Tanzu | 15 FEB 2022

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

  • About VMware Tanzu Service Mesh
  • What's New in This Release
  • Tanzu Service Mesh Environment Requirements and Supported Platforms

About VMware Tanzu Service Mesh

VMware Tanzu™ Service Mesh™, built on VMware NSX®, is VMware's enterprise-class service mesh solution that provides consistent control and security for microservices, end users, and data—across all your clusters and clouds—in the most demanding multi-cluster and multi-cloud environments.

To learn more about Tanzu Service Mesh, visit the Tanzu Service Mesh product page or contact your VMware account executive for free trial.

What's New in This Release

July 5, 2022 (version 1.15.1)

These release notes describe the Tanzu Service Mesh 1.15.1 release.

Enhancements

External Services

With the 1.15.1 release, Tanzu Service Mesh can access services that are configured outside of the mesh, for example, third-party database services can be accessed by services within a global namespace. External services can run on virtual machines, external Kubernetes clusters, Tanzu Application Service environments (TAS), lambda functions, or even on bare metal, and can be accessed over TCP, TLS, HTTP, or HTTPS. External services can have multiple endpoints, and load balancing can be done between them.  The round-robin load balancing mechanism is currently set as the default, and users do not need to configure additional load balancing schemes in the UI. Tanzu Service Mesh provides detailed information to help you monitor the performance of an external service using performance metrics. External Service traffic can be observed in GNS Topology, as well as on the external service Performance page.

Wildcard Support for External Services 

External service wildcard support in Tanzu Service Mesh Global Namespace allows services inside Tanzu Service Mesh global namespace to connect to external servers whose hostnames are in wildcard format (e.g. *.google.com, *.wikipedia.com). With wildcard support, we can choose exactly which servers to connect to among the set of wildcard servers. Tanzu Service Mesh currently supports matching subdomains of external service hostnames using wildcards.

Notice:

Check out the External Service documentation for more information on how to create/edit external services, monitor their performance, and wildcard support. 

Other Enhancements

  • Enhancements to the egress gateway to process forwarded domain traffic from mesh.
  • Enhancements in the pod association with the correct service version for handling external service traffic.
  • Changes to the query manager to continue fetching SLO and autoscaling registered decisions from the TSM SaaS timescale database.
  • Improved observability/metrics integration with external services. 
  • Envoy-filter for egress gateway enables patching the cluster to use a specific TLS version for upstream traffic.
  • Updated Photon 4 images to the latest version, so there are fewer vulnerabilities.
  • Upgraded TLS version to 1.2.
  • Support for Splunk configuration has been added to the External Resource API.
  • Implementation of policy and telemetry channels using the Ingress Gateway.
  • Update of Kube manifests API to 1.16 from 1.15.
  • Upgrade of Istio to 1.6 across all SaaS environments.
  • Support for operator proxy.

Fixes

  • A fix for custom registry operator.
  • Fixes to external services access failure in Istio 1.12.2.
  • Fixes to make external services available through host and service ports.
  • Fixes to pagination issue in the Service Table to display the total records.
  • Fixes to prevent crashes during policy deletion.
  • A Fix for TCP external services issue.
  • Fixes to the UI to display the correct external service topology for a single GNS Multicluster configuration.
  • Fixes to remove spurious information from the Service status bar.
  • A fix for the external service configuration issue.
  • Fixes to the Cluster Details page to display all metrics.
  • Correction of the mismatch between the actual attack count and tooltip display on the Security Event page. 
  • A fix to ignore data from removed clusters in the GNS topology and Connections tabs.
  • A fix for rounding off time in Security Events.
  • A fix is made to list cross-cluster TCP connections.
  • Fixes to display outgoing APIs in the Connections tab for cross-cluster configuration.

Known Issues

  • To access wildcard support for external services, there must be a live www subdomain server in the list of external servers. 
  • For multiple service endpoint configurations, the service port and the gateway port should not be the same.
  • A failure occurs when the same external service is configured in multiple GNSs.
  • A multi-namespace GNS cannot be configured in the same cluster for an external service.

March 29, 2022 (version 1.14.10)

These release notes describe the Tanzu Service Mesh 1.14.10 release.

Enhancements

AVI Proxy

Prior to release 1.14.10, a requirement for integrating TSM with NSX Advanced Load Balancer (formerly known as Avi Networks) was that the Avi API should be publicly exposed so that there will be a direct connection between the TSM global controller and Avi controller. In this release, users can specify one or more clusters to connect with the Avi Instance via cluster labels. Cluster labels are used to identify clusters that may potentially be used by TSM SaaS to connect to Avi controller(s).  Note that this functionality requires Kubernetes clusters to have network connectivity to the Avi Instance running on the infrastructure. Any connectivity or authentication issues will be displayed on the Integrations page of the Tanzu Service Mesh Console UI.

In this regard, we address:

  • Connectivity requirements for integrating Avi API through a proxy.
  • Support for reporting proxy connectivity status for an external account via API.
  • Support for rich application metrics in the Avi connector.

Custom Registry Support 

Release 1.14.10 adds support for customer-owned registries for cluster onboarding. Users can now specify a private/local enterprise registry from which Tanzu Service Mesh data plane images are pulled, as well as its location and credentials. New features in this release include:

  • Support for creating a new customer image registry account and using secret authentication.  
  • Support for referencing an existing customer registry when onboarding a cluster. In addition, a customer registry account can be created from the cluster onboarding page if one does not already exist, and only one customer registry account can be referenced per cluster.

