Release Announcements
Envoy Gateway Release Announcements
This document provides details for Envoy Gateway releases. Envoy Gateway follows the Semantic Versioning v2.0.0 spec
for release versioning.
Stable Releases
Stable releases of Envoy Gateway include:
- Minor Releases- A new release branch and corresponding tag are created from the
main
branch. A minor release
is supported for 6 months following the release date. As the project matures, Envoy Gateway maintainers will reassess
the support timeframe.
Minor releases happen quarterly and follow the schedule below.
Release Management
Minor releases are handled by a designated Envoy Gateway maintainer. This maintainer is considered the Release Manager
for the release. The details for creating a release are outlined in the release guide. The Release Manager is
responsible for coordinating the overall release. This includes identifying issues to be fixed in the release,
communications with the Envoy Gateway community, and the mechanics of the release.
Release Schedule
In order to align with the Envoy Proxy release schedule, Envoy Gateway releases are produced on a fixed schedule
(the 22nd day of each quarter), with an acceptable delay of up to 2 weeks, and a hard deadline of 3 weeks.
Version | Expected | Actual | Difference | End of Life |
---|
0.2.0 | 2022/10/22 | 2022/10/20 | -2 days | 2023/4/20 |
0.3.0 | 2023/01/22 | 2023/02/09 | +17 days | 2023/08/09 |
0.4.0 | 2023/04/22 | 2023/04/24 | +2 days | 2023/10/24 |
0.5.0 | 2023/07/22 | 2023/08/02 | +10 days | 2024/01/02 |
0.6.0 | 2023/10/22 | 2023/11/02 | +10 days | 2024/05/02 |
1.0.x | 2024/03/06 | 2023/03/13 | +7 days | 2024/09/13 |
1.1.x | 2024/07/16 | 2024/07/22 | +6 days | 2024/01/22 |
1.2.x | 2024/10/22 | 2024/11/06 | +14 days | 2025/05/06 |
1 - Notes
This section includes Releases Notes of Envoy Gateway.
1.1 - v1.2.3
Date: December 2, 2024
Bug fixes
- Disabled the retry policy for the JWT provider to reduce requests sent to the JWKS endpoint. Failed async fetches will retry every 1s.
- Used a waitGroup instead of an enabled channel in the status updater.
Other changes
- EG Listens on IPv4 by default, but if IPFamily is set to IPv6 or DualStack, it listens on :: and enables ipv4_compat for DualStack.
- Bumped Gateway API to v1.2.1.
1.2 - v1.2.2
Date: November 28, 2024
Bug fixes
- Fixed Envoy rejecting TCP Listeners that have no attached TCPRoutes.
- Fixed failed to update SecurityPolicy resources with the
backendRef
field specified. - Fixed xDS translation failed when oidc tokenEndpoint and jwt remoteJWKS are specified in the same SecurityPolicy and using the same hostname.
- Fixed frequent 503 errors when connecting to a Service experiencing high Pod churn.
Other changes
- Bump the RateLimit image to 49af5cca.
- Always use
::
and IPv4Compact
enabled on dynamic listeners. - Use
V4_PREFERRED
instead of V4_ONLY
by default for the cluster’s DnsLookupFamily
.
1.3 - v1.2.1
Date: November 7, 2024
Bug fixes
- Fixed a panic in the provider goroutine when the body in the direct response configuration was nil.
1.5 - v1.1.3
Date: November 1, 2024
Breaking changes
New features
Bug fixes
- Fixed unsupported listener protocol type causing an error while updating Gateway Status
- Fixed some status updates were being discarded by the status updater
- Fixed error level logging for admin and metrics modules
- Fixed Dashboard typos
- Fixed Ratelimit Deployment ignoring pod labels and annotation merge
- Fixed the API Server receives unnecessary requests
- Fixed set invalid Listener.SupportedKinds to empty list
- Fixed losing timeout settings that originate from the route when translating the backend traffic policy
- Fixed xds translation failure when wasm http code source configured without sha
Other changes
- Bumped Envoy proxy to 1.31.3
- Bumped github.com/docker/docker to 27.3.1+incompatible
1.7 - v1.1.2
Date: September 24, 2024
Translator
- Fixed handling of sectionName in BackendTLSPolicy for Backend resource
Infra-manager
- Pin Envoy Proxy version to v1.32.2
- Change Envoy listener drain strategy from gradual to immediate
Providers
- Fixed reconciliation of HTTPRoutes when labels change
1.8 - v1.1.1
Date: September 11, 2024
Documentation
- Bumped Golang version to 1.22.7
- Enabled GatewayHTTPListenerIsolation test
Testing
- Fix download URL of envoy proxy WASM examples used in tests
Translator
- Fixed url rewrite to remove trailing slash
- Isolate HTTP route tables to listener according to Gateway-API specifications
- Fixed identification of ReferenceGrant when multiple ReferenceGrants exist in a namespace
- Fixed added header values as a command and space delimited list
- Fixed assertion on expected status in active HTTP healthcheck
- Fixed rejection of invalid Backends referenced by xRoutes
- Fixed support for empty SlowStart configuration when using LeastRequest loadbalancing
- Fixed update of status for Backends
Infra-manager
- Pin ratelimit version to 26f28d78
- Reduce readinessProbe failureThreshold and periodSeconds of proxy
- Expose ratelimit statsd
Providers
- Fixed error returned when referenced Configmap or Secret is not found
- Use component name in Envoy Gateway logs
1.9 - v1.1.0
Date: July 22, 2024
Documentation
- Added Concepts Doc
- Added User Guide for Wasm Extension
- Added User Guide for patching Envoy Service
- Added User Guide for Backend MTLS
- Added User Guide for Backend TLS Parameters
- Added User Guide for IP Allowlist/Denylist
- Added User Guide for Extension Server
- Added User Guide for building Wasm image
- Added Performance Benchmarking Document
- Added User Guide for Zipkin Tracing
- Added User Guide for Customizing Ordering of Filters
- Added User Guide for External Processing Filter in EnvoyExtensionPolicy
- Added User Guide for installation of egctl with brew
- Added User Guide for Client Buffer Size Limit
- Added User Guide for Client Idle Timeout
- Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides
- Added User Guide for Backend resource
- Added GA Blog Post
- Added Threat Model
- Added Adopters section to docs
- Added User Guide and Dashboards for Control Plane and Resource Observability
- Added User Guide for Connection Limits in ClientTrafficPolicy
- Added User Guide on using Private Key Provider
- Added Design Doc for Authorization
- Added Design Doc for XDS Metadata
- Added Design Doc for Backend resource
- Added Design Doc for Control Plane Observability
- Added Design Doc for EnvoyExtensionPolicy
- Added Design Doc for External Processing in EnvoyExtensionPolicy
- Updated Access Logging User Guide to include filtering with CEL Expression
- Updated Access Logging User Guide to include Metadata
- Updated Development Guide to require Golang 1.22
- Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource
- Updated Site to reflect GA status
- Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef
- Updated Observability User Guides to use gateway-addons-helm
- Updated Gateway-API User Guide to reflect support for BackendRef filters
- Updated HTTP Timeouts User Guide to highlight default Envoy timeouts
- Updated Installation Guide to use server-side apply
- Updated Installation Guide to refer to values.yaml docs
- Updated BackendTLSPolicy User Guide to GW-API v1.1.0
- Updated User Guides to use tabs when applying yaml from file or stdin
- Updated OIDC User Guide to use HTTPS redirect URLs
- Updated Order of versions in Site
- Updated Extensbility User Gudie to use yaml-format patches
- Updated Quickstart Guide to include next steps
- Updated CRD docs to include enum values
- Updated Extensibility User Guide with Envoy Patch Policy examples
- Updated structure of docs: rename Guides to Tasks, move Contribution
- Updated Support Matrix
- Updated egctl x status docs for xRoute and xPolicy
- Updated egctl User Guide with Install and Uninstall commands
- Updated GRPCRoute docs to use v1 instead of v1alpha2
- Fixed Rate Limiting User Guide to use correct CIDR matcher type names
- Fixed User Guide for JWT-based routing
- Fixed JSON Access Log Example
- Use linkinator to detect dead links in docs
- Use helm-docs to generate chart docs
- Support Not-Implemented-Hide marker in API docs
Installation
- Added startupProbe to all provisioned containers to reduce risk of restart
- Added new gateway-addons-helm chart for Observability
- Added support for global image settings for all images in Envoy Gateway helm chart
- Added Support for PodDistruptionBudget for Envoy Gateway
- Added Support for TopologySpreadConstraints for Envoy Gateway
- Added Support for Tolerations for Envoy Gateway
- Added Support for Ratelimit image pull secrets and pull policy
- Updated ttlSecondsAfterFinished on certgen job to 30 by default
- Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts
- Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service
API
- Added Support for Gateway-API v1.1.0
- Added new Backend CRD
- Added new EnvoyExtensionPolicy CRD
- Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs
- Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs
- Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config
- Added Support for Custom ShutDownManager Image in EnvoyGateway Config
- Added Support for Leader Election in EnvoyGateway Config
- Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config
- Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD
- Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD
- Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD
- Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD
- Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD
- Added Support for Rate Limiting Tracing in EnvoyProxy CRD
- Added Support for Routing to Service IP in EnvoyProxy CRD
- Added Support for Access Log CEL filters in EnvoyProxy CRD
- Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD
- Added Support for Zipkin Tracing in EnvoyProxy CRD
- Added Support for using the Listener port as a the Container port in EnvoyProxy CRD
- Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD
- Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD
- Added Support for Backend TLS Settings in EnvoyProxy CRD
- Added Support for HTTP Filter Ordering in EnvoyProxy CRD
- Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD
- Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD
- Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD
- Added Support for Per-Endpoint stats in EnvoyProxy CRD
- Added Support for Targeting SectionNames in ClientTrafficPolicy CRD
- Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD
- Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD
- Added Support for HTTP/2 settings in ClientTrafficPolicy CRD
- Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD
- Added Support for HTTP Health Check in ClientTrafficPolicy CRD
- Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD
- Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD
- Added Support for XFCC header processing in ClientTrafficPolicy CRD
- Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD
- Added Support for IdleTimeout in ClientTrafficPolicy CRD
- Added Support for Connection Limits in ClientTrafficPolicy CRD
- Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD
- Added Support for Optionally requiring a JWT in SecurityPolicy CRD
- Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD
- Added Support for Authorization in SecurityPolicy CRD
- Added Support for Ext-Auth failOpen in SecurityPolicy CRD
- Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD
- Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD
- Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD
- Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD
- Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD
- Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy
- Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD
- Added Support for Wasm extension in EnvoyExtensionPolicy CRD
- Added Support for External Processing extension in EnvoyExtensionPolicy CRD
- Removed Status Print Column from xPolicy CRDs
Breaking Changes
- SecurityPolicy translation failures will now cause routes referenced by the policy to return an immediate 500 response
- Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
- xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources
Deprecations
- xPolicy targetRef is deprecated, use targetRefs instead
- SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead
- OpenTelemetry Proxy Access Log Host and Port are deprecated, use backendRefs instead
- OpenTelemetry Proxy Metrics Sink Host and Port are deprecated, use backendRefs instead
- Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead
- Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead
- Added Supported Features to Gateway Class
Testing
- Added e2e test for Client MTLS
- Added e2e test for Load Balancing
- Added performance benchmarking test
- Added e2e test for Zipking Tracing
- Added e2e test for HTTP Health Checks
- Added e2e test for CEL Access Log Filter
- Added e2e test for GRPC Access Log Service Sink
- Added e2e test for XDS Metadata
- Added e2e test for Wasm from OCI Images and HTTP Source
- Added e2e test for Service IP Routing
- Added e2e test for Multiple GatewayClasses
- Added e2e test for HTTP Full Path rewrite
- Added e2e test for Backend API
- Added e2e test for Backend TLS Settings
- Added e2e test for disabling X-RateLimit Headers
- Added e2e test for Authorization
- Added e2e test for BackendRefs in Ext-Auth
- Added e2e test for Using Client Protocol in Upstream Connection
- Added e2e test for Backend Client Cert Authentication
- Added e2e test for External Processing Filter
- Added e2e test for Merge Gateways Feature
- Added e2e test for Option JWT authentication
- Added e2e test for Infrastructure using Server-Side Apply
- Added e2e test for Connection Limits
- Added e2e test for Envoy Graceful Shutdown
- Updated e2e test for Limit to cover multiple listeners
- Updated e2e test for CORS to not require access-control-expose-headers
- Run CEL tests on all supported K8s versions
- Added OSV Scanner for Golang Vulnerabilities and Licenses
- Added Trivy scanner for Docker images
Translator
- Added Support for BackendRef HTTP Filters
- Added Support for attaching EnvoyProxy to Gateways
- Added Support for cross-namespace EnvoyProxy reference from GatewayClass
- Added Support for Backend Traffic Policy for UDPRoute and TCPRoute
- Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute
- Added Support for multiple BackendRefs in TCPRoute and UDPRoute
- Added Metrics related to XDS Server, Infra Manager and Controller
- Added Support for PolicyStatus in EnvoyPatchPolicy
- Added Support for Websocket upgrades in HTTP/1 Routes
- Added Support for custom controller name in egctl
- Added Support for BackendTLSPolicy CA Certificate reference to Secret
- Added names to Filter Chains
- Added Support extension server hooks for TCP and UDP listeners
- Added Support for attaching EnvoyProxy resource to Gateways
- Added Support for Exposing Prometheus Port in Rate Limiter Service
- Added Support for Optional Rate Limit Backend Redis
- Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled
- Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain
- Updated Ext-Auth Per-Route config to use filter-specific Config Type
- Updated Overload Manager configuration according to Envoy recommendations by default
- Updated Infrastructure resource management to user Server-Side Apply
- Updated Reflection of Errors in Gateway Status when too many addresses are assigned
- Fixed enforcement of same-namespace for BackendTLSPolicy and target
- Fixed processing all listeners before returning with an error
- Fixed creation of infrastructure resources if there are no listeners
- Fixed use GatewayClass Name for Observability if Merge Gateways is enabled
- Fixed CORS to not forward Not-Matching Preflights to Backends
- Fixed BackendTLSPolicy status to fully conform with PolicyStatus
- Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters
- Fixed Proxy Protocol Filter to always be the first Listener Filter
- Fixed Translation Consistency by sorting Gateways
- Fixed QUIC Listener to only Advertise HTTP/3 over ALPN
- Fixed SNI matching for TCP Routes with TLS termination
- Fixed Reconciliation when EnvoyProxy backendRefs changes
- Fixed Reconciliation when a referenced Secret or ConfigMap changes
- Fixed ReplaceFullPath not working for root path
- Fixed Default Application Protocol to TCP for Zipkin Tracing
- Fixed not appending well-known ports (80, 443) in rediret Location header
Providers
- Bumped K8s Client to v0.30.0
xDS
- Bumped go-control-plane to v0.12.1
Cli
- Added egctl x collect command
- Added Support for Install and Uninstall commands to egctl
- Added Support for xRoute and xPolicy in egctl x status
- Added Golang version to Envoy Gateway version command
- Fixed egctl x status gatewayclass example message
1.10 - v1.1.0-rc.1
Date: July 8, 2024
Documentation
- Added Performance Benchmarking Document
- Added User Guide for Zipkin Tracing
- Added User Guide for Customizing Ordering of Filters
- Added User Guide for External Processing Filter in EnvoyExtensionPolicy
- Added User Guide for installation of egctl with brew
- Added User Guide for Client Buffer Size Limit
- Added User Guide for Client Idle Timeout
- Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides
- Added User Guide for Backend resource
- Added GA Blog Post
- Added Threat Model
- Added Adopters section to docs
- Added User Guide and Dashboards for Control Plane and Resource Observability
- Added User Guide for Connection Limits in ClientTrafficPolicy
- Added User Guide on using Private Key Provider
- Added Design Doc for Authorization
- Added Design Doc for XDS Metadata
- Added Design Doc for Backend resource
- Added Design Doc for Control Plane Observability
- Added Design Doc for EnvoyExtensionPolicy
- Added Design Doc for External Processing in EnvoyExtensionPolicy
- Updated Access Logging User Guide to include filtering with CEL Expression
- Updated Access Logging User Guide to include Metadata
- Updated Development Guide to require Golang 1.22
- Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource
- Updated Site to reflect GA status
- Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef
- Updated Observability User Guides to use gateway-addons-helm
- Updated Gateway-API User Guide to reflect support for BackendRef filters
- Updated HTTP Timeouts User Guide to highlight default Envoy timeouts
- Updated Installation Guide to use server-side apply
- Updated Installation Guide to refer to values.yaml docs
- Updated BackendTLSPolicy User Guide to GW-API v1.1.0
- Updated User Guides to use tabs when applying yaml from file or stdin
- Updated OIDC User Guide to use HTTPS redirect URLs
- Updated Order of versions in Site
- Updated Extensbility User Gudie to use yaml-format patches
- Updated Quickstart Guide to include next steps
- Updated CRD docs to include enum values
- Updated Extensibility User Guide with Envoy Patch Policy examples
- Updated structure of docs: rename Guides to Tasks, move Contribution
- Updated Support Matrix
- Updated egctl x status docs for xRoute and xPolicy
- Updated egctl User Guide with Install and Uninstall commands
- Updated GRPCRoute docs to use v1 instead of v1alpha2
- Fixed Rate Limiting User Guide to use correct CIDR matcher type names
- Fixed User Guide for JWT-based routing
- Fixed JSON Access Log Example
- Use linkinator to detect dead links in docs
- Use helm-docs to generate chart docs
- Support Not-Implemented-Hide marker in API docs
Installation
- Added new gateway-addons-helm chart for Observability
- Added support for global image settings for all images in Envoy Gateway helm chart
- Added Support for PodDistruptionBudget for Envoy Gateway
- Added Support for TopologySpreadConstraints for Envoy Gateway
- Added Support for Tolerations for Envoy Gateway
- Added Support for Ratelimit image pull secrets and pull policy
- Updated ttlSecondsAfterFinished on certgen job to 30 by default
- Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts
- Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service
API
- Added Support for Gateway-API v1.1.0
- Added new Backend CRD
- Added new EnvoyExtensionPolicy CRD
- Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs
- Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs
- Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config
- Added Support for Custom ShutDownManager Image in EnvoyGateway Config
- Added Support for Leader Election in EnvoyGateway Config
- Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config
- Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD
- Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD
- Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD
- Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD
- Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD
- Added Support for Rate Limiting Tracing in EnvoyProxy CRD
- Added Support for Routing to Service IP in EnvoyProxy CRD
- Added Support for Access Log CEL filters in EnvoyProxy CRD
- Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD
- Added Support for Zipkin Tracing in EnvoyProxy CRD
- Added Support for using the Listener port as a the Container port in EnvoyProxy CRD
- Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD
- Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD
- Added Support for Backend TLS Settings in EnvoyProxy CRD
- Added Support for HTTP Filter Ordering in EnvoyProxy CRD
- Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD
- Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD
- Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD
- Added Support for Per-Endpoint stats in EnvoyProxy CRD
- Added Support for Targeting SectionNames in ClientTrafficPolicy CRD
- Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD
- Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD
- Added Support for HTTP/2 settings in ClientTrafficPolicy CRD
- Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD
- Added Support for HTTP Health Check in ClientTrafficPolicy CRD
- Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD
- Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD
- Added Support for XFCC header processing in ClientTrafficPolicy CRD
- Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD
- Added Support for IdleTimeout in ClientTrafficPolicy CRD
- Added Support for Connection Limits in ClientTrafficPolicy CRD
- Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD
- Added Support for Optionally requiring a JWT in SecurityPolicy CRD
- Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD
- Added Support for Authorization in SecurityPolicy CRD
- Added Support for Ext-Auth failOpen in SecurityPolicy CRD
- Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD
- Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD
- Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD
- Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD
- Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD
- Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy
- Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD
- Added Support for Wasm extension in EnvoyExtensionPolicy CRD
- Added Support for External Processing extension in EnvoyExtensionPolicy CRD
- Removed Status Print Column from xPolicy CRDs
Breaking Changes
- Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
- xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources
Deprecations
- xPolicy targetRef is deprecated, use targetRefs instead
- SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead
- OpenTelemetry Proxy Access Log Host and Port are deprecated, use backendRefs instead
- OpenTelemetry Proxy Metrics Sink Host and Port are deprecated, use backendRefs instead
- Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead
- Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead
- Added Supported Features to Gateway Class
Testing
- Added performance benchmarking test
- Added e2e test for Zipking Tracing
- Added e2e test for HTTP Health Checks
- Added e2e test for CEL Access Log Filter
- Added e2e test for GRPC Access Log Service Sink
- Added e2e test for XDS Metadata
- Added e2e test for Wasm from OCI Images and HTTP Source
- Added e2e test for Service IP Routing
- Added e2e test for Multiple GatewayClasses
- Added e2e test for HTTP Full Path rewrite
- Added e2e test for Backend API
- Added e2e test for Backend TLS Settings
- Added e2e test for disabling X-RateLimit Headers
- Added e2e test for Authorization
- Added e2e test for BackendRefs in Ext-Auth
- Added e2e test for Using Client Protocol in Upstream Connection
- Added e2e test for Backend Client Cert Authentication
- Added e2e test for External Processing Filter
- Added e2e test for Merge Gateways Feature
- Added e2e test for Option JWT authentication
- Added e2e test for Infrastructure using Server-Side Apply
- Added e2e test for Connection Limits
- Added e2e test for Envoy Graceful Shutdown
- Updated e2e test for Limit to cover multiple listeners
- Updated e2e test for CORS to not require access-control-expose-headers
- Run CEL tests on all supported K8s versions
- Added OSV Scanner for Golang Vulnerabilities and Licenses
- Added Trivy scanner for Docker images
Translator
- Added Support for BackendRef HTTP Filters
- Added Support for attaching EnvoyProxy to Gateways
- Added Support for cross-namespace EnvoyProxy reference from GatewayClass
- Added Support for Backend Traffic Policy for UDPRoute and TCPRoute
- Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute
- Added Support for multiple BackendRefs in TCPRoute and UDPRoute
- Added Metrics related to XDS Server, Infra Manager and Controller
- Added Support for PolicyStatus in EnvoyPatchPolicy
- Added Support for Websocket upgrades in HTTP/1 Routes
- Added Support for custom controller name in egctl
- Added Support for BackendTLSPolicy CA Certificate reference to Secret
- Added names to Filter Chains
- Added Support extension server hooks for TCP and UDP listeners
- Added Support for attaching EnvoyProxy resource to Gateways
- Added Support for Exposing Prometheus Port in Rate Limiter Service
- Added Support for Optional Rate Limit Backend Redis
- Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled
- Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain
- Updated Ext-Auth Per-Route config to use filter-specific Config Type
- Updated Overload Manager configuration according to Envoy recommendations by default
- Updated Infrastructure resource management to user Server-Side Apply
- Updated Reflection of Errors in Gateway Status when too many addresses are assigned
- Fixed enforcement of same-namespace for BackendTLSPolicy and target
- Fixed processing all listeners before returning with an error
- Fixed creation of infrastructure resources if there are no listeners
- Fixed use GatewayClass Name for Observability if Merge Gateways is enabled
- Fixed CORS to not forward Not-Matching Preflights to Backends
- Fixed BackendTLSPolicy status to fully conform with PolicyStatus
- Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters
- Fixed Proxy Protocol Filter to always be the first Listener Filter
- Fixed Translation Consistency by sorting Gateways
- Fixed QUIC Listener to only Advertise HTTP/3 over ALPN
- Fixed SNI matching for TCP Routes with TLS termination
- Fixed Reconciliation when EnvoyProxy backendRefs changes
- Fixed Reconciliation when a referenced Secret or ConfigMap changes
- Fixed ReplaceFullPath not working for root path
- Fixed Default Application Protocol to TCP for Zipkin Tracing
- Fixed not appending well-known ports (80, 443) in rediret Location header
Providers
- Bumped K8s Client to v0.30.0
xDS
- Bumped go-control-plane to v0.12.1
Cli
- Added Support for Install and Uninstall Commands to egctl
- Added Support for xRoute and xPolicy in egctl x status
- Added Golang version to Envoy Gateway version command
- Fixed egctl x status gatewayclass example message
1.11 - v1.0.2
Date: June 12, 2024
Installation
- Updated EnvoyProxy to 1.29.5
- Use Patch API for infra-client
- Use ServerSideApply instead of CreateOrUpdate for infra-client
Testing
- Fixed failures due to an expired certificate in one of the translator tests
Translator
- Use - for naming service and container ports
- Added proxy protocol always as first listenerFilter
- Set ignoreCase for header matchers in extAuth
- Added backend TLS SAN validation
- Fixed ReplaceFullPath not working for root path (/)
Providers
- Fixed duplicated xroutes are added to gatewayapi Resources
- Fixed security policy reference grant from field type
- Fixed Route extension filters with different types but the same name and namespace aren’t correctly cached
- Fixed secrets/configmap updates to trigger a controller reconcile by removing the generationChanged predicate
- Removed namespace restriction for EnvoyProxy parametersRef
1.12 - v1.0.1
Date: April 9, 2024
Installation
- Updated EnvoyProxy version to v1.29.3
- Fixed certgen to support creating the hmac secret during an upgrade
Translator
- Fixed nil secret in resourceversiontable
- Add missing http filters to the http filter chain when ClientTrafficPolicy and MergeGateways is enabled
- Allow websockets when url rewrite is enabled
- Set the Host header for http health checker
- Fixed double slashes in redirect URL
- Allow ClientTrafficPolicy to attach to multiple http (non https) listeners within the same Gateway
- Set path prefix for the http ext auth service
- Set the route matching precedence order to Exact > RegularExpression > PathPrefix
- Fixed infraIR duplicate port translation for merged gateways
- Set SpawnUpstreamSpan to true
- Allow rate limit to work with multiple listeners
Infra-manager
- Skip creating infra resources when the InfraIR has empty listeners
1.14 - v0.6.0
Date: Nov 1, 2023
Documentation
- Introduced a new website based on Hugo
- Added Grafana dashboards and integration docs for EnvoyProxy metrics
- Added Grafana integration docs for Gateway API metrics
Installation
- Updated EnvoyProxy image to be a distroless variant.
