Not so long ago in a galaxy not so far away, there was a friendly kingdom of Kyma-land ruled by king Kyma the Wise. The king once said: “It is time to improve our kingdom so that we all can lead even happier lives”. As the king had never made an empty promise, he introduced many features, such as a complete setup of the Istio metrics, Istio upgrade to 1.13.2, overriding Function runtime image and improved Eventing backend custom resource (CR) status. Read more if you want to learn about other ideas the king came up with!

API Gateway

ORY stack deprecation note

Due to the growing demand for a closer integration with our Service Mesh Istio implementation, we decided to gradually switch from the current implementation behind Kyma API Gateway (ORY Hydra and ORY Oathkeeper) to Authentication and Authorization features that Istio provides out of the box. With this change, we introduce more options in terms of configuration, flexibility, and performance to our customers. Additionally, we want to keep the Kyma stack as lean as possible.

The changes will be introduced gradually. We plan to provide as much automated migration as possible to ensure the smooth growth of Kyma API Gateway. This is just initial information, no action is required.

CLI

Removed support for Kyma 1.x

As announced in the Kyma 2.0 release notes, starting from the version 2.2, Kyma CLI no longer supports Kyma 1.x versions. All the deprecated commands have been removed and are no longer available:

• kyma install: Kyma 2.x equivalent is kyma deploy
• kyma upgrade: Kyma 2.x equivalent is kyma deploy
• kyma console: Kyma 2.x equivalent is kyma dashboard
• kyma provision minikube: Kyma 2.x equivalent is kyma provision k3d

Eventing

Improved Eventing backend CR status

We have made the Eventing backend CR status more verbose. We've replaced two of the three booleans, publisherProxyReady and subscriptionControllerReady, with the Kubernetes conditions. The eventingReady boolean remains unchanged.

Observability

Improved documentation on monitoring limitations

We added a new section outlining the limits of the shipped monitoring stack running on the production profile with the default settings. Read Monitoring limitations for more information.

Cleanup of rules and dashboards

We've continued to clean up Prometheus rules and Grafana dashboards. Several rules for Kubernetes introduced by Kyma itself have been removed, as they overlapped with the community-based rules. With that, the monitoring chart is fully based on the rules provided by the community upstream chart. Also, one more Kubernetes-related Grafana dashboard called Kyma / Pods has been removed, as it overlapped with the existing dashboards.

Complete Istio metrics

The Istio metrics setup, coming with the Kyma monitoring feature, now follows the approach recommended by Istio and provides all Istio metrics as aggregations over workload. Read Observability Best Practices for more information.

Minor upgrade of Fluent Bit

The Fluent Bit log collector, included in the Kyma logging stack, has been updated to the 1.9 release series. It brings major improvements in stability and performance.

Minor upgrade of Kiali

Kiali has been upgraded to version 1.49 and is fully supporting Istio 1.13.

Serverless

Overrides for the Function runtime image

We've extended the definition of the Function CR. Now you can override the base image of the Serverless runtime with a custom Docker image.

You may need this feature if you want to build your Functions on top of a runtime with tooling that is not included in the default Alpine-based runtime (for example, the GCC compiler).

Remember that, if you use a custom base image for your Functions, you are responsible for scanning and assessing any potential risks related to commonly known vulnerabilities that are potentially exploitable.

There is a dedicated example defining a custom runtime and a tutorial explaining how to use it in your Functions.

Service Mesh

Revert to distroless Istio images provided by Istio

With the 2.2 Kyma release, both Istio control plane and data plane again use distroless images provided by Istio.

Istio upgraded to 1.13.2

We've upgraded Istio from 1.12.3 to 1.13.2. For more details on the introduced changes, read the official Istio 1.13.2 release notes.

2.2.0-rc1 (2022-04-28)

Application Connector

• #14102 Prow approval flow is not used. OWNERS files are not needed. (@dekiel)
• #14008 Bump Compass Runtime Agent (@franpog859)
• #13837 Update OWNER files in application-connector to new guidelines (@koala7659)
• #13810 Fix Application connector port names in services to comply with Isti… (@cnvergence)
• #13571 Add correlation ID to requests in compass runtime agent (@krasish)
• #13627 Change the commerce-mock version used in fast integration tests (@mvshao)

