Skip to main content

Release Radar - Q2 2022

Waypoint 0.8
#

TLDR: masked outputs

  • New sensitive attribute in HCL facilitates SHA256 hashing of so-marked values in outputs (eg logs)
  • New capability to target projects/applications at a subset of (tagged) runners
  • Runners must now be admin approved (waypoint runner adopt), obviating need for previous PSK auth process
  • CLI now facilitates job introspection via new waypoint job [list/inspect] subcommands

VictoriaMetrics 1.76
#

TLDR: breaking change to deployed clusters; upside = efficiency gains

  • vmalert now better conforms to Prometheus’ Alert Generator specification
  • vmui now supports autoload of pre-defined dashboards
  • new flags for setting granular resource utilization boundaries during certain API calls (federation, export, series query etc)
  • up to 50% reduction in cluster mode memory utilization during periods of high ingest

Consul 1.12 (beta)
#

TLDR: K8s integration improvements

  • When deployed on K8s, now stores all its secrets in Vault (previously as K8s Secrets)
  • When deployed on K8s, can now automatically roll server TLS certs (using Vault)
  • Significantly more actionable output from API in response to ACL denial (xyz token lacks permission abc to access jkl)
  • New status overview dashboard for Web UI logins with identities possessing operator:read rights

Harbor 2.5
#

TLDR: artifact signing

  • New support for sigstore/cosign, enabling artifact signing & verification
  • Replication now supports (optionally) skipping proxy cache projects
  • Performance and resilience enhancements

Dapr 1.7
#

TLDR: consistent resiliency

  • Resilience policies facilitate declaration of timeouts, retries, and circuit breaking configurations
  • More telemetry emissions (intra-component latency metrics, API call counters and logs)
  • CockroachDB, NATS JetStream, Oracle DB state stores

Nomad 1.3 (beta)
#

TLDR: native service discovery!

  • Can now use template stanzas and/or Nomad’s own API to illuminate address:port targets (previously required Consul)
  • New max_client_disconnect attribute for tolerating temporary connectivity issues (eg on edge compute)
  • New web UI view surfacing recent evaluation outcomes
  • Nomad Pack improvements (ENV interpolation, --to-dir rendered output location, generate subcommand)

Loki 2.5
#

TLDR: big performance wins

  • Improved performance when regular expressions and binary operations are involved
  • New V12 storage schema, can exceed 5500 RPS of S3
  • New promtail ingest support: Docker Daemon API, Cloudflare logpull API, Graylog (GELF)

Kubernetes 1.24
#

TLDR: deprecations/promotions galore

  • Long telegraphed, much embellished removal of Dockershim (in favour of a plethora of better CRI’s)
  • Lots of deprecations, check release notes, small sample: .Service.spec.LoadBalancerIP, vSphere and Azure in-tree plugins, beta API’s for CSIStorageCapacity and VolumeSnapShot
  • CSI drivers can now load a sidecar controller to facilitate volume health monitoring, exposed as VolumeStats metrics
  • New Status subresource for NetworkPolicy, surfaces whether the CNI has correctly (and completely) implemented the policy
  • New maxUnavailable subresource for StatefulSets
  • New TimeZone param for CronJobs (previously locked to kube-controller-manager TZ)
  • New ExpirationSeconds field in CertificateSigningRequestSpec (previously defaulted to 365 days)
  • First-party (K8s) container images are now sigstore/cosign signed
  • Future beta API’s will now be feature gated by default
  • Lots of (very useful) features graduate to beta: MixedProtocolLBService, DisableKubeletCloudCredentialProviders, GracefulNodeShutdownBasedOnPodPriority, GRPCContainerProbe

Grafana 8.5
#

TLDR: new navigation bar

  • Navigation bar UX revamp (flagged behind newNavigation)
  • Trace to Logs for Splunk [Enterprise]
  • RBAC for alerting, dashboards, folders, annotations [Enterprise]

GitLab 14.10
#

TLDR: Improved compliance reporting

  • GitLab Runner Operator now supports Kubernetes (previously only OpenShift clusters)
  • Compliance report now reports each merge request violation for the projects within a group (previously showed only latest MR with =>1 violation)
  • New pipeline trigger:forward keyword improves ergonomics around variable inheritance

Tempo 1.4
#

TLDR: metrics generator

  • New optional ‘metrics generator’ component; consumes spans, emits metrics (auto-writes exemplars! no instrumentation changes necessary)
  • New service dependency graph capability (leverages metrics generator)

