumont +* fix(docker): set `SHELL` to an existing binary [#6192](https://github.com/kumahq/kuma/pull/6192) @michaelbeaumont +* fix(docker): use no ssl image [#5560](https://github.com/kumahq/kuma/pull/5560) @slonka +* fix(helm): add appProtocol to services we create [#6157](https://github.com/kumahq/kuma/pull/6157) @lahabana +* fix(helm): don't include taint controller env when cni disabled [#6148](https://github.com/kumahq/kuma/pull/6148) @lukidzi +* fix(helm): dont specify a default type for extraSecrets [#5932](https://github.com/kumahq/kuma/pull/5932) @wheelerlaw +* fix(helm): make it possible to use custom CA in egress and ingress [#5980](https://github.com/kumahq/kuma/pull/5980) @lahabana +* fix(helm): postgres client cert setup [#6335](https://github.com/kumahq/kuma/pull/6335) @slonka +* fix(helm): remove universal on kubernetes env vars that are supposed to be provided via secrets [#5938](https://github.com/kumahq/kuma/pull/5938) @slonka +* fix(helm): security contexts for ebpf cleanup hook [#6235](https://github.com/kumahq/kuma/pull/6235) @bartsmykla +* fix(helm): set CP memory limits, by default equal to memory request, set CP CPU requests [#6127](https://github.com/kumahq/kuma/pull/6127) @michaelbeaumont +* fix(helm): set migration container resources and securityContext [#6255](https://github.com/kumahq/kuma/pull/6255) @michaelbeaumont +* fix(helm): set readOnlyRootFilesystem/runAsNonRoot, create a ServiceAccount in correct release namespace [#6121](https://github.com/kumahq/kuma/pull/6121) @michaelbeaumont +* fix(helm): set readOnlyRootFilesystem/runAsUser/runAsGroup on ingress/egress deployments [#6164](https://github.com/kumahq/kuma/pull/6164) @michaelbeaumont +* fix(helm): upgrade CRDs instead of installing missing CRDs [#6403](https://github.com/kumahq/kuma/pull/6403) @jakubdyszkiewicz +* fix(helm): use emptyDir at /tmp with CP [#6162](https://github.com/kumahq/kuma/pull/6162) @michaelbeaumont +* fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 [#6374](https://github.com/kumahq/kuma/pull/6374) @jakubdyszkiewicz +* fix(kuma-cp): allow names of the resource to be longer and validate the length [#6123](https://github.com/kumahq/kuma/pull/6123) @lukidzi +* fix(kuma-cp): change default value for KubeOutboundsAsVIPs [#6057](https://github.com/kumahq/kuma/pull/6057) @Automaat +* fix(kuma-cp): change validation of resources synced to global [#6178](https://github.com/kumahq/kuma/pull/6178) @jakubdyszkiewicz +* fix(kuma-cp): don't let CA requests for other meshes block generation [#6282](https://github.com/kumahq/kuma/pull/6282) @michaelbeaumont +* fix(kuma-cp): traffic split with internal and external service [#5904](https://github.com/kumahq/kuma/pull/5904) @lobkovilya +* fix(kuma-cp): zone ingress mixes services with the same name in different meshes [#6364](https://github.com/kumahq/kuma/pull/6364) @lobkovilya +* fix(kumactl): don't check compatibility when talking to a preview version [#6143](https://github.com/kumahq/kuma/pull/6143) @lahabana +* fix(policy): merging of policies results in not applying policy on some outbounds [#6460](https://github.com/kumahq/kuma/pull/6460) @jakubdyszkiewicz +* fix(tproxy): allow disabling ipv6 for tproxy [#5923](https://github.com/kumahq/kuma/pull/5923) @bartsmykla + ## 2.1.2 > Released on 2023/04/07 @@ -919,6 +2716,17 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * fix(plugin/vault): token renew when secret change (backport #3025) [#3072](https://github.com/kong/kong-mesh/pull/3072) @mergify * fix(plugins/ca/certmanager): don't force common name to be set in CSRs (backport #2795) [#2813](https://github.com/kong/kong-mesh/pull/2813) @mergify +### Includes [kumahq/kuma@2.1.2](https://github.com/kumahq/kuma/releases/tag/2.1.2) changelog + +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6237](https://github.com/kumahq/kuma/pull/6237) @mergify +* chore(deps): remove dependency on github.com/prometheus/prometheus (backport #6204) [#6205](https://github.com/kumahq/kuma/pull/6205) @mergify +* chore(deps): security update [#6062](https://github.com/kumahq/kuma/pull/6062) [#6392](https://github.com/kumahq/kuma/pull/6392) [#6471](https://github.com/kumahq/kuma/pull/6471) @kumahq +* chore(deps): upgrade envoy to v1.22.10 [#6483](https://github.com/kumahq/kuma/pull/6483) @michaelbeaumont +* fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 (backport #6374) [#6376](https://github.com/kumahq/kuma/pull/6376) @mergify +* fix(kuma-cp): add components in runtime (backport #6350) [#6381](https://github.com/kumahq/kuma/pull/6381) @mergify +* fix(kuma-cp): don't let CA requests for other meshes block generation (backport #6282) [#6284](https://github.com/kumahq/kuma/pull/6284) @mergify +* fix(policy): matcher with same key not the same value (backport #6460) [#6466](https://github.com/kumahq/kuma/pull/6466) @mergify + ## 2.0.4 > Released on 2023/04/07 @@ -928,19 +2736,34 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * fix(plugin/vault): token renew when secret change (backport #3025) [#3073](https://github.com/kong/kong-mesh/pull/3073) @mergify * fix(plugins/ca/certmanager): don't force common name to be set in CSRs (backport #2795) [#2812](https://github.com/kong/kong-mesh/pull/2812) @mergify +### Includes [kumahq/kuma@2.0.4](https://github.com/kumahq/kuma/releases/tag/2.0.4) changelog + +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6238](https://github.com/kumahq/kuma/pull/6238) @mergify +* chore(deps): bump gorestful and jwt [#6221](https://github.com/kumahq/kuma/pull/6221) @lahabana +* chore(deps): remove dependency on github.com/prometheus/prometheus (backport #6204) [#6206](https://github.com/kumahq/kuma/pull/6206) @mergify +* chore(deps): security update [#6063](https://github.com/kumahq/kuma/pull/6063) [#6395](https://github.com/kumahq/kuma/pull/6395) [#6472](https://github.com/kumahq/kuma/pull/6472) @kumahq +* chore(deps): upgrade envoy to v1.22.10 (backport #6483) [#6484](https://github.com/kumahq/kuma/pull/6484) @mergify +* fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 (backport #6374) [#6377](https://github.com/kumahq/kuma/pull/6377) @mergify +* fix(policy): matcher with same key not the same value (backport #6460) [#6467](https://github.com/kumahq/kuma/pull/6467) @mergify + ## 1.9.5 -> Released on 2023/04/06 +> Released on 2023/04/07 * fix(plugin/vault): token renew when secret change (backport #3025) [#3074](https://github.com/kong/kong-mesh/pull/3074) @mergify * fix(plugins/ca/certmanager): don't force common name to be set in CSRs (backport #2795) [#2811](https://github.com/kong/kong-mesh/pull/2811) @mergify ## 1.8.7 -> Released on 2023/04/06 +> Released on 2023/04/07 * fix(plugin/vault): token renew when secret change (backport #3025) [#3075](https://github.com/kong/kong-mesh/pull/3075) @mergify +### Includes [kumahq/kuma@1.8.7](https://github.com/kumahq/kuma/releases/tag/1.8.7) changelog + +* chore(deps): bump envoy to 1.24.9 which fix [CVE-2023-35945](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r) [#7262](https://github.com/kumahq/kuma/pull/7262) @lukidzi +* fix(kuma-cp): don't fail when 2 headless services pointing to the same service (backport of #7282) [#7292](https://github.com/kumahq/kuma/pull/7292) @kumahq + ## 2.1.1 > Released on 2023/02/16 @@ -951,6 +2774,15 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * fix(ghaction): rename helm release action [#2729](https://github.com/Kong/kong-mesh/pull/2729) @jakubdyszkiewicz * fix(makefiles): implicit BASE_KUMA_VERSION (backport #2720) [#2721](https://github.com/Kong/kong-mesh/pull/2721) @mergify +### Includes [kumahq/kuma@2.1.1](https://github.com/kumahq/kuma/releases/tag/2.1.1) changelog + +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5985](https://github.com/kumahq/kuma/pull/5985) @mergify +* chore(deps): security update [#5965](https://github.com/kumahq/kuma/pull/5965) @kumahq +* chore(deps): use latest kumahq/kuma-gui [#5912](https://github.com/kumahq/kuma/pull/5912) [#5915](https://github.com/kumahq/kuma/pull/5915) [#5977](https://github.com/kumahq/kuma/pull/5977) @kumahq +* feat(api-server): manual mTLS (backport #5979) [#5981](https://github.com/kumahq/kuma/pull/5981) @mergify +* fix(helm): use custom CA in egress and ingress too (backport #5980) [#5993](https://github.com/kumahq/kuma/pull/5993) @mergify +* fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) [#5953](https://github.com/kumahq/kuma/pull/5953) @mergify + ## 2.0.3 > Released on 2023/02/16 @@ -959,6 +2791,12 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * fix(ghaction): rename helm release action (backport #2729) [#2731](https://github.com/Kong/kong-mesh/pull/2731) @mergify * fix(makefiles): implicit BASE_KUMA_VERSION (backport #2720) [#2722](https://github.com/Kong/kong-mesh/pull/2722) @mergify +### Includes [kumahq/kuma@2.0.3](https://github.com/kumahq/kuma/releases/tag/2.0.3) changelog + +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5986](https://github.com/kumahq/kuma/pull/5986) @mergify +* chore(deps): security update [#5762](https://github.com/kumahq/kuma/pull/5762) [#5969](https://github.com/kumahq/kuma/pull/5969) @kumahq +* fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) [#5954](https://github.com/kumahq/kuma/pull/5954) @mergify + ## 1.9.4 > Released on 2023/02/16 @@ -977,6 +2815,13 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) * fix(ghaction): rename helm release action (backport #2729) [#2733](https://github.com/Kong/kong-mesh/pull/2733) @mergify * fix(makefiles): implicit BASE_KUMA_VERSION (backport #2720) [#2724](https://github.com/Kong/kong-mesh/pull/2724) @mergify +### Includes [kumahq/kuma@1.8.6](https://github.com/kumahq/kuma/releases/tag/1.8.6) changelog + +* chore(deps): upgrade envoy to 1.24.8 [#6966](https://github.com/kumahq/kuma/pull/6966) @lukidzi +* fix(MeshGatewayInstance): don't overwrite annotations/labels in managed Service (backport of #7069) [#7079](https://github.com/kumahq/kuma/pull/7079) @kumahq +* fix(gateway): don't skip retry policy with retry methods (backport of #6896) [#6902](https://github.com/kumahq/kuma/pull/6902) @kumahq +* fix(kuma-cp): make store changes processing more reliable (backport of #6728) [#6764](https://github.com/kumahq/kuma/pull/6764) @kumahq + ## 1.7.7 > Released on 2023/02/16 @@ -988,7 +2833,7 @@ Based on [Kuma 2.5.0](https://github.com/kumahq/kuma/releases/tag/2.5.0) ## 2.1.0 -> Released on 2023/01/31 +> Released on 2023/02/15 Built on top of [Kuma 2.1.0](https://github.com/kumahq/kuma/releases/tag/2.1.0) @@ -997,9 +2842,124 @@ Built on top of [Kuma 2.1.0](https://github.com/kumahq/kuma/releases/tag/2.1.0) - Added the ability to specify list of users that have admin rights by default. - Limited the number of OPA policies you can configure to one because of [OPA limitations](https://github.com/open-policy-agent/opa/issues/5595). +### Includes [kumahq/kuma@2.1.0](https://github.com/kumahq/kuma/releases/tag/2.1.0) changelog + +* chore(deps): bump alpine from 3.16.2 to 3.17.0 [#5308](https://github.com/kumahq/kuma/pull/5308) [#5375](https://github.com/kumahq/kuma/pull/5375) @dependabot +* chore(deps): bump github.com/Masterminds/semver/v3 from 3.1.1 to 3.2.0 [#5377](https://github.com/kumahq/kuma/pull/5377) @dependabot +* chore(deps): bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 [#5457](https://github.com/kumahq/kuma/pull/5457) @dependabot +* chore(deps): bump github.com/containerd/containerd from 1.6.8 to 1.6.12 [#5600](https://github.com/kumahq/kuma/pull/5600) @dependabot +* chore(deps): bump github.com/containernetworking/plugins from 1.1.1 to 1.2.0 [#5733](https://github.com/kumahq/kuma/pull/5733) @dependabot +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.13 to 0.9.1 [#5277](https://github.com/kumahq/kuma/pull/5277) [#5311](https://github.com/kumahq/kuma/pull/5311) [#5460](https://github.com/kumahq/kuma/pull/5460) @dependabot +* chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.4.3 [#5428](https://github.com/kumahq/kuma/pull/5428) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.40.24 to 0.41.8 [#5310](https://github.com/kumahq/kuma/pull/5310) [#5354](https://github.com/kumahq/kuma/pull/5354) [#5426](https://github.com/kumahq/kuma/pull/5426) [#5542](https://github.com/kumahq/kuma/pull/5542) [#5688](https://github.com/kumahq/kuma/pull/5688) @dependabot,@lahabana +* chore(deps): bump github.com/kumahq/kuma-net from 0.8.7 to 0.8.10 [#5298](https://github.com/kumahq/kuma/pull/5298) [#5513](https://github.com/kumahq/kuma/pull/5513) @lukidzi +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.4.0 to 2.7.0 [#5319](https://github.com/kumahq/kuma/pull/5319) [#5351](https://github.com/kumahq/kuma/pull/5351) [#5687](https://github.com/kumahq/kuma/pull/5687) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.23.0 to 1.25.0 [#5275](https://github.com/kumahq/kuma/pull/5275) [#5313](https://github.com/kumahq/kuma/pull/5313) [#5539](https://github.com/kumahq/kuma/pull/5539) [#5789](https://github.com/kumahq/kuma/pull/5789) @dependabot +* chore(deps): bump github.com/prometheus/client_golang from 1.13.0 to 1.14.0 [#5274](https://github.com/kumahq/kuma/pull/5274) [#5323](https://github.com/kumahq/kuma/pull/5323) @dependabot +* chore(deps): bump github.com/prometheus/common from 0.37.0 to 0.39.0 [#5483](https://github.com/kumahq/kuma/pull/5483) [#5523](https://github.com/kumahq/kuma/pull/5523) @dependabot +* chore(deps): bump github.com/prometheus/prometheus from 0.39.1 to 0.41.0 [#5320](https://github.com/kumahq/kuma/pull/5320) [#5353](https://github.com/kumahq/kuma/pull/5353) [#5376](https://github.com/kumahq/kuma/pull/5376) [#5456](https://github.com/kumahq/kuma/pull/5456) [#5526](https://github.com/kumahq/kuma/pull/5526) [#5546](https://github.com/kumahq/kuma/pull/5546) @dependabot +* chore(deps): bump github.com/sethvargo/go-retry from 0.2.3 to 0.2.4 [#5524](https://github.com/kumahq/kuma/pull/5524) @dependabot +* chore(deps): bump github.com/shopspring/decimal from 1.2.0 to 1.3.1 [#5790](https://github.com/kumahq/kuma/pull/5790) @dependabot +* chore(deps): bump github.com/spf13/viper from 1.13.0 to 1.15.0 [#5273](https://github.com/kumahq/kuma/pull/5273) [#5788](https://github.com/kumahq/kuma/pull/5788) @dependabot +* chore(deps): bump go.uber.org/multierr from 1.8.0 to 1.9.0 [#5525](https://github.com/kumahq/kuma/pull/5525) @dependabot +* chore(deps): bump go.uber.org/zap from 1.23.0 to 1.24.0 [#5427](https://github.com/kumahq/kuma/pull/5427) @dependabot +* chore(deps): bump golang.org/x/net from 0.1.0 to 0.5.0 [#5315](https://github.com/kumahq/kuma/pull/5315) [#5459](https://github.com/kumahq/kuma/pull/5459) [#5623](https://github.com/kumahq/kuma/pull/5623) @dependabot +* chore(deps): bump golang.org/x/sys from 0.1.0 to 0.4.0 [#5312](https://github.com/kumahq/kuma/pull/5312) [#5430](https://github.com/kumahq/kuma/pull/5430) [#5621](https://github.com/kumahq/kuma/pull/5621) @dependabot +* chore(deps): bump golang.org/x/text from 0.4.0 to 0.6.0 [#5458](https://github.com/kumahq/kuma/pull/5458) [#5624](https://github.com/kumahq/kuma/pull/5624) @dependabot +* chore(deps): bump golang.org/x/time from 0.1.0 to 0.3.0 [#5325](https://github.com/kumahq/kuma/pull/5325) [#5429](https://github.com/kumahq/kuma/pull/5429) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.50.1 to 1.52.0 [#5352](https://github.com/kumahq/kuma/pull/5352) [#5686](https://github.com/kumahq/kuma/pull/5686) @dependabot +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.11.0 [#5592](https://github.com/kumahq/kuma/pull/5592) [#5791](https://github.com/kumahq/kuma/pull/5791) @dependabot +* chore(deps): bump istio.io/pkg from v0.0.0-20201202160453-b7f8c8c88ca3 to v0.0.0-20221115183735-2aabb09bf0bb [#5330](https://github.com/kumahq/kuma/pull/5330) @mmorel-35 +* chore(deps): bump k8s.io/apiextensions-apiserver from 0.25.3 to 0.25.4 [#5328](https://github.com/kumahq/kuma/pull/5328) @mmorel-35 +* chore(deps): bump k8s.io/client-go from 0.25.3 to 0.25.4 [#5316](https://github.com/kumahq/kuma/pull/5316) @dependabot +* chore(deps): bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 [#5812](https://github.com/kumahq/kuma/pull/5812) @dependabot +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.13.0 to 0.13.1 [#5276](https://github.com/kumahq/kuma/pull/5276) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.10.0 to 0.11.1, [#5541](https://github.com/kumahq/kuma/pull/5541) @dependabot +* chore(deps): bump tibdex/github-app-token from 1.6.0 to 1.8.0 [#5434](https://github.com/kumahq/kuma/pull/5434) [#5879](https://github.com/kumahq/kuma/pull/5879) @dependabot +* chore(deps): install dev tools and split if more repos [#5528](https://github.com/kumahq/kuma/pull/5528) @lukidzi +* chore(deps): security update [#5761](https://github.com/kumahq/kuma/pull/5761) @kumahq +* chore(deps): update coreDNS to 1.10.0 [#5626](https://github.com/kumahq/kuma/pull/5626) @lahabana +* chore(deps): update to emicklei/go-restful/v3 v3.10.1 and remove `/tokens` [#5324](https://github.com/kumahq/kuma/pull/5324) @dependabot +* chore(deps): upgrade k3d [#5518](https://github.com/kumahq/kuma/pull/5518) @lukidzi +* chore(deps): use latest kumahq/kuma-gui [#5265](https://github.com/kumahq/kuma/pull/5265) [#5272](https://github.com/kumahq/kuma/pull/5272) [#5281](https://github.com/kumahq/kuma/pull/5281) [#5307](https://github.com/kumahq/kuma/pull/5307) [#5321](https://github.com/kumahq/kuma/pull/5321) [#5332](https://github.com/kumahq/kuma/pull/5332) [#5346](https://github.com/kumahq/kuma/pull/5346) [#5371](https://github.com/kumahq/kuma/pull/5371) [#5388](https://github.com/kumahq/kuma/pull/5388) [#5405](https://github.com/kumahq/kuma/pull/5405) [#5484](https://github.com/kumahq/kuma/pull/5484) [#5486](https://github.com/kumahq/kuma/pull/5486) [#5509](https://github.com/kumahq/kuma/pull/5509) [#5572](https://github.com/kumahq/kuma/pull/5572) [#5589](https://github.com/kumahq/kuma/pull/5589) [#5619](https://github.com/kumahq/kuma/pull/5619) [#5628](https://github.com/kumahq/kuma/pull/5628) [#5675](https://github.com/kumahq/kuma/pull/5675) [#5685](https://github.com/kumahq/kuma/pull/5685) [#5700](https://github.com/kumahq/kuma/pull/5700) [#5724](https://github.com/kumahq/kuma/pull/5724) [#5732](https://github.com/kumahq/kuma/pull/5732) [#5737](https://github.com/kumahq/kuma/pull/5737) [#5772](https://github.com/kumahq/kuma/pull/5772) [#5800](https://github.com/kumahq/kuma/pull/5800) [#5805](https://github.com/kumahq/kuma/pull/5805) [#5823](https://github.com/kumahq/kuma/pull/5823) [#5826](https://github.com/kumahq/kuma/pull/5826) [#5843](https://github.com/kumahq/kuma/pull/5843) [#5851](https://github.com/kumahq/kuma/pull/5851) [#5863](https://github.com/kumahq/kuma/pull/5863) [#5866](https://github.com/kumahq/kuma/pull/5866) [#5883](https://github.com/kumahq/kuma/pull/5883) @kumahq +* chore(deps): use sigs.k8s.io/yaml [#5215](https://github.com/kumahq/kuma/pull/5215) @mmorel-35 +* feat(MeshAccessLog): add OmitEmptyValues to MeshAccessLog format [#5302](https://github.com/kumahq/kuma/pull/5302) @mmorel-35 +* feat(MeshGatewayInstance): respect `kuma.io/mesh` label [#5256](https://github.com/kumahq/kuma/pull/5256) @michaelbeaumont +* feat(MeshGatewayRoute): response header filter [#5334](https://github.com/kumahq/kuma/pull/5334) @michaelbeaumont +* feat(api-server): ability to set rootUrl for GUI and API [#5295](https://github.com/kumahq/kuma/pull/5295) @lahabana +* feat(api-server): add name search to dataplane overview [#5340](https://github.com/kumahq/kuma/pull/5340) @lahabana +* feat(api-server): contain matches on name and tags [#5606](https://github.com/kumahq/kuma/pull/5606) @lahabana +* feat(build): consistent docker images [#5343](https://github.com/kumahq/kuma/pull/5343) @slonka +* feat(build): idempotent build [#5291](https://github.com/kumahq/kuma/pull/5291) [#5358](https://github.com/kumahq/kuma/pull/5358) [#5403](https://github.com/kumahq/kuma/pull/5403) [#5404](https://github.com/kumahq/kuma/pull/5404) [#5407](https://github.com/kumahq/kuma/pull/5407) [#5440](https://github.com/kumahq/kuma/pull/5440) @slonka +* feat(gateway): add support for match header PRESENT and ABSENT [#5739](https://github.com/kumahq/kuma/pull/5739) @lahabana +* feat(gui): serve index from all paths without extension [#5357](https://github.com/kumahq/kuma/pull/5357) @lahabana +* feat(helm): add tolerations to Helm chart [#5549](https://github.com/kumahq/kuma/pull/5549) @KrustyHack +* feat(helm): allow injecting env from parent projects [#5677](https://github.com/kumahq/kuma/pull/5677) @slonka +* feat(helm): use object instead of list for plugins.policies [#5735](https://github.com/kumahq/kuma/pull/5735) @michaelbeaumont +* feat(kuma-cp): add possibility to run diagnostics on TLS [#5344](https://github.com/kumahq/kuma/pull/5344) @mmorel-35 +* feat(kuma-cp): added configuration of plugins and its order [#5472](https://github.com/kumahq/kuma/pull/5472) @lukidzi +* feat(kuma-cp): intOrString as decimal in the API [#5768](https://github.com/kumahq/kuma/pull/5768) @jakubdyszkiewicz +* feat(kuma-cp): intercp communication protocol [#5445](https://github.com/kumahq/kuma/pull/5445) [#5492](https://github.com/kumahq/kuma/pull/5492) @jakubdyszkiewicz +* feat(kuma-cp): recover from watchdog panics [#5581](https://github.com/kumahq/kuma/pull/5581) @jakubdyszkiewicz +* feat(kuma-cp): remove value of secret when logging Secret Resources [#5384](https://github.com/kumahq/kuma/pull/5384) @Automaat +* feat(kumactl): added option to install transparent proxy with docker [#5284](https://github.com/kumahq/kuma/pull/5284) @lukidzi +* feat(policy): allow merging by a complex key [#5650](https://github.com/kumahq/kuma/pull/5650) @michaelbeaumont +* feat(policy): append policy slices [#5515](https://github.com/kumahq/kuma/pull/5515) @jakubdyszkiewicz +* feat(policy): don't use protobuf for DataSource in policies [#5668](https://github.com/kumahq/kuma/pull/5668) [#5756](https://github.com/kumahq/kuma/pull/5756) @Automaat +* feat(policy): implement MeshCircuitBreaker policy [#5454](https://github.com/kumahq/kuma/pull/5454) [#5493](https://github.com/kumahq/kuma/pull/5493) [#5651](https://github.com/kumahq/kuma/pull/5651) @bartsmykla,@lobkovilya +* feat(policy): implement MeshFaultInjection policy [#5723](https://github.com/kumahq/kuma/pull/5723) [#5773](https://github.com/kumahq/kuma/pull/5773) @lukidzi +* feat(policy): implement MeshHTTPRoute policy [#5530](https://github.com/kumahq/kuma/pull/5530) [#5625](https://github.com/kumahq/kuma/pull/5625) [#5653](https://github.com/kumahq/kuma/pull/5653) [#5746](https://github.com/kumahq/kuma/pull/5746) @michaelbeaumont,@slonka +* feat(policy): implement MeshHealthCheck policy [#5369](https://github.com/kumahq/kuma/pull/5369) [#5415](https://github.com/kumahq/kuma/pull/5415) [#5503](https://github.com/kumahq/kuma/pull/5503) [#5654](https://github.com/kumahq/kuma/pull/5654) [#5713](https://github.com/kumahq/kuma/pull/5713) [#5722](https://github.com/kumahq/kuma/pull/5722) @lahabana,@lobkovilya,@michaelbeaumont,@slonka +* feat(policy): implement MeshProxyPatch policy [#5578](https://github.com/kumahq/kuma/pull/5578) [#5604](https://github.com/kumahq/kuma/pull/5604) @jakubdyszkiewicz +* feat(policy): implement MeshRateLimit policy [#5362](https://github.com/kumahq/kuma/pull/5362) [#5463](https://github.com/kumahq/kuma/pull/5463) [#5710](https://github.com/kumahq/kuma/pull/5710) [#5742](https://github.com/kumahq/kuma/pull/5742) @lobkovilya,@lukidzi +* feat(policy): implement MeshRetry policy [#5478](https://github.com/kumahq/kuma/pull/5478) [#5522](https://github.com/kumahq/kuma/pull/5522) [#5583](https://github.com/kumahq/kuma/pull/5583) [#5749](https://github.com/kumahq/kuma/pull/5749) [#5808](https://github.com/kumahq/kuma/pull/5808) @lobkovilya,@slonka +* feat(policy): implement MeshTimeout policy [#5294](https://github.com/kumahq/kuma/pull/5294) [#5364](https://github.com/kumahq/kuma/pull/5364) [#5568](https://github.com/kumahq/kuma/pull/5568) @Automaat,@michaelbeaumont +* feat(policy): improve rules api [#5785](https://github.com/kumahq/kuma/pull/5785) @lahabana +* feat(policy): validate schema only during the user's input unmarshal [#5566](https://github.com/kumahq/kuma/pull/5566) @lobkovilya +* feat(security): add dependabot security updates to release branches [#5731](https://github.com/kumahq/kuma/pull/5731) [#5734](https://github.com/kumahq/kuma/pull/5734) [#5758](https://github.com/kumahq/kuma/pull/5758) [#5767](https://github.com/kumahq/kuma/pull/5767) [#5778](https://github.com/kumahq/kuma/pull/5778) [#5783](https://github.com/kumahq/kuma/pull/5783) @slonka +* fix(MeshAccessLog): update API to align with the memo [#5580](https://github.com/kumahq/kuma/pull/5580) @lobkovilya +* fix(MeshGateway): properly apply Service template annotations to existing Service [#5674](https://github.com/kumahq/kuma/pull/5674) @michaelbeaumont +* fix(MeshTrace): adjust MeshTrace to follow the memo [#5743](https://github.com/kumahq/kuma/pull/5743) @lobkovilya +* fix(api-server): fix tags filter value with `:` [#5339](https://github.com/kumahq/kuma/pull/5339) @lahabana +* fix(api-server): remove spec from inspect policy output [#5491](https://github.com/kumahq/kuma/pull/5491) @lahabana +* fix(api-server): return 400 on invalid resource name [#5719](https://github.com/kumahq/kuma/pull/5719) @lahabana +* fix(gateway): be more lenient with prefix paths trailing slashes [#5299](https://github.com/kumahq/kuma/pull/5299) @michaelbeaumont +* fix(gui): add version and basedOnKuma to index.html [#5448](https://github.com/kumahq/kuma/pull/5448) @lahabana +* fix(kuma-cp): add option to disable `sslsni` in universal [#5318](https://github.com/kumahq/kuma/pull/5318) @michaelbeaumont +* fix(kuma-cp): allow to set policies order from others projects [#5535](https://github.com/kumahq/kuma/pull/5535) @lukidzi +* fix(kuma-cp): change way of setting if resource is read only [#5345](https://github.com/kumahq/kuma/pull/5345) @lukidzi +* fix(kuma-cp): concurrent mesh cache map write [#5282](https://github.com/kumahq/kuma/pull/5282) @michaelbeaumont +* fix(kuma-cp): don't cache filtered data [#5574](https://github.com/kumahq/kuma/pull/5574) @lukidzi +* fix(kuma-cp): filtering of name prefix on K8S [#5517](https://github.com/kumahq/kuma/pull/5517) @jakubdyszkiewicz +* fix(kuma-cp): fix appending of pointer to slice in policies config [#5784](https://github.com/kumahq/kuma/pull/5784) @Automaat +* fix(kuma-cp): fix kafka_type tag creation regex [#5507](https://github.com/kumahq/kuma/pull/5507) @Automaat +* fix(kuma-cp): fixed error when logging ExternalServiceResourceList and MeshResourceList [#5423](https://github.com/kumahq/kuma/pull/5423) @Automaat +* fix(kuma-cp): forward envoy admin operations to proper instance [#5466](https://github.com/kumahq/kuma/pull/5466) @jakubdyszkiewicz +* fix(kuma-cp): increase kuma-init memory limit when using ebpf [#5579](https://github.com/kumahq/kuma/pull/5579) @lukidzi +* fix(kuma-cp): kds deadlock [#5373](https://github.com/kumahq/kuma/pull/5373) @jakubdyszkiewicz +* fix(kuma-cp): make validate list aware of the mesh [#5280](https://github.com/kumahq/kuma/pull/5280) @slonka +* fix(kuma-cp): memory store keeps children after owner update [#5372](https://github.com/kumahq/kuma/pull/5372) @jakubdyszkiewicz +* fix(kuma-cp): only put policies in MeshInsight [#5577](https://github.com/kumahq/kuma/pull/5577) @lahabana +* fix(kuma-cp): retrieve name from owner not parsing pod name for Deployments/CronJob [#5569](https://github.com/kumahq/kuma/pull/5569) @lukidzi +* fix(kuma-cp): use sni to verify upstream certificate san when specified instead of address [#5347](https://github.com/kumahq/kuma/pull/5347) @jamesdbloom +* fix(kuma-cp): warn when using deprecated token id [#5520](https://github.com/kumahq/kuma/pull/5520) @lahabana +* fix(kuma-dp): allow to configure address of application to scrape [#5326](https://github.com/kumahq/kuma/pull/5326) @lukidzi +* fix(kuma-dp): tolerate endline in token file [#5591](https://github.com/kumahq/kuma/pull/5591) @lahabana +* fix(kumactl): remove PodSecurityPolicy from install observability [#5382](https://github.com/kumahq/kuma/pull/5382) @michaelbeaumont +* fix(kumactl): set klog to avoid logs from k8s [#5590](https://github.com/kumahq/kuma/pull/5590) @lahabana +* fix(kumactl): use the same client in `kumactl apply` [#5327](https://github.com/kumahq/kuma/pull/5327) @lahabana +* fix(policy): change percentage field from int to intOrString [#5810](https://github.com/kumahq/kuma/pull/5810) @lukidzi +* fix(policy): fix schema.yaml to have correct metadata [#5349](https://github.com/kumahq/kuma/pull/5349) @lahabana +* fix(policy): make targetRef required [#5593](https://github.com/kumahq/kuma/pull/5593) @AyushSenapati +* fix(policy): remove superfluous var usage [#5627](https://github.com/kumahq/kuma/pull/5627) @AyushSenapati +* fix(policy): use GatewayAPI style header modifier in all policies [#5757](https://github.com/kumahq/kuma/pull/5757) @lahabana +* fix(policy): use PascalCase for all constants [#5747](https://github.com/kumahq/kuma/pull/5747) @lahabana +* fix(universal): don't set sslsni option if not disabled (backport #5419) [#5439](https://github.com/kumahq/kuma/pull/5439) @mergify +* fix(xds): don't read metadata in ProxyBuilders [#5414](https://github.com/kumahq/kuma/pull/5414) @lahabana +* fix(xds): sort resources when building MeshContext [#5391](https://github.com/kumahq/kuma/pull/5391) @lobkovilya ## 2.0.2 -> Released on 2023/01/13 +> Released on 2023/02/15 Built on top of [Kuma 2.0.2](https://github.com/kumahq/kuma/releases/tag/2.0.2) @@ -1008,44 +2968,170 @@ Built on top of [Kuma 2.0.2](https://github.com/kumahq/kuma/releases/tag/2.0.2) - Fixed data caching. This bug might have caused certificates to regenerate. - Upgraded CoreDNS. +### Includes [kumahq/kuma@2.0.2](https://github.com/kumahq/kuma/releases/tag/2.0.2) changelog -## 1.9.3 -> Released on 2023/01/13 +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 [#5597](https://github.com/kumahq/kuma/pull/5597) @mergify +* chore(deps): update coreDNS to 1.10.0 (backport #5626) [#5655](https://github.com/kumahq/kuma/pull/5655) @mergify +* chore: remove Apache license header from generated files (backport #5565) [#5616](https://github.com/kumahq/kuma/pull/5616) @mergify +* chore: upgrade golang to 1.18.9 (backport #5607) [#5609](https://github.com/kumahq/kuma/pull/5609) @mergify +* fix(kuma-cp): don't cache filtered data (backport #5574) [#5632](https://github.com/kumahq/kuma/pull/5632) @mergify -Built on top of [Kuma 1.8.3](https://github.com/kumahq/kuma/releases/tag/1.8.3) +## 2.0.1 +> Released on 2023/02/15 -- Upgraded the Helm library version. -- Upgraded the Go version to 1.18.9. -- Fixed data caching. This bug might have caused certificates to regenerate. -- Upgraded CoreDNS. +Built on top of [Kuma 2.0.1](https://github.com/kumahq/kuma/releases/tag/2.0.1) +- Fixed potential logging of secrets in kuma-cp. +- Fixed KDS instability. +- Fixed unnecessary CDS updates. +- Fixed a bug where the OPA Agent stops returning valid decisions after KM CP crashes. -## 1.8.5 -> Released on 2023/01/13 +### Includes [kumahq/kuma@2.0.1](https://github.com/kumahq/kuma/releases/tag/2.0.1) changelog -Built on top of [Kuma 1.7.4](https://github.com/kumahq/kuma/releases/tag/1.7.4) +* chore: back-ports api base path fix [#5341](https://github.com/kumahq/kuma/pull/5341) @kleinfreund +* feat(kuma-cp): remove value of secret when logging Secret Resources (backport #5384) [#5392](https://github.com/kumahq/kuma/pull/5392) @mergify +* fix(kuma-cp): add option to disable `sslsni` in universal (backport #5318) [#5322](https://github.com/kumahq/kuma/pull/5322) @mergify +* fix(kuma-cp): change way of setting if resource is read only (backport #5345) [#5348](https://github.com/kumahq/kuma/pull/5348) @mergify +* fix(kuma-cp): kds deadlock (backport #5373) [#5397](https://github.com/kumahq/kuma/pull/5397) @mergify +* fix(kuma-cp): use sni to verify upstream certificate san when specified along with address (backport #5347) [#5378](https://github.com/kumahq/kuma/pull/5378) @mergify +* fix(xds): don't read metadata in ProxyBuilders (backport #5414) [#5416](https://github.com/kumahq/kuma/pull/5416) @mergify +* fix: sort resources when building MeshContext (backport #5391) [#5409](https://github.com/kumahq/kuma/pull/5409) @mergify -- Upgraded the Helm library version. -- Upgraded the Go version to 1.18.9. -- Fixed data caching. This bug might have caused certificates to regenerate. -- Upgraded CoreDNS. +## 2.0.0 +> Released on 2023/02/15 +Built on top of [Kuma 2.0.0](https://github.com/kumahq/kuma/releases/tag/2.0.0) -## 1.7.6 -> Released on 2023/01/13 +### Amazon ECS -Built on top of [Kuma 1.6.4](https://github.com/kumahq/kuma/releases/tag/1.6.4) +You can now configure the sidecar to authenticate using the IAM role of the ECS task it's running as instead of using a data plane token. +The control plane interprets the tags on the role similar to how it interprets the data plane token. +This simplifies the deployment and management of Kong Mesh on ECS. -- Upgraded the Helm library version. -- Upgraded the Go version to 1.18.9. -- Fixed data caching. This bug might have caused certificates to regenerate. -- Upgraded CoreDNS. +For more information, see [Kong Mesh on Amazon ECS](/mesh/latest/installation/ecs/). +### Includes [kumahq/kuma@2.0.0](https://github.com/kumahq/kuma/releases/tag/2.0.0) changelog +* chore(.github): remove old release workflow [#4836](https://github.com/kumahq/kuma/pull/4836) @lobkovilya +* chore(api): remove DENY_WITH_SHADOW_ALLOW [#5220](https://github.com/kumahq/kuma/pull/5220) @lobkovilya +* chore(api): remove unused method and types [#5148](https://github.com/kumahq/kuma/pull/5148) @lobkovilya +* chore(api): remove unused timestamp.proto import [#4906](https://github.com/kumahq/kuma/pull/4906) @michaelbeaumont +* chore(api): skip Compute when building inbound access logs [#5181](https://github.com/kumahq/kuma/pull/5181) @jakubdyszkiewicz +* chore(bootstrap): improve validator policy bootstrap [#5014](https://github.com/kumahq/kuma/pull/5014) @lahabana +* chore(deps): bump actions/setup-go from 2 to 3 [#5024](https://github.com/kumahq/kuma/pull/5024) @dependabot +* chore(deps): bump cirello.io/pglock from 1.9.0 to 1.10.0 [#5239](https://github.com/kumahq/kuma/pull/5239) @dependabot +* chore(deps): bump github.com/Masterminds/sprig to 3.2.2 [#5190](https://github.com/kumahq/kuma/pull/5190) @mmorel-35 +* chore(deps): bump github.com/envoyproxy/protoc-gen-validate