Skip to main content
logoTetrate Service BridgeVersion: 1.12.x

Release Notes

Version 1.12.1

  • Added support for multiple hosts in the n2ac component for external Postgres datastore.
  • Credentials provided for the data store username and password will now be automatically URL-encoded and stored in the postgres-credentials secret within the Management Plane namespace. This change helps ensure compatibility with database drivers that require URL-encoded credentials (especially when using non-standard characters). If you are already supplying URL-encoded credentials, you must do one of the following to avoid double-encoding:
    1. Update the secret to remove URL encoding, or
    2. Set passwordEncoding to URL in the ManagementPlane CR, as shown below:
    spec:
      dataStore:
        passwordEncoding: URL
    No additional action is required if your credentials are not already URL-encoded.

Version 1.12.0

  • Added the K8S_CACHE_SYNC_TIMEOUT environment variable to the TSB operators to configure the amount to wait for the Kubernetes cache synchronization when the operator pods start. The default value is 2 minutes, but in large environments with lots of configuration objects this may need to be increased.
  • The rate limit filters were not installed on the listeners on port 15443, used for multi-cluster traffic. Starting in 1.12, rate limits will also be enforced for traffic going through that port. This could be a breaking change for some applications, and can be turned off by applying the following overlay in the ControlPlane resource in the application clusters 
    spec:
      components:
        xcp:
          kubeSpec:
            overlays:
            - apiVersion: install.xcp.tetrate.io/v1alpha1
              kind: EdgeXcp
              name: edge-xcp
              patches:
              - path: spec.components.edgeServer.kubeSpec.deployment.env[-1]
                value:
                  name: DISABLE_RATE_LIMIT_PORT_15443
                  value: "true"
  • The built-in roles have been updated to include permissions to manage configuration profiles.
  • Segmentation Membership objects now accept the FQN of Cluster objects in the fqnSelector field to create cluster-based policies.
  • Traffic settings in configuration profiles are now enforced exclusively through the new inbound and outbound fields, available in both the defaults and mandates sections of a profile.

Upgrade notes

OAP Upgrade

OAP adds more attributes to metrics for querying and analysis. When upgrading, OAP can assure the compatibility between management plane and control plane. But within a cluster, OAP instances route and aggregate metrics from each other. So rolling an update in a cluster can cause replicas to temporarily stop aggregating metrics while they are running lower version and master version at the same time. This could output some predictable errors in the logs, like:

2025-02-20 10:18:21,922 - org.apache.skywalking.oap.server.core.remote.RemoteServiceHandler -44362 [grpc-default-executor-1] ERROR [] - Index 2 out of bounds for length 2

The OAP instances will recover aggregating metrics and stop printing the above logs when the upgrade is completed. Although this case is normal and predictable, if you want to avoid this, you can upgrade OAP by the following steps:

  1. Before upgrading, scale down the OAP replicas to 0.
  2. Recover OAP replicas after the deployment is upgraded.