Gloo Edge Enterprise


Changelog

v1.8

v1.8.0-beta3 (Uses Gloo Edge OSS v1.8.0-beta11)

New Features

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.8.0-beta10.

  • (From OSS v1.8.0-beta10) envoy-gloo/solo-io has been upgraded to v1.19.0-rc1.

  • (From OSS v1.8.0-beta9) golang/go has been upgraded to v1.16.3.

Helm Changes

v1.8.0-beta2 (Uses Gloo Edge OSS v1.8.0-beta8)

New Features

  • Introduce a readinessProbe on the rate limit deployment, ensuring that the rate limit pod is not marked as ready until it has received Gloo configuration. We had previously relied on envoy health checks, so this protects agains the edge case where k8s terminates a pod, and we dont want to direct traffic to the new one, until it has received configuration. (https://github.com/solo-io/gloo/issues/2549)

  • Support added for nested claims in JWTs claimToHeader setting. (https://github.com/solo-io/gloo/issues/3107)

Fixes

Dependency Bumps

  • envoy-gloo-ee/solo-io has been upgraded to v1.18.0.

  • golang/go has been upgraded to v1.16.3.

  • solo-io/gloo has been upgraded to v1.8.0-beta3.

  • solo-io/solo-apis has been upgraded to v0.0.0-20210405184923-dcd5cae33238.

  • (From OSS v1.8.0-beta8) envoy-gloo/solo-io has been upgraded to v1.18.0.

Helm Changes

v1.8.0-beta1

New Features

  • Add a new user_id_attribute_name attribute to the AccessTokenValidation API through which users can optionally select which attribute in an OAuth2.0 token introspection response contains the ID of the resource owner. The external auth server can then emit the user ID either as a header, as dynamic metadata, or both. (https://github.com/solo-io/gloo/issues/4505)

  • Allow the user to define behaviors for when a token is provided with a key ID that is not contained in the local JWKS cache. (https://github.com/solo-io/gloo/issues/4507)

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.8.0-beta2.

  • solo-io/go-utils has been upgraded to v0.21.3.

  • solo-io/ext-auth-service has been upgraded to v0.14.0.

  • solo-io/ext-auth-service has been upgraded to v0.15.0.

Helm Changes

v1.7

v1.7.5 (Uses Gloo Edge OSS v1.7.3)

Fixes

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.14.2.
v1.7.4 (Uses Gloo Edge OSS v1.7.3)

Fixes

v1.7.3 (Uses Gloo Edge OSS v1.7.3)

New Features

Fixes

Dependency Bumps

  • gloo/solo-io has been upgraded to v1.7.3.

Helm Changes

v1.7.2 (Uses Gloo Edge OSS v1.7.2)

Fixes

Dependency Bumps

  • envoy-gloo-ee/solo-io has been upgraded to v1.18.0.

  • (From OSS v1.7.2) envoy-gloo/solo-io has been upgraded to v1.18.0.

v1.7.1 (Uses Gloo Edge OSS v1.7.1)

Fixes

Dependency Bumps

  • golang/go has been upgraded to v1.16.

Helm Changes

v1.7.0 (Uses Gloo Edge OSS v1.7.0)

New Features

  • Add a new user_id_attribute_name attribute to the AccessTokenValidation API through which users can optionally select which attribute in an OAuth2.0 token introspection response contains the ID of the resource owner. The external auth server can then emit the user ID either as a header, as dynamic metadata, or both. (https://github.com/solo-io/gloo/issues/4505)

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.7.0.

  • solo-io/solo-apis has been upgraded to gloo-v1.7.0.

  • solo-io/go-utils has been upgraded to v0.21.3.

  • solo-io/ext-auth-service has been upgraded to v0.14.1.

Helm Changes

Breaking Changes

v1.7.0-rc2 (Uses Gloo Edge OSS v1.7.0-rc1)
  • This release contained no user-facing changes.
v1.7.0-rc1
  • This release build failed.

New Features

  • Introduce a readinessProbe on the ext auth deployment, ensuring that the extauth pod is not marked as ready until it has received Gloo configuration. We had previously relied on envoy health checks, so this protects agains the edge case where k8s terminates a pod, and we dont want to direct traffic to the new one, until it has received configuration. (https://github.com/solo-io/gloo/issues/2549)

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.7.0-rc1.

  • linux/alpine has been upgraded to v3.12.1.