- Removed resources around kube-rbac-proxy
API
- Upgraded to Gateway API v1.0.0
- Added the ClientTrafficPolicy CRD with Keep Alive Support
- Added the BackendTrafficPolicy CRD with RateLimit and LoadBalancer Support
- Added the SecurityPolicy CRD with CORS and JWT Support
- Added EnvoyGateway Metrics with Prometheus and OpenTelemetry support
- Added Support for InitContainers in EnvoyProxy CRD
- Added Support for LoadBalancerIP in EnvoyProxy CRD
- Added Support for AllocateLoadBalancerNodePorts in EnvoyProxy CRD
- Added Support for LoadBalancerClass in EnvoyProxy CRD
- Added Support for selecting EnvoyProxy stats to be generated
- Added Support for enabling EnvoyProxy Virtual Host metrics
- Added Support for Merging Gateway resources onto the same infrastructure
Breaking Changes
- Removed the AuthenticationFilter CRD
- Removed the RateLimitFilter CRD
- Moved EnvoyProxy CRD from
config.gateway.envoyproxy.io
to gateway.envoyproxy.io
- Enabled EnvoyProxy Prometheus Endpoint by default with an option to disable it
- Updated the Bootstrap field within the EnvoyProxy CRD with an additional value
- field to specify bootstrap config
- Added Support for HTTPRouteBackendProtocolH2C Test
- Added Support for HTTPRouteBackendProtocolWebSocket Test
- Added Support for HTTPRouteRequestMultipleMirrors Test
- Added Support for HTTPRouteTimeoutRequest Test
- Added Support for HTTPRouteTimeoutBackendRequest Test
- Added Support for HTTPRouteRedirectPortAndScheme Test
Watchable
- Improved caching of resource by implementing a compare function agnostic of resource order
Translator
- Added support for routing to EndpointSlice endpoints
- Added support for HTTPRoute Timeouts
- Added support for multiple RequestMirror filters per HTTPRoute rule
- Use / instead of - in IR Route Names
- Added Support to ignore ports in Host header
Providers
- Added the generationChangedPredicate to most resources to limit resource reconiliation
- Improved reconiliation by using the same enqueue request for all resources
- Added support for reconciling ServiceImport CRD
- Added support for selectively watching resources based on Namespace Selector
xDS
- Fixed Layered Runtime warnings
- Upgraded to the latest version of go-control-plane that fixed xDS Resource ordering issues for ADS.
- Added HTTP2 Keep Alives to the xds connection
Cli
- Added Support for egctl stats command
1.16 - v0.6.0-rc.1
Date: Oct 27, 2023
Documentation
- Introduced a new website based on Hugo
- Added Grafana dashboards and integration docs for EnvoyProxy metrics
- Added Grafana integration docs for Gateway API metrics
Installation
- Added Support for configuring Envoy Gateway Label and Annotations using Helm
- Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
- Fixes Helm values for EnvoyGateway startup configuration
- Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.
API
- Upgraded to Gateway API v1.0.0
- Added the ClientTrafficPolicy CRD with Keep Alive Support
- Added the BackendTrafficPolicy CRD with RateLimit and LoadBalancer Support
- Added the SecurityPolicy CRD with CORS and JWT Support
- Added EnvoyGateway Metrics with Prometheus and OpenTelemetry support
- Added Support for InitContainers in EnvoyProxy CRD
- Added Support for LoadBalancerIP in EnvoyProxy CRD
- Added Support for AllocateLoadBalancerNodePorts in EnvoyProxy CRD
- Added Support for LoadBalancerClass in EnvoyProxy CRD
- Added Support for selecting EnvoyProxy stats to be generated
- Added Support for enabling EnvoyProxy Virtual Host metrics
- Added Support for Merging Gateway resources onto the same infrastructure
Breaking Changes
- Removed the AuthenticationFilter CRD
- Removed the RateLimitFilter CRD
- Enabled EnvoyProxy Prometheus Endpoint by default with an option to disable it
- Updated the Bootstrap field within the EnvoyProxy CRD with an additional value
- field to specify bootstrap config
Watchable
- Improved caching of resource by implementing a compare function agnostic of resource order
Translator
Breaking Changes
- Added support for routing to EndpointSlice endpoints
- Added support for HTTPRoute Timeouts
- Added support for multiple RequestMirror filters per HTTPRoute rule
- Use / instead of - in IR Route Names
- Added Support to ignore ports in Host header
Providers
- Added the generationChangedPredicate to most resources to limit resource reconiliation
- Improved reconiliation by using the same enqueue request for all resources
- Added support for reconciling ServiceImport CRD
- Added support for selectively watching resources based on Namespace Selector
xDS
- Fixed Layered Runtime warnings
- Upgraded to the latest version of go-control-plane that fixed xDS Resource ordering issues for ADS.
- Added HTTP2 Keep Alives to the xds connection
Cli
- Added Support for egctl stats command
1.17 - v0.5.0
Date: July 26, 2023
Documentation
- Added Docs for Installation page using Helm
- Added Docs for Cert Manager Integration
- Added Docs for Presentation Links
- Added Docs for configuring multiple TLS Certificates per Listener
Installation
- Added Support for configuring Envoy Gateway Label and Annotations using Helm
- Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
- Fixes Helm values for EnvoyGateway startup configuration
- Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.
API
- Upgraded to Gateway API v0.7.1
- Added Support for EnvoyPatchPolicy
- Added Support for EnvoyProxy Telemetry - Access Logging, Traces and Metrics
- Added Support for configuring EnvoyProxy Pod Labels
- Added Support for configuring EnvoyProxy Deployment Strategy Settings, Volumes and Volume Mounts
- Added Support for configuring EnvoyProxy as a NodePort Type Service
- Added Support for Distinct RateLimiting for IP Addresses
- Added Support for converting JWT Claims to Headers, to be used for RateLimiting
- Added Admin Server for Envoy Gateway
- Added Pprof Debug Support for Envoy Gateway
- Added Support to Watch for Resources in Select Namespaces
Breaking Changes
- Renamed field in EnvoyGateway API from Extension to ExtensionManager
- Added Retest Github Action
- Added CherryPick Github Action
- Added E2E Step in Github CI Workflow
- Added RateLimit E2E Tests
- Added JWT Claim based RateLimit E2E Tests
- Added Access Logging E2E tests
- Added Metrics E2E tests
- Added Tracing E2E tests
- Enabled GatewayWithAttachedRoutes Test
- Enabled HttpRouteRequestMirror Test
- Skipped HTTPRouteRedirectPortAndScheme Test
Translator
Breaking Changes
- Renamed IR resources from - to /
- which also affects generated Xds Resources
Providers
- Reconcile Node resources to be able to compute Status Addresses for Gateway
- Discard Status before publishing Provider resources to reduce memory consumption
xDS
- Fix Init Race in Xds Runner when starting Xds Server and receiving Xds Input
- Switched to Xds SOTW Server for RateLimit Service Configuration
- Added Control Plane TLS between EnvoyProxy and RateLimit Service
- Enabled adding RateLimit Headers when RateLimit is set
- Allowed GRPCRoute and HTTPRoute to be linked to the same HTTPS Listener
- Set ALPN in the Xds Listener with TLS enabled.
- Added Best Practices Default Edge Settings to Xds Resources
- Compute and Publish EnvoyPatchPolicy status from xds-translator runner
Cli
- Added egctl x translate Support to generate default missing Resources
- Added egctl x translate Support for AuthenticationFilter and EnvoyPatchPolicy
1.18 - v0.5.0-rc.1
Date: July 26, 2023
Documentation
- Added Docs for Installation page using Helm
- Added Docs for Cert Manager Integration
- Added Docs for Presentation Links
- Added Docs for configuring multiple TLS Certificates per Listener
Installation
- Added Support for configuring Envoy Gateway Label and Annotations using Helm
- Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
- Fixes Helm values for EnvoyGateway startup configuration
- Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.
API
- Upgraded to Gateway API v0.7.1
- Added Support for EnvoyPatchPolicy
- Added Support for EnvoyProxy Telemetry - Access Logging, Traces and Metrics
- Added Support for configuring EnvoyProxy Pod Labels
- Added Support for configuring EnvoyProxy Deployment Strategy Settings, Volumes and Volume Mounts
- Added Support for configuring EnvoyProxy as a NodePort Type Service
- Added Support for Distinct RateLimiting for IP Addresses
- Added Support for converting JWT Claims to Headers, to be used for RateLimiting
- Added Admin Server for Envoy Gateway
- Added Pprof Debug Support for Envoy Gateway
- Added Support to Watch for Resources in Select Namespaces
Breaking Changes
- Renamed field in EnvoyGateway API from Extension to ExtensionManager
- Added Retest Github Action
- Added CherryPick Github Action
- Added E2E Step in Github CI Workflow
- Added RateLimit E2E Tests
- Added JWT Claim based RateLimit E2E Tests
- Added Access Logging E2E tests
- Added Metrics E2E tests
- Added Tracing E2E tests
- Enabled GatewayWithAttachedRoutes Test
- Enabled HttpRouteRequestMirror Test
- Skipped HTTPRouteRedirectPortAndScheme Test
Translator
Breaking Changes
- Renamed IR resources from - to /
- which also affects generated Xds Resources
Providers
- Reconcile Node resources to be able to compute Status Addresses for Gateway
- Discard Status before publishing Provider resources to reduce memory consumption
xDS
- Fix Init Race in Xds Runner when starting Xds Server and receiving Xds Input
- Switched to Xds SOTW Server for RateLimit Service Configuration
- Added Control Plane TLS between EnvoyProxy and RateLimit Service
- Enabled adding RateLimit Headers when RateLimit is set
- Allowed GRPCRoute and HTTPRoute to be linked to the same HTTPS Listener
- Set ALPN in the Xds Listener with TLS enabled.