Additional notes:

  • At this time, a customer registry definition already used for cluster onboarding cannot be edited. The registry definition can be deleted by the user, but the clusters that have been onboarded with the registry must be re-onboarded to the TSM service. A warning about this implication will show up when one tries to delete the definition.

Notice:

As a prerequisite for onboarding a cluster using Tanzu Service Mesh images from your private registry, you need to mirror the required repositories from the TSM's public ECR registry located at public.ecr.aws/v6x6b8s5. For private registries that do not support mirroring, download the images from TSM's public ECR registry and push them into your private registries. In the last section, you will find the list of images and repositories. The TSM image list varies for each data plane release.

Application Onboarding Improvements - Support for Stateful Sets

Support for stateful components that rely on data services for storing state and data is provided using a distributed database management system for improved scalability, availability, consistency, and resiliency; and an advanced messaging system for low latency and high throughput. Stateful services can reside on a single cluster or multiple clusters. RabbitMQ and MongoDB have been tested and verified using de-facto standard operators in some specific configurations. Currently, other data services have not been validated and may not function as expected. Data services will be tailored to the specific needs of each customer.

Multiple Namespace in a GNS

Previously, applications in a global namespace had to contain all their services in one namespace. In this release, this constraint has been lifted and Tanzu Service Mesh now supports adding services from multiple namespaces. In this way, users can choose any namespace in a Kubernetes cluster to add to the global namespace. This release is fully compatible with the following features which use multiple namespaces: Cross Cluster Traffic, Observability, and Public Services. Future releases will add support for additional features such as ACP, API Security, Traffic Management, SLO, and Auto Scaling.

Other Enhancements

  • Support for Tanzu Service Mesh TMC Operator in Kubernetes 1.22.
  • Support for Istio 1.12.
  • Support for VMware Tanzu™ Kubernetes Grid™ 1.5.
  • Consolidation of Tanzu Service Mesh images into one public image repository.
  • Improvements to the health status of integration configuration.
  • Support for new TMC stack in operator pipeline.
  • Consolidation of all Tanzu Service Mesh images into the ECR public repository.
  • Updated all data plane images to the latest Photon 4 OS images version to reduce vulnerabilities.
  • Assuring users configure trust domains for Tanzu Service Mesh integration with CA.
  • Improvements to API discovery.

Fixes

  • A fix for metrics displayed on the Clusters page.
  • A fix to exclude some namespaces.
  • Update of the label "Proxy Location: <some value>".
  • Fixes for cache issues.
  • A fix for the display of unhealthy cluster status.
  • Fixes for the regex issue in Safari.
  • Fixes for memory leak in subscriptions.
  • A fix to load events topology from Service version view.
  • Updates to autoscaling policies to accurately display data after the upgrade.
  • Fixes to include Disk Wait on the Service Group details page.
  • Improvements to keyboard navigation.
  • Corrections to accessibility audits.
  • A fix to exclude namespaces during cluster onboarding.
  • A fix for heap memory allocation issue.
  • Fixes for crashloops in Avi connectors.
  • A fix to enable Auto-scaling for instances with SLO policies.
  • A fix for UI theme changes when navigating.
  • A fix for crash loop when onboarding OCP 4.7.8 cluster.
  • Fixes for tenant API gateway cache issue.
  • A fix for GNS failover issue in Tanzu™ Kubernetes Grid™ on vSphere.
  • A fix for liveliness/readiness probe failure.
  • A fix for issue with Envoy sidecars not processing the filters.
  • Fixes for custom registry issues.

Known Issues

  • Logging into Avi Networks using incorrect credentials results in a 401 error, and one workaround for this is to change the account profile used for the integration to No-Lockout-User-Account-Profile in the Avi controller's user administration settings.
  • At present, TSM does not support visualizing TCP traffic across clusters.
  • Potential for inconsistency with routing for multiple namespaces when there are multiple services with the same name, causing GNS to enter into warning mode.
  • A multi-namespace GNS cannot be configured in the same cluster for an external service.

To mirror: list of repositories

  • public.ecr.aws/v6x6b8s5/config-service
  • public.ecr.aws/v6x6b8s5/k8s-cluster-manager
  • public.ecr.aws/v6x6b8s5/metrics-proxy
  • public.ecr.aws/v6x6b8s5/telegraf
  • public.ecr.aws/v6x6b8s5/tsm-agent-operator
  • public.ecr.aws/v6x6b8s5/vmwareallspark/install-cni
  • public.ecr.aws/v6x6b8s5/vmwareallspark/mixer
  • public.ecr.aws/v6x6b8s5/vmwareallspark/pilot
  • public.ecr.aws/v6x6b8s5/vmwareallspark/proxyv2
  • public.ecr.aws/v6x6b8s5/vmwareallspark/service-mesh-installer
  • public.ecr.aws/v6x6b8s5/vmwareallspark/service-mesh-manifests
  • public.ecr.aws/v6x6b8s5/ws-client
  • public.ecr.aws/v6x6b8s5/deployment_utils