Argo Events 1.7
#

TLDR: new underpinnings

  • New support for using NATS JetStream as Argo Events’ bus, in preparation for telegraphed deprecation of NATS Streaming
  • EventBus, EventSource and Sensor controllers converged into new controller-manager component, which supports active-standby HA
  • New filtering capability for sensors

VictoriaMetrics 1.77
#

TLDR: service discovery improvements

  • promscrape.config now selectively reloads only changed elements, minimizing VM’s unavailability envelope
  • vmagent service discovery now scales linearly with CPU core count
  • Usual cadre of Prometheus-mirroring compatibility changes, eg now supports dns_sd_configs notifier discovery

Prometheus 2.35
#

TLDR: legacy breaking changes

  • Built using Go 1.18; TLS1.0 and 1.1 support is gone, SHA-1 certs now rejected
  • New in-tree library for GKE service discovery, and more resilient Azure service discovery
  • Significant TSDB improvements; more efficient startup WAL read, temp files now explicitly deleted

Thanos 0.26
#

TLDR: continuous downsampling

  • Bucket downsample process is now run continuously
  • New flag to enable headers from querier to be forwarded downstream
  • Added TLS1.3 support

keptn 0.15
#

TLDR: Datadog!

  • Datadog now supported as a SLI source
  • New ability to programatically provision (and optionally remove, when the associated project is deleted) git repositories
  • Deny list for webhook service (default K8s Namespace populated by default)

Boundary 0.8
#

TLDR: telemetry

  • Workers and controllers now emit Prometheus metrics
  • Logging now fully fledged; all application events are emitted, with support for cloudevents format (alongside text, JSON etc)
  • Worker tags can now be set via the webUI

GitLab 15.0
#

TLDR: wiki enhancements

  • WYSIWYG editor (and improved syntax highlighting) now available when composing Wiki content
  • More granularity now possible in iterations (can be team scoped, previously only group scope was supported)
  • Semgrep SAST support (popular languages supported in this release, list to be expanded)
  • Tagged releases can now optionally use the tag’s commit message as release notes
  • Internal notes for issues / epics
  • VSCode extension (GitLab Workflow) now supports multiple accounts, and leverages VSCode SecretStorage (OS-native keychain)
  • Advanced Search capability is now OpenSearch compatible (previously needed mainline ElasticSearch)

Crossplane 1.8
#

TLDR: docs

  • Documentation enhancements, eg Vault as secret store, CRD scaling discussion
  • base64 encode/decode in Convert transform

Traefik 2.7
#

TLDR: TCP router enhancements

  • New failover service type; redirects requests to main to fallback if main healthcheck is failing (not supported in K8s)
  • TCP routers now support muxing (!!) and HostSNIRegexp rules
  • Consul events can now trigger dynamic config rebuilds
  • Traefik Hub support (new SaaS product, metrics, alerting, ACME, GSLB etc)

CDK for Terraform 0.11
#

TLDR: improved provider import workflow

  • New provider add command installs a prebuilt cdktf package if it exists, falling back to generation of resource classes using the schema of a so-named terraform provider
  • New debug command (verbose output, version info etc)
  • Breaking changes for debug ENV’s and related arguments

Prometheus 2.36
#

TLDR: ready endpoint

  • New prometheus_ready metric, reflects whether WAL has been replayed and instance is operational (rather than just ‘running’)
  • New lowercase/uppercase relabel actions
  • New service discovery support for Vultr and IONOS infrastructure providers

Istio 1.14
#

TLDR: SPIRE support

  • SPIRE (SPIFFE implementation) now supported via improvements to Istio’s interaction with CA’s
  • New support for automatically confguring an otherwise unspecified SNI (auto-sni)
  • Telemetry API now supports OTel access logging

HAProxy 2.6
#

TLDR: QUIC

  • New HTTP/3 over QUIC support (HTTP over UDP) [needs USE_QUIC compile flag]
  • Compatibility with OpenSSL 3.0, unlocking new show ssl providers runtime command
  • Master CLI has new capabilities, like expert, experimental and debug modes
  • Improved variable semantics via conditions like ifexists and ifnotempty

vcluster 0.9
#

TLDR: plugin mutations

  • Kubernetes v1.24 support
  • Plugins can now intercept and mutate incoming and outgoing objects (from syncer)
  • Helm chart improvements

