What's new

Release 1.11.0 (2022-11-07)

Streaming Data Manager

Calisti now has a new component called Streaming Data Manager. Streaming Data Manager is a cloud-native, turnkey solution for deploying and managing Apache Kafka over Istio, providing:

  • Security and encryption
  • out-of-the-box observability
  • RBAC integration
  • Scaling

Kafka traffic on the UI

For details, see Overview.

Note: When using Streaming Data Manager on Amazon EKS, you must install the EBS CSI driver add-on on your cluster.

GitOps support

Service Mesh Manager and Streaming Data Manager can be used in GitOps environments as well. For details, see Install SMM - GitOps - single cluster, Install SMM - GitOps - multi-cluster, and Install SDM - GitOps.

Istio 1.15 support

Service Mesh Manager now supports Istio 1.15 and provides our Istio distribution based on that codebase.

This also means that Service Mesh Manager is fully compatible with Kubernetes v1.24.x.

Other changes

  • The health views of the Services and Workloads pages now have fixed URLs to make sharing easier.

  • If the name of your cluster doesn’t comply with the RFC 1123 DNS labels/subdomain restrictions, Service Mesh Manager now automatically converts it to a compliant format and sets it as the name of the cluster. In earlier versions, you had to manually set a compliant name for clusters with non-compliant names, otherwise certain operations (like smm install and smm attach) failed. Service Mesh Manager now automatically applies the following conversions if needed:

    • Replace ‘_’ characters with ‘-’
    • Replace ‘.’ characters with ‘-’
    • Replace ‘:’ characters with ‘-’
    • Truncate the name to 63 characters

  • The Service Mesh Manager CLI now returns an error message when trying to run a command on a cluster that’s running an unsupported Kubernetes version.

  • In Kubernetes 1.24 or newer, token secrets for service accounts aren’t created automatically. If Service Mesh Manager is running on a Kubernetes 1.24 (or newer) cluster, then when adding virtual machines to the mesh, you must create the token secrets manually. For details, see Add a virtual machine to the mesh.

Release 1.10.0 (2022-08-09)

RedHat-based virtual machines

Service Mesh Manager now supports attaching virtual machines running RedHat Enterprise Linux 8 to the mesh. For details, see Integrating Virtual Machines into the mesh.

Istio 1.13 support

Service Mesh Manager now supports Istio 1.13 and provides our Istio distribution based on that codebase.

Enterprise licenses

Paid-tier and enterprise licenses are now available for Service Mesh Manager.

  • If you are interested in purchasing a license, contact us.
  • If you have already purchased a license, apply it to your Service Mesh Manager deployments. For details, see Licensing options.

Other changes

  • The smm CLI tool now supports MacOS running on M1 chips.
  • The Prometheus node exporter service now uses port 19101 instead of 19100. That way, the Prometheus deployment of Service Mesh Manager can work side-by-side with a pre-existing Prometheus deployment. For details on other ports used by Service Mesh Manager, see Open Port Inventory.

Release 1.9.1 (2022-04-11)

Service Mesh Manager now supports attaching virtual machines to the mesh. After a virtual machine has been integrated into the mesh, Service Mesh Manager automatically updates the configuration of the virtual machine to ensure that it remains a part of the mesh and receives every configuration updates it needs to operate in teh mesh. In addition, the observability features available for Kubernetes pods are available for the virtual machines as well, for example:

For details, see Integrating Virtual Machines into the mesh.

Release 1.9.0 (2022-03-08)

Free tier

From now on, after a free registration, you can use Service Mesh Manager to manage your mesh of up to ten nodes. For details, see Licensing options and Getting started with the Free Tier.

Istio 1.12 support

Service Mesh Manager now supports Istio 1.12 and provides our Istio distribution based on that codebase.

Other changes

This release includes the following fixes:

  • All custom resources used by Service Mesh Manager had been moved to the smm.cisco.com group. CLI is capable of migrating the objects to the new group.
  • Topology:
    • Mesh gateways are now fully visible on the topology page even in timeline mode
    • Topology view now shows pod counts in timeline mode
  • Fix an issue causing new SLOs to not to start calculating on creation
  • IstioControlPlane settings can be overridden from Service Mesh Manager’s ControlPlane resource using the .spec.meshManager.istio.istioCRDOverrides key (which contains a YAML string).

Removed features

The following commands have been removed from the Service Mesh Manager command-line tool. You can configure the related features from the dashboard.

