This is the multi-page printable view of this section. Click here to print.
Notes
This section includes Releases Notes of Envoy Gateway.
- 1: v1.2.4
- 2: v1.1.4
- 3: v1.2.3
- 4: v1.2.2
- 5: v1.2.1
- 6: v1.2.0
- 7: v1.1.3
- 8: v1.2.0-rc.1
- 9: v1.1.2
- 10: v1.1.1
- 11: v1.1.0
- 12: v1.1.0-rc.1
- 13: v1.0.2
- 14: v1.0.1
- 15: v1.0.0
- 16: v0.6.0
- 17: v1.0.0-rc.1
- 18: v0.6.0-rc.1
- 19: v0.5.0
- 20: v0.5.0-rc.1
- 21: v0.4.0
- 22: v0.4.0-rc.1
- 23: v0.3.0
- 24: v0.3.0-rc.1
- 25: v0.2.0
- 26: v0.2.0-rc2
- 27: v0.2.0-rc1
- 28: v0.1.0
1 - v1.2.4
Date: December 13, 2024
Bug fixes
- Fixed BackendTLSPolicy not supporting the use of a port name as the sectionName in targetRefs.
- Fixed reference grant from EnvoyExtensionPolicy to the referenced ext-proc backend not being respected.
- Fixed BackendTrafficPolicy not applying to Gateway Routes when a Route has a Request Timeout defined.
- Fixed proxies connected to the secondary Envoy Gateway not receiving xDS configuration.
- Fixed traffic splitting not working when some backends were invalid.
Other changes
- Bumped Envoy to version 1.32.2.
2 - v1.1.4
Date: December 12, 2024
Bug fixes
- Fixed validate proto messages before converting them to anypb.Any
- Fixed BackendTlsPolicy specify multiple targetRefs of the same service, only one will work
- Fixed Envoy rejecting TCP Listeners that have no attached TCPRoutes
- Fixed frequent 503 errors when connecting to a Service experiencing high Pod churn
- Fixed reference grant from EnvoyExtensionPolicy to referenced ext-proc backend not respected
- Fixed BackendTrafficPolicy not applying to Gateway Route when Route has a Request Timeout defined
Other changes
- Bumped Rate Limit to 49af5cca
- Bumped golang.org/x/crypto to 0.31.0
3 - v1.2.3
Date: December 2, 2024
Bug fixes
- Disabled the retry policy for the JWT provider to reduce requests sent to the JWKS endpoint. Failed async fetches will retry every 1s.
- Used a waitGroup instead of an enabled channel in the status updater.
Other changes
- EG Listens on IPv4 by default, but if IPFamily is set to IPv6 or DualStack, it listens on :: and enables ipv4_compat for DualStack.
- Bumped Gateway API to v1.2.1.
4 - v1.2.2
Date: November 28, 2024
Bug fixes
- Fixed Envoy rejecting TCP Listeners that have no attached TCPRoutes.
- Fixed failed to update SecurityPolicy resources with the
backendRef
field specified. - Fixed xDS translation failed when oidc tokenEndpoint and jwt remoteJWKS are specified in the same SecurityPolicy and using the same hostname.
- Fixed frequent 503 errors when connecting to a Service experiencing high Pod churn.
Other changes
- Bump the RateLimit image to 49af5cca.
- Always use
::
andIPv4Compact
enabled on dynamic listeners. - Use
V4_PREFERRED
instead ofV4_ONLY
by default for the cluster’sDnsLookupFamily
.
5 - v1.2.1
Date: November 7, 2024
Bug fixes
- Fixed a panic in the provider goroutine when the body in the direct response configuration was nil.
6 - v1.2.0
Date: November 06, 2024
Breaking Changes
- Gateway API GRPCRoute and ReferenceGrant v1alpha2 have been removed
- Please refer to the Gateway API v1.2.0 documentation for more information
- Removed default CPU limit of the Envoy Gateway deployment, to eliminate CPU throttling
- Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively
- Set
ignore_health_on_host_removal
to true for clusters with static endpoints This was done to speed up removal of static endpoints by the control plane when active health check is configured - Xds and Infra IR logs are logged at Debug level instead of Info level. They will now not be seen by default in Envoy Gateway logs. You can change the logging level to
default: debug
to view them
New Features
- Added support for Gateway-API v1.2.0
- Added support for IPv4/IPv6 Dual Stack for EnvoyProxy fleet and BackendRef resources
- Added experimental support for EG standalone(host deployment) mode
- Added support for JWT claims based Authorization in SecurityPolicy CRD
- Added support for Response Override in BackendTrafficPolicy CRD
- Added support for RequestTimeout in BackendTrafficPolicy CRD
- Added support for inverting header matches for Rate Limit in BackendTrafficPolicy CRD
- Added support for client TLS session resumption in ClientTrafficPolicy CRD
- Added support for HTTPRouteFilter and path regex rewrite
- Added support for host header rewrite in HTTPRouteFilter CRD
- Added support for Listener Access Log in EnvoyProxy CRD
- Added support for Datadog tracing support in EnvoyProxy CRD
- Added support for request response sizes stats in EnvoyProxy CRD
- Added support for modifying container SecurityContext for Envoy Gateway deployment in Helm
- Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD
- Added support for match conditions for access log in EnvoyProxy CRD
- Added support for using BackendCluster to represent OIDCProvider
- Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD
- Added support for sharing token cookies between multiple domains in SecurityPolicy CRD
- Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD
- Added support for Active Passive Failover Backends
- Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD
- Added support for early request header mutation in the ClientTrafficPolicy CRD
- Added support for JsonPath in the EnvoyPatchPolicy CRD
- Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD
- Added support for cluster settings for non xRoute-generated backend refs
- Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD
- Added support for http2 upstream settings in BackendTrafficPolicy CRD
- Added support for DNS resolution settings in BackendTrafficPolicy CRD
- Added support for configuring service annotations in the Envoy Gateway helm chart
- Added support for configuring priorityClassName to Envoy Gateway helm chart
- Added support for ratelimit metrics monitoring in grafana in the addons helm chart
- Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart
- Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart
- Added support for configuring NodeSelector in the Envoy Gateway helm chart
- Added support for nonce in the OIDC auth flow
- Added support for choosing an HTTPRoute’s non-wildcard hostname as the default Host
- Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails
- Added support for returning 500 when SecurityPolicy translation fails
- Added support for multiple backendRefs for ExtAuth and ExtProc
- Added support for session persistence in HTTPRoute rules
- Added support for the Backend resource for ExtAuth
- Added support for target selectors on Envoy Gateway Extension Server policies
- Added support for non-Kubernetes Backends for TLSRoute
- Added support for fallback to the Backend API
- Added support for reloadable EnvoyGateway configuration
- Added support for adding Labels to the Envoy Service
- Added support for custom name for ratelimit deployment
- Added default SecurityContext for EG components
- Added startupProbe to all provisioned containers
- Added support for local validations for egctl translate and file provider
- Added support for egctl x collect to collect information from the cluster for debugging
- Added support for a native prometheus metrics endpoint in the ratelimit server
Bug Fixes
- Fixed xDS translation failing when the WASM HTTP code source was configured without an SHA
- Fixed unsupported listener protocol types causing errors while updating Gateway status
- Fixed unsupported listener protocol types causing errors while updating Gateway status
- Fixed invalid sectionName in BackendTLSPolicy for Backend
- Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors
- Fixed JSONPath not being correctly translated to JSONPatch paths
- Fixed allowing an empty slowStart value when using LeastRequest
- Fixed updating the HTTPRoute status correctly when the linked Backend resource is invalid
- Fixed timeout settings originating from the route being lost when translating the backend traffic policy
- Fixed Backend resources not receiving status updates
- Fixed active health checks requiring the expectedStatuses field to function correctly
- Fixed HTTPHeaderFilter processing not correctly supporting multiple header values
- Fixed reconciling multiple ReferenceGrants within the same namespace
- Fixed unwanted / appearing in the Path when using Prefix Rewrites
- Fixed incorrect gateway being selected as the HTTPRoute parent
- Fixed override issues for EnvoyExtensionPolicy
- Fixed nil pointer error when translating hash load balancing
- Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not
- Fixed empty connection limits causing xDS rejection
- Fixed rate limiting not working with both headers and CIDR matches
- Fixed EDS not updating when deployments were created after services
- Fixed RBAC issue for deleting infrastructure resources
- Fixed gateways never reaching ready/programmed status when running Envoy as a Daemonset
- Fixed rate limit deployment ignoring pod labels and annotation merges
- Fixed the API Server receives unnecessary requests
- Fixed egctl experimental translate using an incorrect namespace
- Fixed reconciliation not being triggered for Secret updates referenced by a BackendTLSPolicy
- Fixed xDS translation failure when WASM HTTP code source was configured without an SHA
- Fixed HTTPRoute status displaying only one parent when targeting multiple gateways from different GatewayClasses
- Fixed Route with multiple parents having an incorrect namespace in the parentRef status
- Fixed BackendTlsPolicy specifying multiple targetRefs for the same service, to work
Performance Improvements
- Optimize memory usage by only storing distinct resources
- SecurityPolicy translation failures will now cause routes referenced by the policy to return an immediate 500 response
- Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
- xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources
Other changes
- Upgraded Envoy Proxy to v1.32.1
- Reduced the amount of configuration logging, and make it line-delimited friendly
- Made watching alpha CRDs optional, so that Envoy Gateway can run with older Gateway Api versions
- Removed grafana test framework from the addons helm chart
- Disabled ALPN for non-HTTP routes
- Added statPrefix for HCM and TCPProxy
- Enabled GatewayHTTPListenerIsolation conformance test
- Enabled GRPC conformance profile
- Enabled HTTPRouteBackendRequestHeaderModifier conformance test
- Added e2e test for Daemonset mode
- Fixed OVS scanner wrong license warnings
- Added e2e test for Gateway with EnvoyProxy
- Added e2e test for TLS session resumption
- Added heap profile into benchmark report
- Added e2e test for RecomputeRoute in ExtAuth
- Added benchmark memory profiles into report
- Fixed flaky gateway_with_conflicted_listener_cannot_be_merged e2e test
- Fixed flaky Zipkin Tracing e2e test
- Added e2e test for cookie based consistent hash load balancing
- Added e2e test for load balancing
- Fixed flaky authorization tests
- Enabled upgrade test
- Fixed flaky basic auth e2e test
- Enabled use-client-protocol e2e test
- Added performance benchmarking test for 1000 HTTPRoutes
- Added e2e test for Datadog tracing
- Added e2e tests for ratelimit invert matching headers
- Reduced readinessProbe failureThreshold and periodSeconds
- Bumped go-control-plane to v0.13.1
- Enabled e2e tests for dual stack
- Use grafana alloy instead of fluent-bit for e2e tests
- Push tags without the v prefix for helm charts to support Flux HelmReleases
- Use a stable label selector when creating Envoy Proxy fleet pods
7 - v1.1.3
Date: November 1, 2024
Breaking changes
New features
Bug fixes
- Fixed unsupported listener protocol type causing an error while updating Gateway Status
- Fixed some status updates were being discarded by the status updater
- Fixed error level logging for admin and metrics modules
- Fixed Dashboard typos
- Fixed Ratelimit Deployment ignoring pod labels and annotation merge
- Fixed the API Server receives unnecessary requests
- Fixed set invalid Listener.SupportedKinds to empty list
- Fixed losing timeout settings that originate from the route when translating the backend traffic policy
- Fixed xds translation failure when wasm http code source configured without sha
Performance improvements
Other changes
- Bumped Envoy proxy to 1.31.3
- Bumped github.com/docker/docker to 27.3.1+incompatible
8 - v1.2.0-rc.1
Date: October 25, 2024
Breaking changes
- Gateway API GRPCRoute and ReferenceGrant v1alpha2 have been removed.
