envoyproxy · zhaohuabing · Nov 6, 2024 · Nov 6, 2024 · Nov 6, 2024 · Nov 6, 2024
@@ -10,16 +10,11 @@ security updates: |
 
 # New features or capabilities added in this release.
 new features: |
-  Add support for modifying container securityContext for Envoy Gateway deployment in Helm
+  Add a new feature here
 
 # Fixes for bugs identified in previous versions.
 bug fixes: |
-  Only log endpoint configuration in verbose logging mode (`-v 4` or higher)
-  The xDS translation failed when wasm http code source configured without a sha
-  HTTPRoute status only shows one parent when targeting multiple Gateways from different GatewayClasses
-  Route with multiple parents has incorrect namespace in parentRef status
-  BackendTlsPolicy specify multiple targetRefs of the same service, only one will work
-  Helm chart fails for Flux HelmRelease
+  Add a bug fix here
 
 # Enhancements that improve performance.
 performance improvements: |

@@ -0,0 +1,149 @@
+date: November 6, 2024
+
+# Changes that are expected to cause an incompatibility with previous versions, such as deletions or modifications to existing APIs.
+breaking changes: |
+  Gateway API GRPCRoute and ReferenceGrant v1alpha2 have been removed.
+  Please refer to the [Gateway API v1.2.0 documentation](https://github.com/kubernetes-sigs/gateway-api/releases) for more information.
+  Removed default CPU limit of the Envoy Gateway deployment
+  Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively
+
+# New features or capabilities added in this release.
+new features: |
+  Added support for Gateway-API v1.2.0
+  Added support for IPv4/IPv6 Dual Stack for EnvoyProxy fleet and BackendRef resources
+  Added experimental support for EG standalone(host deployment) mode.
+  Added support for JWT claims based Authorization in SecurityPolicy CRD
+  Added support for Direct Response in HTTPRouteFilter CRD
+  Added support for Response Override in BackendTrafficPolicy CRD
+  Added support for RequestTimeout in BackendTrafficPolicy CRD
+  Added support for inverting header matches for Rate Limit in BackendTrafficPolicy CRD
+  Added support for client TLS session resumption in ClientTrafficPolicy CRD
+  Added support for HTTPRouteFilter and path regex rewrite
+  Added support for host header rewrite in HTTPRouteFilter CRD
+  Added support for Listener Access Log in EnvoyProxy CRD
+  Added support for Datadog tracing support in EnvoyProxy CRD
+  Added support for request response sizes stats in EnvoyProxy CRD
+  Added support for modifying container SecurityContext for Envoy Gateway deployment in Helm
+  Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD
+  Added support for match conditions for access log in EnvoyProxy CRD
+  Added support for using BackendCluster to represent OIDCProvider
+  Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD
+  Added support for sharing token cookies between multiple domains in SecurityPolicy CRD
+  Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD
+  Added support for LB priority for non xRoute endpoints
+  Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD
+  Added support for early request header mutation in the ClientTrafficPolicy CRD
+  Added support for JsonPath in the EnvoyPatchPolicy CRD
+  Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD
+  Added support for cluster settings for non xRoute-generated backend refs
+  Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD
+  Added support for http2 upstream settings in BackendTrafficPolicy CRD
+  Added support for DNS resolution settings in BackendTrafficPolicy CRD
+  Added support for configuring service annotations in the Envoy Gateway helm chart
+  Added support for configuring priorityClassName to Envoy Gateway helm chart
+  Added support for ratelimit metrics monitoring in grafana in the addons helm chart
+  Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart
+  Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart
+  Added support for configuring NodeSelector in the Envoy Gateway helm chart
+  Added support for nonce in the OIDC auth flow
+  Added support for choosing an HTTPRoute's non-wildcard hostname as the default Host
+  Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails
+  Added support for returning 500 when SecurityPolicy translation fails
+  Added support for multiple backendRefs for ExtAuth and ExtProc
+  Added support for session persistence in HTTPRoute rules
+  Added support for the Backend resource for ExtAuth
+  Added support for target selectors on Envoy Gateway Extension Server policies
+  Added support for non-Kubernetes Backends for TLSRoute
+  Added support for fallback to the Backend API
+  Added support for reloadable EnvoyGateway configuration
