Release Notes

Grey Matter 1.6

Artifacts

Component

Version

Group

gm-proxy

1.6.1

Core

gm-control

1.6.1

Core

gm-control-api

1.6.1

Core

gm-jwt-security

1.3.0

Core

gm-jwt-security-gov

1.3.0

Core

gm-dashboard

5.0.0

Core

gm-catalog

2.0.0

Core

gm-slo

2.0.0

Core

greymatter (CLI)

3.0.0

Core

sense-lad*

1.0.0

Core

gm-data

1.2.1

Platform Service

gm-apier

2.0.5

Platform Service

*experimental

gm-proxy

Added

  • JWT Security TCP filter

  • Observables network filter (support for Kafka and file storage)

  • Replaced deciphernow with greymatter-io in go imports, docs, and build files.

  • Metrics TCP filter (with experimental support for Kafka)

  • TCP logger filter

  • JWT Keycloak filter

  • Exposed envoy bindings for and added HTTP & TCP metrics to /stats admin endpoint

Changed

  • Blacklist and whitelist terms changed to allow list and deny list

  • Clean up logging and version output

  • Added a direct means for copying/adding all headers from one header map to another.

  • Default Go toolchain is now the BoringSSL fork. Unofficial, but maintained by the core team.

  • Grey Matter network filters renamed as greymatter.filters.network.<filtername>

  • HTTP Observables EventChain field will now be populate with all eventIDs in the HTTP transaction chain

  • TCP and HTTP metrics filters have path defaults and allow turning off the server

  • HTTP Observables now detect websocket upgrades and emit observables on every websocket frame.

Fixed

  • Use interface types in header map constructors

  • Fixed a bug where some header values were not being copied completely (e.g. only one cookie could be set via the Set-Cookie header).

  • Fixed crash on setting headers in Decoder filter routines

  • Fixed memory leak of header map objects

  • Bazel configuration: test size set explicitly to prevent test warnings and errors

  • Avoid nil pointer dereference in oidc-validation filter

  • Jwt filter defaulting to 0 timeout and no cache

  • Fixed handling of setting duplicated headers, refactor header map handling

gm-control & gm-control-api

Added

  • Sidecar announcement Node information is passed to all resource Adapters

  • Filters set by users that are not supported by a sidecar will now be skipped with a warning

  • Set default XDS_INTERVAL to 5s

  • Traffic shadowing available via the rule.constraint.dark field

  • Docker image for gm-control-api contains the greymatter cli for easier debugging

  • Discovery manager to restart service discovery through admin API

  • pprof for debugging available from /admin API

  • CONTRIBUTING.md guidelines

  • Support for updated Grey Matter network filters

  • EDS updates to set health status for endpoints

  • Grey Matter network logger filter enabled by default

  • Adapter for sending catalog-specific XDS resources

  • Control API gRPC server implementation

Changed

  • Moved to xDS V3 protocol

  • CSB server now creates resource watches on a per stream basis

  • Cerebro logging now more human readable

  • API active filter arrays will now accept both periods and underscores in filter names

Fixed

  • Fixed redirects with trailing slash routes

  • Fixed service discovery not pulling in platform updates

  • Fixed CSB deadlocking when bulk requests come in

  • Fixed segmentation fault caused by connection close with resolve DNS set

Removed

  • --xds-disabled from control

  • No longer support xDS V2 resources

  • codeclimate no longer runs in this repo

gm-jwt-security

Changed

  • Serve docs as text/plain instead of text/html

Added

  • Initial Boring support

  • Ability to set the log level from the API

gm-jwt-security-gov

Added

  • Add /logging endpoint

Fixed

  • Use text/plain instead of text/html for docs page

gm-dashboard

Added

  • add feature flags

  • display all supported network filters in config pane

  • multi-mesh integration

    • ability to sort and filter by mesh

    • ability to sort and filter by mesh type

    • ability to view istio based services in mesh view

  • new ux for mesh list view

  • anomaly detection view (EXPERIMENTAL)

  • health widget (EXPERIMENTAL)

  • display jwt-keycloak metadata (EXPERIMENTAL)

Fixed

  • display active filters regardless of whether active_http_filters or active_network_filters use dot or underscore as the delimiter

  • config pane now renders selected service

  • ignore defaults in url state

  • Config pane close button ux

  • Bug where warning counts were not displayed in service view

gm-catalog

Added

  • Support for Istio mesh service discovery

  • Reporting of instance health statuses, including non-responsive instances

  • Expose all instance metadata reported from xDS, including the instance address

  • Extensions per mesh for data aggregation from various services (e.g. LAD)

  • Labeling of mesh assets with arbitrary key-value pairs

  • Ability to seed initial data via configured JSON or YAML file

  • Enable building with BoringSSL by setting `ENABLE_BORINGSSL=1`

Changed

  • Updated catalog structure to support multi-zone in multi-mesh

  • Generalized API to support multiple mesh types (e.g. Istio)

  • Updated API fields to use snake case over camel case formatting

  • Support consuming xDS v3 resources from Control

  • Make configuring a specific discovery cluster (i.e. `edge`) optional

gm-slo

Features

  • Support multi-mesh objectives

Deprecated

  • Remove business impacts

Fixes

  • Update alpine base image

  • Update npm dependencies

greymatter cli

Added

  • Support for CA certs via `api.ssltrust` and `catalog.ssltrust`

  • Enable building with BoringSSL by setting `ENABLE_BORINGSSL=1`

Changed

  • Replaced Catalog v1 support with Catalog v2 via `catalog-mesh` and `catalog-service` objects

sense-lad (experimental)

Initial release of Log Anomaly Detection functionality

Added

  • Persistent monitoring and storage of anomalous logs with heatmaps and adjacent lines

  • Automatic collection and training on new incoming Kubernetes logs delivered by Fluent Bit or FluentD

  • User controls for feedback, retraining, and tuning

  • Flood mitigation with graceful degradation and circuit breakers

  • Status and statistics

Changed

  • Upgraded PyTorch to 1.8.1 for performance improvements

  • Performance improvements in caching

Fixed

  • Bug in bounded simple queue injected into ThreadPoolExecutor was causing monitoring queue hangs

gm-data

Added

  • JWK support. Env var JWK can contain either a base64 encoded JWK file, or the location of a mounted plaintext JWK file. This exists to facilitate situations where the JWT signing keys originate in JWK format rather than PEM format, such as what happens with Keycloak.

  • Azure support. Set env vars: AZURE_ENDPOINT, AZURE_STORAGE_ACCOUNT, AZURE_STORAGE_ACCESS_KEY, AZURE_STORAGE_CONTAINER

Changed

  • Move up to Go1.16 for boring ssl

  • Require env variable GODEBUG=x509ignoreCN=0 to connect to servers without a proper SAN

  • Enable playground by default, and fix bug that prevented playground UI from working

gm-apier

Fixed

  • Prohibit local variable access in query string

Changed

  • Make query parsing error messages more descriptive

  • Update ROOT_PATH, DOCS_URL, and REDOC_URL defaults and docs

Known Bugs

  • If gm-control is asked to watch a Kubernetes namespace it does not have RBAC permissions for, it will crash.