Release Notes

Search…
Release Notes
Grey Matter 1.6
Artifacts
Component
Version
Group
​gm-proxy​
1.6.3
Core
​gm-control​
1.6.5
Core
​gm-control-api​
1.6.5
Core
​gm-jwt-security​
1.3.0
Core
​gm-jwt-security-gov​
1.3.0
Core
​gm-dashboard​
5.0.0
Core
​gm-catalog​
2.0.0
Core
​gm-slo (deprecated)
2.0.0
Core
​greymatter (CLI)​
3.0.1
Core
​sense-lad*​
1.0.0
Core
​gm-data​
1.2.1
Platform Service
​gm-apier​
2.0.5
Platform Service
*experimental
gm-proxy
Added
JWT Security TCP filter
Observables network filter (support for Kafka and file storage)
Replaced deciphernow with greymatter-io in go imports, docs, and build files.
Metrics TCP filter (with experimental support for Kafka)
TCP logger filter
JWT Keycloak filter
Exposed envoy bindings for and added HTTP & TCP metrics to /stats admin endpoint
Changed
Blacklist and whitelist terms changed to allow list and deny list
Clean up logging and version output
Added a direct means for copying/adding all headers from one header map to another.
Default Go toolchain is now the BoringSSL fork. Unofficial, but maintained by the core team.
Grey Matter network filters renamed as greymatter.filters.network.<filtername>
HTTP Observables EventChain field will now be populate with all eventIDs in the HTTP transaction chain
TCP and HTTP metrics filters have path defaults and allow turning off the server
HTTP Observables now detect websocket upgrades and emit observables on every websocket frame.
Fixed
Use interface types in header map constructors
Fixed a bug where some header values were not being copied completely (e.g. only one cookie could be set via the Set-Cookie header).
Fixed crash on setting headers in Decoder filter routines
Fixed memory leak of header map objects
Bazel configuration: test size set explicitly to prevent test warnings and errors
Avoid nil pointer dereference in oidc-validation filter
Jwt filter defaulting to 0 timeout and no cache
Fixed handling of setting duplicated headers, refactor header map handling
gm-control & gm-control-api
Added
Sidecar announcement Node information is passed to all resource Adapters
Filters set by users that are not supported by a sidecar will now be skipped with a warning
Set default XDS_INTERVAL to 5s
Traffic shadowing available via the rule.constraint.dark field
Docker image for gm-control-api contains the greymatter cli for easier debugging
Discovery manager to restart service discovery through admin API
pprof for debugging available from /admin API
CONTRIBUTING.md guidelines
Support for updated Grey Matter network filters
EDS updates to set health status for endpoints
Grey Matter network logger filter enabled by default
Adapter for sending catalog-specific XDS resources
Control API gRPC server implementation
Added version subcommand
Changed
Moved to xDS V3 protocol
CSB server now creates resource watches on a per stream basis
Cerebro logging now more human readable
API active filter arrays will now accept both periods and underscores in filter names
Base container changed to Alpine 3.13; The gcompat package is required at runtime.
Fixed
Fixed redirects with trailing slash routes
Fixed service discovery not pulling in platform updates
Fixed CSB deadlocking when bulk requests come in
Fixed segmentation fault caused by connection close with resolve DNS set
Suppress 'filter not supported' warnings if node extension list doesn't exist
Log correct api version
Removed
--xds-disabled from control
No longer support xDS V2 resources
codeclimate no longer runs in this repo
gm-jwt-security
Changed
Serve docs as text/plain instead of text/html
Added
Initial Boring support
Ability to set the log level from the API
gm-jwt-security-gov
Added
Add /logging endpoint
Fixed
Use text/plain instead of text/html for docs page
gm-dashboard
Added
add feature flags
display all supported network filters in config pane
multi-mesh integration
ability to sort and filter by mesh
ability to sort and filter by mesh type 
ability to view istio based services in mesh view
new ux for mesh list view
anomaly detection view (EXPERIMENTAL) 
health widget (EXPERIMENTAL)
display jwt-keycloak metadata (EXPERIMENTAL)
Fixed
display active filters regardless of whether active_http_filters or active_network_filters use dot or underscore as the delimiter
config pane now renders selected service 
ignore defaults in url state
Config pane close button ux
Bug where warning counts were not displayed in service view
gm-catalog
Added
Support for Istio mesh service discovery
Reporting of instance health statuses, including non-responsive instances
Expose all instance metadata reported from xDS, including the instance address
Extensions per mesh for data aggregation from various services (e.g. LAD)
Labeling of mesh assets with arbitrary key-value pairs
Ability to seed initial data via configured JSON or YAML file
Enable building with BoringSSL by setting `ENABLE_BORINGSSL=1`
Changed
Updated catalog structure to support multi-zone in multi-mesh
Generalized API to support multiple mesh types (e.g. Istio)
Updated API fields to use snake case over camel case formatting
Support consuming xDS v3 resources from Control
Make configuring a specific discovery cluster (i.e. `edge`) optional
gm-slo
Note: gm-slo is deprecated, and will be removed in the next release
Features
Support multi-mesh objectives
Deprecated
Remove business impacts 
Fixes
Update alpine base image 
Update npm dependencies
greymatter cli
Fixed
Fixed bug deleting instances from a cluster on edit
Added
Support for CA certs via `api.ssltrust` and `catalog.ssltrust`
Enable building with BoringSSL by setting `ENABLE_BORINGSSL=1`
Changed
Replaced Catalog v1 support with Catalog v2 via `catalog-mesh` and `catalog-service` objects
sense-lad (experimental)
Initial release of Log Anomaly Detection functionality
Added
Persistent monitoring and storage of anomalous logs with heatmaps and adjacent lines
Automatic collection and training on new incoming Kubernetes logs delivered by Fluent Bit or FluentD
User controls for feedback, retraining, and tuning
Flood mitigation with graceful degradation and circuit breakers
Status and statistics
Changed
Upgraded PyTorch to 1.8.1 for performance improvements
Performance improvements in caching
Fixed
Bug in bounded simple queue injected into ThreadPoolExecutor was causing monitoring queue hangs
gm-data
Added
JWK support. Env var JWK can contain either a base64 encoded JWK file, or the location of a mounted plaintext JWK file. This exists to facilitate situations where the JWT signing keys originate in JWK format rather than PEM format, such as what happens with Keycloak.
Azure support. Set env vars: AZURE_ENDPOINT, AZURE_STORAGE_ACCOUNT, AZURE_STORAGE_ACCESS_KEY, AZURE_STORAGE_CONTAINER
Changed
Move up to Go1.16 for boring ssl
Require env variable GODEBUG=x509ignoreCN=0 to connect to servers without a proper SAN
Enable playground by default, and fix bug that prevented playground UI from working
gm-apier
Fixed
Prohibit local variable access in query string
Changed
Make query parsing error messages more descriptive
Update ROOT_PATH, DOCS_URL, and REDOC_URL defaults and docs
Known Bugs
If gm-control is asked to watch a Kubernetes namespace it does not have RBAC permissions for, it will crash.
Overview
Architecture
Last modified 2mo ago
Export as PDF
Copy link
Contents
Artifacts
gm-proxy
gm-control & gm-control-api
sense-lad (experimental)
gm-data
gm-apier
Known Bugs