Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add release docs for v1.2.0 #4570

Merged
merged 20 commits into from
Nov 6, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 2 additions & 7 deletions release-notes/current.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,16 +10,11 @@ security updates: |

# New features or capabilities added in this release.
new features: |
Add support for modifying container securityContext for Envoy Gateway deployment in Helm
Add a new feature here

# Fixes for bugs identified in previous versions.
bug fixes: |
Only log endpoint configuration in verbose logging mode (`-v 4` or higher)
The xDS translation failed when wasm http code source configured without a sha
HTTPRoute status only shows one parent when targeting multiple Gateways from different GatewayClasses
Route with multiple parents has incorrect namespace in parentRef status
BackendTlsPolicy specify multiple targetRefs of the same service, only one will work
Helm chart fails for Flux HelmRelease
Add a bug fix here

# Enhancements that improve performance.
performance improvements: |
Expand Down
149 changes: 149 additions & 0 deletions release-notes/v1.2.0.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,149 @@
date: November 6, 2024

# Changes that are expected to cause an incompatibility with previous versions, such as deletions or modifications to existing APIs.
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
breaking changes: |
Gateway API GRPCRoute and ReferenceGrant v1alpha2 have been removed.
Please refer to the [Gateway API v1.2.0 documentation](https://github.com/kubernetes-sigs/gateway-api/releases) for more information.
Removed default CPU limit of the Envoy Gateway deployment
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively

# New features or capabilities added in this release.
new features: |
Added support for Gateway-API v1.2.0
Added support for IPv4/IPv6 Dual Stack for Envoy listeners and BackendRef resources
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Added support for EG standalone(host deployment) mode (experimental)
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Added support for JWT claims based Authorization in SecurityPolicy CRD
Added support for Direct Response in HTTPRouteFilter CRD
Added support for Response Override in BackendTrafficPolicy CRD
Added support for RequestTimeout in BackendTrafficPolicy CRD
Added support for inverting header matches for rate limit in BackendTrafficPolicy CRD
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Added support for client TLS session resumption in ClientTrafficPolicy CRD
Added support for HTTPRouteFilter and path regex rewrite
Added support for host header rewrite in HTTPRouteFilter CRD
Added support for Listener Access Log in EnvoyProxy CRD
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Added support for Datadog tracing support in EnvoyProxy CRD
Added support for request response sizes stats in EnvoyProxy CRD
Added support for modifying container SecurityContext for Envoy Gateway deployment in Helm
Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD
Added support for match conditions for access log in EnvoyProxy CRD
Added support for using BackendCluster to represent OIDCProvider
Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD
Added support for sharing token cookies between multiple domains in SecurityPolicy CRD
Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD
Added support for LB priority for non xRoute endpoints
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD
Added support for early request header mutation in the ClientTrafficPolicy CRD
Added support for JsonPath in the EnvoyPatchPolicy CRD
Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD
Added support for cluster settings for non xRoute-generated backend refs
Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD
Added support for http2 upstream settings in BackendTrafficPolicy CRD
Added support for DNS resolution settings in BackendTrafficPolicy CRD
Added support for configuring service annotations in the Envoy Gateway helm chart
Added support for configuring priorityClassName to Envoy Gateway helm chart
Added support for ratelimit metrics monitoring in grafana in the addons helm chart
Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart
Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart
Added support for configuring NodeSelector in the Envoy Gateway helm chart
Added support for nonce in the OIDC auth flow
Added support for choosing an HTTPRoute's non-wildcard hostname as the default Host
Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails
Added support for returning 500 when SecurityPolicy translation fails
Added support for multiple backendRefs for ExtAuth and ExtProc
Added support for session persistence in HTTPRoute rules
Added support for the Backend resource for ExtAuth
Added support for target selectors on Envoy Gateway Extension Server policies
Added support for non-Kubernetes Backends for TLSRoute
Added support for fallback to the Backend API
Added support for reloadable EnvoyGateway configuration
Added support for adding Labels to the Envoy Service
Added support for custom name for ratelimit deployment
Added default SecurityContext for EG components
Added startupProbe to all provisioned containers
Added support for local validations for egctl translate and file provider
Added support for egctl x collect to collect information from the cluster for debugging
Added support for a native prometheus metrics endpoint in the ratelimit server

# Fixes for bugs identified in previous versions.
bug fixes: |
Fixed xDS translation failed when wasm http code source configured without sha
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed xDS translation failing when the WASM HTTP code source was configured without an SHA.