- Added Best Practices Default Edge Settings to Xds Resources
- Compute and Publish EnvoyPatchPolicy status from xds-translator runner
Cli
- Added egctl x translate Support to generate default missing Resources
- Added egctl x translate Support for AuthenticationFilter and EnvoyPatchPolicy
1.19 - v0.4.0
Date: April 24, 2023
Documentation
- Added Docs for Installing and Using egctl
Installation
- Added Helm Installation Support
- Added Support for Ratelimiting Based On IP Subnet
- Added Gateway API Support Doc
- Added Namespace Resource to Helm Templates
- Updated Installation Yaml to Use the envoy-gateway-system Namespace
API
- Upgraded to Gateway API v0.6.2
- Added Support for Custom Envoy Proxy Bootstrap Config
- Added Support for Configuring the Envoy Proxy Image and Service
- Added Support for Configuring Annotations, Resources, and Securitycontext Settings on Ratelimit Infra and Envoy Proxy
- Added Support for Using Multiple Certificates on a Single Fully Qualified Domain Name
- Gateway Status Address is now Populated for ClusterIP type Envoy Services
- Envoy Proxy Pod and Container SecurityContext is now Configurable
- Added Custom Envoy Gateway Extensions Framework
- Added Support for Service Method Match in GRPCRoute
- Fixed a Bug in the Extension Hooks for xDS Virtual Hosts and Routes
- Fixed CI Flakes During Helm Install
- Added Test To Ensure Static xDS Cluster Has Same Field Values as Dynamic Cluster
- Added egctl to Build and Test CI Workflow
- Code Coverage Thresholds are now Enforced by CI
- Fixed latest-release-check CI Job Failures
- Added Auto Release Tooling for Charts
- Enabled GatewayWithAttachedRoutes Test
- Enabled Enable HTTPRouteInvalidParentRefNotMatchingSectionName Test
- Enabled Enable HTTPRouteDisallowedKind Test
- Re-Enabled Gateway/HTTPRouteObservedGenerationBump Test
Translator
- Added Support for Dynamic GatewayControllerName in Route Status
Providers
- Update GatewayClass Status Based on EnvoyProxy Config Validation
xDS
- Added EDS Support
- Fixed PathSeparatedPrefix and Optimized Logic for Prefixes Ending With Trailing Slash
- Updated Deprecated RegexMatcher
- Refactored Authn and Ratelimit Features to Reuse buildXdsCluster
Cli
- Added egctl CLI Tool
- Added egctl Support for Dry Runs of Gateway API Config
- Added egctl Support for Dumping Envoy Proxy xDS Resources
1.20 - v0.4.0-rc.1
Date: April 13, 2023
Documentation
- Added Docs for Installing and Using egctl
Installation
- Added Helm Installation Support
- Added Support for Ratelimiting Based On IP Subnet
- Added Gateway API Support Doc
API
- Upgraded to Gateway API v0.6.2
- Added Support for Custom Envoy Proxy Bootstrap Config
- Added Support for Configuring the Envoy Proxy Image and Service
- Added Support for Configuring Annotations, Resources, and Securitycontext Settings on Ratelimit Infra and Envoy Proxy
- Added Support for Using Multiple Certificates on a Single Fully Qualified Domain Name
- Gateway Status Address is now Populated for ClusterIP type Envoy Services
- Envoy Proxy Pod and Container SecurityContext is now Configurable
- Added Custom Envoy Gateway Extensions Framework
- Added Support for Service Method Match in GRPCRoute
- Fixed CI Flakes During Helm Install
- Added Test To Ensure Static xDS Cluster Has Same Field Values as Dynamic Cluster
- Added egctl to Build and Test CI Workflow
- Code Coverage Thresholds are now Enforced by CI
- Fixed latest-release-check CI Job Failures
- Added Auto Release Tooling for Charts
- Enabled GatewayWithAttachedRoutes Test
- Enabled Enable HTTPRouteInvalidParentRefNotMatchingSectionName Test
- Enabled Enable HTTPRouteDisallowedKind Test
- Re-Enabled Gateway/HTTPRouteObservedGenerationBump Test
Translator
- Added Support for Dynamic GatewayControllerName in Route Status
Providers
- Update GatewayClass Status Based on EnvoyProxy Config Validation
xDS
- Added EDS Support
- Fixed PathSeparatedPrefix and Optimized Logic for Prefixes Ending With Trailing Slash
- Updated Deprecated RegexMatcher
- Refactored Authn and Ratelimit Features to Reuse buildXdsCluster
Cli
- Added egctl CLI Tool
- Added egctl Support for Dry Runs of Gateway API Config
- Added egctl Support for Dumping Envoy Proxy xDS Resources
1.21 - v0.3.0
Date: February 09, 2023
Documentation
- Added Global Rate Limit User Docs
- Added Request Authentication User Docs
- Added TCP Routing User Docs
- Added UDP Routing User Docs
- Added GRPC Routing User Docs
- Added HTTP Response Headers User Docs
- Added TCP and UDP Proxy Design Docs
- Added egctl Design Docs
- Added Rate Limit Design Docs
- Added Request Authentication Design Docs
- Added Support for Versioned Docs
- Added Support for Multiple Release Versions
- Added Release Details Docs
- Added API Docs Generating Tooling
- Refactored Layout for User Docs
API
- Upgraded to v0.6.1 Gateway API
- Added Support for the TCPRoute API
- Added Support for the UDPRoute API
- Added Support for the GRPCRoute API
- Added Support for HTTPRoute URLRewrite Filter
- Added Support for HTTPRoute RequestMirror Filter
- Added Support for HTTPRoute ResponseHeaderModifier Filter
- Added Support for Request Authentication
- Added Support for Global Rate Limiting
- Added Support for Routes ReferenceGrant
- Added Support for Namespace Server Config Type
- Added initial management of Envoy Proxy deployment via EnvoyProxy API
- Fixed Make Image Failed in Darwin
- Fixed Wait for Job Succeeded before conformance test
- Upgraded Echoserver Image Tag
- Added Support for User-Facing Version
- Added Support for Testing EG against Multiple Kubernetes Versions
- Enabled GatewayClassObservedGenerationBump conformance test
- Enabled GatewayInvalidTLSConfiguration conformance test
- Enabled GatewayInvalidRouteKind conformance test
- Enabled HTTPRouteReferenceGrant conformance test
- Enabled HTTPRouteMethodMatching conformance test
- Enabled HTTPRoutePartiallyInvalidViaInvalidReferenceGrant conformance test
- Enabled HTTPRouteInvalidParentRefNotMatchingListenerPort conformance test
- (Currently EG passes all conformance tests except redirect and gateway/httproute ObservedGenerationBump tests. Redirect tests are failing due to a possible issue with the way upstream conformance tests have made assumptions. Skip them for now until below issues #992 #993 #994 are resolved)
IR
- Added TCP Listener per TLSRoute
Translator
- Fixes Remove Stale Listener Condition
- Added Support for Suffix Matches for Headers
- Added Support for HTTP Method Matching to HTTPRoute
- Added Support for Regex Match Type
- Added Support for HTTPQueryParamMatch
Providers
- Refactored Kubernetes Provider to Single Reconciler
- Upgraded Kube Provider Test Data Manifests to v0.6.1
- Removed Duplicate Settings from Bootstrap Config
- Updated Certgen to Use EG Namespace Env
- Added EnvoyProxy to Translator and Kube Infra Manager
- Upgraded Envoyproxy Image to envoy-dev latest in Main
- Removed EG Logs Private Key
xDS
- Fixed Start xDS Server Watchable Map Panics
- Enabled Access Logging for xDS Components
1.22 - v0.3.0-rc.1
Date: February 02, 2023
Documentation
- Added Support for Multiple Release Versions
- Added Support for Versioned Docs
- Added Release Details Docs
- Refactored Layout for User Docs
API
- Upgraded to v0.6.0 Gateway API
- Added Support for the TCPRoute API
- Added Support for the UDPRoute API
- Added Support for the GRPCRoute API (Add to the ListenerStatus.SupportedKinds Field until https://github.com/envoyproxy/gateway/issues/950 is fixed.)
