Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.

Last update: Jan 2, 2023

Related tags

Overview

Open Service Mesh (OSM)

Open Service Mesh (OSM) is a lightweight, extensible, Cloud Native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.

The OSM project builds on the ideas and implementations of many cloud native ecosystem projects including Linkerd, Istio, Consul, Envoy, Kuma, Helm, and the SMI specification.

Overview
OSM Design
Install
Demonstration
Using OSM
- OSM Usage Patterns
Community
Development Guide
Code of Conduct
License

Overview

OSM runs an Envoy based control plane on Kubernetes, can be configured with SMI APIs, and works by injecting an Envoy proxy as a sidecar container next to each instance of your application. The proxy contains and executes rules around access control policies, implements routing configuration, and captures metrics. The control plane continually configures proxies to ensure policies and routing rules are up to date and ensures proxies are healthy.

Core Principles

Simple to understand and contribute to
Effortless to install, maintain, and operate
Painless to troubleshoot
Easy to configure via Service Mesh Interface (SMI)

Features

Easily and transparently configure traffic shifting for deployments
Secure service to service communication by enabling mTLS
Define and execute fine grained access control policies for services
Observability and insights into application metrics for debugging and monitoring services
Integrate with external certificate management services/solutions with a pluggable interface
Onboard applications onto the mesh by enabling automatic sidecar injection of Envoy proxy

Project status

OSM is under active development and is NOT ready for production workloads.

Support

Please search open issues on GitHub, and if your issue isn't already represented please open a new one. The OSM project maintainers will respond to the best of their abilities.

SMI Specification support

Kind	SMI Resource	Supported Version	Comments
TrafficTarget	traffictargets.access.smi-spec.io	v1alpha3
HTTPRouteGroup	httproutegroups.specs.smi-spec.io	v1alpha4
TCPRoute	tcproutes.specs.smi-spec.io	v1alpha4
UDPRoute	udproutes.specs.smi-spec.io	not supported
TrafficSplit	trafficsplits.split.smi-spec.io	v1alpha2
TrafficMetrics	*.metrics.smi-spec.io	v1alpha1	🚧 In Progress #379 🚧

OSM Design

Install

Prerequisites

Kubernetes cluster running Kubernetes v1.15.0 or greater
kubectl current context is configured for the target cluster install
- kubectl config current-context

Get the OSM CLI

The simplest way of installing Open Service Mesh on a Kubernetes cluster is by using the osm CLI.

Download the osm binary from the Releases page. Unpack the osm binary and add it to $PATH to get started.

sudo mv ./osm /usr/local/bin/osm

Install OSM

$ osm install

See the installation guide for more detailed options.

Demonstration

The OSM Bookstore demo is a step-by-step walkthrough of how to install a bookbuyer and bookstore apps, and configure connectivity between these using SMI.

Using OSM

After installing OSM, onboard a microservice application to the service mesh.

OSM Usage Patterns

Community

Connect with the Open Service Mesh community:

GitHub issues and pull requests in this repo
OSM Slack: Join the CNCF Slack for related discussions in #openservicemesh
Public Community Call: OSM Community calls take place on the second Tuesday of each month, 10:30am-11am Pacific in the CNCF OSM Zoom room - notes available in Open Service Mesh (OSM) Community Meeting Notes
Mailing list

Development Guide

If you would like to contribute to OSM, check out the development guide.

Code of Conduct

This project has adopted the CNCF Code of Conduct. See CODE_OF_CONDUCT.md for further details.

License

This software is covered under the Apache 2.0 license. You can read the license here.

Comments

OPENSSL Error when enabling MESH for Namespace in inter-namespace communication (OPENSSL_internal:WRONG_VERSION_NUMBER})
Bug description: Error {"EventId":104,"LogLevel":"Error","Category":"Microsoft.Extensions.Diagnostics.HealthChecks.DefaultHealthCheckService","Message":"Health check gateway-schema-builder threw an unhandled exception after 14.597ms","Exception":"Grpc.Core.RpcException: Status(StatusCode="Unavailable", Detail="upstream connect error or disconnect/reset before headers. reset reason: connection failure, transport failure reason: TLS error: 268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER") at Lb.Graph.SchemaRegistry.GatewaySchemaBuilder.GetHealthAsync(CancellationToken token) in /azp/_work/5/s/graph/schema-registry/Lb.Graph.SchemaRegistry/GatewaySchemaBuilder.cs:line 88 at Lb.Graph.SchemaRegistry.WebApi.Diagnostics.GatewaySchemaBuilderHealthCheck.CheckHealthAsync(HealthCheckContext context, CancellationToken cancellationToken) in /azp/_work/5/s/graph/schema-registry/Lb.Graph.SchemaRegistry.WebApi/Diagnostics/GatewaySchemaBuilderHealthCheck.cs:line 21 at Microsoft.Extensions.Diagnostics.HealthChecks.DefaultHealthCheckService.RunCheckAsync(HealthCheckRegistration registration, CancellationToken cancellationToken)","State":{"Message":"Health check gateway-schema-builder threw an unhandled exception after 14.597ms","HealthCheckName":"gateway-schema-builder","ElapsedMilliseconds":14.597,"{OriginalFormat}":"Health check {HealthCheckName} threw an unhandled exception after {ElapsedMilliseconds}ms"}}

Pods with startup probe in this Mesh won´t start (pods are in the same namespace).

MESH-Config apiVersion: config.openservicemesh.io/v1alpha1 kind: MeshConfig metadata: creationTimestamp: '2022-04-28T15:59:35Z' generation: 13 managedFields: - apiVersion: config.openservicemesh.io/v1alpha1 fieldsType: FieldsV1 fieldsV1: f:spec: .: {} f:certificate: .: {} f:certKeyBitSize: {} f:serviceCertValidityDuration: {} f:featureFlags: .: {} f:enableAsyncProxyServiceMapping: {} f:enableEgressPolicy: {} f:enableEnvoyActiveHealthChecks: {} f:enableIngressBackendPolicy: {} f:enableMulticlusterMode: {} f:enableRetryPolicy: {} f:enableSnapshotCacheMode: {} f:enableWASMStats: {} f:observability: .: {} f:enableDebugServer: {} f:osmLogLevel: {} f:tracing: .: {} f:enable: {} f:sidecar: .: {} f:configResyncInterval: {} f:enablePrivilegedInitContainer: {} f:logLevel: {} f:resources: {} f:traffic: .: {} f:enablePermissiveTrafficPolicyMode: {} f:inboundExternalAuthorization: .: {} f:enable: {} f:failureModeAllow: {} f:statPrefix: {} f:timeout: {} f:outboundPortExclusionList: {} manager: osm-bootstrap operation: Update time: '2022-04-28T15:59:35Z' - apiVersion: config.openservicemesh.io/v1alpha1 fieldsType: FieldsV1 fieldsV1: f:spec: f:traffic: f:enableEgress: {} f:inboundPortExclusionList: {} f:outboundIPRangeExclusionList: {} manager: kubectl-patch operation: Update time: '2022-05-18T07:04:23Z' name: osm-mesh-config namespace: kube-system resourceVersion: '9299331' uid: 6cb94ac6-0654-49ae-9288-3d7b1a7fa3c4 spec: certificate: certKeyBitSize: 2048 serviceCertValidityDuration: 24h featureFlags: enableAsyncProxyServiceMapping: false enableEgressPolicy: true enableEnvoyActiveHealthChecks: false enableIngressBackendPolicy: true enableMulticlusterMode: false enableRetryPolicy: false enableSnapshotCacheMode: false enableWASMStats: true observability: enableDebugServer: true osmLogLevel: info tracing: enable: false sidecar: configResyncInterval: 0s enablePrivilegedInitContainer: false logLevel: error resources: {} traffic: enableEgress: true enablePermissiveTrafficPolicyMode: true inboundExternalAuthorization: enable: false failureModeAllow: false statPrefix: inboundExtAuthz timeout: 1s inboundPortExclusionList: - 1337 - 80 - 14001 - 4000 - 4500 - 443 - 15000 - 15901 - 15902 - 15903 - 15010 outboundIPRangeExclusionList: - 10.162.0.0/19 outboundPortExclusionList: []

Affected area (please mark with X where applicable):

Install [ ]

SMI Traffic Access Policy [ ]

SMI Traffic Specs Policy [ ]

SMI Traffic Split Policy [ ]

Permissive Traffic Policy [ ]

Ingress []

Egress [ ]

Envoy Control Plane [ ]

CLI Tool [ ]

Metrics [ ]

Certificate Management [ ]

Sidecar Injection [X]

Logging [ ]

Debugging [ ]

Tests [ ]

Demo [ ]

CI System [ ]

Expected behavior: no tls error

Steps to reproduce the bug (as precisely as possible): Enable OSM, onboard namespace, start pod (nginx, second pod, curl nginx from second pod)

How was OSM installed?: AKS addon Same with this manual steps: k get meshconfig osm-mesh-config -n kube-system -o yaml | grep -i enablePermissiveTrafficPolicyMode

k label ns graph-dev openservicemesh.io/monitored-by=osm k annotate namespace graph-dev openservicemesh.io/sidecar-injection=enabled k annotate ns graph-dev "openservicemesh.io/metrics=enabled"

cat <<EOF | k apply -f - kind: ConfigMap apiVersion: v1 data: schema-version: v1 config-version: ver1 osm-metric-collection-configuration: |- [osm_metric_collection_configuration] [osm_metric_collection_configuration.settings] monitor_namespaces = ["yopass","graph-play","pipelinerunner","graph-dev"] metadata: name: container-azm-ms-osmconfig namespace: kube-system EOF

Anything else we need to know?:

Ingress: AGIC (Azure Application Gateway)

Network Policy: Calico

Cert-Manager (not for OSM): cert-manager

DNS: Azure DNS

AKS Cluster type: private

Bug report archive:

Environment:

OSM version (use osm version): 1.0.0

Kubernetes version (use kubectl version): 1.23.3

Size of cluster (number of worker nodes in the cluster): 3 Nodes (System Pool, 3 Nodes (User Pool)

Others:

kind/bug
opened by kamellemann 30
Event handling retains memory under moderate load
Bug description: When more than a moderate amount of Kubernetes events are processed by osm-controller, its memory usage continuously grows until it gets OOMKilled.

At ~10 events/sec, memory usage stays constant. At ~20 events/sec, memory usage grows. ~60 events/sec is enough to exhaust the 1G default memory limit in about 2.5 hours. 1k-1.5k events/sec hits the limit in about 3 minutes.

Expected behavior: osm-controller doesn't retain memory allocated for events that have already been processed.

Steps to reproduce the bug (as precisely as possible): (Using CLI/images built from 8bae12f7186d3bf7709951ba8c37e68e569f30c8)

osm install <image params> --set osm.deployPrometheus=true osm namespace add default for i in {1..20}; do k create service clusterip empty$i --clusterip=None; done while true; do kubectl label ep --all --overwrite time=$(date +%s); done # monitor memory usage in prometheus

The above will generate 1 event per second per service. Use date +%s%N instead of date +%s to relabel faster than once per second. Add more services or run more instances of the kubectl label loop to generate more events.

How was OSM installed?: CLI

Anything else we need to know?:

Reducing from 20 events/sec to 10 events/sec stopped the memory usage from increasing, but it did not go down at all after ~1 hour. Reducing from 10 events/sec to 0 showed the same, where memory didn't continue to climb but also did not fall.

osm-controller memory heap profile for a different run right before getting OOMKilled: oom-lots-of-events.pb.gz

Bug report archive:

Environment:

OSM version (use osm version): 8bae12f7186d3bf7709951ba8c37e68e569f30c8

Kubernetes version (use kubectl version):

Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.5", GitCommit:"c285e781331a3785a7f436042c65c5641ce8a9e9", GitTreeState:"clean", BuildDate:"2022-03-16T15:51:05Z", GoVersion:"go1.17.8", Compiler:"gc", Platform:"darwin/amd64"} Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.9", GitCommit:"56709e92afa973c26fad3d4a44723fefa51481b7", GitTreeState:"clean", BuildDate:"2022-03-10T07:59:33Z", GoVersion:"go1.16.12", Compiler:"gc", Platform:"linux/amd64"}

Size of cluster (number of worker nodes in the cluster): AKS, 6 Standard DS2_v2 nodes

Others:

kind/bug stale
opened by nojnhuh 30

Certificate rotation broken in long running environments

Bug description: I noticed that in 2 of my setups running for several days, certificate rotation is broken. This leads to expired certificates in Envoy never being rotated, leading to complete traffic disruption between apps.

Log on the client:

{"bytes_received":0,"response_flags":"UF","upstream_service_time":null,"response_code":503,"start_time":"2022-08-15T18:02:56.864Z","authority":"fortio.demo.svc.cluster.local:8080","duration":1,"bytes_sent":195,"protocol":"HTTP/1.1","x_forwarded_for":null,"path":"/","request_id":"26aa1f49-a09b-4b13-81bd-0acfa49852b8","user_agent":"fortio.org/fortio-1.34.1","response_code_details":"upstream_reset_before_response_started{connection_failure,TLS_error:_268435581:SSL_routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED}","time_to_first_byte":null,"requested_server_name":null,"upstream_host":"10.244.1.5:8080","method":"GET","upstream_cluster":"demo/fortio|8080"}

Stat on the client: cluster.demo/fortio|8080.ssl.fail_verify_error: 50

The certs stat osm_bug_report_2928885602/namespaces/demo/pods/fortio-client-b9b7bbfb8-hc9wr/commands/osm_proxy_get_certs_fortio-client-b9b7bbfb8-hc9wr_-n_demo confirms the cert not being updated, with its client cert having an expiration date of 2022-08-12T19:05:52Z. The expiration date should be past 2022-08-15 (current date).

Both the client and server are connected to the controller as per the XDS cluster stats collected in the bug-report.

osm-controller indicates the cert default.demo.svc.cluster.local has expired but has not been rotated:

	 Common Name: "default.demo.cluster.local"
	 Valid Until: 2022-08-12 19:05:52.0391624 +0000 UTC m=+86504.429431801 (16h45m27.4651171s remaining)
	 Issuing CA (SHA256): d4bc5ec6f2ab02a7f484f5c36ee90222435250592d0942c686737ba0a77e857e
	 Trusted CAs (SHA256): d4bc5ec6f2ab02a7f484f5c36ee90222435250592d0942c686737ba0a77e857e
	 Cert Chain (SHA256): c4b68f17387579bff64ee155ae7263687c2d3fbea929ad56b0489b6ebd074dd8
	 x509.SignatureAlgorithm: SHA256-RSA
	 x509.PublicKeyAlgorithm: RSA
	 x509.Version: 3
	 x509.SerialNumber: 980b07dedb46443624884fcfcd9b9f03
	 x509.Issuer: CN=osm-ca.openservicemesh.io,O=Open Service Mesh,L=CA,C=US
	 x509.Subject: CN=default.demo.cluster.local,O=Open Service Mesh
	 x509.NotBefore (begin): 2022-08-11 19:05:52 +0000 UTC (95h30m32.0984793s ago)
	 x509.NotAfter (end): 2022-08-12 19:05:52 +0000 UTC (-71h30m32.0984815s remaining)
	 x509.BasicConstraintsValid: true
	 x509.IsCA: false
	 x509.DNSNames: [default.demo.cluster.local]
	 Cert struct expiration vs. x509.NotAfter: -39.1624ms

x509.NotBefore (begin): 2022-08-11 19:05:52 +0000 UTC (95h30m32.0984793s ago)
x509.NotAfter (end): 2022-08-12 19:05:52 +0000 UTC (-71h30m32.0984815s remaining)

Affected area (please mark with X where applicable):

Certificate Management [X]

Expected behavior: Certificates should be rotated in long running environments.

Steps to reproduce the bug (as precisely as possible): I observed this bug twice while executing the demo global rate limit demo over multiple days.

How was OSM installed?:

osm install --set osm.image.registry=$CTR_REGISTRY --set osm.image.tag=$CTR_TAG --set osm.image.pullPolicy=Always --set osm.enablePermissiveTrafficPolicy=true

Bug report archive:

2313848016_osm-bug-report.tar.gz

Environment:

OSM version (use osm version): latest-main
Kubernetes version (use kubectl version): v1.23.4

area/certificate-management priority/P0 blocker/release=v1.3.0 backport-to/release=v1.1.0 backport-to/release=v1.2.0

opened by shashankram 26

Update mesh_list.go
feat(cmd/cli): Added requested features

Mesh list command now display controller pods and joined namespaces. Resolves issue #1841 Signed-off-by: mudit singh [email protected]

resolve #1841

Affected area:

New Functionality [ ]

Documentation [ ]

Install [ ]

Control Plane [ ]

CLI Tool [X]

Certificate Management [ ]

Networking [ ]

Metrics [ ]

SMI Policy [ ]

Security [ ]

Tests [ ]

CI System [ ]

Performance [ ]

Other [ ]

Please answer the following questions with yes/no.

Does this change contain code from or inspired by another project? If so, did you notify the maintainers and provide attribution? No

do-not-merge/hold
opened by mudit-01 24
Switch to a per-proxy coalescing mechanism, instead of a global coale…
This PR does 2 things:

Pushes message coalescing from a global message broker to a per-proxy goroutine.

Remove the ticker code in favor of a per-proxy ticker.

This has the following benefits:

~700 lines of code deleted, results in huge simplifications. The message broker's coalescing code is arguably the single most complicated chunk of code in the code base, the new PR is significantly simpler and easier to reason about.

Coalescing per-proxy, reduces wait times per proxy, since a proxy doesn't suffer from head of line blocking.

It should not be the job of the message broker to decide what messges the user may be interested in. By passing all messages we let the proxies make smarter decisions, and improve our package level abstractions.

It's a two-for-one on removing head of line blocking, where a single slow-to-update proxy forces all other proxies to wait.

Currently, proxies wait up to 10 seconds to recieve an update due to the sliding window algorithm. We can flip that, where proxies get updated at the beginning of the window, instead of the end.

There's several layers of indirection between the event queue, worker queue, pubsub, workerpool, and finally the actual update. We can bring that down to 2 components.

This simultaneously fixes https://github.com/openservicemesh/osm/issues/4623

Closes #5111
do-not-merge/hold kind/needs-discussion stale
opened by steeling 22
upstream connect error or disconnect/reset before headers. reset reason: connection failure
Bug description: Currently we have installed osm on AKS cluster once osm is enabled on namespace level we are unable to access any ingress based(Exposed via nginx ingress controller) application and getting upstream connect error or disconnect/reset before headers. reset reason: connection failure after envoy Affected area (please mark with X where applicable):

Install [ ]

SMI Traffic Access Policy [ ]

SMI Traffic Specs Policy [ ]

SMI Traffic Split Policy [ ]

Permissive Traffic Policy [x ]

Ingress [x ]

Egress [x ]

Envoy Control Plane [ ]

CLI Tool [ ]

Metrics [ ]

Certificate Management [ ]

Sidecar Injection [ x]

Logging [ ]

Debugging [ ]

Tests [ ]

Demo [ ]

CI System [ ]

Expected behavior:

Steps to reproduce the bug (as precisely as possible):

How was OSM installed?: USing azure CLI. https://docs.microsoft.com/en-us/azure/aks/open-service-mesh-deploy-addon-az-cli Anything else we need to know?:

Environment:

OSM version (use osm version):mcr.microsoft.com/oss/openservicemesh/osm-controller:v1.0.0

Kubernetes version (use kubectl version): 1.21.2

kind/bug
opened by chandan9778 21
Error when performing upgrades on v1.0.0
We have a bug in our upgrade path when upgrading from v1.0.0 forwards:

The v1.0.0 osm-bootstrap attempts to write a mesh config on startup @ version v1alpha1. It does this prior to starting it's servers, which include the crd conversion webhook.

In an upgrade, the new one comes up, which now writes the new version v1alpha2. Similarly, it does not start it's servers until this is successfully written.

This triggers a call from K8s to the conversion webhook. However if the old pod is down, the call fails, because the new pod has not yet started its server. ie: there are no servers to respond to the conversion webhook.

The old pod can attempt to come back up, but it also fails, due to trying to path the mesh config CRD, but the patch omits v1alpha2, which fails k8s validation.

Therefore no bootstrap pods can come up, which the remainder of the control plane depends upon.
kind/bug size/L priority/P0 blocker/release=v1.3.0
opened by steeling 19
[WIP] Add a broadcaster controller
Signed-off-by: Nitish Malhotra [email protected]

Please describe the motivation for this PR and provide enough information so that others can review it.

This PR adds a dynamic toggle for periodic broadcasts/announcements made to all data-plane proxies deployed as part of the mesh.

Currently, the ticker is statically configured in-line and runs at an hard-coded frequency.

Issue #1501 proposes adding a configuration field to the OSM controller config map that will allow a user to toggle on/off and also change the interval between consecutive announcements.

To make this dynamic and configurable at runtime, we need to run the broadcaster as a control-loop that watches the configuration ConfigMap for the addition/removal/change made to the new broadcast_every field. In the controller it also periodically sends announcements on its announcementChannel that is being probed by the repeater loop (only in the case broadcast_every is set to a non-zero value)

Please mark with X for applicable areas.

New Functionality [X]

Documentation [ ]

Install [ ]

Control Plane [ ]

CLI Tool [ ]

Certificate Management [ ]

Networking [ ]

Metrics [ ]

SMI Policy [ ]

Security [ ]

Tests / CI System [ ]

Other [ ]

Please answer the following questions with yes/no.

Does this change contain code from or inspired by another project? If so, did you notify the maintainers and provide attribution?

No
wip
opened by nitishm 19
Cert manager certificates provider
Please describe the motivation for this PR and provide enough information so that others can review it.

Please mark with X for applicable areas.

[X] New Functionality

[ ] Documentation

[X] Install

[X] Control Plane

[ ] CLI Tool

[X] Certificate Management

[ ] Networking

[ ] Metrics

[ ] SMI Policy

[X] Security

[ ] Tests / CI System

[ ] Other

Please answer the following questions with yes/no.

Does this change contain code from or inspired by another project? If so, did you notify the maintainers and provide attribution?

Yes.

This PR adds cert-manager as a certificates provider for osm.

fixes #1200

Broadly, this PR will enable certificate requests be made in the form of cert-manager CertificateRequest resources, to be signed by a pre-configured Issuer resource. This allows for certificates to be signed by issuer types both core to cert-manager, as well as external.

To enable the cert-manager provider, set the provider to cert-manager (--certificate-manager=cert-manager), as well as the CA secret and issuer options as needed.

--cert-manager-ca-secret string Kubernetes Secret containing cert-manager's CA certificate (default "osm-ca") --cert-manager-issuer-group string cert-manager issuer group (default "cert-manager.io") --cert-manager-issuer-kind string cert-manager issuer kind (default "Issuer") --cert-manager-issuer-name string cert-manager issuer name (default "osm-ca")

When a certificate issuance is attempted, a new CertificateRequest resource is created, and once signed and ready, it's signed certificate is copied and the resource is deleted.

Working on this PR there are a few questions/notes from my side:

I have added kubeConfig *rest.Config as a parameter to the certificate manager getter, since we need to construct a cert-manager API client.

It seems the service certificates validity option from the CLI is not taken into account until renewal, is this intentional?

I have created a local cache for Certificaters like the others, however experimented with using CertificateRequets as my source of truth, using labels:

CertificateRequestCommonNameLabelKey = "openservicemesh.io/common-name" CertificateRequestManagedLabelKey = "openservicemesh.io/managed" CertificateRequestRevisionAnnotationKey = "openservicemesh.io/revision"

Which meant CertificateRequests were not deleted, and could be recovered in the event that the controller pod restarted. I was having trouble testing this since it seems the interface consuming this was always expecting the private key to be present (which is lost since the CertificateRequest resource doesn't store this).

What happens when the control plane pod is restarted? At a glance, it looks like there is no longer a watch for renewing those certificates that were issued before the control plane pod restarted.

I have used the v1beta1 cert-manager API for this. We should have v1 released in the next few weeks (:tada:), which should be a simple sed replace on the import string. We may want to hold this PR for that release.

Here are some minimal bootstrap manifests to make this work (with cert-manager installed):

kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.16.1/cert-manager.yaml

apiVersion: cert-manager.io/v1alpha2 kind: ClusterIssuer metadata: name: selfsigned spec: selfSigned: {} --- apiVersion: cert-manager.io/v1alpha2 kind: Certificate metadata: name: osm-ca namespace: osm-system spec: isCA: true duration: 2160h # 90d secretName: osm-ca commonName: osm-system issuerRef: name: selfsigned kind: ClusterIssuer group: cert-manager.io --- apiVersion: cert-manager.io/v1alpha2 kind: Issuer metadata: name: osm-ca namespace: osm-system spec: ca: secretName: osm-ca

/assign @draychev
opened by JoshVanL 19
Question regarding collecting metrics directly from application pods in the mesh
There is a documentation for getting envoy sidecar metrics from BYO Prometheus. Documentation link is https://release-v0-11.docs.openservicemesh.io/docs/guides/observability/metrics/#byo-prometheus on the other hand there is no documentation about getting application metrics from pods which have envoy proxy sidecar.

Our application publish it's own metrics via localhost:8070/actuator/promethues url and Our deployment has these annotations: prometheus.io/path: /actuator/prometheus prometheus.io/port: "8070" prometheus.io/scheme: https prometheus.io/scrape: "true"

But openservicemesh is overwritting pod's annotations with these: prometheus.io/path: /stats/prometheus prometheus.io/port: "15010" prometheus.io/scheme: https prometheus.io/scrape: "true"

I tried to add annotations to service definition: apiVersion: v1 kind: Service metadata: annotations: prometheus.io/path: /actuator/prometheus prometheus.io/scrape: "true" name: monitoring-svc namespace: dev-ns spec: ports:

name: http-monitoring port: 80 protocol: TCP targetPort: 8070 selector: app: myapp sessionAffinity: None type: ClusterIP

but I could not achieved, I saw "Get "http://172.17.6.124:8070/actuator/prometheus": read tcp 172.17.6.82:50834->172.17.6.124:8070: read: connection reset by peer" error at prometheus -> Targets page.
kind/question
opened by teomanS 17
High CPU utilization due to invalid CDS configuration
Bug description: OSM-controller high CPU utilization

Affected area (please mark with X where applicable):

Install [ ]

SMI Traffic Access Policy [ ]

SMI Traffic Specs Policy [ ]

SMI Traffic Split Policy [ ]

Permissive Traffic Policy [ ]

Ingress [ ]

Egress [ ]

Envoy Control Plane [ ]

CLI Tool [ ]

Metrics [ ]

Certificate Management [ ]

Sidecar Injection [ ]

Logging [ ]

Debugging [ ]

Tests [ ]

Demo [ ]

CI System [ ]

Expected behavior:

Steps to reproduce the bug (as precisely as possible): pprof output / # go tool pprof -top http://127.0.0.1:2500/debug/pprof/profile?debug=1 Fetching profile over HTTP from http://127.0.0.1:2500/debug/pprof/profile?debug=1 Saved profile in /root/pprof/pprof.osm-controller.samples.cpu.001.pb.gz File: osm-controller Type: cpu Time: Oct 6, 2021 at 11:22pm (UTC) Duration: 30.12s, Total samples = 23.19s (76.99%) Showing nodes accounting for 19.71s, 84.99% of 23.19s total Dropped 442 nodes (cum <= 0.12s) flat flat% sum% cum cum% 4.05s 17.46% 17.46% 4.05s 17.46% sync.(*RWMutex).RLock (inline) 3.05s 13.15% 30.62% 3.24s 13.97% sync.(*RWMutex).RUnlock 1.23s 5.30% 35.92% 1.51s 6.51% runtime.mapaccess2_faststr 0.83s 3.58% 39.50% 9.77s 42.13% k8s.io/client-go/tools/cache.(*threadSafeMap).Get 0.76s 3.28% 42.78% 0.76s 3.28% runtime.futex 0.59s 2.54% 45.32% 0.80s 3.45% runtime.mapiternext 0.59s 2.54% 47.87% 1.11s 4.79% runtime.scanobject 0.53s 2.29% 50.15% 0.66s 2.85% runtime.heapBitsSetType 0.52s 2.24% 52.39% 0.60s 2.59% runtime.(*itabTableType).find 0.49s 2.11% 54.51% 0.49s 2.11% runtime.asyncPreempt 0.48s 2.07% 56.58% 0.48s 2.07% memeqbody 0.42s 1.81% 58.39% 2.69s 11.60% runtime.mallocgc 0.35s 1.51% 59.90% 0.37s 1.60% syscall.Syscall 0.32s 1.38% 61.28% 13.45s 58.00% github.com/openservicemesh/osm/pkg/kubernetes.Client.ListPods 0.32s 1.38% 62.66% 0.40s 1.72% runtime.findObject 0.32s 1.38% 64.04% 0.32s 1.38% runtime.memclrNoHeapPointers 0.26s 1.12% 65.16% 0.26s 1.12% runtime.nextFreeFast (inline) 0.25s 1.08% 66.24% 0.86s 3.71% runtime.getitab 0.23s 0.99% 67.23% 1.67s 7.20% k8s.io/client-go/tools/cache.(*threadSafeMap).List 0.23s 0.99% 68.22% 0.23s 0.99% runtime.memmove 0.21s 0.91% 69.12% 1.02s 4.40% runtime.convI2I 0.20s 0.86% 69.99% 1.22s 5.26% k8s.io/client-go/tools/cache.(*sharedIndexInformer).GetStore 0.19s 0.82% 70.81% 1.39s 5.99% runtime.growslice 0.19s 0.82% 71.63% 0.21s 0.91% runtime.mapaccess1_faststr 0.18s 0.78% 72.40% 1.69s 7.29% github.com/openservicemesh/osm/pkg/catalog.(*MeshCatalog).getAllowedDirectionalServiceAccounts 0.16s 0.69% 73.09% 11.38s 49.07% github.com/openservicemesh/osm/pkg/kubernetes.Client.IsMonitoredNamespace 0.16s 0.69% 73.78% 0.16s 0.69% runtime.markBits.isMarked (inline) 0.16s 0.69% 74.47% 0.16s 0.69% runtime.usleep 0.13s 0.56% 75.03% 14.01s 60.41% github.com/openservicemesh/osm/pkg/endpoint/providers/kube.Client.ListEndpointsForIdentity 0.13s 0.56% 75.59% 9.90s 42.69% k8s.io/client-go/tools/cache.(*cache).GetByKey 0.12s 0.52% 76.11% 1.45s 6.25% runtime.findrunnable 0.12s 0.52% 76.63% 0.13s 0.56% runtime.heapBitsForAddr (inline) 0.12s 0.52% 77.15% 0.32s 1.38% runtime.sweepone 0.11s 0.47% 77.62% 0.27s 1.16% runtime.greyobject 0.09s 0.39% 78.01% 0.24s 1.03% runtime.checkTimers 0.09s 0.39% 78.40% 0.17s 0.73% runtime.lock2 0.09s 0.39% 78.78% 0.13s 0.56% runtime.nanotime (inline) 0.09s 0.39% 79.17% 0.17s 0.73% runtime.typehash 0.08s 0.34% 79.52% 0.45s 1.94% k8s.io/apimachinery/pkg/labels.SelectorFromValidatedSet 0.08s 0.34% 79.86% 0.25s 1.08% runtime.runqgrab 0.07s 0.3% 80.16% 0.12s 0.52% runtime.(*spanSet).push 0.07s 0.3% 80.47% 1.77s 7.63% runtime.schedule 0.06s 0.26% 80.72% 1.29s 5.56% runtime.gcDrain 0.06s 0.26% 80.98% 0.20s 0.86% runtime.mapaccess2 0.05s 0.22% 81.20% 0.53s 2.29% runtime.(*mcentral).cacheSpan 0.05s 0.22% 81.41% 0.17s 0.73% runtime.(*mheap).allocSpan 0.05s 0.22% 81.63% 0.21s 0.91% runtime.(*mspan).sweep 0.05s 0.22% 81.85% 0.22s 0.95% runtime.nilinterhash 0.04s 0.17% 82.02% 1.11s 4.79% github.com/openservicemesh/osm/pkg/endpoint/providers/kube.(*Client).getServicesByLabels 0.04s 0.17% 82.19% 0.17s 0.73% github.com/openservicemesh/osm/pkg/endpoint/providers/kube.Client.ListEndpointsForService 0.04s 0.17% 82.36% 0.89s 3.84% runtime.makeslice 0.03s 0.13% 82.49% 14.12s 60.89% github.com/openservicemesh/osm/pkg/catalog.(*MeshCatalog).listEndpointsForServiceIdentity 0.03s 0.13% 82.62% 0.65s 2.80% github.com/openservicemesh/osm/pkg/smi.(*client).ListTrafficTargets 0.03s 0.13% 82.75% 0.70s 3.02% runtime.(*mcache).nextFree 0.03s 0.13% 82.88% 0.13s 0.56% runtime.gcWriteBarrier 0.03s 0.13% 83.01% 0.25s 1.08% runtime.mapassign 0.03s 0.13% 83.14% 0.32s 1.38% runtime.newobject 0.02s 0.086% 83.23% 0.39s 1.68% crypto/tls.(*Conn).Write 0.02s 0.086% 83.31% 0.19s 0.82% fmt.(*pp).doPrintf 0.02s 0.086% 83.40% 0.15s 0.65% fmt.(*pp).printArg 0.02s 0.086% 83.48% 1.69s 7.29% k8s.io/client-go/tools/cache.(*cache).List 0.02s 0.086% 83.57% 0.13s 0.56% net.ParseIP 0.02s 0.086% 83.66% 0.31s 1.34% runtime.markroot 0.02s 0.086% 83.74% 0.27s 1.16% runtime.wakep 0.02s 0.086% 83.83% 0.13s 0.56% runtime.wbBufFlush1 0.02s 0.086% 83.92% 0.17s 0.73% strings.genSplit 0.01s 0.043% 83.96% 0.32s 1.38% fmt.Sprintf 0.01s 0.043% 84.00% 0.20s 0.86% github.com/golang/protobuf/ptypes.MarshalAny 0.01s 0.043% 84.04% 15.99s 68.95% github.com/openservicemesh/osm/pkg/catalog.(*MeshCatalog).ListAllowedEndpointsForService 0.01s 0.043% 84.09% 0.16s 0.69% github.com/openservicemesh/osm/pkg/catalog.(*MeshCatalog).listEndpointsForService 0.01s 0.043% 84.13% 1.62s 6.99% github.com/openservicemesh/osm/pkg/endpoint/providers/kube.Client.GetServicesForServiceAccount 0.01s 0.043% 84.17% 0.17s 0.73% github.com/openservicemesh/osm/pkg/envoy/ads.respondToRequest 0.01s 0.043% 84.22% 18.06s 77.88% github.com/openservicemesh/osm/pkg/envoy/eds.NewResponse 0.01s 0.043% 84.26% 0.16s 0.69% github.com/openservicemesh/osm/pkg/envoy/eds.NewWSEdgePodClusterLoadAssignment.func1 0.01s 0.043% 84.30% 17.72s 76.41% github.com/openservicemesh/osm/pkg/envoy/eds.getEndpointsForProxy 0.01s 0.043% 84.35% 0.42s 1.81% github.com/openservicemesh/osm/pkg/kubernetes.Client.ListServices 0.01s 0.043% 84.39% 0.18s 0.78% google.golang.org/protobuf/proto.MarshalOptions.marshal 0.01s 0.043% 84.43% 0.16s 0.69% runtime.(*mcentral).uncacheSpan 0.01s 0.043% 84.48% 0.35s 1.51% runtime.(*mheap).alloc 0.01s 0.043% 84.52% 0.16s 0.69% runtime.(*mheap).alloc.func1 0.01s 0.043% 84.56% 0.13s 0.56% runtime.chanrecv2 0.01s 0.043% 84.61% 0.18s 0.78% runtime.convTstring 0.01s 0.043% 84.65% 0.51s 2.20% runtime.futexsleep 0.01s 0.043% 84.69% 0.30s 1.29% runtime.gcAssistAlloc1 0.01s 0.043% 84.73% 0.29s 1.25% runtime.gcDrainN 0.01s 0.043% 84.78% 0.19s 0.82% runtime.gopreempt_m 0.01s 0.043% 84.82% 1.51s 6.51% runtime.park_m 0.01s 0.043% 84.86% 0.26s 1.12% runtime.runqsteal 0.01s 0.043% 84.91% 0.28s 1.21% runtime.startm 0.01s 0.043% 84.95% 0.60s 2.59% runtime.stopm 0.01s 0.043% 84.99% 0.12s 0.52% runtime.typedmemmove 0 0% 84.99% 0.32s 1.38% crypto/tls.(*Conn).write 0 0% 84.99% 0.37s 1.60% crypto/tls.(*Conn).writeRecordLocked 0 0% 84.99% 0.42s 1.81% github.com/deckarep/golang-set.(*threadSafeSet).Add 0 0% 84.99% 0.40s 1.72% github.com/deckarep/golang-set.(*threadUnsafeSet).Add (inline) 0 0% 84.99% 0.19s 0.82% github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3._AggregatedDiscoveryService_StreamAggregatedResources_Handler 0 0% 84.99% 0.19s 0.82% github.com/golang/protobuf/proto.Marshal (inline) 0 0% 84.99% 0.19s 0.82% github.com/golang/protobuf/proto.marshalAppend 0 0% 84.99% 1.69s 7.29% github.com/openservicemesh/osm/pkg/catalog.(*MeshCatalog).ListAllowedOutboundServiceIdentities (inline) 0 0% 84.99% 1.71s 7.37% github.com/openservicemesh/osm/pkg/catalog.(*MeshCatalog).ListAllowedOutboundServicesForIdentity 0 0% 84.99% 1.67s 7.20% github.com/openservicemesh/osm/pkg/catalog.(*MeshCatalog).getServicesForServiceAccount 0 0% 84.99% 0.15s 0.65% github.com/openservicemesh/osm/pkg/catalog.(*MeshCatalog).witesandHttpClient 0 0% 84.99% 0.19s 0.82% github.com/openservicemesh/osm/pkg/envoy/ads.(*Server).StreamAggregatedResources 0 0% 84.99% 18.38s 79.26% github.com/openservicemesh/osm/pkg/envoy/ads.(*Server).newAggregatedDiscoveryResponse 0 0% 84.99% 18.41s 79.39% github.com/openservicemesh/osm/pkg/envoy/ads.(*Server).sendResponse 0 0% 84.99% 18.41s 79.39% github.com/openservicemesh/osm/pkg/envoy/ads.(*Server).sendTypeResponse 0 0% 84.99% 18.41s 79.39% github.com/openservicemesh/osm/pkg/envoy/ads.(*proxyResponseJob).Run 0 0% 84.99% 0.12s 0.52% github.com/openservicemesh/osm/pkg/envoy/ads.getRequestedResourceNamesSet 0 0% 84.99% 0.21s 0.91% github.com/openservicemesh/osm/pkg/envoy/eds.NewWSEdgePodClusterLoadAssignment 0 0% 84.99% 0.27s 1.16% github.com/openservicemesh/osm/pkg/identity.K8sServiceAccount.ToServiceIdentity (inline) 0 0% 84.99% 0.17s 0.73% github.com/openservicemesh/osm/pkg/identity.ServiceIdentity.ToK8sServiceAccount 0 0% 84.99% 0.12s 0.52% github.com/openservicemesh/osm/pkg/service.MeshService.String (inline) 0 0% 84.99% 18.45s 79.56% github.com/openservicemesh/osm/pkg/workerpool.(*worker).work 0 0% 84.99% 0.12s 0.52% golang.org/x/net/http2.(*Framer).ReadFrame 0 0% 84.99% 0.17s 0.73% google.golang.org/grpc.(*Server).handleRawConn.func1 0 0% 84.99% 0.19s 0.82% google.golang.org/grpc.(*Server).handleStream 0 0% 84.99% 0.19s 0.82% google.golang.org/grpc.(*Server).processStreamingRPC 0 0% 84.99% 0.17s 0.73% google.golang.org/grpc.(*Server).serveStreams 0 0% 84.99% 0.19s 0.82% google.golang.org/grpc.(*Server).serveStreams.func1.2 0 0% 84.99% 0.38s 1.64% google.golang.org/grpc/internal/transport.(*bufWriter).Flush 0 0% 84.99% 0.17s 0.73% google.golang.org/grpc/internal/transport.(*http2Server).HandleStreams 0 0% 84.99% 0.47s 2.03% google.golang.org/grpc/internal/transport.(*loopyWriter).run 0 0% 84.99% 0.47s 2.03% google.golang.org/grpc/internal/transport.newHTTP2Server.func2 0 0% 84.99% 0.18s 0.78% google.golang.org/protobuf/proto.MarshalOptions.MarshalAppend 0 0% 84.99% 0.32s 1.38% internal/poll.(*FD).Write 0 0% 84.99% 0.37s 1.60% internal/poll.ignoringEINTRIO (inline) 0 0% 84.99% 0.45s 1.94% k8s.io/apimachinery/pkg/labels.SelectorFromSet (inline) 0 0% 84.99% 0.45s 1.94% k8s.io/apimachinery/pkg/labels.Set.AsSelector (inline) 0 0% 84.99% 0.15s 0.65% k8s.io/client-go/kubernetes/typed/core/v1.(*pods).List 0 0% 84.99% 0.32s 1.38% net.(*conn).Write 0 0% 84.99% 0.32s 1.38% net.(*netFD).Write 0 0% 84.99% 0.64s 2.76% runtime.(*mcache).refill 0 0% 84.99% 0.40s 1.72% runtime.(*mcentral).grow 0 0% 84.99% 0.32s 1.38% runtime.bgsweep 0 0% 84.99% 0.12s 0.52% runtime.chanrecv 0 0% 84.99% 0.17s 0.73% runtime.convT2E 0 0% 84.99% 0.26s 1.12% runtime.futexwakeup 0 0% 84.99% 0.35s 1.51% runtime.gcAssistAlloc 0 0% 84.99% 0.30s 1.29% runtime.gcAssistAlloc.func1 0 0% 84.99% 1.37s 5.91% runtime.gcBgMarkWorker 0 0% 84.99% 1.29s 5.56% runtime.gcBgMarkWorker.func2 0 0% 84.99% 0.12s 0.52% runtime.gcMarkDone 0 0% 84.99% 0.22s 0.95% runtime.gentraceback 0 0% 84.99% 0.34s 1.47% runtime.goschedImpl 0 0% 84.99% 0.16s 0.69% runtime.gosched_m 0 0% 84.99% 0.17s 0.73% runtime.lock (partial-inline) 0 0% 84.99% 0.17s 0.73% runtime.lockWithRank (inline) 0 0% 84.99% 0.48s 2.07% runtime.mPark 0 0% 84.99% 0.23s 0.99% runtime.markroot.func1 0 0% 84.99% 1.69s 7.29% runtime.mcall 0 0% 84.99% 0.16s 0.69% runtime.morestack 0 0% 84.99% 0.14s 0.6% runtime.newproc 0 0% 84.99% 0.14s 0.6% runtime.newproc.func1 0 0% 84.99% 0.23s 0.99% runtime.newstack 0 0% 84.99% 0.46s 1.98% runtime.notesleep 0 0% 84.99% 0.26s 1.12% runtime.notewakeup 0 0% 84.99% 0.16s 0.69% runtime.scanstack 0 0% 84.99% 2.43s 10.48% runtime.systemstack 0 0% 84.99% 0.13s 0.56% runtime.wbBufFlush 0 0% 84.99% 0.13s 0.56% runtime.wbBufFlush.func1 0 0% 84.99% 0.17s 0.73% strings.Split (inline) 0 0% 84.99% 0.32s 1.38% syscall.Write (inline) 0 0% 84.99% 0.32s 1.38% syscall.write / #

How was OSM installed?:

Anything else we need to know?:

Bug report archive:

Environment:

OSM version (use osm version): osmv0.9.1

Kubernetes version (use kubectl version):

Size of cluster (number of worker nodes in the cluster): 3 worker nodes

Others:

kind/bug kind/performance
opened by fredstanley 17
Replaced links to OSM doc
Replaced SMI GitHub links with OSM doc website links for traffic shifting and traffic management

Signed-off-by: mudit singh [email protected]

Description:

Testing done:

Affected area: | Functional Area | | | -------------------------- | --- | | New Functionality | [ ] | | CI System | [ ] | | CLI Tool | [ ] | | Certificate Management | [ ] | | Control Plane | [ ] | | Demo | [ ] | | Documentation | [ ] | | Egress | [ ] | | Ingress | [ ] | | Install | [ ] | | Networking | [ ] | | Observability | [ ] | | Performance | [ ] | | SMI Policy | [ ] | | Security | [ ] | | Sidecar Injection | [ ] | | Tests | [ ] | | Upgrade | [ ] | | Other | [x ] |

Please answer the following questions with yes/no.

Does this change contain code from or inspired by another project?

Did you notify the maintainers and provide attribution?

Is this a breaking change?

Has documentation corresponding to this change been updated in the osm-docs repo (if applicable)?
opened by mudit-01 3
build(deps): bump helm.sh/helm/v3 from 3.10.0 to 3.10.3
Bumps helm.sh/helm/v3 from 3.10.0 to 3.10.3.

Release notes

Sourced from helm.sh/helm/v3's releases.

Helm v3.10.3

v3.10.3

Helm v3.10.3 is a security (patch) release. Users are strongly recommended to update to this release.

While fuzz testing Helm, provided by the CNCF:

a possible stack overflow was discovered with the strvals package. Stack overflow cannot be recovered from in Go. This can potentially be used to produce a denial of service (DOS) for SDK users. More details are available in the advisory.

a possible segmentation violation was discovered with the repo package. Some segmentation violations cannot be recovered from in Go. This can potentially be used to produce a denial of service (DOS) for SDK users. More details are available in the advisory.

a possible segmentation violation was discovered with the chartutil package. This can potentially be used to produce a denial of service (DOS) for SDK users. More details are available in the advisory

The community keeps growing, and we'd love to see you there!

Join the discussion in Kubernetes Slack:

for questions and just to hang out

for discussing PRs, code, and bugs

Hang out at the Public Developer Call: Thursday, 9:30 Pacific via Zoom

Test, debug, and contribute charts: ArtifactHub/packages

Installation and Upgrading

Download Helm v3.10.3. The common platform binaries are here:

MacOS amd64 (checksum / 77a94ebd37eab4d14aceaf30a372348917830358430fcd7e09761eed69f08be5)

MacOS arm64 (checksum / 4f3490654349d6fee8d4055862efdaaf9422eca1ffd2a15393394fd948ae3377)

Linux amd64 (checksum / 950439759ece902157cf915b209b8d694e6f675eaab5099fb7894f30eeaee9a2)

Linux arm (checksum / dca718eb68c72c51fc7157c4c2ebc8ce7ac79b95fc9355c5427ded99e913ec4c)

Linux arm64 (checksum / 260cda5ff2ed5d01dd0fd6e7e09bc80126e00d8bdc55f3269d05129e32f6f99d)

Linux i386 (checksum / 592e98a492cb782aa7cd67e9afad76e51cd68f5160367600fe542c2d96aa0ad4)

Linux ppc64le (checksum / 93cdf398abc68e388d1b46d49d8e1197544930ecd3e81cc58d0a87a4579d60ed)

Linux s390x (checksum / 6cfa0b9078221f980ef400dc40c95eb71be81d14fdf247ca55efedb068e1d4fa)

Windows amd64 (checksum / 5d97aa26830c1cd6c520815255882f148040587fd7cdddb61ef66e4c081566e0)

This release was signed with F126 1BDE 9290 12C8 FF2E 501D 6EA5 D759 8529 A53E and can be found at @hickeyma keybase account. Please use the attached signatures for verifying this release using gpg.

The Quickstart Guide will get you going from there. For upgrade instructions or detailed installation notes, check the install guide. You can also use a script to install on any system with bash.

What's Next

3.11.0 is the next feature release and will be on January 18, 2023.

Changelog

Fix backwards compatibility 835b7334cfe2e5e27870ab3ed4135f136eecc704 (Martin Hickey)

Update string handling 3caf8b586b47e838e492f9ec05396bf8c5851b92 (Martin Hickey)

Update repo handling 7c0e203529d4b9d51c5fe57c9e0bd9df1bd95ab4 (Martin Hickey)

Update schema validation handling f4b93226c6066e009a5162d0b08debbf3d82a67f (Martin Hickey)

Helm v3.10.2 is a patch release. Users are encouraged to upgrade for the best experience. Users are encouraged to upgrade for the best experience.

... (truncated)

Commits

835b733 Fix backwards compatibility

3caf8b5 Update string handling

7c0e203 Update repo handling

f4b9322 Update schema validation handling

50f003e fix a few function names on comments

c3a62f7 redirect registry client output to stderr

727bdf1 Readiness & liveness probes correct port

9f88ccb Updating the deb location for azure cli

a59afc4 Updating the repo the azure cli is installed from

35af809 Updating to kubernetes 1.25.2 packages

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

dependencies
opened by dependabot[bot] 1
Appended version check
Now OSM CLI version check will happen regardless of any K8s cluster

Signed-off-by: mudit singh [email protected]

Description: Earlier the OSM CLI version check only happened when there is K8s cluster present as below If no K8s cluster is present below is the output

Testing done: Yes Manual testing done below are the screenshots With K8s cluster

Without K8s cluster

Affected area: | Functional Area | | | -------------------------- | --- | | New Functionality | [ ] | | CI System | [ ] | | CLI Tool | [ X] | | Certificate Management | [ ] | | Control Plane | [ ] | | Demo | [ ] | | Documentation | [ ] | | Egress | [ ] | | Ingress | [ ] | | Install | [ ] | | Networking | [ ] | | Observability | [ ] | | Performance | [ ] | | SMI Policy | [ ] | | Security | [ ] | | Sidecar Injection | [ ] | | Tests | [ ] | | Upgrade | [ ] | | Other | [ ] |

Please answer the following questions with yes/no.

Does this change contain code from or inspired by another project?

Did you notify the maintainers and provide attribution? No

Is this a breaking change? No

Has documentation corresponding to this change been updated in the osm-docs repo (if applicable)?
opened by mudit-01 2
OSM v1.2 Upgrade not working for CRD schema changes due to reconciler.
Bug description:

When upgrading from v1.1.1 (or any previous version of OSM that doesn't have the httpRoutes field in the UpstreamTrafficSetting CRD -> v1.2.2 with enableReconciler: true set upon both installation and upgrades (ex: osm mesh upgrade --set ...), the CRD schema change is not persisting - when testing locally, the osm bootstrap pod logs (via local dev version of osm-bootstrap I configured) outputs the correct schema when updating the spec. However, it seems like the reconciler is reverting the UpstreamTrafficSetting back to the previous v1.1.1 version and removing the httpRoutes field. This causes OSM v1.2.2 to fail the ratelimit e2e test, as ratelimit configurations are done via setting the httpRoutes spec in the Upstream Traffic Setting.

Affected area (please mark with X where applicable):

Install [X]

SMI Traffic Access Policy [ ]

SMI Traffic Specs Policy [ ]

SMI Traffic Split Policy [ ]

Permissive Traffic Policy [ ]

Ingress [ ]

Egress [ ]

Envoy Control Plane [ ]

CLI Tool [ ]

Metrics [ ]

Certificate Management [ ]

Sidecar Injection [ ]

Logging [ ]

Debugging [ ]

Tests [X]

Demo [ ]

CI System [X]

Expected behavior: UpstreamTrafficSetting for v1.2 should still have the httpRoutes field when upgrading from v1.1 -> v1.2 with the reconciler enabled.

