v1.2.0-rc.1

Date: October 25, 2024

Breaking changes

• Gateway API GRPCRoute and ReferenceGrant v1alpha2 have been removed.
• Please refer to the Gateway API v1.2.0 documentation for more information.
• Removed default CPU limit of the Envoy Gateway deployment
• Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively

New features

• Added support for Gateway-API v1.2.0
• Added support for IPv4/IPv6 Dual Stack for Envoy listeners and BackendRef resources
• Added support for EG standalone(host deployment) mode (experimental)
• Added support for JWT claims based Authorization in SecurityPolicy CRD
• Added support for Direct Response in HTTPRouteFilter CRD
• Added support for Response Override in BackendTrafficPolicy CRD
• Added support for RequestTimeout in BackendTrafficPolicy CRD
• Added support for inverting header matches for rate limit in BackendTrafficPolicy CRD
• Added support for client TLS session resumption in ClientTrafficPolicy CRD
• Added support for HTTPRouteFilter and path regex rewrite
• Added support for host header rewrite in HTTPRouteFilter CRD
• Added support for Listener Access Log in EnvoyProxy CRD
• Added support for Datadog tracing support in EnvoyProxy CRD
• Added support for request response sizes stats in EnvoyProxy CRD
• Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD
• Added support for match conditions for access log in EnvoyProxy CRD
• Added support for using BackendCluster to represent OIDCProvider
• Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD
• Added support for sharing token cookies between multiple domains in SecurityPolicy CRD
• Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD
• Added support for LB priority for non xRoute endpoints
• Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD
• Added support for early request header mutation in the ClientTrafficPolicy CRD
• Added support for JsonPath in the EnvoyPatchPolicy CRD
• Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD
• Added support for cluster settings for non xRoute-generated backend refs
• Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD
• Added support for http2 upstream settings in BackendTrafficPolicy CRD
• Added support for DNS resolution settings in BackendTrafficPolicy CRD
• Added support for configuring service annotations in the Envoy Gateway helm chart
• Added support for configuring priorityClassName to Envoy Gateway helm chart
• Added support for ratelimit metrics monitoring in grafana in the addons helm chart
• Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart
• Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart
• Added support for configuring NodeSelector in the Envoy Gateway helm chart
• Added support for nonce in the OIDC auth flow
• Added support for choosing an HTTPRoute’s non-wildcard hostname as the default Host
• Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails
• Added support for returning 500 when SecurityPolicy translation fails
• Added support for multiple backendRefs for ExtAuth and ExtProc
• Added support for session persistence in HTTPRoute rules
• Added support for the Backend resource for ExtAuth
• Added support for target selectors on Envoy Gateway Extension Server policies
• Added support for non-Kubernetes Backends for TLSRoute
• Added support for fallback to the Backend API
• Added support for reloadable EnvoyGateway configuration
• Added support for adding Labels to the Envoy Service
• Added support for custom name for ratelimit deployment
• Added default SecurityContext for EG components
• Added startupProbe to all provisioned containers
• Added support for local validations for egctl translate and file provider
• Added support for egctl x collect to collect information from the cluster for debugging
• Added support for a native prometheus metrics endpoint in the ratelimit server

Bug fixes

• Fixed unsupported listener protocol type causing an error while updating Gateway Status
• Fixed some status updates were being discarded by the status updater
• Fixed Gateway crash adding BackendTLSPolicy to External Backend of an HTTPRoute
• Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors
• Fixed JSONPath not correctly translated to JSONPatch paths
• Fixed allow empty slowStart when using LeastRequest
• Fixed Backends which should be rejected are still used as an HTTPRoute’s destination
• Fixed losing timeout settings that originate from the route when translating the backend traffic policy
• Fixed Backend resources don’t get status updates
• Fixed Active Health check requires expectedStatuses field to work
• Fixed HTTPHeaderFilter processing doesn’t correctly support multiple header values
• Fixed multiple reference grants in same namespace
• Fixed upstream get unwanted /.
• Fixed creation of SecurityPolicy with targetSelectors fails
• Fixed wrong gateway is chosen as HTTPRoute parent
• Fixed override issue for EEP
• Fixed nil pointer err translating hash load balancing
• Fixed ratelimit does not work across multiple GatewayClasses
• Fixed upstream mTLS only works for HTTPS listeners
• Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not
• Fixed empty connection limit causes XDS rejection
• Fixed ratelimit not working with both headers and cidr matches
• Fixed EDS didn’t update when deployments was created after services
• Fixed RBAC issue for deleting infrastructure resources
• Fixed customized infrastructure resources not being deleted
• Fixed Gateways never become ready/programmed when running Envoy as a Daemonset
• Fixed Ratelimit Deployment ignoring pod labels and annotation merge
• Fixed the API Server receives unnecessary requests
• Fixed terminating envoy pods don’t respond with “Connection: close” (H1) or GOAWAY(H2) on shutdown, switch to an immediate drain strategy
• Fixed ratelimit statsd not working
• Fixed not generating selector of deployment/daemonset based on the custom label configuration of EnvoyProxy
• Fixed egctl experimental translate using a wrong ns

Performance improvements

• Fixed repeated resources and optimize memory usage

Other changes

• Removed grafana test framework from the addons helm chart
• Disabled ALPN for non-HTTP routes
• Added statPrefix for HCM and TCPProxy
• Enabled GatewayHTTPListenerIsolation conformance test
• Enabled GRPC conformance profile
• Enabled HTTPRouteBackendRequestHeaderModifier conformance test
• Added e2e test for Daemonset mode
• Updated upgrades tests to use VERSION env variable
• Fixed OVS scanner wrong license warnings
• Added e2e test for TLS session resumption
• Added heap profile into benchmark report
• Added e2e test for RecomputeRoute in ExtAuth
• Added benchmark memory profiles into report
• Fixed flaky gateway_with_conflicted_listener_cannot_be_merged e2e test
• Fixed flaky Zipkin Tracing e2e test
• Added e2e test for cookie based consistent hash load balancing
• Added e2e test for load balancing
• Fixed flaky authorization tests
• Enabled upgrade test
• Fixed flaky basic auth e2e test
• Enabled use-client-protocol e2e test
• Added performance benchmarking test for 1000 HTTPRoutes
• Added e2e test for Datadog tracing
• Added e2e tests for ratelimit invert matching headers
• Reduced readinessProbe failureThreshold and periodSeconds
• Bumped go-control-plane to v0.13.1