To download: list of images

  • public.ecr.aws/v6x6b8s5/config-service:2294257dfbb51d081bb7a69dad80dedd4ee6a0ff
  • public.ecr.aws/v6x6b8s5/k8s-cluster-manager:v4.4.1
  • public.ecr.aws/v6x6b8s5/metrics-proxy:v3.2.0
  • public.ecr.aws/v6x6b8s5/telegraf:1.18.3
  • public.ecr.aws/v6x6b8s5/tsm-agent-operator:v3.5.0
  • public.ecr.aws/v6x6b8s5/vmwareallspark/install-cni:1.12.2-release-tsm-advance-distroless
  • public.ecr.aws/v6x6b8s5/vmwareallspark/mixer:1.7.3-custom-mixer-0.1-distroless
  • public.ecr.aws/v6x6b8s5/vmwareallspark/pilot:1.12.2-release-tsm-advance-distroless
  • public.ecr.aws/v6x6b8s5/vmwareallspark/proxyv2:1.12.2-release-tsm-advance-distroless
  • public.ecr.aws/v6x6b8s5/vmwareallspark/proxyv2:1.7.3-distroless
  • public.ecr.aws/v6x6b8s5/vmwareallspark/service-mesh-installer:v0.4.0
  • public.ecr.aws/v6x6b8s5/vmwareallspark/service-mesh-manifests:tsm-v5.0.4
  • public.ecr.aws/v6x6b8s5/ws-client:v3.3.0
  • public.ecr.aws/v6x6b8s5/deployment_utils:8d8b5b1d

Refer to the relevant data plane version 5.0.4 release note.

February 15, 2022 (version 1.14.0)

These release notes describe the Tanzu Service Mesh 1.14.0 release.

Enhancements

Traffic Management

This release brings in Tanzu Service Mesh traffic management APIs, which gives users the ability to define traffic shifting policies for services in a global namespace (GNS). The combination of traffic management policies with global namespaces, gives users the ability to define progressive upgrades for applications deployed in a global namespace across regions and clusters. Policies are defined in a central location and allow users to perform canary, and blue green upgrades for public as well as internal services. See our recent blog post for additional information.

Other Enhancements

  • Improvements to secrets management.
  • Updates to deployment of backend services.
  • Improvements to application metrics.
  • API updates which include:
    • Enhancements to communication with client clusters.
    • Initial support for specifying clusters to be targeted by Avi proxy; initial support is for one cluster, with forthcoming support for a list of clusters.
  • Improvements to SaaS controller services on synching cluster details.
  • Support for private docker registry, which can be specified at cluster onboarding.
  • The Tanzu Service Mesh Console UI has a integrations details page, and now displays a health check status for each integration in the integration tab.
  • Improvements to the processing of autoscaling policies.

Fixes

  • A fix for a duplication of configuration seen with a custom CoreDNS setup. Affected platform: VMware Tanzu™ Kubernetes Grid™ running on Azure Kubernetes Service (AKS) version 1.18.7 with CoreDNS 1.6.7.
  • Improvements to the data model including increased message size.
  • A fix for Global Namespace, which includes upgrading public service objects to ensure they are compatible with new DNS structure requiring health checks.
  • Stabilization and reduction in time for tenant registration.
  • Improvements to services responsible for service level objectives (SLOs).
  • A fix for metrics aggregation.
  • Fixes in the Tanzu Service Mesh Console UI:
    • Autoscaling policy display improvements.
    • Public services' subdomains display.
    • A warning is now displayed when deleting an integration that is in use by a public service.
    • Redirection after service group deletion is corrected to service group table.
    • Global namespace scoped API call is now correctly displayed in service version details page.
    • Upon deletion of a public service on the public service table, a notification of successful deletion now is displayed.
    • General improvements to loading and dynamic display.
    • An issue seen with some Safari versions.

Known Issues

  • The average value of CPU usage milli cores displayed at the top of the instance autoscaling chart is not displaying the average based on the values over the current duration in the chart.

January 26, 2022 (version 1.13.9)

These release notes describe the Tanzu Service Mesh 1.13.9 release.

Fixes

  • Fix for the login to the Tanzu Service Mesh Console UI during the new customer onboarding process.

January 26, 2022 (version 1.13.8)

These release notes describe the Tanzu Service Mesh 1.13.8 release.

Enhancements

  • This release includes maintenance in the Tanzu Service Mesh SaaS backend.

December 20, 2021 (version 1.13.7)

These release notes describe the TSM 1.13.7 release.

Fixes

  • Fix for a bug introduced in 1.13.6 in relation to CPU millicore calculations in autoscaler configuration.

December 15, 2021 (version 1.13.6)

These release notes describe the TSM 1.13.6 release.

Enhancements

  • When a user navigates to the SLO Dashboard and then clicks on the "Full Page", the user should now see a breadcrumb such as Home >GNS Name>SLO Name added to the SLO Dashboard page.
  • In the SLO configuration wizard for org scoped monitored SLOs, while attaching service group(s), it validates that the service group exists. This change will be reflected in the drop down of the service group field in the SLO policy configuration wizard.
  • Improvements to the synchronization of Tanzu Service Mesh inventory and Kubernetes state.
  • Updates to role-based access control (RBAC) on client clusters. This change includes utilizing Roles to define minimal permissions within a specific namespace.
  • Customer required images are available in public ECR.

