Release Radar - Q3 2022 ·

Thanos 0.27
#

TLDR: receive hashring fixes

Object store improvements: bucket names can now be prefixed, force DNS lookup etc
Receive component improvements: support for relabelling and consistent hashrings
eval-interval changed from 30s to 1min to align with Prometheus alerting spec

MetalLB 0.13
#

TLDR: CRD configuration

New CRD configuration method is more elegant (validating webhooks etc), but is a breaking change; ConfigMap no longer supported
IP ranges can now be allocated without advertisement, or any mix of L2 and BGP advertisement
Multi-protocol BGP is now supported (advertising IPv6 routes to IPv4 neighbours, and vice versa)
Many new scoping options, eg MetalLB obeys LoadBalancerClass, BGPPeer can be associated with only a subset of IPAddressPool entries, and announcement’s can be limited to a subset of hosts via nodeSelectors

Loki 2.6
#

TLDR: query federation

Queries can now be distributed to multiple tenants, returning a consolidated result
Log streams can now be scanned for sensitive strings (using LogQL), with that data being filtered (hidden from queries), deleted from store, or both (requires using BoltDB for index)
Instant queries with large time ranges are now sharded and parallelized for improved performance

Traefik 2.8
#

TLDR: Nomad provider

TLSStore CRD can now house certificates (independent of kubernetes.io/tls Secrets)
Nomad provider, interacts directly with Nomad for service discovery (bypassing Consul)
Support for multiple Consul namespaces

keptn 0.17
#

TLDR: UI improvements

Many web UI module additions: SLI breakdowns, service creation, item approval
install, uninstall and upgrade CLI commands deprecated in favour of Helm lifecycle management
Helm chart refactor; control-plane and continuous-delivery charts coalesced into new common chart

VictoriaMetrics 1.79
#

TLDR: Azure service discovery

Support for Azure VM service discovery (azure_sd_configs)
Web UI now surfaces query tracing capabilities (query > select ’trace’ > query again)
vmagent now supports injection and/or rewrite of HTTP headers when scraping targets
Official builds for FreeBSD and OpenBSD

Prometheus 2.37
#

TLDR: LTS release

Support for native Nomad service discovery (nomad_sd_configs)
TSDB memory optimizations

Crossplane 1.9
#

TLDR: housekeeping

Image pull now favours K8s secrets before falling back to hyperscaler specific auth methods
CompositeResourceDefinitions no longer propegate their annotations to referenced CRD’s
Improved support for wildcards and regex in various fields/transforms

Tailscale 1.28
#

TLDR: DNS behavioral improvements

MagicDNS now correctly returns SERVFAIL when all upstream resolvers do
Linux client DNS now plays nicely with AWS, GCP and Azure DNS
iOS client now supports NAT-PMP, UPnP and TCP MagicDNS, but requires =>iOS15

Cilium 1.12
#

TLDR: 🤯

Sidecarless mesh capability (Envoy on worker node, with eBPF for pod observability)
Cilium can now function as a fully compliant (Envoy based) Ingress Controller
Granular Envoy configuration facilitated by new CiliumEnvoyConfig CRD
Cluster Mesh topology-aware routing and affinity now easily configurable via (Service) annotations
Simplified Cluster Mesh instantiation for both cilium CLI and Helm methods
Egress Gateway graduates to stable, alongside new CiliumEnvoyConfig CRD
Improved routing capabilities (IPv6 BGP, VTEP, NAT64 and NAT46 support)
Cilium pods can now run unprivileged, and it’s ClusterRole is more aggressively scoped
New beta support for dynamic pod CIDR allocation (to nodes, based on current pod count)

Mirmir 2.2
#

TLDR: Multi-tenancy UX enhancements

Support for ingesting out-of-order samples (including thresholds, and per-tenant configs)
Support for storing block data, rules, and alerts in a single object storage bucket, each tenant with a customizable prefix
Helm chart improvements: multi-tenant by default, OpenShift support, Grafana Agent deployment option
Improved (human readable) error messages

Checkov 2.1
#

TLDR: twistcli scanner

Workload scans via Prisma Cloud twistcli integration (support for container images, OSS packages, OpenAPI)
IaC scanners now include secret detection capabilities
Support for Azure Bicep, Kustomize, OpenStack, and AWS v4 Terraform provider

GitLab 15.2
#

TLDR: WYSIWYG diagrams

Live preview of Mermaid, PlantUML and Kroki diagrams in WYSIWYG editors
CI now includes a container image pull_policy variable
DORA themed reports expanded to include a change failure rate chart [Ultimate]
Incident feature now displays a timeline oriented view of relevent events

vcluster 0.11
#

TLDR: child cluster bootstraps

Helm chart now able to recurisively deploy charts to virtual clusters on instantiation
NodePorts and ephemeral (debug) containers now sync correctly