Steps to reproduce the bug (as precisely as possible):

How was OSM installed?:

Anything else we need to know?:

Bug report archive:

Environment:

OSM version (use osm version): Upgrading from v1.1.1 -> v1.2.2 with --set=osm.enableReconciler=true

Kubernetes version (use kubectl version):

Size of cluster (number of worker nodes in the cluster):

Others:
opened by nshankar13 0
Support Headless Services for Deployments as well
Please describe the Improvement and/or Feature Request

Support for K8s Headless services has been introduced with https://github.com/openservicemesh/osm/issues/3477

However the same kind of support would be helpful for K8s Deployments as well.

To avoid overloading the generated Envoy config and increase resource consumption (most likely it needs to be a Listener per backend Pod?), the feature should be made opt-in per K8s Service, probably leveraging an annotation.

Scope (please mark with X where applicable)

New Functionality [x]

Install [ ]

SMI Traffic Access Policy [ ]

SMI Traffic Specs Policy [ ]

SMI Traffic Split Policy [ ]

Permissive Traffic Policy [ ]

Ingress [ ]

Egress [ ]

Envoy Control Plane [ ]

CLI Tool [ ]

Metrics [ ]

Certificate Management [ ]

Sidecar Injection [ ]

Logging [ ]

Debugging [ ]

Tests [ ]

CI System [ ]

Demo [ ]

Project Release [ ]

Possible use cases

There are some scenarios where an application requires custom routing of requests to downstream Pods, without relying on the load balancing offered by the Mesh (e.g. when using extra contextual information, and only leveraging the Mesh for mTLS and observability features).
opened by lorenzo-biava 1
Unable to connect to grps end point using nginx endpoint
Bug description: I am using the docker-desktop and enabled the kubernets to deploy some of the microservices. as part of my testing, I have deployed a sample grpc service and created the ingress endpoint which is working fine with below configuration. apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: demo-test labels: app: demoservice-v10 annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: "GRPC" nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/cors-allow-headers: "TenantId,UserId,x-user-agent,authorization,grpc-accept-encoding,grpc-timeout,Access-Control-Allow-Origin,Access-Control-Allow-Credentials,Cache-Control,Access-Control-Allow-Headers,content-type,pragma" nginx.ingress.kubernetes.io/cors-allow-origin: "https://aigcdnstorageacct.z22.web.core.windows.net,https://hsprdemoapp.azurewebsites.net" nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/rewrite-target: /$2 nginx.ingress.kubernetes.io/proxy-read-timeout: "300" nginx.ingress.kubernetes.io/proxy-body-size: 10m cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/configuration-snippet: | more_set_headers "X-Frame-Options: DENY"; more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "Referrer-Policy: strict-origin"; more_set_headers "Permissions-Policy: geolocation=(self)"; more_set_headers "Content-Security-Policy: img-src 'self' data:"; spec: rules:

host: demtest.127.0.0.1.nip.io http: paths:

path: / pathType: Prefix backend: service: name: demoservice-v10 port: name: grpc
tls:

hosts: demtest.127.0.0.1.nip.io secretName: tls-secret

Then, i have installed the OSM in local cluster, added the corresponding namespace to the mesh(with proper label and annotation). Then I have restarted the services, I could see that the envoy proxy is injected for the pod.

I have followed the example given in https://release-v0-11.docs.openservicemesh.io/docs/demos/ingress_k8s_nginx/ to enable the https ingress endpoint with below configuration.

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: demoosm-test namespace: demo labels: app: demoservice-v10 annotations: nginx.ingress.kubernetes.io/backend-protocol: "GRPC" nginx.ingress.kubernetes.io/configuration-snippet: | proxy_ssl_name "demoservice-v10.uop.cluster.local"; nginx.ingress.kubernetes.io/proxy-ssl-secret: "osm-system/osm-nginx-client-cert" nginx.ingress.kubernetes.io/proxy-ssl-verify: "on" spec: ingressClassName: nginx rules:

host: demtest-osm.127.0.0.1.nip.io http: paths:

path: / pathType: Prefix backend: service: name: demoservice-v10 port: name: grpc

kind: IngressBackend apiVersion: policy.openservicemesh.io/v1alpha1 metadata: name: demoosm-test namespace: uop spec: backends:

name: demoosm-test port: number: 8080 protocol: http tls: skipClientCertValidation: true sources:

kind: Service namespace: ingress-nginx name: nginx-ingress-controller

kind: AuthenticatedPrincipal name: ingress-nginx.ingress-nginx.cluster.local

But, I am not able to get access to the service endpoint using the ingress endpoint. I am getting below errors from the nginx-controller: 2022/11/09 16:43:28 [error] 2087#2087: *582044 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 192.168.65.3, server: demotest-osm.127.0.0.1.nip.io, request: "GET / HTTP/2.0", upstream: "grpc://10.1.3.138:8080", host: "demotest-osm.127.0.0.1.nip.io"

Getting below error from the osm-controller:

2022-11-09T22:08:42+05:30 {"level":"error","component":"envoy/lds","time":"2022-11-09T16:38:42Z","file":"inmesh.go:487","message":"Cannot build outbound filter chain, unsupported protocol https for traffic match outbound_ingress-nginx/ingress-nginx-controller_443_https"} 2022-11-09T22:08:42+05:30 {"level":"error","component":"envoy/lds","time":"2022-11-09T16:38:42Z","file":"inmesh.go:487","message":"Cannot build outbound filter chain, unsupported protocol https for traffic match outbound_ingress-nginx/ingress-nginx-controller-admission_443_https"} 2022-11-09T22:08:42+05:30 {"level":"info","component":"envoy/rds","time":"2022-11-09T16:38:42Z","file":"response.go:127","message":"RDS did not fulfill all requested resources (diff: Set{}). Fulfill with empty RouteConfigs."}

And below are trace/debug messages from the envoy proxy running in the pod: [2022-11-09 16:46:37.881][19][debug][filter] [source/extensions/filters/listener/original_dst/original_dst.cc:20] original_dst: new connection accepted [2022-11-09 16:46:37.881][19][trace][filter] [source/extensions/filters/listener/original_dst/original_dst.cc:66] original_dst: set destination to 10.1.3.138:8080 [2022-11-09 16:46:37.881][19][debug][conn_handler] [source/server/active_stream_listener_base.cc:34] closing connection from 10.1.3.145:60880: no matching filter chain found

I have been trying to chase this problem, but could not succeed, and I can't proceed further.

FYI... I have tried Istio for the same service, it was working without any issues... i guess it might be a problem with osm configuration.

Affected area (please mark with X where applicable):

Install [ ]

SMI Traffic Access Policy [ ]

SMI Traffic Specs Policy [ ]

SMI Traffic Split Policy [ ]

Permissive Traffic Policy [ ]

Ingress [ X]

Egress [ ]

Envoy Control Plane [X ]

CLI Tool [ ]

Metrics [ ]

Certificate Management [X ]

Sidecar Injection [ ]

Logging [ ]

Debugging [ ]

Tests [ ]

Demo [ ]

CI System [ ]

Expected behavior: The ingress should be able to reach to the service endpoint.

Steps to reproduce the bug (as precisely as possible): I have explained above. How was OSM installed?: OSM was installed using the helm charts with below overrides:

the original file is available https://github.com/openservicemesh/osm/blob/release-v0.11/charts/osm/values.yaml

OpenServiceMesh:

Enable permissive traffic policy mode

enablePermissiveTrafficPolicy: true

Log level for the Envoy proxy sidecar. Non developers should generally never set this value. In production environments the LogLevel should be set to error

envoyLogLevel: trace

Enable the debug HTTP server on OSM controlle

enableDebugServer: true

When enabled, fine grained control over Egress (external) traffic is enforced

Enable egress in the mesh

enableEgress: true

-- Enable mesh-wide HTTPS ingress capability (HTTP ingress is the default)

useHTTPSIngress: true

Anything else we need to know?:

Bug report archive:

Environment:

OSM version (use osm version):

Kubernetes version (use kubectl version):

Size of cluster (number of worker nodes in the cluster):

Others:

kind/bug
opened by rcpandula 39

Releases(v1.2.3)

v1.2.3(Dec 14, 2022)
Notable Changes

Deprecation Notes

CRD Updates

No CRD changes between tags v1.2.2 and v1.2.3

Changelog

Release v1.2.3 368fda991a7bc78cb7a863be5d3e6d9c4e889af7 (Keith Mattix II)

bump version of go to 1.19 (#4972) 8ed34f8ba62eb5cb11add9b58eb010cf2870b40c (steeling)

Upgrade cert-manager to v1.10.0 (#5230) 56679ed53b4f1a1860d9d2a4ca62193fd59108f1 (Keith Mattix II)

Add @shalier as CODEOWNERS (#5264) 7eefefe9067dfa0877dfdeb4e430713492a243ac (Keith Mattix II)

Add @shalier as a codeowner maintainer (#5261) 9559491892fa2213d62461965c8bff5721df0761 (Thomas Stringer)

Move snehachhabria and draychev to emeritus status (#5260) 9f8e06a9554bc4a8e521039513a534603f3e0289 (Thomas Stringer)

Allow all headless services, not just those backed by Statefulsets with subdomains (#5250) 25c8e53d1803e6d4c6ed9f6e5b6ddb3e600cb891 (Keith Mattix II)

Source code(tar.gz)
Source code(zip)
osm-v1.2.3-darwin-amd64.tar.gz(20.79 MB)
osm-v1.2.3-darwin-amd64.zip(20.79 MB)
osm-v1.2.3-darwin-arm64.tar.gz(19.98 MB)
osm-v1.2.3-darwin-arm64.zip(19.98 MB)
osm-v1.2.3-linux-amd64.tar.gz(19.58 MB)
osm-v1.2.3-linux-amd64.zip(19.58 MB)
osm-v1.2.3-linux-arm64.tar.gz(17.66 MB)
osm-v1.2.3-linux-arm64.zip(17.66 MB)
osm-v1.2.3-windows-amd64.tar.gz(19.73 MB)
osm-v1.2.3-windows-amd64.zip(19.73 MB)
sha256sums.txt(953 bytes)
v1.2.2(Oct 21, 2022)
Notable Changes

Deprecation Notes

CRD Updates

No CRD changes between tags v1.2.1 and v1.2.2

Changelog

chore(release): Bump Chart.yaml to 1.2.2 (#5215) 6815b679c1b182bace25abc16de5afb494777283 (Shalier Xia)

Fixes CVE-2022-27664 and CVE-2022-32149 d503b998e3351c06e2a416bb160f84f6b0b4d4dd (Shalier Xia)

[backport] cherry-pick 05e31c4 into release-v1.2 817a340dab25bf02c7bb39275e9aa586dac13f10 (Sanya Kochhar)

[backport] cherry-pick 988003b into release-v1.2 b26adc14d68397860fabeedfff84ccfe119085e8 (Sanya Kochhar)

[backport] cherry-pick 9858c75 into release-v1.2 dd698bbef9c550bc73d77a5d44470f9821d2f778 (Keith Mattix II)

[backport] cherry-pick a016262 to release-v1.2 71e6847904033421ba2c7a69339b978957879083 (steeling)

Source code(tar.gz)
Source code(zip)
osm-v1.2.2-darwin-amd64.tar.gz(19.84 MB)
osm-v1.2.2-darwin-amd64.zip(19.84 MB)
osm-v1.2.2-darwin-arm64.tar.gz(20.08 MB)
osm-v1.2.2-darwin-arm64.zip(20.08 MB)
osm-v1.2.2-linux-amd64.tar.gz(18.65 MB)
osm-v1.2.2-linux-amd64.zip(18.65 MB)
osm-v1.2.2-linux-arm64.tar.gz(17.12 MB)
osm-v1.2.2-linux-arm64.zip(17.12 MB)
osm-v1.2.2-windows-amd64.tar.gz(18.89 MB)
osm-v1.2.2-windows-amd64.zip(18.89 MB)
sha256sums.txt(953 bytes)
v1.1.3(Oct 20, 2022)
Notable Changes

Deprecation Notes

CRD Updates

No CRD changes between tags v1.1.2 and v1.1.3

Changelog

chore(release) bump Chart.yaml version to 1.1.3 (#5216) 5397803cc97a25638a5d405b160c0ce400e512c7 (Shalier Xia)

Fixes CVE-2022-27664 and CVE-2022-32149 40901f79d80c2f12d5fa103ca8180e5065a5446a (Shalier Xia)

[backport] cherry-pick 05e31c4 into release-v1.1 32fb680beea0429691d9b96600ecac59b54ce747 (Sanya Kochhar)

[backport] cherry-pick 988003b into release-v1.1 8f6cf95417ded2c7e41a3b75c90e0ede36633e0a (Sanya Kochhar)

[backport] cherry-pick 9858c75 into release-v1.1 170b3334a75acf7bfe2157a509135c05f6c11971 (Keith Mattix II)

[backport] cherry-pick a016262 to release-v1.1 a54a55c6271515aee12cbee3bec514f028021515 (steeling)

Source code(tar.gz)
Source code(zip)
osm-v1.1.3-darwin-amd64.tar.gz(17.55 MB)
osm-v1.1.3-darwin-amd64.zip(17.55 MB)
osm-v1.1.3-darwin-arm64.tar.gz(17.52 MB)
osm-v1.1.3-darwin-arm64.zip(17.53 MB)
osm-v1.1.3-linux-amd64.tar.gz(16.60 MB)
osm-v1.1.3-linux-amd64.zip(16.61 MB)
osm-v1.1.3-linux-arm64.tar.gz(15.14 MB)
osm-v1.1.3-linux-arm64.zip(15.14 MB)
osm-v1.1.3-windows-amd64.tar.gz(16.81 MB)
osm-v1.1.3-windows-amd64.zip(16.81 MB)
sha256sums.txt(953 bytes)
v1.2.1(Sep 7, 2022)
Notable Changes

Deprecation Notes

CRD Updates

No CRD changes between tags v1.2.0 and v1.2.1

Changelog

bump Chart.yaml version to v1.2.1 (#5082) 76db0c6d81c67b1434bd248f0463ca43870862cb (Shalier Xia)

[backport] cherry-pick 68e99ebb to release-v1.2 (#5069) 0b6a18f080d3e29922332464ffa81a8457f847e1 (Shalier Xia)

[backport] cherry-pick commit 15e46da to release-v1.2 (#5063) d2175d3bbba39630fdecc31f155c2184a37ffa5b (Niranjan Shankar)

Source code(tar.gz)
Source code(zip)
osm-v1.2.1-darwin-amd64.tar.gz(19.85 MB)
osm-v1.2.1-darwin-amd64.zip(19.85 MB)
osm-v1.2.1-darwin-arm64.tar.gz(20.08 MB)
osm-v1.2.1-darwin-arm64.zip(20.08 MB)
osm-v1.2.1-linux-amd64.tar.gz(18.65 MB)
osm-v1.2.1-linux-amd64.zip(18.65 MB)
osm-v1.2.1-linux-arm64.tar.gz(17.12 MB)
osm-v1.2.1-linux-arm64.zip(17.12 MB)
osm-v1.2.1-windows-amd64.tar.gz(18.89 MB)
osm-v1.2.1-windows-amd64.zip(18.89 MB)
sha256sums.txt(953 bytes)
v1.1.2(Sep 6, 2022)
Notable Changes

Remove crdconversion webhooks to fix circular dependency bug

Deprecation Notes

CRD Updates

No CRD changes between tags v1.1.1 and v1.1.2

Changelog

bump Chart.yaml to v1.1.2 (#5083) cc859d5562709c0c52379dab267b4bfc425790f4 (Shalier Xia)

[backport] cherry-pick 68e99eb to release-v1.1 (#5071) 2bb5ad55f27176aa920d545dcc3b26b20a3a0a41 (Niranjan Shankar)

[backport] add root path ingress e2e test (#4756) (#4765) fff4b0cc7c2d159cc21c0169eca73093fb81a3ec (Niranjan Shankar)

Source code(tar.gz)
Source code(zip)
osm-v1.1.2-darwin-amd64.tar.gz(17.55 MB)
osm-v1.1.2-darwin-amd64.zip(17.55 MB)
osm-v1.1.2-darwin-arm64.tar.gz(17.53 MB)
osm-v1.1.2-darwin-arm64.zip(17.53 MB)
osm-v1.1.2-linux-amd64.tar.gz(16.60 MB)
osm-v1.1.2-linux-amd64.zip(16.61 MB)
osm-v1.1.2-linux-arm64.tar.gz(15.14 MB)
osm-v1.1.2-linux-arm64.zip(15.14 MB)
osm-v1.1.2-windows-amd64.tar.gz(16.81 MB)
osm-v1.1.2-windows-amd64.zip(16.81 MB)
sha256sums.txt(953 bytes)
v1.2.0(Jul 20, 2022)
Notable changes

Custom trust domains (i.e. certificate CommonNames) are now supported

The authentication token used to configure the Hashicorp Vault certificate provider can now be passed in using a secretRef

Envoy has been updated to v1.22 and uses the envoyproxy/envoy-distroless image instead of the deprecated envoyproxy/envoy-alpine image.

This means that kubectl exec -c envoy ... -- sh will no longer work for the Envoy sidecar

Added support for Kubernetes 1.23 and 1.24

Rate limiting: Added capability to perform local per-instance rate limiting of TCP connections and HTTP requests.

Statefulsets and headless services have been fixed and work as expected

Breaking Changes

The following metrics no longer use the label common_name, due to the fact that the common name's trust domain can rotate. Instead 2 new labels, proxy_uuid and identity have been added.

osm_proxy_response_send_success_count

osm_proxy_response_send_error_count

osm_proxy_xds_request_count

Support for Kubernetes 1.20 and 1.21 has been dropped

Multi-arch installation supported by the Chart Helm by customizing the affinity and nodeSelector fields

Root service in a TrafficSplit configuration must have a selector matching the pods backing the leaf services. The legacy behavior where a root service without a selector matching the pods backing the leaf services is able to split traffic, has been removed.

CRD Updates

No CRD changes between tags v1.1.1 and v1.2.0

Changelog

chore(release): cut v1.2.0 (#4927) 893ff8722a65bbfc2afa6e416bdca88c58393d00 (Jon Huhn)

chore(release): add missing cherry picks (#4932) 4c832d1e49c20006abc818f859365d0488c77890 (Jon Huhn)

fix: update v1.2 release notes (#4916) (#4918) 929c114e5c52aa57a2c93df4af49b117b2cca110 (Jackie Elliott)

demo/scripts: fix bookstore app label and container name (#4910) 9749020d71c5ed301ceca89210f4f2c8bdcfc5f5 (Shashank Ram)

[backport] traffic-split: update root service selector & targetPort usage (#4902) (#4905) f5f360388c397bd26fee17782380f59a95d324c6 (Shashank Ram)

Fix Contour helm chart (#4901) 951d403b34e12cab5a3c520be41ea324ef54f360 (Keith Mattix II)

update release versions and image digests (#4886) d40f9b8cea95f6910487334ebc9544795a1e090d (steeling)

rename test files to include _test suffix (#4882) 3a7c924c9ebdedf9513220fc5d1c527b933f71b9 (steeling)

Modify release notes (#4865) 84e2bf17186140cf1e2301171910ac9cad83267e (Keith Mattix II)

Plumb trust domain through to helm chart (#4877) c0264ecc33d23cddc6993ef352e7ddc7a34b75f5 (Keith Mattix II)

Add GitHub Action to require size and kind labels (#4876) 4da737e20b5567f7b537c2822fd91290bd014503 (Thomas Stringer)

ref: use binary flag to enable use of MeshRootCertificate (#4871) aa1abf19209feba546fcce471e856ec5f90144a6 (Jackie Elliott)

test((benchmark): add Golang benchmark test cases c7036e71106957a15e8ac12d29e87ff8a9bc0baa (Allen Leigh)

small cert related changes. (#4870) fa17242a34b39d87b6555774795563aede46efaa (steeling)

Refactor Envoy bootstrap from BuildFromConfig() to Builder{}.Build() + health probe tests (#4858) 3bf989adef0b3dd617edcec3d1c56ec73d56ba0c (steeling)

Abstract webhook logic to prepare for rotating certificates (#4833) c8d7559b8303f8df8da52dcf8d050600d7826a3e (steeling)

Ignore CODEOWNERS and OWNERS for CI (#4867) 2b7c78113c0b42dea9846bacf4e4c542ce6eedfd (Thomas Stringer)

self-nominate steeling as a maintainer (#4824) 854edda7e20135649396e4fdf2b2ca730ade58e0 (steeling)

Add @keithmattix as a codeowner maintainer (#4861) 9d5e44242ca0171b1cf8347ec70bec112ead76ef (Thomas Stringer)

Don't allow envoy sidecar privilege escalation (#4860) 80de3bb5c1108ffc1964380dbe2573eef2af2497 (Keith Mattix II)

Fix MRC status (#4856) bb007fd301d570f2cbb4ea89f394025036913dfb (Keith Mattix II)

validator: validate HTTP rate limiting status code (#4857) 4a1b9938659cd0bbaa3870041e9084797ad9f841 (Shashank Ram)

release-notes: add rate limiting to v1.2 notes (#4859) 9222555e1c001fd432348f718ac2c5ca23f03264 (Shashank Ram)

Separate bootstrap building logic into the envoy/bootstrap package (#4838) 226ee6499208fb2871f77660208b778661db9652 (steeling)

Customize affinity, nodeSelectors and tolerations in values.yaml (#4842) 45b19ead429a3863d9921f72628d96ea9b5bec14 (Shalier Xia)

fix: update configClient call and logging (#4854) d970b249aa4a5ba4624a4bd9f4e2374a4ed0bab2 (Jackie Elliott)

feat(certs): get Vault token from Secret (#4753) baff85f1ff1bde9212a1a9addede3a25b90fe72c (Jackie Elliott)

Fix flaky e2e tests (#4844) 4a3d57da27b75dba7124c8e7af769f21dbf59641 (Keith Mattix II)

rate-limiting: add HTTP local rate limiting capability (#4846) f3966a3cfd1886056ad873110de3f9bbbe265f4b (Shashank Ram)

install: use friendlier defaults for egress and permissive mode (#4837) 8fd236e8e104279b4d951a32720e06f4257fd80a (steeling)

Update Kubernetes version testing (#4836) 831f0234acba4f16dc650546c22072794ab55712 (Thomas Stringer)

envoy: update to latest version and fix typed proto usage (#4834) 08c646bec77a56c466ca6a942bcad7aff717769e (Shashank Ram)

fix(certs): update checkAndRotate to use current durations (#4800) 28b32389bb8d792d2ac2f8ab8433b647a4a0926d (Jackie Elliott)

cli: Shows message for no meshes (#4738) 905005f779f0c372a3b018a3f693b6d124e81432 (mudit singh)

Fix failing e2es with GinkgoRecover and resolve CVE-2022-28948 (#4832) 8da8732bced2812f5c3ac72cfd672b64ddb1ce05 (Jackie Elliott)

cert: Use MRCs on startup (#4816) 30885c986a29bfcedb21c18425a1bf37357aa502 (Keith Mattix II)

start with a clean slate for future multicluster work (#4805) e3700d67751a98d09f3a40f45e5dfedc8e2a933f (steeling)

feat(certs): use State for MeshRootCertificate status (#4812) 46b71656841e52ba0a5a8763244f5bd8c916f55b (schristoff)

Leverage trust domain in issuing certs; remove TD from identity (#4782) 5ab34a3b7e9577265f86dadf12fc790775891ad8 (steeling)

doc: use lower case for "cloud native" (#4792) 8b1c3cceabf6134e0e13f410e92da7faaf46574f (mudit singh)

rate-limit: implement connection level local rate limiting (#4823) ac2786869c7fac7f21cdf82166be9f02de86ab38 (Shashank Ram)

cli: Improved error handling (#4808) 327b5b088a99ba6a096cc15089c2b4fe9bab59de (mudit singh)

envoy/cds: add nil check for ConnectionSettings (#4821) a5b37165c9d70dc9edfdd5eaa74f850beff3aaa6 (Shashank Ram)

ref(contributors): update contributor roles and requirements (#4776) 5ee33f31e01148f4b4c418d9f5fee75c46be578d (Shalier Xia)

envoy|catalog: use TrafficMatch to build inbound filter config (#4814) 3f7296990c2665098958c38afc87be952efe8db2 (Shashank Ram)

Resolve CVE-2022-31030 by upgrading containerd to v1.5.13 (#4813) c90f07ae5a192ac0b86f86a3d35aa14c347c1625 (Thomas Stringer)

(k8s/informers): use InformerCollection for other clients (#4804) 241e8ae27e8269bd2e51c98a135d748b30921ddb (Keith Mattix II)

rate-limiting: plumb config into inbound policies (#4807) 7046cf28d0b1e94214f07b9cd9350ecc6c0a05de (Shashank Ram)

Set (empty) trust domain on listener builder (#4802) 3061b05634c365d9cbc936f835549d7b7b615886 (steeling)

rate-limiting: add spec to UpstreamTrafficSetting CRD (#4803) 76ff532c76278aea9e8bec71801585e01bf3db04 (Shashank Ram)

k8s/informers: centralize informers to simplify code (#4801) 47c06ab0dad371ba51f1319b2127b552158cf456 (Keith Mattix II)

docs(README): move support to a community support file (#4785) 914e8f3d8cbbe316b3ea1211411c84e3afa33f5b (Zach Rhoads)

Remove unused code paths and switch the policy object to a policy builder (#4791) eb281e55d615eff5ff20f3729010ca965f56398a (steeling)

apis: add local rate limiting to UpstreamTrafficSetting (#4796) 1e73ba341d94b8a8118def5d332118a2a74855af (Shashank Ram)

docs(contrib): add security.md (#4722) 0ba8d42debafebebda9dc22978af53018290f0ca (schristoff)

Increase retry timeout cert-manager (#4795) 412fbcbe4fbae7d7ae6c140441bd5ad16dc69bbe (Niranjan Shankar)

ref(*): remove CN from *envoy.Proxy (#4773) c318b686e13bd63836f2e2abb92a9994b56558fa (steeling)

demo: Add scripts for Kafka demo (#4770) d3596c0c7bee331609ccdac7714c3dcdea4b5a81 (Keith Mattix II)

ref(certs): mrc ca handling (#4781) 6045fb7111f4a5ed614e34152b78ae1ddb4f8788 (Keith Mattix II)

feat(metrics): add osm_reconciliation_total metric (#4788) 7de17d7797b25e5bf5116e64aee017dd8e61c2da (Jon Huhn)

fix(e2e): add openshift SCC zookeeper (#4787) dd5ec72e5662d1c7a0dc54e2e42843b86ce381d6 (Niranjan Shankar)

feat(certs): add trust domain to mesh root certificate (#4767) c24012f334a5c506d9b9a737eb383d981a253abc (steeling)

Decouple certificate common name from proxy registry (#4763) 436e24f52e7e32e81feb34b408e614036f636e48 (steeling)

test(*): add retry policy e2e (#4600) 28ed5319897c3c5fefc34ab876517bebc11f8372 (Shalier Xia)

ref(ci): update actions/setup-go to v3 db7148222b62b837162370cde9839c185f46b594 (Jon Huhn)

ref(ci): run tests/scenarios as unit tests 6c38317181deec375be0d852cb64d4b5ee489b1e (Jon Huhn)

Decouple certificate common name from various components (#4759) ae53c47217409e8f9e75cd45e851a809b1e71bad (steeling)

Fix CVE-2022-28948 by patching gopkg.in/yaml.v3 (#4771) 324a1a72a222f3db8e3889d7eda7b1c9829bb4f8 (Thomas Stringer)

ref(e2e): move k8s version test config to CI 5ec3e75a13d43f6ac34c32f7bfd8036326707540 (Jon Huhn)

ref(ci): remove PR/push distinction in e2e tests f73b9af0698d0e71a99bffce1240384e9465a455 (Jon Huhn)

feat(certs): create MRC on install (#4747) 7ddd4d185e3715973860bed60eaf66b38ed68b29 (Jackie Elliott)

remove unused code paths (#4758) 27ab5a7266dd3ef24b60b104b6a576a57aff2f30 (steeling)

Add root path ingress e2e test (#4756) 15f0a18f5646b9ebedd61b8b637dc09ef3a61539 (Niranjan Shankar)

fix(vulnerability): patch runc security issue by upgrading to v1.1.2 (#4760) 21d3e60f04c11525d07f83d52e0cb244ec47b3dd (Thomas Stringer)

contrib: add guideline for design docs (#4757) a241cba677f1298c050aec03d30fcac9214830c0 (Shashank Ram)

feat(cert): cert rotation state management (#4743) ecc4e6713cc87a51a28bf2a1ed3d74a34b9c9d54 (steeling)

Feature/statefulsets: fix protocol detection for ports (#4752) 9b11d76e5583a74e56d07c57786cbe56bf9953c2 (Keith Mattix II)

remove head of line blocking from workerpool (#4648) d1ef8b13e09724cb0e501b9560904b29732f3618 (steeling)

cli/verifier: add control plane health probe checks (#4751) dd42d04b2dd1140975370ce1adb97aeb4ed989a4 (Shashank Ram)

(feat/statefulsets): MeshService API changes for Headless Services (#4704) 0af42df42c136e34639eb926c589ae0a5b0065ba (Keith Mattix II)

fix(demo): remove unneeded port-forward for bookstore (#4740) 3395da58f49df2ec50481c791a50345d322f51a3 (Jon Huhn)

ref(certs): use secretKeyRef for Vault token in MRC (#4736) 855776a1cd8aa448c92a9bec6dedac1069be3bc7 (Jackie Elliott)

cli/verifier: use pod status conditions for readiness check (#4749) 9ffa3d38c4c261df57bbbb3233f64f54bf68c9c2 (Shashank Ram)

ref(certs): unexport methods on cert manager (#4742) 21bc67dc31f4f8d235b32981708c6e0d2f7069a6 (steeling)

cli/verifier: add ingress verification (#4715) ec9b9f92379fe972a9e1363bcfbea5dfa6df7d6b (Keith Mattix II)

feat(certificate): create a compat layer for provider generation (#4718) 00bc36338dd1fea4171af5d87dbf6ed5a8a0229f (steeling)

feat(envoy): allow websocket upgrade for all http connections (#4741) 96e0879ee3246a08d9c8c3500a31342a9c6b1751 (Martin Andreas Ullrich)

cli/verifier: add control-plane-health command (#4734) fc638c334b607cc9f3987e75812c964df208e2f7 (Shashank Ram)

feat(api/MeshRootCertificate): add informer client (#4721) 5a885ef60653fb4c987c847b33ece14bad56dfba (Jackie Elliott)

chore(release): update chart version (#4730) 102baf57c514003f1a45d31d4b3dc78bdcbed602 (Jon Huhn)

cli/verifier: add cluster check for egress (#4729) 53a22380667a95ccf79fb75aff8a2c46e5f1b2a5 (Shashank Ram)

fix(demo): default USE_PRIVATE_REGISTRY to false (#4727) 6a5e6892480351a1cfa21fb0bca1098e6e2ddc80 (Jon Huhn)

refactor(cmd/cli): update uninstall cmd (#4664) 76d177f5b47ac1838f21c3307fbb838cbd64f564 (Shalier Xia)

egress: add cli verifier and rename traffic match (#4724) a6d71d2e7e6ac5c1703fadf0e29bbf575ad016bb (Shashank Ram)

policy: Updates retry policy API (#4627) 12780558e3e9b412b431143e2ac6e400dc119897 (Shalier Xia)

ref(cert): update Manager to support mult clients (#4705) a8330dca33af3e1c5fac326dbd6409322a613034 (Jackie Elliott)

cli/verifier: add stubs for egress checks (#4719) 87b709d4316cc6f83677653bbaa929f506df5447 (Shashank Ram)

cli/verifier: verify presence of secrets (#4714) 55bdb17d93d9a527db3bc51c3a64cc3da281aba2 (Shashank Ram)

Fix e2e_client_server_connectivity_test noInstall (#4708) 1e7d22a41f291c8b89fddcbcd5934dc416d0f937 (Niranjan Shankar)

refactor k8s root ca secret access (#4657) bd5247bcb4bb297f061f883ac0a8ea8e63632d00 (steeling)

ref(certs): refactor k8s root ca secret access (#4657) 896fb7af871e7dbf74d4bd27863ef0336105913a (steeling)

crds: add MeshRootCertificate CRD (#4687) 19eb1618a0904275d0d2052d96b296e78d39357a (Jackie Elliott)

docs(contrib): recommend not rewriting git history (#4709) 876579b9a779f83259fd042ba8cc89f919297330 (Jon Huhn)

bugreport: collect more ingress & control plane info (#4703) 13802e81d5af6c217ec95fb834370895dfcd9aff (Shashank Ram)

pkg/injector: Enable podIP proxying via meshconfig setting (#4701) 0ad92c9ae9a617617e99312f87bd2779715bfcf2 (Keith Mattix II)

add the last applied annotation to allow using kubectl apply on the mesh config (#4673) 63715c04ea86c7d03805cf5fdae961e7b7ce4e82 (steeling)

feat(injector): add list of ignored network interfaces (#4700) f922b5c21d2e657b85b5130fcc9fd14b22b8af0b (Jon Huhn)

cli/verifier: check presence of service cluster (#4695) ddd10e2c819d55133b9f2153d3032fa19e65dbb1 (Shashank Ram)

config/meshConfig: New localProxyMode field (#4686) 86690a3cece5a3e41c488980970cc622f77fa50c (Keith Mattix II)

feat(certificates) rework cert manager, integrate rotor (#4645) d4853664a5ee34dfaf7367b54822b307bd19d99e (schristoff)

fix(certificates): fail politely in tresor's cert issuer (#4696) ce2a0e5fccd294baae78cdf77640a3fe38d9b5a3 (schristoff)

cli/verifier: derive appProtocol from service (#4691) 77b4dd80462176224fb540330f9d77d164801d06 (Shashank Ram)

Support pod recreation for the kubectl debug command. (#4688) 0a1653e13222749591f93a5742d0cea6e3309ea5 (steeling)

cli/verifier: verify basic HTTP route configs (#4682) 24a494b2b5921ef63bb3dbe593ced37ffe36dfd2 (Shashank Ram)

Revert "config/meshConfig: New localProxyMode field (#4671)" (#4684) bc3ff995b616c77e7d21099d5339185665d92585 (Keith Mattix II)

config/meshConfig: New localProxyMode field (#4671) (#4680) a8a3dbbe45d80760103b9cb56420adfea753fb6b (steeling)

apis: add MeshRootCertificate API types (#4677) 455887d015e861f7ffaff6b82db2d621bcce1cb9 (Jackie Elliott)

ref(injector): load bootstrap SDS configuration from filesystem (#4635) 0163584e3d3d7bb730f3429e8967e03fbf7e5f50 (Jackie Elliott)

fix(doc): update release guide (#4661) 4f204ddb5ba2c074c9879a93457d6a66aed40a6c (Jon Huhn)

feat(metrics): add osm_events_queued metric (#4670) 4cd4f6af382548538fa451974e2a12c5d817cb4d (Jon Huhn)

config/meshConfig: New localProxyMode field (#4671) 966405b29161ee650d01a8c0ebaa5fe4ed324b79 (Keith Mattix II)

IngressBackend UpstreamTrafficSetting validations (#4640) a54b4048ca2778cbcf6700ed241086ceacb69fd6 (Keith Mattix II)

expose the version information via prometheus (#4679) 1faa13a769825b71cdd41632b36876b32b4688b8 (steeling)

fix: upgrade vulnerable library crypto (#4676) 1550133d9b5c2e7dcea61750f09a96796449ecd0 (allenlsy)

ref(test): migrate e2e app to Fortio (#4631) cf1395e3cf5a6f89a87c4b8eb3e4e8149b83fc5b (allenlsy)

cli/verifier: verify destination for connectivity config (#4672) f04a61397a005fb85f74179166fdb41d6d522e7c (Shashank Ram)

chore(release): Update Chart.yaml to use release v1.1 (#4662) 2f36980f85279ea8ddec80a261fe7bf76743648a (schristoff)

envoy/verifier: add source config checker (#4658) 82492c0b50cb701df50a401018c1cae363208765 (Shashank Ram)

update prometheus v2.34.0 (#4666) f021edde5d81b293f5318bb50bfc841f73381120 (Niranjan Shankar)

tests: move fakes to own sub-package (#4667) 5c966acb814130ca9334714ec4fa75351c4c41e1 (Shashank Ram)

Reword the README note about OSM's production readiness. (#4660) 46781f2bec6db4a6864ecc9ab9c2f0a532f96b40 (Thomas Stringer)

cli/verifier: add Envoy config dump parser (#4646) a918abff99a2106f913302db2fc8705651d2a72d (Shashank Ram)

ref(smi): remove unused kubeClient from smi client (#4643) 95a898f14608224361f4d6eefbeaa463e3f852c5 (Deepesh Pathak)

cli: add verify command (#4639) 9be0fa424290be851f70abe78a633925ae49fb00 (Shashank Ram)

Add --overwrite to kubectl label cmd in osm bootstrap (#4641) af50d175a650e2047b2f59f4604fc88923e1cb60 (Niranjan Shankar)

fix(ci): fix lint (#4629) 9ca8e413895937b8543547b777153a5474f1a2dd (Jon Huhn)

Source code(tar.gz)
Source code(zip)
osm-v1.2.0-darwin-amd64.tar.gz(19.59 MB)
osm-v1.2.0-darwin-amd64.zip(19.59 MB)
osm-v1.2.0-darwin-arm64.tar.gz(19.83 MB)
osm-v1.2.0-darwin-arm64.zip(19.83 MB)
osm-v1.2.0-linux-amd64.tar.gz(18.40 MB)
osm-v1.2.0-linux-amd64.zip(18.39 MB)
osm-v1.2.0-linux-arm64.tar.gz(16.86 MB)
osm-v1.2.0-linux-arm64.zip(16.86 MB)
osm-v1.2.0-windows-amd64.tar.gz(18.63 MB)
osm-v1.2.0-windows-amd64.zip(18.63 MB)
sha256sums.txt(953 bytes)
v1.2.0-rc.1(Jul 12, 2022)
Notable changes

OSM certificate provider is now configured using the new CRD, MeshRootCertificate

Custom trust domains (i.e. certificate CommonNames) are now supported

The authentication token used to configure the Hashicorp Vault certificate provider can now be passed in using a secretRef

Along with root certificate rotation we support custom trust domains, as well as rotating to new trust domains with no downtime.

Envoy has been updated to v1.22 and uses the envoyproxy/envoy-distroless image instead of the deprecated envoyproxy/envoy-alpine image.

This means that kubectl exec -c envoy ... -- sh will no longer work for the Envoy sidecar

Added support for Kubernetes 1.23 and 1.24

Rate limiting: Added capability to perform local per-instance rate limiting of TCP connections and HTTP requests.

Statefulsets and headless services have been fixed and work as expected

Breaking Changes

The following metrics no longer use the label common_name, due to the fact that the common name's trust domain can rotate. Instead 2 new labels, proxy_uuid and identity have been added.

osm_proxy_response_send_success_count

osm_proxy_response_send_error_count

osm_proxy_xds_request_count

Support for Kubernetes 1.20 and 1.21 has been dropped

Multi-arch installation supported by the Chart Helm by customizing the affinity and nodeSelector fields

CRD Updates

No CRD changes between tags v1.1.1 and v1.2.0-rc.1

Changelog

update release versions and image digests (#4886) d40f9b8cea95f6910487334ebc9544795a1e090d (steeling)

rename test files to include _test suffix (#4882) 3a7c924c9ebdedf9513220fc5d1c527b933f71b9 (steeling)

Modify release notes (#4865) 84e2bf17186140cf1e2301171910ac9cad83267e (Keith Mattix II)

Plumb trust domain through to helm chart (#4877) c0264ecc33d23cddc6993ef352e7ddc7a34b75f5 (Keith Mattix II)

Add GitHub Action to require size and kind labels (#4876) 4da737e20b5567f7b537c2822fd91290bd014503 (Thomas Stringer)

ref: use binary flag to enable use of MeshRootCertificate (#4871) aa1abf19209feba546fcce471e856ec5f90144a6 (Jackie Elliott)

test((benchmark): add Golang benchmark test cases c7036e71106957a15e8ac12d29e87ff8a9bc0baa (Allen Leigh)

small cert related changes. (#4870) fa17242a34b39d87b6555774795563aede46efaa (steeling)

Refactor Envoy bootstrap from BuildFromConfig() to Builder{}.Build() + health probe tests (#4858) 3bf989adef0b3dd617edcec3d1c56ec73d56ba0c (steeling)

Abstract webhook logic to prepare for rotating certificates (#4833) c8d7559b8303f8df8da52dcf8d050600d7826a3e (steeling)

Ignore CODEOWNERS and OWNERS for CI (#4867) 2b7c78113c0b42dea9846bacf4e4c542ce6eedfd (Thomas Stringer)

self-nominate steeling as a maintainer (#4824) 854edda7e20135649396e4fdf2b2ca730ade58e0 (steeling)

Add @keithmattix as a codeowner maintainer (#4861) 9d5e44242ca0171b1cf8347ec70bec112ead76ef (Thomas Stringer)

Don't allow envoy sidecar privilege escalation (#4860) 80de3bb5c1108ffc1964380dbe2573eef2af2497 (Keith Mattix II)

Fix MRC status (#4856) bb007fd301d570f2cbb4ea89f394025036913dfb (Keith Mattix II)

validator: validate HTTP rate limiting status code (#4857) 4a1b9938659cd0bbaa3870041e9084797ad9f841 (Shashank Ram)

release-notes: add rate limiting to v1.2 notes (#4859) 9222555e1c001fd432348f718ac2c5ca23f03264 (Shashank Ram)

Separate bootstrap building logic into the envoy/bootstrap package (#4838) 226ee6499208fb2871f77660208b778661db9652 (steeling)

Customize affinity, nodeSelectors and tolerations in values.yaml (#4842) 45b19ead429a3863d9921f72628d96ea9b5bec14 (Shalier Xia)

fix: update configClient call and logging (#4854) d970b249aa4a5ba4624a4bd9f4e2374a4ed0bab2 (Jackie Elliott)

feat(certs): get Vault token from Secret (#4753) baff85f1ff1bde9212a1a9addede3a25b90fe72c (Jackie Elliott)

Fix flaky e2e tests (#4844) 4a3d57da27b75dba7124c8e7af769f21dbf59641 (Keith Mattix II)

rate-limiting: add HTTP local rate limiting capability (#4846) f3966a3cfd1886056ad873110de3f9bbbe265f4b (Shashank Ram)

install: use friendlier defaults for egress and permissive mode (#4837) 8fd236e8e104279b4d951a32720e06f4257fd80a (steeling)

Update Kubernetes version testing (#4836) 831f0234acba4f16dc650546c22072794ab55712 (Thomas Stringer)

envoy: update to latest version and fix typed proto usage (#4834) 08c646bec77a56c466ca6a942bcad7aff717769e (Shashank Ram)

fix(certs): update checkAndRotate to use current durations (#4800) 28b32389bb8d792d2ac2f8ab8433b647a4a0926d (Jackie Elliott)

cli: Shows message for no meshes (#4738) 905005f779f0c372a3b018a3f693b6d124e81432 (mudit singh)

Fix failing e2es with GinkgoRecover and resolve CVE-2022-28948 (#4832) 8da8732bced2812f5c3ac72cfd672b64ddb1ce05 (Jackie Elliott)

cert: Use MRCs on startup (#4816) 30885c986a29bfcedb21c18425a1bf37357aa502 (Keith Mattix II)

start with a clean slate for future multicluster work (#4805) e3700d67751a98d09f3a40f45e5dfedc8e2a933f (steeling)

feat(certs): use State for MeshRootCertificate status (#4812) 46b71656841e52ba0a5a8763244f5bd8c916f55b (schristoff)

Leverage trust domain in issuing certs; remove TD from identity (#4782) 5ab34a3b7e9577265f86dadf12fc790775891ad8 (steeling)

doc: use lower case for "cloud native" (#4792) 8b1c3cceabf6134e0e13f410e92da7faaf46574f (mudit singh)

rate-limit: implement connection level local rate limiting (#4823) ac2786869c7fac7f21cdf82166be9f02de86ab38 (Shashank Ram)

cli: Improved error handling (#4808) 327b5b088a99ba6a096cc15089c2b4fe9bab59de (mudit singh)

envoy/cds: add nil check for ConnectionSettings (#4821) a5b37165c9d70dc9edfdd5eaa74f850beff3aaa6 (Shashank Ram)

ref(contributors): update contributor roles and requirements (#4776) 5ee33f31e01148f4b4c418d9f5fee75c46be578d (Shalier Xia)

envoy|catalog: use TrafficMatch to build inbound filter config (#4814) 3f7296990c2665098958c38afc87be952efe8db2 (Shashank Ram)

Resolve CVE-2022-31030 by upgrading containerd to v1.5.13 (#4813) c90f07ae5a192ac0b86f86a3d35aa14c347c1625 (Thomas Stringer)

(k8s/informers): use InformerCollection for other clients (#4804) 241e8ae27e8269bd2e51c98a135d748b30921ddb (Keith Mattix II)

rate-limiting: plumb config into inbound policies (#4807) 7046cf28d0b1e94214f07b9cd9350ecc6c0a05de (Shashank Ram)

Set (empty) trust domain on listener builder (#4802) 3061b05634c365d9cbc936f835549d7b7b615886 (steeling)

rate-limiting: add spec to UpstreamTrafficSetting CRD (#4803) 76ff532c76278aea9e8bec71801585e01bf3db04 (Shashank Ram)

k8s/informers: centralize informers to simplify code (#4801) 47c06ab0dad371ba51f1319b2127b552158cf456 (Keith Mattix II)

docs(README): move support to a community support file (#4785) 914e8f3d8cbbe316b3ea1211411c84e3afa33f5b (Zach Rhoads)

Remove unused code paths and switch the policy object to a policy builder (#4791) eb281e55d615eff5ff20f3729010ca965f56398a (steeling)

apis: add local rate limiting to UpstreamTrafficSetting (#4796) 1e73ba341d94b8a8118def5d332118a2a74855af (Shashank Ram)

docs(contrib): add security.md (#4722) 0ba8d42debafebebda9dc22978af53018290f0ca (schristoff)

Increase retry timeout cert-manager (#4795) 412fbcbe4fbae7d7ae6c140441bd5ad16dc69bbe (Niranjan Shankar)

ref(*): remove CN from *envoy.Proxy (#4773) c318b686e13bd63836f2e2abb92a9994b56558fa (steeling)

demo: Add scripts for Kafka demo (#4770) d3596c0c7bee331609ccdac7714c3dcdea4b5a81 (Keith Mattix II)

ref(certs): mrc ca handling (#4781) 6045fb7111f4a5ed614e34152b78ae1ddb4f8788 (Keith Mattix II)

feat(metrics): add osm_reconciliation_total metric (#4788) 7de17d7797b25e5bf5116e64aee017dd8e61c2da (Jon Huhn)

fix(e2e): add openshift SCC zookeeper (#4787) dd5ec72e5662d1c7a0dc54e2e42843b86ce381d6 (Niranjan Shankar)

feat(certs): add trust domain to mesh root certificate (#4767) c24012f334a5c506d9b9a737eb383d981a253abc (steeling)

Decouple certificate common name from proxy registry (#4763) 436e24f52e7e32e81feb34b408e614036f636e48 (steeling)

test(*): add retry policy e2e (#4600) 28ed5319897c3c5fefc34ab876517bebc11f8372 (Shalier Xia)

ref(ci): update actions/setup-go to v3 db7148222b62b837162370cde9839c185f46b594 (Jon Huhn)

ref(ci): run tests/scenarios as unit tests 6c38317181deec375be0d852cb64d4b5ee489b1e (Jon Huhn)

Decouple certificate common name from various components (#4759) ae53c47217409e8f9e75cd45e851a809b1e71bad (steeling)

Fix CVE-2022-28948 by patching gopkg.in/yaml.v3 (#4771) 324a1a72a222f3db8e3889d7eda7b1c9829bb4f8 (Thomas Stringer)

ref(e2e): move k8s version test config to CI 5ec3e75a13d43f6ac34c32f7bfd8036326707540 (Jon Huhn)

ref(ci): remove PR/push distinction in e2e tests f73b9af0698d0e71a99bffce1240384e9465a455 (Jon Huhn)

feat(certs): create MRC on install (#4747) 7ddd4d185e3715973860bed60eaf66b38ed68b29 (Jackie Elliott)

remove unused code paths (#4758) 27ab5a7266dd3ef24b60b104b6a576a57aff2f30 (steeling)

Add root path ingress e2e test (#4756) 15f0a18f5646b9ebedd61b8b637dc09ef3a61539 (Niranjan Shankar)

fix(vulnerability): patch runc security issue by upgrading to v1.1.2 (#4760) 21d3e60f04c11525d07f83d52e0cb244ec47b3dd (Thomas Stringer)

contrib: add guideline for design docs (#4757) a241cba677f1298c050aec03d30fcac9214830c0 (Shashank Ram)

feat(cert): cert rotation state management (#4743) ecc4e6713cc87a51a28bf2a1ed3d74a34b9c9d54 (steeling)

Feature/statefulsets: fix protocol detection for ports (#4752) 9b11d76e5583a74e56d07c57786cbe56bf9953c2 (Keith Mattix II)

remove head of line blocking from workerpool (#4648) d1ef8b13e09724cb0e501b9560904b29732f3618 (steeling)

cli/verifier: add control plane health probe checks (#4751) dd42d04b2dd1140975370ce1adb97aeb4ed989a4 (Shashank Ram)

(feat/statefulsets): MeshService API changes for Headless Services (#4704) 0af42df42c136e34639eb926c589ae0a5b0065ba (Keith Mattix II)

fix(demo): remove unneeded port-forward for bookstore (#4740) 3395da58f49df2ec50481c791a50345d322f51a3 (Jon Huhn)

ref(certs): use secretKeyRef for Vault token in MRC (#4736) 855776a1cd8aa448c92a9bec6dedac1069be3bc7 (Jackie Elliott)

cli/verifier: use pod status conditions for readiness check (#4749) 9ffa3d38c4c261df57bbbb3233f64f54bf68c9c2 (Shashank Ram)

ref(certs): unexport methods on cert manager (#4742) 21bc67dc31f4f8d235b32981708c6e0d2f7069a6 (steeling)

cli/verifier: add ingress verification (#4715) ec9b9f92379fe972a9e1363bcfbea5dfa6df7d6b (Keith Mattix II)

feat(certificate): create a compat layer for provider generation (#4718) 00bc36338dd1fea4171af5d87dbf6ed5a8a0229f (steeling)

feat(envoy): allow websocket upgrade for all http connections (#4741) 96e0879ee3246a08d9c8c3500a31342a9c6b1751 (Martin Andreas Ullrich)

cli/verifier: add control-plane-health command (#4734) fc638c334b607cc9f3987e75812c964df208e2f7 (Shashank Ram)

feat(api/MeshRootCertificate): add informer client (#4721) 5a885ef60653fb4c987c847b33ece14bad56dfba (Jackie Elliott)

chore(release): update chart version (#4730) 102baf57c514003f1a45d31d4b3dc78bdcbed602 (Jon Huhn)

cli/verifier: add cluster check for egress (#4729) 53a22380667a95ccf79fb75aff8a2c46e5f1b2a5 (Shashank Ram)

fix(demo): default USE_PRIVATE_REGISTRY to false (#4727) 6a5e6892480351a1cfa21fb0bca1098e6e2ddc80 (Jon Huhn)

refactor(cmd/cli): update uninstall cmd (#4664) 76d177f5b47ac1838f21c3307fbb838cbd64f564 (Shalier Xia)

egress: add cli verifier and rename traffic match (#4724) a6d71d2e7e6ac5c1703fadf0e29bbf575ad016bb (Shashank Ram)

policy: Updates retry policy API (#4627) 12780558e3e9b412b431143e2ac6e400dc119897 (Shalier Xia)

ref(cert): update Manager to support mult clients (#4705) a8330dca33af3e1c5fac326dbd6409322a613034 (Jackie Elliott)

cli/verifier: add stubs for egress checks (#4719) 87b709d4316cc6f83677653bbaa929f506df5447 (Shashank Ram)

cli/verifier: verify presence of secrets (#4714) 55bdb17d93d9a527db3bc51c3a64cc3da281aba2 (Shashank Ram)

