Skip to content

Releases: solo-io/gloo

v1.18.0-beta1

20 Jun 19:38
@sheidkamp sheidkamp
v1.18.0-beta1
e308d8f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.18.0-beta1

Helm Changes

  • Introduce gateway.validation.webhook.enablePolicyApi which controls whether or not RouteOptions and VirtualHostOptions CRs are subject to validation. By default, this value is true. The validation of these Policy APIs only runs if the Kubernetes Gateway integration is enabled (kubeGateway.enabled). (solo-io/solo-projects#6352)

New Features

  • Adds the host_rewrite_header to the route options to allow envoy to swapped the host header with the content of given downstream or custom header. Pay attention to the potential security implications of using this option. Provided header must come from trusted source. (#9579)
  • Adds pre-admission validation rules to the AuthConfig CRD. (solo-io/gloo-mesh-enterprise#16010)
  • Adds the ability to recover if the Kubernetes API server is unreachable once the gloo pod comes up. The MAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVER environment variable defines the maximum duration the gloo pod can run and attempt to reconnect to the kube apiserver if it is unreachable. Exceeding this duration will lead to the pod quitting. To enable this feature, set the MAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVER environment variable to the desired duration in the gloo container. This can be done either by modifying the gloo deployment or by specifying the gloo.deployment.customEnv[0].Name=MAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVER and gloo.deployment.customEnv[0].Value=60s helm values. (#8107)
  • gateway2: merge multiple targetRef based Route & VirtualHost options

Implements merging of targetRef based RouteOptions and
VirtualHostOptions in a specific order of precedence from
oldest to newest created resource.

The merging uses shallow merging such that for an option
A that is higher priority than option B, merge(A,B) merges
the top-level options of B that have not already been set on A.
This allows options later in the precedence chain to augment
the existing options during a merge but not overwrite them. (solo-io/solo-projects#6313)

Fixes

  • Previously, header names consisting of invalid characters such as '()[]:;,<=>' were accepted when passed via the healthCheck or headerManipulation requestHeadersToAdd parameter. This resulted in envoy throwing an invalid header name error. Now, header names are validated according to RFC 9110, which is the same validation used by envoy. If a header name consisting of invalid characters is passed via the aforementioned parameters, it is caught and rejected in edge and does not propagate to envoy. (#9622)
  • Fix statuses being synced properly for k8s gateway resources (solo-io/solo-projects#6304)
  • Follow up to fix discoveryAddress, istioMetaMeshId and istioMetaClusterId in k8s gateway deployment for Istio integration. (solo-io/solo-projects#6107)
  • Fix issue where Kube Gateway proxies would have errors regarding status logged constantly (solo-io/solo-projects#6252)
Assets 12
Loading

v1.17.0-rc5

19 Jun 14:49
@davidjumani davidjumani
v1.17.0-rc5
52ea4ab
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.17.0-rc5

New Features

  • Adds the ability to recover if the Kubernetes API server is unreachable once the gloo pod comes up. The MAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVER environment variable defines the maximum duration the gloo pod can run and attempt to reconnect to the kube apiserver if it is unreachable. Exceeding this duration will lead to the pod quitting. To enable this feature, set the MAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVER environment variable to the desired duration in the gloo container. This can be done either by modifying the gloo deployment or by specifying the gloo.deployment.customEnv[0].Name=MAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVER and gloo.deployment.customEnv[0].Value=60s helm values. (#8107)

Fixes

  • Adds the host_rewrite_header to the route options to allow envoy to swapped the host header with the content of given downstream or custom header. Pay attention to the potential security implications of using this option. Provided header must come from trusted source. (#9579)
  • Previously, header names consisting of invalid characters such as '()[]:;,<=>' were accepted when passed via the healthCheck or headerManipulation requestHeadersToAdd parameter. This resulted in envoy throwing an invalid header name error. Now, header names are validated according to RFC 9110, which is the same validation used by envoy. If a header name consisting of invalid characters is passed via the aforementioned parameters, it is caught and rejected in edge and does not propagate to envoy. (#9622)
  • Fix issue where Kube Gateway proxies would have errors regarding status logged constantly (solo-io/solo-projects#6252)
Assets 12
Loading

v1.16.16

18 Jun 20:06
@nfuden nfuden
v1.16.16
36a6791
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.16.16

Fixes

  • Adds the host_rewrite_header to the route options to allow envoy to swapped the host header with the content of given downstream or custom header. Pay attention to the potential security implications of using this option. Provided header must come from trusted source. (#9579)
  • Previously, header names consisting of invalid characters such as '()[]:;,<=>' were accepted when passed via the healthCheck or headerManipulation requestHeadersToAdd parameter. This resulted in envoy throwing an invalid header name error. Now, header names are validated according to RFC 9110, which is the same validation used by envoy. If a header name consisting of invalid characters is passed via the aforementioned parameters, it is caught and rejected in edge and does not propagate to envoy. (#9622)
Assets 12
Loading

v1.17.0-rc4

13 Jun 19:50
@npolshakova npolshakova
v1.17.0-rc4
ef7a5e4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.17.0-rc4

New Features

Fixes

Assets 12
Loading

v1.17.0-rc3

12 Jun 19:20
@bewebi bewebi
v1.17.0-rc3
8cd5695
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.17.0-rc3

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to v1.30.2-patch2.

