This is the news section. It has three categories: Blogs, Presentations and Releases.
Files in these directories will be listed in reverse chronological order.
1 - Blogs
Blogs about Envoy Gateway
1.1 - Announcing Envoy Gateway’s 1.0 Release!
v1.0.0 is here !
Today we’re ecstatic to announce the 1.0 release of Envoy Gateway (EG) for Kubernetes. A mature version ready for widespread adoption in production that simplifies the use of Envoy for managing North-South traffic.
After nearly two years with contributions from over 90 engineers we are proud to say EG meets the goals that Matt outlined in the original post introducing the project, summarized here:
Addresses common needs with a solution that is simple to configure and understand
Provides great docs for common use cases to enable ease of adoption
Empowers the community and vendors to drive the project forward through an extensible API
Can’t wait to try it? Visit the EG tasks to get started with Envoy Gateway 1.0
Envoy Gateway 1.0
The 1.0 release brings a lot of functionality. In addition to implementing the full Kubernetes Gateway API – including the awesome Envoy L7 features you love like per-request policy, load balancing, and best-in-class observability – it also goes further, Envoy Gateway 1.0:
Provides support for common features such as Rate Limiting and OAuth2.0
Deploys and upgrades Envoy on your behalf, easing operations and lifecycle management
Introduces extensions to the Kubernetes Gateway API to address Client, Backend, and Security settings and features
Is easily extensible through the EnvoyPatchPolicy API to allow you to configure any Envoy behavior (including stuff you build yourself!)
Has a CLI, egctl, for interacting with and debugging the system
Comes with a large (and growing!) set of scenarios to make common use cases straightforward to implement
What Does 1.0 Mean for the Project?
We won’t be slowing down on feature velocity – if anything, we expect more features to ship as many users who have been following the project and waiting on the GA release get involved. For us, 1.0 means two big things:
A commitment to ensuring stability with releases for CVE fixes. From 1.0 onwards you can have confidence that the configuration you write today will continue to work in the same way for the foreseeable future.
That the community is confident in the system’s readiness for general use by everyone, not just Envoy experts.
How We Got Here
The project has moved so fast it feels like a whirlwind, but a high level recap is in order.
2022
In May, Matt Klein published the original post introducing the project
In November, Envoy Gateway passed the entire Kubernetes Gateway API conformance suite for the first time.
2023
We enabled early adopters to understand target use cases by providing configuration escape valves.
The number of project contributors and early adopters were growing and shaping the direction of Envoy Gateway
Extensions to Envoy Gateway and the Gateway API to tackle client, backend, and security challenges early adopters were facing, were introduced by the community
2024
Envoy Gateway 1.0 is ready for widespread adoption thanks to over 90 contributors and the engagement from early production adopters
What’s Next?
Following the 1.0 release, we’ll be focusing on:
Ease of operation: Continuing to improve the Journey to Production and operability of the system
Better metrics dashboards for control plane and data plane observability
Exposing more knobs to fine tune more traffic shaping parameters
Features: More API Gateway features such as authorization (IP Addresses, JWT Claims, API Key, etc.) and compression
Scale: Building out a performance benchmarking tool into our CI
Extensibility: We plan on providing a first-class API for data plane extensions such as Lua, Wasm, and Ext Proc to enable users to implement their custom use cases
Outside of Kubernetes: Running Envoy Gateway in non-k8s environments - this has been an explicit goal and we’d like to focus on this in the coming months. Envoy Proxy already supports running on bare metal environments, with Envoy Gateway users getting the added advantage of a simpler API
Debug: And a lot of capabilities with the egctl CLI
Get Started
If you’ve been looking to use Envoy as a Gateway, check out our quickstart guide and give it a try! If you’re interested in contributing, check out our guide for getting involved!
1.2 - Welcome to new website!
We migrate our docs from Sphinx to Hugo now!
Summary
Migrate from Sphinx to Hugo for Envoy Gateway Documents.
Introduction
In the realm of static site generators, two names often come up: Sphinx and Hugo. While both are powerful tools, we recently made the decision to migrate our documentation from Sphinx to Hugo. This article aims to shed light on the reasons behind this move and the advantages we’ve discovered in using Hugo for static blogging.
Why Migrate?
Sphinx, originally created for Python documentation, has served us well over the years. It offers a robust and flexible solution for technical documentation. However, as our needs evolved, we found ourselves seeking a tool that could offer faster build times, ease of use, and a more dynamic community. This led us to Hugo.
Advantages of Hugo
Speed: Hugo is renowned for its speed. It can build a site in a fraction of the time it takes other static site generators. This is a significant advantage when working with large sites or when quick updates are necessary.
Ease of Use: Hugo’s simplicity is another strong point. It doesn’t require a runtime environment, and its installation process is straightforward. Moreover, Hugo’s content management is intuitive, making it easy for non-technical users to create and update content.
Flexibility: Hugo supports a wide range of content types, from blog posts to documentation. It also allows for custom outputs, enabling us to tailor our site to our specific needs.
Active Community: Hugo boasts a vibrant and active community. This means regular updates, a wealth of shared themes and plugins, and a responsive support network.
Multilingual Support: Hugo’s built-in support for multiple languages is a boon for global teams. It allows us to create content in various languages without the need for additional plugins or tools.
Markdown Support: Hugo’s native support for Markdown makes it easy to write and format content. This is particularly beneficial for technical writing, where code snippets and technical formatting are common.
Challenges Encountered During the Migration
While the migration from Sphinx to Hugo has brought numerous benefits, it was not without its challenges and it really took me a lot of time on it. Here are some of the difficulties we encountered during the process:
Converting RST to Markdown: Our documentation contained a large number of reStructuredText (RST) files, which needed to be converted to Markdown, the format Hugo uses. This required a careful and meticulous conversion process to ensure no information was lost or incorrectly formatted.
Adding Headings to tons of Markdown Files: Hugo requires headings in its Markdown files, which our old documents did not have. We had to write scripts to add these headings in bulk, a task that required a deep understanding of both our content and Hugo’s requirements.
Handling Multiple Versions: Our documentation had already gone through five iterations, resulting in a large number of files to manage. We had to ensure that all versions were correctly migrated and that the versioning system in Hugo was correctly set up.
Designing a New Page Structure and Presentation: To provide a better reading experience, we needed to design a new way to organize and present our pages. This involved understanding our readers’ needs and how best to structure our content to meet those needs.
Updating Existing Toolchains: The migration also required us to update our existing toolchains, including Makefile, CI, release processes, and auto-generation tools. This was a complex task that required a deep understanding of both our old and new systems.
Despite these challenges, the benefits of migrating to Hugo have far outweighed the difficulties. The process, while complex, has provided us with a more efficient, user-friendly, and flexible system for managing our static blog. It’s a testament to the power of Hugo and the value of continuous improvement in the tech world.
Conclusion
While Sphinx has its strengths, our migration to Hugo has opened up new possibilities for our static blogging. The speed, ease of use, flexibility, and active community offered by Hugo have made it a powerful tool in our arsenal.
Some Words
Author
Xunzhuo Liu, the maintainer and steering committee member of Envoy Gateway.
From the inception of my involvement in the project, I have placed great emphasis on user experience, including both developer and end-user experiences. I have built a rich toolchain, automated pipelines, Helm Charts, command-line tools, and documentation to enhance the overall experience of interacting with the project.
My dedication to improving user experience was a driving force behind the decision to migrate from Sphinx to Hugo. I recognized the potential for Hugo to provide a more intuitive and efficient platform for managing the project’s static blog. Despite the challenges encountered during the migration, my commitment to enhancing user experience ensured a successful transition.
Through this migration, I have further demonstrated my commitment to continuous improvement and my ability to adapt to the evolving needs of the project. My work serves as a testament to the importance of user experience in software development and the value of embracing new tools and technologies to meet these needs.
Enjoy new Envoy Gateway Website! ❤️
2 - Presentations
Presentations, Talks and Events about Envoy Gateway
2.1 - KubeCon China 2023
Envoy Gateway: The API Gateway in the Cloud Native Era
Topic: Envoy Gateway: The API Gateway in the Cloud Native Era
This document provides details for Envoy Gateway releases. Envoy Gateway follows the Semantic Versioning v2.0.0 spec
for release versioning.
Stable Releases
Stable releases of Envoy Gateway include:
Minor Releases- A new release branch and corresponding tag are created from the main branch. A minor release
is supported for 6 months following the release date. As the project matures, Envoy Gateway maintainers will reassess
the support timeframe.
Minor releases happen quarterly and follow the schedule below.
Release Management
Minor releases are handled by a designated Envoy Gateway maintainer. This maintainer is considered the Release Manager
for the release. The details for creating a release are outlined in the release guide. The Release Manager is
responsible for coordinating the overall release. This includes identifying issues to be fixed in the release,
communications with the Envoy Gateway community, and the mechanics of the release.
In order to align with the Envoy Proxy release schedule, Envoy Gateway releases are produced on a fixed schedule
(the 22nd day of each quarter), with an acceptable delay of up to 2 weeks, and a hard deadline of 3 weeks.
Version
Expected
Actual
Difference
End of Life
0.2.0
2022/10/22
2022/10/20
-2 days
2023/4/20
0.3.0
2023/01/22
2023/02/09
+17 days
2023/08/09
0.4.0
2023/04/22
2023/04/24
+2 days
2023/10/24
0.5.0
2023/07/22
2023/08/02
+10 days
2024/01/02
0.6.0
2023/10/22
2023/11/02
+10 days
2024/05/02
1.0.x
2024/03/06
2023/03/13
+7 days
2024/09/13
1.1.x
2024/07/16
2024/07/22
+6 days
2024/01/22
1.2.x
2024/10/22
2024/11/06
+14 days
2025/05/06
3.1 - Notes
This section includes Releases Notes of Envoy Gateway.
3.1.1 - v1.2.4
Date: December 13, 2024
Bug fixes
Fixed BackendTLSPolicy not supporting the use of a port name as the sectionName in targetRefs.
Fixed reference grant from EnvoyExtensionPolicy to the referenced ext-proc backend not being respected.
Fixed BackendTrafficPolicy not applying to Gateway Routes when a Route has a Request Timeout defined.
Fixed proxies connected to the secondary Envoy Gateway not receiving xDS configuration.
Fixed traffic splitting not working when some backends were invalid.
Other changes
Bumped Envoy to version 1.32.2.
3.1.2 - v1.1.4
Date: December 12, 2024
Bug fixes
Fixed validate proto messages before converting them to anypb.Any
Fixed BackendTlsPolicy specify multiple targetRefs of the same service, only one will work
Fixed Envoy rejecting TCP Listeners that have no attached TCPRoutes
Fixed frequent 503 errors when connecting to a Service experiencing high Pod churn
Fixed reference grant from EnvoyExtensionPolicy to referenced ext-proc backend not respected
Fixed BackendTrafficPolicy not applying to Gateway Route when Route has a Request Timeout defined
Other changes
Bumped Rate Limit to 49af5cca
Bumped golang.org/x/crypto to 0.31.0
3.1.3 - v1.2.3
Date: December 2, 2024
Bug fixes
Disabled the retry policy for the JWT provider to reduce requests sent to the JWKS endpoint. Failed async fetches will retry every 1s.
Used a waitGroup instead of an enabled channel in the status updater.
Other changes
EG Listens on IPv4 by default, but if IPFamily is set to IPv6 or DualStack, it listens on :: and enables ipv4_compat for DualStack.
Bumped Gateway API to v1.2.1.
3.1.4 - v1.2.2
Date: November 28, 2024
Bug fixes
Fixed Envoy rejecting TCP Listeners that have no attached TCPRoutes.
Fixed failed to update SecurityPolicy resources with the backendRef field specified.
Fixed xDS translation failed when oidc tokenEndpoint and jwt remoteJWKS are specified in the same SecurityPolicy and using the same hostname.
Fixed frequent 503 errors when connecting to a Service experiencing high Pod churn.
Other changes
Bump the RateLimit image to 49af5cca.
Always use :: and IPv4Compact enabled on dynamic listeners.
Use V4_PREFERRED instead of V4_ONLY by default for the cluster’s DnsLookupFamily.
