Open Source Gloo Edge
Open Source Gloo Edge
v1.6.0-beta14
Helm Changes
- When doing a helm install where
istioSDS.enabledis set totrue, theISTIO_META_CLUSTER_IDenvironment variable is now initialized to “Kubernetes”. (https://github.com/solo-io/gloo/issues/3881) - Panic mode allows Envoy load balancing to disregard host’s health status. (https://github.com/solo-io/gloo/issues/3747)
v1.5.12
Helm Changes
- Fix helm template and documentation for configuring tracing (https://github.com/solo-io/gloo/issues/3896)
v1.6.0-beta13
Dependency Bumps
- linux/alpine has been upgraded to v3.12.1.
v1.6.0-beta12
New Features
- Allow an external tracing provider to be configured on a listener via the Gloo API. See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/http_tracer.proto#envoy-v3-api-msg-config-trace-v3-tracing-http for more details on this setting. (https://github.com/solo-io/gloo/issues/3762)
v1.5.11
Fixes
- Expose envoy’s cluster_header field in the gloo api See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-cluster-header for more details about this field. (https://github.com/solo-io/gloo/issues/3749)
v1.5.10
Fixes
- Disable gloo metrics service as it is unused, and CPU intensive. (https://github.com/solo-io/gloo/issues/3849)
- Fixed a bug where a bad authconfig which should invalidate a single virtual service was incorrectly invalidating the entire gateway (https://github.com/solo-io/gloo/issues/3538)
- Fixed a bug where invalid route replacement did not correctly replace routes that referred to a missing
UpstreamGroup, which potentially resulted in incorrect config being sent to envoy. Now, the route will be replaced correctly according to the invalid config policy. (https://github.com/solo-io/gloo/issues/3818)
v1.6.0-beta11
New Features
- Expose envoy’s cluster_header field in the gloo api See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-cluster-header for more details about this field. (https://github.com/solo-io/gloo/issues/3749)
v1.6.0-beta10
New Features
- Add Istio 1.8.x support to the existing glooctl istio integrations. (https://github.com/solo-io/gloo/issues/3855)
Fixes
- Disable gloo metrics service as it is unused, and CPU intensive. (https://github.com/solo-io/gloo/issues/3849)
- Fixed a bug where a bad authconfig which should invalidate a single virtual service was incorrectly invalidating the entire gateway (https://github.com/solo-io/gloo/issues/3538)
- Fixed a bug where invalid route replacement did not correctly replace routes that referred to a missing
UpstreamGroup, which potentially resulted in incorrect config being sent to envoy. Now, the route will be replaced correctly according to the invalid config policy. (https://github.com/solo-io/gloo/issues/3818)
v1.6.0-beta9
New Features
- Expose the server_header_transformation setting via the Gloo API. See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/network/http_connection_manager/v2/http_connection_manager.proto for more details on this setting. (https://github.com/solo-io/gloo/issues/3769)
Fixes
- fixes glooctl check error messages that are displayed when deployments checks have failed (https://github.com/solo-io/gloo/issues/2952)
v1.5.9
Fixes
- Expose the server_header_transformation setting via the Gloo API. See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/network/http_connection_manager/v2/http_connection_manager.proto for more details on this setting. (https://github.com/solo-io/gloo/issues/3769)
v1.5.8
This release contained no user-facing changes.
v1.5.7
Helm Changes
- This change stops ConfigMap, Service, and Gateway objects from being created for gateway proxies if “disabled = true” under the helm chart values override. (https://github.com/solo-io/gloo/issues/3751)
v1.6.0-beta8
Dependency Bumps
- solo-io/solo-apis has been upgraded to rate-limiter-v0.1.2.
New Features
- Define the API to allow for set-style rate limiting. The previous rate-limiting implementation uses a tree structure for descriptors. This adds capability to use a set structure instead, where the descriptors are treated as an unordered set such that a given rule will apply if all the relevant descriptors match, regardless of the values of the other descriptors and regardless of descriptor order. For example, the rule may require
type: aandnumber: 1but theremote_addressdescriptor can have any value. This can also be understood asremote_address: *where * is a wildcard. (https://github.com/solo-io/gloo/issues/2695)
v1.6.0-beta7
This release contained no user-facing changes.
v1.5.6
Dependency Bumps
- solo-kit/solo-io has been upgraded to v0.13.14.
