Skip to main content

Release Radar - Q3 2023

HAProxy 2.8
#

TLDR: new (Lua) modules

  • native acme.sh integration!
  • support for HTTP response compression (request compression already supported)
  • Lua programmable email alerts
  • default ALPN values (h2,http/1.1 for HTTP/{1,2}, h3 when utilizing QUIC)
  • Lua powered eventing and queuing modules

Vault 1.14
#

TLDR: ACME

  • general availability of first party Secrets Operator (sync Vault secrets with K8s secrets)
  • support for PKI management via ACME protocol (and thus its broad ecosystem of client tooling)
  • Vault Agent support for passing secrets in environment variables to ‘downstream’ processes, and restarting them when upstream secrets are changed (a la Banzai’s webhook)
  • decoupling of templating and proxying capabilities in Vault Agent; binary now explicitly runs one or the other, not both
  • Active Directory secrets engine subsumed by OpenLDAP engine

Dapr 1.11
#

TLDR: cryptography

  • alpha components: WASM bindings, etcd state store, AKV, K8s and JKWS cryptography
  • encrypt/decrypt building blocks (pair with aforementioned crypto stores)
  • v1 (stable API) for configuration blocks
  • CLI enhancements (write logs to console and file simultaneously, emit events to configurable address, support for multiple resource paths)

GitLab 16.1
#

TLDR: service accounts

  • web UI navigation overhaul
  • status of related Kubernetes objects (Deployments, Daemonsets etc) surfaced in Environments pane
  • support for service accounts; API-created credentials not tied to a specific user [Premium]
  • changelog generate subcommand for the glab CLI

Promethus 2.45
#

TLDR: (native) histogram improvements

  • support for remote writing directly to an Azure Monitor workspace
  • (native) histogram bucket size limits, avg_over_time and sum_over_time operators
  • path prefix support for consul_sd

Argo CD 2.8
#

TLDR: ApplicationSet generator plugins

  • support for AWS CodeCommit as SCM Provider
  • support for Azure DevOps and BitBucket Cloud as Pull Request generators
  • ApplicationSet generator plugin support (similar to CMP’s), with support for Matrix and Merge generators
  • per-ApplicationSet sync policy override viaapplicationsSync param
  • various UI enhancements (trigger manual CronJobs, mouseover container info etc)

FluxCD 2.0
#

TLDR: scale out

  • support for AWS/Azure/GCP Workload Identity (passwordless OCI authentication)
  • GA for GitRepository, Kustomization and Receiver API’s (to v1)
  • support for horizontal scaling and controller sharding
  • compliance with SLSA Level 3
  • alerting uplift: PagerDuty support, event filtering, enrichment via metadata

Gitea 1.20
#

TLDR: CI improvements

  • support for more package registry types - Go, Alpine, Debian, RPM and Swift
  • improvements to [experimental] Gitea Actions - needs and outputs, CLI runner registration, web UI enhancements
  • API endpoints for activity feed, renaming users, more templates (eg gitignore and licenses)
  • support for pinning issues (and an API endpoint for the same)
  • declarative in-repo issue configs using GitHub format → .{gitea,github}/issue_template/config.{yml,yaml}
  • support for user profile READMEs (create a .profile repo scoped to a username, populate with a README.md)
  • consistency improvements to editor, WYSIWIG replaced with seperate raw text / preview areas

Nomad 1.6
#

TLDR: node pool partitioning

  • node_pool param facilitates agents declaratively targeting a subset of compute workers
  • web UI for Jobs and Deployments pages revamped to better depict workload state/health, and declared vs running replicas
  • job definition (as HCL) surfaced in web UI; previously only in raw JSON
  • Nomad Pack v0.1 - first release of a package manager / templating tool (somewhat akin to Helm)
  • support and feature parity (with docker) for podman task driver
  • CLI enhancements (better raft peer sorting, more CA cert customization, -quiet for var init subcommand)

VictoriaMetrics 1.92
#

TLDR: vmagent + OTel

  • up to 5x lower memory utilization for high churn + long retention datasets
  • vmagent now capability of OpenTelemetry (protocol) ingest
  • support for definining stream aggregation selectors (ANY match = aggregate)
  • -notifier.blackhole CLI flag, enables local evaluation of alerting rules without emitting to receivers
  • logs emissions for progress percentage during vmbackup and vmrestore operations

Prometheus 2.46
#

TLDR: promtool capabilities

  • if no filenames provided to promtool, read/validate rules from STDIN
  • set/delete/format commands added to promtool
  • kubernetes_sd improvements (better EndpointSlice and PodIP handling)
  • pre-emptive support for new (larger) hetzner_sd node ID’s

Cilium 1.14
#

TLDR: mutual auth

  • SPIFFE/SPIRE powered (workload) mutual authentication
  • support for inter-node encryption and L7 policy enforcement (via WireGuard)
  • TLS passthrough support via Gateway API’s TLSRoute resource
  • IPv4 BIG TCP support, adds to v1.13’s IPv6 support of the same (big throughput increase in =>100Gbps flows)
  • native L2 announcement of external IP’s to local networks, obviating need to deploy MetalLB for that same use case
  • Cilium Mesh, facilitates consistent networking across heterogenous infrastructures
  • Nomad support via Cosmonic-developed ‘Netreap’, analogous to Cilium Operator in K8s
  • ClusterMesh scalability markedly improved via KVStoreMesh (contributed by Trip.com) - caches remote cluster info in a local KV store (eg etcd), facilitating deployments up to 50k nodes / 500k pods

