Release Notes
Grey Matter 1.6

Artifacts

Component
Version
Group
gm-proxy
1.6.3
Core
1.6.5
Core
1.6.5
Core
1.3.0
Core
1.3.0
Core
5.0.0
Core
2.0.0
Core
gm-slo (deprecated)
2.0.0
Core
3.0.1
Core
1.0.0
Core
gm-data
1.2.1
Platform Service
gm-apier
2.0.5
Platform Service
*experimental

gm-proxy

Added
  • JWT Security TCP filter
  • Observables network filter (support for Kafka and file storage)
  • Replaced deciphernow with greymatter-io in go imports, docs, and build files.
  • Metrics TCP filter (with experimental support for Kafka)
  • TCP logger filter
  • JWT Keycloak filter
  • Exposed envoy bindings for and added HTTP & TCP metrics to /stats admin endpoint
Changed
  • Blacklist and whitelist terms changed to allow list and deny list
  • Clean up logging and version output
  • Added a direct means for copying/adding all headers from one header map to another.
  • Default Go toolchain is now the BoringSSL fork. Unofficial, but maintained by the core team.
  • Grey Matter network filters renamed as greymatter.filters.network.<filtername>
  • HTTP Observables EventChain field will now be populate with all eventIDs in the HTTP transaction chain
  • TCP and HTTP metrics filters have path defaults and allow turning off the server
  • HTTP Observables now detect websocket upgrades and emit observables on every websocket frame.
Fixed
  • Use interface types in header map constructors
  • Fixed a bug where some header values were not being copied completely (e.g. only one cookie could be set via the Set-Cookie header).
  • Fixed crash on setting headers in Decoder filter routines
  • Fixed memory leak of header map objects
  • Bazel configuration: test size set explicitly to prevent test warnings and errors
  • Avoid nil pointer dereference in oidc-validation filter
  • Jwt filter defaulting to 0 timeout and no cache
  • Fixed handling of setting duplicated headers, refactor header map handling

gm-control & gm-control-api

Added
  • Sidecar announcement Node information is passed to all resource Adapters
  • Filters set by users that are not supported by a sidecar will now be skipped with a warning
  • Set default XDS_INTERVAL to 5s
  • Traffic shadowing available via the rule.constraint.dark field
  • Docker image for gm-control-api contains the greymatter cli for easier debugging
  • Discovery manager to restart service discovery through admin API
  • pprof for debugging available from /admin API
  • CONTRIBUTING.md guidelines
  • Support for updated Grey Matter network filters
  • EDS updates to set health status for endpoints
  • Grey Matter network logger filter enabled by default
  • Adapter for sending catalog-specific XDS resources
  • Control API gRPC server implementation
  • Added version subcommand
Changed
  • Moved to xDS V3 protocol
  • CSB server now creates resource watches on a per stream basis
  • Cerebro logging now more human readable
  • API active filter arrays will now accept both periods and underscores in filter names
  • Base container changed to Alpine 3.13; The gcompat package is required at runtime.
Fixed
  • Fixed redirects with trailing slash routes
  • Fixed service discovery not pulling in platform updates
  • Fixed CSB deadlocking when bulk requests come in
  • Fixed segmentation fault caused by connection close with resolve DNS set
  • Suppress 'filter not supported' warnings if node extension list doesn't exist
  • Log correct api version
Removed
  • --xds-disabled from control
  • No longer support xDS V2 resources
  • codeclimate no longer runs in this repo

gm-jwt-security

Changed
  • Serve docs as text/plain instead of text/html
Added
  • Initial Boring support
  • Ability to set the log level from the API

gm-jwt-security-gov

Added

  • Add /logging endpoint
Fixed
  • Use text/plain instead of text/html for docs page

gm-dashboard

Added
  • add feature flags
  • display all supported network filters in config pane
  • multi-mesh integration
    • ability to sort and filter by mesh
    • ability to sort and filter by mesh type
    • ability to view istio based services in mesh view
  • new ux for mesh list view
  • anomaly detection view (EXPERIMENTAL)
  • health widget (EXPERIMENTAL)
  • display jwt-keycloak metadata (EXPERIMENTAL)
Fixed
  • display active filters regardless of whether active_http_filters or active_network_filters use dot or underscore as the delimiter
  • config pane now renders selected service
  • ignore defaults in url state
  • Config pane close button ux
  • Bug where warning counts were not displayed in service view

gm-catalog

Added
  • Support for Istio mesh service discovery
  • Reporting of instance health statuses, including non-responsive instances
  • Expose all instance metadata reported from xDS, including the instance address
  • Extensions per mesh for data aggregation from various services (e.g. LAD)
  • Labeling of mesh assets with arbitrary key-value pairs
  • Ability to seed initial data via configured JSON or YAML file
  • Enable building with BoringSSL by setting `ENABLE_BORINGSSL=1`
Changed
  • Updated catalog structure to support multi-zone in multi-mesh
  • Generalized API to support multiple mesh types (e.g. Istio)
  • Updated API fields to use snake case over camel case formatting
  • Support consuming xDS v3 resources from Control
  • Make configuring a specific discovery cluster (i.e. `edge`) optional

gm-slo

Note: gm-slo is deprecated, and will be removed in the next release
Features
  • Support multi-mesh objectives
Deprecated
  • Remove business impacts
Fixes
  • Update alpine base image
  • Update npm dependencies

greymatter cli

Fixed
  • Fixed bug deleting instances from a cluster on edit
Added
  • Support for CA certs via `api.ssltrust` and `catalog.ssltrust`
  • Enable building with BoringSSL by setting `ENABLE_BORINGSSL=1`
Changed
  • Replaced Catalog v1 support with Catalog v2 via `catalog-mesh` and `catalog-service` objects

sense-lad (experimental)

Initial release of Log Anomaly Detection functionality
Added
  • Persistent monitoring and storage of anomalous logs with heatmaps and adjacent lines
  • Automatic collection and training on new incoming Kubernetes logs delivered by Fluent Bit or FluentD
  • User controls for feedback, retraining, and tuning
  • Flood mitigation with graceful degradation and circuit breakers
  • Status and statistics
Changed
  • Upgraded PyTorch to 1.8.1 for performance improvements
  • Performance improvements in caching
Fixed
  • Bug in bounded simple queue injected into ThreadPoolExecutor was causing monitoring queue hangs

gm-data

Added
  • JWK support. Env var JWK can contain either a base64 encoded JWK file, or the location of a mounted plaintext JWK file. This exists to facilitate situations where the JWT signing keys originate in JWK format rather than PEM format, such as what happens with Keycloak.
  • Azure support. Set env vars: AZURE_ENDPOINT, AZURE_STORAGE_ACCOUNT, AZURE_STORAGE_ACCESS_KEY, AZURE_STORAGE_CONTAINER
Changed
  • Move up to Go1.16 for boring ssl
  • Require env variable GODEBUG=x509ignoreCN=0 to connect to servers without a proper SAN
  • Enable playground by default, and fix bug that prevented playground UI from working

gm-apier

Fixed
  • Prohibit local variable access in query string
Changed
  • Make query parsing error messages more descriptive
  • Update ROOT_PATH, DOCS_URL, and REDOC_URL defaults and docs

Known Bugs

  • If gm-control is asked to watch a Kubernetes namespace it does not have RBAC permissions for, it will crash.