Breaking Changes

v1.7.0-beta15 (Uses Gloo Edge OSS v1.7.0-beta32)

Fixes

  • Allow set-style rules to omit rate limits, similar to envoy style API. (https://github.com/solo-io/gloo/issues/4279)

  • Expose a discovery_poll_interval which controls interval at which OIDC configuration is discovered at /.well-known/openid-configuration. The default value is 30 minutes. (https://github.com/solo-io/gloo/issues/4470)

  • Fix possible cache key collisions, by changing the way the cache key is generated for rate limit rules and requests in redis/dynamodb. A side affect of this change is that upgrading this will change the cache keys under the covers, thus any long rate limits (i.e. per day / hour) will be effectively reset upon upgrade. Further, a couple characters are now disallowed in rate limit rules, namely the pipe character, back tic, and caret. (https://github.com/solo-io/gloo/issues/3801)

Dependency Bumps

  • solo-io/rate-limiter has been upgraded to v0.3.1.

  • solo-io/rate-limiter has been upgraded to v0.3.2.

  • solo-io/gloo has been upgraded to v1.7.0-beta32.

  • solo-io/solo-apis has been upgraded to gloo-v1.7.0-beta32.

  • solo-io/ext-auth-service has been upgraded to v0.13.0.

  • solo-io/go-utils has been upgraded to v0.21.0.

  • solo-io/k8s-utils has been upgraded to v0.0.7.

  • (From OSS v1.7.0-beta31) linux/alpine has been upgraded to v3.13.2.

  • (From OSS v1.7.0-beta30) solo-io/k8s-utils has been upgraded to v0.0.7.

  • (From OSS v1.7.0-beta30) solo-io/go-utils has been upgraded to v0.21.0.

Helm Changes

Breaking Changes

v1.7.0-beta14 (Uses Gloo Edge OSS v1.7.0-beta29)

New Features

Fixes

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.12.0.

  • solo-io/solo-kit has been upgraded to v0.18.2.

  • solo-io/solo-apis has been upgraded to gloo-v1.7.0-beta29.

  • solo-io/gloo has been upgraded to v1.7.0-beta29.

  • (From OSS v1.7.0-beta29) solo-io/solo-kit has been upgraded to v0.18.2.

Helm Changes

v1.7.0-beta13 (Uses Gloo Edge OSS v1.7.0-beta26)
  • This release contained no user-facing changes.
v1.7.0-beta12 (Uses Gloo Edge OSS v1.7.0-beta26)

New Features

Fixes

Dependency Bumps

  • solo-io/envoy-gloo-ee has been upgraded to v1.18.0-rc3.

  • solo-io/ext-auth-service has been upgraded to v0.10.3.

  • solo-io/ext-auth-service has been upgraded to v0.11.2.

  • solo-io/ext-auth-service has been upgraded to v0.11.3.

  • solo-io/gloo has been upgraded to v1.7.0-beta25.

  • solo-io/solo-apis has been upgraded to v0.0.0-20210301203230-7f9c5f2a7536.

  • solo-io/gloo has been upgraded to v1.7.0-beta24.

  • solo-io/ext-auth-service has been upgraded to v0.11.1.

  • solo-io/gloo has been upgraded to v1.7.0-beta23.

  • solo-io/solo-apis has been upgraded to gloo-v1.7.0-beta23.

  • solo-io/solo-kit has been upgraded to v0.18.0.

  • solo-io/ext-auth-service has been upgraded to v0.10.2.

  • (From OSS v1.7.0-beta26) solo-io/go-utils has been upgraded to v0.20.5.

  • (From OSS v1.7.0-beta26) solo-io/envoy-gloo has been upgraded to 1.18.0-rc2.

Helm Changes

Pre-release

  • (From OSS v1.7.0-beta21) This is a release due to the build-bot failing to start the release. Changes will be in v1.7.0-beta22 and up.
v1.7.0-beta11 (Uses Gloo Edge OSS v1.7.0-beta18)

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.10.1.

  • solo-io/rate-limiter has been upgraded to v0.2.5.

  • solo-io/solo-apis has been upgraded to gloo-v1.7.0-beta18.

v1.7.0-beta10 (Uses Gloo Edge OSS v1.7.0-beta18)

New Features

  • Provides an enterprise-only option to use the leftmost IP address from the x-forwarded-for header and set it as the downstream address. This is useful if the network topology (load balancers, etc.) prior to gloo is unknown or dynamic. If using this option, be sure to sanitize this header from downstream requests to prevent security risks. (https://github.com/solo-io/gloo/issues/4014)

  • (From OSS v1.7.0-beta18) Provides an option to define global SslParameters that will be applied to all upstreams by default. An individual upstream can override these properties by specifying SslParameters. (https://github.com/solo-io/gloo/issues/4285)

  • (From OSS v1.7.0-beta17) Provides an enterprise-only option to use the leftmost IP address from the x-forwarded-for header and set it as the downstream address. This is useful if the network topology (load balancers, etc.) prior to gloo is unknown or dynamic. If using this option, be sure to sanitize this header from downstream requests to prevent security risks. (https://github.com/solo-io/gloo/issues/4014)

  • (From OSS v1.7.0-beta17) Add new regexRewrite option to routes. This new field can be used to substitute matched regex patterns for alternate text in request paths, optionally including capture groups from the regex. (https://github.com/solo-io/gloo/issues/3321)

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.7.0-beta18.