from 0.6.7 to 0.6.13 [#5023](https://github.com/kumahq/kuma/pull/5023) [#5067](https://github.com/kumahq/kuma/pull/5067) [#5131](https://github.com/kumahq/kuma/pull/5131) @dependabot +* chore(deps): bump github.com/google/go-cmp from 0.5.8 to 0.5.9 [#4996](https://github.com/kumahq/kuma/pull/4996) @dependabot +* chore(deps): bump github.com/gruntwork-io/terratest from 0.40.20 to 0.40.24 [#4969](https://github.com/kumahq/kuma/pull/4969) [#4993](https://github.com/kumahq/kuma/pull/4993) [#5162](https://github.com/kumahq/kuma/pull/5162) @dependabot +* chore(deps): bump github.com/kumahq/kuma-net from 0.8.1 to 0.8.2 [#5188](https://github.com/kumahq/kuma/pull/5188) @dependabot +* chore(deps): bump github.com/lib/pq from 1.10.6 to 1.10.7 [#4995](https://github.com/kumahq/kuma/pull/4995) @dependabot +* chore(deps): bump github.com/onsi/ginkgo/v2 from 2.1.4 to 2.4.0 [#4939](https://github.com/kumahq/kuma/pull/4939) [#4949](https://github.com/kumahq/kuma/pull/4949) [#5021](https://github.com/kumahq/kuma/pull/5021) [#5145](https://github.com/kumahq/kuma/pull/5145) [#5204](https://github.com/kumahq/kuma/pull/5204) @dependabot +* chore(deps): bump github.com/onsi/gomega from 1.20.0 to 1.23.0 [#4933](https://github.com/kumahq/kuma/pull/4933) [#4970](https://github.com/kumahq/kuma/pull/4970) [#5133](https://github.com/kumahq/kuma/pull/5133) [#5146](https://github.com/kumahq/kuma/pull/5146) [#5240](https://github.com/kumahq/kuma/pull/5240) @dependabot +* chore(deps): bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 [#5203](https://github.com/kumahq/kuma/pull/5203) @dependabot +* chore(deps): bump github.com/prometheus/prometheus from 0.37.0 to 0.39.1 [#4887](https://github.com/kumahq/kuma/pull/4887) [#5134](https://github.com/kumahq/kuma/pull/5134) @dependabot +* chore(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.1 [#5155](https://github.com/kumahq/kuma/pull/5155) [#5241](https://github.com/kumahq/kuma/pull/5241) @dependabot +* chore(deps): bump github.com/spf13/viper from 1.12.0 to 1.13.0 [#4994](https://github.com/kumahq/kuma/pull/4994) @dependabot +* chore(deps): bump github.com/testcontainers/testcontainers-go from 0.13.0 to 0.15.0 [#5020](https://github.com/kumahq/kuma/pull/5020) [#5205](https://github.com/kumahq/kuma/pull/5205) @dependabot +* chore(deps): bump go.uber.org/zap from 1.22.0 to 1.23.0 [#4930](https://github.com/kumahq/kuma/pull/4930) @dependabot +* chore(deps): bump golang.org/x/text from 0.3.7 to 0.4.0 [#5147](https://github.com/kumahq/kuma/pull/5147) [#5163](https://github.com/kumahq/kuma/pull/5163) @dependabot +* chore(deps): bump google.golang.org/grpc from 1.48.0 to 1.50.1 [#4927](https://github.com/kumahq/kuma/pull/4927) [#5132](https://github.com/kumahq/kuma/pull/5132) [#5156](https://github.com/kumahq/kuma/pull/5156) @dependabot +* chore(deps): bump k8s.io dependencies from 0.24.3 to 0.25.3 [#4934](https://github.com/kumahq/kuma/pull/4934) [#5026](https://github.com/kumahq/kuma/pull/5026) [#5153](https://github.com/kumahq/kuma/pull/5153) @michaelbeaumont +* chore(deps): bump k8s.io/client-go from 0.25.1 to 0.25.2 [#5062](https://github.com/kumahq/kuma/pull/5062) @dependabot +* chore(deps): bump kumahq/kuma-gui to f3dba73d4c264b094b6b351a8b44f2d5a0dc4ecb [#4842](https://github.com/kumahq/kuma/pull/4842) [#4925](https://github.com/kumahq/kuma/pull/4925) [#5092](https://github.com/kumahq/kuma/pull/5092) [#5106](https://github.com/kumahq/kuma/pull/5106) [#5109](https://github.com/kumahq/kuma/pull/5109) [#5139](https://github.com/kumahq/kuma/pull/5139) [#5141](https://github.com/kumahq/kuma/pull/5141) [#5167](https://github.com/kumahq/kuma/pull/5167) [#5179](https://github.com/kumahq/kuma/pull/5179) [#5197](https://github.com/kumahq/kuma/pull/5197) [#5214](https://github.com/kumahq/kuma/pull/5214) [#5232](https://github.com/kumahq/kuma/pull/5232) [#5234](https://github.com/kumahq/kuma/pull/5234) [#5248](https://github.com/kumahq/kuma/pull/5248) [#5251](https://github.com/kumahq/kuma/pull/5251) @kleinfreund,@kumahq +* chore(deps): bump sigs.k8s.io/controller-runtime from 0.12.3 to 0.13.0 [#4968](https://github.com/kumahq/kuma/pull/4968) @dependabot +* chore(deps): bump sigs.k8s.io/controller-tools from 0.9.2 to 0.10.0 [#5059](https://github.com/kumahq/kuma/pull/5059) @dependabot +* chore(deps): update kuma-grafana-datasource [#4856](https://github.com/kumahq/kuma/pull/4856) @bartsmykla +* chore(gateway): remove invalid options for MeshGatewayRoute [#4890](https://github.com/kumahq/kuma/pull/4890) @michaelbeaumont +* chore(gui): removes update/gui command [#4954](https://github.com/kumahq/kuma/pull/4954) @kleinfreund +* chore(helm): remove unused `critical-pod` annotation [#4952](https://github.com/kumahq/kuma/pull/4952) @michaelbeaumont +* chore(helm): switch merbridge image registry to upstream [#4838](https://github.com/kumahq/kuma/pull/4838) @bartsmykla +* chore(kuma-cp): adjust timeout in cp probes [#4983](https://github.com/kumahq/kuma/pull/4983) @jakubdyszkiewicz +* chore(kuma-cp): config cleanup [#4855](https://github.com/kumahq/kuma/pull/4855) @jakubdyszkiewicz +* chore(kuma-cp): improve logging in K8S controllers [#4982](https://github.com/kumahq/kuma/pull/4982) @jakubdyszkiewicz +* chore(kuma-cp): improve test xds client [#4976](https://github.com/kumahq/kuma/pull/4976) @jakubdyszkiewicz +* chore(kuma-cp): remove disabling metrics from kuma-cp.defaults [#4894](https://github.com/kumahq/kuma/pull/4894) @lahabana +* chore(kuma-cp): resource manager wrapper [#5057](https://github.com/kumahq/kuma/pull/5057) @jakubdyszkiewicz +* chore(kuma-init): use iptables-legacy in kuma-init [#5040](https://github.com/kumahq/kuma/pull/5040) @bartsmykla +* chore(pkg/gc): don't rely on core.Now var for time [#4918](https://github.com/kumahq/kuma/pull/4918) @lahabana +* chore(plugins): remove some unecessary interfaces and methods [#4997](https://github.com/kumahq/kuma/pull/4997) @lahabana +* chore(proto): remove protos for new policies [#5218](https://github.com/kumahq/kuma/pull/5218) @lobkovilya +* chore(test): added resource builder [#5123](https://github.com/kumahq/kuma/pull/5123) [#5195](https://github.com/kumahq/kuma/pull/5195) @jakubdyszkiewicz +* chore(test): added support for GRPC to test-server [#4904](https://github.com/kumahq/kuma/pull/4904) @lobkovilya +* chore(test): make unit test compatible with IPV6 host [#5198](https://github.com/kumahq/kuma/pull/5198) @jakubdyszkiewicz +* chore(xds): drop deprecated envoy.config.route.v3.HeaderMatcher.exact_match [#4953](https://github.com/kumahq/kuma/pull/4953) @michaelbeaumont +* docs(MADR): new tracing policy proposal [#4938](https://github.com/kumahq/kuma/pull/4938) @michaelbeaumont +* docs(MADR): update MADR 007 [#5129](https://github.com/kumahq/kuma/pull/5129) @lobkovilya +* docs(gateway): explain the semantics of a PREFIX match [#5013](https://github.com/kumahq/kuma/pull/5013) @michaelbeaumont +* docs(gateway): explain the semantics of a prefix rewrite to / [#5016](https://github.com/kumahq/kuma/pull/5016) @michaelbeaumont +* docs(proto): fixed default serviceAddress and upgrade docs [#5236](https://github.com/kumahq/kuma/pull/5236) @lukidzi +* docs(proto): rewrite dataplane proto docs [#5219](https://github.com/kumahq/kuma/pull/5219) @jakubdyszkiewicz +* feat(ebpf): CNI uses libbpf CO:RE [#5233](https://github.com/kumahq/kuma/pull/5233) @lukidzi +* feat(ebpf): refactor merbridge using libbpf with CO:RE [#5034](https://github.com/kumahq/kuma/pull/5034) @bartsmykla +* feat(ebpf): transparent proxy with eBPF in init containers [#4919](https://github.com/kumahq/kuma/pull/4919) [#5046](https://github.com/kumahq/kuma/pull/5046) [#5066](https://github.com/kumahq/kuma/pull/5066) [#5095](https://github.com/kumahq/kuma/pull/5095) @bartsmykla +* feat(gateway): add MeshGateway support to MeshAccessLog [#5101](https://github.com/kumahq/kuma/pull/5101) @michaelbeaumont +* feat(gateway): add `crossMesh` to `MeshGatewayConfig` [#5183](https://github.com/kumahq/kuma/pull/5183) @michaelbeaumont +* feat(gateway): add service-upstream annotation for delegated nginx [#4913](https://github.com/kumahq/kuma/pull/4913) @michaelbeaumont +* feat(gateway): install `kuma` `GatewayClass` if gateway API CRDs present [#5001](https://github.com/kumahq/kuma/pull/5001) @michaelbeaumont +* feat(gateway): match new policies to MeshGateways [#5110](https://github.com/kumahq/kuma/pull/5110) @michaelbeaumont +* feat(inspect): implement rule-based view for new policies [#5000](https://github.com/kumahq/kuma/pull/5000) [#5184](https://github.com/kumahq/kuma/pull/5184) [#5189](https://github.com/kumahq/kuma/pull/5189) [#5202](https://github.com/kumahq/kuma/pull/5202) @jakubdyszkiewicz,@lobkovilya +* feat(kuma-cp): add flag to disable taint controller [#4852](https://github.com/kumahq/kuma/pull/4852) @jakubdyszkiewicz +* feat(kuma-cp): add possibility to restrict TLS version and ciphers [#5186](https://github.com/kumahq/kuma/pull/5186) @lahabana +* feat(kuma-cp): add possibility to run MADS on TLS [#5210](https://github.com/kumahq/kuma/pull/5210) @lahabana +* feat(kuma-cp): add possibility to split datadog services based on traffic direction and destination [#5063](https://github.com/kumahq/kuma/pull/5063) @Automaat +* feat(kuma-cp): added validation for backend name [#5081](https://github.com/kumahq/kuma/pull/5081) @Automaat +* feat(kuma-cp): created default control plane user [#5064](https://github.com/kumahq/kuma/pull/5064) @jakubdyszkiewicz +* feat(kuma-cp): extensible token issuers [#5083](https://github.com/kumahq/kuma/pull/5083) @jakubdyszkiewicz +* feat(kuma-cp): move Mesh Cache to runtime [#5140](https://github.com/kumahq/kuma/pull/5140) @Automaat +* feat(kuma-cp): universal resources schema validation [#5107](https://github.com/kumahq/kuma/pull/5107) @slonka +* feat(kuma-cp): use zone token to auth zone ingress [#5103](https://github.com/kumahq/kuma/pull/5103) @jakubdyszkiewicz +* feat(kuma-dp): publish metrics with text_readouts from envoy [#5159](https://github.com/kumahq/kuma/pull/5159) @Automaat +* feat(kumactl): add option to install with experimental transparent proxy [#4958](https://github.com/kumahq/kuma/pull/4958) @michaelbeaumont +* feat(kumactl): use exclude ports for uids from kuma-net [#4975](https://github.com/kumahq/kuma/pull/4975) @slonka +* feat(policy): Add MeshAccessLog policy [#4908](https://github.com/kumahq/kuma/pull/4908) [#4998](https://github.com/kumahq/kuma/pull/4998) [#5035](https://github.com/kumahq/kuma/pull/5035) [#5168](https://github.com/kumahq/kuma/pull/5168) [#5177](https://github.com/kumahq/kuma/pull/5177) @michaelbeaumont,@slonka +* feat(policy): Add MeshTrace policy [#5069](https://github.com/kumahq/kuma/pull/5069) [#5085](https://github.com/kumahq/kuma/pull/5085) [#5243](https://github.com/kumahq/kuma/pull/5243) @michaelbeaumont,@slonka +* feat(policy): Add MeshTrafficPermission policy [#4835](https://github.com/kumahq/kuma/pull/4835) [#5009](https://github.com/kumahq/kuma/pull/5009) [#5075](https://github.com/kumahq/kuma/pull/5075) @lobkovilya +* feat(policy): add interfaces for policy plugins [#4909](https://github.com/kumahq/kuma/pull/4909) @lahabana +* feat(policy): reimplemented matching for new policies [#4780](https://github.com/kumahq/kuma/pull/4780) [#4950](https://github.com/kumahq/kuma/pull/4950) [#4957](https://github.com/kumahq/kuma/pull/4957) [#4977](https://github.com/kumahq/kuma/pull/4977) [#5068](https://github.com/kumahq/kuma/pull/5068) [#5084](https://github.com/kumahq/kuma/pull/5084) [#5166](https://github.com/kumahq/kuma/pull/5166) [#5172](https://github.com/kumahq/kuma/pull/5172) [#5174](https://github.com/kumahq/kuma/pull/5174) @lahabana,@lobkovilya +* feat(service-insights): add external service in api [#5119](https://github.com/kumahq/kuma/pull/5119) @lahabana +* fix(.github): links in PR template [#4905](https://github.com/kumahq/kuma/pull/4905) @michaelbeaumont +* fix(.github): use github app in pr-comment action [#5164](https://github.com/kumahq/kuma/pull/5164) @lahabana +* fix(api): nil dereference in MeshAccessLog configurer [#5258](https://github.com/kumahq/kuma/pull/5258) @lobkovilya +* fix(cni): add empty registry to experimental cni [#4847](https://github.com/kumahq/kuma/pull/4847) @slonka +* fix(cni): hook up log level to cni [#4849](https://github.com/kumahq/kuma/pull/4849) @slonka +* fix(cni): make cni logs available via kubectl logs [#4845](https://github.com/kumahq/kuma/pull/4845) @slonka +* fix(cni): retry loading images [#4860](https://github.com/kumahq/kuma/pull/4860) @slonka +* fix(docs): fixed location of developer tools in DEVELOPER.md docs [#4988](https://github.com/kumahq/kuma/pull/4988) @Automaat +* fix(gateway): add support for retryOn [#5091](https://github.com/kumahq/kuma/pull/5091) @lahabana +* fix(gateway): cross-mesh gateways with same service [#5247](https://github.com/kumahq/kuma/pull/5247) @michaelbeaumont +* fix(gateway): don't create invalid envoy config when routes and listeners don't match [#4837](https://github.com/kumahq/kuma/pull/4837) @michaelbeaumont +* fix(gateway): route URL prefix rewriting [#5006](https://github.com/kumahq/kuma/pull/5006) @michaelbeaumont +* fix(gateway): skip ExternalService if none match [#5207](https://github.com/kumahq/kuma/pull/5207) @michaelbeaumont +* fix(gateway): sort routes [#5007](https://github.com/kumahq/kuma/pull/5007) @michaelbeaumont +* fix(gatewayapi): don't NPE if the `GatewayClass` ref doesn't exist [#5187](https://github.com/kumahq/kuma/pull/5187) @michaelbeaumont +* fix(gatewayapi): reconcile Gateways and HTTPRoutes on ReferenceGrant changes [#4944](https://github.com/kumahq/kuma/pull/4944) @michaelbeaumont +* fix(gatewayapi): update gateway-api and fix failing RouteKind tests [#5175](https://github.com/kumahq/kuma/pull/5175) @michaelbeaumont +* fix(helm): customize location of kuma-init repository for ebpf cleanup [#5230](https://github.com/kumahq/kuma/pull/5230) @lukidzi +* fix(helm): use `podAnnotations` everywhere possible [#4991](https://github.com/kumahq/kuma/pull/4991) @lahabana +* fix(kuma-cp): collapsed grafana dashboards [#4839](https://github.com/kumahq/kuma/pull/4839) @jakubdyszkiewicz +* fix(kuma-cp): deep copy tags when gen. outbounds [#5070](https://github.com/kumahq/kuma/pull/5070) @bartsmykla +* fix(kuma-cp): disable statsForAllMethods in grpc stats [#5226](https://github.com/kumahq/kuma/pull/5226) @jakubdyszkiewicz +* fix(kuma-cp): do not override source address when TP is not enabled [#4951](https://github.com/kumahq/kuma/pull/4951) @lukidzi +* fix(kuma-cp): multiple external services pointing to same address [#5185](https://github.com/kumahq/kuma/pull/5185) @slonka +* fix(kuma-cp): override grafana plugin files by default [#5208](https://github.com/kumahq/kuma/pull/5208) @slonka +* fix(kuma-cp): reissue admin tls cert on dp address change [#5222](https://github.com/kumahq/kuma/pull/5222) @jakubdyszkiewicz +* fix(kuma-cp): remove Dataplane for Pod without IP [#4964](https://github.com/kumahq/kuma/pull/4964) @jakubdyszkiewicz +* fix(kuma-cp): return content type of inspect endpoints [#4965](https://github.com/kumahq/kuma/pull/4965) @jakubdyszkiewicz +* fix(kuma-dp): resilient TCP access log streamer [#4862](https://github.com/kumahq/kuma/pull/4862) @jakubdyszkiewicz +* fix(kumactl): get APIVersions from k8s server [#5182](https://github.com/kumahq/kuma/pull/5182) @michaelbeaumont +* fix(tools): add 'v' prefix to preview version format [#5004](https://github.com/kumahq/kuma/pull/5004) @michaelbeaumont +* fix(tools): support both GitHub app tokens and PATs [#4869](https://github.com/kumahq/kuma/pull/4869) @michaelbeaumont +* perf(kuma-cp): avoid rebuilding endpoint map [#4974](https://github.com/kumahq/kuma/pull/4974) @jakubdyszkiewicz +* refactor(kuma-dp): add xds authentication customization [#4990](https://github.com/kumahq/kuma/pull/4990) @michaelbeaumont -## 1.6.4 -> Released on 2023/01/13 +## 1.9.3 +> Released on 2023/02/15 -Built on top of [Kuma 1.5.4](https://github.com/kumahq/kuma/releases/tag/1.5.4) +Built on top of [Kuma 1.8.3](https://github.com/kumahq/kuma/releases/tag/1.8.3) - Upgraded the Helm library version. - Upgraded the Go version to 1.18.9. @@ -1053,140 +3139,120 @@ Built on top of [Kuma 1.5.4](https://github.com/kumahq/kuma/releases/tag/1.5.4) - Upgraded CoreDNS. -## 1.6.3 -> Released on 2022/12/13 +## 1.9.2 +> Released on 2023/02/15 -Built on top of [Kuma 1.5.3](https://github.com/kumahq/kuma/releases/tag/1.5.3) +Built on top of [Kuma 1.8.2](https://github.com/kumahq/kuma/releases/tag/1.8.2) - Fixed potential logging of secrets in kuma-cp. - Fixed KDS instability. - Fixed unnecessary CDS updates. +- Fixed a bug where the OPA Agent stops returning valid decisions after KM CP crashes. -## 1.7.5 -> Released on 2022/12/08 +## 1.9.1 +> Released on 2023/02/15 -Built on top of [Kuma 1.6.3](https://github.com/kumahq/kuma/releases/tag/1.6.3) +Built on top of [Kuma 1.8.1](https://github.com/kumahq/kuma/releases/tag/1.8.1) -- Fixed potential logging of secrets in kuma-cp. -- Fixed KDS instability. -- Fixed unnecessary CDS updates. -- Fixed a bug where the OPA Agent stops returning valid decisions after KM CP crashes. +- Gateway: Added support for `retryOn` in retry policies. +- Added support for evicted Pods. +- Added support for wildcard tag value match