From 4df010a5a100ba4d1d37d6559e5f8a4de061f623 Mon Sep 17 00:00:00 2001 From: Huabing Zhao Date: Wed, 6 Nov 2024 03:47:25 +0000 Subject: [PATCH] add release note for v1.2.0 Signed-off-by: Huabing Zhao update release note Signed-off-by: Huabing Zhao update release note Signed-off-by: Huabing Zhao --- release-notes/current.yaml | 9 +- release-notes/v1.2.0.yaml | 149 +++++++++++++++++ site/content/en/news/releases/notes/v1.2.0.md | 150 ++++++++++++++++++ 3 files changed, 301 insertions(+), 7 deletions(-) create mode 100644 release-notes/v1.2.0.yaml create mode 100644 site/content/en/news/releases/notes/v1.2.0.md diff --git a/release-notes/current.yaml b/release-notes/current.yaml index 2a0282411485..bfc711148bde 100644 --- a/release-notes/current.yaml +++ b/release-notes/current.yaml @@ -10,16 +10,11 @@ security updates: | # New features or capabilities added in this release. new features: | - Add support for modifying container securityContext for Envoy Gateway deployment in Helm + Add a new feature here # Fixes for bugs identified in previous versions. bug fixes: | - Only log endpoint configuration in verbose logging mode (`-v 4` or higher) - The xDS translation failed when wasm http code source configured without a sha - HTTPRoute status only shows one parent when targeting multiple Gateways from different GatewayClasses - Route with multiple parents has incorrect namespace in parentRef status - BackendTlsPolicy specify multiple targetRefs of the same service, only one will work - Helm chart fails for Flux HelmRelease + Add a bug fix here # Enhancements that improve performance. performance improvements: | diff --git a/release-notes/v1.2.0.yaml b/release-notes/v1.2.0.yaml new file mode 100644 index 000000000000..3db7f3a1a631 --- /dev/null +++ b/release-notes/v1.2.0.yaml @@ -0,0 +1,149 @@ +date: November 6, 2024 + +# Changes that are expected to cause an incompatibility with previous versions, such as deletions or modifications to existing APIs. +breaking changes: | + Gateway API GRPCRoute and ReferenceGrant v1alpha2 have been removed. + Please refer to the [Gateway API v1.2.0 documentation](https://github.com/kubernetes-sigs/gateway-api/releases) for more information. + Removed default CPU limit of the Envoy Gateway deployment + Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively + +# New features or capabilities added in this release. +new features: | + Added support for Gateway-API v1.2.0 + Added support for IPv4/IPv6 Dual Stack for Envoy listeners and BackendRef resources + Added support for EG standalone(host deployment) mode (experimental) + Added support for JWT claims based Authorization in SecurityPolicy CRD + Added support for Direct Response in HTTPRouteFilter CRD + Added support for Response Override in BackendTrafficPolicy CRD + Added support for RequestTimeout in BackendTrafficPolicy CRD + Added support for inverting header matches for rate limit in BackendTrafficPolicy CRD + Added support for client TLS session resumption in ClientTrafficPolicy CRD + Added support for HTTPRouteFilter and path regex rewrite + Added support for host header rewrite in HTTPRouteFilter CRD + Added support for Listener Access Log in EnvoyProxy CRD + Added support for Datadog tracing support in EnvoyProxy CRD + Added support for request response sizes stats in EnvoyProxy CRD + Added support for modifying container SecurityContext for Envoy Gateway deployment in Helm + Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD + Added support for match conditions for access log in EnvoyProxy CRD + Added support for using BackendCluster to represent OIDCProvider + Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD + Added support for sharing token cookies between multiple domains in SecurityPolicy CRD + Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD + Added support for LB priority for non xRoute endpoints + Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD + Added support for early request header mutation in the ClientTrafficPolicy CRD + Added support for JsonPath in the EnvoyPatchPolicy CRD + Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD + Added support for cluster settings for non xRoute-generated backend refs + Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD + Added support for http2 upstream settings in BackendTrafficPolicy CRD + Added support for DNS resolution settings in BackendTrafficPolicy CRD + Added support for configuring service annotations in the Envoy Gateway helm chart + Added support for configuring priorityClassName to Envoy Gateway helm chart + Added support for ratelimit metrics monitoring in grafana in the addons helm chart + Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart + Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart + Added support for configuring NodeSelector in the Envoy Gateway helm chart + Added support for nonce in the OIDC auth flow + Added support for choosing an HTTPRoute's non-wildcard hostname