Fixes

Tanzu Service Mesh version 1.13.6 is a maintenance release that contains performance enhancements and minor Tanzu Service Mesh UI improvements:

  • Fix for occasional "No Data" issue in autoscaler and SLO charts caused by some internal caching issues.
  • When a user creates an autoscaling policy for a service in simulation mode in the Tanzu Service Mesh UI and then navigates to the service details page, user can now see the correct health status instead of "Error".
  • Fix for accessibility issues with the SLO chart content when a user resizes the viewport to a narrow view.
  • In the autoscaling policy configuration wizard, the autoscaling metric dropdown text will now display a consistent text style.
  • Fix for occasional empty services in SLO dashboard when a user navigates back and forth between the various tabs of the dashboard.
  • Fixes for the UI that include refresh improvements for performance charts and instance tables with a large number of elements.
  • A fix in the UI where multiple service groups resulted in broken layout on dropdown selection.
  • A fix in the UI for service topology rendering and cluster overlay which resulted in services appearing to be orphaned.
  • A fix in the UI which enables RPS by default in the Service Topology.
  • Improvements in the display of the status of cluster upgrades in the UI.
  • Improvements in the display of public services health checks in the UI.
  • Listing resource group services now returns a list of only application-specific services instead of all Kubernetes or system services.

Known Issues

  • Tenants with DNS integrations with large numbers of DNS records (30K+) results in the UI not loading.

November 15, 2021 (version 1.13.3)

These release notes describe the TSM 1.13.3 release.

Enhancements

Global Server Load Balancer (GSLB) and Application Continuity

This release enhances the support of the Application Continuity use case in Tanzu Service Mesh by adding support for new GSLB algorithms. Users can now publish their services outside the global namespace and configure the high availability algorithm to be based on Round Robin (default), Weighted Round Robin, or Active Standby. Furthermore, the integration is now available for NSX Advanced Load Balancer (formerly Avi Networks). This release also adds support for configurable health checks on public services. Health checks are performed at a configurable interval and monitor each endpoint of the application deployed across multiple clusters or clouds.

Applications can be exposed to the outside world, in a highly available manner, by configuring and exposing a GSLB service within a global namespace. Tanzu Service Mesh (TSM) automates the process of initial application publishing, and automatically discovers new deployments of a service; this streamlines and reduces time to publish and supports use cases where applications expand to new clusters and sites. The service mesh adapts to additional instances by automatically updating the GSLB configuration. With GSLB TSM integration, TSM can detect problems with applications deployed in the global namespace that are not visible to traditional GSLB services and initiates a failover to the healthy service. Therefore, the combination of TSM and GSLB increases the resiliency of the deployed application over use of only GSLB. Integration is available with NSX Advanced Load Balancer (formerly Avi Networks) and/or AWS Route 53.

Public Service Details and Monitoring

Detailed information on public services, including performance metrics are available in the TSM console to help monitor the health and performance of public services and GSLB routing information for services' public URLs. TSM computes an overall health status based on the health of each public URL. TSM periodically makes connection attempts to each URL to evaluate its health. The overall status of a public service is considered healthy if all public URLs are healthy and considered unhealthy if at least one of the public URLs is unhealthy. The Tanzu Service Mesh Console UI contains this information on the public services details page.

Other Enhancements

  • Tanzu Service Mesh Console UI has modernized theming and made improvements to dark and light themes.
  • Enhanced contextual help in the Tanzu Service Mesh Console UI.

Fixes

  • Improvements for deleting DNS integration and the reporting of inventory.
  • The Tanzu Service Mesh Console UI no longer shows a quota of number of clusters available for potential onboarding.
  • A fix for the SLO Actions Tab that ensures the associated autoscaling policies are properly displayed.
  • Fixes for SLO charts, including improvements in refresh, time range display, and fixes for the color displayed in association with violations.
  • All cluster types support public services when mixing IPs and CNAMEs. A workaround using clusters of all the same type for Azure Kubernetes Service (AKS) and Anthos Google Kubernetes Engine (GKE) is no longer required.

Known Issues

  • Tenants with DNS integrations with large numbers of DNS records (30K+) results in the UI not loading.
  • When a user creates an autoscaling policy for a service in simulation mode in the Tanzu Service Mesh UI and then navigates to the service details page, the health status “Error” is shown for the service.

October 21, 2021 (version 1.12.14)

These release notes describe the TSM 1.12.14 release.

Fixes

  • This release contains a fix for a bug with the TSM autoscaler, and improves detection of instances.

Known Issues

  • When a user creates an autoscaling policy for a service in simulation mode in the Tanzu Service Mesh UI and then navigates to the service details page, the health status “Error” is shown for the service.
  • Azure Kubernetes Service (AKS) and Anthos Google Kubernetes Engine (GKE) clusters to not support public services, specifically when mixing IPs and CNAMEs. A workaround is using clusters of all the same type; for example, all GKE.

October 14, 2021 (version 1.12.12)

These release notes describe the TSM 1.12.12 release.

Fixes

  • This release contains a fix for a bug that resulted in an incorrect cluster list displayed in the UI.

Known Issues

  • When a user creates an autoscaling policy for a service in simulation mode in the Tanzu Service Mesh UI and then navigates to the service details page, the health status “Error” is shown for the service.
  • Azure Kubernetes Service (AKS) and Anthos Google Kubernetes Engine (GKE) clusters to not support public services, specifically when mixing IPs and CNAMEs. A workaround is using clusters of all the same type; for example, all GKE.

