Release Radar - Q1 2022

Crossplane 1.6

#

TLDR: efficiencies

• New support for exponential backoff
• New --max-reconcile-rate flag to configure how frequently Crossplane attempts reconciliation
• go.cachedir now used in all CI steps

vcluster 0.5

#

TLDR: more distro options

• Now supports k0s and vanilla K8s distributions in addition to existing k3s target
• New capability to sync NetworkPolicy upstream (to the host cluster)
• Kubernetes 1.23 support

Waypoint 0.7

#

TLDR: UI redesign

• UX improvements including dropdown environment selection and a timeline view of milestone events
• waypoint CLI now supports triggers (run a specific operation for a specific project), intended for use during CI workflows
• waypoint.hcl can now fetch from external sources like Hashi Vault and K8s ConfigMaps

Pinniped 0.13

#

TLDR: upstream IdP revocation checks (!)

• User tokens are now only refreshed after verifying validity remains true with the identity’s source OIDC IdP
• Refined selection of TLS ciphers used by all components to align with modern best practice (TLS1.2/1.3 only, PFS support etc)
• Supervisor listen ports can now be customized

GitLab 14.7

#

TLDR: group access tokens

• New support for streaming audit events to a custom HTTPS endpoint [Ultimate]
• New group access token capabilities; SaaS supported and can manage via UI/API (previously self-host only, via Rails console)
• LDAP configuration now supports multiple hosts, with descending priority failover capability
• Helm chart for GitLab Runner now supports interactive web terminal sessions
• New CI_JOB_JWT_V2 variable for enhanced OIDC support in Pipelines (eg for access to hyperscaler stored secrets)

Tempo 1.3

#

TLDR: backend search!

• New capability to search the entire backend (requires tempoBackendSearch feature flag in grafana:master)
• Compactors can now be auto-removed from their hash ring after two failed heartbeats
• A size ceiling for traces - max_bytes_per_trace - can now be configured (default=50MB)

Prometheus 2.33

#

TLDR: native cardinality analysis

• Search feature added to service discovery & target web UI pages
• New cardinality analysis capability via check metrics (requires feature flag --extended)
• Variosu local TSDB and remote-write performance improvements

Traefik 2.6

#

TLDR: K8s Gateway enhancements

• Improved support for Kubernetes Gateway API; v1alpha2 and RouteNamespaces compatibility
• New ability to configure ACME cert duration
• Can now configure advertised HTTP/3 port

CDK for Terraform 0.9

#

TLDR: cross-stack references

• New support for referencing resources/data sources across stacks (and thus across environments)
• CLI can now output directly to JSON; an -output-file flag has been added to the deploy and (new) output commands
• Improved support for sets and lists in resources generated by TF providers/modules

Argo Workflows 3.3 (RC)

#

TLDR: workflow hooks

• New ‘workflow hooks’ facilitate execution of templates based on conditional logic
• ARGO_DEBUG_PAUSE ENV for toggling a single task’s debug mode
• Plugin templates enable extension development (essentially simply HTTP servers) in Go or Python

Gitea 1.16

#

TLDR: federation! but external CI integrations deferred :(

• Can now sign commits with an SSH key (requires OpenSSH =>8.1 and Git =>2.34)
• Support for the AGit workflow
• Nascent federation capabilities
• First party support for MSFT OAuth2 providers and WebAuthn (to supersede existing U2F support)

VictoriaMetrics 1.73

#

TLDR: MacOS binaries

• dropSamplesOnOverload flag to drop incoming data if storage is unavailable or ingestion rate too high
• first party amd64 and arm64 (Apple Silicon) macOS compiles
• indexdb rotation and arm64 efficiency improvements
• vmalert now supports Prometheus style file-based configuration, Consul service discovery and basic auth for notifiers

GitHub Enterprise 3.4

#

TLDR: Dependabot!