  • solo-io/go-list-licenses has been upgraded to v0.1.3.

Helm Changes

v1.7.0-beta9 (Uses Gloo Edge OSS v1.7.0-beta16)

New Features

  • Added glooctl fed CLI extension to make it easier to interact with federated Gloo Edge resources (e.g. federated upstreams, virtualservices, gateways). (https://github.com/solo-io/gloo/issues/4209)

  • The Gloo Enterprise external auth server can now easily be configured to validate OAuth2.0 access tokens that conform to the JSON Web Token (JWT) specification via the AccessTokenValidation API. Tokens are validated using a JSON Web Key Set (as defined in Section 5 of RFC7517), which can be either inlined in the configuration or fetched from a remote location via HTTP. The server will validate both the JWT signature and the standard claims it contains. If the JWT has been successfully validated, its set of claims will be added to the AuthorizationRequest state under the “jwtAccessToken” key. Additionally, if the server has been configured accordingly, the identifier of the authenticated user will be added to the request streams as dynamic metadata and/or a header. For more information see the external auth API reference. (https://github.com/solo-io/gloo/issues/4224)

Fixes

Dependency Bumps

  • solo-io/k8s-utils has been upgraded to v0.0.6.

  • solo-io/gloo has been upgraded to v1.7.0-beta16.

  • solo-io/ext-auth-service has been upgraded to v0.10.0.

  • solo-io/skv2 has been upgraded to v0.17.3.

Helm Changes

v1.7.0-beta8 (Uses Gloo Edge OSS v1.7.0-beta15)

Fixes

Helm Changes

Upgrade Notes

v1.7.0-beta7 (Uses Gloo Edge OSS v1.7.0-beta13)

New Features

  • Added glooctl wasm CLI extension to make it easier to manage wasm filters deployed on Gloo Edge Gateway Proxies. (https://github.com/solo-io/solo-projects/issues/2051)

  • Add ability for the Gloo Edge Enterprise external auth server to validate OAuth 2.0 access tokens based on access token scopes. The new match_all field of AccessTokenValidation can be used to specify a list of required scopes for a token. (https://github.com/solo-io/gloo/issues/4224)

  • (From OSS v1.7.0-beta13) Add ability for the Gloo Edge Enterprise external auth server to validate OAuth 2.0 access tokens based on access token scopes. The new requiredScopes field of AccessTokenValidation can be used to specify a list of required scopes for a token. Omitting the field means that scope validation is skipped. (https://github.com/solo-io/gloo/issues/4224)

Fixes

Dependency Bumps

  • solo-io/protoc-gen-ext has been upgraded to v0.0.15.

  • solo-io/skv2 has been upgraded to v0.17.2.

  • solo-io/solo-apis has been upgraded to gloo-v1.7.0-beta11.

  • solo-io/gloo has been upgraded to v1.7.0-beta13.

  • solo-io/solo-apis has been upgraded to gloo-v1.7.0-beta13.

  • solo-io/ext-auth-server has been upgraded to v0.7.11.

  • (From OSS v1.7.0-beta13) solo-io/skv2 has been upgraded to v0.17.2.

  • (From OSS v1.7.0-beta12) solo-io/protoc-gen-ext has been upgraded to v0.0.15.

  • (From OSS v1.7.0-beta12) solo-io/go-utils has been upgraded to v0.20.2.

v1.7.0-beta6 (Uses Gloo Edge OSS v1.7.0-beta11)

New Features

  • (From OSS v1.7.0-beta11) Allow for the configuration of socket options on the envoy listener. This is useful, for example, to set TCP keep alive for downstream connections to envoy (e.g., NLB in front of envoy). (https://github.com/solo-io/gloo/issues/3758)

  • (From OSS v1.7.0-beta10) Added the new transport_api_version field to the extauth settings. The field determines the API version for the ext_authz transport protocol that will be used by Envoy to communicate with the auth server. The currently allowed values are V2 and V3, with the former being the default; this was done to maintain compatibility with existing custom auth servers. Note that in order for the external auth server to be able to emit dynamic metadata the field needs to be set to V3. For more info, see the transport_api_version field here. (https://github.com/solo-io/gloo/issues/4160)

  • (From OSS v1.7.0-beta9) Added the new envoy_metadata route option. This field can be used to provide additional information which can be consumed by the Envoy filters that process requests that match the route. For more info about metadata, see here. (https://github.com/solo-io/gloo/issues/4160)

  • (From OSS v1.7.0-beta9) Add support for metadata actions to the rate limit API. The new metadata action type can now be used to generate rate limit descriptors based on both static and dynamic Envoy metadata. (https://github.com/solo-io/gloo/issues/4160)

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.7.0-beta11.