October 13, 2021 (version 1.12.11)

These release notes describe the TSM 1.12.11 release.

Fixes

  • This release contains fixes for bugs in the cluster deletion workflow.

Known Issues

  • When a user creates an autoscaling policy for a service in simulation mode in the Tanzu Service Mesh UI and then navigates to the service details page, the health status “Error” is shown for the service.
  • Azure Kubernetes Service (AKS) and Anthos Google Kubernetes Engine (GKE) clusters to not support public services, specifically when mixing IPs and CNAMEs. A workaround is using clusters of all the same type; for example, all GKE.

October 11, 2021 (version 1.12.8)

These release notes describe the enhancements and changes to supported platforms in the TSM 1.12.8 release.

Enhancements

  • This release contains enhanced logging to improve debugging of backend SaaS services.
  • Additionally, new supported platforms and deprecations are noted.

New Platforms Supported

Tanzu Service Mesh now supports Kubernetes clusters running on these platforms:

  • Amazon Elastic Kubernetes Service (Amazon EKS) 1.20, 1.21
  • Red Hat OpenShift 4.7.8
  • VMware Tanzu™ Kubernetes Grid™ Integrated Edition (TKGI) 1.12
  • VMware Tanzu™ Kubernetes Grid™ Service (VMware vSphere® 7.0.1.00200) 1.18.19+vmware.1

Platform Support Deprecation Notice

Tanzu Service Mesh no longer supports Kubernetes versions 1.17 and below, including these platforms:

  • Amazon Elastic Kubernetes Service (Amazon EKS) 1.16, 1.17
  • VMware Tanzu™ Kubernetes Grid™ 1.2.0 (Kubernetes 1.17.11), 1.3.0 (Kubernetes 1.17.16)
  • VMware Tanzu™ Kubernetes Grid™ Integrated Edition (TKGI) 1.4, 1.5, 1.6, 1.7
  • VMware Tanzu™ Kubernetes Grid™ Service (VMware vSphere® 7.0.0) - Kubernetes 1.16.8

Note: For details, visit the public platform support matrix.

Known Issues

  • When a user creates an autoscaling policy for a service in simulation mode in the Tanzu Service Mesh UI and then navigates to the service details page, the health status “Error” is shown for the service.
  • Azure Kubernetes Service (AKS) and Anthos Google Kubernetes Engine (GKE) clusters to not support public services, specifically when mixing IPs and CNAMEs. A workaround is using clusters of all the same type; for example, all GKE.

September 22, 2021 (version 1.12.6)

These release notes describe the enhancements in the 1.12.6 release of VMware Tanzu Service Mesh.

Enhancements

Improvements in Service Level Objectives (SLOs)

Two types of SLO are now available in Tanzu Service Mesh: monitored SLOs and actionable SLOs.

In the case of monitored SLOs, you can configure these to monitor the behavior of a service and track error budgets on a monthly basis. In the case of actionable SLOs, besides monitoring the behavior of services and tracking error budgets, you can also influence service resiliency features, like preventing service instances from being scaled down in response to a violation of the SLIs.

You can also configure an SLO to be scoped to the services in a specific global namespace (a GNS-scoped SLO).

For more information about SLOs in Tanzu Service Mesh, see Service Level Objectives with Tanzu Service Mesh technical documentation.

Enhanced Service Autoscaling

With Tanzu Service Mesh Service Autoscaler, application developers and operators can now configure an autoscaling policy for services inside a global namespace through the UI or through API. This choice between configuring autoscaling in the Tanzu Service Mesh UI or through API is available only for GNS-scoped autoscaling policies. Tanzu Service Mesh Service Autoscaler continues to provide a Kubernetes Custom Resource Definition to configure autoscaling for services in cluster namespaces. You now have the option of associating an autoscaling policy with an SLO to influence autoscaling of service instances if the SLO is violated. For more information about service autoscaling in Tanzu Service Mesh, see the Service Autoscaling with Tanzu Service Mesh User's Guide.

Fixes

  • Performance graphs could be missing for services that have an SLO applied to them. The issue affected only SLOs created before Tanzu Service Mesh version 1.11.7. Editing the SLO and re-adding the services to the SLO fixed the problem.
  • A fix for an issue where under certain circumstances, users could experience slowness while the service dependencies graph was being loaded on the “Service Dependencies” tag of the service details page. This could happen when “Last 30 days” was selected as the metric time range.

Known Issues

  • When a user creates an autoscaling policy for a service in simulation mode in the Tanzu Service Mesh UI and then navigates to the service details page, the health status “Error” is shown for the service.

August 31, 2021 (version 1.12.4)

Tanzu Service Mesh version 1.12.4 is a maintenance release that contains minor logging changes to assist in debugging the cluster onboarding process.

Known Issues

  • Performance graphs can be missing for services that have an SLO applied to them. The issue affects only SLOs created before Tanzu Service Mesh version 1.11.7. Editing the SLO and re-adding the services to the SLO fixes the problem.
  • The following APIs exposed in the API Explorer for future use are currently not supported:

    Autoscaling section of the API Explorer

    Global Namespaces Public Service section of the API Explorer

    • GET /v1alpha1/autoscaling/configs
    • PUT /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • DELETE /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies
    • PUT /v1alpha1/global-namespaces/{gnsId}/public-service/{fqdn}

August 11, 2021 (version 1.12.3)

The release of Tanzu Service Mesh 1.12.3 contains changes to the Global Controller that improve the debugging of issues.