• GHA implementation now supports reusable workflows
• Can now run Dependabot locally [beta]
• CodeQL now supports Ruby, alongside Python and secret scanning improvements
• Improved web UI RBAC UX
• Requiring a PR and configuring approval for that PR are now separate branch protection options

Kyverno 1.6

#

TLDR: image verification

• Policies can now use OCI image config attributes as inputs
• New capability to validate signed images using cosign
• Support for more JMESPath operators and filters

MetalLB 0.12

#

TLDR: FRR BGP

• new [experimental] FRR mode for BGP
• new capabilities are unlocked when using FRR mode:
  • dual stack L2 is supported
  • BGP sessions can be paired with BFD

Argo Events 1.6

#

TLDR: improved filtering

• New capability for evaluating an EventSource against a filter expression
• New and / or logic operators for Sensor filtering
• New Sensor transformation capability using either jq or Lua expressions

Grafana 8.4

#

TLDR: query caching

• Playlists can now be shared via links
• Improvements to bar chart and geomap panel types
• New query caching capability [Cloud/Enterprise], configurable per-datasource

Istio 1.13

#

TLDR: E-W gateway hostname resolution

• Can now configure proxy-level options via top-level ProxyConfig CRD
• Telemetry API now supports OTel, filtering of access logs, and customizing service name in traces
• When configuring east-west traffic flows, FQDN’s are now supported for LB’s (previously required an IP, problematic in EKS/ALB scenarios amongst others)

Vitess 13.0

#

TLDR: compatibility improvements

• Now features native support for the majority of MySQL collations
• Rewrite of Vitess’ SQL evaluation engine to more closely align with that of MySQL
• VTOrc now better integrated with sibling components, and is more robust during both automated and user-driven failovers

GitLab 14.8

#

TLDR: expanded SSH key support

• New support for ed25519-sk and ecdsa-sk (U2F-backed) SSH keys
• New security approval policies (specialized approval process for MRs with detected vulnerabilities)
• Default issue and MR templates can now be stored ‘as code’ in the .gitlab directory of the project
• Apple Silicon (arm64 on M1) support for GitLab Runner
• New visualization options for roadmaps

Kuma 1.5

#

TLDR: Zone Egress resource

• New resource type for specifying a Zone’s single egress point
• New Envoy-based gateway implemenetation/mode (adding to existing ‘delgated’ mode)
• Major reduction in memory usage for at-scale deployments

Kong Mesh 1.6

#

TLDR:

• all Kuma 1.5 enhancements plus:
• New native ECS controller (supports both Fargate and EC2 compute), provisions data plane proxy using AWS secrets
• support for (FIPS-140-2 compliant) Red Hat universal base image

Tailscale 1.22

#

TLDR: ephemerality option

• DRPO (DERP return path optimization) capability, facilitating faster connections in unilaterally permissive pairs
• New stateless/ephemeral mode via tailscaled --state=mem
• Standardized heartbeat frequency across platforms (to align with mobile apps battery saving change)

Thanos 0.25

#

TLDR: redis caching

• Cache component now supports Redis as a backend
• Compactor can now now outputs traces for compaction events
• Store component now supports tls_config stanza’s for Minio and Azure backends

vcluster 0.6

#

TLDR: plugins

• New ‘plugin’ framework to facilitate functionality bolt-ons like syncing additional, specific resources, baseline child cluster deployments etc
• Child clusters can now be ‘paused’ (scale to zero) and ‘resumed’ (scaled back up, restoring state)
• Support for VolumeSnapshots and PodDisruptionBudgets

kops 1.23

#

TLDR: K8s 1.23

• Adds support for (vanilla) K8s 1.23, while removing support for 1.17
• Ubuntu 16/18 LTS, Debian 9, RHEL 7, CentOS 7/8 support all removed
• Aliyun and CloudFormation support has been deprecated (no maintainers)
• Adds support for DO VPC’s (and shared VPC’s)

ArgoCD 2.3

#

TLDR: meta plugins go core!

• ApplicationSet and Notification projects have been folded into the core Argo CD project/distribution
• New sync/diff strategies to workaround GitOps incompatible workloads (like some Istio configurations)
• Official ARM64 build

Golang 1.18

#

TLDR: generics 😬

• Long awaited, super contentious implementation of generics
• Native fuzzing capability (first major language to include this as a first-party capability)
• 20% performance improvements for ARM compiled binaries (including Apple Silicon!)

