v1.1.0

Date: July 22, 2024

Documentation

  • Added Concepts Doc
  • Added User Guide for Wasm Extension
  • Added User Guide for patching Envoy Service
  • Added User Guide for Backend MTLS
  • Added User Guide for Backend TLS Parameters
  • Added User Guide for IP Allowlist/Denylist
  • Added User Guide for Extension Server
  • Added User Guide for building Wasm image
  • Added Performance Benchmarking Document
  • Added User Guide for Zipkin Tracing
  • Added User Guide for Customizing Ordering of Filters
  • Added User Guide for External Processing Filter in EnvoyExtensionPolicy
  • Added User Guide for installation of egctl with brew
  • Added User Guide for Client Buffer Size Limit
  • Added User Guide for Client Idle Timeout
  • Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides
  • Added User Guide for Backend resource
  • Added GA Blog Post
  • Added Threat Model
  • Added Adopters section to docs
  • Added User Guide and Dashboards for Control Plane and Resource Observability
  • Added User Guide for Connection Limits in ClientTrafficPolicy
  • Added User Guide on using Private Key Provider
  • Added Design Doc for Authorization
  • Added Design Doc for XDS Metadata
  • Added Design Doc for Backend resource
  • Added Design Doc for Control Plane Observability
  • Added Design Doc for EnvoyExtensionPolicy
  • Added Design Doc for External Processing in EnvoyExtensionPolicy
  • Updated Access Logging User Guide to include filtering with CEL Expression
  • Updated Access Logging User Guide to include Metadata
  • Updated Development Guide to require Golang 1.22
  • Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource
  • Updated Site to reflect GA status
  • Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef
  • Updated Observability User Guides to use gateway-addons-helm
  • Updated Gateway-API User Guide to reflect support for BackendRef filters
  • Updated HTTP Timeouts User Guide to highlight default Envoy timeouts
  • Updated Installation Guide to use server-side apply
  • Updated Installation Guide to refer to values.yaml docs
  • Updated BackendTLSPolicy User Guide to GW-API v1.1.0
  • Updated User Guides to use tabs when applying yaml from file or stdin
  • Updated OIDC User Guide to use HTTPS redirect URLs
  • Updated Order of versions in Site
  • Updated Extensbility User Gudie to use yaml-format patches
  • Updated Quickstart Guide to include next steps
  • Updated CRD docs to include enum values
  • Updated Extensibility User Guide with Envoy Patch Policy examples
  • Updated structure of docs: rename Guides to Tasks, move Contribution
  • Updated Support Matrix
  • Updated egctl x status docs for xRoute and xPolicy
  • Updated egctl User Guide with Install and Uninstall commands
  • Updated GRPCRoute docs to use v1 instead of v1alpha2
  • Fixed Rate Limiting User Guide to use correct CIDR matcher type names
  • Fixed User Guide for JWT-based routing
  • Fixed JSON Access Log Example
  • Use linkinator to detect dead links in docs
  • Use helm-docs to generate chart docs
  • Support Not-Implemented-Hide marker in API docs

Installation

  • Added startupProbe to all provisioned containers to reduce risk of restart
  • Added new gateway-addons-helm chart for Observability
  • Added support for global image settings for all images in Envoy Gateway helm chart
  • Added Support for PodDistruptionBudget for Envoy Gateway
  • Added Support for TopologySpreadConstraints for Envoy Gateway
  • Added Support for Tolerations for Envoy Gateway
  • Added Support for Ratelimit image pull secrets and pull policy
  • Updated ttlSecondsAfterFinished on certgen job to 30 by default
  • Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts
  • Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service

API

  • Added Support for Gateway-API v1.1.0
  • Added new Backend CRD
  • Added new EnvoyExtensionPolicy CRD
  • Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs
  • Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs
  • Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config
  • Added Support for Custom ShutDownManager Image in EnvoyGateway Config
  • Added Support for Leader Election in EnvoyGateway Config
  • Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config
  • Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD
  • Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD
  • Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD
  • Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD
  • Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD
  • Added Support for Rate Limiting Tracing in EnvoyProxy CRD
  • Added Support for Routing to Service IP in EnvoyProxy CRD
  • Added Support for Access Log CEL filters in EnvoyProxy CRD
  • Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD
  • Added Support for Zipkin Tracing in EnvoyProxy CRD
  • Added Support for using the Listener port as a the Container port in EnvoyProxy CRD
  • Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD
  • Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD
  • Added Support for Backend TLS Settings in EnvoyProxy CRD
  • Added Support for HTTP Filter Ordering in EnvoyProxy CRD
  • Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD
  • Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD
  • Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD
  • Added Support for Per-Endpoint stats in EnvoyProxy CRD
  • Added Support for Targeting SectionNames in ClientTrafficPolicy CRD
  • Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD
  • Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD
  • Added Support for HTTP/2 settings in ClientTrafficPolicy CRD
  • Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD
  • Added Support for HTTP Health Check in ClientTrafficPolicy CRD
  • Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD
  • Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD
  • Added Support for XFCC header processing in ClientTrafficPolicy CRD
  • Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD
  • Added Support for IdleTimeout in ClientTrafficPolicy CRD
  • Added Support for Connection Limits in ClientTrafficPolicy CRD
  • Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD
  • Added Support for Optionally requiring a JWT in SecurityPolicy CRD
  • Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD
  • Added Support for Authorization in SecurityPolicy CRD
  • Added Support for Ext-Auth failOpen in SecurityPolicy CRD
  • Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD
  • Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD
  • Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD
  • Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD
  • Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD
  • Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy
  • Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD
  • Added Support for Wasm extension in EnvoyExtensionPolicy CRD
  • Added Support for External Processing extension in EnvoyExtensionPolicy CRD
  • Removed Status Print Column from xPolicy CRDs

