Release Notes
Grey Matter 1.6

Artifacts

Component
Version
Group
gm-proxy
1.6.3
Core
1.6.5
Core
1.6.5
Core
1.3.0
Core
1.3.0
Core
5.0.0
Core
2.0.0
Core
gm-slo (deprecated)
2.0.0
Core
3.0.1
Core
1.0.0
Core
gm-data
1.2.1
Platform Service
gm-apier
2.0.5
Platform Service
*experimental

gm-proxy

Added
    JWT Security TCP filter
    Observables network filter (support for Kafka and file storage)
    Replaced deciphernow with greymatter-io in go imports, docs, and build files.
    Metrics TCP filter (with experimental support for Kafka)
    TCP logger filter
    JWT Keycloak filter
    Exposed envoy bindings for and added HTTP & TCP metrics to /stats admin endpoint
Changed
    Blacklist and whitelist terms changed to allow list and deny list
    Clean up logging and version output
    Added a direct means for copying/adding all headers from one header map to another.
    Default Go toolchain is now the BoringSSL fork. Unofficial, but maintained by the core team.
    Grey Matter network filters renamed as greymatter.filters.network.<filtername>
    HTTP Observables EventChain field will now be populate with all eventIDs in the HTTP transaction chain
    TCP and HTTP metrics filters have path defaults and allow turning off the server
    HTTP Observables now detect websocket upgrades and emit observables on every websocket frame.
Fixed
    Use interface types in header map constructors
    Fixed a bug where some header values were not being copied completely (e.g. only one cookie could be set via the Set-Cookie header).
    Fixed crash on setting headers in Decoder filter routines
    Fixed memory leak of header map objects
    Bazel configuration: test size set explicitly to prevent test warnings and errors
    Avoid nil pointer dereference in oidc-validation filter
    Jwt filter defaulting to 0 timeout and no cache
    Fixed handling of setting duplicated headers, refactor header map handling

gm-control & gm-control-api

Added
    Sidecar announcement Node information is passed to all resource Adapters
    Filters set by users that are not supported by a sidecar will now be skipped with a warning
    Set default XDS_INTERVAL to 5s
    Traffic shadowing available via the rule.constraint.dark field
    Docker image for gm-control-api contains the greymatter cli for easier debugging
    Discovery manager to restart service discovery through admin API
    pprof for debugging available from /admin API
    CONTRIBUTING.md guidelines
    Support for updated Grey Matter network filters
    EDS updates to set health status for endpoints
    Grey Matter network logger filter enabled by default
    Adapter for sending catalog-specific XDS resources
    Control API gRPC server implementation
    Added version subcommand
Changed
    Moved to xDS V3 protocol
    CSB server now creates resource watches on a per stream basis
    Cerebro logging now more human readable
    API active filter arrays will now accept both periods and underscores in filter names
    Base container changed to Alpine 3.13; The gcompat package is required at runtime.
Fixed
    Fixed redirects with trailing slash routes
    Fixed service discovery not pulling in platform updates
    Fixed CSB deadlocking when bulk requests come in
    Fixed segmentation fault caused by connection close with resolve DNS set
    Suppress 'filter not supported' warnings if node extension list doesn't exist
    Log correct api version
Removed
    --xds-disabled from control
    No longer support xDS V2 resources
    codeclimate no longer runs in this repo

gm-jwt-security

Changed
    Serve docs as text/plain instead of text/html
Added
    Initial Boring support
    Ability to set the log level from the API

gm-jwt-security-gov

Added

    Add /logging endpoint
Fixed
    Use text/plain instead of text/html for docs page

gm-dashboard

Added
    add feature flags
    display all supported network filters in config pane
    multi-mesh integration
      ability to sort and filter by mesh
      ability to sort and filter by mesh type
      ability to view istio based services in mesh view
    new ux for mesh list view
    anomaly detection view (EXPERIMENTAL)
    health widget (EXPERIMENTAL)
    display jwt-keycloak metadata (EXPERIMENTAL)
Fixed
    display active filters regardless of whether active_http_filters or active_network_filters use dot or underscore as the delimiter
    config pane now renders selected service
    ignore defaults in url state
    Config pane close button ux
    Bug where warning counts were not displayed in service view

gm-catalog

Added
    Support for Istio mesh service discovery
    Reporting of instance health statuses, including non-responsive instances
    Expose all instance metadata reported from xDS, including the instance address
    Extensions per mesh for data aggregation from various services (e.g. LAD)
    Labeling of mesh assets with arbitrary key-value pairs
    Ability to seed initial data via configured JSON or YAML file
    Enable building with BoringSSL by setting `ENABLE_BORINGSSL=1`
Changed
    Updated catalog structure to support multi-zone in multi-mesh
    Generalized API to support multiple mesh types (e.g. Istio)
    Updated API fields to use snake case over camel case formatting
    Support consuming xDS v3 resources from Control
    Make configuring a specific discovery cluster (i.e. `edge`) optional

gm-slo

Note: gm-slo is deprecated, and will be removed in the next release
Features
    Support multi-mesh objectives
Deprecated
    Remove business impacts
Fixes
    Update alpine base image
    Update npm dependencies

greymatter cli

Fixed
    Fixed bug deleting instances from a cluster on edit
Added
    Support for CA certs via `api.ssltrust` and `catalog.ssltrust`
    Enable building with BoringSSL by setting `ENABLE_BORINGSSL=1`
Changed
    Replaced Catalog v1 support with Catalog v2 via `catalog-mesh` and `catalog-service` objects

sense-lad (experimental)

Initial release of Log Anomaly Detection functionality
Added
    Persistent monitoring and storage of anomalous logs with heatmaps and adjacent lines
    Automatic collection and training on new incoming Kubernetes logs delivered by Fluent Bit or FluentD
    User controls for feedback, retraining, and tuning
    Flood mitigation with graceful degradation and circuit breakers
    Status and statistics
Changed
    Upgraded PyTorch to 1.8.1 for performance improvements
    Performance improvements in caching
Fixed
    Bug in bounded simple queue injected into ThreadPoolExecutor was causing monitoring queue hangs

gm-data

Added
    JWK support. Env var JWK can contain either a base64 encoded JWK file, or the location of a mounted plaintext JWK file. This exists to facilitate situations where the JWT signing keys originate in JWK format rather than PEM format, such as what happens with Keycloak.
    Azure support. Set env vars: AZURE_ENDPOINT, AZURE_STORAGE_ACCOUNT, AZURE_STORAGE_ACCESS_KEY, AZURE_STORAGE_CONTAINER
Changed
    Move up to Go1.16 for boring ssl
    Require env variable GODEBUG=x509ignoreCN=0 to connect to servers without a proper SAN
    Enable playground by default, and fix bug that prevented playground UI from working

gm-apier

Fixed
    Prohibit local variable access in query string
Changed
    Make query parsing error messages more descriptive
    Update ROOT_PATH, DOCS_URL, and REDOC_URL defaults and docs

Known Bugs

    If gm-control is asked to watch a Kubernetes namespace it does not have RBAC permissions for, it will crash.
Last modified 2mo ago