This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Notes

This section includes Releases Notes of Envoy Gateway.

1 - v1.2.0-rc.1

Date: October 25, 2024

Breaking changes

  • Gateway API GRPCRoute and ReferenceGrant v1alpha2 have been removed.
  • Please refer to the Gateway API v1.2.0 documentation for more information.
  • Removed default CPU limit of the Envoy Gateway deployment
  • Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively

New features

  • Added support for Gateway-API v1.2.0
  • Added support for IPv4/IPv6 Dual Stack for Envoy listeners and BackendRef resources
  • Added support for EG standalone(host deployment) mode (experimental)
  • Added support for JWT claims based Authorization in SecurityPolicy CRD
  • Added support for Direct Response in HTTPRouteFilter CRD
  • Added support for Response Override in BackendTrafficPolicy CRD
  • Added support for RequestTimeout in BackendTrafficPolicy CRD
  • Added support for inverting header matches for rate limit in BackendTrafficPolicy CRD
  • Added support for client TLS session resumption in ClientTrafficPolicy CRD
  • Added support for HTTPRouteFilter and path regex rewrite
  • Added support for host header rewrite in HTTPRouteFilter CRD
  • Added support for Listener Access Log in EnvoyProxy CRD
  • Added support for Datadog tracing support in EnvoyProxy CRD
  • Added support for request response sizes stats in EnvoyProxy CRD
  • Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD
  • Added support for match conditions for access log in EnvoyProxy CRD
  • Added support for using BackendCluster to represent OIDCProvider
  • Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD
  • Added support for sharing token cookies between multiple domains in SecurityPolicy CRD
  • Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD
  • Added support for LB priority for non xRoute endpoints
  • Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD
  • Added support for early request header mutation in the ClientTrafficPolicy CRD
  • Added support for JsonPath in the EnvoyPatchPolicy CRD
  • Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD
  • Added support for cluster settings for non xRoute-generated backend refs
  • Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD
  • Added support for http2 upstream settings in BackendTrafficPolicy CRD
  • Added support for DNS resolution settings in BackendTrafficPolicy CRD
  • Added support for configuring service annotations in the Envoy Gateway helm chart
  • Added support for configuring priorityClassName to Envoy Gateway helm chart
  • Added support for ratelimit metrics monitoring in grafana in the addons helm chart
  • Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart
  • Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart
  • Added support for configuring NodeSelector in the Envoy Gateway helm chart
  • Added support for nonce in the OIDC auth flow
  • Added support for choosing an HTTPRoute’s non-wildcard hostname as the default Host
  • Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails
  • Added support for returning 500 when SecurityPolicy translation fails
  • Added support for multiple backendRefs for ExtAuth and ExtProc
  • Added support for session persistence in HTTPRoute rules
  • Added support for the Backend resource for ExtAuth
  • Added support for target selectors on Envoy Gateway Extension Server policies
  • Added support for non-Kubernetes Backends for TLSRoute
  • Added support for fallback to the Backend API
  • Added support for reloadable EnvoyGateway configuration
  • Added support for adding Labels to the Envoy Service
  • Added support for custom name for ratelimit deployment
  • Added default SecurityContext for EG components
  • Added startupProbe to all provisioned containers
  • Added support for local validations for egctl translate and file provider
  • Added support for egctl x collect to collect information from the cluster for debugging
  • Added support for a native prometheus metrics endpoint in the ratelimit server

Bug fixes

  • Fixed unsupported listener protocol type causing an error while updating Gateway Status
  • Fixed some status updates were being discarded by the status updater
  • Fixed Gateway crash adding BackendTLSPolicy to External Backend of an HTTPRoute
  • Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors
  • Fixed JSONPath not correctly translated to JSONPatch paths
  • Fixed allow empty slowStart when using LeastRequest
  • Fixed Backends which should be rejected are still used as an HTTPRoute’s destination
  • Fixed losing timeout settings that originate from the route when translating the backend traffic policy
  • Fixed Backend resources don’t get status updates
  • Fixed Active Health check requires expectedStatuses field to work
  • Fixed HTTPHeaderFilter processing doesn’t correctly support multiple header values
  • Fixed multiple reference grants in same namespace
  • Fixed upstream get unwanted /.
  • Fixed creation of SecurityPolicy with targetSelectors fails
  • Fixed wrong gateway is chosen as HTTPRoute parent
  • Fixed override issue for EEP
  • Fixed nil pointer err translating hash load balancing
  • Fixed ratelimit does not work across multiple GatewayClasses
  • Fixed upstream mTLS only works for HTTPS listeners
  • Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not
  • Fixed empty connection limit causes XDS rejection
  • Fixed ratelimit not working with both headers and cidr matches
  • Fixed EDS didn’t update when deployments was created after services
  • Fixed RBAC issue for deleting infrastructure resources
  • Fixed customized infrastructure resources not being deleted
  • Fixed Gateways never become ready/programmed when running Envoy as a Daemonset
  • Fixed Ratelimit Deployment ignoring pod labels and annotation merge
  • Fixed the API Server receives unnecessary requests
  • Fixed terminating envoy pods don’t respond with “Connection: close” (H1) or GOAWAY(H2) on shutdown, switch to an immediate drain strategy
  • Fixed ratelimit statsd not working
  • Fixed not generating selector of deployment/daemonset based on the custom label configuration of EnvoyProxy
  • Fixed egctl experimental translate using a wrong ns

Performance improvements

  • Fixed repeated resources and optimize memory usage

Other changes

  • Removed grafana test framework from the addons helm chart
  • Disabled ALPN for non-HTTP routes
  • Added statPrefix for HCM and TCPProxy
  • Enabled GatewayHTTPListenerIsolation conformance test
  • Enabled GRPC conformance profile
  • Enabled HTTPRouteBackendRequestHeaderModifier conformance test
  • Added e2e test for Daemonset mode
  • Updated upgrades tests to use VERSION env variable
  • Fixed OVS scanner wrong license warnings
  • Added e2e test for TLS session resumption
  • Added heap profile into benchmark report
  • Added e2e test for RecomputeRoute in ExtAuth
  • Added benchmark memory profiles into report
  • Fixed flaky gateway_with_conflicted_listener_cannot_be_merged e2e test
  • Fixed flaky Zipkin Tracing e2e test
  • Added e2e test for cookie based consistent hash load balancing
  • Added e2e test for load balancing
  • Fixed flaky authorization tests
  • Enabled upgrade test
  • Fixed flaky basic auth e2e test
  • Enabled use-client-protocol e2e test
  • Added performance benchmarking test for 1000 HTTPRoutes
  • Added e2e test for Datadog tracing
  • Added e2e tests for ratelimit invert matching headers
  • Reduced readinessProbe failureThreshold and periodSeconds
  • Bumped go-control-plane to v0.13.1

2 - v1.1.2

Date: September 24, 2024

Translator

  • Fixed handling of sectionName in BackendTLSPolicy for Backend resource

Infra-manager

  • Pin Envoy Proxy version to v1.32.2
  • Change Envoy listener drain strategy from gradual to immediate

Providers

  • Fixed reconciliation of HTTPRoutes when labels change

3 - v1.1.1

Date: September 11, 2024

Documentation

  • Bumped Golang version to 1.22.7

Conformance

  • Enabled GatewayHTTPListenerIsolation test

Testing

  • Fix download URL of envoy proxy WASM examples used in tests

Translator

  • Fixed url rewrite to remove trailing slash
  • Isolate HTTP route tables to listener according to Gateway-API specifications
  • Fixed identification of ReferenceGrant when multiple ReferenceGrants exist in a namespace
  • Fixed added header values as a command and space delimited list
  • Fixed assertion on expected status in active HTTP healthcheck
  • Fixed rejection of invalid Backends referenced by xRoutes
  • Fixed support for empty SlowStart configuration when using LeastRequest loadbalancing
  • Fixed update of status for Backends

Infra-manager

  • Pin ratelimit version to 26f28d78
  • Reduce readinessProbe failureThreshold and periodSeconds of proxy
  • Expose ratelimit statsd

Providers

  • Fixed error returned when referenced Configmap or Secret is not found
  • Use component name in Envoy Gateway logs

