Skip to content

release-v1.2.3

Latest
Latest
Compare
Choose a tag to compare
@nshankar13 nshankar13 released this 09 Feb 00:55
· 19 commits to release-v1.2 since this release
v1.2.3
0122837
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Notable Changes

  • Custom trust domains (i.e. certificate CommonNames) are now supported.
  • The authentication token used to configure the Hashicorp Vault certificate provider can now be passed in using a secretRef
  • Envoy has been updated to v1.22 and uses the envoyproxy/envoy-distroless image instead of the deprecated envoyproxy/envoy-alpine image.
    • This means that kubectl exec -c envoy ... -- sh will no longer work for the Envoy sidecar.
  • Added support for Kubernetes 1.23 and 1.24.
  • Rate limiting: Added capability to perform local per-instance rate limiting of TCP connections and HTTP requests.
  • Statefulsets and headless services have been fixed and work as expected.

Breaking Changes

  • The following metrics no longer use the label common_name, due to the fact that the common name's trust domain can rotate. Instead 2 new labels, proxy_uuid and identity have been added.
    • osm_proxy_response_send_success_count
    • osm_proxy_response_send_error_count
    • osm_proxy_xds_request_count
  • Support for Kubernetes 1.20 and 1.21 has been dropped.
  • Multi-arch installation supported by the Chart Helm by customizing the affinity and nodeSelector fields.
  • Root service in a TrafficSplit configuration must have a selector matching the pods backing the leaf services. The legacy behavior where a root service without a selector matching the pods backing the leaf services is able to split traffic, has been removed.
Assets 2
Loading