in RBAC. +- Prevents a potential data race by creating a deep copy of tags when generating outbounds. -## 1.9.2 -> Released on 2022/12/06 +## 1.9.0 +> Released on 2023/02/15 -Built on top of [Kuma 1.8.2](https://github.com/kumahq/kuma/releases/tag/1.8.2) +- Add "replace" function to CommonName template in CAs which support it (ACMPCA, cert-manager, Vault). +- Fix ZoneControlPlane token generation by setting access type to RBAC in the generated default. +- Improve RBAC logic by checking both old and new spec on updates. +- Add configuration option for RBAC validation result logging. +- Add cert-manager.io CA manager. -- Fixed potential logging of secrets in kuma-cp. -- Fixed KDS instability. -- Fixed unnecessary CDS updates. -- Fixed a bug where the OPA Agent stops returning valid decisions after KM CP crashes. +## 1.8.5 +> Released on 2023/02/15 -## 1.8.4 -> Released on 2022/12/06 +Built on top of [Kuma 1.7.4](https://github.com/kumahq/kuma/releases/tag/1.7.4) -Built on top of [Kuma 1.7.3](https://github.com/kumahq/kuma/releases/tag/1.7.3) +- Upgraded the Helm library version. +- Upgraded the Go version to 1.18.9. +- Fixed data caching. This bug might have caused certificates to regenerate. +- Upgraded CoreDNS. -- Fixed potential logging of secrets in kuma-cp. -- Fixed KDS instability. -- Fixed unnecessary CDS updates. -- Fixed a bug where the OPA Agent stops returning valid decisions after KM CP crashes. +### Includes [kumahq/kuma@1.8.5](https://github.com/kumahq/kuma/releases/tag/1.8.5) changelog +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6239](https://github.com/kumahq/kuma/pull/6239) @mergify +* chore(deps): bump gorestful and jwt [#6203](https://github.com/kumahq/kuma/pull/6203) @lahabana +* chore(deps): security update [#6059](https://github.com/kumahq/kuma/pull/6059) [#6396](https://github.com/kumahq/kuma/pull/6396) [#6468](https://github.com/kumahq/kuma/pull/6468) @kumahq +* chore(deps): upgrade envoy to v1.22.10 (backport #6483) [#6485](https://github.com/kumahq/kuma/pull/6485) @mergify +* fix(kuma-cni): ipv6 iptables with provided gateway and CNI V2 (backport #6374) [#6378](https://github.com/kumahq/kuma/pull/6378) @mergify -## 2.0.1 -> Released on 2022/12/05 -Built on top of [Kuma 2.0.1](https://github.com/kumahq/kuma/releases/tag/2.0.1) +## 1.8.4 +> Released on 2023/02/15 + +Built on top of [Kuma 1.7.3](https://github.com/kumahq/kuma/releases/tag/1.7.3) - Fixed potential logging of secrets in kuma-cp. - Fixed KDS instability. - Fixed unnecessary CDS updates. - Fixed a bug where the OPA Agent stops returning valid decisions after KM CP crashes. +### Includes [kumahq/kuma@1.8.4](https://github.com/kumahq/kuma/releases/tag/1.8.4) changelog -## 2.0.0 -> Released on 2022/11/04 - -Built on top of [Kuma 2.0.0](https://github.com/kumahq/kuma/releases/tag/2.0.0) - -### Amazon ECS - -You can now configure the sidecar to authenticate using the IAM role of the ECS task it's running as instead of using a data plane token. -The control plane interprets the tags on the role similar to how it interprets the data plane token. -This simplifies the deployment and management of Kong Mesh on ECS. - -For more information, see [Kong Mesh on Amazon ECS](/mesh/latest/installation/ecs/). - - -## 1.9.1 -> Released on 2022/10/07 - -Built on top of [Kuma 1.8.1](https://github.com/kumahq/kuma/releases/tag/1.8.1) - -- Gateway: Added support for `retryOn` in retry policies. -- Added support for evicted Pods. -- Added support for wildcard tag value match in RBAC. -- Prevents a potential data race by creating a deep copy of tags when generating outbounds. +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5987](https://github.com/kumahq/kuma/pull/5987) @mergify +* chore(deps): security update [#5763](https://github.com/kumahq/kuma/pull/5763) [#5963](https://github.com/kumahq/kuma/pull/5963) @kumahq +* fix(tproxy): fix disabling ipv6 for tproxy (backport #5923) [#5955](https://github.com/kumahq/kuma/pull/5955) @mergify ## 1.8.3 -> Released on 2022/10/07 +> Released on 2023/02/15 Built on top of [Kuma 1.7.2](https://github.com/kumahq/kuma/releases/tag/1.7.2) - Added support for evicted Pods. - Prevents a potential data race by creating a deep copy of tags when generating outbounds. +### Includes [kumahq/kuma@1.8.3](https://github.com/kumahq/kuma/releases/tag/1.8.3) changelog -## 1.7.4 -> Released on 2022/10/07 - -Built on top of [Kuma 1.6.2](https://github.com/kumahq/kuma/releases/tag/1.6.2) - -- Added support for evicted Pods. -- Prevents a potential data race by creating a deep copy of tags when generating outbounds. - - -## 1.9.0 -> Released on 2022/08/23 - -- Add "replace" function to CommonName template in CAs which support it (ACMPCA, cert-manager, Vault). -- Fix ZoneControlPlane token generation by setting access type to RBAC in the generated default. -- Improve RBAC logic by checking both old and new spec on updates. -- Add configuration option for RBAC validation result logging. -- Add cert-manager.io CA manager. - +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 [#5598](https://github.com/kumahq/kuma/pull/5598) @mergify +* chore(deps): update coreDNS to 1.10.0 (backport #5626) [#5656](https://github.com/kumahq/kuma/pull/5656) @mergify +* chore: remove Apache license header from generated files (backport #5565) [#5617](https://github.com/kumahq/kuma/pull/5617) @mergify +* chore: upgrade golang to 1.18.9 (backport #5607) [#5610](https://github.com/kumahq/kuma/pull/5610) @mergify +* fix(kuma-cp): don't cache filtered data (backport #5574) [#5633](https://github.com/kumahq/kuma/pull/5633) @mergify ## 1.8.2 -> Released on 2022/08/05 +> Released on 2023/02/15 Built on top of [Kuma 1.7.1](https://github.com/kumahq/kuma/releases/tag/1.7.1) - Fix RBAC: all tags specified in when section are required in policies. - Fix RBAC: `*` value in tag specified in when section means that the tag is required, but can have any value. +### Includes [kumahq/kuma@1.8.2](https://github.com/kumahq/kuma/releases/tag/1.8.2) changelog + +* feat(kuma-cp): remove value of secret when logging Secret Resources (backport #5384) [#5393](https://github.com/kumahq/kuma/pull/5393) @mergify +* fix(kuma-cp): kds deadlock (backport #5373) [#5398](https://github.com/kumahq/kuma/pull/5398) @mergify +* fix: sort resources when building MeshContext (backport #5391) [#5410](https://github.com/kumahq/kuma/pull/5410) @mergify ## 1.8.1 -> Released on 2022/07/15 +> Released on 2023/02/15 Built on top of [Kuma 1.7.1](https://github.com/kumahq/kuma/releases/tag/1.7.1) - Check both old and new spec on Update - -## 1.7.2 -> Released on 2022/07/15 - -Built on top of [Kuma 1.6.1](https://github.com/kumahq/kuma/releases/tag/1.6.1) - -- Check both old and new spec on Update - +### Includes [kumahq/kuma@1.8.1](https://github.com/kumahq/kuma/releases/tag/1.8.1) changelog +* fix(tools): support both GitHub app tokens and PATs (backport #4869) by @mergify in https://github.com/kumahq/kuma/pull/4872 +* fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/4980 +* fix(*): do not override source address when TP is not enabled (backport #4951) by @mergify in https://github.com/kumahq/kuma/pull/4961 +* fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in https://github.com/kumahq/kuma/pull/5071 +* fix(gateway): add support for retryOn (backport #5091) by @mergify in https://github.com/kumahq/kuma/pull/5098 ## 1.8.0 -> Released on 2022/06/15 +> Released on 2023/02/15 New Features: @@ -1205,17 +3271,286 @@ Dependency upgrades: - Bump `k8s.io/apimachinery` from 0.23.6 to 0.24.1 - Bump `sigs.k8s.io/controller-runtime` from 0.11.2 to 0.12.1 +### Includes [kumahq/kuma@1.8.0](https://github.com/kumahq/kuma/releases/tag/1.8.0) changelog + +### New features: + +CNI v2 with lots of improvements: + +* taint controller to prevent race condition [#4650](https://github.com/kumahq/kuma/pull/4650) @slonka +* all logs are easily accessible via `kubectl logs` command which greatly simplifies observability [#4845](https://github.com/kumahq/kuma/pull/4845) @slonka +* it uses new transparent engine implemented in kuma-net [#4481](https://github.com/kumahq/kuma/pull/4481) @slonka + +URL rewrite in Builtin Gateway: + +* support URL rewriting [#4638](https://github.com/kumahq/kuma/pull/4638) @michaelbeaumont + +Stats and Clusters in the GUI: + +* execute stats and clusters from the control plane [#4557](https://github.com/kumahq/kuma/pull/4557) [#333](https://github.com/kumahq/kuma-gui/pull/333) @jakubdyszkiewicz + +Extra `retryOn` options for Retry: + +* add extra http retryOn options [#4744](https://github.com/kumahq/kuma/pull/4744) @johnharris85 + +Better support for TCP logging: + +* resilient tcp TCP access log streamer [#4511](https://github.com/kumahq/kuma/pull/4511) @parkanzky [#4862](https://github.com/kumahq/kuma/pull/4862) @jakubdyszkiewicz + +Filtering Envoy metrics: + +* added option to define filter for Envoy metrics [#4503](https://github.com/kumahq/kuma/pull/4503) @lukidzi + +Projected service account token: + +* support for projected service account token [#4453](https://github.com/kumahq/kuma/pull/4453) @lukidzi + +### Fixes: + +#### Helm: + +* remove duplicate keys in resources [#4681](https://github.com/kumahq/kuma/pull/4681) @michaelbeaumont +* add containersecuritycontext to CNI daemonset [#4677](https://github.com/kumahq/kuma/pull/4677) @jakubdyszkiewicz +* fix extraConfigMap and cp labels [#4531](https://github.com/kumahq/kuma/pull/4531) @lahabana +* use image.global.registry for imageExperimental [#4641](https://github.com/kumahq/kuma/pull/4641) @jakubdyszkiewicz + +#### Gateway: + +* `ListenerReason` for unresolved certificate refs, enable ReferenceGrant conformance tests [#4806](https://github.com/kumahq/kuma/pull/4806) @michaelbeaumont +* check hostname intersection between HTTPRoute and Gateway listener [#4537](https://github.com/kumahq/kuma/pull/4537) @michaelbeaumont +* create MeshGatewayInstance in same Mesh as Gateway [#4794](https://github.com/kumahq/kuma/pull/4794) @michaelbeaumont +* don't create invalid envoy config when routes and listeners don't match (backport #4837) [#4841](https://github.com/kumahq/kuma/pull/4841) @mergify +* hostname intersections, use new RouteReasons [#4544](https://github.com/kumahq/kuma/pull/4544) @michaelbeaumont +* improve HTTPRoute statuses with unresolved BackendRefs [#4635](https://github.com/kumahq/kuma/pull/4635) @michaelbeaumont +* npe without any timeout [#4548](https://github.com/kumahq/kuma/pull/4548) @michaelbeaumont +* rbac permissions for ReferenceGrant [#4628](https://github.com/kumahq/kuma/pull/4628) @michaelbeaumont +* workaround label value max length with hash [#4545](https://github.com/kumahq/kuma/pull/4545) @michaelbeaumont + +#### Control Plane: + +* check if kuma annotation or label is set but ignore value [#4731](https://github.com/kumahq/kuma/pull/4731) @lukidzi +* delete an empty TimeoutConfigurer [#4554](https://github.com/kumahq/kuma/pull/4554) @lobkovilya +* do not modify external service tags [#4591](https://github.com/kumahq/kuma/pull/4591) @jakubdyszkiewicz +* don't deploy Pod/Service webhooks in global [#4673](https://github.com/kumahq/kuma/pull/4673) @michaelbeaumont +* don't fail generation if other mesh CAs are misconfigured [#4501](https://github.com/kumahq/kuma/pull/4501) @michaelbeaumont +* external service datasource validation [#4652](https://github.com/kumahq/kuma/pull/4652) @jakubdyszkiewicz +* fix builtdns annotations for kubernetes [#4660](https://github.com/kumahq/kuma/pull/4660) @lahabana +* generate cluster name hash based on tags not config [#4598](https://github.com/kumahq/kuma/pull/4598) @lukidzi +* grant delete Pods in kuma-system namespace to control plane [#4571](https://github.com/kumahq/kuma/pull/4571) @michaelbeaumont +* localhost exposed application shouldn't be reachable [#4750](https://github.com/kumahq/kuma/pull/4750) @lukidzi +* make options for policies simpler [#4722](https://github.com/kumahq/kuma/pull/4722) @lahabana +* protect sort from empty locality [#4820](https://github.com/kumahq/kuma/pull/4820) @jakubdyszkiewicz +* registering dp on reconnect [#4647](https://github.com/kumahq/kuma/pull/4647) @jakubdyszkiewicz +* support GC service account [#4483](https://github.com/kumahq/kuma/pull/4483) @lobkovilya +* validate both old and new objects on Update [#4589](https://github.com/kumahq/kuma/pull/4589) @michaelbeaumont +* validation error with user tokens [#4507](https://github.com/kumahq/kuma/pull/4507) @jakubdyszkiewicz + +#### Data Plane: + +* access log path on windows when cp is on linux [#4518](https://github.com/kumahq/kuma/pull/4518) @jakubdyszkiewicz +* fix multi OS build of accesslogs [#4767](https://github.com/kumahq/kuma/pull/4767) @lahabana +* have envoy version check always work [#4564](https://github.com/kumahq/kuma/pull/4564) @lahabana +* propagate context for metrics aggregate [#4640](https://github.com/kumahq/kuma/pull/4640) @lukidzi +* set prometheus content-type when returning metrics [#4706](https://github.com/kumahq/kuma/pull/4706) @lukidzi + +### Other: + +* add operations now create non-existent path elements [#4595](https://github.com/kumahq/kuma/pull/4595) @michaelbeaumont + +#### Docs: + +* new policy matching proposal [#4474](https://github.com/kumahq/kuma/pull/4474) @lobkovilya + +#### Other changes: + +##### Gateway: + +* mention mesh name in gateway instance status [#4678](https://github.com/kumahq/kuma/pull/4678) @lahabana +* add listener connection limits [#4755](https://github.com/kumahq/kuma/pull/4755) @michaelbeaumont +* add loadBalancerIP to MeshGatewayInstance [#4519](https://github.com/kumahq/kuma/pull/4519) @michaelbeaumont +* allow MeshGateway Dataplane Pods to bind privileged ports [#4535](https://github.com/kumahq/kuma/pull/4535) @michaelbeaumont +* configure overload_manager based on max memory [#4694](https://github.com/kumahq/kuma/pull/4694) @michaelbeaumont +* multi-zone cross-mesh MeshGateway [#4443](https://github.com/kumahq/kuma/pull/4443) @michaelbeaumont +* propagate x-kuma-tags from MeshGateways [#4476](https://github.com/kumahq/kuma/pull/4476) @michaelbeaumont +* send default static payload for empty gateway [#4617](https://github.com/kumahq/kuma/pull/4617) @tharun208 +* set `path_with_escaped_slashes_action` [#4719](https://github.com/kumahq/kuma/pull/4719) @michaelbeaumont +* set cluster HTTP2 stream and connection window size [#4779](https://github.com/kumahq/kuma/pull/4779) @michaelbeaumont +* set cluster per_connection_buffer_limit_bytes [#4696](https://github.com/kumahq/kuma/pull/4696) @michaelbeaumont +* set global_downstream_max_connections to 50000 [#4724](https://github.com/kumahq/kuma/pull/4724) @michaelbeaumont +* update to Gateway API v0.5.0, support v1beta1 resources [#4599](https://github.com/kumahq/kuma/pull/4599) @michaelbeaumont +* validate listeners for collapsibility [#4765](https://github.com/kumahq/kuma/pull/4765) @michaelbeaumont +* add MeshGateway dashboard [#4555](https://github.com/kumahq/kuma/pull/4555) @michaelbeaumont + +##### Control Plane: + +* config cleanup (backport #4855) [#4857](https://github.com/kumahq/kuma/pull/4857) @mergify +* don't set deprecated dns_resolver_config [#4702](https://github.com/kumahq/kuma/pull/4702) @michaelbeaumont +* don't set deprecated known_suffixes [#4701](https://github.com/kumahq/kuma/pull/4701) @michaelbeaumont +* remove deprecated Cluster.Http2ProtocolOptions [#4528](https://github.com/kumahq/kuma/pull/4528) @michaelbeaumont +* remove versions_ws [#4512](https://github.com/kumahq/kuma/pull/4512) @lahabana +* replace deprecated admin_access_log_path [#4552](https://github.com/kumahq/kuma/pull/4552) @lahabana +* add /policies endpoint to list all registered policies [#4708](https://github.com/kumahq/kuma/pull/4708) @lahabana +* authenticate DP every time [#4685](https://github.com/kumahq/kuma/pull/4685) @jakubdyszkiewicz +* enrich policies endpoint [#4791](https://github.com/kumahq/kuma/pull/4791) @jakubdyszkiewicz +* identify gateway service by deployment [#4703](https://github.com/kumahq/kuma/pull/4703) @parkanzky +* separate CA for Envoy Admin communication [#4676](https://github.com/kumahq/kuma/pull/4676) @jakubdyszkiewicz +* use remote address for Gateway [#4530](https://github.com/kumahq/kuma/pull/4530) @jakubdyszkiewicz +* add operations now create non-existent path elements [#4595](https://github.com/kumahq/kuma/pull/4595) @michaelbeaumont + +##### Data Plane: + +* remove envoy admin port flag [#4574](https://github.com/kumahq/kuma/pull/4574) @tharun208 +* detect memory limit only on linux [#4715](https://github.com/kumahq/kuma/pull/4715) @jakubdyszkiewicz + +##### kumactl: + +* add a limit to the prom TSDB size [#4651](https://github.com/kumahq/kuma/pull/4651) @lahabana +* remove old flags in install tp [#4760](https://github.com/kumahq/kuma/pull/4760) @lahabana +* add MeshGateway to `install demo` [#4679](https://github.com/kumahq/kuma/pull/4679) @michaelbeaumont +* add install control-plane --registry flag [#4533](https://github.com/kumahq/kuma/pull/4533) @michaelbeaumont + +##### Documentation: + +* create MADR for MeshTrafficPermission [#4666](https://github.com/kumahq/kuma/pull/4666) @lobkovilya +* new policy matching proposal [#4474](https://github.com/kumahq/kuma/pull/4474) @lobkovilya +* policy matching, replace 'conf' with 'default' [#4693](https://github.com/kumahq/kuma/pull/4693) @lobkovilya + +##### CNI: + +* add cni ebpf plugin [#4810](https://github.com/kumahq/kuma/pull/4810) @bartsmykla +* implement the cni plugin [#4481](https://github.com/kumahq/kuma/pull/4481) @slonka [#4618](https://github.com/kumahq/kuma/pull/4618) @slonka [#4613](https://github.com/kumahq/kuma/pull/4613) @slonka [#4850](https://github.com/kumahq/kuma/pull/4850) @mergify [#4642](https://github.com/kumahq/kuma/pull/4642) @slonka [#4788](https://github.com/kumahq/kuma/pull/4788) @slonka [#4858](https://github.com/kumahq/kuma/pull/4858) @mergify [#4826](https://github.com/kumahq/kuma/pull/4826) @slonka [#4695](https://github.com/kumahq/kuma/pull/4695) @slonka [#4846](https://github.com/kumahq/kuma/pull/4846) @mergify +* taint controller [#4852](https://github.com/kumahq/kuma/pull/4852) @jakubdyszkiewicz +* use our cni with calico [#4801](https://github.com/kumahq/kuma/pull/4801) @slonka + +### Dependency updates: + +* update demo to latest version [#4572](https://github.com/kumahq/kuma/pull/4572) @lahabana +* update Kuma GUI [#4815](https://github.com/kumahq/kuma/pull/4815) @kleinfreund [#4723](https://github.com/kumahq/kuma/pull/4723) @lahabana +* use github.com/emicklei/go-restful/v3 [#4665](https://github.com/kumahq/kuma/pull/4665) @mmorel-35 +* bump alpine from 3.16.0 to 3.16.2 in /tools/releases/dockerfiles [#4670](https://github.com/kumahq/kuma/pull/4670) [#4827](https://github.com/kumahq/kuma/pull/4827) @dependabot +* bump github.com/containerd/cgroups from 1.0.3 to 1.0.4 [#4717](https://github.com/kumahq/kuma/pull/4717) @dependabot +* bump github.com/containernetworking/cni from 0.8.1 to 1.1.2 [#4632](https://github.com/kumahq/kuma/pull/4632) [#4716](https://github.com/kumahq/kuma/pull/4716) @dependabot +* bump github.com/golang-jwt/jwt/v4 from 4.4.1 to 4.4.2 [#4499](https://github.com/kumahq/kuma/pull/4499) @dependabot +* bump github.com/golang-migrate/migrate/v4 from 4.15.0 to 4.15.2 [#4672](https://github.com/kumahq/kuma/pull/4672) @dependabot +* bump github.com/gruntwork-io/terratest from 0.40.15 to 0.40.20 [#4469](https://github.com/kumahq/kuma/pull/4469) [#4480](https://github.com/kumahq/kuma/pull/4480) @dependabot +* bump github.com/miekg/dns from 1.1.49 to 1.1.50 [#4492](https://github.com/kumahq/kuma/pull/4492) @dependabot +* bump github.com/onsi/gomega from 1.19.0 to 1.20.0 [#4671](https://github.com/kumahq/kuma/pull/4671) @dependabot +* bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 [#4783](https://github.com/kumahq/kuma/pull/4783) @dependabot +* bump github.com/prometheus/common from 0.34.0 to 0.37.0 [#4489](https://github.com/kumahq/kuma/pull/4489) [#4627](https://github.com/kumahq/kuma/pull/4627) @dependabot +* bump github.com/spf13/cobra from 1.4.0 to 1.5.0 [#4491](https://github.com/kumahq/kuma/pull/4491) @dependabot +* bump go.uber.org/zap from 1.21.0 to 1.22.0 [#4829](https://github.com/kumahq/kuma/pull/4829) @dependabot +* bump google.golang.org/grpc from 1.47.0 to 1.48.0 [#4631](https://github.com/kumahq/kuma/pull/4631) @dependabot +* bump google.golang.org/protobuf from 1.28.0 to 1.28.1 [#4718](https://github.com/kumahq/kuma/pull/4718) @dependabot +* bump k8s.io/apiextensions-apiserver from 0.24.0 to 0.24.3 [#4493](https://github.com/kumahq/kuma/pull/4493) [#4624](https://github.com/kumahq/kuma/pull/4624) @dependabot +* bump sigs.k8s.io/controller-runtime from 0.12.1 to 0.12.3 [#4498](https://github.com/kumahq/kuma/pull/4498) [#4581](https://github.com/kumahq/kuma/pull/4581) @dependabot +* bump sigs.k8s.io/controller-tools from 0.9.0 to 0.9.2 [#4549](https://github.com/kumahq/kuma/pull/4549) @dependabot + +## 1.7.6 +> Released on 2023/02/15 + +Built on top of [Kuma 1.6.4](https://github.com/kumahq/kuma/releases/tag/1.6.4) + +- Upgraded the Helm library version. +- Upgraded the Go version to 1.18.9. +- Fixed data caching. This bug might have caused certificates to regenerate. +- Upgraded CoreDNS. + +### Includes [kumahq/kuma@1.7.6](https://github.com/kumahq/kuma/releases/tag/1.7.6) changelog + +* chore(deps): bump coredns from 1.10.0 to 1.10.1 [#6240](https://github.com/kumahq/kuma/pull/6240) @mergify +* chore(deps): bump gorestful and jwt (backport #6203) [#6212](https://github.com/kumahq/kuma/pull/6212) @mergify +* chore(deps): security update [#6058](https://github.com/kumahq/kuma/pull/6058) [#6394](https://github.com/kumahq/kuma/pull/6394) [#6469](https://github.com/kumahq/kuma/pull/6469) @kumahq +* chore(deps): upgrade envoy to v1.22.10 (backport #6483) [#6486](https://github.com/kumahq/kuma/pull/6486) @mergify + + +## 1.7.5 +> Released on 2023/02/15 + +Built on top of [Kuma 1.6.3](https://github.com/kumahq/kuma/releases/tag/1.6.3) + +- Fixed potential logging of secrets in kuma-cp. +- Fixed KDS instability. +- Fixed unnecessary CDS updates. +- Fixed a bug where the OPA Agent stops returning valid decisions after KM CP crashes. + +### Includes [kumahq/kuma@1.7.5](https://github.com/kumahq/kuma/releases/tag/1.7.5) changelog + +* chore(deps): bump Envoy from 1.22.2 to 1.22.7 [#5988](https://github.com/kumahq/kuma/pull/5988) @mergify +* chore(deps): security update [#5766](https://github.com/kumahq/kuma/pull/5766) [#5966](https://github.com/kumahq/kuma/pull/5966) @kumahq + + +## 1.7.4 +> Released on 2023/02/15 + +Built on top of [Kuma 1.6.2](https://github.com/kumahq/kuma/releases/tag/1.6.2) + +- Added support for evicted Pods. +- Prevents a potential data race by creating a deep copy of tags when generating outbounds. + +### Includes [kumahq/kuma@1.7.4](https://github.com/kumahq/kuma/releases/tag/1.7.4) changelog + +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 [#5599](https://github.com/kumahq/kuma/pull/5599) @mergify +* chore(deps): update coreDNS to 1.10.0 (backport #5626) [#5657](https://github.com/kumahq/kuma/pull/5657) @mergify +* chore(helm): remove duplicate keys in resources (backport #4681) [#5640](https://github.com/kumahq/kuma/pull/5640) @mergify +* chore: remove Apache license header from generated files (backport #5565) [#5618](https://github.com/kumahq/kuma/pull/5618) @mergify +* chore: upgrade golang to 1.18.9 (backport #5607) [#5611](https://github.com/kumahq/kuma/pull/5611) @mergify +* fix(kuma-cp): don't cache filtered data (backport #5574) [#5634](https://github.com/kumahq/kuma/pull/5634) @mergify + +## 1.7.2 +> Released on 2023/02/15 + +Built on top of [Kuma 1.6.1](https://github.com/kumahq/kuma/releases/tag/1.6.1) + +- Check both old and new spec on Update + +### Includes [kumahq/kuma@1.7.2](https://github.com/kumahq/kuma/releases/tag/1.7.2) changelog +* fix(helm): always run Helm version update by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4604 +* chore(helm): update to 1.7.1 by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4603 +* Revert "fix(helm): always run Helm version update (#4604)" by @michaelbeaumont in https://github.com/kumahq/kuma/pull/4609 +* fix(kuma-cp): deep copy tags when gen. outbounds (backport #5070) by @mergify in https://github.com/kumahq/kuma/pull/5072 +* fix(kuma-cp): remove Dataplane for Pod without IP (backport #4964) by @mergify in https://github.com/kumahq/kuma/pull/5096 + ## 1.7.1 -> Released on 2022/06/14 +> Released on 2023/02/15 Built on top of [Kuma 1.6.1](https://github.com/kumahq/kuma/releases/tag/1.6.1) - Allow graceful shutdown of OPA +### Includes [kumahq/kuma@1.7.1](https://github.com/kumahq/kuma/releases/tag/1.7.1) changelog + +### Fixes + +#### Gateway + +* Nil pinter exception without any timeout (#4550) +* Use remote address for Gateway (#4538) + +#### kumactl + +* Update demo to latest version (#4587) + +#### Control plane + +* Grant delete Pods in kuma-system namespace to control plane (#4575) +* Don't fail generation if other mesh CAs are misconfigured (#4517) +* Don't override timeout values for ExternalServices (#4568) + +#### Data plane proxy + +* Access log path on windows when cp is on linux (#4518) + +#### Helm + +* Fix extraConfigMap and cp labels (#4541) + +#### General + +* Avoid `-` in version of the binaries (#4527) ## 1.7.0 -> Released on 2022/04/11 +> Released on 2023/02/15 New Features: @@ -1230,9 +3565,157 @@ Dependency upgrades: - Bump `github.com/open-policy-agent/opa` from 0.37.1 to 0.38.1 - Bump `github.com/open-policy-agent/opa-envoy-plugin` from 0.37.1-envoy to 0.38.1-envoy-3 +### Includes [kumahq/kuma@1.7.0](https://github.com/kumahq/kuma/releases/tag/1.7.0) changelog + +### New features: + +Cross Mesh Communication: +* add cross-mesh `MeshGateway` listeners [#4274](https://github.com/kumahq/kuma/pull/4274)[#4405](https://github.com/kumahq/kuma/pull/4405) @michaelbeaumont + +ContainerPatch: +* allow custom configuration of Kubernetes' `kuma-init` and `kuma-sidecar` containers by introducing `ContainerPatch` CRD [#4280](https://github.com/kumahq/kuma/pull/4280) [#4362](https://github.com/kumahq/kuma/pull/4362) / [#4366](https://github.com/kumahq/kuma/pull/4366) [#4369](https://github.com/kumahq/kuma/pull/4369) / [#4370](https://github.com/kumahq/kuma/pull/4370) @parkanzky, @bartsmykla + +Observability: +* hijack application metrics to enable scraping metrics from mTLSed applications without prometheus in the mesh [#4286](https://github.com/kumahq/kuma/pull/4286) [#4388](https://github.com/kumahq/kuma/pull/4388)/[#4406](https://github.com/kumahq/kuma/pull/4406) @lukidzi +* unified installation of `metrics/logging/tracing` into one command `observability` [#4308](https://github.com/kumahq/kuma/pull/4308) [#4411](https://github.com/kumahq/kuma/pull/4411)/[#4418](https://github.com/kumahq/kuma/pull/4418) @lukidzi, @lahabana + +ARM64 support: +* added arm build and release pipeline [#4231](https://github.com/kumahq/kuma/pull/4231) @lukidzi +* release for arm64 now publish correct arch image [#4276](https://github.com/kumahq/kuma/pull/4276) @lukidzi +* upgrade kubectl to version with ARM support [#4180](https://github.com/kumahq/kuma/pull/4180) @lukidzi +* support ARM Linux/Darwin for dev/tools [#4199](https://github.com/kumahq/kuma/pull/4199) @lukidzi +* introduced map of arch for a specific build [#4321](https://github.com/kumahq/kuma/pull/4321) @lukidzi +* do not exclude arm64 files from docker [#4265](https://github.com/kumahq/kuma/pull/4265) @lukidzi + +Gateway: +* add `GatewayClass.Spec.ParametersRef` support [#4157](https://github.com/kumahq/kuma/pull/4157) @michaelbeaumont +* cp annotations from gateway to svc [#4327](https://github.com/kumahq/kuma/pull/4327) @johnharris85 +* only reconcile Gateway when GatewayClass is Ready [#4162](https://github.com/kumahq/kuma/pull/4162) @michaelbeaumont +* auto generate hostname for crossMesh listeners [#4421](https://github.com/kumahq/kuma/pull/4421)/[#4424](https://github.com/kumahq/kuma/pull/4424) @michaelbeaumont + +Helm: +* set host network var in helm/cp-deployment.yaml [#4209](https://github.com/kumahq/kuma/pull/4209) @SallyBlichWalkMe +* add resource management for jobs [#4254](https://github.com/kumahq/kuma/pull/4254) @gdasson +* option for automountSAT=false on cp [#4309](https://github.com/kumahq/kuma/pull/4309) @gdasson +* helm chart improvements [#4337](https://github.com/kumahq/kuma/pull/4337) @bartsmykla + +CP: +* experimental transparent proxy annotation [#4240](https://github.com/kumahq/kuma/pull/4240) @parkanzky +* graceful shutdown on Universal using HDS [#4246](https://github.com/kumahq/kuma/pull/4246) @jakubdyszkiewicz +* intercept signal for different platforms [#4283](https://github.com/kumahq/kuma/pull/4283) @jakubdyszkiewicz +* XDS config dump on Global CP [#4301](https://github.com/kumahq/kuma/pull/4301) @jakubdyszkiewicz +* validate DP compat on kuma backend [#4236](https://github.com/kumahq/kuma/pull/4236) @parkanzky + +DP: +* graceful shutdown of kuma-dp [#4229](https://github.com/kumahq/kuma/pull/4229) @jakubdyszkiewicz + +### Fixes: + +Gateway: +* use MeshGatewayInstance mesh annotation when matching [#4361](https://github.com/kumahq/kuma/pull/4361)/[#4371](https://github.com/kumahq/kuma/pull/4371) @michaelbeaumont + +Helm: +* remove replica from cp-deployment.yaml when autoscaling enabled [#4447](https://github.com/kumahq/kuma/pull/4447)/[#4454](https://github.com/kumahq/kuma/pull/4454) @gustoliv + +CP: +* fix '/config_dump' request if Global CP is on Kubernetes [#4363](https://github.com/kumahq/kuma/pull/4363)/[#4372](https://github.com/kumahq/kuma/pull/4372) @lobkovilya +* add the latest version to compatibility matrix [#4232](https://github.com/kumahq/kuma/pull/4232) @parkanzky + +DP: +* clarify error log message when kuma-dp is wrongly connecting to global-cp [#4269](https://github.com/kumahq/kuma/pull/4269) @slonka + +Kumactl: +* fix transparent proxy --skip-conntrack-zone-split flag value [#4334](https://github.com/kumahq/kuma/pull/4334) @bartsmykla + +### Other notable changes: + +Gateway: +* add /finalizers permission for OwnerReferencesPermissionEnforcement plugin [#4239](https://github.com/kumahq/kuma/pull/4239) @michaelbeaumont +* don't match on ALPN in gateway (#4198) [#4272](https://github.com/kumahq/kuma/pull/4272) @wjrbetts + +Helm: +* delete 'kubernetes.io/arch' node selector [#4335](https://github.com/kumahq/kuma/pull/4335) @lobkovilya + +CP: +* don't always recompute mesh contexts [#4267](https://github.com/kumahq/kuma/pull/4267) @michaelbeaumont +* don't run dataplane gc in global [#4184](https://github.com/kumahq/kuma/pull/4184) @lahabana +* graceful components [#4277](https://github.com/kumahq/kuma/pull/4277) @jakubdyszkiewicz +* memory store cannot delete a parent [#4194](https://github.com/kumahq/kuma/pull/4194) @jakubdyszkiewicz +* protocol check should be case-insensitive [#4248](https://github.com/kumahq/kuma/pull/4248) @lukidzi +* remove dns server from control plane [#4192](https://github.com/kumahq/kuma/pull/4192) @lahabana +* automatically detect dns lookup family for cp cluster [#4275](https://github.com/kumahq/kuma/pull/4275) @slonka + +ZoneIngress: +* graceful start of many ZoneIngresses [#4305](https://github.com/kumahq/kuma/pull/4305) @jakubdyszkiewicz + +ZoneEgress: +* resolve zone-ingress advertized address [#4219](https://github.com/kumahq/kuma/pull/4219) @lahabana +* do not change ip to ZoneEgress address [#4193](https://github.com/kumahq/kuma/pull/4193) @lukidzi + +Kumactl: +* remove flag '--experimental-meshgateway' [#4315](https://github.com/kumahq/kuma/pull/4315) @lobkovilya + +Timeout Policy: +* deprecate 'timeout.grpc' section [#4365](https://github.com/kumahq/kuma/pull/4365)/[#4449](https://github.com/kumahq/kuma/pull/4449) @lobkovilya + +Other: +* delete dns-server 5653 port from configuration and helm files [#4339](https://github.com/kumahq/kuma/pull/4339)/[#4345](https://github.com/kumahq/kuma/pull/4345) @lobkovilya +* support kube-linter tools to analyze Kubernetes YAML files [#4294](https://github.com/kumahq/kuma/pull/4294) @mangoGoForward + +### Dependency upgrades: + +* upgrade envoy to 1.22.1 [#4288](https://github.com/kumahq/kuma/pull/4288) [#4464](https://github.com/kumahq/kuma/pull/4464)/[#4465](https://github.com/kumahq/kuma/pull/4465) @lobkovilya +* upgrade kuma-cni to 0.0.10 [#4313](https://github.com/kumahq/kuma/pull/4313) @lobkovilya +* upgrade tproxy iptables to v0.2.2 [#4328](https://github.com/kumahq/kuma/pull/4328) @bartsmykla +* upgrade GUI to the latest version [#4316](https://github.com/kumahq/kuma/pull/4316) [#4338](https://github.com/kumahq/kuma/pull/4338) [#4389](https://github.com/kumahq/kuma/pull/4389)/[#4390](https://github.com/kumahq/kuma/pull/4390) @jakubdyszkiewicz, @lahabana, @bartsmykla +* upgrade protoc and regenerate files [#4169](https://github.com/kumahq/kuma/pull/4169) @lukidzi +* bump github.com/golang-migrate/migrate/v4 from 4.15.1 to 4.15.2 [#4234](https://github.com/kumahq/kuma/pull/4234) @dependabot +* bump github.com/gruntwork-io/terratest from 0.40.6 to 0.40.10 [#4178](https://github.com/kumahq/kuma/pull/4178) [#4260](https://github.com/kumahq/kuma/pull/4260) [#4322](https://github.com/kumahq/kuma/pull/4322) @dependabot +* bump github.com/lib/pq from 1.10.5 to 1.10.6 [#4299](https://github.com/kumahq/kuma/pull/4299) @dependabot +* bump github.com/miekg/dns from 1.1.48 to 1.1.49 [#4291](https://github.com/kumahq/kuma/pull/4291) @dependabot +* bump github.com/onsi/ginkgo/v2 from 2.1.3 to 2.1.4 [#4233](https://github.com/kumahq/kuma/pull/4233) @dependabot +* bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 [#4290](https://github.com/kumahq/kuma/pull/4290) @dependabot +* bump github.com/prometheus/common from 0.33.0 to 0.34.0 [#4235](https://github.com/kumahq/kuma/pull/4235) @dependabot +* bump github.com/spf13/viper from 1.10.0 to 1.11.0 [#4177](https://github.com/kumahq/kuma/pull/4177) @dependabot +* bump google.golang.org/grpc from 1.45.0 to 1.46.2 [#4213](https://github.com/kumahq/kuma/pull/4213) [#4289](https://github.com/kumahq/kuma/pull/4289) @dependabot +* bump k8s.io/apiextensions-apiserver from 0.23.5 to 0.24.0 [#4216](https://github.com/kumahq/kuma/pull/4216) @dependabot [#4302](https://github.com/kumahq/kuma/pull/4302)/[#4378](https://github.com/kumahq/kuma/pull/4378) +* bump sigs.k8s.io/controller-runtime from 0.11.2 to 0.12.1 [#4302](https://github.com/kumahq/kuma/pull/4302)/[#4378](https://github.com/kumahq/kuma/pull/4378) @dependabot + +### Other: + +* automate policy generation [#4197](https://github.com/kumahq/kuma/pull/4197) @lobkovilya + +## 1.6.4 +> Released on 2023/02/15 + +Built on top of [Kuma 1.5.4](https://github.com/kumahq/kuma/releases/tag/1.5.4) + +- Upgraded the Helm library version. +- Upgraded the Go version to 1.18.9. +- Fixed data caching. This bug might have caused certificates to regenerate. +- Upgraded CoreDNS. + +### Includes [kumahq/kuma@1.6.4](https://github.com/kumahq/kuma/releases/tag/1.6.4) changelog + +* chore(deps): bump helm.sh/helm/v3 from 3.8.1 to 3.10.3 [#5601](https://github.com/kumahq/kuma/pull/5601) @mergify +* chore(deps): update coreDNS to 1.10.0 (backport #5626) [#5658](https://github.com/kumahq/kuma/pull/5658) @mergify +* chore(helm): remove duplicate keys in resources (backport #4681) [#5641](https://github.com/kumahq/kuma/pull/5641) @mergify +* chore: remove Apache license header from generated files (backport #5565) [#5620](https://github.com/kumahq/kuma/pull/5620) @mergify +* chore: upgrade golang to 1.18.9 (backport #5607) [#5612](https://github.com/kumahq/kuma/pull/5612) @mergify +* fix(kuma-cp): don't cache filtered data (backport #5574) [#5635](https://github.com/kumahq/kuma/pull/5635) @mergify + +## 1.6.3 +> Released on 2023/02/15 + +Built on top of [Kuma 1.5.3](https://github.com/kumahq/kuma/releases/tag/1.5.3) + +- Fixed potential logging of secrets in kuma-cp. +- Fixed KDS instability. +- Fixed unnecessary CDS updates. + ## 1.6.1 -> Released on 2022/04/07 +> Released on 2023/02/15 Built on top of [Kuma 1.5.1](https://github.com/kumahq/kuma/releases/tag/1.5.1) @@ -1243,9 +3726,20 @@ Dependency upgrades: - Bump `github.com/open-policy-agent/opa` from 0.37.2 to 0.38.1 +### Includes [kumahq/kuma@1.6.1](https://github.com/kumahq/kuma/releases/tag/1.6.1) changelog + +### Fixes: + +CP: +* do not change ip to ZoneEgress address (backport #4193) [#4195](https://github.com/kumahq/kuma/pull/4195) +* memory store cannot delete a parent (backport #4194) [#4196](https://github.com/kumahq/kuma/pull/4196) + +### Dependency upgrades: + +* upgrade envoy to 1.21.3 [#4457](https://github.com/kumahq/kuma/pull/4457) @lobkovilya ## 1.6.0 -> Released on 2022/02/24 +> Released on 2023/02/15 Built on top of [Kuma 1.5.0](https://github.com/kumahq/kuma/releases/tag/1.5.0) @@ -1253,9 +3747,89 @@ Built on top of [Kuma 1.5.0](https://github.com/kumahq/kuma/releases/tag/1.5.0) - ECS EC2 and Fargate first party support. - Update OPA agent to v0.37.2. +### Includes [kumahq/kuma@1.6.0](https://github.com/kumahq/kuma/releases/tag/1.6.0) changelog + + +### New features: + +Gateway: +* release K8s GatewayAPI as preview [4072](https://github.com/kumahq/kuma/pull/4072) [4022](https://github.com/kumahq/kuma/pull/4022) [4045](https://github.com/kumahq/kuma/pull/4045) [4014](https://github.com/kumahq/kuma/pull/4014) [3956](https://github.com/kumahq/kuma/pull/3956) @jakubdyszkiewicz,@michaelbeaumont +* use MeshGatewayInstance name for generated objects [4097](https://github.com/kumahq/kuma/pull/4097) @michaelbeaumont + +Inspect api: +* add gateways to policy inspect [4125](https://github.com/kumahq/kuma/pull/4125) [4104](https://github.com/kumahq/kuma/pull/4104) [4092](https://github.com/kumahq/kuma/pull/4092) [4088](https://github.com/kumahq/kuma/pull/4088) [4077](https://github.com/kumahq/kuma/pull/4077) [4064](https://github.com/kumahq/kuma/pull/4064) [4065](https://github.com/kumahq/kuma/pull/4065) [3973](https://github.com/kumahq/kuma/pull/3973) [3966](https://github.com/kumahq/kuma/pull/3966) @michaelbeaumont + +ZoneEgress: +* Make zoneegress available in standalone mode [4100](https://github.com/kumahq/kuma/pull/4100) @lahabana +* added locality aware lb for external service [4048](https://github.com/kumahq/kuma/pull/4048) @lukidzi +* make zoneegress routing opt-in [4109](https://github.com/kumahq/kuma/pull/4109) [4013](https://github.com/kumahq/kuma/pull/4013) @lukidzi +* support RateLimit and FaultInjections [4000](https://github.com/kumahq/kuma/pull/4000) @lobkovilya + +Helm: +* Allow customization of image tags in Helm chart [4068](https://github.com/kumahq/kuma/pull/4068) @gdasson +* Expose kuma-cp's metric port so it can be scraped by self-deployed prometheus. [4047](https://github.com/kumahq/kuma/pull/4047) @jbehrends +* add resource limits option for control plane deployment [4049](https://github.com/kumahq/kuma/pull/4049) @gdasson +* fail if global.image.tag and appVersion incompatible [4085](https://github.com/kumahq/kuma/pull/4085) @michaelbeaumont +* set version to track appVersion [4083](https://github.com/kumahq/kuma/pull/4083) @michaelbeaumont +* expose kuma-cp gui through ingress [4101](https://github.com/kumahq/kuma/pull/4101) @lukidzi +* allow specifying security context [4153](https://github.com/kumahq/kuma/pull/4153) @gdasson @bartsmykla + +Other: +* feat(k8s): ability to set custom service account token volume [4036](https://github.com/kumahq/kuma/pull/4036) @johnharris85 +* feat(k8s): shutdown kuma-dp container for any owner kind [4079](https://github.com/kumahq/kuma/pull/4079) @lukidzi +* feat(k8s): support startupProbes [4090](https://github.com/kumahq/kuma/pull/4090) @lahabana +* feat(kuma-cp): add uptime, policies, gateway dps to reports [3933](https://github.com/kumahq/kuma/pull/3933) @parkanzky +* feat(kuma-cp): add metrics and timeouts to CA interface [4089](https://github.com/kumahq/kuma/pull/4089) @parkanzky +* feat(kumactl): add --values and --set to kumactl install control-plane [4086](https://github.com/kumahq/kuma/pull/4086) @lahabana +* feat(transparent-proxy): add experimental tproxy iptables generation [4114](https://github.com/kumahq/kuma/pull/4114) @bartsmykla + +### Dependency upgrades: + +* bump alpine from 3.15.0 to 3.15.2 in /tools/releases/dockerfiles [4060](https://github.com/kumahq/kuma/pull/4060) [4023](https://github.com/kumahq/kuma/pull/4023) @dependabot +* bump github.com/envoyproxy/protoc-gen-validate from 0.6.3 to 0.6.7 [3978](https://github.com/kumahq/kuma/pull/3978) [3976](https://github.com/kumahq/kuma/pull/3976) @dependabot +* bump github.com/go-logr/logr from 1.2.2 to 1.2.3 [4040](https://github.com/kumahq/kuma/pull/4040) @dependabot +* bump github.com/golang-jwt/jwt/v4 from 4.3.0 to 4.4.1 [4061](https://github.com/kumahq/kuma/pull/4061) [4025](https://github.com/kumahq/kuma/pull/4025) @dependabot +* bump github.com/k8s/* from 0.23.4 to 0.23.5 [4043](https://github.com/kumahq/kuma/pull/4043) @lahabana +* bump github.com/miekg/dns from 1.1.46 to 1.1.47 [3998](https://github.com/kumahq/kuma/pull/3998) @dependabot +* bump github.com/onsi/gomega from 1.18.1 to 1.19.0 [4062](https://github.com/kumahq/kuma/pull/4062) @dependabot +* bump github.com/spf13/cobra from 1.3.0 to 1.4.0 [3995](https://github.com/kumahq/kuma/pull/3995) @dependabot +* bump go.uber.org/multierr from 1.7.0 to 1.8.0 [3974](https://github.com/kumahq/kuma/pull/3974) @dependabot +* bump google.golang.org/grpc from 1.44.0 to 1.45.0 [3993](https://github.com/kumahq/kuma/pull/3993) @dependabot +* bump google.golang.org/protobuf from 1.27.1 to 1.28.0 [4046](https://github.com/kumahq/kuma/pull/4046) @dependabot +* bump helm.sh/helm/v3 from 3.8.0 to 3.8.1 [3994](https://github.com/kumahq/kuma/pull/3994) @dependabot +* bump sigs.k8s.io/gateway-api from 0.4.1 to 0.4.2 [3997](https://github.com/kumahq/kuma/pull/3997) @dependabot +* remove dependency on spire [4044](https://github.com/kumahq/kuma/pull/4044) @lahabana + +### Other notable changes: + +* chore(k8s): replace cni registry [4070](https://github.com/kumahq/kuma/pull/4070) @lobkovilya +* chore(k8s): use appProtocol from service by default [4015](https://github.com/kumahq/kuma/pull/4015) @jakubdyszkiewicz +* chore(kuma-dp): cleanup bootstrap version field [3670](https://github.com/kumahq/kuma/pull/3670) @tharun208 +* fix(gateway): fix status updating in MeshGatewayInstance reconciliation [4051](https://github.com/kumahq/kuma/pull/4051) @michaelbeaumont +* fix(gateway): gateway instance service reconciliation loops forever [4035](https://github.com/kumahq/kuma/pull/4035) @jakubdyszkiewicz +* fix(gateway): gateway reconciliation loops forever [4034](https://github.com/kumahq/kuma/pull/4034) @jakubdyszkiewicz +* fix(gateway): gateway tls listeners without hostnames [4093](https://github.com/kumahq/kuma/pull/4093) @jakubdyszkiewicz +* fix(gateway): ignore non TCP protocol for provided gateway [4067](https://github.com/kumahq/kuma/pull/4067) @lahabana +* fix(gateway): mesh gateway instance service target port [4071](https://github.com/kumahq/kuma/pull/4071) @jakubdyszkiewicz +* fix(gateway): skip creating MeshGateways without proper attachment [4011](https://github.com/kumahq/kuma/pull/4011) @jakubdyszkiewicz +* fix(helm): add prefix to `app` label in ingress/egress deployment [4123](https://github.com/kumahq/kuma/pull/4123) @lahabana +* fix(helm): fix other template prefix in ingress/egress [4124](https://github.com/kumahq/kuma/pull/4124) @lahabana +* fix(helm): remove wildcard rbac version [4148](https://github.com/kumahq/kuma/pull/4148) @johnharris85 +* fix(k8s): reconcile serviceMaps when using mesh namespace annotation [3815](https://github.com/kumahq/kuma/pull/3815) @lahabana +* fix(kuma-cp): avoid generating excessive envoy clusters [3984](https://github.com/kumahq/kuma/pull/3984) @lobkovilya +* fix(kuma-cp): default policy creation [4073](https://github.com/kumahq/kuma/pull/4073) @lobkovilya +* fix(kuma-cp): guard the nil version in metadata [3969](https://github.com/kumahq/kuma/pull/3969) @jakubdyszkiewicz +* fix(kuma-cp): provide better message when running with an in-memory database [3982](https://github.com/kumahq/kuma/pull/3982) @lukidzi +* fix(kuma-dp): better error message when the token is invalid [3961](https://github.com/kumahq/kuma/pull/3961) @lahabana +* fix(kumactl): add mesh flag to only commands that uses it [3788](https://github.com/kumahq/kuma/pull/3788) @tharun208 +* fix(kumactl): split yaml correctly in `kumactl apply` [4107](https://github.com/kumahq/kuma/pull/4107) @lahabana +* fix(proxytemplate): avoid validation error [3937](https://github.com/kumahq/kuma/pull/3937) @marcoferrer +* fix(proxytemplate): execute hooks before proxy template modifications [4055](https://github.com/kumahq/kuma/pull/4055) @jakubdyszkiewicz +* perf(k8s): move outbounds from Dataplane to Config [3986](https://github.com/kumahq/kuma/pull/3986) @jakubdyszkiewicz + ## 1.5.1 -> Released on 2021/12/16 +> Released on 2023/02/15 Built on top of [Kuma 1.4.1](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#141) @@ -1263,9 +3837,14 @@ Built on top of [Kuma 1.4.1](https://github.com/kumahq/kuma/blob/master/CHANGELO - Performance continues to be significantly improved. - Authentication tokens are now more secure. +### Includes [kumahq/kuma@1.5.1](https://github.com/kumahq/kuma/releases/tag/1.5.1) changelog + +* chore(k8s): replace cni registry (backport #4070) [4076](https://github.com/kumahq/kuma/pull/4076) +* fix(kuma-cp): default policy creation (backport #4073) [4080](https://github.com/kumahq/kuma/pull/4080) +* fix(kuma-cp): guard the nil version in metadata (backport #3969) [3970](https://github.com/kumahq/kuma/pull/3970) ## 1.5.0 -> Released on 2021/11/22 +> Released on 2023/02/15 Built on top of [Kuma 1.4.0](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#140) @@ -1273,9 +3852,64 @@ Built on top of [Kuma 1.4.0](https://github.com/kumahq/kuma/blob/master/CHANGELO - Support for Windows installation on Universal (VMs) is now available. - Renewable tokens in Vault are now supported. +### Includes [kumahq/kuma@1.5.0](https://github.com/kumahq/kuma/releases/tag/1.5.0) changelog + +* feat(*): zone egress [#3809](https://github.com//kumahq/kuma/pull/3809) [#3757](https://github.com//kumahq/kuma/pull/3757) +* feat(kuma-cp) data plane proxy membership [#3619](https://github.com//kumahq/kuma/pull/3619) +* feat(kuma-cp): reachable services in transparent proxying [#3791](https://github.com//kumahq/kuma/pull/3791) +* feat(inspect-api): retrieve full XDS config [#3768](https://github.com//kumahq/kuma/pull/3768) +* feat(*): inspect api support [#3805](https://github.com//kumahq/kuma/pull/3805) [#3568](https://github.com//kumahq/kuma/pull/3568) [#3462](https://github.com//kumahq/kuma/pull/3462) +* feat(kuma-cp): add proxytemplate to matched policies for inspect poli… [#3786](https://github.com//kumahq/kuma/pull/3786) 👍contributed by @tharun208 +* feat(kuma-cp): enable traffic route for inspect endpoints [#3735](https://github.com//kumahq/kuma/pull/3735) 👍contributed by @tharun208 +* feat(*): move adminPort to DPP resource [#3739](https://github.com//kumahq/kuma/pull/3739) +* feat(helm): add imagePullSecrets support [#3755](https://github.com//kumahq/kuma/pull/3755) 👍contributed by @johnharris85 +* feat(*): enable Gateway with runtime flag [#3736](https://github.com//kumahq/kuma/pull/3736) +* feat(kumactl): add --api-timeout flag [#3723](https://github.com//kumahq/kuma/pull/3723) +* feat: allow for ca/identity secrets for every mesh [#3696](https://github.com//kumahq/kuma/pull/3696) +* feat(kuma-cp): allow extra cm in kuma cp chart [#3671](https://github.com//kumahq/kuma/pull/3671) 👍contributed by @wjrbetts +* feat(kuma-cp): add gui link in index api response [#3675](https://github.com//kumahq/kuma/pull/3675) 👍contributed by @tharun208 +* feat(*): allow ca.crt to be in separate k8s secret [#3638](https://github.com//kumahq/kuma/pull/3638) +* feat(kumactl): add type of logging and tracing backends with name in table output [#3636](https://github.com//kumahq/kuma/pull/3636) 👍contributed by @tharun208 +* feat(kuma-cp): enable client side gRPC keepalive [#3574](https://github.com//kumahq/kuma/pull/3574) +* feat(gui): new onboarding view [kumahq/kuma-gui#194](https://github.com/kumahq/kuma-gui/pull/194) +* feat(gui): link to documentation from policy view [kumahq/kuma-gui#289](https://github.com/kumahq/kuma-gui/pull/289) + +* fix(kuma-cp): do not update unchanged insights [#3819](https://github.com//kumahq/kuma/pull/3819) +* fix(*): do not annotate gateway services with ingress upstream [#3816](https://github.com//kumahq/kuma/pull/3816) +* fix(*): properly escape DB password when creating postgres connection string [#3804](https://github.com//kumahq/kuma/pull/3804) +* fix(kuma-cp): fix missing label sidecar injection [#3740](https://github.com//kumahq/kuma/pull/3740) +* fix(kuma-dp): fix conntrack collisions [#3459](https://github.com//kumahq/kuma/pull/3459) 👍contributed by @johnharris85 +* fix(conf): remove invalid health check fields from example [#3697](https://github.com//kumahq/kuma/pull/3697) 👍contributed by @tharun208 +* fix(kuma-dp): binary lookup function skips not available directories [#3667](https://github.com//kumahq/kuma/pull/3667) +* fix(k8s): make sure controllers start after leader election [#3666](https://github.com//kumahq/kuma/pull/3666) +* fix(build): fix gomega matchers for inspect resources command test [#3660](https://github.com//kumahq/kuma/pull/3660) [#3651](https://github.com//kumahq/kuma/pull/3651) 👍contributed by @tharun208 +* fix(kumactl): ignore any unregistered CRDs, not only from the root chart [#3643](https://github.com//kumahq/kuma/pull/3643) +* fix(kumactl): print meta before spec for Kuma resources [#3637](https://github.com//kumahq/kuma/pull/3637) +* fix(kuma-cp): add cp selector to global sync service [#3579](https://github.com//kumahq/kuma/pull/3579) +* fix(kuma-cp) do not override other dataplane with dp lifecycle [#3507](https://github.com//kumahq/kuma/pull/3507) +* fix(helm) Add support to customize nodeport [#1944](https://github.com//kumahq/kuma/pull/1944) 👍contributed by @bhiravabhatla + +* perf(kuma-cp): use mesh snapshot in proxy builder [#3700](https://github.com//kumahq/kuma/pull/3700) +* perf(kuma-cp): use mesh snapshot in gateway [#3710](https://github.com//kumahq/kuma/pull/3710) +* perf(kuma-cp): share mesh context [#3659](https://github.com//kumahq/kuma/pull/3659) + +* improvement(metadata): include name of annotation to parse error message [#3677](https://github.com//kumahq/kuma/pull/3677) 👍contributed by @ChinYing-Li +* refactor(insights): delete method GetLatestSubscription for insights [#3656](https://github.com//kumahq/kuma/pull/3656) 👍contributed by @tharun208 +* refactor(kuma-cp): unify mesh determination for k8s objects [#3708](https://github.com//kumahq/kuma/pull/3708) +* refactor(*): replace ensureDefaultXXX functions with a single generic function [#3662](https://github.com//kumahq/kuma/pull/3662) 👍contributed by @tharun208 +* chore(zone-ingress): delete deprecated env KUMA_DATAPLANE_ADMIN_PORT [#3766](https://github.com//kumahq/kuma/pull/3766) +* chore(k8s): remove GetBool method and use GetEnabled [#3698](https://github.com//kumahq/kuma/pull/3698) 👍contributed by @tharun208 +* chore(*): generate CRD types [#3453](https://github.com//kumahq/kuma/pull/3453) +* chore(dataplane)!: disallow using 0.0.0.0 in networking.address for dp [#3691](https://github.com//kumahq/kuma/pull/3691) +* chore(kuma-cp): consolidate mesh defaults creation [#3678](https://github.com//kumahq/kuma/pull/3678) +* chore(config): remove ability to disable insights [#3501](https://github.com//kumahq/kuma/pull/3501) +* chore(*): remove old Ingress [#3435](https://github.com//kumahq/kuma/pull/3435) +* chore(*): upgrade