1.6
Installation
Guides
Reference
Release Notes
Grey Matter 1.6
Artifacts
Component
Version
Group
*experimental
gm-proxy
Added
- JWT Security TCP filter
- Observables network filter (support for Kafka and file storage)
- Replaced deciphernow with greymatter-io in go imports, docs, and build files.
- Metrics TCP filter (with experimental support for Kafka)
- TCP logger filter
- JWT Keycloak filter
- Exposed envoy bindings for and added HTTP & TCP metrics to /stats admin endpoint
Changed
- Blacklist and whitelist terms changed to allow list and deny list
- Clean up logging and version output
- Added a direct means for copying/adding all headers from one header map to another.
- Default Go toolchain is now the BoringSSL fork. Unofficial, but maintained by the core team.
- Grey Matter network filters renamed as greymatter.filters.network.<filtername>
- HTTP Observables EventChain field will now be populate with all eventIDs in the HTTP transaction chain
- TCP and HTTP metrics filters have path defaults and allow turning off the server
- HTTP Observables now detect websocket upgrades and emit observables on every websocket frame.
Fixed
- Use interface types in header map constructors
- Fixed a bug where some header values were not being copied completely (e.g. only one cookie could be set via the Set-Cookie header).
- Fixed crash on setting headers in Decoder filter routines
- Fixed memory leak of header map objects
- Bazel configuration: test size set explicitly to prevent test warnings and errors
- Avoid nil pointer dereference in oidc-validation filter
- Jwt filter defaulting to 0 timeout and no cache
- Fixed handling of setting duplicated headers, refactor header map handling
gm-control & gm-control-api
Added
- Sidecar announcement Node information is passed to all resource Adapters
- Filters set by users that are not supported by a sidecar will now be skipped with a warning
- Set default XDS_INTERVAL to 5s
- Traffic shadowing available via the rule.constraint.dark field
- Docker image for gm-control-api contains the greymatter cli for easier debugging
- Discovery manager to restart service discovery through admin API
- pprof for debugging available from /admin API
- CONTRIBUTING.md guidelines
- Support for updated Grey Matter network filters
- EDS updates to set health status for endpoints
- Grey Matter network logger filter enabled by default
- Adapter for sending catalog-specific XDS resources
- Control API gRPC server implementation
- Added version subcommand
Changed
- Moved to xDS V3 protocol
- CSB server now creates resource watches on a per stream basis
- Cerebro logging now more human readable
- API active filter arrays will now accept both periods and underscores in filter names
- Base container changed to Alpine 3.13; The gcompat package is required at runtime.
Fixed
- Fixed redirects with trailing slash routes
- Fixed service discovery not pulling in platform updates
- Fixed CSB deadlocking when bulk requests come in
- Fixed segmentation fault caused by connection close with resolve DNS set
- Suppress 'filter not supported' warnings if node extension list doesn't exist
- Log correct api version
Removed
- --xds-disabled from control
- No longer support xDS V2 resources
- codeclimate no longer runs in this repo
gm-jwt-security
Changed
- Serve docs as text/plain instead of text/html
Added
- Initial Boring support
- Ability to set the log level from the API
gm-jwt-security-gov
Added
- Add
/loggingendpoint
Fixed
- Use
text/plaininstead oftext/htmlfor docs page
gm-dashboard
Added
- add feature flags
- display all supported network filters in config pane
- multi-mesh integration
- ability to sort and filter by mesh
- ability to sort and filter by mesh type
- ability to view istio based services in mesh view
- new ux for mesh list view
- anomaly detection view (EXPERIMENTAL)
- health widget (EXPERIMENTAL)
- display jwt-keycloak metadata (EXPERIMENTAL)
Fixed
- display active filters regardless of whether active_http_filters or active_network_filters use dot or underscore as the delimiter
- config pane now renders selected service
- ignore defaults in url state
- Config pane close button ux
- Bug where warning counts were not displayed in service view
gm-catalog
Added
- Support for Istio mesh service discovery
- Reporting of instance health statuses, including non-responsive instances
- Expose all instance metadata reported from xDS, including the instance address
- Extensions per mesh for data aggregation from various services (e.g. LAD)
- Labeling of mesh assets with arbitrary key-value pairs
- Ability to seed initial data via configured JSON or YAML file
- Enable building with BoringSSL by setting `ENABLE_BORINGSSL=1`
Changed
- Updated catalog structure to support multi-zone in multi-mesh
- Generalized API to support multiple mesh types (e.g. Istio)
- Updated API fields to use snake case over camel case formatting
- Support consuming xDS v3 resources from Control
- Make configuring a specific discovery cluster (i.e. `edge`) optional
gm-slo
Note: gm-slo is deprecated, and will be removed in the next release
Features
- Support multi-mesh objectives
Deprecated
- Remove business impacts
Fixes
- Update alpine base image
- Update npm dependencies
greymatter cli
Fixed
- Fixed bug deleting instances from a cluster on edit
Added
- Support for CA certs via `api.ssltrust` and `catalog.ssltrust`
- Enable building with BoringSSL by setting `ENABLE_BORINGSSL=1`
Changed
- Replaced Catalog v1 support with Catalog v2 via `catalog-mesh` and `catalog-service` objects
sense-lad (experimental)
Initial release of Log Anomaly Detection functionality
Added
- Persistent monitoring and storage of anomalous logs with heatmaps and adjacent lines
- Automatic collection and training on new incoming Kubernetes logs delivered by Fluent Bit or FluentD
- User controls for feedback, retraining, and tuning
- Flood mitigation with graceful degradation and circuit breakers
- Status and statistics
Changed
- Upgraded PyTorch to 1.8.1 for performance improvements
- Performance improvements in caching
Fixed
- Bug in bounded simple queue injected into ThreadPoolExecutor was causing monitoring queue hangs
gm-data
Added
- JWK support. Env var JWK can contain either a base64 encoded JWK file, or the location of a mounted plaintext JWK file. This exists to facilitate situations where the JWT signing keys originate in JWK format rather than PEM format, such as what happens with Keycloak.
- Azure support. Set env vars: AZURE_ENDPOINT, AZURE_STORAGE_ACCOUNT, AZURE_STORAGE_ACCESS_KEY, AZURE_STORAGE_CONTAINER
Changed
- Move up to Go1.16 for boring ssl
- Require env variable GODEBUG=x509ignoreCN=0 to connect to servers without a proper SAN
- Enable playground by default, and fix bug that prevented playground UI from working
gm-apier
Fixed
- Prohibit local variable access in query string
Changed
- Make query parsing error messages more descriptive
- Update ROOT_PATH, DOCS_URL, and REDOC_URL defaults and docs
Known Bugs
- If gm-control is asked to watch a Kubernetes namespace it does not have RBAC permissions for, it will crash.
Last modified 8mo ago