Known Issues

  • Performance graphs can be missing for services that have an SLO applied to them. The issue affects only SLOs created before Tanzu Service Mesh version 1.11.7. Editing the SLO and re-adding the services to the SLO fixes the problem.
  • The following APIs exposed in the API Explorer for future use are currently not supported:

    Autoscaling section of the API Explorer

    Global Namespaces Public Service section of the API Explorer

    • GET /v1alpha1/autoscaling/configs
    • PUT /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • DELETE /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies
    • PUT /v1alpha1/global-namespaces/{gnsId}/public-service/{fqdn}

July 21, 2021 (version 1.11.12)

This release of TSM 1.11.12 contains stability fixes that ensure compatibility with VMware Tanzu Kubernetes Grid.

Known Issues

  • Performance graphs can be missing for services that have an SLO applied to them. The issue affects only SLOs created before Tanzu Service Mesh version 1.11.7. Editing the SLO and re-adding the services to the SLO fixes the problem.
  • The following APIs exposed in the API Explorer for future use are currently not supported:
    • GET /v1alpha1/autoscaling/configs
    • PUT /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • DELETE /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies
    • PUT /v1alpha1/global-namespaces/{gnsId}/public-service/{fqdn}

July 19, 2021 (version 1.11.9)

These release notes describe the fixes in the TSM 1.11.9 release.

Fixes

  • A fix for a bug found where a backend service became unhealthy. This fix enhances metrics performance. Metric aggregation improvements include enhancements in processing metrics data.

Known Issues

  • Performance graphs can be missing for services that have an SLO applied to them. The issue affects only SLOs created before Tanzu Service Mesh version 1.11.7. Editing the SLO and re-adding the services to the SLO fixes the problem.
  • The following APIs exposed in the API Explorer for future use are currently not supported:
    • GET /v1alpha1/autoscaling/configs
    • PUT /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • DELETE /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies
    • PUT /v1alpha1/global-namespaces/{gnsId}/public-service/{fqdn}

July 13, 2021 (version 1.11.7)

These release notes describe the new features, enhancements, and fixes in the July 13, 2020 release.

New Features

Export of API Audit Logs to Splunk

You can now send audit logs of calls to the Tanzu Service Mesh APIs to Splunk Enterprise for analysis and visualization of how users in your organization use the APIs.

API Audit Log export requires that you configure an HTTP Event Collector (HEC) input in Splunk Enterprise and provide your HEC configuration through the API.

Amazon CloudWatch and Splunk endpoints are supported for export of API logs.

For more information about export of API logs to Splunk, see the Tanzu Service Mesh product documentation.

Enhancements

Enhanced Service Topology Browsing Experience

You can now view the topology of service in a global namespace or cluster in a separate window for greater ease of use and easier in-window browsing.

You have the option of downloading the service topology information (service incoming and outgoing connections) to a comma-separated values (CSV) file to make this information accessible by users with visual impairments.

For more information about the Topology Browser window, see the Tanzu Service Mesh product documentation.

New Platforms Supported

Tanzu Service Mesh now additionally supports clusters running on these platforms:

  • Azure Kubernetes Service (AKS) v. 1.18.17
  • Anthos GKE v. 1.19.10
  • VMware Tanzu™ Kubernetes Grid™ Integrated Edition 1.11

Note: For details, visit the Tanzu Service Mesh Environment Requirements and Supported Platforms page.

Fixes

  • Services fail over to healthy endpoints when any service endpoint becomes unhealthy. If all service endpoints became unhealthy, it was possible for traffic to blackhole for a period of time. With this fix, traffic is guaranteed to be directed to at least one healthy service endpoint at all times, as long as there is a healthy service endpoint.
  • Tanzu Service Mesh now properly preserves a mapping rule within a global namespace if a cluster selected in the rule is removed, and another cluster with the same name is then onboarded. Tanzu Service Mesh also supports placeholder cluster names in mapping rules where a user enters the name of a non-existing cluster into a mapping rule and creates the cluster later.
  • Fix for an issue where Tanzu Service Mesh did not completely remove a cluster whose onboarding was canceled, which caused the onboarding of another cluster with the same name to fail.
  • When users log into the application for the first time in incognito mode, they no longer see a white application screen that flashes for a few seconds.
  • Fix for a bug where the service instances table incorrectly showed 0 ms, instead of "–", for non-existing p50 Latency, p90 Latency, and p99 Latency metrics for some of the service instances.
  • Added more space between service labels and their nodes on topology view graphs for greater visibility. Also improved styling for when nodes are dragged inside the topology view.
  • A fix for an issue where deleting a certificate, health check, or external DNS account that was in use by a public service and then recreating the same certificate, health check, or DNS account will affect the operation of the public service.
  • Several enhancements and fixes were made to the UI for improved user experience, including:
    • Improved layout of GNS and cluster cards, modal windows, charts, and hover cards
    • Minor issues with drop-down lists resolved
    • Consistently styled icons used across the UI
    • Consistent use of "Remove" and "Delete" labels across the UI ("Remove" for clusters and "Delete" for other objects)

Known Issues

  • Performance graphs can be missing for services that have an SLO applied to them. The issue affects only SLOs created before Tanzu Service Mesh version 1.11.7. Editing the SLO and re-adding the services to the SLO fixes the problem.
  • The following APIs exposed in the API Explorer for future use are currently not supported:
    • GET /v1alpha1/autoscaling/configs
    • PUT /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • DELETE /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies/{policyId}
    • GET /v1alpha1/global-namespaces/{gnsId}/autoscaling-policies
    • PUT /v1alpha1/global-namespaces/{gnsId}/public-service/{fqdn}

May 25, 2021 (version 1.10.13)

These release notes describe the new features, enhancements, and fixes in the May 25, 2020 release.