Fixes
- Fix EDS so modifying configs on a TLS enabled Upstream no longer results in 503s (https://github.com/solo-io/gloo/issues/3673)
- Gloo will no longer remove upstreams after editing their spec. (https://github.com/solo-io/gloo/issues/3710)
- Fix EDS so modifying health checks on Upstream no longer results in 503s (https://github.com/solo-io/gloo/issues/3219)
- Allow toggling of EDS to rest XDS to avoid the envoy issue described in the following issue: https://github.com/envoyproxy/envoy/issues/13070. Set to true by default starting in version >
v1.6.0(https://github.com/solo-io/gloo/issues/3805)
v1.6.0-beta6
Dependency Bumps
- solo-kit/solo-io has been upgraded to v0.13.14.
Helm Changes
- This change stops ConfigMap, Service, and Gateway objects from being created for gateway proxies if “disabled = true” under the helm chart values override. (https://github.com/solo-io/gloo/issues/3751)
New Features
- Allow toggling of EDS to rest XDS to avoid the envoy issue described in the following issue: https://github.com/envoyproxy/envoy/issues/13070. Set to true by default starting in version >
v1.6.0(https://github.com/solo-io/gloo/issues/3805)
Fixes
- Fix EDS so modifying configs on a TLS enabled Upstream no longer results in 503s (https://github.com/solo-io/gloo/issues/3673)
- Gloo will no longer remove upstreams after editing their spec. (https://github.com/solo-io/gloo/issues/3710)
- Fix EDS so modifying health checks on Upstream no longer results in 503s (https://github.com/solo-io/gloo/issues/3219)
- Allow static upstream endpoints have individual SNI entries (https://github.com/solo-io/gloo/issues/3806)
v1.5.5
Fixes
- Allow static upstream endpoints have individual SNI entries (https://github.com/solo-io/gloo/issues/3806)
v1.5.4
Helm Changes
- Adds a two helm values that can be used to configure all sds/envoy-sidecar container resource usages. (https://github.com/solo-io/gloo/issues/2979)
v1.6.0-beta5
Helm Changes
- Set route prefix_rewrite in ingress proxy and knative proxy configs from
global.glooStats.routePrefixRewritehelm value. This allows Gloo to integrate with other monitoring systems instead of just Prometheus. (https://github.com/solo-io/gloo/issues/3752) - Adds a single helm value that can be used to configure all sds/envoy-sidecar container resource usages. (https://github.com/solo-io/gloo/issues/2979)
v1.5.3
Fixes
- Fix an issue where ssl configurations across different virtual services may be incorrectly cached if they ssl configurations only differ by ssl-parameters (e.g., min tls version). After this change, ssl configurations that are only different by ssl parameters must have different sni domains. Prior to this change, such a configuration would not error but could result in one ssl configuration being selected over another; now an explicit error is recorded on the virtual service. (https://github.com/solo-io/gloo/issues/3776)
v1.6.0-beta4
Helm Changes
- Add possibility to pass image pull secret to all deployments in helm chart (https://github.com/solo-io/gloo/issues/3729)
- Add a helm value for stats prefix rewrite. This allows Gloo to integrate with other monitoring systems instead of just Prometheus, by setting the
global.glooStats.routePrefixRewritehelm value. (https://github.com/solo-io/gloo/issues/3752)
Fixes
- Fix an issue where ssl configurations across different virtual services may be incorrectly cached if they ssl configurations only differ by ssl-parameters (e.g., min tls version). After this change, ssl configurations that are only different by ssl parameters must have different sni domains. Prior to this change, such a configuration would not error but could result in one ssl configuration being selected over another; now an explicit error is recorded on the virtual service. (https://github.com/solo-io/gloo/issues/3776)
- Fix the validation API to return all errors encountered while validating a list of resources, rather than immediately returning on the first unmarshal error encountered for a resource in a list resource. (https://github.com/solo-io/gloo/issues/3610)
- Fix the validation API error reporting to include the resource associated with the error returned. (https://github.com/solo-io/gloo/issues/3610)
v1.5.2
Fixes
- Fix the validation API to only return proxies that would be generated by proposed resources if requested. This change means the default behavior matches the kubernetes validation webhook API. By including the top-level value
returnProxies=truein the json/yaml request to the API, you can signal the endpoint to return the proxies that would be generated (previously, always returning by default). (https://github.com/solo-io/gloo/issues/3613) - Fix the validation API to return all errors encountered while validating a list of resources, rather than immediately returning on the first unmarshal error encountered for a resource in a list resource. (https://github.com/solo-io/gloo/issues/3610)
- Fix the validation API error reporting to include the resource associated with the error returned. (https://github.com/solo-io/gloo/issues/3610)
v1.6.0-beta3
Dependency Bumps
- envoy-gloo/solo-io has been upgraded to v1.17.0-rc1.
