This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Release Announcement

Envoy Gateway Release Announcement

This document provides details for Envoy Gateway releases. Envoy Gateway follows the Semantic Versioning v2.0.0 spec for release versioning. Since Envoy Gateway is a new project, minor releases are the only defined releases. Envoy Gateway maintainers will establish additional release details, e.g. patch releases, at a future date.

Stable Releases

Stable releases of Envoy Gateway include:

  • Minor Releases- A new release branch and corresponding tag are created from the main branch. A minor release is supported for 6 months following the release date. As the project matures, Envoy Gateway maintainers will reassess the support timeframe.

Minor releases happen quarterly and follow the schedule below.

Release Management

Minor releases are handled by a designated Envoy Gateway maintainer. This maintainer is considered the Release Manager for the release. The details for creating a release are outlined in the release guide. The Release Manager is responsible for coordinating the overall release. This includes identifying issues to be fixed in the release, communications with the Envoy Gateway community, and the mechanics of the release.

QuarterRelease Manager
2022 Q4Daneyon Hansen (danehans)
2023 Q1Xunzhuo Liu (Xunzhuo)
2023 Q2Alice Wasko (AliceProxy)
2023 Q3Arko Dasgupta (arkodg)
2023 Q4Arko Dasgupta (arkodg)
2024 Q1Xunzhuo Liu (Xunzhuo)

Release Schedule

In order to align with the Envoy Proxy release schedule, Envoy Gateway releases are produced on a fixed schedule (the 22nd day of each quarter), with an acceptable delay of up to 2 weeks, and a hard deadline of 3 weeks.

VersionExpectedActualDifferenceEnd of Life
0.2.02022/10/222022/10/20-2 days2023/4/20
0.3.02023/01/222023/02/09+17 days2023/08/09
0.4.02023/04/222023/04/24+2 days2023/10/24
0.5.02023/07/222023/08/02+10 days2024/01/02
0.6.02023/10/222023/11/02+10 days2024/05/02

1 - Announcing Envoy Gateway v1.0

Envoy Gateway v1.0 release announcement.

We are thrilled to announce the arrival of Envoy Gateway v1.0.0, marking the official General Availability (GA) milestone for the project!

This release represents a significant achievement, and we extend our heartfelt gratitude to the entire Envoy Gateway community for their contributions, dedication, and support. Your collaborative efforts have been instrumental in reaching this pivotal release.

Thank you for being an integral part of this journey. We are excited to see how Envoy Gateway v1.0.0 will empower your operations and look forward to continuing our work together to drive the future of Cloud Native API Gateway.

Release NotesDocsCompatibility MatrixDownload

What’s New

The release adds a ton of features and functionality. Here are some highlights:

Documentation

  • Added User Guide for Local Ratelimit
  • Added User Guide for Circuit Breaker
  • Added User Guide for fault injection
  • Added User Guide for EnvoyProxy extraArgs
  • Added User Guide for Timeouts in ClientTrafficPolicy
  • Added User Guide for JWT claim base routing
  • Added User Guide for HTTP Timeout
  • Added User Guide for Retry in BackendTrafficPolicy
  • Added User Guide for Basic Auth
  • Added User Guide for OIDC
  • Added User Guide for ClientTrafficPolicy
  • Added User Guide for BackendTrafficPolicy
  • Added User Guide for Basic Auth using HTTPS
  • Added User Guide for External Authorization
  • Added User Guide for Routing Outside Kubernetes
  • Added User Guide for BackendTLSPolicy
  • Added User Guide for Mutual TLS from External Clients to the Gateway
  • Added User Guide for Control Plane Authentication using custom certs
  • Added User Guide for Multiple Gatewayclass and Merge Gateways Deployment Mode
  • Added Type and required for CRD API doc
  • Refactored Structure of User Guide docs
  • Refactored Move Design docs under “Get Involved”
  • Updated crd-ref-docs to 0.0.10
  • Updated Envoy proxy image to envoy:distroless-dev in main

