Announcing Envoy Gateway v1.0

Envoy Gateway v1.0 release announcement.

  7 minute read  

We are thrilled to announce the arrival of Envoy Gateway v1.0.0, marking the official General Availability (GA) milestone for the project!

This release represents a significant achievement, and we extend our heartfelt gratitude to the entire Envoy Gateway community for their contributions, dedication, and support. Your collaborative efforts have been instrumental in reaching this pivotal release.

Thank you for being an integral part of this journey. We are excited to see how Envoy Gateway v1.0.0 will empower your operations and look forward to continuing our work together to drive the future of Cloud Native API Gateway.

Release NotesDocsCompatibility MatrixDownload

What’s New

The release adds a ton of features and functionality. Here are some highlights:

Documentation

  • Added User Guide for Local Ratelimit
  • Added User Guide for Circuit Breaker
  • Added User Guide for fault injection
  • Added User Guide for EnvoyProxy extraArgs
  • Added User Guide for Timeouts in ClientTrafficPolicy
  • Added User Guide for JWT claim base routing
  • Added User Guide for HTTP Timeout
  • Added User Guide for Retry in BackendTrafficPolicy
  • Added User Guide for Basic Auth
  • Added User Guide for OIDC
  • Added User Guide for ClientTrafficPolicy
  • Added User Guide for BackendTrafficPolicy
  • Added User Guide for Basic Auth using HTTPS
  • Added User Guide for External Authorization
  • Added User Guide for Routing Outside Kubernetes
  • Added User Guide for BackendTLSPolicy
  • Added User Guide for Mutual TLS from External Clients to the Gateway
  • Added User Guide for Control Plane Authentication using custom certs
  • Added User Guide for Multiple Gatewayclass and Merge Gateways Deployment Mode
  • Added Type and required for CRD API doc
  • Refactored Structure of User Guide docs
  • Refactored Move Design docs under “Get Involved”
  • Updated crd-ref-docs to 0.0.10
  • Updated Envoy proxy image to envoy:distroless-dev in main

Installation

  • Added Support for Pulling envoyGateway image from a private registry
  • Added Support for Configuring resources for certgen job
  • Added Support for Configuring affinity for EnvoyGateway pod

API

  • Added Support for Downstream QUIC/HTTP3 in ClientTrafficPolicy CRD
  • Added Support for Downstream MTLS in ClientTrafficPolicy CRD
  • Added Support for Enabling EnvoyHeaders in ClientTrafficPolicy CRD
  • Added Support for DisableMergeSlash and escapedSlashesAction in ClientTrafficPolicy CRD
  • Added Support for EnableTrailers in HTTP/1.1 in ClientTrafficPolicy CRD
  • Added Support for Preserving header letter-case on HTTP/1 in ClientTrafficPolicy CRD
  • Added Support for Enabling HTTP/1.0 and HTTP/0.9 in ClientTrafficPolicy CRD
  • Added Support for Client IP Detection using XFF in ClientTrafficPolicy CRD
  • Added Support for Client IP Detection using Custom Header in ClientTrafficPolicy CRD
  • Added Support for Connection Timeouts in ClientTrafficPolicy CRD
  • Added Support for Common TLS configuration properties in ClientTrafficPolicy CRD
  • Added Support for Proxy protocol in ClientTrafficPolicy CRD
  • Added Support for TCPKeepAlive in ClientTrafficPolicy CRD
  • Added Support for Local rate limit in BackendTrafficPolicy CRD
  • Added Support for CircuitBreaker in BackendTrafficPolicy CRD
  • Added Support for Fault injection in BackendTrafficPolicy CRD
  • Added Support for Passive Health Checks in BackendTrafficPolicy CRD
  • Added Support for Active Health Checks in BackendTrafficPolicy CRD
  • Added Support for Connection Timeouts in BackendTrafficPolicy CRD
  • Added Support for Compressor/Decompressor in BackendTrafficPolicy CRD
  • Added Support for Retry in BackendTrafficPolicy CRD
  • Added Support for Slow start mode in BackendTrafficPolicy CRD
  • Added Support for Proxy protocol in BackendTrafficPolicy CRD
  • Added Support for TCPKeepAlive in BackendTrafficPolicy CRD
  • Added Support for PolicyStatus in BackendTrafficPolicy CRD
  • Added Support for PolicyStatus in ClientTrafficPolicy CRD
  • Added Support for PolicyStatus in SecurityPolicy CRD
  • Added Support for OIDC in SecurityPolicy CRD
  • Added Support for Basic Auth in SecurityPolicy CRD
  • Added Support for RedirectURL and signoutPath to OIDC in SecurityPolicy CRD
  • Added Support for ExtractFrom headers and params to JWT in SecurityPolicy CRD
  • Added Support for External Authorization in SecurityPolicy CRD
  • Added Support for RecomputeRoute field to JWT in SecurityPolicy CRD
  • Added Support for AllowCredentials knob to CORS setting in SecurityPolicy CRD
  • Added Support for Extract from different identifier to JWT in SecurityPolicy CRD
  • Added Support for Secret resource in EnvoyPatchPolicy CRD
  • Added Support for Making the value optional for JSONPatchOperation in EnvoyPatchPolicy CRD
  • Added Support for From field to JSONPatchOperation in EnvoyPatchPolicy CRD
  • Added Support for MergeGateways in EnvoyPatchPolicy CRD
  • Added Support for Upstream TLS by implementing BackendTLSPolicy CRD
  • Added Support for LabelSelector type for NamespaceSelectors in EnvoyGateway Configuration
  • Added Support for Ratelimit prometheus in EnvoyGateway Configuration
  • Added Support for Gracefully drain listeners before envoy shutdown on pod termination in EnvoyProxy CRD
  • Added Support for Configuring externalTrafficPolicy to the envoy service in EnvoyProxy CRD
  • Added Support for Envoy extra args in EnvoyProxy CRD
  • Added Support for Mergepatch to envoyproxy/ratelimit deployment in EnvoyProxy CRD
  • Added Support for Mergepatch to envoyproxy service in EnvoyProxy CRD
  • Added Support for NodeSelector to PodSpec in EnvoyProxy CRD
  • Added Support for HorizontalPodAutoscaler in EnvoyProxy CRD
  • Added Support for TopologySpreadConstraints to PodSpec in EnvoyProxy CRD
  • Added Support for ImagePullSecrets to PodSpec in EnvoyProxy CRD