Helm Changes
- Removed the
global.wasm.enabledHELM value for toggling experimental wasm support. Wasm is now enabled by default. This flag is no longer required as there is no more need for a separate gateway-proxy image since wasm support was merged into upstream envoy. (https://github.com/solo-io/gloo/issues/3753) - Addresses minor issue of adding consul configs into helm. (https://github.com/solo-io/gloo/issues/3698)
New Features
- Use official wasm support from upstream envoy, rather than envoy-wasm fork. (https://github.com/solo-io/gloo/issues/3753)
- Allow automatic discovery of TLS when using consul services. Requires serveral changes to gloo’s helm config to use:
Set the
settings.integrations.consul.useTlsflag to true. Assign a tag for gloo to recognize as the TLS tag if the default (settings.integrations.consul.tlsTagName=glooUseTls) is insufficient. Add the consul root CA for gloo to use at settings.integrations.consul.rootCA Once these are setup in gloo, adding the tlsTagName value as a tag to consul services should cause upstreams to automatically have TLS when discovered by gloo. As part of this change, the behavior of tag matching between gloo upstreams and consul service instances was changed from an exact set match to a subset match. Now a match is found if an upstream’s instanceTags are a subset of a service instance’s tags. (https://github.com/solo-io/gloo/issues/2544)
Fixes
- Fix the validation API to only return proxies that would be generated by proposed resources if requested. This change means the default behavior matches the kubernetes validation webhook API. By including the top-level value
returnProxies=truein the json/yaml request to the API, you can signal the endpoint to return the proxies that would be generated (previously, always returning by default). (https://github.com/solo-io/gloo/issues/3613)
v1.5.1
Helm Changes
- Fix helm chart to honor
.Values.settings.replaceInvalidRoutesvalue. This change makes the default invalid route behavior match what’s documented (disabled by default). To enable again, set.Values.settings.replaceInvalidRoutes=true(https://github.com/solo-io/gloo/issues/3619) - Remove duplicate helm values that are no longer needed to keep hook-created values in helm releases. Backport for v1.5. (https://github.com/solo-io/gloo/issues/3498)
Fixes
- Ensure the rest of our docker containers run with user 10101 rather than root (https://github.com/solo-io/gloo/issues/3346)
- With each release, we will additionally be publishing an alternate set of docker containers (tagged as usual but with the “-extended” suffix) that have some additional dependencies built in (e.g.,
curlfor debugging). You can deploy these images by setting the helm valueglobal.image.extended=true. (https://github.com/solo-io/gloo/issues/3399) - Fixed the max_connection_duration and max_stream_duration settings not being exposed the Gloo API. See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#config-core-v3-httpprotocoloptions for more details on these settings. (https://github.com/solo-io/gloo/issues/3628)
v1.6.0-beta2
This release contained no user-facing changes.
v1.6.0-beta1
Helm Changes
- Fix helm chart to honor
.Values.settings.replaceInvalidRoutesvalue. This change makes the default invalid route behavior match what’s documented (disabled by default). To enable again, set.Values.settings.replaceInvalidRoutes=true(https://github.com/solo-io/gloo/issues/3619) - Remove duplicate helm values that are no longer needed to keep hook-created values in helm releases. (https://github.com/solo-io/gloo/issues/3498)
New Features
- With each release, we will additionally be publishing an alternate set of docker containers (tagged as usual but with the “-extended” suffix) that have some additional dependencies built in (e.g.,
curlfor debugging). You can deploy these images by setting the helm valueglobal.image.extended=true. (https://github.com/solo-io/gloo/issues/3399) - Expose the max_connection_duration and max_stream_duration settings via the Gloo API. See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#config-core-v3-httpprotocoloptions for more details on these settings. (https://github.com/solo-io/gloo/issues/3628)
Fixes
- Ensure the rest of our docker containers run with user 10101 rather than root (https://github.com/solo-io/gloo/issues/3346)
- Fix misleading message in
glooctl installoutput when the install namespace already exists. (https://github.com/solo-io/gloo/issues/3704)
v1.4.8-patch1
This release build failed.