  • solo-io/ext-auth-service has been upgraded to v0.7.10.

  • solo-io/gloo has been upgraded to v1.7.0-beta10.

  • solo-io/solo-apis has been upgraded to gloo-v1.7.0-beta10.

  • solo-io/skv2 has been upgraded to v0.7.0.

  • solo-io/skv2-enterprise has been upgraded to v0.7.0.

  • solo-io/rate-limiter has been upgraded to v0.7.0.

  • solo-io/solo-apis has been upgraded to v0.0.0-20210122142844-ac0df2dce136.

  • helm/helm has been upgraded to v3.4.2.

  • containerd/containerd has been upgraded to v1.4.3.

  • k8s.io/kube-openapi has been upgraded to v0.0.0-20200805222855-6aeccd4b50c6.

  • k8s.io/utils has been upgraded to v0.0.0-20201110183641-67b214c5f920.

  • k8s.io/controller-runtime has been upgraded to v0.7.0.

  • k8s.io/kubernetes has been upgraded to v1.19.6.

  • (From OSS v1.7.0-beta9) solo-io/skv1 has been upgraded to v0.7.0.

  • (From OSS v1.7.0-beta9) solo-io/solo-apis has been upgraded to v0.0.0-20210122142844-ac0df2dce136.

  • (From OSS v1.7.0-beta9) helm/helm has been upgraded to v3.4.2.

  • (From OSS v1.7.0-beta9) containerd/containerd has been upgraded to v1.4.3.

  • (From OSS v1.7.0-beta9) k8s.io/kube-openapi has been upgraded to v0.0.0-20200805222855-6aeccd4b50c6.

  • (From OSS v1.7.0-beta9) k8s.io/utils has been upgraded to v0.0.0-20201110183641-67b214c5f920.

  • (From OSS v1.7.0-beta9) k8s.io/controller-runtime has been upgraded to v0.7.0.

  • (From OSS v1.7.0-beta9) k8s.io/kubernetes has been upgraded to v1.19.6.

Helm Changes

  • Allow setting the API version of the ext_authz transport protocol via the new global.extensions.extAuth.transportApiVersion Helm value. The allowed values are V2 and V3, with the latter being the default. Users who are running a custom external auth server should make sure that the server supports V3 of the API. If it does not, transportApiVersion should be set to V2 to maintain backwards compatibility. This does not apply to the default Gloo Edge Enterprise external auth server, which supports both protocol versions. Note that transportApiVersion needs to be V3 in order for the external auth server to be able to emit dynamic metadata. (https://github.com/solo-io/gloo/issues/4160)
v1.7.0-beta5 (Uses Gloo Edge OSS v1.7.0-beta8)

New Features

Fixes

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.7.9.

  • solo-io/gloo has been upgraded to v1.7.0-beta7.

  • solo-io/skv2 has been upgraded to v0.16.1.

v1.7.0-beta4 (Uses Gloo Edge OSS v1.7.0-beta8)

New Features

Fixes

v1.7.0-beta3 (Uses Gloo Edge OSS v1.7.0-beta5)

Fixes

  • (From OSS v1.7.0-beta5) CPU profile of Gloo at scale (5000+ upstreams) indicated that the generateXDSSnapshot function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using creating hashes for the XDS snapshot using deterministic proto marshalling and fnv hashing rather than the reflection-based mitchellh/hashstructure which was benchmarked to be several orders of magnitude slower. (https://github.com/solo-io/gloo/issues/4084)

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.7.0-beta5.
v1.7.0-beta2 (Uses Gloo Edge OSS v1.7.0-beta4)

New Features

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.7.0-beta4.

  • (From OSS v1.7.0-beta2) solo-io/protoc-gen-ext has been upgraded to v0.0.14.

