Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add release docs for v1.2.0 #4570

Merged
merged 20 commits into from
Nov 6, 2024
Merged
Show file tree
Hide file tree
Changes from 13 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 2 additions & 7 deletions release-notes/current.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,16 +10,11 @@ security updates: |

# New features or capabilities added in this release.
new features: |
Add support for modifying container securityContext for Envoy Gateway deployment in Helm
Add a new feature here

# Fixes for bugs identified in previous versions.
bug fixes: |
Only log endpoint configuration in verbose logging mode (`-v 4` or higher)
The xDS translation failed when wasm http code source configured without a sha
HTTPRoute status only shows one parent when targeting multiple Gateways from different GatewayClasses
Route with multiple parents has incorrect namespace in parentRef status
BackendTlsPolicy specify multiple targetRefs of the same service, only one will work
Helm chart fails for Flux HelmRelease
Add a bug fix here

# Enhancements that improve performance.
performance improvements: |
Expand Down
141 changes: 141 additions & 0 deletions release-notes/v1.2.0.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
date: November 6, 2024

# Changes that are expected to cause an incompatibility with previous versions, such as deletions or modifications to existing APIs.
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
breaking changes: |
Gateway API GRPCRoute and ReferenceGrant v1alpha2 have been removed
Please refer to the [Gateway API v1.2.0 documentation](https://github.com/kubernetes-sigs/gateway-api/releases) for more information
Removed default CPU limit of the Envoy Gateway deployment, to eliminate CPU throttling
Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively
Set ignore_health_on_host_removal to true for clusters with static endpoints This was done to speed up removal of static endpoints by the control plane when active health check is configured
Xds and Infra IR logs are logged at Debug level instead of Info level. They will now not be seen by default in Envoy Gateway logs. You can change the logging level to default: debug to view them

# New features or capabilities added in this release.
new features: |
Added support for Gateway-API v1.2.0
Added support for IPv4/IPv6 Dual Stack for EnvoyProxy fleet and BackendRef resources
Added experimental support for EG standalone(host deployment) mode
Added support for JWT claims based Authorization in SecurityPolicy CRD
Added support for Response Override in BackendTrafficPolicy CRD
Added support for RequestTimeout in BackendTrafficPolicy CRD
Added support for inverting header matches for Rate Limit in BackendTrafficPolicy CRD
Added support for client TLS session resumption in ClientTrafficPolicy CRD
Added support for HTTPRouteFilter and path regex rewrite
Added support for host header rewrite in HTTPRouteFilter CRD
Added support for Listener Access Log in EnvoyProxy CRD
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Added support for Datadog tracing support in EnvoyProxy CRD
Added support for request response sizes stats in EnvoyProxy CRD
Added support for modifying container SecurityContext for Envoy Gateway deployment in Helm
Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD
Added support for match conditions for access log in EnvoyProxy CRD
Added support for using BackendCluster to represent OIDCProvider
Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD
Added support for sharing token cookies between multiple domains in SecurityPolicy CRD
Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD
Added support for Active Passive Failover Backends
Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD
Added support for early request header mutation in the ClientTrafficPolicy CRD
Added support for JsonPath in the EnvoyPatchPolicy CRD
Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD
Added support for cluster settings for non xRoute-generated backend refs
Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD
Added support for http2 upstream settings in BackendTrafficPolicy CRD
Added support for DNS resolution settings in BackendTrafficPolicy CRD
Added support for configuring service annotations in the Envoy Gateway helm chart
Added support for configuring priorityClassName to Envoy Gateway helm chart
Added support for ratelimit metrics monitoring in grafana in the addons helm chart
Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart
Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart
Added support for configuring NodeSelector in the Envoy Gateway helm chart
Added support for nonce in the OIDC auth flow
Added support for choosing an HTTPRoute's non-wildcard hostname as the default Host
Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails
Added support for returning 500 when SecurityPolicy translation fails
Added support for multiple backendRefs for ExtAuth and ExtProc
Added support for session persistence in HTTPRoute rules
Added support for the Backend resource for ExtAuth
Added support for target selectors on Envoy Gateway Extension Server policies
Added support for non-Kubernetes Backends for TLSRoute
Added support for fallback to the Backend API
Added support for reloadable EnvoyGateway configuration
Added support for adding Labels to the Envoy Service
Added support for custom name for ratelimit deployment
Added default SecurityContext for EG components
Added startupProbe to all provisioned containers
Added support for local validations for egctl translate and file provider
Added support for egctl x collect to collect information from the cluster for debugging
Added support for a native prometheus metrics endpoint in the ratelimit server