Fixes
- Allow compressing the spec for Proxy objects. (https://github.com/solo-io/gloo/issues/3663)
v1.5.0
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to 1.16.0-rc4.
Fixes
- Upgrade envoy-gloo version to fix seg fault in aws lambda filter (https://github.com/solo-io/gloo/issues/3684)
- Update default remote cluster registration namespace to “gloo-system” to simplify the Gloo Fed cluster registration process for most users. (https://github.com/solo-io/gloo/issues/3689)
v1.3.34
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to 1.14.3-patch2.
Fixes
- Upgrade envoy-gloo version to handle CVE-2020-25017 and CVE-2020-25018 (https://github.com/solo-io/gloo/issues/3687)
v1.4.15
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to 1.15.0-patch4.
Fixes
- Upgrade envoy-gloo version to handle CVE-2020-25017 and CVE-2020-25018 (https://github.com/solo-io/gloo/issues/3687)
v1.5.0-beta28
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to 1.16.0-rc3.
Fixes
- Upgrade envoy-gloo version to handle CVE-2020-25017 and CVE-2020-25018 (https://github.com/solo-io/gloo/issues/3687)
- Allow compressing the spec for Proxy objects. (https://github.com/solo-io/gloo/issues/3663)
v1.5.0-beta27
New Features
- Add API to
AuthConfigthat allows users to specify a boolean expression to determine how to evaluate auth configs within an auth chain. Previously, each config on an auth config must be authorized for the entire request to be authorized. This remains the default, but now users can additionally specify a boolean expression (thebooleanExprfield on an auth config) to reference the auth configs and AND/OR/NOT them together to achieve the desired access policy. (https://github.com/solo-io/gloo/issues/3207)
v1.5.0-beta26
Fixes
- Fix for Istio mTLS integration for Istio versions 1.6.9+ and Istio 1.7.1+ (https://github.com/solo-io/gloo/issues/3650)
- Update the envoy-wasm version to the latest 1.16.x version, which now replies with a NACK on a wasm image cache miss, fixing several caching issues. (https://github.com/solo-io/gloo/issues/3624)
v1.3.33
Fixes
- Generate standard Kubernetes
gotypes and clients forAuthConfigcustom resources so users can programmatically manage these objects without having to use our solo-kit based clients. (https://github.com/solo-io/gloo/issues/3643)
v1.4.14
Fixes
- Generate standard Kubernetes
gotypes and clients forAuthConfigcustom resources so users can programmatically manage these objects without having to use our solo-kit based clients. (https://github.com/solo-io/gloo/issues/3643)
v1.5.0-beta25
New Features
- Add new field
inheritableMatchersboolean field (default false) to virtual services and route tables that, when true, changes how route delegation handles header, method, and query parameter matchers from the parent resource. By default, route tables must have matchers that are a superset of those from the parent, as this improves readability. By settinginheritableMatchersto true, any header, method, and query parameter matchers from the parent that are absent from the child will be automatically included on the generated route. (https://github.com/solo-io/gloo/issues/3327) - Generate standard Kubernetes
gotypes and clients forAuthConfigcustom resources so users can programmatically manage these objects without having to use our solo-kit based clients. (https://github.com/solo-io/gloo/issues/3643)
Fixes
- Fix a bug that was causing
glooctl istio injectto use the wrong version for the SDS sidecar in GlooE environments. (https://github.com/solo-io/gloo/issues/3641)
v1.4.13
Fixes
- Changes our sni domain checking logic to more broadly check against duplicate filter chain matches in a listener like envoy. Backport for gloo 1.4. (https://github.com/solo-io/gloo/issues/3459)
- Allow changing a label value for ingress proxy to enable multiple ingress proxy instances in the same cluster. (https://github.com/solo-io/gloo/issues/3587)
- Expose Envoy’s cluster configuration
common_http_protocol_optionsparameters in the Gloo API. (https://github.com/solo-io/gloo/issues/3560)
v1.5.0-beta24
Fixes
- Change the tutorial install script to install the latest stable version, instead of possibly installing beta releases. (https://github.com/solo-io/gloo/issues/3589)
v1.5.0-beta23
Dependency Bumps
- envoyproxy/envoy has been upgraded to v1.16-rc2.
