Check for additions and updates to these release notes.

On September 11, 2024, cloud services from VMware Tanzu transitioned away from VMware Cloud Services Console to the new Tanzu Platform cloud services console. You now access VMware Tanzu cloud services from https://console.tanzu.broadcom.com, using your existing credentials. See KB 374361 for information about the required actions to take, including updating Kubernetes collector configurations. See also Using VMware Tanzu Platform cloud services console.

The release notes cover the following topics:

• About VMware Tanzu Service Mesh

• What's New in This Release

• Tanzu Service Mesh Environment Requirements and Supported Platforms

VMware Tanzu® Service Mesh™ is VMware's enterprise-class service mesh solution that provides consistent control and security for microservices, end users, and data—across all your clusters and clouds—in the most demanding multi-cluster and multi-cloud environments.

To learn more about Tanzu Service Mesh, visit the Tanzu Service Mesh product page or contact your VMware account executive for a free trial.

Released February 5, 2024

These release notes describe the Tanzu Service Mesh 3.3.2 release.

Released September 18, 2023

These release notes describe the Tanzu Service Mesh 3.3.0 release.

Released August 1, 2023

These release notes describe the Tanzu Service Mesh 3.2.2 release.

Released June 21, 2023.

These release notes describe the Tanzu Service Mesh 3.2.0 release.

Released April 21, 2023

These release notes describe the Tanzu Service Mesh 3.1.1 release.

Released April 5, 2023

These release notes describe the Tanzu Service Mesh 3.0.4 release.

kubectl annotate ns namespace-name allspark=disable-update

kubectl label ns namespace-name istio-injection=enabled | disabled

January 18, 2023 (version 1.16.9)

These release notes describe the Tanzu Service Mesh 1.16.9 release.

Enhancements

Global SLO Dashboard

Release 1.16.9 introduces the Tanzu Service Mesh Global Service Level Objective (GSLO) Dashboard, which allows application SREs, developers, and operators to track and monitor their SLOs in real-time in one place. The Global SLO Dashboard gives users a comprehensive view of the applications' overall health by displaying all SLOs for their services in one consolidated view. SLOs can be searched, sorted, and filtered using the dashboard, and users can also manage them in a central location. In addition, the users will be able to identify which SLOs are meeting the desired SLO target and which are not. This will contribute to effective capacity planning and better troubleshooting by providing a clear understanding of the services requiring more attention, resulting in higher application productivity.

For more information about SLOs in Tanzu Service Mesh, see Service Level Objectives with Tanzu Service Mesh technical documentation.

External Certificate Authority

With the 1.16.9 release, Venafi Certificate Authority accounts can be integrated with Tanzu Service Mesh for automatic TLS certificate management using Venafi Trust Protection Platform (TPP). All certificates will be protected and controlled for workloads, and this process is transparent to the Tanzu Service Mesh Controller. 

Here are some UI enhancements to support External CA integration:

• Improvements to the Cluster Details page to include CA status.

• Refactored cluster onboarding UI to support external CA integration.

• Changes to the logic to display the Trust Domain modal.

Notice:

• Trust domains should not be edited, even though the UI doesn't restrict them. You need to off-board the cluster and then on-board it back with the new trust domain in order for this to work.

• Adding services from clusters that use different CAs (for example, self-signed on one cluster and Venafi on the other cluster) fails when GNS creation is attempted.

Headless Services

The current release introduces Headless services with StatefulSets that are used to manage stateful applications such as databases or other applications that keep track of their state. By using StatefulSets, a set of pods can be deployed and scaled within a global namespace, ensuring that they are ordered and unique. Headless service is a regular Kubernetes service where the spec.clusterIP is explicitly set to "None" and spec.type is set to "ClusterIP". Instead, SRV records are created for all the named ports of service's endpoints.

Private IP Support

With this release, Tanzu Service Mesh allows customers to make a cluster private in the cloud by using the API to prevent it from being exposed to the internet. During cluster onboarding, this would apply the appropriate configuration to the cloud automatically, ensuring that only an internal IP address is configured and that the gateway is not exposed to the internet.

Here are some advantages:

• Operators can segregate east-west service-to-service communications and traffic facing the public from traffic facing their internal users.

• Operators can separate and insert granular traffic controls for north-south versus east-west traffic. 

Other Enhancements

• UI enhancements to notify the block for the same service port and host port when configuring External Services.

• Enhancements to contextual help search links.

• UI enhancement to implement a check when setting 100% SLO Target.

• Addition of Schema Validation checks toggles buttons for GNS.

• Addition of a new Details Page for External Services.

• Upgrade of the TLS version to 1.2.

Fixes

• Fixes to display cluster names of SLOs associated with service groups in the GSLO dashboard. 

• A fix for issuer deletion during an external account update.

• A fix to the issue with CA status not updating until the page is refreshed.

• A fix to cluster status set to unknown for default TSM signed clusters.

• A fix to trust domains not updating in pods when Venafi account changes.

• Fixes for Istio metrics that have been missing after high throughput applications scale beyond 20 instances.

• A fix for blackhole traffic caused by traffic shifting in the Public Services.

• A fix for TSM operator crash on cluster onboarding through TMC.

• A fix for Weighted GSLB Fields not updated in GNS.

• A fix for GNS creation failure.

• A fix for external service policy propagation.

• Fixes to 404 error when calling getTimestamp in the replicator.

• UI fixes to display the Performance tab for External Service.

• Fixes to platform integration test failures due to advanced integration runs.

• Fixes to prevent the Datagrid footer from overflowing.

• A fix for flaky GNS service entry inventory test.

• A fix for unrefreshed cluster status for default TSM signed clusters.

• Fixes to issues with public service configuration edit not working when changing GSLB scheme.

• UI fixes to remove the Venafi account listing from the DNS page.

• Fixes to Service Level Objectives' tests.

• Fixes to input full word for Autoscaling policy labels.

• UI fixes to the Create/Edit modal for Trust Domain.

• UI fixes to the Cluster Overview page to address a problem encountered during cluster editing.

• A fix for an issue with the Kubernetes cluster manager liveness probe.

• UI fixes for the alignment issue in the Cluster & Nodes section's Health Status label.

• Fixes to the API List response to remove deleted CA listings.

• Fixes to the Analytics > Detail View page for sorting issues with the last access time.

• Fixes for domain sync delay caused by a large number of namespaces onboarded to the cluster.

• Fixes for flaky Public Services table.

• UI fixes to display Hamburger Signs (three dots) with large characters in GNS names.

• Fixes for topology errors to display connections correctly.

• A fix to make the CSV file include all cluster names when downloaded the first time or after the page loads/reloads.

• Fixes for random UI theme changes during navigation.

• Fixes for Datagrid filtering.

• Fixes to the Service Preview to list the services during GNS editing.

• Fixes for the Service Performance Metrics display issue in TSM UI.

• A fix to make a certificate and key file mandatory in the AVI > New Certificate pop-up.

• Fixes to GNS and Cluster topology to display correct data.

• UI fixes to update excluded namespaces immediately.

• Fixes to the GSLB dropdown to restrict the display of labels for namespaces that are not part of the GNS.

• Fixes to display the complete list of public services.

• A UI fix for the Image Registry Page's loader misplacement. 

• Fixes to the Service Level Objectives (SLO) page to display actionable SLO names.

• A fix for a clear display of error messages when SLO creation fails.

• A fix to remove the Security tab from the GNS Service Details page.

• Fixes for CLM crashes when issuer events cannot be handled (Rancher installation).

• Fixes for cluster onboarding issues in TMC.

• Fixes to service specs in inventory to deal with complex types.

• Fixes for TSM operator backward compatibility.

• Fixes for TSM Enterprise installation to enable envoy filter crd flag.

• Fixes for Calico Pod crashing due to AVI connector.