3.1.5 - v1.2.1
Date: November 7, 2024
Bug fixes
Fixed a panic in the provider goroutine when the body in the direct response configuration was nil.
3.1.6 - v1.2.0
Date: November 06, 2024
Breaking Changes
Gateway API GRPCRoute and ReferenceGrant v1alpha2 have been removed
Removed default CPU limit of the Envoy Gateway deployment, to eliminate CPU throttling
Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively
Set ignore_health_on_host_removal to true for clusters with static endpoints This was done to speed up removal of static endpoints by the control plane when active health check is configured
Xds and Infra IR logs are logged at Debug level instead of Info level. They will now not be seen by default in Envoy Gateway logs. You can change the logging level to default: debug to view them
New Features
Added support for Gateway-API v1.2.0
Added support for IPv4/IPv6 Dual Stack for EnvoyProxy fleet and BackendRef resources
Added experimental support for EG standalone(host deployment) mode
Added support for JWT claims based Authorization in SecurityPolicy CRD
Added support for Response Override in BackendTrafficPolicy CRD
Added support for RequestTimeout in BackendTrafficPolicy CRD
Added support for inverting header matches for Rate Limit in BackendTrafficPolicy CRD
Added support for client TLS session resumption in ClientTrafficPolicy CRD
Added support for HTTPRouteFilter and path regex rewrite
Added support for host header rewrite in HTTPRouteFilter CRD
Added support for Listener Access Log in EnvoyProxy CRD
Added support for Datadog tracing support in EnvoyProxy CRD
Added support for request response sizes stats in EnvoyProxy CRD
Added support for modifying container SecurityContext for Envoy Gateway deployment in Helm
Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD
Added support for match conditions for access log in EnvoyProxy CRD
Added support for using BackendCluster to represent OIDCProvider
Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD
Added support for sharing token cookies between multiple domains in SecurityPolicy CRD
Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD
Added support for Active Passive Failover Backends
Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD
Added support for early request header mutation in the ClientTrafficPolicy CRD
Added support for JsonPath in the EnvoyPatchPolicy CRD
Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD
Added support for cluster settings for non xRoute-generated backend refs
Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD
Added support for http2 upstream settings in BackendTrafficPolicy CRD
Added support for DNS resolution settings in BackendTrafficPolicy CRD
Added support for configuring service annotations in the Envoy Gateway helm chart
Added support for configuring priorityClassName to Envoy Gateway helm chart
Added support for ratelimit metrics monitoring in grafana in the addons helm chart
Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart
Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart
Added support for configuring NodeSelector in the Envoy Gateway helm chart
Added support for nonce in the OIDC auth flow
Added support for choosing an HTTPRoute’s non-wildcard hostname as the default Host
Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails
Added support for returning 500 when SecurityPolicy translation fails
Added support for multiple backendRefs for ExtAuth and ExtProc
Added support for session persistence in HTTPRoute rules
Added support for the Backend resource for ExtAuth
Added support for target selectors on Envoy Gateway Extension Server policies
Added support for non-Kubernetes Backends for TLSRoute
Added support for fallback to the Backend API
Added support for reloadable EnvoyGateway configuration
Added support for adding Labels to the Envoy Service
Added support for custom name for ratelimit deployment
Added default SecurityContext for EG components
Added startupProbe to all provisioned containers
Added support for local validations for egctl translate and file provider
Added support for egctl x collect to collect information from the cluster for debugging
Added support for a native prometheus metrics endpoint in the ratelimit server
Bug Fixes
Fixed xDS translation failing when the WASM HTTP code source was configured without an SHA
Fixed unsupported listener protocol types causing errors while updating Gateway status
Fixed unsupported listener protocol types causing errors while updating Gateway status
Fixed invalid sectionName in BackendTLSPolicy for Backend
Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors
Fixed JSONPath not being correctly translated to JSONPatch paths
Fixed allowing an empty slowStart value when using LeastRequest
Fixed updating the HTTPRoute status correctly when the linked Backend resource is invalid
Fixed timeout settings originating from the route being lost when translating the backend traffic policy
Fixed Backend resources not receiving status updates
Fixed active health checks requiring the expectedStatuses field to function correctly
Fixed HTTPHeaderFilter processing not correctly supporting multiple header values
Fixed reconciling multiple ReferenceGrants within the same namespace
Fixed unwanted / appearing in the Path when using Prefix Rewrites
Fixed incorrect gateway being selected as the HTTPRoute parent
Fixed override issues for EnvoyExtensionPolicy
Fixed nil pointer error when translating hash load balancing
Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not
Removed default CPU limit of the Envoy Gateway deployment
Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively
New features
Added support for Gateway-API v1.2.0
Added support for IPv4/IPv6 Dual Stack for Envoy listeners and BackendRef resources
Added support for EG standalone(host deployment) mode (experimental)
Added support for JWT claims based Authorization in SecurityPolicy CRD
Added support for Direct Response in HTTPRouteFilter CRD
Added support for Response Override in BackendTrafficPolicy CRD
Added support for RequestTimeout in BackendTrafficPolicy CRD
Added support for inverting header matches for rate limit in BackendTrafficPolicy CRD
Added support for client TLS session resumption in ClientTrafficPolicy CRD
Added support for HTTPRouteFilter and path regex rewrite
Added support for host header rewrite in HTTPRouteFilter CRD
Added support for Listener Access Log in EnvoyProxy CRD
Added support for Datadog tracing support in EnvoyProxy CRD
Added support for request response sizes stats in EnvoyProxy CRD
Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD
Added support for match conditions for access log in EnvoyProxy CRD
Added support for using BackendCluster to represent OIDCProvider
Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD
Added support for sharing token cookies between multiple domains in SecurityPolicy CRD
Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD
Added support for LB priority for non xRoute endpoints
Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD
Added support for early request header mutation in the ClientTrafficPolicy CRD
Added support for JsonPath in the EnvoyPatchPolicy CRD
Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD
Added support for cluster settings for non xRoute-generated backend refs
Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD
Added support for http2 upstream settings in BackendTrafficPolicy CRD
Added support for DNS resolution settings in BackendTrafficPolicy CRD
Added support for configuring service annotations in the Envoy Gateway helm chart
Added support for configuring priorityClassName to Envoy Gateway helm chart
Added support for ratelimit metrics monitoring in grafana in the addons helm chart
Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart
Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart
Added support for configuring NodeSelector in the Envoy Gateway helm chart
Added support for nonce in the OIDC auth flow
Added support for choosing an HTTPRoute’s non-wildcard hostname as the default Host
Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails
Added support for returning 500 when SecurityPolicy translation fails
Added support for multiple backendRefs for ExtAuth and ExtProc
Added support for session persistence in HTTPRoute rules
Added support for the Backend resource for ExtAuth
Added support for target selectors on Envoy Gateway Extension Server policies
Added support for non-Kubernetes Backends for TLSRoute
Added support for fallback to the Backend API
Added support for reloadable EnvoyGateway configuration
Added support for adding Labels to the Envoy Service
Added support for custom name for ratelimit deployment
Added default SecurityContext for EG components
Added startupProbe to all provisioned containers
Added support for local validations for egctl translate and file provider
Added support for egctl x collect to collect information from the cluster for debugging
Added support for a native prometheus metrics endpoint in the ratelimit server
Bug fixes
Fixed unsupported listener protocol type causing an error while updating Gateway Status
Fixed some status updates were being discarded by the status updater
Fixed Gateway crash adding BackendTLSPolicy to External Backend of an HTTPRoute
Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors
Fixed JSONPath not correctly translated to JSONPatch paths
Fixed allow empty slowStart when using LeastRequest
Fixed Backends which should be rejected are still used as an HTTPRoute’s destination
Fixed losing timeout settings that originate from the route when translating the backend traffic policy
Fixed Backend resources don’t get status updates
Fixed Active Health check requires expectedStatuses field to work
Fixed HTTPHeaderFilter processing doesn’t correctly support multiple header values
Fixed multiple reference grants in same namespace
Fixed upstream get unwanted /.
Fixed creation of SecurityPolicy with targetSelectors fails
Fixed ratelimit does not work across multiple GatewayClasses
Fixed upstream mTLS only works for HTTPS listeners
Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not
Fixed empty connection limit causes XDS rejection
Fixed ratelimit not working with both headers and cidr matches
Fixed EDS didn’t update when deployments was created after services
Fixed RBAC issue for deleting infrastructure resources
Fixed customized infrastructure resources not being deleted
Fixed Gateways never become ready/programmed when running Envoy as a Daemonset
Fixed Ratelimit Deployment ignoring pod labels and annotation merge
Fixed the API Server receives unnecessary requests
Fixed terminating envoy pods don’t respond with “Connection: close” (H1) or GOAWAY(H2) on shutdown, switch to an immediate drain strategy
Fixed ratelimit statsd not working
Fixed not generating selector of deployment/daemonset based on the custom label configuration of EnvoyProxy
Fixed egctl experimental translate using a wrong ns
Performance improvements
Fixed repeated resources and optimize memory usage
Other changes
Removed grafana test framework from the addons helm chart
Disabled ALPN for non-HTTP routes
Added statPrefix for HCM and TCPProxy
Enabled GatewayHTTPListenerIsolation conformance test
Enabled GRPC conformance profile
Enabled HTTPRouteBackendRequestHeaderModifier conformance test
Added e2e test for Daemonset mode
Updated upgrades tests to use VERSION env variable
Fixed OVS scanner wrong license warnings
Added e2e test for TLS session resumption
Added heap profile into benchmark report
Added e2e test for RecomputeRoute in ExtAuth
Added benchmark memory profiles into report
Fixed flaky gateway_with_conflicted_listener_cannot_be_merged e2e test
Fixed flaky Zipkin Tracing e2e test
Added e2e test for cookie based consistent hash load balancing
Added e2e test for load balancing
Fixed flaky authorization tests
Enabled upgrade test
Fixed flaky basic auth e2e test
Enabled use-client-protocol e2e test
Added performance benchmarking test for 1000 HTTPRoutes
Added e2e test for Datadog tracing
Added e2e tests for ratelimit invert matching headers
Reduced readinessProbe failureThreshold and periodSeconds
Bumped go-control-plane to v0.13.1
3.1.9 - v1.1.2
Date: September 24, 2024
Translator
Fixed handling of sectionName in BackendTLSPolicy for Backend resource
Infra-manager
Pin Envoy Proxy version to v1.32.2
Change Envoy listener drain strategy from gradual to immediate
Providers
Fixed reconciliation of HTTPRoutes when labels change
3.1.10 - v1.1.1
Date: September 11, 2024
Documentation
Bumped Golang version to 1.22.7
Conformance
Enabled GatewayHTTPListenerIsolation test
Testing
Fix download URL of envoy proxy WASM examples used in tests
Translator
Fixed url rewrite to remove trailing slash
Isolate HTTP route tables to listener according to Gateway-API specifications
Fixed identification of ReferenceGrant when multiple ReferenceGrants exist in a namespace
Fixed added header values as a command and space delimited list
Fixed assertion on expected status in active HTTP healthcheck
Fixed rejection of invalid Backends referenced by xRoutes
Fixed support for empty SlowStart configuration when using LeastRequest loadbalancing
Fixed update of status for Backends
Infra-manager
Pin ratelimit version to 26f28d78
Reduce readinessProbe failureThreshold and periodSeconds of proxy
Expose ratelimit statsd
Providers
Fixed error returned when referenced Configmap or Secret is not found
Use component name in Envoy Gateway logs
3.1.11 - v1.1.0
Date: July 22, 2024
Documentation
Added Concepts Doc
Added User Guide for Wasm Extension
Added User Guide for patching Envoy Service
Added User Guide for Backend MTLS
Added User Guide for Backend TLS Parameters
Added User Guide for IP Allowlist/Denylist
Added User Guide for Extension Server
Added User Guide for building Wasm image
Added Performance Benchmarking Document
Added User Guide for Zipkin Tracing
Added User Guide for Customizing Ordering of Filters