- Please refer to the Gateway API v1.2.0 documentation for more information.
- Removed default CPU limit of the Envoy Gateway deployment
- Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively
New features
- Added support for Gateway-API v1.2.0
- Added support for IPv4/IPv6 Dual Stack for Envoy listeners and BackendRef resources
- Added support for EG standalone(host deployment) mode (experimental)
- Added support for JWT claims based Authorization in SecurityPolicy CRD
- Added support for Direct Response in HTTPRouteFilter CRD
- Added support for Response Override in BackendTrafficPolicy CRD
- Added support for RequestTimeout in BackendTrafficPolicy CRD
- Added support for inverting header matches for rate limit in BackendTrafficPolicy CRD
- Added support for client TLS session resumption in ClientTrafficPolicy CRD
- Added support for HTTPRouteFilter and path regex rewrite
- Added support for host header rewrite in HTTPRouteFilter CRD
- Added support for Listener Access Log in EnvoyProxy CRD
- Added support for Datadog tracing support in EnvoyProxy CRD
- Added support for request response sizes stats in EnvoyProxy CRD
- Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD
- Added support for match conditions for access log in EnvoyProxy CRD
- Added support for using BackendCluster to represent OIDCProvider
- Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD
- Added support for sharing token cookies between multiple domains in SecurityPolicy CRD
- Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD
- Added support for LB priority for non xRoute endpoints
- Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD
- Added support for early request header mutation in the ClientTrafficPolicy CRD
- Added support for JsonPath in the EnvoyPatchPolicy CRD
- Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD
- Added support for cluster settings for non xRoute-generated backend refs
- Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD
- Added support for http2 upstream settings in BackendTrafficPolicy CRD
- Added support for DNS resolution settings in BackendTrafficPolicy CRD
- Added support for configuring service annotations in the Envoy Gateway helm chart
- Added support for configuring priorityClassName to Envoy Gateway helm chart
- Added support for ratelimit metrics monitoring in grafana in the addons helm chart
- Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart
- Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart
- Added support for configuring NodeSelector in the Envoy Gateway helm chart
- Added support for nonce in the OIDC auth flow
- Added support for choosing an HTTPRoute’s non-wildcard hostname as the default Host
- Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails
- Added support for returning 500 when SecurityPolicy translation fails
- Added support for multiple backendRefs for ExtAuth and ExtProc
- Added support for session persistence in HTTPRoute rules
- Added support for the Backend resource for ExtAuth
- Added support for target selectors on Envoy Gateway Extension Server policies
- Added support for non-Kubernetes Backends for TLSRoute
- Added support for fallback to the Backend API
- Added support for reloadable EnvoyGateway configuration
- Added support for adding Labels to the Envoy Service
- Added support for custom name for ratelimit deployment
- Added default SecurityContext for EG components
- Added startupProbe to all provisioned containers
- Added support for local validations for egctl translate and file provider
- Added support for egctl x collect to collect information from the cluster for debugging
- Added support for a native prometheus metrics endpoint in the ratelimit server
Bug fixes
- Fixed unsupported listener protocol type causing an error while updating Gateway Status
- Fixed some status updates were being discarded by the status updater
- Fixed Gateway crash adding BackendTLSPolicy to External Backend of an HTTPRoute
- Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors
- Fixed JSONPath not correctly translated to JSONPatch paths
- Fixed allow empty slowStart when using LeastRequest
- Fixed Backends which should be rejected are still used as an HTTPRoute’s destination
- Fixed losing timeout settings that originate from the route when translating the backend traffic policy
- Fixed Backend resources don’t get status updates
- Fixed Active Health check requires expectedStatuses field to work
- Fixed HTTPHeaderFilter processing doesn’t correctly support multiple header values
- Fixed multiple reference grants in same namespace
- Fixed upstream get unwanted /.
- Fixed creation of SecurityPolicy with targetSelectors fails
- Fixed wrong gateway is chosen as HTTPRoute parent
- Fixed override issue for EEP
- Fixed nil pointer err translating hash load balancing
- Fixed ratelimit does not work across multiple GatewayClasses
- Fixed upstream mTLS only works for HTTPS listeners
- Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not
- Fixed empty connection limit causes XDS rejection
- Fixed ratelimit not working with both headers and cidr matches
- Fixed EDS didn’t update when deployments was created after services
- Fixed RBAC issue for deleting infrastructure resources
- Fixed customized infrastructure resources not being deleted
- Fixed Gateways never become ready/programmed when running Envoy as a Daemonset
- Fixed Ratelimit Deployment ignoring pod labels and annotation merge
- Fixed the API Server receives unnecessary requests
- Fixed terminating envoy pods don’t respond with “Connection: close” (H1) or GOAWAY(H2) on shutdown, switch to an immediate drain strategy
- Fixed ratelimit statsd not working
- Fixed not generating selector of deployment/daemonset based on the custom label configuration of EnvoyProxy
- Fixed egctl experimental translate using a wrong ns
Performance improvements
- Fixed repeated resources and optimize memory usage
Other changes
- Removed grafana test framework from the addons helm chart
- Disabled ALPN for non-HTTP routes
- Added statPrefix for HCM and TCPProxy
- Enabled GatewayHTTPListenerIsolation conformance test
- Enabled GRPC conformance profile
- Enabled HTTPRouteBackendRequestHeaderModifier conformance test
- Added e2e test for Daemonset mode
- Updated upgrades tests to use VERSION env variable
- Fixed OVS scanner wrong license warnings
- Added e2e test for TLS session resumption
- Added heap profile into benchmark report
- Added e2e test for RecomputeRoute in ExtAuth
- Added benchmark memory profiles into report
- Fixed flaky gateway_with_conflicted_listener_cannot_be_merged e2e test
- Fixed flaky Zipkin Tracing e2e test
- Added e2e test for cookie based consistent hash load balancing
- Added e2e test for load balancing
- Fixed flaky authorization tests
- Enabled upgrade test
- Fixed flaky basic auth e2e test
- Enabled use-client-protocol e2e test
- Added performance benchmarking test for 1000 HTTPRoutes
- Added e2e test for Datadog tracing
- Added e2e tests for ratelimit invert matching headers
- Reduced readinessProbe failureThreshold and periodSeconds
- Bumped go-control-plane to v0.13.1
9 - v1.1.2
Date: September 24, 2024
Translator
- Fixed handling of sectionName in BackendTLSPolicy for Backend resource
Infra-manager
- Pin Envoy Proxy version to v1.32.2
- Change Envoy listener drain strategy from gradual to immediate
Providers
- Fixed reconciliation of HTTPRoutes when labels change
10 - v1.1.1
Date: September 11, 2024
Documentation
- Bumped Golang version to 1.22.7
Conformance
- Enabled GatewayHTTPListenerIsolation test
Testing
- Fix download URL of envoy proxy WASM examples used in tests
Translator
- Fixed url rewrite to remove trailing slash
- Isolate HTTP route tables to listener according to Gateway-API specifications
- Fixed identification of ReferenceGrant when multiple ReferenceGrants exist in a namespace
- Fixed added header values as a command and space delimited list
- Fixed assertion on expected status in active HTTP healthcheck
- Fixed rejection of invalid Backends referenced by xRoutes
- Fixed support for empty SlowStart configuration when using LeastRequest loadbalancing
- Fixed update of status for Backends
Infra-manager
- Pin ratelimit version to 26f28d78
- Reduce readinessProbe failureThreshold and periodSeconds of proxy
- Expose ratelimit statsd
Providers
- Fixed error returned when referenced Configmap or Secret is not found
- Use component name in Envoy Gateway logs
11 - v1.1.0
Date: July 22, 2024
Documentation
- Added Concepts Doc
- Added User Guide for Wasm Extension
- Added User Guide for patching Envoy Service
- Added User Guide for Backend MTLS
- Added User Guide for Backend TLS Parameters
- Added User Guide for IP Allowlist/Denylist
- Added User Guide for Extension Server
- Added User Guide for building Wasm image
- Added Performance Benchmarking Document
- Added User Guide for Zipkin Tracing
- Added User Guide for Customizing Ordering of Filters
- Added User Guide for External Processing Filter in EnvoyExtensionPolicy
- Added User Guide for installation of egctl with brew
- Added User Guide for Client Buffer Size Limit
- Added User Guide for Client Idle Timeout
- Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides
- Added User Guide for Backend resource
- Added GA Blog Post
- Added Threat Model
- Added Adopters section to docs
- Added User Guide and Dashboards for Control Plane and Resource Observability
- Added User Guide for Connection Limits in ClientTrafficPolicy
- Added User Guide on using Private Key Provider
- Added Design Doc for Authorization
- Added Design Doc for XDS Metadata
- Added Design Doc for Backend resource
- Added Design Doc for Control Plane Observability
- Added Design Doc for EnvoyExtensionPolicy
- Added Design Doc for External Processing in EnvoyExtensionPolicy
- Updated Access Logging User Guide to include filtering with CEL Expression
- Updated Access Logging User Guide to include Metadata
- Updated Development Guide to require Golang 1.22
- Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource
- Updated Site to reflect GA status
- Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef
- Updated Observability User Guides to use gateway-addons-helm
- Updated Gateway-API User Guide to reflect support for BackendRef filters
- Updated HTTP Timeouts User Guide to highlight default Envoy timeouts
- Updated Installation Guide to use server-side apply
- Updated Installation Guide to refer to values.yaml docs
- Updated BackendTLSPolicy User Guide to GW-API v1.1.0
- Updated User Guides to use tabs when applying yaml from file or stdin