+  Added support for adding Labels to the Envoy Service
+  Added support for custom name for ratelimit deployment
+  Added default SecurityContext for EG components
+  Added startupProbe to all provisioned containers
+  Added support for local validations for egctl translate and file provider
+  Added support for egctl x collect to collect information from the cluster for debugging
+  Added support for a native prometheus metrics endpoint in the ratelimit server
+
+# Fixes for bugs identified in previous versions.
+bug fixes: |
+  Fixed xDS translation failed when wasm http code source configured without sha
+  Fixed unsupported listener protocol type causing an error while updating Gateway Status
+  Fixed some status updates were being discarded by the status updater
+  Fixed Gateway crash adding BackendTLSPolicy to External Backend of an HTTPRoute
+  Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors
+  Fixed JSONPath not correctly translated to JSONPatch paths
+  Fixed allow empty slowStart when using LeastRequest
+  Fixed Backends which should be rejected are still used as an HTTPRoute's destination
+  Fixed losing timeout settings that originate from the route when translating the backend traffic policy
+  Fixed Backend resources don't get status updates
+  Fixed Active Health check requires expectedStatuses field to work
+  Fixed HTTPHeaderFilter processing doesn't correctly support multiple header values
+  Fixed multiple reference grants in same namespace
+  Fixed upstream get unwanted /.
+  Fixed creation of SecurityPolicy with targetSelectors fails
+  Fixed wrong gateway is chosen as HTTPRoute parent
+  Fixed override issue for EEP
+  Fixed nil pointer err translating hash load balancing
+  Fixed ratelimit does not work across multiple GatewayClasses
+  Fixed upstream mTLS only works for HTTPS listeners
+  Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not
+  Fixed empty connection limit causes xDS rejection
+  Fixed ratelimit not working with both headers and cidr matches
+  Fixed EDS didn't update when deployments was created after services
+  Fixed RBAC issue for deleting infrastructure resources
+  Fixed customized infrastructure resources not being deleted
+  Fixed Gateways never become ready/programmed when running Envoy as a Daemonset
+  Fixed Ratelimit Deployment ignoring pod labels and annotation merge
+  Fixed the API Server receives unnecessary requests
+  Fixed terminating envoy pods don't respond with "Connection: close" (H1) or GOAWAY(H2) on shutdown, switch to an immediate drain strategy
+  Fixed ratelimit statsd not working
+  Fixed not generating selector of deployment/daemonset based on the custom label configuration of EnvoyProxy
+  Fixed egctl experimental translate using a wrong ns
+  Fixed reconcile not triggered for Secret updates referenced by a BackendTLSPolicy
+  Fixed Route with multiple parents has incorrect namespace in parentRef status
+  Fixed only log endpoint configuration in verbose logging mode (`-v 4` or higher)
+  Fixed the xDS translation failed when wasm http code source configured without a sha
+  Fixed HTTPRoute status only shows one parent when targeting multiple Gateways from different GatewayClasses
+  Fixed Route with multiple parents has incorrect namespace in parentRef status
+  Fixed BackendTlsPolicy specify multiple targetRefs of the same service, only one will work
+  Fixed Helm chart fails for Flux HelmRelease
+
+# Enhancements that improve performance.
+performance improvements: |
+  Fixed repeated resources and optimize memory usage
+
+# Other notable changes not covered by the above sections.
+Other changes: |
+  Upgraded Envoy to v1.32.1
+  Reduced the amount of configuration logging, and make it line-delimited friendly
+  Made watching alpha CRDs optional, so that gateway-api upgrade don't break envoy gateway
+  Removed grafana test framework from the addons helm chart
+  Disabled ALPN for non-HTTP routes
+  Added statPrefix for HCM and TCPProxy
+  Enabled GatewayHTTPListenerIsolation conformance test
+  Enabled GRPC conformance profile
+  Enabled HTTPRouteBackendRequestHeaderModifier conformance test
+  Added e2e test for Daemonset mode
+  Updated upgrades tests to use VERSION env variable
+  Fixed OVS scanner wrong license warnings
+  Added e2e test for Gateway with EnvoyProxy
+  Added e2e test for TLS session resumption
+  Added heap profile into benchmark report
+  Added e2e test for RecomputeRoute in ExtAuth
+  Added benchmark memory profiles into report
+  Fixed flaky gateway_with_conflicted_listener_cannot_be_merged e2e test
+  Fixed flaky Zipkin Tracing e2e test
+  Added e2e test for cookie based consistent hash load balancing
+  Added e2e test for load balancing
+  Fixed flaky authorization tests