Breaking Changes

  • SecurityPolicy translation failures will now cause routes referenced by the policy to return an immediate 500 response
  • Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD
  • xPolicy targetRefs can no longer specify a namespace, since Gateway-API v1.1.0 uses LocalPolicyTargetReferenceWithSectionName in Policy resources

Deprecations

  • xPolicy targetRef is deprecated, use targetRefs instead
  • SecurityPolicy ExtAuth BackendRef is deprecated, use BackendRefs instead
  • OpenTelemetry Proxy Access Log Host and Port are deprecated, use backendRefs instead
  • OpenTelemetry Proxy Metrics Sink Host and Port are deprecated, use backendRefs instead
  • Proxy Tracing Provider Host and Port are deprecated, use backendRefs instead
  • Envoy Gateway Extension Server Host and Port are deprecated, use BackendEndpoint instead

Conformance

  • Added Supported Features to Gateway Class

Testing

  • Added e2e test for Client MTLS
  • Added e2e test for Load Balancing
  • Added performance benchmarking test
  • Added e2e test for Zipking Tracing
  • Added e2e test for HTTP Health Checks
  • Added e2e test for CEL Access Log Filter
  • Added e2e test for GRPC Access Log Service Sink
  • Added e2e test for XDS Metadata
  • Added e2e test for Wasm from OCI Images and HTTP Source
  • Added e2e test for Service IP Routing
  • Added e2e test for Multiple GatewayClasses
  • Added e2e test for HTTP Full Path rewrite
  • Added e2e test for Backend API
  • Added e2e test for Backend TLS Settings
  • Added e2e test for disabling X-RateLimit Headers
  • Added e2e test for Authorization
  • Added e2e test for BackendRefs in Ext-Auth
  • Added e2e test for Using Client Protocol in Upstream Connection
  • Added e2e test for Backend Client Cert Authentication
  • Added e2e test for External Processing Filter
  • Added e2e test for Merge Gateways Feature
  • Added e2e test for Option JWT authentication
  • Added e2e test for Infrastructure using Server-Side Apply
  • Added e2e test for Connection Limits
  • Added e2e test for Envoy Graceful Shutdown
  • Updated e2e test for Limit to cover multiple listeners
  • Updated e2e test for CORS to not require access-control-expose-headers
  • Run CEL tests on all supported K8s versions
  • Added OSV Scanner for Golang Vulnerabilities and Licenses
  • Added Trivy scanner for Docker images

Translator

  • Added Support for BackendRef HTTP Filters
  • Added Support for attaching EnvoyProxy to Gateways
  • Added Support for cross-namespace EnvoyProxy reference from GatewayClass
  • Added Support for Backend Traffic Policy for UDPRoute and TCPRoute
  • Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute
  • Added Support for multiple BackendRefs in TCPRoute and UDPRoute
  • Added Metrics related to XDS Server, Infra Manager and Controller
  • Added Support for PolicyStatus in EnvoyPatchPolicy
  • Added Support for Websocket upgrades in HTTP/1 Routes
  • Added Support for custom controller name in egctl
  • Added Support for BackendTLSPolicy CA Certificate reference to Secret
  • Added names to Filter Chains
  • Added Support extension server hooks for TCP and UDP listeners
  • Added Support for attaching EnvoyProxy resource to Gateways
  • Added Support for Exposing Prometheus Port in Rate Limiter Service
  • Added Support for Optional Rate Limit Backend Redis
  • Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled
  • Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain
  • Updated Ext-Auth Per-Route config to use filter-specific Config Type
  • Updated Overload Manager configuration according to Envoy recommendations by default
  • Updated Infrastructure resource management to user Server-Side Apply
  • Updated Reflection of Errors in Gateway Status when too many addresses are assigned
  • Fixed enforcement of same-namespace for BackendTLSPolicy and target
  • Fixed processing all listeners before returning with an error
  • Fixed creation of infrastructure resources if there are no listeners
  • Fixed use GatewayClass Name for Observability if Merge Gateways is enabled
  • Fixed CORS to not forward Not-Matching Preflights to Backends
  • Fixed BackendTLSPolicy status to fully conform with PolicyStatus
  • Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters
  • Fixed Proxy Protocol Filter to always be the first Listener Filter
  • Fixed Translation Consistency by sorting Gateways
  • Fixed QUIC Listener to only Advertise HTTP/3 over ALPN
  • Fixed SNI matching for TCP Routes with TLS termination
  • Fixed Reconciliation when EnvoyProxy backendRefs changes
  • Fixed Reconciliation when a referenced Secret or ConfigMap changes
  • Fixed ReplaceFullPath not working for root path
  • Fixed Default Application Protocol to TCP for Zipkin Tracing
  • Fixed not appending well-known ports (80, 443) in rediret Location header

Providers

  • Bumped K8s Client to v0.30.0

xDS

  • Bumped go-control-plane to v0.12.1

Cli

  • Added egctl x collect command
  • Added Support for Install and Uninstall commands to egctl
  • Added Support for xRoute and xPolicy in egctl x status
  • Added Golang version to Envoy Gateway version command
  • Fixed egctl x status gatewayclass example message

Last modified December 6, 2024: feat: add body to ext auth (#4671) (ac86045)