Gitea 1.17
#

TLDR: package repository

Repositories (and Organizations) now have RSS/Atom feeds
Ability to function as a Helm chart & general artifact repository
Improvements to PR UI workflow

cdktf 0.12
#

TLDR: Golang support

Following AWS upstream support, cdktf now supports Golang
Improvements to cdktf convert behavior (imports .tf logic into cdktf constructs)
TerraformIterator API enables support for dynamic list iterations
Despite being a ‘0.x’ semver, 0.12 is the first generally available (GA) tagged release

VictoriaMetrics 1.80
#

TLDR: Internal metrics to remote storage

vmalert can now take many more HTTP header inputs (eg datasource, remoteWrite, remoteRead URLs)
VictoriaMetrics own runtime metrics can now be pushed to remote storage
Performance enhancements; time series instantiation now 50% faster, better parallelization across large core count

Harbor 2.6 RC
#

TLDR: high throughput caching

Ability to export CBR (CVE) data generated by scanners
Caching layer (unrelated to pull through caches) for improving performance during high concurrency
Audit log can now emit to syslog, and can be purged on demand or on a schedule

Prometheus 2.38
#

TLDR:

New web UI pane (and /api/v1/format_query endpoint) for outputting pretty-formated PromQL expressions
Kubernetes service discovery now includes meta labels for container image and service port attributes
DNS service discovery now supports MX records

Kubernetes 1.25
#

TLDR:

PodSecurityPolicies removed (replaced by native PodSecurity, which graduates to Stable in this release, or by leveraging community tooling eg Kyverno/Gatekeeper)
Support for userland namespaces, ie sandboxing for workloads like VPN or FUSE requiring CAP_SYS_ADMIN [alpha]
Improved Job logic via .spec.backoffPolicy; can now conditionally terminate (without retry) if the failure meets certain conditions [alpha]
Container snapshot capability, transparently clones a running container for forensic analysis [alpha]
Support for multiple ClusterCIDR’s [alpha]
kubelet now supports emission of OpenTelemetry traces for it’s gRPC calls
PodTopologySpread can now take into account taints/tolerations when calculating skew between topology domains [alpha]
Majority of proprietary in-tree CSI providers now deprecated, only generics eg nfs, iscsi, hostPath remain

Grafana 9.1
#

TLDR: trace to metrics

Ability to link traces to metrics (1:1 mapping between trace datasource and metrics datasource) [feature flagged]
New table panel for displaying RED metrics ascertained from Tempo APM data [feature flagged]
Ability to share dashboards publicly (without authentication) [feature flagged]
Improved [but feature flagged] panel search capabilities, leveraging an in-memory index rather than backend SQL queries

Dapr 1.8
#

TLDR: WASM

Dead letter topic support (for pub/sub components)
Distributed locking API [alpha]
Support for WASM middleware components, pseudo-adding expanding Dapr’s list of supported languages
Storage namespacing, enables shared state partitioning

Argo Workflows 3.4 RC
#

TLDR: artifacts QoL

Web UI now surfaces pipeline artifacts in workflow diagrams, and preview their contents
Artifacts can now be cleaned up via configurable artifactGC params
Both web UI and CLI now facilitate retry / resubmit of archived workflows
Consolidation onto single executor (emissary); Docker, kubelet, PNS executors removed

GitHub Enterprise 3.6
#

TLDR: file tree

Discussions (a GitHub SaaS feature) come to Enterprise
Native sidebar file tree! (a la Gitako/Octotree)
Repository cache capabilities now GA (eventually consistent global replication for monorepos/CI farms)

GitLab 15.3
#

TLDR: tasks in issues

Ability to create tasks (checklists) inside issues
MR reviews can now include a ‘summary comment’ when submitting
MR approval rules can now (optionally) apply only to protected branches

Tempo 1.5
#

TLDR: columnar backend

Support for Parquet as a tracing backend, a columnar datastore with 5-10x query efficiency improvements
Service graph now includes OTel-conformant queue and database metrics
Config attribute to disable (product) telemetry

Linkerd 2.12
#

TLDR: route-based policies

Per-route policy capability, adding to existing port-baseed policies, better facilitating zero trust security postures
Preliminary Gateway API support, as a K8s-native mechanism for configuring route-based policies
Ability to emit Apache-style access/request logs

