Navigation :

Open Source Gloo Edge


Changelog

v1.7

v1.7.0-beta25

New Features

v1.7.0-beta24

New Features

v1.7.0-beta23

This release contained no user-facing changes.

v1.7.0-beta22

Fixes

v1.7.0-beta21

Helm Changes

New Features

Fixes

Pre-release

This is a release due to the build-bot failing to start the release. Changes will be in v1.7.0-beta22 and up.##### v1.7.0-beta20 This release contained no user-facing changes.

v1.7.0-beta19

This release contained no user-facing changes.

v1.7.0-beta18

Helm Changes

New Features

  • Provides an option to define global SslParameters that will be applied to all upstreams by default. An individual upstream can override these properties by specifying SslParameters. (https://github.com/solo-io/gloo/issues/4285)
v1.7.0-beta17

Helm Changes

New Features

  • Provides an enterprise-only option to use the leftmost IP address from the x-forwarded-for header and set it as the downstream address. This is useful if the network topology (load balancers, etc.) prior to gloo is unknown or dynamic. If using this option, be sure to sanitize this header from downstream requests to prevent security risks. (https://github.com/solo-io/gloo/issues/4014)
  • Add new regexRewrite option to routes. This new field can be used to substitute matched regex patterns for alternate text in request paths, optionally including capture groups from the regex. (https://github.com/solo-io/gloo/issues/3321)
v1.7.0-beta16

Helm Changes

Fixes

v1.7.0-beta15

This release contained no user-facing changes.

v1.7.0-beta14

Upgrade Notes

Helm Changes

v1.7.0-beta13

Dependency Bumps

  • solo-io/skv2 has been upgraded to v0.17.2.

New Features

  • Add ability for the Gloo Edge Enterprise external auth server to validate OAuth 2.0 access tokens based on access token scopes. The new requiredScopes field of AccessTokenValidation can be used to specify a list of required scopes for a token. Omitting the field means that scope validation is skipped. (https://github.com/solo-io/gloo/issues/4224)
v1.7.0-beta12

Dependency Bumps

  • solo-io/protoc-gen-ext has been upgraded to v0.0.15.
  • solo-io/go-utils has been upgraded to v0.20.2.

Fixes

  • Fixed a bug where some protobufs were erroneously being considered equal when comparing values inside of a oneOf interface. This resulted in some subtle bugs where sometimes proxies would not receive updates when reconciled in certain situations where only very small changes were made.

This bug affected Gloo Edge 1.6.0 to 1.6.6 and 1.7.0-beta1 to 1.7.0-beta11 versions only. (https://github.com/solo-io/gloo/issues/4215)

v1.7.0-beta11

New Features

  • Allow for the configuration of socket options on the envoy listener. This is useful, for example, to set TCP keep alive for downstream connections to envoy (e.g., NLB in front of envoy). (https://github.com/solo-io/gloo/issues/3758)
v1.7.0-beta10

New Features

  • Added the new transport_api_version field to the extauth settings. The field determines the API version for the ext_authz transport protocol that will be used by Envoy to communicate with the auth server. The currently allowed values are V2 and V3, with the former being the default; this was done to maintain compatibility with existing custom auth servers. Note that in order for the external auth server to be able to emit dynamic metadata the field needs to be set to V3. For more info, see the transport_api_version field here. (https://github.com/solo-io/gloo/issues/4160)
v1.7.0-beta9

Dependency Bumps

  • solo-io/skv1 has been upgraded to v0.7.0.
  • solo-io/solo-apis has been upgraded to v0.0.0-20210122142844-ac0df2dce136.
  • helm/helm has been upgraded to v3.4.2.
  • containerd/containerd has been upgraded to v1.4.3.
  • k8s.io/kube-openapi has been upgraded to v0.0.0-20200805222855-6aeccd4b50c6.
  • k8s.io/utils has been upgraded to v0.0.0-20201110183641-67b214c5f920.
  • k8s.io/controller-runtime has been upgraded to v0.7.0.
  • k8s.io/kubernetes has been upgraded to v1.19.6.

