For a step-by-step guide migrating from Grey Matter 1.2 to 1.3, follow the 1.3 Migration Guide.
Grey Matter 1.3 GA artifacts are now available. Artifacts can be found in the staging repositories:
gm-proxy:1.5.1
gm-control:1.5.3
gm-control-api:1.5.4
gm-jwt-security:1.2.0
gm-jwt-security-gov:1.2.0
greymatter:2.0.1
(CLI)
gm-catalog:1.2.2
gm-dashboard:4.0.2
gm-slo:1.2.0
gm-data:1.1.5
gm-apier:2.0.4
​vscode-greymatter:0.0.1
​
CLI greymatter generate
command for generating template based configurations
CLI native GitOps workflow support via the greymatter sync
command
CLI supports tab completions​
CLI supports creation of default objects​
gm-control serves a REST interface for the xDS protocol via GM_CONTROL_XDS_ENABLE_REST
and gm-proxy PROXY_REST_DYNAMIC
environment variables
gm-control-api Redis persister backend​
gm-control-api support for certificate revocation lists​
gm-control-api Experimental UI - control plane visualization and configuration tool
gm-control-api Route object now supports Envoy header manipulation fields​
gm-control-api Listener object supports configuring access loggers​
gm-dashboard pagination of service cards in Fabric view​
gm-dashboard inline documentation displays service API docs, enabled via the ENABLE_INLINE_DOCS
environment variable
gm-dashboard now allows categorization of services by protocol type in Fabric view
gm-dashboard display new service fields provided by Catalog
gm-catalog service Redis persister backend​
gm-catalog Zone metadata update to expose externalLinks
field
gm-catalog Cluster object new fields:
protocols (read only)
businessImpact
externalLinks
status (read only)
ownerURL
description
apiEndpoint
apiSpecEndpoint
gm-catalog can optionally connect to Control via TLS​
gm-data now allows for calculated yield statement, to simplify conversion for certain kinds of policies
gm-data feature flags to leave playground and HTML UI off by default
gm-data /playground endpoint in GM Data to figure out policies by allowing for hypothetical JWT, policy, and object values to calculate privileges
gm-data Open Policy Agent support
gm-apier new platform service for exposing spreadsheets as RESTful APIs
new VSCode plugin providing easy creation of mesh configs
gm-proxy now properly parses Base64 encoded certificates
gm-proxy does not segfault when using the oidc-validation filter and the userInfo
block is not configured
gm-proxy can set more than one header via filters
gm-proxy memory leaks
gm-jwt-security creates path for users.json if it doesn't exist
gm-jwt-security-gov will not assert on blank attributes
gm-control AWS ECS plugin support for different network modes
gm-control continues polling failed namespaces
gm-control trims whitespace when specifying multiple namespaces for k8s service discovery
gm-control re-enables Prometheus stats backend via the GM_CONTROL_STATS_BACKENDS
environment variable
gm-catalog sends Allow
header with 405 response codes
gm-catalog bug causing main thread to block when updating an existing xDS server configuration
gm-control-api now allows PUT
on the /zone
route
gm-control-api rejects duplicate Proxy objects with the same name
fields
gm-control-api ensures a Proxy object name
only matches one sidecar
gm-control-api Domain redirects now allow users to perform port rewrites
gm-control-api Route level redirects work
gm-dashboard misc bug fixes and browser support
gm-dashboard moved selected listener to URL state and ensured consistent ordering of listeners in the control panel​
gm-data filehandle leaks
gm-data security hole where users with update
privileges but no delete
or purge
privileges on a file could update the file to add delete
and purge
privileges
gm-data bug when misspelling function names in object-policy, creating a nil pointer crash
gm-data bug in plaintext serialization of custom attributes
gm-data bug fix when using literal paths in parentoid. If you had multiple matching home directories, you might get the message 'the update requires jwt field Name to match object field' even though it is misspelled. Now there is the ability to set parentoids literally, e.g. parentoid:"1/world/joe@gmail.com/documents"
for name:"plans.doc"
. It should create all intermediate directories if they do not already exist.
gm-data allows the kv pair to look in a JWT for blobkey permissions to be configurable, so it is possible for bots to read from AWS CLI
gm-proxy JWT Security filter sets better defaults for timeouts and caching
gm-proxy base build updated to Envoy v1.15
gm-control Consul plugin now supports an ACL token
gm-control and gm-control-api output structured error logs, configured via the GM_CONTROL_CONSOLE_FORMAT
(control) and GM_CONTROL_API_LOG_FORMAT
(control api) env vars
gm-dashboard performance improvements with large number of cards in Fabric view​
gm-dashboard displays filter configuration as JSON in the control panel​
gm-slo-service deprecation warning on /businessImpact endpoint, it is now a field on the Cluster object in gm-catalog​
gm-data returns cluster and zone in all responses
gm-data log format is altered to give timestamps of the event, not start of http call
gm-data GET
/stats now reports the size of Mongo database pool
gm-data no longer allows the creation of world-writable files
All Fabric and Sense services now serve OpenAPI documentation in either JSON, YAML, or HTML format
All Go-based Fabric, Sense, and Platform services upgraded to Go v1.14.6
All NodeJS-based Sense services upgraded
gm-apier crashes with the error [CRITICAL] WORKER TIMEOUT
when fetching a file if more than one worker process is started. The severity of this issue has been reduced by changing the number of workers in the pool to 1. With this setting, the maximum file size limit during HTTP file fetching is around 20-25mb. gm-apier can still handle files loaded directly from the file system up to at least 500mb.