Fixed unsupported listener protocol type causing an error while updating Gateway Status
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed some status updates were being discarded by the status updater
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed Gateway crash adding BackendTLSPolicy to External Backend of an HTTPRoute
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors
Fixed JSONPath not correctly translated to JSONPatch paths
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed allow empty slowStart when using LeastRequest
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed Backends which should be rejected are still used as an HTTPRoute's destination
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed losing timeout settings that originate from the route when translating the backend traffic policy
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed Backend resources don't get status updates
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed Active Health check requires expectedStatuses field to work
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed HTTPHeaderFilter processing doesn't correctly support multiple header values
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed multiple reference grants in same namespace
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed upstream get unwanted /.
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed creation of SecurityPolicy with targetSelectors fails
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed wrong gateway is chosen as HTTPRoute parent
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed override issue for EEP
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed nil pointer err translating hash load balancing
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed ratelimit does not work across multiple GatewayClasses
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed upstream mTLS only works for HTTPS listeners
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not
Fixed empty connection limit causes xDS rejection
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed ratelimit not working with both headers and cidr matches
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed EDS didn't update when deployments was created after services
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I dont remember this issue, which one is this

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I probably changed the original description so I can't find it either.

Fixed RBAC issue for deleting infrastructure resources
Fixed customized infrastructure resources not being deleted
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed Gateways never become ready/programmed when running Envoy as a Daemonset
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed Ratelimit Deployment ignoring pod labels and annotation merge
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed the API Server receives unnecessary requests
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed terminating envoy pods don't respond with "Connection: close" (H1) or GOAWAY(H2) on shutdown, switch to an immediate drain strategy
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed ratelimit statsd not working
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed not generating selector of deployment/daemonset based on the custom label configuration of EnvoyProxy
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed egctl experimental translate using a wrong ns
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed egctl experimental translate using an incorrect namespace.

Fixed reconcile not triggered for Secret updates referenced by a BackendTLSPolicy
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed reconciliation not being triggered for Secret updates referenced by a BackendTLSPolicy.

Fixed Route with multiple parents has incorrect namespace in parentRef status
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed Route with multiple parents having an incorrect namespace in the parentRef status

Fixed only log endpoint configuration in verbose logging mode (`-v 4` or higher)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lets move this to breaking change - Xds and Infra IR logs are logged at Debug level instead of Info level. They will now not be seen by default in Envoy Gateway logs. You can change the logging level to default: debug to view them.

Fixed the xDS translation failed when wasm http code source configured without a sha
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed xDS translation failure when WASM HTTP code source was configured without an SHA.

Fixed HTTPRoute status only shows one parent when targeting multiple Gateways from different GatewayClasses
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed Route with multiple parents has incorrect namespace in parentRef status
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed BackendTlsPolicy specify multiple targetRefs of the same service, only one will work
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed Helm chart fails for Flux HelmRelease
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved

# Enhancements that improve performance.
performance improvements: |
Fixed repeated resources and optimize memory usage
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved

# Other notable changes not covered by the above sections.
Other changes: |
Upgraded Envoy to v1.32.1
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Reduced the amount of configuration logging, and make it line-delimited friendly
Made watching alpha CRDs optional, so that gateway-api upgrade don't break envoy gateway
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Removed grafana test framework from the addons helm chart
Disabled ALPN for non-HTTP routes
Added statPrefix for HCM and TCPProxy
Enabled GatewayHTTPListenerIsolation conformance test
Enabled GRPC conformance profile
Enabled HTTPRouteBackendRequestHeaderModifier conformance test
Added e2e test for Daemonset mode
Updated upgrades tests to use VERSION env variable
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed OVS scanner wrong license warnings
Added e2e test for Gateway with EnvoyProxy
Added e2e test for TLS session resumption
Added heap profile into benchmark report
Added e2e test for RecomputeRoute in ExtAuth
Added benchmark memory profiles into report
Fixed flaky gateway_with_conflicted_listener_cannot_be_merged e2e test
Fixed flaky Zipkin Tracing e2e test
Added e2e test for cookie based consistent hash load balancing
Added e2e test for load balancing
Fixed flaky authorization tests
Enabled upgrade test
Fixed flaky basic auth e2e test
Enabled use-client-protocol e2e test
Added performance benchmarking test for 1000 HTTPRoutes
Added e2e test for Datadog tracing
Added e2e tests for ratelimit invert matching headers
Reduced readinessProbe failureThreshold and periodSeconds
Bumped go-control-plane to v0.13.1
Enabled e2e tests for dual stack
Set ignore_health_on_host_removal to true for clusters with static endpoints
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Use grafana alloy instead of fluent-bit in the addons helm chart for log forwarding
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
150 changes: 150 additions & 0 deletions site/content/en/news/releases/notes/v1.2.0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,150 @@
---
title: "v1.2.0"
publishdate: 2024-11-06
---