Added User Guide for External Processing Filter in EnvoyExtensionPolicy
Added User Guide for installation of egctl with brew
Added User Guide for Client Buffer Size Limit
Added User Guide for Client Idle Timeout
Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides
Added User Guide for Backend resource
Added GA Blog Post
Added Threat Model
Added Adopters section to docs
Added User Guide and Dashboards for Control Plane and Resource Observability
Added User Guide for Connection Limits in ClientTrafficPolicy
Added User Guide on using Private Key Provider
Added Design Doc for Authorization
Added Design Doc for XDS Metadata
Added Design Doc for Backend resource
Added Design Doc for Control Plane Observability
Added Design Doc for EnvoyExtensionPolicy
Added Design Doc for External Processing in EnvoyExtensionPolicy
Updated Access Logging User Guide to include filtering with CEL Expression
Updated Access Logging User Guide to include Metadata
Updated Development Guide to require Golang 1.22
Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource
Updated Site to reflect GA status
Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef
Updated Observability User Guides to use gateway-addons-helm
Updated Gateway-API User Guide to reflect support for BackendRef filters
Updated HTTP Timeouts User Guide to highlight default Envoy timeouts
Updated Installation Guide to use server-side apply
Updated Installation Guide to refer to values.yaml docs
Updated BackendTLSPolicy User Guide to GW-API v1.1.0
Updated User Guides to use tabs when applying yaml from file or stdin
Updated OIDC User Guide to use HTTPS redirect URLs
Updated Order of versions in Site
Updated Extensbility User Gudie to use yaml-format patches
Updated Quickstart Guide to include next steps
Updated CRD docs to include enum values
Updated Extensibility User Guide with Envoy Patch Policy examples
Updated structure of docs: rename Guides to Tasks, move Contribution
Updated Support Matrix
Updated egctl x status docs for xRoute and xPolicy
Updated egctl User Guide with Install and Uninstall commands
Updated GRPCRoute docs to use v1 instead of v1alpha2
Fixed Rate Limiting User Guide to use correct CIDR matcher type names
Fixed User Guide for JWT-based routing
Fixed JSON Access Log Example
Use linkinator to detect dead links in docs
Use helm-docs to generate chart docs
Support Not-Implemented-Hide marker in API docs
Installation
Added startupProbe to all provisioned containers to reduce risk of restart
Added new gateway-addons-helm chart for Observability
Added support for global image settings for all images in Envoy Gateway helm chart
Added Support for PodDistruptionBudget for Envoy Gateway
Added Support for TopologySpreadConstraints for Envoy Gateway
Added Support for Tolerations for Envoy Gateway
Added Support for Ratelimit image pull secrets and pull policy
Updated ttlSecondsAfterFinished on certgen job to 30 by default
Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts
Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service
API
Added Support for Gateway-API v1.1.0
Added new Backend CRD
Added new EnvoyExtensionPolicy CRD
Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs
Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs
Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config
Added Support for Custom ShutDownManager Image in EnvoyGateway Config
Added Support for Leader Election in EnvoyGateway Config
Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config
Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD
Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD
Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD
Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD
Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD
Added Support for Rate Limiting Tracing in EnvoyProxy CRD
Added Support for Routing to Service IP in EnvoyProxy CRD
Added Support for Access Log CEL filters in EnvoyProxy CRD
Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD
Added Support for Zipkin Tracing in EnvoyProxy CRD
Added Support for using the Listener port as a the Container port in EnvoyProxy CRD
Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD
Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD
Added Support for Backend TLS Settings in EnvoyProxy CRD
Added Support for HTTP Filter Ordering in EnvoyProxy CRD
Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD
Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD
Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD
Added Support for Per-Endpoint stats in EnvoyProxy CRD
Added Support for Targeting SectionNames in ClientTrafficPolicy CRD
Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD
Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD
Added Support for HTTP/2 settings in ClientTrafficPolicy CRD
Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD
Added Support for HTTP Health Check in ClientTrafficPolicy CRD
Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD
Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD
Added Support for XFCC header processing in ClientTrafficPolicy CRD
Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD
Added Support for IdleTimeout in ClientTrafficPolicy CRD
Added Support for Connection Limits in ClientTrafficPolicy CRD
Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD
Added Support for Optionally requiring a JWT in SecurityPolicy CRD
Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD
Added Support for Authorization in SecurityPolicy CRD
Added Support for Ext-Auth failOpen in SecurityPolicy CRD
Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD
Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD
Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD
Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD
Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD
Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy
Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD
Added Support for Wasm extension in EnvoyExtensionPolicy CRD
Added Support for External Processing extension in EnvoyExtensionPolicy CRD
Removed Status Print Column from xPolicy CRDs
Breaking Changes
SecurityPolicy translation failures will now cause routes referenced by the policy to return an immediate 500 response
Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources
Deprecations
xPolicy targetRef is deprecated, use targetRefs instead
SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead
OpenTelemetry Proxy Access Log Host and Port are deprecated, use backendRefs instead
OpenTelemetry Proxy Metrics Sink Host and Port are deprecated, use backendRefs instead
Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead
Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead
Conformance
Added Supported Features to Gateway Class
Testing
Added e2e test for Client MTLS
Added e2e test for Load Balancing
Added performance benchmarking test
Added e2e test for Zipking Tracing
Added e2e test for HTTP Health Checks
Added e2e test for CEL Access Log Filter
Added e2e test for GRPC Access Log Service Sink
Added e2e test for XDS Metadata
Added e2e test for Wasm from OCI Images and HTTP Source
Added e2e test for Service IP Routing
Added e2e test for Multiple GatewayClasses
Added e2e test for HTTP Full Path rewrite
Added e2e test for Backend API
Added e2e test for Backend TLS Settings
Added e2e test for disabling X-RateLimit Headers
Added e2e test for Authorization
Added e2e test for BackendRefs in Ext-Auth
Added e2e test for Using Client Protocol in Upstream Connection
Added e2e test for Backend Client Cert Authentication
Added e2e test for External Processing Filter
Added e2e test for Merge Gateways Feature
Added e2e test for Option JWT authentication
Added e2e test for Infrastructure using Server-Side Apply
Added e2e test for Connection Limits
Added e2e test for Envoy Graceful Shutdown
Updated e2e test for Limit to cover multiple listeners
Updated e2e test for CORS to not require access-control-expose-headers
Run CEL tests on all supported K8s versions
Added OSV Scanner for Golang Vulnerabilities and Licenses
Added Trivy scanner for Docker images
Translator
Added Support for BackendRef HTTP Filters
Added Support for attaching EnvoyProxy to Gateways
Added Support for cross-namespace EnvoyProxy reference from GatewayClass
Added Support for Backend Traffic Policy for UDPRoute and TCPRoute
Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute
Added Support for multiple BackendRefs in TCPRoute and UDPRoute
Added Metrics related to XDS Server, Infra Manager and Controller
Added Support for PolicyStatus in EnvoyPatchPolicy
Added Support for Websocket upgrades in HTTP/1 Routes
Added Support for custom controller name in egctl
Added Support for BackendTLSPolicy CA Certificate reference to Secret
Added names to Filter Chains
Added Support extension server hooks for TCP and UDP listeners
Added Support for attaching EnvoyProxy resource to Gateways
Added Support for Exposing Prometheus Port in Rate Limiter Service
Added Support for Optional Rate Limit Backend Redis
Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled
Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain
Updated Ext-Auth Per-Route config to use filter-specific Config Type
Updated Overload Manager configuration according to Envoy recommendations by default
Updated Infrastructure resource management to user Server-Side Apply
Updated Reflection of Errors in Gateway Status when too many addresses are assigned
Fixed enforcement of same-namespace for BackendTLSPolicy and target
Fixed processing all listeners before returning with an error
Fixed creation of infrastructure resources if there are no listeners
Fixed use GatewayClass Name for Observability if Merge Gateways is enabled
Fixed CORS to not forward Not-Matching Preflights to Backends
Fixed BackendTLSPolicy status to fully conform with PolicyStatus
Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters
Fixed Proxy Protocol Filter to always be the first Listener Filter
Fixed Translation Consistency by sorting Gateways
Fixed QUIC Listener to only Advertise HTTP/3 over ALPN
Fixed SNI matching for TCP Routes with TLS termination
Fixed Reconciliation when EnvoyProxy backendRefs changes
Fixed Reconciliation when a referenced Secret or ConfigMap changes
Fixed ReplaceFullPath not working for root path
Fixed Default Application Protocol to TCP for Zipkin Tracing
Fixed not appending well-known ports (80, 443) in rediret Location header
Providers
Bumped K8s Client to v0.30.0
xDS
Bumped go-control-plane to v0.12.1
Cli
Added egctl x collect command
Added Support for Install and Uninstall commands to egctl
Added Support for xRoute and xPolicy in egctl x status
Added Golang version to Envoy Gateway version command
Fixed egctl x status gatewayclass example message
3.1.12 - v1.1.0-rc.1
Date: July 8, 2024
Documentation
Added Performance Benchmarking Document
Added User Guide for Zipkin Tracing
Added User Guide for Customizing Ordering of Filters
Added User Guide for External Processing Filter in EnvoyExtensionPolicy
Added User Guide for installation of egctl with brew
Added User Guide for Client Buffer Size Limit
Added User Guide for Client Idle Timeout
Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides
Added User Guide for Backend resource
Added GA Blog Post
Added Threat Model
Added Adopters section to docs
Added User Guide and Dashboards for Control Plane and Resource Observability
Added User Guide for Connection Limits in ClientTrafficPolicy
Added User Guide on using Private Key Provider
Added Design Doc for Authorization
Added Design Doc for XDS Metadata
Added Design Doc for Backend resource
Added Design Doc for Control Plane Observability
Added Design Doc for EnvoyExtensionPolicy
Added Design Doc for External Processing in EnvoyExtensionPolicy
Updated Access Logging User Guide to include filtering with CEL Expression
Updated Access Logging User Guide to include Metadata
Updated Development Guide to require Golang 1.22
Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource
Updated Site to reflect GA status
Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef
Updated Observability User Guides to use gateway-addons-helm
Updated Gateway-API User Guide to reflect support for BackendRef filters
Updated HTTP Timeouts User Guide to highlight default Envoy timeouts
Updated Installation Guide to use server-side apply
Updated Installation Guide to refer to values.yaml docs
Updated BackendTLSPolicy User Guide to GW-API v1.1.0
Updated User Guides to use tabs when applying yaml from file or stdin
Updated OIDC User Guide to use HTTPS redirect URLs
Updated Order of versions in Site
Updated Extensbility User Gudie to use yaml-format patches
Updated Quickstart Guide to include next steps
Updated CRD docs to include enum values
Updated Extensibility User Guide with Envoy Patch Policy examples
Updated structure of docs: rename Guides to Tasks, move Contribution
Updated Support Matrix
Updated egctl x status docs for xRoute and xPolicy
Updated egctl User Guide with Install and Uninstall commands
Updated GRPCRoute docs to use v1 instead of v1alpha2
Fixed Rate Limiting User Guide to use correct CIDR matcher type names
Fixed User Guide for JWT-based routing
Fixed JSON Access Log Example
Use linkinator to detect dead links in docs
Use helm-docs to generate chart docs
Support Not-Implemented-Hide marker in API docs
Installation
Added new gateway-addons-helm chart for Observability
Added support for global image settings for all images in Envoy Gateway helm chart
Added Support for PodDistruptionBudget for Envoy Gateway
Added Support for TopologySpreadConstraints for Envoy Gateway
Added Support for Tolerations for Envoy Gateway
Added Support for Ratelimit image pull secrets and pull policy
Updated ttlSecondsAfterFinished on certgen job to 30 by default
Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts
Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service
API
Added Support for Gateway-API v1.1.0