Helm Changes

  • Have Gloo-EE’s helm config make use of Gloo-OS’s new Istio integration config and blacklist pods from Istio discovery. (https://github.com/solo-io/gloo/issues/3924)

  • (From OSS v1.7.0-beta3) Add 3 configuration values under global.istioIntegration to control automatic discovery and sidecar injection for Gloo pods by Istio. LabelInstallNamespace adds a label to mark the namespace for Istio discovery if the namespace is designated to be created in the chart. WhitelistDiscovery explicitly annotates Gloo’s discovery pod for Istio sidecar injection. DisableAutoinjection annotates all pods that aren’t more specifically noted elsewhere never receive Istio sidecar injection. (https://github.com/solo-io/gloo/issues/3924)

v1.7.0-beta1

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.7.0-beta1.

v1.6

v1.6.28 (Uses Gloo Edge OSS v1.6.24)

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.16.24.
v1.6.27 (Uses Gloo Edge OSS v1.6.23)

New Features

Dependency Bumps

  • solo-io/envoy-gloo-ee has been upgraded to v1.17.3.

  • solo-io/gloo has been upgraded to v1.16.23.

  • (From OSS v1.6.23) envoy-gloo/solo-io has been upgraded to v1.17.3-patch1.

Helm Changes

v1.6.26 (Uses Gloo Edge OSS v1.6.22)

Dependency Bumps

  • envoy-gloo-ee/solo-io has been upgraded to v1.17.2.

  • (From OSS v1.6.22) envoy-gloo/solo-io has been upgraded to v1.17.2.

v1.6.25 (Uses Gloo Edge OSS v1.6.21)
  • This release contained no user-facing changes.
v1.6.24 (Uses Gloo Edge OSS v1.6.21)

Fixes

Dependency Bumps

  • golang/go has been upgraded to v1.16.

  • solo-io/gloo has been upgraded to v1.6.21.

  • solo-io/ext-auth-service has been upgraded to v0.7.22.

v1.6.23 (Uses Gloo Edge OSS v1.6.19)

Dependency Bumps

  • solo-io/solo-apis has been upgraded to gloo-v1.6.19.

  • solo-io/gloo has been upgraded to v1.6.19.

Helm Changes

v1.6.22 (Uses Gloo Edge OSS v1.6.18)

Fixes

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.7.21.

  • solo-io/solo-apis has been upgraded to gloo-v1.6.18.

  • solo-io/gloo has been upgraded to v1.6.18.

  • (From OSS v1.6.16) linux/alpine has been upgraded to v3.13.2.

  • (From OSS v1.6.16) solo-io/solo-kit has been upgraded to v0.17.4.

Helm Changes

v1.6.21 (Uses Gloo Edge OSS v1.6.14)

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.7.20.
v1.6.20 (Uses Gloo Edge OSS v1.6.14)

Fixes

Dependency Bumps

  • solo-io/rate-limiter has been upgraded to v0.1.12.
v1.6.19 (Uses Gloo Edge OSS v1.6.14)

Fixes

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.7.19.
v1.6.18 (Uses Gloo Edge OSS v1.6.14)

Fixes

v1.6.17 (Uses Gloo Edge OSS v1.6.13)

Fixes

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.7.18.
v1.6.16 (Uses Gloo Edge OSS v1.6.13)

New Features

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.6.13.

  • solo-io/ext-auth-service has been upgraded to v0.7.17.

v1.6.15 (Uses Gloo Edge OSS v1.6.10)

New Features

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.6.10.
v1.6.14 (Uses Gloo Edge OSS v1.6.8)

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.7.15.
v1.6.13 (Uses Gloo Edge OSS v1.6.8)

Fixes

v1.6.12 (Uses Gloo Edge OSS v1.6.8)

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.6.8.
v1.6.11 (Uses Gloo Edge OSS v1.6.7)

Fixes

v1.6.10 (Uses Gloo Edge OSS v1.6.7)

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.7.14.
v1.6.9 (Uses Gloo Edge OSS v1.6.7)

Fixes

  • Fix per value rate-limits in the set-style API. (i.e., when omitting the optional value from a simple descriptor, create a rate limit for each unique value instead of having the unique values share the same limit). (https://github.com/solo-io/gloo/issues/4257)
v1.6.8 (Uses Gloo Edge OSS v1.6.7)

Fixes

Dependency Bumps

  • solo-io/protoc-gen-ext has been upgraded to v0.0.15.

  • solo-io/gloo has been upgraded to v1.6.7.

  • solo-io/k8s-utils has been upgraded to v0.0.5.

  • (From OSS v1.6.7) solo-io/protoc-gen-ext has been upgraded to v0.0.15.

