Skip to content

Releases: solo-io/gloo

v1.19.0-beta4

23 Jan 14:51
91ba1c5
Compare
Choose a tag to compare

Fixes

  • When a workload has the label security.istio.io/tlsMode: disabled
    we will no longer attempt to send mTLS to that workload. (#10575)

v1.19.0-beta3

16 Jan 16:11
65196f5
Compare
Choose a tag to compare

Dependency Bumps

  • golang.org/crypto has been upgraded to v0.31.0.
  • solo-io/envoy-gloo has been upgraded to v1.31.5-patch1.
  • golang.org/x/net has been upgraded to v0.33.0.

Helm Changes

  • Adds support for match conditions (defined via Common Expression Language (CEL)) to the validating webhook to allow fine grained request filtering. They can be set via two new helm values : - gateway.validation.matchConditions on the Gloo webhook - gateway.validation.kubeCoreMatchConditions on the Kube webhook Note that match labels are supported from Kubernetes v1.30+ but need to be enabled in Kubernetes v1.27 to v1.30 via the AdmissionWebhookMatchConditions feature gate. (kgateway-dev#9828)

New Features

  • Add a new Ports field to the GatewayParameters Kube.Service Spec in order to allow admin users to configure additional information about the ports that the Gateway should listen on. This is useful if the user wants to specify a static NodePort. (solo-io/solo-projects#7504)
  • Add new SSL options to GatewayTLSConfig to enable configuring additional SSL options which were previously available using the edge API. This includes cipher suites, minimum TLS version, maximum TLS version, client certificate validation, and one way TLS. (solo-io/solo-projects#7505)
  • gateway2: allow route delegation using wellknown label

There is a product requirement to enable users to use
a label to select HTTPRoutes to delegate to instead
of GVK ref to other HTTPRoutes (includes wildcards).

To strike a balance between flexibility and performance,
this change implements the proposal to use a well known
label delegation.gateway.solo.io/label=<value> to
allow users to delegate to other HTTPRoutes using a label.
HTTPRoutes are indexed using this well known label key that
enable O(1) lookups of routes matching this label value. (solo-io/solo-projects#7626)

  • Add ability to configure proxy service External Traffic Policy via Gateway Params (kgateway-dev#9879)

Fixes

  • Export IsGatewayInstalled for use in other packages (solo-io/solo-projects#7432)
  • Fixes an issue where the ai semantic caching distance is not being set correctly in the cache. Also move the distance threshold to the cache configuration, rather than per datastore. (solo-io/solo-projects#7440)
  • Fixes an issue where an error is thrown instead of an InvalidDestinationWarning when a tracing collector references a missing upstream. (kgateway-dev#10293)
  • gateway2/delegation: enable inherited policy overrides

Adds the ability to override inherited policy fields when
explicitly permitted by a parent route using the annotation
delegation.gateway.solo.io/enable-policy-overrides.
It supports a wildcard value "*" or a comma separated list
of field names such as "faults,timeouts,retries,headermanipulation".

Functionally, a child RouteOption may only override the RouteOptions
derived from its parent if the above annotation exists on the parent
route. This is required to make the override behavior safe to use.

Testing done:

  • Translator tests for the new scenarios. (solo-io/solo-projects#7315)
  • Route delegation makes use of delegation.gateway.solo.io/*
    annotations, so changes to annotations should reconcile HTTPRoutes. (solo-io/solo-projects#7514)
  • Add PERSIST_INSTALL environment variable to control Gloo installation while running e2e tests (both new and old versions). If set to true, the the installation of Gloo will be skipped if it is already installed, and will install Gloo if not already installed. When set to true, teardown will also be skipped.
    The TEAR_DOWN flag will now also be usable with the new kubernetes e2e tests, and common logic is now beign used to control Gloo installtion and teardown for both new and old e2e tests. (solo-io/solo-projects#7432)
  • Fix a memory leaking a log name. (solo-io/solo-projects#7573)
  • When merging parent-child policies, the merging should allow child
    policies to augment parent policies such that fields unset on the
    parent can be set by the child. There is a bug when using policy
    override capability with route delegation that disallows this when
    the annotation specifies non-wildcard fields, such that even if
    a field is unset by the parent only the fields specified in the
    override annotation are merged in - which is incorrect because
    the annotation only applies to fields that are being overriden
    (set by the parent). This change fixes the bug. (solo-io/solo-projects#7601)

