What’s New in KubeVela 1.4? Secure Multi‑Cluster Delivery, Visual Topology, and VelaD

Release Overview

KubeVela is a modern software‑delivery control plane designed for hybrid multi‑cloud environments. Since version 1.1 it has leveraged the OAM model to provide extensibility, gaining wide adoption and accelerating its release cadence.

Version 1.2–1.3 Highlights

Version 1.2 added an out‑of‑the‑box visual console for publishing and managing workloads. Version 1.3 introduced a richer plugin ecosystem (LDAP, ArgoCD, Istio, Flink, MySQL, etc.) and a marketplace with over 30 plugins.

Core Feature in 1.4 – Secure, Simple, Transparent Delivery

The 1.4 release focuses on three pillars: making application delivery more secure, easier to adopt, and more transparent.

Authentication & Authorization

To address common security gaps in CI/CD pipelines, KubeVela 1.4 adds fine‑grained authentication and authorization that natively integrates with Kubernetes RBAC and supports multi‑cluster environments.

Admins can define custom API‑permission sets and bind them to users, limiting access to the minimum required.

The platform can grant predefined roles such as namespace‑level read‑only or cluster‑specific permissions, reducing learning overhead.

All UI‑driven actions are validated against both the platform’s RBAC module and the underlying Kubernetes RBAC, ensuring end‑to‑end security.

The authorization flow proceeds through three stages:

The KubeVela webhook intercepts the request, attaches the user’s ServiceAccount to the Application object.

The KubeVela controller executes the deployment plan using Kubernetes impersonation to act as the specific user.

The ClusterGateway module propagates the derived permissions to target clusters, where the API server enforces them.

This guarantees that each user’s permissions are strictly confined and that KubeVela itself runs with the least privilege.

Resource Topology & Transparency

KubeVela 1.4 adds a resource‑topology graph that visualizes the entire delivery chain from the application level down to individual Pods, including Helm‑generated resources. The graph highlights unhealthy nodes in yellow or red and shows concrete failure reasons, enabling rapid troubleshooting across multiple clusters.

VelaD – Lightweight Development Plane

VelaD (Daemon + Developer) is a single‑binary runtime that runs KubeVela locally without requiring an existing Kubernetes cluster. It provides a consistent developer experience that mirrors production, supports offline installation, and initializes in under three minutes.

Installation and a quick‑start demo are documented in the official velad repository.

Additional Enhancements

Application status now supports ignore‑rules for specific fields, improving coordination with HPA, Istio, etc.

Resource reclamation can be configured per resource type, component name, or feature type.

Workflows support sub‑steps, parallel execution, pause‑until‑time, and conditional if: always rules.

Observability features such as log, metric, and tracing integration are being expanded.

Plugin Ecosystem

The plugin catalog has grown to include OCI‑enabled FluxCD, cert‑manager, flink‑kubernetes‑operator, kruise‑rollout, pyroscope, traefik, vegeta, ArgoCD, Dapr, Istio, and MySQL‑operator, among others.

Future Roadmap

Upcoming releases will focus on three dimensions: deep observability (logs, metrics, tracing), richer workflow capabilities (custom timeouts, context‑aware branching), and comprehensive application & plugin management (import/export, marketplace integration).

Community & Resources

KubeVela is a CNCF top‑level project with over 300 contributors and 4,000 community members. Key resources include the GitHub repository github.com/oam-dev/kubevela, the plugin catalog github.com/kubevela/catalog, documentation site kubevela.io, and various chat channels (Slack, DingTalk, WeChat).