New Features

Fixes

v1.7.0-beta8

New Features

Fixes

v1.7.0-beta7

New Features

Fixes

v1.7.0-beta6

New Features

v1.7.0-beta5

Fixes

  • CPU profile of Gloo at scale (5000+ upstreams) indicated that the generateXDSSnapshot function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using creating hashes for the XDS snapshot using deterministic proto marshalling and fnv hashing rather than the reflection-based mitchellh/hashstructure which was benchmarked to be several orders of magnitude slower. (https://github.com/solo-io/gloo/issues/4084)
v1.7.0-beta4

Fixes

  • CPU profile of Gloo at scale (5000+ upstreams) indicated that the endpointsForUpstream function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using a map instead of looping over all endpoints for each upstream. (https://github.com/solo-io/gloo/issues/4084)
v1.7.0-beta3

Helm Changes

  • Add 3 configuration values under global.istioIntegration to control automatic discovery and sidecar injection for Gloo pods by Istio. LabelInstallNamespace adds a label to mark the namespace for Istio discovery if the namespace is designated to be created in the chart. WhitelistDiscovery explicitly annotates Gloo’s discovery pod for Istio sidecar injection. DisableAutoinjection annotates all pods that aren’t more specifically noted elsewhere never receive Istio sidecar injection. (https://github.com/solo-io/gloo/issues/3924)
v1.7.0-beta2

Dependency Bumps

  • solo-io/protoc-gen-ext has been upgraded to v0.0.14.

New Features

  • Gloo Edge now proactively reports warnings on virtual services that have matchers that are short-circuited. To enable, update the Gloo Settings such that spec.gateway.validation.warnRouteShortCircuiting=true The cases now additionally covered are:
    • routes that have simple OR regex header matchers, ensuring each one of the OR’ed matchers can be reached
    • the same logic, but with method matchers In addition, we support aggressively reporting errors on virtual services with invalid regex matchers. (no need to enable short-circuiting reporting) (https://github.com/solo-io/gloo/issues/3334)
  • Possibility to configure custom auth server to retrieve request body as bytes (Support Envoys packAsBytes) (https://github.com/solo-io/gloo/issues/3937)

Fixes

v1.7.0-beta1

Fixes

v1.6

v1.6.11

New Features

v1.6.10

New Features

v1.6.9

Fixes

v1.6.8

Fixes

  • Provides an option to define global SslParameters that will be applied to all upstreams by default. An individual upstream can override these properties by specifying SslParameters. (https://github.com/solo-io/gloo/issues/4285)
v1.6.7

Dependency Bumps

  • solo-io/protoc-gen-ext has been upgraded to v0.0.15.

Fixes

  • Fixed a bug where some protobufs were erroneously being considered equal when comparing values inside of a oneOf interface. This resulted in some subtle bugs where sometimes proxies would not receive updates when reconciled in certain situations where only very small changes were made.

This bug affected Gloo Edge 1.6.0 to 1.6.6 and 1.7.0-beta1 to 1.7.0-beta11 versions only. (https://github.com/solo-io/gloo/issues/4215)

v1.6.6

Fixes

  • Allow for the configuration of socket options on the envoy listener. This is useful, for example, to set TCP keep alive for downstream connections to envoy (e.g., NLB in front of envoy). (https://github.com/solo-io/gloo/issues/3758)
v1.6.5

Fixes

v1.6.4

New Features

v1.6.3

Fixes

  • CPU profile of Gloo at scale (5000+ upstreams) indicated that the generateXDSSnapshot function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using creating hashes for the XDS snapshot using deterministic proto marshalling and fnv hashing rather than the reflection-based mitchellh/hashstructure which was benchmarked to be several orders of magnitude slower. (https://github.com/solo-io/gloo/issues/4084)
  • CPU profile of Gloo at scale (5000+ upstreams) indicated that the endpointsForUpstream function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using a map instead of looping over all endpoints for each upstream. (https://github.com/solo-io/gloo/issues/4084)
  • Gloo Edge now proactively reports warnings on virtual services that have matchers that are short-circuited. To enable, update the Gloo Settings such that spec.gateway.validation.warnRouteShortCircuiting=true The cases now additionally covered are:
    • routes that have simple OR regex header matchers, ensuring each one of the OR’ed matchers can be reached
    • the same logic, but with method matchers In addition, we support aggressively reporting errors on virtual services with invalid regex matchers. (no need to enable short-circuiting reporting) (https://github.com/solo-io/gloo/issues/3334)
  • Fix a race condition in the gateway-validation-webhook, where resources applied concurrently can avoid validation. (https://github.com/solo-io/gloo/issues/4136)
v1.6.2

Dependency Bumps

  • solo-io/protoc-gen-ext has been upgraded to v0.0.14.