New Features

Enterprise Proxy Support

When onboarding Kubernetes clusters to Tanzu Service Mesh, you can now specify that the clusters communicate with Tanzu Service Mesh Global Controller through an enterprise HTTP/HTTPS proxy. You will need to provide the proxy configuration settings during onboarding, which include the Proxy address, user name, password, and the certificate the proxy presents to secure connections. With this release, Tanzu Service Mesh supports both transparent and explicit proxy configurations. The use of a transparent proxy does not require any special configuration in Tanzu Service Mesh. Once a proxy is configured, communications between your clusters and Tanzu Service Mesh Global controller will be routed through your enterprise HTTP/HTTPS proxy and will be encrypted using TLS.

Enhancements

Days of Metrics Data is Now Available

Tanzu Service Mesh now collects and retains metrics data for your services and nodes for up to 30 days. Additionally, Tanzu Service Mesh Console now allows you to select up to 30 days of metrics from the timeframe selector available on the service graphs, node heatmaps, and performance charts.

Enhanced Performance Charts and Cards

Performance charts have been enhanced for a better user experience and accessibility. You can now hover over data points on a chart to view the metric values and timestamp for each data point. The data shown on charts are automatically updated according to the current data refresh interval.

Metrics Per Service Version

For services, you can now view and compare metrics for individual service versions. You can show and hide the versions by clicking on the legend in the chart. This feature is useful to observe performance characteristics when rolling out a new service version (for example, canary deployment).

New Platforms Supported

Tanzu Service Mesh now supports clusters based on VMware Tanzu™ Kubernetes Grid™ 1.3 and Amazon EKS 1.19.

Note: Visit the Tanzu Service Mesh Environment Requirements and Supported Platforms page.

Fixes

  • It is now possible to expose multiple HTTPS public services that have different domain names and that reside on the same cluster on port 443.
  • A fix for the bug in the UI where users could not onboard clusters in the onboarding panel because of a backend issue with Tanzu Kubernetes Grid clusters provisioned by Tanzu Mission Control.
  • A fix for the bug where the UI froze when a user tried to access the GNS Topology tab after applying a custom topology and adding new nodes.
  • The topology thumbnail view on a global namespace card was enhanced to accommodate multiple clusters in a global namespace when a user applies a custom topology layout.
  • A fix for the bug where an endless spinning loader was shown for some of the charts when a user selected the Show All option on the Performance tab.
  • A fix for the bug where the Generate Security Token button in the Onboard Clusters panel became unavailable after a user entered a cluster ID of more than 28 characters.
  • A fix for the bug where after creating a global namespace, on the details page for the new global namespace, a user could see the topology graph for another global namespace.
  • Fixed a bug where on the Service Mapping page of the Edit Global Namespace wizard, the Next button was unavailable on a slow Internet connection.
  • Fixed a bug that caused the Sort drop-down list on the active GNS Overview tab to disappear.
  • Fixed a bug where the Edit Global Namespace wizard incorrectly selected the No Public Services option for a global namespace that has a public service configured in it.
  • Fixed a bug where the y-axis of the chart in a node card showed incorrect label values.
  • A fix for a bug where refreshing the service details page caused the performance charts to show no data although some of the services in the service group had traffic.
  • Fixed a bug where the node heatmap view for the Group by Cluster grouping sometimes showed the cluster IDs instead of cluster names.
  • Fixed overlapping nodes on the cluster topology thumbnail view on the Cluster Overview tab.
  • Fixed a bug that caused blue dots to appear on the graph line in the Services box on the top metrics bar.
  • Hovercards across Tanzu Service Mesh were modified to always show a metric graph for the last 5 minutes in the chart. This resolves the bug where the graph appeared squeezed-together in the chart if the Last 1 hour time range was selected for the cluster's service topology graph on the Service Topology tab.

Known Issues

  • Deleting a certificate, health check, or external DNS account that is in use by a public service and then recreating the same certificate, health check, or DNS account will affect the operation of the public service. If you need to delete such a certificate, health check, or external DNS account, the workaround is to also delete and re-create the referencing public service.
  • Tanzu Service Mesh does not preserve a mapping rule within a global namespace if the cluster selected in the rule is removed, and another cluster with the same name is then onboarded. This causes issues with the global namespace topology view. As a workaround, select the other cluster in the mapping rule by editing the global namespace.

March 16, 2021 (version 1.9)

These release notes describe the new features, enhancements, and fixes in the March 16, 2021 release.