• Fixes for missing Istio metrics after high throughput application scales beyond 20 instances.

• Fixes to uncompress Kinesis events.

• Fixes for SFB crash for 1000 TPS.

• Fixes for autoscaling during error in aggregator.

• UI Fix for GNS services preview.

• Fix for port 80 vulnerability in istio-ingressgw and api-gw.

• Fixes for tenant api gateway not responding with CPU 100% usage.

• Fix for versioned services responding with 503.

• Fix for k8s-connector to garbage collect Secret Hashnode from Datamodel

Known Issues

• Currently, Venafi integration only supports HTTPS/HTTP traffic over the service port: 80.

July 5, 2022 (version 1.15.1)

These release notes describe the Tanzu Service Mesh 1.15.1 release.

Enhancements

External Services

With the 1.15.1 release, Tanzu Service Mesh can access services that are configured outside of the mesh, for example, third-party database services can be accessed by services within a global namespace. External services can run on virtual machines, external Kubernetes clusters, Tanzu Application Service environments (TAS), lambda functions, or even on bare metal, and can be accessed over TCP, TLS, HTTP, or HTTPS. External services can have multiple endpoints, and load balancing can be done between them.  The round-robin load balancing mechanism is currently set as the default, and users do not need to configure additional load balancing schemes in the UI. Tanzu Service Mesh provides detailed information to help you monitor the performance of an external service using performance metrics. External Service traffic can be observed in GNS Topology, as well as on the external service Performance page.

Wildcard Support for External Services 

External service wildcard support in Tanzu Service Mesh Global Namespace allows services inside Tanzu Service Mesh global namespace to connect to external servers whose hostnames are in wildcard format (e.g. *.google.com, *.wikipedia.com). With wildcard support, we can choose exactly which servers to connect to among the set of wildcard servers. Tanzu Service Mesh currently supports matching subdomains of external service hostnames using wildcards.

Notice:

Check out the External Service documentation for more information on how to create/edit external services, monitor their performance, and wildcard support. 

Other Enhancements

• Enhancements to the egress gateway to process forwarded domain traffic from mesh.

• Enhancements in the pod association with the correct service version for handling external service traffic.

• Changes to the query manager to continue fetching SLO and autoscaling registered decisions from the TSM SaaS timescale database.

• Improved observability/metrics integration with external services. 

• Envoy-filter for egress gateway enables patching the cluster to use a specific TLS version for upstream traffic.

• Updated Photon 4 images to the latest version, so there are fewer vulnerabilities.

• Upgraded TLS version to 1.2.

• Support for Splunk configuration has been added to the External Resource API.

• Implementation of policy and telemetry channels using the Ingress Gateway.

• Update of Kube manifests API to 1.16 from 1.15.

• Upgrade of Istio to 1.6 across all SaaS environments.

• Support for operator proxy.

Fixes

• A fix for custom registry operator.

• Fixes to external services access failure in Istio 1.12.2.

• Fixes to make external services available through host and service ports.

• Fixes to pagination issue in the Service Table to display the total records.

• Fixes to prevent crashes during policy deletion.

• A Fix for TCP external services issue.

• Fixes to the UI to display the correct external service topology for a single GNS Multicluster configuration.

• Fixes to remove spurious information from the Service status bar.

• A fix for the external service configuration issue.

• Fixes to the Cluster Details page to display all metrics.

• Correction of the mismatch between the actual attack count and tooltip display on the Security Event page. 

• A fix to ignore data from removed clusters in the GNS topology and Connections tabs.

• A fix for rounding off time in Security Events.

• A fix is made to list cross-cluster TCP connections.

• Fixes to display outgoing APIs in the Connections tab for cross-cluster configuration.

Known Issues

• To access wildcard support for external services, there must be a live www subdomain server in the list of external servers. 

• For multiple service endpoint configurations, the service port and the gateway port should not be the same.

• A failure occurs when the same external service is configured in multiple global namespaces.

• A multinamespace GNS cannot be configured in the same cluster for an external service.

March 29, 2022 (version 1.14.10)

These release notes describe the Tanzu Service Mesh 1.14.10 release.

Enhancements

AVI Proxy

Prior to release 1.14.10, a requirement for integrating TSM with NSX Advanced Load Balancer (formerly known as Avi Networks) was that the Avi API should be publicly exposed so that there will be a direct connection between the TSM global controller and Avi controller. In this release, users can specify one or more clusters to connect with the Avi Instance via cluster labels. Cluster labels are used to identify clusters that may potentially be used by TSM SaaS to connect to Avi controller(s).  Note that this functionality requires Kubernetes clusters to have network connectivity to the Avi Instance running on the infrastructure. Any connectivity or authentication issues will be displayed on the Integrations page of the Tanzu Service Mesh Console UI.

In this regard, we address:

• Connectivity requirements for integrating Avi API through a proxy.

• Support for reporting proxy connectivity status for an external account via API.

• Support for rich application metrics in the Avi connector.

Custom Registry Support 

Release 1.14.10 adds support for customer-owned registries for cluster onboarding. Users can now specify a private/local enterprise registry from which Tanzu Service Mesh data plane images are pulled, as well as its location and credentials. New features in this release include:

• Support for creating a new customer image registry account and using secret authentication.  

• Support for referencing an existing customer registry when onboarding a cluster. In addition, a customer registry account can be created from the cluster onboarding page if one does not already exist, and only one customer registry account can be referenced per cluster.

Additional notes:

• At this time, a customer registry definition already used for cluster onboarding cannot be edited. The registry definition can be deleted by the user, but the clusters that have been onboarded with the registry must be re-onboarded to the TSM service. A warning about this implication will show up when one tries to delete the definition.

Notice:

As a prerequisite for onboarding a cluster using Tanzu Service Mesh images from your private registry, you need to mirror the required repositories from the TSM's public ECR registry located at public.ecr.aws/v6x6b8s5. For private registries that do not support mirroring, download the images from TSM's public ECR registry and push them into your private registries. In the last section, you will find the list of images and repositories. The TSM image list varies for each data plane release.

Application Onboarding Improvements - Support for Stateful Sets

Support for stateful components that rely on data services for storing state and data is provided using a distributed database management system for improved scalability, availability, consistency, and resiliency; and an advanced messaging system for low latency and high throughput. Stateful services can reside on a single cluster or multiple clusters. RabbitMQ and MongoDB have been tested and verified using de-facto standard operators in some specific configurations. Currently, other data services have not been validated and may not function as expected. Data services will be tailored to the specific needs of each customer.

Multiple Namespace in a GNS

Previously, applications in a global namespace had to contain all their services in one namespace. In this release, this constraint has been lifted and Tanzu Service Mesh now supports adding services from multiple namespaces. In this way, users can choose any namespace in a Kubernetes cluster to add to the global namespace. This release is fully compatible with the following features which use multiple namespaces: Cross Cluster Traffic, Observability, and Public Services. Future releases will add support for additional features such as ACP, API Security, Traffic Management, SLO, and Auto Scaling.

Other Enhancements

• Support for Tanzu Service Mesh TMC Operator in Kubernetes 1.22.

• Support for Istio 1.12.

• Support for VMware Tanzu™ Kubernetes Grid™ 1.5.

• Consolidation of Tanzu Service Mesh images into one public image repository.

• Improvements to the health status of integration configuration.

• Support for new TMC stack in operator pipeline.

• Consolidation of all Tanzu Service Mesh images into the ECR public repository.

• Updated all data plane images to the latest Photon 4 OS images version to reduce vulnerabilities.

• Assuring users configure trust domains for Tanzu Service Mesh integration with CA.

• Improvements to API discovery.

Fixes

• A fix for metrics displayed on the Clusters page.

• A fix to exclude some namespaces.

• Update of the label "Proxy Location: <some value>".

• Fixes for cache issues.

• A fix for the display of unhealthy cluster status.