Installation

  • Added Support for Pulling envoyGateway image from a private registry
  • Added Support for Configuring resources for certgen job
  • Added Support for Configuring affinity for EnvoyGateway pod

API

  • Added Support for Downstream QUIC/HTTP3 in ClientTrafficPolicy CRD
  • Added Support for Downstream MTLS in ClientTrafficPolicy CRD
  • Added Support for Enabling EnvoyHeaders in ClientTrafficPolicy CRD
  • Added Support for DisableMergeSlash and escapedSlashesAction in ClientTrafficPolicy CRD
  • Added Support for EnableTrailers in HTTP/1.1 in ClientTrafficPolicy CRD
  • Added Support for Preserving header letter-case on HTTP/1 in ClientTrafficPolicy CRD
  • Added Support for Enabling HTTP/1.0 and HTTP/0.9 in ClientTrafficPolicy CRD
  • Added Support for Client IP Detection using XFF in ClientTrafficPolicy CRD
  • Added Support for Client IP Detection using Custom Header in ClientTrafficPolicy CRD
  • Added Support for Connection Timeouts in ClientTrafficPolicy CRD
  • Added Support for Common TLS configuration properties in ClientTrafficPolicy CRD
  • Added Support for Proxy protocol in ClientTrafficPolicy CRD
  • Added Support for TCPKeepAlive in ClientTrafficPolicy CRD
  • Added Support for Local rate limit in BackendTrafficPolicy CRD
  • Added Support for CircuitBreaker in BackendTrafficPolicy CRD
  • Added Support for Fault injection in BackendTrafficPolicy CRD
  • Added Support for Passive Health Checks in BackendTrafficPolicy CRD
  • Added Support for Active Health Checks in BackendTrafficPolicy CRD
  • Added Support for Connection Timeouts in BackendTrafficPolicy CRD
  • Added Support for Compressor/Decompressor in BackendTrafficPolicy CRD
  • Added Support for Retry in BackendTrafficPolicy CRD
  • Added Support for Slow start mode in BackendTrafficPolicy CRD
  • Added Support for Proxy protocol in BackendTrafficPolicy CRD
  • Added Support for TCPKeepAlive in BackendTrafficPolicy CRD
  • Added Support for PolicyStatus in BackendTrafficPolicy CRD
  • Added Support for PolicyStatus in ClientTrafficPolicy CRD
  • Added Support for PolicyStatus in SecurityPolicy CRD
  • Added Support for OIDC in SecurityPolicy CRD
  • Added Support for Basic Auth in SecurityPolicy CRD
  • Added Support for RedirectURL and signoutPath to OIDC in SecurityPolicy CRD
  • Added Support for ExtractFrom headers and params to JWT in SecurityPolicy CRD
  • Added Support for External Authorization in SecurityPolicy CRD
  • Added Support for RecomputeRoute field to JWT in SecurityPolicy CRD
  • Added Support for AllowCredentials knob to CORS setting in SecurityPolicy CRD
  • Added Support for Extract from different identifier to JWT in SecurityPolicy CRD
  • Added Support for Secret resource in EnvoyPatchPolicy CRD
  • Added Support for Making the value optional for JSONPatchOperation in EnvoyPatchPolicy CRD
  • Added Support for From field to JSONPatchOperation in EnvoyPatchPolicy CRD
  • Added Support for MergeGateways in EnvoyPatchPolicy CRD
  • Added Support for Upstream TLS by implementing BackendTLSPolicy CRD
  • Added Support for LabelSelector type for NamespaceSelectors in EnvoyGateway Configuration
  • Added Support for Ratelimit prometheus in EnvoyGateway Configuration
  • Added Support for Gracefully drain listeners before envoy shutdown on pod termination in EnvoyProxy CRD
  • Added Support for Configuring externalTrafficPolicy to the envoy service in EnvoyProxy CRD
  • Added Support for Envoy extra args in EnvoyProxy CRD
  • Added Support for Mergepatch to envoyproxy/ratelimit deployment in EnvoyProxy CRD
  • Added Support for Mergepatch to envoyproxy service in EnvoyProxy CRD
  • Added Support for NodeSelector to PodSpec in EnvoyProxy CRD
  • Added Support for HorizontalPodAutoscaler in EnvoyProxy CRD
  • Added Support for TopologySpreadConstraints to PodSpec in EnvoyProxy CRD
  • Added Support for ImagePullSecrets to PodSpec in EnvoyProxy CRD