4 - v1.1.0

Date: July 22, 2024

Documentation

  • Added Concepts Doc
  • Added User Guide for Wasm Extension
  • Added User Guide for patching Envoy Service
  • Added User Guide for Backend MTLS
  • Added User Guide for Backend TLS Parameters
  • Added User Guide for IP Allowlist/Denylist
  • Added User Guide for Extension Server
  • Added User Guide for building Wasm image
  • Added Performance Benchmarking Document
  • Added User Guide for Zipkin Tracing
  • Added User Guide for Customizing Ordering of Filters
  • Added User Guide for External Processing Filter in EnvoyExtensionPolicy
  • Added User Guide for installation of egctl with brew
  • Added User Guide for Client Buffer Size Limit
  • Added User Guide for Client Idle Timeout
  • Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides
  • Added User Guide for Backend resource
  • Added GA Blog Post
  • Added Threat Model
  • Added Adopters section to docs
  • Added User Guide and Dashboards for Control Plane and Resource Observability
  • Added User Guide for Connection Limits in ClientTrafficPolicy
  • Added User Guide on using Private Key Provider
  • Added Design Doc for Authorization
  • Added Design Doc for XDS Metadata
  • Added Design Doc for Backend resource
  • Added Design Doc for Control Plane Observability
  • Added Design Doc for EnvoyExtensionPolicy
  • Added Design Doc for External Processing in EnvoyExtensionPolicy
  • Updated Access Logging User Guide to include filtering with CEL Expression
  • Updated Access Logging User Guide to include Metadata
  • Updated Development Guide to require Golang 1.22
  • Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource
  • Updated Site to reflect GA status
  • Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef
  • Updated Observability User Guides to use gateway-addons-helm
  • Updated Gateway-API User Guide to reflect support for BackendRef filters
  • Updated HTTP Timeouts User Guide to highlight default Envoy timeouts
  • Updated Installation Guide to use server-side apply
  • Updated Installation Guide to refer to values.yaml docs
  • Updated BackendTLSPolicy User Guide to GW-API v1.1.0
  • Updated User Guides to use tabs when applying yaml from file or stdin
  • Updated OIDC User Guide to use HTTPS redirect URLs
  • Updated Order of versions in Site
  • Updated Extensbility User Gudie to use yaml-format patches
  • Updated Quickstart Guide to include next steps
  • Updated CRD docs to include enum values
  • Updated Extensibility User Guide with Envoy Patch Policy examples
  • Updated structure of docs: rename Guides to Tasks, move Contribution
  • Updated Support Matrix
  • Updated egctl x status docs for xRoute and xPolicy
  • Updated egctl User Guide with Install and Uninstall commands
  • Updated GRPCRoute docs to use v1 instead of v1alpha2
  • Fixed Rate Limiting User Guide to use correct CIDR matcher type names
  • Fixed User Guide for JWT-based routing
  • Fixed JSON Access Log Example
  • Use linkinator to detect dead links in docs
  • Use helm-docs to generate chart docs
  • Support Not-Implemented-Hide marker in API docs

Installation

  • Added startupProbe to all provisioned containers to reduce risk of restart
  • Added new gateway-addons-helm chart for Observability
  • Added support for global image settings for all images in Envoy Gateway helm chart
  • Added Support for PodDistruptionBudget for Envoy Gateway
  • Added Support for TopologySpreadConstraints for Envoy Gateway
  • Added Support for Tolerations for Envoy Gateway
  • Added Support for Ratelimit image pull secrets and pull policy
  • Updated ttlSecondsAfterFinished on certgen job to 30 by default
  • Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts
  • Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service

API

  • Added Support for Gateway-API v1.1.0
  • Added new Backend CRD
  • Added new EnvoyExtensionPolicy CRD
  • Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs
  • Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs
  • Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config
  • Added Support for Custom ShutDownManager Image in EnvoyGateway Config
  • Added Support for Leader Election in EnvoyGateway Config
  • Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config
  • Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD
  • Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD
  • Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD
  • Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD
  • Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD
  • Added Support for Rate Limiting Tracing in EnvoyProxy CRD
  • Added Support for Routing to Service IP in EnvoyProxy CRD
  • Added Support for Access Log CEL filters in EnvoyProxy CRD
  • Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD
  • Added Support for Zipkin Tracing in EnvoyProxy CRD
  • Added Support for using the Listener port as a the Container port in EnvoyProxy CRD
  • Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD
  • Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD
  • Added Support for Backend TLS Settings in EnvoyProxy CRD
  • Added Support for HTTP Filter Ordering in EnvoyProxy CRD
  • Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD
  • Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD
  • Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD
  • Added Support for Per-Endpoint stats in EnvoyProxy CRD
  • Added Support for Targeting SectionNames in ClientTrafficPolicy CRD
  • Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD
  • Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD
  • Added Support for HTTP/2 settings in ClientTrafficPolicy CRD
  • Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD
  • Added Support for HTTP Health Check in ClientTrafficPolicy CRD
  • Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD
  • Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD
  • Added Support for XFCC header processing in ClientTrafficPolicy CRD
  • Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD
  • Added Support for IdleTimeout in ClientTrafficPolicy CRD
  • Added Support for Connection Limits in ClientTrafficPolicy CRD
  • Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD
  • Added Support for Optionally requiring a JWT in SecurityPolicy CRD
  • Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD
  • Added Support for Authorization in SecurityPolicy CRD
  • Added Support for Ext-Auth failOpen in SecurityPolicy CRD
  • Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD
  • Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD
  • Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD
  • Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD
  • Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD
  • Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy
  • Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD
  • Added Support for Wasm extension in EnvoyExtensionPolicy CRD
  • Added Support for External Processing extension in EnvoyExtensionPolicy CRD
  • Removed Status Print Column from xPolicy CRDs

Breaking Changes

  • SecurityPolicy translation failures will now cause routes referenced by the policy to return an immediate 500 response
  • Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
  • xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources

Deprecations

  • xPolicy targetRef is deprecated, use targetRefs instead
  • SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead
  • OpenTelemetry Proxy Access Log Host and Port are deprecated, use backendRefs instead
  • OpenTelemetry Proxy Metrics Sink Host and Port are deprecated, use backendRefs instead
  • Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead
  • Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead

Conformance

  • Added Supported Features to Gateway Class

Testing

  • Added e2e test for Client MTLS
  • Added e2e test for Load Balancing
  • Added performance benchmarking test
  • Added e2e test for Zipking Tracing
  • Added e2e test for HTTP Health Checks
  • Added e2e test for CEL Access Log Filter
  • Added e2e test for GRPC Access Log Service Sink
  • Added e2e test for XDS Metadata
  • Added e2e test for Wasm from OCI Images and HTTP Source
  • Added e2e test for Service IP Routing
  • Added e2e test for Multiple GatewayClasses
  • Added e2e test for HTTP Full Path rewrite
  • Added e2e test for Backend API
  • Added e2e test for Backend TLS Settings
  • Added e2e test for disabling X-RateLimit Headers
  • Added e2e test for Authorization
  • Added e2e test for BackendRefs in Ext-Auth
  • Added e2e test for Using Client Protocol in Upstream Connection
  • Added e2e test for Backend Client Cert Authentication
  • Added e2e test for External Processing Filter
  • Added e2e test for Merge Gateways Feature
  • Added e2e test for Option JWT authentication
  • Added e2e test for Infrastructure using Server-Side Apply
  • Added e2e test for Connection Limits
  • Added e2e test for Envoy Graceful Shutdown
  • Updated e2e test for Limit to cover multiple listeners
  • Updated e2e test for CORS to not require access-control-expose-headers
  • Run CEL tests on all supported K8s versions
  • Added OSV Scanner for Golang Vulnerabilities and Licenses
  • Added Trivy scanner for Docker images

Translator

  • Added Support for BackendRef HTTP Filters
  • Added Support for attaching EnvoyProxy to Gateways
  • Added Support for cross-namespace EnvoyProxy reference from GatewayClass
  • Added Support for Backend Traffic Policy for UDPRoute and TCPRoute
  • Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute
  • Added Support for multiple BackendRefs in TCPRoute and UDPRoute
  • Added Metrics related to XDS Server, Infra Manager and Controller
  • Added Support for PolicyStatus in EnvoyPatchPolicy
  • Added Support for Websocket upgrades in HTTP/1 Routes
  • Added Support for custom controller name in egctl
  • Added Support for BackendTLSPolicy CA Certificate reference to Secret
  • Added names to Filter Chains
  • Added Support extension server hooks for TCP and UDP listeners
  • Added Support for attaching EnvoyProxy resource to Gateways
  • Added Support for Exposing Prometheus Port in Rate Limiter Service
  • Added Support for Optional Rate Limit Backend Redis
  • Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled
  • Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain
  • Updated Ext-Auth Per-Route config to use filter-specific Config Type
  • Updated Overload Manager configuration according to Envoy recommendations by default
  • Updated Infrastructure resource management to user Server-Side Apply
  • Updated Reflection of Errors in Gateway Status when too many addresses are assigned
  • Fixed enforcement of same-namespace for BackendTLSPolicy and target
  • Fixed processing all listeners before returning with an error
  • Fixed creation of infrastructure resources if there are no listeners
  • Fixed use GatewayClass Name for Observability if Merge Gateways is enabled
  • Fixed CORS to not forward Not-Matching Preflights to Backends
  • Fixed BackendTLSPolicy status to fully conform with PolicyStatus
  • Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters
  • Fixed Proxy Protocol Filter to always be the first Listener Filter
  • Fixed Translation Consistency by sorting Gateways
  • Fixed QUIC Listener to only Advertise HTTP/3 over ALPN
  • Fixed SNI matching for TCP Routes with TLS termination
  • Fixed Reconciliation when EnvoyProxy backendRefs changes
  • Fixed Reconciliation when a referenced Secret or ConfigMap changes
  • Fixed ReplaceFullPath not working for root path
  • Fixed Default Application Protocol to TCP for Zipkin Tracing
  • Fixed not appending well-known ports (80, 443) in rediret Location header

