Skip to main content

Release Radar - Q4 2022

Traefik 2.9
#

TLDR: bandwidth telemetry

  • support for canary deployments to Consul and Nomad backends (via platform native tags)
  • support for a fallback/default ACME resolver (previously a specific pre-existing crt and key)
  • new telemetry emission tracks traffic utilization at entrypoint, router and service levels

Prometheus 2.39
#

TLDR: out of order samples

  • support for ingest of out-of-order samples [feature flagged]
  • healthy and ready endpoints now respond to HEAD requests, adding to existing GET support
  • various memory and WAL replay related efficiency improvements

ArgoCD 2.5 (RC)
#

TLDR: server-side apply

  • support for server-side kubectl apply, requisite for very large manifests (eg kube-prom-stack)
  • API (and CLI, but not yet web UI) support for CRUD operations on ApplicationSets
  • ApplicationSets now utilize the Golang text template engine and can call Sprig functions
  • project destinations now support negation (!)
  • Azure DevOps support in the ApplicationSet SCM provider

VictoriaMetrics 1.82
#

TLDR: multitenancy via labels

  • performance improvements to complex regex values in MetricsQL and when re-labelling
  • multitenancy improvements via new vm_account_id and vm_project_id labels
  • new debug mode for vmalert, outputs more verbose logs during rule evaluation

cdktf 0.13
#

TLDR: refactor required

  • 20-80% cdktf synth performance improvements (language and provider dependent)
  • gains were achieved via a broadly breaking change: namespacing of provider constructs
  • for most codebases, the only change required is a (more verbose) syntax for import statements

Kyverno 1.8
#

TLDR:

  • improved PodSecurity ergonomics, via a new Kyverno rule of the same name
  • new manifests rule facilitates YAML manifest signature validation
  • support for K8s v1.25 and OpenTelemetry emissions
  • new flags make possible running Kyverno outside the cluster it operates upon

Nomad 1.4
#

TLDR: encrypted, injectable configs

  • Nomad Variables, conceptually similar (arguably improved upon) implementation of K8s Secret object
  • endpoint healthchecks now supported by native service discovery
  • ACL tokens can now link to roles (previously only directly to policies), and support expiry (via new ttl arg)

Grafana 9.2
#

TLDR: minor UX enhancements

  • dropdown variable editor added to Loki query builder
  • GCP monitoring plugin query builder now more closely aligns with GCP console semantics and Grafana design language
  • support for INNER JOIN transformations

Vault 1.12
#

TLDR: new engines

  • LDAP engine coalesces featuresets of AD and OpenLDAP engines under single unified banner
  • redis engine, supports dynamic roles and credential rotation (only standalone servers supported)
  • PKCS#11 provider, KMIP engine, external BYOK for transform engine [Enterprise]
  • resource quotas now support path suffixes and auto-mount roles

Crossplane 1.10
#

TLDR: housekeeping

  • package pull secret can now be defined centrally, ie propegated/utilized by all provider deployments
  • doc improvements: Argo CD integration, EnvironmentConfig
  • now built using Golang 1.19

GitLab 15.5
#

TLDR: iterative CI enhancements

  • autocomplete suggestions for GitLab objects (eg users, issues) when writing in GitLab web UI fields
  • ‘Cloud Seed’, a low friction, opinionated project bootstrap targeting GCP (IAM + Cloud Run + Cloud SQL)
  • vulnerability scanning for (K8s-deployed) running containers (GL Agent for Kubernetes + Trivy)
  • improved runner management - bulk delete, show owner, show all available (even those managed by others)
  • scanner updates: many SAST subcomponents, Code Quality scans now support auth to private registries, Golang dependency scanning improvements

Liqo 0.6
#

TLDR: observability

  • both dataplane (LiqoNet) + controlplane (Liqo Controller) metrics now emit in Prometheus format, coupled with a provided Grafana dashboard
  • HA improvements: anti-affinity constraints resource limits for offloaded pods
  • doc improvements: selective reflection, cluster flags