- Added Support for HTTPRoute URLRewrite Filter
- Added Support for HTTPRoute RequestMirror Filter
- Added Support for HTTPRoute ResponseHeaderModifier Filter
- Added APIs to Manage Envoy Deployment
- Added Support for Request Authentication
- Added Support for Global Rate Limiting
- Added Support for Routes ReferenceGrant
- Added Support for Namespace Server Config Type
- Fixes Make Image Failed in Darwin
- Fixes Wait for Job Succeeded before conformance test
- Upgraded Echoserver Image Tag
- Added Support for User-Facing Version
- Added Support for Testing EG against Multiple Kubernetes Versions
- Enabled HTTPRouteInvalidParentRefNotMatchingListenerPort conformance test
- Enabled GatewayInvalidTLSConfiguration conformance test
- Enabled GatewayInvalidRouteKind conformance test
- Enabled HTTPRoutePartiallyInvalidViaInvalidReferenceGrant conformance test
- Enabled HTTPRouteReferenceGrant conformance test
- Enabled HTTPRouteMethodMatching conformance test
IR
- Added TCP Listener per TLSRoute
Translator
- Fixes Remove Stale Listener Condition
- Added Support for Suffix Matches for Headers
- Added Support for HTTP Method Matching to HTTPRoute
- Added Support for Regex Match Type
- Added Support for HTTPQueryParamMatch
Providers
- Refactored Kubernetes Provider to Single Reconciler
- Upgraded Kube Provider Test Data Manifests to v0.6.0
- Removed Duplicate Settings from Bootstrap Config
- Updated Certgen to Use EG Namespace Env
- Added EnvoyProxy to Translator and Kube Infra Manager
- Upgraded Envoyproxy Image to envoy-dev latest in Main
- Removed EG Logs Private Key
xDS
- Fixed Start xDS Server Watchable Map Panics
- Enabled Access Logging for xDS Components
1.23 - v0.2.0
Date: October 19, 2022
Documentation
- Added Config API, translator, roadmap, and message bus design documentation.
- Added documentation for releasing Envoy Gateway.
- Added user guides for configuring common tasks, e.g. HTTP request routing.
- Added support for the Sphinx documentation generator.
API
- Added the EnvoyGateway API type for configuring Envoy Gateway.
- Added the EnvoyProxy API type for configuring managed Envoys.
- Added tooling to build, run, etc. Envoy Gateway.
- Added Gateway API conformance tests.
- Added Make-based tooling to fetch all tools so checks (code lint, spellchecks) and tests can be run locally.
- Added support for releasing latest artifacts to GitHub.
- Added code coverage with a minimum 60% threshold.
IR
- Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway.
- Added IR validation.
Translator
- Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage the
- status of Gateway API resources.
- Added the xDS translator to translate the xds IR to xDS resources.
Message-service
- Added infra and xds IR watchable map messages for inter-component communication.
- Added a Runner to each Envoy Gateway component to support pub/sub between components.
- Added support for managing multiple separate Envoy proxy fleets.
Infra-manager
- Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster.
- Added support for managing a separate Envoy infrastructure per Gateway.
Providers
- Added the Kubernetes provider with support for managing GatewayClass, Gateway, HTTPRoute, ReferenceGrant, and
- TLSRoute resources.
- Due to Issue #539, a ReferenceGrant is not removed from the system when unreferenced.
- Due to Issue #577, TLSRoute is not being tested for Gateway API conformance.
- Added watchers for dependent resources of managed Envoy infrastructure to trigger reconciliation.
- Added support for labeling managed infrastructure using Gateway namespace/name labels.
- Added support for finalizing the managed GatewayClass.
xDS
- Added xDS server support to configure managed Envoys using Delta xDS.
- Added initial support for mTLS between the xDS server and managed Envoys.
- Due to envoyproxy/go-control-plane Issue #599, Envoy Gateway logs the private key of HTTPS listeners.
1.24 - v0.2.0-rc2
Date: September 29, 2022
Documentation
- Updated and expanded developer documentation.
- Added
kube-demo
target to demonstrate Envoy Gateway functionality. - Added developer debugging documentation.
Ci
- Added Gateway API conformance tests.
Providers
- Added watchers for dependent resources of managed Envoy infrastructure.
- Added Gateway namespace/name labels to managed resources.
- Added support for finalizing the managed GatewayClass.
xDS
- Updated xds server and Envoy bootstrap config to use Delta xDS.
- Added initial support for mTLS between the xDS server and Envoy.
Translator
- Expanded support for Gateway API status.
- Added support for request modifier and redirect filters.
- Added support to return 500 responses for invalid backends.
Message service
- Updated IRs to support managing multiple Envoy fleets.
Infra manager
- Separate Envoy infrastructure is created per Gateway.
1.25 - v0.2.0-rc1
Date: August 31, 2022
Documentation
- Added a quickstart guide for users to run and use Envoy Gateway.
API
- Added the EnvoyGateway API type for configuring Envoy Gateway.
- Added the EnvoyProxy API type for configuring managed Envoys.
Ci
- Added tooling to build, run, etc. Envoy Gateway.
Providers
- Added the Kubernetes provider.
xDS
- Added xDS server to configure managed Envoys.
IR
- Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway.
- Added IR validation.
Translator
- Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage
- Gateway API status.
Message service
- Added infra and xds IR watchable map messages for inter-component communication.
- Added a Runner to each component to support pub/sub between components.
Infra manager
- Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster.
1.26 - v0.1.0
Date: May 16, 2022
Documentation
- The initial open source release describing project goals and high-level design.
2 - Announcing Envoy Gateway v1.2
Envoy Gateway v1.2 release announcement.
We are thrilled to announce the arrival of Envoy Gateway v1.2.0.
This release represents a significant achievement, and we extend our heartfelt gratitude to the entire Envoy Gateway community for their contributions, dedication, and support. Your collaborative efforts have been instrumental in reaching this pivotal release.
Thank you for being an integral part of this journey. We are excited to see how Envoy Gateway v1.2.0 will empower your operations and look forward to continuing our work together to drive the future of Cloud Native API Gateway.
What’s New
The release adds a ton of features and functionality. Here are some highlights:
🚨 Breaking Changes
- Gateway API Updates: Removed support for the v1alpha2 versions for
GRPCRoute
and ReferenceGrant
. See the Gateway API v1.2.0 documentation for details. - CPU Limits: Removed default CPU limit for Envoy Gateway deployment to avoid throttling.
- Envoy Shutdown Settings: Drain strategy set to immediate, with default values as follows:
minDrainDuration
: 10sdrainTimeout
: 60sterminationGracePeriodSeconds
: 360s
- Endpoint Health On Host Removal: Enabled
ignore_health_on_host_removal
for clusters with static endpoints to allow faster removal of endpoints that have been deleted by the control plane, without waiting for the results of an active health check. - Logging Level Adjustment: Set xDS and Infra IR logs to Debug level instead of Info, so they will no longer appear in Envoy Gateway logs by default. You can change the logging level to
debug
to view them.
✨ New Features
API & Traffic Management Enhancements
- Gateway-API v1.2.0 Support: Fully compatible with the latest Gateway-API standards.
- IPv4/IPv6 Dual Stack: Now available for EnvoyProxy fleet and
BackendRef
resources. - Standalone Mode: Experimental support for Envoy Gateway standalone (host deployment) mode.
- Response Override: Added support for
Response Override
and RequestTimeout
in BackendTrafficPolicy. - Active Passive Failover: Supported with the new
fallback
field in the Backend API. - Session Persistence in HTTPRoute: Session persistence is supported in HTTPRoute rules for stateful traffic management.
- HTTPRouteFilter: Adds support for Direct Response and Path Regex Rewrites in HTTPRouteFilter
Security Enhancements
- JWT Claims-Based Authorization: Advanced security control with claims-based policies in SecurityPolicy.
- CORS Wildcard Matching: Wildcard matching for
AllowMethods
and AllowHeaders
settings. - OIDC Flow Support: Added nonce support for OIDC authorization.
Observability & Tracing
- Datadog Tracing Integration: Improved support for Datadog tracing in EnvoyProxy CRD.
- Listener Access Logs: Adds support for configuring Listener level Access Logs for EnvoyProxy.
- Native Prometheus Metrics: Introduced a Prometheus metrics endpoint for rate limit monitoring.
Helm Customization
- SecurityContext Options: Customizable security context for improved deployment.
- NodeSelector and PriorityClassName: Added for more granular deployment configuration.
🐞 Bug Fixes
- Fixed xDS translation failure when the WASM HTTP code source was configured without an SHA.
- Resolved unsupported listener protocol types causing errors in Gateway status updates.
- Fixed
BackendTLSPolicy
causing crashes due to invalid sectionName
in Backend
configurations. - Fixed propagation delays in
SecurityPolicy
updates for HTTPRoute
when using targetSelectors
. - Improved
JSONPath
to JSONPatch
translation accuracy. - Fixed unwanted
/
appearing in paths when using prefix rewrites. - Corrected nil pointer errors when configuring hash load balancing.
- Fixed active health check issues where
expectedStatuses
was not functioning properly. - Ensured correct status updates for
Backend
resources and HTTPRoute
.
- Memory Optimization: Enhanced memory usage by eliminating redundant resource storage.
⚙️ Other Notable Changes
- Envoy Upgrade: Now using Envoy v1.32.1 for added stability and performance.
- Optional Alpha CRD Watching: Allows Envoy Gateway to run with older Gateway API versions.
3 - Announcing Envoy Gateway v1.1
Envoy Gateway v1.1 release announcement.
We are thrilled to announce the arrival of Envoy Gateway v1.1.0.
This release represents a significant achievement, and we extend our heartfelt gratitude to the entire Envoy Gateway community for their contributions, dedication, and support. Your collaborative efforts have been instrumental in reaching this pivotal release.
