v1.0.0

  6 minute read  

Date: March 13, 2024

Documentation

  • Added User Guide for Local Ratelimit
  • Added User Guide for Circuit Breaker
  • Added User Guide for fault injection
  • Added User Guide for EnvoyProxy extraArgs
  • Added User Guide for Timeouts in ClientTrafficPolicy
  • Added User Guide for JWT claim base routing
  • Added User Guide for HTTP Timeout
  • Added User Guide for Retry in BackendTrafficPolicy
  • Added User Guide for Basic Auth
  • Added User Guide for OIDC
  • Added User Guide for ClientTrafficPolicy
  • Added User Guide for BackendTrafficPolicy
  • Added User Guide for Basic Auth using HTTPS
  • Added User Guide for External Authorization
  • Added User Guide for Routing Outside Kubernetes
  • Added User Guide for BackendTLSPolicy
  • Added User Guide for Mutual TLS from External Clients to the Gateway
  • Added User Guide for Control Plane Authentication using custom certs
  • Added User Guide for Multiple Gatewayclass and Merge Gateways Deployment Mode
  • Added Type and required for CRD API doc
  • Refactored Structure of User Guide docs
  • Refactored Move Design docs under “Get Involved”
  • Updated crd-ref-docs to 0.0.10
  • Updated Envoy proxy image to envoy:distroless-dev in main

Installation

  • Added Support for Pulling envoyGateway image from a private registry
  • Added Support for Configuring resources for certgen job
  • Added Support for Configuring affinity for EnvoyGateway pod

API

  • Added Support for Downstream QUIC/HTTP3 in ClientTrafficPolicy CRD
  • Added Support for Downstream MTLS in ClientTrafficPolicy CRD
  • Added Support for Enabling EnvoyHeaders in ClientTrafficPolicy CRD
  • Added Support for DisableMergeSlash and escapedSlashesAction in ClientTrafficPolicy CRD
  • Added Support for EnableTrailers in HTTP/1.1 in ClientTrafficPolicy CRD
  • Added Support for Preserving header letter-case on HTTP/1 in ClientTrafficPolicy CRD
  • Added Support for Enabling HTTP/1.0 and HTTP/0.9 in ClientTrafficPolicy CRD
  • Added Support for Client IP Detection using XFF in ClientTrafficPolicy CRD
  • Added Support for Client IP Detection using Custom Header in ClientTrafficPolicy CRD
  • Added Support for Connection Timeouts in ClientTrafficPolicy CRD
  • Added Support for Common TLS configuration properties in ClientTrafficPolicy CRD
  • Added Support for Proxy protocol in ClientTrafficPolicy CRD
  • Added Support for TCPKeepAlive in ClientTrafficPolicy CRD
  • Added Support for Local rate limit in BackendTrafficPolicy CRD
  • Added Support for CircuitBreaker in BackendTrafficPolicy CRD
  • Added Support for Fault injection in BackendTrafficPolicy CRD
  • Added Support for Passive Health Checks in BackendTrafficPolicy CRD
  • Added Support for Active Health Checks in BackendTrafficPolicy CRD
  • Added Support for Connection Timeouts in BackendTrafficPolicy CRD
  • Added Support for Compressor/Decompressor in BackendTrafficPolicy CRD
  • Added Support for Retry in BackendTrafficPolicy CRD
  • Added Support for Slow start mode in BackendTrafficPolicy CRD
  • Added Support for Proxy protocol in BackendTrafficPolicy CRD
  • Added Support for TCPKeepAlive in BackendTrafficPolicy CRD
  • Added Support for PolicyStatus in BackendTrafficPolicy CRD
  • Added Support for PolicyStatus in ClientTrafficPolicy CRD
  • Added Support for PolicyStatus in SecurityPolicy CRD
  • Added Support for OIDC in SecurityPolicy CRD
  • Added Support for Basic Auth in SecurityPolicy CRD
  • Added Support for RedirectURL and signoutPath to OIDC in SecurityPolicy CRD
  • Added Support for ExtractFrom headers and params to JWT in SecurityPolicy CRD
  • Added Support for External Authorization in SecurityPolicy CRD
  • Added Support for RecomputeRoute field to JWT in SecurityPolicy CRD
  • Added Support for AllowCredentials knob to CORS setting in SecurityPolicy CRD
  • Added Support for Extract from different identifier to JWT in SecurityPolicy CRD
  • Added Support for Secret resource in EnvoyPatchPolicy CRD
  • Added Support for Making the value optional for JSONPatchOperation in EnvoyPatchPolicy CRD
  • Added Support for From field to JSONPatchOperation in EnvoyPatchPolicy CRD
  • Added Support for MergeGateways in EnvoyPatchPolicy CRD
  • Added Support for Upstream TLS by implementing BackendTLSPolicy CRD
  • Added Support for LabelSelector type for NamespaceSelectors in EnvoyGateway Configuration
  • Added Support for Ratelimit prometheus in EnvoyGateway Configuration
  • Added Support for Gracefully drain listeners before envoy shutdown on pod termination in EnvoyProxy CRD
  • Added Support for Configuring externalTrafficPolicy to the envoy service in EnvoyProxy CRD
  • Added Support for Envoy extra args in EnvoyProxy CRD
  • Added Support for Mergepatch to envoyproxy/ratelimit deployment in EnvoyProxy CRD
  • Added Support for Mergepatch to envoyproxy service in EnvoyProxy CRD
  • Added Support for NodeSelector to PodSpec in EnvoyProxy CRD
  • Added Support for HorizontalPodAutoscaler in EnvoyProxy CRD
  • Added Support for TopologySpreadConstraints to PodSpec in EnvoyProxy CRD
  • Added Support for ImagePullSecrets to PodSpec in EnvoyProxy CRD