Fix e2e_client_server_connectivity_test noInstall (#4708) 1e7d22a41f291c8b89fddcbcd5934dc416d0f937 (Niranjan Shankar)

refactor k8s root ca secret access (#4657) bd5247bcb4bb297f061f883ac0a8ea8e63632d00 (steeling)

ref(certs): refactor k8s root ca secret access (#4657) 896fb7af871e7dbf74d4bd27863ef0336105913a (steeling)

crds: add MeshRootCertificate CRD (#4687) 19eb1618a0904275d0d2052d96b296e78d39357a (Jackie Elliott)

docs(contrib): recommend not rewriting git history (#4709) 876579b9a779f83259fd042ba8cc89f919297330 (Jon Huhn)

bugreport: collect more ingress & control plane info (#4703) 13802e81d5af6c217ec95fb834370895dfcd9aff (Shashank Ram)

pkg/injector: Enable podIP proxying via meshconfig setting (#4701) 0ad92c9ae9a617617e99312f87bd2779715bfcf2 (Keith Mattix II)

add the last applied annotation to allow using kubectl apply on the mesh config (#4673) 63715c04ea86c7d03805cf5fdae961e7b7ce4e82 (steeling)

feat(injector): add list of ignored network interfaces (#4700) f922b5c21d2e657b85b5130fcc9fd14b22b8af0b (Jon Huhn)

cli/verifier: check presence of service cluster (#4695) ddd10e2c819d55133b9f2153d3032fa19e65dbb1 (Shashank Ram)

config/meshConfig: New localProxyMode field (#4686) 86690a3cece5a3e41c488980970cc622f77fa50c (Keith Mattix II)

feat(certificates) rework cert manager, integrate rotor (#4645) d4853664a5ee34dfaf7367b54822b307bd19d99e (schristoff)

fix(certificates): fail politely in tresor's cert issuer (#4696) ce2a0e5fccd294baae78cdf77640a3fe38d9b5a3 (schristoff)

cli/verifier: derive appProtocol from service (#4691) 77b4dd80462176224fb540330f9d77d164801d06 (Shashank Ram)

Support pod recreation for the kubectl debug command. (#4688) 0a1653e13222749591f93a5742d0cea6e3309ea5 (steeling)

cli/verifier: verify basic HTTP route configs (#4682) 24a494b2b5921ef63bb3dbe593ced37ffe36dfd2 (Shashank Ram)

Revert "config/meshConfig: New localProxyMode field (#4671)" (#4684) bc3ff995b616c77e7d21099d5339185665d92585 (Keith Mattix II)

config/meshConfig: New localProxyMode field (#4671) (#4680) a8a3dbbe45d80760103b9cb56420adfea753fb6b (steeling)

apis: add MeshRootCertificate API types (#4677) 455887d015e861f7ffaff6b82db2d621bcce1cb9 (Jackie Elliott)

ref(injector): load bootstrap SDS configuration from filesystem (#4635) 0163584e3d3d7bb730f3429e8967e03fbf7e5f50 (Jackie Elliott)

fix(doc): update release guide (#4661) 4f204ddb5ba2c074c9879a93457d6a66aed40a6c (Jon Huhn)

feat(metrics): add osm_events_queued metric (#4670) 4cd4f6af382548538fa451974e2a12c5d817cb4d (Jon Huhn)

config/meshConfig: New localProxyMode field (#4671) 966405b29161ee650d01a8c0ebaa5fe4ed324b79 (Keith Mattix II)

IngressBackend UpstreamTrafficSetting validations (#4640) a54b4048ca2778cbcf6700ed241086ceacb69fd6 (Keith Mattix II)

expose the version information via prometheus (#4679) 1faa13a769825b71cdd41632b36876b32b4688b8 (steeling)

fix: upgrade vulnerable library crypto (#4676) 1550133d9b5c2e7dcea61750f09a96796449ecd0 (allenlsy)

ref(test): migrate e2e app to Fortio (#4631) cf1395e3cf5a6f89a87c4b8eb3e4e8149b83fc5b (allenlsy)

cli/verifier: verify destination for connectivity config (#4672) f04a61397a005fb85f74179166fdb41d6d522e7c (Shashank Ram)

chore(release): Update Chart.yaml to use release v1.1 (#4662) 2f36980f85279ea8ddec80a261fe7bf76743648a (schristoff)

envoy/verifier: add source config checker (#4658) 82492c0b50cb701df50a401018c1cae363208765 (Shashank Ram)

update prometheus v2.34.0 (#4666) f021edde5d81b293f5318bb50bfc841f73381120 (Niranjan Shankar)

tests: move fakes to own sub-package (#4667) 5c966acb814130ca9334714ec4fa75351c4c41e1 (Shashank Ram)

Reword the README note about OSM's production readiness. (#4660) 46781f2bec6db4a6864ecc9ab9c2f0a532f96b40 (Thomas Stringer)

cli/verifier: add Envoy config dump parser (#4646) a918abff99a2106f913302db2fc8705651d2a72d (Shashank Ram)

ref(smi): remove unused kubeClient from smi client (#4643) 95a898f14608224361f4d6eefbeaa463e3f852c5 (Deepesh Pathak)

cli: add verify command (#4639) 9be0fa424290be851f70abe78a633925ae49fb00 (Shashank Ram)

Add --overwrite to kubectl label cmd in osm bootstrap (#4641) af50d175a650e2047b2f59f4604fc88923e1cb60 (Niranjan Shankar)

fix(ci): fix lint (#4629) 9ca8e413895937b8543547b777153a5474f1a2dd (Jon Huhn)

Source code(tar.gz)
Source code(zip)
osm-v1.2.0-rc.1-darwin-amd64.tar.gz(19.56 MB)
osm-v1.2.0-rc.1-darwin-amd64.zip(19.56 MB)
osm-v1.2.0-rc.1-darwin-arm64.tar.gz(19.81 MB)
osm-v1.2.0-rc.1-darwin-arm64.zip(19.80 MB)
osm-v1.2.0-rc.1-linux-amd64.tar.gz(18.37 MB)
osm-v1.2.0-rc.1-linux-amd64.zip(18.37 MB)
osm-v1.2.0-rc.1-linux-arm64.tar.gz(16.84 MB)
osm-v1.2.0-rc.1-linux-arm64.zip(16.83 MB)
osm-v1.2.0-rc.1-windows-amd64.tar.gz(18.60 MB)
osm-v1.2.0-rc.1-windows-amd64.zip(18.60 MB)
sha256sums.txt(1003 bytes)
v1.1.1(May 10, 2022)
Notable changes

A new spec.sidecar.localProxyMode field in the MeshConfig API allows users to specify whether traffic from Envoy sidecars to application containers is redirected via 127.0.0.1 (the previous behavior and current default) or the Pod's IP address

A new spec.traffic.networkInterfaceExclusionList field in the MeshConfig API allows users to specify names of network interfaces on Pods that should not have traffic proxied through Envoy sidecars

The installed MeshConfig resource can now be updated with kubectl apply

Breaking changes

None

Deprecation notes

None

CRD Updates

No CRD changes between tags v1.1.0 and v1.1.1

Changelog

chore(release): cut v1.1.1 (#4728) 407bbedd5edb6ff9f1f51a4cabb95bedeb567312 (Jon Huhn)

Release v1.1.1-rc.1 (#4720) 0171d845868db052094b986a408bdab5f9a617c4 (Keith Mattix II)

Fix e2e_client_server_connectivity_test noInstall (#4708) 2cb3ee95deeb2c5922e8eea4f7840b18c7a6b18b (Niranjan Shankar)

pkg/injector: Enable podIP proxying via meshconfig setting (#4701) cbdcfe10e3b29b54e20ddd504eb7b0771f7105c0 (Keith Mattix II)

add the last applied annotation to allow using kubectl apply on the mesh config (#4673) 868c13203e6f377af4ebe5b697a853b054142615 (steeling)

feat(injector): add list of ignored network interfaces (#4700) 79eef29c8876ca15f050dd4f0593faf8d22310f0 (Jon Huhn)

config/meshConfig: New localProxyMode field (#4686) 5a2902246031456ce672d0638fafe6ef7edab7b8 (Keith Mattix II)

Revert "config/meshConfig: New localProxyMode field (#4671)" (#4684) e9ae62109db09fcefd4f6674dcdee28a825bb4a1 (Keith Mattix II)

config/meshConfig: New localProxyMode field (#4671) (#4680) 134d5e2dfd937ffa407d0eae36428fe3b1539dbe (steeling)

apis: add MeshRootCertificate API types (#4677) 1ca81b3a372c75156300ee49e1c7ed990a4d1232 (Jackie Elliott)

fix(doc): update release guide (#4661) e26305c6c34256f3cd2c4acf6be8bb34c55c7742 (Jon Huhn)

config/meshConfig: New localProxyMode field (#4671) 63786fd0fe88dce1084332cfe02bc8212f185627 (Keith Mattix II)

fix: upgrade vulnerable library crypto (#4676) 6089ff7ec7f059d1f213f5f883b504faf8f0c4bc (allenlsy)

Source code(tar.gz)
Source code(zip)
osm-v1.1.1-darwin-amd64.tar.gz(17.39 MB)
osm-v1.1.1-darwin-amd64.zip(17.39 MB)
osm-v1.1.1-darwin-arm64.tar.gz(17.38 MB)
osm-v1.1.1-darwin-arm64.zip(17.38 MB)
osm-v1.1.1-linux-amd64.tar.gz(16.45 MB)
osm-v1.1.1-linux-amd64.zip(16.45 MB)
osm-v1.1.1-linux-arm64.tar.gz(14.99 MB)
osm-v1.1.1-linux-arm64.zip(14.99 MB)
osm-v1.1.1-windows-amd64.tar.gz(16.66 MB)
osm-v1.1.1-windows-amd64.zip(16.65 MB)
sha256sums.txt(953 bytes)
v1.1.1-rc.1(May 4, 2022)
Notable changes

A new spec.sidecar.localProxyMode field in the MeshConfig API allows users to specify whether traffic from Envoy sidecars to application containers is redirected via 127.0.0.1 (the previous behavior and current default) or the Pod's IP address

A new spec.traffic.networkInterfaceExclusionList field in the MeshConfig API allows users to specify names of network interfaces on Pods that should not have traffic proxied through Envoy sidecars

The installed MeshConfig resource can now be updated with kubectl apply

Breaking changes

None

Deprecation notes

None

CRD Updates

No CRD changes between tags v1.1.0 and v1.1.1-rc.1

Changelog

Release v1.1.1-rc.1 (#4720) 0171d845868db052094b986a408bdab5f9a617c4 (Keith Mattix II)

Fix e2e_client_server_connectivity_test noInstall (#4708) 2cb3ee95deeb2c5922e8eea4f7840b18c7a6b18b (Niranjan Shankar)

pkg/injector: Enable podIP proxying via meshconfig setting (#4701) cbdcfe10e3b29b54e20ddd504eb7b0771f7105c0 (Keith Mattix II)

add the last applied annotation to allow using kubectl apply on the mesh config (#4673) 868c13203e6f377af4ebe5b697a853b054142615 (steeling)

feat(injector): add list of ignored network interfaces (#4700) 79eef29c8876ca15f050dd4f0593faf8d22310f0 (Jon Huhn)

config/meshConfig: New localProxyMode field (#4686) 5a2902246031456ce672d0638fafe6ef7edab7b8 (Keith Mattix II)

Revert "config/meshConfig: New localProxyMode field (#4671)" (#4684) e9ae62109db09fcefd4f6674dcdee28a825bb4a1 (Keith Mattix II)

config/meshConfig: New localProxyMode field (#4671) (#4680) 134d5e2dfd937ffa407d0eae36428fe3b1539dbe (steeling)

apis: add MeshRootCertificate API types (#4677) 1ca81b3a372c75156300ee49e1c7ed990a4d1232 (Jackie Elliott)

fix(doc): update release guide (#4661) e26305c6c34256f3cd2c4acf6be8bb34c55c7742 (Jon Huhn)

config/meshConfig: New localProxyMode field (#4671) 63786fd0fe88dce1084332cfe02bc8212f185627 (Keith Mattix II)

fix: upgrade vulnerable library crypto (#4676) 6089ff7ec7f059d1f213f5f883b504faf8f0c4bc (allenlsy)

Source code(tar.gz)
Source code(zip)
osm-v1.1.1-rc.1-darwin-amd64.tar.gz(17.39 MB)
osm-v1.1.1-rc.1-darwin-amd64.zip(17.39 MB)
osm-v1.1.1-rc.1-darwin-arm64.tar.gz(17.38 MB)
osm-v1.1.1-rc.1-darwin-arm64.zip(17.38 MB)
osm-v1.1.1-rc.1-linux-amd64.tar.gz(16.45 MB)
osm-v1.1.1-rc.1-linux-amd64.zip(16.45 MB)
osm-v1.1.1-rc.1-linux-arm64.tar.gz(14.99 MB)
osm-v1.1.1-rc.1-linux-arm64.zip(14.99 MB)
osm-v1.1.1-rc.1-windows-amd64.tar.gz(16.66 MB)
osm-v1.1.1-rc.1-windows-amd64.zip(16.65 MB)
sha256sums.txt(1003 bytes)
v1.1.0(Apr 14, 2022)
Notable changes

Circuit breaking support for traffic directed to in-mesh and external destinations

Breaking changes

The following changes are not backward compatible with the previous release.

The osm_proxy_response_send_success_count and osm_proxy_response_send_error_count metrics are now labeled with the proxy certificate's common name and XDS type, so queries to match the previous equivalent need to sum for all values of each of those labels.

Deprecation notes

The following capabilities have been deprecated and cannot be used.

The osm_injector_injector_sidecar_count and osm_injector_injector_rq_time metrics have been removed. The osm_admission_webhook_response_total and osm_http_response_duration metrics should be used instead.

OSM will no longer support installation on Kubernetes version v1.19.

CRD Updates

No CRD changes between tags v1.0.0 and v1.1.0

Changelog

cut v1.1.0 (#4652) a23afae930033c22438008c1f730f13c7408d951 (schristoff)

cli/verifier: add Envoy config dump parser (#4646) 71fea3ecacce236d9629d8edeb8e5aad8aa50550 (Shashank Ram)

ref(smi): remove unused kubeClient from smi client (#4643) 273e51210ff3dce21560ba2ba2ad1beb7f69fbab (Deepesh Pathak)

cli: add verify command (#4639) 119879259a9ea7a81d24a0e714d4b5eaa944b429 (Shashank Ram)

Add overwrite label osm bootstrap (#4642) 1b94fbfd53055403fcf09ec71ced55b79fd50bdb (Niranjan Shankar)

fix(ci): fix lint (#4633) ed4b4288eb6a071c588a27ae0b071c63e3c99ae6 (Jon Huhn)

chore(release): cut v1.1.0-rc.1 (#4630) 2820d82edca796e1449610ba63031640f694247c (schristoff)

ref(cert): refactor tresor (#4626) 30e53621b6895b0eb0d8ded24a7fb10226a38004 (schristoff)

envoy: fix misleading comment (#4628) 6247f2f09ce041815066b9461dc6695090d2a19d (Shashank Ram)

feat(log): add access log to TCP listener (#4625) bd7e61dfe46ed73493da0d4a4ed61db4b7cf4e0b (allenlsy)

feat(certificates) rework vault certificate provider (#4596) d1100a865251fa2797f9da5ff31d720538b1a26a (schristoff)

Decouple Conversion Patch and CRD Reconciler (#4612) 8bae12f7186d3bf7709951ba8c37e68e569f30c8 (Keith Mattix II)

ref(webhook): remove leaf cert from webhook cabundles (#4603) 9ecf16b641a7c585c859d9f9df3b43c0bdf070c2 (Jackie Elliott)

ref(cli): refactor version subcommand to search all namespaces (#4611) a0d81ccb64b7a55eed7fd271b2bbe3974349e682 (Shalier Xia)

doc: add environments.md (#4593) f10a3cc7ebb08ab94bf7092fb356d1182740df90 (Zach Rhoads)

apis/UpstreamTrafficSetting: allow setting status (#4615) b6ff0e7db6b443e025000ea20df03dc32937c95f (Shashank Ram)

docs: update release notes for v1.1.0 (#4614) cd2c815846a898beb218b3313951cd3d5d672b25 (Shashank Ram)

k8s/version: drop v1.19 support and bump CI version (#4607) 97c6395bd4057988333a9af858283af5f7cb1718 (Shashank Ram)

feat(metrics): add conversion webhook metrics (#4606) 0f3651674698667a19286fc34952f9421aa709ec (Jon Huhn)

ref(crdconvert): respond with errors from all requested resources (#4601) aaa7f3044d9227e1f03fd736990a4b38e72e38fa (Jon Huhn)

owners: add @trstringer as a codeowner maintainer (#4604) 6bda5c3a34bf20ed33b3479ae554665d0f882f67 (Shashank Ram)

feat(metrics): generalize admission webhook metrics (#4597) 02e6d7d7c7e673eec63befe9a02ce7ae19ae1031 (Jon Huhn)

apis: correct comments for UpstreamTrafficSetting (#4605) 2f483d2d8596b57687345b7ed0c7378479e13906 (Shashank Ram)

feat(ads): xDS response add TLS config (#4582) 7e0674c37af343c8526061393be7e9ebc75328b8 (allenlsy)

fix(logs): add missing Msg calls to logs (#4599) eec706d0efad79f9c2e121a0e2378aa9952d938f (Jon Huhn)

Allow custom image names for OSM Helm chart (#4595) f0c6def82bf7ae148b41e652047bcc32e53e4d63 (Shalier Xia)

egress: add UpstreamTrafficSetting support (#4594) 7ecd8e9ef4f781dac9bf881a4de2d4c50ebd8b8a (Shashank Ram)

feat(certificates) begin to abstract the cert manager patterns (#4580) caaa189c1f5b0977745db21cae5087000d15a2d7 (steeling)

chore: show release version in Grafana boards (#4529) dafba7b258d6785645affbba9944e44d808da173 (Johnson Shi)

feat(metrics): add cn/type labels to xds response metrics (#4590) b3b202d94647c8cd5c3dba805d94a6e3ca15a366 (Jon Huhn)

feat(metrics): add proxy rejected max connections metric (#4589) 177531653500bcfd4d42b99c6267baa4df5d5091 (Jon Huhn)

configurator: only watch required MeshConfig (#4587) b7a4a3b69532513f1c41cfd8fb50927962a3fab3 (Shashank Ram)

policy: implement UpstreamTrafficSetting API (#4585) fe0495700de0ba796f196cbcff63b70cecfde254 (Shashank Ram)

feat(metrics): add proxy XDS request metric (#4584) cc4361709e128f864bb78bc1e2598aaf5899c4ab (Jon Huhn)

feat(metrics): add feature flag metrics (#4581) 269a1b82a718fe42ac94f3385b78e7bc2ff71a92 (Jon Huhn)

feat(sidecar): add tls protocol version and cipher suites config to (#4418) c7fead4b7ab56cabf4bb9b9263def9e26d20c147 (allenlsy)

feat(metrics): add HTTP response metrics (#4578) 797a2971ba56d8d616240884cdc7ae33c912cee0 (Jon Huhn)

owners: clarify non-codeowner maintainer (#4579) cc4652851d04e41913389a5321c688939691541a (Shashank Ram)

doc: Remove reference to closed SMI metrics support issue (#4566) 87a8d74e02e827b118a5f45dfd478ea603b522ad (mudit singh)

owners: mirror code owners file (#4577) 1de0388f0b345018ef60cd2c68b65fc53b68ff96 (Shashank Ram)

doc: Update links in docs (#4519) e972a05ad5f78567a4b0061d38923d1620760da5 (allenlsy)

Upgrade docker distribution to v2.8.0 (#4571) c522ed19cccabfa0b93ae5f5accacf6993bba81a (Thomas Stringer)

Upgrade containerd to v1.5.10 (#4570) 1dc6bfd69449d52599134588316e0a3bab57f82c (Thomas Stringer)

crd/conversion: only patch CRDs needing conversion (#4569) 1d92058ded7367c1d7feba1a614b6dee3bf6d099 (Shashank Ram)

envoy: update go-control-plane version (#4567) 7acf583a20c5a4008ec4d2d07661435b081d70b0 (Shashank Ram)

envoy: update to v1.19.3 (#4564) 2d5d06559b62dae39fab3f8f047c4b026715f6fc (Shashank Ram)

add darwin and linux arm64 support (#4553) 73f7e06c3f7fdf542209e2ad21211636238615d3 (timbo)

fix(healthprobes): add support for TCPSocket probes (#4558) 6acc95394e087f87d809bf8f821490d49fb6bead (Jackie Elliott)

fix(scripts): remove bash 4.0 dependency in coverage script (#4561) f83b8a789648c20ed2e9b583622b66a0ab79fd16 (Jon Huhn)

contrib/ladder: remove duplicate approvers section (#4560) cbd6a4c9aac856d5259be5118999f28a9f331456 (Shashank Ram)

Create release process documentation (#4557) ebd1de51cdd38ada30d5460b5a6a12c8a210475b (Thomas Stringer)

(feature): update kind-registry port forwarding (#4554) 28e3409cd29c45b2e85ae313cfe3d6ae50a1a691 (schristoff)

ci: Use GitHub action checkout@v2 (#4542) edd9ea76246f8f9f673de2db30be1eadef232a18 (Delyan Raychev)

api/UpstreamTrafficSetting: add informer client (#4550) 0c9628ff13dd1211b47bb5f59a952dba1c09b4d3 (Shashank Ram)

ref(ptypes): update deprecated ptypes functions (#4544) c52865e227aa9a95a0022e476289dc0b0a0edac9 (Jackie Elliott)

doc: Updated broken link (#4549) f640ecbf2b858f6025fbc81e1e460438f13504ef (mudit singh)

feat(certificate): Remove the Certificater interface in favor of a struct. (#4536) 37d2e4ffae16c3a5e21ab05282db23eb91c8eed1 (steeling)

crds: add UpstreamTrafficSetting CRD (#4547) cf5223ce1e5d47fa3d26ac3435d69dedc4df5ff3 (Shashank Ram)

charts(osm-*): add pod and node affinities to control plane pods (#4527) 9b268d05e98bd91cc90c23d7aac0e4a9941341c1 (Sanya Kochhar)

cli: Remove metrics annotation from namespaces removed from the mesh (#4539) 774eb8382af51406b777d065b77873ac5fc5bf4b (mudit singh)

ref(install): remove redundant checks (#4543) ef48caf2d0014c47905cc30c30c322e9c19235d8 (Jon Huhn)

envoy/ads: Simplify unit test (#4538) 544483d4d70264b4ced893f13a1ff0d4f7d5b343 (Delyan Raychev)

ref(install): move namespace controller check to chart (#4540) 1a3d38b61400c5692fa0ba1ed090e82535e75de7 (Jon Huhn)

apis: add UpstreamTrafficSetting API types (#4535) 9b67c22e76e6735311b625bf87f1b9e70458e993 (Shashank Ram)

ref(install): move enforceSingleMesh validation to chart (#4522) 5c5fcf8026dcc5fc810a44ee57667dda3e243b13 (Jon Huhn)

feat(ads) implement a logger for the snapshot cache (#4520) c3b673959b170fdb5a656aa3da818dfccd49024c (steeling)

ref(build): update image scanning (#4517) b42c9a2968f6aa7f8018b4a0e8512499ce81a190 (Jon Huhn)

ref(chart): push vault validation to chart (#4513) e507ca96d31496ba22f182324b3a9f984057f3a8 (Jon Huhn)

docs: updated link to project board (#4510) 1f299bcda0dae415591a576cbc231793ab84caf8 (mudit singh)

feat(viz): control-plane timings viz improvements (#4481) cc0ebeb2fc663ad0ddf29d59c25046b301c2dfbc (Johnson Shi)

fix(cli): uninstall mesh force flag description (#4507) 68dbb7ec819d9232f0858ca18c04393653cb0c51 (Johnson Shi)

fix(cmd/cli): Show single-mesh-enforced warning (#4503) cff645bfea9e2a576fbeb556c4d464bf8c218d05 (Shalier Xia)

feat(*): add retry policy (#4476) 0d75c93df5b1939aecb64e66fdb31d8c5e47c417 (Shalier Xia)

chore(chart): bump chart version to 1.0.0 (#4508) df42849a6a3af4941316c9f41474765a67c62192 (Jon Huhn)

chore(cleanup): remove cleanup script (#4506) 09860016359c4301579224175aa628fd2aba27f1 (Sanya Kochhar)

Collect bug report for e2e failures (#4504) 47db02018fe749e73f8c65bec5efbc1a271ed654 (Niranjan Shankar)

fix(injector): make init container pullPolicy configurable (#4505) 755d80a2a77b32aaae007f28ad838a910e304ba3 (Jon Huhn)

injector: add support to configure IP range inclusions (#4498) 3367f498369d4dade800dbb21c9c4256126d4f1d (Shashank Ram)

use single command to uninstall mesh and cluster wide resources (#4491) fe48a44f76d606cc620038b3de1ef6406757d1bf (Sneha Chhabria)

crdconversion: handle MeshConfig optional field (#4497) 1e0072e7431a51d8cb9f29570b04ee50e7bed47b (Shashank Ram)

fix(e2e): isolate upgrade test (#4494) 0923046fcbd300194ef3a0d5848f2f2a13d06810 (Jon Huhn)

If ignore label exist don`t add namespace (#4473) e350bc06c29626942142e175fffc4430d6b7408b (mudit singh)

feat(mockgen): improve error messaging; add ability to run one mockgen (#4493) fb5f9dff6765fe811231ae539c4a94453c7ecdb2 (steeling)

injector: support pod specific IP range exclusions (#4488) 252a3151df1effcf598719397d17834e838f9c65 (Shashank Ram)

chore(pkg/catalog): Remove unused variable (#4487) 3b342010cbecd90e63aff304788a32a6b7109e00 (Shalier Xia)

feat(cli): latest verion availability notification on osm version (#4416) 7158a8c0abfc5fb879ec3dfb11984a33b7eead9e (Jackie Elliott)

ref(cert): remove expiration field from osm-ca-bundle secret data (#4472) 0c0d99fa546d0507f855648d91ff3f8301eb243e (Jackie Elliott)

Add a message for both stale and closed issues and PRs (#4486) b6a32c26cc4746262651e0e16ece6eaba2e9a6d7 (Thomas Stringer)

tests: remove kubectl dependency for namespace info (#4485) 38495544cd0bb2df16a9c88a8a4bf638b7ef093b (Shashank Ram)

injector: simplify port exclusion code (#4484) 2802cb1c2f5e3313b911848b7546b9231c2e9385 (Shashank Ram)

Uninstall mesh command won`t prompt if mesh is non-existent (#4463) d95ebc93dd66bcc17dbe5bc5885df7544d1a6479 (mudit singh)

Add documentation on certificate management internals (#4465) 76eb3690c9367ee16c7ee42edddee552804766d1 (Thomas Stringer)

Fixed typo (#4482) ede74c0264950c3a4108cd1e57ab18642a885484 (mudit singh)

fix(e2e): specify pullPolicy for upgrade test (#4478) 0b08eb6ae0398f87a463a28df1cd8401da916cf3 (Jon Huhn)

github: exempt milestone items from going stale (#4483) 35e66c289a4f6e03ab2fc95662c5d48c03d3febf (Thomas Stringer)

GitHub Action to daily (at midnight) label issues and PRs that have had (#4480) a45d223998f562a4972f3d5b1cba5d74071b7eec (Thomas Stringer)

configurator: remove ip/port exclusion APIs (#4479) 7b9ac17cabb37b78679291b240268f6d42b4029e (Shashank Ram)

configurator: simplify MeshConfig API (#4475) a8fc477c9ffce85a758d5a6d2709a66719bf9cb7 (Shashank Ram)

apis: use config.openservicemesh.io/v1alpha2 (#4421) e45d28a6751599c01b77b52971004d30d4d05de0 (Shashank Ram)

tests/framework: wait for deletion and dump namespace (#4471) a0c9a86e8ff3ff8fa77346f915375dc16ff444e2 (Shashank Ram)

charts/cleanup-hook: fix CRD reset logic (#4468) 657e9f7296b4be32a9725a75f6dffcab88100c5c (Shashank Ram)

chore(github): add docs to checklist in pr template (#4464) 6c2848546693d281bbaf2c92e0a0e1a9fd8598f0 (Sanya Kochhar)

chore(tracing): allow multi-span tracing in demo application (#4456) f423a826bd523062696f371501fb25d50b7e6251 (allenlsy)

fix(grafana): remove hardcoded control plane namespace (#4454) ec0da63a08ef61515130d7d5cdabbc3e454ff3af (Jackie Elliott)

docs: remove demo manifests required by website (#4455) 2da68702a902931f8783e65f359e9e67d7b58920 (Shashank Ram)

bug(*): Fix memory targetAverageUtilization 4c265a17eb0eed18576abb2d76fbcce4970ac9ed (Shalier Xia)

fix(cli): do not throw error for osm version when no control plane (#4433) 95fb342000f4e98159bb54b3a65af7fbe8a783da (Jackie Elliott)

[reconciler]: fix label assignment on mwhc (#4431) c7675e5335464a28a3eedf0ca701383b5c27e537 (Sneha Chhabria)

crd-conversion: fix webhook port number (#4424) a70d654e64352340cc60fa77efc4d8460153492d (Shashank Ram)

meshConfig: add validation for ingressgateway certificate (#4422) 1a2d41e71ec388043c3ce0a4b676246b4b3d7078 (Sneha Chhabria)

codeowners: add @jaellio as an approver (#4423) 09af567e6203c77175895539b3c003597d8801b1 (Shashank Ram)

contributing: update maintainer requirement (#4415) 5e29c530aead7f91c74e357f7dcb5d82702e9f49 (Shashank Ram)

ref(build): build all images with buildx (#4402) 54376b6a24c1d325ace32192711458ee0865a823 (Jon Huhn)

build: update to Go 1.17 (#4410) 89b56617ec212becdce2aa34c83c8b7919b6490d (Eng Zer Jun)

fix security vulnerabilities in dependencies (#4413) ce6d63d20f3f34199d5ab3fd1a307bee1941985a (Sneha Chhabria)

chore(route): Refactor buildRoute() by reducing parameters (#4407) d7e830903436aed3a09911aff59ea64e042e4811 (Shalier Xia)

validator: validate ingress backend source kind (#4412) 26f78790a93ffec775e84f0d2548c688ceedaaf8 (Shashank Ram)

injector: allow redirection of app traffic to itself (#4411) 97fac56fb9eac631e1a54e7598e48ace3f304b13 (Shashank Ram)

ref(*): stepping down as maintainer (#4400) 0f4fecdd36bb055034cea789cf85c83fe821ea87 (Edu Serra)

add ingress information to bug report 0e0fc95308f83d55b6099a43e45c794e0a608896 (Thomas Stringer)

feat(cli): add remote version to osm version output (#4395) 718517c2806b2a8cab2f3729ca0930d90428b999 (Jackie Elliott)

Corrected spelling mistake (#4392) 01013d76364596003e73945755a71a092791732e (mudit singh)

ref(*): stepping down as maintainer b12128933136887dfb8011d774eff5639f79496a (Michelle Noorali)

rename environment variables for images 5da4e398979634680588625c104888ba27bee740 (Thomas Stringer)

remove image defaults from preset mesh config and CRD and allow the ability to specify the images through environment variables 95469049aab365c975e959ad0bb3344c032372ac (Thomas Stringer)

fix(cli): set sidecar injection annotation to disabled 0faa1912e04f7372e7244bd1a8877f3f9da80df1 (jaellio)

injector: rename iptables chains for clarity (#4379) 8dccabbf98d4187d7072b2145b1e280d45303f6d (Shashank Ram)

ref(k8s): remove IsMetricsEnabled from Controller a1718afeb698acf71eb601d236b6c1da67a56e5f (Jon Huhn)

injector: make iptable rules idempotent (#4373) fe85f60d38fffeb65cb47abfc5dbdbf4d273e91c (Shashank Ram)

ref(k8s): remove K8sServiceToMeshServices from Controller 6d3ff70b11b6911430f2a5b80c397b34e3cb12ec (Jon Huhn)

fix(ingress): increase timeout for TestHandleCertificateChange f417098113fd42095806f361b3747749a51f076c (jaellio)

add ability for bug-report to get previous logs for control plane containers if they have been restarted 9926bc6e09832b672a50da0ab8f3562f158496ab (Thomas Stringer)

Add bug-report ability to collect control plane logs (#4365) 81b5265489ee890b976e999b9a4ef96d25b23c70 (Thomas Stringer)

fix(e2e): update upgrade test 2227135b51b6b1de8a0f4a76ab8e9e549c7da4ba (Jon Huhn)

fix(ci): fix image scan 4cf968783b1b0350da2e07816222c0c228a5c6d4 (Jon Huhn)

injector: skip injection when pod belongs to host network (#4360) 0fcedaa7024b8fb8481ca60dacf5ce2066702d3d (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v1.1.0-darwin-amd64.tar.gz(17.07 MB)
osm-v1.1.0-darwin-amd64.zip(17.07 MB)
osm-v1.1.0-darwin-arm64.tar.gz(17.05 MB)
osm-v1.1.0-darwin-arm64.zip(17.05 MB)
osm-v1.1.0-linux-amd64.tar.gz(16.15 MB)
osm-v1.1.0-linux-amd64.zip(16.15 MB)
osm-v1.1.0-linux-arm64.tar.gz(14.72 MB)
osm-v1.1.0-linux-arm64.zip(14.72 MB)
osm-v1.1.0-windows-amd64.tar.gz(16.35 MB)
osm-v1.1.0-windows-amd64.zip(16.35 MB)
sha256sums.txt(953 bytes)
v1.1.0-rc.1(Apr 4, 2022)
Notable changes

Circuit breaking support for traffic directed to in-mesh and external destinations

Breaking changes

The following changes are not backward compatible with the previous release.

The osm_proxy_response_send_success_count and osm_proxy_response_send_error_count metrics are now labeled with the proxy certificate's common name and XDS type, so queries to match the previous equivalent need to sum for all values of each of those labels.

Deprecation notes

The following capabilities have been deprecated and cannot be used.

The osm_injector_injector_sidecar_count and osm_injector_injector_rq_time metrics have been removed. The osm_admission_webhook_response_total and osm_http_response_duration metrics should be used instead.

OSM will no longer support installation on Kubernetes version v1.19.

CRD Updates

No CRD changes between tags v1.0.0 and v1.1.0-rc.1

Changelog

chore(release): cut v1.1.0-rc.1 (#4630) 2820d82edca796e1449610ba63031640f694247c (schristoff)

ref(cert): refactor tresor (#4626) 30e53621b6895b0eb0d8ded24a7fb10226a38004 (schristoff)

envoy: fix misleading comment (#4628) 6247f2f09ce041815066b9461dc6695090d2a19d (Shashank Ram)

feat(log): add access log to TCP listener (#4625) bd7e61dfe46ed73493da0d4a4ed61db4b7cf4e0b (allenlsy)

feat(certificates) rework vault certificate provider (#4596) d1100a865251fa2797f9da5ff31d720538b1a26a (schristoff)

Decouple Conversion Patch and CRD Reconciler (#4612) 8bae12f7186d3bf7709951ba8c37e68e569f30c8 (Keith Mattix II)

ref(webhook): remove leaf cert from webhook cabundles (#4603) 9ecf16b641a7c585c859d9f9df3b43c0bdf070c2 (Jackie Elliott)

ref(cli): refactor version subcommand to search all namespaces (#4611) a0d81ccb64b7a55eed7fd271b2bbe3974349e682 (Shalier Xia)

doc: add environments.md (#4593) f10a3cc7ebb08ab94bf7092fb356d1182740df90 (Zach Rhoads)

apis/UpstreamTrafficSetting: allow setting status (#4615) b6ff0e7db6b443e025000ea20df03dc32937c95f (Shashank Ram)

docs: update release notes for v1.1.0 (#4614) cd2c815846a898beb218b3313951cd3d5d672b25 (Shashank Ram)

k8s/version: drop v1.19 support and bump CI version (#4607) 97c6395bd4057988333a9af858283af5f7cb1718 (Shashank Ram)

feat(metrics): add conversion webhook metrics (#4606) 0f3651674698667a19286fc34952f9421aa709ec (Jon Huhn)

ref(crdconvert): respond with errors from all requested resources (#4601) aaa7f3044d9227e1f03fd736990a4b38e72e38fa (Jon Huhn)

owners: add @trstringer as a codeowner maintainer (#4604) 6bda5c3a34bf20ed33b3479ae554665d0f882f67 (Shashank Ram)

feat(metrics): generalize admission webhook metrics (#4597) 02e6d7d7c7e673eec63befe9a02ce7ae19ae1031 (Jon Huhn)

apis: correct comments for UpstreamTrafficSetting (#4605) 2f483d2d8596b57687345b7ed0c7378479e13906 (Shashank Ram)

feat(ads): xDS response add TLS config (#4582) 7e0674c37af343c8526061393be7e9ebc75328b8 (allenlsy)

fix(logs): add missing Msg calls to logs (#4599) eec706d0efad79f9c2e121a0e2378aa9952d938f (Jon Huhn)

Allow custom image names for OSM Helm chart (#4595) f0c6def82bf7ae148b41e652047bcc32e53e4d63 (Shalier Xia)

egress: add UpstreamTrafficSetting support (#4594) 7ecd8e9ef4f781dac9bf881a4de2d4c50ebd8b8a (Shashank Ram)

feat(certificates) begin to abstract the cert manager patterns (#4580) caaa189c1f5b0977745db21cae5087000d15a2d7 (steeling)

chore: show release version in Grafana boards (#4529) dafba7b258d6785645affbba9944e44d808da173 (Johnson Shi)

feat(metrics): add cn/type labels to xds response metrics (#4590) b3b202d94647c8cd5c3dba805d94a6e3ca15a366 (Jon Huhn)

feat(metrics): add proxy rejected max connections metric (#4589) 177531653500bcfd4d42b99c6267baa4df5d5091 (Jon Huhn)

configurator: only watch required MeshConfig (#4587) b7a4a3b69532513f1c41cfd8fb50927962a3fab3 (Shashank Ram)

policy: implement UpstreamTrafficSetting API (#4585) fe0495700de0ba796f196cbcff63b70cecfde254 (Shashank Ram)

feat(metrics): add proxy XDS request metric (#4584) cc4361709e128f864bb78bc1e2598aaf5899c4ab (Jon Huhn)

feat(metrics): add feature flag metrics (#4581) 269a1b82a718fe42ac94f3385b78e7bc2ff71a92 (Jon Huhn)

feat(sidecar): add tls protocol version and cipher suites config to (#4418) c7fead4b7ab56cabf4bb9b9263def9e26d20c147 (allenlsy)

feat(metrics): add HTTP response metrics (#4578) 797a2971ba56d8d616240884cdc7ae33c912cee0 (Jon Huhn)

owners: clarify non-codeowner maintainer (#4579) cc4652851d04e41913389a5321c688939691541a (Shashank Ram)

doc: Remove reference to closed SMI metrics support issue (#4566) 87a8d74e02e827b118a5f45dfd478ea603b522ad (mudit singh)

owners: mirror code owners file (#4577) 1de0388f0b345018ef60cd2c68b65fc53b68ff96 (Shashank Ram)

doc: Update links in docs (#4519) e972a05ad5f78567a4b0061d38923d1620760da5 (allenlsy)

Upgrade docker distribution to v2.8.0 (#4571) c522ed19cccabfa0b93ae5f5accacf6993bba81a (Thomas Stringer)

Upgrade containerd to v1.5.10 (#4570) 1dc6bfd69449d52599134588316e0a3bab57f82c (Thomas Stringer)

crd/conversion: only patch CRDs needing conversion (#4569) 1d92058ded7367c1d7feba1a614b6dee3bf6d099 (Shashank Ram)

envoy: update go-control-plane version (#4567) 7acf583a20c5a4008ec4d2d07661435b081d70b0 (Shashank Ram)

envoy: update to v1.19.3 (#4564) 2d5d06559b62dae39fab3f8f047c4b026715f6fc (Shashank Ram)

add darwin and linux arm64 support (#4553) 73f7e06c3f7fdf542209e2ad21211636238615d3 (timbo)

fix(healthprobes): add support for TCPSocket probes (#4558) 6acc95394e087f87d809bf8f821490d49fb6bead (Jackie Elliott)

fix(scripts): remove bash 4.0 dependency in coverage script (#4561) f83b8a789648c20ed2e9b583622b66a0ab79fd16 (Jon Huhn)

contrib/ladder: remove duplicate approvers section (#4560) cbd6a4c9aac856d5259be5118999f28a9f331456 (Shashank Ram)

Create release process documentation (#4557) ebd1de51cdd38ada30d5460b5a6a12c8a210475b (Thomas Stringer)

(feature): update kind-registry port forwarding (#4554) 28e3409cd29c45b2e85ae313cfe3d6ae50a1a691 (schristoff)

ci: Use GitHub action checkout@v2 (#4542) edd9ea76246f8f9f673de2db30be1eadef232a18 (Delyan Raychev)

api/UpstreamTrafficSetting: add informer client (#4550) 0c9628ff13dd1211b47bb5f59a952dba1c09b4d3 (Shashank Ram)

ref(ptypes): update deprecated ptypes functions (#4544) c52865e227aa9a95a0022e476289dc0b0a0edac9 (Jackie Elliott)

doc: Updated broken link (#4549) f640ecbf2b858f6025fbc81e1e460438f13504ef (mudit singh)

feat(certificate): Remove the Certificater interface in favor of a struct. (#4536) 37d2e4ffae16c3a5e21ab05282db23eb91c8eed1 (steeling)

crds: add UpstreamTrafficSetting CRD (#4547) cf5223ce1e5d47fa3d26ac3435d69dedc4df5ff3 (Shashank Ram)

charts(osm-*): add pod and node affinities to control plane pods (#4527) 9b268d05e98bd91cc90c23d7aac0e4a9941341c1 (Sanya Kochhar)

cli: Remove metrics annotation from namespaces removed from the mesh (#4539) 774eb8382af51406b777d065b77873ac5fc5bf4b (mudit singh)

ref(install): remove redundant checks (#4543) ef48caf2d0014c47905cc30c30c322e9c19235d8 (Jon Huhn)

envoy/ads: Simplify unit test (#4538) 544483d4d70264b4ced893f13a1ff0d4f7d5b343 (Delyan Raychev)

ref(install): move namespace controller check to chart (#4540) 1a3d38b61400c5692fa0ba1ed090e82535e75de7 (Jon Huhn)

apis: add UpstreamTrafficSetting API types (#4535) 9b67c22e76e6735311b625bf87f1b9e70458e993 (Shashank Ram)

ref(install): move enforceSingleMesh validation to chart (#4522) 5c5fcf8026dcc5fc810a44ee57667dda3e243b13 (Jon Huhn)

feat(ads) implement a logger for the snapshot cache (#4520) c3b673959b170fdb5a656aa3da818dfccd49024c (steeling)

ref(build): update image scanning (#4517) b42c9a2968f6aa7f8018b4a0e8512499ce81a190 (Jon Huhn)

ref(chart): push vault validation to chart (#4513) e507ca96d31496ba22f182324b3a9f984057f3a8 (Jon Huhn)

docs: updated link to project board (#4510) 1f299bcda0dae415591a576cbc231793ab84caf8 (mudit singh)

feat(viz): control-plane timings viz improvements (#4481) cc0ebeb2fc663ad0ddf29d59c25046b301c2dfbc (Johnson Shi)

fix(cli): uninstall mesh force flag description (#4507) 68dbb7ec819d9232f0858ca18c04393653cb0c51 (Johnson Shi)

fix(cmd/cli): Show single-mesh-enforced warning (#4503) cff645bfea9e2a576fbeb556c4d464bf8c218d05 (Shalier Xia)

feat(*): add retry policy (#4476) 0d75c93df5b1939aecb64e66fdb31d8c5e47c417 (Shalier Xia)

chore(chart): bump chart version to 1.0.0 (#4508) df42849a6a3af4941316c9f41474765a67c62192 (Jon Huhn)

chore(cleanup): remove cleanup script (#4506) 09860016359c4301579224175aa628fd2aba27f1 (Sanya Kochhar)

Collect bug report for e2e failures (#4504) 47db02018fe749e73f8c65bec5efbc1a271ed654 (Niranjan Shankar)

fix(injector): make init container pullPolicy configurable (#4505) 755d80a2a77b32aaae007f28ad838a910e304ba3 (Jon Huhn)

injector: add support to configure IP range inclusions (#4498) 3367f498369d4dade800dbb21c9c4256126d4f1d (Shashank Ram)

use single command to uninstall mesh and cluster wide resources (#4491) fe48a44f76d606cc620038b3de1ef6406757d1bf (Sneha Chhabria)

crdconversion: handle MeshConfig optional field (#4497) 1e0072e7431a51d8cb9f29570b04ee50e7bed47b (Shashank Ram)

fix(e2e): isolate upgrade test (#4494) 0923046fcbd300194ef3a0d5848f2f2a13d06810 (Jon Huhn)

If ignore label exist don`t add namespace (#4473) e350bc06c29626942142e175fffc4430d6b7408b (mudit singh)

feat(mockgen): improve error messaging; add ability to run one mockgen (#4493) fb5f9dff6765fe811231ae539c4a94453c7ecdb2 (steeling)

injector: support pod specific IP range exclusions (#4488) 252a3151df1effcf598719397d17834e838f9c65 (Shashank Ram)

chore(pkg/catalog): Remove unused variable (#4487) 3b342010cbecd90e63aff304788a32a6b7109e00 (Shalier Xia)

feat(cli): latest verion availability notification on osm version (#4416) 7158a8c0abfc5fb879ec3dfb11984a33b7eead9e (Jackie Elliott)

ref(cert): remove expiration field from osm-ca-bundle secret data (#4472) 0c0d99fa546d0507f855648d91ff3f8301eb243e (Jackie Elliott)

Add a message for both stale and closed issues and PRs (#4486) b6a32c26cc4746262651e0e16ece6eaba2e9a6d7 (Thomas Stringer)

tests: remove kubectl dependency for namespace info (#4485) 38495544cd0bb2df16a9c88a8a4bf638b7ef093b (Shashank Ram)

injector: simplify port exclusion code (#4484) 2802cb1c2f5e3313b911848b7546b9231c2e9385 (Shashank Ram)

Uninstall mesh command won`t prompt if mesh is non-existent (#4463) d95ebc93dd66bcc17dbe5bc5885df7544d1a6479 (mudit singh)

Add documentation on certificate management internals (#4465) 76eb3690c9367ee16c7ee42edddee552804766d1 (Thomas Stringer)

Fixed typo (#4482) ede74c0264950c3a4108cd1e57ab18642a885484 (mudit singh)

fix(e2e): specify pullPolicy for upgrade test (#4478) 0b08eb6ae0398f87a463a28df1cd8401da916cf3 (Jon Huhn)

github: exempt milestone items from going stale (#4483) 35e66c289a4f6e03ab2fc95662c5d48c03d3febf (Thomas Stringer)

GitHub Action to daily (at midnight) label issues and PRs that have had (#4480) a45d223998f562a4972f3d5b1cba5d74071b7eec (Thomas Stringer)

configurator: remove ip/port exclusion APIs (#4479) 7b9ac17cabb37b78679291b240268f6d42b4029e (Shashank Ram)

configurator: simplify MeshConfig API (#4475) a8fc477c9ffce85a758d5a6d2709a66719bf9cb7 (Shashank Ram)

apis: use config.openservicemesh.io/v1alpha2 (#4421) e45d28a6751599c01b77b52971004d30d4d05de0 (Shashank Ram)

tests/framework: wait for deletion and dump namespace (#4471) a0c9a86e8ff3ff8fa77346f915375dc16ff444e2 (Shashank Ram)

charts/cleanup-hook: fix CRD reset logic (#4468) 657e9f7296b4be32a9725a75f6dffcab88100c5c (Shashank Ram)

chore(github): add docs to checklist in pr template (#4464) 6c2848546693d281bbaf2c92e0a0e1a9fd8598f0 (Sanya Kochhar)

chore(tracing): allow multi-span tracing in demo application (#4456) f423a826bd523062696f371501fb25d50b7e6251 (allenlsy)

fix(grafana): remove hardcoded control plane namespace (#4454) ec0da63a08ef61515130d7d5cdabbc3e454ff3af (Jackie Elliott)

docs: remove demo manifests required by website (#4455) 2da68702a902931f8783e65f359e9e67d7b58920 (Shashank Ram)

bug(*): Fix memory targetAverageUtilization 4c265a17eb0eed18576abb2d76fbcce4970ac9ed (Shalier Xia)

fix(cli): do not throw error for osm version when no control plane (#4433) 95fb342000f4e98159bb54b3a65af7fbe8a783da (Jackie Elliott)

[reconciler]: fix label assignment on mwhc (#4431) c7675e5335464a28a3eedf0ca701383b5c27e537 (Sneha Chhabria)

crd-conversion: fix webhook port number (#4424) a70d654e64352340cc60fa77efc4d8460153492d (Shashank Ram)

meshConfig: add validation for ingressgateway certificate (#4422) 1a2d41e71ec388043c3ce0a4b676246b4b3d7078 (Sneha Chhabria)

codeowners: add @jaellio as an approver (#4423) 09af567e6203c77175895539b3c003597d8801b1 (Shashank Ram)

contributing: update maintainer requirement (#4415) 5e29c530aead7f91c74e357f7dcb5d82702e9f49 (Shashank Ram)

ref(build): build all images with buildx (#4402) 54376b6a24c1d325ace32192711458ee0865a823 (Jon Huhn)

build: update to Go 1.17 (#4410) 89b56617ec212becdce2aa34c83c8b7919b6490d (Eng Zer Jun)

fix security vulnerabilities in dependencies (#4413) ce6d63d20f3f34199d5ab3fd1a307bee1941985a (Sneha Chhabria)

chore(route): Refactor buildRoute() by reducing parameters (#4407) d7e830903436aed3a09911aff59ea64e042e4811 (Shalier Xia)

validator: validate ingress backend source kind (#4412) 26f78790a93ffec775e84f0d2548c688ceedaaf8 (Shashank Ram)

injector: allow redirection of app traffic to itself (#4411) 97fac56fb9eac631e1a54e7598e48ace3f304b13 (Shashank Ram)

ref(*): stepping down as maintainer (#4400) 0f4fecdd36bb055034cea789cf85c83fe821ea87 (Edu Serra)

add ingress information to bug report 0e0fc95308f83d55b6099a43e45c794e0a608896 (Thomas Stringer)

feat(cli): add remote version to osm version output (#4395) 718517c2806b2a8cab2f3729ca0930d90428b999 (Jackie Elliott)

Corrected spelling mistake (#4392) 01013d76364596003e73945755a71a092791732e (mudit singh)

ref(*): stepping down as maintainer b12128933136887dfb8011d774eff5639f79496a (Michelle Noorali)

rename environment variables for images 5da4e398979634680588625c104888ba27bee740 (Thomas Stringer)

remove image defaults from preset mesh config and CRD and allow the ability to specify the images through environment variables 95469049aab365c975e959ad0bb3344c032372ac (Thomas Stringer)

fix(cli): set sidecar injection annotation to disabled 0faa1912e04f7372e7244bd1a8877f3f9da80df1 (jaellio)

injector: rename iptables chains for clarity (#4379) 8dccabbf98d4187d7072b2145b1e280d45303f6d (Shashank Ram)

ref(k8s): remove IsMetricsEnabled from Controller a1718afeb698acf71eb601d236b6c1da67a56e5f (Jon Huhn)

injector: make iptable rules idempotent (#4373) fe85f60d38fffeb65cb47abfc5dbdbf4d273e91c (Shashank Ram)

ref(k8s): remove K8sServiceToMeshServices from Controller 6d3ff70b11b6911430f2a5b80c397b34e3cb12ec (Jon Huhn)

fix(ingress): increase timeout for TestHandleCertificateChange f417098113fd42095806f361b3747749a51f076c (jaellio)

add ability for bug-report to get previous logs for control plane containers if they have been restarted 9926bc6e09832b672a50da0ab8f3562f158496ab (Thomas Stringer)

Add bug-report ability to collect control plane logs (#4365) 81b5265489ee890b976e999b9a4ef96d25b23c70 (Thomas Stringer)

fix(e2e): update upgrade test 2227135b51b6b1de8a0f4a76ab8e9e549c7da4ba (Jon Huhn)

fix(ci): fix image scan 4cf968783b1b0350da2e07816222c0c228a5c6d4 (Jon Huhn)

injector: skip injection when pod belongs to host network (#4360) 0fcedaa7024b8fb8481ca60dacf5ce2066702d3d (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v1.1.0-rc.1-darwin-amd64.tar.gz(14.10 MB)
osm-v1.1.0-rc.1-darwin-amd64.zip(14.10 MB)
osm-v1.1.0-rc.1-darwin-arm64.tar.gz(13.85 MB)
osm-v1.1.0-rc.1-darwin-arm64.zip(13.85 MB)
osm-v1.1.0-rc.1-linux-amd64.tar.gz(13.44 MB)
osm-v1.1.0-rc.1-linux-amd64.zip(13.44 MB)
osm-v1.1.0-rc.1-linux-arm64.tar.gz(12.16 MB)
osm-v1.1.0-rc.1-linux-arm64.zip(12.17 MB)
osm-v1.1.0-rc.1-windows-amd64.tar.gz(13.61 MB)
osm-v1.1.0-rc.1-windows-amd64.zip(13.60 MB)
sha256sums.txt(1003 bytes)
v1.0.0(Feb 1, 2022)
Notable changes

New internal control plane event management framework to handle changes to the Kubernetes cluster and policies

Validations to reject/ignore invalid SMI TrafficTarget resources

Control plane memory utilization improvements

Support for TCP server-first protocols for in-mesh traffic

Updates to Grafana dashboards to reflect accurate metrics

OSM control plane images are now multi-architecture, built for linux/amd64 and linux/arm64

Breaking changes

The following changes are not backward compatible with the previous release.