v1.18.6

23 Jan 19:11
98f32bc
Compare
Choose a tag to compare

Helm Changes

  • Adds support for match conditions (defined via Common Expression Language (CEL)) to the validating webhook to allow fine grained request filtering. They can be set via two new helm values : - gateway.validation.matchConditions on the Gloo webhook - gateway.validation.kubeCoreMatchConditions on the Kube webhook Note that match labels are supported from Kubernetes v1.30+ but need to be enabled in Kubernetes v1.27 to v1.30 via the AdmissionWebhookMatchConditions feature gate. (kgateway-dev#9828)

v1.18.5

13 Jan 18:58
4d967c1
Compare
Choose a tag to compare

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to v1.31.5-patch2.

v1.18.4

12 Jan 03:05
f69e899
Compare
Choose a tag to compare

Fixes

  • Expose spawn_upstream_span on the tracing API. This setting tells envoy to spawn a new span for each upstream request. (solo-io/solo-projects#6748)
  • Add a new Ports field to the GatewayParameters Kube.Service Spec in order to allow admin users to configure additional information about the ports that the Gateway should listen on. This is useful if the user wants to specify a static NodePort (solo-io/solo-projects#7504)
  • Add new SSL options to GatewayTLSConfig to enable configuring additional SSL options which were previously available using the edge API. This includes cipher suites, minimum TLS version, maximum TLS version, client certificate validation, and one way TLS. (solo-io/solo-projects#7505)
  • gateway2: allow route delegation using wellknown label

There is a product requirement to enable users to use
a label to select HTTPRoutes to delegate to instead
of GVK ref to other HTTPRoutes (includes wildcards).

To strike a balance between flexibility and performance,
this change implements the proposal to use a well known
label delegation.gateway.solo.io/label=<value> to
allow users to delegate to other HTTPRoutes using a label.
HTTPRoutes are indexed using this well known label key that
enable O(1) lookups of routes matching this label value. (solo-io/solo-projects#7626)

  • Add ability to configure proxy service External Traffic Policy via Gateway Params (kgateway-dev#9879)
  • Bumps Gateway API dependencies from v1.2.0 to v1.2.1. (#10546)
  • When merging parent-child policies, the merging should allow child
    policies to augment parent policies such that fields unset on the
    parent can be set by the child. There is a bug when using policy
    override capability with route delegation that disallows this when
    the annotation specifies non-wildcard fields, such that even if
    a field is unset by the parent only the fields specified in the
    override annotation are merged in - which is incorrect because
    the annotation only applies to fields that are being overriden
    (set by the parent). This change fixes the bug. (solo-io/solo-projects#7601)

v1.17.21

08 Jan 20:09
fdfec6e
Compare
Choose a tag to compare

This release contained no user-facing changes.

v1.17.20

08 Jan 15:50
9013fb4
Compare
Choose a tag to compare

Fixes

  • When merging parent-child policies, the merging should allow child
    policies to augment parent policies such that fields unset on the
    parent can be set by the child. There is a bug when using policy
    override capability with route delegation that disallows this when
    the annotation specifies non-wildcard fields, such that even if
    a field is unset by the parent only the fields specified in the
    override annotation are merged in - which is incorrect because
    the annotation only applies to fields that are being overriden
    (set by the parent). This change fixes the bug. (solo-io/solo-projects#7601)

v1.18.3

02 Jan 19:00
99e1ba7
Compare
Choose a tag to compare

Fixes

v1.18.2

20 Dec 14:15
0525c82
Compare
Choose a tag to compare

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to v1.31.5-patch1.

Fixes

  • Route delegation makes use of delegation.gateway.solo.io/*
    annotations, so changes to annotations should reconcile HTTPRoutes. (solo-io/solo-projects#7514)

v1.17.19

20 Dec 01:38
8c39169
Compare
Choose a tag to compare

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to v1.30.9-patch1.

Fixes

  • Route delegation makes use of delegation.gateway.solo.io/*
    annotations, so changes to annotations should reconcile HTTPRoutes. (solo-io/solo-projects#7514)