Thank you for being an integral part of this journey. We are excited to see how Envoy Gateway v1.1.0 will empower your operations and look forward to continuing our work together to drive the future of Cloud Native API Gateway.
What’s New
The release adds a ton of features and functionality. Here are some highlights:
Documentation
- Added Concepts Doc
- Added User Guide for Wasm Extension
- Added User Guide for patching Envoy Service
- Added User Guide for Backend MTLS
- Added User Guide for Backend TLS Parameters
- Added User Guide for IP Allowlist/Denylist
- Added User Guide for Extension Server
- Added User Guide for building Wasm image
- Added Performance Benchmarking Document
- Added User Guide for Zipkin Tracing
- Added User Guide for Customizing Ordering of Filters
- Added User Guide for External Processing Filter in EnvoyExtensionPolicy
- Added User Guide for installation of egctl with brew
- Added User Guide for Client Buffer Size Limit
- Added User Guide for Client Idle Timeout
- Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides
- Added User Guide for Backend resource
- Added GA Blog Post
- Added Threat Model
- Added Adopters section to docs
- Added User Guide and Dashboards for Control Plane and Resource Observability
- Added User Guide for Connection Limits in ClientTrafficPolicy
- Added User Guide on using Private Key Provider
- Added Design Doc for Authorization
- Added Design Doc for XDS Metadata
- Added Design Doc for Backend resource
- Added Design Doc for Control Plane Observability
- Added Design Doc for EnvoyExtensionPolicy
- Added Design Doc for External Processing in EnvoyExtensionPolicy
- Updated Access Logging User Guide to include filtering with CEL Expression
- Updated Access Logging User Guide to include Metadata
- Updated Development Guide to require Golang 1.22
- Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource
- Updated Site to reflect GA status
- Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef
- Updated Observability User Guides to use gateway-addons-helm
- Updated Gateway-API User Guide to reflect support for BackendRef filters
- Updated HTTP Timeouts User Guide to highlight default Envoy timeouts
- Updated Installation Guide to use server-side apply
- Updated Installation Guide to refer to values.yaml docs
- Updated BackendTLSPolicy User Guide to GW-API v1.1.0
- Updated User Guides to use tabs when applying yaml from file or stdin
- Updated OIDC User Guide to use HTTPS redirect URLs
- Updated Order of versions in Site
- Updated Extensbility User Gudie to use yaml-format patches
- Updated Quickstart Guide to include next steps
- Updated CRD docs to include enum values
- Updated Extensibility User Guide with Envoy Patch Policy examples
- Updated structure of docs: rename Guides to Tasks, move Contribution
- Updated Support Matrix
- Updated egctl x status docs for xRoute and xPolicy
- Updated egctl User Guide with Install and Uninstall commands
- Updated GRPCRoute docs to use v1 instead of v1alpha2
- Fixed Rate Limiting User Guide to use correct CIDR matcher type names
- Fixed User Guide for JWT-based routing
- Fixed JSON Access Log Example
- Use linkinator to detect dead links in docs
- Use helm-docs to generate chart docs
- Support Not-Implemented-Hide marker in API docs
Installation
- Added startupProbe to all provisioned containers to reduce risk of restart
- Added new gateway-addons-helm chart for Observability
- Added support for global image settings for all images in Envoy Gateway helm chart
- Added Support for PodDistruptionBudget for Envoy Gateway
- Added Support for TopologySpreadConstraints for Envoy Gateway
- Added Support for Tolerations for Envoy Gateway
- Added Support for Ratelimit image pull secrets and pull policy
- Updated ttlSecondsAfterFinished on certgen job to 30 by default
- Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts
- Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service
API
- Added Support for Gateway-API v1.1.0
- Added new Backend CRD
- Added new EnvoyExtensionPolicy CRD
- Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs
- Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs
- Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config
- Added Support for Custom ShutDownManager Image in EnvoyGateway Config
- Added Support for Leader Election in EnvoyGateway Config
- Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config
- Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD
- Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD
- Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD
- Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD
- Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD
- Added Support for Rate Limiting Tracing in EnvoyProxy CRD
- Added Support for Routing to Service IP in EnvoyProxy CRD
- Added Support for Access Log CEL filters in EnvoyProxy CRD
- Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD
- Added Support for Zipkin Tracing in EnvoyProxy CRD
- Added Support for using the Listener port as a the Container port in EnvoyProxy CRD
- Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD
- Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD
- Added Support for Backend TLS Settings in EnvoyProxy CRD
- Added Support for HTTP Filter Ordering in EnvoyProxy CRD
- Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD
- Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD
- Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD
- Added Support for Per-Endpoint stats in EnvoyProxy CRD
- Added Support for Targeting SectionNames in ClientTrafficPolicy CRD
- Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD
- Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD
- Added Support for HTTP/2 settings in ClientTrafficPolicy CRD
- Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD
- Added Support for HTTP Health Check in ClientTrafficPolicy CRD
- Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD
- Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD
- Added Support for XFCC header processing in ClientTrafficPolicy CRD
- Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD
- Added Support for IdleTimeout in ClientTrafficPolicy CRD
- Added Support for Connection Limits in ClientTrafficPolicy CRD
- Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD
- Added Support for Optionally requiring a JWT in SecurityPolicy CRD
- Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD
- Added Support for Authorization in SecurityPolicy CRD
- Added Support for Ext-Auth failOpen in SecurityPolicy CRD
- Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD
- Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD
- Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD
- Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD
- Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD
- Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy
- Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD
- Added Support for Wasm extension in EnvoyExtensionPolicy CRD
- Added Support for External Processing extension in EnvoyExtensionPolicy CRD
- Removed Status Print Column from xPolicy CRDs
Breaking Changes
- SecurityPolicy translation failures will now cause routes referenced by the policy to return an immediate 500 response
- Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
- xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources
Deprecations
- xPolicy targetRef is deprecated, use targetRefs instead
- SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead
- OpenTelemetry Proxy Access Log Host and Port are deprecated, use backendRefs instead
- OpenTelemetry Proxy Metrics Sink Host and Port are deprecated, use backendRefs instead
- Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead
- Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead
- Added Supported Features to Gateway Class
Testing
- Added e2e test for Client MTLS
- Added e2e test for Load Balancing
- Added performance benchmarking test
- Added e2e test for Zipking Tracing
- Added e2e test for HTTP Health Checks
- Added e2e test for CEL Access Log Filter
- Added e2e test for GRPC Access Log Service Sink
- Added e2e test for XDS Metadata
- Added e2e test for Wasm from OCI Images and HTTP Source
- Added e2e test for Service IP Routing
- Added e2e test for Multiple GatewayClasses
- Added e2e test for HTTP Full Path rewrite
- Added e2e test for Backend API
- Added e2e test for Backend TLS Settings
- Added e2e test for disabling X-RateLimit Headers
- Added e2e test for Authorization
- Added e2e test for BackendRefs in Ext-Auth
- Added e2e test for Using Client Protocol in Upstream Connection
- Added e2e test for Backend Client Cert Authentication
- Added e2e test for External Processing Filter
- Added e2e test for Merge Gateways Feature
- Added e2e test for Option JWT authentication
- Added e2e test for Infrastructure using Server-Side Apply
- Added e2e test for Connection Limits
- Added e2e test for Envoy Graceful Shutdown
- Updated e2e test for Limit to cover multiple listeners
- Updated e2e test for CORS to not require access-control-expose-headers
- Run CEL tests on all supported K8s versions
- Added OSV Scanner for Golang Vulnerabilities and Licenses
- Added Trivy scanner for Docker images
Translator
- Added Support for BackendRef HTTP Filters
- Added Support for attaching EnvoyProxy to Gateways
- Added Support for cross-namespace EnvoyProxy reference from GatewayClass
- Added Support for Backend Traffic Policy for UDPRoute and TCPRoute
- Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute
- Added Support for multiple BackendRefs in TCPRoute and UDPRoute
- Added Metrics related to XDS Server, Infra Manager and Controller
- Added Support for PolicyStatus in EnvoyPatchPolicy
- Added Support for Websocket upgrades in HTTP/1 Routes
- Added Support for custom controller name in egctl
- Added Support for BackendTLSPolicy CA Certificate reference to Secret
- Added names to Filter Chains
- Added Support extension server hooks for TCP and UDP listeners
- Added Support for attaching EnvoyProxy resource to Gateways
- Added Support for Exposing Prometheus Port in Rate Limiter Service
- Added Support for Optional Rate Limit Backend Redis
- Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled
- Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain
- Updated Ext-Auth Per-Route config to use filter-specific Config Type
- Updated Overload Manager configuration according to Envoy recommendations by default
- Updated Infrastructure resource management to user Server-Side Apply
- Updated Reflection of Errors in Gateway Status when too many addresses are assigned
- Fixed enforcement of same-namespace for BackendTLSPolicy and target
- Fixed processing all listeners before returning with an error
- Fixed creation of infrastructure resources if there are no listeners
- Fixed use GatewayClass Name for Observability if Merge Gateways is enabled
- Fixed CORS to not forward Not-Matching Preflights to Backends
- Fixed BackendTLSPolicy status to fully conform with PolicyStatus
- Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters
- Fixed Proxy Protocol Filter to always be the first Listener Filter
- Fixed Translation Consistency by sorting Gateways
- Fixed QUIC Listener to only Advertise HTTP/3 over ALPN
- Fixed SNI matching for TCP Routes with TLS termination
- Fixed Reconciliation when EnvoyProxy backendRefs changes
- Fixed Reconciliation when a referenced Secret or ConfigMap changes
- Fixed ReplaceFullPath not working for root path
- Fixed Default Application Protocol to TCP for Zipkin Tracing
- Fixed not appending well-known ports (80, 443) in rediret Location header
Providers
- Bumped K8s Client to v0.30.0
XDS
- Bumped go-control-plane to v0.12.1
CLI
- Added egctl x collect command
- Added Support for Install and Uninstall commands to egctl
- Added Support for xRoute and xPolicy in egctl x status
- Added Golang version to Envoy Gateway version command
- Fixed egctl x status gatewayclass example message
5 - Announcing Envoy Gateway v0.6
Envoy Gateway v0.6 release announcement.