Grafana Agent 0.35
#

TLDR: migration subcommand

  • convert subcommand ingests a Prometheus or Prom Agent config, and outputs an Flow mode config (Static mode, OTel and Promtail imports planned for future releases)
  • clustering block auto-distributes Prom and Pyroscope scrape targets during (HPA) scale-out of Flow mode agents
  • additional in-tree exporters: CloudWatch, Kafka, Elasticsearch, MongoDB, Squid

Crossplane 1.13
#

TLDR: ignoreChanges

  • define specific, externally managed/modified attributes via spec.ignoreChanges
  • usability improvements to Composition Functions aka XFN’s [Alpha]

GitLab 16.2
#

TLDR: rich text editor

  • command palette (/ hotkey to trigger)
  • rich text editor - exists parallel to Markdown editor, for those who prefer
  • support for rules.when: never inside an include: CI block
  • keyless cosign artifact signing (uses short-lived GL user OIDC token in lieu of KMS)
  • support for triggering FluxCD reconciliation on GL events
  • improvements to Duo Code Suggestions (GH Copilot competitor, powered by Google AI, requires SaaS GitLab identity)
  • declarative config for Value Stream Dashboard [Ultimate]
  • Slack app support for self-managed instances

Tempo 2.2
#

TLDR: structural operators

  • TraceQL gains support for the >> (descendant), > (child) and ~ (sibling) structural operators
  • further TraceQL additions include negated regex (!~), new trace-level intrinsics, select() and by()
  • experimental /metrics/summary API endpoint returns RED metrics

Talos 1.5
#

TLDR: TPM/KMS backed disk encryption

  • option to publish Kube API locally (via KubePrism) for direct luster access, ie bypassing external LB
  • predictable network interface names (by default, MAC address as a lowercased, contiguous string)
  • support for storing STATE/EPHEMERAL encryption keys on a TPM(2.0) compatible device or an external KMS
  • pre-pulled controlplane and kubelet images during talosctl upgrade-k8s operation
  • talosctl image pull operation seeds dependent images on-demand

Harbor 2.9
#

TLDR: Security Hub

  • support for OCI v1.1.0-rc2, including improved handling of multi-arch images and manifests
  • Security Hub - a UI surfacing artifact scan stats, discovered CVE’s, vulnerable images and search capabilities
  • richer Garbage Collector execution history and support for parallel deletions
  • removal of Notary component

Alertmanager 0.26
#

TLDR: in-tree MSFT Teams integration

  • amtool silence query --id argument for querying an individual silence
  • first-party Microsoft Teams integration
  • file-stored secrets support for the Webhook, Telegram and Pushover integrations

Gitlab 16.3
#

TLDR: AKV CI secrets

  • needs: CI keyword no longer requires parallel jobs be dependant
  • Azure Key Vault secrets integration (for CI/CD jobs)
  • security scan results surfaced in VSCode (via GitLab Workflow extension)
  • improved filtering (status, age, fix available etc) for security scan results
  • SSH connectivity for workspaces (web IDE) [Premium]
  • velocity metrics (MR + issue closures) added to Value Streams Dashboard [Ultimate]
  • Flux (GitOps) deployment status surfaced in Environments web UI

Argo Rollouts 1.6
#

TLDR: multiple AWS ALB’s

  • self-service (ie user-level) notification config, bounded by namespace
  • support for a list of (ie multiple) ALB targets under trafficRouting.alb.ingresses
  • SLSA L3 release attestations

Loki 2.9
#

TLDR: multiple storage buckets

  • ability for querier component to perform alerting & recording rule evaluation (previously only ruler component, single threaded)
  • LogQL performance enhancements, particularly when regex matching
  • support for read/write to multiple heterogeneous object stores (eg new logs to bucket x, aged logs to bucket y)

Linkerd 2.14
#

TLDR: shared net multi-cluster

  • gateway-less mode, enables support for multi-cluster deployments on a flat (shared) network
  • full conformance with Gateway API’s mesh protocol and gateway.networking.k8s.io types
  • improvements to leader-election and HA for service-mirror controller

Istio 1.19
#

TLDR: Gateway API

  • ambient mesh enhancements - ServiceEntry, WorkloadEntry, PeerAuthentication, and DNS proxying support
  • support for Gateway API’s service mesh spec
  • Virtual Machine and Multicluster manifests no longer mandate a WorkloadEntry address field

Mimir 2.10
#

TLDR: ingester enhancements

  • approx 15% lower ingester component memory utilization
  • experimental support for circuit-breaking distributor write requests (to ingesters), and limiting read requests (on ingesters) when CPU or mem hit defined thresholds
  • /ingester/tenants and /ingester/tsdb/{tenant} API endpoints for per-tenant ingester/TSDB info
  • experimental support for ingesting OTel format exponential histograms (downscaled if >8)
  • rule filtering via file, ruler_group and rule_name params

GitLab 16.4
#

TLDR: customizable roles

  • first release of custom roles - assign (a subset of) additive granular permissions to a base role [Ultimate]
  • support for creating workspaces in private projects [Premium]
  • GitLab OIDC for authentication to K8s clusters
  • {sub}group-level dependency list web UI view
  • bulk status updates via (both project and group level) Vulnerability Reports
  • support for emoji-reaction webhook triggers
  • seven day expiry warning emails for expiring {project,group,token} access validity

Teleport 14.0
#

TLDR: ClickHouse

  • autodiscovery of Kubernetes web apps (via Service heuristics)
  • support for writing tbot secrets to a K8s Secret in lieu of local file system storage
  • access lists [Enterprise]
  • support for ClickHouse HTTP and TCP protocols, with activity logging when using HTTP
  • web UI overhaul, centered around a ‘unified resource view’
  • addition of Discord and ServiceNow notification plugins