as the default Host + Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails + Added support for returning 500 when SecurityPolicy translation fails + Added support for multiple backendRefs for ExtAuth and ExtProc + Added support for session persistence in HTTPRoute rules + Added support for the Backend resource for ExtAuth + Added support for target selectors on Envoy Gateway Extension Server policies + Added support for non-Kubernetes Backends for TLSRoute + Added support for fallback to the Backend API + Added support for reloadable EnvoyGateway configuration + Added support for adding Labels to the Envoy Service + Added support for custom name for ratelimit deployment + Added default SecurityContext for EG components + Added startupProbe to all provisioned containers + Added support for local validations for egctl translate and file provider + Added support for egctl x collect to collect information from the cluster for debugging + Added support for a native prometheus metrics endpoint in the ratelimit server + +# Fixes for bugs identified in previous versions. +bug fixes: | + Fixed xDS translation failed when wasm http code source configured without sha + Fixed unsupported listener protocol type causing an error while updating Gateway Status + Fixed some status updates were being discarded by the status updater + Fixed Gateway crash adding BackendTLSPolicy to External Backend of an HTTPRoute + Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors + Fixed JSONPath not correctly translated to JSONPatch paths + Fixed allow empty slowStart when using LeastRequest + Fixed Backends which should be rejected are still used as an HTTPRoute's destination + Fixed losing timeout settings that originate from the route when translating the backend traffic policy + Fixed Backend resources don't get status updates + Fixed Active Health check requires expectedStatuses field to work + Fixed HTTPHeaderFilter processing doesn't correctly support multiple header values + Fixed multiple reference grants in same namespace + Fixed upstream get unwanted /. + Fixed creation of SecurityPolicy with targetSelectors fails + Fixed wrong gateway is chosen as HTTPRoute parent + Fixed override issue for EEP + Fixed nil pointer err translating hash load balancing + Fixed ratelimit does not work across multiple GatewayClasses + Fixed upstream mTLS only works for HTTPS listeners + Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not + Fixed empty connection limit causes xDS rejection + Fixed ratelimit not working with both headers and cidr matches + Fixed EDS didn't update when deployments was created after services + Fixed RBAC issue for deleting infrastructure resources + Fixed customized infrastructure resources not being deleted + Fixed Gateways never become ready/programmed when running Envoy as a Daemonset + Fixed Ratelimit Deployment ignoring pod labels and annotation merge + Fixed the API Server receives unnecessary requests + Fixed terminating envoy pods don't respond with "Connection: close" (H1) or GOAWAY(H2) on shutdown, switch to an immediate drain strategy + Fixed ratelimit statsd not working + Fixed not generating selector of deployment/daemonset based on the custom label configuration of EnvoyProxy + Fixed egctl experimental translate using a wrong ns + Fixed reconcile not triggered for Secret updates referenced by a BackendTLSPolicy + Fixed Route with multiple parents has incorrect namespace in parentRef status + Fixed only log endpoint configuration in verbose logging mode (`-v 4` or higher) + Fixed the xDS translation failed when wasm http code source configured without a sha + Fixed HTTPRoute status only shows one parent when targeting multiple Gateways from different GatewayClasses + Fixed Route with multiple parents has incorrect namespace in parentRef status + Fixed BackendTlsPolicy specify multiple targetRefs of the same service, only one will work + Fixed Helm chart fails for Flux HelmRelease + +# Enhancements that improve performance. +performance improvements: | + Fixed repeated resources and optimize memory usage + +# Other notable changes not covered by the above sections. +Other changes: | + Upgraded Envoy to v1.32.1 + Reduced the amount of configuration logging, and make it line-delimited friendly + Made watching alpha CRDs optional, so that gateway-api upgrade don't break envoy gateway + Removed grafana test framework from the addons helm chart + Disabled ALPN for non-HTTP routes + Added statPrefix for HCM and TCPProxy + Enabled GatewayHTTPListenerIsolation conformance test + Enabled GRPC conformance profile + Enabled HTTPRouteBackendRequestHeaderModifier conformance test + Added e2e test for Daemonset mode + Updated upgrades tests to use VERSION env variable + Fixed OVS scanner wrong license warnings + Added e2e test for Gateway with EnvoyProxy + Added e2e test for TLS session resumption + Added heap profile into benchmark report + Added e2e test for