Serverless

• #14096 Bump k8s-tools image (@Halamix2)
• #14102 Prow approval flow is not used. OWNERS files are not needed. (@dekiel)
• #14077 Bump busybox for serverless components (@dbadura)
• #13896 Bump k8s-tools image (@Halamix2)
• #13881 Get rid of the kubeless-npm-install.sh file (@pPrecel)
• #13631 Rewrite serverless webhooks using controller-runtime (@moelsayed)
• #13708 Support custom base image for serverless runtimes (@pPrecel)
• #13804 Update and upgrade apk modules in context of serverless components (@pPrecel)
• #13788 Fix tracing sampling in nodejs (@dbadura)
• #13803 Bump k8s-tools image (@Halamix2)
• #13696 Docs: Tracing Instrumentation doesn't work for outgoing axios requests in nodejs function runtimes (@pPrecel)
• #13743 add guide on how to install libgit2 (@grego952)
• #13710 Upgrade serverless components dependencies (@pPrecel)
• #13653 Add support for tracing in NodeJS runtime (@dbadura)

Eventing

• #14107 Update Eventing images (@marcobebway)
• #14102 Prow approval flow is not used. OWNERS files are not needed. (@dekiel)
• #14093 fix kyma-integration-k3d-telemetry (@dennis-ge)
• #13973 Call Prometheus, Loki and Jaeger via Grafana API (@dennis-ge)
• #14066 Add subscription namespacedName to consumer description (@raypinto)
• #14069 bump github.com/nats-io/nats-server/v2 from 2.8.0 to 2.8.1 in EC (@FriedrichWilken)
• #14070 bump github.com/nats-io/nats-server/v2 from 2.8.0 to 2.8.1 in EPP (@FriedrichWilken)
• #14016 Rename the backend label in the EPP deployment (@VladislavPaskar)
• #14061 Bump dependencies in EC (@FriedrichWilken)
• #14032 gomod(deps): bump k8s.io/api from 0.23.5 to 0.23.6 in /components/eventing-controller (@dependabot[bot])
• #14024 bump dependencies in EPP (@FriedrichWilken)
• #14018 Update Eventing images (@marcobebway)
• #14010 bump docker build image to go 1.18.1 in EPP (@FriedrichWilken)
• #14009 Update Eventing images (@marcobebway)
• #14001 bump docker build image to golang 1.18.1 in EC (@FriedrichWilken)
• #13958 bump dependencies in ec (@FriedrichWilken)
• #13969 Fix and enable JetStream monitoring tests in eventing fast-integration (@mfaizanse)
• #13779 JetStream E2E fast integration tests (@marcobebway)
• #13965 Rename the backend label in the EPP deployment (@VladislavPaskar)
• #13949 Fix make test for eventing-controller and event-publisher-proxy (@mfaizanse)
• #13972 Fix circular dependency between Eventing and commerce mock in the fast-integration tests (@marcobebway)
• #13888 Update eventing codeowners (@nachtmaar)
• #13832 Enabled NATS metrics exporter and added JetStream dashbaord (@mfaizanse)
• #13947 Make JetStream consumer deliver policy configurable (@marcobebway)
• #13841 Make eventing backend status more verbose (@raypinto)
• #13883 fix security vulnerability in epp (@FriedrichWilken)
• #13884 fix security vulnerability in ec (@FriedrichWilken)
• #13871 Remove prometheusPortForward leftovers (@skhalash)
• #13725 fast-integration test: add debug message for expected traces (@FriedrichWilken)
• #13863 bump dependencies in eventing controller (@FriedrichWilken)
• #13864 bump dependencies in epp (@FriedrichWilken)
• #13763 Add support for event publishing to NATS in jetstream mode (@VladislavPaskar)
• #13775 Pass Jetstream environment variables to eventing publisher proxy (@VladislavPaskar)
• #13849 Bumped NATS image on main (@mfaizanse)
• #13830 Upgrade eventing images to use go 1.18 runtime (main branch) (@nachtmaar)
• #13785 Unit tests for NATS Reconcile() (@pxsalehi)
• #13746 Using eventTypePrefix as subjects filter for stream in JetStream (@mfaizanse)
• #13744 Create JetStream consumers with the recommended name length (@marcobebway)
• #13772 Bring back removed feature flag in NATS chart (@pxsalehi)
• #13703 Implement cleanup for JetStream (@raypinto)
• #13764 Switch from go-get to go-install and bump linter version (@raypinto)
• #13689 Consistent sink validation in BEB and NATS (@pxsalehi)
• #13693 Added MaxDeliver config to JetStream consumer (@mfaizanse)
• #13676 Refactor Jetstream server restart test (@raypinto)
• #13629 Consistently use Kubebuilder tags in Eventing reconcilers (@pxsalehi)
• #12706 Label the eventing-publisher-proxy deployment with the current backendType (@VladislavPaskar)
• #13574 Fix pre-main-skr-kyma-eventing (@VladislavPaskar)

Security

• #14096 Bump k8s-tools image (@Halamix2)
• #14102 Prow approval flow is not used. OWNERS files are not needed. (@dekiel)
• #13957 Update istio component chart to 1.13.2 (@dariusztutaj)
• #13896 Bump k8s-tools image (@Halamix2)
• #13804 Update and upgrade apk modules in context of serverless components (@pPrecel)
• #13803 Bump k8s-tools image (@Halamix2)
• #13710 Upgrade serverless components dependencies (@pPrecel)
• #13713 fixed refresh setting in istio control-plane dashboard (@a-thaler)
• #13706 change default refresh time to 10s for istio dashboards (@a-thaler)
• #13692 update production profile for istio component (@strekm)

Service Mesh

• #14096 Bump k8s-tools image (@Halamix2)
• #14102 Prow approval flow is not used. OWNERS files are not needed. (@dekiel)
• #13957 Update istio component chart to 1.13.2 (@dariusztutaj)
• #13981 Bump gce-proxy and etcd versions (@hanngos)
• #13960 bump postgres alpine for Ory (@piotrkpc)
• #13896 Bump k8s-tools image (@Halamix2)
• #13826 Remove duplicate key from api-gateway deployment yaml (@lindnerby)
• #13809 Fix Ory port names in services to comply with Istio convention (@cnvergence)
• #13827 updated external alpine to 3.15.3 (@a-thaler)
• #13803 Bump k8s-tools image (@Halamix2)
• #13705 Remove hydra-maester sidecar for synchronisation (@cnvergence)
• #13713 fixed refresh setting in istio control-plane dashboard (@a-thaler)
• #13706 change default refresh time to 10s for istio dashboards (@a-thaler)
• #13692 update production profile for istio component (@strekm)

Installation

• #14102 Prow approval flow is not used. OWNERS files are not needed. (@dekiel)
• #13729 Make fluentbit optional (@rakesh-garimella)
• #13876 Adapt PodPreset to k8s 1.22 (@piotrmiskiewicz)
• #13841 Make eventing backend status more verbose (@raypinto)
• #13708 Support custom base image for serverless runtimes (@pPrecel)

Monitoring

• #14100 Remove unecessary metrics as they are not exposed by apiserver (@rakesh-garimella)
• #14102 Prow approval flow is not used. OWNERS files are not needed. (@dekiel)
• #14088 improved apiserver metrics relabeling to not drop all metrics as unwa… (@a-thaler)
• #13957 Update istio component chart to 1.13.2 (@dariusztutaj)
• #13820 updated alpine and debian base image for several images (@a-thaler)
• #13778 Cleanup dashboards (@Pranav-SA)
• #13770 disable ingress metrics in kube-state-metrics (@a-thaler)
• #13758 Cleanup custom kyma alerts (@Pranav-SA)
• #13662 added missing istio aggregations (@a-thaler)
• #13713 fixed refresh setting in istio control-plane dashboard (@a-thaler)
• #13706 change default refresh time to 10s for istio dashboards (@a-thaler)

Logging

• #14091 Enable telemetry fluent bit dashboard (@skhalash)
• #14089 Change telemetry-operator PR image version (@chrkl)
• #14102 Prow approval flow is not used. OWNERS files are not needed. (@dekiel)
• #14012 Upgrade telemetry fluent bit chart (@skhalash)
• #14011 Fix make target to run telemetry-operator locally (@chrkl)
• #14026 Add custom plugins to LogPipeline validation (@chrkl)
• #14019 Bump telemetry-operator image (@chrkl)
• #13729 Make fluentbit optional (@rakesh-garimella)
• #13950 Use Golang 1.18 to build telemetry-operator (@chrkl)
• #13867 Improve retry logic in telemetry-operator (@chrkl)
• #13827 updated external alpine to 3.15.3 (@a-thaler)
• #13820 updated alpine and debian base image for several images (@a-thaler)
• #13727 Add log pipeline status conditions (@skhalash)
• #13786 Fix telemetry-operator ServiceMonitor (@chrkl)
• #13771 fix loki dashboard (@a-thaler)
• #13695 update to fluentbit 1.8.15 (@a-thaler)
• #13702 update telemetry operator image (@dennis-ge)
• #13597 Implement validating webhook for telemetry operator (@rakesh-garimella)

Tracing

• #14102 Prow approval flow is not used. OWNERS files are not needed. (@dekiel)
• #13820 updated alpine and debian base image for several images (@a-thaler)

Documentation

• #14096 Bump k8s-tools image (@Halamix2)
• #13878 Get a JWT tutorial (@werdes72)
• #14102 Prow approval flow is not used. OWNERS files are not needed. (@dekiel)
• #13987 Docs: Functions referencing big GIT repositories cause FC crash (@Cortey)
• #13986 Replace temporary link (@pPrecel)
• #13895 Docs runtime image override (@pPrecel)
• #13119 Restructure obsv overview (@NHingerl)
• #13971 fix broken link (@NHingerl)
• #13896 Bump k8s-tools image (@Halamix2)
• #13869 add troubleshooting guide for sidecar proxy after upgrade (@piotrkpc)
• #13885 Change link in the Observability second note to relative and fix list formatting for Kubernetes logs in Kyma Dashboard (@grego952)
• #13813 Explain deployment options for kyma functions (@kwiatekus)
• #13665 Add istio external auth tutorial (@werdes72)
• #13803 Bump k8s-tools image (@Halamix2)
• #13808 Remove Migration Guide for Kyma 2.1 (@majakurcius)
• #13696 Docs: Tracing Instrumentation doesn't work for outgoing axios requests in nodejs function runtimes (@pPrecel)
• #13707 Add exposure tutorial with JWT (@dariusztutaj)
• #13743 add guide on how to install libgit2 (@grego952)
• #13741 Clarify Prometheus retention in docs (@chrkl)
• #13731 Refine the App Conn tutorial on disabling TLS cert verification (@majakurcius)
• #13699 Describe Prometheus limits in docs (@chrkl)
• #13715 Add links to the resources listed in the Migration Guide for Kyma 2.1 (@majakurcius)

CI

• #14102 Prow approval flow is not used. OWNERS files are not needed. (@dekiel)
• #14076 Skip automerge for dependabot eventing PRs (@raypinto)
• #13897 Add ecosystems to dependabot config. (@dekiel)

Core and Supporting

• #14096 Bump k8s-tools image (@Halamix2)
• #14102 Prow approval flow is not used. OWNERS files are not needed. (@dekiel)
• #13896 Bump k8s-tools image (@Halamix2)
• #13811 Fix port names in services to comply with Istio co… (@cnvergence)
• #13804 Update and upgrade apk modules in context of serverless components (@pPrecel)
• #13803 Bump k8s-tools image (@Halamix2)
• #13710 Upgrade serverless components dependencies (@pPrecel)

Committers: 40

• Andreas Thaler (@a-thaler)
• Andrzej Pankowski (@Cortey)
• Benjamin Lindner (@lindnerby)
• Christoph Kleineweber (@chrkl)
• Damian Badura (@dbadura)
• Dennis Geiselmann (@dennis-ge)
• Filip Strózik (@pPrecel)
• Franciszek Pogodziński (@franpog859)
• Friedrich (@FriedrichWilken)
• Grzegorz Karaluch (@grego952)
• Hanna Gościniak (@hanngos)
• Jan Wozniak (@wozniakjan)
• Kamil Kasperski (@Ressetkk)
• Karol Szwaj (@cnvergence)
• Krasimir Shontov (@krasish)
• Krzysztof Kwiatosz (@kwiatekus)
• Lilit Ghazaryan (@lilitgh)
• Magda Stręk (@strekm)
• Maja Kurcius (@majakurcius)
• Marco Bebway (@marcobebway)
• Mohamed Elsayed (@moelsayed)
• Muhammad Faizan (@mfaizanse)
• Nils Seip (@nachtmaar)
• Nina Hingerl (@NHingerl)
• Patryk Strugacz (@werdes72)
• Piotr Halama (@Halamix2)
• Piotr Kopec (@piotrkpc)
• Piotr Miśkiewicz (@piotrmiskiewicz)
• Pooya Salehi (@pxsalehi)
• Pranav Shankar (@Pranav-SA)
• Przemek Pokrywka (@dekiel)
• Przemyslaw Golicz (@koala7659)
• Rafal Foks (@mvshao)
• Rakesh Garimella (@rakesh-garimella)
• Raymond Pinto (@raypinto)
• Stanislav Khalash (@skhalash)
• Till Knuesting (@tillknuesting)
• Wojciech Wrzalik (@ralikio)
• @VladislavPaskar
• @dariusztutaj