New Features

Fixes

  • Gloo Edge now proactively reports warnings on virtual services that have matchers that are short-circuited. To enable, update the Gloo Settings such that spec.gateway.validation.warnRouteShortCircuiting=true The cases now additionally covered are:
    • routes that have simple OR regex header matchers, ensuring each one of the OR’ed matchers can be reached
    • the same logic, but with method matchers In addition, we support aggressively reporting errors on virtual services with invalid regex matchers. (no need to enable short-circuiting reporting) (https://github.com/solo-io/gloo/issues/3334)
  • Switching CSRF mode from enabled to shadow mode does not apply default enabled value to filter. (https://github.com/solo-io/gloo/issues/4053)
v1.6.1

Fixes

v1.6.0

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to v1.17.0-rc4.

New Features

  • Gloo Edge can now more proactively report warnings on virtual services that are likely misconfigured. To enable, update the Gloo Settings such that spec.gateway.validation.warnRouteShortCircuiting=true The cases now additionally covered are:

Fixes

v1.6.0-beta25

Upgrade Notes

v1.6.0-beta24

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to v1.17.0-rc3.

Helm Changes

  • Add the helm value gatewayProxies.gatewayProxy.readConfigMulticluster, set to false by default. Setting this to true will add a gateway-proxy-config-dump-service Service to the gloo installation namespace. This service allows multicluster management planes to access the envoy config dump on port 8082 of the gateway-proxy. (https://github.com/solo-io/gloo/issues/4012)

New Features

  • Adds a new headers_to_append field to the HTTP request transformation API. This allows users to specify headers which can contain multiple values and to specify transformations for each of the values. (https://github.com/solo-io/gloo/issues/3901)

Fixes

v1.6.0-beta23

New Features

v1.6.0-beta22

New Features

  • Add support for the new inheritablePathMatchers value on Route config. This new setting is similar to the inheritableMatchers boolean value that allows delegated routes (i.e., routes on route tables) to optionally opt into inheriting HTTP header, method, or query parameter matching from the parent route. The new inheritablePathMatchers is used to optionally opt into inheriting HTTP path matcher config from the parent. (https://github.com/solo-io/gloo/issues/3726)

Fixes

v1.6.0-beta21

Dependency Bumps

  • solo-io/skv2 has been upgraded to v0.15.2.

Helm Changes

  • Update the version of Istio used by the Istio sidecar in the gateway-proxy pod for mTLS cert generation when the helm value global.istioSDS.enabled is set to true. New Istio version is 1.8.1. (https://github.com/solo-io/gloo/issues/3967)

New Features

Fixes

v1.6.0-beta20

This release contained no user-facing changes.

v1.6.0-beta19

Fixes

v1.6.0-beta18

Dependency Bumps

  • solo-io/go-utils has been upgraded to v0.20.1.

Helm Changes

  • Add a helm value for setting extauth field for gloo.solo.io.Settings. This allows to configure custom external auth server while installing Helm chart, without need to post-render or patch Settings object after helm chart was installed or upgraded. (https://github.com/solo-io/gloo/issues/1892)

Fixes

v1.6.0-beta17

_Marked as a pre-release to due a regression with redirectActions, see https://github.com/solo-io/gloo/issues/3975_

New Features

Fixes

  • Fixes a bug where routes that use a deleted lambda function as destination causes gloo to crash. (https://github.com/solo-io/gloo/issues/3895)
  • When configuring tracing, you can specify a cluster where traces are collected. If the collector is an upstream, tracing works as expected. However, if the cluster is statically defined in the envoy bootstrap, traces do not get collected. This adds support for statically defined tracing collector clusters. (https://github.com/solo-io/gloo/issues/3954)
v1.6.0-beta16

Dependency Bumps

  • solo-io/go-utils has been upgraded to v0.20.0.

