What's new
Release 1.12.1 (2023-07-14)
Openshift multicluster support
The Calisti Openshift support now includes all types of Calisti multicluster mesh topologies (Active/Active or Active/Passive) with combinations of Red Hat OpenShift Service clusters and cloud service provider (CSP) clusters (EKS, GKE, AKS). A maximum of 3 Openshift clusters are supported within the same Calisti topology.
Openshift support for VMs
The Calisti Openshift support now includes all Calisti virtual machine (VM) integration topologies. Openshift hosted Calisti now allows you to run and manage your virtual machine (VM) and container workloads side by side on top of Istio service mesh.
Dashboard improvements
- Traffic management rules can now be created with both form-based UI and YAML editor.
- Circuit breaker can be configured via form-based page for all the subsets of the service. To set up circuit breakers at the subset level please use the more advanced YAML Editor feature in the Istio-resources page.
- Similarly Mirroring can be set up via form-based page and YAML editor in the Istio-resources page.
Priority bug fixes
- Fixed Cert-manager being auto removed after smm-operator reconcilation issue.
- Fixed VirtualService yaml editor gives a validation error for route destinations with weights = 0 issue.
- Fixed
KafkaUser
CR cannot be deleted once it’s bound with aKafkaACL
issue. - You can now get information about available Kafka Connectors and Connector Classes.
Release 1.12.0 (2023-05-11)
OpenShift support and certification
Red Hat OpenShift provides scalable and reliable solutions to monitor microservices and offers full-fledged container security. With a Red Hat OpenShift Service on AWS (ROSA) version 4.11 setup, you can seamlessly install Calisti on Red Hat OpenShift clusters. Calisti avoids vendor lock-in so that you can mix-n-match your cluster cloud providers and transition or continue using mixed multi-clusters (GKE, EKS, AKS, OpenShift).
We have implemented OpenShift support for Calisti in a way that it is ready to be OpenShift certified.
Starting with this release, Calisti runs on Red Hat OpenShift, and can run and manage Apache Kafka clusters and Istio meshes on OpenShift. For details, see the detailed instructions for the installation method you want to use.
Migrate your Kafka cluster data into Calisti
You can now migrate data from your existing Apache Kafka clusters to Kafka clusters that are managed by Calisti without introducing downtime of the existing Kafka clusters. That way you can get the benefits of running Kafka clusters on Calisti without losing any data collected to the already running Kafka clusters.
For details, see Data migration using MirrorMaker2.
Dashboard improvements
You can now directly create and edit Istio resources on the dashboard. The new YAML editor of Calisti provides ready-to-use templates, as well as syntactic and semantic validation.
-
Navigate to MENU > ISTIO RESOURCES > CREATE NEW, select an Istio resource to create from the list displayed.
-
The MENU > GATEWAYS > ROUTES page has been renamed to VIRTUAL SERVICE.
-
The MENU > SERVICES > TRAFFIC MANAGEMENT and MENU > TOPOLOGY > TRAFFIC MANAGEMENT pages are renamed to VIRTUAL SERVICE. Calisti provides various templates to configure virtual services depending on your use case.
-
The MENU > SERVICES > CIRCUIT BREAKER and MENU > TOPOLOGY > CIRCUIT BREAKER pages are renamed to DESTINATION RULES. Calisti provides various templates to configure destination rules depending on your use case.
-
Creating ingress and egress gateways, as well as setting other traffic management components of Istio is now possible on the Calisti dashboard using the new YAML editor.
-
You can now create a
VirtualService
and use:- Tls Route Template for creating Ingress with your own domain.
- Fault Injection Abort Template and Fault Injection Delay Template to inject fault in a service. To learn more see, Fault Injection.
-
You can now create a
DestinationRule
and use Outlier Detection and Connection Pool for setting circiut breaking parameters. To lean more see, Circuit Breaking.
Other changes
- You can now install Istio into custom namespaces.
- You can now configure custom sidecar injection templates for Calisti to help you integrate Service Mesh Manager with other applications.
- Calisti can now generate a support bundle to help troubleshooting support cases. For details, see Support-bundle.
Release 1.11.0 (2022-11-07)
Streaming Data Manager
Calisti now has a new component called Streaming Data Manager. Streaming Data Manager is a cloud-native, turnkey solution for deploying and managing Apache Kafka over Istio, providing:
- Security and encryption
- out-of-the-box observability
- RBAC integration
- Scaling
For details, see Overview.