• Fixes for the regex issue in Safari.

• Fixes for memory leak in subscriptions.

• A fix to load events topology from Service version view.

• Updates to autoscaling policies to accurately display data after the upgrade.

• Fixes to include Disk Wait on the Service Group details page.

• Improvements to keyboard navigation.

• Corrections to accessibility audits.

• A fix to exclude namespaces during cluster onboarding.

• A fix for heap memory allocation issue.

• Fixes for crashloops in Avi connectors.

• A fix to enable Auto-scaling for instances with SLO policies.

• A fix for UI theme changes when navigating.

• A fix for crash loop when onboarding OCP 4.7.8 cluster.

• Fixes for tenant API gateway cache issue.

• A fix for GNS failover issue in Tanzu™ Kubernetes Grid™ on vSphere.

• A fix for liveliness/readiness probe failure.

• A fix for issue with Envoy sidecars not processing the filters.

• Fixes for custom registry issues.

Known Issues

• Logging into Avi Networks using incorrect credentials results in a 401 error, and one workaround for this is to change the account profile used for the integration to No-Lockout-User-Account-Profile in the Avi controller's user administration settings.

• At present, TSM does not support visualizing TCP traffic across clusters.

• Potential for inconsistency with routing for multiple namespaces when there are multiple services with the same name, causing GNS to enter into warning mode.

• A multi-namespace GNS cannot be configured in the same cluster for an external service.

To mirror: list of repositories

• public.ecr.aws/v6x6b8s5/config-service

• public.ecr.aws/v6x6b8s5/k8s-cluster-manager

• public.ecr.aws/v6x6b8s5/metrics-proxy

• public.ecr.aws/v6x6b8s5/telegraf

• public.ecr.aws/v6x6b8s5/tsm-agent-operator

• public.ecr.aws/v6x6b8s5/vmwareallspark/install-cni

• public.ecr.aws/v6x6b8s5/vmwareallspark/mixer

• public.ecr.aws/v6x6b8s5/vmwareallspark/pilot

• public.ecr.aws/v6x6b8s5/vmwareallspark/proxyv2

• public.ecr.aws/v6x6b8s5/vmwareallspark/service-mesh-installer

• public.ecr.aws/v6x6b8s5/vmwareallspark/service-mesh-manifests

• public.ecr.aws/v6x6b8s5/ws-client

• public.ecr.aws/v6x6b8s5/deployment_utils

To download: list of images

• public.ecr.aws/v6x6b8s5/config-service:2294257dfbb51d081bb7a69dad80dedd4ee6a0ff

• public.ecr.aws/v6x6b8s5/k8s-cluster-manager:v4.4.1

• public.ecr.aws/v6x6b8s5/metrics-proxy:v3.2.0

• public.ecr.aws/v6x6b8s5/telegraf:1.18.3

• public.ecr.aws/v6x6b8s5/tsm-agent-operator:v3.5.0

• public.ecr.aws/v6x6b8s5/vmwareallspark/install-cni:1.12.2-release-tsm-advance-distroless

• public.ecr.aws/v6x6b8s5/vmwareallspark/mixer:1.7.3-custom-mixer-0.1-distroless

• public.ecr.aws/v6x6b8s5/vmwareallspark/pilot:1.12.2-release-tsm-advance-distroless

• public.ecr.aws/v6x6b8s5/vmwareallspark/proxyv2:1.12.2-release-tsm-advance-distroless

• public.ecr.aws/v6x6b8s5/vmwareallspark/proxyv2:1.7.3-distroless

• public.ecr.aws/v6x6b8s5/vmwareallspark/service-mesh-installer:v0.4.0

• public.ecr.aws/v6x6b8s5/vmwareallspark/service-mesh-manifests:tsm-v5.0.4

• public.ecr.aws/v6x6b8s5/ws-client:v3.3.0

• public.ecr.aws/v6x6b8s5/deployment_utils:8d8b5b1d

Refer to the relevant data plane version 5.0.4 release note.

February 15, 2022 (version 1.14.0)

These release notes describe the Tanzu Service Mesh 1.14.0 release.

Enhancements

Traffic Management

This release brings in Tanzu Service Mesh traffic management APIs, which gives users the ability to define traffic shifting policies for services in a global namespace (GNS). The combination of traffic management policies with global namespaces, gives users the ability to define progressive upgrades for applications deployed in a global namespace across regions and clusters. Policies are defined in a central location and allow users to perform canary, and blue green upgrades for public as well as internal services. See our recent blog post for additional information.

Other Enhancements

• Improvements to secrets management.

• Updates to deployment of backend services.

• Improvements to application metrics.

• API updates which include:

  • Enhancements to communication with client clusters.

  • Initial support for specifying clusters to be targeted by Avi proxy; initial support is for one cluster, with forthcoming support for a list of clusters.

• Improvements to SaaS controller services on synching cluster details.

• Support for private docker registry, which can be specified at cluster onboarding.

• The Tanzu Service Mesh Console UI has a integrations details page, and now displays a health check status for each integration in the integration tab.

• Improvements to the processing of autoscaling policies.

Fixes

• A fix for a duplication of configuration seen with a custom CoreDNS setup. Affected platform: VMware Tanzu™ Kubernetes Grid™ running on Azure Kubernetes Service (AKS) version 1.18.7 with CoreDNS 1.6.7.

• Improvements to the data model including increased message size.

• A fix for Global Namespace, which includes upgrading public service objects to ensure they are compatible with new DNS structure requiring health checks.

• Stabilization and reduction in time for tenant registration.

• Improvements to services responsible for service level objectives (SLOs).

• A fix for metrics aggregation.

• Fixes in the Tanzu Service Mesh Console UI:

  • Autoscaling policy display improvements.

  • Public services' subdomains display.

  • A warning is now displayed when deleting an integration that is in use by a public service.

  • Redirection after service group deletion is corrected to service group table.

  • Global namespace scoped API call is now correctly displayed in service version details page.

  • Upon deletion of a public service on the public service table, a notification of successful deletion now is displayed.

  • General improvements to loading and dynamic display.

  • An issue seen with some Safari versions.

Known Issues

• The average value of CPU usage milli cores displayed at the top of the instance autoscaling chart is not displaying the average based on the values over the current duration in the chart.

January 26, 2022 (version 1.13.9)

These release notes describe the Tanzu Service Mesh 1.13.9 release.

Fixes

• Fix for the login to the Tanzu Service Mesh Console UI during the new customer onboarding process.

January 26, 2022 (version 1.13.8)

These release notes describe the Tanzu Service Mesh 1.13.8 release.

Enhancements

• This release includes maintenance in the Tanzu Service Mesh SaaS backend.

December 20, 2021 (version 1.13.7)

These release notes describe the TSM 1.13.7 release.

Fixes

• Fix for a bug introduced in 1.13.6 in relation to CPU millicore calculations in autoscaler configuration.

December 15, 2021 (version 1.13.6)

These release notes describe the TSM 1.13.6 release.

Enhancements

• When a user navigates to the SLO Dashboard and then clicks on the "Full Page", the user should now see a breadcrumb such as Home >GNS Name>SLO Name added to the SLO Dashboard page.

• In the SLO configuration wizard for org scoped monitored SLOs, while attaching service group(s), it validates that the service group exists. This change will be reflected in the drop down of the service group field in the SLO policy configuration wizard.

• Improvements to the synchronization of Tanzu Service Mesh inventory and Kubernetes state.

• Updates to role-based access control (RBAC) on client clusters. This change includes utilizing Roles to define minimal permissions within a specific namespace.

• Customer required images are available in public ECR.

Fixes

Tanzu Service Mesh version 1.13.6 is a maintenance release that contains performance enhancements and minor Tanzu Service Mesh UI improvements:

• Fix for occasional "No Data" issue in autoscaler and SLO charts caused by some internal caching issues.

