Skip to content

Releases: kyma-project/kyma

2.5.0

02 Aug 09:55
@github-actions github-actions
2.5.0
204ba99
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2.5.0

In this release, we're rowing our boat gently down the stream, introducing support for Kubernetes 1.23, new alpha functionality, updates, and deprecation and changes in preparation for the new and better. Read on to find out exactly what Kyma 2.5 has to offer!

General

With Kyma 2.5, we now officially support Kubernetes in version 1.23. For more details on this version, read the Kubernetes release notes.

API Exposure

APIRule version deprecation

This Kyma release comes with deprecation of the APIRule CR in version gateway.kyma-project.io./v1alpha1.

In the future releases, we will work on supporting exposure of multiple services under the same host, and on the first version of securing workloads with Istio. Stay tuned!

Observability

Configurable Logging in the alpha version

With release 2.5, we introduced an exciting alpha feature: Kyma’s Telemetry component.

It opens up the logging stack by separating the log collection and shipment from storage and analysis, and offers configuration possibilities at runtime.
To ship logs to your preferred external logging backend, simply provide your own Fluent Bit output configuration.
Of course, you can still use Kyma’s pre-configured Loki component as the logging backend within the cluster.

For more information, read the Telemetry component documentation.

Fluent Bit updated to version 1.9.6

With Kyma 2.5, we updated Fluent Bit to version 1.9.6. For more details on this version, read the Fluent Bit release notes.

Service Mesh

Istio Helm chart changes

In this release, we're starting the journey to change the default sidecar injection settings so that they match the defaults in Istio.

We are not making any changes to the sidecar injection with Kyma 2.5, but to prepare for the upcoming migration of existing runtimes, we introduced a temporary parameter: global.sidecarMigration.
For now, this new parameter is set to true, so the injection stays enabled.

To learn more about this topic, read about Istio sidecars and why you want them.

2.5.0-rc3 (2022-07-29)

Application Connector

  • #14969 Bump image of app connectivity validator to use latest image build for release 2.5 (@koala7659)
  • #14959 Using latest common/logger package and latest version of golang.org/x/net (@koala7659)
  • #14958 Update dependencies to newer versions for kyma/common module on release-2.5 (@koala7659)

Committers: 3

2.5.0-rc1 (2022-07-26)

Application Connector

Serverless

Eventing

Security

  • #14832 Prevent APIRule creation in case non secured HTTP is provided for jwks_urls and trusted_issuers (@cnvergence)

Service Mesh

Monitoring

Logging

Documentation

CI

Read more
Assets 3
Loading

2.5.0-rc3

29 Jul 11:47
@github-actions github-actions
2.5.0-rc3
f33e876
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2.5.0-rc3 Pre-release
Pre-release

2.5.0-rc1 (2022-07-26)

Application Connector

Serverless

Eventing

Security

  • #14832 Prevent APIRule creation in case non secured HTTP is provided for jwks_urls and trusted_issuers (@cnvergence)

Service Mesh

Monitoring

Logging

Documentation

CI

Committers: 32

Assets 3
Loading

2.4.3

29 Jul 07:49
@github-actions github-actions
2.4.3
9207292
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2.4.3

2.4.3 (2022-07-28)

Application Connector

  • #14957 Bump image of app connectivity validator to use latest image build for release 2.4 (@koala7659)
  • #14948 Using lastet common/logger package and latest version of golang.org/x/net (@koala7659)
  • #14943 Logger dependency bump (@koala7659)

Serverless

Logging

  • #14926 added extensionProviders for envoy access logs to have logs in JSON format (@a-thaler)

Committers: 3

Assets 3
Loading

2.5.0-rc2

26 Jul 12:18
@github-actions github-actions
2.5.0-rc2
6e14900
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2.5.0-rc2 Pre-release
Pre-release

2.5.0-rc1 (2022-07-26)

Application Connector

Serverless

Eventing

Security

  • #14832 Prevent APIRule creation in case non secured HTTP is provided for jwks_urls and trusted_issuers (@cnvergence)