Helm Changes

  • Fix istioIntegration.enabled helm value to configure bootstrap configmap. Remove deprecated istioSDS.enabled as a requirement for Istio automtls integration. (solo-io/solo-projects#5743)

New Features

  • Add support for the envoy.http.stateful_session.header filter This support has been added via a new HTTPListener option, stateful_session which can be used to configure the filter. Envoy notes about this filter: - Stateful sessions can result in imbalanced load across upstreams and allow external actors to direct requests to specific upstream hosts. Operators should carefully consider the security and reliability implications of stateful sessions before enabling this feature. - This extension is functional but has not had substantial production burn time, use only with this caveat. - This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. (#9104)
Assets 12
Loading

v1.16.15

11 Jun 18:50
@nfuden nfuden
v1.16.15
994fa6f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.16.15

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to v1.27.6-patch1.
Assets 12
Loading

v1.17.0-rc2

10 Jun 16:23
@sheidkamp sheidkamp
v1.17.0-rc2
3d91417
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.17.0-rc2

Helm Changes

  • Rename the kube gateway envoy container image helm value from kubeGateway.gatewayParameters.glooGateway.image to kubeGateway.gatewayParameters.glooGateway.envoyContainer.image. (solo-io/solo-projects#6107)

New Features

    1. Add API for running postRouting transformations. This means that the transformation filter
      will be run as a part of the router filter, rather than during the standard HTTP filter chain.
      This allows access to endpoint specific information which is not available during the standard
      fiter chain.
  1. Add API for adding metadata to endpoints in static/failover upstreams. This metadata can
    then be accessed in the transformation filter mentioned above.
  2. Add new plugin type to allow adding filter in the upstream filter chain. (solo-io/solo-projects#5890)

Fixes

  • Properly pass through the json_to_proto value from the gloo API to the envoy API for dynamic metadata transformations. (solo-io/solo-projects#5890)
Assets 12
Loading

v1.17.0-rc1

05 Jun 22:43
@sam-heilbron sam-heilbron
v1.17.0-rc1
86076bb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.17.0-rc1

Helm Changes

  • Add k8s Gateway Istio integration values to the Gloo Gateway Helm chart under kubeGateway.gatewayParameters.glooGateway. (solo-io/solo-projects#5743)

Fixes

  • Adds error types for plugins errors to differentiate between validation errors and validation warnings in order to support preventing the validation webhook rejecting config due to eventual consistency issues with the RateLimitConfig resource. (solo-io/solo-projects#6251)
  • Changing error type to warning will deflake the validation webhook rejecting config due to eventual consistency issues with the RateLimitConfig resource. (solo-io/solo-projects#5307)
  • Adds initial error types for plugins errors to differentiate between validation errors and validation warnings. (#7357)
Assets 12
Loading

v1.17.0-beta35

04 Jun 21:07
@lgadban lgadban
v1.17.0-beta35
3435700
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.17.0-beta35

New Features

  • New CRDs added for ListenerOption and HttpListenerOption resources (solo-io/solo-projects#5941)
  • Add ListenerOption as a policy resource for use with Kube Gateway API objects.
    Note that this resource can not currently be used as a standalone resource (i.e. delegated option) for the Gloo Edge API. (solo-io/solo-projects#5941)
Assets 12
Loading

v1.17.0-beta34

31 May 16:47
@jenshu jenshu
v1.17.0-beta34
f8ea746
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.17.0-beta34

Helm Changes

  • Mark Istio integration helm values that rely on double proxy setup as deprecated. This includes: - global.istioIntegration.labelInstallNamespace - global.istioIntegration.whitelistDiscovery - global.istioIntegration.enableIstioSidecarOnGateway - global.istioIntegration.istioSidecarRevTag - global.istioIntegration.appendXForwardedHost (solo-io/solo-projects#5743)

New Features

  • gateway2: enable self-managed Gateways

Adds capability to integrate self-managed gateways
that are not meant to be auto-provisioned by the
controller. This is required to support use cases
where gateways are statically provisioned, such
as when running the gateways external to k8s on
VMs.

It adds a selfManaged field to the GatewayParameters
CRD which is used to skip the deployment of Gateway
related objects (deployment, service, etc.). When
a gateway is self-managed, it is expected to be
correctly bootstrapped with an envoy config that
matches the Gateway resource's name and namespace,
specifically the node field must be configured
correctly to link a self-managed gateway to the
Gateway resource. (solo-io/solo-projects#6196)

Fixes

Assets 12
Loading