Releases: solo-io/gloo
v1.19.0-beta4
Fixes
- When a workload has the label
security.istio.io/tlsMode: disabled
we will no longer attempt to send mTLS to that workload. (#10575)
v1.19.0-beta3
Dependency Bumps
- golang.org/crypto has been upgraded to v0.31.0.
- solo-io/envoy-gloo has been upgraded to v1.31.5-patch1.
- golang.org/x/net has been upgraded to v0.33.0.
Helm Changes
- Adds support for match conditions (defined via Common Expression Language (CEL)) to the validating webhook to allow fine grained request filtering. They can be set via two new helm values : -
gateway.validation.matchConditions
on the Gloo webhook -gateway.validation.kubeCoreMatchConditions
on the Kube webhook Note that match labels are supported from Kubernetes v1.30+ but need to be enabled in Kubernetes v1.27 to v1.30 via the AdmissionWebhookMatchConditions feature gate. (kgateway-dev#9828)
New Features
- Add a new Ports field to the
GatewayParameters
Kube.Service
Spec in order to allow admin users to configure additional information about the ports that the Gateway should listen on. This is useful if the user wants to specify a staticNodePort
. (solo-io/solo-projects#7504) - Add new SSL options to GatewayTLSConfig to enable configuring additional SSL options which were previously available using the edge API. This includes cipher suites, minimum TLS version, maximum TLS version, client certificate validation, and one way TLS. (solo-io/solo-projects#7505)
- gateway2: allow route delegation using wellknown label
There is a product requirement to enable users to use
a label to select HTTPRoutes to delegate to instead
of GVK ref to other HTTPRoutes (includes wildcards).
To strike a balance between flexibility and performance,
this change implements the proposal to use a well known
label delegation.gateway.solo.io/label=<value>
to
allow users to delegate to other HTTPRoutes using a label.
HTTPRoutes are indexed using this well known label key that
enable O(1) lookups of routes matching this label value. (solo-io/solo-projects#7626)
- Add ability to configure proxy service External Traffic Policy via Gateway Params (kgateway-dev#9879)
Fixes
- Export IsGatewayInstalled for use in other packages (solo-io/solo-projects#7432)
- Fixes an issue where the ai semantic caching distance is not being set correctly in the cache. Also move the distance threshold to the cache configuration, rather than per datastore. (solo-io/solo-projects#7440)
- Fixes an issue where an error is thrown instead of an InvalidDestinationWarning when a tracing collector references a missing upstream. (kgateway-dev#10293)
- gateway2/delegation: enable inherited policy overrides
Adds the ability to override inherited policy fields when
explicitly permitted by a parent route using the annotation
delegation.gateway.solo.io/enable-policy-overrides.
It supports a wildcard value "*" or a comma separated list
of field names such as "faults,timeouts,retries,headermanipulation".
Functionally, a child RouteOption may only override the RouteOptions
derived from its parent if the above annotation exists on the parent
route. This is required to make the override behavior safe to use.
Testing done:
- Translator tests for the new scenarios. (solo-io/solo-projects#7315)
- Route delegation makes use of delegation.gateway.solo.io/*
annotations, so changes to annotations should reconcile HTTPRoutes. (solo-io/solo-projects#7514) - Add
PERSIST_INSTALL
environment variable to control Gloo installation while running e2e tests (both new and old versions). If set totrue
, the the installation of Gloo will be skipped if it is already installed, and will install Gloo if not already installed. When set totrue
, teardown will also be skipped.
The TEAR_DOWN flag will now also be usable with the new kubernetes e2e tests, and common logic is now beign used to control Gloo installtion and teardown for both new and old e2e tests. (solo-io/solo-projects#7432) - Fix a memory leaking a log name. (solo-io/solo-projects#7573)
- When merging parent-child policies, the merging should allow child
policies to augment parent policies such that fields unset on the
parent can be set by the child. There is a bug when using policy
override capability with route delegation that disallows this when
the annotation specifies non-wildcard fields, such that even if
a field is unset by the parent only the fields specified in the
override annotation are merged in - which is incorrect because
the annotation only applies to fields that are being overriden
(set by the parent). This change fixes the bug. (solo-io/solo-projects#7601)
v1.18.6
Helm Changes
- Adds support for match conditions (defined via Common Expression Language (CEL)) to the validating webhook to allow fine grained request filtering. They can be set via two new helm values : -
gateway.validation.matchConditions
on the Gloo webhook -gateway.validation.kubeCoreMatchConditions
on the Kube webhook Note that match labels are supported from Kubernetes v1.30+ but need to be enabled in Kubernetes v1.27 to v1.30 via the AdmissionWebhookMatchConditions feature gate. (kgateway-dev#9828)
v1.18.5
v1.18.4
Fixes
- Expose spawn_upstream_span on the tracing API. This setting tells envoy to spawn a new span for each upstream request. (solo-io/solo-projects#6748)
- Add a new Ports field to the
GatewayParameters
Kube.Service
Spec in order to allow admin users to configure additional information about the ports that the Gateway should listen on. This is useful if the user wants to specify a staticNodePort
(solo-io/solo-projects#7504) - Add new SSL options to GatewayTLSConfig to enable configuring additional SSL options which were previously available using the edge API. This includes cipher suites, minimum TLS version, maximum TLS version, client certificate validation, and one way TLS. (solo-io/solo-projects#7505)
- gateway2: allow route delegation using wellknown label
There is a product requirement to enable users to use
a label to select HTTPRoutes to delegate to instead
of GVK ref to other HTTPRoutes (includes wildcards).
To strike a balance between flexibility and performance,
this change implements the proposal to use a well known
label delegation.gateway.solo.io/label=<value>
to
allow users to delegate to other HTTPRoutes using a label.
HTTPRoutes are indexed using this well known label key that
enable O(1) lookups of routes matching this label value. (solo-io/solo-projects#7626)
- Add ability to configure proxy service External Traffic Policy via Gateway Params (kgateway-dev#9879)
- Bumps Gateway API dependencies from v1.2.0 to v1.2.1. (#10546)
- When merging parent-child policies, the merging should allow child
policies to augment parent policies such that fields unset on the
parent can be set by the child. There is a bug when using policy
override capability with route delegation that disallows this when
the annotation specifies non-wildcard fields, such that even if
a field is unset by the parent only the fields specified in the
override annotation are merged in - which is incorrect because
the annotation only applies to fields that are being overriden
(set by the parent). This change fixes the bug. (solo-io/solo-projects#7601)
v1.17.21
This release contained no user-facing changes.
v1.17.20
Fixes
- When merging parent-child policies, the merging should allow child
policies to augment parent policies such that fields unset on the
parent can be set by the child. There is a bug when using policy
override capability with route delegation that disallows this when
the annotation specifies non-wildcard fields, such that even if
a field is unset by the parent only the fields specified in the
override annotation are merged in - which is incorrect because
the annotation only applies to fields that are being overriden
(set by the parent). This change fixes the bug. (solo-io/solo-projects#7601)
v1.18.3
Fixes
- Fix a memory leaking a log name. (solo-io/solo-projects#7573)
v1.18.2
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to v1.31.5-patch1.
Fixes
- Route delegation makes use of delegation.gateway.solo.io/*
annotations, so changes to annotations should reconcile HTTPRoutes. (solo-io/solo-projects#7514)
v1.17.19
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to v1.30.9-patch1.
Fixes
- Route delegation makes use of delegation.gateway.solo.io/*
annotations, so changes to annotations should reconcile HTTPRoutes. (solo-io/solo-projects#7514)