• When a user creates an autoscaling policy for a service in simulation mode in the Tanzu Service Mesh UI and then navigates to the service details page, user can now see the correct health status instead of "Error".

• Fix for accessibility issues with the SLO chart content when a user resizes the viewport to a narrow view.

• In the autoscaling policy configuration wizard, the autoscaling metric dropdown text will now display a consistent text style.

• Fix for occasional empty services in SLO dashboard when a user navigates back and forth between the various tabs of the dashboard.

• Fixes for the UI that include refresh improvements for performance charts and instance tables with a large number of elements.

• A fix in the UI where multiple service groups resulted in broken layout on dropdown selection.

• A fix in the UI for service topology rendering and cluster overlay which resulted in services appearing to be orphaned.

• A fix in the UI which enables RPS by default in the Service Topology.

• Improvements in the display of the status of cluster upgrades in the UI.

• Improvements in the display of public services health checks in the UI.

• Listing resource group services now returns a list of only application-specific services instead of all Kubernetes or system services.

Known Issues

• Tenants with DNS integrations with large numbers of DNS records (30K+) results in the UI not loading.

November 15, 2021 (version 1.13.3)

These release notes describe the TSM 1.13.3 release.

Enhancements

Global Server Load Balancer (GSLB) and Application Continuity

This release enhances the support of the Application Continuity use case in Tanzu Service Mesh by adding support for new GSLB algorithms. Users can now publish their services outside the global namespace and configure the high availability algorithm to be based on Round Robin (default), Weighted Round Robin, or Active Standby. Furthermore, the integration is now available for NSX Advanced Load Balancer (formerly Avi Networks). This release also adds support for configurable health checks on public services. Health checks are performed at a configurable interval and monitor each endpoint of the application deployed across multiple clusters or clouds.

Applications can be exposed to the outside world, in a highly available manner, by configuring and exposing a GSLB service within a global namespace. Tanzu Service Mesh (TSM) automates the process of initial application publishing, and automatically discovers new deployments of a service; this streamlines and reduces time to publish and supports use cases where applications expand to new clusters and sites. The service mesh adapts to additional instances by automatically updating the GSLB configuration. With GSLB TSM integration, TSM can detect problems with applications deployed in the global namespace that are not visible to traditional GSLB services and initiates a failover to the healthy service. Therefore, the combination of TSM and GSLB increases the resiliency of the deployed application over use of only GSLB. Integration is available with NSX Advanced Load Balancer (formerly Avi Networks) and/or AWS Route 53.

Public Service Details and Monitoring

Detailed information on public services, including performance metrics are available in the TSM console to help monitor the health and performance of public services and GSLB routing information for services' public URLs. TSM computes an overall health status based on the health of each public URL. TSM periodically makes connection attempts to each URL to evaluate its health. The overall status of a public service is considered healthy if all public URLs are healthy and considered unhealthy if at least one of the public URLs is unhealthy. The Tanzu Service Mesh Console UI contains this information on the public services details page.

Other Enhancements

• Tanzu Service Mesh Console UI has modernized theming and made improvements to dark and light themes.

• Enhanced contextual help in the Tanzu Service Mesh Console UI.

Fixes

• Improvements for deleting DNS integration and the reporting of inventory.

• The Tanzu Service Mesh Console UI no longer shows a quota of number of clusters available for potential onboarding.

• A fix for the SLO Actions Tab that ensures the associated autoscaling policies are properly displayed.

• Fixes for SLO charts, including improvements in refresh, time range display, and fixes for the color displayed in association with violations.

• All cluster types support public services when mixing IPs and CNAMEs. A workaround using clusters of all the same type for Azure Kubernetes Service (AKS) and Anthos Google Kubernetes Engine (GKE) is no longer required.

Known Issues

• Tenants with DNS integrations with large numbers of DNS records (30K+) results in the UI not loading.

• When a user creates an autoscaling policy for a service in simulation mode in the Tanzu Service Mesh UI and then navigates to the service details page, the health status “Error” is shown for the service.

October 21, 2021 (version 1.12.14)

These release notes describe the TSM 1.12.14 release.

Fixes

• This release contains a fix for a bug with the TSM autoscaler, and improves detection of instances.

Known Issues

• When a user creates an autoscaling policy for a service in simulation mode in the Tanzu Service Mesh UI and then navigates to the service details page, the health status “Error” is shown for the service.

• Azure Kubernetes Service (AKS) and Anthos Google Kubernetes Engine (GKE) clusters to not support public services, specifically when mixing IPs and CNAMEs. A workaround is using clusters of all the same type; for example, all GKE.

October 14, 2021 (version 1.12.12)

These release notes describe the TSM 1.12.12 release.

Fixes

• This release contains a fix for a bug that resulted in an incorrect cluster list displayed in the UI.

Known Issues

• When a user creates an autoscaling policy for a service in simulation mode in the Tanzu Service Mesh UI and then navigates to the service details page, the health status “Error” is shown for the service.

• Azure Kubernetes Service (AKS) and Anthos Google Kubernetes Engine (GKE) clusters to not support public services, specifically when mixing IPs and CNAMEs. A workaround is using clusters of all the same type; for example, all GKE.

October 13, 2021 (version 1.12.11)

These release notes describe the TSM 1.12.11 release.

Fixes

• This release contains fixes for bugs in the cluster deletion workflow.

Known Issues

• When a user creates an autoscaling policy for a service in simulation mode in the Tanzu Service Mesh UI and then navigates to the service details page, the health status “Error” is shown for the service.

• Azure Kubernetes Service (AKS) and Anthos Google Kubernetes Engine (GKE) clusters to not support public services, specifically when mixing IPs and CNAMEs. A workaround is using clusters of all the same type; for example, all GKE.

October 11, 2021 (version 1.12.8)

These release notes describe the enhancements and changes to supported platforms in the TSM 1.12.8 release.

Enhancements

• This release contains enhanced logging to improve debugging of backend SaaS services.

• Additionally, new supported platforms and deprecations are noted.

New Platforms Supported

Tanzu Service Mesh now supports Kubernetes clusters running on these platforms:

• Amazon Elastic Kubernetes Service (Amazon EKS) 1.20, 1.21

• Red Hat OpenShift 4.7.8

• VMware Tanzu™ Kubernetes Grid™ Integrated Edition (TKGI) 1.12

• VMware Tanzu™ Kubernetes Grid™ Service (VMware vSphere® 7.0.1.00200) 1.18.19+vmware.1

Platform Support Deprecation Notice

Tanzu Service Mesh no longer supports Kubernetes versions 1.17 and below, including these platforms:

• Amazon Elastic Kubernetes Service (Amazon EKS) 1.16, 1.17

• VMware Tanzu™ Kubernetes Grid™ 1.2.0 (Kubernetes 1.17.11), 1.3.0 (Kubernetes 1.17.16)

• VMware Tanzu™ Kubernetes Grid™ Integrated Edition (TKGI) 1.4, 1.5, 1.6, 1.7

• VMware Tanzu™ Kubernetes Grid™ Service (VMware vSphere® 7.0.0) - Kubernetes 1.16.8

Note: For details, visit the public platform support matrix.

Known Issues

• When a user creates an autoscaling policy for a service in simulation mode in the Tanzu Service Mesh UI and then navigates to the service details page, the health status “Error” is shown for the service.

• Azure Kubernetes Service (AKS) and Anthos Google Kubernetes Engine (GKE) clusters to not support public services, specifically when mixing IPs and CNAMEs. A workaround is using clusters of all the same type; for example, all GKE.

September 22, 2021 (version 1.12.6)

These release notes describe the enhancements in the 1.12.6 release of VMware Tanzu Service Mesh.

Enhancements

Improvements in Service Level Objectives (SLOs)

Two types of SLO are now available in Tanzu Service Mesh: monitored SLOs and actionable SLOs.