Envoy to v1.21.1 [#3909](https://github.com//kumahq/kuma/pull/3909) +* chore(grafana): update to latest grafana plugin version [#3812](https://github.com//kumahq/kuma/pull/3812) +* ci(*): release on every commit in master and release branches [#3712](https://github.com//kumahq/kuma/pull/3712) ## 1.4.1 -> Released on 2021/10/06 +> Released on 2023/02/15 Built on top of [Kuma 1.3.1](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#131) @@ -1284,17 +3918,37 @@ Built on top of [Kuma 1.3.1](https://github.com/kumahq/kuma/blob/master/CHANGELO - The number of PostgreSQL connections is now limited to 50 by default. The default value was previously unlimited; you can still configure the limit if needed. - You can now select a specific zone in the Kuma Service dashboard and in the Service to Service dashboard. - -## 1.3.4 -> Released on 2021/09/15 - -Built on top of [Kuma 1.2.3](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#123) - -- Moved to a Kuma fork of `go-control-plane` that fixes a Goroutine leak - +### Includes [kumahq/kuma@1.4.1](https://github.com/kumahq/kuma/releases/tag/1.4.1) changelog + +* feat: add kubernetes tags automatically [#3439](https://github.com//kumahq/kuma/pull/3439) +* perf: update Mesh and ServiceInsights only when really needed [#3463](https://github.com//kumahq/kuma/pull/3463) +* perf: eliminate uneccessary JSON marshalling [#3483](https://github.com//kumahq/kuma/pull/3483) +* feat: sidecar injection webhook based on labels [#3417](https://github.com//kumahq/kuma/pull/3417) +* chore: upgrade gui to new version [#3454](https://github.com//kumahq/kuma/pull/3454) +* test: fix postgress tests permissions [#3443](https://github.com//kumahq/kuma/pull/3443) +* feat: add affinity to CP and Ingress pods [#3036](https://github.com//kumahq/kuma/pull/3036) + 👍contributed by @andrey-dubnik +* chore: bump github.com/golang-jwt/jwt/v4 from 4.1.0 to 4.2.0 [#3432](https://github.com//kumahq/kuma/pull/3432) +* feat: consolidate tokens logic to support expiration, rotation, revocation and RSA256 [#3376](https://github.com/kumahq/kuma/pull/3376) +* fix: simplify cluster creation with endpoints [#3403](https://github.com//kumahq/kuma/pull/3403) +* fix: enable metrics hijacker for current version of Kuma [#3405](https://github.com//kumahq/kuma/pull/3405) +* fix: switch to mTLS when CP communicates with Envoy Admin [#3353](https://github.com//kumahq/kuma/pull/3353) +* chore: bump github.com/spiffe/spire from 0.12.3 to 1.1.1 [#3388](https://github.com//kumahq/kuma/pull/3388) +* chore: bump github.com/spf13/viper from 1.8.1 to 1.9.0 [#3389](https://github.com//kumahq/kuma/pull/3389) +* fix: validate cp url in dp conf [#3357](https://github.com//kumahq/kuma/pull/3357) +* chore: send reports to tls endpoint [#3361](https://github.com//kumahq/kuma/pull/3361) +* chore: check explicit service account name [#3228](https://github.com//kumahq/kuma/pull/3228) +* feat: inspect other dependencies versions [#3352](https://github.com//kumahq/kuma/pull/3352) +* chore: add area/gateway label [#3263](https://github.com//kumahq/kuma/pull/3263) +* chore: remove dp token from xds metadata [#3282](https://github.com//kumahq/kuma/pull/3282) +* refactor: move from io/ioutil to io and os packages [#3265](https://github.com//kumahq/kuma/pull/3265) + 👍contributed by @Juneezee +* fix: validate newly generated xDS snapshots [#3195](https://github.com//kumahq/kuma/pull/3195) +* chore: bump k8s.io/apiextensions-apiserver from 0.22.3 to 0.22.4 [#3218](https://github.com//kumahq/kuma/pull/3218) +* chore: bump helm chart version to 0.8 [#3202](https://github.com//kumahq/kuma/pull/3202) ## 1.4.0 -> Released on 2021/08/25 +> Released on 2023/02/15 Built on top of [Kuma 1.3.0](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#130) @@ -1304,9 +3958,87 @@ Built on top of [Kuma 1.3.0](https://github.com/kumahq/kuma/blob/master/CHANGELO - You can now customize hostnames and ports for data plane proxies with a new virtual outbound policy. - You can more easily specify intermediate CAs with mTLS. +### Includes [kumahq/kuma@1.4.0](https://github.com/kumahq/kuma/releases/tag/1.4.0) changelog + +* chore(*) scripts for build, publish and fetch Envoy binaries [#3110](https://github.com//kumahq/kuma/pull/3110) [#3182](https://github.com//kumahq/kuma/pull/3182) +* chore(kuma-cp) upgrade gui to new version [#3178](https://github.com//kumahq/kuma/pull/3178) [#3179](https://github.com//kumahq/kuma/pull/3179) +* chore(kuma-cp) Use go structs instead of gotemplate for bootstrap [#3156](https://github.com//kumahq/kuma/pull/3156) [#3173](https://github.com//kumahq/kuma/pull/3173) +* chore(deps): bump github.com/slok/go-http-metrics from 0.9.0 to 0.10.0 [#3170](https://github.com//kumahq/kuma/pull/3170) +* Disable reporting by default [#3070](https://github.com//kumahq/kuma/pull/3070) [#3159](https://github.com//kumahq/kuma/pull/3159) +* chore(kumactl) remove install CRDs filter function [#3139](https://github.com//kumahq/kuma/pull/3139) +* feat(kuma-dp) Add conf to disable service vip [#3143](https://github.com//kumahq/kuma/pull/3143) +* chore(kuma-cp) update some TODO comments [#3141](https://github.com//kumahq/kuma/pull/3141) +* feat(kuma-cp) Add kuma.io/ignore annotation [#3142](https://github.com//kumahq/kuma/pull/3142) +* fix(kuma-dp) match gateway cluster names in the hijacker [#3106](https://github.com//kumahq/kuma/pull/3106) +* feat: add ECDSA certificate generator support [#3093](https://github.com//kumahq/kuma/pull/3093) +* feat: add more global resources to GlobalInsights [#3094](https://github.com//kumahq/kuma/pull/3094) +* feat: allow creating secrets for the not yet existing mesh [#3076](https://github.com//kumahq/kuma/pull/3076) + 👍contributed by cloudwiz +* feat: don't add v6 in DNS when v6 is disabled [#3089](https://github.com//kumahq/kuma/pull/3089) +* fix: explicitly disable dns in env when disabled in injector [#3077](https://github.com//kumahq/kuma/pull/3077) +* feat: added support for https tracing endpoint [#3057](https://github.com//kumahq/kuma/pull/3057) + 👍contributed by sudeeptoroy +* fix: normalize generating TLS certificates [#3027](https://github.com//kumahq/kuma/pull/3027) +* fix: zero downtime when enabling permissive mTLS [#3019](https://github.com//kumahq/kuma/pull/3019) +* feat: add deprecation notice for kuma-prometheus-sd [#2994](https://github.com//kumahq/kuma/pull/2994) +* feat: add GlobalInsights api endpoint [#3018](https://github.com//kumahq/kuma/pull/3018) +* fix: duplicate TLS certificate usage [#3008](https://github.com//kumahq/kuma/pull/3008) +* chore: add command argument count parameters [#3010](https://github.com//kumahq/kuma/pull/3010) +* feat: aggregate dp stats by type in MeshInsight [#2999](https://github.com//kumahq/kuma/pull/2999) +* chore: delete CLI flag '--bootstrap-version' [#2965](https://github.com//kumahq/kuma/pull/2965) +* feat: show the effective Dataplane address [#2977](https://github.com//kumahq/kuma/pull/2977) +* feat: aggregate services in MeshInsight [#2974](https://github.com//kumahq/kuma/pull/2974) +* fix: allow only one healthcheck [#2972](https://github.com//kumahq/kuma/pull/2972) +* feat: give CA managers all backends at once [#2956](https://github.com//kumahq/kuma/pull/2956) +* chore: normalize timeout configurer API [#2934](https://github.com//kumahq/kuma/pull/2934) +* fix: locality-aware lb for external-services [#2903](https://github.com//kumahq/kuma/pull/2903) +* feat: add install control-plane --version flag for all components [#2904](https://github.com//kumahq/kuma/pull/2904) +* feat: add zone selector to Kuma Mesh dashboard [#2860](https://github.com//kumahq/kuma/pull/2860) +* fix: possible to delete resources on Zone CP [#2665](https://github.com//kumahq/kuma/pull/2665) +* fix: make cluster names contextually unique [#3098](https://github.com//kumahq/kuma/pull/3098) +* feat: automatically enable gzip content on gateways [#3104](https://github.com//kumahq/kuma/pull/3104) +* feat: add Gateway TLS termination support [#3044](https://github.com//kumahq/kuma/pull/3044) +* feat: add gateway support for external services [#2990](https://github.com//kumahq/kuma/pull/2990) +* fix: enable secrets support for Gateway resources [#2953](https://github.com//kumahq/kuma/pull/2953) +* feat: initial connection policy support for Gateway [#2933](https://github.com//kumahq/kuma/pull/2933) +* feat: add access to generate zone ingress token [#3075](https://github.com//kumahq/kuma/pull/3075) +* feat: user token with RSA256 [#2992](https://github.com//kumahq/kuma/pull/2992) +* feat: prefix system users and groups with mesh-system [#3013](https://github.com//kumahq/kuma/pull/3013) +* feat: localhost is not an admin on kubernetes [#3003](https://github.com//kumahq/kuma/pull/3003) +* feat: user token enabled by default [#2941](https://github.com//kumahq/kuma/pull/2941) +* feat: Admin User Token bootstrap [#2923](https://github.com//kumahq/kuma/pull/2923) +* chore: refactor access control for individual access [#2983](https://github.com//kumahq/kuma/pull/2983) +* feat: support plugin based authentication including user tokens [#2895](https://github.com//kumahq/kuma/pull/2895) +* feat: User Token for API Server authentication [#2892](https://github.com//kumahq/kuma/pull/2892) +* chore: refactor authz and authn to plugins [#2837](https://github.com//kumahq/kuma/pull/2837) +* chore(kuma-cp) upgrade gui to new version [#3148](https://github.com//kumahq/kuma/pull/3148) +* chore(*) upgrade to Go 1.17.3 [#3147](https://github.com//kumahq/kuma/pull/3147) +* chore(deps): bump github.com/operator-framework/operator-lib [#3158](https://github.com//kumahq/kuma/pull/3158) +* chore(deps): bump github.com/gruntwork-io/terratest [#3130](https://github.com//kumahq/kuma/pull/3130) +* chore: update helm and controller-runtime [#2764](https://github.com//kumahq/kuma/pull/2764) +* chore: bump github.com/lib/pq from 1.10.3 to 1.10.4 [#3131](https://github.com//kumahq/kuma/pull/3131) +* chore: bump google.golang.org/grpc from 1.41.0 to 1.42.0 [#3101](https://github.com//kumahq/kuma/pull/3101) +* chore: bump github.com/prometheus/common from 0.31.1 to 0.32.1 [#3006](https://github.com//kumahq/kuma/pull/3006) +* chore: bump github.com/envoyproxy/protoc-gen-validate [#3007](https://github.com//kumahq/kuma/pull/3007) +* chore: bump github.com/google/uuid from 1.2.0 to 1.3.0 [#2839](https://github.com//kumahq/kuma/pull/2839) +* chore: bump sigs.k8s.io/controller-runtime from 0.10.2 to 0.10.3 [#3132](https://github.com//kumahq/kuma/pull/3132) +* chore: bump k8s.io/client-go from 0.22.2 to 0.22.3 [#3061](https://github.com//kumahq/kuma/pull/3061) +* chore: bump k8s.io/apiextensions-apiserver from 0.22.2 to 0.22.3 [#3059](https://github.com//kumahq/kuma/pull/3059) +* chore: bump k8s.io/api from 0.22.2 to 0.22.3 [#3058](https://github.com//kumahq/kuma/pull/3058) +* chore: bump github.com/golang-migrate/migrate/v4 [#2970](https://github.com//kumahq/kuma/pull/2970) +* chore: bump helm.sh/helm/v3 from 3.6.1 to 3.7.1 [#2968](https://github.com//kumahq/kuma/pull/2968) +* chore: bump github.com/miekg/dns from 1.0.14 to 1.1.43 in /pkg/transparentproxy/istio [#2752](https://github.com//kumahq/kuma/pull/2752) + +## 1.3.4 +> Released on 2023/02/15 + +Built on top of [Kuma 1.2.3](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#123) + +- Moved to a Kuma fork of `go-control-plane` that fixes a Goroutine leak + ## 1.3.3 -> Released on 2021/07/29 +> Released on 2023/02/15 Built on top of [Kuma 1.2.3](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#123) @@ -1316,7 +4048,7 @@ Built on top of [Kuma 1.2.3](https://github.com/kumahq/kuma/blob/master/CHANGELO ## 1.3.2 -> Released on 2021/07/16 +> Released on 2023/02/15 Built on top of [Kuma 1.2.2](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#122) @@ -1328,7 +4060,7 @@ Built on top of [Kuma 1.2.2](https://github.com/kumahq/kuma/blob/master/CHANGELO ## 1.3.1 -> Released on 2021/06/30 +> Released on 2023/02/15 Built on top of [Kuma 1.2.1](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#121) @@ -1338,9 +4070,57 @@ Built on top of [Kuma 1.2.1](https://github.com/kumahq/kuma/blob/master/CHANGELO - (Kong Mesh only) The CNI config name is now always prefixed with `kuma-cni`. - (Kong Mesh only) TTL is no longer validated for Vault. +### Includes [kumahq/kuma@1.3.1](https://github.com/kumahq/kuma/releases/tag/1.3.1) changelog + +* fix: disable zone [#2884](https://github.com//kumahq/kuma/pull/2884) +* fix: limit number of postgres connection by default [#2866](https://github.com//kumahq/kuma/pull/2866) +* feat: add zone selector to Kuma Service to Service dashboard [#2876](https://github.com//kumahq/kuma/pull/2876) +* feat: add zone selector to Kuma Service dashboard [#2865](https://github.com//kumahq/kuma/pull/2865) +* feat: add zone selector to Kuma Dataplane dashboard [#2864](https://github.com//kumahq/kuma/pull/2864) +* fix: fix duplicates in dataplane list in Kuma Services dashboard [#2845](https://github.com//kumahq/kuma/pull/2845) +* chore: migrate install resources from rbac API v1beta1 to v1 [#2875](https://github.com//kumahq/kuma/pull/2875) +* fix: fault injection matching [#2757](https://github.com//kumahq/kuma/pull/2757) +* fix: delete kuma.io/region and kuma.io/sub-zone [#2824](https://github.com//kumahq/kuma/pull/2824) +* feat: print control plane version with version cmd [#2834](https://github.com//kumahq/kuma/pull/2834) +* fix: Only warn about version compatibility where it makes sense [#2828](https://github.com//kumahq/kuma/pull/2828) +* perf: remove insight update rate limit burst [#2825](https://github.com//kumahq/kuma/pull/2825) +* perf: apply ratelimit to service insights [#2815](https://github.com//kumahq/kuma/pull/2815) +* feat: adds support for specifying specific IP for cloud provider load balancers for ingress service [#2779](https://github.com//kumahq/kuma/pull/2779) + 👍contributed by @jamesdbloom +* fix: send tool output to stdout [#2787](https://github.com//kumahq/kuma/pull/2787) +* fix: switch to a Kuma fork of go-control-plane [#2771](https://github.com//kumahq/kuma/pull/2771) +* chore: parametrize label on the deployment [#2765](https://github.com//kumahq/kuma/pull/2765) +* perf: set Node only on first DiscoveryRequest [#2741](https://github.com//kumahq/kuma/pull/2741) +* feat: verify ServiceAccountToken bound to a Pod [#2745](https://github.com//kumahq/kuma/pull/2745) +* feat: internal dns should resolve AAAA records [#2760](https://github.com//kumahq/kuma/pull/2760) +* fix: Add FORMERR and NOTIMP in alternate default coredns conf [#2756](https://github.com//kumahq/kuma/pull/2756) +* fix: virtual probes with query [#2706](https://github.com//kumahq/kuma/pull/2706) +* fix: Avoid calling `Send()` from different goroutines [#2573](https://github.com//kumahq/kuma/pull/2573) +* feat: automatically set proxy concurrency [#2691](https://github.com//kumahq/kuma/pull/2691) +* feat: Improve builtin grafana setup to have traces and logs linked [#2716](https://github.com//kumahq/kuma/pull/2716) +* fix: Show gateway services in service-insights [#2711](https://github.com//kumahq/kuma/pull/2711) +* fix: Correct bad merging of duration [#2700](https://github.com//kumahq/kuma/pull/2700) +* fix: Ensure outbounds are set when migrating from old to new [#2698](https://github.com//kumahq/kuma/pull/2698) +* fix: get rid of regex for parsing IPs [#2681](https://github.com//kumahq/kuma/pull/2681) +* feat: add CP config to ZoneInsights [#2661](https://github.com//kumahq/kuma/pull/2661) +* feat: generate GatewayRoute clusters [#2819](https://github.com//kumahq/kuma/pull/2819) +* feat: add GatewayRoute route generation [#2782](https://github.com//kumahq/kuma/pull/2782) +* feat: match gateway routes [#2758](https://github.com//kumahq/kuma/pull/2758) +* feat: initial gateway TrafficRoute support [#2547](https://github.com//kumahq/kuma/pull/2547) +* feat: add a GatewayRoute resource [#2591](https://github.com//kumahq/kuma/pull/2591) +* chore: update base image for kuma-dp [#2881](https://github.com//kumahq/kuma/pull/2881) +* chore: change Go JWT version to fix security vunerability [#2844](https://github.com//kumahq/kuma/pull/2844) +* chore: bump go.uber.org/zap from 1.17.0 to 1.19.1 [#2768](https://github.com//kumahq/kuma/pull/2768) +* chore: bump google.golang.org/grpc from 1.38.0 to 1.40.0 [#2737](https://github.com//kumahq/kuma/pull/2737) +* chore: bump github.com/miekg/dns from 1.1.42 to 1.1.43 [#2769](https://github.com//kumahq/kuma/pull/2769) +* chore: upgrade github.com/spf13/cobra [#2732](https://github.com//kumahq/kuma/pull/2732) +* chore: bump alpine in /tools/releases/dockerfiles [#2705](https://github.com//kumahq/kuma/pull/2705) +* chore: bump github.com/onsi/gomega from 1.13.0 to 1.16.0 [#2657](https://github.com//kumahq/kuma/pull/2657) +* chore: update envoy to 1.18.4 [#2667](https://github.com//kumahq/kuma/pull/2667) + ## 1.3.0 -> Released on 2021/06/17 +> Released on 2023/02/15 Built on top of [Kuma 1.2.0](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#120) @@ -1352,9 +4132,66 @@ Built on top of [Kuma 1.2.0](https://github.com/kumahq/kuma/blob/master/CHANGELO - More improvements, including a fix for GCP/GKE's erratic IPv6 support. - Updated to Envoy 1.18.3. +### Includes [kumahq/kuma@1.3.0](https://github.com/kumahq/kuma/releases/tag/1.3.0) changelog + +* feat: remove provided ca cert validation [#2663](https://github.com/kumahq/kuma/pull/2663) + 👍contributed by Nikita Pande (@nikita15p) +* feat: Use kuma-sd in kumactl install metrics [#2654](https://github.com/kumahq/kuma/pull/2654) +* feat: Add new datasource to kumactl install metrics [#2640](https://github.com/kumahq/kuma/pull/2640) +* fix: remove extra endline in traffic log default template [#2514](https://github.com//kumahq/kuma/pull/2514) +* fix: TLSInspector is causing tcp healthcheck failures [#2639](https://github.com//kumahq/kuma/pull/2639) +* feat: Add rate-limit to outbound interfaces [#2435](https://github.com//kumahq/kuma/pull/2435) +* fix: print a newline with transparent proxy setup message [#2634](https://github.com//kumahq/kuma/pull/2634) +* chore: bump alpine in /tools/releases/dockerfiles [#2531](https://github.com//kumahq/kuma/pull/2531) +* chore: annotate required fields in proto files [#2556](https://github.com//kumahq/kuma/pull/2556) +* chore: remove MADS v1alpha1 [#2632](https://github.com//kumahq/kuma/pull/2632) +* chore: parametrize kuma tracing in ZipkinCollectorURL [#2635](https://github.com//kumahq/kuma/pull/2635) +* chore: Add the number of services to usage stats [#2628](https://github.com//kumahq/kuma/pull/2628) +* feat: Add the permissive mTLS mode [#2579](https://github.com//kumahq/kuma/pull/2579) +* chore: open CAProvider and MeshValidator for extensions [#2618](https://github.com//kumahq/kuma/pull/2618) +* feat: Add entity for virtual-outbound [#2576](https://github.com//kumahq/kuma/pull/2576) +* fix: Don't set zap.Development() in debug log [#2608](https://github.com//kumahq/kuma/pull/2608) +* chore(kuma-cp) upgrade gui to new version [#2611](https://github.com//kumahq/kuma/pull/2611), [#2452](https://github.com//kumahq/kuma/pull/2452), [#2554](https://github.com//kumahq/kuma/pull/2554), [#2528](https://github.com//kumahq/kuma/pull/2528), [#2497](https://github.com//kumahq/kuma/pull/2497), [#2490](https://github.com//kumahq/kuma/pull/2490), [#2481](https://github.com//kumahq/kuma/pull/2481) +* feat: Build kuma on Windows [#2597](https://github.com//kumahq/kuma/pull/2597), [#2606](https://github.com//kumahq/kuma/pull/2606), [#2559](https://github.com//kumahq/kuma/pull/2559) +* feat: Add CA backend stats in Dataplane and Mesh Insights [#2562](https://github.com//kumahq/kuma/pull/2562) +* fix: missing key for kv in reports logging [#2598](https://github.com//kumahq/kuma/pull/2598) +* chore: split listener configurers across source files [#2592](https://github.com//kumahq/kuma/pull/2592) +* feat: add simple HTTP connection configurers [#2593](https://github.com//kumahq/kuma/pull/2593) +* feat: add virtual host domain name configurer [#2590](https://github.com//kumahq/kuma/pull/2590) +* feat: return instance and cluster IDs in kuma-cp API statuses [#2589](https://github.com//kumahq/kuma/pull/2589) +* tests: allow kuma-specific const to be overridden [#2582](https://github.com//kumahq/kuma/pull/2582) +* feat: Intermediate CA support [#2575](https://github.com//kumahq/kuma/pull/2575) +* fix: Avoid nil dereferencing in dp validator [#2578](https://github.com//kumahq/kuma/pull/2578) +* chore: consistently use utils package for protobuf wrappers [#2570](https://github.com//kumahq/kuma/pull/2570) +* fix: subscription finalizer, rev 2 [#2526](https://github.com//kumahq/kuma/pull/2526) +* tests: fix flaky test for locality aware loadbalancing [#2564](https://github.com//kumahq/kuma/pull/2564) +* fix: DP tracking lock consistency fix [#2567](https://github.com//kumahq/kuma/pull/2567) +* chore: Certificates over ADS [#2558](https://github.com//kumahq/kuma/pull/2558) +* chore: migrate DiscoveryRequest/Response in KDS to V3 [#2541](https://github.com//kumahq/kuma/pull/2541) +* feat: Rewrite dns persistence to allow virtual-outbound to be added [#2484](https://github.com//kumahq/kuma/pull/2484) +* fix: deleted default policy is created on Kuma CP restart [#2507](https://github.com//kumahq/kuma/pull/2507) +* chore: Move kumactl logging arguments to where they can be parameterized [#2544](https://github.com//kumahq/kuma/pull/2544) +* chore: add route and virtual host configuration helpers [#2517](https://github.com//kumahq/kuma/pull/2517) +* chore: fix kumactl generate dataplane proxy-type flag deprecation message [#2522](https://github.com//kumahq/kuma/pull/2522) + 👍contributed by Tharun Rajendran +* chore: Simplify resource-gen.go by generating `ResourceDescriptor` [#2511](https://github.com//kumahq/kuma/pull/2511) +* chore: Replace netcat with test server [#2510](https://github.com//kumahq/kuma/pull/2510) +* feat: configure SNI on ExternalService [#2467](https://github.com//kumahq/kuma/pull/2467) +* chore: add importas to golangci-lint [#2516](https://github.com//kumahq/kuma/pull/2516) + 👍contributed by Tharun Rajendran +* chore: add to resource-gen.go generation of kds options [#2487](https://github.com//kumahq/kuma/pull/2487) +* chore: add to resource-gen.go generation of kumactl options [#2469](https://github.com//kumahq/kuma/pull/2469) +* fix: add owner when create ZoneIngressInsight [#2456](https://github.com//kumahq/kuma/pull/2456) +* fix: hijacker merge labels [#2476](https://github.com//kumahq/kuma/pull/2476) +* chore: improve resource-gen by auto generating ws code [#2466](https://github.com//kumahq/kuma/pull/2466) +* fix: clarify invalid resource type message [#2473](https://github.com//kumahq/kuma/pull/2473) +* fix: implement TextMarshaler for JSON keys [#2475](https://github.com//kumahq/kuma/pull/2475) +* chore: simplify resourceWsDefinition and server init [#2477](https://github.com//kumahq/kuma/pull/2477) +* fix: Stop adding outbounds to dp for vips [#2421](https://github.com//kumahq/kuma/pull/2421) +* chore(*) make port validation consistent [#2448](https://github.com//kumahq/kuma/pull/2448) ## 1.2.6 -> Released on 2021/05/13 +> Released on 2023/02/15 Built on top of [Kuma 1.1.6](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#116). @@ -1369,7 +4206,7 @@ now includes a `reuse_connection` option. ## 1.2.5 -> Released on 2021/04/30 +> Released on 2023/02/15 Built on top of [Kuma 1.1.5](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#115). @@ -1380,7 +4217,7 @@ Built on top of [Kuma 1.1.5](https://github.com/kumahq/kuma/blob/master/CHANGELO ## 1.2.4 -> Released on 2021/04/19 +> Released on 2023/02/15 Built on top of [Kuma 1.1.4](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#114). @@ -1388,15 +4225,24 @@ Includes important bug fixes to version 1.1.3 of Kuma, plus improvements to the ## 1.2.3 -> Released on 2021/04/16 +> Released on 2023/02/15 Built on top of [Kuma 1.1.3](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#113). Notably: - Built-in DNS provides support for specifying external services by original hostname and port +### Includes [kumahq/kuma@1.2.3](https://github.com/kumahq/kuma/releases/tag/1.2.3) changelog + +* fix(kumactl) warn about fail to check the CP version [#2438](https://github.com//kumahq/kuma/pull/2438) +* fix(kuma-cp) handle missing connection info [#2439](https://github.com//kumahq/kuma/pull/2439) +* chore(xds) rename logger to have consistent naming style [#2375](https://github.com//kumahq/kuma/pull/2375) + 👍contributed by burntcarrot +* fix(kuma-cp) set better keep-alive for bootstrap [#2432](https://github.com//kumahq/kuma/pull/2432) +* fix(kuma-dp) validate the DP proxy type [#2186](https://github.com//kumahq/kuma/pull/2186) +* fix(kuma-cp) use the typed config for TLS Inspector [#2373](https://github.com//kumahq/kuma/pull/2373) ## 1.2.2 -> Released on 2021/04/12 +> Released on 2023/02/15 Built on top of Kuma 1.1.2 with [fixes and improvements](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#112). Features include: - 19 new observability charts and golden metrics. @@ -1405,16 +4251,52 @@ Built on top of Kuma 1.1.2 with [fixes and improvements](https://github.com/kuma - Performance improvements, especially with external services. - Stability improvements to kuma-cp and DNS resolution. +### Includes [kumahq/kuma@1.2.2](https://github.com/kumahq/kuma/releases/tag/1.2.2) changelog + +* feat: add datadog traffic tracing [#2269](https://github.com//kumahq/kuma/pull/2247) +* refactor: add kumactl install tracing context [#2343](https://github.com//kumahq/kuma/pull/2343) +* chore: improve kumactl install transparent-proxy flags description, add extra validation [#2352](https://github.com//kumahq/kuma/pull/2352) +* fix: broken SDS auth and XDS generation on rapid DP restarts [#2342](https://github.com//kumahq/kuma/pull/2342) +* fix: allow verbose log levels [#2351](https://github.com//kumahq/kuma/pull/2351) +* chore: use resource types for DataplaneInsight tracking [#2324](https://github.com//kumahq/kuma/pull/2324) +* chore: improve resource manager initialization readability [#2316](https://github.com//kumahq/kuma/pull/2316) +* chore: upgrade gui to new version [#2340](https://github.com//kumahq/kuma/pull/2340), [#2325](https://github.com//kumahq/kuma/pull/2325), [#2315](https://github.com//kumahq/kuma/pull/2315) +* fix: allocate a new VIP for ExternalService host [#2302](https://github.com//kumahq/kuma/pull/2302) +* fix: stop components on leader election lost [#2318](https://github.com//kumahq/kuma/pull/2318) +* chore: generate system resource wrappers [#2282](https://github.com//kumahq/kuma/pull/2282), [#2311](https://github.com//kumahq/kuma/pull/2311) +* chore: remove access log V2 [#2301](https://github.com//kumahq/kuma/pull/2301) +* chore: generate DeepCopy interfaces [#2222](https://github.com//kumahq/kuma/pull/2222) +* chore: disable log sampling [#2273](https://github.com//kumahq/kuma/pull/2273) +* chore: upgrade Protocol Buffers [#2244](https://github.com//kumahq/kuma/pull/2244) +* chore: change default number of insights subscriptions [#2266](https://github.com//kumahq/kuma/pull/2266) +* chore: make the authentication interface type oblivious [#2271](https://github.com//kumahq/kuma/pull/2271) +* fix: fix hds disabled on dpserver [#2268](https://github.com//kumahq/kuma/pull/2268) + 👍contributed by Bastien Chatelard +* chore: refactor xDS metadata to store a generic resource [#2264](https://github.com//kumahq/kuma/pull/2264) +* feat: change KDS max message limit [#2265](https://github.com//kumahq/kuma/pull/2265) ## 1.2.1 -> Released on 2021/03/15 +> Released on 2023/02/15 - Fix to include the OPA CRD in the deployment - Build on top of Kuma 1.1.1 with [fixes and improvements](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#111) +### Includes [kumahq/kuma@1.2.1](https://github.com/kumahq/kuma/releases/tag/1.2.1) changelog + +* fix: Dataplane/ZoneIngress/Zone status problem when control plane forcefully exits [#2246](https://github.com//kumahq/kuma/pull/2246) +* chore: reduce memory usage by reducing cache key size [#2214](https://github.com//kumahq/kuma/pull/2214) [#2230](https://github.com//kumahq/kuma/pull/2230) + 👍contributed by nhamlh +* fix: ZoneIngress always shows up as 'offline' [#2209](https://github.com//kumahq/kuma/pull/2209) +* feat: dataplane use advertise address to add a routable ip if address is not public ip [#2116](https://github.com//kumahq/kuma/pull/2116) + 👍contributed by sudeeptoroy +* fix: builtin DNS resolve alias with dots [#2208](https://github.com//kumahq/kuma/pull/2208) +* feat: add SNI to TLSed ExternalServices [#2211](https://github.com//kumahq/kuma/pull/2211) +* fix: fix race condition in cache [#2202](https://github.com//kumahq/kuma/pull/2202) + 👍contributed by nhamlh +* fix: supported versions of Kuma DP in the GUI [#2193](https://github.com//kumahq/kuma/pull/2193) ## 1.2.0 -> Released on 2021/03/09 +> Released on 2023/02/15 - Added Open Policy Agent integration - Improved authentication support for control planes in multi-zone deployments, with the Kuma Discovery Protocol (KDS) @@ -1422,3 +4304,69 @@ Built on top of Kuma 1.1.2 with [fixes and improvements](https://github.com/kuma - Added XDSv3 for control plane to data plane proxy communication - Build on top of Kuma 1.1.0 with [fixes and improvements](https://github.com/kumahq/kuma/blob/master/CHANGELOG.md#110) +### Includes [kumahq/kuma@1.2.0](https://github.com/kumahq/kuma/releases/tag/1.2.0) changelog + +* feat: Introduce ZoneIngress [#2147](https://github.com//kumahq/kuma/pull/2147) [#2169](https://github.com//kumahq/kuma/pull/2169) +* feat: enable dataplane dns by default [#2152](https://github.com//kumahq/kuma/pull/2152) +* feat: add --verbose flag to kuma-init [#2156](https://github.com//kumahq/kuma/pull/2156) +* feat: log rotation [#2100](https://github.com//kumahq/kuma/pull/2100) + 👍contributed by @nikita15p +* feat: mads, allow specifying fetch-timeout via query param [#2148](https://github.com//kumahq/kuma/pull/2148) + 👍contributed by @austince +* feat: mads, add support for HTTP long polling [#2121](https://github.com//kumahq/kuma/pull/2121) + 👍contributed by @austince +* feat(mads) implement v1 API [#1753](https://github.com//kumahq/kuma/pull/1753) + 👍contributed by @austince +* feat: add RateLimit policy [#2083](https://github.com//kumahq/kuma/pull/2083) +* feat: TrafficRoute L7 [#2013](https://github.com//kumahq/kuma/pull/2013) + [#2042](https://github.com//kumahq/kuma/pull/2042) [#2062](https://github.com//kumahq/kuma/pull/2062) + [#2072](https://github.com//kumahq/kuma/pull/2072) [#2168](https://github.com//kumahq/kuma/pull/2168) + +* feat: allow renegotiation for TLS in ExternalServices [#2135](https://github.com//kumahq/kuma/pull/2135) +* feat: pass header when communicating with CP [#2049](https://github.com//kumahq/kuma/pull/2049) + 👍contributed by sudeeptoroy +* feat: change default traffic route policy [#2075](https://github.com//kumahq/kuma/pull/2075) +* feat: command to install kong enterprise ingress [#1999](https://github.com//kumahq/kuma/pull/1999) +* feat: add postgres max idle connections configuration [#2020](https://github.com//kumahq/kuma/pull/2020) + 👍contributed by @nikita15p +* feat: add kumactl --no-config flag [#2048](https://github.com//kumahq/kuma/pull/2048) +* feat: nodeselector across all pods with HELM [#2012](https://github.com//kumahq/kuma/pull/2012) +* feat: enable forwarding XFCC header [#1941](https://github.com//kumahq/kuma/pull/1941) + 👍contributed by @jewertow +* feat: TrafficPermission for ExternalServices [#1957](https://github.com//kumahq/kuma/pull/1957) +* feat: metrics hijacker [#1899](https://github.com//kumahq/kuma/pull/1899) +* feat: extend CircuitBreaker [#1655](https://github.com//kumahq/kuma/pull/1655) +* chore: remove API V2 [#2119](https://github.com//kumahq/kuma/pull/2119) +* chore: bump webhooks version [#2126](https://github.com//kumahq/kuma/pull/2126) +* chore: drop deprecated Envoy options [#2143](https://github.com//kumahq/kuma/pull/2143) +* chore: dockerfiles, add a user for kuma-cp [#2129](https://github.com//kumahq/kuma/pull/2129) +* chore: bump cni version to 0.0.9 [#2137](https://github.com//kumahq/kuma/pull/2137) +* chore: rename remote cp to zone cp [#2125](https://github.com//kumahq/kuma/pull/2125) +* chore: bump versions of logging, metrics, tracing [#2178](https://github.com//kumahq/kuma/pull/2178) +* chore: parametrize bitnami/kubectl [#2151](https://github.com//kumahq/kuma/pull/2151) +* chore: backwards compatible metrics [#2173](https://github.com//kumahq/kuma/pull/2173) +* chore: upgrade Envoy version to 1.18.3 [#2145](https://github.com//kumahq/kuma/pull/2145) +* chore updated go-control-plane [#2082](https://github.com//kumahq/kuma/pull/2082) + 👍contributed by @sudeeptoroy +* chore: fix misspelled words [#1984](https://github.com//kumahq/kuma/pull/1984) + 👍contributed by @tharun208 +* chore: upgrade GUI [#2157](https://github.com//kumahq/kuma/pull/2157) +* chore namespace source names for v1 API [#1896](https://github.com//kumahq/kuma/pull/1896) + 👍contributed by @austince +* chore: use cmux for MADS server [#1887](https://github.com//kumahq/kuma/pull/1887) +* chore: Add internal support for outbound UDP listeners [#1618](https://github.com//kumahq/kuma/pull/1618) + 👍contributed by @lahabana +* chore: Avoid generating duplicate subsets in ingress + 👍contributed by @lahabana +* chore: upgrade to apiextensions.k8s.io/v1 [#1108](https://github.com//kumahq/kuma/pull/1108) + 👍contributed by @austince +* fix: Clear snapshots from cache on disconnect [#2172](https://github.com//kumahq/kuma/pull/2172) + 👍contributed by @lahabana +* fix: use service account name to identify sync [#2127](https://github.com//kumahq/kuma/pull/2127) +* fix: raise the regex program size limit [#2139](https://github.com//kumahq/kuma/pull/2139) +* fix: pass query parameters through the metrics hijacker [#2124](https://github.com//kumahq/kuma/pull/2124) +* fix: matching endpoints by tags [#2096](https://github.com//kumahq/kuma/pull/2096) +* fix: manage and warn on control plane file limits [#2057](https://github.com//kumahq/kuma/pull/2057) [#2106](https://github.com//kumahq/kuma/pull/2106) +* fix: fix transparent-proxy for GCP/GKE [#2051](https://github.com//kumahq/kuma/pull/2051) +* fix: set death signal on child processes [#2045](https://github.com//kumahq/kuma/pull/2045) +* fix: TrafficRoute in multizone issue [#1979](https://github.com//kumahq/kuma/pull/1979)