Note: When using Streaming Data Manager on Amazon EKS, you must install the EBS CSI driver add-on on your cluster.
GitOps support
Service Mesh Manager and Streaming Data Manager can be used in GitOps environments as well. For details, see Install SMM - GitOps - single cluster, Install SMM - GitOps - multi-cluster, and Install SDM - GitOps.
Istio 1.15 support
Service Mesh Manager now supports Istio 1.15 and provides our Istio distribution based on that codebase.
This also means that Service Mesh Manager is fully compatible with Kubernetes v1.24.x.
Other changes
-
The health views of the Services and Workloads pages now have fixed URLs to make sharing easier.
-
If the name of your cluster doesn’t comply with the RFC 1123 DNS labels/subdomain restrictions, Service Mesh Manager now automatically converts it to a compliant format and sets it as the name of the cluster. In earlier versions, you had to manually set a compliant name for clusters with non-compliant names, otherwise certain operations (like
smm install
andsmm attach
) failed. Service Mesh Manager now automatically applies the following conversions if needed:- Replace ‘_’ characters with ‘-’
- Replace ‘.’ characters with ‘-’
- Replace ‘:’ characters with ‘-’
- Truncate the name to 63 characters
-
The Service Mesh Manager CLI now returns an error message when trying to run a command on a cluster that’s running an unsupported Kubernetes version.
-
In Kubernetes 1.24 or newer, token secrets for service accounts aren’t created automatically. If Service Mesh Manager is running on a Kubernetes 1.24 (or newer) cluster, then when adding virtual machines to the mesh, you must create the token secrets manually. For details, see Add a virtual machine to the mesh.
Release 1.10.0 (2022-08-09)
RedHat-based virtual machines
Service Mesh Manager now supports attaching virtual machines running RedHat Enterprise Linux 8 to the mesh. For details, see Integrating Virtual Machines into the mesh.
Istio 1.13 support
Service Mesh Manager now supports Istio 1.13 and provides our Istio distribution based on that codebase.
Enterprise licenses
Paid-tier and enterprise licenses are now available for Service Mesh Manager.
- If you are interested in purchasing a license, contact us.
- If you have already purchased a license, apply it to your Service Mesh Manager deployments. For details, see Licensing options.
Other changes
- The
smm
CLI tool now supports MacOS running on M1 chips. - The Prometheus node exporter service now uses port 19101 instead of 19100. That way, the Prometheus deployment of Service Mesh Manager can work side-by-side with a pre-existing Prometheus deployment. For details on other ports used by Service Mesh Manager, see Open Port Inventory.
Release 1.9.1 (2022-04-11)
Service Mesh Manager now supports attaching virtual machines to the mesh. After a virtual machine has been integrated into the mesh, Service Mesh Manager automatically updates the configuration of the virtual machine to ensure that it remains a part of the mesh and receives every configuration updates it needs to operate in teh mesh. In addition, the observability features available for Kubernetes pods are available for the virtual machines as well, for example:
- Virtual machine workloads and their health information are shown on the MENU > TOPOLOGY and MENU > WORKLOADS dashboard pages.
- On both pages, you can drill down to get detailed information and monitoring data about the virtual machine.
- Troubleshooting features like tracing and traffic tapping work for virtual machines as well.
For details, see Integrating Virtual Machines into the mesh.
Release 1.9.0 (2022-03-08)
Free tier
From now on, after a free registration, you can use Service Mesh Manager to manage your mesh of up to ten nodes. For details, see Licensing options and Getting started with the Free Tier.
Istio 1.12 support
Service Mesh Manager now supports Istio 1.12 and provides our Istio distribution based on that codebase.
Other changes
This release includes the following fixes:
- All custom resources used by Service Mesh Manager had been moved to the
smm.cisco.com
group. CLI is capable of migrating the objects to the new group. - Topology:
- Mesh gateways are now fully visible on the topology page even in timeline mode
- Topology view now shows pod counts in timeline mode
- Fix an issue causing new SLOs to not to start calculating on creation
- IstioControlPlane settings can be overridden from Service Mesh Manager’s
ControlPlane
resource using the.spec.meshManager.istio.istioCRDOverrides
key (which contains a YAML string).
Removed features
The following commands have been removed from the Service Mesh Manager command-line tool. You can configure the related features from the dashboard.
smm sidecar-proxy egress get
smm sidecar-proxy egress set
smm sidecar-proxy egress delete
smm routing
smm mtls
- Integrated support for canary deployments. You can use the Flagger operator instead.