In the case of monitored SLOs, you can configure these to monitor the behavior of a service and track error budgets on a monthly basis. In the case of actionable SLOs, besides monitoring the behavior of services and tracking error budgets, you can also influence service resiliency features, like preventing service instances from being scaled down in response to a violation of the SLIs.

You can also configure an SLO to be scoped to the services in a specific global namespace (a GNS-scoped SLO).

For more information about SLOs in Tanzu Service Mesh, see Service Level Objectives with Tanzu Service Mesh technical documentation.

Enhanced Service Autoscaling

With Tanzu Service Mesh Service Autoscaler, application developers and operators can now configure an autoscaling policy for services inside a global namespace through the UI or through API. This choice between configuring autoscaling in the Tanzu Service Mesh UI or through API is available only for GNS-scoped autoscaling policies. Tanzu Service Mesh Service Autoscaler continues to provide a Kubernetes Custom Resource Definition to configure autoscaling for services in cluster namespaces. You now have the option of associating an autoscaling policy with an SLO to influence autoscaling of service instances if the SLO is violated. For more information about service autoscaling in Tanzu Service Mesh, see the Service Autoscaling with Tanzu Service Mesh User's Guide.

Fixes

• Performance graphs could be missing for services that have an SLO applied to them. The issue affected only SLOs created before Tanzu Service Mesh version 1.11.7. Editing the SLO and re-adding the services to the SLO fixed the problem.

• A fix for an issue where under certain circumstances, users could experience slowness while the service dependencies graph was being loaded on the “Service Dependencies” tag of the service details page. This could happen when “Last 30 days” was selected as the metric time range.

Known Issues

• When a user creates an autoscaling policy for a service in simulation mode in the Tanzu Service Mesh UI and then navigates to the service details page, the health status “Error” is shown for the service.

August 31, 2021 (version 1.12.4)

Tanzu Service Mesh version 1.12.4 is a maintenance release that contains minor logging changes to assist in debugging the cluster onboarding process.

Known Issues

• Performance graphs can be missing for services that have an SLO applied to them. The issue affects only SLOs created before Tanzu Service Mesh version 1.11.7. Editing the SLO and re-adding the services to the SLO fixes the problem.

• The following APIs exposed in the API Explorer for future use are currently not supported:

  Autoscaling section of the API Explorer

  Global Namespaces Public Service section of the API Explorer

  • GET /v1alpha1/autoscaling/configs

  • PUT /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • DELETE /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies

  • PUT /v1alpha1/global-namespaces/{gnsId}/public-service/{fqdn}

August 11, 2021 (version 1.12.3)

The release of Tanzu Service Mesh 1.12.3 contains changes to the Global Controller that improve the debugging of issues.

Known Issues

• Performance graphs can be missing for services that have an SLO applied to them. The issue affects only SLOs created before Tanzu Service Mesh version 1.11.7. Editing the SLO and re-adding the services to the SLO fixes the problem.

• The following APIs exposed in the API Explorer for future use are currently not supported:

  Autoscaling section of the API Explorer

  Global Namespaces Public Service section of the API Explorer

  • GET /v1alpha1/autoscaling/configs

  • PUT /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • DELETE /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies

  • PUT /v1alpha1/global-namespaces/{gnsId}/public-service/{fqdn}

July 21, 2021 (version 1.11.12)

This release of TSM 1.11.12 contains stability fixes that ensure compatibility with VMware Tanzu Kubernetes Grid.

Known Issues

• Performance graphs can be missing for services that have an SLO applied to them. The issue affects only SLOs created before Tanzu Service Mesh version 1.11.7. Editing the SLO and re-adding the services to the SLO fixes the problem.

• The following APIs exposed in the API Explorer for future use are currently not supported:

  • GET /v1alpha1/autoscaling/configs

  • PUT /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • DELETE /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies

  • PUT /v1alpha1/global-namespaces/{gnsId}/public-service/{fqdn}

July 19, 2021 (version 1.11.9)

These release notes describe the fixes in the TSM 1.11.9 release.

Fixes

• A fix for a bug found where a backend service became unhealthy. This fix enhances metrics performance. Metric aggregation improvements include enhancements in processing metrics data.

Known Issues

• Performance graphs can be missing for services that have an SLO applied to them. The issue affects only SLOs created before Tanzu Service Mesh version 1.11.7. Editing the SLO and re-adding the services to the SLO fixes the problem.

• The following APIs exposed in the API Explorer for future use are currently not supported:

  • GET /v1alpha1/autoscaling/configs

  • PUT /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • DELETE /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies

  • PUT /v1alpha1/global-namespaces/{gnsId}/public-service/{fqdn}

July 13, 2021 (version 1.11.7)

These release notes describe the new features, enhancements, and fixes in the July 13, 2020 release.

New Features

Export of API Audit Logs to Splunk

You can now send audit logs of calls to the Tanzu Service Mesh APIs to Splunk Enterprise for analysis and visualization of how users in your organization use the APIs.

API Audit Log export requires that you configure an HTTP Event Collector (HEC) input in Splunk Enterprise and provide your HEC configuration through the API.

Amazon CloudWatch and Splunk endpoints are supported for export of API logs.

For more information about export of API logs to Splunk, see the Tanzu Service Mesh product documentation.

Enhancements

Enhanced Service Topology Browsing Experience

You can now view the topology of service in a global namespace or cluster in a separate window for greater ease of use and easier in-window browsing.

You have the option of downloading the service topology information (service incoming and outgoing connections) to a comma-separated values (CSV) file to make this information accessible by users with visual impairments.

For more information about the Topology Browser window, see the Tanzu Service Mesh product documentation.

New Platforms Supported

Tanzu Service Mesh now additionally supports clusters running on these platforms:

• Azure Kubernetes Service (AKS) v. 1.18.17

• Anthos GKE v. 1.19.10

• VMware Tanzu™ Kubernetes Grid™ Integrated Edition 1.11

Note: For details, visit the Tanzu Service Mesh Environment Requirements and Supported Platforms page.

Fixes

• Services fail over to healthy endpoints when any service endpoint becomes unhealthy. If all service endpoints became unhealthy, it was possible for traffic to blackhole for a period of time. With this fix, traffic is guaranteed to be directed to at least one healthy service endpoint at all times, as long as there is a healthy service endpoint.

• Tanzu Service Mesh now properly preserves a mapping rule within a global namespace if a cluster selected in the rule is removed, and another cluster with the same name is then onboarded. Tanzu Service Mesh also supports placeholder cluster names in mapping rules where a user enters the name of a non-existing cluster into a mapping rule and creates the cluster later.

• Fix for an issue where Tanzu Service Mesh did not completely remove a cluster whose onboarding was canceled, which caused the onboarding of another cluster with the same name to fail.

• When users log into the application for the first time in incognito mode, they no longer see a white application screen that flashes for a few seconds.

• Fix for a bug where the service instances table incorrectly showed 0 ms, instead of "–", for non-existing p50 Latency, p90 Latency, and p99 Latency metrics for some of the service instances.

• Added more space between service labels and their nodes on topology view graphs for greater visibility. Also improved styling for when nodes are dragged inside the topology view.

• A fix for an issue where deleting a certificate, health check, or external DNS account that was in use by a public service and then recreating the same certificate, health check, or DNS account will affect the operation of the public service.

• Several enhancements and fixes were made to the UI for improved user experience, including:

  • Improved layout of GNS and cluster cards, modal windows, charts, and hover cards

  • Minor issues with drop-down lists resolved

  • Consistently styled icons used across the UI

  • Consistent use of "Remove" and "Delete" labels across the UI ("Remove" for clusters and "Delete" for other objects)

Known Issues

• Performance graphs can be missing for services that have an SLO applied to them. The issue affects only SLOs created before Tanzu Service Mesh version 1.11.7. Editing the SLO and re-adding the services to the SLO fixes the problem.

