This is the multi-page printable view of this section. Click here to print.
Notes
This section includes Releases Notes of Envoy Gateway.
- 1: v1.1.1
- 2: v1.1.0
- 3: v1.1.0-rc.1
- 4: v1.0.2
- 5: v1.0.1
- 6: v1.0.0
- 7: v0.6.0
- 8: v1.0.0-rc.1
- 9: v0.6.0-rc.1
- 10: v0.5.0
- 11: v0.5.0-rc.1
- 12: v0.4.0
- 13: v0.4.0-rc.1
- 14: v0.3.0
- 15: v0.3.0-rc.1
- 16: v0.2.0
- 17: v0.2.0-rc2
- 18: v0.2.0-rc1
- 19: v0.1.0
1 - v1.1.1
Date: September 11, 2024
Documentation
- Bumped Golang version to 1.22.7
Conformance
- Enabled GatewayHTTPListenerIsolation test
Testing
- Fix download URL of envoy proxy WASM examples used in tests
Translator
- Fixed url rewrite to remove trailing slash
- Isolate HTTP route tables to listener according to Gateway-API specifications
- Fixed identification of ReferenceGrant when multiple ReferenceGrants exist in a namespace
- Fixed added header values as a command and space delimited list
- Fixed assertion on expected status in active HTTP healthcheck
- Fixed rejection of invalid Backends referenced by xRoutes
- Fixed support for empty SlowStart configuration when using LeastRequest loadbalancing
- Fixed update of status for Backends
Infra-manager
- Pin ratelimit version to 26f28d78
- Reduce readinessProbe failureThreshold and periodSeconds of proxy
- Expose ratelimit statsd
Providers
- Fixed error returned when referenced Configmap or Secret is not found
- Use component name in Envoy Gateway logs
2 - v1.1.0
Date: July 22, 2024
Documentation
- Added Concepts Doc
- Added User Guide for Wasm Extension
- Added User Guide for patching Envoy Service
- Added User Guide for Backend MTLS
- Added User Guide for Backend TLS Parameters
- Added User Guide for IP Allowlist/Denylist
- Added User Guide for Extension Server
- Added User Guide for building Wasm image
- Added Performance Benchmarking Document
- Added User Guide for Zipkin Tracing
- Added User Guide for Customizing Ordering of Filters
- Added User Guide for External Processing Filter in EnvoyExtensionPolicy
- Added User Guide for installation of egctl with brew
- Added User Guide for Client Buffer Size Limit
- Added User Guide for Client Idle Timeout
- Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides
- Added User Guide for Backend resource
- Added GA Blog Post
- Added Threat Model
- Added Adopters section to docs
- Added User Guide and Dashboards for Control Plane and Resource Observability
- Added User Guide for Connection Limits in ClientTrafficPolicy
- Added User Guide on using Private Key Provider
- Added Design Doc for Authorization
- Added Design Doc for XDS Metadata
- Added Design Doc for Backend resource
- Added Design Doc for Control Plane Observability
- Added Design Doc for EnvoyExtensionPolicy
- Added Design Doc for External Processing in EnvoyExtensionPolicy
- Updated Access Logging User Guide to include filtering with CEL Expression
- Updated Access Logging User Guide to include Metadata
- Updated Development Guide to require Golang 1.22
- Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource
- Updated Site to reflect GA status
- Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef
- Updated Observability User Guides to use gateway-addons-helm
- Updated Gateway-API User Guide to reflect support for BackendRef filters
- Updated HTTP Timeouts User Guide to highlight default Envoy timeouts
- Updated Installation Guide to use server-side apply
- Updated Installation Guide to refer to values.yaml docs
- Updated BackendTLSPolicy User Guide to GW-API v1.1.0
- Updated User Guides to use tabs when applying yaml from file or stdin
- Updated OIDC User Guide to use HTTPS redirect URLs
- Updated Order of versions in Site
- Updated Extensbility User Gudie to use yaml-format patches
- Updated Quickstart Guide to include next steps
- Updated CRD docs to include enum values
- Updated Extensibility User Guide with Envoy Patch Policy examples
- Updated structure of docs: rename Guides to Tasks, move Contribution
- Updated Support Matrix
- Updated egctl x status docs for xRoute and xPolicy
- Updated egctl User Guide with Install and Uninstall commands
- Updated GRPCRoute docs to use v1 instead of v1alpha2
- Fixed Rate Limiting User Guide to use correct CIDR matcher type names
- Fixed User Guide for JWT-based routing
- Fixed JSON Access Log Example
- Use linkinator to detect dead links in docs
- Use helm-docs to generate chart docs
- Support Not-Implemented-Hide marker in API docs
Installation
- Added startupProbe to all provisioned containers to reduce risk of restart
- Added new gateway-addons-helm chart for Observability
- Added support for global image settings for all images in Envoy Gateway helm chart
- Added Support for PodDistruptionBudget for Envoy Gateway
- Added Support for TopologySpreadConstraints for Envoy Gateway
- Added Support for Tolerations for Envoy Gateway
- Added Support for Ratelimit image pull secrets and pull policy
- Updated ttlSecondsAfterFinished on certgen job to 30 by default
- Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts
- Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service
API
- Added Support for Gateway-API v1.1.0
- Added new Backend CRD
- Added new EnvoyExtensionPolicy CRD
- Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs
- Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs
- Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config
- Added Support for Custom ShutDownManager Image in EnvoyGateway Config
- Added Support for Leader Election in EnvoyGateway Config
- Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config
- Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD
- Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD
- Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD
- Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD
- Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD
- Added Support for Rate Limiting Tracing in EnvoyProxy CRD
- Added Support for Routing to Service IP in EnvoyProxy CRD
- Added Support for Access Log CEL filters in EnvoyProxy CRD
- Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD
- Added Support for Zipkin Tracing in EnvoyProxy CRD
- Added Support for using the Listener port as a the Container port in EnvoyProxy CRD
- Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD
- Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD
- Added Support for Backend TLS Settings in EnvoyProxy CRD
- Added Support for HTTP Filter Ordering in EnvoyProxy CRD
- Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD
- Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD
- Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD
- Added Support for Per-Endpoint stats in EnvoyProxy CRD
- Added Support for Targeting SectionNames in ClientTrafficPolicy CRD
- Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD
- Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD
- Added Support for HTTP/2 settings in ClientTrafficPolicy CRD
- Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD
- Added Support for HTTP Health Check in ClientTrafficPolicy CRD
- Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD
- Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD
- Added Support for XFCC header processing in ClientTrafficPolicy CRD
- Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD
- Added Support for IdleTimeout in ClientTrafficPolicy CRD
- Added Support for Connection Limits in ClientTrafficPolicy CRD
- Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD
- Added Support for Optionally requiring a JWT in SecurityPolicy CRD
- Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD
- Added Support for Authorization in SecurityPolicy CRD
- Added Support for Ext-Auth failOpen in SecurityPolicy CRD
- Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD
- Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD
- Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD
- Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD
- Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD
- Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy
- Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD
- Added Support for Wasm extension in EnvoyExtensionPolicy CRD
- Added Support for External Processing extension in EnvoyExtensionPolicy CRD
- Removed Status Print Column from xPolicy CRDs
Breaking Changes
- SecurityPolicy translation failures will now cause routes referenced by the policy to return an immediate 500 response
- Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
- xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources
Deprecations
- xPolicy targetRef is deprecated, use targetRefs instead
- SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead
- OpenTelemetry Proxy Access Log Host and Port are deprecated, use backendRefs instead
- OpenTelemetry Proxy Metrics Sink Host and Port are deprecated, use backendRefs instead
- Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead
- Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead
Conformance
- Added Supported Features to Gateway Class
Testing
- Added e2e test for Client MTLS
- Added e2e test for Load Balancing
- Added performance benchmarking test
- Added e2e test for Zipking Tracing
- Added e2e test for HTTP Health Checks
- Added e2e test for CEL Access Log Filter
- Added e2e test for GRPC Access Log Service Sink
- Added e2e test for XDS Metadata
- Added e2e test for Wasm from OCI Images and HTTP Source
- Added e2e test for Service IP Routing
- Added e2e test for Multiple GatewayClasses
- Added e2e test for HTTP Full Path rewrite
- Added e2e test for Backend API
- Added e2e test for Backend TLS Settings
- Added e2e test for disabling X-RateLimit Headers
- Added e2e test for Authorization
- Added e2e test for BackendRefs in Ext-Auth
- Added e2e test for Using Client Protocol in Upstream Connection
- Added e2e test for Backend Client Cert Authentication
- Added e2e test for External Processing Filter
- Added e2e test for Merge Gateways Feature
- Added e2e test for Option JWT authentication
- Added e2e test for Infrastructure using Server-Side Apply
- Added e2e test for Connection Limits
- Added e2e test for Envoy Graceful Shutdown
- Updated e2e test for Limit to cover multiple listeners
- Updated e2e test for CORS to not require access-control-expose-headers
- Run CEL tests on all supported K8s versions
- Added OSV Scanner for Golang Vulnerabilities and Licenses
- Added Trivy scanner for Docker images
Translator
- Added Support for BackendRef HTTP Filters
- Added Support for attaching EnvoyProxy to Gateways
- Added Support for cross-namespace EnvoyProxy reference from GatewayClass
- Added Support for Backend Traffic Policy for UDPRoute and TCPRoute
- Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute
- Added Support for multiple BackendRefs in TCPRoute and UDPRoute
- Added Metrics related to XDS Server, Infra Manager and Controller
- Added Support for PolicyStatus in EnvoyPatchPolicy
- Added Support for Websocket upgrades in HTTP/1 Routes
- Added Support for custom controller name in egctl
- Added Support for BackendTLSPolicy CA Certificate reference to Secret
- Added names to Filter Chains
- Added Support extension server hooks for TCP and UDP listeners
- Added Support for attaching EnvoyProxy resource to Gateways
- Added Support for Exposing Prometheus Port in Rate Limiter Service
- Added Support for Optional Rate Limit Backend Redis
- Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled
- Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain
- Updated Ext-Auth Per-Route config to use filter-specific Config Type
- Updated Overload Manager configuration according to Envoy recommendations by default
- Updated Infrastructure resource management to user Server-Side Apply
- Updated Reflection of Errors in Gateway Status when too many addresses are assigned
- Fixed enforcement of same-namespace for BackendTLSPolicy and target
- Fixed processing all listeners before returning with an error
- Fixed creation of infrastructure resources if there are no listeners
- Fixed use GatewayClass Name for Observability if Merge Gateways is enabled
- Fixed CORS to not forward Not-Matching Preflights to Backends
- Fixed BackendTLSPolicy status to fully conform with PolicyStatus
- Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters
- Fixed Proxy Protocol Filter to always be the first Listener Filter
- Fixed Translation Consistency by sorting Gateways
- Fixed QUIC Listener to only Advertise HTTP/3 over ALPN
- Fixed SNI matching for TCP Routes with TLS termination
- Fixed Reconciliation when EnvoyProxy backendRefs changes
- Fixed Reconciliation when a referenced Secret or ConfigMap changes
- Fixed ReplaceFullPath not working for root path
- Fixed Default Application Protocol to TCP for Zipkin Tracing
- Fixed not appending well-known ports (80, 443) in rediret Location header
Providers
- Bumped K8s Client to v0.30.0
xDS
- Bumped go-control-plane to v0.12.1
Cli
- Added egctl x collect command
- Added Support for Install and Uninstall commands to egctl
- Added Support for xRoute and xPolicy in egctl x status
- Added Golang version to Envoy Gateway version command
- Fixed egctl x status gatewayclass example message
3 - v1.1.0-rc.1
Date: July 8, 2024
Documentation
- Added Performance Benchmarking Document
- Added User Guide for Zipkin Tracing
- Added User Guide for Customizing Ordering of Filters
- Added User Guide for External Processing Filter in EnvoyExtensionPolicy
- Added User Guide for installation of egctl with brew
- Added User Guide for Client Buffer Size Limit
- Added User Guide for Client Idle Timeout
- Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides
- Added User Guide for Backend resource
- Added GA Blog Post
- Added Threat Model
- Added Adopters section to docs
- Added User Guide and Dashboards for Control Plane and Resource Observability
- Added User Guide for Connection Limits in ClientTrafficPolicy
- Added User Guide on using Private Key Provider
- Added Design Doc for Authorization
- Added Design Doc for XDS Metadata
- Added Design Doc for Backend resource
- Added Design Doc for Control Plane Observability
- Added Design Doc for EnvoyExtensionPolicy
- Added Design Doc for External Processing in EnvoyExtensionPolicy
- Updated Access Logging User Guide to include filtering with CEL Expression
- Updated Access Logging User Guide to include Metadata
- Updated Development Guide to require Golang 1.22
- Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource
- Updated Site to reflect GA status
- Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef
- Updated Observability User Guides to use gateway-addons-helm
- Updated Gateway-API User Guide to reflect support for BackendRef filters
- Updated HTTP Timeouts User Guide to highlight default Envoy timeouts
- Updated Installation Guide to use server-side apply
- Updated Installation Guide to refer to values.yaml docs
- Updated BackendTLSPolicy User Guide to GW-API v1.1.0
- Updated User Guides to use tabs when applying yaml from file or stdin
- Updated OIDC User Guide to use HTTPS redirect URLs
- Updated Order of versions in Site
- Updated Extensbility User Gudie to use yaml-format patches
- Updated Quickstart Guide to include next steps
- Updated CRD docs to include enum values
- Updated Extensibility User Guide with Envoy Patch Policy examples
- Updated structure of docs: rename Guides to Tasks, move Contribution
- Updated Support Matrix
- Updated egctl x status docs for xRoute and xPolicy
- Updated egctl User Guide with Install and Uninstall commands
- Updated GRPCRoute docs to use v1 instead of v1alpha2
- Fixed Rate Limiting User Guide to use correct CIDR matcher type names
- Fixed User Guide for JWT-based routing
- Fixed JSON Access Log Example
- Use linkinator to detect dead links in docs
- Use helm-docs to generate chart docs
- Support Not-Implemented-Hide marker in API docs
Installation
- Added new gateway-addons-helm chart for Observability
- Added support for global image settings for all images in Envoy Gateway helm chart
- Added Support for PodDistruptionBudget for Envoy Gateway
- Added Support for TopologySpreadConstraints for Envoy Gateway
- Added Support for Tolerations for Envoy Gateway
- Added Support for Ratelimit image pull secrets and pull policy
- Updated ttlSecondsAfterFinished on certgen job to 30 by default
- Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts
- Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service
API
- Added Support for Gateway-API v1.1.0
- Added new Backend CRD
- Added new EnvoyExtensionPolicy CRD
- Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs
- Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs
- Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config
- Added Support for Custom ShutDownManager Image in EnvoyGateway Config
- Added Support for Leader Election in EnvoyGateway Config
- Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config
- Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD
- Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD
- Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD
- Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD
- Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD
- Added Support for Rate Limiting Tracing in EnvoyProxy CRD
- Added Support for Routing to Service IP in EnvoyProxy CRD
- Added Support for Access Log CEL filters in EnvoyProxy CRD
- Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD
- Added Support for Zipkin Tracing in EnvoyProxy CRD
- Added Support for using the Listener port as a the Container port in EnvoyProxy CRD
- Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD
- Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD
- Added Support for Backend TLS Settings in EnvoyProxy CRD
- Added Support for HTTP Filter Ordering in EnvoyProxy CRD
- Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD
- Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD
- Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD
- Added Support for Per-Endpoint stats in EnvoyProxy CRD
- Added Support for Targeting SectionNames in ClientTrafficPolicy CRD
- Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD
- Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD
- Added Support for HTTP/2 settings in ClientTrafficPolicy CRD
- Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD
- Added Support for HTTP Health Check in ClientTrafficPolicy CRD
- Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD
- Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD
- Added Support for XFCC header processing in ClientTrafficPolicy CRD
- Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD
- Added Support for IdleTimeout in ClientTrafficPolicy CRD
- Added Support for Connection Limits in ClientTrafficPolicy CRD
- Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD
- Added Support for Optionally requiring a JWT in SecurityPolicy CRD
- Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD
- Added Support for Authorization in SecurityPolicy CRD
- Added Support for Ext-Auth failOpen in SecurityPolicy CRD
- Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD
- Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD
- Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD
- Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD
- Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD
- Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy
- Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD
- Added Support for Wasm extension in EnvoyExtensionPolicy CRD
- Added Support for External Processing extension in EnvoyExtensionPolicy CRD
- Removed Status Print Column from xPolicy CRDs
Breaking Changes
- Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
- xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources
Deprecations
- xPolicy targetRef is deprecated, use targetRefs instead
- SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead
- OpenTelemetry Proxy Access Log Host and Port are deprecated, use backendRefs instead
- OpenTelemetry Proxy Metrics Sink Host and Port are deprecated, use backendRefs instead
- Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead
- Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead
Conformance
- Added Supported Features to Gateway Class
Testing
- Added performance benchmarking test
- Added e2e test for Zipking Tracing
- Added e2e test for HTTP Health Checks
- Added e2e test for CEL Access Log Filter
- Added e2e test for GRPC Access Log Service Sink
- Added e2e test for XDS Metadata
- Added e2e test for Wasm from OCI Images and HTTP Source
- Added e2e test for Service IP Routing
- Added e2e test for Multiple GatewayClasses
- Added e2e test for HTTP Full Path rewrite
- Added e2e test for Backend API
- Added e2e test for Backend TLS Settings
- Added e2e test for disabling X-RateLimit Headers
- Added e2e test for Authorization
- Added e2e test for BackendRefs in Ext-Auth
- Added e2e test for Using Client Protocol in Upstream Connection
- Added e2e test for Backend Client Cert Authentication
- Added e2e test for External Processing Filter
- Added e2e test for Merge Gateways Feature
- Added e2e test for Option JWT authentication
- Added e2e test for Infrastructure using Server-Side Apply
- Added e2e test for Connection Limits
- Added e2e test for Envoy Graceful Shutdown
- Updated e2e test for Limit to cover multiple listeners
- Updated e2e test for CORS to not require access-control-expose-headers
- Run CEL tests on all supported K8s versions
- Added OSV Scanner for Golang Vulnerabilities and Licenses
- Added Trivy scanner for Docker images
Translator
- Added Support for BackendRef HTTP Filters
- Added Support for attaching EnvoyProxy to Gateways
- Added Support for cross-namespace EnvoyProxy reference from GatewayClass
- Added Support for Backend Traffic Policy for UDPRoute and TCPRoute
- Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute
- Added Support for multiple BackendRefs in TCPRoute and UDPRoute
- Added Metrics related to XDS Server, Infra Manager and Controller
- Added Support for PolicyStatus in EnvoyPatchPolicy
- Added Support for Websocket upgrades in HTTP/1 Routes
- Added Support for custom controller name in egctl
- Added Support for BackendTLSPolicy CA Certificate reference to Secret
- Added names to Filter Chains
- Added Support extension server hooks for TCP and UDP listeners
- Added Support for attaching EnvoyProxy resource to Gateways
- Added Support for Exposing Prometheus Port in Rate Limiter Service
- Added Support for Optional Rate Limit Backend Redis
- Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled
- Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain
- Updated Ext-Auth Per-Route config to use filter-specific Config Type
- Updated Overload Manager configuration according to Envoy recommendations by default
- Updated Infrastructure resource management to user Server-Side Apply
- Updated Reflection of Errors in Gateway Status when too many addresses are assigned
- Fixed enforcement of same-namespace for BackendTLSPolicy and target
- Fixed processing all listeners before returning with an error
- Fixed creation of infrastructure resources if there are no listeners
- Fixed use GatewayClass Name for Observability if Merge Gateways is enabled
- Fixed CORS to not forward Not-Matching Preflights to Backends
- Fixed BackendTLSPolicy status to fully conform with PolicyStatus
- Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters
- Fixed Proxy Protocol Filter to always be the first Listener Filter
- Fixed Translation Consistency by sorting Gateways
- Fixed QUIC Listener to only Advertise HTTP/3 over ALPN
- Fixed SNI matching for TCP Routes with TLS termination
- Fixed Reconciliation when EnvoyProxy backendRefs changes
- Fixed Reconciliation when a referenced Secret or ConfigMap changes
- Fixed ReplaceFullPath not working for root path
- Fixed Default Application Protocol to TCP for Zipkin Tracing
- Fixed not appending well-known ports (80, 443) in rediret Location header
Providers
- Bumped K8s Client to v0.30.0
xDS
- Bumped go-control-plane to v0.12.1
Cli
- Added Support for Install and Uninstall Commands to egctl
- Added Support for xRoute and xPolicy in egctl x status
- Added Golang version to Envoy Gateway version command
- Fixed egctl x status gatewayclass example message
4 - v1.0.2
Date: June 12, 2024
Installation
- Updated EnvoyProxy to 1.29.5
- Use Patch API for infra-client
- Use ServerSideApply instead of CreateOrUpdate for infra-client
Testing
- Fixed failures due to an expired certificate in one of the translator tests
Translator
- Use
- for naming service and container ports - Added proxy protocol always as first listenerFilter
- Set ignoreCase for header matchers in extAuth
- Added backend TLS SAN validation
- Fixed ReplaceFullPath not working for root path (/)
Providers
- Fixed duplicated xroutes are added to gatewayapi Resources
- Fixed security policy reference grant from field type
- Fixed Route extension filters with different types but the same name and namespace aren’t correctly cached
- Fixed secrets/configmap updates to trigger a controller reconcile by removing the generationChanged predicate
- Removed namespace restriction for EnvoyProxy parametersRef
5 - v1.0.1
Date: April 9, 2024
Installation
- Updated EnvoyProxy version to v1.29.3
- Fixed certgen to support creating the hmac secret during an upgrade
Translator
- Fixed nil secret in resourceversiontable
- Add missing http filters to the http filter chain when ClientTrafficPolicy and MergeGateways is enabled
- Allow websockets when url rewrite is enabled
- Set the Host header for http health checker
- Fixed double slashes in redirect URL
- Allow ClientTrafficPolicy to attach to multiple http (non https) listeners within the same Gateway
- Set path prefix for the http ext auth service
- Set the route matching precedence order to Exact > RegularExpression > PathPrefix
- Fixed infraIR duplicate port translation for merged gateways
- Set SpawnUpstreamSpan to true
- Allow rate limit to work with multiple listeners
Infra-manager
- Skip creating infra resources when the InfraIR has empty listeners
6 - v1.0.0
Date: March 13, 2024
Documentation
- Added User Guide for Local Ratelimit
- Added User Guide for Circuit Breaker
- Added User Guide for fault injection
- Added User Guide for EnvoyProxy extraArgs
- Added User Guide for Timeouts in ClientTrafficPolicy
- Added User Guide for JWT claim base routing
- Added User Guide for HTTP Timeout