Added new Backend CRD
Added new EnvoyExtensionPolicy CRD
Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs
Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs
Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config
Added Support for Custom ShutDownManager Image in EnvoyGateway Config
Added Support for Leader Election in EnvoyGateway Config
Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config
Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD
Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD
Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD
Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD
Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD
Added Support for Rate Limiting Tracing in EnvoyProxy CRD
Added Support for Routing to Service IP in EnvoyProxy CRD
Added Support for Access Log CEL filters in EnvoyProxy CRD
Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD
Added Support for Zipkin Tracing in EnvoyProxy CRD
Added Support for using the Listener port as a the Container port in EnvoyProxy CRD
Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD
Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD
Added Support for Backend TLS Settings in EnvoyProxy CRD
Added Support for HTTP Filter Ordering in EnvoyProxy CRD
Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD
Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD
Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD
Added Support for Per-Endpoint stats in EnvoyProxy CRD
Added Support for Targeting SectionNames in ClientTrafficPolicy CRD
Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD
Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD
Added Support for HTTP/2 settings in ClientTrafficPolicy CRD
Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD
Added Support for HTTP Health Check in ClientTrafficPolicy CRD
Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD
Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD
Added Support for XFCC header processing in ClientTrafficPolicy CRD
Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD
Added Support for IdleTimeout in ClientTrafficPolicy CRD
Added Support for Connection Limits in ClientTrafficPolicy CRD
Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD
Added Support for Optionally requiring a JWT in SecurityPolicy CRD
Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD
Added Support for Authorization in SecurityPolicy CRD
Added Support for Ext-Auth failOpen in SecurityPolicy CRD
Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD
Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD
Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD
Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD
Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD
Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy
Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD
Added Support for Wasm extension in EnvoyExtensionPolicy CRD
Added Support for External Processing extension in EnvoyExtensionPolicy CRD
Removed Status Print Column from xPolicy CRDs
Breaking Changes
Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources
Deprecations
xPolicy targetRef is deprecated, use targetRefs instead
SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead
OpenTelemetry Proxy Access Log Host and Port are deprecated, use backendRefs instead
OpenTelemetry Proxy Metrics Sink Host and Port are deprecated, use backendRefs instead
Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead
Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead
Conformance
Added Supported Features to Gateway Class
Testing
Added performance benchmarking test
Added e2e test for Zipking Tracing
Added e2e test for HTTP Health Checks
Added e2e test for CEL Access Log Filter
Added e2e test for GRPC Access Log Service Sink
Added e2e test for XDS Metadata
Added e2e test for Wasm from OCI Images and HTTP Source
Added e2e test for Service IP Routing
Added e2e test for Multiple GatewayClasses
Added e2e test for HTTP Full Path rewrite
Added e2e test for Backend API
Added e2e test for Backend TLS Settings
Added e2e test for disabling X-RateLimit Headers
Added e2e test for Authorization
Added e2e test for BackendRefs in Ext-Auth
Added e2e test for Using Client Protocol in Upstream Connection
Added e2e test for Backend Client Cert Authentication
Added e2e test for External Processing Filter
Added e2e test for Merge Gateways Feature
Added e2e test for Option JWT authentication
Added e2e test for Infrastructure using Server-Side Apply
Added e2e test for Connection Limits
Added e2e test for Envoy Graceful Shutdown
Updated e2e test for Limit to cover multiple listeners
Updated e2e test for CORS to not require access-control-expose-headers
Run CEL tests on all supported K8s versions
Added OSV Scanner for Golang Vulnerabilities and Licenses
Added Trivy scanner for Docker images
Translator
Added Support for BackendRef HTTP Filters
Added Support for attaching EnvoyProxy to Gateways
Added Support for cross-namespace EnvoyProxy reference from GatewayClass
Added Support for Backend Traffic Policy for UDPRoute and TCPRoute
Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute
Added Support for multiple BackendRefs in TCPRoute and UDPRoute
Added Metrics related to XDS Server, Infra Manager and Controller
Added Support for PolicyStatus in EnvoyPatchPolicy
Added Support for Websocket upgrades in HTTP/1 Routes
Added Support for custom controller name in egctl
Added Support for BackendTLSPolicy CA Certificate reference to Secret
Added names to Filter Chains
Added Support extension server hooks for TCP and UDP listeners
Added Support for attaching EnvoyProxy resource to Gateways
Added Support for Exposing Prometheus Port in Rate Limiter Service
Added Support for Optional Rate Limit Backend Redis
Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled
Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain
Updated Ext-Auth Per-Route config to use filter-specific Config Type
Updated Overload Manager configuration according to Envoy recommendations by default
Updated Infrastructure resource management to user Server-Side Apply
Updated Reflection of Errors in Gateway Status when too many addresses are assigned
Fixed enforcement of same-namespace for BackendTLSPolicy and target
Fixed processing all listeners before returning with an error
Fixed creation of infrastructure resources if there are no listeners
Fixed use GatewayClass Name for Observability if Merge Gateways is enabled
Fixed CORS to not forward Not-Matching Preflights to Backends
Fixed BackendTLSPolicy status to fully conform with PolicyStatus
Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters
Fixed Proxy Protocol Filter to always be the first Listener Filter
Fixed Translation Consistency by sorting Gateways
Fixed QUIC Listener to only Advertise HTTP/3 over ALPN
Fixed SNI matching for TCP Routes with TLS termination
Fixed Reconciliation when EnvoyProxy backendRefs changes
Fixed Reconciliation when a referenced Secret or ConfigMap changes
Fixed ReplaceFullPath not working for root path
Fixed Default Application Protocol to TCP for Zipkin Tracing
Fixed not appending well-known ports (80, 443) in rediret Location header
Providers
Bumped K8s Client to v0.30.0
xDS
Bumped go-control-plane to v0.12.1
Cli
Added Support for Install and Uninstall Commands to egctl
Added Support for xRoute and xPolicy in egctl x status
Added Golang version to Envoy Gateway version command
Fixed egctl x status gatewayclass example message
3.1.13 - v1.0.2
Date: June 12, 2024
Installation
Updated EnvoyProxy to 1.29.5
Use Patch API for infra-client
Use ServerSideApply instead of CreateOrUpdate for infra-client
Testing
Fixed failures due to an expired certificate in one of the translator tests
Translator
Use - for naming service and container ports
Added proxy protocol always as first listenerFilter
Set ignoreCase for header matchers in extAuth
Added backend TLS SAN validation
Fixed ReplaceFullPath not working for root path (/)
Providers
Fixed duplicated xroutes are added to gatewayapi Resources
Fixed security policy reference grant from field type
Fixed Route extension filters with different types but the same name and namespace aren’t correctly cached
Fixed secrets/configmap updates to trigger a controller reconcile by removing the generationChanged predicate
Removed namespace restriction for EnvoyProxy parametersRef
3.1.14 - v1.0.1
Date: April 9, 2024
Installation
Updated EnvoyProxy version to v1.29.3
Fixed certgen to support creating the hmac secret during an upgrade
Translator
Fixed nil secret in resourceversiontable
Add missing http filters to the http filter chain when ClientTrafficPolicy and MergeGateways is enabled
Allow websockets when url rewrite is enabled
Set the Host header for http health checker
Fixed double slashes in redirect URL
Allow ClientTrafficPolicy to attach to multiple http (non https) listeners within the same Gateway
Set path prefix for the http ext auth service
Set the route matching precedence order to Exact > RegularExpression > PathPrefix
Fixed infraIR duplicate port translation for merged gateways
Set SpawnUpstreamSpan to true
Allow rate limit to work with multiple listeners
Infra-manager
Skip creating infra resources when the InfraIR has empty listeners
3.1.15 - v1.0.0
Date: March 13, 2024
Documentation
Added User Guide for Local Ratelimit
Added User Guide for Circuit Breaker
Added User Guide for fault injection
Added User Guide for EnvoyProxy extraArgs
Added User Guide for Timeouts in ClientTrafficPolicy
Added User Guide for JWT claim base routing
Added User Guide for HTTP Timeout
Added User Guide for Retry in BackendTrafficPolicy
Added User Guide for Basic Auth
Added User Guide for OIDC
Added User Guide for ClientTrafficPolicy
Added User Guide for BackendTrafficPolicy
Added User Guide for Basic Auth using HTTPS
Added User Guide for External Authorization
Added User Guide for Routing Outside Kubernetes
Added User Guide for BackendTLSPolicy
Added User Guide for Mutual TLS from External Clients to the Gateway
Added User Guide for Control Plane Authentication using custom certs
Added User Guide for Multiple Gatewayclass and Merge Gateways Deployment Mode
Added Type and required for CRD API doc
Refactored Structure of User Guide docs
Refactored Move Design docs under “Get Involved”
Updated crd-ref-docs to 0.0.10
Updated Envoy proxy image to envoy:distroless-dev in main
Installation
Added Support for Pulling envoyGateway image from a private registry
Added Support for Configuring resources for certgen job
Added Support for Configuring affinity for EnvoyGateway pod
API
Added Support for Downstream QUIC/HTTP3 in ClientTrafficPolicy CRD
Added Support for Downstream MTLS in ClientTrafficPolicy CRD
Added Support for Enabling EnvoyHeaders in ClientTrafficPolicy CRD
Added Support for DisableMergeSlash and escapedSlashesAction in ClientTrafficPolicy CRD
Added Support for EnableTrailers in HTTP/1.1 in ClientTrafficPolicy CRD
Added Support for Preserving header letter-case on HTTP/1 in ClientTrafficPolicy CRD
Added Support for Enabling HTTP/1.0 and HTTP/0.9 in ClientTrafficPolicy CRD
Added Support for Client IP Detection using XFF in ClientTrafficPolicy CRD
Added Support for Client IP Detection using Custom Header in ClientTrafficPolicy CRD
Added Support for Connection Timeouts in ClientTrafficPolicy CRD
Added Support for Common TLS configuration properties in ClientTrafficPolicy CRD
Added Support for Proxy protocol in ClientTrafficPolicy CRD
Added Support for TCPKeepAlive in ClientTrafficPolicy CRD
Added Support for Local rate limit in BackendTrafficPolicy CRD
Added Support for CircuitBreaker in BackendTrafficPolicy CRD
Added Support for Fault injection in BackendTrafficPolicy CRD
Added Support for Passive Health Checks in BackendTrafficPolicy CRD
Added Support for Active Health Checks in BackendTrafficPolicy CRD
Added Support for Connection Timeouts in BackendTrafficPolicy CRD
Added Support for Compressor/Decompressor in BackendTrafficPolicy CRD
Added Support for Retry in BackendTrafficPolicy CRD
Added Support for Slow start mode in BackendTrafficPolicy CRD
Added Support for Proxy protocol in BackendTrafficPolicy CRD
Added Support for TCPKeepAlive in BackendTrafficPolicy CRD
Added Support for PolicyStatus in BackendTrafficPolicy CRD
Added Support for PolicyStatus in ClientTrafficPolicy CRD
Added Support for PolicyStatus in SecurityPolicy CRD
Added Support for OIDC in SecurityPolicy CRD
Added Support for Basic Auth in SecurityPolicy CRD
Added Support for RedirectURL and signoutPath to OIDC in SecurityPolicy CRD
Added Support for ExtractFrom headers and params to JWT in SecurityPolicy CRD
Added Support for External Authorization in SecurityPolicy CRD
Added Support for RecomputeRoute field to JWT in SecurityPolicy CRD
Added Support for AllowCredentials knob to CORS setting in SecurityPolicy CRD
Added Support for Extract from different identifier to JWT in SecurityPolicy CRD
Added Support for Secret resource in EnvoyPatchPolicy CRD
Added Support for Making the value optional for JSONPatchOperation in EnvoyPatchPolicy CRD
Added Support for From field to JSONPatchOperation in EnvoyPatchPolicy CRD
Added Support for MergeGateways in EnvoyPatchPolicy CRD
Added Support for Upstream TLS by implementing BackendTLSPolicy CRD
Added Support for LabelSelector type for NamespaceSelectors in EnvoyGateway Configuration
Added Support for Ratelimit prometheus in EnvoyGateway Configuration
Added Support for Gracefully drain listeners before envoy shutdown on pod termination in EnvoyProxy CRD
Added Support for Configuring externalTrafficPolicy to the envoy service in EnvoyProxy CRD
Added Support for Envoy extra args in EnvoyProxy CRD
Added Support for Mergepatch to envoyproxy/ratelimit deployment in EnvoyProxy CRD
Added Support for Mergepatch to envoyproxy service in EnvoyProxy CRD
Added Support for NodeSelector to PodSpec in EnvoyProxy CRD
Added Support for HorizontalPodAutoscaler in EnvoyProxy CRD