Release 1.8.2 (2021-12-14)
This release includes the following fixes:
Active-active fixes
- Fix secret cleanup for Istio in active-active setups.
- Update istio-operator to latest.
- Multiple active Istio control-plane support.
- Cluster name is now visible in istio status command.
- Control plane list now shows clusters as well.
Mesh view
- Stabilize the ordering of Istio clusters to prevent changed ordering on the UI.
cert-manager
- Update to v1 API.
Auth
- Fix an issue where 1.7 specific authentication tokens were generated during upgrade scenarios.
UI
- Fix an issue which caused topology to crash for ingress gateways.
Operators
- Add RBAC for Coordination resources so that operator leader election can use the resources.
- In case there is a merge conflict during reconciliation the smm operator will retry the reconciliation without failing.
- 1.7 Istio operators will be properly removed during uninstall.
Let’s Encrypt
- Validate DNS records on let’s encrypt enabled ingresses to ensure that the ingress and DNS records are matching.
Registry access
- Sort secret names to prevent changes always happening during reconciliation.
Release 1.8 (2021-10-26)
The primary goal of this release was to have a modern way to orchestrate Istio and the multi-cluster topologies Service Mesh Manager supports. As part of this work, the Cisco Istio Operator has been restructured from the ground up so that you can benefit from an API that has been adjusted to the modern Istio versions.
As this new version of the operator supports not just the Primary-Remote cluster topology, but also Multi-Primary both on the same and different network, this change paves the way for subsequent releases to add support into Service Mesh Manager for meshes with any number of Primary and Remote clusters.
Istio 1.11 support
Service Mesh Manager now supports Istio 1.11 and provides our Istio distribution based on that codebase.
This also means that Service Mesh Manager is fully compatible with Kubernetes v1.22.x.
OIDC and external dashboard access support
This release provides support for exposing the Service Mesh Manager dashboard via a public, https URL. For the required configuration please check out the Exposing the Dashboard page.
To entirely remove the need for downloading the Service Mesh Manager CLI and to better integrate with existing OIDC-enabled Kubernetes deployments, we are also supporting OIDC Authentication.
Release 1.7 (2021-07-28)
Release 1.7 is focusing on compliance, integrations, tech-debt and reusability.
GraphQL federation
The Service Mesh Manager GraphQL API is now broken down into separate components to increase reusability, and to provide the ability to switch components on/off in Service Mesh Manager in the future.
Protocol-specific observability
Istio provides several useful metrics for the TCP, HTTP, and GRPC protocols. To give you better observability and more insight into the traffic of your services, Service Mesh Manager displays protocol-specific metrics normally not available in Istio for MySQL and PostgreSQL traffic. Support for more protocols is planned in future releases.
Istio 1.10 support
Service Mesh Manager now supports Istio 1.10.
Cluster registry
A generic, distributed Kubernetes cluster registry is now serving as the base for keeping multi-cluster metadata. Cluster metadata is replicated across clusters using a gossip-like protocol.
Unified Istio distribution with SecureCN
SecureCN and Service Mesh Manager are now using the same Istio distribution that enables better integration between the two products.
CSDL Compliance
Service Mesh Manager has now reached CSDL “Planned” status.
DevNet Sandbox
Service Mesh Manager is now available on DevNet sandbox for design partners for solution testing.
Release 1.6.1 (2021-05-06)
This release is a security and bugfix release.
Included changes are:
- Add support for Istio 1.8.5 for customers still using the old version of Istio instead of 1.9
- Fix an issue in the Istio operator that required permissions for the
authentication.istio.io
andconfig.istio.io
groups, while those are only needed for Istio versions < 1.8 smm activate
command now resets all of the user’s registry settings, making changing IAM credentials easier. Previously the end user-needed to remove the registry access credentials manually using thesmm registry remove
command
Release 1.6 (2021-04-09)
Group your clusters into networks to optimize your mesh topology using a mix of gateway-based and flat-network connections between your clusters, decreasing cross-cluster latencies and transfer costs. Clusters belonging to the same network can access each other directly, without using the cluster gateway. For details, see Cluster network and Attach a new cluster to the mesh.
UI improvements
-
The Mesh Overview page of the UI shows information about your service mesh and the control planes.
-
The new Dashboard Overview page now shows health and SLO information as well.
-
The Topology View now shows the health status of the services.
-
You can now filter on health and alert status on the services and workloads lists.
Istio 1.9 support
Service Mesh Manager now supports Istio 1.9.