New Features

v1.6.0-beta15

New Features

Fixes

  • In multi-proxy environments, resources that were invalid on one proxy (error or warning) but valid on another may have a status written of accepted, despite internally calculating (and logging) a warning. This is now fixed. (https://github.com/solo-io/gloo/issues/3935)
  • cert-manager can be used to create a Certificate (https://cert-manager.io/docs/concepts/certificate/). This is used to generate a TLS key and certificate, and they are stored in a Kubernetes secret. This can be configured to include an optional property on the secret, ca.crt, which holds a root CA certificate. If cert-manager is used to generate this Kubernetes secret, and the root CA certificate is included, we were not including it when converting to a Gloo secret, causing Gloo to crash. (https://github.com/solo-io/gloo/issues/3652)
  • Turn the certgen job into a no-op if the previously generated certs still exist, and are still valid. (https://github.com/solo-io/gloo/issues/3790)
v1.6.0-beta14

Helm Changes

v1.6.0-beta13

Dependency Bumps

  • linux/alpine has been upgraded to v3.12.1.
v1.6.0-beta12

New Features

v1.6.0-beta11

New Features

v1.6.0-beta10

New Features

Fixes

v1.6.0-beta9

New Features

Fixes

v1.6.0-beta8

Dependency Bumps

  • solo-io/solo-apis has been upgraded to rate-limiter-v0.1.2.

New Features

  • Define the API to allow for set-style rate limiting. The previous rate-limiting implementation uses a tree structure for descriptors. This adds capability to use a set structure instead, where the descriptors are treated as an unordered set such that a given rule will apply if all the relevant descriptors match, regardless of the values of the other descriptors and regardless of descriptor order. For example, the rule may require type: a and number: 1 but the remote_address descriptor can have any value. This can also be understood as remote_address: * where * is a wildcard. (https://github.com/solo-io/gloo/issues/2695)
v1.6.0-beta7

This release contained no user-facing changes.

v1.6.0-beta6

Dependency Bumps

  • solo-kit/solo-io has been upgraded to v0.13.14.

Helm Changes

New Features

Fixes

v1.6.0-beta5

Helm Changes

v1.6.0-beta4

Helm Changes

Fixes

  • Fix an issue where ssl configurations across different virtual services may be incorrectly cached if they ssl configurations only differ by ssl-parameters (e.g., min tls version). After this change, ssl configurations that are only different by ssl parameters must have different sni domains. Prior to this change, such a configuration would not error but could result in one ssl configuration being selected over another; now an explicit error is recorded on the virtual service. (https://github.com/solo-io/gloo/issues/3776)
  • Fix the validation API to return all errors encountered while validating a list of resources, rather than immediately returning on the first unmarshal error encountered for a resource in a list resource. (https://github.com/solo-io/gloo/issues/3610)
  • Fix the validation API error reporting to include the resource associated with the error returned. (https://github.com/solo-io/gloo/issues/3610)
v1.6.0-beta3

Dependency Bumps

  • envoy-gloo/solo-io has been upgraded to v1.17.0-rc1.

Helm Changes

New Features

  • Use official wasm support from upstream envoy, rather than envoy-wasm fork. (https://github.com/solo-io/gloo/issues/3753)
  • Allow automatic discovery of TLS when using consul services. Requires serveral changes to gloo’s helm config to use: Set the settings.integrations.consul.useTls flag to true. Assign a tag for gloo to recognize as the TLS tag if the default (settings.integrations.consul.tlsTagName=glooUseTls) is insufficient. Add the consul root CA for gloo to use at settings.integrations.consul.rootCA Once these are setup in gloo, adding the tlsTagName value as a tag to consul services should cause upstreams to automatically have TLS when discovered by gloo. As part of this change, the behavior of tag matching between gloo upstreams and consul service instances was changed from an exact set match to a subset match. Now a match is found if an upstream’s instanceTags are a subset of a service instance’s tags. (https://github.com/solo-io/gloo/issues/2544)

