v1.1.0-rc.1

8 minute read

Date: July 8, 2024

Documentation

Added Performance Benchmarking Document
Added User Guide for Zipkin Tracing
Added User Guide for Customizing Ordering of Filters
Added User Guide for External Processing Filter in EnvoyExtensionPolicy
Added User Guide for installation of egctl with brew
Added User Guide for Client Buffer Size Limit
Added User Guide for Client Idle Timeout
Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides
Added User Guide for Backend resource
Added GA Blog Post
Added Threat Model
Added Adopters section to docs
Added User Guide and Dashboards for Control Plane and Resource Observability
Added User Guide for Connection Limits in ClientTrafficPolicy
Added User Guide on using Private Key Provider
Added Design Doc for Authorization
Added Design Doc for XDS Metadata
Added Design Doc for Backend resource
Added Design Doc for Control Plane Observability
Added Design Doc for EnvoyExtensionPolicy
Added Design Doc for External Processing in EnvoyExtensionPolicy
Updated Access Logging User Guide to include filtering with CEL Expression
Updated Access Logging User Guide to include Metadata
Updated Development Guide to require Golang 1.22
Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource
Updated Site to reflect GA status
Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef
Updated Observability User Guides to use gateway-addons-helm
Updated Gateway-API User Guide to reflect support for BackendRef filters
Updated HTTP Timeouts User Guide to highlight default Envoy timeouts
Updated Installation Guide to use server-side apply
Updated Installation Guide to refer to values.yaml docs
Updated BackendTLSPolicy User Guide to GW-API v1.1.0
Updated User Guides to use tabs when applying yaml from file or stdin
Updated OIDC User Guide to use HTTPS redirect URLs
Updated Order of versions in Site
Updated Extensbility User Gudie to use yaml-format patches
Updated Quickstart Guide to include next steps
Updated CRD docs to include enum values
Updated Extensibility User Guide with Envoy Patch Policy examples
Updated structure of docs: rename Guides to Tasks, move Contribution
Updated Support Matrix
Updated egctl x status docs for xRoute and xPolicy
Updated egctl User Guide with Install and Uninstall commands
Updated GRPCRoute docs to use v1 instead of v1alpha2
Fixed Rate Limiting User Guide to use correct CIDR matcher type names
Fixed User Guide for JWT-based routing
Fixed JSON Access Log Example
Use linkinator to detect dead links in docs
Use helm-docs to generate chart docs
Support Not-Implemented-Hide marker in API docs

Installation

Added new gateway-addons-helm chart for Observability
Added support for global image settings for all images in Envoy Gateway helm chart
Added Support for PodDistruptionBudget for Envoy Gateway
Added Support for TopologySpreadConstraints for Envoy Gateway
Added Support for Tolerations for Envoy Gateway
Added Support for Ratelimit image pull secrets and pull policy
Updated ttlSecondsAfterFinished on certgen job to 30 by default
Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts
Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service

API

Added Support for Gateway-API v1.1.0
Added new Backend CRD
Added new EnvoyExtensionPolicy CRD
Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs
Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs
Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config
Added Support for Custom ShutDownManager Image in EnvoyGateway Config
Added Support for Leader Election in EnvoyGateway Config
Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config
Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD
Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD
Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD
Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD
Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD
Added Support for Rate Limiting Tracing in EnvoyProxy CRD
Added Support for Routing to Service IP in EnvoyProxy CRD
Added Support for Access Log CEL filters in EnvoyProxy CRD
Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD
Added Support for Zipkin Tracing in EnvoyProxy CRD
Added Support for using the Listener port as a the Container port in EnvoyProxy CRD
Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD
Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD
Added Support for Backend TLS Settings in EnvoyProxy CRD
Added Support for HTTP Filter Ordering in EnvoyProxy CRD
Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD
Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD
Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD
Added Support for Per-Endpoint stats in EnvoyProxy CRD
Added Support for Targeting SectionNames in ClientTrafficPolicy CRD
Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD
Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD
Added Support for HTTP/2 settings in ClientTrafficPolicy CRD
Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD
Added Support for HTTP Health Check in ClientTrafficPolicy CRD
Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD
Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD
Added Support for XFCC header processing in ClientTrafficPolicy CRD
Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD
Added Support for IdleTimeout in ClientTrafficPolicy CRD
Added Support for Connection Limits in ClientTrafficPolicy CRD
Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD
Added Support for Optionally requiring a JWT in SecurityPolicy CRD
Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD
Added Support for Authorization in SecurityPolicy CRD
Added Support for Ext-Auth failOpen in SecurityPolicy CRD
Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD
Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD
Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD
Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD
Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD
Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy
Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD
Added Support for Wasm extension in EnvoyExtensionPolicy CRD
Added Support for External Processing extension in EnvoyExtensionPolicy CRD
Removed Status Print Column from xPolicy CRDs