Top level Helm chart keys are renamed from OpenServiceMesh to osm

osm mesh upgrade no longer carries over values from previous releases. Use the --set flag on osm mesh upgrade to pass values as needed. The --container-registry and --osm-image-tag flags have also been removed in favor of --set.

Deprecation notes

The following capabilities have been deprecated and cannot be used.

Kubernetes Ingress API to configure a service mesh backend to authorize ingress traffic. OSM's IngressBackend API must be used to authorize ingress traffic between an ingress gateway and service mesh backend.

CRD Updates

No CRD changes between tags v0.11.1 and v1.0.0

Changelog

chore(release): cut v1.0.0 (#4474) 26886c4f16ae5cc92ddfe4c62c87cd82f1cd965c (Jon Huhn)

charts/cleanup-hook: fix CRD reset logic (#4468) (#4470) 22e4501157664635044a3ce07234862bac025b5b (mergify[bot])

chore(release): cut v1.0.0-rc.4 6dcba54fe68c6e1455af374e4f070408e07cfcc2 (Jon Huhn)

fix(grafana): remove hardcoded control plane namespace (#4454) (#4460) 568e165ba3a0528eb3a490c98c7e3a4106f7fa42 (Jackie Elliott)

[backport] bug(*): Fix memory targetAverageUtilization (#4459) f76562b0c95bd00ee4aa8a1721f3f2d37c3b5c46 (Shalier Xia)

fix(cli): do not throw error for osm version when no control plane (#4433) (#4457) 8c87b8acae52c539e4fe54491a3bebdd5d2d0134 (Jackie Elliott)

[reconciler]: fix label assignment on mwhc (#4431) (#4432) c764eed4a9ee487e1131916e6dce133a75ceebc3 (mergify[bot])

meshConfig: add validation for ingressgateway certificate (#4422) (#4426) a21f56749e04899cb23a3a67b2c78396cf9d08a6 (mergify[bot])

crd-conversion: fix webhook port number (#4424) 4e5f5740497329afe0c8f38febac550e1b9a9018 (Shashank Ram)

chore(release): cut v1.0.0-rc.3 abbb048472218a9ed1e68e60d64bc8219912d9e4 (Jon Huhn)

contributing: update maintainer requirement (#4415) 99d7ed5d711aecf0adbbf5a4c31f1affeb5bfc8f (Shashank Ram)

ref(build): build all images with buildx (#4402) 4fe1c64494e91da87789af24708757c24fd85a5d (Jon Huhn)

build: update to Go 1.17 (#4410) dddd8de684ec8e7e320e174d687901e3a0aeed9b (Eng Zer Jun)

fix security vulnerabilities in dependencies (#4413) 0360d14aff2890be562622a4f226d039274be11d (Sneha Chhabria)

chore(route): Refactor buildRoute() by reducing parameters (#4407) 1c9f7c5961fb22d43d6a7a023b9bf9903d0cb5c6 (Shalier Xia)

add ingress information to bug report 6ed8486d0a8aaf04024c2c5814dda3778ff4043f (Thomas Stringer)

validator: validate ingress backend source kind (#4412) 04f70627af7b9863317c7f3e62ef9ee7fe2387d9 (Shashank Ram)

injector: allow redirection of app traffic to itself (#4411) 3f7db6e1dfd411a1010c9bfbc108d3e4c611192b (Shashank Ram)

ref(*): stepping down as maintainer (#4400) bed1c6b7fdab7cbc8692a51aabb509490d6c7c10 (Edu Serra)

feat(cli): add remote version to osm version output (#4395) a1a4aff2ece8f38b16fe55b0fd39a26236cc6e8e (Jackie Elliott)

ref(*): stepping down as maintainer 287cc95b11a37b47665f089580ea21a0dc3a2fed (Michelle Noorali)

Corrected spelling mistake (#4392) a70ae96e3cd6e68edaa7628a7aecf60b20417b1b (mudit singh)

rename environment variables for images d93e1aba080ad2e9f5cf79da09ae5b66ecdbffb4 (Thomas Stringer)

remove image defaults from preset mesh config and CRD and allow the ability to specify the images through environment variables fa64db528934d9dad2789cc55a6c38d53a0b71b2 (Thomas Stringer)

fix(cli): set sidecar injection annotation to disabled 442d0620f8ed3b4141ddf7ac463796c8834ba060 (jaellio)

injector: rename iptables chains for clarity (#4379) 2b93d98addafea9d228111a04f84d0f333e907aa (Shashank Ram)

ref(k8s): remove IsMetricsEnabled from Controller c61bf1703f80a7d694d9b3464cfc356d05092734 (Jon Huhn)

injector: make iptable rules idempotent (#4373) 07c27573b475f309925c5d684c2cd3528eccb3d1 (Shashank Ram)

ref(k8s): remove K8sServiceToMeshServices from Controller 2ca6b5ca7ad52f1aa1c91f86acba0fe55f73d642 (Jon Huhn)

fix(ingress): increase timeout for TestHandleCertificateChange 52e596cd4ed0ddc9ed5f6bc6b29b8544e7272781 (jaellio)

add ability for bug-report to get previous logs for control plane containers if they have been restarted 660a0c8d73605f8f06403544a89ba051a32f6a4e (Thomas Stringer)

Add bug-report ability to collect control plane logs (#4365) 9048b024bfdf142194fe21d88fb903dae302d107 (Thomas Stringer)

injector: skip injection when pod belongs to host network (#4360) 1d3c236f6d89ec2826fdd1434cb37a2f041f6774 (Shashank Ram)

chore(release): cut v1.0.0-rc.2 6549c52d4d87381fe178c740ed8da54d45f0d9c3 (Jon Huhn)

fix(ci): fix image scan a386088e200eb0df7403fcf85dc9fd9a798a1b1c (Jon Huhn)

fix(init): set init container level security context (#4346) 626967b4a098c5d652951f6d0f685e16a65b28ce (Sanya Kochhar)

Remove avg and max envoy update time metrics from grafana dashboard and resolves #3987 8e72beb12766800fe0a48c200376631fe5d9ea4f (Shalier Xia)

fix failure typos in webhook creators e6784a24ad60bc3eae1d49c6eea05c621c2b6bf8 (Thomas Stringer)

Typo fix for dev guide README (#4347) 7297153a4c6339b60b7cc0a566e6febd49a7895f (Bridget Kromhout)

Updated figure link 29e05744f669d2a7d422d394fcdf9f5f9bcb1436 (mudit singh)

feat(hpa): Adds memory targetAverageUtilization (#4217) 701d1c37fb0391afb89a22fe73d0dbba995d5549 (Shalier Xia)

messaging: trigger proxy update when feature flag is toggled (#4345) 52e13ade170c101d072b27dc370143ac4ce99b6b (Shashank Ram)

fix(upgrade): handle removed values ad3b63e3c1e7a2a976395cfa932e01faf39ac421 (Jon Huhn)

fix(grafana): add version to dashboard descriptions 55bc0aee6ea4944df0638be49a07c6fb8c1f96da (jaellio)

fix(grafana): update grafana version in dashboards (#4337) 78a992785c591e0ccf5140c431993d6e04c819e7 (Jackie Elliott)

docs: add release notes doc (#4338) 277ffc2fb5bb61a88cb4beed9db7bd5c3cad5c63 (Shashank Ram)

ref(tcp): support tcp-server-first inside the mesh f6c14d6282af1fa77f4fc62a8f8e72c4d311d2e5 (Jon Huhn)

fix(grafana): remove irate from active connection query caf00900d5a62dc338a558384eae397a923d0902 (jaellio)

chore(release): update instructions for updating release version references 280cb44ba94b125043b40c8a46e4cba0500748fb (jaellio)

codeowners: expand approvers to be explicit 1b3827340da77376c9f540b465b5ac954b482084 (Shashank Ram)

update curl command for init containers 1f958714755be9424127940094e7bc284a54c76d (Sneha Chhabria)

feat(cli): add uninstall cluster-wide-resources cmd 65c0c6d0d50c803c8ca73d3c246d6e8545a5ae6f (Johnson Shi)

docs(demo): update manual demo manifests 3bf839045ba4f816f2c07e5bb44d828bbed0bb34 (Jon Huhn)

fix(maestro): update pod readiness checks db9613adc73c039f0fbd301a715cc32f9dc2d9f1 (Jon Huhn)

fix(grafana): use osm_request_duration_ms for latency graphs 659f5ed8e4c995797dbeef0bd2f4f77c05b88887 (jaellio)

chore(grafana): update Grafana version 675f2e2db10fa783102ea4a99de9ab174baf6a42 (jaellio)

tests/e2e: skip traffic split selector test for OpenShift (#4320) cfc96d1333a3ccb524ac692d238d9ec9b61343d5 (Shashank Ram)

Fixed development guide broken link (#4322) 4a40b33356efbb82429308ccca25f72071e4f057 (mudit singh)

ref(charts) updatea top OpenServiceMesh key to osm (#4317) 92c0719f2836cdd723ace48cd58f9ca697418edd (Michelle Noorali)

ingress: fix typos (#4319) e7b78aaadb09ed6c4519b3d9bf467893d4b446b1 (Thomas Stringer)

chore(ci): create release on nightly tags 323e58c4dd223fc67848670be057d038e011ac00 (Jon Huhn)

parameterize all images used in helm charts 1dfa5ec7933b14bec6561ad47d75ed5f5593b9b1 (Sneha Chhabria)

docs: update release notes workflow (#4311) 30a2f05b14087e187b2f3b6855cf0e7b913d4a9d (Shashank Ram)

Add bug report feature to get all pod data in the mesh with the --all parameter (#4310) 91dca3e52641a92f5267409ab546360f8c9d193d (Thomas Stringer)

docs/samples: add manifests for canary demo (#4308) 8f92c9d07533f420d14d42f9061c8bc89eb08108 (Shashank Ram)

catalog: allow root service selector to match backend pods (#4303) d9baef65244dbab9d117e57cfcc3285d57971405 (Shashank Ram)

demo: use default namespace if unset (#4304) 43cd0fe2093aaa65dfebd290e1ec6c00bff6a267 (Shashank Ram)

Update default code approvers (#4305) 31f70a93271d481f950d99cc3254ff07559ca083 (Shashank Ram)

fix(vulnerability): Update github.com/ulikunitz/xz version 8c26e09529d7080265239cfef97e51db6a02ac15 (Sneha Chhabria)

ref(cli): mv uninstall -> uninstall mesh command (#4283) 76365f5cbbf777511fbbd9fc338fe9e4508cd5fa (Michelle Noorali)

Removing a namespace also removes ignore flag (#4288) 1c16017900f42a36f8cb44999fc8692b38a74d9a (Clarence Bakirtzidis)

ref(build): remove need for helm dependency update 8267fe8d0efa427132ddfd9ca8ff440e95a1a8dc (Jon Huhn)

chore(release): update chart version to v0.11.1 40d3b1a70768be4025aa05a70e26e383167a66fd (Sneha Chhabria)

fix(demo): fail gracefully when /books-bought receives no POST data 481149dd505f3130921f557aaf3daabb641581b7 (Jon Huhn)

fix(cli): fix uninstall cmd not showing smi info (#4235) 22c1b4d851d907eadc7b54fd179b9d275cbefe22 (Johnson Shi)

fix(MeshConfig): Remove omitEmpty from bool values in the meshconfig db5eb69154a4d263fff75fbcaa7572ca780d88fc (Sneha Chhabria)

ingress: deprecate k8s ingress API usage (#4285) e9ec05f5152b5e090af46b4d9c0d24fa578ca1c4 (Shashank Ram)

fix(osm-crds): use busybox base image daa6c0ea027b992afac15d81445b680a299a1a8c (Jon Huhn)

CI/codeql: fix indent (#4287) c653a2a5e38cef33d49b7d4d2729a77b0c879126 (Shashank Ram)

CI/codeql: cache Go module and build dependencies (#4286) bfb96031113390272c68600bf3cf2ab047f01029 (Shashank Ram)

go/deps: update Helm to v3.7.1 (#4277) 263ab54b0d659aa07e66ed18b395c01a6006abd4 (Jackie Elliott)

CI: skip Go codeql action for docs (#4276) 77ae2184f8c32b9ecef4e38f1bfe23e4905f4896 (Shashank Ram)

docs/examples: add tcp-echo manifest (#4275) 48b9150654efe2f75910a804e3cc593f66b3261b (Shashank Ram)

Removes namespace label from metric. b00c17a12bd3380b230529d767824d4c9028091a (jaellio)

Updates namespace counter inline and removes goroutine. c9a82ffb181057ac0a2a696c6046ec135f3737fc (jaellio)

feat(metrics): monitored namespaces prometheus metric ceb6044a59ca522143e3eec65fc4f3f73e3e169c (jaellio)

fix(pre-release): Update image scan in pre-release workflow 7cbff92d8f8ee4bffb36874b53f4a81dddd553d1 (Sneha Chhabria)

messaging/proxy: avoid unnecessary proxy broadcasts (#4265) 99f64e79378a21c8035abdf026882325c7c3c684 (Shashank Ram)

fix(pre-release): fix indentation in pre-release workflow b68b667ef48aa0f2c4b61dd155fa1506fdb00cc6 (Sneha Chhabria)

charts(cleanup): delete secrets on cleanup 449ed6252f6c30b4bc85eeea76f8c19caf2ee1ac (Sanya Kochhar)

charts(cleanup): delete secrets on cleanup 1d8a51f52b8d254ff5bd3c4e489d1ccb70f35672 (Sanya Kochhar)

chore(release): update appVersion and version images 435f914bd4a92236b1a291d93e664f219f9390ef (jaellio)

chore(release): update version to v1.0.0-rc.1 0c779c5d9daf7954ff799ae2f970ed90fb4008af (jaellio)

Source code(tar.gz)
Source code(zip)
osm-v1.0.0-darwin-amd64.tar.gz(14.04 MB)
osm-v1.0.0-darwin-amd64.zip(14.04 MB)
osm-v1.0.0-linux-amd64.tar.gz(13.38 MB)
osm-v1.0.0-linux-amd64.zip(13.38 MB)
osm-v1.0.0-windows-amd64.tar.gz(13.54 MB)
osm-v1.0.0-windows-amd64.zip(13.54 MB)
sha256sums.txt(573 bytes)
v1.0.0-rc.4(Jan 19, 2022)
Notable changes

New internal control plane event management framework to handle changes to the Kubernetes cluster and policies

Validations to reject/ignore invalid SMI TrafficTarget resources

Control plane memory utilization improvements

Support for TCP server-first protocols for in-mesh traffic

Updates to Grafana dashboards to reflect accurate metrics

OSM control plane images are now multi-architecture, built for linux/amd64 and linux/arm64

Breaking changes

The following changes are not backward compatible with the previous release.

Top level Helm chart keys are renamed from OpenServiceMesh to osm

osm mesh upgrade no longer carries over values from previous releases. Use the --set flag on osm mesh upgrade to pass values as needed. The --container-registry and --osm-image-tag flags have also been removed in favor of --set.

Deprecation notes

The following capabilities have been deprecated and cannot be used.

Kubernetes Ingress API to configure a service mesh backend to authorize ingress traffic. OSM's IngressBackend API must be used to authorize ingress traffic between an ingress gateway and service mesh backend.

CRD Updates

No CRD changes between tags v1.0.0-rc.3 and v1.0.0-rc.4

Changelog

chore(release): cut v1.0.0-rc.4 6dcba54fe68c6e1455af374e4f070408e07cfcc2 (Jon Huhn)

fix(grafana): remove hardcoded control plane namespace (#4454) (#4460) 568e165ba3a0528eb3a490c98c7e3a4106f7fa42 (Jackie Elliott)

[backport] bug(*): Fix memory targetAverageUtilization (#4459) f76562b0c95bd00ee4aa8a1721f3f2d37c3b5c46 (Shalier Xia)

fix(cli): do not throw error for osm version when no control plane (#4433) (#4457) 8c87b8acae52c539e4fe54491a3bebdd5d2d0134 (Jackie Elliott)

[reconciler]: fix label assignment on mwhc (#4431) (#4432) c764eed4a9ee487e1131916e6dce133a75ceebc3 (mergify[bot])

meshConfig: add validation for ingressgateway certificate (#4422) (#4426) a21f56749e04899cb23a3a67b2c78396cf9d08a6 (mergify[bot])

crd-conversion: fix webhook port number (#4424) 4e5f5740497329afe0c8f38febac550e1b9a9018 (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v1.0.0-rc.4-darwin-amd64.tar.gz(14.04 MB)
osm-v1.0.0-rc.4-darwin-amd64.zip(14.04 MB)
osm-v1.0.0-rc.4-linux-amd64.tar.gz(13.38 MB)
osm-v1.0.0-rc.4-linux-amd64.zip(13.38 MB)
osm-v1.0.0-rc.4-windows-amd64.tar.gz(13.54 MB)
osm-v1.0.0-rc.4-windows-amd64.zip(13.54 MB)
sha256sums.txt(603 bytes)
v1.0.0-rc.3(Jan 10, 2022)
Notable changes

New internal control plane event management framework to handle changes to the Kubernetes cluster and policies

Validations to reject/ignore invalid SMI TrafficTarget resources

Control plane memory utilization improvements

Support for TCP server-first protocols for in-mesh traffic

Updates to Grafana dashboards to reflect accurate metrics

OSM control plane images are now multi-architecture, built for linux/amd64 and linux/arm64

Breaking changes

The following changes are not backward compatible with the previous release.

Top level Helm chart keys are renamed from OpenServiceMesh to osm

osm mesh upgrade no longer carries over values from previous releases. Use the --set flag on osm mesh upgrade to pass values as needed. The --container-registry and --osm-image-tag flags have also been removed in favor of --set.

Deprecation notes

The following capabilities have been deprecated and cannot be used.

Kubernetes Ingress API to configure a service mesh backend to authorize ingress traffic. OSM's IngressBackend API must be used to authorize ingress traffic between an ingress gateway and service mesh backend.

CRD Updates

No CRD changes between tags v1.0.0-rc.2 and v1.0.0-rc.3

Changelog

chore(release): cut v1.0.0-rc.3 abbb048472218a9ed1e68e60d64bc8219912d9e4 (Jon Huhn)

contributing: update maintainer requirement (#4415) 99d7ed5d711aecf0adbbf5a4c31f1affeb5bfc8f (Shashank Ram)

ref(build): build all images with buildx (#4402) 4fe1c64494e91da87789af24708757c24fd85a5d (Jon Huhn)

build: update to Go 1.17 (#4410) dddd8de684ec8e7e320e174d687901e3a0aeed9b (Eng Zer Jun)

fix security vulnerabilities in dependencies (#4413) 0360d14aff2890be562622a4f226d039274be11d (Sneha Chhabria)

chore(route): Refactor buildRoute() by reducing parameters (#4407) 1c9f7c5961fb22d43d6a7a023b9bf9903d0cb5c6 (Shalier Xia)

add ingress information to bug report 6ed8486d0a8aaf04024c2c5814dda3778ff4043f (Thomas Stringer)

validator: validate ingress backend source kind (#4412) 04f70627af7b9863317c7f3e62ef9ee7fe2387d9 (Shashank Ram)

injector: allow redirection of app traffic to itself (#4411) 3f7db6e1dfd411a1010c9bfbc108d3e4c611192b (Shashank Ram)

ref(*): stepping down as maintainer (#4400) bed1c6b7fdab7cbc8692a51aabb509490d6c7c10 (Edu Serra)

feat(cli): add remote version to osm version output (#4395) a1a4aff2ece8f38b16fe55b0fd39a26236cc6e8e (Jackie Elliott)

ref(*): stepping down as maintainer 287cc95b11a37b47665f089580ea21a0dc3a2fed (Michelle Noorali)

Corrected spelling mistake (#4392) a70ae96e3cd6e68edaa7628a7aecf60b20417b1b (mudit singh)

rename environment variables for images d93e1aba080ad2e9f5cf79da09ae5b66ecdbffb4 (Thomas Stringer)

remove image defaults from preset mesh config and CRD and allow the ability to specify the images through environment variables fa64db528934d9dad2789cc55a6c38d53a0b71b2 (Thomas Stringer)

fix(cli): set sidecar injection annotation to disabled 442d0620f8ed3b4141ddf7ac463796c8834ba060 (jaellio)

injector: rename iptables chains for clarity (#4379) 2b93d98addafea9d228111a04f84d0f333e907aa (Shashank Ram)

ref(k8s): remove IsMetricsEnabled from Controller c61bf1703f80a7d694d9b3464cfc356d05092734 (Jon Huhn)

injector: make iptable rules idempotent (#4373) 07c27573b475f309925c5d684c2cd3528eccb3d1 (Shashank Ram)

ref(k8s): remove K8sServiceToMeshServices from Controller 2ca6b5ca7ad52f1aa1c91f86acba0fe55f73d642 (Jon Huhn)

fix(ingress): increase timeout for TestHandleCertificateChange 52e596cd4ed0ddc9ed5f6bc6b29b8544e7272781 (jaellio)

add ability for bug-report to get previous logs for control plane containers if they have been restarted 660a0c8d73605f8f06403544a89ba051a32f6a4e (Thomas Stringer)

Add bug-report ability to collect control plane logs (#4365) 9048b024bfdf142194fe21d88fb903dae302d107 (Thomas Stringer)

injector: skip injection when pod belongs to host network (#4360) 1d3c236f6d89ec2826fdd1434cb37a2f041f6774 (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v1.0.0-rc.3-darwin-amd64.tar.gz(14.04 MB)
osm-v1.0.0-rc.3-darwin-amd64.zip(14.04 MB)
osm-v1.0.0-rc.3-linux-amd64.tar.gz(13.38 MB)
osm-v1.0.0-rc.3-linux-amd64.zip(13.38 MB)
osm-v1.0.0-rc.3-windows-amd64.tar.gz(13.54 MB)
osm-v1.0.0-rc.3-windows-amd64.zip(13.54 MB)
sha256sums.txt(603 bytes)
v1.0.0-rc.2(Nov 15, 2021)
Notable changes

New internal control plane event management framework to handle changes to the Kubernetes cluster and policies

Validations to reject/ignore invalid SMI TrafficTarget resources

Control plane memory utilization improvements

Support for TCP server-first protocols for in-mesh traffic

Updates to Grafana dashboards to reflect accurate metrics

Breaking changes

The following changes are not backward compatible with the previous release.

Top level Helm chart keys are renamed from OpenServiceMesh to osm

osm mesh upgrade no longer carries over values from previous releases. Use the --set flag on osm mesh upgrade to pass values as needed. The --container-registry and --osm-image-tag flags have also been removed in favor of --set.

Deprecation notes

The following capabilities have been deprecated and cannot be used.

Kubernetes Ingress API to configure a service mesh backend to authorize ingress traffic. OSM's IngressBackend API must be used to authorize ingress traffic between an ingress gateway and service mesh backend.

CRD Updates

No CRD changes between tags v1.0.0-rc.1 and v1.0.0-rc.2

Changelog

chore(release): cut v1.0.0-rc.2 6549c52d4d87381fe178c740ed8da54d45f0d9c3 (Jon Huhn)

fix(ci): fix image scan a386088e200eb0df7403fcf85dc9fd9a798a1b1c (Jon Huhn)

fix(init): set init container level security context (#4346) 626967b4a098c5d652951f6d0f685e16a65b28ce (Sanya Kochhar)

Remove avg and max envoy update time metrics from grafana dashboard and resolves #3987 8e72beb12766800fe0a48c200376631fe5d9ea4f (Shalier Xia)

fix failure typos in webhook creators e6784a24ad60bc3eae1d49c6eea05c621c2b6bf8 (Thomas Stringer)

Typo fix for dev guide README (#4347) 7297153a4c6339b60b7cc0a566e6febd49a7895f (Bridget Kromhout)

Updated figure link 29e05744f669d2a7d422d394fcdf9f5f9bcb1436 (mudit singh)

feat(hpa): Adds memory targetAverageUtilization (#4217) 701d1c37fb0391afb89a22fe73d0dbba995d5549 (Shalier Xia)

messaging: trigger proxy update when feature flag is toggled (#4345) 52e13ade170c101d072b27dc370143ac4ce99b6b (Shashank Ram)

fix(upgrade): handle removed values ad3b63e3c1e7a2a976395cfa932e01faf39ac421 (Jon Huhn)

fix(grafana): add version to dashboard descriptions 55bc0aee6ea4944df0638be49a07c6fb8c1f96da (jaellio)

fix(grafana): update grafana version in dashboards (#4337) 78a992785c591e0ccf5140c431993d6e04c819e7 (Jackie Elliott)

docs: add release notes doc (#4338) 277ffc2fb5bb61a88cb4beed9db7bd5c3cad5c63 (Shashank Ram)

ref(tcp): support tcp-server-first inside the mesh f6c14d6282af1fa77f4fc62a8f8e72c4d311d2e5 (Jon Huhn)

fix(grafana): remove irate from active connection query caf00900d5a62dc338a558384eae397a923d0902 (jaellio)

chore(release): update instructions for updating release version references 280cb44ba94b125043b40c8a46e4cba0500748fb (jaellio)

codeowners: expand approvers to be explicit 1b3827340da77376c9f540b465b5ac954b482084 (Shashank Ram)

update curl command for init containers 1f958714755be9424127940094e7bc284a54c76d (Sneha Chhabria)

feat(cli): add uninstall cluster-wide-resources cmd 65c0c6d0d50c803c8ca73d3c246d6e8545a5ae6f (Johnson Shi)

docs(demo): update manual demo manifests 3bf839045ba4f816f2c07e5bb44d828bbed0bb34 (Jon Huhn)

fix(maestro): update pod readiness checks db9613adc73c039f0fbd301a715cc32f9dc2d9f1 (Jon Huhn)

fix(grafana): use osm_request_duration_ms for latency graphs 659f5ed8e4c995797dbeef0bd2f4f77c05b88887 (jaellio)

chore(grafana): update Grafana version 675f2e2db10fa783102ea4a99de9ab174baf6a42 (jaellio)

tests/e2e: skip traffic split selector test for OpenShift (#4320) cfc96d1333a3ccb524ac692d238d9ec9b61343d5 (Shashank Ram)

Fixed development guide broken link (#4322) 4a40b33356efbb82429308ccca25f72071e4f057 (mudit singh)

ref(charts) updatea top OpenServiceMesh key to osm (#4317) 92c0719f2836cdd723ace48cd58f9ca697418edd (Michelle Noorali)

ingress: fix typos (#4319) e7b78aaadb09ed6c4519b3d9bf467893d4b446b1 (Thomas Stringer)

chore(ci): create release on nightly tags 323e58c4dd223fc67848670be057d038e011ac00 (Jon Huhn)

parameterize all images used in helm charts 1dfa5ec7933b14bec6561ad47d75ed5f5593b9b1 (Sneha Chhabria)

docs: update release notes workflow (#4311) 30a2f05b14087e187b2f3b6855cf0e7b913d4a9d (Shashank Ram)

Add bug report feature to get all pod data in the mesh with the --all parameter (#4310) 91dca3e52641a92f5267409ab546360f8c9d193d (Thomas Stringer)

docs/samples: add manifests for canary demo (#4308) 8f92c9d07533f420d14d42f9061c8bc89eb08108 (Shashank Ram)

catalog: allow root service selector to match backend pods (#4303) d9baef65244dbab9d117e57cfcc3285d57971405 (Shashank Ram)

demo: use default namespace if unset (#4304) 43cd0fe2093aaa65dfebd290e1ec6c00bff6a267 (Shashank Ram)

Update default code approvers (#4305) 31f70a93271d481f950d99cc3254ff07559ca083 (Shashank Ram)

fix(vulnerability): Update github.com/ulikunitz/xz version 8c26e09529d7080265239cfef97e51db6a02ac15 (Sneha Chhabria)

ref(cli): mv uninstall -> uninstall mesh command (#4283) 76365f5cbbf777511fbbd9fc338fe9e4508cd5fa (Michelle Noorali)

Removing a namespace also removes ignore flag (#4288) 1c16017900f42a36f8cb44999fc8692b38a74d9a (Clarence Bakirtzidis)

ref(build): remove need for helm dependency update 8267fe8d0efa427132ddfd9ca8ff440e95a1a8dc (Jon Huhn)

chore(release): update chart version to v0.11.1 40d3b1a70768be4025aa05a70e26e383167a66fd (Sneha Chhabria)

fix(demo): fail gracefully when /books-bought receives no POST data 481149dd505f3130921f557aaf3daabb641581b7 (Jon Huhn)

fix(cli): fix uninstall cmd not showing smi info (#4235) 22c1b4d851d907eadc7b54fd179b9d275cbefe22 (Johnson Shi)

fix(MeshConfig): Remove omitEmpty from bool values in the meshconfig db5eb69154a4d263fff75fbcaa7572ca780d88fc (Sneha Chhabria)

ingress: deprecate k8s ingress API usage (#4285) e9ec05f5152b5e090af46b4d9c0d24fa578ca1c4 (Shashank Ram)

fix(osm-crds): use busybox base image daa6c0ea027b992afac15d81445b680a299a1a8c (Jon Huhn)

CI/codeql: fix indent (#4287) c653a2a5e38cef33d49b7d4d2729a77b0c879126 (Shashank Ram)

CI/codeql: cache Go module and build dependencies (#4286) bfb96031113390272c68600bf3cf2ab047f01029 (Shashank Ram)

go/deps: update Helm to v3.7.1 (#4277) 263ab54b0d659aa07e66ed18b395c01a6006abd4 (Jackie Elliott)

CI: skip Go codeql action for docs (#4276) 77ae2184f8c32b9ecef4e38f1bfe23e4905f4896 (Shashank Ram)

docs/examples: add tcp-echo manifest (#4275) 48b9150654efe2f75910a804e3cc593f66b3261b (Shashank Ram)

Removes namespace label from metric. b00c17a12bd3380b230529d767824d4c9028091a (jaellio)

Updates namespace counter inline and removes goroutine. c9a82ffb181057ac0a2a696c6046ec135f3737fc (jaellio)

feat(metrics): monitored namespaces prometheus metric ceb6044a59ca522143e3eec65fc4f3f73e3e169c (jaellio)

fix(pre-release): Update image scan in pre-release workflow 7cbff92d8f8ee4bffb36874b53f4a81dddd553d1 (Sneha Chhabria)

messaging/proxy: avoid unnecessary proxy broadcasts (#4265) 99f64e79378a21c8035abdf026882325c7c3c684 (Shashank Ram)

fix(pre-release): fix indentation in pre-release workflow b68b667ef48aa0f2c4b61dd155fa1506fdb00cc6 (Sneha Chhabria)

charts(cleanup): delete secrets on cleanup 449ed6252f6c30b4bc85eeea76f8c19caf2ee1ac (Sanya Kochhar)

charts(cleanup): delete secrets on cleanup 1d8a51f52b8d254ff5bd3c4e489d1ccb70f35672 (Sanya Kochhar)

ref(*): removes unnecessary namespace check (#4251) 5e619560640208d6fac46f84682f7a1a266cbf7b (Michelle Noorali)

docs(chart): template chart README versions 09c58254ca70e6d589d11caef2993f20ececd9d9 (Jon Huhn)

chore(ci): Update codecov uploader 93d862e364196877a02c54e453bf8eebea9faf5c (Jon Huhn)

chore(chart): increase osm-controller memory limit 473bffdd6e9cbf411777a957ea8b2ad95d96b980 (Jon Huhn)

chore(security/scan): Scan docker images d1a8858868153c65cce7bcf9ff00ef44285bd7f6 (nshankar13)

fix(preset-mesh-config.yaml): add json check (#4241) 04736da74ae52761c55acf1f2a406352826ffe68 (Michelle Noorali)

ingress/client: remove unnecessary check for namespace (#4244) 0a5fa82159a1a407ae21b51e6d4b0f3358481231 (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v1.0.0-rc.2-darwin-amd64.tar.gz(14.56 MB)
osm-v1.0.0-rc.2-darwin-amd64.zip(14.56 MB)
osm-v1.0.0-rc.2-linux-amd64.tar.gz(13.91 MB)
osm-v1.0.0-rc.2-linux-amd64.zip(13.91 MB)
osm-v1.0.0-rc.2-windows-amd64.tar.gz(14.11 MB)
osm-v1.0.0-rc.2-windows-amd64.zip(14.11 MB)
sha256sums.txt(603 bytes)
v0.11.1(Oct 20, 2021)
Notable Changes

Codeql GitHub action integrated into PR workflow

Message broker replaced the global pub-sub instance in the control plane for internal message passing

Invalid traffic targets will be ignored by OSM

Some high memory usage issues fixed

Performance improvements

CRD Updates

No CRD changes between tags v0.11.0 and v0.11.1

Changelog

chore(release): update version to v0.11.1 545e8543b80e03da3d9b5862853618b53b4b0538 (Sneha Chhabria)

fix(MeshConfig): Remove omitEmpty from bool values in the meshconfig 6a5b8047891f2a59d7969c7a4733bf2896027d87 (Sneha Chhabria)

chore(release): update version to v0.11.1-rc.1 dcc91b75f1a81c2377c18e86248eac4168d526db (Sneha Chhabria)

CI: fix image scan job for pre-release 3312be3d6f73fcd52288fd517be54ff793fbcd84 (Sneha Chhabria)

fix(pre-release): fix indentation in pre-release workflow e503c02ff83326253a59fd6afae703d0a054ab1c (Sneha Chhabria)

charts(cleanup): delete secrets on cleanup 9563464073ce5fce42bd44980ec2537fba3fbd1e (Sanya Kochhar)

ref(*): removes unnecessary namespace check (#4251) 5e619560640208d6fac46f84682f7a1a266cbf7b (Michelle Noorali)

docs(chart): template chart README versions 09c58254ca70e6d589d11caef2993f20ececd9d9 (Jon Huhn)

chore(ci): Update codecov uploader 93d862e364196877a02c54e453bf8eebea9faf5c (Jon Huhn)

chore(chart): increase osm-controller memory limit 473bffdd6e9cbf411777a957ea8b2ad95d96b980 (Jon Huhn)

chore(security/scan): Scan docker images d1a8858868153c65cce7bcf9ff00ef44285bd7f6 (nshankar13)

fix(preset-mesh-config.yaml): add json check (#4241) 04736da74ae52761c55acf1f2a406352826ffe68 (Michelle Noorali)

ingress/client: remove unnecessary check for namespace (#4244) 0a5fa82159a1a407ae21b51e6d4b0f3358481231 (Shashank Ram)

fix(cleanuphook): Delete mwhc and vwhc in all scenarios 3ce755cae0d28a1dcc33a59a09110dea3bf9f20d (Sneha Chhabria)

messaging/broker: batch proxy update events (#4240) 11af38e30f441d90b21049ebcc46ddacdf1bf367 (Shashank Ram)

chore(security/scan): Add codeql scan a23f83c67d14d693a0aeb15de8ea6863ad96a47d (nshankar13)

fix(ads): properly sync proxy disconnect c055b1de19d2dbd750f3dd65a0b1faa0b3612e92 (Jon Huhn)

chore(release): update version to v0.11 in chart c40ad8f17c4a5906a73909960bc6fe4241fe69c0 (jaellio)

events: log event kind being processed and disable resyncs (#4231) 09f483871ec63336ca7b71947f2603c7e187ed6e (Shashank Ram)

chore(tlsversion): Add a tls minimum version for webhooks 2e1ebea543d7d78a38fc74f85ba2ac1a20e49de5 (Sneha Chhabria)

Update tests to resolve missing mock calls 4d140cfed6554b4fa07fafce28c375e4af0963db (jaellio)

go/deps: update Helm to v3.7.0 and kubernetes packages db5d919571c4212f87369d32492ee3e2d57ae00c (jaellio)

fix(UpgradeTest) : Fix the upgrade e2e test 50c0a50d7d18969228390e104d8fc8a08b68286e (Sneha Chhabria)

fix(ImageTags) : Update image pull to use tags if specified over the digest 6e40f0dfb1f6ca9a841bf8e07692f9e008215606 (Sneha Chhabria)

metrics: add counters related to proxy response send (#4219) 0e3f7468cdb2dfcaada0e9f96cda1a08939b42ff (Shashank Ram)

envoy/registry: do not track disconnected proxies (#4216) d0d5d9721752b07b3e3d0147ebb8c596d3ab1ed3 (Shashank Ram)

messaging: use message broker in control plane (#4212) 0309a0fd42d2bba1929234a1c358db5d72c5a324 (Shashank Ram)

fix(tests): disable smi validate test for NoInstall (#4209) 1caae978f9b60297bb11aeeee0a09bd8e6adc44c (Michelle Noorali)

messaging: introduce message broker (#4210) f454b0784a578fde5db8fcc71e9593ae3bcebd40 (Shashank Ram)

feat(*): ignore invalid traffic targets (#4177) ae5c9d89664885f7fc458e7ad0f4443d4c38a778 (Michelle Noorali)

feat(charts): Adding priorityClassName to the OSM deployments a6b59b9b5edbebd44b52385e294eeac08f06b43c (Shalier Xia)

catalog/ingress: check backend's port in addition to name (#4202) 37c3d65f3b61e40b1380962df355763662494e27 (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v0.11.1-darwin-amd64.tar.gz(14.54 MB)
osm-v0.11.1-darwin-amd64.zip(14.54 MB)
osm-v0.11.1-linux-amd64.tar.gz(13.89 MB)
osm-v0.11.1-linux-amd64.zip(13.89 MB)
osm-v0.11.1-windows-amd64.tar.gz(14.09 MB)
osm-v0.11.1-windows-amd64.zip(14.09 MB)
sha256sums.txt(579 bytes)
v0.11.1-rc.1(Oct 15, 2021)
Notable Changes

Codeql GitHub action integrated into PR workflow

Message broker replaced the global pub-sub instance in the control plane for internal message passing

Invalid traffic targets will be ignored by OSM

Some high memory usage issues fixed

Performance improvements

CRD Updates

No CRD changes between tags v0.11.0 and v0.11.1-rc.1

Changelog

chore(release): update version to v0.11.1-rc.1 dcc91b75f1a81c2377c18e86248eac4168d526db (Sneha Chhabria)

CI: fix image scan job for pre-release 3312be3d6f73fcd52288fd517be54ff793fbcd84 (Sneha Chhabria)

fix(pre-release): fix indentation in pre-release workflow e503c02ff83326253a59fd6afae703d0a054ab1c (Sneha Chhabria)

charts(cleanup): delete secrets on cleanup 9563464073ce5fce42bd44980ec2537fba3fbd1e (Sanya Kochhar)

ref(*): removes unnecessary namespace check (#4251) 5e619560640208d6fac46f84682f7a1a266cbf7b (Michelle Noorali)

docs(chart): template chart README versions 09c58254ca70e6d589d11caef2993f20ececd9d9 (Jon Huhn)

chore(ci): Update codecov uploader 93d862e364196877a02c54e453bf8eebea9faf5c (Jon Huhn)

chore(chart): increase osm-controller memory limit 473bffdd6e9cbf411777a957ea8b2ad95d96b980 (Jon Huhn)

chore(security/scan): Scan docker images d1a8858868153c65cce7bcf9ff00ef44285bd7f6 (nshankar13)

fix(preset-mesh-config.yaml): add json check (#4241) 04736da74ae52761c55acf1f2a406352826ffe68 (Michelle Noorali)

ingress/client: remove unnecessary check for namespace (#4244) 0a5fa82159a1a407ae21b51e6d4b0f3358481231 (Shashank Ram)

fix(cleanuphook): Delete mwhc and vwhc in all scenarios 3ce755cae0d28a1dcc33a59a09110dea3bf9f20d (Sneha Chhabria)

messaging/broker: batch proxy update events (#4240) 11af38e30f441d90b21049ebcc46ddacdf1bf367 (Shashank Ram)

chore(security/scan): Add codeql scan a23f83c67d14d693a0aeb15de8ea6863ad96a47d (nshankar13)

fix(ads): properly sync proxy disconnect c055b1de19d2dbd750f3dd65a0b1faa0b3612e92 (Jon Huhn)

chore(release): update version to v0.11 in chart c40ad8f17c4a5906a73909960bc6fe4241fe69c0 (jaellio)

events: log event kind being processed and disable resyncs (#4231) 09f483871ec63336ca7b71947f2603c7e187ed6e (Shashank Ram)

chore(tlsversion): Add a tls minimum version for webhooks 2e1ebea543d7d78a38fc74f85ba2ac1a20e49de5 (Sneha Chhabria)

Update tests to resolve missing mock calls 4d140cfed6554b4fa07fafce28c375e4af0963db (jaellio)

go/deps: update Helm to v3.7.0 and kubernetes packages db5d919571c4212f87369d32492ee3e2d57ae00c (jaellio)

fix(UpgradeTest) : Fix the upgrade e2e test 50c0a50d7d18969228390e104d8fc8a08b68286e (Sneha Chhabria)

fix(ImageTags) : Update image pull to use tags if specified over the digest 6e40f0dfb1f6ca9a841bf8e07692f9e008215606 (Sneha Chhabria)

metrics: add counters related to proxy response send (#4219) 0e3f7468cdb2dfcaada0e9f96cda1a08939b42ff (Shashank Ram)

envoy/registry: do not track disconnected proxies (#4216) d0d5d9721752b07b3e3d0147ebb8c596d3ab1ed3 (Shashank Ram)

messaging: use message broker in control plane (#4212) 0309a0fd42d2bba1929234a1c358db5d72c5a324 (Shashank Ram)

fix(tests): disable smi validate test for NoInstall (#4209) 1caae978f9b60297bb11aeeee0a09bd8e6adc44c (Michelle Noorali)

messaging: introduce message broker (#4210) f454b0784a578fde5db8fcc71e9593ae3bcebd40 (Shashank Ram)

feat(*): ignore invalid traffic targets (#4177) ae5c9d89664885f7fc458e7ad0f4443d4c38a778 (Michelle Noorali)

feat(charts): Adding priorityClassName to the OSM deployments a6b59b9b5edbebd44b52385e294eeac08f06b43c (Shalier Xia)

catalog/ingress: check backend's port in addition to name (#4202) 37c3d65f3b61e40b1380962df355763662494e27 (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v0.11.1-rc.1-darwin-amd64.tar.gz(14.54 MB)
osm-v0.11.1-rc.1-darwin-amd64.zip(14.54 MB)
osm-v0.11.1-rc.1-linux-amd64.tar.gz(13.89 MB)
osm-v0.11.1-rc.1-linux-amd64.zip(13.89 MB)
osm-v0.11.1-rc.1-windows-amd64.tar.gz(14.09 MB)
osm-v0.11.1-rc.1-windows-amd64.zip(14.09 MB)
sha256sums.txt(609 bytes)
v1.0.0-rc.1(Oct 13, 2021)
Notable Changes

Codeql GitHub action integrated into PR workflow

Message broker replaced the global pub-sub instance in the control plane for internal message passing

Invalid traffic targets will be ignored by OSM

Some high memory usage issues fixed

CRD Updates

No CRD changes between tags v0.11.0 and v1.0.0-rc.1

Changelog

chore(release): update appVersion and version images 435f914bd4a92236b1a291d93e664f219f9390ef (jaellio)

chore(release): update version to v1.0.0-rc.1 0c779c5d9daf7954ff799ae2f970ed90fb4008af (jaellio)

fix(cleanuphook): Delete mwhc and vwhc in all scenarios 3ce755cae0d28a1dcc33a59a09110dea3bf9f20d (Sneha Chhabria)

messaging/broker: batch proxy update events (#4240) 11af38e30f441d90b21049ebcc46ddacdf1bf367 (Shashank Ram)

chore(security/scan): Add codeql scan a23f83c67d14d693a0aeb15de8ea6863ad96a47d (nshankar13)

fix(ads): properly sync proxy disconnect c055b1de19d2dbd750f3dd65a0b1faa0b3612e92 (Jon Huhn)

chore(release): update version to v0.11 in chart c40ad8f17c4a5906a73909960bc6fe4241fe69c0 (jaellio)

events: log event kind being processed and disable resyncs (#4231) 09f483871ec63336ca7b71947f2603c7e187ed6e (Shashank Ram)

chore(tlsversion): Add a tls minimum version for webhooks 2e1ebea543d7d78a38fc74f85ba2ac1a20e49de5 (Sneha Chhabria)

Update tests to resolve missing mock calls 4d140cfed6554b4fa07fafce28c375e4af0963db (jaellio)

go/deps: update Helm to v3.7.0 and kubernetes packages db5d919571c4212f87369d32492ee3e2d57ae00c (jaellio)

fix(UpgradeTest) : Fix the upgrade e2e test 50c0a50d7d18969228390e104d8fc8a08b68286e (Sneha Chhabria)

fix(ImageTags) : Update image pull to use tags if specified over the digest 6e40f0dfb1f6ca9a841bf8e07692f9e008215606 (Sneha Chhabria)

metrics: add counters related to proxy response send (#4219) 0e3f7468cdb2dfcaada0e9f96cda1a08939b42ff (Shashank Ram)

envoy/registry: do not track disconnected proxies (#4216) d0d5d9721752b07b3e3d0147ebb8c596d3ab1ed3 (Shashank Ram)

messaging: use message broker in control plane (#4212) 0309a0fd42d2bba1929234a1c358db5d72c5a324 (Shashank Ram)

fix(tests): disable smi validate test for NoInstall (#4209) 1caae978f9b60297bb11aeeee0a09bd8e6adc44c (Michelle Noorali)

messaging: introduce message broker (#4210) f454b0784a578fde5db8fcc71e9593ae3bcebd40 (Shashank Ram)

feat(*): ignore invalid traffic targets (#4177) ae5c9d89664885f7fc458e7ad0f4443d4c38a778 (Michelle Noorali)

feat(charts): Adding priorityClassName to the OSM deployments a6b59b9b5edbebd44b52385e294eeac08f06b43c (Shalier Xia)

catalog/ingress: check backend's port in addition to name (#4202) 37c3d65f3b61e40b1380962df355763662494e27 (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v1.0.0-rc.1-darwin-amd64.tar.gz(14.54 MB)
osm-v1.0.0-rc.1-darwin-amd64.zip(14.54 MB)
osm-v1.0.0-rc.1-linux-amd64.tar.gz(13.89 MB)
osm-v1.0.0-rc.1-linux-amd64.zip(13.89 MB)
osm-v1.0.0-rc.1-windows-amd64.tar.gz(14.09 MB)
osm-v1.0.0-rc.1-windows-amd64.zip(14.09 MB)
sha256sums.txt(603 bytes)
v0.11.0(Oct 8, 2021)
Notable Changes

Control plane error code metrics visualizations added to the Grafana dashboard

Support for multi-port Kubernetes service

Support for SMI traffic split in permissive traffic policy mode

Multicluster support for clusters in different vNets

Windows nightly CI job

TrafficTarget and TrafficSplit cache filtering

mysql DB added to bookstore demo

OSM Reconciler for Validating Webhooks, Mutating Webhooks, and CRDs

Pod metadata logged for every log level

Usage of container image digests for released versions

CRD Updates

charts/osm/crds/config_meshconfig.yaml charts/osm/crds/config_multicluster_service.yaml charts/osm/crds/policy_egress.yaml charts/osm/crds/policy_ingress_backend.yaml charts/osm/crds/smi_http_route_group.yaml charts/osm/crds/smi_tcp_route.yaml charts/osm/crds/smi_traffic_access.yaml charts/osm/crds/smi_traffic_split.yaml