Date: November 6, 2024

## Breaking changes
- Gateway API GRPCRoute and ReferenceGrant v1alpha2 have been removed.
- Please refer to the [Gateway API v1.2.0 documentation](https://github.com/kubernetes-sigs/gateway-api/releases) for more information.
- Removed default CPU limit of the Envoy Gateway deployment
- Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively

## New features
- Added support for Gateway-API v1.2.0
- Added support for IPv4/IPv6 Dual Stack for Envoy listeners and BackendRef resources
- Added support for EG standalone(host deployment) mode (experimental)
- Added support for JWT claims based Authorization in SecurityPolicy CRD
- Added support for Direct Response in HTTPRouteFilter CRD
- Added support for Response Override in BackendTrafficPolicy CRD
- Added support for RequestTimeout in BackendTrafficPolicy CRD
- Added support for inverting header matches for rate limit in BackendTrafficPolicy CRD
- Added support for client TLS session resumption in ClientTrafficPolicy CRD
- Added support for HTTPRouteFilter and path regex rewrite
- Added support for host header rewrite in HTTPRouteFilter CRD
- Added support for Listener Access Log in EnvoyProxy CRD
- Added support for Datadog tracing support in EnvoyProxy CRD
- Added support for request response sizes stats in EnvoyProxy CRD
- Added support for modifying container SecurityContext for Envoy Gateway deployment in Helm
- Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD
- Added support for match conditions for access log in EnvoyProxy CRD
- Added support for using BackendCluster to represent OIDCProvider
- Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD
- Added support for sharing token cookies between multiple domains in SecurityPolicy CRD
- Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD
- Added support for LB priority for non xRoute endpoints
- Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD
- Added support for early request header mutation in the ClientTrafficPolicy CRD
- Added support for JsonPath in the EnvoyPatchPolicy CRD
- Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD
- Added support for cluster settings for non xRoute-generated backend refs
- Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD
- Added support for http2 upstream settings in BackendTrafficPolicy CRD
- Added support for DNS resolution settings in BackendTrafficPolicy CRD
- Added support for configuring service annotations in the Envoy Gateway helm chart
- Added support for configuring priorityClassName to Envoy Gateway helm chart
- Added support for ratelimit metrics monitoring in grafana in the addons helm chart
- Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart
- Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart
- Added support for configuring NodeSelector in the Envoy Gateway helm chart
- Added support for nonce in the OIDC auth flow
- Added support for choosing an HTTPRoute's non-wildcard hostname as the default Host
- Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails
- Added support for returning 500 when SecurityPolicy translation fails
- Added support for multiple backendRefs for ExtAuth and ExtProc
- Added support for session persistence in HTTPRoute rules
- Added support for the Backend resource for ExtAuth
- Added support for target selectors on Envoy Gateway Extension Server policies
- Added support for non-Kubernetes Backends for TLSRoute
- Added support for fallback to the Backend API
- Added support for reloadable EnvoyGateway configuration
- Added support for adding Labels to the Envoy Service
- Added support for custom name for ratelimit deployment
- Added default SecurityContext for EG components
- Added startupProbe to all provisioned containers
- Added support for local validations for egctl translate and file provider
- Added support for egctl x collect to collect information from the cluster for debugging
- Added support for a native prometheus metrics endpoint in the ratelimit server