Providers

  • Bumped K8s Client to v0.30.0

xDS

  • Bumped go-control-plane to v0.12.1

Cli

  • Added egctl x collect command
  • Added Support for Install and Uninstall commands to egctl
  • Added Support for xRoute and xPolicy in egctl x status
  • Added Golang version to Envoy Gateway version command
  • Fixed egctl x status gatewayclass example message

5 - v1.1.0-rc.1

Date: July 8, 2024

Documentation

  • Added Performance Benchmarking Document
  • Added User Guide for Zipkin Tracing
  • Added User Guide for Customizing Ordering of Filters
  • Added User Guide for External Processing Filter in EnvoyExtensionPolicy
  • Added User Guide for installation of egctl with brew
  • Added User Guide for Client Buffer Size Limit
  • Added User Guide for Client Idle Timeout
  • Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides
  • Added User Guide for Backend resource
  • Added GA Blog Post
  • Added Threat Model
  • Added Adopters section to docs
  • Added User Guide and Dashboards for Control Plane and Resource Observability
  • Added User Guide for Connection Limits in ClientTrafficPolicy
  • Added User Guide on using Private Key Provider
  • Added Design Doc for Authorization
  • Added Design Doc for XDS Metadata
  • Added Design Doc for Backend resource
  • Added Design Doc for Control Plane Observability
  • Added Design Doc for EnvoyExtensionPolicy
  • Added Design Doc for External Processing in EnvoyExtensionPolicy
  • Updated Access Logging User Guide to include filtering with CEL Expression
  • Updated Access Logging User Guide to include Metadata
  • Updated Development Guide to require Golang 1.22
  • Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource
  • Updated Site to reflect GA status
  • Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef
  • Updated Observability User Guides to use gateway-addons-helm
  • Updated Gateway-API User Guide to reflect support for BackendRef filters
  • Updated HTTP Timeouts User Guide to highlight default Envoy timeouts
  • Updated Installation Guide to use server-side apply
  • Updated Installation Guide to refer to values.yaml docs
  • Updated BackendTLSPolicy User Guide to GW-API v1.1.0
  • Updated User Guides to use tabs when applying yaml from file or stdin
  • Updated OIDC User Guide to use HTTPS redirect URLs
  • Updated Order of versions in Site
  • Updated Extensbility User Gudie to use yaml-format patches
  • Updated Quickstart Guide to include next steps
  • Updated CRD docs to include enum values
  • Updated Extensibility User Guide with Envoy Patch Policy examples
  • Updated structure of docs: rename Guides to Tasks, move Contribution
  • Updated Support Matrix
  • Updated egctl x status docs for xRoute and xPolicy
  • Updated egctl User Guide with Install and Uninstall commands
  • Updated GRPCRoute docs to use v1 instead of v1alpha2
  • Fixed Rate Limiting User Guide to use correct CIDR matcher type names
  • Fixed User Guide for JWT-based routing
  • Fixed JSON Access Log Example
  • Use linkinator to detect dead links in docs
  • Use helm-docs to generate chart docs
  • Support Not-Implemented-Hide marker in API docs

Installation

  • Added new gateway-addons-helm chart for Observability
  • Added support for global image settings for all images in Envoy Gateway helm chart
  • Added Support for PodDistruptionBudget for Envoy Gateway
  • Added Support for TopologySpreadConstraints for Envoy Gateway
  • Added Support for Tolerations for Envoy Gateway
  • Added Support for Ratelimit image pull secrets and pull policy
  • Updated ttlSecondsAfterFinished on certgen job to 30 by default
  • Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts
  • Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service

API

  • Added Support for Gateway-API v1.1.0
  • Added new Backend CRD
  • Added new EnvoyExtensionPolicy CRD
  • Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs
  • Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs
  • Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config
  • Added Support for Custom ShutDownManager Image in EnvoyGateway Config
  • Added Support for Leader Election in EnvoyGateway Config
  • Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config
  • Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD
  • Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD
  • Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD
  • Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD
  • Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD
  • Added Support for Rate Limiting Tracing in EnvoyProxy CRD
  • Added Support for Routing to Service IP in EnvoyProxy CRD
  • Added Support for Access Log CEL filters in EnvoyProxy CRD
  • Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD
  • Added Support for Zipkin Tracing in EnvoyProxy CRD
  • Added Support for using the Listener port as a the Container port in EnvoyProxy CRD
  • Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD
  • Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD
  • Added Support for Backend TLS Settings in EnvoyProxy CRD
  • Added Support for HTTP Filter Ordering in EnvoyProxy CRD
  • Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD
  • Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD
  • Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD
  • Added Support for Per-Endpoint stats in EnvoyProxy CRD
  • Added Support for Targeting SectionNames in ClientTrafficPolicy CRD
  • Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD
  • Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD
  • Added Support for HTTP/2 settings in ClientTrafficPolicy CRD
  • Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD
  • Added Support for HTTP Health Check in ClientTrafficPolicy CRD
  • Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD
  • Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD
  • Added Support for XFCC header processing in ClientTrafficPolicy CRD
  • Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD
  • Added Support for IdleTimeout in ClientTrafficPolicy CRD
  • Added Support for Connection Limits in ClientTrafficPolicy CRD
  • Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD
  • Added Support for Optionally requiring a JWT in SecurityPolicy CRD
  • Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD
  • Added Support for Authorization in SecurityPolicy CRD
  • Added Support for Ext-Auth failOpen in SecurityPolicy CRD
  • Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD
  • Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD
  • Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD
  • Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD
  • Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD
  • Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy
  • Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD
  • Added Support for Wasm extension in EnvoyExtensionPolicy CRD
  • Added Support for External Processing extension in EnvoyExtensionPolicy CRD
  • Removed Status Print Column from xPolicy CRDs

Breaking Changes

  • Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
  • xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources

Deprecations

  • xPolicy targetRef is deprecated, use targetRefs instead
  • SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead
  • OpenTelemetry Proxy Access Log Host and Port are deprecated, use backendRefs instead
  • OpenTelemetry Proxy Metrics Sink Host and Port are deprecated, use backendRefs instead
  • Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead
  • Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead

Conformance

  • Added Supported Features to Gateway Class

Testing

  • Added performance benchmarking test
  • Added e2e test for Zipking Tracing
  • Added e2e test for HTTP Health Checks
  • Added e2e test for CEL Access Log Filter
  • Added e2e test for GRPC Access Log Service Sink
  • Added e2e test for XDS Metadata
  • Added e2e test for Wasm from OCI Images and HTTP Source
  • Added e2e test for Service IP Routing
  • Added e2e test for Multiple GatewayClasses
  • Added e2e test for HTTP Full Path rewrite
  • Added e2e test for Backend API
  • Added e2e test for Backend TLS Settings
  • Added e2e test for disabling X-RateLimit Headers
  • Added e2e test for Authorization
  • Added e2e test for BackendRefs in Ext-Auth
  • Added e2e test for Using Client Protocol in Upstream Connection
  • Added e2e test for Backend Client Cert Authentication
  • Added e2e test for External Processing Filter
  • Added e2e test for Merge Gateways Feature
  • Added e2e test for Option JWT authentication
  • Added e2e test for Infrastructure using Server-Side Apply
  • Added e2e test for Connection Limits
  • Added e2e test for Envoy Graceful Shutdown
  • Updated e2e test for Limit to cover multiple listeners
  • Updated e2e test for CORS to not require access-control-expose-headers
  • Run CEL tests on all supported K8s versions
  • Added OSV Scanner for Golang Vulnerabilities and Licenses
  • Added Trivy scanner for Docker images

Translator

  • Added Support for BackendRef HTTP Filters
  • Added Support for attaching EnvoyProxy to Gateways
  • Added Support for cross-namespace EnvoyProxy reference from GatewayClass
  • Added Support for Backend Traffic Policy for UDPRoute and TCPRoute
  • Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute
  • Added Support for multiple BackendRefs in TCPRoute and UDPRoute
  • Added Metrics related to XDS Server, Infra Manager and Controller
  • Added Support for PolicyStatus in EnvoyPatchPolicy
  • Added Support for Websocket upgrades in HTTP/1 Routes
  • Added Support for custom controller name in egctl
  • Added Support for BackendTLSPolicy CA Certificate reference to Secret
  • Added names to Filter Chains
  • Added Support extension server hooks for TCP and UDP listeners
  • Added Support for attaching EnvoyProxy resource to Gateways
  • Added Support for Exposing Prometheus Port in Rate Limiter Service
  • Added Support for Optional Rate Limit Backend Redis
  • Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled
  • Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain
  • Updated Ext-Auth Per-Route config to use filter-specific Config Type
  • Updated Overload Manager configuration according to Envoy recommendations by default
  • Updated Infrastructure resource management to user Server-Side Apply
  • Updated Reflection of Errors in Gateway Status when too many addresses are assigned
  • Fixed enforcement of same-namespace for BackendTLSPolicy and target
  • Fixed processing all listeners before returning with an error
  • Fixed creation of infrastructure resources if there are no listeners
  • Fixed use GatewayClass Name for Observability if Merge Gateways is enabled
  • Fixed CORS to not forward Not-Matching Preflights to Backends
  • Fixed BackendTLSPolicy status to fully conform with PolicyStatus
  • Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters
  • Fixed Proxy Protocol Filter to always be the first Listener Filter
  • Fixed Translation Consistency by sorting Gateways
  • Fixed QUIC Listener to only Advertise HTTP/3 over ALPN
  • Fixed SNI matching for TCP Routes with TLS termination
  • Fixed Reconciliation when EnvoyProxy backendRefs changes
  • Fixed Reconciliation when a referenced Secret or ConfigMap changes
  • Fixed ReplaceFullPath not working for root path
  • Fixed Default Application Protocol to TCP for Zipkin Tracing
  • Fixed not appending well-known ports (80, 443) in rediret Location header