Prometheus 2.34

#

TLDR: OTel tracing

• Chunk write queue now default-disabled (can be toggled with new flag)
• Now uses OTel tracing library (previously Jaeger)
• Web UI: alerts page now has search field, classic UI no longer available

netmaker 0.12

#

TLDR: node ACLs

• First-party Debian, RHEL and Arch packages
• New node ACL capability (allow/disallow traffic between subset of nodes)
• CLI and GUI now surface capability for enabling/disabling per-client connectivity

vcluster 0.7

#

TLDR: isolated mode

• New --isolate flag, pre-packaged defaults for workload isolation (NetPol, PodSec, resource quotas)
• StorageClass sync can now be bidirectional (previously only host-to-guest)
• ServiceAccount sync can guest-to-host inclusive of annotations/labels

VictoriaMetrics 1.75

#

TLDR: mTLS support

• vmalert now supports OAuth and bearer tokens when communicating with datasources and notifiers
• New -rule.resendDelay flag, equivalent to Prometheus -rules.alert.resend-delay
• mTLS now supported for intra-component traffic

GitLab 14.9

#

TLDR: UI/UX improvements

• New ability to link an epic to another (with a relationship, eg ‘blocking’ or ‘related’) [Ultimate]
• Environments page improved to show deployment status (currently active commit, and pipeline/workload health)
• Deployment approval capability (introduced in 14.8) now surfaced in the web UI (previously only available via API call), with ability to add a comment alongside an approve/reject action

Argo Rollouts 1.2

#

TLDR: dry runs

• New ability to dry-run analyses (or a subset thereof, scoped using regex)
• Experiments can now define weight splitting parameters (leveraging mesh/ingress controller capability, if it exists)
• Improved support for ALB controller and AppMesh routing intricacies

Crossplane 1.7

#

TLDR: external secrets

• New [alpha] support for external secret stores (a generic abstraction for backends like Hashi Vault, AKV etc)
• Webhooks now supported both for crossplane core and in providers

Vault 1.10

#

TLDR: MFA to OSS tier

• Login MFA capabilities (TOTP, Okta, Duo) now supported in OSS offering
• Can now function as an OIDC provider (using Vault identities for authN)
• PKI secrets engine can now leverage (PKCS#11/AKV/AWS KMS) HSM [Enterprise]

Alertmanager 0.24

#

TLDR: Telegram

• New mTLS capability for intracluster traffic
• Adds support for Telegram as receiver
• Outbound alerts to OpsGenie can now update an existing message

liqo 0.4

#

TLDR: CLI capabilities

• liqoctl connect facilitates pairing two clusters without using public K8s API endpoints
• liqoctl move volume enables PV migration across connected clusters
• liqoctl uninstall gracefully unwinds a cluster pairing

CDK for TF 0.10

#

TLDR: multi-stack deploys

• New (ergonomic) support for automated multi-stack deployments, building on v0.9’s cross-stack reference feature
• terraform output now streamed to the cdktf CLI when using diff, deploy and destroy commands
• Improved type support - can now reference a list in entirety (previously just elements of a list)

Mirmir 2.0

#

TLDR: Grafana forked Cortex to apply AGPL

• Cortex is basically dead, as Grafana were maintainers of the project
• Mirmir’s initial 2.0 release is to signify their confidence in the (Cortex) codebase’s production readiness
• Enhancements (relative to Cortex 1.10) include:
  • monolithic deployment ergonomics
  • new query sharding capability
  • 36% reduction in config parameters

Talos 1.0

#

TLDR: GA

• New admissionControl machine configuration field (facilitates implementation of PodSecurity)
• talosctl apply/patch/edit commands have new many arguments, like --mode no-reboot and --interactive
• New ’extension services’ concept, essentially machine plugins
  • Related: alpha support for NVIDIA GPU’s