• The following APIs exposed in the API Explorer for future use are currently not supported:

  • GET /v1alpha1/autoscaling/configs

  • PUT /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • DELETE /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}

  • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies

  • PUT /v1alpha1/global-namespaces/{gnsId}/public-service/{fqdn}

May 25, 2021 (version 1.10.13)

These release notes describe the new features, enhancements, and fixes in the May 25, 2020 release.

New Features

Enterprise Proxy Support

When onboarding Kubernetes clusters to Tanzu Service Mesh, you can now specify that the clusters communicate with Tanzu Service Mesh Global Controller through an enterprise HTTP/HTTPS proxy. You will need to provide the proxy configuration settings during onboarding, which include the Proxy address, user name, password, and the certificate the proxy presents to secure connections. With this release, Tanzu Service Mesh supports both transparent and explicit proxy configurations. The use of a transparent proxy does not require any special configuration in Tanzu Service Mesh. Once a proxy is configured, communications between your clusters and Tanzu Service Mesh Global controller will be routed through your enterprise HTTP/HTTPS proxy and will be encrypted using TLS.

Enhancements

Days of Metrics Data is Now Available

Tanzu Service Mesh now collects and retains metrics data for your services and nodes for up to 30 days. Additionally, Tanzu Service Mesh Console now allows you to select up to 30 days of metrics from the timeframe selector available on the service graphs, node heatmaps, and performance charts.

Enhanced Performance Charts and Cards

Performance charts have been enhanced for a better user experience and accessibility. You can now hover over data points on a chart to view the metric values and timestamp for each data point. The data shown on charts are automatically updated according to the current data refresh interval.

Metrics Per Service Version

For services, you can now view and compare metrics for individual service versions. You can show and hide the versions by clicking on the legend in the chart. This feature is useful to observe performance characteristics when rolling out a new service version (for example, canary deployment).

New Platforms Supported

Tanzu Service Mesh now supports clusters based on VMware Tanzu™ Kubernetes Grid™ 1.3 and Amazon EKS 1.19.

Note: Visit the Tanzu Service Mesh Environment Requirements and Supported Platforms page.

Fixes

• It is now possible to expose multiple HTTPS public services that have different domain names and that reside on the same cluster on port 443.

• A fix for the bug in the UI where users could not onboard clusters in the onboarding panel because of a backend issue with Tanzu Kubernetes Grid clusters provisioned by Tanzu Mission Control.

• A fix for the bug where the UI froze when a user tried to access the GNS Topology tab after applying a custom topology and adding new nodes.

• The topology thumbnail view on a global namespace card was enhanced to accommodate multiple clusters in a global namespace when a user applies a custom topology layout.

• A fix for the bug where an endless spinning loader was shown for some of the charts when a user selected the Show All option on the Performance tab.

• A fix for the bug where the Generate Security Token button in the Onboard Clusters panel became unavailable after a user entered a cluster ID of more than 28 characters.

• A fix for the bug where after creating a global namespace, on the details page for the new global namespace, a user could see the topology graph for another global namespace.

• Fixed a bug where on the Service Mapping page of the Edit Global Namespace wizard, the Next button was unavailable on a slow Internet connection.

• Fixed a bug that caused the Sort drop-down list on the active GNS Overview tab to disappear.

• Fixed a bug where the Edit Global Namespace wizard incorrectly selected the No Public Services option for a global namespace that has a public service configured in it.

• Fixed a bug where the y-axis of the chart in a node card showed incorrect label values.

• A fix for a bug where refreshing the service details page caused the performance charts to show no data although some of the services in the service group had traffic.

• Fixed a bug where the node heatmap view for the Group by Cluster grouping sometimes showed the cluster IDs instead of cluster names.

• Fixed overlapping nodes on the cluster topology thumbnail view on the Cluster Overview tab.

• Fixed a bug that caused blue dots to appear on the graph line in the Services box on the top metrics bar.

• Hovercards across Tanzu Service Mesh were modified to always show a metric graph for the last 5 minutes in the chart. This resolves the bug where the graph appeared squeezed-together in the chart if the Last 1 hour time range was selected for the cluster's service topology graph on the Service Topology tab.

Known Issues

• Deleting a certificate, health check, or external DNS account that is in use by a public service and then recreating the same certificate, health check, or DNS account will affect the operation of the public service. If you need to delete such a certificate, health check, or external DNS account, the workaround is to also delete and re-create the referencing public service.

• Tanzu Service Mesh does not preserve a mapping rule within a global namespace if the cluster selected in the rule is removed, and another cluster with the same name is then onboarded. This causes issues with the global namespace topology view. As a workaround, select the other cluster in the mapping rule by editing the global namespace.

March 16, 2021 (version 1.9)

These release notes describe the new features, enhancements, and fixes in the March 16, 2021 release.

New Features

Public Services

Global Namespace now includes an option to define a Public Service. A Public Service provides a foundational building block to enable various use cases, including application continuity and cloud bursting. A Public Service is a service that is within a Global Namespace and is exposed outside of the Global Namespace to allow end users or services to access the service.

You configure a public service as part of the global namespace configuration. You set the URL at which the service will be accessible and, optionally, settings for checking the health state of the service. You can expose a public service as a secure service (over HTTPS) or an unsecure service (over HTTP).

For more information about public services, see the Using Tanzu Service Mesh documentation.

Enhancements

• Cluster Names and Cluster IDs are now displayed on the UI. Users can modify display names for their clusters.

• If no clusters have been onboarded, the message "No clusters have been onboarded yet. Please onboard a cluster" with a link to the cluster onboarding panel is prominently displayed at the top of the Home page.

• The onboarding of a cluster can now be canceled at any point during the onboarding process.

• The GNS Details page now shows the mTLS status for the services in the GNS.

• Cards on the GNS Overview and Cluster Overview tabs are now by default sorted by "Name" and "Low to High."

• Several enhancements were made to improve the look of UI, including enhanced color and styling of notices, warnings, and alerts.

Fixes

• If upgrades are not available for a cluster because it is using an unsupported version of Kubernetes, the Software Updates page now shows an appropriate message.

• If a user selects the "Is Exactly" operator for a namespace exclusion when onboarding a cluster, this selection is now preserved for the namespace exclusion in the Edit Cluster dialog box.

• The Service Details page now shows a correct SLO status (for example, "Healthy") for a service that is a member of a service group for which an SLO was created.

• The metrics bar at the top of the Home page now shows correct data for services, service instances, nodes, and clusters.

• Resource details pages (for example, service details pages and cluster details pages) are immediately deleted from the UI for an application or cluster that is removed.

• An onboarded cluster that was not shown in the UI under certain conditions is correctly shown in the UI.

• A namespace exclusion defined for a cluster in Tanzu Mission Control is now shown in the Edit Cluster dialog box in Tanzu Service Mesh.

• A fix for a bug where the Cluster Name field in the Edit Cluster dialog box was empty under certain conditions.

• The Nodes drop-down list on the Node Heatmap tab of the Home page no longer displays "Node Groups" and correctly displays the names of individual nodes.

• A health status of "Unknown" no longer appears at the top the Service Details page for a service that doesn't have any SLOs created for it.

• The Software Updates page correctly displays cluster rows after a cluster is deleted and then re-attached to Tanzu Service Mesh.

• A user no longer receives an error after clicking the Tanzu Mission Control link on the cluster details page.

• When a user enters the name of a non-existing cluster on the Mapping Rules page of the Global Namespace Wizard, a message "Add new cluster" is shown instead of "No items found."

• When a user changes the target time percentage for an SLO for a service group, the performance graph on the service details page for a service group member is correctly updated with the new target percentage.

• Fix for a bug where a global namespace card showed an incorrect number of services and service instances for a global namespace that had all the services and service instances deleted from it.