Breaking Changes

  • Use wildcard to match AllowOrigins to CORS in SecurityPolicy CRD
  • Remove Hostnetwork support in EnvoyProxy CRD

Conformance

  • Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic

Testing

  • Added e2e test for Header Case-Preserving
  • Added e2e test for Timeout in ClientTrafficPolicy
  • Added e2e test for JWT claim base routing
  • Added e2e test for OIDC
  • Added e2e test for BackendTrafficPolicy Retry
  • Added e2e test for Backend Upgrade
  • Added e2e test for External Authorization
  • Added e2e test for Backend TLS policy
  • Added e2e test for Envoy Gateway Release Upgrade
  • Added e2e test for Weighted backend
  • Added validation for LoadBalancerIP to prevent trailing period

Translator

  • Fixed Prefix match to prevent mismatching routes with the same prefix
  • Fixed Multiple reconciling by implementing comparable interface for ir.Infra
  • Fixed EndpointSlice with empty conditions {}
  • Fixed Error handling when parsing the http request timeout
  • Fixed No status when EnvoyPatchPolicy is disabled
  • Fixed Printable for xds and infra IRs
  • Fixed Skip backendRefs with weight set to 0
  • Fixed AND Header matches in ratelimiting not working
  • Fixed Deletion logics when no gatewayclasses exist
  • Fixed Match mergedGateways irKey for ClientTrafficPolicy
  • Fixed Policies should apply only to gateways they were attached to when mergeGateways is true
  • Fixed Listener status is not surfaced for gateways when MergeGateways enabled
  • Fixed GRPCroute websocket not working by moving web socket upgrade config from hcm to route
  • Fixed Configure idle timeout when timeout is set on HTTPRoute
  • Fixed Relaxing HTTPS restriction for OIDC token endpoint
  • Fixed Panic when translating routes with empty backends
  • Fixed Xds translation should be done in a best-effort manner
  • Fixed Delete unused status keys from watchable
  • Fixed Ignoring finalizers when comparing envoy proxy service
  • Fixed Don’t override the ALPN array if HTTP/3 is enabled
  • Fixed Add h3 ALPN by default if HTTP/3 is enabled
  • Fixed Change the Merge behavior to Replace for SecurityPolicy/BackendTrafficPolicy
  • Fixed Use service port in alt-svc header if HTTP/3 is enabled
  • Fixed Prevent policies targeting non-TLS listeners on the same port from conflicting
  • Fixed Skip the ReasonTargetNotFound for all policies
  • Fixed Skip publishing empty status for all policies
  • Added Support for validating regex before sending to Envoy
  • Added Support for setting spec.addresses.value into ClusterIP when Service Type is ClusterIP
  • Added Unsupported status condition for filters within BackendRef
  • Added List instead of map for Provider Resources for order stability
  • Added Suffix for oauth cookies to prevent multiple oauth filters from overwriting each other’s cookies
  • Added Support for overriding condition to BackendTrafficPolicy and SecurityPolicy
  • Added Support for default retry budget and retry host predicate
  • Added Support for implementing gateway.spec.infrastructure
  • Added Support for Upstream TLS to multiple Backends
  • Added Validation for CA Cert in ClientTrafficPolicy