- Added User Guide for Retry in BackendTrafficPolicy
- Added User Guide for Basic Auth
- Added User Guide for OIDC
- Added User Guide for ClientTrafficPolicy
- Added User Guide for BackendTrafficPolicy
- Added User Guide for Basic Auth using HTTPS
- Added User Guide for External Authorization
- Added User Guide for Routing Outside Kubernetes
- Added User Guide for BackendTLSPolicy
- Added User Guide for Mutual TLS from External Clients to the Gateway
- Added User Guide for Control Plane Authentication using custom certs
- Added User Guide for Multiple Gatewayclass and Merge Gateways Deployment Mode
- Added
Typeandrequiredfor CRD API doc - Refactored Structure of User Guide docs
- Refactored Move Design docs under “Get Involved”
- Updated crd-ref-docs to 0.0.10
- Updated Envoy proxy image to envoy:distroless-dev in main
Installation
- Added Support for Pulling envoyGateway image from a private registry
- Added Support for Configuring resources for certgen job
- Added Support for Configuring affinity for EnvoyGateway pod
API
- Added Support for Downstream QUIC/HTTP3 in ClientTrafficPolicy CRD
- Added Support for Downstream MTLS in ClientTrafficPolicy CRD
- Added Support for Enabling EnvoyHeaders in ClientTrafficPolicy CRD
- Added Support for DisableMergeSlash and escapedSlashesAction in ClientTrafficPolicy CRD
- Added Support for EnableTrailers in HTTP/1.1 in ClientTrafficPolicy CRD
- Added Support for Preserving header letter-case on HTTP/1 in ClientTrafficPolicy CRD
- Added Support for Enabling HTTP/1.0 and HTTP/0.9 in ClientTrafficPolicy CRD
- Added Support for Client IP Detection using XFF in ClientTrafficPolicy CRD
- Added Support for Client IP Detection using Custom Header in ClientTrafficPolicy CRD
- Added Support for Connection Timeouts in ClientTrafficPolicy CRD
- Added Support for Common TLS configuration properties in ClientTrafficPolicy CRD
- Added Support for Proxy protocol in ClientTrafficPolicy CRD
- Added Support for TCPKeepAlive in ClientTrafficPolicy CRD
- Added Support for Local rate limit in BackendTrafficPolicy CRD
- Added Support for CircuitBreaker in BackendTrafficPolicy CRD
- Added Support for Fault injection in BackendTrafficPolicy CRD
- Added Support for Passive Health Checks in BackendTrafficPolicy CRD
- Added Support for Active Health Checks in BackendTrafficPolicy CRD
- Added Support for Connection Timeouts in BackendTrafficPolicy CRD
- Added Support for Compressor/Decompressor in BackendTrafficPolicy CRD
- Added Support for Retry in BackendTrafficPolicy CRD
- Added Support for Slow start mode in BackendTrafficPolicy CRD
- Added Support for Proxy protocol in BackendTrafficPolicy CRD
- Added Support for TCPKeepAlive in BackendTrafficPolicy CRD
- Added Support for PolicyStatus in BackendTrafficPolicy CRD
- Added Support for PolicyStatus in ClientTrafficPolicy CRD
- Added Support for PolicyStatus in SecurityPolicy CRD
- Added Support for OIDC in SecurityPolicy CRD
- Added Support for Basic Auth in SecurityPolicy CRD
- Added Support for RedirectURL and signoutPath to OIDC in SecurityPolicy CRD
- Added Support for ExtractFrom headers and params to JWT in SecurityPolicy CRD
- Added Support for External Authorization in SecurityPolicy CRD
- Added Support for RecomputeRoute field to JWT in SecurityPolicy CRD
- Added Support for AllowCredentials knob to CORS setting in SecurityPolicy CRD
- Added Support for Extract from different identifier to JWT in SecurityPolicy CRD
- Added Support for Secret resource in EnvoyPatchPolicy CRD
- Added Support for Making the value optional for JSONPatchOperation in EnvoyPatchPolicy CRD
- Added Support for
Fromfield to JSONPatchOperation in EnvoyPatchPolicy CRD - Added Support for MergeGateways in EnvoyPatchPolicy CRD
- Added Support for Upstream TLS by implementing BackendTLSPolicy CRD
- Added Support for LabelSelector type for NamespaceSelectors in EnvoyGateway Configuration
- Added Support for Ratelimit prometheus in EnvoyGateway Configuration
- Added Support for Gracefully drain listeners before envoy shutdown on pod termination in EnvoyProxy CRD
- Added Support for Configuring externalTrafficPolicy to the envoy service in EnvoyProxy CRD
- Added Support for Envoy extra args in EnvoyProxy CRD
- Added Support for Mergepatch to envoyproxy/ratelimit deployment in EnvoyProxy CRD
- Added Support for Mergepatch to envoyproxy service in EnvoyProxy CRD
- Added Support for NodeSelector to PodSpec in EnvoyProxy CRD
- Added Support for HorizontalPodAutoscaler in EnvoyProxy CRD
- Added Support for TopologySpreadConstraints to PodSpec in EnvoyProxy CRD
- Added Support for ImagePullSecrets to PodSpec in EnvoyProxy CRD
Breaking Changes
- Use wildcard to match AllowOrigins to CORS in SecurityPolicy CRD
- Remove Hostnetwork support in EnvoyProxy CRD
Conformance
- Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic
Testing
- Added e2e test for Header Case-Preserving
- Added e2e test for Timeout in ClientTrafficPolicy
- Added e2e test for JWT claim base routing
- Added e2e test for OIDC
- Added e2e test for BackendTrafficPolicy Retry
- Added e2e test for Backend Upgrade
- Added e2e test for External Authorization
- Added e2e test for Backend TLS policy
- Added e2e test for Envoy Gateway Release Upgrade
- Added e2e test for Weighted backend
- Added validation for LoadBalancerIP to prevent trailing period
Translator
- Fixed Prefix match to prevent mismatching routes with the same prefix
- Fixed Multiple reconciling by implementing comparable interface for ir.Infra
- Fixed EndpointSlice with empty conditions {}
- Fixed Error handling when parsing the http request timeout
- Fixed No status when EnvoyPatchPolicy is disabled
- Fixed Printable for xds and infra IRs
- Fixed Skip backendRefs with weight set to 0
- Fixed AND Header matches in ratelimiting not working
- Fixed Deletion logics when no gatewayclasses exist
- Fixed Match mergedGateways irKey for ClientTrafficPolicy
- Fixed Policies should apply only to gateways they were attached to when mergeGateways is true
- Fixed Listener status is not surfaced for gateways when MergeGateways enabled
- Fixed GRPCroute websocket not working by moving web socket upgrade config from hcm to route
- Fixed Configure idle timeout when timeout is set on HTTPRoute
- Fixed Relaxing HTTPS restriction for OIDC token endpoint
- Fixed Panic when translating routes with empty backends
- Fixed Xds translation should be done in a best-effort manner
- Fixed Delete unused status keys from watchable
- Fixed Ignoring finalizers when comparing envoy proxy service
- Fixed Don’t override the ALPN array if HTTP/3 is enabled
- Fixed Add h3 ALPN by default if HTTP/3 is enabled
- Fixed Change the Merge behavior to Replace for SecurityPolicy/BackendTrafficPolicy
- Fixed Use service port in alt-svc header if HTTP/3 is enabled
- Fixed Prevent policies targeting non-TLS listeners on the same port from conflicting
- Fixed Skip the ReasonTargetNotFound for all policies
- Fixed Skip publishing empty status for all policies
- Added Support for validating regex before sending to Envoy
- Added Support for setting spec.addresses.value into ClusterIP when Service Type is ClusterIP
- Added Unsupported status condition for filters within BackendRef
- Added List instead of map for Provider Resources for order stability
- Added Suffix for oauth cookies to prevent multiple oauth filters from overwriting each other’s cookies
- Added Support for overriding condition to BackendTrafficPolicy and SecurityPolicy
- Added Support for default retry budget and retry host predicate
- Added Support for implementing gateway.spec.infrastructure
- Added Support for Upstream TLS to multiple Backends
- Added Validation for CA Cert in ClientTrafficPolicy
Providers
- Added Support for multiple GatewayClass per controller
- Added SecurityPolicyIndexers in Kubernetes Provider
- Added Support for generating HMAC secret in CertGen Job
- Fixed Finalizer logic when deleting Gatewayclasses
- Fixed MergeGateways panics when restarting control plane
xDS
- Added Support for EDS cache
- Added Support for ADS cache to ensure the rule order
- Fixed Deprecated field error when using RequestHeaderModifier filter
- Fixed Envoy rejects XDS at runtime losing all routes on restart
- Fixed Requests not matching defined routes trigger per-route filters
- Bumped go-control-plane to v0.12.0
Cli
- Added Support for egctl x status
- Added Support for egctl experimental dashboard envoy-proxy
- Added Support for egctl config ratelimit
- Added Support for egctl translate from gateway-api resources to IR
7 - v0.6.0
Date: Nov 1, 2023
Documentation
- Introduced a new website based on Hugo
- Added Grafana dashboards and integration docs for EnvoyProxy metrics
- Added Grafana integration docs for Gateway API metrics
Installation
- Updated EnvoyProxy image to be a distroless variant.