RecomputeRoute in ExtAuth + Added benchmark memory profiles into report + Fixed flaky gateway_with_conflicted_listener_cannot_be_merged e2e test + Fixed flaky Zipkin Tracing e2e test + Added e2e test for cookie based consistent hash load balancing + Added e2e test for load balancing + Fixed flaky authorization tests + Enabled upgrade test + Fixed flaky basic auth e2e test + Enabled use-client-protocol e2e test + Added performance benchmarking test for 1000 HTTPRoutes + Added e2e test for Datadog tracing + Added e2e tests for ratelimit invert matching headers + Reduced readinessProbe failureThreshold and periodSeconds + Bumped go-control-plane to v0.13.1 + Enabled e2e tests for dual stack + Set ignore_health_on_host_removal to true for clusters with static endpoints + Use grafana alloy instead of fluent-bit in the addons helm chart for log forwarding diff --git a/site/content/en/news/releases/notes/v1.2.0.md b/site/content/en/news/releases/notes/v1.2.0.md new file mode 100644 index 000000000000..71e3cc6fb681 --- /dev/null +++ b/site/content/en/news/releases/notes/v1.2.0.md @@ -0,0 +1,150 @@ +--- +title: "v1.2.0" +publishdate: 2024-11-01 +--- + +Date: November 1, 2024 + +## Breaking changes +- Gateway API GRPCRoute and ReferenceGrant v1alpha2 have been removed. +- Please refer to the [Gateway API v1.2.0 documentation](https://github.com/kubernetes-sigs/gateway-api/releases) for more information. +- Removed default CPU limit of the Envoy Gateway deployment +- Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively + +## New features +- Added support for Gateway-API v1.2.0 +- Added support for IPv4/IPv6 Dual Stack for Envoy listeners and BackendRef resources +- Added support for EG standalone(host deployment) mode (experimental) +- Added support for JWT claims based Authorization in SecurityPolicy CRD +- Added support for Direct Response in HTTPRouteFilter CRD +- Added support for Response Override in BackendTrafficPolicy CRD +- Added support for RequestTimeout in BackendTrafficPolicy CRD +- Added support for inverting header matches for rate limit in BackendTrafficPolicy CRD +- Added support for client TLS session resumption in ClientTrafficPolicy CRD +- Added support for HTTPRouteFilter and path regex rewrite +- Added support for host header rewrite in HTTPRouteFilter CRD +- Added support for Listener Access Log in EnvoyProxy CRD +- Added support for Datadog tracing support in EnvoyProxy CRD +- Added support for request response sizes stats in EnvoyProxy CRD +- Added support for modifying container SecurityContext for Envoy Gateway deployment in Helm +- Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD +- Added support for match conditions for access log in EnvoyProxy CRD +- Added support for using BackendCluster to represent OIDCProvider +- Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD +- Added support for sharing token cookies between multiple domains in SecurityPolicy CRD +- Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD +- Added support for LB priority for non xRoute endpoints +- Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD +- Added support for early request header mutation in the ClientTrafficPolicy CRD +- Added support for JsonPath in the EnvoyPatchPolicy CRD +- Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD +- Added support for cluster settings for non xRoute-generated backend refs +- Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD +- Added support for http2 upstream settings in BackendTrafficPolicy CRD +- Added support for DNS resolution settings in BackendTrafficPolicy CRD +- Added support for configuring service annotations in the Envoy Gateway helm chart +- Added support for configuring priorityClassName to Envoy Gateway helm chart +- Added support for ratelimit metrics monitoring in grafana in the addons helm chart +- Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart +- Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart +- Added support for configuring NodeSelector in the Envoy Gateway helm chart +- Added support for nonce in the OIDC auth flow +- Added support for choosing an HTTPRoute's non-wildcard hostname as the default Host +- Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails +- Added support for returning 500 when SecurityPolicy translation fails +- Added support for multiple backendRefs for ExtAuth and ExtProc +- Added support for session persistence in HTTPRoute rules +- Added support for the Backend resource for ExtAuth +- Added support for target selectors on Envoy Gateway Extension Server policies +- Added support for non-Kubernetes Backends for TLSRoute +- Added support for fallback to the Backend API +- Added support for reloadable EnvoyGateway configuration +- Added support for adding Labels to the Envoy Service +- Added support for custom name for ratelimit deployment +- Added default SecurityContext for EG components +- Added startupProbe to all provisioned containers +- Added support for local validations for egctl translate and file provider +- Added support for egctl x collect to collect information from the cluster for debugging +- Added support for a native prometheus metrics endpoint in the ratelimit server + +## Bug fixes +- Fixed xDS translation failed when wasm http code source configured without sha +- Fixed unsupported listener protocol type causing an error while updating Gateway Status +- Fixed some status updates were being discarded by the status updater +- Fixed Gateway crash adding BackendTLSPolicy to External Backend of an HTTPRoute +- Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors +- Fixed JSONPath not correctly translated to JSONPatch paths +- Fixed allow empty slowStart when using LeastRequest +- Fixed Backends which should be rejected are still used as an HTTPRoute's destination +- Fixed losing timeout settings that originate from the route when translating the backend traffic policy +- Fixed Backend resources don't get status updates +- Fixed Active Health check requires expectedStatuses field to work +- Fixed HTTPHeaderFilter processing doesn't correctly support multiple header values +- Fixed multiple reference grants in same namespace +- Fixed upstream get unwanted /. +- Fixed creation of SecurityPolicy with targetSelectors fails +- Fixed wrong gateway is chosen as HTTPRoute parent +- Fixed override issue for EEP +- Fixed nil pointer err translating hash load balancing +- Fixed ratelimit does not work across multiple GatewayClasses +- Fixed upstream mTLS only works for HTTPS listeners +- Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not +- Fixed empty connection limit causes xDS rejection +- Fixed ratelimit not working with both headers and cidr matches +- Fixed EDS didn't update when deployments was created after services +- Fixed RBAC issue for deleting infrastructure resources +- Fixed customized infrastructure resources not being deleted +- Fixed Gateways never become ready/programmed when running Envoy as a Daemonset +- Fixed Ratelimit Deployment ignoring pod labels and annotation merge +- Fixed the API Server receives unnecessary requests +- Fixed terminating envoy pods don't respond with "Connection: close" (H1) or GOAWAY(H2) on shutdown, switch to an immediate drain strategy +- Fixed ratelimit statsd not working +- Fixed not generating selector of deployment/daemonset based on the custom label configuration of EnvoyProxy +- Fixed egctl experimental translate using a wrong ns +- Fixed reconcile not triggered for Secret updates referenced by a BackendTLSPolicy +- Fixed Route with multiple parents has incorrect namespace in parentRef status +- Fixed only log endpoint configuration in verbose logging mode (`-v 4` or higher) +- Fixed the xDS translation failed when wasm http code source configured without a sha +- Fixed HTTPRoute status only shows one parent when targeting multiple Gateways from different GatewayClasses +- Fixed Route with multiple parents has incorrect namespace in parentRef status +- Fixed BackendTlsPolicy specify multiple targetRefs of the same service, only one will work +- Fixed Helm chart fails for Flux HelmRelease + +## Performance improvements +- Fixed repeated resources and optimize memory usage + +## Other changes +- Upgraded Envoy to v1.32.1 +- Reduced the amount of configuration logging, and make it line-delimited friendly +- Made watching alpha CRDs optional, so that gateway-api upgrade don't break envoy gateway +- Removed grafana test framework from the addons helm chart +- Disabled ALPN for non-HTTP routes +- Added statPrefix for HCM and TCPProxy +- Enabled GatewayHTTPListenerIsolation conformance test +- Enabled GRPC conformance profile +- Enabled HTTPRouteBackendRequestHeaderModifier conformance test +- Added e2e test for Daemonset mode +- Updated upgrades tests to use VERSION env variable +- Fixed OVS scanner wrong license warnings +- Added e2e test for Gateway with EnvoyProxy +- Added e2e test for TLS session resumption +- Added heap profile into benchmark report +- Added e2e test for RecomputeRoute in ExtAuth +- Added benchmark memory profiles into report +- Fixed flaky gateway_with_conflicted_listener_cannot_be_merged e2e test +- Fixed flaky Zipkin Tracing e2e test +- Added e2e test for cookie based consistent hash load balancing +- Added e2e test for load balancing +- Fixed flaky authorization tests +- Enabled upgrade test +- Fixed flaky basic auth e2e test +- Enabled use-client-protocol e2e test +- Added performance benchmarking test for 1000 HTTPRoutes +- Added e2e test for Datadog tracing +- Added e2e tests for ratelimit invert matching headers +- Reduced readinessProbe failureThreshold and periodSeconds +- Bumped go-control-plane to v0.13.1 +- Enabled e2e tests for dual stack +- Set ignore_health_on_host_removal to true for clusters with static endpoints +- Use grafana alloy instead of fluent-bit in the addons helm chart for log forwarding +