Breaking Changes

Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources

Deprecations

xPolicy targetRef is deprecated, use targetRefs instead
SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead
OpenTelemetry Proxy Access Log Host and Port are deprecated, use backendRefs instead
OpenTelemetry Proxy Metrics Sink Host and Port are deprecated, use backendRefs instead
Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead
Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead

Conformance

Added Supported Features to Gateway Class

Testing

Added performance benchmarking test
Added e2e test for Zipking Tracing
Added e2e test for HTTP Health Checks
Added e2e test for CEL Access Log Filter
Added e2e test for GRPC Access Log Service Sink
Added e2e test for XDS Metadata
Added e2e test for Wasm from OCI Images and HTTP Source
Added e2e test for Service IP Routing
Added e2e test for Multiple GatewayClasses
Added e2e test for HTTP Full Path rewrite
Added e2e test for Backend API
Added e2e test for Backend TLS Settings
Added e2e test for disabling X-RateLimit Headers
Added e2e test for Authorization
Added e2e test for BackendRefs in Ext-Auth
Added e2e test for Using Client Protocol in Upstream Connection
Added e2e test for Backend Client Cert Authentication
Added e2e test for External Processing Filter
Added e2e test for Merge Gateways Feature
Added e2e test for Option JWT authentication
Added e2e test for Infrastructure using Server-Side Apply
Added e2e test for Connection Limits
Added e2e test for Envoy Graceful Shutdown
Updated e2e test for Limit to cover multiple listeners
Updated e2e test for CORS to not require access-control-expose-headers
Run CEL tests on all supported K8s versions
Added OSV Scanner for Golang Vulnerabilities and Licenses
Added Trivy scanner for Docker images

Translator

Added Support for BackendRef HTTP Filters
Added Support for attaching EnvoyProxy to Gateways
Added Support for cross-namespace EnvoyProxy reference from GatewayClass
Added Support for Backend Traffic Policy for UDPRoute and TCPRoute
Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute
Added Support for multiple BackendRefs in TCPRoute and UDPRoute
Added Metrics related to XDS Server, Infra Manager and Controller
Added Support for PolicyStatus in EnvoyPatchPolicy
Added Support for Websocket upgrades in HTTP/1 Routes
Added Support for custom controller name in egctl
Added Support for BackendTLSPolicy CA Certificate reference to Secret
Added names to Filter Chains
Added Support extension server hooks for TCP and UDP listeners
Added Support for attaching EnvoyProxy resource to Gateways
Added Support for Exposing Prometheus Port in Rate Limiter Service
Added Support for Optional Rate Limit Backend Redis
Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled
Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain
Updated Ext-Auth Per-Route config to use filter-specific Config Type
Updated Overload Manager configuration according to Envoy recommendations by default
Updated Infrastructure resource management to user Server-Side Apply
Updated Reflection of Errors in Gateway Status when too many addresses are assigned
Fixed enforcement of same-namespace for BackendTLSPolicy and target
Fixed processing all listeners before returning with an error
Fixed creation of infrastructure resources if there are no listeners
Fixed use GatewayClass Name for Observability if Merge Gateways is enabled
Fixed CORS to not forward Not-Matching Preflights to Backends
Fixed BackendTLSPolicy status to fully conform with PolicyStatus
Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters
Fixed Proxy Protocol Filter to always be the first Listener Filter
Fixed Translation Consistency by sorting Gateways
Fixed QUIC Listener to only Advertise HTTP/3 over ALPN
Fixed SNI matching for TCP Routes with TLS termination
Fixed Reconciliation when EnvoyProxy backendRefs changes
Fixed Reconciliation when a referenced Secret or ConfigMap changes
Fixed ReplaceFullPath not working for root path
Fixed Default Application Protocol to TCP for Zipkin Tracing
Fixed not appending well-known ports (80, 443) in rediret Location header

Providers

Bumped K8s Client to v0.30.0

xDS

Bumped go-control-plane to v0.12.1

Cli

Added Support for Install and Uninstall Commands to egctl
Added Support for xRoute and xPolicy in egctl x status
Added Golang version to Envoy Gateway version command
Fixed egctl x status gatewayclass example message

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified September 7, 2024: bump to go1.22.7 (#4175) (69bf882)