• Cluster cards on the Cluster Overview tab and global namespace cards on the GNS Overview tab, which represent global namespaces created using exactly the same clusters, now consistently show the same counts of services and service instances.

• After a cluster with no services is onboarded, the Onboard New Cluster button no longer appears on the Services Cards and Infrastructure Cards tabs of the Performance page.

• If any changes occur in the status of the autoscaling configuration, the status is now updated in the response from the API.

• Fix for a bug that caused the Service Topology tab for a cluster and the cluster details page to show different counts of services.

• Fix a for a bug where the Service Instances field on the service version details page appeared empty under certain conditions.

• The metrics bar on the Home page shows the counts of service instances, nodes, and clusters that are consistent with the corresponding counts on the cluster cards.

• Fix for a bug where the Infrastructure table on the service group details page showed incorrect information about nodes for a service group.

• Fix for a bug where, under certain conditions, metrics were not shown in the cluster topology graph on the cluster details page.

• Fix for a bug that caused all clusters to disappear from the UI under certain conditions.

• The application no longer occasionally hangs after a new service is added to a cluster and a user applies a custom layout to the topology view of service versions on the cluster details page.

• Fix for a bug where under certain conditions the SLO violation chart showed violations of the SLO whereas the corresponding SLI chart didn't show the same violations.

Known Issues

• Deleting a certificate, health check, or external DNS account that is in use by a public service and then recreating the same certificate, health check, or DNS account will affect the operation of the public service. If you need to delete such a certificate, health check, or external DNS account, the workaround is to delete and re-create the referencing public service.

  Notes

  • If you try to delete a certificate, health check, or external DNS account that is in use by a public service, the deletion dialog box displays a warning and lists the affected public services.

  • The issue does not affect certificates, health checks, or external DNS accounts that are not used in public services.

• Currently, it is not possible to configure different domains on port 443 for two or more HTTPS public services that reside on the same cluster. The workaround is to use a wildcard (*) for the subdomain and make sure that the top-level domains of the URLs match OR ensure that only one domain is exposed per cluster. For example, for two public services shopping.acme.com and cart.acme.com on the same cluster, you can specify this URL: *.acme.com. The wildcard will match both subdomains.

December 10, 2020 (version 1.8)

This update to VMware Tanzu Service Mesh contains new features, enhancements, known issues, and fixes.

New Features

Service Mesh Lifecycle Management

In addition to automated installation, Tanzu Service Mesh now automates the service mesh upgrades and rollbacks. Tanzu Service Mesh UI includes a Software Updates page where platform operators can see at a glance whether each of their clusters is running the latest version of Tanzu Service Mesh. If a cluster is out of date, the operator can choose to upgrade it to a newer version of Tanzu Service Mesh. If an upgrade fails for some reason, Tanzu Service Mesh automatically rolls back to the previous version. Operators also have the option of initiating a rollback from the Software Updates page. 

For more information about upgrades and rollbacks, see the Using Tanzu Service Mesh documentation.

VMware Tanzu Mission Control Integration

Tanzu Service Mesh is now integrated with Tanzu Mission Control. This initial integration allows platform operators to manage the lifecycle (install, upgrade, rollback, remove) of the Tanzu Service Mesh running inside clusters managed by Tanzu Mission Control. Platform operators can trigger Tanzu Service Mesh lifecycle management functions through the Tanzu Mission Control UI, CLI, or API. Additionally, from the Tanzu Service Mesh UI, operators can link to Tanzu Mission Control to view cluster details, and from the Tanzu Mission Control UI, operators can link to Tanzu Service Mesh to see service mesh details.

For more information about enabling Tanzu Service Mesh LCM in Tanzu Mission Control, see the Using Tanzu Service Mesh documentation.

Service Level Objectives (SLOs) - TECH PREVIEW

Service level objectives (SLOs) provide a formalized way to describe, measure, and monitor the performance, quality, and reliability of microservice applications. SLOs provide a shared quality benchmark for application and platform teams to reference for gauging service level agreement (SLA) compliance and continuous improvement.   

For more information about SLOs in Tanzu Service Mesh, see Service Level Objectives with Tanzu Service Mesh User's Guide.

Service Autoscaling - TECH PREVIEW

With Tanzu Service Mesh Service Autoscaler, application developers and operators can have automatic scaling of microservices that meet changing levels of demand based on metrics, such as CPU or memory usage. These metrics are available to Tanzu Service Mesh without needing additional code changes or metrics plugins.

For more information about service autoscaling in Tanzu Service Mesh, see the Service Autoscaling with Tanzu Service Mesh User's Guide.

Enhancements

• Application operators can now select specific Kubernetes namespaces in which to enable service mesh capabilities (that is, enable automatic sidecar injection).

• A new Tanzu Service Mesh operator monitors the status and health of the service mesh data plane components running in the cluster and self-heals the components as needed.

• Tanzu Service Mesh now supports clusters based on VMware Tanzu™ Kubernetes Grid™ 1.2 (which uses Kubernetes 1.19).

• Tanzu Service Mesh now supports clusters based on VMware Tanzu™ Kubernetes Grid™ Service (VMware vSphere® 7.0.0).

• The Home page now features three tabs: GNS Overview (shows global namespace cards with summary information), Cluster Overview (shows cluster cards with summary information), and Node Heatmap (displays node metrics (for example, CPU and memory usage) and correlates services to nodes).

• When a user moves away for one service details page to another, the focus automatically moves to the top of the page.

• The Cluster Onboarding window now offers an option to retry a failed Tanzu Service Mesh installation.

• Several enhancements were made to optimize GraphQL queries involved in the rendering of global namespace and cluster topologies. 

• Several UI accessibility improvements were made, including interactions with buttons, modals, and accordions. 

• The Tanzu Service Mesh account setup window now displays the latest product logo at the top.

Fixes

• Tanzu Service Mesh now installs without issue on Tanzu Kubernetes Grid Integrated Edition 1.9 clusters.

• The Service Preview list in the Global Namespace wizard now correctly shows services in a two-column list.

• Service group display names, not service group IDs, are displayed on the Performance page and the Node Heatmap page when nodes are grouped by Service Group. 

• Results of a GraphQL query do not disappear when a user changes the theme of the Tanzu Service Mesh Console.

• The Error Rate column in the Service Instances table no longer shows 0 eps for services in a service group for which error rate data is available.

• Autocomplete functionality in GraphQL Playground is functioning properly.

• Users are no longer logged out when running a query in GraphQL Explorer. 

• Users can now navigate to previously visited pages in the browser's back history from the Home page. 

• Tables are now using the same name format for the latency column headings (for example, p50 Latency).

• The UI is correctly showing the health status of a global namespace.

• Only the Tab key can now be used to set the focus on a UI element. 

• The hover behavior in topologies highlights the node being hovered over.

• The grouping by global namespace now works correctly in node heatmaps.

• Table column widths now accommodate long values.

• The service name is now shown in the Service Details field on the Details tab of a service card when a user points to a service or service version.

• Switching between the tabs on the Performance page takes less time.

• Retrieval of data for the Global Namespace Details page is improved to show a Loading indicator only once.

• The Service Groups filter on the Performance page now works correctly.

• In table columns, now only values that go to another page or open a hover card appear as links.

• Zoom settings are now correctly applied to cluster topologies when a user switches between showing and hiding service versions.

• Zoom settings are now correctly applied to global namespace topologies when a user switches between showing and hiding service versions.

Known Issues

• Tanzu Service Mesh currently has a limit of up to 25 clusters. If platform operators attempt to exceed this limit, the cluster onboarding process automatically fails. The Tanzu Service Mesh Console UI does not have an explicit notification that the limit has been reached, although users can view the total cluster count in the UI. 