- Removed resources around kube-rbac-proxy
API
- Upgraded to Gateway API v1.0.0
- Added the ClientTrafficPolicy CRD with Keep Alive Support
- Added the BackendTrafficPolicy CRD with RateLimit and LoadBalancer Support
- Added the SecurityPolicy CRD with CORS and JWT Support
- Added EnvoyGateway Metrics with Prometheus and OpenTelemetry support
- Added Support for InitContainers in EnvoyProxy CRD
- Added Support for LoadBalancerIP in EnvoyProxy CRD
- Added Support for AllocateLoadBalancerNodePorts in EnvoyProxy CRD
- Added Support for LoadBalancerClass in EnvoyProxy CRD
- Added Support for selecting EnvoyProxy stats to be generated
- Added Support for enabling EnvoyProxy Virtual Host metrics
- Added Support for Merging Gateway resources onto the same infrastructure
Breaking Changes
- Removed the AuthenticationFilter CRD
- Removed the RateLimitFilter CRD
- Moved EnvoyProxy CRD from
config.gateway.envoyproxy.iotogateway.envoyproxy.io - Enabled EnvoyProxy Prometheus Endpoint by default with an option to disable it
- Updated the Bootstrap field within the EnvoyProxy CRD with an additional value
- field to specify bootstrap config
Conformance
- Added Support for HTTPRouteBackendProtocolH2C Test
- Added Support for HTTPRouteBackendProtocolWebSocket Test
- Added Support for HTTPRouteRequestMultipleMirrors Test
- Added Support for HTTPRouteTimeoutRequest Test
- Added Support for HTTPRouteTimeoutBackendRequest Test
- Added Support for HTTPRouteRedirectPortAndScheme Test
Watchable
- Improved caching of resource by implementing a compare function agnostic of resource order
Translator
- Added support for routing to EndpointSlice endpoints
- Added support for HTTPRoute Timeouts
- Added support for multiple RequestMirror filters per HTTPRoute rule
- Use / instead of - in IR Route Names
- Added Support to ignore ports in Host header
Providers
- Added the generationChangedPredicate to most resources to limit resource reconiliation
- Improved reconiliation by using the same enqueue request for all resources
- Added support for reconciling ServiceImport CRD
- Added support for selectively watching resources based on Namespace Selector
xDS
- Fixed Layered Runtime warnings
- Upgraded to the latest version of go-control-plane that fixed xDS Resource ordering issues for ADS.
- Added HTTP2 Keep Alives to the xds connection
Cli
- Added Support for egctl stats command
8 - v1.0.0-rc.1
Date: Nov 1, 2023
Documentation
- Added User Guide for local rate limit
- Added User Guide for circuit breaker
- Added User Guide for fault injection
- Added User Guide for EnvoyProxy extraArgs
- Added User Guide for Timeouts in ClientTrafficPolicy
- Added User Guide for JWT claim base routing
- Added User Guide for HTTP Timeout
- Added User Guide for Retry in BackendTrafficPolicy
- Added User Guide for basic auth
- Added User Guide for OIDC
- Added User Guide for ClientTrafficPolicy
- Added User Guide for BackendTrafficPolicy
- Added
Typeandrequiredfor CRD API doc - Updated crd-ref-docs to 0.0.10
- Updated Envoy proxy image to envoy:distroless-dev in main
Installation
- Added Support for Pulling envoyGateway image from a private registry
- Added Support for Configuring resources for certgen job
- Added Support for Configuring affinity for EnvoyGateway pod
API
- Added Support for Downstream QUIC/HTTP3 in ClientTrafficPolicy CRD
- Added Support for Downstream MTLS in ClientTrafficPolicy CRD
- Added Support for enabling EnvoyHeaders in ClientTrafficPolicy CRD
- Added Support for DisableMergeSlash and escapedSlashesAction in ClientTrafficPolicy CRD
- Added Support for EnableTrailers in HTTP/1.1 in ClientTrafficPolicy CRD
- Added Support for Preserving header letter-case on HTTP/1 in ClientTrafficPolicy CRD
- Added Support for enabling HTTP/1.0 and HTTP/0.9 in ClientTrafficPolicy CRD
- Added Support for Client IP Detection using XFF in ClientTrafficPolicy CRD
- Added Support for Client IP Detection using Custom Header in ClientTrafficPolicy CRD
- Added Support for Connection Timeouts in ClientTrafficPolicy CRD
- Added Support for Common TLS configuration properties in ClientTrafficPolicy CRD
- Added Support for Proxy protocol in ClientTrafficPolicy CRD
- Added Support for TCPKeepAlive in ClientTrafficPolicy CRD
- Added Support for Local rate limit in BackendTrafficPolicy CRD
- Added Support for CircuitBreaker in BackendTrafficPolicy CRD
- Added Support for Fault injection in BackendTrafficPolicy CRD
- Added Support for Passive Health Checks in BackendTrafficPolicy CRD
- Added Support for Active Health Checks in BackendTrafficPolicy CRD
- Added Support for Connection Timeouts in BackendTrafficPolicy CRD
- Added Support for Compressor/Decompressor in BackendTrafficPolicy CRD
- Added Support for Retry in BackendTrafficPolicy CRD
- Added Support for Slow start mode in BackendTrafficPolicy CRD
- Added Support for Proxy protocol in BackendTrafficPolicy CRD
- Added Support for TCPKeepAlive in BackendTrafficPolicy CRD
- Added Support for OIDC in SecurityPolicy CRD
- Added Support for Basic Auth in SecurityPolicy CRD
- Added Support for RedirectURL and signoutPath to OIDC in SecurityPolicy CRD
- Added Support for ExtractFrom headers and params to JWT in SecurityPolicy CRD
- Added Support for External authorization in SecurityPolicy CRD
- Added Support for RecomputeRoute field to JWT in SecurityPolicy CRD
- Added Support for AllowCredentials knob to CORS setting in SecurityPolicy CRD
- Added Support for Extract from different identifier to JWT in SecurityPolicy CRD
- Added Support for Secret resource in EnvoyPatchPolicy CRD
- Added Support for Making the value optional for JSONPatchOperation in EnvoyPatchPolicy CRD
- Added Support for
Fromfield to JSONPatchOperation in EnvoyPatchPolicy CRD - Added Support for MergeGateways in EnvoyPatchPolicy CRD
- Added Support for Upstream TLS by implementing BackendTLSPolicy CRD
- Added Support for LabelSelector type for NamespaceSelectors in EnvoyGateway Configuration
- Added Support for ratelimit prometheus in EnvoyGateway Configuration
- Added Support for Gracefully drain listeners before envoy shutdown on pod termination in EnvoyProxy CRD
- Added Support for Configuring externalTrafficPolicy to the envoy service in EnvoyProxy CRD
- Added Support for Envoy extra args in EnvoyProxy CRD
- Added Support for Mergepatch to envoyproxy/ratelimit deployment in EnvoyProxy CRD
- Added Support for Mergepatch to envoyproxy service in EnvoyProxy CRD
- Added Support for NodeSelector to PodSpec in EnvoyProxy CRD
- Added Support for HorizontalPodAutoscaler in EnvoyProxy CRD
- Added Support for TopologySpreadConstraints to PodSpec in EnvoyProxy CRD
- Added Support for ImagePullSecrets to PodSpec in EnvoyProxy CRD
Breaking Changes
- Use wildcard to match AllowOrigins to CORS in SecurityPolicy CRD
Conformance
- Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic
Testing
- Added e2e test for header case-preserving
- Added LoadBalancerIP validation to prevent trailing period
- Added e2e test for Timeout in ClientTrafficPolicy
- Added e2e test for jwt claim base routing
- Added e2e test for OIDC
- Added e2e test for BackendTrafficPolicy Retry
Translator
- Fixed Prefix match to prevent mismatching routes with the same prefix
- Fixed Multiple reconciling by implementing comparable interface for ir.Infra
- Fixed EndpointSlice with empty conditions {}
- Fixed Error handling when parsing the http request timeout
- Fixed No status when EnvoyPatchPolicy is disabled
- Fixed Printable for xds and infra IRs
- Fixed Skip backendRefs with weight set to 0
- Fixed AND Header matches in ratelimiting not working
- Fixed Deletion logics when no gatewayclasses exist