Fixes

  • Fix the validation API to only return proxies that would be generated by proposed resources if requested. This change means the default behavior matches the kubernetes validation webhook API. By including the top-level value returnProxies=true in the json/yaml request to the API, you can signal the endpoint to return the proxies that would be generated (previously, always returning by default). (https://github.com/solo-io/gloo/issues/3613)
v1.6.0-beta2

This release contained no user-facing changes.

v1.6.0-beta1

Helm Changes

New Features

Fixes

v1.5

v1.5.16

Fixes

  • Allow for the configuration of socket options on the envoy listener. This is useful, for example, to set TCP keep alive for downstream connections to envoy (e.g., NLB in front of envoy). (https://github.com/solo-io/gloo/issues/3758)
v1.5.15

Fixes

v1.5.14

Fixes

v1.5.13

_Marked as a pre-release to due a regression with redirectActions, see https://github.com/solo-io/gloo/issues/3975_

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to v1.16.1-patch1.

Fixes

v1.5.12

Helm Changes

v1.5.11

Fixes

v1.5.10

Fixes

v1.5.9

Fixes

v1.5.8

This release contained no user-facing changes.

v1.5.7

Helm Changes

v1.5.6

Dependency Bumps

  • solo-kit/solo-io has been upgraded to v0.13.14.

Fixes

v1.5.5

Fixes

v1.5.4

Helm Changes

v1.5.3

Fixes

  • Fix an issue where ssl configurations across different virtual services may be incorrectly cached if they ssl configurations only differ by ssl-parameters (e.g., min tls version). After this change, ssl configurations that are only different by ssl parameters must have different sni domains. Prior to this change, such a configuration would not error but could result in one ssl configuration being selected over another; now an explicit error is recorded on the virtual service. (https://github.com/solo-io/gloo/issues/3776)
v1.5.2

Fixes

  • Fix the validation API to only return proxies that would be generated by proposed resources if requested. This change means the default behavior matches the kubernetes validation webhook API. By including the top-level value returnProxies=true in the json/yaml request to the API, you can signal the endpoint to return the proxies that would be generated (previously, always returning by default). (https://github.com/solo-io/gloo/issues/3613)
  • Fix the validation API to return all errors encountered while validating a list of resources, rather than immediately returning on the first unmarshal error encountered for a resource in a list resource. (https://github.com/solo-io/gloo/issues/3610)
  • Fix the validation API error reporting to include the resource associated with the error returned. (https://github.com/solo-io/gloo/issues/3610)
v1.5.1

Helm Changes

  • Fix helm chart to honor .Values.settings.replaceInvalidRoutes value. This change makes the default invalid route behavior match what’s documented (disabled by default). To enable again, set .Values.settings.replaceInvalidRoutes=true (https://github.com/solo-io/gloo/issues/3619)
  • Remove duplicate helm values that are no longer needed to keep hook-created values in helm releases. Backport for v1.5. (https://github.com/solo-io/gloo/issues/3498)

Fixes

v1.5.0

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to 1.16.0-rc4.

Fixes

v1.5.0-beta28

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to 1.16.0-rc3.

Fixes

v1.5.0-beta27

New Features

  • Add API to AuthConfig that allows users to specify a boolean expression to determine how to evaluate auth configs within an auth chain. Previously, each config on an auth config must be authorized for the entire request to be authorized. This remains the default, but now users can additionally specify a boolean expression (the booleanExpr field on an auth config) to reference the auth configs and AND/OR/NOT them together to achieve the desired access policy. (https://github.com/solo-io/gloo/issues/3207)
v1.5.0-beta26

Fixes

v1.5.0-beta25

New Features

  • Add new field inheritableMatchers boolean field (default false) to virtual services and route tables that, when true, changes how route delegation handles header, method, and query parameter matchers from the parent resource. By default, route tables must have matchers that are a superset of those from the parent, as this improves readability. By setting inheritableMatchers to true, any header, method, and query parameter matchers from the parent that are absent from the child will be automatically included on the generated route. (https://github.com/solo-io/gloo/issues/3327)
  • Generate standard Kubernetes go types and clients for AuthConfig custom resources so users can programmatically manage these objects without having to use our solo-kit based clients. (https://github.com/solo-io/gloo/issues/3643)

Fixes

v1.5.0-beta24

Fixes

v1.5.0-beta23

Dependency Bumps

  • envoyproxy/envoy has been upgraded to v1.16-rc2.
  • solo-io/skv2 has been upgraded to v0.8.1.