Changelog

chore(release): update version to v0.11.0 7ec8ca03ebfd731aa1fd81fad17574e5cf13b385 (jaellio)

chore(release): update version to v0.11.0-rc.3 dd7f893a1cf0cc8667d2e9a24f3dfde05aef8e68 (jaellio)

fix(UpgradeTest) : Fix the upgrade e2e test c59ce4199aca63ae1fec041ebf9381e56d5cfd48 (Sneha Chhabria)

fix(tests): disable smi validate test for NoInstall (#4209) 6d822b365020f13d5f982378cdd2e0a1e5cccb44 (Michelle Noorali)

chore(release): update version to v0.11.0-rc.1 212166e20c3b8d7d79b75cdacbffdbb8717776b2 (jaellio)

catalog/ingress: check backend's port in addition to name (#4202) 571250222b1f5d95492ecd74a6ddd2fa71b92f3d (Shashank Ram)

fix(build): check if windows tag exists correctly a93f57750d74c227d8afd17fdec3df8fde6726b9 (Jon Huhn)

fix(bootstrapPort): Update the crd conversion webhook port on osm-bootstrap e71bd60fb6fe5d1c2263091886269910942a8616 (Sneha Chhabria)

Ensure single mesh deployment is enforced in OSM by default 521679ad6150edeff449cca08eda217bf8e448e0 (Sneha Chhabria)

ref(cmd/osm-bootstrap): add test for getBootstrapPod (#4188) 12507005adac3855f1e3f1a5a8c68a2b76d57d54 (Michelle Noorali)

fix(release): set version and build date for release builds 751fd1cf401c712806ed810171b0c7430f1a0248 (jaellio)

chore(demo): Add CTR_REGISTRY_CREDS_NAME to mysql demo container (#4186) 5dc7d9a67cbddc1416767489328f1e69f3700190 (Sotiris Nanopoulos)

fix(OwnerReferenceUpdates): Handle error logging for owner reference updates 188019001d5888e2c1422fd147ad56cc21e1edbe (Sneha Chhabria)

test(osm-bootstrap): add unit tests for mesh config (#4181) 8b8448a8f9587078f35440279c9260f9439f74df (Michelle Noorali)

fix(reconciler): Add missing osmVersion to reconciler client 382ec2d4443f82aea8324a6fd2b1340014e26ae0 (Sneha Chhabria)

fix(validatingWebhookCert): Update validating webhook secret creation to support multiple control plane instances 093fd8b5b3ce58cf50cee1f30bce8a8edc3adbc7 (Sneha Chhabria)

feat(reconciler): Remove webhook installation from Helm 48669ee734b4e2019643a4a101cf8d8f012d6564 (Sneha Chhabria)

feat(*): add traffic target validation (#4151) f262ef5d5bb6fbde1a06eadd31f7575cd6ad46ef (Michelle Noorali)

feat(injector): Set probe timeouts based on pod deployment spec (#4149) 3e727ed6b2a3d6f57b31122912076bfdfbe4d8c1 (Sotiris Nanopoulos)

revert(psp): Remove PSP code for 1.0.0 (#4163) b7eb06f8757cfc14e7a0c20222a0e27fd5ef8849 (Kalya Subramanian)

ref(pkg/k8s): add more logging fcf245f887b7d1b1aeb6ee8675316100138213ef (Jon Huhn)

ref(*): Unify all osm control pane pod names as one constant 4bb2a43425a44e6cd55f0d1032584b032d3ff213 (Sneha Chhabria)

k8s: Simplify GetKubernetesEventHandlers() (#4171) 9574661286e113b042a55fda995c03b948d469ac (Delyan Raychev)

envoy: streamline logging of proxy object (#4170) 644fbef9eceb6540804a347d1a77433379bbf042 (Shashank Ram)

ref(*): Add a constant for app in the repo 0cf5b2e3ea8d751b8ced15212da1dcf2c1157a2b (Sneha Chhabria)

feat(reconciler) : enable validating webhook reconciler in osm c73f7f80c1b7e7800139bde6da4557fd687a0334 (Sneha Chhabria)

docs/release_guide: clarify updates required for docs (#4159) 51f50362b62c27fb72f8b0926fa0cb75aa89b671 (Shashank Ram)

CI/test: add race detection check (#4157) 6f5f2bbb2693fbc05de430555a61122eaaaf43f2 (Shashank Ram)

pkg/*: fix data races in PubSub and ticker test (#4155) 2d2be96e3b6c83f5c99a2e9c02a6b8e9df3971a7 (Shashank Ram)

remove enableValidatingWebhook feature flag ef63ef71e664f51e2110c68da408b5db0687e2ae (Sneha Chhabria)

feat(reconciler): enable mutatingwebhook reconciler in osm 2c4dbb7dc8e6b5e2eef49d184ee23bd8ae717bc8 (Sneha Chhabria)

test(windows): Enable more Windows tests (#4143) 742edd8433685b1bab638f67081b914360409074 (Sotiris Nanopoulos)

events: rename AnnouncementType to Kind (#4152) a6bbd66b3af5dc55d653fc0605daedc2947aea61 (Shashank Ram)

feat(stats): add data plane envoy stats to grafana 8bc6ac901f747dd4e55a8d1f3e9b2019bddbd61c (Allen Leigh)

ref(build): clean up VERIFY_TAGS fe88c8abf9d6423180069f071ff630881d4c3513 (Jon Huhn)

charts/osm: use image digest for default images (#4108) d81ba22d575d1619db7a40ab34b074d64678c91c (Shashank Ram)

event_handlers: update event metric before pub-sub (#4148) 7014330f1627414ce6be2404cd22321078f0d337 (Shashank Ram)

ref(build): build windows images with explicit buildx builder 3dec4fcc7500f54e0bbf7791628ff2336bde21e0 (Jon Huhn)

chore(lint): exclude specific gosec rules with nosec bbb2b21ce786e82b33e43af52cc7abc4bc3726a1 (jaellio)

chore(pkg/utils): Export cli utils for re-use (#4098) 3116404ececaf7392f27f1e3a78fd66a6b6293a7 (Johnson Shi)

Makefile: add common target for control plane (#4142) 217d79bca2600f83630ae48109f9a3d8aa026529 (Shashank Ram)

fix(lint): remove deprecated golint c3bfaf48bd03ab59305abfb4b582474dea1ed86f (jaellio)

fix(charts/osm/templates): fixes syntax for tracingAddress cf5a687434305de9a22967d41eb6ee7a3599a987 (Shalier Xia)

fix(healthcheck): set curl req timeout 722c371733756646b087122aaf7f7bcd86c256b7 (nshankar13)

feat(reconciler): Enable reconciler for crds in osm b1853d13b1cbba0f29b8eb7e854f409e49363687 (Sneha Chhabria)

feat(reconciler): add labels to osm-crds and mutating webhook required for reconciliation c00e963acb7b12f6b27024beea769ff7a5ed137b (Sneha Chhabria)

feat(reconciler): remove copying of crds in osm-bootstrap image b365bf7f384f5d905ed2972a1a0e3e738b66416a (Sneha Chhabria)

fix(lint): increase golangci-lint timeout 4f9853b2a0b19d4db34f803df066636b86b571be (jaellio)

chore(clean-kubernetes.sh): add timeout variable to run script individually d4eb4a81348be3a398a6c00b797c1fc439a9a790 (Sneha Chhabria)

tests(validator): increate unit test coverage 892acea3e156b2f16f9e9b522ece554e77df6b78 (Jon Huhn)

injector: enforce using configured images (#4131) 60a9754cbd8c100bf5da1d7504a6aa667a5372c2 (Shashank Ram)

fix(e2e): disable flakey fluent bit output e2e c7bb39d341e045cd6865a86931d71a40bc20fb6a (Sanya Kochhar)

envoy/rds: disable default timeout for route to clusters (#4127) 2bb06c009871a0d8c2858a955bb1510276893db3 (Shashank Ram)

chore: remove osm-controller cert issuance metrics (#4113) 963cf8f0bd1b02bea2db127b2ad5f9df21c21c75 (Johnson Shi)

chore: Fix typo in windows-nightly (#4126) 8b4dba9b08937177b1aeaf5521d4dddebbcd06a8 (Sotiris Nanopoulos)

docs(envoy): update docs for sidecar LogLevel in the mesh config a5d77b6ea4ee3ade95a04c1d055dfb2cd2687ec4 (jaellio)

ref(cli): remove unused port parameter on osm uninstall 642cbf2573d38e242ff1b28f7931ee63a6c89b18 (Jon Huhn)

docs(CONTRIBUTING): add attribution section (#4110) 8ba712782fe73476303c7f0858ef9876f2a82ef6 (Michelle Noorali)

feat(Windows): Add Windows nightly job (#4117) c7cfda22e3f469f372b1f67919bff8cc4b24d875 (Sotiris Nanopoulos)

chore(*): update osm install demo e86bd5b4849d8d7bdae8ccb8ba358341f60c3841 (Shalier Xia)

feat(reconciler): Add reconciler client, informers and reconcile logic to osm 4b46764e49bfcd4a56d1cfc5c200a555c6a69db7 (Sneha Chhabria)

docs(docs): Adds autosquash to automerge doc 65a129a2dfbc4c9f6bb7b9f2ccacb1e743994bdc (Shalier Xia)

docs(*): add pull request review guide (#4111) cd14c005e519a25a87a29a43f7a5ccf46485a734 (Michelle Noorali)

chore(pkg/envoy): log pod metadata always 9f6618d3bc32e9eeea971b36d23ab2d8627c5d47 (Jon Huhn)

ref(tests): randomize k8s resource names in tests (#4087) 5e9a3494e73700d9562864c806fc4c97049d0f71 (Michelle Noorali)

chore(bootstrap): increase memory limit 8d066543fdd2b7ed3e872417d65de8e65a3161b6 (nshankar13)

fix: remove weight assignment to local endpoints 4757443cded5e346a8e11f59ee71f8a91c7c87ea (Allen Leigh)

tests(e2e): add cleanup test 0960dce501dfb49772cfb29841cb206428fdf904 (Jon Huhn)

envoy: pin images to sha256 digest and update PullPolicy (#4100) 52c5cb360cc0a0d8a2fb906e6691dddff88f0771 (Shashank Ram)

chore(cli): Refactor, add tests, & export for osm-health (#4086) a59e75de040041843be2bd257d4914e320e830fe (Johnson Shi)

feat(reconciler): Rename mutating webhook file name 40960eae3a179b24cfcc0f0ed8c5b8fc39efc2a3 (Sneha Chhabria)

feat(reconciler): Move crd install, upgrade and management from Helm to OSM 924155dc4b9bb4fcb62430b27dc60f51f6c9e670 (Sneha Chhabria)

feat(multicluster): config cluster LB weight 7a4366bf2003d7c8dd3ef16eebec0c56a6a0ed7f (Allen Leigh)

tests/framework: optionally retry on pod creation failure (#4091) 7c865cb185c365daf0918869a5e949dad06e5513 (Shashank Ram)

Fix CI break (#4090) 5c491ac24f7893b088eb52ffe60b84214d328da2 (Sotiris Nanopoulos)

envoy/eds: respond with endpoints for all services (#4088) 9667f91919f78b89bb049b4b148d1f38abffc4c2 (Shashank Ram)

demo: Correct Warehouse service name and namespace (order in URL) (#4072) c1df37debbb05f844435706b3c2f7ea5fafc6d4b (Delyan Raychev)

feat(windows): Adds demo containers based on Windows (#3921) f59e84c5ceb65eb82172e396823b4041b7de55f8 (Sotiris Nanopoulos)

envoy/eds: respond to EDS request for cluster with no endpoints (#4085) 78455da0d931e94c8a693cdbf0d4c4e9e7c1cfc1 (Shashank Ram)

charts/osm: add namespace to preset-mesh-config resource (#4084) 22f70495cd0da1084403a9f23f5563006866ad34 (Shashank Ram)

envoy: add helper to convert IP CIDR string to XDS object (#4082) 9587d4565c53ca96161d2605374871a8a3591aad (Shashank Ram)

errcode: remove unused error codes (#4077) ed715537178f97b695c1c0ca7eace9af3a304d5e (Shashank Ram)

pkg/*: simplify interface function signatures (#4075) 028857140e47393ee0f192beb8b6fde796855099 (Shashank Ram)

pkg/*: address control plane implementation gaps cd602db8c1e131530b48798c82b1fa4d8a429beb (Shashank Ram)

Only test ignore label e49b267eee7cb20809b9efd687d49fc8c9486bc1 (jaellio)

feat(e2e): ensures namespace ignore label takes precedence 5cd25cbd11828dca29dfb2bfcc03cb5a595dfeaa (jaellio)

tests/e2e: verify traffic to service with multiple ports 409fa394727a89b7638f978f5f10c7da0ca8cc55 (Thomas Stringer)

demo: Fixing incorrect log line - should be generalized to 'web server' (#4067) 2cec5d7df7d3b71d9ffff9d89e36ecc6f4f43eaa (Delyan Raychev)

test: count unique servers which replies c90132498d2bb9cc731a4de4970916e7f1151192 (Allen Leigh)

chore: rearrange content in mysql deployment script e4273321e42736374b97f2d77afc94247cef2f6b (Allen Leigh)

endpoints: don't filter service endpoints in permissive mode (#4066) 742979ed17a13162fa67f1a2b39aa23f4f7765d4 (Shashank Ram)

feat(demo): demo app stores data to mysql db 2d7f62b6123ef377ac477eb532ea61014ac2857a (Allen Leigh)

pkg/smi: allow filter options while listing items in cache (#4064) c4514ebf126149fec4aca0ae8e7df997c735fb23 (Shashank Ram)

tests: Update tests to use Go Testing 0ea43114fbb767b22657d002f6708e3f95b7069e (Sneha Chhabria)

test(e2e): ensure only meshed pods can communicate in permissive mode e46694d1c0e5e9f4f7a209a04b3b89ba7cb6bf8e (jaellio)

log: Fixing Err() statements - change from Info to Error (#4055) a17ba22a2c6c4ab42ec93f902004807c1f7f87d2 (Delyan Raychev)

(multicluster): update gateway ip to osm-multicluster-gateway external ip ec0ed3f3672ba1e6302449fc6f002b3897e2f731 (Sneha Chhabria)

tests(injector): increase coverage 12bdb15f2992b6ce67b7c46000969e0b4c5babfb (Jon Huhn)

tests/e2e: reset k8s version in version test (#4050) a8e75814910010b621f36b2dc9e59cd2e90c573d (Shashank Ram)

tests/framework: logs k8s server version (#4049) 7e396880d9c75a301f29546ff5d98b734fa0ada4 (Shashank Ram)

grafana: add osm error graphs 26012ecd496ccaaff9c7c9199e9c6b7e52fd3227 (jaellio)

test(e2e): enable verbose for install 8c2ccf1f8113d8c36a246b1fd527d090f00d7ee1 (nshankar13)

test(e2e): update kind version 06683dde7192e518aba4d7501d344b4fb70b8ba6 (nshankar13)

envoy: update version to v1.19.1 (#4034) 915f773aa4aaed6e0a0541d0c4ea21c0535f65cd (Shashank Ram)

feat(cli): add debug flag a1bbcbab89d0f9083246f3c972c3b6b1a79a477d (nshankar13)

feat(*): get annotations for retry policy 640168d8530a7264355fe3c6788ad01ba088764b (Shalier Xia)

Source code(tar.gz)
Source code(zip)
osm-v0.11.0-darwin-amd64.tar.gz(14.42 MB)
osm-v0.11.0-darwin-amd64.zip(14.41 MB)
osm-v0.11.0-linux-amd64.tar.gz(13.77 MB)
osm-v0.11.0-linux-amd64.zip(13.78 MB)
osm-v0.11.0-windows-amd64.tar.gz(13.97 MB)
osm-v0.11.0-windows-amd64.zip(13.97 MB)
sha256sums.txt(579 bytes)
v0.11.0-rc.3(Oct 7, 2021)
CRD Updates

No CRD changes between tags v0.11.0-rc.1 and v0.11.0-rc.3

Changelog

chore(release): update version to v0.11.0-rc.3 dd7f893a1cf0cc8667d2e9a24f3dfde05aef8e68 (jaellio)

fix(UpgradeTest) : Fix the upgrade e2e test c59ce4199aca63ae1fec041ebf9381e56d5cfd48 (Sneha Chhabria)

fix(tests): disable smi validate test for NoInstall (#4209) 6d822b365020f13d5f982378cdd2e0a1e5cccb44 (Michelle Noorali)

Source code(tar.gz)
Source code(zip)
osm-v0.11.0-rc.3-darwin-amd64.tar.gz(14.41 MB)
osm-v0.11.0-rc.3-darwin-amd64.zip(14.41 MB)
osm-v0.11.0-rc.3-linux-amd64.tar.gz(13.77 MB)
osm-v0.11.0-rc.3-linux-amd64.zip(13.78 MB)
osm-v0.11.0-rc.3-windows-amd64.tar.gz(13.97 MB)
osm-v0.11.0-rc.3-windows-amd64.zip(13.97 MB)
sha256sums.txt(609 bytes)
v0.11.0-rc.1(Oct 1, 2021)
Notable Changes

Control plane error code metrics visualizations added to the Grafana dashboard

Support for multi-port Kubernetes service

Support for SMI traffic split in permissive traffic policy mode

Multicluster support for clusters in different vNets

Windows nightly CI job

TrafficTarget and TrafficSplit cache filtering

mysql DB added to bookstore demo

OSM Reconciler for Validating Webhooks, Mutating Webhooks, and CRDs

Pod metadata logged for every log level

Usage of container image digests for released versions

CRD Updates

charts/osm/crds/config_meshconfig.yaml charts/osm/crds/config_multicluster_service.yaml charts/osm/crds/policy_egress.yaml charts/osm/crds/policy_ingress_backend.yaml charts/osm/crds/smi_http_route_group.yaml charts/osm/crds/smi_tcp_route.yaml charts/osm/crds/smi_traffic_access.yaml charts/osm/crds/smi_traffic_split.yaml

Changelog

chore(release): update version to v0.11.0-rc.1 212166e20c3b8d7d79b75cdacbffdbb8717776b2 (jaellio)

catalog/ingress: check backend's port in addition to name (#4202) 571250222b1f5d95492ecd74a6ddd2fa71b92f3d (Shashank Ram)

fix(build): check if windows tag exists correctly a93f57750d74c227d8afd17fdec3df8fde6726b9 (Jon Huhn)

fix(bootstrapPort): Update the crd conversion webhook port on osm-bootstrap e71bd60fb6fe5d1c2263091886269910942a8616 (Sneha Chhabria)

Ensure single mesh deployment is enforced in OSM by default 521679ad6150edeff449cca08eda217bf8e448e0 (Sneha Chhabria)

ref(cmd/osm-bootstrap): add test for getBootstrapPod (#4188) 12507005adac3855f1e3f1a5a8c68a2b76d57d54 (Michelle Noorali)

fix(release): set version and build date for release builds 751fd1cf401c712806ed810171b0c7430f1a0248 (jaellio)

chore(demo): Add CTR_REGISTRY_CREDS_NAME to mysql demo container (#4186) 5dc7d9a67cbddc1416767489328f1e69f3700190 (Sotiris Nanopoulos)

fix(OwnerReferenceUpdates): Handle error logging for owner reference updates 188019001d5888e2c1422fd147ad56cc21e1edbe (Sneha Chhabria)

test(osm-bootstrap): add unit tests for mesh config (#4181) 8b8448a8f9587078f35440279c9260f9439f74df (Michelle Noorali)

fix(reconciler): Add missing osmVersion to reconciler client 382ec2d4443f82aea8324a6fd2b1340014e26ae0 (Sneha Chhabria)

fix(validatingWebhookCert): Update validating webhook secret creation to support multiple control plane instances 093fd8b5b3ce58cf50cee1f30bce8a8edc3adbc7 (Sneha Chhabria)

feat(reconciler): Remove webhook installation from Helm 48669ee734b4e2019643a4a101cf8d8f012d6564 (Sneha Chhabria)

feat(*): add traffic target validation (#4151) f262ef5d5bb6fbde1a06eadd31f7575cd6ad46ef (Michelle Noorali)

feat(injector): Set probe timeouts based on pod deployment spec (#4149) 3e727ed6b2a3d6f57b31122912076bfdfbe4d8c1 (Sotiris Nanopoulos)

revert(psp): Remove PSP code for 1.0.0 (#4163) b7eb06f8757cfc14e7a0c20222a0e27fd5ef8849 (Kalya Subramanian)

ref(pkg/k8s): add more logging fcf245f887b7d1b1aeb6ee8675316100138213ef (Jon Huhn)

ref(*): Unify all osm control pane pod names as one constant 4bb2a43425a44e6cd55f0d1032584b032d3ff213 (Sneha Chhabria)

k8s: Simplify GetKubernetesEventHandlers() (#4171) 9574661286e113b042a55fda995c03b948d469ac (Delyan Raychev)

envoy: streamline logging of proxy object (#4170) 644fbef9eceb6540804a347d1a77433379bbf042 (Shashank Ram)

ref(*): Add a constant for app in the repo 0cf5b2e3ea8d751b8ced15212da1dcf2c1157a2b (Sneha Chhabria)

feat(reconciler) : enable validating webhook reconciler in osm c73f7f80c1b7e7800139bde6da4557fd687a0334 (Sneha Chhabria)

docs/release_guide: clarify updates required for docs (#4159) 51f50362b62c27fb72f8b0926fa0cb75aa89b671 (Shashank Ram)

CI/test: add race detection check (#4157) 6f5f2bbb2693fbc05de430555a61122eaaaf43f2 (Shashank Ram)

pkg/*: fix data races in PubSub and ticker test (#4155) 2d2be96e3b6c83f5c99a2e9c02a6b8e9df3971a7 (Shashank Ram)

remove enableValidatingWebhook feature flag ef63ef71e664f51e2110c68da408b5db0687e2ae (Sneha Chhabria)

feat(reconciler): enable mutatingwebhook reconciler in osm 2c4dbb7dc8e6b5e2eef49d184ee23bd8ae717bc8 (Sneha Chhabria)

test(windows): Enable more Windows tests (#4143) 742edd8433685b1bab638f67081b914360409074 (Sotiris Nanopoulos)

events: rename AnnouncementType to Kind (#4152) a6bbd66b3af5dc55d653fc0605daedc2947aea61 (Shashank Ram)

feat(stats): add data plane envoy stats to grafana 8bc6ac901f747dd4e55a8d1f3e9b2019bddbd61c (Allen Leigh)

ref(build): clean up VERIFY_TAGS fe88c8abf9d6423180069f071ff630881d4c3513 (Jon Huhn)

charts/osm: use image digest for default images (#4108) d81ba22d575d1619db7a40ab34b074d64678c91c (Shashank Ram)

event_handlers: update event metric before pub-sub (#4148) 7014330f1627414ce6be2404cd22321078f0d337 (Shashank Ram)

ref(build): build windows images with explicit buildx builder 3dec4fcc7500f54e0bbf7791628ff2336bde21e0 (Jon Huhn)

chore(lint): exclude specific gosec rules with nosec bbb2b21ce786e82b33e43af52cc7abc4bc3726a1 (jaellio)

chore(pkg/utils): Export cli utils for re-use (#4098) 3116404ececaf7392f27f1e3a78fd66a6b6293a7 (Johnson Shi)

Makefile: add common target for control plane (#4142) 217d79bca2600f83630ae48109f9a3d8aa026529 (Shashank Ram)

fix(lint): remove deprecated golint c3bfaf48bd03ab59305abfb4b582474dea1ed86f (jaellio)

fix(charts/osm/templates): fixes syntax for tracingAddress cf5a687434305de9a22967d41eb6ee7a3599a987 (Shalier Xia)

fix(healthcheck): set curl req timeout 722c371733756646b087122aaf7f7bcd86c256b7 (nshankar13)

feat(reconciler): Enable reconciler for crds in osm b1853d13b1cbba0f29b8eb7e854f409e49363687 (Sneha Chhabria)

feat(reconciler): add labels to osm-crds and mutating webhook required for reconciliation c00e963acb7b12f6b27024beea769ff7a5ed137b (Sneha Chhabria)

feat(reconciler): remove copying of crds in osm-bootstrap image b365bf7f384f5d905ed2972a1a0e3e738b66416a (Sneha Chhabria)

fix(lint): increase golangci-lint timeout 4f9853b2a0b19d4db34f803df066636b86b571be (jaellio)

chore(clean-kubernetes.sh): add timeout variable to run script individually d4eb4a81348be3a398a6c00b797c1fc439a9a790 (Sneha Chhabria)

tests(validator): increate unit test coverage 892acea3e156b2f16f9e9b522ece554e77df6b78 (Jon Huhn)

injector: enforce using configured images (#4131) 60a9754cbd8c100bf5da1d7504a6aa667a5372c2 (Shashank Ram)

fix(e2e): disable flakey fluent bit output e2e c7bb39d341e045cd6865a86931d71a40bc20fb6a (Sanya Kochhar)

envoy/rds: disable default timeout for route to clusters (#4127) 2bb06c009871a0d8c2858a955bb1510276893db3 (Shashank Ram)

chore: remove osm-controller cert issuance metrics (#4113) 963cf8f0bd1b02bea2db127b2ad5f9df21c21c75 (Johnson Shi)

chore: Fix typo in windows-nightly (#4126) 8b4dba9b08937177b1aeaf5521d4dddebbcd06a8 (Sotiris Nanopoulos)

docs(envoy): update docs for sidecar LogLevel in the mesh config a5d77b6ea4ee3ade95a04c1d055dfb2cd2687ec4 (jaellio)

ref(cli): remove unused port parameter on osm uninstall 642cbf2573d38e242ff1b28f7931ee63a6c89b18 (Jon Huhn)

docs(CONTRIBUTING): add attribution section (#4110) 8ba712782fe73476303c7f0858ef9876f2a82ef6 (Michelle Noorali)

feat(Windows): Add Windows nightly job (#4117) c7cfda22e3f469f372b1f67919bff8cc4b24d875 (Sotiris Nanopoulos)

chore(*): update osm install demo e86bd5b4849d8d7bdae8ccb8ba358341f60c3841 (Shalier Xia)

feat(reconciler): Add reconciler client, informers and reconcile logic to osm 4b46764e49bfcd4a56d1cfc5c200a555c6a69db7 (Sneha Chhabria)

docs(docs): Adds autosquash to automerge doc 65a129a2dfbc4c9f6bb7b9f2ccacb1e743994bdc (Shalier Xia)

docs(*): add pull request review guide (#4111) cd14c005e519a25a87a29a43f7a5ccf46485a734 (Michelle Noorali)

chore(pkg/envoy): log pod metadata always 9f6618d3bc32e9eeea971b36d23ab2d8627c5d47 (Jon Huhn)

ref(tests): randomize k8s resource names in tests (#4087) 5e9a3494e73700d9562864c806fc4c97049d0f71 (Michelle Noorali)

chore(bootstrap): increase memory limit 8d066543fdd2b7ed3e872417d65de8e65a3161b6 (nshankar13)

fix: remove weight assignment to local endpoints 4757443cded5e346a8e11f59ee71f8a91c7c87ea (Allen Leigh)

tests(e2e): add cleanup test 0960dce501dfb49772cfb29841cb206428fdf904 (Jon Huhn)

envoy: pin images to sha256 digest and update PullPolicy (#4100) 52c5cb360cc0a0d8a2fb906e6691dddff88f0771 (Shashank Ram)

chore(cli): Refactor, add tests, & export for osm-health (#4086) a59e75de040041843be2bd257d4914e320e830fe (Johnson Shi)

feat(reconciler): Rename mutating webhook file name 40960eae3a179b24cfcc0f0ed8c5b8fc39efc2a3 (Sneha Chhabria)

feat(reconciler): Move crd install, upgrade and management from Helm to OSM 924155dc4b9bb4fcb62430b27dc60f51f6c9e670 (Sneha Chhabria)

feat(multicluster): config cluster LB weight 7a4366bf2003d7c8dd3ef16eebec0c56a6a0ed7f (Allen Leigh)

tests/framework: optionally retry on pod creation failure (#4091) 7c865cb185c365daf0918869a5e949dad06e5513 (Shashank Ram)

Fix CI break (#4090) 5c491ac24f7893b088eb52ffe60b84214d328da2 (Sotiris Nanopoulos)

envoy/eds: respond with endpoints for all services (#4088) 9667f91919f78b89bb049b4b148d1f38abffc4c2 (Shashank Ram)

demo: Correct Warehouse service name and namespace (order in URL) (#4072) c1df37debbb05f844435706b3c2f7ea5fafc6d4b (Delyan Raychev)

feat(windows): Adds demo containers based on Windows (#3921) f59e84c5ceb65eb82172e396823b4041b7de55f8 (Sotiris Nanopoulos)

envoy/eds: respond to EDS request for cluster with no endpoints (#4085) 78455da0d931e94c8a693cdbf0d4c4e9e7c1cfc1 (Shashank Ram)

charts/osm: add namespace to preset-mesh-config resource (#4084) 22f70495cd0da1084403a9f23f5563006866ad34 (Shashank Ram)

envoy: add helper to convert IP CIDR string to XDS object (#4082) 9587d4565c53ca96161d2605374871a8a3591aad (Shashank Ram)

errcode: remove unused error codes (#4077) ed715537178f97b695c1c0ca7eace9af3a304d5e (Shashank Ram)

pkg/*: simplify interface function signatures (#4075) 028857140e47393ee0f192beb8b6fde796855099 (Shashank Ram)

pkg/*: address control plane implementation gaps cd602db8c1e131530b48798c82b1fa4d8a429beb (Shashank Ram)

Only test ignore label e49b267eee7cb20809b9efd687d49fc8c9486bc1 (jaellio)

feat(e2e): ensures namespace ignore label takes precedence 5cd25cbd11828dca29dfb2bfcc03cb5a595dfeaa (jaellio)

tests/e2e: verify traffic to service with multiple ports 409fa394727a89b7638f978f5f10c7da0ca8cc55 (Thomas Stringer)

demo: Fixing incorrect log line - should be generalized to 'web server' (#4067) 2cec5d7df7d3b71d9ffff9d89e36ecc6f4f43eaa (Delyan Raychev)

test: count unique servers which replies c90132498d2bb9cc731a4de4970916e7f1151192 (Allen Leigh)

chore: rearrange content in mysql deployment script e4273321e42736374b97f2d77afc94247cef2f6b (Allen Leigh)

endpoints: don't filter service endpoints in permissive mode (#4066) 742979ed17a13162fa67f1a2b39aa23f4f7765d4 (Shashank Ram)

feat(demo): demo app stores data to mysql db 2d7f62b6123ef377ac477eb532ea61014ac2857a (Allen Leigh)

pkg/smi: allow filter options while listing items in cache (#4064) c4514ebf126149fec4aca0ae8e7df997c735fb23 (Shashank Ram)

tests: Update tests to use Go Testing 0ea43114fbb767b22657d002f6708e3f95b7069e (Sneha Chhabria)

test(e2e): ensure only meshed pods can communicate in permissive mode e46694d1c0e5e9f4f7a209a04b3b89ba7cb6bf8e (jaellio)

log: Fixing Err() statements - change from Info to Error (#4055) a17ba22a2c6c4ab42ec93f902004807c1f7f87d2 (Delyan Raychev)

(multicluster): update gateway ip to osm-multicluster-gateway external ip ec0ed3f3672ba1e6302449fc6f002b3897e2f731 (Sneha Chhabria)

tests(injector): increase coverage 12bdb15f2992b6ce67b7c46000969e0b4c5babfb (Jon Huhn)

tests/e2e: reset k8s version in version test (#4050) a8e75814910010b621f36b2dc9e59cd2e90c573d (Shashank Ram)

tests/framework: logs k8s server version (#4049) 7e396880d9c75a301f29546ff5d98b734fa0ada4 (Shashank Ram)

grafana: add osm error graphs 26012ecd496ccaaff9c7c9199e9c6b7e52fd3227 (jaellio)

test(e2e): enable verbose for install 8c2ccf1f8113d8c36a246b1fd527d090f00d7ee1 (nshankar13)

test(e2e): update kind version 06683dde7192e518aba4d7501d344b4fb70b8ba6 (nshankar13)

envoy: update version to v1.19.1 (#4034) 915f773aa4aaed6e0a0541d0c4ea21c0535f65cd (Shashank Ram)

feat(cli): add debug flag a1bbcbab89d0f9083246f3c972c3b6b1a79a477d (nshankar13)

feat(*): get annotations for retry policy 640168d8530a7264355fe3c6788ad01ba088764b (Shalier Xia)

Source code(tar.gz)
Source code(zip)
osm-v0.11.0-rc.1-darwin-amd64.tar.gz(14.41 MB)
osm-v0.11.0-rc.1-darwin-amd64.zip(14.41 MB)
osm-v0.11.0-rc.1-linux-amd64.tar.gz(13.77 MB)
osm-v0.11.0-rc.1-linux-amd64.zip(13.78 MB)
osm-v0.11.0-rc.1-windows-amd64.tar.gz(13.97 MB)
osm-v0.11.0-rc.1-windows-amd64.zip(13.97 MB)
sha256sums.txt(609 bytes)
v0.10.0(Sep 21, 2021)
Notable changes

Envoy version updated to v1.19.1

Ingress enhancements using the IngressBackend API to support plaintext HTTP and HTTPS ingress with mutual-TLS or TLS

Ingress gateway integration with Contour ingress controller

Ability to override OSM CLI defaults and commands based on the environment

OSM CLI command to generate bug reports

Validating webhook to validate API resources managed by OSM

Control plane error code metrics, logging, and documentation

Pod Disruption Budget for OSM control plane pods

Deprecate support for Kubernetes v1.18

Preset mesh config has been changed from kind: MeshConfig to kind: ConfigMap

Prometheus scraping flag has been deprecated in favor of automatic scraping of metrics from pods in namespaces enabled for metrics collection

CRD upgrades are now handled by OSM, requiring no updates to the CRDs or CRs from the user prior to updating the installed OSM version

Experimental support for Mutlicluster using a feature flag

Nightly images from the main branch are published using the latest-main tag

CRD Updates

charts/osm/crds/config_meshconfig.yaml charts/osm/crds/config_multicluster_service.yaml charts/osm/crds/policy_egress.yaml charts/osm/crds/policy_ingress_backend.yaml charts/osm/crds/smi_http_route_group.yaml charts/osm/crds/smi_tcp_route.yaml charts/osm/crds/smi_traffic_access.yaml charts/osm/crds/smi_traffic_split.yaml

Changelog

chore(release): update to v0.10.0 cb02632d2a080b88e01beaa55b2e3ce0cfeb6b64 (nshankar13)

fix(healthcheck): set curl req timeout 6d118b9ea8a9d669d27d0fcb72c6cae5e26f8332 (nshankar13)

chore(release): update version to v0.10.0-rc.2 94ff2858546c07690186bbaa285ff433ac9bf4a1 (nshankar13)

chore(bootstrap): increase memory limit 76136bc94999ed53a430a6a9e4a436c217ceeea0 (nshankar13)

charts/osm: add namespace to preset-mesh-config resource (#4084) d689946ddc7d2226e6fa5febdf04694b512d43ca (Shashank Ram)

tests/e2e: reset k8s version in version test (#4050) (#4080) c532d2279f509dfd4fbaa3eeab0215bfb58518bd (mergify[bot])

tests/framework: logs k8s server version (#4049) (#4081) 41b3b60b4ee88603f931f578a906be4fce1d0a49 (mergify[bot])

test(e2e): enable verbose for install b992b493c78f36c77e40d2f586a325fd218ec3c9 (nshankar13)

Revert "feat(*): adds feature flag for retry policy" d1b758b13a39956dac7b8efe0b3fce62835411d0 (nshankar13)

test(e2e): update kind version ca34c5d452afe9f729510b9fadbded03971a99a4 (nshankar13)

feat(cli): add debug flag e1e081b41a1dfee1bfdda9b7e930e63e9fe7510d (nshankar13)

envoy: update version to v1.19.1 (#4034) (#4035) bf8c0aae44324c7d17c473f979a01cd3b73d2d64 (Shashank Ram)

chore(release): update version to v0.10.0-rc.1 89c91c76644f766d03f70ce273a4ce284a0232dd (nshankar13)

feat(*): adds feature flag for retry policy a09d998ddc35c720c95c354d777652b0151a0dc9 (Shalier Xia)

feat(windows): Make Egress test pass on Windows (#4022) 928bd1a0701244f590324b767f2c4810b88a4ac6 (Sotiris Nanopoulos)

test(pkg/certificate/providers): add tests to config file 699e7caf7c265d0c2cd9c1c7aa3f3cdc23aebbb8 (Shalier Xia)

ingress: allow IPRange as a source in IngressBackend (#4025) caf06048c7f10209faeb553972d5cd32145ea303 (Shashank Ram)

chore: Remove dead code getXdsCluster (#4024) eea4672e65ca021ad198faffd656623f086a821a (Sotiris Nanopoulos)

ref(cli): extract policy check-pod helpers into pkg/cli for reuse aa36b91ef6964444c8f11e6668a2509958b406bf (Sanya Kochhar)

cli: provide environment override capability (#4019) 4dcc321742290685ca11addce2fca3c14a8fcb8f (Shashank Ram)

Updates Mergify as some check names have changed 634db98931239a85c5e618bc7129a04ddebb44a8 (Shalier Xia)

feat(e2e): Remove dependency on oc for SCC (#4014) ac3857d2e78371412a18cf80769b42ec50096b89 (Kalya Subramanian)

docs(release-guide): update release guide to include doc updates 61d473bc1a8be72469c8b200888dfcaa1a31e46e (jaellio)

chore(relase): update osm version to v0.9.2 9246e4e16d6cb89781d8bf2e7f69e68e28b2ac15 (Sneha Chhabria)

Added test for cert manager (#4004) 7e580eff813137b77e702bf6a7e926047eb5745b (mudit singh)

ingress: don't error if candidate group version is not available (#4007) f96e93d98c51e0058272049cdd387d319056db63 (Shashank Ram)

chore: remove helper tracingAddress 0365a94d6218d41d03f06bd1987c535011245025 (Allen Leigh)

fix(crds-upgrade): add psp for crds-upgrade-hook bab837288713dc609d4386ceb39be6ca8ec1aff4 (jaellio)

pkg/*: un-export k8s client implementing interface (#4002) c9d229254952c6ac24ff049574eadc43d1fbd34e (Shashank Ram)

charts/osm: use official Contour image (#3998) fdef5c5ef2843948ae7421327000b79fed9ee3e8 (Shashank Ram)

envoy: update version to v1.19.0 (#3995) 4961af9679870f494e447b12d9f99cfd412491cb (Shashank Ram)

github: update PR template (#3997) bdc0a812cd1a3676fd771bb53d7282841c64b3a7 (Shashank Ram)

Makefile: avoid prompt while overwriting file (#3996) da6be5af589b93643bd9a5dadb920ab4b98c3347 (Shashank Ram)

charts/osm: used fixed dependency for Contour (#3989) 48aaf97b461a68e62782731daec71aacb5c2eafb (Shashank Ram)

feat(multicluster): add weight to RemoteCluster 853039550fe63c910bee9e44fdccdf42091d76d2 (Allen Leigh)

fix(wasm): move metrics handles to RootContext 05f4ff133b8687d18bf36ae1cddff77a0e7e6dbc (Jon Huhn)

cli/policy: add conflict detection command (#3972) f78e72f1da7e23b04945b8a5f4c74031d64d244f (Shashank Ram)

test(pipeline): Push latest-main images nightly 0d6a191891006da1705c1c7a071d38368e1c2478 (nshankar13)

docs(openshift): Create OpenShift pipeline TSG (#3971) 9b39316b9d9ef22f7ed9a7b31683ae87f1159cad (Kalya Subramanian)

chore: remove default value from meshconfig CRD b00178e32dd52bd2d1b81da712dfa678c4cc98e7 (Allen Leigh)

fix(helm-chart-kubeversion-eks): Fixes Helm chart to install on EKS (#3968) ada49d0d00c99b18dd239669f835b77e3d484e6e (Stefan Jokic)

chore(metrics): update todos for error code metrics (#3964) 0dc9e1fa3f920a9ed932290a584dda9eab00fb6b (Jackie Elliott)

fix deprecated urls in readme (#3967) deb18a757c9b0b4afc06d21fc1a79fe645d1d4e1 (Chenxiao Ma)

fix(cli): fix proxy get command truncating output 9f1992f36d59871553aa7f30a2eb3b61b2088297 (Jon Huhn)

validator: fix scoping and remove unused code (#3959) abdaefcc42bd9ef6291653f4db2820cb3617e890 (Shashank Ram)

docs/api_reference: rename folder and update guide (#3955) 84a2a8c40605473ee3145262bebf618e52efb8af (Shashank Ram)

github: update bug report template (#3954) 6631d5e7e60b0f4c75a7dd563e8d502854c5d007 (Shashank Ram)

test(e2e/restart): Set podcount to replica num e92137be5842c5342def68b5194c40a0099d7c84 (nshankar13)

Add tracing options when Jaeger deployment is enabled for the demo script (#3947) 38d7c0e7b9a711db1c42defdbba6f53844e43da7 (Thomas Stringer)

ingress-backend: add status field and reporting 9f2dd07c43359ba6eaa0f9f2e13508b31e575516 (Shashank Ram)

feat(metrics): Add errcode metrics for injector, validatingwebhook, and certificate providers 6d2d32db4546ea3d80e7de31ac335a1ea4d4a806 (nshankar13)

chore(crdConverter): Rename crd converter to osm bootstrap 245e676f43e3e3adaf7a447c7766cb54b9245d11 (Sneha Chhabria)

crdUpgrades: Update osm clean up hook to patch osm crds instead of deleting them 7f7b1d33e1ac418e12dbf4143b8ed98ae6160821 (Sneha Chhabria)

Added overlapping and missing metrics a9b24c1ad906ee1c4520130ed092591460595aa7 (jaellio)

feat(metrics): add errCode metrics to MeshConfig 1379930d6417079d9df5f01d1a0876d9c224f4a6 (Shalier Xia)

feat(metric): Add errcode metric to K8s constructs 025002ebc802b580c641a053ae478344bb35485a (Shalier Xia)

feat(metrics): add errcode metrics for Traffic Policy cc295b62918464c40b9ab936373423a23b9d5235 (Shalier Xia)

feat(metrics): add errcode metric for pubsub e92e9b849f7d1461805228d42490b7bcb15ead4a (Shalier Xia)

fix(openshift): Create env file for cleanup (#3942) 0adbba8aea0c13fcc8ea5184a80aa3011e4e5902 (Kalya Subramanian)

feat(pkg/envoy): metrics for envoy error codes 25c267d84b0ba15d70d3b049f9c13072629fe46a (jaellio)

e2e: fix variable and missing recovers bd0ea12887b7f3f3776c6732cce6e73ccf8a807f (Eduard Serra)

feat(demo): Set USE_PRIVATE_REGISTRY to true 626a065d62511eef559ee594777f0c006f2c682c (nshankar13)

test(e2e): Reset ingressBackend for noInstall cb917f1b9a3aea1f01749efe1d75aa43e00d937a (nshankar13)

ingress: enable IngressBackend policy by default 7d95a6d343b03dfadb49f96865ec82f8d2029d80 (Shashank Ram)

Add demo book app watcher for terminal and raw JSON from web API (#3930) 3f53acce080b85f84e757fb3bddc39d22fc27a9c (Thomas Stringer)

gitignore: ignore Helm dependency lock file a16f9718d5e70b58fd49627a8ca240db00c67cf1 (Shashank Ram)

chore(demo): Switch demo to use FQDN (#3927) 6a205e426e6e49cfd549297cdbb5abf1c97299af (Sotiris Nanopoulos)

ref(cdrUpgradeHook) : change crd upgrade hook from pod to job faa76be0d821d89ff7bb5449e4ddeacd7af473cc (Sneha Chhabria)

rds/ingress: remove WASM mesh headers ee994ddc9a0fbffdf4d88ff860ef726141c2017e (Shashank Ram)

example/manifests: update httpbin listen port to 14001 4a3a2ef77ef2f4f9899283d81df94c7bf45310bd (Shashank Ram)

feat(windows): Adds node selector to pods deployed by tests (#3855) 73f7407d9ed3e0bd64864fb6e860f8a95b993ea2 (Sotiris Nanopoulos)

fix(meshConfig) : Fix MeshConfig availability to OSM control plane resources b832367eae153ac210565df39d0e422c5c3a0163 (Sneha Chhabria)

feat(metrics): initial errcode metric 87b65f461d043167bd1e636a505035be6d22ab68 (jaellio)

tests/e2e: add ingress test using the IngressBackend API c4efaff85dd9278b79e9f7d0158ea2c023f6ca04 (Shashank Ram)

multicluster: Hardcode env vars in the demo script (#3923) a0a1a160f4a6c2b07ccc59c1afc296d17eda1511 (Delyan Raychev)

feat(multicluster): Multicluster working demo d2975b8a08988a0ba552acd9aadf9fc056d41af5 (Sneha Chhabria)

tests/e2e: move nginx ingress install to a helper 0503c6156a55ffa96d023278677200399420102e (Shashank Ram)

charts: allow deploying Contour ingress gateway 792ce0c5eaf0fe23336e7f6c9653470a7a0d20a5 (Shashank Ram)

chore: add testing summary to PR template d796f9a794ee1f1076c49bd5df9cb6b35038ee81 (Allen Leigh)

ref: Simply events sub and pub implementation 0345bb8a01ecea02cb0cb2dee2f07557653a18a4 (Allen Leigh)

feat(metrics): Remove k8s specific metrics f1451d348dd1df817264180d3e76ce07ddcde4f9 (nshankar13)

ingress: add support for automatic gateway cert provisioning 3b60f5b0e39951e08e2932cd179fb5b894ec100f (Shashank Ram)

k8s/event_handler: fix bug in update handler 6859767302975d91c2156f7c4a01e9c47c13b11e (Shashank Ram)

fix(install): enable WASM stats option 093cf1ceceb0d1bf6ef5adb5bfdc52575a9c45d6 (Allen Leigh)

chore(cli): Refactor pkg/cli envoy helpers. 34d42213f34500da30f2cf8b43b645282e6d4db2 (Johnson Shi)

chore(multicluster): add field for related log lines 7d1f57804be57273b3012b7b386bcb84f1675e10 (Allen Leigh)

test/ads: fix test flakyness 352c22079ad293006724e9813b9233eb5fb0ce26 (Eduard Serra)

certificate/tresor: fix root CA cert CN a6e26c3fb52403738ce5f255265bcc673874de98 (Shashank Ram)

GetServiceHostnames: Fix nil pointer dereference ed7d04cdc1d467a1893fb38287b2c0b934953af6 (Eduard Serra)

fix(openshift/nightly): Fix always condition 2c5d7f80595ee3d4c5b16d0c6210b481116e3b1a (nshankar13)

cli: Fixing a broken test (#3900) e003a65c2cb52a8cd54d405dd2dff181d16c4d3f (Delyan Raychev)

chore(cli): Refactor envoy helpers to cli pkg (#3881) 9be251135819c360ce2b9cf77087c88ab1e3f54a (Johnson Shi)

chore(demo): Only create creds for private registry 39a9c5dc1a01a3dc161ba8190f28b7b645daec20 (nshankar13)

ads: add e2e for permissive-smi switching 2ec925fd698b54c159985b92e450d0f32deb2869 (Eduard Serra)

tests(openshift/nightly): Change demo d665f6f406d8a5854965ce9afee6e5d597c6c8a6 (nshankar13)

feat(metrics): max/average proxy config update time 870fa7a2f142fa8844b0228cc74e3d7195cc8e12 (Shalier Xia)

pkg/*: add error codes 3e7b1bbb361bb0324f6c4fddab7f8e9978591b0a (jaellio)

fix: cluster ID used in demo application 1def0871e14e7078e6641921cf8a5b474512b0ef (Allen Leigh)

ads: change resource difference condition from superser to equals 9507072a0261bf4e789303afb5dc7bfcd5257cf7 (Eduard Serra)

chore(injector): Reduce tech debt in osm /pkg/injector d89eb0d75882155e9c56f93d5bfebd04aeaf38c5 (Sotiris Nanopoulos)

feat(windows): Make local clusters use localhostIP instead of wildcardIP 2c6f2cb1af7e338334faed7410b567349b522ec1 (Sotiris Nanopoulos)

ads: fix wrong accountability of sent resources 0cf7acf0076ba9a6bd3f432ca0488c4a8dce3b87 (Eduard Serra)

Make the certificate key size configurable (#3837) 084ed385ccbb7467831bcba5f878a8cd73999892 (Thomas Stringer)

bugreport: use tar.gz archive and expand help text a25a3db1b61b0cdebc62ec3cd55b97dd0bd99174 (Shashank Ram)

test(openshift/nightly): Always clean up resources c91b0fc985e91a5b966420cdfe1166d370ed03a8 (nshankar13)

feat(metrics): proxy broadcast event count 7e42e6eae02dc9e9b487f49199ae14ff3ad3de65 (jaellio)

bug-report: implement bug report tool ea27b7380d6b43424430f059f70261fdee21af01 (Shashank Ram)

chore(pkg/metricsstore): make Help string formatted consistently 0830058f5eeca7dc79b9e21fb1c143944d3c4db9 (Shalier Xia)

test(openshift/nightly): Add cleanup step 48bdc914f4de0d16f2c6e1047a8f7bf0c3ffd7ac (nshankar13)

osm-validator: enable webhook to validate resources f7159b3f325252c5ff3a26993ac97ede2951c943 (Shashank Ram)

smi/health: fix race condition leading to controller crash 35dcb3dd2722a344bf1b4060c8f64fe6ddafadf2 (Shashank Ram)

feat(win): Deploy Windows Sidecar for Windows worker nodes a6ca350ff9e58c9c62b5149804bcaaf2e3dff62f (Sotiris Nanopoulos)

go/deps: update Helm to v3.6.1, client-go & controller-runtime a9ba25950711519d8db913a5a7d87e13ba4ac6a3 (Shashank Ram)

chore(multicluster): Remove cluster domain usages 748ff4bb701ec4bde15b2842d6cbab2728f82d19 (Allen Leigh)

bump version to 1.41.1 for golangci-lint and use container bc455e387c539f72a10ae2457532f7ef3a5235a3 (Thomas Stringer)

fix broken lint rule so that it targets the ci golangci-lint version and correctly runs c748302560955655512ff26e4442a4b8b42a30d8 (Thomas Stringer)

multicluster: Test LDS (#3860) a3b745172107f724bd2d5033003f1dee7fb5fa50 (Delyan Raychev)

multicluster: Adding GetMulticlusterGatewaySubjectCommonName() (#3857) 7f908278c94fc5c4e698c69ab5840b62355d74d9 (Delyan Raychev)

pkg/envoy/*: add error codes for Envoy RDS and SDS 039d27808855b1fa2a53ae9d7ca6d747cfc1562c (jaellio)

demo(env): add publish_images var 02488133514eced89e0b0bc47e1bf3161b95dd4f (nshankar13)

docs(e2e): Add installType section d9f7b9a7c692d7b5112446e18bdf465d5e1ec65f (nshankar13)

feat(demo): add 'publish_images' flag 0c4c7f0af224036a9e2d932e1f662a130886c87b (nshankar13)

test(openshift): Add demo to OpenShift nightly job (#3851) 53e8bc32f341bbf5172be7685d46fac5518bcd7e (Kalya Subramanian)

ref(install): Log namespace for existing mesh (#3846) c3c38a06a530ddbeeb2604517fa950286833c6ef (Kalya Subramanian)

feat(*): add Envoy active health checks 60390e386405de64a71a6524801d3e2ddf26a7fe (Jon Huhn)

injector/test: remove unused var and change test dir prefix 0b60c302b26e15a93ed578492a8a2e9f9af6bb77 (Shashank Ram)

docs(DESIGN.md): fix broken link a8b2775922a8639d0173bc2df74d5f782624a55d (Jon Huhn)

contributing: allow squash & merge option b0bfcbe902295531299f654198dbf273b638ea70 (Shashank Ram)

feat(metrics): proxy reconnect count 6fb139f8996d9affbecc412942c7a3226216b555 (nshankar13)

feat(crdUpgrades): Update upgrade e2e to verify all CRD's are present on the cluster db2d62599cb6818bd04e7104a9702f678c9d680f (Sneha Chhabria)

feat(demo): Make timeout configurable (#3839) 5e2d18f7ed943e350e4a78c18e0a5054cc258154 (Kalya Subramanian)

fix(e2e): upgrade test fixes 1cd4a175f3338054c188868c8e69b4a5f9e10860 (Jon Huhn)

feat(crdUpgrades): enable CRD converter in OSM 46062300916614d8ed2e8307e796af7a2cd49345 (Sneha Chhabria)

envoy/sds: skip inbound SAN validation and verify in permissive mode be00966b612e92ae72cb3ef22870105cc50850d2 (Shashank Ram)