Kuma 1.8 / Kong Mesh 1.9
#

TLDR: cross-zone mesh support

Mesh now capable of intelligently routing traffic to support workloads running only in a subset of zones
MeshGateway now supports TCP traffic, path rewrite and header modifications
MeshGateway observability improvements: (filterable) telemetry emissions, and ships with a fully fledged Grafana dashboard

Argo Rollouts 1.3
#

TLDR: traffic routing enhancements

Istio users now have access to header based routing (setHeaderRoute step) and traffic mirroring (setMirrorRoute step)
Canary deployments now support Traefik ingress controller
Web UI surfaces more information about analysis runs

Thanos 0.28
#

TLDR: multi-tenant friendly instance metrics

Vertical sharding support for instant and range queries
Remote write now supports configuration of per-request size & concurrency limits
TSDB stats now exposed as metrics to all tenants, including via an example dashboard

Talos 1.20
#

TLDR: CLI ergonomic enhancements

All the talosctl machine operation commands you’d expect now have --wait flag, emits logs until command completes/fails
Live update of machine configs now supports strategic merge (adding to existing JSON6902 patches)
Machines now use random string identifiers, rather than IP addreses, as node names
Talos API now (optionally) available from within the cluster

Boundary 0.10
#

TLDR: better SSH auth UX

SSH key management, supporting both Vault and static stores
SSH key injection for brokered connections (server side keys used, never exposed to connecting client)
Web UI improvements concerning IAM configuration and worker tag/target management

VictoriaMetrics 1.81
#

TLDR: log tweaks

Log obfuscation of flags which may contain sensitive data (like connection strings in URL’s)
Improved human readable error output for API calls (retaining full fidelity in STDOUT logs)
vmagent performance improvements for Kubernetes service discovery at scale, and when relabelling utilizing regex

Tailscale 1.30
#

TLDR: QoL

Client now surfaces whether running in user or kernel space
Clients usingmem: state storage are now immediately removed as nodes when tailscaled exits
DNS improvements (100.100 SERVFAILs, Mullvad DoH, MagicDNS fixes on Windows)

keptn 0.19
#

TLDR: import API

Now able to scaffold a Keptn project via template upload
helm-service and jmeter-service moved to keptn-contrib (no longer shipped in core)
Bridge component graph rendering time improvements (switched to D3.js)

Waypoint 0.10
#

TLDR: destroy orchestration

waypoint project destroy sub-command gracefully removes deployed apps (process steps can be skipped with flags)
Custom pipelines facilitate addition of bespoke steps to waypoint up deploys
Compatibility with Nomad =>1.3’s ability to handle service discovery (without delegating to Consul)

vcluster 0.12
#

TLDR: N<->S routing changes

Ingress sync now disabled by default (sync.ingresses.enabled: true to toggle back on)
Support for k3s v1.25
Fixes for loadBalancerIP, externalIPs, externalTrafficPolicy sync

GitLab 15.4
#

TLDR: VSCode CI authoring

Web UI now suggests reviewers based on repo’s commit graph [Ultimate + feature flagged]
VSCode extension now supports include: and extends: for linting/previewing a composite CI/CD .yml
MR and approvals moved to dedicated page in repo settings

Terraform 1.3
#

TLDR: inter-module refactoring

moved block no longer requires state mv operation, and supports moves to modules outside the local path
Optional type attributes for objects goes GA, adding default value capability
startswith and endswith functions (target strings)

Thanos 0.27 #

MetalLB 0.13 #

Loki 2.6 #

Traefik 2.8 #

keptn 0.17 #

VictoriaMetrics 1.79 #

Prometheus 2.37 #

Crossplane 1.9 #

Tailscale 1.28 #

Cilium 1.12 #

Mirmir 2.2 #

Checkov 2.1 #

GitLab 15.2 #

vcluster 0.11 #

Gitea 1.17 #

cdktf 0.12 #

VictoriaMetrics 1.80 #

Harbor 2.6 RC #

Prometheus 2.38 #

Kubernetes 1.25 #

Grafana 9.1 #

Dapr 1.8 #

Argo Workflows 3.4 RC #

GitHub Enterprise 3.6 #

GitLab 15.3 #

Tempo 1.5 #

Linkerd 2.12 #

Kuma 1.8 / Kong Mesh 1.9 #

Argo Rollouts 1.3 #

Thanos 0.28 #

Talos 1.20 #

Boundary 0.10 #

VictoriaMetrics 1.81 #

Tailscale 1.30 #

keptn 0.19 #

Waypoint 0.10 #

vcluster 0.12 #

GitLab 15.4 #

Terraform 1.3 #