New Features

  • Added improvements to the user experience for using gloo with Istio. Added helper commands for glooctl, so that users can simply perform glooctl istio inject and glooctl istio enable-mtls --upstream foo in order to have Gloo and Istio up and running and communicating together over mTLS. (https://github.com/solo-io/gloo/issues/3532)
  • Allow secrets to be added to request headers by referencing a k8s secret resource via its namespace and name. (https://github.com/solo-io/gloo/issues/2751)
  • Change the glooctl cluster unregister command to glooctl cluster deregister. The deregister command now deletes the service account, cluster role, and cluster role binding created on the remote cluster during the cluster registration process. Example usage is glooctl cluster deregister --cluster-name kind-remote --remote-context kind-remote. (https://github.com/solo-io/gloo/issues/3369)

Fixes

v1.5.0-beta22

This release contained no user-facing changes.

v1.5.0-beta21

Helm Changes

New Features

Fixes

v1.5.0-beta20

New Features

Fixes

v1.5.0-beta19

Helm Changes

New Features

  • Expose the raw envoy configuration for the gRPC to JSON transcoding filter, which can be leveraged to expose a gRPC service both as a gRPC service and as a REST API. Exposing the underlying envoy configuration allows users more granular control over the gRPC to JSON mappings than the current Gloo API for gRPC to JSON (that doesn’t require explicit protobuf descriptors to be provided since they will be discovered). One example where users may want more granular control of their gRPC to JSON mappings may be to leverage query parameter transcoding. (https://github.com/solo-io/gloo/issues/2188)
  • Allow users to specify extra headers for health check requests as secrets. New gloo secret type “header”, containing header name-value pairs, can now be created (details here). Health checks can reference header secrets for additional headers to add in addition to specifying them explicitly. (https://github.com/solo-io/gloo/issues/2914)

Fixes

v1.5.0-beta18

Dependency Bumps

  • solo-io/solo-apis has been upgraded to gloo-fed-v0.0.19.

New Features

Fixes

  • Update the version of golang Gloo was built with from 1.14.0 to 1.14.6, to pickup patch fixes to go; most notably, a workaround in go for a bug in affected Linux kernels (5.2.x, 5.3.0-5.3.14, 5.4.0-5.4.1) that could result in a corrupted AVX register and crash Gloo. (https://github.com/solo-io/gloo/issues/3493)

v1.4

v1.4.15

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to 1.15.0-patch4.

Fixes

v1.4.14

Fixes

  • Generate standard Kubernetes go types and clients for AuthConfig custom resources so users can programmatically manage these objects without having to use our solo-kit based clients. (https://github.com/solo-io/gloo/issues/3643)
v1.4.13

Fixes

v1.4.12

Fixes

v1.4.11

New Features

  • Allow users to specify extra headers for health check requests as secrets. New gloo secret type “header”, containing header name-value pairs, can now be created (details here). Health checks can reference header secrets for additional headers to add in addition to specifying them explicitly. (https://github.com/solo-io/gloo/issues/2914)
v1.4.10

This release contained no user-facing changes.

v1.4.8-patch1

This release build failed.

Fixes

v1.3

v1.3.34

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to 1.14.3-patch2.

Fixes

v1.3.33

Fixes

  • Generate standard Kubernetes go types and clients for AuthConfig custom resources so users can programmatically manage these objects without having to use our solo-kit based clients. (https://github.com/solo-io/gloo/issues/3643)
v1.3.32

Dependency Bumps

  • solo-io/solo-kit has been upgraded to v0.13.8.

Fixes