Thanos 0.30 #
TLDR: new caching engine
--tsdb.out-of-order.time-windowflag facilitates out-of-order sample ingestion- Redis client deprecated in favour of Rueidis (in Golang, faster, supports client-side caching)
- Promtheus bumped to v0.40.7, but sans native histogram capability
Argo Rollouts 1.4 #
TLDR: fast rollbacks
minPodsPerReplicaSetparam for canary deploys (new canaries must have x min pods)- ‘fast rollback’ capability (skip analysis steps), with configurable gate for count of previous revisions
- dynamic shell completion for core CLI commands
- reliability improvements to leader election logic
- support for Apache APISIX (API gateway, ingress controller etc)
Coroot 0.9 - 0.12 #
TLDR: k8s workload autodiscovery
- automatic Kubernetes workload observability via
kube-state-metricsdiscovery - memory leak detection (defaults to +10MB/h, can be modified globally or per-project)
- AMQP (RabbitMQ) protocol support
- JVM awareness - out of box monitors for availability and stop-the-world pauses (enduring safepoint stops)
VictoriaMetrics 1.84 - 1.86 #
TLDR: pushgateway support
/api/v1/import/prometheusendpoint now (also) supports ingest of pushgateway format- support for migration of data originating from sources supporting Prometheus remote read API
- drilldown into per-job or per-instance metric exports now possible
vmui - support for discovery of Hashicorp Nomad services (
nomad_sd_configs) - parsing of partial RFC3339 query args (eg
2022becomes2022-01-01T00:00:00Z) - support for aggregation of samples (based on time + label) in
vmagent
Gitlab 15.8 #
TLDR: SCIM for self-managed instances
- support for blocking MR’s unlesss external status checks pass (flagged behind
only_allow_merge_if_all_status_checks_passed) - beta of ‘direct transfer’, a refactored group and project transfer approach (for both intra and inter instance transfers)
- self-hosted GitLab deploys now SCIM compatible (programatically create/remove identities)
- access requests create To-Do items for relevant (group/project) admins
Tailscale 1.36 #
TLDR: (Apple) Shortcuts
--jsonoutput for many more commands (egversion,lock status,lock logs)- support for UPnP port mapping of gateways when deployed in HA
- Shortcuts actions for macOS and iOS clients
- First-party container no longer fails when
$TS_KUBE_SECRETis unset
Liqo 0.7 #
TLDR: Terraform provider
- support for connectivity to parent cluster API server from offloaded pods
- first-party Terraform provider (peering, namespace config etc)
- better handling of failed worker nodes in remote cluster
vcluster 0.14 #
TLDR: in-tree CRD sync
- new ‘multi-namespace’ mode, syncs child namespaces to parent cluster (as opposed to being nested inside parent cluster’s vcluster namespace)
generic-crd-syncplugin effectively moved in-tree as ‘generic resource sync’ capability, facilitating CRD sync and child cluster access to parent cluster controllers- Kubernetes 1.26 support for all three vcluster distros (k3s, k0, and upstream)
Prometheus 2.41 - 2.42 #
TLDR: X.509 hot reloads
keep_firing_forrule parameter- support for HTTP proxy headers
- hot reload for file-bound certificates
VictoriaMetrics 1.87 #
TLDR: stream aggregation
- PROXY protocol support for most components (needs allowlisting, eg
-httpListenAddr.useProxyProtocol) - support for deduping input samples via new
streamAggrCLI args - dark mode and local fonts for
vmuiweb interface
Mimir 2.6 #
TLDR: reduced peak memory utilization
- experimental (feature flagged)
store-gatewaymemory enhancements (streaming instead of buffering) grafanaExploreURLandtenantIDtemplate functions- experimental
store-gatewayreliability improvements (index header reads without using mapped memory)
Kyverno 1.9 #
TLDR: policy exceptions
PolicyExceptioncustom resource, facilitates exclusions decoupled from policies themselvesClusterCleanupPolicycustom resource, for granular, automated removal of specified cluster resources- OpenTelemetry support (added in v1.8) improved, now includes distributed tracing capability
Tempo 2.0 #
TLDR: TraceQL
- Parquet graduates to GA, and is now the default backend
- initial introduction of TraceQL (new query language)
distributorsupport for (generic and OTel gRPC) forwarders
ArgoCD 2.6 #
TLDR: plugin param’s
syncOptions.createNamespace=truesub-params for adding labels and annotations- support for parametarization of CMP’s (plugins)
- progressive rollout support for
ApplicationSetresources [alpha] - new
admin initial-passwordCLI subcommand prints bootstrapped admin credential
Nomad 1.5 #
TLDR: OIDC support
- support for SSO, through addition of broad OIDC provider compatibility
- API endpoint for updating node metadata (so also possible via CLI and web UI)
- CLI and web UI quickstarts via new provide via ‘job templates’ (syntax boilerplate)
Boundary 0.12 #
TLDR: more authentication options
- support for mapping Vault credentials directly to a user/target (previously required target-per-credential)