Update node for kind cluster on CI 58c8d06e388d0c0f5dd6f051b68bdfe25a3ac7cc (Sneha Chhabria)

sds/test: fix test bug and expectation 99ed5e951814d05e86ede09ef61fce4eeb4c6c5b (Shashank Ram)

feat(multicluster): customize multicluster gateway port 6f4fd21aadd2ecb0526c27e3ade36e58a217b24b (Allen Leigh)

codegen: add build target and CI check 416505a7b5e088604757fe92582513832278e62b (Shashank Ram)

service: Simplify and test MeshService.FQDN() (#3826) b370fa2689293394d39eb29388e32213f9027b41 (Delyan Raychev)

catalog/ingress: build policy from IngressBackend API 3d387f892070dcc91a5a499197018a607639f5da (Shashank Ram)

ingress: refactor code to make it extendable for IngressBackend API 80e8376f23b742e6f21192a1a8fb4c91f73ab5c2 (Shashank Ram)

multicluster: Small tweaks to MeshConfig client for clarity and better logging (#3819) 44a6696671d383ab1be2c65205d9f955010d56d1 (Delyan Raychev)

multicluster: In case of an error buildGatewayListeners() should return nil (#3818) 07591b2db4f7872b518feaafc49db70196959bcd (Delyan Raychev)

multicluster: For ease of debugging - log lines related to Multicluster capability should contain 'Multicluster' word (#3817) 37c6bbf4150103c5b44d415f65e63e9ed9ccfa15 (Delyan Raychev)

test(pipelines): Add openshift nightly job 954f48f65dbf554d6479e959748a21c5995e3680 (nshankar13)

multicluster: Simplify and test (#3796) 013fcb8d22caa22866e21a40e18a92e64b41a0ba (Delyan Raychev)

multicluster: Carve out multicluster-related functions in a separate file (#3787) ccf463b75a6ca47d55c9b641090470ef98b4c270 (Delyan Raychev)

multicluster: Populate MulticlusterService (#3802) c0d4ec10414dee5001d8638a26ac4f94fc984284 (Delyan Raychev)

Removing unnecessary variable & collision of variable w/ import (#3811) e63b185dda5f831509993da2ed449be6e6dc50b5 (Delyan Raychev)

multicluster: Create sni_cluster filter for the Multicluster Gateway listener (#3812) 5b4b898dba4fa382019cac2daf603bcbc08d7962 (Delyan Raychev)

multicluster: Get Envoy config from both clusters including Multicluster Gateways (#3808) 529306ce1ffaab6a354966c1c36b097c3e32a4a1 (Delyan Raychev)

ref(crds): Rename CRD's in OSM a74572e1cf30a741be90e584a0ecee7c9d40ae3e (Sneha Chhabria)

feat(upgrade): add handlers for conversion of CRD's in OSM 1623d8a73201e0ba5cb8336c984d650526134a11 (Sneha Chhabria)

ingress: add feature flag for IngressBackend policy 8896286b703cc18a82b606783447a0a38376e08e (Shashank Ram)

multicluster: regenerate API client 60fa3075592251d0c78dc89ed3adc0aaab7816c8 (Shashank Ram)

multicluster: Adding ?include_eds to script getting Envoy configs (#3801) 54dae7590f770a91d1c4b796d0e121ece130d42b (Delyan Raychev)

multicluster: Enable Multicluster Gateway feature flag for multicluster demo (#3797) 6a84528adb497e754123fad7782cb886420c2186 (Delyan Raychev)

envoy: remove unnecessary peer validation cert for TLS (non-mTLS) e3be92491ac5b12585f12339bcff447a2019ce14 (Shashank Ram)

multicluster: Resolve multicluster services via /etc/hosts (#3788) 7a2c238104b900d75be69ff22ab83721a3f5c90b (Delyan Raychev)

multicluster: Script to easily capture Envoy configs for multicluster development (#3789) c878a764926cb024e0268f686b133efa2e6fcb2b (Delyan Raychev)

feat(upgrade): Add new http server to crd converter cf8b4507fa0c453d784f0463014604d355041060 (Sneha Chhabria)

multicluster: Carve out multicluster code out into functions and into multicluster.go file (#3793) 9501af813c73e5169fd8b60c34bcada285299dbf (Delyan Raychev)

catalog: Refactor buildOutboundPolicies() (#3794) 17bfa18bff5b76515e13f9369447273223e1a217 (Delyan Raychev)

multicluster: Use []v1alpha1.MultiClusterServic (not a slice of pointers) (#3783) 7ecbf422eaf625722037158ce1c8bbad195581f0 (Delyan Raychev)

policy/ingress-backend: add informer client and events 5dc1f430a0e336415ce2f849786ec8f332033e03 (Shashank Ram)

trafficpolicy: use ServiceIdentity type for RBAC 070dcf37c57751580f4a83a71ef03aa56f160cea (Shashank Ram)

MultiClusterServiceSpec in MultiClusterService CRD is not optional (#3782) 2a67eabce830136d58415140dcaec838f26f35dc (Delyan Raychev)

multicluster: Augment IDENTITY envirenment variable in demos with current kubectx (#3784) 4907022ff5ebc2186552ef0fb598f82687bb5472 (Delyan Raychev)

multicluster: Demo script needs to 'make docker-push' only once (#3786) 2e4d359d685619dcff302ed5d8befdcf2d09c4f5 (Delyan Raychev)

feat(metrics): add service count 81bb77fae0d9350cca0bf254ed3bdcac3948ba50 (nshankar13)

policy: add IngressBackend API client and CRD 352097532d64717a6ca51398fd047f9d9826c50a (Shashank Ram)

envoy/lds: refactor http connection manager + wasm filter b333f4513e2ddb37d2b9095f2a9ace46e2514df9 (Shashank Ram)

e2e: add additional OSM bringup checks on e2e b09904ee4efdb339c6ff157fdd81ea9361c86d9d (Eduard Serra)

multicluster: Set default for MULTICLUSTER_CONTEXTS env var to 'alpha beta' (#3768) e97bb33305e097b5e3b8fda5aaa83b07137a58af (Delyan Raychev)

multicluster: Add (and use) deploy-MulticlusterService.sh (#3770) a9f2e21ddfa7e539e0b489d40fa67f5ebd5970a9 (Delyan Raychev)

test/common: simplify and further explain cleanup conditions 36ebe92a0fd7af36b7b7d2ec0253a1c513d51cdd (Eduard Serra)

Replacing empty slice declaration using a literal with nil slice declaration (#3765) 7970ba3dc38808d6e397952d6e7994c56708c103 (Delyan Raychev)

Renaming variable colliding with imported package name (#3766) 1deb14050c09777abd2bd5825761e4696fede017 (Delyan Raychev)

dispatcher: Addi MultiClusterService events to the dispatch system (#3769) 928985f874e02dfdebe3506482caa9f38cd250db (Delyan Raychev)

multicluster: Defaulting demo to Tresor certificate issuer (#3767) ffcbcb2362db7923532b563c4b80a246bd636d2b (Delyan Raychev)

multicluster: Correct MultiClusterService - Spec should be plural (#3764) 9dfd4b5cf6965a547cb65516e39e56dcaed0da82 (Delyan Raychev)

multicluster: Implement Stringer interface on MultiClusterService struct (#3763) 75b481c2e732caaf22a07a28355f20c384f7e91a (Delyan Raychev)

chore(cli): Remove verbose osm mesh list output 22bbbe51a9b27f9e317a19a12afb4130d81010cf (Johnson Shi)

tests: add unit tests for pkg/injector/health_probes (#3520) 5c4365f7469de768ec075603dc644d5408e7c57c (Shuhei Kitagawa)

tests(e2e): configure ports to make e2es pass on OpenShift 0be61daae7782e058c369998ba42219d7bec81e5 (Sanya Kochhar)

feat(multicluster): multicluster demo setup a45abc6256316f8b170e358a6603da2ee990acf4 (Michael Tarng)

test(pipelines): fix noinstall nightly 5ad382d54533adff5201ed6b6e9afc6e34291f14 (nshankar13)

test(e2e/port_exclusion): change ns name 01b34c00cc48ce39b06ce9e5acd1c8bdde1d6ccd (nshankar13)

pkg/envoy/lds: add error codes c24947c77da145c75f1a85287ce301dd08a3e6d3 (jaellio)

pkg/envoy/cds: add error codes d354ce352898fb6ac1cad7522aba2717baab4282 (jaellio)

test(e2e): Configure e2e ports for OpenShift (#3748) 6e19645f02c8414ad26914adf3284540a23a00ea (Kalya Subramanian)

charts/osm: don't set the replicaCount with HPA d2e01b0f87dcefa9d213b738af6f4a064cb00ca2 (Shashank Ram)

ref: method renaming for cataloger endpoint methods 34d92f08e36bebf2ae26e74b97f5289b16ab7d1d (Allen Leigh)

tests: make upgrade e2e pass on openshift df00df65dbfa04038e327be49f32a39688ca8c97 (Sanya Kochhar)

tests(*): scope assert handles to subtests dababc8d4e5763ee624d884e2212066d95a132b2 (Jon Huhn)

feat(multicluster): kube provider support multicluster 78d4e97c4d43de4bba260b61be462ccadd7abf67 (Allen Leigh)

chore: add error codes to configurator ead5c9e8095d55dacbe79cb67259c9ccc78bb0ff (Allen Leigh)

cli/test: add unit test for command initialization 60f1a7925877c829e0472642ee4f7d159ec64726 (Shashank Ram)

pkg/envoy/ads: add error codes c41708d9d14d20b1c15c0b30f11ad057281d11e7 (jaellio)

test(e2e/http_ingress): Increase time limit d146c85bbb0d6f36d03d773b00ec8c787af6cfe5 (nshankar13)

test(pipelines): Add noinstall nightly job 665edd156bbd17671d6f6bddde1b92f6d87356ab (nshankar13)

pkg/certificate: add error codes 13998b0bec807e14013090c197d65bb67177a1d1 (jaellio)

cli: add support command to list error code description b9b0e0d2c99b50f29655c6e70fb771b974324bb1 (Shashank Ram)

MultiClusterService validator checks that cluster name is not global cc86b08260b9365c63fd5c2484f661461c7d58ca (Whitney Griffith)

release/v0.9.1: update default release refs eba60c16dacefea15f8461b2ed1f69059c6e68b3 (Shashank Ram)

feat(provider): catalog uses service and endpoint providers methods e77065d05a0ac52e3116c9d5d622c2cc1db7ab8a (Whitney Griffith)

feat(upgrade): Add a conversion webhook server to OSM control plane ccd837ed972def407f6f727b81da9a613d97b175 (Sneha Chhabria)

catalog/traffic-policies: add error codes 4af79f1b1c59047f4eacc4b8db30834fe947bda6 (Shashank Ram)

Fix broken link in the README (#3713) 67d7b0428632a59b40cbc60e6f43991763bf9290 (Sotiris Nanopoulos)

catalog/egress: define error codes for error logs 46ebe85a156ccd4ed6548109400cb941959dde85 (Shashank Ram)

feat(pkg/envoy/lds): Switch the gateway listener to proxy mode 27869422be3c89918f7f61f605060092a24571a5 (Sean Teeling)

cmd/osm-*: log error codes for errors during startup 31b0d232864111a119b21e74bd5bc1fdaaa0500c (Shashank Ram)

errcode: introduce error code management 8bb73710b6c31d5c241ecd96101de7220e64c331 (Shashank Ram)

(TESTING) updating kind go library to 0.11.1 c4d7eabb42d2a8ea8f14b5fdcf90aeebe398cf10 (Eduard Serra)

test(pkg/certificate): add test for ListCertificate 0ff5b198a673a555b9589fafcddd62272abb07a3 (Jackie Elliott)

injector/iptables: resolve unnecessary TODO comment a1b1889d6abd66ebc2ff7098af820f5c5a5c9dd3 (Shashank Ram)

pkg/cert/providers: add ValidateCertManagerOptions test a0535f5a2ec3c2fa40f5caa42ee46d17ffa5b46e (Eduard Serra)

feat(pkg/apis/config) add the protocol to the mesh cluster 934b562b1907e8c91c457c3bfab29bfdc38f6dd2 (Sean Teeling)

feat(pkg/config): simplify the config client to the fields it needs 24252d500db77193cd9abaf1340fd2fe0ee0f8fa (Sean Teeling)

ref(catalog): improve performance of ListAllowedEndpointsForService() 484d39a1a7e81f381bcec896a96fac81ca790cc2 (Allen Leigh)

chore(demo): cross service distributed tracing in demo ca02252ecf53b151e28013308cf7076984d43ed7 (Allen Leigh)

pkg/*: safely filter events for monitored namespaces 88de74e488696aa05eb1e24590d2a39f5050278a (Shashank Ram)

smi/client: remove unused announcement channel 47dcb7bfd126b3875dedbdc9ee7ba5379475e6bc (Shashank Ram)

pkg/*: remove unused cacheSynced channel 604818c44b613c7b1a1de7b516bfb75e1c04e34f (Shashank Ram)

feat(upgrade): Add helm hooks to manage crd upgrades 371007fcddd52c54eb32dbaf23bbf940132289cd (Sneha Chhabria)

e2e: Moving constants into const.go and out of common.go (#3670) bc441bae296c306f37515387f8a92d8f38660657 (Delyan Raychev)

e2e: Turn td.RunLocal() into a variadic function (#3675) f9dc7b9be2287303345154d5b490763d3a051e3e (Delyan Raychev)

e2e: Simplify file path constructor (#3674) 1479afdb612ffe4c25043ae98b5c971148b87e06 (Delyan Raychev)

e2e: Fixing typos in e2e test framework (#3667) 6925db709acbaa7644295c6bc9d02feacae67e07 (Delyan Raychev)

e2e: Moving type definitions into types.go (#3668) 2619c53d76d4949a07c8f43359de9775bb8e4bf6 (Delyan Raychev)

e2e: Move helm related functions into helm.go (#3669) 3f4c9f5b504acec05338526314116ee6b1d3c308 (Delyan Raychev)

e2e: Remove unused variables (#3671) 1864ce21019c3578a1ba8b80bd9eb803f5e4f71c (Delyan Raychev)

pkg/*: rename internal kubernetes pkg to k8s b1ed76d50ce8bea8eea00e49e8d5da6f856c85c3 (Shashank Ram)

Renaming file to match document (#3678) 90c08eb79be412a51728012cb6bd8c614f381739 (Bridget Kromhout)

osm-controller: remove unused kubeconfig file dependency 2d874166af75fd59436e59aac84d09c1c0022ae6 (Shashank Ram)

e2e: Renaming json variable so it does not conflict with imported package (#3673) 6948ebac31e7e4e645ad910d45e7f0259fec5660 (Delyan Raychev)

e2e: Fix string type conversions (#3672) 65191b3aa686405a52f14ac0825628c1cef8331b (Delyan Raychev)

e2e: Refactoring namespace-related test functions into a new file - namespace.go (#3666) 4af905eb8cb41132dd3576890ac36cd20395772e (Delyan Raychev)

ref(preset-mesh-config): Change kind of preset-mesh-config to ConfigMap 2429d81ddc40539d834a7afa625656a1ed0d1f26 (Sneha Chhabria)

feat(pkg/providers) Plumb through the new config client to the k8s provider 2e0e5f97ad53889f50f455c0eb604898191c5f59 (Sean Teeling)

envoy/identity: cleanup SDS refs in identity pkg 7ef41172206cbb073c22ec7be30d6fa511e009ce (Shashank Ram)

envoy: encode proxy identity in XDS cert f1cf47b8139389ddaf314cf7061783832a9cf91d (Shashank Ram)

scale: fix output and improvements 9f84f42bcb9a9c3b7ee3d42b787e29e5a3ecf743 (Eduard Serra)

envoy/eds: fix cluster name to mesh service parsing 38ad742d61fd9e297eb5315c71b06936e7e434ad (Shashank Ram)

fix(pkg/envoy/cds): configure egress Envoy cluster for prometheus de74f37bdb49fa0f877e166194f6e0d66b3ca20f (jaellio)

Changing ClusterID to ClusterDomain and nesting under experimental.multicluster in meshconfig 249c80a583a55e3eea836acf2a3b9a94ed445d7d (Michael Tarng)

feat(pkg/*) Add local cluster domain to mesh service. db538a1f85130c27505cae9c3a201947990766ac (brunoterkaly)

logger: making log level configurable through meshconfig 0411db447c5923ce7ac5794056d3c22c5aff90c9 (Eduard Serra)

catalog/route: fix missing hostnames for permissive mode a4c20d8e0636c77855e31bcb98eec6b4341c9624 (Shashank Ram)

fix(injector): increase injector webhook timeout fc5b4dbf72c1a82b93f71990f7c4a64d62ddfecf (jaellio)

fix(demo): remove host headers in SMI policies 9d9d8931d670148dd6363919bbabe88b0d502f29 (Jon Huhn)

injector: fix correctness while checking for annotations 8836999ceff892ca2e73169bfd68bcc3a027fcfd (Shashank Ram)

fix(build): rebuild chart when its root files change fbc01587327fee4e0502f32767d0f2837726af63 (Jon Huhn)

provider: move kube endpoint provider client cef48f2bbbb0a61be5b334a80c0a2197a50b4d40 (Whitney Griffith)

golint 9597a8bb9bba20e4b810342e04c1de41a997f42c (Michael Tarng)

feat(pkg/catalog): gateway is configured for SSL passthrough 346ec281dd0b79e51ec536fc3dd524763080b624 (Sean Teeling)

feat(pkg/catalog): gateway is configured for SSL passthrough c31e6fcf78c7e906c581ee5b72b1e97864bd6814 (Sean Teeling)

Service Provider Interface and Mocks bb35786287f81cf3ed037a31efda6c9dc3817ac6 (Whitney Griffith)

Deprecate support for k8s 1.18 3e34b61bc467e0163777ae59c6974780c90fa783 (Shashank Ram)

fix(cleanup): Add nodeSelectors for cleanup-hook 1a7d0b583c7a9841f1f4aaa9274f6de22e39c2e4 (Sotiris Nanopoulos)

Adding clusterId to MeshConfig for multicluster support 9652a4c0caf578b2649f00583dfb0aad6d38fbbe (Michael Tarng)

ingress: support ignoring an ingress resource 9c7a2d9f44da2a8dca3353e9f879aa6697de5993 (Shashank Ram)

doc: clarify release guide 3cbb9b5365fcd5bf99e649fc861b9a34cd0dd0c1 (Allen Leigh)

test(*): Adds test to certificate_manager.go 4aca35d174179b418e442e5cb68e65ea16adab3b (Shalier Xia)

fix(install): Add nodeSelectors for install and demo (#3611) 94fc23d4d6e063eef871af8f44fcece576af4e15 (Kalya Subramanian)

feat(/): add validating webhook server to the osm controller c03a26398ef2f2b8bea6181f4e0489959371b260 (Sean Teeling)

feat(pkg/envoy): Add multi cluster gateway LDS 329b14e057d6c7b785cd7bf8232a0864d3a8b657 (Sean Teeling)

docs/envoy: document traffic flow 26d5fa770e7b63a5be8a7b7650dc2fd96acd6f0e (Sean Teeling)

feat(multicluster) building config for multicluster d55ee93d19eab3931582f5522e568de1381e15f3 (timmyreilly)

fix(.mergfiy.yaml): Remove deprecated Mergify feature 3cdc5a3fba05809abc8305e2c0c9816e1cded388 (Shalier Xia)

refactor(pkg/lds) Cleanup a redundant call to ListAllowedServices 47425734a3215a3a803564cef554179ce1f29fdd (Sean Teeling)

kubernetes/events: remove noise from logging f786ed221065230623375b26b939b28c14ae7c91 (Shashank Ram)

Add details for CNCF Slack (#3597) 8df5a05220765ec968f0a52d666868365b59f6ff (Bridget Kromhout)

docs(release): Update chart update requirements (#3590) 47c1d926c81112c5934d817fec98f3bbcc7ab4b8 (Kalya Subramanian)

injector: support inbound port exclusions 6664c75e85b8cdfc638d97ed004c74be390c5c3b (Shashank Ram)

release: Update versions to 0.9.0 (#3592) 1ef7c65d09c0011a97b30c991a333eb47d44d7d9 (Kalya Subramanian)

ref(proxy registry): track proxy-service relations async 3563cd50a8ad3a37fcb70734b8860ea964e18d85 (Jon Huhn)

tests(pkg/certificate/providers/tresor): add missing tests for ca.go 22fc35382193d6adbab0bf9c3cae616d7f81e91f (shuheiktgw)

feat(pkg/*): Lay some groundwork for multi cluster gateways. daf03b44a69f187c8b775fbbf1c6bd0dad8ec7e7 (Sean Teeling)

envoy: make logging consistent and verbose for debug levels e528961121b5594930972af6aae4f0bf284cfb05 (Shashank Ram)

docs/dev_guide: update test framework usage 05e020020bd20e68d17f98b2a6574a9aa3df7130 (Shashank Ram)

osm-gateway: add support for gateway bootstrapping 9088313540e106b07d211d758f547fc2cd8635f2 (Shashank Ram)

README: add link to docs website c982727b452958f2fa24035fcddb85f64453b361 (Shashank Ram)

tests(e2e): Create ServiceAccount for Vault (#3571) c298f7b68e87c23ce1fdebd91dcaa6ed31377f8e (Kalya Subramanian)

Uses go:embed for wasm stats and helm chart a8daa83a087c076a79e29a9ad1bdf1410e16bd1b (Sotiris Nanopoulos)

fix(e2e): skip e2e_init_controller_test for noInstall cbbce3b992f84c8615ebebf03bc5dee469d9e3d0 (nshankar13)

Creat Contributing Ladder file a1fee8c7865c63c952674c1a727e5d4cd7150e67 (Karen Chu)

Adding files from docs site (#3566) 86ef3834b5973e33614ff4dc7f01119c875a3084 (Bridget Kromhout)

fix(e2e): Add default meshconfig e13f4c7c5604ce62f444a06350c863b4012c8cde (nshankar13)

osm-gateway: add feature flag 8e5571ef3548d36620d7c57580aab1fffd4e6fbc (Shashank Ram)

charts/osm-rbac: add delete verb for secrets (#3570) 8d0ec91e4916fa995ea383a2321cf8b08c70a8b3 (Kalya Subramanian)

test(pkg/smi): adds test for smi health checker 4024fd57f70b8c123782840eae0bbda0021fb613 (Shalier Xia)

autogen and types for multiclusterservice afedd10090c71a36b7724f27afe796386838f09a (timmyreilly)

feat(multicluster): crd only fb05f90f6daf1328849de13cae32127b78137a5b (timmyreilly)

tests(pkg/certificate/providers/tresor): add missing tests 85891b30faa492369ddfcc416624074adb9c2d3a (shuheiktgw)

XDS Server: introducing snapshot cache 5a53fda95c8abe71e569064038d2ae03d13e945d (Eduard Serra)

ref(*): move feature flags to meshconfig 55e3b3b535a49f668dcd43674ac3a3b5a5d25dc7 (Jackie Elliott)

tests(pkg/injector/patch): add unit tests cb20f5fb2531664e44f7c456e9168527ccd6d452 (shuheiktgw)

test: add test for init-osm-controller methods 9da95143bbb34f3ca2be29f9ca018e26e4dee54d (Allen Leigh)

Improves Access Logger names 9949d04a5282d54bf71e3dc22fee65513461e872 (Sotiris Nanopoulos)

feat(pkg/validators): add the main body for the validators libraries. 220ee33f31acb7f62376b6b6b66633af7140469b (Sean Teeling)

fix checks for automerge feature (#3546) b223d9ed3fb50ce6fcc09842d1bba5fba6238482 (Shalier Xia)

Add hpa to osm controller and injector (#3499) 3f794156c53033bc317d1b9487d48c681d3d5126 (Shalier Xia)

Fix autorebase label (#3545) eeddf2e30cde593a3560147a4f62e951bf778e8e (Shalier Xia)

envoy/bootstrap: build bootstrap config generically c2515b671651489de8577f11ae79eb7ddd1245af (Shashank Ram)

test: add test to pkg/configurator 04c76679b8f4a0dc54370005a1dd62bdaf8aae45 (Allen Leigh)

chore(/): Remove unused references to kubeclient. 8b680edaa2b07bbfcd2f61b374e76b921f9ecdfc (Sean Teeling)

test(cmd/cli): add test for trafficPolicyCheckCmd 91669e0fb46b6225f1b4f065b73b7c2a65962e7b (Jackie Elliott)

utils/proto: add unit test and remove duplicated code 141475af86182d1e3a120e1d9c8b5e31e661d4b5 (Shashank Ram)

utils/proto: consolidate proto helpers ee23bc064a9237a4bf3476e21cf804dfd4614aa1 (Shashank Ram)

fix(crds/meshconfig): remove envoy image pattern 56d9248e1c64df210ae2cf1fa9ffca2c6ba6c936 (nshankar13)

envoy: error if proxy is not valid 5fb47f2c9a15e3f3080c3ca656fd7135951171dd (Shashank Ram)

test(e2e): Skip FluentBit tests on OpenShift (#3518) 536feb2990d72d7dbf9984c104ade9585bb5d61c (Kalya Subramanian)

chore(chart): enable WASM stats by default 770b0c33c7933fbe477dd1da9c780afd13f498f7 (Jon Huhn)

Bump cert-manager API and library version 180a9be1c4d7185b9ec2c38883631e0e87cfd43f (irbekrm)

fix(crds/meshconfig): change envoy image pattern ea1b12dd61dc47cc14e3dcc73bd0b3a4565a76a3 (nshankar13)

prometheusScraping: Remove prometheus scraping flag 3f8d15419ed0cf9468ef716e1ac8bb08fab09e91 (Sneha Chhabria)

envoy: add additional metadata for the proxy's kind 9889c1d27b143032ddcc39fd9d1b662b6462e9f6 (Shashank Ram)

ref(cmd/cli): simplify trafficPolicyCheckCmd output cd0ae95bd0b9c2c8212ca89e3d6a0de00ae6533a (Jackie Elliott)

envoy/eds: allow generation of all endpoints on empty request 0394fc81cce2de5cf2a1a1d4ddbfc5a81dff1d9b (Eduard Serra)

envoy/eds: only respond to requested clusters 419ff9d3bedb36dc38e3f4d824adabc87631ff0a (Shashank Ram)

ref(pkg/injector): use XDS structs for envoy bootstrap config e923e3c51b930400b5771e967280ca99cd75c0bd (Jackie Elliott)

[testing] Do not send SDS on full config updates c32f3c5bf9eb9df2efbc1e1bc61d6f22108c2591 (Eduard Serra)

egress: enable egress policy by default a4cc3d52048636caf4369a64127fe0301ae901dd (Shashank Ram)

test: unit test for pkg/ticker 63c2fd2ad4aa174bc23dbf3b736f87d5e0fa62cc (Allen Leigh)

test: add test case to pkg/envoy/lds b31b8f29097be32654543cfc59ed41a388ba8d32 (Allen Leigh)

envoy: changing node ID to CN db396d0bf3e06911899f27c61528e7e8320761ca (Eduard Serra)

tests(cds): increase NewResponse coverage ad0f65fa5b44526e1e87fdc441c6530faf95ee31 (Jon Huhn)

PodMetadata: Use kubecontroller to gather PodMetadata c46db6f095227caf7b8d19af8ab8336b21bded54 (Eduard Serra)

Revert "catalog: add GetKubecontroller interface" ac68115740640a8ef1bcc073543b59e16794e417 (Eduard Serra)

tests: validate osm-controller CLI params bde0a5f608b22d8badaaec0e8f592d3e691d75a5 (Sanya Kochhar)

test: add test case for pkg/httpserver d68983d98007942f4bb9e419cce691e559b90a6d (Allen Leigh)

test(e2e): Enable priv init container for OpenShift (#3480) ed30fa8f29f4ac49546193c924b7eaa0dd20a457 (Kalya Subramanian)

tests/e2e: fix install properties in upgrade test 3e17d11e9171d8012ef03cd1a6c67a738dde91e4 (Shashank Ram)

charts/osm: allow additional root properties ea70ba53ca5a35866b59a82a5ff909d04b904b0c (Shashank Ram)

catalog: add GetKubecontroller interface c0605a7242aea081ba89ccb9b469eb4145f51d64 (Eduard Serra)

Fixing broken links and clarifying link targets (#3476) 4aa177ad35fea8ba79bc74b133bf078a13901cca (Bridget Kromhout)

Update the docs site for a release. (#3471) e666c3bb58f7c93603734adad7b4c87e0d283715 (Bridget Kromhout)

test(pkg/kubernetes): add test for GetEndpoint method b005baeca39378e602688708bf532d04f0bb267f (Jackie Elliott)

ref(docs): use relative links to repo files a0f8f0ceb18e954afd4e95e3a587bbce42f2f12e (Jon Huhn)

test(pkg/envoy/eds): improve test coverage for clusterLoadAssignment 6b449b152baa87779e9236cefb13d6cfdbeee394 (Sneha Chhabria)

feat(rbac): Add FluentBit PodSecurityPolicy (#3313) 8c812c8d67997cbf051625f3edba9fc51b29def5 (Kalya Subramanian)

tools(demo): Add fluentbit logs script (#3463) 67e29e3c0649d3ae3585785746ce8823503cd73c (Kalya Subramanian)

smi: check SMI CRDs during liveness probe aeebfab1c639ed9f2e643ba982761816458a9653 (Shashank Ram)

charts/osm: add pod disruption budgets for control plane 30a6ec0b5fcb15c4552cfd349a19fbcb8c031e03 (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v0.10.0-darwin-amd64.tar.gz(14.41 MB)
osm-v0.10.0-darwin-amd64.zip(14.41 MB)
osm-v0.10.0-linux-amd64.tar.gz(13.77 MB)
osm-v0.10.0-linux-amd64.zip(13.78 MB)
osm-v0.10.0-windows-amd64.tar.gz(13.97 MB)
osm-v0.10.0-windows-amd64.zip(13.97 MB)
sha256sums.txt(579 bytes)
v0.10.0-rc.2(Sep 15, 2021)
CRD Updates

charts/osm/crds/config_meshconfig.yaml

Changelog

chore(release): update version to v0.10.0-rc.2 94ff2858546c07690186bbaa285ff433ac9bf4a1 (nshankar13)

chore(bootstrap): increase memory limit 76136bc94999ed53a430a6a9e4a436c217ceeea0 (nshankar13)

charts/osm: add namespace to preset-mesh-config resource (#4084) d689946ddc7d2226e6fa5febdf04694b512d43ca (Shashank Ram)

tests/e2e: reset k8s version in version test (#4050) (#4080) c532d2279f509dfd4fbaa3eeab0215bfb58518bd (mergify[bot])

tests/framework: logs k8s server version (#4049) (#4081) 41b3b60b4ee88603f931f578a906be4fce1d0a49 (mergify[bot])

test(e2e): enable verbose for install b992b493c78f36c77e40d2f586a325fd218ec3c9 (nshankar13)

Revert "feat(*): adds feature flag for retry policy" d1b758b13a39956dac7b8efe0b3fce62835411d0 (nshankar13)

test(e2e): update kind version ca34c5d452afe9f729510b9fadbded03971a99a4 (nshankar13)

feat(cli): add debug flag e1e081b41a1dfee1bfdda9b7e930e63e9fe7510d (nshankar13)

envoy: update version to v1.19.1 (#4034) (#4035) bf8c0aae44324c7d17c473f979a01cd3b73d2d64 (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v0.10.0-rc.2-darwin-amd64.tar.gz(14.42 MB)
osm-v0.10.0-rc.2-darwin-amd64.zip(14.41 MB)
osm-v0.10.0-rc.2-linux-amd64.tar.gz(13.78 MB)
osm-v0.10.0-rc.2-linux-amd64.zip(13.78 MB)
osm-v0.10.0-rc.2-windows-amd64.tar.gz(13.97 MB)
osm-v0.10.0-rc.2-windows-amd64.zip(13.97 MB)
sha256sums.txt(609 bytes)
v0.10.0-rc.1(Aug 24, 2021)
CRD Updates

charts/osm/crds/config_meshconfig.yaml charts/osm/crds/config_multicluster_service.yaml charts/osm/crds/policy_egress.yaml charts/osm/crds/policy_ingress_backend.yaml charts/osm/crds/smi_http_route_group.yaml charts/osm/crds/smi_tcp_route.yaml charts/osm/crds/smi_traffic_access.yaml charts/osm/crds/smi_traffic_split.yaml

Changelog

chore(release): update version to v0.10.0-rc.1 89c91c76644f766d03f70ce273a4ce284a0232dd (nshankar13)

feat(*): adds feature flag for retry policy a09d998ddc35c720c95c354d777652b0151a0dc9 (Shalier Xia)

feat(windows): Make Egress test pass on Windows (#4022) 928bd1a0701244f590324b767f2c4810b88a4ac6 (Sotiris Nanopoulos)

test(pkg/certificate/providers): add tests to config file 699e7caf7c265d0c2cd9c1c7aa3f3cdc23aebbb8 (Shalier Xia)

ingress: allow IPRange as a source in IngressBackend (#4025) caf06048c7f10209faeb553972d5cd32145ea303 (Shashank Ram)

chore: Remove dead code getXdsCluster (#4024) eea4672e65ca021ad198faffd656623f086a821a (Sotiris Nanopoulos)

ref(cli): extract policy check-pod helpers into pkg/cli for reuse aa36b91ef6964444c8f11e6668a2509958b406bf (Sanya Kochhar)

cli: provide environment override capability (#4019) 4dcc321742290685ca11addce2fca3c14a8fcb8f (Shashank Ram)

Updates Mergify as some check names have changed 634db98931239a85c5e618bc7129a04ddebb44a8 (Shalier Xia)

feat(e2e): Remove dependency on oc for SCC (#4014) ac3857d2e78371412a18cf80769b42ec50096b89 (Kalya Subramanian)

docs(release-guide): update release guide to include doc updates 61d473bc1a8be72469c8b200888dfcaa1a31e46e (jaellio)

chore(relase): update osm version to v0.9.2 9246e4e16d6cb89781d8bf2e7f69e68e28b2ac15 (Sneha Chhabria)

Added test for cert manager (#4004) 7e580eff813137b77e702bf6a7e926047eb5745b (mudit singh)

ingress: don't error if candidate group version is not available (#4007) f96e93d98c51e0058272049cdd387d319056db63 (Shashank Ram)

chore: remove helper tracingAddress 0365a94d6218d41d03f06bd1987c535011245025 (Allen Leigh)

fix(crds-upgrade): add psp for crds-upgrade-hook bab837288713dc609d4386ceb39be6ca8ec1aff4 (jaellio)

pkg/*: un-export k8s client implementing interface (#4002) c9d229254952c6ac24ff049574eadc43d1fbd34e (Shashank Ram)

charts/osm: use official Contour image (#3998) fdef5c5ef2843948ae7421327000b79fed9ee3e8 (Shashank Ram)

envoy: update version to v1.19.0 (#3995) 4961af9679870f494e447b12d9f99cfd412491cb (Shashank Ram)

github: update PR template (#3997) bdc0a812cd1a3676fd771bb53d7282841c64b3a7 (Shashank Ram)

Makefile: avoid prompt while overwriting file (#3996) da6be5af589b93643bd9a5dadb920ab4b98c3347 (Shashank Ram)

charts/osm: used fixed dependency for Contour (#3989) 48aaf97b461a68e62782731daec71aacb5c2eafb (Shashank Ram)

feat(multicluster): add weight to RemoteCluster 853039550fe63c910bee9e44fdccdf42091d76d2 (Allen Leigh)

fix(wasm): move metrics handles to RootContext 05f4ff133b8687d18bf36ae1cddff77a0e7e6dbc (Jon Huhn)

cli/policy: add conflict detection command (#3972) f78e72f1da7e23b04945b8a5f4c74031d64d244f (Shashank Ram)

test(pipeline): Push latest-main images nightly 0d6a191891006da1705c1c7a071d38368e1c2478 (nshankar13)

docs(openshift): Create OpenShift pipeline TSG (#3971) 9b39316b9d9ef22f7ed9a7b31683ae87f1159cad (Kalya Subramanian)

chore: remove default value from meshconfig CRD b00178e32dd52bd2d1b81da712dfa678c4cc98e7 (Allen Leigh)

fix(helm-chart-kubeversion-eks): Fixes Helm chart to install on EKS (#3968) ada49d0d00c99b18dd239669f835b77e3d484e6e (Stefan Jokic)

chore(metrics): update todos for error code metrics (#3964) 0dc9e1fa3f920a9ed932290a584dda9eab00fb6b (Jackie Elliott)

fix deprecated urls in readme (#3967) deb18a757c9b0b4afc06d21fc1a79fe645d1d4e1 (Chenxiao Ma)

fix(cli): fix proxy get command truncating output 9f1992f36d59871553aa7f30a2eb3b61b2088297 (Jon Huhn)

validator: fix scoping and remove unused code (#3959) abdaefcc42bd9ef6291653f4db2820cb3617e890 (Shashank Ram)

docs/api_reference: rename folder and update guide (#3955) 84a2a8c40605473ee3145262bebf618e52efb8af (Shashank Ram)

github: update bug report template (#3954) 6631d5e7e60b0f4c75a7dd563e8d502854c5d007 (Shashank Ram)

test(e2e/restart): Set podcount to replica num e92137be5842c5342def68b5194c40a0099d7c84 (nshankar13)

Add tracing options when Jaeger deployment is enabled for the demo script (#3947) 38d7c0e7b9a711db1c42defdbba6f53844e43da7 (Thomas Stringer)

ingress-backend: add status field and reporting 9f2dd07c43359ba6eaa0f9f2e13508b31e575516 (Shashank Ram)

feat(metrics): Add errcode metrics for injector, validatingwebhook, and certificate providers 6d2d32db4546ea3d80e7de31ac335a1ea4d4a806 (nshankar13)

chore(crdConverter): Rename crd converter to osm bootstrap 245e676f43e3e3adaf7a447c7766cb54b9245d11 (Sneha Chhabria)

crdUpgrades: Update osm clean up hook to patch osm crds instead of deleting them 7f7b1d33e1ac418e12dbf4143b8ed98ae6160821 (Sneha Chhabria)

Added overlapping and missing metrics a9b24c1ad906ee1c4520130ed092591460595aa7 (jaellio)

feat(metrics): add errCode metrics to MeshConfig 1379930d6417079d9df5f01d1a0876d9c224f4a6 (Shalier Xia)

feat(metric): Add errcode metric to K8s constructs 025002ebc802b580c641a053ae478344bb35485a (Shalier Xia)

feat(metrics): add errcode metrics for Traffic Policy cc295b62918464c40b9ab936373423a23b9d5235 (Shalier Xia)

feat(metrics): add errcode metric for pubsub e92e9b849f7d1461805228d42490b7bcb15ead4a (Shalier Xia)

fix(openshift): Create env file for cleanup (#3942) 0adbba8aea0c13fcc8ea5184a80aa3011e4e5902 (Kalya Subramanian)

feat(pkg/envoy): metrics for envoy error codes 25c267d84b0ba15d70d3b049f9c13072629fe46a (jaellio)

e2e: fix variable and missing recovers bd0ea12887b7f3f3776c6732cce6e73ccf8a807f (Eduard Serra)

feat(demo): Set USE_PRIVATE_REGISTRY to true 626a065d62511eef559ee594777f0c006f2c682c (nshankar13)

test(e2e): Reset ingressBackend for noInstall cb917f1b9a3aea1f01749efe1d75aa43e00d937a (nshankar13)

ingress: enable IngressBackend policy by default 7d95a6d343b03dfadb49f96865ec82f8d2029d80 (Shashank Ram)

Add demo book app watcher for terminal and raw JSON from web API (#3930) 3f53acce080b85f84e757fb3bddc39d22fc27a9c (Thomas Stringer)

gitignore: ignore Helm dependency lock file a16f9718d5e70b58fd49627a8ca240db00c67cf1 (Shashank Ram)

chore(demo): Switch demo to use FQDN (#3927) 6a205e426e6e49cfd549297cdbb5abf1c97299af (Sotiris Nanopoulos)

ref(cdrUpgradeHook) : change crd upgrade hook from pod to job faa76be0d821d89ff7bb5449e4ddeacd7af473cc (Sneha Chhabria)

rds/ingress: remove WASM mesh headers ee994ddc9a0fbffdf4d88ff860ef726141c2017e (Shashank Ram)

example/manifests: update httpbin listen port to 14001 4a3a2ef77ef2f4f9899283d81df94c7bf45310bd (Shashank Ram)

feat(windows): Adds node selector to pods deployed by tests (#3855) 73f7407d9ed3e0bd64864fb6e860f8a95b993ea2 (Sotiris Nanopoulos)

fix(meshConfig) : Fix MeshConfig availability to OSM control plane resources b832367eae153ac210565df39d0e422c5c3a0163 (Sneha Chhabria)

feat(metrics): initial errcode metric 87b65f461d043167bd1e636a505035be6d22ab68 (jaellio)

tests/e2e: add ingress test using the IngressBackend API c4efaff85dd9278b79e9f7d0158ea2c023f6ca04 (Shashank Ram)

multicluster: Hardcode env vars in the demo script (#3923) a0a1a160f4a6c2b07ccc59c1afc296d17eda1511 (Delyan Raychev)

feat(multicluster): Multicluster working demo d2975b8a08988a0ba552acd9aadf9fc056d41af5 (Sneha Chhabria)

tests/e2e: move nginx ingress install to a helper 0503c6156a55ffa96d023278677200399420102e (Shashank Ram)

charts: allow deploying Contour ingress gateway 792ce0c5eaf0fe23336e7f6c9653470a7a0d20a5 (Shashank Ram)

chore: add testing summary to PR template d796f9a794ee1f1076c49bd5df9cb6b35038ee81 (Allen Leigh)

ref: Simply events sub and pub implementation 0345bb8a01ecea02cb0cb2dee2f07557653a18a4 (Allen Leigh)

feat(metrics): Remove k8s specific metrics f1451d348dd1df817264180d3e76ce07ddcde4f9 (nshankar13)

ingress: add support for automatic gateway cert provisioning 3b60f5b0e39951e08e2932cd179fb5b894ec100f (Shashank Ram)

k8s/event_handler: fix bug in update handler 6859767302975d91c2156f7c4a01e9c47c13b11e (Shashank Ram)

fix(install): enable WASM stats option 093cf1ceceb0d1bf6ef5adb5bfdc52575a9c45d6 (Allen Leigh)

chore(cli): Refactor pkg/cli envoy helpers. 34d42213f34500da30f2cf8b43b645282e6d4db2 (Johnson Shi)

chore(multicluster): add field for related log lines 7d1f57804be57273b3012b7b386bcb84f1675e10 (Allen Leigh)

test/ads: fix test flakyness 352c22079ad293006724e9813b9233eb5fb0ce26 (Eduard Serra)

certificate/tresor: fix root CA cert CN a6e26c3fb52403738ce5f255265bcc673874de98 (Shashank Ram)

GetServiceHostnames: Fix nil pointer dereference ed7d04cdc1d467a1893fb38287b2c0b934953af6 (Eduard Serra)

fix(openshift/nightly): Fix always condition 2c5d7f80595ee3d4c5b16d0c6210b481116e3b1a (nshankar13)

cli: Fixing a broken test (#3900) e003a65c2cb52a8cd54d405dd2dff181d16c4d3f (Delyan Raychev)

chore(cli): Refactor envoy helpers to cli pkg (#3881) 9be251135819c360ce2b9cf77087c88ab1e3f54a (Johnson Shi)

chore(demo): Only create creds for private registry 39a9c5dc1a01a3dc161ba8190f28b7b645daec20 (nshankar13)

ads: add e2e for permissive-smi switching 2ec925fd698b54c159985b92e450d0f32deb2869 (Eduard Serra)

tests(openshift/nightly): Change demo d665f6f406d8a5854965ce9afee6e5d597c6c8a6 (nshankar13)

feat(metrics): max/average proxy config update time 870fa7a2f142fa8844b0228cc74e3d7195cc8e12 (Shalier Xia)

pkg/*: add error codes 3e7b1bbb361bb0324f6c4fddab7f8e9978591b0a (jaellio)

fix: cluster ID used in demo application 1def0871e14e7078e6641921cf8a5b474512b0ef (Allen Leigh)

ads: change resource difference condition from superser to equals 9507072a0261bf4e789303afb5dc7bfcd5257cf7 (Eduard Serra)

chore(injector): Reduce tech debt in osm /pkg/injector d89eb0d75882155e9c56f93d5bfebd04aeaf38c5 (Sotiris Nanopoulos)

feat(windows): Make local clusters use localhostIP instead of wildcardIP 2c6f2cb1af7e338334faed7410b567349b522ec1 (Sotiris Nanopoulos)

ads: fix wrong accountability of sent resources 0cf7acf0076ba9a6bd3f432ca0488c4a8dce3b87 (Eduard Serra)

Make the certificate key size configurable (#3837) 084ed385ccbb7467831bcba5f878a8cd73999892 (Thomas Stringer)

bugreport: use tar.gz archive and expand help text a25a3db1b61b0cdebc62ec3cd55b97dd0bd99174 (Shashank Ram)

test(openshift/nightly): Always clean up resources c91b0fc985e91a5b966420cdfe1166d370ed03a8 (nshankar13)

feat(metrics): proxy broadcast event count 7e42e6eae02dc9e9b487f49199ae14ff3ad3de65 (jaellio)

bug-report: implement bug report tool ea27b7380d6b43424430f059f70261fdee21af01 (Shashank Ram)

chore(pkg/metricsstore): make Help string formatted consistently 0830058f5eeca7dc79b9e21fb1c143944d3c4db9 (Shalier Xia)

test(openshift/nightly): Add cleanup step 48bdc914f4de0d16f2c6e1047a8f7bf0c3ffd7ac (nshankar13)

osm-validator: enable webhook to validate resources f7159b3f325252c5ff3a26993ac97ede2951c943 (Shashank Ram)

smi/health: fix race condition leading to controller crash 35dcb3dd2722a344bf1b4060c8f64fe6ddafadf2 (Shashank Ram)

feat(win): Deploy Windows Sidecar for Windows worker nodes a6ca350ff9e58c9c62b5149804bcaaf2e3dff62f (Sotiris Nanopoulos)

go/deps: update Helm to v3.6.1, client-go & controller-runtime a9ba25950711519d8db913a5a7d87e13ba4ac6a3 (Shashank Ram)

chore(multicluster): Remove cluster domain usages 748ff4bb701ec4bde15b2842d6cbab2728f82d19 (Allen Leigh)

bump version to 1.41.1 for golangci-lint and use container bc455e387c539f72a10ae2457532f7ef3a5235a3 (Thomas Stringer)

fix broken lint rule so that it targets the ci golangci-lint version and correctly runs c748302560955655512ff26e4442a4b8b42a30d8 (Thomas Stringer)

multicluster: Test LDS (#3860) a3b745172107f724bd2d5033003f1dee7fb5fa50 (Delyan Raychev)

multicluster: Adding GetMulticlusterGatewaySubjectCommonName() (#3857) 7f908278c94fc5c4e698c69ab5840b62355d74d9 (Delyan Raychev)

pkg/envoy/*: add error codes for Envoy RDS and SDS 039d27808855b1fa2a53ae9d7ca6d747cfc1562c (jaellio)

demo(env): add publish_images var 02488133514eced89e0b0bc47e1bf3161b95dd4f (nshankar13)

docs(e2e): Add installType section d9f7b9a7c692d7b5112446e18bdf465d5e1ec65f (nshankar13)

feat(demo): add 'publish_images' flag 0c4c7f0af224036a9e2d932e1f662a130886c87b (nshankar13)

test(openshift): Add demo to OpenShift nightly job (#3851) 53e8bc32f341bbf5172be7685d46fac5518bcd7e (Kalya Subramanian)

ref(install): Log namespace for existing mesh (#3846) c3c38a06a530ddbeeb2604517fa950286833c6ef (Kalya Subramanian)

feat(*): add Envoy active health checks 60390e386405de64a71a6524801d3e2ddf26a7fe (Jon Huhn)

injector/test: remove unused var and change test dir prefix 0b60c302b26e15a93ed578492a8a2e9f9af6bb77 (Shashank Ram)

docs(DESIGN.md): fix broken link a8b2775922a8639d0173bc2df74d5f782624a55d (Jon Huhn)

contributing: allow squash & merge option b0bfcbe902295531299f654198dbf273b638ea70 (Shashank Ram)

feat(metrics): proxy reconnect count 6fb139f8996d9affbecc412942c7a3226216b555 (nshankar13)

feat(crdUpgrades): Update upgrade e2e to verify all CRD's are present on the cluster db2d62599cb6818bd04e7104a9702f678c9d680f (Sneha Chhabria)

feat(demo): Make timeout configurable (#3839) 5e2d18f7ed943e350e4a78c18e0a5054cc258154 (Kalya Subramanian)

fix(e2e): upgrade test fixes 1cd4a175f3338054c188868c8e69b4a5f9e10860 (Jon Huhn)

feat(crdUpgrades): enable CRD converter in OSM 46062300916614d8ed2e8307e796af7a2cd49345 (Sneha Chhabria)

envoy/sds: skip inbound SAN validation and verify in permissive mode be00966b612e92ae72cb3ef22870105cc50850d2 (Shashank Ram)

Update node for kind cluster on CI 58c8d06e388d0c0f5dd6f051b68bdfe25a3ac7cc (Sneha Chhabria)

sds/test: fix test bug and expectation 99ed5e951814d05e86ede09ef61fce4eeb4c6c5b (Shashank Ram)

feat(multicluster): customize multicluster gateway port 6f4fd21aadd2ecb0526c27e3ade36e58a217b24b (Allen Leigh)

codegen: add build target and CI check 416505a7b5e088604757fe92582513832278e62b (Shashank Ram)

service: Simplify and test MeshService.FQDN() (#3826) b370fa2689293394d39eb29388e32213f9027b41 (Delyan Raychev)

catalog/ingress: build policy from IngressBackend API 3d387f892070dcc91a5a499197018a607639f5da (Shashank Ram)

ingress: refactor code to make it extendable for IngressBackend API 80e8376f23b742e6f21192a1a8fb4c91f73ab5c2 (Shashank Ram)

multicluster: Small tweaks to MeshConfig client for clarity and better logging (#3819) 44a6696671d383ab1be2c65205d9f955010d56d1 (Delyan Raychev)

multicluster: In case of an error buildGatewayListeners() should return nil (#3818) 07591b2db4f7872b518feaafc49db70196959bcd (Delyan Raychev)

multicluster: For ease of debugging - log lines related to Multicluster capability should contain 'Multicluster' word (#3817) 37c6bbf4150103c5b44d415f65e63e9ed9ccfa15 (Delyan Raychev)

test(pipelines): Add openshift nightly job 954f48f65dbf554d6479e959748a21c5995e3680 (nshankar13)

multicluster: Simplify and test (#3796) 013fcb8d22caa22866e21a40e18a92e64b41a0ba (Delyan Raychev)

multicluster: Carve out multicluster-related functions in a separate file (#3787) ccf463b75a6ca47d55c9b641090470ef98b4c270 (Delyan Raychev)

multicluster: Populate MulticlusterService (#3802) c0d4ec10414dee5001d8638a26ac4f94fc984284 (Delyan Raychev)