Breaking Changes

  • Use wildcard to match AllowOrigins to CORS in SecurityPolicy CRD
  • Remove Hostnetwork support in EnvoyProxy CRD

Conformance

  • Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic

Testing

  • Added e2e test for Header Case-Preserving
  • Added e2e test for Timeout in ClientTrafficPolicy
  • Added e2e test for JWT claim base routing
  • Added e2e test for OIDC
  • Added e2e test for BackendTrafficPolicy Retry
  • Added e2e test for Backend Upgrade
  • Added e2e test for External Authorization
  • Added e2e test for Backend TLS policy
  • Added e2e test for Envoy Gateway Release Upgrade
  • Added e2e test for Weighted backend
  • Added validation for LoadBalancerIP to prevent trailing period

Translator

  • Fixed Prefix match to prevent mismatching routes with the same prefix
  • Fixed Multiple reconciling by implementing comparable interface for ir.Infra
  • Fixed EndpointSlice with empty conditions {}
  • Fixed Error handling when parsing the http request timeout
  • Fixed No status when EnvoyPatchPolicy is disabled
  • Fixed Printable for xds and infra IRs
  • Fixed Skip backendRefs with weight set to 0
  • Fixed AND Header matches in ratelimiting not working
  • Fixed Deletion logics when no gatewayclasses exist
  • Fixed Match mergedGateways irKey for ClientTrafficPolicy
  • Fixed Policies should apply only to gateways they were attached to when mergeGateways is true
  • Fixed Listener status is not surfaced for gateways when MergeGateways enabled
  • Fixed GRPCroute websocket not working by moving web socket upgrade config from hcm to route
  • Fixed Configure idle timeout when timeout is set on HTTPRoute
  • Fixed Relaxing HTTPS restriction for OIDC token endpoint
  • Fixed Panic when translating routes with empty backends
  • Fixed Xds translation should be done in a best-effort manner
  • Fixed Delete unused status keys from watchable
  • Fixed Ignoring finalizers when comparing envoy proxy service
  • Fixed Don’t override the ALPN array if HTTP/3 is enabled
  • Fixed Add h3 ALPN by default if HTTP/3 is enabled
  • Fixed Change the Merge behavior to Replace for SecurityPolicy/BackendTrafficPolicy
  • Fixed Use service port in alt-svc header if HTTP/3 is enabled
  • Fixed Prevent policies targeting non-TLS listeners on the same port from conflicting
  • Fixed Skip the ReasonTargetNotFound for all policies
  • Fixed Skip publishing empty status for all policies
  • Added Support for validating regex before sending to Envoy
  • Added Support for setting spec.addresses.value into ClusterIP when Service Type is ClusterIP
  • Added Unsupported status condition for filters within BackendRef
  • Added List instead of map for Provider Resources for order stability
  • Added Suffix for oauth cookies to prevent multiple oauth filters from overwriting each other’s cookies
  • Added Support for overriding condition to BackendTrafficPolicy and SecurityPolicy
  • Added Support for default retry budget and retry host predicate
  • Added Support for implementing gateway.spec.infrastructure
  • Added Support for Upstream TLS to multiple Backends
  • Added Validation for CA Cert in ClientTrafficPolicy

Providers

  • Added Support for multiple GatewayClass per controller
  • Added SecurityPolicyIndexers in Kubernetes Provider
  • Added Support for generating HMAC secret in CertGen Job
  • Fixed Finalizer logic when deleting Gatewayclasses
  • Fixed MergeGateways panics when restarting control plane

xDS

  • Added Support for EDS cache
  • Added Support for ADS cache to ensure the rule order
  • Fixed Deprecated field error when using RequestHeaderModifier filter
  • Fixed Envoy rejects XDS at runtime losing all routes on restart
  • Fixed Requests not matching defined routes trigger per-route filters
  • Bumped go-control-plane to v0.12.0

Cli

  • Added Support for egctl x status
  • Added Support for egctl experimental dashboard envoy-proxy
  • Added Support for egctl config ratelimit
  • Added Support for egctl translate from gateway-api resources to IR

Last modified April 25, 2024: feat: support backend tls settings with envoyproxy (#3218) (a81291e)