- Fixed Match mergedGateways irKey for ClientTrafficPolicy
- Fixed Policies should apply only to gateways they were attached to when mergeGateways is true
- Fixed Listener status is not surfaced for gateways when MergeGateways enabled
- Fixed GRPCroute websocket not working by moving web socket upgrade config from hcm to route
- Fixed Configure idle timeout when timeout is set on HTTPRoute
- Fixed Relaxing HTTPS restriction for OIDC token endpoint
- Fixed Panic when translating routes with empty backends
- Fixed Xds translation should be done in a best-effort manner
- Added Support for validating regex before sending to Envoy
- Added Support for setting spec.addresses.value into ClusterIP when Service Type is ClusterIP
- Added Unsupported status condition for filters within BackendRef
- Added List instead of map for Provider Resources for order stability
- Added Suffix for oauth cookies to prevent multiple oauth filters from overwriting each other’s cookies
- Added Support for overriding condition to BackendTrafficPolicy and SecurityPolicy
- Added Support for default retry budget and retry host predicate
- Added Support for implementing gateway.spec.infrastructure
- Added Validation for CA Cert in ClientTrafficPolicy
Providers
- Added Support for multiple GatewayClass per controller
- Added SecurityPolicyIndexers in Kubernetes Provider
- Added Support for generating HMAC secret in CertGen Job
- Fixed Finalizer logic when deleting Gatewayclasses
- Fixed MergeGateways panics when restarting control plane
xDS
- Added Support for EDS cache
- Added Support for ADS cache to ensure the rule order
- Fixed Deprecated field error when using RequestHeaderModifier filter
- Fixed Envoy rejects XDS at runtime losing all routes on restart
- Fixed Requests not matching defined routes trigger per-route filters
- Bumped go-control-plane to v0.12.0
Cli
- Added Support for egctl x status
- Added Support for egctl experimental dashboard envoy-proxy
- Added Support for egctl config ratelimit
9 - v0.6.0-rc.1
Date: Oct 27, 2023
Documentation
- Introduced a new website based on Hugo
- Added Grafana dashboards and integration docs for EnvoyProxy metrics
- Added Grafana integration docs for Gateway API metrics
Installation
- Added Support for configuring Envoy Gateway Label and Annotations using Helm
- Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
- Fixes Helm values for EnvoyGateway startup configuration
- Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.
API
- Upgraded to Gateway API v1.0.0
- Added the ClientTrafficPolicy CRD with Keep Alive Support
- Added the BackendTrafficPolicy CRD with RateLimit and LoadBalancer Support
- Added the SecurityPolicy CRD with CORS and JWT Support
- Added EnvoyGateway Metrics with Prometheus and OpenTelemetry support
- Added Support for InitContainers in EnvoyProxy CRD
- Added Support for LoadBalancerIP in EnvoyProxy CRD
- Added Support for AllocateLoadBalancerNodePorts in EnvoyProxy CRD
- Added Support for LoadBalancerClass in EnvoyProxy CRD
- Added Support for selecting EnvoyProxy stats to be generated
- Added Support for enabling EnvoyProxy Virtual Host metrics
- Added Support for Merging Gateway resources onto the same infrastructure
Breaking Changes
- Removed the AuthenticationFilter CRD
- Removed the RateLimitFilter CRD
- Enabled EnvoyProxy Prometheus Endpoint by default with an option to disable it
- Updated the Bootstrap field within the EnvoyProxy CRD with an additional value
- field to specify bootstrap config
Ci tooling testing
Conformance
Watchable
- Improved caching of resource by implementing a compare function agnostic of resource order
Translator
Breaking Changes
- Added support for routing to EndpointSlice endpoints
- Added support for HTTPRoute Timeouts
- Added support for multiple RequestMirror filters per HTTPRoute rule
- Use / instead of - in IR Route Names
- Added Support to ignore ports in Host header
Providers
- Added the generationChangedPredicate to most resources to limit resource reconiliation
- Improved reconiliation by using the same enqueue request for all resources
- Added support for reconciling ServiceImport CRD
- Added support for selectively watching resources based on Namespace Selector
xDS
- Fixed Layered Runtime warnings
- Upgraded to the latest version of go-control-plane that fixed xDS Resource ordering issues for ADS.
- Added HTTP2 Keep Alives to the xds connection
Cli
- Added Support for egctl stats command
10 - v0.5.0
Date: July 26, 2023
Documentation
- Added Docs for Installation page using Helm
- Added Docs for Cert Manager Integration
- Added Docs for Presentation Links
- Added Docs for configuring multiple TLS Certificates per Listener
Installation
- Added Support for configuring Envoy Gateway Label and Annotations using Helm
- Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
- Fixes Helm values for EnvoyGateway startup configuration
- Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.
API
- Upgraded to Gateway API v0.7.1
- Added Support for EnvoyPatchPolicy
- Added Support for EnvoyProxy Telemetry - Access Logging, Traces and Metrics
- Added Support for configuring EnvoyProxy Pod Labels
- Added Support for configuring EnvoyProxy Deployment Strategy Settings, Volumes and Volume Mounts
- Added Support for configuring EnvoyProxy as a NodePort Type Service
- Added Support for Distinct RateLimiting for IP Addresses
- Added Support for converting JWT Claims to Headers, to be used for RateLimiting
- Added Admin Server for Envoy Gateway
- Added Pprof Debug Support for Envoy Gateway
- Added Support to Watch for Resources in Select Namespaces
Breaking Changes
- Renamed field in EnvoyGateway API from Extension to ExtensionManager
Ci tooling testing
- Added Retest Github Action
- Added CherryPick Github Action
- Added E2E Step in Github CI Workflow
- Added RateLimit E2E Tests
- Added JWT Claim based RateLimit E2E Tests
- Added Access Logging E2E tests
- Added Metrics E2E tests
- Added Tracing E2E tests
Conformance
- Enabled GatewayWithAttachedRoutes Test
- Enabled HttpRouteRequestMirror Test
- Skipped HTTPRouteRedirectPortAndScheme Test
Translator
Breaking Changes
- Renamed IR resources from
- to / - which also affects generated Xds Resources
Providers
- Reconcile Node resources to be able to compute Status Addresses for Gateway
- Discard Status before publishing Provider resources to reduce memory consumption
xDS
- Fix Init Race in Xds Runner when starting Xds Server and receiving Xds Input
- Switched to Xds SOTW Server for RateLimit Service Configuration
- Added Control Plane TLS between EnvoyProxy and RateLimit Service
- Enabled adding RateLimit Headers when RateLimit is set
- Allowed GRPCRoute and HTTPRoute to be linked to the same HTTPS Listener
- Set ALPN in the Xds Listener with TLS enabled.
- Added Best Practices Default Edge Settings to Xds Resources
- Compute and Publish EnvoyPatchPolicy status from xds-translator runner
Cli
- Added egctl x translate Support to generate default missing Resources
- Added egctl x translate Support for AuthenticationFilter and EnvoyPatchPolicy
11 - v0.5.0-rc.1
Date: July 26, 2023
Documentation
- Added Docs for Installation page using Helm
- Added Docs for Cert Manager Integration
- Added Docs for Presentation Links
- Added Docs for configuring multiple TLS Certificates per Listener
Installation
- Added Support for configuring Envoy Gateway Label and Annotations using Helm
- Increased default Resource defaults for Envoy Gateway to 100m CPU and 256Mi Memory
- Fixes Helm values for EnvoyGateway startup configuration
- Added opt-in field to skip creating control plane TLS Certificates allowing users to bring their own certificates.