- solo-io/skv2 has been upgraded to v0.8.1.
New Features
- Added improvements to the user experience for using gloo with Istio. Added helper commands for glooctl, so that users can simply perform
glooctl istio injectandglooctl istio enable-mtls --upstream fooin order to have Gloo and Istio up and running and communicating together over mTLS. (https://github.com/solo-io/gloo/issues/3532) - Allow secrets to be added to request headers by referencing a k8s secret resource via its namespace and name. (https://github.com/solo-io/gloo/issues/2751)
- Change the
glooctl cluster unregistercommand toglooctl cluster deregister. The deregister command now deletes the service account, cluster role, and cluster role binding created on the remote cluster during the cluster registration process. Example usage isglooctl cluster deregister --cluster-name kind-remote --remote-context kind-remote. (https://github.com/solo-io/gloo/issues/3369)
Fixes
- Virtual Services with overlapping SNI domains in the same gateway are invalid. This change fixes our matching rules to consider cases where the sni domain is unset, and not allow multiple configs with an unset sni domain. (https://github.com/solo-io/gloo/issues/3459)
- Fix the default clustername in sds to match the name given in the docs. (https://github.com/solo-io/gloo/issues/3573)
- Expose Envoy’s cluster configuration
common_http_protocol_optionsparameters in the Gloo API. (https://github.com/solo-io/gloo/issues/3560)
v1.5.0-beta22
This release contained no user-facing changes.
v1.5.0-beta21
Helm Changes
- Removes ratelimit from default values template, which should prevent ratelimit warnings on gloo installation. (https://github.com/solo-io/gloo/issues/3467)
New Features
- Add AWS lambda function discovery using EKS Service Account credentials. (https://github.com/solo-io/gloo/issues/3559)
- Add route table delegation selector expressions. (https://github.com/solo-io/gloo/issues/3586)
- Added support for query parameter matchers, header matchers, and method matchers to the route table delegation API. Delegated routes must still use the prefix matcher, but now they can also leverage the aforementioned matchers so long as the delegated route’s matchers are a superset of the parent route’s matchers. (https://github.com/solo-io/gloo/issues/3327)
Fixes
- Handle an edge case where the gateway does not publish the status for its resources. (https://github.com/solo-io/gloo/issues/3592)
- Allow changing a label value for ingress proxy to enable multiple ingress proxy instances in the same cluster. (https://github.com/solo-io/gloo/issues/3587)
- Fix opentracing causing envoy failure. Adds type-checking for all envoy go-control-plane data structures. (https://github.com/solo-io/gloo/issues/3496)
- Added a prometheus metric to the gateway pod that indicates whether the validating admission webhook determined that the config was valid. (https://github.com/solo-io/gloo/issues/3408)
v1.4.12
Fixes
- Virtual Services with overlapping SNI domains in the same gateway are invalid. This adds some checks to make sure such changes are rejected before they reach envoy. (https://github.com/solo-io/gloo/issues/3459)
- Handle and edge case where the gateway does not publish the status for its resources. (https://github.com/solo-io/gloo/issues/3592)
v1.5.0-beta20
New Features
- Adds the ability to build Gloo for ARM64 architectures (https://github.com/solo-io/gloo/issues/3486)
Fixes
- Fixes an issue where Istio certificates used in mTLS were not being rotated in envoy. (https://github.com/solo-io/gloo/issues/3295)
v1.5.0-beta19
Helm Changes
- Add ability to supply arbitrary labels to gloo pods via helm configuration (https://github.com/solo-io/gloo/issues/3441)
New Features
- Expose the raw envoy configuration for the gRPC to JSON transcoding filter, which can be leveraged to expose a gRPC service both as a gRPC service and as a REST API. Exposing the underlying envoy configuration allows users more granular control over the gRPC to JSON mappings than the current Gloo API for gRPC to JSON (that doesn’t require explicit protobuf descriptors to be provided since they will be discovered). One example where users may want more granular control of their gRPC to JSON mappings may be to leverage query parameter transcoding. (https://github.com/solo-io/gloo/issues/2188)
- Allow users to specify extra headers for health check requests as secrets. New gloo secret type “header”, containing header name-value pairs, can now be created (details here). Health checks can reference header secrets for additional headers to add in addition to specifying them explicitly. (https://github.com/solo-io/gloo/issues/2914)
Fixes
- Virtual Services with overlapping SNI domains in the same gateway are invalid. This adds some checks to make sure such changes are rejected before they reach envoy. (https://github.com/solo-io/gloo/issues/3459)
v1.3.32
Dependency Bumps
- solo-io/solo-kit has been upgraded to v0.13.8.