- Updated OIDC User Guide to use HTTPS redirect URLs
- Updated Order of versions in Site
- Updated Extensbility User Gudie to use yaml-format patches
- Updated Quickstart Guide to include next steps
- Updated CRD docs to include enum values
- Updated Extensibility User Guide with Envoy Patch Policy examples
- Updated structure of docs: rename Guides to Tasks, move Contribution
- Updated Support Matrix
- Updated egctl x status docs for xRoute and xPolicy
- Updated egctl User Guide with Install and Uninstall commands
- Updated GRPCRoute docs to use v1 instead of v1alpha2
- Fixed Rate Limiting User Guide to use correct CIDR matcher type names
- Fixed User Guide for JWT-based routing
- Fixed JSON Access Log Example
- Use linkinator to detect dead links in docs
- Use helm-docs to generate chart docs
- Support Not-Implemented-Hide marker in API docs
Installation
- Added startupProbe to all provisioned containers to reduce risk of restart
- Added new gateway-addons-helm chart for Observability
- Added support for global image settings for all images in Envoy Gateway helm chart
- Added Support for PodDistruptionBudget for Envoy Gateway
- Added Support for TopologySpreadConstraints for Envoy Gateway
- Added Support for Tolerations for Envoy Gateway
- Added Support for Ratelimit image pull secrets and pull policy
- Updated ttlSecondsAfterFinished on certgen job to 30 by default
- Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts
- Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service
API
- Added Support for Gateway-API v1.1.0
- Added new Backend CRD
- Added new EnvoyExtensionPolicy CRD
- Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs
- Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs
- Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config
- Added Support for Custom ShutDownManager Image in EnvoyGateway Config
- Added Support for Leader Election in EnvoyGateway Config
- Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config
- Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD
- Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD
- Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD
- Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD
- Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD
- Added Support for Rate Limiting Tracing in EnvoyProxy CRD
- Added Support for Routing to Service IP in EnvoyProxy CRD
- Added Support for Access Log CEL filters in EnvoyProxy CRD
- Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD
- Added Support for Zipkin Tracing in EnvoyProxy CRD
- Added Support for using the Listener port as a the Container port in EnvoyProxy CRD
- Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD
- Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD
- Added Support for Backend TLS Settings in EnvoyProxy CRD
- Added Support for HTTP Filter Ordering in EnvoyProxy CRD
- Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD
- Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD
- Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD
- Added Support for Per-Endpoint stats in EnvoyProxy CRD
- Added Support for Targeting SectionNames in ClientTrafficPolicy CRD
- Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD
- Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD
- Added Support for HTTP/2 settings in ClientTrafficPolicy CRD
- Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD
- Added Support for HTTP Health Check in ClientTrafficPolicy CRD
- Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD
- Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD
- Added Support for XFCC header processing in ClientTrafficPolicy CRD
- Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD
- Added Support for IdleTimeout in ClientTrafficPolicy CRD
- Added Support for Connection Limits in ClientTrafficPolicy CRD
- Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD
- Added Support for Optionally requiring a JWT in SecurityPolicy CRD
- Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD
- Added Support for Authorization in SecurityPolicy CRD
- Added Support for Ext-Auth failOpen in SecurityPolicy CRD
- Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD
- Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD
- Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD
- Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD
- Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD
- Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy
- Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD
- Added Support for Wasm extension in EnvoyExtensionPolicy CRD
- Added Support for External Processing extension in EnvoyExtensionPolicy CRD
- Removed Status Print Column from xPolicy CRDs
Breaking Changes
- SecurityPolicy translation failures will now cause routes referenced by the policy to return an immediate 500 response
- Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
- xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources
Deprecations
- xPolicy targetRef is deprecated, use targetRefs instead
- SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead
- OpenTelemetry Proxy Access Log Host and Port are deprecated, use backendRefs instead
- OpenTelemetry Proxy Metrics Sink Host and Port are deprecated, use backendRefs instead
- Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead
- Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead
Conformance
- Added Supported Features to Gateway Class
Testing
- Added e2e test for Client MTLS
- Added e2e test for Load Balancing
- Added performance benchmarking test
- Added e2e test for Zipking Tracing
- Added e2e test for HTTP Health Checks
- Added e2e test for CEL Access Log Filter
- Added e2e test for GRPC Access Log Service Sink
- Added e2e test for XDS Metadata
- Added e2e test for Wasm from OCI Images and HTTP Source
- Added e2e test for Service IP Routing
- Added e2e test for Multiple GatewayClasses
- Added e2e test for HTTP Full Path rewrite
- Added e2e test for Backend API
- Added e2e test for Backend TLS Settings
- Added e2e test for disabling X-RateLimit Headers
- Added e2e test for Authorization
- Added e2e test for BackendRefs in Ext-Auth
- Added e2e test for Using Client Protocol in Upstream Connection
- Added e2e test for Backend Client Cert Authentication
- Added e2e test for External Processing Filter
- Added e2e test for Merge Gateways Feature
- Added e2e test for Option JWT authentication
- Added e2e test for Infrastructure using Server-Side Apply
- Added e2e test for Connection Limits
- Added e2e test for Envoy Graceful Shutdown
- Updated e2e test for Limit to cover multiple listeners
- Updated e2e test for CORS to not require access-control-expose-headers
- Run CEL tests on all supported K8s versions
- Added OSV Scanner for Golang Vulnerabilities and Licenses
- Added Trivy scanner for Docker images
Translator
- Added Support for BackendRef HTTP Filters
- Added Support for attaching EnvoyProxy to Gateways
- Added Support for cross-namespace EnvoyProxy reference from GatewayClass
- Added Support for Backend Traffic Policy for UDPRoute and TCPRoute
- Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute
- Added Support for multiple BackendRefs in TCPRoute and UDPRoute
- Added Metrics related to XDS Server, Infra Manager and Controller
- Added Support for PolicyStatus in EnvoyPatchPolicy
- Added Support for Websocket upgrades in HTTP/1 Routes
- Added Support for custom controller name in egctl
- Added Support for BackendTLSPolicy CA Certificate reference to Secret
- Added names to Filter Chains
- Added Support extension server hooks for TCP and UDP listeners
- Added Support for attaching EnvoyProxy resource to Gateways
- Added Support for Exposing Prometheus Port in Rate Limiter Service
- Added Support for Optional Rate Limit Backend Redis
- Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled
- Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain
- Updated Ext-Auth Per-Route config to use filter-specific Config Type
- Updated Overload Manager configuration according to Envoy recommendations by default
- Updated Infrastructure resource management to user Server-Side Apply
- Updated Reflection of Errors in Gateway Status when too many addresses are assigned
- Fixed enforcement of same-namespace for BackendTLSPolicy and target
- Fixed processing all listeners before returning with an error
- Fixed creation of infrastructure resources if there are no listeners
- Fixed use GatewayClass Name for Observability if Merge Gateways is enabled
- Fixed CORS to not forward Not-Matching Preflights to Backends
- Fixed BackendTLSPolicy status to fully conform with PolicyStatus
- Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters
- Fixed Proxy Protocol Filter to always be the first Listener Filter
- Fixed Translation Consistency by sorting Gateways
- Fixed QUIC Listener to only Advertise HTTP/3 over ALPN
- Fixed SNI matching for TCP Routes with TLS termination
- Fixed Reconciliation when EnvoyProxy backendRefs changes
- Fixed Reconciliation when a referenced Secret or ConfigMap changes
- Fixed ReplaceFullPath not working for root path
- Fixed Default Application Protocol to TCP for Zipkin Tracing
- Fixed not appending well-known ports (80, 443) in rediret Location header
Providers
- Bumped K8s Client to v0.30.0
xDS
- Bumped go-control-plane to v0.12.1
Cli
- Added egctl x collect command
- Added Support for Install and Uninstall commands to egctl
- Added Support for xRoute and xPolicy in egctl x status
- Added Golang version to Envoy Gateway version command
- Fixed egctl x status gatewayclass example message
12 - v1.1.0-rc.1
Date: July 8, 2024
Documentation
- Added Performance Benchmarking Document
- Added User Guide for Zipkin Tracing
- Added User Guide for Customizing Ordering of Filters
- Added User Guide for External Processing Filter in EnvoyExtensionPolicy
- Added User Guide for installation of egctl with brew
- Added User Guide for Client Buffer Size Limit
- Added User Guide for Client Idle Timeout
- Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides
- Added User Guide for Backend resource
- Added GA Blog Post
- Added Threat Model
- Added Adopters section to docs
- Added User Guide and Dashboards for Control Plane and Resource Observability
- Added User Guide for Connection Limits in ClientTrafficPolicy
- Added User Guide on using Private Key Provider
- Added Design Doc for Authorization
- Added Design Doc for XDS Metadata
- Added Design Doc for Backend resource
- Added Design Doc for Control Plane Observability
- Added Design Doc for EnvoyExtensionPolicy