# Fixes for bugs identified in previous versions.
bug fixes: |
Fixed xDS translation failing when the WASM HTTP code source was configured without an SHA
Fixed unsupported listener protocol types causing errors while updating Gateway status
Fixed unsupported listener protocol types causing errors while updating Gateway status
Fixed invalid sectionName in BackendTLSPolicy for Backend
Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors
Fixed JSONPath not being correctly translated to JSONPatch paths
Fixed allowing an empty slowStart value when using LeastRequest
Fixed Backends which should be rejected are still used as an HTTPRoute's destination
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed timeout settings originating from the route being lost when translating the backend traffic policy
Fixed Backend resources not receiving status updates
Fixed active health checks requiring the expectedStatuses field to function correctly
Fixed HTTPHeaderFilter processing not correctly supporting multiple header values
Fixed reconciling multiple ReferenceGrants within the same namespace
Fixed unwanted / appearing in the Path when using Prefix Rewrites
Fixed incorrect gateway being selected as the HTTPRoute parent
Fixed override issues for EnvoyExtensionPolicy
Fixed nil pointer error when translating hash load balancing
Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not
Fixed empty connection limits causing xDS rejection
Fixed rate limiting not working with both headers and CIDR matches
Fixed EDS not updating when deployments were created after services
Fixed RBAC issue for deleting infrastructure resources
Fixed gateways never reaching ready/programmed status when running Envoy as a Daemonset
Fixed rate limit deployment ignoring pod labels and annotation merges
Fixed the API Server receives unnecessary requests
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed terminating envoy pods don't respond with "Connection: close" (H1) or GOAWAY(H2) on shutdown, switch to an immediate drain strategy
zhaohuabing marked this conversation as resolved.
Show resolved Hide resolved
Fixed egctl experimental translate using an incorrect namespace
Fixed reconciliation not being triggered for Secret updates referenced by a BackendTLSPolicy
Fixed xDS translation failure when WASM HTTP code source was configured without an SHA
Fixed HTTPRoute status displaying only one parent when targeting multiple gateways from different GatewayClasses
Fixed Route with multiple parents having an incorrect namespace in the parentRef status
Fixed BackendTlsPolicy specifying multiple targetRefs for the same service, to work

# Enhancements that improve performance.
performance improvements: |
Optimize memory usage by only storing distinct resources

# Other notable changes not covered by the above sections.
Other changes: |
Upgraded Envoy Proxy to v1.32.1
Reduced the amount of configuration logging, and make it line-delimited friendly
Made watching alpha CRDs optional, so that Envoy Gateway can run with older Gateway Api versions
Removed grafana test framework from the addons helm chart
Disabled ALPN for non-HTTP routes
Added statPrefix for HCM and TCPProxy
Enabled GatewayHTTPListenerIsolation conformance test
Enabled GRPC conformance profile
Enabled HTTPRouteBackendRequestHeaderModifier conformance test
Added e2e test for Daemonset mode
Fixed OVS scanner wrong license warnings
Added e2e test for Gateway with EnvoyProxy
Added e2e test for TLS session resumption
Added heap profile into benchmark report
Added e2e test for RecomputeRoute in ExtAuth
Added benchmark memory profiles into report
Fixed flaky gateway_with_conflicted_listener_cannot_be_merged e2e test
Fixed flaky Zipkin Tracing e2e test
Added e2e test for cookie based consistent hash load balancing
Added e2e test for load balancing
Fixed flaky authorization tests
Enabled upgrade test
Fixed flaky basic auth e2e test
Enabled use-client-protocol e2e test
Added performance benchmarking test for 1000 HTTPRoutes
Added e2e test for Datadog tracing
Added e2e tests for ratelimit invert matching headers
Reduced readinessProbe failureThreshold and periodSeconds
Bumped go-control-plane to v0.13.1
Enabled e2e tests for dual stack
Use grafana alloy instead of fluent-bit for e2e tests
Push tags without the v prefix for helm charts to support Flux HelmReleases
Use a stable label selector when creating Envoy Proxy fleet pods
78 changes: 78 additions & 0 deletions site/content/en/news/releases/notes/v1.2.0.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
---
title: "v1.2.0"
publishdate: 2024-11-06
---


---
# Envoy Gateway v1.2.0 Release Notes

**Release Date:** November 6, 2024

The Envoy Gateway v1.2.0 release is packed with new capabilities focused on dual-stack networking, advanced traffic controls, and enhanced security features. Dive into the latest changes to see how v1.2.0 can help you manage, secure, and scale your API traffic more effectively.