Service Mesh

Monitoring

Logging

Documentation

CI

Committers: 32

Assets 3
Loading

2.5.0-rc1

26 Jul 08:05
@github-actions github-actions
2.5.0-rc1
6018915
Compare
Choose a tag to compare
2.5.0-rc1 Pre-release
Pre-release

2.5.0-rc1 (2022-07-26)

Application Connector

Serverless

Eventing

Security

  • #14832 Prevent APIRule creation in case non secured HTTP is provided for jwks_urls and trusted_issuers (@cnvergence)

Service Mesh

Monitoring

Logging

Documentation

CI

Committers: 32

Assets 3
Loading

2.4.2

01 Jul 13:09
@github-actions github-actions
2.4.2
6fc3f48
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2.4.2

2.4.2 (2022-07-01)

Serverless

  • #14723 Bump serverless images to fix git fetch bug with tags on Azure devops (@moelsayed)
Assets 3
Loading

2.4.1

01 Jul 08:16
@github-actions github-actions
2.4.1
59ca762
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2.4.1

2.4.1 (2022-07-01)

Serverless

  • #14723 Bump serverless images to fix git fetch bug with tags on Azure devops (@moelsayed)
Assets 3
Loading

2.4.0

30 Jun 12:27
@github-actions github-actions
2.4.0
381e2fd
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2.4.0

Swooosh… wow that was fast - the first half of 2022 is over already, and we’re at Kyma release 2.4!
We hope this summery update finds you well; maybe you’re going through your wardrobe and packing for vacation right now? No matter if you’re already sipping a cocktail on the beach or busy planning your vacation, find some time to read our hot news.
To name just a few of the improvements and updates that we packed into this release, Eventing got a new backend and Serverless supports a new runtime.
We’ve also finalized our spring cleaning and completely removed Service Catalog and Rafter. The Application Connectivity and Observability components have been adjusted accordingly.

Application Connectivity

Application Gateway support for mTLS-OAuth

We introduced support for mTLS OAuth-secured APIs in Application Gateway. You can now configure your Application CRs so that Application Gateway fetches the OAuth token with the help of a TLS certificate as a credential. To learn how to do that, see Register an OAuth 2.0 mTLS-secured API.

Eventing

Introduced NATS JetStream as the default Eventing backend

With Kyma 2.4, we changed the NATS eventing backend to use NATS JetStream instead of just Core NATS. This updated backend improves the delivery guarantees from previously AT-MOST-ONCE to now AT-LEAST-ONCE. To facilitate this change, the NATS cluster now relies on backing storage by default.

Serverless

Added support to NodeJS 16

With Kyma 2.4, you have a new Serverless runtime available – NodeJS 16.
This new runtime not only brings a new version of NodeJS but also new versions of bundled OpenTelemetry SDK. All this enhances the development experience for NodeJS developers and improves the traceability of the requests handled by your NodeJS functions.

Improved scheduling of Function build jobs

We have fixed the resource configuration for some of the Kyma components to reduce their CPU overcommitment. Additionally, we have removed the fixed requirements for computation resources for Function build jobs. With those changes, Function build jobs have better conditions to be scheduled, and your Functions won't be stuck in the building phase.

Service Management

Service Catalog removed

With Kyma 1.23, we announced the deprecation of Service Catalog. Now in Kyma 2.4, we completely removed it. That's why in the 2.4 release, the following Service Catalog-related components are no longer installed as part of Kyma:

  • Service Catalog

  • Helm Broker

  • Application Broker

  • Application Operator

  • Service Binding Usage Controller

  • Rafter

Note that your Service Catalog resources will not be migrated to any other solution. As mentioned in the Service Catalog deprecation update, we recommend you to use service operators for Service Management in Kyma.

If you already switched to another solution and want to remove the obsolete CRDs from your cluster, run Service Catalog cleanup script provided in the Migration Guide after you upgrade from Kyma 2.3 to 2.4.

Service Catalog removal also affects Application Connectivity. We removed some components that interacted with Service Catalog, which means that Application Operator and Application Broker are no longer installed on new clusters. This also means that on fresh clusters, or after executing the migration script we provide, the old Application flow will no longer be present, and you will need to use the new way of connecting the external Systems.