- Added Design Doc for External Processing in EnvoyExtensionPolicy
- Updated Access Logging User Guide to include filtering with CEL Expression
- Updated Access Logging User Guide to include Metadata
- Updated Development Guide to require Golang 1.22
- Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource
- Updated Site to reflect GA status
- Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef
- Updated Observability User Guides to use gateway-addons-helm
- Updated Gateway-API User Guide to reflect support for BackendRef filters
- Updated HTTP Timeouts User Guide to highlight default Envoy timeouts
- Updated Installation Guide to use server-side apply
- Updated Installation Guide to refer to values.yaml docs
- Updated BackendTLSPolicy User Guide to GW-API v1.1.0
- Updated User Guides to use tabs when applying yaml from file or stdin
- Updated OIDC User Guide to use HTTPS redirect URLs
- Updated Order of versions in Site
- Updated Extensbility User Gudie to use yaml-format patches
- Updated Quickstart Guide to include next steps
- Updated CRD docs to include enum values
- Updated Extensibility User Guide with Envoy Patch Policy examples
- Updated structure of docs: rename Guides to Tasks, move Contribution
- Updated Support Matrix
- Updated egctl x status docs for xRoute and xPolicy
- Updated egctl User Guide with Install and Uninstall commands
- Updated GRPCRoute docs to use v1 instead of v1alpha2
- Fixed Rate Limiting User Guide to use correct CIDR matcher type names
- Fixed User Guide for JWT-based routing
- Fixed JSON Access Log Example
- Use linkinator to detect dead links in docs
- Use helm-docs to generate chart docs
- Support Not-Implemented-Hide marker in API docs
Installation
- Added new gateway-addons-helm chart for Observability
- Added support for global image settings for all images in Envoy Gateway helm chart
- Added Support for PodDistruptionBudget for Envoy Gateway
- Added Support for TopologySpreadConstraints for Envoy Gateway
- Added Support for Tolerations for Envoy Gateway
- Added Support for Ratelimit image pull secrets and pull policy
- Updated ttlSecondsAfterFinished on certgen job to 30 by default
- Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts
- Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service
API
- Added Support for Gateway-API v1.1.0
- Added new Backend CRD
- Added new EnvoyExtensionPolicy CRD
- Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs
- Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs
- Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config
- Added Support for Custom ShutDownManager Image in EnvoyGateway Config
- Added Support for Leader Election in EnvoyGateway Config
- Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config
- Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD
- Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD
- Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD
- Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD
- Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD
- Added Support for Rate Limiting Tracing in EnvoyProxy CRD
- Added Support for Routing to Service IP in EnvoyProxy CRD
- Added Support for Access Log CEL filters in EnvoyProxy CRD
- Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD
- Added Support for Zipkin Tracing in EnvoyProxy CRD
- Added Support for using the Listener port as a the Container port in EnvoyProxy CRD
- Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD
- Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD
- Added Support for Backend TLS Settings in EnvoyProxy CRD
- Added Support for HTTP Filter Ordering in EnvoyProxy CRD
- Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD
- Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD
- Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD
- Added Support for Per-Endpoint stats in EnvoyProxy CRD
- Added Support for Targeting SectionNames in ClientTrafficPolicy CRD
- Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD
- Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD
- Added Support for HTTP/2 settings in ClientTrafficPolicy CRD
- Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD
- Added Support for HTTP Health Check in ClientTrafficPolicy CRD
- Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD
- Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD
- Added Support for XFCC header processing in ClientTrafficPolicy CRD
- Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD
- Added Support for IdleTimeout in ClientTrafficPolicy CRD
- Added Support for Connection Limits in ClientTrafficPolicy CRD
- Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD
- Added Support for Optionally requiring a JWT in SecurityPolicy CRD
- Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD
- Added Support for Authorization in SecurityPolicy CRD
- Added Support for Ext-Auth failOpen in SecurityPolicy CRD
- Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD
- Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD
- Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD
- Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD
- Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD
- Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy
- Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD
- Added Support for Wasm extension in EnvoyExtensionPolicy CRD
- Added Support for External Processing extension in EnvoyExtensionPolicy CRD
- Removed Status Print Column from xPolicy CRDs
Breaking Changes
- Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
- xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources
Deprecations
- xPolicy targetRef is deprecated, use targetRefs instead
- SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead
- OpenTelemetry Proxy Access Log Host and Port are deprecated, use backendRefs instead
- OpenTelemetry Proxy Metrics Sink Host and Port are deprecated, use backendRefs instead
- Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead
- Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead
Conformance
- Added Supported Features to Gateway Class
Testing
- Added performance benchmarking test
- Added e2e test for Zipking Tracing
- Added e2e test for HTTP Health Checks
- Added e2e test for CEL Access Log Filter
- Added e2e test for GRPC Access Log Service Sink
- Added e2e test for XDS Metadata
- Added e2e test for Wasm from OCI Images and HTTP Source
- Added e2e test for Service IP Routing
- Added e2e test for Multiple GatewayClasses
- Added e2e test for HTTP Full Path rewrite
- Added e2e test for Backend API
- Added e2e test for Backend TLS Settings
- Added e2e test for disabling X-RateLimit Headers
- Added e2e test for Authorization
- Added e2e test for BackendRefs in Ext-Auth
- Added e2e test for Using Client Protocol in Upstream Connection
- Added e2e test for Backend Client Cert Authentication
- Added e2e test for External Processing Filter
- Added e2e test for Merge Gateways Feature
- Added e2e test for Option JWT authentication
- Added e2e test for Infrastructure using Server-Side Apply
- Added e2e test for Connection Limits
- Added e2e test for Envoy Graceful Shutdown
- Updated e2e test for Limit to cover multiple listeners
- Updated e2e test for CORS to not require access-control-expose-headers
- Run CEL tests on all supported K8s versions
- Added OSV Scanner for Golang Vulnerabilities and Licenses
- Added Trivy scanner for Docker images
Translator
- Added Support for BackendRef HTTP Filters
- Added Support for attaching EnvoyProxy to Gateways
- Added Support for cross-namespace EnvoyProxy reference from GatewayClass
- Added Support for Backend Traffic Policy for UDPRoute and TCPRoute
- Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute
- Added Support for multiple BackendRefs in TCPRoute and UDPRoute
- Added Metrics related to XDS Server, Infra Manager and Controller
- Added Support for PolicyStatus in EnvoyPatchPolicy
- Added Support for Websocket upgrades in HTTP/1 Routes
- Added Support for custom controller name in egctl
- Added Support for BackendTLSPolicy CA Certificate reference to Secret
- Added names to Filter Chains
- Added Support extension server hooks for TCP and UDP listeners
- Added Support for attaching EnvoyProxy resource to Gateways
- Added Support for Exposing Prometheus Port in Rate Limiter Service
- Added Support for Optional Rate Limit Backend Redis
- Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled
- Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain
- Updated Ext-Auth Per-Route config to use filter-specific Config Type
- Updated Overload Manager configuration according to Envoy recommendations by default
- Updated Infrastructure resource management to user Server-Side Apply
- Updated Reflection of Errors in Gateway Status when too many addresses are assigned
- Fixed enforcement of same-namespace for BackendTLSPolicy and target
- Fixed processing all listeners before returning with an error
- Fixed creation of infrastructure resources if there are no listeners
- Fixed use GatewayClass Name for Observability if Merge Gateways is enabled
- Fixed CORS to not forward Not-Matching Preflights to Backends
- Fixed BackendTLSPolicy status to fully conform with PolicyStatus
- Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters
- Fixed Proxy Protocol Filter to always be the first Listener Filter
- Fixed Translation Consistency by sorting Gateways
- Fixed QUIC Listener to only Advertise HTTP/3 over ALPN
- Fixed SNI matching for TCP Routes with TLS termination
- Fixed Reconciliation when EnvoyProxy backendRefs changes
- Fixed Reconciliation when a referenced Secret or ConfigMap changes
- Fixed ReplaceFullPath not working for root path
- Fixed Default Application Protocol to TCP for Zipkin Tracing
- Fixed not appending well-known ports (80, 443) in rediret Location header
Providers
- Bumped K8s Client to v0.30.0
xDS
- Bumped go-control-plane to v0.12.1
Cli
- Added Support for Install and Uninstall Commands to egctl
- Added Support for xRoute and xPolicy in egctl x status
- Added Golang version to Envoy Gateway version command
- Fixed egctl x status gatewayclass example message
13 - v1.0.2
Date: June 12, 2024
Installation
- Updated EnvoyProxy to 1.29.5
- Use Patch API for infra-client
- Use ServerSideApply instead of CreateOrUpdate for infra-client
Testing
- Fixed failures due to an expired certificate in one of the translator tests
Translator
- Use
- for naming service and container ports - Added proxy protocol always as first listenerFilter
- Set ignoreCase for header matchers in extAuth