---

## 🚨 Breaking Changes
- **Removed**: `Gateway API GRPCRoute` and `ReferenceGrant v1alpha2` are no longer supported. [More details in the Gateway API documentation](https://github.com/kubernetes-sigs/gateway-api/releases).
- **Default CPU Limit**: Removed for the Envoy Gateway deployment.
- **Envoy Shutdown Settings Updated**:
- **Drain Strategy**: Now set to "immediate."
- **Default Times**:
- `minDrainDuration`: 10s
- `drainTimeout`: 60s
- `terminationGracePeriodSeconds`: 360s

---

## ✨ New Features
### Gateway API Enhancements
- **Support for Gateway-API v1.2.0**: Aligns with the latest API standards.

### Networking & Traffic Management
- **IPv4/IPv6 Dual Stack Support**: Now available for Envoy listeners and BackendRef resources.
- **Direct Response in HTTPRouteFilter**: Supports direct responses for custom traffic routing.
- **RequestTimeout in BackendTrafficPolicy**: Fine-tune request timeouts for backends.
- **Rate Limit Header Matching**: Adds flexibility with inverted header matches.
- **Session Persistence in HTTPRoute Rules**: Essential for Gen AI and other stateful applications.

### Security & Authorization
- **JWT Claims-Based Authorization**: Control access more precisely with claims-based policies.
- **CORS Configuration**: Wildcard matching for `AllowMethods` and `AllowHeaders`.
- **Cross-Domain Cookie Sharing**: Enable token cookies across multiple domains for improved SSO support.

### Observability & Tracing
- **Datadog Tracing**: Native support to enhance distributed tracing insights.
- **Enhanced Access Logs**: Match conditions now supported for selective logging.
- **Prometheus Metrics**: Native endpoint added to the rate limit server for detailed monitoring.

### Helm Customization
- **Container SecurityContext**: Customizable security context for improved deployment security.
- **NodeSelector and PriorityClassName**: Fine-grained configuration for PodDisruptionBudget, service annotations, and custom pod labeling.

---

## 🐞 Bug Fixes
- Fixed issues with **xDS translation** for WASM code without SHA.
- **SecurityPolicy Propagation**: Addressed delays when using targetSelectors.
- Resolved various **HTTPRoute and BackendTrafficPolicy** inconsistencies, such as handling empty timeout settings, unsupported destinations, and improved multi-backend support.

---

## 🚀 Performance & Improvements
- **Memory Optimization**: Streamlined resource usage for reduced memory footprint.
- **Envoy Upgrade**: Updated to Envoy v1.32.1 for added stability.
- **Improved Logging**: Reduced verbosity and optimized configuration log outputs.

---

## ⚙️ Other Changes
- Enhanced e2e testing, including performance benchmarks and multi-route scenarios.
- Added support for **dual-stack conformance testing**.
- **Optional CRD Watching**: Reduces breakages on Gateway API upgrades.

For a full breakdown of this release, visit the [Gateway API v1.2.0 documentation](https://github.com/kubernetes-sigs/gateway-api/releases).

---

This release takes Envoy Gateway to the next level with robust support for high-demand traffic and enhanced security, observability, and configuration options!
2 changes: 1 addition & 1 deletion tools/make/common.mk
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,7 @@ export USAGE_OPTIONS

.PHONY: generate
generate: ## Generate go code from templates and tags
generate: kube-generate docs-api helm-generate go.generate release-notes-docs copy-current-release-docs
generate: kube-generate docs-api helm-generate go.generate copy-current-release-docs

## help: Show this help info.
.PHONY: help
Expand Down
2 changes: 1 addition & 1 deletion tools/make/docs.mk
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ copy-current-release-docs: ## Copy the current release docs to the docs folder
cp -r $(ROOT_DIR)/site/content/en/$$CURRENT_RELEASE/** $(ROOT_DIR)/site/content/en/docs

.PHONY: docs-release
docs-release: docs-release-prepare release-notes-docs docs-release-gen docs ## Generate Envoy Gateway Release Docs
docs-release: docs-release-prepare docs-release-gen docs ## Generate Envoy Gateway Release Docs

.PHONY: docs-serve
docs-serve: copy-current-release-docs ## Start Envoy Gateway Site Locally
Expand Down