Providers

  • Bumped K8s Client to v0.30.0

xDS

  • Bumped go-control-plane to v0.12.1

Cli

  • Added Support for Install and Uninstall Commands to egctl
  • Added Support for xRoute and xPolicy in egctl x status
  • Added Golang version to Envoy Gateway version command
  • Fixed egctl x status gatewayclass example message

6 - v1.0.2

Date: June 12, 2024

Installation

  • Updated EnvoyProxy to 1.29.5
  • Use Patch API for infra-client
  • Use ServerSideApply instead of CreateOrUpdate for infra-client

Testing

  • Fixed failures due to an expired certificate in one of the translator tests

Translator

  • Use - for naming service and container ports
  • Added proxy protocol always as first listenerFilter
  • Set ignoreCase for header matchers in extAuth
  • Added backend TLS SAN validation
  • Fixed ReplaceFullPath not working for root path (/)

Providers

  • Fixed duplicated xroutes are added to gatewayapi Resources
  • Fixed security policy reference grant from field type
  • Fixed Route extension filters with different types but the same name and namespace aren’t correctly cached
  • Fixed secrets/configmap updates to trigger a controller reconcile by removing the generationChanged predicate
  • Removed namespace restriction for EnvoyProxy parametersRef

7 - v1.0.1

Date: April 9, 2024

Installation

  • Updated EnvoyProxy version to v1.29.3
  • Fixed certgen to support creating the hmac secret during an upgrade

Translator

  • Fixed nil secret in resourceversiontable
  • Add missing http filters to the http filter chain when ClientTrafficPolicy and MergeGateways is enabled
  • Allow websockets when url rewrite is enabled
  • Set the Host header for http health checker
  • Fixed double slashes in redirect URL
  • Allow ClientTrafficPolicy to attach to multiple http (non https) listeners within the same Gateway
  • Set path prefix for the http ext auth service
  • Set the route matching precedence order to Exact > RegularExpression > PathPrefix
  • Fixed infraIR duplicate port translation for merged gateways
  • Set SpawnUpstreamSpan to true
  • Allow rate limit to work with multiple listeners

Infra-manager

  • Skip creating infra resources when the InfraIR has empty listeners

8 - v1.0.0

Date: March 13, 2024

Documentation

  • Added User Guide for Local Ratelimit
  • Added User Guide for Circuit Breaker
  • Added User Guide for fault injection
  • Added User Guide for EnvoyProxy extraArgs
  • Added User Guide for Timeouts in ClientTrafficPolicy
  • Added User Guide for JWT claim base routing
  • Added User Guide for HTTP Timeout
  • Added User Guide for Retry in BackendTrafficPolicy
  • Added User Guide for Basic Auth
  • Added User Guide for OIDC
  • Added User Guide for ClientTrafficPolicy
  • Added User Guide for BackendTrafficPolicy
  • Added User Guide for Basic Auth using HTTPS
  • Added User Guide for External Authorization
  • Added User Guide for Routing Outside Kubernetes
  • Added User Guide for BackendTLSPolicy
  • Added User Guide for Mutual TLS from External Clients to the Gateway
  • Added User Guide for Control Plane Authentication using custom certs
  • Added User Guide for Multiple Gatewayclass and Merge Gateways Deployment Mode
  • Added Type and required for CRD API doc
  • Refactored Structure of User Guide docs
  • Refactored Move Design docs under “Get Involved”
  • Updated crd-ref-docs to 0.0.10
  • Updated Envoy proxy image to envoy:distroless-dev in main

Installation

  • Added Support for Pulling envoyGateway image from a private registry
  • Added Support for Configuring resources for certgen job
  • Added Support for Configuring affinity for EnvoyGateway pod

API

  • Added Support for Downstream QUIC/HTTP3 in ClientTrafficPolicy CRD
  • Added Support for Downstream MTLS in ClientTrafficPolicy CRD
  • Added Support for Enabling EnvoyHeaders in ClientTrafficPolicy CRD
  • Added Support for DisableMergeSlash and escapedSlashesAction in ClientTrafficPolicy CRD
  • Added Support for EnableTrailers in HTTP/1.1 in ClientTrafficPolicy CRD
  • Added Support for Preserving header letter-case on HTTP/1 in ClientTrafficPolicy CRD
  • Added Support for Enabling HTTP/1.0 and HTTP/0.9 in ClientTrafficPolicy CRD
  • Added Support for Client IP Detection using XFF in ClientTrafficPolicy CRD
  • Added Support for Client IP Detection using Custom Header in ClientTrafficPolicy CRD
  • Added Support for Connection Timeouts in ClientTrafficPolicy CRD
  • Added Support for Common TLS configuration properties in ClientTrafficPolicy CRD
  • Added Support for Proxy protocol in ClientTrafficPolicy CRD
  • Added Support for TCPKeepAlive in ClientTrafficPolicy CRD
  • Added Support for Local rate limit in BackendTrafficPolicy CRD
  • Added Support for CircuitBreaker in BackendTrafficPolicy CRD
  • Added Support for Fault injection in BackendTrafficPolicy CRD
  • Added Support for Passive Health Checks in BackendTrafficPolicy CRD
  • Added Support for Active Health Checks in BackendTrafficPolicy CRD
  • Added Support for Connection Timeouts in BackendTrafficPolicy CRD
  • Added Support for Compressor/Decompressor in BackendTrafficPolicy CRD
  • Added Support for Retry in BackendTrafficPolicy CRD
  • Added Support for Slow start mode in BackendTrafficPolicy CRD
  • Added Support for Proxy protocol in BackendTrafficPolicy CRD
  • Added Support for TCPKeepAlive in BackendTrafficPolicy CRD
  • Added Support for PolicyStatus in BackendTrafficPolicy CRD
  • Added Support for PolicyStatus in ClientTrafficPolicy CRD
  • Added Support for PolicyStatus in SecurityPolicy CRD
  • Added Support for OIDC in SecurityPolicy CRD
  • Added Support for Basic Auth in SecurityPolicy CRD
  • Added Support for RedirectURL and signoutPath to OIDC in SecurityPolicy CRD
  • Added Support for ExtractFrom headers and params to JWT in SecurityPolicy CRD
  • Added Support for External Authorization in SecurityPolicy CRD
  • Added Support for RecomputeRoute field to JWT in SecurityPolicy CRD
  • Added Support for AllowCredentials knob to CORS setting in SecurityPolicy CRD
  • Added Support for Extract from different identifier to JWT in SecurityPolicy CRD
  • Added Support for Secret resource in EnvoyPatchPolicy CRD
  • Added Support for Making the value optional for JSONPatchOperation in EnvoyPatchPolicy CRD
  • Added Support for From field to JSONPatchOperation in EnvoyPatchPolicy CRD
  • Added Support for MergeGateways in EnvoyPatchPolicy CRD
  • Added Support for Upstream TLS by implementing BackendTLSPolicy CRD
  • Added Support for LabelSelector type for NamespaceSelectors in EnvoyGateway Configuration
  • Added Support for Ratelimit prometheus in EnvoyGateway Configuration
  • Added Support for Gracefully drain listeners before envoy shutdown on pod termination in EnvoyProxy CRD
  • Added Support for Configuring externalTrafficPolicy to the envoy service in EnvoyProxy CRD
  • Added Support for Envoy extra args in EnvoyProxy CRD
  • Added Support for Mergepatch to envoyproxy/ratelimit deployment in EnvoyProxy CRD
  • Added Support for Mergepatch to envoyproxy service in EnvoyProxy CRD
  • Added Support for NodeSelector to PodSpec in EnvoyProxy CRD
  • Added Support for HorizontalPodAutoscaler in EnvoyProxy CRD
  • Added Support for TopologySpreadConstraints to PodSpec in EnvoyProxy CRD
  • Added Support for ImagePullSecrets to PodSpec in EnvoyProxy CRD

Breaking Changes

  • Use wildcard to match AllowOrigins to CORS in SecurityPolicy CRD
  • Remove Hostnetwork support in EnvoyProxy CRD

Conformance

  • Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic

Testing

  • Added e2e test for Header Case-Preserving
  • Added e2e test for Timeout in ClientTrafficPolicy
  • Added e2e test for JWT claim base routing
  • Added e2e test for OIDC
  • Added e2e test for BackendTrafficPolicy Retry
  • Added e2e test for Backend Upgrade
  • Added e2e test for External Authorization
  • Added e2e test for Backend TLS policy
  • Added e2e test for Envoy Gateway Release Upgrade
  • Added e2e test for Weighted backend
  • Added validation for LoadBalancerIP to prevent trailing period