Helm Changes

v1.6.7 (Uses Gloo Edge OSS v1.6.6)

Fixes

v1.6.6 (Uses Gloo Edge OSS v1.6.6)

Fixes

  • Fixes an issue where gloo would repeatedly send unchanged configs to the extauth service, triggering excessive logging and user confusion. This was caused by an inconsistent ordering of configurations when hashing them to determine if anything had changed. (https://github.com/solo-io/gloo/issues/3631)

  • (From OSS v1.6.6) Allow for the configuration of socket options on the envoy listener. This is useful, for example, to set TCP keep alive for downstream connections to envoy (e.g., NLB in front of envoy). (https://github.com/solo-io/gloo/issues/3758)

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.6.6.
v1.6.5 (Uses Gloo Edge OSS v1.6.5)

Fixes

v1.6.4 (Uses Gloo Edge OSS v1.6.4)

Fixes

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.7.9.
v1.6.3 (Uses Gloo Edge OSS v1.6.4)

New Features

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.6.4.
v1.6.2 (Uses Gloo Edge OSS v1.6.3)

New Features

Fixes

  • Fix the proxy memory leak in the Gloo pod. It was being caused by a map or resources with status updates never being cleared. Rather than have this map created and passed in at setup time, it will instead be an argument to the various functions. (https://github.com/solo-io/gloo/issues/4078)

  • (From OSS v1.6.3) CPU profile of Gloo at scale (5000+ upstreams) indicated that the generateXDSSnapshot function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using creating hashes for the XDS snapshot using deterministic proto marshalling and fnv hashing rather than the reflection-based mitchellh/hashstructure which was benchmarked to be several orders of magnitude slower. (https://github.com/solo-io/gloo/issues/4084)

  • (From OSS v1.6.3) CPU profile of Gloo at scale (5000+ upstreams) indicated that the endpointsForUpstream function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using a map instead of looping over all endpoints for each upstream. (https://github.com/solo-io/gloo/issues/4084)

  • (From OSS v1.6.3) Gloo Edge now proactively reports warnings on virtual services that have matchers that are short-circuited.

  • (From OSS v1.6.3) Fix a race condition in the gateway-validation-webhook, where resources applied concurrently can avoid validation. (https://github.com/solo-io/gloo/issues/4136)

  • (From OSS v1.6.2) Gloo Edge now proactively reports warnings on virtual services that have matchers that are short-circuited.

  • (From OSS v1.6.2) Switching CSRF mode from enabled to shadow mode does not apply default enabled value to filter. (https://github.com/solo-io/gloo/issues/4053)

Dependency Bumps

  • (From OSS v1.6.2) solo-io/protoc-gen-ext has been upgraded to v0.0.14.
v1.6.1 (Uses Gloo Edge OSS v1.6.1)

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.6.1.
v1.6.0 (Uses Gloo Edge OSS v1.6.0)

New Features

  • Observability deployment uses upstreams’ dashboardFolderId values to place corresponding grafana dashboards in specified folders. (https://github.com/solo-io/gloo/issues/3920)

  • Allows wasm filters to be loaded from a filepath. This allows for pre-loading wasm filters on pod startup, removing the need to make network requests at runtime to retrieve filters. (https://github.com/solo-io/gloo/issues/4025)

  • (From OSS v1.6.0) Gloo Edge can now more proactively report warnings on virtual services that are likely misconfigured.

  • (From OSS v1.6.0-beta24) Adds a new headers_to_append field to the HTTP request transformation API. This allows users to specify headers which can contain multiple values and to specify transformations for each of the values. (https://github.com/solo-io/gloo/issues/3901)

Fixes

Dependency Bumps

  • gloo/solo-io has been upgraded to v1.6.0.

  • solo-io/gloo has been upgraded to v1.6.0-beta25.

  • (From OSS v1.6.0) solo-io/envoy-gloo has been upgraded to v1.17.0-rc4.

  • (From OSS v1.6.0-beta24) solo-io/envoy-gloo has been upgraded to v1.17.0-rc3.

Helm Changes

  • (From OSS v1.6.0-beta24) Add the helm value gatewayProxies.gatewayProxy.readConfigMulticluster, set to false by default. Setting this to true will add a gateway-proxy-config-dump-service Service to the gloo installation namespace. This service allows multicluster management planes to access the envoy config dump on port 8082 of the gateway-proxy. (https://github.com/solo-io/gloo/issues/4012)

Upgrade Notes

v1.6.0-beta13 (Uses Gloo Edge OSS v1.6.0-beta23)

New Features

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.6.0-beta23.

  • solo-io/ext-auth-service has been upgraded to v0.7.8.

  • solo-io/solo-kit has been upgraded to v0.17.0.

  • (From OSS v1.6.0-beta21) solo-io/skv2 has been upgraded to v0.15.2.