Added Support for TopologySpreadConstraints to PodSpec in EnvoyProxy CRD
Added Support for ImagePullSecrets to PodSpec in EnvoyProxy CRD
Breaking Changes
Use wildcard to match AllowOrigins to CORS in SecurityPolicy CRD
Remove Hostnetwork support in EnvoyProxy CRD
Conformance
Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic
Testing
Added e2e test for Header Case-Preserving
Added e2e test for Timeout in ClientTrafficPolicy
Added e2e test for JWT claim base routing
Added e2e test for OIDC
Added e2e test for BackendTrafficPolicy Retry
Added e2e test for Backend Upgrade
Added e2e test for External Authorization
Added e2e test for Backend TLS policy
Added e2e test for Envoy Gateway Release Upgrade
Added e2e test for Weighted backend
Added validation for LoadBalancerIP to prevent trailing period
Translator
Fixed Prefix match to prevent mismatching routes with the same prefix
Fixed Multiple reconciling by implementing comparable interface for ir.Infra
Fixed EndpointSlice with empty conditions {}
Fixed Error handling when parsing the http request timeout
Fixed No status when EnvoyPatchPolicy is disabled
Fixed Printable for xds and infra IRs
Fixed Skip backendRefs with weight set to 0
Fixed AND Header matches in ratelimiting not working
Fixed Deletion logics when no gatewayclasses exist
Fixed Match mergedGateways irKey for ClientTrafficPolicy
Fixed Policies should apply only to gateways they were attached to when mergeGateways is true
Fixed Listener status is not surfaced for gateways when MergeGateways enabled
Fixed GRPCroute websocket not working by moving web socket upgrade config from hcm to route
Fixed Configure idle timeout when timeout is set on HTTPRoute
Fixed Relaxing HTTPS restriction for OIDC token endpoint
Fixed Panic when translating routes with empty backends
Fixed Xds translation should be done in a best-effort manner
Fixed Delete unused status keys from watchable
Fixed Ignoring finalizers when comparing envoy proxy service
Fixed Don’t override the ALPN array if HTTP/3 is enabled
Fixed Add h3 ALPN by default if HTTP/3 is enabled
Fixed Change the Merge behavior to Replace for SecurityPolicy/BackendTrafficPolicy
Fixed Use service port in alt-svc header if HTTP/3 is enabled
Fixed Prevent policies targeting non-TLS listeners on the same port from conflicting
Fixed Skip the ReasonTargetNotFound for all policies
Fixed Skip publishing empty status for all policies
Added Support for validating regex before sending to Envoy
Added Support for setting spec.addresses.value into ClusterIP when Service Type is ClusterIP
Added Unsupported status condition for filters within BackendRef
Added List instead of map for Provider Resources for order stability
Added Suffix for oauth cookies to prevent multiple oauth filters from overwriting each other’s cookies
Added Support for overriding condition to BackendTrafficPolicy and SecurityPolicy
Added Support for default retry budget and retry host predicate
Added Support for implementing gateway.spec.infrastructure
Added Support for Upstream TLS to multiple Backends
Added Validation for CA Cert in ClientTrafficPolicy
Providers
Added Support for multiple GatewayClass per controller
Added SecurityPolicyIndexers in Kubernetes Provider
Added Support for generating HMAC secret in CertGen Job
Fixed Finalizer logic when deleting Gatewayclasses
Fixed MergeGateways panics when restarting control plane
xDS
Added Support for EDS cache
Added Support for ADS cache to ensure the rule order
Fixed Deprecated field error when using RequestHeaderModifier filter
Fixed Envoy rejects XDS at runtime losing all routes on restart
Fixed Requests not matching defined routes trigger per-route filters
Bumped go-control-plane to v0.12.0
Cli
Added Support for egctl x status
Added Support for egctl experimental dashboard envoy-proxy
Added Support for egctl config ratelimit
Added Support for egctl translate from gateway-api resources to IR
3.1.16 - v0.6.0
Date: Nov 1, 2023
Documentation
Introduced a new website based on Hugo
Added Grafana dashboards and integration docs for EnvoyProxy metrics
Added Grafana integration docs for Gateway API metrics
Installation
Updated EnvoyProxy image to be a distroless variant.
Removed resources around kube-rbac-proxy
API
Upgraded to Gateway API v1.0.0
Added the ClientTrafficPolicy CRD with Keep Alive Support
Added the BackendTrafficPolicy CRD with RateLimit and LoadBalancer Support
Added the SecurityPolicy CRD with CORS and JWT Support
Added EnvoyGateway Metrics with Prometheus and OpenTelemetry support
Added Support for InitContainers in EnvoyProxy CRD
Added Support for LoadBalancerIP in EnvoyProxy CRD
Added Support for AllocateLoadBalancerNodePorts in EnvoyProxy CRD
Added Support for LoadBalancerClass in EnvoyProxy CRD
Added Support for selecting EnvoyProxy stats to be generated
Added Support for enabling EnvoyProxy Virtual Host metrics
Added Support for Merging Gateway resources onto the same infrastructure
Breaking Changes
Removed the AuthenticationFilter CRD
Removed the RateLimitFilter CRD
Moved EnvoyProxy CRD from config.gateway.envoyproxy.io to gateway.envoyproxy.io
Enabled EnvoyProxy Prometheus Endpoint by default with an option to disable it
Updated the Bootstrap field within the EnvoyProxy CRD with an additional value
field to specify bootstrap config
Conformance
Added Support for HTTPRouteBackendProtocolH2C Test
Added Support for HTTPRouteBackendProtocolWebSocket Test
Added Support for HTTPRouteRequestMultipleMirrors Test
Added Support for HTTPRouteTimeoutRequest Test
Added Support for HTTPRouteTimeoutBackendRequest Test
Added Support for HTTPRouteRedirectPortAndScheme Test
Watchable
Improved caching of resource by implementing a compare function agnostic of resource order
Translator
Added support for routing to EndpointSlice endpoints
Added support for HTTPRoute Timeouts
Added support for multiple RequestMirror filters per HTTPRoute rule
Use / instead of - in IR Route Names
Added Support to ignore ports in Host header
Providers
Added the generationChangedPredicate to most resources to limit resource reconiliation
Improved reconiliation by using the same enqueue request for all resources
Added support for reconciling ServiceImport CRD
Added support for selectively watching resources based on Namespace Selector
xDS
Fixed Layered Runtime warnings
Upgraded to the latest version of go-control-plane that fixed xDS Resource ordering issues for ADS.
Added HTTP2 Keep Alives to the xds connection
Cli
Added Support for egctl stats command
3.1.17 - v1.0.0-rc.1
Date: Nov 1, 2023
Documentation
Added User Guide for local rate limit
Added User Guide for circuit breaker
Added User Guide for fault injection
Added User Guide for EnvoyProxy extraArgs
Added User Guide for Timeouts in ClientTrafficPolicy
Added User Guide for JWT claim base routing
Added User Guide for HTTP Timeout
Added User Guide for Retry in BackendTrafficPolicy
Added User Guide for basic auth
Added User Guide for OIDC
Added User Guide for ClientTrafficPolicy
Added User Guide for BackendTrafficPolicy
Added Type and required for CRD API doc
Updated crd-ref-docs to 0.0.10
Updated Envoy proxy image to envoy:distroless-dev in main
Installation
Added Support for Pulling envoyGateway image from a private registry
Added Support for Configuring resources for certgen job
Added Support for Configuring affinity for EnvoyGateway pod
API
Added Support for Downstream QUIC/HTTP3 in ClientTrafficPolicy CRD
Added Support for Downstream MTLS in ClientTrafficPolicy CRD
Added Support for enabling EnvoyHeaders in ClientTrafficPolicy CRD
Added Support for DisableMergeSlash and escapedSlashesAction in ClientTrafficPolicy CRD
Added Support for EnableTrailers in HTTP/1.1 in ClientTrafficPolicy CRD
Added Support for Preserving header letter-case on HTTP/1 in ClientTrafficPolicy CRD
Added Support for enabling HTTP/1.0 and HTTP/0.9 in ClientTrafficPolicy CRD
Added Support for Client IP Detection using XFF in ClientTrafficPolicy CRD
Added Support for Client IP Detection using Custom Header in ClientTrafficPolicy CRD
Added Support for Connection Timeouts in ClientTrafficPolicy CRD
Added Support for Common TLS configuration properties in ClientTrafficPolicy CRD
Added Support for Proxy protocol in ClientTrafficPolicy CRD
Added Support for TCPKeepAlive in ClientTrafficPolicy CRD
Added Support for Local rate limit in BackendTrafficPolicy CRD
Added Support for CircuitBreaker in BackendTrafficPolicy CRD
Added Support for Fault injection in BackendTrafficPolicy CRD
Added Support for Passive Health Checks in BackendTrafficPolicy CRD
Added Support for Active Health Checks in BackendTrafficPolicy CRD
Added Support for Connection Timeouts in BackendTrafficPolicy CRD
Added Support for Compressor/Decompressor in BackendTrafficPolicy CRD
Added Support for Retry in BackendTrafficPolicy CRD
Added Support for Slow start mode in BackendTrafficPolicy CRD
Added Support for Proxy protocol in BackendTrafficPolicy CRD
Added Support for TCPKeepAlive in BackendTrafficPolicy CRD
Added Support for OIDC in SecurityPolicy CRD
Added Support for Basic Auth in SecurityPolicy CRD
Added Support for RedirectURL and signoutPath to OIDC in SecurityPolicy CRD
Added Support for ExtractFrom headers and params to JWT in SecurityPolicy CRD
Added Support for External authorization in SecurityPolicy CRD
Added Support for RecomputeRoute field to JWT in SecurityPolicy CRD
Added Support for AllowCredentials knob to CORS setting in SecurityPolicy CRD
Added Support for Extract from different identifier to JWT in SecurityPolicy CRD
Added Support for Secret resource in EnvoyPatchPolicy CRD
Added Support for Making the value optional for JSONPatchOperation in EnvoyPatchPolicy CRD
Added Support for From field to JSONPatchOperation in EnvoyPatchPolicy CRD
Added Support for MergeGateways in EnvoyPatchPolicy CRD
Added Support for Upstream TLS by implementing BackendTLSPolicy CRD
Added Support for LabelSelector type for NamespaceSelectors in EnvoyGateway Configuration
Added Support for ratelimit prometheus in EnvoyGateway Configuration
Added Support for Gracefully drain listeners before envoy shutdown on pod termination in EnvoyProxy CRD
Added Support for Configuring externalTrafficPolicy to the envoy service in EnvoyProxy CRD
Added Support for Envoy extra args in EnvoyProxy CRD
Added Support for Mergepatch to envoyproxy/ratelimit deployment in EnvoyProxy CRD
Added Support for Mergepatch to envoyproxy service in EnvoyProxy CRD
Added Support for NodeSelector to PodSpec in EnvoyProxy CRD
Added Support for HorizontalPodAutoscaler in EnvoyProxy CRD
Added Support for TopologySpreadConstraints to PodSpec in EnvoyProxy CRD
Added Support for ImagePullSecrets to PodSpec in EnvoyProxy CRD
Breaking Changes
Use wildcard to match AllowOrigins to CORS in SecurityPolicy CRD
Conformance
Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic
Testing
Added e2e test for header case-preserving
Added LoadBalancerIP validation to prevent trailing period
Added e2e test for Timeout in ClientTrafficPolicy
Added e2e test for jwt claim base routing
Added e2e test for OIDC
Added e2e test for BackendTrafficPolicy Retry
Translator
Fixed Prefix match to prevent mismatching routes with the same prefix
Fixed Multiple reconciling by implementing comparable interface for ir.Infra
Fixed EndpointSlice with empty conditions {}
Fixed Error handling when parsing the http request timeout
Fixed No status when EnvoyPatchPolicy is disabled
Fixed Printable for xds and infra IRs
Fixed Skip backendRefs with weight set to 0
Fixed AND Header matches in ratelimiting not working
Fixed Deletion logics when no gatewayclasses exist
Fixed Match mergedGateways irKey for ClientTrafficPolicy
Fixed Policies should apply only to gateways they were attached to when mergeGateways is true
Fixed Listener status is not surfaced for gateways when MergeGateways enabled
Fixed GRPCroute websocket not working by moving web socket upgrade config from hcm to route
Fixed Configure idle timeout when timeout is set on HTTPRoute
Fixed Relaxing HTTPS restriction for OIDC token endpoint
Fixed Panic when translating routes with empty backends
Fixed Xds translation should be done in a best-effort manner
Added Support for validating regex before sending to Envoy
Added Support for setting spec.addresses.value into ClusterIP when Service Type is ClusterIP
Added Unsupported status condition for filters within BackendRef
Added List instead of map for Provider Resources for order stability
Added Suffix for oauth cookies to prevent multiple oauth filters from overwriting each other’s cookies
Added Support for overriding condition to BackendTrafficPolicy and SecurityPolicy
Added Support for default retry budget and retry host predicate
Added Support for implementing gateway.spec.infrastructure
Added Validation for CA Cert in ClientTrafficPolicy
Providers
Added Support for multiple GatewayClass per controller
Added SecurityPolicyIndexers in Kubernetes Provider
Added Support for generating HMAC secret in CertGen Job
Fixed Finalizer logic when deleting Gatewayclasses
Fixed MergeGateways panics when restarting control plane
xDS
Added Support for EDS cache
Added Support for ADS cache to ensure the rule order
Fixed Deprecated field error when using RequestHeaderModifier filter
Fixed Envoy rejects XDS at runtime losing all routes on restart
Fixed Requests not matching defined routes trigger per-route filters
Bumped go-control-plane to v0.12.0
Cli
Added Support for egctl x status
Added Support for egctl experimental dashboard envoy-proxy
Added Support for egctl config ratelimit
3.1.18 - v0.6.0-rc.1
Date: Oct 27, 2023
Documentation
Introduced a new website based on Hugo
Added Grafana dashboards and integration docs for EnvoyProxy metrics
Added Grafana integration docs for Gateway API metrics
Installation
Added Support for configuring Envoy Gateway Label and Annotations using Helm
Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
Fixes Helm values for EnvoyGateway startup configuration
Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.