API
- Upgraded to Gateway API v0.7.1
- Added Support for EnvoyPatchPolicy
- Added Support for EnvoyProxy Telemetry - Access Logging, Traces and Metrics
- Added Support for configuring EnvoyProxy Pod Labels
- Added Support for configuring EnvoyProxy Deployment Strategy Settings, Volumes and Volume Mounts
- Added Support for configuring EnvoyProxy as a NodePort Type Service
- Added Support for Distinct RateLimiting for IP Addresses
- Added Support for converting JWT Claims to Headers, to be used for RateLimiting
- Added Admin Server for Envoy Gateway
- Added Pprof Debug Support for Envoy Gateway
- Added Support to Watch for Resources in Select Namespaces
Breaking Changes
- Renamed field in EnvoyGateway API from Extension to ExtensionManager
Ci tooling testing
- Added Retest Github Action
- Added CherryPick Github Action
- Added E2E Step in Github CI Workflow
- Added RateLimit E2E Tests
- Added JWT Claim based RateLimit E2E Tests
- Added Access Logging E2E tests
- Added Metrics E2E tests
- Added Tracing E2E tests
Conformance
- Enabled GatewayWithAttachedRoutes Test
- Enabled HttpRouteRequestMirror Test
- Skipped HTTPRouteRedirectPortAndScheme Test
Translator
Breaking Changes
- Renamed IR resources from
- to / - which also affects generated Xds Resources
Providers
- Reconcile Node resources to be able to compute Status Addresses for Gateway
- Discard Status before publishing Provider resources to reduce memory consumption
xDS
- Fix Init Race in Xds Runner when starting Xds Server and receiving Xds Input
- Switched to Xds SOTW Server for RateLimit Service Configuration
- Added Control Plane TLS between EnvoyProxy and RateLimit Service
- Enabled adding RateLimit Headers when RateLimit is set
- Allowed GRPCRoute and HTTPRoute to be linked to the same HTTPS Listener
- Set ALPN in the Xds Listener with TLS enabled.
- Added Best Practices Default Edge Settings to Xds Resources
- Compute and Publish EnvoyPatchPolicy status from xds-translator runner
Cli
- Added egctl x translate Support to generate default missing Resources
- Added egctl x translate Support for AuthenticationFilter and EnvoyPatchPolicy
12 - v0.4.0
Date: April 24, 2023
Documentation
- Added Docs for Installing and Using egctl
Installation
- Added Helm Installation Support
- Added Support for Ratelimiting Based On IP Subnet
- Added Gateway API Support Doc
- Added Namespace Resource to Helm Templates
- Updated Installation Yaml to Use the envoy-gateway-system Namespace
API
- Upgraded to Gateway API v0.6.2
- Added Support for Custom Envoy Proxy Bootstrap Config
- Added Support for Configuring the Envoy Proxy Image and Service
- Added Support for Configuring Annotations, Resources, and Securitycontext Settings on Ratelimit Infra and Envoy Proxy
- Added Support for Using Multiple Certificates on a Single Fully Qualified Domain Name
- Gateway Status Address is now Populated for ClusterIP type Envoy Services
- Envoy Proxy Pod and Container SecurityContext is now Configurable
- Added Custom Envoy Gateway Extensions Framework
- Added Support for Service Method Match in GRPCRoute
- Fixed a Bug in the Extension Hooks for xDS Virtual Hosts and Routes
Ci tooling testing
- Fixed CI Flakes During Helm Install
- Added Test To Ensure Static xDS Cluster Has Same Field Values as Dynamic Cluster
- Added egctl to Build and Test CI Workflow
- Code Coverage Thresholds are now Enforced by CI
- Fixed latest-release-check CI Job Failures
- Added Auto Release Tooling for Charts
Conformance
- Enabled GatewayWithAttachedRoutes Test
- Enabled Enable HTTPRouteInvalidParentRefNotMatchingSectionName Test
- Enabled Enable HTTPRouteDisallowedKind Test
- Re-Enabled Gateway/HTTPRouteObservedGenerationBump Test
Translator
- Added Support for Dynamic GatewayControllerName in Route Status
Providers
- Update GatewayClass Status Based on EnvoyProxy Config Validation
xDS
- Added EDS Support
- Fixed PathSeparatedPrefix and Optimized Logic for Prefixes Ending With Trailing Slash
- Updated Deprecated RegexMatcher
- Refactored Authn and Ratelimit Features to Reuse buildXdsCluster
Cli
- Added egctl CLI Tool
- Added egctl Support for Dry Runs of Gateway API Config
- Added egctl Support for Dumping Envoy Proxy xDS Resources
13 - v0.4.0-rc.1
Date: April 13, 2023
Documentation
- Added Docs for Installing and Using egctl
Installation
- Added Helm Installation Support
- Added Support for Ratelimiting Based On IP Subnet
- Added Gateway API Support Doc
API
- Upgraded to Gateway API v0.6.2
- Added Support for Custom Envoy Proxy Bootstrap Config
- Added Support for Configuring the Envoy Proxy Image and Service
- Added Support for Configuring Annotations, Resources, and Securitycontext Settings on Ratelimit Infra and Envoy Proxy
- Added Support for Using Multiple Certificates on a Single Fully Qualified Domain Name
- Gateway Status Address is now Populated for ClusterIP type Envoy Services
- Envoy Proxy Pod and Container SecurityContext is now Configurable
- Added Custom Envoy Gateway Extensions Framework
- Added Support for Service Method Match in GRPCRoute
Ci tooling testing
- Fixed CI Flakes During Helm Install
- Added Test To Ensure Static xDS Cluster Has Same Field Values as Dynamic Cluster
- Added egctl to Build and Test CI Workflow
- Code Coverage Thresholds are now Enforced by CI
- Fixed latest-release-check CI Job Failures
- Added Auto Release Tooling for Charts
Conformance
- Enabled GatewayWithAttachedRoutes Test
- Enabled Enable HTTPRouteInvalidParentRefNotMatchingSectionName Test
- Enabled Enable HTTPRouteDisallowedKind Test
- Re-Enabled Gateway/HTTPRouteObservedGenerationBump Test
Translator
- Added Support for Dynamic GatewayControllerName in Route Status
Providers
- Update GatewayClass Status Based on EnvoyProxy Config Validation
xDS
- Added EDS Support
- Fixed PathSeparatedPrefix and Optimized Logic for Prefixes Ending With Trailing Slash
- Updated Deprecated RegexMatcher
- Refactored Authn and Ratelimit Features to Reuse buildXdsCluster
Cli
- Added egctl CLI Tool
- Added egctl Support for Dry Runs of Gateway API Config
- Added egctl Support for Dumping Envoy Proxy xDS Resources
14 - v0.3.0
Date: February 09, 2023
Documentation
- Added Global Rate Limit User Docs
- Added Request Authentication User Docs
- Added TCP Routing User Docs
- Added UDP Routing User Docs
- Added GRPC Routing User Docs
- Added HTTP Response Headers User Docs
- Added TCP and UDP Proxy Design Docs
- Added egctl Design Docs
- Added Rate Limit Design Docs
- Added Request Authentication Design Docs
- Added Support for Versioned Docs
- Added Support for Multiple Release Versions
- Added Release Details Docs
- Added API Docs Generating Tooling
- Refactored Layout for User Docs
API
- Upgraded to v0.6.1 Gateway API
- Added Support for the TCPRoute API
- Added Support for the UDPRoute API
- Added Support for the GRPCRoute API
- Added Support for HTTPRoute URLRewrite Filter
- Added Support for HTTPRoute RequestMirror Filter
- Added Support for HTTPRoute ResponseHeaderModifier Filter
- Added Support for Request Authentication
- Added Support for Global Rate Limiting
- Added Support for Routes ReferenceGrant
- Added Support for Namespace Server Config Type
- Added initial management of Envoy Proxy deployment via EnvoyProxy API
Ci tooling testing
- Fixed Make Image Failed in Darwin
- Fixed Wait for Job Succeeded before conformance test
- Upgraded Echoserver Image Tag
- Added Support for User-Facing Version
- Added Support for Testing EG against Multiple Kubernetes Versions
Conformance
- Enabled GatewayClassObservedGenerationBump conformance test
- Enabled GatewayInvalidTLSConfiguration conformance test
- Enabled GatewayInvalidRouteKind conformance test
- Enabled HTTPRouteReferenceGrant conformance test
- Enabled HTTPRouteMethodMatching conformance test
- Enabled HTTPRoutePartiallyInvalidViaInvalidReferenceGrant conformance test
- Enabled HTTPRouteInvalidParentRefNotMatchingListenerPort conformance test
- (Currently EG passes all conformance tests except redirect and gateway/httproute ObservedGenerationBump tests. Redirect tests are failing due to a possible issue with the way upstream conformance tests have made assumptions. Skip them for now until below issues #992 #993 #994 are resolved)
IR
- Added TCP Listener per TLSRoute
Translator
- Fixes Remove Stale Listener Condition
- Added Support for Suffix Matches for Headers
- Added Support for HTTP Method Matching to HTTPRoute
- Added Support for Regex Match Type
- Added Support for HTTPQueryParamMatch
Providers
- Refactored Kubernetes Provider to Single Reconciler
- Upgraded Kube Provider Test Data Manifests to v0.6.1
- Removed Duplicate Settings from Bootstrap Config
- Updated Certgen to Use EG Namespace Env
- Added EnvoyProxy to Translator and Kube Infra Manager
- Upgraded Envoyproxy Image to envoy-dev latest in Main
- Removed EG Logs Private Key
xDS
- Fixed Start xDS Server Watchable Map Panics
- Enabled Access Logging for xDS Components
15 - v0.3.0-rc.1
Date: February 02, 2023
Documentation
- Added Support for Multiple Release Versions
- Added Support for Versioned Docs
- Added Release Details Docs
- Refactored Layout for User Docs
API
- Upgraded to v0.6.0 Gateway API
- Added Support for the TCPRoute API
- Added Support for the UDPRoute API
- Added Support for the GRPCRoute API (Add to the ListenerStatus.SupportedKinds Field until https://github.com/envoyproxy/gateway/issues/950 is fixed.)