Fixes
- Fix a bug where a virtual service has an inconsistent state, by keeping only the last version of it and reducing the number of go-routines. (https://github.com/solo-io/gloo/issues/3115)
v1.4.11
New Features
- Allow users to specify extra headers for health check requests as secrets. New gloo secret type “header”, containing header name-value pairs, can now be created (details here). Health checks can reference header secrets for additional headers to add in addition to specifying them explicitly. (https://github.com/solo-io/gloo/issues/2914)
v1.4.10
This release contained no user-facing changes.
v1.5.0-beta18
Dependency Bumps
- solo-io/solo-apis has been upgraded to gloo-fed-v0.0.19.
New Features
- Support a flag “-x” for excluding certain checks with glooctl. (https://github.com/solo-io/gloo/issues/3492)
Fixes
- Update the version of golang Gloo was built with from 1.14.0 to 1.14.6, to pickup patch fixes to go; most notably, a workaround in go for a bug in affected Linux kernels (5.2.x, 5.3.0-5.3.14, 5.4.0-5.4.1) that could result in a corrupted AVX register and crash Gloo. (https://github.com/solo-io/gloo/issues/3493)
v1.4.9
Helm Changes
- Add helm value for rate limit descriptors in settings. (https://github.com/solo-io/gloo/issues/3422)
Fixes
- Update the version of golang Gloo was built with from 1.14.0 to 1.14.6, to pickup patch fixes to go; most notably, a workaround in go for a bug in affected Linux kernels (5.2.x, 5.3.0-5.3.14, 5.4.0-5.4.1) that could result in a corrupted AVX register and crash Gloo. (https://github.com/solo-io/gloo/issues/3493)
v1.5.0-beta17
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to v1.16.0-rc1.
Helm Changes
- Add helm value for rate limit descriptors in settings. (https://github.com/solo-io/gloo/issues/3422)
New Features
- Define the API to allow adding arbitrary API key secret data to the headers of successfully authorized requests. (https://github.com/solo-io/gloo/issues/3385)
- Define the API to allow users to change the name of the header that the Gloo Enterprise external auth server inspects for API keys. (https://github.com/solo-io/gloo/issues/3390)
- The API keys can now be provided as simple Kubernetes secrets. Instead of being nested in a YAML document inside the secret data, the key is now simply the value of the
api-keydata key. This change is backwards compatible, i.e. Gloo will still support existing secrets with the old format.glooctl create secret apikeywill now generate secrets with the new format. (https://github.com/solo-io/gloo/issues/3472) - Support a Kubernetes-style plugin system for glooctl. (See https://kubernetes.io/docs/tasks/extend-kubectl/kubectl-plugins/). This allows users to invoke arbitrary binary plugins via glooctl
, where a plugin is defined as any executable on the user’s PATH that is prefixed with glooctl-. (https://github.com/solo-io/gloo/issues/3460)
Fixes
- Update envoy to pull in grpc-web fix for safari. (https://github.com/solo-io/gloo/issues/3474)
v1.5.0-beta16
This release contained no user-facing changes.
v1.5.0-beta15
This release build failed.