API
Upgraded to Gateway API v1.0.0
Added the ClientTrafficPolicy CRD with Keep Alive Support
Added the BackendTrafficPolicy CRD with RateLimit and LoadBalancer Support
Added the SecurityPolicy CRD with CORS and JWT Support
Added EnvoyGateway Metrics with Prometheus and OpenTelemetry support
Added Support for InitContainers in EnvoyProxy CRD
Added Support for LoadBalancerIP in EnvoyProxy CRD
Added Support for AllocateLoadBalancerNodePorts in EnvoyProxy CRD
Added Support for LoadBalancerClass in EnvoyProxy CRD
Added Support for selecting EnvoyProxy stats to be generated
Added Support for enabling EnvoyProxy Virtual Host metrics
Added Support for Merging Gateway resources onto the same infrastructure
Breaking Changes
Removed the AuthenticationFilter CRD
Removed the RateLimitFilter CRD
Enabled EnvoyProxy Prometheus Endpoint by default with an option to disable it
Updated the Bootstrap field within the EnvoyProxy CRD with an additional value
field to specify bootstrap config
Ci tooling testing
Conformance
Watchable
Improved caching of resource by implementing a compare function agnostic of resource order
Translator
Breaking Changes
Added support for routing to EndpointSlice endpoints
Added support for HTTPRoute Timeouts
Added support for multiple RequestMirror filters per HTTPRoute rule
Use / instead of - in IR Route Names
Added Support to ignore ports in Host header
Providers
Added the generationChangedPredicate to most resources to limit resource reconiliation
Improved reconiliation by using the same enqueue request for all resources
Added support for reconciling ServiceImport CRD
Added support for selectively watching resources based on Namespace Selector
xDS
Fixed Layered Runtime warnings
Upgraded to the latest version of go-control-plane that fixed xDS Resource ordering issues for ADS.
Added HTTP2 Keep Alives to the xds connection
Cli
Added Support for egctl stats command
3.1.19 - v0.5.0
Date: July 26, 2023
Documentation
Added Docs for Installation page using Helm
Added Docs for Cert Manager Integration
Added Docs for Presentation Links
Added Docs for configuring multiple TLS Certificates per Listener
Installation
Added Support for configuring Envoy Gateway Label and Annotations using Helm
Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
Fixes Helm values for EnvoyGateway startup configuration
Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.
API
Upgraded to Gateway API v0.7.1
Added Support for EnvoyPatchPolicy
Added Support for EnvoyProxy Telemetry - Access Logging, Traces and Metrics
Added Support for configuring EnvoyProxy Pod Labels
Added Support for configuring EnvoyProxy Deployment Strategy Settings, Volumes and Volume Mounts
Added Support for configuring EnvoyProxy as a NodePort Type Service
Added Support for Distinct RateLimiting for IP Addresses
Added Support for converting JWT Claims to Headers, to be used for RateLimiting
Added Admin Server for Envoy Gateway
Added Pprof Debug Support for Envoy Gateway
Added Support to Watch for Resources in Select Namespaces
Breaking Changes
Renamed field in EnvoyGateway API from Extension to ExtensionManager
Ci tooling testing
Added Retest Github Action
Added CherryPick Github Action
Added E2E Step in Github CI Workflow
Added RateLimit E2E Tests
Added JWT Claim based RateLimit E2E Tests
Added Access Logging E2E tests
Added Metrics E2E tests
Added Tracing E2E tests
Conformance
Enabled GatewayWithAttachedRoutes Test
Enabled HttpRouteRequestMirror Test
Skipped HTTPRouteRedirectPortAndScheme Test
Translator
Breaking Changes
Renamed IR resources from - to /
which also affects generated Xds Resources
Providers
Reconcile Node resources to be able to compute Status Addresses for Gateway
Discard Status before publishing Provider resources to reduce memory consumption
xDS
Fix Init Race in Xds Runner when starting Xds Server and receiving Xds Input
Switched to Xds SOTW Server for RateLimit Service Configuration
Added Control Plane TLS between EnvoyProxy and RateLimit Service
Enabled adding RateLimit Headers when RateLimit is set
Allowed GRPCRoute and HTTPRoute to be linked to the same HTTPS Listener
Set ALPN in the Xds Listener with TLS enabled.
Added Best Practices Default Edge Settings to Xds Resources
Compute and Publish EnvoyPatchPolicy status from xds-translator runner
Cli
Added egctl x translate Support to generate default missing Resources
Added egctl x translate Support for AuthenticationFilter and EnvoyPatchPolicy
3.1.20 - v0.5.0-rc.1
Date: July 26, 2023
Documentation
Added Docs for Installation page using Helm
Added Docs for Cert Manager Integration
Added Docs for Presentation Links
Added Docs for configuring multiple TLS Certificates per Listener
Installation
Added Support for configuring Envoy Gateway Label and Annotations using Helm
Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
Fixes Helm values for EnvoyGateway startup configuration
Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.
API
Upgraded to Gateway API v0.7.1
Added Support for EnvoyPatchPolicy
Added Support for EnvoyProxy Telemetry - Access Logging, Traces and Metrics
Added Support for configuring EnvoyProxy Pod Labels
Added Support for configuring EnvoyProxy Deployment Strategy Settings, Volumes and Volume Mounts
Added Support for configuring EnvoyProxy as a NodePort Type Service
Added Support for Distinct RateLimiting for IP Addresses
Added Support for converting JWT Claims to Headers, to be used for RateLimiting
Added Admin Server for Envoy Gateway
Added Pprof Debug Support for Envoy Gateway
Added Support to Watch for Resources in Select Namespaces
Breaking Changes
Renamed field in EnvoyGateway API from Extension to ExtensionManager
Ci tooling testing
Added Retest Github Action
Added CherryPick Github Action
Added E2E Step in Github CI Workflow
Added RateLimit E2E Tests
Added JWT Claim based RateLimit E2E Tests
Added Access Logging E2E tests
Added Metrics E2E tests
Added Tracing E2E tests
Conformance
Enabled GatewayWithAttachedRoutes Test
Enabled HttpRouteRequestMirror Test
Skipped HTTPRouteRedirectPortAndScheme Test
Translator
Breaking Changes
Renamed IR resources from - to /
which also affects generated Xds Resources
Providers
Reconcile Node resources to be able to compute Status Addresses for Gateway
Discard Status before publishing Provider resources to reduce memory consumption
xDS
Fix Init Race in Xds Runner when starting Xds Server and receiving Xds Input
Switched to Xds SOTW Server for RateLimit Service Configuration
Added Control Plane TLS between EnvoyProxy and RateLimit Service
Enabled adding RateLimit Headers when RateLimit is set
Allowed GRPCRoute and HTTPRoute to be linked to the same HTTPS Listener
Set ALPN in the Xds Listener with TLS enabled.
