v1.2.0-rc.1

Date: October 25, 2024

Breaking changes

  • Gateway API GRPCRoute and ReferenceGrant v1alpha2 have been removed.
  • Please refer to the Gateway API v1.2.0 documentation for more information.
  • Removed default CPU limit of the Envoy Gateway deployment
  • Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively

New features

  • Added support for Gateway-API v1.2.0
  • Added support for IPv4/IPv6 Dual Stack for Envoy listeners and BackendRef resources
  • Added support for EG standalone(host deployment) mode (experimental)
  • Added support for JWT claims based Authorization in SecurityPolicy CRD
  • Added support for Direct Response in HTTPRouteFilter CRD
  • Added support for Response Override in BackendTrafficPolicy CRD
  • Added support for RequestTimeout in BackendTrafficPolicy CRD
  • Added support for inverting header matches for rate limit in BackendTrafficPolicy CRD
  • Added support for client TLS session resumption in ClientTrafficPolicy CRD
  • Added support for HTTPRouteFilter and path regex rewrite
  • Added support for host header rewrite in HTTPRouteFilter CRD
  • Added support for Listener Access Log in EnvoyProxy CRD
  • Added support for Datadog tracing support in EnvoyProxy CRD
  • Added support for request response sizes stats in EnvoyProxy CRD
  • Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD
  • Added support for match conditions for access log in EnvoyProxy CRD
  • Added support for using BackendCluster to represent OIDCProvider
  • Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD
  • Added support for sharing token cookies between multiple domains in SecurityPolicy CRD
  • Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD
  • Added support for LB priority for non xRoute endpoints
  • Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD
  • Added support for early request header mutation in the ClientTrafficPolicy CRD
  • Added support for JsonPath in the EnvoyPatchPolicy CRD
  • Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD
  • Added support for cluster settings for non xRoute-generated backend refs
  • Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD
  • Added support for http2 upstream settings in BackendTrafficPolicy CRD
  • Added support for DNS resolution settings in BackendTrafficPolicy CRD
  • Added support for configuring service annotations in the Envoy Gateway helm chart
  • Added support for configuring priorityClassName to Envoy Gateway helm chart
  • Added support for ratelimit metrics monitoring in grafana in the addons helm chart
  • Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart
  • Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart
  • Added support for configuring NodeSelector in the Envoy Gateway helm chart
  • Added support for nonce in the OIDC auth flow
  • Added support for choosing an HTTPRoute’s non-wildcard hostname as the default Host
  • Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails
  • Added support for returning 500 when SecurityPolicy translation fails
  • Added support for multiple backendRefs for ExtAuth and ExtProc
  • Added support for session persistence in HTTPRoute rules
  • Added support for the Backend resource for ExtAuth
  • Added support for target selectors on Envoy Gateway Extension Server policies
  • Added support for non-Kubernetes Backends for TLSRoute
  • Added support for fallback to the Backend API
  • Added support for reloadable EnvoyGateway configuration
  • Added support for adding Labels to the Envoy Service
  • Added support for custom name for ratelimit deployment
  • Added default SecurityContext for EG components
  • Added startupProbe to all provisioned containers
  • Added support for local validations for egctl translate and file provider
  • Added support for egctl x collect to collect information from the cluster for debugging
  • Added support for a native prometheus metrics endpoint in the ratelimit server

Bug fixes

  • Fixed unsupported listener protocol type causing an error while updating Gateway Status
  • Fixed some status updates were being discarded by the status updater
  • Fixed Gateway crash adding BackendTLSPolicy to External Backend of an HTTPRoute
  • Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors
  • Fixed JSONPath not correctly translated to JSONPatch paths
  • Fixed allow empty slowStart when using LeastRequest
  • Fixed Backends which should be rejected are still used as an HTTPRoute’s destination
  • Fixed losing timeout settings that originate from the route when translating the backend traffic policy
  • Fixed Backend resources don’t get status updates
  • Fixed Active Health check requires expectedStatuses field to work
  • Fixed HTTPHeaderFilter processing doesn’t correctly support multiple header values
  • Fixed multiple reference grants in same namespace
  • Fixed upstream get unwanted /.
  • Fixed creation of SecurityPolicy with targetSelectors fails
  • Fixed wrong gateway is chosen as HTTPRoute parent
  • Fixed override issue for EEP
  • Fixed nil pointer err translating hash load balancing
  • Fixed ratelimit does not work across multiple GatewayClasses
  • Fixed upstream mTLS only works for HTTPS listeners
  • Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not
  • Fixed empty connection limit causes XDS rejection
  • Fixed ratelimit not working with both headers and cidr matches
  • Fixed EDS didn’t update when deployments was created after services
  • Fixed RBAC issue for deleting infrastructure resources
  • Fixed customized infrastructure resources not being deleted
  • Fixed Gateways never become ready/programmed when running Envoy as a Daemonset
  • Fixed Ratelimit Deployment ignoring pod labels and annotation merge
  • Fixed the API Server receives unnecessary requests
  • Fixed terminating envoy pods don’t respond with “Connection: close” (H1) or GOAWAY(H2) on shutdown, switch to an immediate drain strategy
  • Fixed ratelimit statsd not working
  • Fixed not generating selector of deployment/daemonset based on the custom label configuration of EnvoyProxy
  • Fixed egctl experimental translate using a wrong ns

Performance improvements

  • Fixed repeated resources and optimize memory usage

Other changes

  • Removed grafana test framework from the addons helm chart
  • Disabled ALPN for non-HTTP routes
  • Added statPrefix for HCM and TCPProxy
  • Enabled GatewayHTTPListenerIsolation conformance test
  • Enabled GRPC conformance profile
  • Enabled HTTPRouteBackendRequestHeaderModifier conformance test
  • Added e2e test for Daemonset mode
  • Updated upgrades tests to use VERSION env variable
  • Fixed OVS scanner wrong license warnings
  • Added e2e test for TLS session resumption
  • Added heap profile into benchmark report
  • Added e2e test for RecomputeRoute in ExtAuth
  • Added benchmark memory profiles into report
  • Fixed flaky gateway_with_conflicted_listener_cannot_be_merged e2e test
  • Fixed flaky Zipkin Tracing e2e test
  • Added e2e test for cookie based consistent hash load balancing
  • Added e2e test for load balancing
  • Fixed flaky authorization tests
  • Enabled upgrade test
  • Fixed flaky basic auth e2e test
  • Enabled use-client-protocol e2e test
  • Added performance benchmarking test for 1000 HTTPRoutes
  • Added e2e test for Datadog tracing
  • Added e2e tests for ratelimit invert matching headers
  • Reduced readinessProbe failureThreshold and periodSeconds
  • Bumped go-control-plane to v0.13.1

Last modified November 1, 2024: [release/v1.1] release v1.1.3 (#4600) (a88e6eb)