PodPreset deprecation note

Due to the Service Catalog removal, Kyma will stop managing PodPresets by the end of October, 2022. Make sure to migrate your resources until then.

Once the PodPresets are removed, the Secrets consumed by your existing Pods will only last until the restart. Upon the next Pods creation, the auto-injecting mechanism will be gone and you will have to mount the Secrets using these solutions:

  • Mounting Secrets to Kyma Functions
  • Mounting Secrets to Kubernetes Deployments (using either volume or environment variable mounting)

Mounting Secrets to Kyma Functions

Mounting Secret data to Kyma Function ensures that the data is preserved in the Function despite the configuration changes you may provide in the future. In this method, all Secret keys become environment variables. You can provide them to your Function using Kyma Dashboard:

  1. In Kyma Dashboard, go to the Functions view and select a Function.
  2. In the Environment Variables section, click Add Environment Variable.
  3. Select Secret Variable and provide the required details.

This adds the env property with environment variables to the Function's specification:

env:
  - name: Email
    valueFrom:
      secretKeyRef:
        key: Email
        name: test-secret
  - name: Name
    valueFrom:
      secretKeyRef:
        key: Name
        name: test-secret

Alternatively, you can add the env property by editing the Function's specification directly.

Mounting Secrets to Kubernetes Deployments

You can also mount Secrets to Kubernetes Deployments using either volume or environment variable mounting.

  • Follow these steps to mount your Secrets to Kubernetes Deployments using volumes:

    1. Add the volumes property with your Secret data to the spec.template.spec.volumes property of your Deployment:

      volumes:
- name: volume-with-secret-data
  secret:
    secretName: test-secret
    optional: false

    2. Add volumeMounts to the spec.template.spec.containers[] property of every container in which you want to consume a given Secret:

      volumeMounts:
  - name: volume-with-secret-data
    mountPath: "/secret/data"
    readOnly: true

  • You can also mount Secrets to Kubernetes Deployments using environment variables:

    • In the Deployment's spec.template.spec.containers[] property, add envFrom to every container in which you want to consume a Secret: 
      envFrom:
  - secretRef:
    name: test-secret
    • If you want to configure environment variables, add env to the spec.template.spec.containers[] property to every container in which you want to consume a Secret. See the example: 
        env:
- name: EMAIL-FROM-SECRET
  valueFrom:
    secretKeyRef:
      name: test-secret
      key: Email
      optional: false
- name: PASSWORD-FROM-SECRET
  valueFrom:
    secretKeyRef:
      name: test-secret
      key: Password
      optional: false
- name: NAME-FROM-SECRET
  valueFrom:
    secretKeyRef:
      name: test-secret
      key: Name
      optional: true

Service Mesh

Istio upgraded to 1.14.1

In this release, we upgraded Istio from 1.13.2 to 1.14.1. For more details, read the official Istio 1.14.1 release notes.

Observability

Kiali upgraded to 1.51.1

To ensure compatibility after the Istio upgrade to v1.14, we upgraded Kiali to 1.51.1. It contains name changes of most Kiali resources, so we added Kiali cleanup script to delete old resources after the upgrade.

2.4.0-rc1 (2022-06-27)

Application Connector

  • #14696 Bump AC images (@franpog859)
  • #14082 docker(deps): bump kyma-project/external/alpine from 3.14.2 to 3.15.4 in /components/central-application-gateway (@dependabot[bot])
  • #13940 gomod(deps): bump github.com/vrischmann/envconfig from 1.1.0 to 1.3.0 in /components/central-application-connectivity-validator (@dependabot[bot])
  • #13913 gomod(deps): bump go.uber.org/zap from 1.18.1 to 1.21.0 in /components/central-application-connectivity-validator (@dependabot[bot])
  • #14081 docker(deps): bump kyma-project/external/alpine from 3.13.4 to 3.15.4 in /components/compass-runtime-agent (@dependabot[bot])
  • #14636 Remove franpog859 forks from AC dependencies (@franpog859)
  • #13296 Remove Application Operator (@franpog859)
  • #13012 Remove Rafter from Compass Runtime Agent (@mvshao)
  • #14549 Fix helpers.tpl name definition for Application Gateway (@janmedrek)
  • #14468 Remove not needed Applicati...
Read more
Assets 3
Loading