- Added backend TLS SAN validation
- Fixed ReplaceFullPath not working for root path (/)
Providers
- Fixed duplicated xroutes are added to gatewayapi Resources
- Fixed security policy reference grant from field type
- Fixed Route extension filters with different types but the same name and namespace aren’t correctly cached
- Fixed secrets/configmap updates to trigger a controller reconcile by removing the generationChanged predicate
- Removed namespace restriction for EnvoyProxy parametersRef
14 - v1.0.1
Date: April 9, 2024
Installation
- Updated EnvoyProxy version to v1.29.3
- Fixed certgen to support creating the hmac secret during an upgrade
Translator
- Fixed nil secret in resourceversiontable
- Add missing http filters to the http filter chain when ClientTrafficPolicy and MergeGateways is enabled
- Allow websockets when url rewrite is enabled
- Set the Host header for http health checker
- Fixed double slashes in redirect URL
- Allow ClientTrafficPolicy to attach to multiple http (non https) listeners within the same Gateway
- Set path prefix for the http ext auth service
- Set the route matching precedence order to Exact > RegularExpression > PathPrefix
- Fixed infraIR duplicate port translation for merged gateways
- Set SpawnUpstreamSpan to true
- Allow rate limit to work with multiple listeners
Infra-manager
- Skip creating infra resources when the InfraIR has empty listeners
15 - v1.0.0
Date: March 13, 2024
Documentation
- Added User Guide for Local Ratelimit
- Added User Guide for Circuit Breaker
- Added User Guide for fault injection
- Added User Guide for EnvoyProxy extraArgs
- Added User Guide for Timeouts in ClientTrafficPolicy
- Added User Guide for JWT claim base routing
- Added User Guide for HTTP Timeout
- Added User Guide for Retry in BackendTrafficPolicy
- Added User Guide for Basic Auth
- Added User Guide for OIDC
- Added User Guide for ClientTrafficPolicy
- Added User Guide for BackendTrafficPolicy
- Added User Guide for Basic Auth using HTTPS
- Added User Guide for External Authorization
- Added User Guide for Routing Outside Kubernetes
- Added User Guide for BackendTLSPolicy
- Added User Guide for Mutual TLS from External Clients to the Gateway
- Added User Guide for Control Plane Authentication using custom certs
- Added User Guide for Multiple Gatewayclass and Merge Gateways Deployment Mode
- Added
Type
andrequired
for CRD API doc - Refactored Structure of User Guide docs
- Refactored Move Design docs under “Get Involved”
- Updated crd-ref-docs to 0.0.10
- Updated Envoy proxy image to envoy:distroless-dev in main
Installation
- Added Support for Pulling envoyGateway image from a private registry
- Added Support for Configuring resources for certgen job
- Added Support for Configuring affinity for EnvoyGateway pod
API
- Added Support for Downstream QUIC/HTTP3 in ClientTrafficPolicy CRD
- Added Support for Downstream MTLS in ClientTrafficPolicy CRD
- Added Support for Enabling EnvoyHeaders in ClientTrafficPolicy CRD
- Added Support for DisableMergeSlash and escapedSlashesAction in ClientTrafficPolicy CRD
- Added Support for EnableTrailers in HTTP/1.1 in ClientTrafficPolicy CRD
- Added Support for Preserving header letter-case on HTTP/1 in ClientTrafficPolicy CRD
- Added Support for Enabling HTTP/1.0 and HTTP/0.9 in ClientTrafficPolicy CRD
- Added Support for Client IP Detection using XFF in ClientTrafficPolicy CRD
- Added Support for Client IP Detection using Custom Header in ClientTrafficPolicy CRD
- Added Support for Connection Timeouts in ClientTrafficPolicy CRD
- Added Support for Common TLS configuration properties in ClientTrafficPolicy CRD
- Added Support for Proxy protocol in ClientTrafficPolicy CRD
- Added Support for TCPKeepAlive in ClientTrafficPolicy CRD
- Added Support for Local rate limit in BackendTrafficPolicy CRD
- Added Support for CircuitBreaker in BackendTrafficPolicy CRD
- Added Support for Fault injection in BackendTrafficPolicy CRD
- Added Support for Passive Health Checks in BackendTrafficPolicy CRD
- Added Support for Active Health Checks in BackendTrafficPolicy CRD
- Added Support for Connection Timeouts in BackendTrafficPolicy CRD
- Added Support for Compressor/Decompressor in BackendTrafficPolicy CRD
- Added Support for Retry in BackendTrafficPolicy CRD
- Added Support for Slow start mode in BackendTrafficPolicy CRD
- Added Support for Proxy protocol in BackendTrafficPolicy CRD
- Added Support for TCPKeepAlive in BackendTrafficPolicy CRD
- Added Support for PolicyStatus in BackendTrafficPolicy CRD
- Added Support for PolicyStatus in ClientTrafficPolicy CRD
- Added Support for PolicyStatus in SecurityPolicy CRD
- Added Support for OIDC in SecurityPolicy CRD
- Added Support for Basic Auth in SecurityPolicy CRD
- Added Support for RedirectURL and signoutPath to OIDC in SecurityPolicy CRD
- Added Support for ExtractFrom headers and params to JWT in SecurityPolicy CRD
- Added Support for External Authorization in SecurityPolicy CRD
- Added Support for RecomputeRoute field to JWT in SecurityPolicy CRD
- Added Support for AllowCredentials knob to CORS setting in SecurityPolicy CRD
- Added Support for Extract from different identifier to JWT in SecurityPolicy CRD
- Added Support for Secret resource in EnvoyPatchPolicy CRD
- Added Support for Making the value optional for JSONPatchOperation in EnvoyPatchPolicy CRD
- Added Support for
From
field to JSONPatchOperation in EnvoyPatchPolicy CRD - Added Support for MergeGateways in EnvoyPatchPolicy CRD
- Added Support for Upstream TLS by implementing BackendTLSPolicy CRD
- Added Support for LabelSelector type for NamespaceSelectors in EnvoyGateway Configuration
- Added Support for Ratelimit prometheus in EnvoyGateway Configuration
- Added Support for Gracefully drain listeners before envoy shutdown on pod termination in EnvoyProxy CRD
- Added Support for Configuring externalTrafficPolicy to the envoy service in EnvoyProxy CRD
- Added Support for Envoy extra args in EnvoyProxy CRD
- Added Support for Mergepatch to envoyproxy/ratelimit deployment in EnvoyProxy CRD
- Added Support for Mergepatch to envoyproxy service in EnvoyProxy CRD
- Added Support for NodeSelector to PodSpec in EnvoyProxy CRD
- Added Support for HorizontalPodAutoscaler in EnvoyProxy CRD
- Added Support for TopologySpreadConstraints to PodSpec in EnvoyProxy CRD
- Added Support for ImagePullSecrets to PodSpec in EnvoyProxy CRD
Breaking Changes
- Use wildcard to match AllowOrigins to CORS in SecurityPolicy CRD
- Remove Hostnetwork support in EnvoyProxy CRD
Conformance
- Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic
Testing
- Added e2e test for Header Case-Preserving
- Added e2e test for Timeout in ClientTrafficPolicy
- Added e2e test for JWT claim base routing
- Added e2e test for OIDC
- Added e2e test for BackendTrafficPolicy Retry
- Added e2e test for Backend Upgrade
- Added e2e test for External Authorization
- Added e2e test for Backend TLS policy
- Added e2e test for Envoy Gateway Release Upgrade
- Added e2e test for Weighted backend
- Added validation for LoadBalancerIP to prevent trailing period
Translator
- Fixed Prefix match to prevent mismatching routes with the same prefix
- Fixed Multiple reconciling by implementing comparable interface for ir.Infra
- Fixed EndpointSlice with empty conditions {}
- Fixed Error handling when parsing the http request timeout
- Fixed No status when EnvoyPatchPolicy is disabled
- Fixed Printable for xds and infra IRs
- Fixed Skip backendRefs with weight set to 0
- Fixed AND Header matches in ratelimiting not working
- Fixed Deletion logics when no gatewayclasses exist
- Fixed Match mergedGateways irKey for ClientTrafficPolicy
- Fixed Policies should apply only to gateways they were attached to when mergeGateways is true
- Fixed Listener status is not surfaced for gateways when MergeGateways enabled
- Fixed GRPCroute websocket not working by moving web socket upgrade config from hcm to route
- Fixed Configure idle timeout when timeout is set on HTTPRoute
- Fixed Relaxing HTTPS restriction for OIDC token endpoint
- Fixed Panic when translating routes with empty backends
- Fixed Xds translation should be done in a best-effort manner
- Fixed Delete unused status keys from watchable
- Fixed Ignoring finalizers when comparing envoy proxy service
- Fixed Don’t override the ALPN array if HTTP/3 is enabled
- Fixed Add h3 ALPN by default if HTTP/3 is enabled
- Fixed Change the Merge behavior to Replace for SecurityPolicy/BackendTrafficPolicy
- Fixed Use service port in alt-svc header if HTTP/3 is enabled
- Fixed Prevent policies targeting non-TLS listeners on the same port from conflicting
- Fixed Skip the ReasonTargetNotFound for all policies
- Fixed Skip publishing empty status for all policies
- Added Support for validating regex before sending to Envoy
- Added Support for setting spec.addresses.value into ClusterIP when Service Type is ClusterIP
- Added Unsupported status condition for filters within BackendRef
- Added List instead of map for Provider Resources for order stability
- Added Suffix for oauth cookies to prevent multiple oauth filters from overwriting each other’s cookies
- Added Support for overriding condition to BackendTrafficPolicy and SecurityPolicy
- Added Support for default retry budget and retry host predicate
- Added Support for implementing gateway.spec.infrastructure
- Added Support for Upstream TLS to multiple Backends
- Added Validation for CA Cert in ClientTrafficPolicy
Providers
- Added Support for multiple GatewayClass per controller
- Added SecurityPolicyIndexers in Kubernetes Provider
- Added Support for generating HMAC secret in CertGen Job
- Fixed Finalizer logic when deleting Gatewayclasses
- Fixed MergeGateways panics when restarting control plane
xDS
- Added Support for EDS cache
- Added Support for ADS cache to ensure the rule order
- Fixed Deprecated field error when using RequestHeaderModifier filter
- Fixed Envoy rejects XDS at runtime losing all routes on restart
- Fixed Requests not matching defined routes trigger per-route filters
- Bumped go-control-plane to v0.12.0
Cli
- Added Support for egctl x status
- Added Support for egctl experimental dashboard envoy-proxy
- Added Support for egctl config ratelimit
- Added Support for egctl translate from gateway-api resources to IR
16 - v0.6.0
Date: Nov 1, 2023
Documentation
- Introduced a new website based on Hugo
- Added Grafana dashboards and integration docs for EnvoyProxy metrics
- Added Grafana integration docs for Gateway API metrics
Installation
- Updated EnvoyProxy image to be a distroless variant.