Helm Changes

v1.6.0-beta12 (Uses Gloo Edge OSS v1.6.0-beta20)

Fixes

v1.6.0-beta11 (Uses Gloo Edge OSS v1.6.0-beta18)

New Features

Fixes

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.7.4.

  • solo-io/gloo has been upgraded to v1.6.0-beta18.

  • solo-io/ext-auth-service has been upgraded to v0.7.5.

  • (From OSS v1.6.0-beta18) solo-io/go-utils has been upgraded to v0.20.1.

Helm Changes

  • (From OSS v1.6.0-beta18) Add a helm value for setting extauth field for gloo.solo.io.Settings. This allows to configure custom external auth server while installing Helm chart, without need to post-render or patch Settings object after helm chart was installed or upgraded. (https://github.com/solo-io/gloo/issues/1892)
v1.6.0-beta10 (Uses Gloo Edge OSS v1.6.0-beta17)

New Features

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.6.0-beta17.

  • (From OSS v1.6.0-beta16) solo-io/go-utils has been upgraded to v0.20.0.

  • (From OSS v1.6.0-beta13) linux/alpine has been upgraded to v3.12.1.

Helm Changes

v1.6.0-beta9 (Uses Gloo Edge OSS v1.6.0-beta12)

New Features

Fixes

Dependency Bumps

  • solo-io/rate-limiter has been upgraded to v0.1.2.

  • solo-io/gloo has been upgraded to v1.6.0-beta12.

  • solo-io/solo-apis has been upgraded to actual-rate-limiter-v0.1.2.

  • linux/alpine has been upgraded to v3.12.1.

v1.6.0-beta8 (Uses Gloo Edge OSS v1.6.0-beta10)

New Features

Fixes

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.7.0.

  • gloo/solo-io has been upgraded to v1.6.0-beta10.

Helm Changes

v1.6.0-beta7 (Uses Gloo Edge OSS v1.6.0-beta7)

New Features

Helm Changes

v1.6.0-beta6 (Uses Gloo Edge OSS v1.6.0-beta5)

New Features

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.6.19.

Helm Changes

v1.6.0-beta5 (Uses Gloo Edge OSS v1.6.0-beta5)

New Features

Fixes

Dependency Bumps

  • envoy-gloo-ee/solo-io has been upgraded to v1.17.0-rc1.

  • gloo/solo-io has been upgraded to v1.16.0-beta3.

Helm Changes

v1.6.0-beta4 (Uses Gloo Edge OSS v1.6.0-beta2)
  • This release contained no user-facing changes.
v1.6.0-beta3
  • This release build failed.

  • This release contained no user-facing changes.

v1.6.0-beta2
  • This release build failed.

  • This release contained no user-facing changes.

v1.6.0-beta1
  • This release build failed.

New Features

  • Expose apiserver over HTTPS using self-signed certs when running in glooMtls mode. (https://github.com/solo-io/gloo/issues/3384)

  • With each release, we will additionally be publishing an alternate set of docker containers (tagged as usual but with the “-extended” suffix) that have some additional dependencies built in (e.g., curl for debugging). You can deploy these images by setting the helm value global.image.extended=true. (https://github.com/solo-io/gloo/issues/3399)

  • Implement new AuthConfig API that allows users to specify a boolean expression to determine how to evaluate auth configs within an auth chain. Previously, each config on an auth config must be authorized for the entire request to be authorized. This remains the default, but now users can additionally specify a boolean expression (the booleanExpr field on an auth config) to reference the auth configs and AND/OR/NOT them together to achieve the desired access policy. (https://github.com/solo-io/gloo/issues/3207)

Fixes

Helm Changes

v1.5

v1.5.19 (Uses Gloo Edge OSS v1.5.19)

Fixes

Dependency Bumps

  • envoy-gloo-ee/solo-io has been upgraded to v1.16.3.

  • (From OSS v1.5.19) envoy-gloo/solo-io has been upgraded to v1.16.3.

v1.5.18 (Uses Gloo Edge OSS v1.5.18)

Fixes

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.6.23.

  • solo-io/solo-apis has been upgraded to gloo-v1.5.18.

  • solo-io/gloo has been upgraded to v1.5.18.

v1.5.17 (Uses Gloo Edge OSS v1.5.17)

Fixes

  • Expose a discovery_poll_interval which controls interval at which OIDC configuration is discovered at /.well-known/openid-configuration. The default value is 30 minutes. (https://github.com/solo-io/gloo/issues/4470)

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.6.22.

  • solo-io/go-utils has been upgraded to v0.16.7.

  • solo-io/solo-apis has been upgraded to gloo-v1.5.17.