2.4.0-rc1

27 Jun 11:46
@github-actions github-actions
2.4.0-rc1
889b20c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2.4.0-rc1 Pre-release
Pre-release

2.4.0-rc1 (2022-06-27)

Application Connector

Eventing

Security

Service Mesh

Installation

Logging

  • #14486 Configure logging to use Text output as default (@Cortey)

Documentation

CI

Core and Supporting

Committers: 32

Assets 3
Loading

2.3.0

08 Jun 08:07
@github-actions github-actions
2.3.0
6e8d375
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
2.3.0

Summer is just around the corner. The days are longer and brighter and we can't help but think about the upcoming holidays. That's why with Kyma 2.3 we say goodbye to the good old spring days (and to some Kyma components), and we already look forward to new challenges. Read the full release notes to learn about all the improvements and fixes we provided with the Kyma 2.3 release.

CAUTION: Before upgrading to Kyma 2.3, read the Migration Guide.

Application Connectivity

Removal of Application Registry and Connector Service

Kyma 2.3 brings a big change in the Application Connectivity area – almost 2 years ago we've published a note about the deprecation of those services and now they have been completely removed. The functionality of connecting and registering external services is no longer available in the standalone mode of Kyma. Worry not though. If you want to keep the old flow available in your cluster, you can make use of Compass and Kyma integration.

We strongly encourage you to explore other options – Central Application Gateway provides an easier way of reaching external APIs, and all you need to do is apply a simple YAML file with an Application custom resource (CR) instead of going through the cumbersome certificate flow. Eventing can also be easily exposed with an API Rule.

Also, due to the removal of the mentioned components, we recommend you to delete the obsolete resources when upgrading to Kyma 2.3. Read the Migration Guide to learn more.

API Gateway

Ory stack upgrade

As of the Kyma 2.3 release, we have upgraded:

  • Ory Oathkeeper from 0.38.15 to v0.38.25. For more details, read the official Oathkeeper v0.38.25-beta.1 release notes.
  • Ory Hydra from 1.10.7 to 1.11.8. For more details, read the official Hydra v1.11.8 release notes.
  • Ory Hydra-Maester from 0.0.24 to 0.0.25. For more details, read the official Hydra-Maester v0.0.25 release notes.
  • PostgreSQL from 11.14 to 11.15. For more details, read the official PostgreSQL 11.15 release notes.

Observability

Monitoring upgrade

In 2.3, we have also upgraded monitoring component to the latest version of the kube-prometheus-stack chart. With that, multiple Prometheus rules got updated and the components were upgraded to the following versions:

  • Prometheus-operator v0.56.2
  • Alertmanager 0.24.0
  • Prometheus 2.35.0
  • Grafana 7.5.16

Serverless

Improved Git Functions handling

We improved the reconciliation of Git Functions and removed redundant git fetch operations, which improves the stability of Function Controller.

Fixed the incorrect lifecycle management of the Serverless defaulting webhook certificate

With 2.3, we fixed the incorrect lifecycle management of the Serverless defaulting webhook service certificate. Previously, the certificate was expiring after few days and it wasn't renewed. Now, the certificate is renewed automatically after expiration.

Additional rescheduling of Function's failed build jobs

2.3 brings yet another improvement in the Serverless area. Now, if a Function build fails, it is rescheduled after some time, which wasn't the case in the previous release. This improves consistency and integrity of the Function's state after Kyma upgrade.

2.3.0-rc1 (2022-06-01)

Application Connector

  • #13984 Remove Application Registry and Connector Service from the Kyma documentation (@majakurcius)
  • #13891 Removal of the Application Registry, Connector Service and Connection Token Handler sources (@mvshao)

Serverless

Eventing

Security

Monitoring

Logging

Documentation

Committers: 41

Read more
Assets 3
Loading