Providers

  • Added Support for multiple GatewayClass per controller
  • Added SecurityPolicyIndexers in Kubernetes Provider
  • Added Support for generating HMAC secret in CertGen Job
  • Fixed Finalizer logic when deleting Gatewayclasses
  • Fixed MergeGateways panics when restarting control plane

XDS

  • Added Support for EDS cache
  • Added Support for ADS cache to ensure the rule order
  • Fixed Deprecated field error when using RequestHeaderModifier filter
  • Fixed Envoy rejects XDS at runtime losing all routes on restart
  • Fixed Requests not matching defined routes trigger per-route filters
  • Bumped go-control-plane to v0.12.0

CLI

  • Added Support for egctl x status
  • Added Support for egctl experimental dashboard envoy-proxy
  • Added Support for egctl config ratelimit
  • Added Support for egctl translate from gateway-api resources to IR

2 - Announcing Envoy Gateway v0.6

Envoy Gateway v0.6 release announcement.

We are pleased to announce the release of Envoy Gateway v0.6!

This is the fifth functional release of Envoy Gateway. We would like to thank the entire Envoy Gateway community for helping publish the release.

Release NotesDocsCompatibility MatrixDownload

What’s New

The release adds a ton of features and functionality. Here are some highlights:

Gateway API

  • Upgraded to Gateway API v1.0
  • Added support for HTTPRoute Timeouts

Add Control Plane Proxy Telemetry

  • Added Support for Metrics Telemetry

Add Support for directly configuring xDS

  • Added Support for the EnvoyPatchPolicy API

ClientTrafficPolicy

  • Added Support for configuring Downstream Keep Alives

BackendTrafficPolicy

  • Added Support for configuring Rate limiting
  • Added Support for configuring load balancing

SecurityPolicy

  • Added Support for configuring JWT
  • Added Support for configuring CORS

API Updates

  • Added support for selectively watching resources based on Namespace Selector
  • Added EnvoyGateway Metrics with Prometheus and OpenTelemetry support
  • Added Support for InitContainers in EnvoyProxy CRD
  • Added Support for LoadBalancerIP in EnvoyProxy CRD
  • Added Support for AllocateLoadBalancerNodePorts in EnvoyProxy CRD
  • Added Support for LoadBalancerClass in EnvoyProxy CRD
  • Added Support for selecting EnvoyProxy stats to be generated
  • Added Support for enabling EnvoyProxy Virtual Host metrics
  • Added Support for Merging Gateway resources onto the same infrastructure

CLI

  • Added egctl stats command

Kubernetes Provider

  • Improved reconiliation by using the same enqueue request for all resources
  • Added support for reconciling ServiceImport CRD

Breaking changes

  • Removed RateLimitFilter, and replaced it with BackendTrafficPolicy
  • Removed AuthenticationFilter, and replaced it with SecurityPolicy
  • Moved the EnvoyProxy CRD from config.gateway.envoyproxy.io to gateway.envoyproxy.io
  • Converted the bootstrap field within EnvoyProxy into a struct to support merge operations.

3 - Announcing Envoy Gateway v0.5

Envoy Gateway v0.5 release announcement.

We are pleased to announce the release of Envoy Gateway v0.5!

This is the fourth functional release of Envoy Gateway. We would like to thank the entire Envoy Gateway community for helping publish the release.

Release NotesDocsCompatibility MatrixDownload

What’s New

The release adds a ton of features and functionality. Here are some highlights:

Upgrade Gateway API Dependency

  • Upgraded to Gateway API v0.7.1

Add Data Plane Proxy Telemetry

  • Added Support for Access Logging, Tracing and Metrics Telemetry

Add Support for directly configuring xDS

  • Added Support for the EnvoyPatchPolicy API

Ratelimiting

  • Added Support for Distinct Ratelimiting Based On IP Addresses
  • Added Support for JWT Claim based Ratelimiting
  • Switched to Xds SOTW Server for RateLimit Service Configuration

API Updates

  • Added Support for configuring EnvoyProxy Pod Labels
  • Added Support for configuring EnvoyProxy Deployment Strategy Settings, Volumes and Volume Mounts
  • Added Support for configuring EnvoyProxy as a NodePort Type Service
  • Added Admin Server for Envoy Gateway
  • Added Pprof Debug Support for Envoy Gateway
  • Added Support to Watch for Resources in Select Namespaces

Envoy Proxy

  • Added Best Practices Default Edge Settings to Xds Resources

4 - Announcing Envoy Gateway v0.4

Envoy Gateway v0.4 release announcement.