- Removed resources around kube-rbac-proxy
API
- Upgraded to Gateway API v1.0.0
- Added the ClientTrafficPolicy CRD with Keep Alive Support
- Added the BackendTrafficPolicy CRD with RateLimit and LoadBalancer Support
- Added the SecurityPolicy CRD with CORS and JWT Support
- Added EnvoyGateway Metrics with Prometheus and OpenTelemetry support
- Added Support for InitContainers in EnvoyProxy CRD
- Added Support for LoadBalancerIP in EnvoyProxy CRD
- Added Support for AllocateLoadBalancerNodePorts in EnvoyProxy CRD
- Added Support for LoadBalancerClass in EnvoyProxy CRD
- Added Support for selecting EnvoyProxy stats to be generated
- Added Support for enabling EnvoyProxy Virtual Host metrics
- Added Support for Merging Gateway resources onto the same infrastructure
Breaking Changes
- Removed the AuthenticationFilter CRD
- Removed the RateLimitFilter CRD
- Moved EnvoyProxy CRD from
config.gateway.envoyproxy.io
togateway.envoyproxy.io
- Enabled EnvoyProxy Prometheus Endpoint by default with an option to disable it
- Updated the Bootstrap field within the EnvoyProxy CRD with an additional value
- field to specify bootstrap config
Conformance
- Added Support for HTTPRouteBackendProtocolH2C Test
- Added Support for HTTPRouteBackendProtocolWebSocket Test
- Added Support for HTTPRouteRequestMultipleMirrors Test
- Added Support for HTTPRouteTimeoutRequest Test
- Added Support for HTTPRouteTimeoutBackendRequest Test
- Added Support for HTTPRouteRedirectPortAndScheme Test
Watchable
- Improved caching of resource by implementing a compare function agnostic of resource order
Translator
- Added support for routing to EndpointSlice endpoints
- Added support for HTTPRoute Timeouts
- Added support for multiple RequestMirror filters per HTTPRoute rule
- Use / instead of - in IR Route Names
- Added Support to ignore ports in Host header
Providers
- Added the generationChangedPredicate to most resources to limit resource reconiliation
- Improved reconiliation by using the same enqueue request for all resources
- Added support for reconciling ServiceImport CRD
- Added support for selectively watching resources based on Namespace Selector
xDS
- Fixed Layered Runtime warnings
- Upgraded to the latest version of go-control-plane that fixed xDS Resource ordering issues for ADS.
- Added HTTP2 Keep Alives to the xds connection
Cli
- Added Support for egctl stats command
17 - v1.0.0-rc.1
Date: Nov 1, 2023
Documentation
- Added User Guide for local rate limit
- Added User Guide for circuit breaker
- Added User Guide for fault injection
- Added User Guide for EnvoyProxy extraArgs
- Added User Guide for Timeouts in ClientTrafficPolicy
- Added User Guide for JWT claim base routing
- Added User Guide for HTTP Timeout
- Added User Guide for Retry in BackendTrafficPolicy
- Added User Guide for basic auth
- Added User Guide for OIDC
- Added User Guide for ClientTrafficPolicy
- Added User Guide for BackendTrafficPolicy
- Added
Type
andrequired
for CRD API doc - Updated crd-ref-docs to 0.0.10
- Updated Envoy proxy image to envoy:distroless-dev in main
Installation
- Added Support for Pulling envoyGateway image from a private registry
- Added Support for Configuring resources for certgen job
- Added Support for Configuring affinity for EnvoyGateway pod
API
- Added Support for Downstream QUIC/HTTP3 in ClientTrafficPolicy CRD
- Added Support for Downstream MTLS in ClientTrafficPolicy CRD
- Added Support for enabling EnvoyHeaders in ClientTrafficPolicy CRD
- Added Support for DisableMergeSlash and escapedSlashesAction in ClientTrafficPolicy CRD
- Added Support for EnableTrailers in HTTP/1.1 in ClientTrafficPolicy CRD
- Added Support for Preserving header letter-case on HTTP/1 in ClientTrafficPolicy CRD
- Added Support for enabling HTTP/1.0 and HTTP/0.9 in ClientTrafficPolicy CRD
- Added Support for Client IP Detection using XFF in ClientTrafficPolicy CRD
- Added Support for Client IP Detection using Custom Header in ClientTrafficPolicy CRD
- Added Support for Connection Timeouts in ClientTrafficPolicy CRD
- Added Support for Common TLS configuration properties in ClientTrafficPolicy CRD
- Added Support for Proxy protocol in ClientTrafficPolicy CRD
- Added Support for TCPKeepAlive in ClientTrafficPolicy CRD
- Added Support for Local rate limit in BackendTrafficPolicy CRD
- Added Support for CircuitBreaker in BackendTrafficPolicy CRD
- Added Support for Fault injection in BackendTrafficPolicy CRD
- Added Support for Passive Health Checks in BackendTrafficPolicy CRD
- Added Support for Active Health Checks in BackendTrafficPolicy CRD
- Added Support for Connection Timeouts in BackendTrafficPolicy CRD
- Added Support for Compressor/Decompressor in BackendTrafficPolicy CRD
- Added Support for Retry in BackendTrafficPolicy CRD
- Added Support for Slow start mode in BackendTrafficPolicy CRD
- Added Support for Proxy protocol in BackendTrafficPolicy CRD
- Added Support for TCPKeepAlive in BackendTrafficPolicy CRD
- Added Support for OIDC in SecurityPolicy CRD
- Added Support for Basic Auth in SecurityPolicy CRD
- Added Support for RedirectURL and signoutPath to OIDC in SecurityPolicy CRD
- Added Support for ExtractFrom headers and params to JWT in SecurityPolicy CRD
- Added Support for External authorization in SecurityPolicy CRD
- Added Support for RecomputeRoute field to JWT in SecurityPolicy CRD
- Added Support for AllowCredentials knob to CORS setting in SecurityPolicy CRD
- Added Support for Extract from different identifier to JWT in SecurityPolicy CRD
- Added Support for Secret resource in EnvoyPatchPolicy CRD
- Added Support for Making the value optional for JSONPatchOperation in EnvoyPatchPolicy CRD
- Added Support for
From
field to JSONPatchOperation in EnvoyPatchPolicy CRD - Added Support for MergeGateways in EnvoyPatchPolicy CRD
- Added Support for Upstream TLS by implementing BackendTLSPolicy CRD
- Added Support for LabelSelector type for NamespaceSelectors in EnvoyGateway Configuration
- Added Support for ratelimit prometheus in EnvoyGateway Configuration
- Added Support for Gracefully drain listeners before envoy shutdown on pod termination in EnvoyProxy CRD
- Added Support for Configuring externalTrafficPolicy to the envoy service in EnvoyProxy CRD
- Added Support for Envoy extra args in EnvoyProxy CRD
- Added Support for Mergepatch to envoyproxy/ratelimit deployment in EnvoyProxy CRD
- Added Support for Mergepatch to envoyproxy service in EnvoyProxy CRD
- Added Support for NodeSelector to PodSpec in EnvoyProxy CRD
- Added Support for HorizontalPodAutoscaler in EnvoyProxy CRD
- Added Support for TopologySpreadConstraints to PodSpec in EnvoyProxy CRD
- Added Support for ImagePullSecrets to PodSpec in EnvoyProxy CRD
Breaking Changes
- Use wildcard to match AllowOrigins to CORS in SecurityPolicy CRD
Conformance
- Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic
Testing
- Added e2e test for header case-preserving
- Added LoadBalancerIP validation to prevent trailing period
- Added e2e test for Timeout in ClientTrafficPolicy
- Added e2e test for jwt claim base routing
- Added e2e test for OIDC
- Added e2e test for BackendTrafficPolicy Retry
Translator
- Fixed Prefix match to prevent mismatching routes with the same prefix
- Fixed Multiple reconciling by implementing comparable interface for ir.Infra
- Fixed EndpointSlice with empty conditions {}
- Fixed Error handling when parsing the http request timeout
- Fixed No status when EnvoyPatchPolicy is disabled
- Fixed Printable for xds and infra IRs
- Fixed Skip backendRefs with weight set to 0
- Fixed AND Header matches in ratelimiting not working
- Fixed Deletion logics when no gatewayclasses exist
- Fixed Match mergedGateways irKey for ClientTrafficPolicy
- Fixed Policies should apply only to gateways they were attached to when mergeGateways is true
- Fixed Listener status is not surfaced for gateways when MergeGateways enabled
- Fixed GRPCroute websocket not working by moving web socket upgrade config from hcm to route
- Fixed Configure idle timeout when timeout is set on HTTPRoute
- Fixed Relaxing HTTPS restriction for OIDC token endpoint
- Fixed Panic when translating routes with empty backends
- Fixed Xds translation should be done in a best-effort manner
- Added Support for validating regex before sending to Envoy
- Added Support for setting spec.addresses.value into ClusterIP when Service Type is ClusterIP
- Added Unsupported status condition for filters within BackendRef
- Added List instead of map for Provider Resources for order stability
- Added Suffix for oauth cookies to prevent multiple oauth filters from overwriting each other’s cookies
- Added Support for overriding condition to BackendTrafficPolicy and SecurityPolicy
- Added Support for default retry budget and retry host predicate
- Added Support for implementing gateway.spec.infrastructure
- Added Validation for CA Cert in ClientTrafficPolicy
Providers
- Added Support for multiple GatewayClass per controller
- Added SecurityPolicyIndexers in Kubernetes Provider
- Added Support for generating HMAC secret in CertGen Job
- Fixed Finalizer logic when deleting Gatewayclasses
- Fixed MergeGateways panics when restarting control plane
xDS
- Added Support for EDS cache
- Added Support for ADS cache to ensure the rule order
- Fixed Deprecated field error when using RequestHeaderModifier filter
- Fixed Envoy rejects XDS at runtime losing all routes on restart
- Fixed Requests not matching defined routes trigger per-route filters
- Bumped go-control-plane to v0.12.0
Cli
- Added Support for egctl x status
- Added Support for egctl experimental dashboard envoy-proxy
- Added Support for egctl config ratelimit
18 - v0.6.0-rc.1
Date: Oct 27, 2023
Documentation
- Introduced a new website based on Hugo
- Added Grafana dashboards and integration docs for EnvoyProxy metrics
- Added Grafana integration docs for Gateway API metrics
Installation
- Added Support for configuring Envoy Gateway Label and Annotations using Helm
- Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
- Fixes Helm values for EnvoyGateway startup configuration
- Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.
