Release Notes 0.7.0
These release notes provide general information and describe known issues for NGINX Service Mesh version 0.7.0, in the following categories:
NGINX Service Mesh 0.7.0 includes the following updates:
- 
Bug fixes and improvements. 
- 
Changes the behavior of nginx-meshctl deploycommand. The--registry-serverargument will now be used for image domain and path-components in conjunction with the--image-tagcommand. If not provided, PodSpecs are configured for local images.
- 
CircuitBreaker and RateLimit CRDs are moved to the smi.specs.nginx.comAPI group.
This release includes fixes for the following issues. You can search by the issue ID to locate the details for an issue.
- 
NGINX Service Mesh may drop metrics (12282) 
- 
Kubernetes Liveness and Readiness HTTP Requests fail when mtls-mode is strict (17038) 
- 
HTTPRouteGroups are not validated for proper input (17153) 
- 
Traffic sent to backend service if root service and destination backend services don’t match (17156) 
- 
Improper destination and source namespace defaults for TrafficTarget (17234) 
- 
Removing Mesh could delete clusterrole/binding for custom Prometheus (17302) 
- 
TrafficSplits cannot route traffic based on the value of the host header (17304) 
- 
nginx-meshctl erroneously shows out of namespace resources (17381) 
The following issues are known to be present in this release. Look for updates to these issues in future NGINX Service Mesh release notes.
NGINX Service Mesh remove command may fail (17160):
In some cases, the NGINX Service Mesh remove command may fail for unexpected reasons due to environmental, network, or timeout errors. If the remove command fails continually, manual intervention may be necessary.
If deploying NGINX Service Mesh failed or you pressed ctrl-C during deployment, make sure to first remove the service mesh using theremovecommand before attempting the below steps
Workaround:
When troubleshooting, first verify that the command is run correctly with the correct arguments and that the target namespace exists.
If you are running the command correctly and the target namespace exists and is not empty – that is to say, the NGINX Service Mesh Deployments, Pods, Services, and so on, have been deployed – you may need to remove the NGINX Service Mesh namespace and start over:
To remove the NGINX Service Mesh namespace and start over:
- 
Run the following command to delete the NGINX Service Mesh namespace: kubectl delete namespace <namespace>Note: This command should appear to stall. You can run kubectl get namespacesin a separate terminal to view the status, which should display as “Terminating.”
- 
In a separate terminal, list and patch all Spiffeid resources (use following script): bashfor ns in $(kubectl get ns | awk '{print $1}' | tail -n +2) do if [ $(kubectl get spiffeids -n $ns 2>/dev/null | wc -l) -ne 0 ] then kubectl patch spiffeid $(kubectl get spiffeids -n $ns | awk '{print $1}' | tail -n +2) --type='merge' -p '{"metadata":{"finalizers":null}}' -n $ns fi doneAfter step 2 completes, the command from step 1 should also complete, and the namespace should be removed. 
- 
Run nginx-meshctl deployand allow the operation to finish.
Warning messages may print while deploying the NGINX Service Mesh on EKS (17390):
The warning message “Unable to cancel request for *exec.roundTripper” may print when deploying NGINX Service Mesh on EKS. This warning message does not prevent the mesh from deploying successfully.
Deployment may fail if NGINX Service Mesh is already installed (19351):
If NGINX Service Mesh is installed in a namespace other than the default (nginx-mesh) and the deploy command is run without specifying the different namespace, the deployment may fail to clean up all of the NGINX Service Mesh resources.
Workaround:
Always provide the -n <namespace> or --namespace <namespace> flag with every CLI command. Additionally, we recommend that you remove NGINX Service Mesh using the nginx-meshctl remove command before running deploy.
Cannot disable Prometheus scraping of the NGINX Ingress Controller (19375):
The Prometheus server deployed by NGINX Service Mesh scrapes metrics from all containers with the name nginx-plus-ingress. Omitting the prometheus.io/scrape annotation or explicitly setting the annotation to false does not change this behavior.
Workaround:
If you do not want Prometheus to scrape metrics from your NGINX Ingress Controller pods, you can change the container name to something other than nginx-plus-ingress.
SMI Specification:
- Traffic Access: v1alpha2
- Traffic Metrics: v1alpha1 (in progress, supported resources: StatefulSets, Namespaces, Deployments, Pods, DaemonSets)
- Traffic Specs: v1alpha3
- Traffic Split: v1alpha3
NGINX Service Mesh SMI Extensions:
- Traffic Specs: v1alpha1