We are pleased to announce the release of Envoy Gateway v0.6!
This is the fifth functional release of Envoy Gateway. We would like to thank the entire Envoy Gateway community for
helping publish the release.
What’s New
The release adds a ton of features and functionality. Here are some highlights:
Gateway API
- Upgraded to Gateway API v1.0
- Added support for HTTPRoute Timeouts
Add Control Plane Proxy Telemetry
- Added Support for Metrics Telemetry
Add Support for directly configuring xDS
- Added Support for the EnvoyPatchPolicy API
ClientTrafficPolicy
- Added Support for configuring Downstream Keep Alives
BackendTrafficPolicy
- Added Support for configuring Rate limiting
- Added Support for configuring load balancing
SecurityPolicy
- Added Support for configuring JWT
- Added Support for configuring CORS
API Updates
- Added support for selectively watching resources based on Namespace Selector
- Added EnvoyGateway Metrics with Prometheus and OpenTelemetry support
- Added Support for InitContainers in EnvoyProxy CRD
- Added Support for LoadBalancerIP in EnvoyProxy CRD
- Added Support for AllocateLoadBalancerNodePorts in EnvoyProxy CRD
- Added Support for LoadBalancerClass in EnvoyProxy CRD
- Added Support for selecting EnvoyProxy stats to be generated
- Added Support for enabling EnvoyProxy Virtual Host metrics
- Added Support for Merging Gateway resources onto the same infrastructure
CLI
- Added
egctl stats
command
Kubernetes Provider
- Improved reconiliation by using the same enqueue request for all resources
- Added support for reconciling ServiceImport CRD
Breaking changes
- Removed RateLimitFilter, and replaced it with BackendTrafficPolicy
- Removed AuthenticationFilter, and replaced it with SecurityPolicy
- Moved the EnvoyProxy CRD from
config.gateway.envoyproxy.io
to gateway.envoyproxy.io
- Converted the
bootstrap
field within EnvoyProxy
into a struct to support merge operations.
6 - Announcing Envoy Gateway v0.5
Envoy Gateway v0.5 release announcement.
We are pleased to announce the release of Envoy Gateway v0.5!
This is the fourth functional release of Envoy Gateway. We would like to thank the entire Envoy Gateway community for
helping publish the release.
What’s New
The release adds a ton of features and functionality. Here are some highlights:
Upgrade Gateway API Dependency
- Upgraded to Gateway API v0.7.1
Add Data Plane Proxy Telemetry
- Added Support for Access Logging, Tracing and Metrics Telemetry
Add Support for directly configuring xDS
- Added Support for the EnvoyPatchPolicy API
Ratelimiting
- Added Support for Distinct Ratelimiting Based On IP Addresses
- Added Support for JWT Claim based Ratelimiting
- Switched to Xds SOTW Server for RateLimit Service Configuration
API Updates
- Added Support for configuring EnvoyProxy Pod Labels
- Added Support for configuring EnvoyProxy Deployment Strategy Settings, Volumes and Volume Mounts
- Added Support for configuring EnvoyProxy as a NodePort Type Service
- Added Admin Server for Envoy Gateway
- Added Pprof Debug Support for Envoy Gateway
- Added Support to Watch for Resources in Select Namespaces
Envoy Proxy
- Added Best Practices Default Edge Settings to Xds Resources
7 - Announcing Envoy Gateway v0.4
Envoy Gateway v0.4 release announcement.
We are pleased to announce the release of Envoy Gateway v0.4!
This is the third functional release of Envoy Gateway. We would like to thank the entire Envoy Gateway community for
helping publish the release.
What’s New
The release adds a ton of features and functionality. Here are some highlights:
Upgrade Gateway API Dependency
- Upgraded to Gateway API v0.6.2
Add Helm Support
- Installation of Envoy Gateway can now be done through helm
- Added egctl Support for Dry Runs of Gateway API Config
- Added egctl Support for Dumping Envoy Proxy xDS Resources
Add Support for extending Envoy Gateway
- Added Initial Framework for Building an Extension on top of Envoy Gateway
Ratelimiting
- Added Support for Ratelimiting Based On IP Subnet
API Updates
- Added Support for Custom Envoy Proxy Bootstrap Config
- Added Support for Configuring the Envoy Proxy Image and Service
- Added Support for Configuring Annotations, Resources, and Securitycontext Settings on Ratelimit Infra and Envoy Proxy
- Added Support for Using Multiple Certificates on a Single Fully Qualified Domain Name
- Envoy Proxy Pod and Container SecurityContext is now Configurable
- Added Support for Service Method Match in GRPCRoute
- Added EDS Support
8 - Announcing Envoy Gateway v0.3
Envoy Gateway v0.3 release announcement.
We are pleased to announce the release of Envoy Gateway v0.3!
This is the second functional release of Envoy Gateway. We would like to thank the entire Envoy Gateway community for
helping publish the release.
What’s New
The release adds a ton of features and functionality. Here are some highlights:
Add Support for extended Gateway API fields
- Added Support for HTTPRoute URLRewrite Filter
- Added Support for HTTPRoute RequestMirror Filter
- Added Support for HTTPRoute ResponseHeaderModifier Filter
Add Support for experimental Gateway APIs
- Added Support for the TCPRoute API
- Added Support for the UDPRoute API
- Added Support for the GRPCRoute API
Add Support for Rate Limiting
- Added Support for Global Rate Limiting
Add Support for Authentication
- Added Support for Request Authentication
9 - Announcing Envoy Gateway v0.2
Envoy Gateway v0.2 release announcement.
We are pleased to announce the release of Envoy Gateway v0.2!
This is the first functional release of Envoy Gateway. We would like to thank the entire Envoy Gateway community for
helping publish the release.
What’s New
The release adds a ton of features and functionality. Here are some highlights:
Kubernetes Support
Run Envoy Gateway in a Kubernetes cluster. Checkout the quickstart guide to get started with Envoy Gateway in a few
simple steps.
Gateway API Support
Envoy Gateway supports Gateway API resources for running and configuring a managed fleet of Envoy proxies. Envoy Gateway
passes Gateway API core conformance tests and supports GatewayClass, Gateway, HTTPRoute, and TLSRoute resources. See
the documentation for additional details on how to use Envoy Gateway for your edge proxy and API gateway needs.
Envoy Gateway at EnvoyCon NA
Envoy Gateway will be at EnvoyCon NA this October in Detroit. Don’t miss our talk to learn more about the
release and future direction of the project.
10 - Compatibility Matrix
This section includes Compatibility Matrix of Envoy Gateway.
Envoy Gateway relies on the Envoy Proxy and the Gateway API, and runs within a Kubernetes cluster. Not all versions of each of these products can function together for Envoy Gateway. Supported version combinations are listed below; bold type indicates the versions of the Envoy Proxy and the Gateway API actually compiled into each Envoy Gateway release.
Envoy Gateway version | Envoy Proxy version | Rate Limit version | Gateway API version | Kubernetes version |
---|
latest | dev-latest | master | v1.2.0 | v1.28, v1.29, v1.30, v1.31 |
v1.2 | distroless-v1.32.1 | 28b1629a | v1.2.0 | v1.28, v1.29, v1.30, v1.31 |
v1.1 | distroless-v1.31.0 | 91484c59 | v1.1.0 | v1.27, v1.28, v1.29, v1.30 |
v1.0 | distroless-v1.29.2 | 19f2079f | v1.0.0 | v1.26, v1.27, v1.28, v1.29 |
v0.6 | distroless-v1.28-latest | b9796237 | v1.0.0 | v1.26, v1.27, v1.28 |
v0.5 | v1.27-latest | e059638d | v0.7.1 | v1.25, v1.26, v1.27 |
v0.4 | v1.26-latest | 542a6047 | v0.6.2 | v1.25, v1.26, v1.27 |
v0.3 | v1.25-latest | f28024e3 | v0.6.1 | v1.24, v1.25, v1.26 |
v0.2 | v1.23-latest | | v0.5.1 | v1.24 |