New Features
- Support assuming AWS iam roles for lambda requests via the AWS STS AssumeRoleWithWebToken API. This feature allows Gloo instances running in EKS to use AWS Service Account credentials to authenticate requests directly. (https://github.com/solo-io/gloo/issues/3309)
v1.4.8
Helm Changes
- Support a Kubernetes
preStophook to enable a “graceful shutdown” when relying on external loadbalancers. This will allow envoy to fail external facing healthchecks while still processing existing requests. This feature is controlled via a helm value, specifically thegatewayProxies.gatewayProxy.podTemplate.gracefulShutdownobject. You can enable the hook viagatewayProxies.gatewayProxy.podTemplate.gracefulShutdown.enabledand control the actual time of the grace period viagatewayProxies.gatewayProxy.podTemplate.gracefulShutdownsleepTimeSeconds(https://github.com/solo-io/gloo/issues/3308)
Fixes
- The gateway validation API now honors dry-run requests. Previously, any dry-run requests could still modify the internal resource cache, making future gateway validation results incorrect. (https://github.com/solo-io/gloo/issues/3437)
v1.5.0-beta14
Helm Changes
- Support a Kubernetes
preStophook to enable a “graceful shutdown” when relying on external loadbalancers. This will allow envoy to fail external facing healthchecks while still processing existing requests. This feature is controlled via a helm value, specifically thegatewayProxies.gatewayProxy.podTemplate.gracefulShutdownobject. You can enable the hook viagatewayProxies.gatewayProxy.podTemplate.gracefulShutdown.enabledand control the actual time of the grace period viagatewayProxies.gatewayProxy.podTemplate.gracefulShutdownsleepTimeSeconds(https://github.com/solo-io/gloo/issues/3308) - Surface customPorts field in gatewayProxy to allow abritrary port mangement. (https://github.com/solo-io/gloo/issues/3301)
- Add Extra ServiceAccount annotations to helm chart for Gloo, Discovery, and Proxy pods. (https://github.com/solo-io/gloo/issues/2698)
New Features
- Gateway validation API (the API that backs the validating webhook) now handles lists of gateway resources. (https://github.com/solo-io/gloo/issues/3261)
- The gateway validation API now handles yaml admission requests if sent with the
application/x-yamlheader. (https://github.com/solo-io/gloo/issues/3256) - Validation API now returns proxies in the webhook response. The proxy returned may be useful to perform diffs between proxies before and after proposed changes to gateway resources (virtual services, route tables, gateways). (https://github.com/solo-io/gloo/issues/3257)
Fixes
- Support temporary AWS credentials for aws lambda discovery and invocation. AWS secrets now support a 3rd optional piece of data which is the AWS_SESSION_TOKEN. The credentials can also be supplied via the Default Credentials Provider. (https://github.com/solo-io/gloo/issues/2373)
- Fix glooctl demo federation command for linux. (https://github.com/solo-io/gloo-fed/issues/239)
- Fix for panic when inspecting no-auth virtual services in glooctl check. (https://github.com/solo-io/gloo/issues/3391)
- Correct validation webhook to respect readGatewaysFromAllNamespaces when examining gateway changes. (https://github.com/solo-io/gloo/issues/3336)
- URL-encoded data can now be extracted verbatim by path and header extractors. (https://github.com/solo-io/gloo/issues/3344)
- The gateway validation API now honors dry-run requests. Previously, any dry-run requests could still modify the internal resource cache, making future gateway validation results incorrect. (https://github.com/solo-io/gloo/issues/3437)
v1.4.7
Helm Changes
- Add “Disabled” field to GatewayProxy configuration to allow overriding the existence of Gateway Proxies from previous config files. (https://github.com/solo-io/gloo/issues/1756)
New Features
- Gateway validation API (the API that backs the validating webhook) now handles lists of gateway resources. (https://github.com/solo-io/gloo/issues/3261)
- The gateway validation API now handles yaml admission requests if sent with the
application/x-yamlheader. (https://github.com/solo-io/gloo/issues/3256) - Validation API now returns proxies in the webhook response. The proxy returned may be useful to perform diffs between proxies before and after proposed changes to gateway resources (virtual services, route tables, gateways). (https://github.com/solo-io/gloo/issues/3257)
Fixes
- Correct validation webhook to respect readGatewaysFromAllNamespaces when examining gateway changes. (https://github.com/solo-io/gloo/issues/3336)
v1.4.6
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to v1.15.0-patch1.
Fixes
- Allow specifying transformations at an earlier stage. Also allow response only transformations, that match on response headers. (https://github.com/solo-io/gloo/issues/3028)
v1.5.0-beta13
Helm Changes
- Add “Disabled” field to GatewayProxy configuration to allow overriding the existence of Gateway Proxies from previous config files. (https://github.com/solo-io/gloo/issues/1756)
New Features
- Add the
glooctl demo federationcommand, which bootstraps a multicluster demo with Gloo Federation (https://github.com/solo-io/gloo/issues/3369) - If
glooctl checkdetects multicluster resources, it will check those resources as well. (https://github.com/solo-io/gloo/issues/3369)
v1.5.0-beta12
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to v1.15.0-patch1.
v1.5.0-beta11
Dependency Bumps
- solo-io/envoy-operator has been upgraded to v0.1.4.