  • smm sidecar-proxy egress get
  • smm sidecar-proxy egress set
  • smm sidecar-proxy egress delete
  • smm routing
  • smm mtls
  • Integrated support for canary deployments. You can use the Flagger operator instead.

Release 1.8.2 (2021-12-14)

This release includes the following fixes:

Active-active fixes

  • Fix secret cleanup for Istio in active-active setups.
  • Update istio-operator to latest.
  • Multiple active Istio control-plane support.
  • Cluster name is now visible in istio status command.
  • Control plane list now shows clusters as well.

Mesh view

  • Stabilize the ordering of Istio clusters to prevent changed ordering on the UI.

cert-manager

  • Update to v1 API.

Auth

  • Fix an issue where 1.7 specific authentication tokens were generated during upgrade scenarios.

UI

  • Fix an issue which caused topology to crash for ingress gateways.

Operators

  • Add RBAC for Coordination resources so that operator leader election can use the resources.
  • In case there is a merge conflict during reconciliation the smm operator will retry the reconciliation without failing.
  • 1.7 Istio operators will be properly removed during uninstall.

Let’s Encrypt

  • Validate DNS records on let’s encrypt enabled ingresses to ensure that the ingress and DNS records are matching.

Registry access

  • Sort secret names to prevent changes always happening during reconciliation.

Release 1.8 (2021-10-26)

The primary goal of this release was to have a modern way to orchestrate Istio and the multi-cluster topologies Service Mesh Manager supports. As part of this work, the Cisco Istio Operator has been restructured from the ground up so that you can benefit from an API that has been adjusted to the modern Istio versions.

As this new version of the operator supports not just the Primary-Remote cluster topology, but also Multi-Primary both on the same and different network, this change paves the way for subsequent releases to add support into Service Mesh Manager for meshes with any number of Primary and Remote clusters.

Istio 1.11 support

Service Mesh Manager now supports Istio 1.11 and provides our Istio distribution based on that codebase.

This also means that Service Mesh Manager is fully compatible with Kubernetes v1.22.x.

OIDC and external dashboard access support

This release provides support for exposing the Service Mesh Manager dashboard via a public, https URL. For the required configuration please check out the Exposing the Dashboard page.

To entirely remove the need for downloading the Service Mesh Manager CLI and to better integrate with existing OIDC-enabled Kubernetes deployments, we are also supporting OIDC Authentication.

Release 1.7 (2021-07-28)

Release 1.7 is focusing on compliance, integrations, tech-debt and reusability.

GraphQL federation

The Service Mesh Manager GraphQL API is now broken down into separate components to increase reusability, and to provide the ability to switch components on/off in Service Mesh Manager in the future.

Protocol-specific observability

Istio provides several useful metrics for the TCP, HTTP, and GRPC protocols. To give you better observability and more insight into the traffic of your services, Service Mesh Manager displays protocol-specific metrics normally not available in Istio for MySQL and PostgreSQL traffic. Support for more protocols is planned in future releases.

Protocol specific observability Protocol specific observability

Istio 1.10 support

Service Mesh Manager now supports Istio 1.10.

Cluster registry

A generic, distributed Kubernetes cluster registry is now serving as the base for keeping multi-cluster metadata. Cluster metadata is replicated across clusters using a gossip-like protocol.

Unified Istio distribution with SecureCN

SecureCN and Service Mesh Manager are now using the same Istio distribution that enables better integration between the two products.

CSDL Compliance

Service Mesh Manager has now reached CSDL “Planned” status.

DevNet Sandbox

Service Mesh Manager is now available on DevNet sandbox for design partners for solution testing.

Release 1.6.1 (2021-05-06)

This release is a security and bugfix release.

Included changes are:

  • Add support for Istio 1.8.5 for customers still using the old version of Istio instead of 1.9
  • Fix an issue in the Istio operator that required permissions for the authentication.istio.io and config.istio.io groups, while those are only needed for Istio versions < 1.8
  • smm activate command now resets all of the user’s registry settings, making changing IAM credentials easier. Previously the end user-needed to remove the registry access credentials manually using the smm registry remove command

Release 1.6 (2021-04-09)

Group your clusters into networks to optimize your mesh topology using a mix of gateway-based and flat-network connections between your clusters, decreasing cross-cluster latencies and transfer costs. Clusters belonging to the same network can access each other directly, without using the cluster gateway. For details, see Cluster network and Attach a new cluster to the mesh.

UI improvements

Istio 1.9 support

Service Mesh Manager now supports Istio 1.9.