Harvester 1.1
#

TLDR: PCI-e passthrough

  • support for snapshots (and cloning) of VM’s
  • storage made available to VM’s can now be presented as K8s-native StorageClasses
  • Longhorn (storage backend) can now operate on a dedicated/isolated network
  • PCI-e passthrough, including support for GPU passthrough
  • stack-wide log and event emissions, including audit logging, with broad-spectrum destination support (leverages Banzai Logging Operator)

Dapr 1.9
#

TLDR: plugins

  • support for ‘private components’, written in any gRPC-capable language
  • HTTP and gRPC application healthchecks (akin to livenessProbes)
  • support for OTel formatted telemtry emissions, and for resiliency spec related metrics

VictoriaMetrics 1.83
#

TLDR: paid features

  • auto-discovery of vmstorage nodes (by vmselect / vminsert) [Enterprise]
  • support for distinct per-series (and per-tenant, per-series) retention periods [Enterprise]
  • CLI args now support environment variable expansion, including nested expansion, via %{ENV_VAR} syntax

Mimir 2.4
#

TLDR: enteprisey minutiae

  • ring-based service discovery (adds to DNS-based discovery) for query-scheduler component
  • experimental /v1/user_limits API facilitates per-tenant limit configuration
  • CLI arg to limit maximum timespan a query can target

Skaffold 2.0
#

TLDR: Cloud Run

  • support for Cloud Run as a deployment target
  • ARM64 support, as both build source and deploy target
  • deploy now split in two; render is a new phase, responsible for manifest hydration
  • new verify phase, responsible for post-deploy tests/validation
  • addition of kpt as supported renderer

Thanos 0.29
#

TLDR: store and compact crash fixes

  • OpenTelemetry compliant trace emissions
  • support for per-file and per-tenant remote write limits
  • storage class assignment for objstore (S3) backend

Kong / Kuma 2.0
#

TLDR: unified version scheme

  • eBPF support for both CNI and initContainer architectures (single digit % latency improvements)
  • revamped web UI, filtering & formatting for Envoy config drilldrowns
  • audit logging for RBAC events

GitHub Enterprise 3.7
#

TLDR: reusable workflow enhancements

  • support for nesting and matrixing of reusable workflows
  • GCP object storage support for GitHub Actions (artifacts, cache, logs)
  • improved ‘innersourcing’ ergonomics via new fork-and-rename workflow
  • SCIM-powered onboard/offboard capabilities [beta]
  • rollup security dashboard (org-wide SAST, Dependabot etc results overview)

Prometheus 2.40
#

TLDR: better histograms

  • native histogram support [feature flagged]
  • OVHcloud service discovery

Coroot 0.7
#

TLDR: alerting

  • support for triggering alerts when SLI state is predictive of error budget breach
  • Slack integration, as (first) alert sink destination

Loki 2.7
#

TLDR: new TSDB storage format

  • new Prometheus-inspired TSDB index lowers storage footprint and improves query performance
  • all components now support TLS for inter-service traffic
  • Prometheus-like config reloads (via signal or HTTP endpoint) for promtail
  • service principal support when authenticating to Azure object storage

Istio 1.16
#

TLDR: feature graduations

  • support for routing based on JWT claims [alpha] and MAGLEV (load balancing algo)
  • External Authorization (delegate to OAuth2, OPA etc) graduates to beta
  • Gateway API implementation graduates to beta

cdktf 0.14
#

TLDR: provider enhancements

  • provider upgrade command, respects deprendencies (like cdktf version) while uplifting binding
  • init command now lists and allows selective installation of pre-built providers (a growing list)
  • get performance boost; subsequent runs no longer require binding generation

vcluster 0.13
#

TLDR: hostpath mapper

  • host path mapping, facilitating support for ecosystem tools like Loki/FluentD, velero, KubeVirt
  • default distro (k3s) now HA-compatible (though requires external datastore); previously only vanilla k8s distro supported for HA
  • CSI related resources now auto-synced when scheduler is enabled

Consul 1.14
#

TLDR: k8s ‘dataplane’

  • Kubernetes deployment architecture simplified via introduction of dataplane sidecars
  • inter-cluster peering, facilitates cross-partition mesh traffic management
  • WAN-federated clusters, and services with different names now supported as failover targets