+  Enabled upgrade test
+  Fixed flaky basic auth e2e test
+  Enabled use-client-protocol e2e test
+  Added performance benchmarking test for 1000 HTTPRoutes
+  Added e2e test for Datadog tracing
+  Added e2e tests for ratelimit invert matching headers
+  Reduced readinessProbe failureThreshold and periodSeconds
+  Bumped go-control-plane to v0.13.1
+  Enabled e2e tests for dual stack
+  Set ignore_health_on_host_removal to true for clusters with static endpoints
+  Use grafana alloy instead of fluent-bit for e2e tests
@@ -0,0 +1,79 @@
+---
+title: "v1.2.0"
+publishdate: 2024-11-06
+---
+
+Date: November 6, 2024
+
+---
+# Envoy Gateway v1.2.0 Release Notes
+
+**Release Date:** November 6, 2024
+
+The Envoy Gateway v1.2.0 release is packed with new capabilities focused on dual-stack networking, advanced traffic controls, and enhanced security features. Dive into the latest changes to see how v1.2.0 can help you manage, secure, and scale your API traffic more effectively.
+
+---
+
+## 🚨 Breaking Changes
+- **Removed**: `Gateway API GRPCRoute` and `ReferenceGrant v1alpha2` are no longer supported. [More details in the Gateway API documentation](https://github.com/kubernetes-sigs/gateway-api/releases).
+- **Default CPU Limit**: Removed for the Envoy Gateway deployment.
+- **Envoy Shutdown Settings Updated**:
+  - **Drain Strategy**: Now set to "immediate."
+  - **Default Times**:
+    - `minDrainDuration`: 10s
+    - `drainTimeout`: 60s
+    - `terminationGracePeriodSeconds`: 360s
+
+---
+
+## ✨ New Features
+### Gateway API Enhancements
+- **Support for Gateway-API v1.2.0**: Aligns with the latest API standards.
+
+### Networking & Traffic Management
+- **IPv4/IPv6 Dual Stack Support**: Now available for Envoy listeners and BackendRef resources.
+- **Direct Response in HTTPRouteFilter**: Supports direct responses for custom traffic routing.
+- **RequestTimeout in BackendTrafficPolicy**: Fine-tune request timeouts for backends.
+- **Rate Limit Header Matching**: Adds flexibility with inverted header matches.
+- **Session Persistence in HTTPRoute Rules**: Essential for Gen AI and other stateful applications.
+
+### Security & Authorization
+- **JWT Claims-Based Authorization**: Control access more precisely with claims-based policies.
+- **CORS Configuration**: Wildcard matching for `AllowMethods` and `AllowHeaders`.
+- **Cross-Domain Cookie Sharing**: Enable token cookies across multiple domains for improved SSO support.
+
+### Observability & Tracing
+- **Datadog Tracing**: Native support to enhance distributed tracing insights.
+- **Enhanced Access Logs**: Match conditions now supported for selective logging.
+- **Prometheus Metrics**: Native endpoint added to the rate limit server for detailed monitoring.
+
+### Helm Customization
+- **Container SecurityContext**: Customizable security context for improved deployment security.
+- **NodeSelector and PriorityClassName**: Fine-grained configuration for PodDisruptionBudget, service annotations, and custom pod labeling.
+
+---
+
+## 🐞 Bug Fixes
+- Fixed issues with **xDS translation** for WASM code without SHA.
+- **SecurityPolicy Propagation**: Addressed delays when using targetSelectors.
+- Resolved various **HTTPRoute and BackendTrafficPolicy** inconsistencies, such as handling empty timeout settings, unsupported destinations, and improved multi-backend support.
+
+---
+
+## 🚀 Performance & Improvements
+- **Memory Optimization**: Streamlined resource usage for reduced memory footprint.
+- **Envoy Upgrade**: Updated to Envoy v1.32.1 for added stability.
+- **Improved Logging**: Reduced verbosity and optimized configuration log outputs.
+
+---
+
+## ⚙️ Other Changes
+- Enhanced e2e testing, including performance benchmarks and multi-route scenarios.
+- Added support for **dual-stack conformance testing**.
+- **Optional CRD Watching**: Reduces breakages on Gateway API upgrades.
+
+For a full breakdown of this release, visit the [Gateway API v1.2.0 documentation](https://github.com/kubernetes-sigs/gateway-api/releases).
+
+---
+
+This release takes Envoy Gateway to the next level with robust support for high-demand traffic and enhanced security, observability, and configuration options!
@@ -26,7 +26,7 @@ copy-current-release-docs:  ## Copy the current release docs to the docs folder
 	cp -r $(ROOT_DIR)/site/content/en/$$CURRENT_RELEASE/** $(ROOT_DIR)/site/content/en/docs
 
 .PHONY: docs-release
-docs-release: docs-release-prepare release-notes-docs docs-release-gen docs  ## Generate Envoy Gateway Release Docs
+docs-release: docs-release-prepare docs-release-gen docs  ## Generate Envoy Gateway Release Docs
 
 .PHONY: docs-serve
 docs-serve: copy-current-release-docs ## Start Envoy Gateway Site Locally