## Bug fixes
- Fixed xDS translation failed when wasm http code source configured without sha
- Fixed unsupported listener protocol type causing an error while updating Gateway Status
- Fixed some status updates were being discarded by the status updater
- Fixed Gateway crash adding BackendTLSPolicy to External Backend of an HTTPRoute
- Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors
- Fixed JSONPath not correctly translated to JSONPatch paths
- Fixed allow empty slowStart when using LeastRequest
- Fixed Backends which should be rejected are still used as an HTTPRoute's destination
- Fixed losing timeout settings that originate from the route when translating the backend traffic policy
- Fixed Backend resources don't get status updates
- Fixed Active Health check requires expectedStatuses field to work
- Fixed HTTPHeaderFilter processing doesn't correctly support multiple header values
- Fixed multiple reference grants in same namespace
- Fixed upstream get unwanted /.
- Fixed creation of SecurityPolicy with targetSelectors fails
- Fixed wrong gateway is chosen as HTTPRoute parent
- Fixed override issue for EEP
- Fixed nil pointer err translating hash load balancing
- Fixed ratelimit does not work across multiple GatewayClasses
- Fixed upstream mTLS only works for HTTPS listeners
- Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not
- Fixed empty connection limit causes xDS rejection
- Fixed ratelimit not working with both headers and cidr matches
- Fixed EDS didn't update when deployments was created after services
- Fixed RBAC issue for deleting infrastructure resources
- Fixed customized infrastructure resources not being deleted
- Fixed Gateways never become ready/programmed when running Envoy as a Daemonset
- Fixed Ratelimit Deployment ignoring pod labels and annotation merge
- Fixed the API Server receives unnecessary requests
- Fixed terminating envoy pods don't respond with "Connection: close" (H1) or GOAWAY(H2) on shutdown, switch to an immediate drain strategy
- Fixed ratelimit statsd not working
- Fixed not generating selector of deployment/daemonset based on the custom label configuration of EnvoyProxy
- Fixed egctl experimental translate using a wrong ns
- Fixed reconcile not triggered for Secret updates referenced by a BackendTLSPolicy
- Fixed Route with multiple parents has incorrect namespace in parentRef status
- Fixed only log endpoint configuration in verbose logging mode (`-v 4` or higher)
- Fixed the xDS translation failed when wasm http code source configured without a sha
- Fixed HTTPRoute status only shows one parent when targeting multiple Gateways from different GatewayClasses
- Fixed Route with multiple parents has incorrect namespace in parentRef status
- Fixed BackendTlsPolicy specify multiple targetRefs of the same service, only one will work
- Fixed Helm chart fails for Flux HelmRelease

## Performance improvements
- Fixed repeated resources and optimize memory usage

## Other changes
- Upgraded Envoy to v1.32.1
- Reduced the amount of configuration logging, and make it line-delimited friendly
- Made watching alpha CRDs optional, so that gateway-api upgrade don't break envoy gateway
- Removed grafana test framework from the addons helm chart
- Disabled ALPN for non-HTTP routes
- Added statPrefix for HCM and TCPProxy
- Enabled GatewayHTTPListenerIsolation conformance test
- Enabled GRPC conformance profile
- Enabled HTTPRouteBackendRequestHeaderModifier conformance test
- Added e2e test for Daemonset mode
- Updated upgrades tests to use VERSION env variable
- Fixed OVS scanner wrong license warnings
- Added e2e test for Gateway with EnvoyProxy
- Added e2e test for TLS session resumption
- Added heap profile into benchmark report
- Added e2e test for RecomputeRoute in ExtAuth
- Added benchmark memory profiles into report
- Fixed flaky gateway_with_conflicted_listener_cannot_be_merged e2e test
- Fixed flaky Zipkin Tracing e2e test
- Added e2e test for cookie based consistent hash load balancing
- Added e2e test for load balancing
- Fixed flaky authorization tests
- Enabled upgrade test
- Fixed flaky basic auth e2e test
- Enabled use-client-protocol e2e test
- Added performance benchmarking test for 1000 HTTPRoutes
- Added e2e test for Datadog tracing
- Added e2e tests for ratelimit invert matching headers
- Reduced readinessProbe failureThreshold and periodSeconds
- Bumped go-control-plane to v0.13.1
- Enabled e2e tests for dual stack
- Set ignore_health_on_host_removal to true for clusters with static endpoints
- Use grafana alloy instead of fluent-bit in the addons helm chart for log forwarding