API
- Upgraded to Gateway API v1.0.0
- Added the ClientTrafficPolicy CRD with Keep Alive Support
- Added the BackendTrafficPolicy CRD with RateLimit and LoadBalancer Support
- Added the SecurityPolicy CRD with CORS and JWT Support
- Added EnvoyGateway Metrics with Prometheus and OpenTelemetry support
- Added Support for InitContainers in EnvoyProxy CRD
- Added Support for LoadBalancerIP in EnvoyProxy CRD
- Added Support for AllocateLoadBalancerNodePorts in EnvoyProxy CRD
- Added Support for LoadBalancerClass in EnvoyProxy CRD
- Added Support for selecting EnvoyProxy stats to be generated
- Added Support for enabling EnvoyProxy Virtual Host metrics
- Added Support for Merging Gateway resources onto the same infrastructure
Breaking Changes
- Removed the AuthenticationFilter CRD
- Removed the RateLimitFilter CRD
- Enabled EnvoyProxy Prometheus Endpoint by default with an option to disable it
- Updated the Bootstrap field within the EnvoyProxy CRD with an additional value
- field to specify bootstrap config
Ci tooling testing
Conformance
Watchable
- Improved caching of resource by implementing a compare function agnostic of resource order
Translator
Breaking Changes
- Added support for routing to EndpointSlice endpoints
- Added support for HTTPRoute Timeouts
- Added support for multiple RequestMirror filters per HTTPRoute rule
- Use / instead of - in IR Route Names
- Added Support to ignore ports in Host header
Providers
- Added the generationChangedPredicate to most resources to limit resource reconiliation
- Improved reconiliation by using the same enqueue request for all resources
- Added support for reconciling ServiceImport CRD
- Added support for selectively watching resources based on Namespace Selector
xDS
- Fixed Layered Runtime warnings
- Upgraded to the latest version of go-control-plane that fixed xDS Resource ordering issues for ADS.
- Added HTTP2 Keep Alives to the xds connection
Cli
- Added Support for egctl stats command
19 - v0.5.0
Date: July 26, 2023
Documentation
- Added Docs for Installation page using Helm
- Added Docs for Cert Manager Integration
- Added Docs for Presentation Links
- Added Docs for configuring multiple TLS Certificates per Listener
Installation
- Added Support for configuring Envoy Gateway Label and Annotations using Helm
- Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
- Fixes Helm values for EnvoyGateway startup configuration
- Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.
API
- Upgraded to Gateway API v0.7.1
- Added Support for EnvoyPatchPolicy
- Added Support for EnvoyProxy Telemetry - Access Logging, Traces and Metrics
- Added Support for configuring EnvoyProxy Pod Labels
- Added Support for configuring EnvoyProxy Deployment Strategy Settings, Volumes and Volume Mounts
- Added Support for configuring EnvoyProxy as a NodePort Type Service
- Added Support for Distinct RateLimiting for IP Addresses
- Added Support for converting JWT Claims to Headers, to be used for RateLimiting
- Added Admin Server for Envoy Gateway
- Added Pprof Debug Support for Envoy Gateway
- Added Support to Watch for Resources in Select Namespaces
Breaking Changes
- Renamed field in EnvoyGateway API from Extension to ExtensionManager
Ci tooling testing
- Added Retest Github Action
- Added CherryPick Github Action
- Added E2E Step in Github CI Workflow
- Added RateLimit E2E Tests
- Added JWT Claim based RateLimit E2E Tests
- Added Access Logging E2E tests
- Added Metrics E2E tests
- Added Tracing E2E tests
Conformance
- Enabled GatewayWithAttachedRoutes Test
- Enabled HttpRouteRequestMirror Test
- Skipped HTTPRouteRedirectPortAndScheme Test
Translator
Breaking Changes
- Renamed IR resources from
- to / - which also affects generated Xds Resources
Providers
- Reconcile Node resources to be able to compute Status Addresses for Gateway
- Discard Status before publishing Provider resources to reduce memory consumption
xDS
- Fix Init Race in Xds Runner when starting Xds Server and receiving Xds Input
- Switched to Xds SOTW Server for RateLimit Service Configuration
- Added Control Plane TLS between EnvoyProxy and RateLimit Service
- Enabled adding RateLimit Headers when RateLimit is set
- Allowed GRPCRoute and HTTPRoute to be linked to the same HTTPS Listener
- Set ALPN in the Xds Listener with TLS enabled.
- Added Best Practices Default Edge Settings to Xds Resources
- Compute and Publish EnvoyPatchPolicy status from xds-translator runner
Cli
- Added egctl x translate Support to generate default missing Resources
- Added egctl x translate Support for AuthenticationFilter and EnvoyPatchPolicy
20 - v0.5.0-rc.1
Date: July 26, 2023
Documentation
- Added Docs for Installation page using Helm
- Added Docs for Cert Manager Integration
- Added Docs for Presentation Links
- Added Docs for configuring multiple TLS Certificates per Listener
Installation
- Added Support for configuring Envoy Gateway Label and Annotations using Helm
- Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
- Fixes Helm values for EnvoyGateway startup configuration
- Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.
API
- Upgraded to Gateway API v0.7.1
- Added Support for EnvoyPatchPolicy
- Added Support for EnvoyProxy Telemetry - Access Logging, Traces and Metrics
- Added Support for configuring EnvoyProxy Pod Labels
- Added Support for configuring EnvoyProxy Deployment Strategy Settings, Volumes and Volume Mounts
- Added Support for configuring EnvoyProxy as a NodePort Type Service
- Added Support for Distinct RateLimiting for IP Addresses
- Added Support for converting JWT Claims to Headers, to be used for RateLimiting
- Added Admin Server for Envoy Gateway
- Added Pprof Debug Support for Envoy Gateway
- Added Support to Watch for Resources in Select Namespaces
Breaking Changes
- Renamed field in EnvoyGateway API from Extension to ExtensionManager
Ci tooling testing
- Added Retest Github Action
- Added CherryPick Github Action
- Added E2E Step in Github CI Workflow
- Added RateLimit E2E Tests
- Added JWT Claim based RateLimit E2E Tests
- Added Access Logging E2E tests
- Added Metrics E2E tests
- Added Tracing E2E tests
Conformance
- Enabled GatewayWithAttachedRoutes Test
- Enabled HttpRouteRequestMirror Test
- Skipped HTTPRouteRedirectPortAndScheme Test
Translator
Breaking Changes
- Renamed IR resources from
- to / - which also affects generated Xds Resources
Providers
- Reconcile Node resources to be able to compute Status Addresses for Gateway
- Discard Status before publishing Provider resources to reduce memory consumption
xDS
- Fix Init Race in Xds Runner when starting Xds Server and receiving Xds Input
- Switched to Xds SOTW Server for RateLimit Service Configuration
- Added Control Plane TLS between EnvoyProxy and RateLimit Service
- Enabled adding RateLimit Headers when RateLimit is set
- Allowed GRPCRoute and HTTPRoute to be linked to the same HTTPS Listener
- Set ALPN in the Xds Listener with TLS enabled.
- Added Best Practices Default Edge Settings to Xds Resources
- Compute and Publish EnvoyPatchPolicy status from xds-translator runner
Cli
- Added egctl x translate Support to generate default missing Resources
- Added egctl x translate Support for AuthenticationFilter and EnvoyPatchPolicy
21 - v0.4.0
Date: April 24, 2023
Documentation
- Added Docs for Installing and Using egctl
Installation
- Added Helm Installation Support
- Added Support for Ratelimiting Based On IP Subnet
- Added Gateway API Support Doc
- Added Namespace Resource to Helm Templates
- Updated Installation Yaml to Use the envoy-gateway-system Namespace
API
- Upgraded to Gateway API v0.6.2
- Added Support for Custom Envoy Proxy Bootstrap Config
- Added Support for Configuring the Envoy Proxy Image and Service
- Added Support for Configuring Annotations, Resources, and Securitycontext Settings on Ratelimit Infra and Envoy Proxy
- Added Support for Using Multiple Certificates on a Single Fully Qualified Domain Name
- Gateway Status Address is now Populated for ClusterIP type Envoy Services
- Envoy Proxy Pod and Container SecurityContext is now Configurable
- Added Custom Envoy Gateway Extensions Framework
- Added Support for Service Method Match in GRPCRoute
- Fixed a Bug in the Extension Hooks for xDS Virtual Hosts and Routes
Ci tooling testing
- Fixed CI Flakes During Helm Install
- Added Test To Ensure Static xDS Cluster Has Same Field Values as Dynamic Cluster
- Added egctl to Build and Test CI Workflow
- Code Coverage Thresholds are now Enforced by CI
- Fixed latest-release-check CI Job Failures
- Added Auto Release Tooling for Charts
Conformance
- Enabled GatewayWithAttachedRoutes Test
- Enabled Enable HTTPRouteInvalidParentRefNotMatchingSectionName Test
- Enabled Enable HTTPRouteDisallowedKind Test
- Re-Enabled Gateway/HTTPRouteObservedGenerationBump Test
Translator
- Added Support for Dynamic GatewayControllerName in Route Status
Providers
- Update GatewayClass Status Based on EnvoyProxy Config Validation
xDS
- Added EDS Support
- Fixed PathSeparatedPrefix and Optimized Logic for Prefixes Ending With Trailing Slash
- Updated Deprecated RegexMatcher
- Refactored Authn and Ratelimit Features to Reuse buildXdsCluster
Cli
- Added egctl CLI Tool
- Added egctl Support for Dry Runs of Gateway API Config
- Added egctl Support for Dumping Envoy Proxy xDS Resources
22 - v0.4.0-rc.1
Date: April 13, 2023
Documentation
- Added Docs for Installing and Using egctl
Installation
- Added Helm Installation Support
- Added Support for Ratelimiting Based On IP Subnet
- Added Gateway API Support Doc
API
- Upgraded to Gateway API v0.6.2
- Added Support for Custom Envoy Proxy Bootstrap Config
- Added Support for Configuring the Envoy Proxy Image and Service
- Added Support for Configuring Annotations, Resources, and Securitycontext Settings on Ratelimit Infra and Envoy Proxy
- Added Support for Using Multiple Certificates on a Single Fully Qualified Domain Name
- Gateway Status Address is now Populated for ClusterIP type Envoy Services
- Envoy Proxy Pod and Container SecurityContext is now Configurable
- Added Custom Envoy Gateway Extensions Framework