Removing unnecessary variable & collision of variable w/ import (#3811) e63b185dda5f831509993da2ed449be6e6dc50b5 (Delyan Raychev)

multicluster: Create sni_cluster filter for the Multicluster Gateway listener (#3812) 5b4b898dba4fa382019cac2daf603bcbc08d7962 (Delyan Raychev)

multicluster: Get Envoy config from both clusters including Multicluster Gateways (#3808) 529306ce1ffaab6a354966c1c36b097c3e32a4a1 (Delyan Raychev)

ref(crds): Rename CRD's in OSM a74572e1cf30a741be90e584a0ecee7c9d40ae3e (Sneha Chhabria)

feat(upgrade): add handlers for conversion of CRD's in OSM 1623d8a73201e0ba5cb8336c984d650526134a11 (Sneha Chhabria)

ingress: add feature flag for IngressBackend policy 8896286b703cc18a82b606783447a0a38376e08e (Shashank Ram)

multicluster: regenerate API client 60fa3075592251d0c78dc89ed3adc0aaab7816c8 (Shashank Ram)

multicluster: Adding ?include_eds to script getting Envoy configs (#3801) 54dae7590f770a91d1c4b796d0e121ece130d42b (Delyan Raychev)

multicluster: Enable Multicluster Gateway feature flag for multicluster demo (#3797) 6a84528adb497e754123fad7782cb886420c2186 (Delyan Raychev)

envoy: remove unnecessary peer validation cert for TLS (non-mTLS) e3be92491ac5b12585f12339bcff447a2019ce14 (Shashank Ram)

multicluster: Resolve multicluster services via /etc/hosts (#3788) 7a2c238104b900d75be69ff22ab83721a3f5c90b (Delyan Raychev)

multicluster: Script to easily capture Envoy configs for multicluster development (#3789) c878a764926cb024e0268f686b133efa2e6fcb2b (Delyan Raychev)

feat(upgrade): Add new http server to crd converter cf8b4507fa0c453d784f0463014604d355041060 (Sneha Chhabria)

multicluster: Carve out multicluster code out into functions and into multicluster.go file (#3793) 9501af813c73e5169fd8b60c34bcada285299dbf (Delyan Raychev)

catalog: Refactor buildOutboundPolicies() (#3794) 17bfa18bff5b76515e13f9369447273223e1a217 (Delyan Raychev)

multicluster: Use []v1alpha1.MultiClusterServic (not a slice of pointers) (#3783) 7ecbf422eaf625722037158ce1c8bbad195581f0 (Delyan Raychev)

policy/ingress-backend: add informer client and events 5dc1f430a0e336415ce2f849786ec8f332033e03 (Shashank Ram)

trafficpolicy: use ServiceIdentity type for RBAC 070dcf37c57751580f4a83a71ef03aa56f160cea (Shashank Ram)

MultiClusterServiceSpec in MultiClusterService CRD is not optional (#3782) 2a67eabce830136d58415140dcaec838f26f35dc (Delyan Raychev)

multicluster: Augment IDENTITY envirenment variable in demos with current kubectx (#3784) 4907022ff5ebc2186552ef0fb598f82687bb5472 (Delyan Raychev)

multicluster: Demo script needs to 'make docker-push' only once (#3786) 2e4d359d685619dcff302ed5d8befdcf2d09c4f5 (Delyan Raychev)

feat(metrics): add service count 81bb77fae0d9350cca0bf254ed3bdcac3948ba50 (nshankar13)

policy: add IngressBackend API client and CRD 352097532d64717a6ca51398fd047f9d9826c50a (Shashank Ram)

envoy/lds: refactor http connection manager + wasm filter b333f4513e2ddb37d2b9095f2a9ace46e2514df9 (Shashank Ram)

e2e: add additional OSM bringup checks on e2e b09904ee4efdb339c6ff157fdd81ea9361c86d9d (Eduard Serra)

multicluster: Set default for MULTICLUSTER_CONTEXTS env var to 'alpha beta' (#3768) e97bb33305e097b5e3b8fda5aaa83b07137a58af (Delyan Raychev)

multicluster: Add (and use) deploy-MulticlusterService.sh (#3770) a9f2e21ddfa7e539e0b489d40fa67f5ebd5970a9 (Delyan Raychev)

test/common: simplify and further explain cleanup conditions 36ebe92a0fd7af36b7b7d2ec0253a1c513d51cdd (Eduard Serra)

Replacing empty slice declaration using a literal with nil slice declaration (#3765) 7970ba3dc38808d6e397952d6e7994c56708c103 (Delyan Raychev)

Renaming variable colliding with imported package name (#3766) 1deb14050c09777abd2bd5825761e4696fede017 (Delyan Raychev)

dispatcher: Addi MultiClusterService events to the dispatch system (#3769) 928985f874e02dfdebe3506482caa9f38cd250db (Delyan Raychev)

multicluster: Defaulting demo to Tresor certificate issuer (#3767) ffcbcb2362db7923532b563c4b80a246bd636d2b (Delyan Raychev)

multicluster: Correct MultiClusterService - Spec should be plural (#3764) 9dfd4b5cf6965a547cb65516e39e56dcaed0da82 (Delyan Raychev)

multicluster: Implement Stringer interface on MultiClusterService struct (#3763) 75b481c2e732caaf22a07a28355f20c384f7e91a (Delyan Raychev)

chore(cli): Remove verbose osm mesh list output 22bbbe51a9b27f9e317a19a12afb4130d81010cf (Johnson Shi)

tests: add unit tests for pkg/injector/health_probes (#3520) 5c4365f7469de768ec075603dc644d5408e7c57c (Shuhei Kitagawa)

tests(e2e): configure ports to make e2es pass on OpenShift 0be61daae7782e058c369998ba42219d7bec81e5 (Sanya Kochhar)

feat(multicluster): multicluster demo setup a45abc6256316f8b170e358a6603da2ee990acf4 (Michael Tarng)

test(pipelines): fix noinstall nightly 5ad382d54533adff5201ed6b6e9afc6e34291f14 (nshankar13)

test(e2e/port_exclusion): change ns name 01b34c00cc48ce39b06ce9e5acd1c8bdde1d6ccd (nshankar13)

pkg/envoy/lds: add error codes c24947c77da145c75f1a85287ce301dd08a3e6d3 (jaellio)

pkg/envoy/cds: add error codes d354ce352898fb6ac1cad7522aba2717baab4282 (jaellio)

test(e2e): Configure e2e ports for OpenShift (#3748) 6e19645f02c8414ad26914adf3284540a23a00ea (Kalya Subramanian)

charts/osm: don't set the replicaCount with HPA d2e01b0f87dcefa9d213b738af6f4a064cb00ca2 (Shashank Ram)

ref: method renaming for cataloger endpoint methods 34d92f08e36bebf2ae26e74b97f5289b16ab7d1d (Allen Leigh)

tests: make upgrade e2e pass on openshift df00df65dbfa04038e327be49f32a39688ca8c97 (Sanya Kochhar)

tests(*): scope assert handles to subtests dababc8d4e5763ee624d884e2212066d95a132b2 (Jon Huhn)

feat(multicluster): kube provider support multicluster 78d4e97c4d43de4bba260b61be462ccadd7abf67 (Allen Leigh)

chore: add error codes to configurator ead5c9e8095d55dacbe79cb67259c9ccc78bb0ff (Allen Leigh)

cli/test: add unit test for command initialization 60f1a7925877c829e0472642ee4f7d159ec64726 (Shashank Ram)

pkg/envoy/ads: add error codes c41708d9d14d20b1c15c0b30f11ad057281d11e7 (jaellio)

test(e2e/http_ingress): Increase time limit d146c85bbb0d6f36d03d773b00ec8c787af6cfe5 (nshankar13)

test(pipelines): Add noinstall nightly job 665edd156bbd17671d6f6bddde1b92f6d87356ab (nshankar13)

pkg/certificate: add error codes 13998b0bec807e14013090c197d65bb67177a1d1 (jaellio)

cli: add support command to list error code description b9b0e0d2c99b50f29655c6e70fb771b974324bb1 (Shashank Ram)

MultiClusterService validator checks that cluster name is not global cc86b08260b9365c63fd5c2484f661461c7d58ca (Whitney Griffith)

release/v0.9.1: update default release refs eba60c16dacefea15f8461b2ed1f69059c6e68b3 (Shashank Ram)

feat(provider): catalog uses service and endpoint providers methods e77065d05a0ac52e3116c9d5d622c2cc1db7ab8a (Whitney Griffith)

feat(upgrade): Add a conversion webhook server to OSM control plane ccd837ed972def407f6f727b81da9a613d97b175 (Sneha Chhabria)

catalog/traffic-policies: add error codes 4af79f1b1c59047f4eacc4b8db30834fe947bda6 (Shashank Ram)

Fix broken link in the README (#3713) 67d7b0428632a59b40cbc60e6f43991763bf9290 (Sotiris Nanopoulos)

catalog/egress: define error codes for error logs 46ebe85a156ccd4ed6548109400cb941959dde85 (Shashank Ram)

feat(pkg/envoy/lds): Switch the gateway listener to proxy mode 27869422be3c89918f7f61f605060092a24571a5 (Sean Teeling)

cmd/osm-*: log error codes for errors during startup 31b0d232864111a119b21e74bd5bc1fdaaa0500c (Shashank Ram)

errcode: introduce error code management 8bb73710b6c31d5c241ecd96101de7220e64c331 (Shashank Ram)

(TESTING) updating kind go library to 0.11.1 c4d7eabb42d2a8ea8f14b5fdcf90aeebe398cf10 (Eduard Serra)

test(pkg/certificate): add test for ListCertificate 0ff5b198a673a555b9589fafcddd62272abb07a3 (Jackie Elliott)

injector/iptables: resolve unnecessary TODO comment a1b1889d6abd66ebc2ff7098af820f5c5a5c9dd3 (Shashank Ram)

pkg/cert/providers: add ValidateCertManagerOptions test a0535f5a2ec3c2fa40f5caa42ee46d17ffa5b46e (Eduard Serra)

feat(pkg/apis/config) add the protocol to the mesh cluster 934b562b1907e8c91c457c3bfab29bfdc38f6dd2 (Sean Teeling)

feat(pkg/config): simplify the config client to the fields it needs 24252d500db77193cd9abaf1340fd2fe0ee0f8fa (Sean Teeling)

ref(catalog): improve performance of ListAllowedEndpointsForService() 484d39a1a7e81f381bcec896a96fac81ca790cc2 (Allen Leigh)

chore(demo): cross service distributed tracing in demo ca02252ecf53b151e28013308cf7076984d43ed7 (Allen Leigh)

pkg/*: safely filter events for monitored namespaces 88de74e488696aa05eb1e24590d2a39f5050278a (Shashank Ram)

smi/client: remove unused announcement channel 47dcb7bfd126b3875dedbdc9ee7ba5379475e6bc (Shashank Ram)

pkg/*: remove unused cacheSynced channel 604818c44b613c7b1a1de7b516bfb75e1c04e34f (Shashank Ram)

feat(upgrade): Add helm hooks to manage crd upgrades 371007fcddd52c54eb32dbaf23bbf940132289cd (Sneha Chhabria)

e2e: Moving constants into const.go and out of common.go (#3670) bc441bae296c306f37515387f8a92d8f38660657 (Delyan Raychev)

e2e: Turn td.RunLocal() into a variadic function (#3675) f9dc7b9be2287303345154d5b490763d3a051e3e (Delyan Raychev)

e2e: Simplify file path constructor (#3674) 1479afdb612ffe4c25043ae98b5c971148b87e06 (Delyan Raychev)

e2e: Fixing typos in e2e test framework (#3667) 6925db709acbaa7644295c6bc9d02feacae67e07 (Delyan Raychev)

e2e: Moving type definitions into types.go (#3668) 2619c53d76d4949a07c8f43359de9775bb8e4bf6 (Delyan Raychev)

e2e: Move helm related functions into helm.go (#3669) 3f4c9f5b504acec05338526314116ee6b1d3c308 (Delyan Raychev)

e2e: Remove unused variables (#3671) 1864ce21019c3578a1ba8b80bd9eb803f5e4f71c (Delyan Raychev)

pkg/*: rename internal kubernetes pkg to k8s b1ed76d50ce8bea8eea00e49e8d5da6f856c85c3 (Shashank Ram)

Renaming file to match document (#3678) 90c08eb79be412a51728012cb6bd8c614f381739 (Bridget Kromhout)

osm-controller: remove unused kubeconfig file dependency 2d874166af75fd59436e59aac84d09c1c0022ae6 (Shashank Ram)

e2e: Renaming json variable so it does not conflict with imported package (#3673) 6948ebac31e7e4e645ad910d45e7f0259fec5660 (Delyan Raychev)

e2e: Fix string type conversions (#3672) 65191b3aa686405a52f14ac0825628c1cef8331b (Delyan Raychev)

e2e: Refactoring namespace-related test functions into a new file - namespace.go (#3666) 4af905eb8cb41132dd3576890ac36cd20395772e (Delyan Raychev)

ref(preset-mesh-config): Change kind of preset-mesh-config to ConfigMap 2429d81ddc40539d834a7afa625656a1ed0d1f26 (Sneha Chhabria)

feat(pkg/providers) Plumb through the new config client to the k8s provider 2e0e5f97ad53889f50f455c0eb604898191c5f59 (Sean Teeling)

envoy/identity: cleanup SDS refs in identity pkg 7ef41172206cbb073c22ec7be30d6fa511e009ce (Shashank Ram)

envoy: encode proxy identity in XDS cert f1cf47b8139389ddaf314cf7061783832a9cf91d (Shashank Ram)

scale: fix output and improvements 9f84f42bcb9a9c3b7ee3d42b787e29e5a3ecf743 (Eduard Serra)

envoy/eds: fix cluster name to mesh service parsing 38ad742d61fd9e297eb5315c71b06936e7e434ad (Shashank Ram)

fix(pkg/envoy/cds): configure egress Envoy cluster for prometheus de74f37bdb49fa0f877e166194f6e0d66b3ca20f (jaellio)

Changing ClusterID to ClusterDomain and nesting under experimental.multicluster in meshconfig 249c80a583a55e3eea836acf2a3b9a94ed445d7d (Michael Tarng)

feat(pkg/*) Add local cluster domain to mesh service. db538a1f85130c27505cae9c3a201947990766ac (brunoterkaly)

logger: making log level configurable through meshconfig 0411db447c5923ce7ac5794056d3c22c5aff90c9 (Eduard Serra)

catalog/route: fix missing hostnames for permissive mode a4c20d8e0636c77855e31bcb98eec6b4341c9624 (Shashank Ram)

fix(injector): increase injector webhook timeout fc5b4dbf72c1a82b93f71990f7c4a64d62ddfecf (jaellio)

fix(demo): remove host headers in SMI policies 9d9d8931d670148dd6363919bbabe88b0d502f29 (Jon Huhn)

injector: fix correctness while checking for annotations 8836999ceff892ca2e73169bfd68bcc3a027fcfd (Shashank Ram)

fix(build): rebuild chart when its root files change fbc01587327fee4e0502f32767d0f2837726af63 (Jon Huhn)

provider: move kube endpoint provider client cef48f2bbbb0a61be5b334a80c0a2197a50b4d40 (Whitney Griffith)

golint 9597a8bb9bba20e4b810342e04c1de41a997f42c (Michael Tarng)

feat(pkg/catalog): gateway is configured for SSL passthrough 346ec281dd0b79e51ec536fc3dd524763080b624 (Sean Teeling)

feat(pkg/catalog): gateway is configured for SSL passthrough c31e6fcf78c7e906c581ee5b72b1e97864bd6814 (Sean Teeling)

Service Provider Interface and Mocks bb35786287f81cf3ed037a31efda6c9dc3817ac6 (Whitney Griffith)

Deprecate support for k8s 1.18 3e34b61bc467e0163777ae59c6974780c90fa783 (Shashank Ram)

fix(cleanup): Add nodeSelectors for cleanup-hook 1a7d0b583c7a9841f1f4aaa9274f6de22e39c2e4 (Sotiris Nanopoulos)

Adding clusterId to MeshConfig for multicluster support 9652a4c0caf578b2649f00583dfb0aad6d38fbbe (Michael Tarng)

ingress: support ignoring an ingress resource 9c7a2d9f44da2a8dca3353e9f879aa6697de5993 (Shashank Ram)

doc: clarify release guide 3cbb9b5365fcd5bf99e649fc861b9a34cd0dd0c1 (Allen Leigh)

test(*): Adds test to certificate_manager.go 4aca35d174179b418e442e5cb68e65ea16adab3b (Shalier Xia)

fix(install): Add nodeSelectors for install and demo (#3611) 94fc23d4d6e063eef871af8f44fcece576af4e15 (Kalya Subramanian)

feat(/): add validating webhook server to the osm controller c03a26398ef2f2b8bea6181f4e0489959371b260 (Sean Teeling)

feat(pkg/envoy): Add multi cluster gateway LDS 329b14e057d6c7b785cd7bf8232a0864d3a8b657 (Sean Teeling)

docs/envoy: document traffic flow 26d5fa770e7b63a5be8a7b7650dc2fd96acd6f0e (Sean Teeling)

feat(multicluster) building config for multicluster d55ee93d19eab3931582f5522e568de1381e15f3 (timmyreilly)

fix(.mergfiy.yaml): Remove deprecated Mergify feature 3cdc5a3fba05809abc8305e2c0c9816e1cded388 (Shalier Xia)

refactor(pkg/lds) Cleanup a redundant call to ListAllowedServices 47425734a3215a3a803564cef554179ce1f29fdd (Sean Teeling)

kubernetes/events: remove noise from logging f786ed221065230623375b26b939b28c14ae7c91 (Shashank Ram)

Add details for CNCF Slack (#3597) 8df5a05220765ec968f0a52d666868365b59f6ff (Bridget Kromhout)

docs(release): Update chart update requirements (#3590) 47c1d926c81112c5934d817fec98f3bbcc7ab4b8 (Kalya Subramanian)

injector: support inbound port exclusions 6664c75e85b8cdfc638d97ed004c74be390c5c3b (Shashank Ram)

release: Update versions to 0.9.0 (#3592) 1ef7c65d09c0011a97b30c991a333eb47d44d7d9 (Kalya Subramanian)

ref(proxy registry): track proxy-service relations async 3563cd50a8ad3a37fcb70734b8860ea964e18d85 (Jon Huhn)

tests(pkg/certificate/providers/tresor): add missing tests for ca.go 22fc35382193d6adbab0bf9c3cae616d7f81e91f (shuheiktgw)

feat(pkg/*): Lay some groundwork for multi cluster gateways. daf03b44a69f187c8b775fbbf1c6bd0dad8ec7e7 (Sean Teeling)

envoy: make logging consistent and verbose for debug levels e528961121b5594930972af6aae4f0bf284cfb05 (Shashank Ram)

docs/dev_guide: update test framework usage 05e020020bd20e68d17f98b2a6574a9aa3df7130 (Shashank Ram)

osm-gateway: add support for gateway bootstrapping 9088313540e106b07d211d758f547fc2cd8635f2 (Shashank Ram)

README: add link to docs website c982727b452958f2fa24035fcddb85f64453b361 (Shashank Ram)

tests(e2e): Create ServiceAccount for Vault (#3571) c298f7b68e87c23ce1fdebd91dcaa6ed31377f8e (Kalya Subramanian)

Uses go:embed for wasm stats and helm chart a8daa83a087c076a79e29a9ad1bdf1410e16bd1b (Sotiris Nanopoulos)

fix(e2e): skip e2e_init_controller_test for noInstall cbbce3b992f84c8615ebebf03bc5dee469d9e3d0 (nshankar13)

Creat Contributing Ladder file a1fee8c7865c63c952674c1a727e5d4cd7150e67 (Karen Chu)

Adding files from docs site (#3566) 86ef3834b5973e33614ff4dc7f01119c875a3084 (Bridget Kromhout)

fix(e2e): Add default meshconfig e13f4c7c5604ce62f444a06350c863b4012c8cde (nshankar13)

osm-gateway: add feature flag 8e5571ef3548d36620d7c57580aab1fffd4e6fbc (Shashank Ram)

charts/osm-rbac: add delete verb for secrets (#3570) 8d0ec91e4916fa995ea383a2321cf8b08c70a8b3 (Kalya Subramanian)

test(pkg/smi): adds test for smi health checker 4024fd57f70b8c123782840eae0bbda0021fb613 (Shalier Xia)

autogen and types for multiclusterservice afedd10090c71a36b7724f27afe796386838f09a (timmyreilly)

feat(multicluster): crd only fb05f90f6daf1328849de13cae32127b78137a5b (timmyreilly)

tests(pkg/certificate/providers/tresor): add missing tests 85891b30faa492369ddfcc416624074adb9c2d3a (shuheiktgw)

XDS Server: introducing snapshot cache 5a53fda95c8abe71e569064038d2ae03d13e945d (Eduard Serra)

ref(*): move feature flags to meshconfig 55e3b3b535a49f668dcd43674ac3a3b5a5d25dc7 (Jackie Elliott)

tests(pkg/injector/patch): add unit tests cb20f5fb2531664e44f7c456e9168527ccd6d452 (shuheiktgw)

test: add test for init-osm-controller methods 9da95143bbb34f3ca2be29f9ca018e26e4dee54d (Allen Leigh)

Improves Access Logger names 9949d04a5282d54bf71e3dc22fee65513461e872 (Sotiris Nanopoulos)

feat(pkg/validators): add the main body for the validators libraries. 220ee33f31acb7f62376b6b6b66633af7140469b (Sean Teeling)

fix checks for automerge feature (#3546) b223d9ed3fb50ce6fcc09842d1bba5fba6238482 (Shalier Xia)

Add hpa to osm controller and injector (#3499) 3f794156c53033bc317d1b9487d48c681d3d5126 (Shalier Xia)

Fix autorebase label (#3545) eeddf2e30cde593a3560147a4f62e951bf778e8e (Shalier Xia)

envoy/bootstrap: build bootstrap config generically c2515b671651489de8577f11ae79eb7ddd1245af (Shashank Ram)

test: add test to pkg/configurator 04c76679b8f4a0dc54370005a1dd62bdaf8aae45 (Allen Leigh)

chore(/): Remove unused references to kubeclient. 8b680edaa2b07bbfcd2f61b374e76b921f9ecdfc (Sean Teeling)

test(cmd/cli): add test for trafficPolicyCheckCmd 91669e0fb46b6225f1b4f065b73b7c2a65962e7b (Jackie Elliott)

utils/proto: add unit test and remove duplicated code 141475af86182d1e3a120e1d9c8b5e31e661d4b5 (Shashank Ram)

utils/proto: consolidate proto helpers ee23bc064a9237a4bf3476e21cf804dfd4614aa1 (Shashank Ram)

fix(crds/meshconfig): remove envoy image pattern 56d9248e1c64df210ae2cf1fa9ffca2c6ba6c936 (nshankar13)

envoy: error if proxy is not valid 5fb47f2c9a15e3f3080c3ca656fd7135951171dd (Shashank Ram)

test(e2e): Skip FluentBit tests on OpenShift (#3518) 536feb2990d72d7dbf9984c104ade9585bb5d61c (Kalya Subramanian)

chore(chart): enable WASM stats by default 770b0c33c7933fbe477dd1da9c780afd13f498f7 (Jon Huhn)

Bump cert-manager API and library version 180a9be1c4d7185b9ec2c38883631e0e87cfd43f (irbekrm)

fix(crds/meshconfig): change envoy image pattern ea1b12dd61dc47cc14e3dcc73bd0b3a4565a76a3 (nshankar13)

prometheusScraping: Remove prometheus scraping flag 3f8d15419ed0cf9468ef716e1ac8bb08fab09e91 (Sneha Chhabria)

envoy: add additional metadata for the proxy's kind 9889c1d27b143032ddcc39fd9d1b662b6462e9f6 (Shashank Ram)

ref(cmd/cli): simplify trafficPolicyCheckCmd output cd0ae95bd0b9c2c8212ca89e3d6a0de00ae6533a (Jackie Elliott)

envoy/eds: allow generation of all endpoints on empty request 0394fc81cce2de5cf2a1a1d4ddbfc5a81dff1d9b (Eduard Serra)

envoy/eds: only respond to requested clusters 419ff9d3bedb36dc38e3f4d824adabc87631ff0a (Shashank Ram)

ref(pkg/injector): use XDS structs for envoy bootstrap config e923e3c51b930400b5771e967280ca99cd75c0bd (Jackie Elliott)

[testing] Do not send SDS on full config updates c32f3c5bf9eb9df2efbc1e1bc61d6f22108c2591 (Eduard Serra)

egress: enable egress policy by default a4cc3d52048636caf4369a64127fe0301ae901dd (Shashank Ram)

test: unit test for pkg/ticker 63c2fd2ad4aa174bc23dbf3b736f87d5e0fa62cc (Allen Leigh)

test: add test case to pkg/envoy/lds b31b8f29097be32654543cfc59ed41a388ba8d32 (Allen Leigh)

envoy: changing node ID to CN db396d0bf3e06911899f27c61528e7e8320761ca (Eduard Serra)

tests(cds): increase NewResponse coverage ad0f65fa5b44526e1e87fdc441c6530faf95ee31 (Jon Huhn)

PodMetadata: Use kubecontroller to gather PodMetadata c46db6f095227caf7b8d19af8ab8336b21bded54 (Eduard Serra)

Revert "catalog: add GetKubecontroller interface" ac68115740640a8ef1bcc073543b59e16794e417 (Eduard Serra)

tests: validate osm-controller CLI params bde0a5f608b22d8badaaec0e8f592d3e691d75a5 (Sanya Kochhar)

test: add test case for pkg/httpserver d68983d98007942f4bb9e419cce691e559b90a6d (Allen Leigh)

test(e2e): Enable priv init container for OpenShift (#3480) ed30fa8f29f4ac49546193c924b7eaa0dd20a457 (Kalya Subramanian)

tests/e2e: fix install properties in upgrade test 3e17d11e9171d8012ef03cd1a6c67a738dde91e4 (Shashank Ram)

charts/osm: allow additional root properties ea70ba53ca5a35866b59a82a5ff909d04b904b0c (Shashank Ram)

catalog: add GetKubecontroller interface c0605a7242aea081ba89ccb9b469eb4145f51d64 (Eduard Serra)

Fixing broken links and clarifying link targets (#3476) 4aa177ad35fea8ba79bc74b133bf078a13901cca (Bridget Kromhout)

Update the docs site for a release. (#3471) e666c3bb58f7c93603734adad7b4c87e0d283715 (Bridget Kromhout)

test(pkg/kubernetes): add test for GetEndpoint method b005baeca39378e602688708bf532d04f0bb267f (Jackie Elliott)

ref(docs): use relative links to repo files a0f8f0ceb18e954afd4e95e3a587bbce42f2f12e (Jon Huhn)

test(pkg/envoy/eds): improve test coverage for clusterLoadAssignment 6b449b152baa87779e9236cefb13d6cfdbeee394 (Sneha Chhabria)

feat(rbac): Add FluentBit PodSecurityPolicy (#3313) 8c812c8d67997cbf051625f3edba9fc51b29def5 (Kalya Subramanian)

tools(demo): Add fluentbit logs script (#3463) 67e29e3c0649d3ae3585785746ce8823503cd73c (Kalya Subramanian)

smi: check SMI CRDs during liveness probe aeebfab1c639ed9f2e643ba982761816458a9653 (Shashank Ram)

charts/osm: add pod disruption budgets for control plane 30a6ec0b5fcb15c4552cfd349a19fbcb8c031e03 (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v0.10.0-rc.1-darwin-amd64.tar.gz(14.41 MB)
osm-v0.10.0-rc.1-darwin-amd64.zip(14.41 MB)
osm-v0.10.0-rc.1-linux-amd64.tar.gz(13.78 MB)
osm-v0.10.0-rc.1-linux-amd64.zip(13.77 MB)
osm-v0.10.0-rc.1-windows-amd64.tar.gz(13.98 MB)
osm-v0.10.0-rc.1-windows-amd64.zip(13.97 MB)
sha256sums.txt(609 bytes)
v0.9.2(Aug 19, 2021)
Notable Changes

Changed the kind of preset-mesh-config to ConfigMap

Minor XDS bug fixes

Support for k8s version v1.22.0

CRD Updates

charts/osm/crds/meshconfig.yaml

Changelog

chore(release): update image version to v0.9.2 fddda930335d8c4dc7ece51f150957c1dafb0dd7 (Sneha Chhabria)

ingress: don't error if candidate group version is not available (#4007) (#4008) da4bfda2f2a6c9b06998f80a70aed983dd20411a (Shashank Ram)

chore(release): update image version to v0.9.2-rc.1 bfd9eb68a65db6ed7cf7b42a8c99bef9d82357e9 (Sneha Chhabria)

ads: add e2e for permissive-smi switching 4c999febd74037ceb83996fe6246878a5ae124e4 (Eduard Serra)

ads: change resource difference condition from superser to equals 3ecbcc2bf62c811097c015859f6cb67bb34647f8 (Eduard Serra)

test/ads: fix test flakyness f844e883b898cf69760330bb37089dec3754fab4 (Eduard Serra)

ads: fix wrong accountability of sent resources 94f62601ea3a4b50d5d01c41ae2122c2d5d31eae (Eduard Serra)

[testing] Do not send SDS on full config updates 4f919394b6e581908b24d90180654b12e0d368cb (Eduard Serra)

fix(wasm): move metrics handles to RootContext c971ed2636d0b0d76bf664fe4141a5226d9304ac (Jon Huhn)

bug-report: implement bug report tool b0ca189cfe474089734d600d06cd1ca6176e00cc (Shashank Ram)

fix(helm-chart-kubeversion-eks): Fixes Helm chart to install on EKS (#3968) 76ba75da6dff2abf47d205f87bb7cc52c37a6846 (Stefan Jokic)

catalog/route: fix missing hostnames for permissive mode 3d0585a760590316487ddffadd3f33d44888307a (Shashank Ram)

charts/osm: don't set the replicaCount with HPA 5c3f253aa62deda4989ceb9624bb18211b266091 (Shashank Ram)

ref(preset-mesh-config): Change kind of preset-mesh-config to ConfigMap bc0c3cf0081335fb527ae6402d76990b6f37caba (Sneha Chhabria)

test(e2e/restart): Set podcount to replica num 8676047697be86a0121de762de1b6f2723ffc46b (nshankar13)

re-add installtype 5465e2b13200e02826723d0e4dbe6cba61fbf659 (Sanya Kochhar)

fix merge conflict 41ac5725bb690365e089b31288ada11ba56b2433 (nshankar13)

tests(e2e): configure ports to make e2es pass on OpenShift 3957a20f7198fbf0f38ab13d060b8555b05a079c (Sanya Kochhar)

tests: make upgrade e2e pass on openshift 566427418d54826804d3b86e7af99ebdb365e8e4 (Sanya Kochhar)

tests(e2e): Create ServiceAccount for Vault (#3571) f909c4fe597fcc01791b2bfba71a53240fc732a2 (Kalya Subramanian)

test(e2e): Skip FluentBit tests on OpenShift (#3518) 3111a5a03783b0609e087829fa513329c715e581 (Kalya Subramanian)

test(e2e): Configure e2e ports for OpenShift (#3748) 5b5847c9fbece719f62b626fd57998a442d9de60 (Kalya Subramanian)

Revert "ref(preset-mesh-config): Change kind of preset-mesh-config to ConfigMap" ed16e2b4a3b6c3ccb36e6e764804a8d18e242fb6 (Shashank Ram)

ref(preset-mesh-config): Change kind of preset-mesh-config to ConfigMap 4a2b701d9847e0f8922f0ee94282ea54a0e05f85 (Sneha Chhabria)

test(e2e/http_ingress): Increase time limit 8c8123ff16b6d1486ca5ac33412f7a811981a5f7 (nshankar13)

test(e2e): Enable priv init container for OpenShift (#3480) (#3730) b15728bfb1cc9817197185a8b679951cae676b75 (Kalya Subramanian)

Source code(tar.gz)
Source code(zip)
osm-v0.9.2-darwin-amd64.tar.gz(13.19 MB)
osm-v0.9.2-darwin-amd64.zip(13.19 MB)
osm-v0.9.2-linux-amd64.tar.gz(12.53 MB)
osm-v0.9.2-linux-amd64.zip(12.52 MB)
osm-v0.9.2-windows-amd64.tar.gz(12.70 MB)
osm-v0.9.2-windows-amd64.zip(12.70 MB)
sha256sums.txt(573 bytes)
v0.9.2-rc.1(Aug 17, 2021)
Notable Changes

Changed the kind of preset-mesh-config to ConfigMap

Minor XDS bug fixes

CRD Updates

charts/osm/crds/meshconfig.yaml

Changelog

chore(release): update image version to v0.9.2-rc.1 bfd9eb68a65db6ed7cf7b42a8c99bef9d82357e9 (Sneha Chhabria)

ads: add e2e for permissive-smi switching 4c999febd74037ceb83996fe6246878a5ae124e4 (Eduard Serra)

ads: change resource difference condition from superser to equals 3ecbcc2bf62c811097c015859f6cb67bb34647f8 (Eduard Serra)

test/ads: fix test flakyness f844e883b898cf69760330bb37089dec3754fab4 (Eduard Serra)

ads: fix wrong accountability of sent resources 94f62601ea3a4b50d5d01c41ae2122c2d5d31eae (Eduard Serra)

[testing] Do not send SDS on full config updates 4f919394b6e581908b24d90180654b12e0d368cb (Eduard Serra)

fix(wasm): move metrics handles to RootContext c971ed2636d0b0d76bf664fe4141a5226d9304ac (Jon Huhn)

bug-report: implement bug report tool b0ca189cfe474089734d600d06cd1ca6176e00cc (Shashank Ram)

fix(helm-chart-kubeversion-eks): Fixes Helm chart to install on EKS (#3968) 76ba75da6dff2abf47d205f87bb7cc52c37a6846 (Stefan Jokic)

catalog/route: fix missing hostnames for permissive mode 3d0585a760590316487ddffadd3f33d44888307a (Shashank Ram)

charts/osm: don't set the replicaCount with HPA 5c3f253aa62deda4989ceb9624bb18211b266091 (Shashank Ram)

ref(preset-mesh-config): Change kind of preset-mesh-config to ConfigMap bc0c3cf0081335fb527ae6402d76990b6f37caba (Sneha Chhabria)

test(e2e/restart): Set podcount to replica num 8676047697be86a0121de762de1b6f2723ffc46b (nshankar13)

re-add installtype 5465e2b13200e02826723d0e4dbe6cba61fbf659 (Sanya Kochhar)

fix merge conflict 41ac5725bb690365e089b31288ada11ba56b2433 (nshankar13)

tests(e2e): configure ports to make e2es pass on OpenShift 3957a20f7198fbf0f38ab13d060b8555b05a079c (Sanya Kochhar)

tests: make upgrade e2e pass on openshift 566427418d54826804d3b86e7af99ebdb365e8e4 (Sanya Kochhar)

tests(e2e): Create ServiceAccount for Vault (#3571) f909c4fe597fcc01791b2bfba71a53240fc732a2 (Kalya Subramanian)

test(e2e): Skip FluentBit tests on OpenShift (#3518) 3111a5a03783b0609e087829fa513329c715e581 (Kalya Subramanian)

test(e2e): Configure e2e ports for OpenShift (#3748) 5b5847c9fbece719f62b626fd57998a442d9de60 (Kalya Subramanian)

Revert "ref(preset-mesh-config): Change kind of preset-mesh-config to ConfigMap" ed16e2b4a3b6c3ccb36e6e764804a8d18e242fb6 (Shashank Ram)

ref(preset-mesh-config): Change kind of preset-mesh-config to ConfigMap 4a2b701d9847e0f8922f0ee94282ea54a0e05f85 (Sneha Chhabria)

test(e2e/http_ingress): Increase time limit 8c8123ff16b6d1486ca5ac33412f7a811981a5f7 (nshankar13)

test(e2e): Enable priv init container for OpenShift (#3480) (#3730) b15728bfb1cc9817197185a8b679951cae676b75 (Kalya Subramanian)

Source code(tar.gz)
Source code(zip)
osm-v0.9.2-rc.1-darwin-amd64.tar.gz(13.19 MB)
osm-v0.9.2-rc.1-darwin-amd64.zip(13.19 MB)
osm-v0.9.2-rc.1-linux-amd64.tar.gz(12.53 MB)
osm-v0.9.2-rc.1-linux-amd64.zip(12.52 MB)
osm-v0.9.2-rc.1-windows-amd64.tar.gz(12.70 MB)
osm-v0.9.2-rc.1-windows-amd64.zip(12.70 MB)
sha256sums.txt(603 bytes)
v0.9.1(Jul 2, 2021)
Notable Changes

Feature flags are configurable through the MeshConfig custom resource

OSM log level is configurable through the MeshConfig custom resource

Prometheus scraping flag has been removed in favor of auto-detection by the control plane

High availability is added to OSM control plane with support for multiple replicas, autoscaling, and Pod Disruption Budget

Ability to ignore an ingress resource using a label

Support for global and pod scoped inbound port exclusions to exclude specified ports from sidecar traffic interception

Node selectors added for OSM control plane pods and demo applications

CRD Updates

charts/osm/crds/meshconfig.yaml

Changelog

chore(release): create release v0.9.1 b7f19c816b4c053f1d0e5943bd2c18a23f6ef303 (jaellio)

go module: update kind go library to 0.11.1 b6ea59ee76c14c6fe58df5f4107130216f891e91 (Eduard Serra)

chore(release): update charts and tags for v0.9.1-rc.1 0ee5371250016d1e020cc5ed9949c1584705b5f6 (jaellio)

logger: making log level configurable through meshconfig d6f0e67e11e29bc54ca1461e0054343a86a7513e (Eduard Serra)

fix(demo): remove host headers in SMI policies 2d3e68d912508c372599cff1252e35842eefbeae (Jon Huhn)

fix: patch backporting PR for meshconfig changes 8187e394f296e56697410ccd96f64adddb6de040 (jaellio)

charts/osm-rbac: add delete verb for secrets (#3570) (#3633) d2fb07a5a16a2472d3e6e23d260f82a629525126 (Kalya Subramanian)

prometheusScraping: Remove prometheus scraping flag e5abfe5b8f367ca7a1c45ba5d560df1b34c37b85 (Sneha Chhabria)

ref(*): move feature flags to meshconfig 6f7697d3e650a0a2ffd06b452d9eb091cadc5bcf (Jackie Elliott)

Add hpa to osm controller and injector (#3499) 36f8ad58ec3afc809936c52173500c4e082e9596 (Shalier Xia)

charts/osm: add pod disruption budgets for control plane e2e0879bd02c5576f8f0b559b8aa70448e73d4dd (Shashank Ram)

Backport nodeSelectors for install and demo (#3625) 09cdbc2232bd6f6b6f4331eff70bb62202586a17 (Kalya Subramanian)

ingress: support ignoring an ingress resource ef10fe2a68cdbb479e56ea697a74f86a81ba0270 (Shashank Ram)

injector: support inbound port exclusions 018908a1a460c07aac350b6ceff4913ec05914b7 (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v0.9.1-darwin-amd64.tar.gz(12.11 MB)
osm-v0.9.1-darwin-amd64.zip(12.11 MB)
osm-v0.9.1-linux-amd64.tar.gz(11.47 MB)
osm-v0.9.1-linux-amd64.zip(11.47 MB)
osm-v0.9.1-windows-amd64.tar.gz(11.63 MB)
osm-v0.9.1-windows-amd64.zip(11.63 MB)
sha256sums.txt(573 bytes)
v0.9.1-rc.1(Jun 25, 2021)
Notable Changes

Feature flags configurable through the MeshConfig

OSM log level configurable through the MeshConfig

Prometheus scraping flag removed

High performance availability added to OSM controller and injector by enabling autoscaling

Added a pod distribution budget as a high availability feature to ensure replicated OSM control plane always has a certain number of healthy replicas at a time

Ability to ignore an ingress resource

Support for inbound port exclusion

Node selectors added for OSM install and demo

CRD Updates

charts/osm/crds/meshconfig.yaml

Changelog

chore(release): update charts and tags for v0.9.1-rc.1 0ee5371250016d1e020cc5ed9949c1584705b5f6 (jaellio)

logger: making log level configurable through meshconfig d6f0e67e11e29bc54ca1461e0054343a86a7513e (Eduard Serra)

fix(demo): remove host headers in SMI policies 2d3e68d912508c372599cff1252e35842eefbeae (Jon Huhn)

fix: patch backporting PR for meshconfig changes 8187e394f296e56697410ccd96f64adddb6de040 (jaellio)

charts/osm-rbac: add delete verb for secrets (#3570) (#3633) d2fb07a5a16a2472d3e6e23d260f82a629525126 (Kalya Subramanian)

prometheusScraping: Remove prometheus scraping flag e5abfe5b8f367ca7a1c45ba5d560df1b34c37b85 (Sneha Chhabria)

ref(*): move feature flags to meshconfig 6f7697d3e650a0a2ffd06b452d9eb091cadc5bcf (Jackie Elliott)

Add hpa to osm controller and injector (#3499) 36f8ad58ec3afc809936c52173500c4e082e9596 (Shalier Xia)

charts/osm: add pod disruption budgets for control plane e2e0879bd02c5576f8f0b559b8aa70448e73d4dd (Shashank Ram)

Backport nodeSelectors for install and demo (#3625) 09cdbc2232bd6f6b6f4331eff70bb62202586a17 (Kalya Subramanian)

ingress: support ignoring an ingress resource ef10fe2a68cdbb479e56ea697a74f86a81ba0270 (Shashank Ram)

injector: support inbound port exclusions 018908a1a460c07aac350b6ceff4913ec05914b7 (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v0.9.1-rc.1-darwin-amd64.tar.gz(12.11 MB)
osm-v0.9.1-rc.1-darwin-amd64.zip(12.11 MB)
osm-v0.9.1-rc.1-linux-amd64.tar.gz(11.46 MB)
osm-v0.9.1-rc.1-linux-amd64.zip(11.47 MB)
osm-v0.9.1-rc.1-windows-amd64.tar.gz(11.63 MB)
osm-v0.9.1-rc.1-windows-amd64.zip(11.63 MB)
sha256sums.txt(603 bytes)
v0.9.0(Jun 14, 2021)
Notable Changes

Support for PodSecurityPolicies

Support for Egress traffic policies, to provide fine-grained access control of traffic destined to external services and endpoints.

MeshConfig CRD replaces osm-config ConfigMap as the configuration object.

Use --set argument list in the osm installation and upgrade CLI commands.

Envoy sidecar image is upgraded to 1.18.3

Deprecated the validating webhook as a part of configmap removal

Support for global and pod level outbound port exclusion in OSM

Support for OPA

Support for Integrating with Dapr

Enabled garbage collection of secrets created by OSM

CRD Updates

charts/osm/crds/access.yaml charts/osm/crds/httproutegroup.yaml charts/osm/crds/meshconfig.yaml charts/osm/crds/policy.yaml charts/osm/crds/specs.yaml charts/osm/crds/split.yaml charts/osm/crds/tcproute.yaml

Breaking Changes

OSM 0.9.0 does not work on OpenShift due to a garbage collection bug. (#3641)

Changelog

release: Update versions to 0.9.0 (#3589) 96498ba51205a08530b17b17d5ee0d53b005f874 (Kalya Subramanian)

fix(e2e): skip e2e_init_controller_test for noInstall 15bead677e19df6d58f832757c5020c134032e29 (nshankar13)

fix(e2e): Add default meshconfig ebf9d0f9329bea075c3f83997d4bba00554d2ce5 (nshankar13)

fix(crds/meshconfig): remove envoy image pattern (#3529) a0decfdd39512bfc32033c18533677cfc835d2be (mergify[bot])

fix(crds/meshconfig): change envoy image pattern 3b7ba8f33e4e4db8aa9359a45434d7d032f5dc74 (nshankar13)

chore(release): release v0.9.0-rc.2 ff6cd4de04e8bf833b18473a750d6461d5e4bd04 (Allen Leigh)

egress: enable egress policy by default 1cba4e324f10e4b535aa15493830b5691cfbaa98 (Shashank Ram)

tests/e2e: fix install properties in upgrade test abc3c9a335b5cf1ffbbbb29194e282d7942c44d4 (Shashank Ram)

charts/osm: allow additional root properties 3ff6648e58e16c64b3538832501e995439d5fe0b (Shashank Ram)

chore(release): release v0.9.0-rc.1 5b0a5d99e692fa0e43d2c39e4ad7cc32abc1f689 (Allen Leigh)

feat(rbac): Add Grafana and Prometheus SecurityContexts by default (#3455) 68279d44af7406c0e4c0a0fbd7a4c23014b48b75 (Kalya Subramanian)

feat(rbac): Add Jaeger SecurityContext and PSP (#3454) 24a11407b721b2d9b4f67a5142daae5b43384857 (Kalya Subramanian)

feat(multicluster): add a feature flag for osm multicluster 31665ba494317534f15562decf1dc2a3eb5cfdbe (Sneha Chhabria)

Update Envoy config to comply with 1.18.3 api cd3cf5e7389aa76b044107b690dfa34ec67585fc (Sotiris Nanopoulos)

ref(controller): GetMeshConfigJSON returns string 70e9e0a9247c6d7e326e5f0b384f8201ea148083 (Allen Leigh)

bug(test): set registry secret when necessary a8dc4c830e770032d3a58d48b63df4ee3056e2b2 (Allen Leigh)

ref(config): remove osmconfig footprint e6320d16d699e1aca87c1ec145db5f519f7185bc (Allen Leigh)

charts/osm: remove deprecated validating webhook config 5df975442ee20e2b42e7a980092865320bd091ad (Shashank Ram)

osm-controller: use fixed port number for ADS server dc9c2eca11c100d6bed19ea731179e4d76017e64 (Shashank Ram)

Make unit tests pass on Windows 9366d5af171c8db1b83a375d4bfa1f17de17f65d (Sotiris Nanopoulos)

ref(osm-controller): remove validating webhook 76c6843ce8dd04e53bd809229a331e2d93c9a619 (Allen Leigh)

feat(cli): add namespace info to mesh list cmd 1ae94c877099850ba5d42f6d07a612b24247ac9f (Johnson Shi)

chore(release): update charts and tags to v0.8.4 df3d61cd8483112a85902b6fde805884d182ed62 (Johnson Shi)

ref(pkg/*): make UnmarshalK8sServiceAccount a method on SDSCert cf2854aa1405c0e2f81dd844cf7ae4618a4bdae1 (Jackie Elliott)

ref(*): move proxy-service mapping from catalog to proxy registry 040c069c9be84d37ca67cc7ac7a98e1c7115a60b (Jon Huhn)

envoy/rds: remove colon from egress route config name f238c77f273d56e6495cbfb5c97b4f15421f7fa6 (Shashank Ram)

ref(controller): remove osmConfig struct 8d9626b3a81147bbc13b1d4b5712da01bd68f872 (Allen Leigh)

Add OSM Twitter account to community section d07923025f7742db160b7d51c8df084adace203f (Karen Chu)

ref(pkg/*): make UnmarshsalMeshService a method on SDSCert 66bc98bd3d2b9d01c997a2df6cc797ff1911e7a9 (Jackie Elliott)

Docs cleanup (#3379) 343e375073788c067af9d00168f1ebbc83894423 (Bridget Kromhout)

charts/osm: enforce stricter validations on chart values a9565421ff9f18e08111681e6aa014c27ce7afb1 (Shashank Ram)

test(pkg/kubernetes): add garbage collector unit test 49e216d5dd3b21c8061f8e9f4f697759e1da8a32 (Jackie Elliott)

ref(build): only include build date for releases e98ffbe1a200501e129080022591c38751dfdbc7 (Jon Huhn)

charts/osm: allow specifying tolerations for control plane pods 35dcd6213830bbf74ef6b7063fd5a3d03c023d8d (Shashank Ram)

feat(cli): prompt selection during osm uninstall (#3293) 5e89418649d85bfd95de36abecaa374eb41262bf (Johnson Shi)

feat(extAuthz): Add inbound external authorization 7e44ce067c88deeb1ae8f246346ccbc2b226ee04 (Eduard Serra)

xds: Verify that the ServiceAccount from the NodeID is the same as the one in the mTLS cert's CN (#3354) 26d673472ec8ebb7d9ecd27cf8e97c50da662a00 (Delyan Raychev)

feat(*): garbage collector for OSM pod secrets 1ebd472804cda4327eea5f889360e8b512461337 (Jackie Elliott)

docs/apidocs: document process to generate custom API docs e226570a48fc0a07c75b29db58ea18547afbe7fa (Shashank Ram)

feat(extAuthz): Add external authorization to meshconfig c45b4a5088d9d898cb60a48eb199ee2e134a9c3d (Eduard Serra)

osm-controller: correctly print byte array 50421f38e334297d98daddb4e8bf51fcd7cc0746 (Atharva321)

tests/e2e: add egress policy tests a498e056d6895c59169540d017562a422abcecc9 (Shashank Ram)

fix(psp): Update osm-psp capabilities (#3353) a1406f45c61051e80154274e0b76a9e62d2cf8b4 (Kalya Subramanian)

Updates Envoy to version 1.18.3 c890ea1e4da136bd4410e1aeae09835589f5a8ee (Sotiris Nanopoulos)

e2e: run all tests before merge 1a358ae4ca23592ce32b4df50eea33be9391f6b2 (Shashank Ram)

fix(MeshConfig): adding rbac for deleting meshConfig 6499bee90f2641c672889a07e5a9d215ee5e25eb (Sneha Chhabria)

Docs refactor 0138c327d43a43818976f9318c2bb3e801dc6bd2 (Bridget Kromhout)

MeshConfig: Decouple mesh upgrade from updating configmap 90ea9d2919a6cef1df135b1e52391866b923b103 (Sneha Chhabria)

github: update PR template and clarify questions 17d3db36fe428f93f76ff0e65e7785d38899be06 (Shashank Ram)

MesnConfig : update comments for types 9cc42bbfa60f4278058201287f014dd177039d87 (Sneha Chhabria)

charts/crds: allow object references as matches 3a561ea61b4831a7d976b0ce2f068fc88df63c9e (Shashank Ram)

chore(MeshConfig): Removing reduntant configMap code 5ae0fbedfa104bbcabb829380584336dac115623 (Sneha Chhabria)

feat(meshConfigCRD): Retain install configurability deba99b8c25e04c89e56c6c2eefeda07b26a037a (Sneha Chhabria)

charts/crds: use min-max port range validation instead of regex 6a00271df2d7e059978c69533d010ee2d7c44f73 (Shashank Ram)

charts/meshconfig: make port and IP range validations stricter 1b63e842577e8cdb6ecd4845caa19ac47770ffca (Shashank Ram)

egress: update comments for types and add field validation c3e2994b0a705dcb595cbe9556a3a2011e55c8bd (Shashank Ram)