GitLab 15.6
#

TLDR: group scanning policies

  • support for variables in rules:exists CI keyword
  • improved GH imports: branch protection rules, PR reviewers now retained
  • group level scanning policies, propegate down to subgroups and projects [Ultimate]
  • SAST analyzer updates for Python, KICS, Gitleaks, Semgrep
  • K8s integrations now support v1.25

Coroot 0.8
#

TLDR: eBPF

  • predefined availability and latency SLO’s, with sane defaults
  • drilldown views from services to component instances
  • high throughput, ‘zero instrumentation’ eBPF support

HAProxy 2.7
#

TLDR: traffic shaping

  • support for HTTP traffic shaping (via conditionally gating requests)
  • more CPU efficient healthchecks
  • L7 retries can nwo reuse idle HTTP connections (even for initial requests)
  • sharding of and efficiency improvements to the stick table

Tailscale 1.34
#

TLDR: fast user switching

  • CLI commands now report missing accept-routes=true param when other nodes are advertising
  • support for fast switching between tailnets in the Win/Mac/Linux clients
  • tailscale set now supports piecemeal configuration changes (previously required complete string of args)

Grafana 9.3
#

TLDR: new navigation UX

  • sidebar centric (breadcrumbs on mobile) navigation overhaul (flagged behind topnav)
  • public dashboards now support annotations (flagged behind publicDashboards)
  • photo support for geomap panel, new ‘canvas’ multi-layered panel

Traefik 3.0 [Beta]
#

TLDR: lots of features

  • OpenTelemetry, SPIFFE mTLS, Brotli compression support
  • gRPC middleware and web metrics
  • support for default EntryPoints
  • Tailscale cert resolver

Kubernetes 1.26
#

TLDR: the march of progress

  • stable graduations: spec.internalTrafficPolicy for Service objects, mixed protocol LoadBalancer objects, kubelet credential provider
  • beta gradutations: better non-graceful termination handling of StatefulSet objects, kubectl events, taints and tolerations for PodTopologySpread
  • new alpha features: SelfSubjectReview and kubectl auth who-am-i introspection, pod .spec.schedulingGates, OpenAPI v3 support for kubectl explain, /metrics/cadvisor now derived from CRI (previously, cAdvisor), in-tree SLI exports (/metrics/slis endpoint)
  • deprecations: autoscaling/v2beta (used by HPA), in-tree Azure and GCP auth methods, cinder and glusterfs CSI’s
  • official image repo moved from GCR to registry.k8s.io

VictoriaMetrics 1.85
#

TLDR: more migration options

  • vmctl can now migrate data between VM clusters (auto-matching tenants), and copy data between Prometheus remote_read compliant instances
  • JWT token sig verification for vmgateway
  • improvements to vmagent service discovery scalability

Mimir 2.5
#

TLDR: Discord alerting

  • Helm chart now supports zone-aware replication, rootless containers, MinIO 5.x, and better fitting ‘size plans’
  • memory efficiency enhancements to store-gateway, ingester and alertmanager components
  • Alertmanager now has in-tree support for sending notifications to Discord channels

Talos 1.3
#

TLDR: containerd mirror fix!

  • Kubernetes 1.26 support (and bumps to CoreDNS, etcd, containerd)
  • containerd now correctly handles the /v2 element in registry mirrors (previously we needed middleware to remedy this)
  • new machineconfig patch subcommand to talosctl facilitates out-of-band (file based, rather than live machine targeted) config patches

GitLab 15.7
#

TLDR: SSH key commit signing

  • glab CLI adopted as first-party capability
  • support for signing commits using SSH keys
  • Kubernetes agent support for non-default branches and personal namespaces
  • new web IDE engine, underpinned by VSCode [feature flagged]
  • support for multiple pre-fill values for and $ character in CI pipeline variables

Harbor 2.7
#

TLDR: job service monitor

  • support for Artifactory as a proxy cache upstream
  • new dashboard surfaces runtime information about underlying machinery (job workers, queues, schedules)
  • chunk based replication

Alertmanager 0.25
#

TLDR: Discord integration

  • hot reload of TLS crt and key
  • addition of in-tree Discord and Webex notifiers
  • HEAD support for /-/healthy and /-/ready endpoints
  • parameterization of week’s first day (Sunday vs Monday)
  • improved log emissions for failed outbound webhooks