Added Best Practices Default Edge Settings to Xds Resources
Compute and Publish EnvoyPatchPolicy status from xds-translator runner
Cli
Added egctl x translate Support to generate default missing Resources
Added egctl x translate Support for AuthenticationFilter and EnvoyPatchPolicy
3.1.21 - v0.4.0
Date: April 24, 2023
Documentation
Added Docs for Installing and Using egctl
Installation
Added Helm Installation Support
Added Support for Ratelimiting Based On IP Subnet
Added Gateway API Support Doc
Added Namespace Resource to Helm Templates
Updated Installation Yaml to Use the envoy-gateway-system Namespace
API
Upgraded to Gateway API v0.6.2
Added Support for Custom Envoy Proxy Bootstrap Config
Added Support for Configuring the Envoy Proxy Image and Service
Added Support for Configuring Annotations, Resources, and Securitycontext Settings on Ratelimit Infra and Envoy Proxy
Added Support for Using Multiple Certificates on a Single Fully Qualified Domain Name
Gateway Status Address is now Populated for ClusterIP type Envoy Services
Envoy Proxy Pod and Container SecurityContext is now Configurable
Added Custom Envoy Gateway Extensions Framework
Added Support for Service Method Match in GRPCRoute
Fixed a Bug in the Extension Hooks for xDS Virtual Hosts and Routes
Ci tooling testing
Fixed CI Flakes During Helm Install
Added Test To Ensure Static xDS Cluster Has Same Field Values as Dynamic Cluster
Added egctl to Build and Test CI Workflow
Code Coverage Thresholds are now Enforced by CI
Fixed latest-release-check CI Job Failures
Added Auto Release Tooling for Charts
Conformance
Enabled GatewayWithAttachedRoutes Test
Enabled Enable HTTPRouteInvalidParentRefNotMatchingSectionName Test
Enabled Enable HTTPRouteDisallowedKind Test
Re-Enabled Gateway/HTTPRouteObservedGenerationBump Test
Translator
Added Support for Dynamic GatewayControllerName in Route Status
Providers
Update GatewayClass Status Based on EnvoyProxy Config Validation
xDS
Added EDS Support
Fixed PathSeparatedPrefix and Optimized Logic for Prefixes Ending With Trailing Slash
Updated Deprecated RegexMatcher
Refactored Authn and Ratelimit Features to Reuse buildXdsCluster
Cli
Added egctl CLI Tool
Added egctl Support for Dry Runs of Gateway API Config
Added egctl Support for Dumping Envoy Proxy xDS Resources
3.1.22 - v0.4.0-rc.1
Date: April 13, 2023
Documentation
Added Docs for Installing and Using egctl
Installation
Added Helm Installation Support
Added Support for Ratelimiting Based On IP Subnet
Added Gateway API Support Doc
API
Upgraded to Gateway API v0.6.2
Added Support for Custom Envoy Proxy Bootstrap Config
Added Support for Configuring the Envoy Proxy Image and Service
Added Support for Configuring Annotations, Resources, and Securitycontext Settings on Ratelimit Infra and Envoy Proxy
Added Support for Using Multiple Certificates on a Single Fully Qualified Domain Name
Gateway Status Address is now Populated for ClusterIP type Envoy Services
Envoy Proxy Pod and Container SecurityContext is now Configurable
Added Custom Envoy Gateway Extensions Framework
Added Support for Service Method Match in GRPCRoute
Ci tooling testing
Fixed CI Flakes During Helm Install
Added Test To Ensure Static xDS Cluster Has Same Field Values as Dynamic Cluster
Added egctl to Build and Test CI Workflow
Code Coverage Thresholds are now Enforced by CI
Fixed latest-release-check CI Job Failures
Added Auto Release Tooling for Charts
Conformance
Enabled GatewayWithAttachedRoutes Test
Enabled Enable HTTPRouteInvalidParentRefNotMatchingSectionName Test
Enabled Enable HTTPRouteDisallowedKind Test
Re-Enabled Gateway/HTTPRouteObservedGenerationBump Test
Translator
Added Support for Dynamic GatewayControllerName in Route Status
Providers
Update GatewayClass Status Based on EnvoyProxy Config Validation
xDS
Added EDS Support
Fixed PathSeparatedPrefix and Optimized Logic for Prefixes Ending With Trailing Slash
Updated Deprecated RegexMatcher
Refactored Authn and Ratelimit Features to Reuse buildXdsCluster
Cli
Added egctl CLI Tool
Added egctl Support for Dry Runs of Gateway API Config
Added egctl Support for Dumping Envoy Proxy xDS Resources
3.1.23 - v0.3.0
Date: February 09, 2023
Documentation
Added Global Rate Limit User Docs
Added Request Authentication User Docs
Added TCP Routing User Docs
Added UDP Routing User Docs
Added GRPC Routing User Docs
Added HTTP Response Headers User Docs
Added TCP and UDP Proxy Design Docs
Added egctl Design Docs
Added Rate Limit Design Docs
Added Request Authentication Design Docs
Added Support for Versioned Docs
Added Support for Multiple Release Versions
Added Release Details Docs
Added API Docs Generating Tooling
Refactored Layout for User Docs
API
Upgraded to v0.6.1 Gateway API
Added Support for the TCPRoute API
Added Support for the UDPRoute API
Added Support for the GRPCRoute API
Added Support for HTTPRoute URLRewrite Filter
Added Support for HTTPRoute RequestMirror Filter
Added Support for HTTPRoute ResponseHeaderModifier Filter
Added Support for Request Authentication
Added Support for Global Rate Limiting
Added Support for Routes ReferenceGrant
Added Support for Namespace Server Config Type
Added initial management of Envoy Proxy deployment via EnvoyProxy API
Ci tooling testing
Fixed Make Image Failed in Darwin
Fixed Wait for Job Succeeded before conformance test
Upgraded Echoserver Image Tag
Added Support for User-Facing Version
Added Support for Testing EG against Multiple Kubernetes Versions
Conformance
Enabled GatewayClassObservedGenerationBump conformance test
Enabled GatewayInvalidTLSConfiguration conformance test
Enabled GatewayInvalidRouteKind conformance test
Enabled HTTPRouteReferenceGrant conformance test
Enabled HTTPRouteMethodMatching conformance test
Enabled HTTPRoutePartiallyInvalidViaInvalidReferenceGrant conformance test
Enabled HTTPRouteInvalidParentRefNotMatchingListenerPort conformance test
(Currently EG passes all conformance tests except redirect and gateway/httproute ObservedGenerationBump tests. Redirect tests are failing due to a possible issue with the way upstream conformance tests have made assumptions. Skip them for now until below issues #992 #993 #994 are resolved)
IR
Added TCP Listener per TLSRoute
Translator
Fixes Remove Stale Listener Condition
Added Support for Suffix Matches for Headers
Added Support for HTTP Method Matching to HTTPRoute
Added Support for Regex Match Type
Added Support for HTTPQueryParamMatch
Providers
Refactored Kubernetes Provider to Single Reconciler
Upgraded Kube Provider Test Data Manifests to v0.6.1
Removed Duplicate Settings from Bootstrap Config
Updated Certgen to Use EG Namespace Env
Added EnvoyProxy to Translator and Kube Infra Manager
Upgraded Envoyproxy Image to envoy-dev latest in Main
Added Support for HTTPRoute ResponseHeaderModifier Filter
Added APIs to Manage Envoy Deployment
Added Support for Request Authentication
Added Support for Global Rate Limiting
Added Support for Routes ReferenceGrant
Added Support for Namespace Server Config Type
Ci tooling testing
Fixes Make Image Failed in Darwin
Fixes Wait for Job Succeeded before conformance test
Upgraded Echoserver Image Tag
Added Support for User-Facing Version
Added Support for Testing EG against Multiple Kubernetes Versions
Conformance
Enabled HTTPRouteInvalidParentRefNotMatchingListenerPort conformance test
Enabled GatewayInvalidTLSConfiguration conformance test
Enabled GatewayInvalidRouteKind conformance test
Enabled HTTPRoutePartiallyInvalidViaInvalidReferenceGrant conformance test
Enabled HTTPRouteReferenceGrant conformance test
Enabled HTTPRouteMethodMatching conformance test
IR
Added TCP Listener per TLSRoute
Translator
Fixes Remove Stale Listener Condition
Added Support for Suffix Matches for Headers
Added Support for HTTP Method Matching to HTTPRoute
Added Support for Regex Match Type
Added Support for HTTPQueryParamMatch
Providers
Refactored Kubernetes Provider to Single Reconciler
Upgraded Kube Provider Test Data Manifests to v0.6.0
Removed Duplicate Settings from Bootstrap Config
Updated Certgen to Use EG Namespace Env
Added EnvoyProxy to Translator and Kube Infra Manager
Upgraded Envoyproxy Image to envoy-dev latest in Main
Removed EG Logs Private Key
xDS
Fixed Start xDS Server Watchable Map Panics
Enabled Access Logging for xDS Components
3.1.25 - v0.2.0
Date: October 19, 2022
Documentation
Added Config API, translator, roadmap, and message bus design documentation.
Added documentation for releasing Envoy Gateway.
Added user guides for configuring common tasks, e.g. HTTP request routing.
Added support for the Sphinx documentation generator.
API
Added the EnvoyGateway API type for configuring Envoy Gateway.
Added the EnvoyProxy API type for configuring managed Envoys.
Ci tooling testing
Added tooling to build, run, etc. Envoy Gateway.
Added Gateway API conformance tests.
Added Make-based tooling to fetch all tools so checks (code lint, spellchecks) and tests can be run locally.
Added support for releasing latest artifacts to GitHub.
Added code coverage with a minimum 60% threshold.
IR
Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway.
Added IR validation.
Translator
Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage the
status of Gateway API resources.
Added the xDS translator to translate the xds IR to xDS resources.
Message-service
Added infra and xds IR watchable map messages for inter-component communication.
Added a Runner to each Envoy Gateway component to support pub/sub between components.
Added support for managing multiple separate Envoy proxy fleets.
Infra-manager
Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster.
Added support for managing a separate Envoy infrastructure per Gateway.
Providers
Added the Kubernetes provider with support for managing GatewayClass, Gateway, HTTPRoute, ReferenceGrant, and
TLSRoute resources.
Due to Issue #539, a ReferenceGrant is not removed from the system when unreferenced.
Due to Issue #577, TLSRoute is not being tested for Gateway API conformance.
Added watchers for dependent resources of managed Envoy infrastructure to trigger reconciliation.
Added support for labeling managed infrastructure using Gateway namespace/name labels.
Added support for finalizing the managed GatewayClass.
xDS
Added xDS server support to configure managed Envoys using Delta xDS.
Added initial support for mTLS between the xDS server and managed Envoys.
Due to envoyproxy/go-control-plane Issue #599, Envoy Gateway logs the private key of HTTPS listeners.
3.1.26 - v0.2.0-rc2
Date: September 29, 2022
Documentation
Updated and expanded developer documentation.
Added kube-demo target to demonstrate Envoy Gateway functionality.
Added developer debugging documentation.
Ci
Added Gateway API conformance tests.
Providers
Added watchers for dependent resources of managed Envoy infrastructure.
Added Gateway namespace/name labels to managed resources.
Added support for finalizing the managed GatewayClass.
xDS
Updated xds server and Envoy bootstrap config to use Delta xDS.
Added initial support for mTLS between the xDS server and Envoy.
Translator
Expanded support for Gateway API status.
Added support for request modifier and redirect filters.
Added support to return 500 responses for invalid backends.
Message service
Updated IRs to support managing multiple Envoy fleets.
Infra manager
Separate Envoy infrastructure is created per Gateway.
3.1.27 - v0.2.0-rc1
Date: August 31, 2022
Documentation
Added a quickstart guide for users to run and use Envoy Gateway.
API
Added the EnvoyGateway API type for configuring Envoy Gateway.
Added the EnvoyProxy API type for configuring managed Envoys.
Ci
Added tooling to build, run, etc. Envoy Gateway.
Providers
Added the Kubernetes provider.
xDS
Added xDS server to configure managed Envoys.
IR
Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway.
Added IR validation.
Translator
Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage
Gateway API status.
Message service
Added infra and xds IR watchable map messages for inter-component communication.
Added a Runner to each component to support pub/sub between components.
Infra manager
Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster.
3.1.28 - v0.1.0
Date: May 16, 2022
Documentation
The initial open source release describing project goals and high-level design.
3.2 - Announcing Envoy Gateway v1.2
Envoy Gateway v1.2 release announcement.
We are thrilled to announce the arrival of Envoy Gateway v1.2.0.
This release represents a significant achievement, and we extend our heartfelt gratitude to the entire Envoy Gateway community for their contributions, dedication, and support. Your collaborative efforts have been instrumental in reaching this pivotal release.
Thank you for being an integral part of this journey. We are excited to see how Envoy Gateway v1.2.0 will empower your operations and look forward to continuing our work together to drive the future of Cloud Native API Gateway.
CPU Limits: Removed default CPU limit for Envoy Gateway deployment to avoid throttling.
Envoy Shutdown Settings: Drain strategy set to immediate, with default values as follows:
minDrainDuration: 10s
drainTimeout: 60s
terminationGracePeriodSeconds: 360s
Endpoint Health On Host Removal: Enabled ignore_health_on_host_removal for clusters with static endpoints to allow faster removal of endpoints that have been deleted by the control plane, without waiting for the results of an active health check.
Logging Level Adjustment: Set xDS and Infra IR logs to Debug level instead of Info, so they will no longer appear in Envoy Gateway logs by default. You can change the logging level to debug to view them.
✨ New Features
API & Traffic Management Enhancements
Gateway-API v1.2.0 Support: Fully compatible with the latest Gateway-API standards.
IPv4/IPv6 Dual Stack: Now available for EnvoyProxy fleet and BackendRef resources.
Standalone Mode: Experimental support for Envoy Gateway standalone (host deployment) mode.
Response Override: Added support for Response Override and RequestTimeout in BackendTrafficPolicy.
Active Passive Failover: Supported with the new fallback field in the Backend API.
Session Persistence in HTTPRoute: Session persistence is supported in HTTPRoute rules for stateful traffic management.
HTTPRouteFilter: Adds support for Direct Response and Path Regex Rewrites in HTTPRouteFilter
Security Enhancements
JWT Claims-Based Authorization: Advanced security control with claims-based policies in SecurityPolicy.
CORS Wildcard Matching: Wildcard matching for AllowMethods and AllowHeaders settings.
OIDC Flow Support: Added nonce support for OIDC authorization.
Observability & Tracing
Datadog Tracing Integration: Improved support for Datadog tracing in EnvoyProxy CRD.
Listener Access Logs: Adds support for configuring Listener level Access Logs for EnvoyProxy.
Native Prometheus Metrics: Introduced a Prometheus metrics endpoint for rate limit monitoring.
Helm Customization
SecurityContext Options: Customizable security context for improved deployment.
NodeSelector and PriorityClassName: Added for more granular deployment configuration.
🐞 Bug Fixes
Fixed xDS translation failure when the WASM HTTP code source was configured without an SHA.
Resolved unsupported listener protocol types causing errors in Gateway status updates.
Fixed BackendTLSPolicy causing crashes due to invalid sectionName in Backend configurations.
Fixed propagation delays in SecurityPolicy updates for HTTPRoute when using targetSelectors.
Improved JSONPath to JSONPatch translation accuracy.