Translator

  • Fixed Prefix match to prevent mismatching routes with the same prefix
  • Fixed Multiple reconciling by implementing comparable interface for ir.Infra
  • Fixed EndpointSlice with empty conditions {}
  • Fixed Error handling when parsing the http request timeout
  • Fixed No status when EnvoyPatchPolicy is disabled
  • Fixed Printable for xds and infra IRs
  • Fixed Skip backendRefs with weight set to 0
  • Fixed AND Header matches in ratelimiting not working
  • Fixed Deletion logics when no gatewayclasses exist
  • Fixed Match mergedGateways irKey for ClientTrafficPolicy
  • Fixed Policies should apply only to gateways they were attached to when mergeGateways is true
  • Fixed Listener status is not surfaced for gateways when MergeGateways enabled
  • Fixed GRPCroute websocket not working by moving web socket upgrade config from hcm to route
  • Fixed Configure idle timeout when timeout is set on HTTPRoute
  • Fixed Relaxing HTTPS restriction for OIDC token endpoint
  • Fixed Panic when translating routes with empty backends
  • Fixed Xds translation should be done in a best-effort manner
  • Fixed Delete unused status keys from watchable
  • Fixed Ignoring finalizers when comparing envoy proxy service
  • Fixed Don’t override the ALPN array if HTTP/3 is enabled
  • Fixed Add h3 ALPN by default if HTTP/3 is enabled
  • Fixed Change the Merge behavior to Replace for SecurityPolicy/BackendTrafficPolicy
  • Fixed Use service port in alt-svc header if HTTP/3 is enabled
  • Fixed Prevent policies targeting non-TLS listeners on the same port from conflicting
  • Fixed Skip the ReasonTargetNotFound for all policies
  • Fixed Skip publishing empty status for all policies
  • Added Support for validating regex before sending to Envoy
  • Added Support for setting spec.addresses.value into ClusterIP when Service Type is ClusterIP
  • Added Unsupported status condition for filters within BackendRef
  • Added List instead of map for Provider Resources for order stability
  • Added Suffix for oauth cookies to prevent multiple oauth filters from overwriting each other’s cookies
  • Added Support for overriding condition to BackendTrafficPolicy and SecurityPolicy
  • Added Support for default retry budget and retry host predicate
  • Added Support for implementing gateway.spec.infrastructure
  • Added Support for Upstream TLS to multiple Backends
  • Added Validation for CA Cert in ClientTrafficPolicy

Providers

  • Added Support for multiple GatewayClass per controller
  • Added SecurityPolicyIndexers in Kubernetes Provider
  • Added Support for generating HMAC secret in CertGen Job
  • Fixed Finalizer logic when deleting Gatewayclasses
  • Fixed MergeGateways panics when restarting control plane

xDS

  • Added Support for EDS cache
  • Added Support for ADS cache to ensure the rule order
  • Fixed Deprecated field error when using RequestHeaderModifier filter
  • Fixed Envoy rejects XDS at runtime losing all routes on restart
  • Fixed Requests not matching defined routes trigger per-route filters
  • Bumped go-control-plane to v0.12.0

Cli

  • Added Support for egctl x status
  • Added Support for egctl experimental dashboard envoy-proxy
  • Added Support for egctl config ratelimit
  • Added Support for egctl translate from gateway-api resources to IR

9 - v0.6.0

Date: Nov 1, 2023

Documentation

  • Introduced a new website based on Hugo
  • Added Grafana dashboards and integration docs for EnvoyProxy metrics
  • Added Grafana integration docs for Gateway API metrics

Installation

  • Updated EnvoyProxy image to be a distroless variant.
  • Removed resources around kube-rbac-proxy

API

  • Upgraded to Gateway API v1.0.0
  • Added the ClientTrafficPolicy CRD with Keep Alive Support
  • Added the BackendTrafficPolicy CRD with RateLimit and LoadBalancer Support
  • Added the SecurityPolicy CRD with CORS and JWT Support
  • Added EnvoyGateway Metrics with Prometheus and OpenTelemetry support
  • Added Support for InitContainers in EnvoyProxy CRD
  • Added Support for LoadBalancerIP in EnvoyProxy CRD
  • Added Support for AllocateLoadBalancerNodePorts in EnvoyProxy CRD
  • Added Support for LoadBalancerClass in EnvoyProxy CRD
  • Added Support for selecting EnvoyProxy stats to be generated
  • Added Support for enabling EnvoyProxy Virtual Host metrics
  • Added Support for Merging Gateway resources onto the same infrastructure

Breaking Changes

  • Removed the AuthenticationFilter CRD
  • Removed the RateLimitFilter CRD
  • Moved EnvoyProxy CRD from config.gateway.envoyproxy.io to gateway.envoyproxy.io
  • Enabled EnvoyProxy Prometheus Endpoint by default with an option to disable it
  • Updated the Bootstrap field within the EnvoyProxy CRD with an additional value
  • field to specify bootstrap config

Conformance

  • Added Support for HTTPRouteBackendProtocolH2C Test
  • Added Support for HTTPRouteBackendProtocolWebSocket Test
  • Added Support for HTTPRouteRequestMultipleMirrors Test
  • Added Support for HTTPRouteTimeoutRequest Test
  • Added Support for HTTPRouteTimeoutBackendRequest Test
  • Added Support for HTTPRouteRedirectPortAndScheme Test

Watchable

  • Improved caching of resource by implementing a compare function agnostic of resource order

Translator

  • Added support for routing to EndpointSlice endpoints
  • Added support for HTTPRoute Timeouts
  • Added support for multiple RequestMirror filters per HTTPRoute rule
  • Use / instead of - in IR Route Names
  • Added Support to ignore ports in Host header

Providers

  • Added the generationChangedPredicate to most resources to limit resource reconiliation
  • Improved reconiliation by using the same enqueue request for all resources
  • Added support for reconciling ServiceImport CRD
  • Added support for selectively watching resources based on Namespace Selector

xDS

  • Fixed Layered Runtime warnings
  • Upgraded to the latest version of go-control-plane that fixed xDS Resource ordering issues for ADS.
  • Added HTTP2 Keep Alives to the xds connection

Cli

  • Added Support for egctl stats command

10 - v1.0.0-rc.1

Date: Nov 1, 2023

Documentation

  • Added User Guide for local rate limit
  • Added User Guide for circuit breaker
  • Added User Guide for fault injection
  • Added User Guide for EnvoyProxy extraArgs
  • Added User Guide for Timeouts in ClientTrafficPolicy
  • Added User Guide for JWT claim base routing
  • Added User Guide for HTTP Timeout
  • Added User Guide for Retry in BackendTrafficPolicy
  • Added User Guide for basic auth
  • Added User Guide for OIDC
  • Added User Guide for ClientTrafficPolicy
  • Added User Guide for BackendTrafficPolicy
  • Added Type and required for CRD API doc
  • Updated crd-ref-docs to 0.0.10
  • Updated Envoy proxy image to envoy:distroless-dev in main

Installation

  • Added Support for Pulling envoyGateway image from a private registry
  • Added Support for Configuring resources for certgen job
  • Added Support for Configuring affinity for EnvoyGateway pod

API

  • Added Support for Downstream QUIC/HTTP3 in ClientTrafficPolicy CRD
  • Added Support for Downstream MTLS in ClientTrafficPolicy CRD
  • Added Support for enabling EnvoyHeaders in ClientTrafficPolicy CRD
  • Added Support for DisableMergeSlash and escapedSlashesAction in ClientTrafficPolicy CRD
  • Added Support for EnableTrailers in HTTP/1.1 in ClientTrafficPolicy CRD
  • Added Support for Preserving header letter-case on HTTP/1 in ClientTrafficPolicy CRD
  • Added Support for enabling HTTP/1.0 and HTTP/0.9 in ClientTrafficPolicy CRD
  • Added Support for Client IP Detection using XFF in ClientTrafficPolicy CRD
  • Added Support for Client IP Detection using Custom Header in ClientTrafficPolicy CRD
  • Added Support for Connection Timeouts in ClientTrafficPolicy CRD
  • Added Support for Common TLS configuration properties in ClientTrafficPolicy CRD
  • Added Support for Proxy protocol in ClientTrafficPolicy CRD
  • Added Support for TCPKeepAlive in ClientTrafficPolicy CRD
  • Added Support for Local rate limit in BackendTrafficPolicy CRD
  • Added Support for CircuitBreaker in BackendTrafficPolicy CRD
  • Added Support for Fault injection in BackendTrafficPolicy CRD
  • Added Support for Passive Health Checks in BackendTrafficPolicy CRD
  • Added Support for Active Health Checks in BackendTrafficPolicy CRD
  • Added Support for Connection Timeouts in BackendTrafficPolicy CRD
  • Added Support for Compressor/Decompressor in BackendTrafficPolicy CRD
  • Added Support for Retry in BackendTrafficPolicy CRD
  • Added Support for Slow start mode in BackendTrafficPolicy CRD
  • Added Support for Proxy protocol in BackendTrafficPolicy CRD
  • Added Support for TCPKeepAlive in BackendTrafficPolicy CRD
  • Added Support for OIDC in SecurityPolicy CRD
  • Added Support for Basic Auth in SecurityPolicy CRD
  • Added Support for RedirectURL and signoutPath to OIDC in SecurityPolicy CRD
  • Added Support for ExtractFrom headers and params to JWT in SecurityPolicy CRD
  • Added Support for External authorization in SecurityPolicy CRD
  • Added Support for RecomputeRoute field to JWT in SecurityPolicy CRD
  • Added Support for AllowCredentials knob to CORS setting in SecurityPolicy CRD
  • Added Support for Extract from different identifier to JWT in SecurityPolicy CRD
  • Added Support for Secret resource in EnvoyPatchPolicy CRD
  • Added Support for Making the value optional for JSONPatchOperation in EnvoyPatchPolicy CRD
  • Added Support for From field to JSONPatchOperation in EnvoyPatchPolicy CRD
  • Added Support for MergeGateways in EnvoyPatchPolicy CRD
  • Added Support for Upstream TLS by implementing BackendTLSPolicy CRD
  • Added Support for LabelSelector type for NamespaceSelectors in EnvoyGateway Configuration
  • Added Support for ratelimit prometheus in EnvoyGateway Configuration
  • Added Support for Gracefully drain listeners before envoy shutdown on pod termination in EnvoyProxy CRD
  • Added Support for Configuring externalTrafficPolicy to the envoy service in EnvoyProxy CRD
  • Added Support for Envoy extra args in EnvoyProxy CRD
  • Added Support for Mergepatch to envoyproxy/ratelimit deployment in EnvoyProxy CRD
  • Added Support for Mergepatch to envoyproxy service in EnvoyProxy CRD
  • Added Support for NodeSelector to PodSpec in EnvoyProxy CRD
  • Added Support for HorizontalPodAutoscaler in EnvoyProxy CRD
  • Added Support for TopologySpreadConstraints to PodSpec in EnvoyProxy CRD
  • Added Support for ImagePullSecrets to PodSpec in EnvoyProxy CRD

Breaking Changes

  • Use wildcard to match AllowOrigins to CORS in SecurityPolicy CRD

Conformance

  • Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic

Testing

  • Added e2e test for header case-preserving
  • Added LoadBalancerIP validation to prevent trailing period
  • Added e2e test for Timeout in ClientTrafficPolicy
  • Added e2e test for jwt claim base routing
  • Added e2e test for OIDC
  • Added e2e test for BackendTrafficPolicy Retry

Translator

  • Fixed Prefix match to prevent mismatching routes with the same prefix
  • Fixed Multiple reconciling by implementing comparable interface for ir.Infra
  • Fixed EndpointSlice with empty conditions {}
  • Fixed Error handling when parsing the http request timeout
  • Fixed No status when EnvoyPatchPolicy is disabled
  • Fixed Printable for xds and infra IRs
  • Fixed Skip backendRefs with weight set to 0
  • Fixed AND Header matches in ratelimiting not working
  • Fixed Deletion logics when no gatewayclasses exist
  • Fixed Match mergedGateways irKey for ClientTrafficPolicy
  • Fixed Policies should apply only to gateways they were attached to when mergeGateways is true
  • Fixed Listener status is not surfaced for gateways when MergeGateways enabled
  • Fixed GRPCroute websocket not working by moving web socket upgrade config from hcm to route
  • Fixed Configure idle timeout when timeout is set on HTTPRoute
  • Fixed Relaxing HTTPS restriction for OIDC token endpoint
  • Fixed Panic when translating routes with empty backends
  • Fixed Xds translation should be done in a best-effort manner
  • Added Support for validating regex before sending to Envoy
  • Added Support for setting spec.addresses.value into ClusterIP when Service Type is ClusterIP
  • Added Unsupported status condition for filters within BackendRef
  • Added List instead of map for Provider Resources for order stability
  • Added Suffix for oauth cookies to prevent multiple oauth filters from overwriting each other’s cookies
  • Added Support for overriding condition to BackendTrafficPolicy and SecurityPolicy
  • Added Support for default retry budget and retry host predicate
  • Added Support for implementing gateway.spec.infrastructure
  • Added Validation for CA Cert in ClientTrafficPolicy

Providers

  • Added Support for multiple GatewayClass per controller
  • Added SecurityPolicyIndexers in Kubernetes Provider
  • Added Support for generating HMAC secret in CertGen Job
  • Fixed Finalizer logic when deleting Gatewayclasses
  • Fixed MergeGateways panics when restarting control plane

xDS

  • Added Support for EDS cache
  • Added Support for ADS cache to ensure the rule order
  • Fixed Deprecated field error when using RequestHeaderModifier filter
  • Fixed Envoy rejects XDS at runtime losing all routes on restart
  • Fixed Requests not matching defined routes trigger per-route filters
  • Bumped go-control-plane to v0.12.0

Cli

  • Added Support for egctl x status
  • Added Support for egctl experimental dashboard envoy-proxy
  • Added Support for egctl config ratelimit

11 - v0.6.0-rc.1

Date: Oct 27, 2023

Documentation

  • Introduced a new website based on Hugo
  • Added Grafana dashboards and integration docs for EnvoyProxy metrics
  • Added Grafana integration docs for Gateway API metrics

Installation

  • Added Support for configuring Envoy Gateway Label and Annotations using Helm
  • Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
  • Fixes Helm values for EnvoyGateway startup configuration
  • Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.

API

  • Upgraded to Gateway API v1.0.0
  • Added the ClientTrafficPolicy CRD with Keep Alive Support
  • Added the BackendTrafficPolicy CRD with RateLimit and LoadBalancer Support
  • Added the SecurityPolicy CRD with CORS and JWT Support
  • Added EnvoyGateway Metrics with Prometheus and OpenTelemetry support
  • Added Support for InitContainers in EnvoyProxy CRD
  • Added Support for LoadBalancerIP in EnvoyProxy CRD
  • Added Support for AllocateLoadBalancerNodePorts in EnvoyProxy CRD
  • Added Support for LoadBalancerClass in EnvoyProxy CRD
  • Added Support for selecting EnvoyProxy stats to be generated
  • Added Support for enabling EnvoyProxy Virtual Host metrics
  • Added Support for Merging Gateway resources onto the same infrastructure

Breaking Changes

  • Removed the AuthenticationFilter CRD
  • Removed the RateLimitFilter CRD
  • Enabled EnvoyProxy Prometheus Endpoint by default with an option to disable it
  • Updated the Bootstrap field within the EnvoyProxy CRD with an additional value
  • field to specify bootstrap config

Ci tooling testing

Conformance

Watchable

  • Improved caching of resource by implementing a compare function agnostic of resource order

Translator

Breaking Changes

  • Added support for routing to EndpointSlice endpoints
  • Added support for HTTPRoute Timeouts
  • Added support for multiple RequestMirror filters per HTTPRoute rule
  • Use / instead of - in IR Route Names
  • Added Support to ignore ports in Host header

Providers

  • Added the generationChangedPredicate to most resources to limit resource reconiliation
  • Improved reconiliation by using the same enqueue request for all resources
  • Added support for reconciling ServiceImport CRD
  • Added support for selectively watching resources based on Namespace Selector

xDS

  • Fixed Layered Runtime warnings
  • Upgraded to the latest version of go-control-plane that fixed xDS Resource ordering issues for ADS.
  • Added HTTP2 Keep Alives to the xds connection

Cli

  • Added Support for egctl stats command

12 - v0.5.0

Date: July 26, 2023

Documentation

  • Added Docs for Installation page using Helm
  • Added Docs for Cert Manager Integration
  • Added Docs for Presentation Links
  • Added Docs for configuring multiple TLS Certificates per Listener

Installation

  • Added Support for configuring Envoy Gateway Label and Annotations using Helm
  • Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
  • Fixes Helm values for EnvoyGateway startup configuration
  • Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.

API

  • Upgraded to Gateway API v0.7.1
  • Added Support for EnvoyPatchPolicy
  • Added Support for EnvoyProxy Telemetry - Access Logging, Traces and Metrics
  • Added Support for configuring EnvoyProxy Pod Labels
  • Added Support for configuring EnvoyProxy Deployment Strategy Settings, Volumes and Volume Mounts
  • Added Support for configuring EnvoyProxy as a NodePort Type Service
  • Added Support for Distinct RateLimiting for IP Addresses
  • Added Support for converting JWT Claims to Headers, to be used for RateLimiting
  • Added Admin Server for Envoy Gateway
  • Added Pprof Debug Support for Envoy Gateway
  • Added Support to Watch for Resources in Select Namespaces

Breaking Changes

  • Renamed field in EnvoyGateway API from Extension to ExtensionManager

Ci tooling testing

  • Added Retest Github Action
  • Added CherryPick Github Action
  • Added E2E Step in Github CI Workflow
  • Added RateLimit E2E Tests
  • Added JWT Claim based RateLimit E2E Tests
  • Added Access Logging E2E tests
  • Added Metrics E2E tests
  • Added Tracing E2E tests

Conformance

  • Enabled GatewayWithAttachedRoutes Test
  • Enabled HttpRouteRequestMirror Test
  • Skipped HTTPRouteRedirectPortAndScheme Test

Translator

Breaking Changes

  • Renamed IR resources from - to /
  • which also affects generated Xds Resources

Providers

  • Reconcile Node resources to be able to compute Status Addresses for Gateway
  • Discard Status before publishing Provider resources to reduce memory consumption

xDS

  • Fix Init Race in Xds Runner when starting Xds Server and receiving Xds Input
  • Switched to Xds SOTW Server for RateLimit Service Configuration
  • Added Control Plane TLS between EnvoyProxy and RateLimit Service
  • Enabled adding RateLimit Headers when RateLimit is set
  • Allowed GRPCRoute and HTTPRoute to be linked to the same HTTPS Listener
  • Set ALPN in the Xds Listener with TLS enabled.
  • Added Best Practices Default Edge Settings to Xds Resources
  • Compute and Publish EnvoyPatchPolicy status from xds-translator runner

Cli

  • Added egctl x translate Support to generate default missing Resources
  • Added egctl x translate Support for AuthenticationFilter and EnvoyPatchPolicy

13 - v0.5.0-rc.1

Date: July 26, 2023

Documentation

  • Added Docs for Installation page using Helm
  • Added Docs for Cert Manager Integration
  • Added Docs for Presentation Links
  • Added Docs for configuring multiple TLS Certificates per Listener

Installation

  • Added Support for configuring Envoy Gateway Label and Annotations using Helm
  • Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
  • Fixes Helm values for EnvoyGateway startup configuration
  • Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.

API

  • Upgraded to Gateway API v0.7.1
  • Added Support for EnvoyPatchPolicy
  • Added Support for EnvoyProxy Telemetry - Access Logging, Traces and Metrics
  • Added Support for configuring EnvoyProxy Pod Labels
  • Added Support for configuring EnvoyProxy Deployment Strategy Settings, Volumes and Volume Mounts
  • Added Support for configuring EnvoyProxy as a NodePort Type Service
  • Added Support for Distinct RateLimiting for IP Addresses
  • Added Support for converting JWT Claims to Headers, to be used for RateLimiting
  • Added Admin Server for Envoy Gateway
  • Added Pprof Debug Support for Envoy Gateway
  • Added Support to Watch for Resources in Select Namespaces

Breaking Changes

  • Renamed field in EnvoyGateway API from Extension to ExtensionManager

Ci tooling testing

  • Added Retest Github Action
  • Added CherryPick Github Action
  • Added E2E Step in Github CI Workflow
  • Added RateLimit E2E Tests
  • Added JWT Claim based RateLimit E2E Tests
  • Added Access Logging E2E tests
  • Added Metrics E2E tests
  • Added Tracing E2E tests

Conformance

  • Enabled GatewayWithAttachedRoutes Test
  • Enabled HttpRouteRequestMirror Test
  • Skipped HTTPRouteRedirectPortAndScheme Test

Translator

Breaking Changes

  • Renamed IR resources from - to /
  • which also affects generated Xds Resources

Providers

  • Reconcile Node resources to be able to compute Status Addresses for Gateway
  • Discard Status before publishing Provider resources to reduce memory consumption

xDS

  • Fix Init Race in Xds Runner when starting Xds Server and receiving Xds Input
  • Switched to Xds SOTW Server for RateLimit Service Configuration
  • Added Control Plane TLS between EnvoyProxy and RateLimit Service
  • Enabled adding RateLimit Headers when RateLimit is set
  • Allowed GRPCRoute and HTTPRoute to be linked to the same HTTPS Listener
  • Set ALPN in the Xds Listener with TLS enabled.
  • Added Best Practices Default Edge Settings to Xds Resources
  • Compute and Publish EnvoyPatchPolicy status from xds-translator runner

Cli

  • Added egctl x translate Support to generate default missing Resources
  • Added egctl x translate Support for AuthenticationFilter and EnvoyPatchPolicy

14 - v0.4.0

Date: April 24, 2023

Documentation

  • Added Docs for Installing and Using egctl

Installation

  • Added Helm Installation Support
  • Added Support for Ratelimiting Based On IP Subnet
  • Added Gateway API Support Doc
  • Added Namespace Resource to Helm Templates
  • Updated Installation Yaml to Use the envoy-gateway-system Namespace

API

  • Upgraded to Gateway API v0.6.2
  • Added Support for Custom Envoy Proxy Bootstrap Config
  • Added Support for Configuring the Envoy Proxy Image and Service
  • Added Support for Configuring Annotations, Resources, and Securitycontext Settings on Ratelimit Infra and Envoy Proxy
  • Added Support for Using Multiple Certificates on a Single Fully Qualified Domain Name
  • Gateway Status Address is now Populated for ClusterIP type Envoy Services
  • Envoy Proxy Pod and Container SecurityContext is now Configurable
  • Added Custom Envoy Gateway Extensions Framework
  • Added Support for Service Method Match in GRPCRoute
  • Fixed a Bug in the Extension Hooks for xDS Virtual Hosts and Routes

Ci tooling testing

  • Fixed CI Flakes During Helm Install
  • Added Test To Ensure Static xDS Cluster Has Same Field Values as Dynamic Cluster
  • Added egctl to Build and Test CI Workflow
  • Code Coverage Thresholds are now Enforced by CI
  • Fixed latest-release-check CI Job Failures
  • Added Auto Release Tooling for Charts

Conformance

  • Enabled GatewayWithAttachedRoutes Test
  • Enabled Enable HTTPRouteInvalidParentRefNotMatchingSectionName Test
  • Enabled Enable HTTPRouteDisallowedKind Test
  • Re-Enabled Gateway/HTTPRouteObservedGenerationBump Test

Translator

  • Added Support for Dynamic GatewayControllerName in Route Status

Providers

  • Update GatewayClass Status Based on EnvoyProxy Config Validation

xDS

  • Added EDS Support
  • Fixed PathSeparatedPrefix and Optimized Logic for Prefixes Ending With Trailing Slash
  • Updated Deprecated RegexMatcher
  • Refactored Authn and Ratelimit Features to Reuse buildXdsCluster

Cli

  • Added egctl CLI Tool
  • Added egctl Support for Dry Runs of Gateway API Config
  • Added egctl Support for Dumping Envoy Proxy xDS Resources

15 - v0.4.0-rc.1

Date: April 13, 2023

Documentation

  • Added Docs for Installing and Using egctl

Installation

  • Added Helm Installation Support
  • Added Support for Ratelimiting Based On IP Subnet
  • Added Gateway API Support Doc

API

  • Upgraded to Gateway API v0.6.2
  • Added Support for Custom Envoy Proxy Bootstrap Config
  • Added Support for Configuring the Envoy Proxy Image and Service
  • Added Support for Configuring Annotations, Resources, and Securitycontext Settings on Ratelimit Infra and Envoy Proxy
  • Added Support for Using Multiple Certificates on a Single Fully Qualified Domain Name
  • Gateway Status Address is now Populated for ClusterIP type Envoy Services
  • Envoy Proxy Pod and Container SecurityContext is now Configurable
  • Added Custom Envoy Gateway Extensions Framework
  • Added Support for Service Method Match in GRPCRoute

Ci tooling testing

  • Fixed CI Flakes During Helm Install
  • Added Test To Ensure Static xDS Cluster Has Same Field Values as Dynamic Cluster
  • Added egctl to Build and Test CI Workflow
  • Code Coverage Thresholds are now Enforced by CI
  • Fixed latest-release-check CI Job Failures
  • Added Auto Release Tooling for Charts

Conformance

  • Enabled GatewayWithAttachedRoutes Test
  • Enabled Enable HTTPRouteInvalidParentRefNotMatchingSectionName Test
  • Enabled Enable HTTPRouteDisallowedKind Test
  • Re-Enabled Gateway/HTTPRouteObservedGenerationBump Test

Translator

  • Added Support for Dynamic GatewayControllerName in Route Status

Providers

  • Update GatewayClass Status Based on EnvoyProxy Config Validation

xDS

  • Added EDS Support
  • Fixed PathSeparatedPrefix and Optimized Logic for Prefixes Ending With Trailing Slash
  • Updated Deprecated RegexMatcher
  • Refactored Authn and Ratelimit Features to Reuse buildXdsCluster

Cli

  • Added egctl CLI Tool
  • Added egctl Support for Dry Runs of Gateway API Config
  • Added egctl Support for Dumping Envoy Proxy xDS Resources

16 - v0.3.0

Date: February 09, 2023

Documentation

  • Added Global Rate Limit User Docs
  • Added Request Authentication User Docs
  • Added TCP Routing User Docs
  • Added UDP Routing User Docs
  • Added GRPC Routing User Docs
  • Added HTTP Response Headers User Docs
  • Added TCP and UDP Proxy Design Docs
  • Added egctl Design Docs
  • Added Rate Limit Design Docs
  • Added Request Authentication Design Docs
  • Added Support for Versioned Docs
  • Added Support for Multiple Release Versions
  • Added Release Details Docs
  • Added API Docs Generating Tooling
  • Refactored Layout for User Docs

API

  • Upgraded to v0.6.1 Gateway API
  • Added Support for the TCPRoute API
  • Added Support for the UDPRoute API
  • Added Support for the GRPCRoute API
  • Added Support for HTTPRoute URLRewrite Filter
  • Added Support for HTTPRoute RequestMirror Filter
  • Added Support for HTTPRoute ResponseHeaderModifier Filter
  • Added Support for Request Authentication
  • Added Support for Global Rate Limiting
  • Added Support for Routes ReferenceGrant
  • Added Support for Namespace Server Config Type
  • Added initial management of Envoy Proxy deployment via EnvoyProxy API

Ci tooling testing

  • Fixed Make Image Failed in Darwin
  • Fixed Wait for Job Succeeded before conformance test
  • Upgraded Echoserver Image Tag
  • Added Support for User-Facing Version
  • Added Support for Testing EG against Multiple Kubernetes Versions

Conformance

  • Enabled GatewayClassObservedGenerationBump conformance test
  • Enabled GatewayInvalidTLSConfiguration conformance test
  • Enabled GatewayInvalidRouteKind conformance test
  • Enabled HTTPRouteReferenceGrant conformance test
  • Enabled HTTPRouteMethodMatching conformance test
  • Enabled HTTPRoutePartiallyInvalidViaInvalidReferenceGrant conformance test
  • Enabled HTTPRouteInvalidParentRefNotMatchingListenerPort conformance test
  • (Currently EG passes all conformance tests except redirect and gateway/httproute ObservedGenerationBump tests. Redirect tests are failing due to a possible issue with the way upstream conformance tests have made assumptions. Skip them for now until below issues #992 #993 #994 are resolved)

IR

  • Added TCP Listener per TLSRoute

Translator

  • Fixes Remove Stale Listener Condition
  • Added Support for Suffix Matches for Headers
  • Added Support for HTTP Method Matching to HTTPRoute
  • Added Support for Regex Match Type
  • Added Support for HTTPQueryParamMatch

Providers

  • Refactored Kubernetes Provider to Single Reconciler
  • Upgraded Kube Provider Test Data Manifests to v0.6.1
  • Removed Duplicate Settings from Bootstrap Config
  • Updated Certgen to Use EG Namespace Env
  • Added EnvoyProxy to Translator and Kube Infra Manager
  • Upgraded Envoyproxy Image to envoy-dev latest in Main
  • Removed EG Logs Private Key

xDS

  • Fixed Start xDS Server Watchable Map Panics
  • Enabled Access Logging for xDS Components

17 - v0.3.0-rc.1

Date: February 02, 2023

Documentation

  • Added Support for Multiple Release Versions
  • Added Support for Versioned Docs
  • Added Release Details Docs
  • Refactored Layout for User Docs

API

  • Upgraded to v0.6.0 Gateway API
  • Added Support for the TCPRoute API
  • Added Support for the UDPRoute API
  • Added Support for the GRPCRoute API (Add to the ListenerStatus.SupportedKinds Field until https://github.com/envoyproxy/gateway/issues/950 is fixed.)
  • Added Support for HTTPRoute URLRewrite Filter
  • Added Support for HTTPRoute RequestMirror Filter
  • Added Support for HTTPRoute ResponseHeaderModifier Filter
  • Added APIs to Manage Envoy Deployment
  • Added Support for Request Authentication
  • Added Support for Global Rate Limiting
  • Added Support for Routes ReferenceGrant
  • Added Support for Namespace Server Config Type

Ci tooling testing

  • Fixes Make Image Failed in Darwin
  • Fixes Wait for Job Succeeded before conformance test
  • Upgraded Echoserver Image Tag
  • Added Support for User-Facing Version
  • Added Support for Testing EG against Multiple Kubernetes Versions

Conformance

  • Enabled HTTPRouteInvalidParentRefNotMatchingListenerPort conformance test
  • Enabled GatewayInvalidTLSConfiguration conformance test
  • Enabled GatewayInvalidRouteKind conformance test
  • Enabled HTTPRoutePartiallyInvalidViaInvalidReferenceGrant conformance test
  • Enabled HTTPRouteReferenceGrant conformance test
  • Enabled HTTPRouteMethodMatching conformance test

IR

  • Added TCP Listener per TLSRoute

Translator

  • Fixes Remove Stale Listener Condition
  • Added Support for Suffix Matches for Headers
  • Added Support for HTTP Method Matching to HTTPRoute
  • Added Support for Regex Match Type
  • Added Support for HTTPQueryParamMatch

Providers

  • Refactored Kubernetes Provider to Single Reconciler
  • Upgraded Kube Provider Test Data Manifests to v0.6.0
  • Removed Duplicate Settings from Bootstrap Config
  • Updated Certgen to Use EG Namespace Env
  • Added EnvoyProxy to Translator and Kube Infra Manager
  • Upgraded Envoyproxy Image to envoy-dev latest in Main
  • Removed EG Logs Private Key

xDS

  • Fixed Start xDS Server Watchable Map Panics
  • Enabled Access Logging for xDS Components

18 - v0.2.0

Date: October 19, 2022

Documentation

  • Added Config API, translator, roadmap, and message bus design documentation.
  • Added documentation for releasing Envoy Gateway.
  • Added user guides for configuring common tasks, e.g. HTTP request routing.
  • Added support for the Sphinx documentation generator.

API

  • Added the EnvoyGateway API type for configuring Envoy Gateway.
  • Added the EnvoyProxy API type for configuring managed Envoys.

Ci tooling testing

  • Added tooling to build, run, etc. Envoy Gateway.
  • Added Gateway API conformance tests.
  • Added Make-based tooling to fetch all tools so checks (code lint, spellchecks) and tests can be run locally.
  • Added support for releasing latest artifacts to GitHub.
  • Added code coverage with a minimum 60% threshold.

IR

  • Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway.
  • Added IR validation.

Translator

  • Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage the
  • status of Gateway API resources.
  • Added the xDS translator to translate the xds IR to xDS resources.

Message-service

  • Added infra and xds IR watchable map messages for inter-component communication.
  • Added a Runner to each Envoy Gateway component to support pub/sub between components.
  • Added support for managing multiple separate Envoy proxy fleets.

Infra-manager

  • Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster.
  • Added support for managing a separate Envoy infrastructure per Gateway.

Providers

  • Added the Kubernetes provider with support for managing GatewayClass, Gateway, HTTPRoute, ReferenceGrant, and
  • TLSRoute resources.
  • Due to Issue #539, a ReferenceGrant is not removed from the system when unreferenced.
  • Due to Issue #577, TLSRoute is not being tested for Gateway API conformance.
  • Added watchers for dependent resources of managed Envoy infrastructure to trigger reconciliation.
  • Added support for labeling managed infrastructure using Gateway namespace/name labels.
  • Added support for finalizing the managed GatewayClass.

xDS

  • Added xDS server support to configure managed Envoys using Delta xDS.
  • Added initial support for mTLS between the xDS server and managed Envoys.
  • Due to envoyproxy/go-control-plane Issue #599, Envoy Gateway logs the private key of HTTPS listeners.

19 - v0.2.0-rc2

Date: September 29, 2022

Documentation

  • Updated and expanded developer documentation.
  • Added kube-demo target to demonstrate Envoy Gateway functionality.
  • Added developer debugging documentation.

Ci

  • Added Gateway API conformance tests.

Providers

  • Added watchers for dependent resources of managed Envoy infrastructure.
  • Added Gateway namespace/name labels to managed resources.
  • Added support for finalizing the managed GatewayClass.

xDS

  • Updated xds server and Envoy bootstrap config to use Delta xDS.
  • Added initial support for mTLS between the xDS server and Envoy.

Translator

  • Expanded support for Gateway API status.
  • Added support for request modifier and redirect filters.
  • Added support to return 500 responses for invalid backends.

Message service

  • Updated IRs to support managing multiple Envoy fleets.

Infra manager

  • Separate Envoy infrastructure is created per Gateway.

20 - v0.2.0-rc1

Date: August 31, 2022

Documentation

  • Added a quickstart guide for users to run and use Envoy Gateway.

API

  • Added the EnvoyGateway API type for configuring Envoy Gateway.
  • Added the EnvoyProxy API type for configuring managed Envoys.

Ci

  • Added tooling to build, run, etc. Envoy Gateway.

Providers

  • Added the Kubernetes provider.

xDS

  • Added xDS server to configure managed Envoys.

IR

  • Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway.
  • Added IR validation.

Translator

  • Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage
  • Gateway API status.

Message service

  • Added infra and xds IR watchable map messages for inter-component communication.
  • Added a Runner to each component to support pub/sub between components.

Infra manager

  • Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster.

21 - v0.1.0

Date: May 16, 2022

Documentation

  • The initial open source release describing project goals and high-level design.