Fix links and docs guide details 6db96040d5856b1044f7bc169b6987a459043943 (Bridget Kromhout)

feat(proxyResLimits): Add resource limit configurability through MeshConfig a4eff89898bb2349e9bff40e0b7e3a1b90695573 (Eduard Serra)

egress: add support for server-first TCP protocols a46563f6abe79f1dc2d27642a0cec68d49cb578d (Shashank Ram)

envoy/rds: move RDS route building pkg within rds a72bd0b71f5cedc339f2dcfbc347d11dd3c7c880 (Shashank Ram)

meshconfig: add resource limits to MeshConfig spec c20494e573b4ff96946efb62ec12ac17dfca0403 (Eduard Serra)

chore(clusterIP): replace clusterIPNone constant with k8s constant d7fb64a440ccd6460fa8cf36db364f7d2e75c0c7 (Sneha Chhabria)

fix(pkg/endpoint/providers/kube): fix GetResolvableEndpointsForService c48be3469f67e47ba587d9ef786d01bf933db002 (Sneha Chhabria)

envoy/lds: add support for egress lds configs 07ff34a68769dde9d40d39482b4433e235f0dd9d (Shashank Ram)

fix(install): Only add securityContext for PSP enabled (#3321) 911508c532a1123314a5a7be164de883c481cfda (Kalya Subramanian)

Revising PR for docs migration c25c58ef1ebb8171b84d308f992913e9b009f170 (Bridget Kromhout)

Updates docs regarding golang usage and deps 683ce08a2b5cc1f39ceac4a5e895630606b82f75 (Sotiris Nanopoulos)

fix(portExclusion) : Fix port exclusion to arry of int cdb73dbea04467eb2004e05307d4fc9aafdf14a5 (Sneha Chhabria)

feat(rbac): Add PodSecurityPolicies to helm chart (#3299) 16f5eb1c15d0c01e5b2081610ccdc0051b27b6b2 (Kalya Subramanian)

fix(test): fix type definition of outboundPortExclusionList 62fa610c9438d45368e561ad4dfda340c39fc7e6 (Allen Leigh)

envoy/cds: support TCP based egress clusters d19fd63992992eca677fe7d36a908a2e08b89b09 (Shashank Ram)

fix(cli): check mesh exists before namespace add 87eeb538cb6606b96c851c91c61dfc6f587e9cb1 (Johnson Shi)

egress: extend API for TCP and HTTPS traffic 17dc73cdaf9ead2e0b6bd26e83357f9bb51a4ea0 (Shashank Ram)

fix(build): fail Makefile docker-push targets when build fails 407a03b70aa80be8d20cc4476b63e3068aded106 (Jon Huhn)

fix(config): revert configurable fields in values e1030290b695e1e386feb814d8d91785b2df8df8 (Allen Leigh)

feat(podLevelPortExclusion): Add outbound port exclusion list at pod level 7a0ea03be381c9d8bddd67499a1bce6ae77e12db (Sneha Chhabria)

doc/fixed broken link of docs 78bf887bd67082194cc557b2339a646d404ae7c5 (aisuko)

catalog/ingress: conform to k8s prefix path type 6f9b522f0820aa036854372f850bd48f75fec477 (Shashank Ram)

feat(config): Rework on replacing osm-config with MeshConfig 9f7a7ee1f4e350f56eb95e5333075fc42c7e29e7 (Allen Leigh)

pkg/*|tests: consolidate constants for protocols 5bf613108e40259950cc24fd60b3a8d8de7ebe5f (Shashank Ram)

envoy/rds|route: build egress route config based on policies 9c6f2bbe3b392bd1ddb538faee7dc6632cc474f0 (Shashank Ram)

tests: fix fluent bit deployment flag 1753d90103ede084db7991a52cf5f47854f5038f (Shashank Ram)

update comment 31d01a834d05e9fcbf1fe5f2d1afb7c581cfeb07 (Sneha Chhabria)

addressing PR comments 719e2278e8f251b66fdb54e1a096abbf6f19fd71 (Sneha Chhabria)

fix(hostHeaders) : updating host headers configuration on envoy 5f7e1a5a6d5687d666453d61e7e1f2771a06d3a8 (Sneha Chhabria)

fix: cleanup bugs from PR to move envoy proxy image 077173dd4f6967a77536857acc920f08265886cd (Jackie Elliott)

envoy/route: un-export package local variables 2c751501f5013ec96b548f76eb8ef2701fd58d13 (Shashank Ram)

envoy/cds: build clusters based on egress cluster configs 1ba65aacdf2de1e05afb3bb166f5748c16d76d78 (Shashank Ram)

egress policy: add feature flag 8a041aa5f80bd26b14d1609bcaf78cc6764fe6ca (Shashank Ram)

ref(pkg/*): move envoy init container image to OSM's ConfigMap dbbeff82c4da379fbb1fd4d42fb2f09e967365b5 (Jackie Elliott)

feat(cli/install): remove install cmd cli flags bff18e72c702478ee588433547d80b17240d8e83 (Cizer Pereira)

Revert "feat(config): replace osm-config with MeshConfig" df87b020ac4cc0b87abfe3bea372e498c1871d02 (Allen Leigh)

feat(config): replace osm-config with MeshConfig 98bdecaa31c4036f1c190bf48ed13a70dc2c3b42 (Allen Leigh)

(feat) add initContainer to osm-controller f063ecec0b213bb7d6e6acfb55f7c716133f2658 (Allen Leigh)

charts/osm: add param for feature flags 200668e6671de9cddc4412120f7c5056edfb8dea (Shashank Ram)

egress/catalog: implement egress traffic policy e94658969e5979dec418329cb10f52d4bd682608 (Shashank Ram)

feat(portExclusion): adding outbound port exclusion list to osm 9abebce24d8bf57217d1a4cb9a68a038a80ccff0 (Sneha Chhabria)

docs: Inline TrafficSplit in Manula Demo (#3224) 7cf857bd9bcef22b7ecf97290e56febd4c7e9957 (Delyan Raychev)

docs: Verbose kubectl commands to get k8s deployments etc for Manual Demo (#3225) 4a49bc944ee09e08bd7a10991faea5a7701ca3f5 (Delyan Raychev)

rds: ensure fulfillment of requested rds resources a7b2777d1f5cd0d13db390a102d8f7d3935af4e9 (edu)

ads: do not handle empty URI 6df7f15f33a33e5456e594ce13b1a1c8ac7a4169 (edu)

docs: correct minimum supported k8s version b55e582a496a15052b70f7dca138899727d163be (Shashank Ram)

docs(install): Document how to install and uninstall with Helm (#2834) 6d37dde2a0b3e5d44c788f6ba1079f0f0fee1e1f (Kalya Subramanian)

egress/v1alpha1: add types and API stub in catalog e91f5a4fe1c09e849013ddd3e893e1a5305acfc2 (Shashank Ram)

ref(pkg/*): move envoy proxy image to OSM's ConfigMap 00392f9e09414c3cea9fb9898b30745b8f505def (Jackie Elliott)

fix(maestro): timeout when no logs are written 380fc6ad05c1209c5aea28de99ecddcbef36b2d4 (Jon Huhn)

envoy/cds: remove refs to cluster code 148487c93adb31b0a601669e725d521b810b2ac7 (Adithya Krishna)

ref(catalog): remove GetMeshSpec from MeshCataloger 9d30b309fafa04b0e04840fdecad9a27bec4f837 (Jon Huhn)

docs: Inline Deployments for Manual Demo (#3226) 136d902c61b6c0fc2d4eb98215fe3aff0d0e73f7 (Delyan Raychev)

ads: fix reconnection of envoy fa74781e3b15ea84fe1c0e340b8f268ce700b37a (edu)

(feat) add initContainer to osm-controller eb2c7f78060a064656372663717fc9a6bea69327 (Allen Leigh)

Add SMI CRD checker so that users know when they're missing a necessary SMI CRD (#3191) bc9781138a222850b7518de7632d829d87b172fa (Shalier Xia)

fix(install): Adds hostaccess SCC when fluentbit is enabled on OpenShift (#3231) 0ca5033cf090bbed161f1d7d357bd13c21b2518c (Kalya Subramanian)

feat(cli): show supported smi for osm mesh list 7ce8769f77d2750fd05c6d5d05a2ef347e9c4c34 (Johnson Shi)

Revert "(feat) add initContainer to osm-controller" 821c5a88060ccc1c93d60a829de6200c380080c5 (Allen Leigh)

(feat) add initContainer to osm-controller 101896ccd7ad0707df6b6b2923a8e40c755a9f70 (Allen Leigh)

configure inbound and outbound routes for policies with host headers 06669f530062996c569117e8ab58ce775ac1033c (Sneha Chhabria)

ads: Fix/address wildacrd comments and documentation in ADS code ee18cbd6cbde1f69354033b7a4f6e7d96a33f9d0 (edu)

smi/client: warn if requested resource is not monitored 14be3b1448eb1986fbcef6071e18295f27a0f5eb (Shashank Ram)

smi: add api to retrieve HTTPRouteGroup by its name 90268e79bcb6bd27816b5b5a792695c060bdde1e (Shashank Ram)

ads: Add resource response validation 7a0a261bcb9cb56a2f91f9243d6aa09e852f9b59 (edu)

rds: send always inbound/outbound resources 822f039a74373f9c4ffe92c1ea6a9d9cf44a0a9b (edu)

ref(pkg/*): rename GetServicesFromEnvoyCertificate 3a8d8119b0b7952e02cf96f3ea078406d021698d (Jackie Elliott)

response: missing record of sent resources c711df02df63a61eef4f646217738bb048d9fbc5 (edu)

docs: Update the Deploy Applications section of the OSM Manual Demo document (#3013) 606b7dca9e1ce4260935853f389d757f208ebfda (Delyan Raychev)

sds: Factor out new function getServiceIdentitiesFromCert() (#3219) c576683445051b3d5069d96c2c4ef5998e4fd349 (Delyan Raychev)

test(openshift): Tests traffic target on OpenShift (#3205) 668153801ea3fe214dbb1930462aa21e42855027 (Kalya Subramanian)

style(crd): change MeshConfig fields to camelCase c0de988e82c5de275afb55876266019c38b1b461 (Allen Leigh)

charts/crds: add CRD for egress policy API 0430a1e7c090667e9bbe58d650915737ce3e1751 (Shashank Ram)

policy/client: add k8s client for the policy API e1c784593fdde251d7622f81af6bb0384ecb4c53 (Shashank Ram)

xDS: address some xDS issues f4c78a99e25df083c144919569298278de9b52fc (edu)

docs(demo): add line to OSM automated demo docs 2ba1951abcc9262bb0a13de0f0c22d4a736a6aa1 (Jackie Elliott)

correct spelling of interaction 80bc17b72c0713560c6c50fbcd398ca2ee5d7c4a (Tim Bertenshaw)

stream: move the xDS decision making/proto to a separate function 6e31b7a153e2543ebbb07549f882373da3056405 (edu)

egress/api: add ipAddresses field to match TCP based traffic f176b76e9e36c8ff90105eb4fe363e76d83e2d10 (Shashank Ram)

chore(release): updating charts and tags to version v0.8.3 aa5ca8fc6431499eb8d8a7e7700d813ddc060e40 (Sneha Chhabria)

e2e: Fix resource consumption of Prometheus d82c013982e7a6fe93bd912de12eda0408f0c25d (edu)

tests/e2e: disable test to unblock CI eac7d3d88ae4eaeca13282dfc52308d4a55cce12 (Shashank Ram)

Migration path for Service Identity (#3170) 06e70ae096c45c491a01fc4d0c490dcc27d00a21 (Delyan Raychev)

pkg/gen|apis: introduce egress.policy.openservicemesh.io api 275c946771daf8e0177c36cc1dabf57c887c829a (Shashank Ram)

fix(cli): print namespace and mesh for commands b9100b36bf9e69c87a96b43bbfd6b52bd066ab05 (Johnson Shi)

update envoy to 1.17.2 e878605e17d9de200bca46c41af0704df894bbe0 (Sneha Chhabria)

catalog/ingress: Fix a tiny typo in a comment (#3183) d68c1a173397fa4127b25dfb1f78e320c3545084 (Delyan Raychev)

proxy: consolidate proxy functions to use self pointer 7021442444551960889b1e608d7a2f6a2bc58581 (edu)

catalog: Rename ListAllowedOutboundServiceAccounts to ListAllowedOutboundServiceIdentities (#3178) 21c10bac0fe6d463911f28a598621e16bd69fea4 (Delyan Raychev)

Moving the location of MeshService.String() 57c753c80b4d4f1f06f458e8072a49cad6210be7 (Delyan Raychev)

identity: Adding K8sServiceAccount.ToServiceIdentity() and ServiceIdentity.ToK8sServiceAccount() (#3179) 012e2f943fc2db3e9797a5cab4201ecba49df4ed (Delyan Raychev)

catalog: Rename ListServiceAccountsForService to ListServiceIdentitiesForService (#3180) 229d754cc6df57f3aedbed5a689bec4e1091cfb0 (Delyan Raychev)

ads: Convert sendResponse to a variadic function; Simplify job dispatch (#3156) 7e0a768263ab2b46094bc9f525e81908f82147d4 (Delyan Raychev)

catalog: Rename ListAllowedInboundServiceAccounts to ListAllowedInboundServiceIdentities (#3176) 35b6df2fb0feab28630e534773c6b64698b217b0 (Delyan Raychev)

feat(cmd/cli): add --delete-namespace flag to osm mesh uninstall (#3165) cc458758f817a34d7b7d1d90806c3df8d90267fd (Delyan Raychev)

prometheus: add deployment resource values to values.yaml 491e6e77e0c7e99456ce7ce842b1e5a41c87177c (edu)

smi/client: remove unnecessary prefix in log message 85c05f65225aca2cf21686a0e7a484bc759ac44e (Shashank Ram)

smi/client: un-export internal pkg type ae80d6088bda681a6bdf3689f21bbf1324cf6307 (Shashank Ram)

scale: fix missing values.yaml path override 8bebe7eec9ef76b20d2db53cb9494430b19493e4 (edu)

Removing unnecessary .String() (#3159) e881e89f1ec9b17a1151879342b46b6aea974b2b (Delyan Raychev)

charts/crd: fix scope of meshconfig CRD 84d7db0588f62dcd0c22f3f838436a66f3ac03d7 (Shashank Ram)

docs(ingress): Gloo Edge Ingress Demo 077f719efa2eb49018fc3d20349ef7813ce637e7 (nshankar13)

[RFC] Replacing empty slice literals with nil slice declarations (#3161) 7e5ef496d5416466320dfc09d952beedd08599c6 (Delyan Raychev)

Updating meeting details f5e699504dd59140e8f2c477d4dc0b87157fd911 (Bridget Kromhout)

add CrdClient handling MeshConfig event 62df1a6d887f37018c9b9e42e8dbac333dffb633 (Allen Leigh)

Delete service.K8sServiceAccount (#3155) 8637c9f54e5b694b62718d721ca220bb62032cd4 (Delyan Raychev)

Change import of K8sServiceAccount from pkg/service to pkg/identity (#3154) 146c7a7711bfcc5f1718c37f2e820e4dd59e5f4e (Delyan Raychev)

Copy K8sServiceAccount from pkg/service to pkg/identity (#3153) 2c6ee3688b63c2ec4c9ce36cd190f771e4a3ecf8 (Delyan Raychev)

docs(health): clarify exec probe behavior cf4d12e85118dc32d59b40733c69783b51ac4afa (Jon Huhn)

dispatcher: Removing unnecessary .String() (#3158) 37b48f821b462abebf549b7bebd6df6c83294ddc (Delyan Raychev)

dispatcher: Remove unnecessary comment; rename variabl for correctness (#3157) 27ad3a51b8553c434ee7b557d406753ad85be82d (Delyan Raychev)

catalog: Remove ListEndpointsForService from MeshCataloger interface (#3113) 504263463321b7462b3feba9011f3c87ad229f74 (Delyan Raychev)

catalog: Remove GetServicesForServiceAccount from MeshCataloger interface (#3115) ee58cb9bae7bbb25d68aca59b966bf8c2efc5ba9 (Delyan Raychev)

envoy: Refactor sendResponse to increase readability (#3125) 7c00895899c47e25f45248008619b65b6bf35c0e (Delyan Raychev)

docs/ingress: add v1 ingress resource to the demo 53e51cab385cb9c1448e029a636fe0ae41c789d2 (Shashank Ram)

cli: Set OSM Controller log level on install (#2638) 04e7d309adb30cf5d34e2cac613ff4a82a03d3e0 (Delyan Raychev)

e2e/scale: update test install values 0b45a7652aaf2c42a62558d174155224f653d950 (edu)

ref(catalog): factor out proxy registry functionality 155dc6c359cbf633c585c8f6d15aeeff6f599897 (Jon Huhn)

docs/ingress: document path matching semantics 424ad44def7b1aaf8c1febe80c44856b8df347cc (Shashank Ram)

updating merge logic for inbound and outbound traffic policies b973ce62d6385bedf962574eaf5c1b9144cc7517 (Sneha Chhabria)

add configurable upper bound to envoy connections and add as flag to configmap (#3076) 99f800f73c210be6fb9b8fcb105af9407490e8d7 (Shalier Xia)

configurator: fixes for configurator event listener 8699f548496f16ee81375c450770395ad3cf581b (edu)

fix(pkg/catalog): wildcard path and/or method in http route when not specified 32e18d7feed9ad28165e10517be6826bc0e85775 (Sneha Chhabria)

feat(cli): show osm version for osm mesh list 69699fd7bddf1ecc53d00cbc41e6f4c98fedc18a (Johnson Shi)

envoy/ingress: use a separate route config for ingress d07b498d72d3d901ba8020461bc84d160824eecf (Shashank Ram)

chore(docs): promote health probe docs b300127aa4782428c4e13bbeb997bc30f5e8abcd (Jon Huhn)

scale: disallow scraping envoy proxies at scale aaf1d7e4d4f9059590bbf3d345671c298e0a6800 (edu)

docs(ingress): Add Azure Application Gateway ingress demo 9bda1829af4d35e780475d5ef971a6570e8cec0a (nshankar13)

docs: Update Prerequisites section of OSM Manual Demo document (#3010) 0e574844ea06224c34e85d14cd2681123f1b0f67 (Delyan Raychev)

e2e/common: add controlPlaneOnly option for log collection 5545933f831ccba991b3daed6498115f68cee5d5 (edu)

Removing ListSMIPolicies() and ListMonitoredNamespaces() from MeshCataloger interface (#3109) 707593c3a291ec9ac4a3e92836d8776cb3d84ce3 (Delyan Raychev)

feat(injector): modify tcpSocket health probes 5ffdc28af1a6abc01471fc680f4589f952313905 (Jon Huhn)

ads: sendResponse to workequeue/jobs af4dd8973263cba61122c7dfd1e5780686d822e3 (edu)

e2e: fix ginkgo panic recoveries a22e3635d505993cef55ca59f6a9dac8493b12cf (edu)

docs/ingress: document api version compatibility bd9345d562d86e7ff74762f56fae3965899dc7bf (Shashank Ram)

feat(osm-config): osm config go types and client af2425c0df6df4fb24f45745a8e887a71d0f029a (Shashank Ram)

chore(ci): golangci-link skip checking pkg/gen 50ee04ad2ece43f9ca05ba20a01e6bcbc751f1d8 (Allen Leigh)

feat(osm/Chart.yaml): Pre-install check version 3cce2b44500b0a59dd77d17b368b51270402700f (nshankar13)

charts/osm: move osmconfig CRD to CRD specific folder 10a6daf3db78f6fddb3b8da7a4a6a4cb4b4e8f48 (Shashank Ram)

docs/ingress: consolidate newer wip doc into actual doc 2aa643023ce410bcad9f763b55b9786a2ca61e63 (Shashank Ram)

codegen: script & tooling to autogenerte Go client code for CRDs 5d5b6dcdcc80435bb4b4ca0166db5acbed48108a (Shashank Ram)

ingress: discover supported API versions 9e0c64c1dcde6408c885ed47018fb57de8018e95 (Shashank Ram)

add objectSelector for VWH so that it only looks at OSM labelled configmaps and overlooks other configmaps in the osm-system namespace 36bf557d5f82180f445e39c533a93dadcb855562 (Shalier Xia)

style(pkg/envoy/route/route_config): Convert to mapset 6f0028336922fa3da55f0b0ba693380ee240475c (nshankar13)

fix(injector): Add config to handle non-HTTP health probes 12cf76d6703d655a7fc1c14a9c54b9caed4c9caf (Jon Huhn)

feat(configuration): add OsmConfig CRD 726aa9da365c8ee0ccc9028b6f570e2099d022fb (Allen Leigh)

feat(cli): change uninstall cmd to match install 3db967a765b914c56b59b210b1c74dff1c235253 (Johnson Shi)

ingress: dynamically initialize versioned ingress clients 1c9c886f9896e1f9800ab3d8b4b1164fb53a6561 (Shashank Ram)

style(pkg/envoy/route/rbac_test.go): Convert to mapset cee062adeb076be6047044036f634a206217a72f (nshankar13)

add test for getFileAccessLog() f84eb2e59dc531b2f20002c7254c44bb9a3331ac (Shalier Xia)

kubernetes/util: add helper to retrieve k8s server version c114c27680a7279a2471cf930e41d99aa9b9e130 (Shashank Ram)

style(pkg/envoy/route/route_config_test.go): Convert to mapset 0fceb3c1ad3351980b8a6f90aac4200fe23999dc (nshankar13)

configurator: fix race and wrong input 6466532d112ebec6fce8ab2329fe651e210c05f3 (edu)

fix(control-plane): fix the context in the StreamAggregatedResource (#3048) e806981366dce5354c7495267a6a28a13debe4c8 (storyicon)

style(pkg/trafficpolicy): Convert to mapset 05400b991c8a4a9914a898e4f9cf80451b6035a1 (nshankar13)

style(pkg/trafficploicy/trafficpolicy_test.go): Convert to mapset 086d8ba2947fe3f922889998afd27189d442b1b4 (nshankar13)

fix VWH TestCheckDefaultFields() and TestValidateFields() c50ac08f1f417da6e7105527119cf37e3e85c831 (Shalier Xia)

rds: Alias deckarep/golang-set to mapset (#3073) 52e05df63726d23835d2cc1e89e84f1237ad6d44 (Delyan Raychev)

ingress: adds support for ingress v1 e62cbf7e0bf5320e2b0a0045b7d04734c95876a4 (Shashank Ram)

ingress: prepare for supporting multiple ingress versions bb2034d1870bf428e1db9e98f9df4b963fac365c (Shashank Ram)

ads: change xDS path responses to generic interface 23a38c20d558c0e499b528af5c08d02195cb5271 (edu)

Add test for Server.GetXDSLog() 92b97fdb14719785247fdc2277f2443380f6bd67 (Shalier Xia)

Update onboard_services.md 72ba502bb38ed5fb0a804c07fb92147aa867103c (Roberth Strand)

doc: Updating the Installing OSM on Kubernetes section of the Manual Demo document (#3012) cf52c25f5108355e9ca1fc02f2f38a4fad448ea5 (Delyan Raychev)

feat(chart): add post-delete cleanup hook f7ed8fef5212c06daec690ba0fa43bdc84d4a49f (Jon Huhn)

Create new WIP ingress doc 89fc40a88856077ca65529dc8b4994c71a5702df (nshankar13)

configurator: Add event trigger routine test e3543d5fa961024949ecd90dc051f5f47091e4dd (edu)

config: add prometheus_scraping flag for reconfig a846faa09c4eef2671fff37e183b8b4bbccda175 (edu)

chore(*): add app labels to all OSM resources e3d44e130a2c6f4cf4d4bdcd105a95e008e7498a (Jon Huhn)

catalog/ingress: remove unnecessary escaping in raw string 1bf643964add033f9be6385408a47f972fd4fa36 (Shashank Ram)

ingress: add support Exact, Prefix & ImplementationSpecific path matching 08cc265a972dc535f0b82f9aa2c5ca8324b42709 (Shashank Ram)

ref(docs): update uninstall guide (#3003) d5bf349ad4d4b5be154c438f5bb679b0b3678bde (Michelle Noorali)

trafficpolicy: extend HTTPRouteMatch to prefix and exact path matching ad385eba31d4d10a37cb2ba2c9b8a264ec01c296 (Shashank Ram)

envoy/route: improve test for buildRoute() 5b5d4414468bbad4c5e47442d72445d7e40f0da4 (Shashank Ram)

Fix typos in manual demo ac81cbcf417e51e5f3ed0e457d5ba2fac3837fa9 (nshankar13)

go: update go dependencies to use client-go v0.20.x 9d4b3bd547711f5001158721c41fb1ad171718eb (Shashank Ram)

catalog: fix flaky test relying on ordering 906d2e78762987abf2a10c1cb643a2aa6e3abaf5 (Shashank Ram)

docs(health): add app health probe doc 1bfa1b61d1992ca043386be64390abf581c61f10 (Jon Huhn)

fix name of webhook in reconciler 7ca85770b3815d0af0c3d45ba93a4b612466bf93 (Sneha Chhabria)

fix(docs/content): fix yaml indentation in tracing.md e74e225fecebf841219bbc082fb2d4560c48e547 (Sanya Kochhar)

add test to Liveness() and Readiness() e35f5fd8b6a634441f36d9471a86137efd39a8d1 (Shalier Xia)

Add test to GetAccessLog() 86554f0bcff018687064b465c6414032990b5e95 (Shalier Xia)

charts/osm: add schema for injector and fix podLabels schema 6c3c4a903e38ce0f4e65c64a944c5f5d03d09544 (Shashank Ram)

docs(tracing): augment Jaeger docs 360e7ab3b09195936ff147b83328ed3d53d5406e (Sanya Kochhar)

contributing: clarify merge method 235e9225312b709a19be7dca45b1b8669ddd6ea8 (Shashank Ram)

Update to admissionregistration.k8s.io/v1 ebeacf26a8041432e6f30db9a2e2c9f8bc04d04d (Shashank Ram)

fix(cli): note ignored namespaces in "osm namespace list" adff0b86d0c2459b9c3f257dcb57575a3d1bfb78 (Jon Huhn)

correct typo 1fcdc0af93440785e12c690e659b0420e46c8993 (timbo)

feat(charts/osm): add podLabels to osm pods 04780f07b8e094a4bc921ef6f9674ecdeb74c9ae (Rita Zhang)

ref(docs): rm empty patterns directory (#3015) bca7e288ca9932a11ecb8d191f70effa044481e0 (Michelle Noorali)

Manual guide for Prometheus and Grafana deployment 1106e82cbd7b8391e8e7ea7314000ff6e9c9346c (edu)

e2e: Increase verification time for restart test, adds time checks 75dbedb3dd3263ad83e82a42289b584d1a170fac (edu)

validatingWebhook: Add duration validation for config_resync_interval 23051b189d621cccbd0851a377b678db3ea68722 (edu)

docs/manifests: Cleanup client services - not needed in v0.8.2 (#3008) 9cd4e34e30d6cd5a485ecca031f5b6c2d946ec87 (Delyan Raychev)

envoy/lds: update stat prefix for network RBAC a0ca3c472051b2c6d156767a7ef79cda30f4df40 (Shashank Ram)

docs: Update the download and install section of the OSM Manual Demo document (#3011) e51a881dd4fe8691fb1cc936957cb70a0c015ac3 (Delyan Raychev)

add configmap doc and tsg and create osm mesh upgrade tsg Signed-off-by: Shalier Xia [email protected] ff8eb4d8a4b3d836d2c069146174e2929f156a20 (Shalier Xia)

e2e: Make a namespace for ingress nginx 6a291af60f4ba9e136f8d101f24c97438444fbce (edu)

docs: Change links in docs to release-v0.8/ vs main/ (versioned docs) (#3007) 41ba71255a0b0955279ac4217a19ddfb1cdd2829 (Delyan Raychev)

catalog: simplify inbound route for permissive mode b3352737ffeceea4103d152dea80c18553ca81b8 (Shashank Ram)

envoy/lds: make stat prefix for egress consistent 93a4ba197c6accf34aa11f14a9b84f55a4547243 (Shashank Ram)

envoy/lds: fix stat prefix for tcp-proxy filters 1f10701f9a07e483b2c48f592b8aa9dd22ca1bd3 (Shashank Ram)

Fix Log line on handler d71397dfc915b4d05a8f588d568347e38b74ab1d (edu)

docs(metrics): simplify Grafana TSG data source check 3cf03967777113f9184191f23a3062dc6d7e61af (Jon Huhn)

test(pkg/kubernetes): add EventType.String() test 95b25bb450dc761419f926d532816284eef7cae4 (Johnson Shi)

test(pkg/envoy/ads): add test for GetID() ac9d5d5f6457a6c0b107327334f0419da5c5c1db (Johnson Shi)

test(pkg/envoy): add test for TypeURI.String() f0a350f4d0463fff925c0a65ff41b0dada7b8aa8 (Johnson Shi)

configurator: add test for invalid IP range format 2a79b30fe3626032f76ba1d47dcfbf2241b17822 (Shashank Ram)

test(pkg/envoy): add test for pbStringValue() (#2987) 9466bbdbefc079a9f72c1f37e7b15b27b65b4197 (Shalier Xia)

docs(metrics): add Grafana troubleshooting e360bedf966ae5aad27dc4d9adc9a32070e53c92 (Jon Huhn)

rds: use consistent naming style for config name 6a40f0880c6674ee2fb4765aad3618b2f3080444 (Shashank Ram)

envoy/lds: improve http stat prefix dcfe7c85d9bfa51af726cf2ccb3f4b54f3f6aa7c (Shashank Ram)

envoy/lds: use constants directly and update stat prefix f65ce7898aea695831d175398b4992bb31aa0733 (Shashank Ram)

chore(release): update versions in main 5be60606c1ff23bb75ff5a192aec8a4753e30dc8 (Sanya Kochhar)

pkg/envoy: Changed ServiceAccount field from type string to type service.K8sServiceAccount c7c31fb64a3ec9f9f95b2dc5da602516a1a8793e (sheetalsingala)

docs(metrics): add Prometheus demo and TSG c6071a6eeaa8370910b12c1098ef29a897a6e9a5 (Jon Huhn)

docs: document potential container startup issues 08894a1c3f8ffde2a8664f5fe3c3d5d7f40f70ad (Shashank Ram)

Scale: update for 0.8 bef388e325e1b8558b8ce28a0a8f12f0593ae6f1 (edu)

add test for UnmarshalSDSCert 374849a03d78a96032f47cd299bb970e2f8371d9 (Shalier Xia)

envoy: optimize SDS secrets per proxy 68082eb38148783e57f2abad375ad7e33c4f7561 (Shashank Ram)

ticker: Add config hooks to start/stop ticker edc0354e3d2c9e1a05cf8a94a91dd7ff988ac020 (edu)

add automerge-squash label 241a7f68946338f814f3314a4dd02a2ffa9dc781 (Shalier Xia)

add documentation for automerge and removed redundant rebase rule for automerge 68e2e481f23426ec3247b3c81d6c5b48f77a04b6 (Shalier Xia)

cfgmap: add ticker config 45cc1c3616cfbe9333e9dcbbc70bef3e9f3d2ae8 (edu)

contributing guide: add section for docs ef11e8249a4b99ed60f6a611f8dd11b4bda34a51 (Shashank Ram)

ref(docs/observability): updated observability docs (#2956) 3846cc3ee1f1ae8fc5bdbd4084d8d02ac6f1089a (Michelle Noorali)

ref(docs): updates for ns monitoring doc 1b8c6614e16e4ff505601cc5fdcfc438498c17ad (Michelle Noorali)

docs/troubleshooting: add iptables doc 95c6da322719ce168325334d11a56512aebebff2 (Shashank Ram)

fix(ci): fix missing paren dfb7b0ab706bf8534057a6ad022207a00fe62051 (Jon Huhn)

docs: use relative paths for internal links d099480429ead287d21bd9c5ec2783ccf3423596 (Shashank Ram)

feat(ci): push images for each push to release branches ed870c3852692f75aadc21253952edad33d08cc3 (Jon Huhn)

Fixed the broken link of the design document a89bf89e6af38b37a2f025da41c5377dccaf84be (aisuko)

envoy: correctly set downstream root cert names 9bf07c276c21537774db0ca44a6001891aad07ab (Shashank Ram)

xds: handle wildcard TypeURI 0d38e38794b22a9cb64bf5c589c40a6684b0e1fd (edu)

e2e: proper e2e test restart tracking d69dab99ffee388728cc0d1f501d01cda00cae3e (edu)

ref(*): update osm namespace add description d1d23569ae1d9a70700851e3eb55e9fed5d1d6c7 (Michelle Noorali)

ref(docs): mv observability to tasks_usage/ 51ff0b742ff5341dc79120400fb0819bd3ea3df6 (Michelle Noorali)

docs(health): add health probe doc 9f5b163dcf44ba116a4fa886f317a650f1e15363 (Jon Huhn)

envoy/ads: program upsteam's service cert when making all secrets 351db1b3a52670adf9007f5ea2415a594e084ab0 (Shashank Ram)

docs(*): add osm namespace monitoring doc f6afe35329c92c864a7d41765ccd7d067f09f032 (Michelle Noorali)

pkg/ticker: reintroduce ticker concept 3708c41bbb8749d00101d4aaaf65b609bf4d3f87 (edu)

docs/traffic_management: iptables redirection 04a3ebeddaad916497f369a263beb5f1668bfc62 (Shashank Ram)

Fixed tag order in release-notes.sh a018398469b491e37c08214828a7498e561fd75c (nshankar13)

chore(release): fix typo and text wrapping in release guide d823b450ac23c3bfd86e29973df57395cfe5d50a (Sanya Kochhar)

Revert "envoy: wait indefinitely on TLS secrets" 93afc22790b0e7e2386fce6e4c78b6949d7636b2 (Shashank Ram)

Create release_pull_request_template.md 5b1dfbbae951a7ae14dc1ea97133371380fc6c32 (Sanya Kochhar)

Add rebase for automerge and added comments explaining each condition d5499d611dc9faa4ad851955ea5ca3d5f1b473f8 (Shalier Xia)

chore(charts/): update crds to apiextensions v1 eccd4035ef975c0da384f00057c06111a93da303 (Michelle Noorali)

charts/osm: fix label on injector's mutating webhook b10e24a341f92425612116d77534b0ec14c1bfac (Shashank Ram)

docs(release): Update version dropdown for docs site f266e39bf445ed82e2c17eb2173d7c3bda307a3d (Sanya Kochhar)

fix(release): fix release title bug 679274835f7b6e9d783f5ecbdd9d42aa978a2fe0 (Sanya Kochhar)

doc: Adding a new simple demo - first steps (#2907) 300ac62512891eb4c3fd9e5cfc4b747b795b3a2b (Delyan Raychev)

chore(release): update versions for v0.8 in main 053914ac158d8435ae377ff6dd4d9b9a8ffaa34c (Sanya Kochhar)

docs(vm): Remove docs for onboarding virtual machines (#2906) 4a92f4a396af68195477242dd700a63820d28716 (Kalya Subramanian)

pulling back mergify to fix merge action re-run Signed-off-by: Shalier Xia [email protected] b63ad5c05440e08b1b00c3171320eeb6176be1f9 (Shalier Xia)

docs/troubleshooting: add guide for egress b5fef57c43ef8780a317f922393f27f5bc9c9ba4 (Shashank Ram)

docs/tasks_usage: alias docs to render correctly on website a8e300f87c9377e40790cd1f9ec7c6150af93fe8 (Shashank Ram)

docs/egress: document demo and envoy config bc47bfc1694db393eccdd22366a5382a280f8d37 (Shashank Ram)

docs: Remove links to automated demo 5305bbff7cb40192d0527fbbe0086ed3b80bed14 (Delyan Raychev)

fix(e2e): fix HTTP ingress e2e on non-kind bce3b82732490e88d7e31b7d81e898eff5d8ec8e (Jon Huhn)

docs/task_usage: consolidate traffic related documentation 6838baf646cf9266ed2a013cbe0d7e55becb7a30 (Shashank Ram)

Mergify yaml for autorebase and automerge added DCO and netlify checks change label from rebase to autorebase ce1a1bf6fe4976e1be12ac0a0258ef1cc6ff623f (Shalier Xia)

docs(ingress): Document how to install nginx ingress controller (#2829) 77dd57dadb095ac8516c6fc4abce75523e71ecca (Kalya Subramanian)

ref(pkg/catalog): split routes file 3c27c1cdaaffb603bd8c630825cb76a9ac763761 (Michelle Noorali)

docs/troubleshooting: add guide for permissive mode 84b157ef028c9d57de0ed135beb4635d97f6b8c2 (Shashank Ram)

remove unnecessary newline 9a8e7705c9addef55b2fcf04d6283eecc3e28795 (Michelle Noorali)

ref(pkg): update NewRouteWeightedClusters method 265b5abf6cc36219676437ddb13a18a6d4caabbd (Michelle Noorali)

add coverage for GetIP 4f37545d8d23b6790137d4449214be6c2345f3c8 (Shalier Xia)

Fix another broken link fe3aa2d995e6b579ed3ec44de13bc2c80ddba82c (Sanya Kochhar)

docs(readme): update supported SMI table 9dba97973e6f391be6f8f60584ce3d1609d49002 (Jon Huhn)

Update link 327f5bc3d7933a0f24156433386fa561fbdd48da (Sanya Kochhar)

Fixing link for website 480fa26b4be789e9cd52622d48a3ca31125319a6 (Sanya Kochhar)

docs/wip/traffic: document permissive traffic policy mode 11fb7f3dfdafa2c35ba0591c6eea17e6e0365667 (Shashank Ram)

Fix broken link 538ee1771a9a24e56c0a9454bb9ca042281652eb (Sanya Kochhar)

docs(envoy): Document ports used by envoy (#2825) 82a463980d92505df483910d667351190442371c (Kalya Subramanian)

xds_cert: Fix walk on map b06a2914ff315d5534ca32a994e0914ea1cf9636 (edu)

tests(pkg/configurator): refactor to use stdlib + testify 96b593fa38f05ebba4ed65ca40157dd94ff4add0 (Jon Huhn)

charts/osm: remove osm-config ConfigMap validation for CREATE 4df9e3b6e367839e08368a028a9417607ee956a5 (Shashank Ram)

Remove error messages from verify-go-version command be11e6e3b710800716aef2e885a3e7253952981b (Abhilash Gnan)

envoy/lds: add unit test for outbound TCP filter chain 9968199f4225db0aefcfa0eafd6f57965952410f (Shashank Ram)

Fix error messages when checking go version fb7744849f8f8c32699c62df948fa67878f60ff3 (Abhilash Gnan)

ADS: Refactor, generalize sendAllResponses to accomodate any TypeURI 0c68a4f3d224f6036bd9aa6875f273f2a22f7e59 (edu)

Move e2e log level to trace 0eeacf2bd4f1c43cba81612e05976e977e08c060 (edu)

Add demo checkbox to pull request template (#2830) 8004e656c611dababe4492453ee70ea9c73d2bc1 (Kalya Subramanian)

Add demo checkbox to issue templates (#2831) 06b4c5c92421c3ca10686cefa5d55e72adac42cd (Kalya Subramanian)

ref(docs): rm ns yaml from manual demo manifests e358a7211b9b9f315b98ed94e645753dee51056e (Michelle Noorali)

feat(charts/osm): add os and arch node selectors 90303e7e68f0b3dba6e4e8b03d2d18230ed67f10 (Michelle Noorali)

docs(demo): add cleanup steps to manual demo 0e89369e74d23f7cb6afc341df11018fa78986ca (Jon Huhn)

envoy/ads: log the request with an empty TypeUrl 94031bd1a01fc33f8df76d83c2b951abf0aeb644 (Shashank Ram)

add to unit test for GetLastSentNonce() 4ae5021d07673d556167c3cd4884d67ef8a0b710 (Shalier Xia)

docs(demo): clarify installing optional components de389b3a4d4e4535ece852faa473c209f19b792d (Jon Huhn)

fix(e2e): fix HTTP ingress test when OSM is installed outside osm-system 4b6f1407df651851191c84b7413a1148f70bbd42 (Jon Huhn)

fix(demo): update relative link in manual demo e1f788db74f929cf2320695ae99d55520472ff2c (Jon Huhn)

fix(*): rm filterTrafficSplit logic as it is no longer needed f19eaa2dbfb0dbed61d36320076c5aa69179fccd (Michelle Noorali)

Fix skip statement in upgrade e2e test bb6aaacc335cac1753367a3a425fd26e0ce3a812 (nshankar13)

envoy/ads: add unit test for helper 3ebb484aefdeeacd06cc766e43fbc3608664707e (Shashank Ram)

ref(docs): update manual demo for routes v2 9166509fe90a2a01eb5b72be28b1be5f28583c2b (Michelle Noorali)

docs(install): Document how to install on OpenShift (#2784) f783b19f1846d1bc4f81a91c1de36af342876be8 (Kalya Subramanian)

catalog/ingress: make tests comprehensive and correct check 81c6ff1a2cca4246f1bb92f03a0a244ff591badc (Shashank Ram)

tests(pkg/cli): add test for RESTClientGetter() 0a99c655f1bcc9dbf9b7830527d701ee196fa8ef (Jon Huhn)

envoy/lds: support for outbound TCP traffic splitting 2d153463ff3f33eb61ec2517034327b2928b6b26 (Shashank Ram)

workerpool: introduce workerpool concept and unit tests 35ec23a3238883eda0c6e3db88a732806e3bc6fb (edu)

fix(install): disable atomic by default f07a1003dde0ce4c38420614a67ae4fdc80a66e3 (Jon Huhn)

add unit test for UseHTTPSIngress() and IsPrivilegedInitContainer() plus added disable check for IsDebugServerEnabled() 8f26eb208a6cdd2da7eee73ebd4c4526ed98658d (Shalier Xia)

test(pkg/envoy): add a unit test for ParseEnvoyServiceNodeID dbebb51ad8d9517c9eee4d12293bbb6b642b9f17 (Rudraksh Pareek)

tests(pkg/catalog): test namespaced traffic split root service 8039bbabaa624cc7e53879e2d81b1ee86c20ff0d (Michelle Noorali)

fix(pkg/catalog): resolve root service hostnames dd923d8235007e96f5a7dd193a8febb014d8139e (Michelle Noorali)

certificate/rotation: correctly rotate certs (#2789) 9a7904c62a13b97beda8f345452c65c64922cb8a (Shashank Ram)

test(pkg/service): Add tests for service package 638e56a049f58d2c8e80c04539719b62b428ab4f (Sneha Chhabria)

test(pkg/envoy/sds): Add unit test for function GetLocalClusterNameForService 2ab0bc7b003a544724eec2f02263c98eee1ef98d (Sneha Chhabria)

test(pkg/kubernetes): Add test for GetAppProtocolFromPortName() 964f5fab5695afed86d1fbfe71f86be7f1190ca0 (Sneha Chhabria)

chore(docs): fix documentation gh issue template 8cf734425520d4bfce92bc4225b4e54edaff077c (Sanya Kochhar)

chore(pkg/kubetnetes) : Convert tests to use Go std testing library 5a0ad9c3a48aa9a602c9976ba6e5f3b5e7394cd1 (Sneha Chhabria)

tests(pkg/configurator): add tracing tests 250c9c22dd5cec75d9a0afb72a9be5896b6dbd24 (Jon Huhn)

tests(pkg/cli): add test for EnvVars() 0b5e004be66eebb7f522bfd0f885673addfc73d1 (Jon Huhn)

Template jaeger namespace value 13ef51563fe9d7b8a36ad3547f96244da8f7faa6 (Sanya Kochhar)

tests/e2e: test against mulitple k8s versions 09ab3bc5e4f99a7d7dc9f74fa12ee280e3c7b56e (Shashank Ram)

test(pkg/envoy/route) : Test clusterWeightByName.Less() d16ad4bcc67edeccb5505714212b7c2c9ba24b2a (Sneha Chhabria)

envoy: wait indefinitely on TLS secrets 96faee85a81bd766e58243b41e9fb854dcc8ac48 (Shashank Ram)

pkg/envoy: Enable some logs at info 8d2f2f3d5c212f8a287da4460c02def380805811 (Eduard Serra)

e2e: Instrument collect logs de16d59baf784fce73bc7e88e9438ea442895d4a (Eduard Serra)

refactor kubectl patch to osm mesh upgrade + small fix for markdown format fix script format, make changes in comments 16cff8b9349c14e95e39cee1b9d022b8fe7d85f9 (Shalier Xia)

e2e: Add envoy config collection 7fc8b5af50f229fe0c4ae81f3661e7050b0a8ae4 (Eduard Serra)

tests(pkg/cli): verify Namespace() error path dc853edab63d9d0c9a7591ecb7509453c9a55c7d (Jon Huhn)

charts/osm: update envoy to 1.17.1 bfeaf8ccfd7d71c177ae11e201297d049c2519ac (Shashank Ram)

e2e: envoy log lvl back to debug baeb4cc8d314b59dc152d63e31849655dfcd9a9b (Eduard Serra)

envoy/sds: bump log level to info db7b1761c3314035e795ab89312fdd505653acf2 (Shashank Ram)

injector: restrict envoy admin access to localhost 1fd823a9562470ecdcb980f91f832afe6cc230d5 (Shashank Ram)

cli/proxy: extend proxy cmd to other admin queries 5af4619e5c249e6b807dc71aa8a5d70dd30d263e (Shashank Ram)

tests(pkg/kube): Add portforward tests eab310ffba332ae19dfd511fd48784d821a0c98d (Jon Huhn)

test(pkg/service): ClusterName.String() method be103caa6537e84422ec6a19a14a3eb6c38eca81 (DelusionalOptimist)

osm-controller: Fix small typos in comment aaa0a6b6af0605d758bcf0f39b70e780f61f8f5a (Delyan Raychev)

feat(demo): Update automated demo to work on OpenShift ba711be375d4ea2d6ab649fe73f5952bf7442e52 (Kalya Subramanian)

tcp-client/serv: move all logging to log 6ba57dc2ce5a12de0f17ed3f2ce96a5086d9e8a3 (Eduard Serra)

Change e2e log level to info 1dab99d390f29e1848ec8c39fa54c76bd0d3b1af (Eduard Serra)

tests/e2e: move upgrade test to bucket 4 to balance time a182779c39195499f6e608a02896fb744cf1ec29 (Shashank Ram)

tests: Ignore fakes when measuring unit test coverage d47caee162ebf2161c78870bc6ddb7e587b6c304 (Delyan Raychev)

envoy/lds: add unit test for outbound TCP filter 2e5193ef3805d8bb752b1f226573df94bab0ff58 (Shashank Ram)

Typo correction e33802e0475257f9ceb55d9321bb8d7d1ef93107 (Bridget Kromhout)

tests/e2e: remove redundant scoping within function 40d1a405ed2daf8544e3eacfe2fe3876cae77b6a (Shashank Ram)

tests/e2e: add test for secure gRPC origination 99adb2b6626419bec00f2e48c86b701e508a71fa (Shashank Ram)

ref(docs): mv image to docs/content f9092f2a3349467d57ef83e5abb398d58f561982 (Michelle Noorali)

Fixing links for web and github 19640fd119562313ddf97243c1be7b838242c27f (Bridget Kromhout)

Clarify support e8a9d5870da003d8563fbb803ac3e90f009bd0c1 (Bridget Kromhout)

tests(metricsstore): Refactor to improve coverage 160702322a6b4dc318d015b21b34d7eef4fa1e41 (Jon Huhn)

fix(scripts): add namespace to osm logs script 4e972214242070e5d39bbb2b93e3fe13ffc8425f (Jon Huhn)

charts/crds: attribute orginal authors for SMI CRDs fd9f999b6c7a9b2a11234f0f684d229a5d54dd11 (Shashank Ram)

ref(docs): update manual demo 8ff38b086df1c17ada05b12cdff060d766b1fb6f (Michelle Noorali)

tests(pkg/envoy/lds): improve unit test coverage 8c0f8a27a35a135c382ac7f430e72a2179eab24c (Jon Huhn)

e2e/ci: add log collection beb171a89d4aca5105d2ff2ebe45abc43962734b (Eduard Serra)

fix(cli): Add missing flags for upgrade bf984d4c26bcc2c55459c2f100cbeffc9e3be5aa (Jon Huhn)

ref(docs): clarify references to repo in dev guide c2ad9755d499a5dc739330c59e5d53eb511c0ada (Michelle Noorali)

logs(*): remove unnecessary fluent bit filters 424ba96ebf02c451cf2be6fda77e64ca4fb307d8 (Sanya Kochhar)

fix(e2e): reduce CPU needed for upgrade test 7f70fc3afc3637651073b31dc043ed4dd72ec9bb (Jon Huhn)

pkg/smi: add unit test for GetTCPRoute 9ebf845fa3939f9b258463ea7ee01884ca9307e5 (Shashank Ram)

tests(e2e): disable upgrade test c7aa3526a8204cb69240b21abf1c7c789ee576b7 (Jon Huhn)

tests(fluentbit): differentiate names and contexts for fluentbit e2es 2dddf1a50f9c281f7deacfd3974d5356cbc212a5 (Sanya Kochhar)

Scripts: get-osm-namespace-logs script d92408defb64c5ee9ed36f524ace9ff11382213a (Eduard Serra)

golangci: remove rule for non-existent path c43b8a05c55eb761c7df54d6f116f8254791add1 (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v0.9.0-darwin-amd64.tar.gz(12.10 MB)
osm-v0.9.0-darwin-amd64.zip(12.10 MB)
osm-v0.9.0-linux-amd64.tar.gz(11.46 MB)
osm-v0.9.0-linux-amd64.zip(11.46 MB)
osm-v0.9.0-windows-amd64.tar.gz(11.63 MB)
osm-v0.9.0-windows-amd64.zip(11.63 MB)
sha256sums.txt(573 bytes)
v0.9.0-rc.2(Jun 3, 2021)
CRD Updates

charts/osm/crds/meshconfig.yaml

Changelog

chore(release): release v0.9.0-rc.2 ff6cd4de04e8bf833b18473a750d6461d5e4bd04 (Allen Leigh)

egress: enable egress policy by default 1cba4e324f10e4b535aa15493830b5691cfbaa98 (Shashank Ram)

tests/e2e: fix install properties in upgrade test abc3c9a335b5cf1ffbbbb29194e282d7942c44d4 (Shashank Ram)

charts/osm: allow additional root properties 3ff6648e58e16c64b3538832501e995439d5fe0b (Shashank Ram)

Source code(tar.gz)
Source code(zip)
osm-v0.9.0-rc.2-darwin-amd64.tar.gz(12.10 MB)
osm-v0.9.0-rc.2-darwin-amd64.zip(12.10 MB)
osm-v0.9.0-rc.2-linux-amd64.tar.gz(11.46 MB)
osm-v0.9.0-rc.2-linux-amd64.zip(11.46 MB)
osm-v0.9.0-rc.2-windows-amd64.tar.gz(11.63 MB)
osm-v0.9.0-rc.2-windows-amd64.zip(11.63 MB)
sha256sums.txt(603 bytes)