Fixed unwanted / appearing in paths when using prefix rewrites.
Corrected nil pointer errors when configuring hash load balancing.
Fixed active health check issues where expectedStatuses was not functioning properly.
Ensured correct status updates for Backend resources and HTTPRoute.
🚀 Performance Improvements
Memory Optimization: Enhanced memory usage by eliminating redundant resource storage.
⚙️ Other Notable Changes
Envoy Upgrade: Now using Envoy v1.32.1 for added stability and performance.
Optional Alpha CRD Watching: Allows Envoy Gateway to run with older Gateway API versions.
3.3 - Announcing Envoy Gateway v1.1
Envoy Gateway v1.1 release announcement.
We are thrilled to announce the arrival of Envoy Gateway v1.1.0.
This release represents a significant achievement, and we extend our heartfelt gratitude to the entire Envoy Gateway community for their contributions, dedication, and support. Your collaborative efforts have been instrumental in reaching this pivotal release.
Thank you for being an integral part of this journey. We are excited to see how Envoy Gateway v1.1.0 will empower your operations and look forward to continuing our work together to drive the future of Cloud Native API Gateway.
The release adds a ton of features and functionality. Here are some highlights:
Documentation
Added Concepts Doc
Added User Guide for Wasm Extension
Added User Guide for patching Envoy Service
Added User Guide for Backend MTLS
Added User Guide for Backend TLS Parameters
Added User Guide for IP Allowlist/Denylist
Added User Guide for Extension Server
Added User Guide for building Wasm image
Added Performance Benchmarking Document
Added User Guide for Zipkin Tracing
Added User Guide for Customizing Ordering of Filters
Added User Guide for External Processing Filter in EnvoyExtensionPolicy
Added User Guide for installation of egctl with brew
Added User Guide for Client Buffer Size Limit
Added User Guide for Client Idle Timeout
Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides
Added User Guide for Backend resource
Added GA Blog Post
Added Threat Model
Added Adopters section to docs
Added User Guide and Dashboards for Control Plane and Resource Observability
Added User Guide for Connection Limits in ClientTrafficPolicy
Added User Guide on using Private Key Provider
Added Design Doc for Authorization
Added Design Doc for XDS Metadata
Added Design Doc for Backend resource
Added Design Doc for Control Plane Observability
Added Design Doc for EnvoyExtensionPolicy
Added Design Doc for External Processing in EnvoyExtensionPolicy
Updated Access Logging User Guide to include filtering with CEL Expression
Updated Access Logging User Guide to include Metadata
Updated Development Guide to require Golang 1.22
Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource
Updated Site to reflect GA status
Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef
Updated Observability User Guides to use gateway-addons-helm
Updated Gateway-API User Guide to reflect support for BackendRef filters
Updated HTTP Timeouts User Guide to highlight default Envoy timeouts
Updated Installation Guide to use server-side apply
Updated Installation Guide to refer to values.yaml docs
Updated BackendTLSPolicy User Guide to GW-API v1.1.0
Updated User Guides to use tabs when applying yaml from file or stdin
Updated OIDC User Guide to use HTTPS redirect URLs
Updated Order of versions in Site
Updated Extensbility User Gudie to use yaml-format patches
Updated Quickstart Guide to include next steps
Updated CRD docs to include enum values
Updated Extensibility User Guide with Envoy Patch Policy examples
Updated structure of docs: rename Guides to Tasks, move Contribution
Updated Support Matrix
Updated egctl x status docs for xRoute and xPolicy
Updated egctl User Guide with Install and Uninstall commands
Updated GRPCRoute docs to use v1 instead of v1alpha2
Fixed Rate Limiting User Guide to use correct CIDR matcher type names
Fixed User Guide for JWT-based routing
Fixed JSON Access Log Example
Use linkinator to detect dead links in docs
Use helm-docs to generate chart docs
Support Not-Implemented-Hide marker in API docs
Installation
Added startupProbe to all provisioned containers to reduce risk of restart
Added new gateway-addons-helm chart for Observability
Added support for global image settings for all images in Envoy Gateway helm chart
Added Support for PodDistruptionBudget for Envoy Gateway
Added Support for TopologySpreadConstraints for Envoy Gateway
Added Support for Tolerations for Envoy Gateway
Added Support for Ratelimit image pull secrets and pull policy
Updated ttlSecondsAfterFinished on certgen job to 30 by default
Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts
Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service
API
Added Support for Gateway-API v1.1.0
Added new Backend CRD
Added new EnvoyExtensionPolicy CRD
Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs
Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs
Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config
Added Support for Custom ShutDownManager Image in EnvoyGateway Config
Added Support for Leader Election in EnvoyGateway Config
Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config
Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD
Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD
Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD
Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD
Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD
Added Support for Rate Limiting Tracing in EnvoyProxy CRD
Added Support for Routing to Service IP in EnvoyProxy CRD
Added Support for Access Log CEL filters in EnvoyProxy CRD
Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD
Added Support for Zipkin Tracing in EnvoyProxy CRD
Added Support for using the Listener port as a the Container port in EnvoyProxy CRD
Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD
Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD
Added Support for Backend TLS Settings in EnvoyProxy CRD
Added Support for HTTP Filter Ordering in EnvoyProxy CRD
Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD
Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD
Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD
Added Support for Per-Endpoint stats in EnvoyProxy CRD
Added Support for Targeting SectionNames in ClientTrafficPolicy CRD
Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD
Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD
Added Support for HTTP/2 settings in ClientTrafficPolicy CRD
Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD
Added Support for HTTP Health Check in ClientTrafficPolicy CRD
Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD
Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD
Added Support for XFCC header processing in ClientTrafficPolicy CRD
Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD
Added Support for IdleTimeout in ClientTrafficPolicy CRD
Added Support for Connection Limits in ClientTrafficPolicy CRD
Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD
Added Support for Optionally requiring a JWT in SecurityPolicy CRD
Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD
Added Support for Authorization in SecurityPolicy CRD
Added Support for Ext-Auth failOpen in SecurityPolicy CRD
Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD
Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD
Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD
Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD
Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD
Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy
Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD
Added Support for Wasm extension in EnvoyExtensionPolicy CRD
Added Support for External Processing extension in EnvoyExtensionPolicy CRD
Removed Status Print Column from xPolicy CRDs
Breaking Changes
SecurityPolicy translation failures will now cause routes referenced by the policy to return an immediate 500 response
Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources
Deprecations
xPolicy targetRef is deprecated, use targetRefs instead
SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead
OpenTelemetry Proxy Access Log Host and Port are deprecated, use backendRefs instead
OpenTelemetry Proxy Metrics Sink Host and Port are deprecated, use backendRefs instead
Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead
Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead
Conformance
Added Supported Features to Gateway Class
Testing
Added e2e test for Client MTLS
Added e2e test for Load Balancing
Added performance benchmarking test
Added e2e test for Zipking Tracing
Added e2e test for HTTP Health Checks
Added e2e test for CEL Access Log Filter
Added e2e test for GRPC Access Log Service Sink
Added e2e test for XDS Metadata
Added e2e test for Wasm from OCI Images and HTTP Source
Added e2e test for Service IP Routing
Added e2e test for Multiple GatewayClasses
Added e2e test for HTTP Full Path rewrite
Added e2e test for Backend API
Added e2e test for Backend TLS Settings
Added e2e test for disabling X-RateLimit Headers
Added e2e test for Authorization
Added e2e test for BackendRefs in Ext-Auth
Added e2e test for Using Client Protocol in Upstream Connection
Added e2e test for Backend Client Cert Authentication
Added e2e test for External Processing Filter
Added e2e test for Merge Gateways Feature
Added e2e test for Option JWT authentication
Added e2e test for Infrastructure using Server-Side Apply
Added e2e test for Connection Limits
Added e2e test for Envoy Graceful Shutdown
Updated e2e test for Limit to cover multiple listeners
Updated e2e test for CORS to not require access-control-expose-headers
Run CEL tests on all supported K8s versions
Added OSV Scanner for Golang Vulnerabilities and Licenses
Added Trivy scanner for Docker images
Translator
Added Support for BackendRef HTTP Filters
Added Support for attaching EnvoyProxy to Gateways
Added Support for cross-namespace EnvoyProxy reference from GatewayClass
Added Support for Backend Traffic Policy for UDPRoute and TCPRoute
Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute
Added Support for multiple BackendRefs in TCPRoute and UDPRoute
Added Metrics related to XDS Server, Infra Manager and Controller
Added Support for PolicyStatus in EnvoyPatchPolicy
Added Support for Websocket upgrades in HTTP/1 Routes
Added Support for custom controller name in egctl
Added Support for BackendTLSPolicy CA Certificate reference to Secret
Added names to Filter Chains
Added Support extension server hooks for TCP and UDP listeners
Added Support for attaching EnvoyProxy resource to Gateways
Added Support for Exposing Prometheus Port in Rate Limiter Service
Added Support for Optional Rate Limit Backend Redis
Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled
Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain
Updated Ext-Auth Per-Route config to use filter-specific Config Type
Updated Overload Manager configuration according to Envoy recommendations by default
Updated Infrastructure resource management to user Server-Side Apply
Updated Reflection of Errors in Gateway Status when too many addresses are assigned
Fixed enforcement of same-namespace for BackendTLSPolicy and target
Fixed processing all listeners before returning with an error
Fixed creation of infrastructure resources if there are no listeners
Fixed use GatewayClass Name for Observability if Merge Gateways is enabled
Fixed CORS to not forward Not-Matching Preflights to Backends
Fixed BackendTLSPolicy status to fully conform with PolicyStatus
Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters
Fixed Proxy Protocol Filter to always be the first Listener Filter
Fixed Translation Consistency by sorting Gateways
Fixed QUIC Listener to only Advertise HTTP/3 over ALPN
Fixed SNI matching for TCP Routes with TLS termination
Fixed Reconciliation when EnvoyProxy backendRefs changes
Fixed Reconciliation when a referenced Secret or ConfigMap changes
Fixed ReplaceFullPath not working for root path
Fixed Default Application Protocol to TCP for Zipkin Tracing
Fixed not appending well-known ports (80, 443) in rediret Location header
Providers
Bumped K8s Client to v0.30.0
XDS
Bumped go-control-plane to v0.12.1
CLI
Added egctl x collect command
Added Support for Install and Uninstall commands to egctl
Added Support for xRoute and xPolicy in egctl x status
Added Golang version to Envoy Gateway version command
Fixed egctl x status gatewayclass example message
3.4 - Announcing Envoy Gateway v1.0
Envoy Gateway v1.0 release announcement.
We are thrilled to announce the arrival of Envoy Gateway v1.0.0, marking the official General Availability (GA) milestone for the project!
This release represents a significant achievement, and we extend our heartfelt gratitude to the entire Envoy Gateway community for their contributions, dedication, and support. Your collaborative efforts have been instrumental in reaching this pivotal release.
Thank you for being an integral part of this journey. We are excited to see how Envoy Gateway v1.0.0 will empower your operations and look forward to continuing our work together to drive the future of Cloud Native API Gateway.
The release adds a ton of features and functionality. Here are some highlights:
Kubernetes Support
Run Envoy Gateway in a Kubernetes cluster. Checkout the quickstart guide to get started with Envoy Gateway in a few
simple steps.
Gateway API Support
Envoy Gateway supports Gateway API resources for running and configuring a managed fleet of Envoy proxies. Envoy Gateway
passes Gateway API core conformance tests and supports GatewayClass, Gateway, HTTPRoute, and TLSRoute resources. See
the documentation for additional details on how to use Envoy Gateway for your edge proxy and API gateway needs.
Envoy Gateway at EnvoyCon NA
Envoy Gateway will be at EnvoyCon NA this October in Detroit. Don’t miss our talk to learn more about the
release and future direction of the project.
3.10 - Compatibility Matrix
This section includes Compatibility Matrix of Envoy Gateway.
Envoy Gateway relies on the Envoy Proxy and the Gateway API, and runs within a Kubernetes cluster. Not all versions of each of these products can function together for Envoy Gateway. Supported version combinations are listed below; bold type indicates the versions of the Envoy Proxy and the Gateway API actually compiled into each Envoy Gateway release.