  Both of these issues will be addressed in the next release. (Tanzu Mission Control Console UI does have a notification indicating the number of clusters with Tanzu Service Mesh, and whether the 25-cluster limit has been reached.)

• SLOs created against service groups are not yet visible on service group details pages. They are still visible on the service details page of a service that is a service group member.

• When a cluster is using an unsupported version of Kubernetes, the Software Updates page shows a status of "Out of Date" for the cluster, but does not offer a way to upgrade the service mesh running in the cluster.

  A notification to update the Kubernetes version will be added to the Tanzu Service Mesh Console UI.

• When a user deletes a cluster from the TSM console, it may take a few minutes for the cluster to be removed from the display. This will be fixed in a subsequent release.

October 12, 2020 (version 1.7)

Enhancements

• Tanzu Service Mesh now supports VMware Tanzu Kubernetes Grid Integrated Edition 1.9. 

• Tanzu Service Mesh Lifecycle Manager Operator reconciles / re-deploys agent components if they are accidentally removed from an onboarded cluster. 

• Minor changes to the Service Mapping step of the Global Namespace wizard, including reversing the order of the cluster and GNS mapping rules. 

• Accessibility enhancements to enable mouse-free navigation through the UI using the Tab key. 

Fixes

• Fixes a case where the pop-up window displayed "undefined," rather than the original onboarding URL, when cluster onboarding is cancelled. 

• Fixes duplicates of the same services being displayed when creating a new service group or new global namespace. 

• Fixes cases where a blank or empty onboarding URL was shown in the Onboard Clusters dialog box. 

• Fixes the CPU Usage Milli Cores and Memory Usage Byte columns incorrectly displaying values of zero in the Services or Service Instances table.

• Fixes the Save button is disabled in the Edit Service Group dialog box for a service group created through a POST request via the API

• Fixes zero values being displayed in the Services, Service Instances, Clusters, and Nodes columns on the Service Groups tab in Inventory. 

• Fixes the Save and Cancel buttons not being visible in the New Service Group dialog box after a user added several membership conditions. 

• Fixes a continuously spinning progress indicator when logging into Tanzu Service Mesh for the first time.

• Fixes the UI failing to report the status of tenant registration and continuously showing a progress spinner. 

• Fixes a case where newly created global namespaces did not immediately show on the Global Namespaces tab of the Home page. 

• Fixes various style and text inconsistencies in the Service Group deletion and new Service Group dialog boxes. 

• Fixes an issue where the "Node Name" column was incorrectly displayed in the Services table. 

• Fixes the UI displaying "No metric" when a user clicked the "Cards" display for Services. 

• Fixes a case where a user gets an empty service group description and empty membership conditions in the Edit Service Group dialog box. 

• Fixes an issue preventing users from using spaces in a service group name. 

• Fixes Membership Conditions automatically collapsing when a user clicks in a membership condition on the Service Group Details page. 

• Fixes the global namespace topology graph displaying overlapping services or services placed outside their clusters. 

• Fixes an issue where a user had to refresh the page manually or wait until the next automatic data refresh for an edited description of a service group to appear.

August 20, 2020 (version 1.6)

New Features and Improvements

• Integration with VMware Tanzu™ Mission Control™. You can now deploy Tanzu Service Mesh on clusters managed by VMware Tanzu Mission Control. For more information, see Native Support for TMC clusters.

• You can get visibility into the overall health of your global namespaces. For more information, see Global Namespace Health Checks. 

• Improved cluster offboarding: cluster data is immediately removed once offboarding is complete.

• Completed operations are automatically removed from the task panel in the lower-right corner of the UI after a configured time.

• Accessibility improvements to cluster onboarding UI, the Resource Groups page, and the Global Namespace Wizard for users with visual or motor impairments.

Feature Highlights

Global Namespace Health Checks

Release 1.5.6 introduces a new feature—Global Namespace Health Check. This feature periodically checks the configuration in a global namespace and reports any errors or out-of-sync conditions.

Native Support for TMC clusters

Release 1.5.6 introduces support for TMC clusters. Application operators can onboard clusters managed by TMC to Tanzu Service Mesh and use the capabilities around observability, discovery, and security. In older versions of Tanzu Service Mesh, users were expected to configure pod security policies for the TMC cluster. This is no longer needed from version 1.5.6.

Fixes

• A user was unable to create a global namespace because an incorrect version of the API was used. The use of the correct API version fixed the issue.

• The Welcome to Tanzu Service Mesh window closed before the tenant registration was complete. Now the Welcome to Tanzu Service Mesh remains open until the tenant registration is complete. Once tenant registration is complete, the Home page is displayed, and the Welcome to Tanzu Service Mesh window is hidden. 

• If a cluster had a large number of services, that caused nodes in the service topology view to overlap. The performance and scalability of service topology views have been improved to avoid overlap of nodes.

• A deleted cluster is removed from cluster counts in metrics and the Clusters table.

• Bug fixes related to metrics for duplicate services and service with null data.

• Fix for a bug where the user cannot create a new service group under certain conditions.

• Fixes for bugs with custom topology layouts.

• After a cluster, global namespace, or resource group is deleted, it's now properly removed from the UI.

• Fix for a bug where, after a successful login, the application is unable to locate the user's preferences.

• When a user hovered over a service in the Services table, an empty service details card was displayed. Now the service's details are correctly shown on its card when a user hovers over it in the Services table.

• Sometimes a user was unable to expand a message header in the task panel at the lower right to see the whole message. Now a user can see the whole message expanded by clicking the header.

• When a user clicked Remove Cluster, the UI didn't provide a progress indicator for the cluster removal or notification that a background process was running. Now when a user clicks Remove Cluster, a job starts in the background, and a progress indicator appears in the lower-right corner of the UI. The indicator shows a meaningful message that reflects the actual progress of the cluster removal. 

• A user could previously provide the same domain name for multiple global namespaces. Validation for a unique domain name was added. Now when a user enters a non-unique domain name, an error message appears prompting the user to enter a unique name.

July 13, 2020 (version 1.5)

New Features and Improvements

• Backend enhancements to improve stability and high availability of the platform.

• Added versioning support for the Tanzu Service Mesh API.

• New Onboarding and Offboarding APIs for the Tanzu Service Mesh Cluster Lifecycle Manager.

• Tanzu Service Mesh UI and Backend Service now use v1alpha APIs for creating a global namespace.

Fixes

• Fixed Istio's Mixer component, which caused incorrect metrics reporting.

• Fixed corner cases of when services sometimes go missing from a Global Namespace (GNS).

• Fixed Istio secret discovery service (SDS) intermittently fails to push key/cert pair needed for mTLS configuration in TSM Service.

• Fixed intermittent crash in the registration service when unregistered a tenant.

• Fixed loader spins for first time on-boarding experience when there are no clusters.

• Fixed service topology issues where topology does not show selected services in global namespaces and clusters.

June 5, 2020

New Features and Improvements

• Added animated transitions and UI usability enhancements to the Global Namespace topology.

• Cluster Lifecycle Management (CLM)

  • Enhanced usability by adding validation of client clusters during the onboarding process, including failure states.

  • Enhanced monitoring and debugging of client clusters by migrating existing state (Istio state and connected fields) to the new richer cluster status format.

  • Added logic for fetching client cluster logs (TSM agent, Istio, DNS, etc.) directly via TSM APIs for troubleshooting and cluster support.

• Added support for Istio 1.4.

Fixes

• Bug fix to reduce the header size from previous cookie sessions.

• Bug fix to display an API error when session token gets expired.  

• Bug fix to display selected metric preferences for GNS topology.

• Bug fix to show empty state placeholder text “No Namespaces” if no namespaces are returned in Home page.

• Bug fix to add missing “rps” to the unit topology for zero value.

• Bug fix to address cluster deletion from UI.

See Tanzu Service Mesh Environment Requirements and Supported Platforms.