- Added Support for HTTPRoute URLRewrite Filter
- Added Support for HTTPRoute RequestMirror Filter
- Added Support for HTTPRoute ResponseHeaderModifier Filter
- Added APIs to Manage Envoy Deployment
- Added Support for Request Authentication
- Added Support for Global Rate Limiting
- Added Support for Routes ReferenceGrant
- Added Support for Namespace Server Config Type
Ci tooling testing
- Fixes Make Image Failed in Darwin
- Fixes Wait for Job Succeeded before conformance test
- Upgraded Echoserver Image Tag
- Added Support for User-Facing Version
- Added Support for Testing EG against Multiple Kubernetes Versions
Conformance
- Enabled HTTPRouteInvalidParentRefNotMatchingListenerPort conformance test
- Enabled GatewayInvalidTLSConfiguration conformance test
- Enabled GatewayInvalidRouteKind conformance test
- Enabled HTTPRoutePartiallyInvalidViaInvalidReferenceGrant conformance test
- Enabled HTTPRouteReferenceGrant conformance test
- Enabled HTTPRouteMethodMatching conformance test
IR
- Added TCP Listener per TLSRoute
Translator
- Fixes Remove Stale Listener Condition
- Added Support for Suffix Matches for Headers
- Added Support for HTTP Method Matching to HTTPRoute
- Added Support for Regex Match Type
- Added Support for HTTPQueryParamMatch
Providers
- Refactored Kubernetes Provider to Single Reconciler
- Upgraded Kube Provider Test Data Manifests to v0.6.0
- Removed Duplicate Settings from Bootstrap Config
- Updated Certgen to Use EG Namespace Env
- Added EnvoyProxy to Translator and Kube Infra Manager
- Upgraded Envoyproxy Image to envoy-dev latest in Main
- Removed EG Logs Private Key
xDS
- Fixed Start xDS Server Watchable Map Panics
- Enabled Access Logging for xDS Components
16 - v0.2.0
Date: October 19, 2022
Documentation
- Added Config API, translator, roadmap, and message bus design documentation.
- Added documentation for releasing Envoy Gateway.
- Added user guides for configuring common tasks, e.g. HTTP request routing.
- Added support for the Sphinx documentation generator.
API
- Added the EnvoyGateway API type for configuring Envoy Gateway.
- Added the EnvoyProxy API type for configuring managed Envoys.
Ci tooling testing
- Added tooling to build, run, etc. Envoy Gateway.
- Added Gateway API conformance tests.
- Added Make-based tooling to fetch all tools so checks (code lint, spellchecks) and tests can be run locally.
- Added support for releasing latest artifacts to GitHub.
- Added code coverage with a minimum 60% threshold.
IR
- Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway.
- Added IR validation.
Translator
- Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage the
- status of Gateway API resources.
- Added the xDS translator to translate the xds IR to xDS resources.
Message-service
- Added infra and xds IR watchable map messages for inter-component communication.
- Added a Runner to each Envoy Gateway component to support pub/sub between components.
- Added support for managing multiple separate Envoy proxy fleets.
Infra-manager
- Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster.
- Added support for managing a separate Envoy infrastructure per Gateway.
Providers
- Added the Kubernetes provider with support for managing GatewayClass, Gateway, HTTPRoute, ReferenceGrant, and
- TLSRoute resources.
- Due to Issue #539, a ReferenceGrant is not removed from the system when unreferenced.
- Due to Issue #577, TLSRoute is not being tested for Gateway API conformance.
- Added watchers for dependent resources of managed Envoy infrastructure to trigger reconciliation.
- Added support for labeling managed infrastructure using Gateway namespace/name labels.
- Added support for finalizing the managed GatewayClass.
xDS
- Added xDS server support to configure managed Envoys using Delta xDS.
- Added initial support for mTLS between the xDS server and managed Envoys.
- Due to envoyproxy/go-control-plane Issue #599, Envoy Gateway logs the private key of HTTPS listeners.
17 - v0.2.0-rc2
Date: September 29, 2022
Documentation
- Updated and expanded developer documentation.
- Added
kube-demotarget to demonstrate Envoy Gateway functionality. - Added developer debugging documentation.
Ci
- Added Gateway API conformance tests.
Providers
- Added watchers for dependent resources of managed Envoy infrastructure.
- Added Gateway namespace/name labels to managed resources.
- Added support for finalizing the managed GatewayClass.
xDS
- Updated xds server and Envoy bootstrap config to use Delta xDS.
- Added initial support for mTLS between the xDS server and Envoy.
Translator
- Expanded support for Gateway API status.
- Added support for request modifier and redirect filters.
- Added support to return 500 responses for invalid backends.
Message service
- Updated IRs to support managing multiple Envoy fleets.
Infra manager
- Separate Envoy infrastructure is created per Gateway.
18 - v0.2.0-rc1
Date: August 31, 2022
Documentation
- Added a quickstart guide for users to run and use Envoy Gateway.
API
- Added the EnvoyGateway API type for configuring Envoy Gateway.
- Added the EnvoyProxy API type for configuring managed Envoys.
Ci
- Added tooling to build, run, etc. Envoy Gateway.
Providers
- Added the Kubernetes provider.
xDS
- Added xDS server to configure managed Envoys.
IR
- Added xds and infra IRs to decouple user-facing APIs from Envoy Gateway.
- Added IR validation.
Translator
- Added the gatewayapi translator to translate Gateway API and associated resources to the IR and manage
- Gateway API status.
Message service
- Added infra and xds IR watchable map messages for inter-component communication.
- Added a Runner to each component to support pub/sub between components.
Infra manager
- Added Kubernetes Infra Manager to manage Envoy infrastructure running in a Kubernetes cluster.