- Added Support for Service Method Match in GRPCRoute
Ci tooling testing
- Fixed CI Flakes During Helm Install
- Added Test To Ensure Static xDS Cluster Has Same Field Values as Dynamic Cluster
- Added egctl to Build and Test CI Workflow
- Code Coverage Thresholds are now Enforced by CI
- Fixed latest-release-check CI Job Failures
- Added Auto Release Tooling for Charts
Conformance
- Enabled GatewayWithAttachedRoutes Test
- Enabled Enable HTTPRouteInvalidParentRefNotMatchingSectionName Test
- Enabled Enable HTTPRouteDisallowedKind Test
- Re-Enabled Gateway/HTTPRouteObservedGenerationBump Test
Translator
- Added Support for Dynamic GatewayControllerName in Route Status
Providers
- Update GatewayClass Status Based on EnvoyProxy Config Validation
xDS
- Added EDS Support
- Fixed PathSeparatedPrefix and Optimized Logic for Prefixes Ending With Trailing Slash
- Updated Deprecated RegexMatcher
- Refactored Authn and Ratelimit Features to Reuse buildXdsCluster
Cli
- Added egctl CLI Tool
- Added egctl Support for Dry Runs of Gateway API Config
- Added egctl Support for Dumping Envoy Proxy xDS Resources
23 - v0.3.0
Date: February 09, 2023
Documentation
- Added Global Rate Limit User Docs
- Added Request Authentication User Docs
- Added TCP Routing User Docs
- Added UDP Routing User Docs
- Added GRPC Routing User Docs
- Added HTTP Response Headers User Docs
- Added TCP and UDP Proxy Design Docs
- Added egctl Design Docs
- Added Rate Limit Design Docs
- Added Request Authentication Design Docs
- Added Support for Versioned Docs
- Added Support for Multiple Release Versions
- Added Release Details Docs
- Added API Docs Generating Tooling
- Refactored Layout for User Docs
API
- Upgraded to v0.6.1 Gateway API
- Added Support for the TCPRoute API
- Added Support for the UDPRoute API
- Added Support for the GRPCRoute API
- Added Support for HTTPRoute URLRewrite Filter
- Added Support for HTTPRoute RequestMirror Filter
- Added Support for HTTPRoute ResponseHeaderModifier Filter
- Added Support for Request Authentication
- Added Support for Global Rate Limiting
- Added Support for Routes ReferenceGrant
- Added Support for Namespace Server Config Type
- Added initial management of Envoy Proxy deployment via EnvoyProxy API
Ci tooling testing
- Fixed Make Image Failed in Darwin
- Fixed Wait for Job Succeeded before conformance test
- Upgraded Echoserver Image Tag
- Added Support for User-Facing Version
- Added Support for Testing EG against Multiple Kubernetes Versions
Conformance
- Enabled GatewayClassObservedGenerationBump conformance test
- Enabled GatewayInvalidTLSConfiguration conformance test
- Enabled GatewayInvalidRouteKind conformance test
- Enabled HTTPRouteReferenceGrant conformance test
- Enabled HTTPRouteMethodMatching conformance test
- Enabled HTTPRoutePartiallyInvalidViaInvalidReferenceGrant conformance test
- Enabled HTTPRouteInvalidParentRefNotMatchingListenerPort conformance test
- (Currently EG passes all conformance tests except redirect and gateway/httproute ObservedGenerationBump tests. Redirect tests are failing due to a possible issue with the way upstream conformance tests have made assumptions. Skip them for now until below issues #992 #993 #994 are resolved)
IR
- Added TCP Listener per TLSRoute
Translator
- Fixes Remove Stale Listener Condition
- Added Support for Suffix Matches for Headers
- Added Support for HTTP Method Matching to HTTPRoute
- Added Support for Regex Match Type
- Added Support for HTTPQueryParamMatch
Providers
- Refactored Kubernetes Provider to Single Reconciler
- Upgraded Kube Provider Test Data Manifests to v0.6.1
- Removed Duplicate Settings from Bootstrap Config
- Updated Certgen to Use EG Namespace Env
- Added EnvoyProxy to Translator and Kube Infra Manager
- Upgraded Envoyproxy Image to envoy-dev latest in Main
- Removed EG Logs Private Key
xDS
- Fixed Start xDS Server Watchable Map Panics
- Enabled Access Logging for xDS Components
24 - v0.3.0-rc.1
Date: February 02, 2023
Documentation
- Added Support for Multiple Release Versions
- Added Support for Versioned Docs
- Added Release Details Docs
- Refactored Layout for User Docs
API
- Upgraded to v0.6.0 Gateway API
- Added Support for the TCPRoute API
- Added Support for the UDPRoute API
- Added Support for the GRPCRoute API (Add to the ListenerStatus.SupportedKinds Field until https://github.com/envoyproxy/gateway/issues/950 is fixed.)
- Added Support for HTTPRoute URLRewrite Filter
- Added Support for HTTPRoute RequestMirror Filter
- Added Support for HTTPRoute ResponseHeaderModifier Filter
- Added APIs to Manage Envoy Deployment
- Added Support for Request Authentication
- Added Support for Global Rate Limiting
- Added Support for Routes ReferenceGrant
- Added Support for Namespace Server Config Type
Ci tooling testing
- Fixes Make Image Failed in Darwin
- Fixes Wait for Job Succeeded before conformance test
- Upgraded Echoserver Image Tag
- Added Support for User-Facing Version
- Added Support for Testing EG against Multiple Kubernetes Versions
Conformance
- Enabled HTTPRouteInvalidParentRefNotMatchingListenerPort conformance test
- Enabled GatewayInvalidTLSConfiguration conformance test
- Enabled GatewayInvalidRouteKind conformance test
- Enabled HTTPRoutePartiallyInvalidViaInvalidReferenceGrant conformance test
- Enabled HTTPRouteReferenceGrant conformance test
- Enabled HTTPRouteMethodMatching conformance test
IR
- Added TCP Listener per TLSRoute
Translator
- Fixes Remove Stale Listener Condition
- Added Support for Suffix Matches for Headers
- Added Support for HTTP Method Matching to HTTPRoute
- Added Support for Regex Match Type
- Added Support for HTTPQueryParamMatch
Providers
- Refactored Kubernetes Provider to Single Reconciler
- Upgraded Kube Provider Test Data Manifests to v0.6.0
- Removed Duplicate Settings from Bootstrap Config
- Updated Certgen to Use EG Namespace Env
- Added EnvoyProxy to Translator and Kube Infra Manager
- Upgraded Envoyproxy Image to envoy-dev latest in Main
- Removed EG Logs Private Key
xDS
- Fixed Start xDS Server Watchable Map Panics
- Enabled Access Logging for xDS Components
25 - v0.2.0
Date: October 19, 2022
Documentation
- Added Config API, translator, roadmap, and message bus design documentation.
- Added documentation for releasing Envoy Gateway.
- Added user guides for configuring common tasks, e.g. HTTP request routing.
- Added support for the Sphinx documentation generator.
API
- Added the EnvoyGateway API type for configuring Envoy Gateway.
- Added the EnvoyProxy API type for configuring managed Envoys.
Ci tooling testing
- Added tooling to build, run, etc. Envoy Gateway.
- Added Gateway API conformance tests.
- Added Make-based tooling to fetch all tools so checks (code lint, spellchecks) and tests can be run locally.
- Added support for releasing latest artifacts to GitHub.
- Added code coverage with a minimum 60% threshold.
IR
- Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway.
- Added IR validation.
Translator
- Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage the
- status of Gateway API resources.
- Added the xDS translator to translate the xds IR to xDS resources.
Message-service
- Added infra and xds IR watchable map messages for inter-component communication.
- Added a Runner to each Envoy Gateway component to support pub/sub between components.
- Added support for managing multiple separate Envoy proxy fleets.
Infra-manager
- Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster.
- Added support for managing a separate Envoy infrastructure per Gateway.
Providers
- Added the Kubernetes provider with support for managing GatewayClass, Gateway, HTTPRoute, ReferenceGrant, and
- TLSRoute resources.
- Due to Issue #539, a ReferenceGrant is not removed from the system when unreferenced.
- Due to Issue #577, TLSRoute is not being tested for Gateway API conformance.
- Added watchers for dependent resources of managed Envoy infrastructure to trigger reconciliation.
- Added support for labeling managed infrastructure using Gateway namespace/name labels.
- Added support for finalizing the managed GatewayClass.
xDS
- Added xDS server support to configure managed Envoys using Delta xDS.
- Added initial support for mTLS between the xDS server and managed Envoys.
- Due to envoyproxy/go-control-plane Issue #599, Envoy Gateway logs the private key of HTTPS listeners.
26 - v0.2.0-rc2
Date: September 29, 2022
Documentation
- Updated and expanded developer documentation.
- Added
kube-demo
target to demonstrate Envoy Gateway functionality. - Added developer debugging documentation.
Ci
- Added Gateway API conformance tests.
Providers
- Added watchers for dependent resources of managed Envoy infrastructure.
- Added Gateway namespace/name labels to managed resources.
- Added support for finalizing the managed GatewayClass.
xDS
- Updated xds server and Envoy bootstrap config to use Delta xDS.
- Added initial support for mTLS between the xDS server and Envoy.
Translator
- Expanded support for Gateway API status.
- Added support for request modifier and redirect filters.
- Added support to return 500 responses for invalid backends.
Message service
- Updated IRs to support managing multiple Envoy fleets.
Infra manager
- Separate Envoy infrastructure is created per Gateway.
27 - v0.2.0-rc1
Date: August 31, 2022
Documentation
- Added a quickstart guide for users to run and use Envoy Gateway.
API
- Added the EnvoyGateway API type for configuring Envoy Gateway.
- Added the EnvoyProxy API type for configuring managed Envoys.
Ci
- Added tooling to build, run, etc. Envoy Gateway.
Providers
- Added the Kubernetes provider.
xDS
- Added xDS server to configure managed Envoys.
IR
- Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway.
- Added IR validation.
Translator
- Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage
- Gateway API status.
Message service
- Added infra and xds IR watchable map messages for inter-component communication.
- Added a Runner to each component to support pub/sub between components.
Infra manager
- Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster.