Release Notes
Version 0.9.4
TBA
Version 0.9.3
This is security patch release.
Security fixes
This release fixes the following Envoy security vulnerabilities:
- CVE-2021-28683 (CVSS score 7.5, High): Envoy contains a remotely exploitable NULL pointer dereference and crash in TLS when an unknown TLS alert code is received.
- CVE-2021-28682 (CVSS score 7.5, High): Envoy contains a remotely exploitable integer overflow in which a very large grpc-timeout value leads to unexpected timeout calculations.
- CVE-2021-29258 (CVSS score 7.5, High): Envoy contains a remotely exploitable vulnerability where an HTTP2 request with an empty metadata map can cause Envoy to crash.
Version 0.9.2
Release Highlights
Fixes
Tetrate Service Bridge (TSB) 0.9.2 comes with the following fixes over the 0.9.0 release:
- Fix a password handling issue for requests using basic auth.
- Fix an issue in the web UI when the listen port is changed from the default
8443
. - Backport a fix for an issue in Istio that prevents gateways from picking up the configuration at start time (#6022).
Features
- v2 API endpoint to handle plain YAML files for creating objects.
- Postgres
host
andport
in Postgres settings for the management plane have been moved to ability single stringaddress
.
Upgrade notes
There are no specific upgrade notes for this release.
Version 0.9.1
TBA
Version 0.9.0
Release Highlights
Tetrate Service Bridge (TSB) 0.9.0 comes with the following features:
- Token Issuer configuration (previously
iam-config
) added to install API. - v2 API configuration view in the UI. For DIRECT mode groups, the view will be read only.
tctl
based install and upgrade.- VM onboarding automation improvements.
- Upgraded the Istio control plane version to 1.7.
UI
- Ability to add Tenants from Managent Plane UI.
- Ability to add Workspaces, Traffic Groups, Gateway Groups and Security Groups from UI.
- Ability to view configurations for Bridged and Direct Mode configurations.
- Ability to Edit Bridged mode configurations.
- Ability to set Policies for Workspaces, Traffic Groups, Gateway Groups and Security Groups.
- Ability to filter Audit Logs at the Tenant Level based on Time, kind of resource, type of message and by creator.
- Ability to view filtered audit logs pertaining to Workspaces, Traffic Groups, Gateway Groups and Security Groups along with their management user interfaces.
- Multi cluster Dashboard UI enhancements to add legends for health, and enhancements to topology.
- Topology enhancements for better color for health, icon refinements, ability to show mTLS traffic, slider for point in time topology view.
Upgrade notes
Users must migrate their old iam-config
ConfigMap
created manually to the TokenIssuer
section
of the install API. The structure is mostly the same with only the signingkeypath
field changing to signingKey
. See these examples
for more information.
Because of the Istio control plane upgrade, the minimum Kubernetes version required to run the TSB control plane is 1.16. Also, some
attributes change its location within the IstioOperator
resource so you will need to manually remove the conflicting attributes. You
can use the following command to that end.
kubectl patch iop -n istio-system tsb-istiocontrolplane --type='json' -p='[
{"op": "remove", "path": "/spec/values/global/certificates"},
{"op": "remove", "path": "/spec/values/global/disablePolicyChecks"}
]'
As of TSB 0.9.0, tsbd
is configured by default to work with v2
API. If you had an overlay in your ControlPlane
resource
to override the default v1
and use v2
, you will need to remove that overlay as it will cause the TSB operator to fail rendering
such overlay (as the flags it refers to may no longer exist).
Due to changes in the SkyWalking templates and index and template naming, it is imperative to delete the SkyWalking related Elasticsearch indexes and templates. Follow the procedure below to delete the appropriate data from Elasticsearch. Please follow the procedure described in the Elasticsearch wipe procedure page to that end.