New Features

Public Services

Global Namespace now includes an option to define a Public Service. A Public Service provides a foundational building block to enable various use cases, including application continuity and cloud bursting. A Public Service is a service that is within a Global Namespace and is exposed outside of the Global Namespace to allow end users or services to access the service.

You configure a public service as part of the global namespace configuration. You set the URL at which the service will be accessible and, optionally, settings for checking the health state of the service. You can expose a public service as a secure service (over HTTPS) or an unsecure service (over HTTP).

For more information about public services, see the Using Tanzu Service Mesh documentation.

Enhancements

  • Cluster Names and Cluster IDs are now displayed on the UI. Users can modify display names for their clusters.
  • If no clusters have been onboarded, the message "No clusters have been onboarded yet. Please onboard a cluster" with a link to the cluster onboarding panel is prominently displayed at the top of the Home page.
  • The onboarding of a cluster can now be canceled at any point during the onboarding process.
  • The GNS Details page now shows the mTLS status for the services in the GNS.
  • Cards on the GNS Overview and Cluster Overview tabs are now by default sorted by "Name" and "Low to High."
  • Several enhancements were made to improve the look of UI, including enhanced color and styling of notices, warnings, and alerts.

Fixes

  • If upgrades are not available for a cluster because it is using an unsupported version of Kubernetes, the Software Updates page now shows an appropriate message.
  • If a user selects the "Is Exactly" operator for a namespace exclusion when onboarding a cluster, this selection is now preserved for the namespace exclusion in the Edit Cluster dialog box.
  • The Service Details page now shows a correct SLO status (for example, "Healthy") for a service that is a member of a service group for which an SLO was created.
  • The metrics bar at the top of the Home page now shows correct data for services, service instances, nodes, and clusters.
  • Resource details pages (for example, service details pages and cluster details pages) are immediately deleted from the UI for an application or cluster that is removed.
  • An onboarded cluster that was not shown in the UI under certain conditions is correctly shown in the UI.
  • A namespace exclusion defined for a cluster in Tanzu Mission Control is now shown in the Edit Cluster dialog box in Tanzu Service Mesh.
  • A fix for a bug where the Cluster Name field in the Edit Cluster dialog box was empty under certain conditions.
  • The Nodes drop-down list on the Node Heatmap tab of the Home page no longer displays "Node Groups" and correctly displays the names of individual nodes.
  • A health status of "Unknown" no longer appears at the top the Service Details page for a service that doesn't have any SLOs created for it.
  • The Software Updates page correctly displays cluster rows after a cluster is deleted and then re-attached to Tanzu Service Mesh.
  • A user no longer receives an error after clicking the Tanzu Mission Control link on the cluster details page.
  • When a user enters the name of a non-existing cluster on the Mapping Rules page of the Global Namespace Wizard, a message "Add new cluster" is shown instead of "No items found."
  • When a user changes the target time percentage for an SLO for a service group, the performance graph on the service details page for a service group member is correctly updated with the new target percentage.
  • Fix for a bug where a global namespace card showed an incorrect number of services and service instances for a global namespace that had all the services and service instances deleted from it.
  • Cluster cards on the Cluster Overview tab and global namespace cards on the GNS Overview tab, which represent global namespaces created using exactly the same clusters, now consistently show the same counts of services and service instances.
  • After a cluster with no services is onboarded, the Onboard New Cluster button no longer appears on the Services Cards and Infrastructure Cards tabs of the Performance page.
  • If any changes occur in the status of the autoscaling configuration, the status is now updated in the response from the API.
  • Fix for a bug that caused the Service Topology tab for a cluster and the cluster details page to show different counts of services.
  • Fix a for a bug where the Service Instances field on the service version details page appeared empty under certain conditions.
  • The metrics bar on the Home page shows the counts of service instances, nodes, and clusters that are consistent with the corresponding counts on the cluster cards.
  • Fix for a bug where the Infrastructure table on the service group details page showed incorrect information about nodes for a service group.
  • Fix for a bug where, under certain conditions, metrics were not shown in the cluster topology graph on the cluster details page.
  • Fix for a bug that caused all clusters to disappear from the UI under certain conditions.
  • The application no longer occasionally hangs after a new service is added to a cluster and a user applies a custom layout to the topology view of service versions on the cluster details page.
  • Fix for a bug where under certain conditions the SLO violation chart showed violations of the SLO whereas the corresponding SLI chart didn't show the same violations.

Known Issues

  • Deleting a certificate, health check, or external DNS account that is in use by a public service and then recreating the same certificate, health check, or DNS account will affect the operation of the public service. If you need to delete such a certificate, health check, or external DNS account, the workaround is to delete and re-create the referencing public service.

    Notes

    • If you try to delete a certificate, health check, or external DNS account that is in use by a public service, the deletion dialog box displays a warning and lists the affected public services.
    • The issue does not affect certificates, health checks, or external DNS accounts that are not used in public services.
  • Currently, it is not possible to configure different domains on port 443 for two or more HTTPS public services that reside on the same cluster. The workaround is to use a wildcard (*) for the subdomain and make sure that the top-level domains of the URLs match OR ensure that only one domain is exposed per cluster. For example, for two public services shopping.acme.com and cart.acme.com on the same cluster, you can specify this URL: *.acme.com. The wildcard will match both subdomains.

Environment Requirements and Supported Platforms

check-circle-line exclamation-circle-line close-line
Scroll to top icon