We are pleased to announce the release of Envoy Gateway v0.4!

This is the third functional release of Envoy Gateway. We would like to thank the entire Envoy Gateway community for helping publish the release.

Release NotesDocsCompatibility MatrixDownload

What’s New

The release adds a ton of features and functionality. Here are some highlights:

Upgrade Gateway API Dependency

  • Upgraded to Gateway API v0.6.2

Add Helm Support

  • Installation of Envoy Gateway can now be done through helm

Add egctl CLI Tool

  • Added egctl Support for Dry Runs of Gateway API Config
  • Added egctl Support for Dumping Envoy Proxy xDS Resources

Add Support for extending Envoy Gateway

  • Added Initial Framework for Building an Extension on top of Envoy Gateway

Ratelimiting

  • Added Support for Ratelimiting Based On IP Subnet

API Updates

  • Added Support for Custom Envoy Proxy Bootstrap Config
  • Added Support for Configuring the Envoy Proxy Image and Service
  • Added Support for Configuring Annotations, Resources, and Securitycontext Settings on Ratelimit Infra and Envoy Proxy
  • Added Support for Using Multiple Certificates on a Single Fully Qualified Domain Name
  • Envoy Proxy Pod and Container SecurityContext is now Configurable
  • Added Support for Service Method Match in GRPCRoute
  • Added EDS Support

5 - Announcing Envoy Gateway v0.3

Envoy Gateway v0.3 release announcement.

We are pleased to announce the release of Envoy Gateway v0.3!

This is the second functional release of Envoy Gateway. We would like to thank the entire Envoy Gateway community for helping publish the release.

Release NotesDocsCompatibility MatrixDownload

What’s New

The release adds a ton of features and functionality. Here are some highlights:

Add Support for extended Gateway API fields

  • Added Support for HTTPRoute URLRewrite Filter
  • Added Support for HTTPRoute RequestMirror Filter
  • Added Support for HTTPRoute ResponseHeaderModifier Filter

Add Support for experimental Gateway APIs

  • Added Support for the TCPRoute API
  • Added Support for the UDPRoute API
  • Added Support for the GRPCRoute API

Add Support for Rate Limiting

  • Added Support for Global Rate Limiting

Add Support for Authentication

  • Added Support for Request Authentication

6 - Announcing Envoy Gateway v0.2

Envoy Gateway v0.2 release announcement.

We are pleased to announce the release of Envoy Gateway v0.2!

This is the first functional release of Envoy Gateway. We would like to thank the entire Envoy Gateway community for helping publish the release.

Release NotesDocsCompatibility MatrixDownload

What’s New

The release adds a ton of features and functionality. Here are some highlights:

Kubernetes Support

Run Envoy Gateway in a Kubernetes cluster. Checkout the quickstart guide to get started with Envoy Gateway in a few simple steps.

Gateway API Support

Envoy Gateway supports Gateway API resources for running and configuring a managed fleet of Envoy proxies. Envoy Gateway passes Gateway API core conformance tests and supports GatewayClass, Gateway, HTTPRoute, and TLSRoute resources. See the documentation for additional details on how to use Envoy Gateway for your edge proxy and API gateway needs.

Envoy Gateway at EnvoyCon NA

Envoy Gateway will be at EnvoyCon NA this October in Detroit. Don’t miss our talk to learn more about the release and future direction of the project.