- credential injection using Vault SSH certificates (HCP only)
- support for sessions requiring multi-hop traffic pathing (HCP only)
Cilium 1.13 #
TLDR: Gateway API
- support for L7 load balancing of
Servicesviaservice.cilium.io/lb-l7annotation, including in ClusterMesh scenarios - upstream conformant implementation of Gateway API (for N-S traffic flows, effectively their v2 take on ingress orchestration)
LoadBalancerIPAM + BGP service announcement facilitate dynamical allocation of external-facing IP’s on bare metal, as is done on your behalf ‘in the cloud’ (effectively obviating the need for MetalLB)- Hubble datasource plugin for Grafana ties together Prometheus metrics / Tempo trace emissions with Timescape [Enterprise]
CiliumNodeConfigCRD facilitates node-by-node migration from other CNI’s (supersedes global config)- first-party container images now ship signed (via
cosign), and with a SBOM (in SPDX format) - Tetragon file integrity monitoring (akin to Sysdig) [Enterprise]
- “BIG TCP” support, enabling higher throughput whilst maintaining low latency on 100Gbps+ capable networks
- IPv6 NAT46/64 translation capability
- SCTP (often a VoIP transport) support
- K8s 1.26
internalTrafficPolicysupport - datapath mTLS support (precursor but not yet enabler of real world mTLS capability for Cilium’s mesh)
Dapr 1.10 #
TLDR: multi-app workflows
- pluggable component SDK’s for Golang, .NET and Java; self-hosted binaries for bespoke extensions to the framework
- API endpoints (and CRD’s) for bulk publish and subscribe operations
- (alpha) ‘Workflows’ API for building long running or persistent workflows, including those spanning multiple app
- support for Cloudflare Workers KV as SQLite3 as state stores
GitLab 15.9 #
TLDR: guest access to private repos
- read access to private repositories for
Guestrole [Ultimate] - support for requiring multiple
CODEOWNERSapprovers - closed beta of Code Suggestions (GH Copilot competitor) [SaaS Ultimate]
gitlab-sshd(in Golang) support for self-managed instances- displayable Discord ID’s for user profile pages
- support for filtering by primary (programming) language on Explore Projects page
VictoriaMetrics 1.88 #
TLDR: VM remoteWrite
vmagentsupport for VictoriaMetrics improved remote write protocol (lower network bandwidth + disk I/O)vmagentdiscovery of Kuma Control Plane targets (via newkuma_sd_configs)vmalertsupport for reading alerting and recording rules from an S3-compatible backend [Enterprise]vmauthnow re-attempts failingGETrequests on all configured backends before returning a result to the client
Coroot 0.13 - 0.14 #
TLDR: Pyroscope integration
- more notification sinks: Teams, PagerDuty and Opsgenie (Slack already supported prior)
- integration with Pyroscope (a continuous profiling platform), facilitating deep dives into process execution, correlated against collected metrics (like CPU, I/O etc)
- support for adding an additional Prometheus selector to all queries (enabling aggregate metrics from federated backends eg Thanos/Mimir)
Grafana 9.4 #
TLDR: better keyboard navigation
- Canvas panel (introduced in v9.3) enhanced via support for data links and arrows (shapes)
topnavandtopNavCommandPaletteflags unlock new [CMD/CTRL]+K keyboard-driven navigation UX- better search and export of Grafana Alerting rules
newPanelChromeUIflag unearths redesigns to existing panel types
Teleport 12.0 #
TLDR: many more auth methods
- transparent Azure and GCP CLI authentication (adding to existing support for the same in AWS)
- Device Trust - authentication via macOS Secure Enclave, branded as [Alpha, Enterprise]
- X.509 based (‘passwordless’) auth for Windows local users [Enterprise]
- Kubernetes pod-level RBAC, facilitating more granularily than when role mapping K8s users/groups
Vault 1.13 #
TLDR: multi-namespace access ergonomics
- Azure auth method support for Functions and App Service workloads (Virtual Machines already supported)
- cross-namespace secret sharing
- event-based notifications (via websockets API) [Alpha]
- Vault Operator (first-party K8s secrets sync) [Beta]
Terraform 1.4 #
TLDR: improved CLI output
terraform_dataresource, a replacement for the lion’s share ofnullprovider use cases- OPA results emitted in
planandapplyoutput, similar to that of TFC Sentinel policies - Terraform Cloud’s structured run output now surfaced in
terraformCLI output (if using TFC backend)
Prometheus 2.43 #
TLDR: split scrape_configs into separate files
- new
scrape_config_filesblock no_proxy(exclude a subset of URLs) andproxy_from_environment(read from ENV) argspromtoolsupport for HTTP query commands (aligns with existingamtoolfunctionality)
Thanos 0.31 #
TLDR: per series sample limits
- Redis Sentinel support (addition of
master_nameparam) --disable-caching-index-header-filefacilitates Store component running without persistent disk--store.limits.request-{series,samples}options- experimental support for
Querycomponent load balancing across multipleStorecomponents