  • solo-io/gloo has been upgraded to v1.5.17.

v1.5.16 (Uses Gloo Edge OSS v1.5.16)

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.5.16.
v1.5.15 (Uses Gloo Edge OSS v1.5.15)

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.5.15.
v1.5.14 (Uses Gloo Edge OSS v1.5.14)

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.5.14.
v1.5.13 (Uses Gloo Edge OSS v1.5.13)

Helm Changes

v1.5.12 (Uses Gloo Edge OSS v1.5.13)

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.5.13.

  • (From OSS v1.5.13) solo-io/envoy-gloo has been upgraded to v1.16.1-patch1.

v1.5.11 (Uses Gloo Edge OSS v1.5.12)

Fixes

Dependency Bumps

  • gloo/solo-io has been upgraded to v1.5.12.

Helm Changes

v1.5.10 (Uses Gloo Edge OSS v1.5.10)

Fixes

Dependency Bumps

  • gloo/solo-io has been upgraded to v1.5.10.
v1.5.9 (Uses Gloo Edge OSS v1.5.9)

Dependency Bumps

  • gloo/solo-io has been upgraded to v1.5.9.

Helm Changes

v1.5.8 (Uses Gloo Edge OSS v1.5.8)

Fixes

v1.5.7 (Uses Gloo Edge OSS v1.5.7)

Helm Changes

v1.5.6 (Uses Gloo Edge OSS v1.5.6)

Dependency Bumps

  • solo-kit/gloo has been upgraded to v1.5.6.

Helm Changes

v1.5.5 (Uses Gloo Edge OSS v1.5.5)

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.5.5.
v1.5.4 (Uses Gloo Edge OSS v1.5.3)

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.5.3.
v1.5.3 (Uses Gloo Edge OSS v1.5.2)

Fixes

v1.5.2 (Uses Gloo Edge OSS v1.5.2)

Fixes

  • No longer let the api-server create a default settings CRD when none is provided. (https://github.com/solo-io/gloo/issues/3677)

  • Fix the grpc service names in health checks. This fixes a regression that was introduced in Gloo enterprise v1.5.0-beta8 and v1.4.7. Without this fix, the rate-limit and ext-auth grpc services will fail health checks and go into panic mode (which by default, ignores health checks, so requests still work). (https://github.com/solo-io/gloo/issues/3745)

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.5.2.
v1.5.1 (Uses Gloo Edge OSS v1.5.1)

Fixes

Helm Changes

v1.5.0 (Uses Gloo Edge OSS v1.5.0)

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.5.0.

  • solo-io/envoy-gloo-ee has been upgraded to v1.16.0-rc6.

v1.5.0-beta12 (Uses Gloo Edge OSS v1.5.0-beta26)
  • marked as a pre-release due to a regression that will crash Gloo if it has an AWS upstream

New Features

Fixes

Dependency Bumps

  • solo-io/envoy-gloo-ee has been upgraded to 1.16.0-rc5.

  • solo-io/gloo has been upgraded to v1.5.0-beta26.

v1.5.0-beta11 (Uses Gloo Edge OSS v1.5.0-beta25)
  • marked as a pre-release due to a regression that will crash Gloo if it has an AWS upstream

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.5.0-beta25.
v1.5.0-beta10 (Uses Gloo Edge OSS v1.5.0-beta22)
  • This release contained no user-facing changes.
v1.5.0-beta9

Fixes

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.5.0-beta20.

Helm Changes

v1.4

v1.4.16 (Uses Gloo Edge OSS v1.4.13)

Fixes

Dependency Bumps

  • solo-io/envoy-gloo-ee has been upgraded to 1.15.1-patch2.
v1.4.15 (Uses Gloo Edge OSS v1.4.13)
  • marked as a pre-release due to a regression that will crash Gloo if it has an AWS upstream

Dependency Bumps

  • solo-io/ext-auth-service has been upgraded to v0.6.12-patch1.
v1.4.14 (Uses Gloo Edge OSS v1.4.13)
  • marked as a pre-release due to a regression that will crash Gloo if it has an AWS upstream

Fixes

v1.4.13 (Uses Gloo Edge OSS v1.4.12)

Fixes

v1.4.12 (Uses Gloo Edge OSS v1.4.12)

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.4.12.
v1.4.6-patch2 (Uses Gloo Edge OSS v1.4.8-patch1)
  • This release contained no user-facing changes.
v1.4.6-patch1

Dependency Bumps

  • solo-io/gloo has been upgraded to v1.4.8-patch1.

v1.3

v1.3.14

Fixes

Dependency Bumps

  • solo-io/envoy-gloo-ee has been upgraded to 1.14.5-patch1.