Kyverno 1.7
#

TLDR: mutation of existing resources

  • Policies can now be configured (mutateExistingOnPolicyUpdate) to apply to resources already deployed to clusters
  • Policies targeting resource A can now trigger mutations to (even-already-existing) resource B
  • CLI now supports testing policies containing subjects, users, and groups
  • Improvements to image verification capabilities: multi-attestor support, digest and signing enforcement capabilities
  • GitOps compatibility improvements for rule auto-gen (flagged behind autogenInternals=true)

Argo CD 2.4
#

TLDR: pod shells from web UI

  • New terminal capability in web UI; shell into Application pods (disabled by default)
  • Pod logs and web terminal access now subject to granular RBAC
  • OTel Tracing support (for the Argo CD workload itself)
  • ApplicationSet generators for Gitea

Grafana 9.0
#

TLDR: PromQL & LogQL visual builders

  • Query fields for metrics & logs now includes visual builders, including an ’explain’ mode and contextual suggestions (‘hints’)
  • New ’explore to dashboard’ workflow, facilitating conversion of ad-hoc queries into saved dashboards
  • New Command palette (Ctrl/Cmd + K) enables keyboard driven navigation and search
  • Improved heatmap panel, focused on performance/scalability (can now render >200k datapoints)
  • Traces can now be added to dashboards via a new trace panel
  • Grafana Alerting (introduced in 8.x) now default alerting engine, adding support for multi-dimensional, deduped (‘grouped’) and silencing of alerts

Grafana OnCall 1.0
#

TLDR: bare bones incident management

  • OSS release of SaaS OnCall, itself a product of 2021 Amixir acquisition
  • Provides the majority of core PagerDuty features (on-call schedules, escalation chains, ChatOps, auto-resolve configurations)… including a PD importer!
  • Ugly stack (Django, MySQL, Redis, RabbitMQ, Celery) but can be abstracted away via first-party Helm chart

Kuma 1.7 / Kong Mesh 1.8
#

TLDR:

  • CI now outputs ARM64 builds for both Linux and macOS
  • New cross-mesh communication capabilities using a new ‘built-in’ gateway (previously required external, delegated gateway)
  • Kong Mesh now supports cert-manager

vcluster 0.10
#

TLDR: CLI ergonomics

  • vcluster create no longer requires a port forwarding step when provisioning a child cluster in a local distro (kind, k3d etc)
  • vcluster delete now removes an existing vcluster namespace (by default, --auto-delete-namespace=false overrides)
  • vcluster connect now switches kubectl context to that of the vcluster (by default, --update-current=false overrides)

furiko 0.2
#

TLDR: API refactor

  • Jobs now support parallel execution of tasks
  • furiko CLI arguments expanded (kill, enable, disable etc)
  • Multiple breaking changes to v0.1 API

VictoriaMetrics 1.78
#

TLDR: cardinality tab

  • New web UI cardinality tab displays metrics, labels, and label=value pairs with highest series counts
  • vmalert now notifies in parallel (previously sequentially, thus possibly blocking downstream alerts)
  • Support for specifying a kubeconfig_file when configuring vmagent service discovery (for extra-cluster scenarios)
  • vmagent and vmalert endpoints (eg /targets) now work in airgapped scenarios

Vault 1.11
#

TLDR: K8s secrets engine

  • New Kubernetes-centric secrets engine; short-lived service accounts (inc roles, bindings, tokens etc)
  • PKI engine now supports non-disruptive root/intermediate key rotation
  • New support for configuration of MFA methods via web UI
  • Autopilot now supports automated upgrades and is redundancy zone aware [Enterprise]

Talos 1.1
#

TLDR: hardened defaults

  • kube-apiserver now defaults to denying anonymous authentication (adhering to CIS guidelines)
  • talosctl gen now outputs cluster configs with PodSecurity admission controller enabled by default (enforce baseline, audit restricted)
  • talosctl apply/patch/edit commands now support --dry-run and --mode=try arguments

GitLab 15.1
#

TLDR: SLSA output

  • SLSA attestation now emitted from GitLab Runner (into the artifact registry, and/or as .json)
  • include: keyword in .gitlab-yi.yml now hotlinks to the referenced pipeline configuration
  • New ability to map Gitlab groups to SAML groups on self-hosted instances
  • Value Stream Analytics page now has a time to restore (DORA metric) chart

liqo 0.5
#

TLDR: new docs site

  • Many improvements to liqoctl (peering/unpeering, install/uninstall, chart/CRD upgrade workflows)
  • Virtual kubelet now supports ServiceAccount and Ingress reflection
  • Setting a Kind’s worker number to 0 disables reflection for that resource