Breaking Changes

  • Use wildcard to match AllowOrigins to CORS in SecurityPolicy CRD
  • Remove Hostnetwork support in EnvoyProxy CRD

Conformance

  • Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic

Testing

  • Added e2e test for Header Case-Preserving
  • Added e2e test for Timeout in ClientTrafficPolicy
  • Added e2e test for JWT claim base routing
  • Added e2e test for OIDC
  • Added e2e test for BackendTrafficPolicy Retry
  • Added e2e test for Backend Upgrade
  • Added e2e test for External Authorization
  • Added e2e test for Backend TLS policy
  • Added e2e test for Envoy Gateway Release Upgrade
  • Added e2e test for Weighted backend
  • Added validation for LoadBalancerIP to prevent trailing period

Translator

  • Fixed Prefix match to prevent mismatching routes with the same prefix
  • Fixed Multiple reconciling by implementing comparable interface for ir.Infra
  • Fixed EndpointSlice with empty conditions {}
  • Fixed Error handling when parsing the http request timeout
  • Fixed No status when EnvoyPatchPolicy is disabled
  • Fixed Printable for xds and infra IRs
  • Fixed Skip backendRefs with weight set to 0
  • Fixed AND Header matches in ratelimiting not working
  • Fixed Deletion logics when no gatewayclasses exist
  • Fixed Match mergedGateways irKey for ClientTrafficPolicy
  • Fixed Policies should apply only to gateways they were attached to when mergeGateways is true
  • Fixed Listener status is not surfaced for gateways when MergeGateways enabled
  • Fixed GRPCroute websocket not working by moving web socket upgrade config from hcm to route
  • Fixed Configure idle timeout when timeout is set on HTTPRoute
  • Fixed Relaxing HTTPS restriction for OIDC token endpoint
  • Fixed Panic when translating routes with empty backends
  • Fixed Xds translation should be done in a best-effort manner
  • Fixed Delete unused status keys from watchable
  • Fixed Ignoring finalizers when comparing envoy proxy service
  • Fixed Don’t override the ALPN array if HTTP/3 is enabled
  • Fixed Add h3 ALPN by default if HTTP/3 is enabled
  • Fixed Change the Merge behavior to Replace for SecurityPolicy/BackendTrafficPolicy
  • Fixed Use service port in alt-svc header if HTTP/3 is enabled
  • Fixed Prevent policies targeting non-TLS listeners on the same port from conflicting
  • Fixed Skip the ReasonTargetNotFound for all policies
  • Fixed Skip publishing empty status for all policies
  • Added Support for validating regex before sending to Envoy
  • Added Support for setting spec.addresses.value into ClusterIP when Service Type is ClusterIP
  • Added Unsupported status condition for filters within BackendRef
  • Added List instead of map for Provider Resources for order stability
  • Added Suffix for oauth cookies to prevent multiple oauth filters from overwriting each other’s cookies
  • Added Support for overriding condition to BackendTrafficPolicy and SecurityPolicy
  • Added Support for default retry budget and retry host predicate
  • Added Support for implementing gateway.spec.infrastructure
  • Added Support for Upstream TLS to multiple Backends
  • Added Validation for CA Cert in ClientTrafficPolicy

Providers

  • Added Support for multiple GatewayClass per controller
  • Added SecurityPolicyIndexers in Kubernetes Provider
  • Added Support for generating HMAC secret in CertGen Job
  • Fixed Finalizer logic when deleting Gatewayclasses
  • Fixed MergeGateways panics when restarting control plane

XDS

  • Added Support for EDS cache
  • Added Support for ADS cache to ensure the rule order
  • Fixed Deprecated field error when using RequestHeaderModifier filter
  • Fixed Envoy rejects XDS at runtime losing all routes on restart
  • Fixed Requests not matching defined routes trigger per-route filters
  • Bumped go-control-plane to v0.12.0

CLI

  • Added Support for egctl x status
  • Added Support for egctl experimental dashboard envoy-proxy
  • Added Support for egctl config ratelimit
  • Added Support for egctl translate from gateway-api resources to IR

Last modified May 7, 2024: docs: document client idle timeout (#3325) (019a5e1)