Fixes
- Fix default version output type and server type. (https://github.com/solo-io/gloo/issues/3381)
- When wasm is enabled, retry updates so that envoy will accept the config after first cache pass. (https://github.com/solo-io/gloo/issues/3035)
v1.5.0-beta10
This release contained no user-facing changes.
v1.5.0-beta9
Helm Changes
- Add the following Helm values, available for Gloo Enterprise only:
gatewayProxies.NAME.failover.enabled: Configure this proxy for failover. Set to false by default.gatewayProxies.NAME.failover.port: Port to use for failover Gateway bind port, and service. Default is 15443.gatewayProxies.NAME.failover.nodePort: Optional NodePort for failover Service.gatewayProxies.NAME.failover.secretName: Secret containing downstream Ssl Secrets. Set tofailover-downstreamby default. (https://github.com/solo-io/gloo/issues/3338)
- Add the following Helm value:
gloo.deployment.restXdsPort: the port port where gloo serves REST xDS API to Envoy. Set to 9976 by default. (https://github.com/solo-io/gloo/issues/3338)
New Features
- Add the following commands:
glooctl cluster list- List clusters registered to the Gloo Federation control planeglooctl cluster register- Register a cluster to the Gloo Federation control planeglooctl cluster unregister- Unregister a cluster to the Gloo Federation control plane (https://github.com/solo-io/gloo/issues/3369)
- Add the following commands:
glooctl install federation- install Gloo Federation on Kubernetesglooctl uninstall federation- uninstall Gloo Federation (https://github.com/solo-io/gloo/issues/3369)
Fixes
- Allow specifying transformations at an earlier stage. Also allow response only transformations, that match on response headers. (https://github.com/solo-io/gloo/issues/3028)
- Stop copying Kubernetes labels when creating Upstreams. Treat labels instead as a discovery-related metadata that can be explicitly used downstream (e.g. by FDS). (https://github.com/solo-io/gloo/issues/2634)
- Update wasm protos to reflect latest method signatures. This fixes a bug in our previous wasm implementation, and uses the configuration object google.protobuf.Any instead of a string value for config. (https://github.com/solo-io/gloo/issues/3035)
Notes Marked as a pre-release as there are errors in the proto imports
v1.5.0-beta8
New Features
- Define the API to enforce rate limit policies using
RateLimitConfigresources. The API allows users to apply policies by referencing a set ofRateLimitConfigresources onVirtualHostsandRoutes. Each resource represents a rate limit policy that will be independently enforced on the routing resource that references it. Please see the docs for a detailed explanation of the new API. (https://github.com/solo-io/gloo/issues/3335) - Route-level rate limit descriptors are now supported via the new
RateLimitConfigresources. (https://github.com/solo-io/gloo/issues/2462) - Expose InitialStreamWindowSize and InitialConnectionWindowSize as http2 protocol options. They both default to 256Mib. (https://github.com/solo-io/gloo/issues/3305)
Fixes
- Use the proxy status rather than entire proxy when calculating if we need to update the status of a gateway resource. This change means we resync the status of gateway resources only when we need to. When failing to write status, it will be retried a second later. (https://github.com/solo-io/gloo/issues/3115)
v1.4.5
Fixes
- Use the proxy status rather than entire proxy when calculating if we need to update the status of a gateway resource. This change means we resync the status of gateway resources only when we need to. When failing to write status, it will be retried a second later. (https://github.com/solo-io/gloo/issues/3115)
v1.5.0-beta7
New Features
- Define the API to specify access token validation for external authentication in Gloo Enterprise. This API allows for a user to perform additional validation on the access token received during an OAuth2.0 flow and use it in authorization decisions. The userinfo metadata can also be queried and leveraged in an extauth plugin. Further, users can perform the first leg of an OAuth2.0 flow outside of Gloo and only use Gloo to validate access tokens that have been provided on the incoming request. (https://github.com/solo-io/gloo/issues/3055)
Fixes
- Fix a bug where a virtual service has an inconsistent state, by keeping only the last version of it and reducing the number of go-routines. (https://github.com/solo-io/gloo/issues/3115)
v1.4.4
Fixes
- Fix a bug where a virtual service has an inconsistent state, by keeping only the last version of it and reducing the number of go-routines. (https://github.com/solo-io/gloo/issues/3115)
v1.4.3
Fixes
- Fix issue where gateway-level extauth could not be overriden by lower-level virtualhost, route, and weighted destination extauth config. (https://github.com/solo-io/gloo/issues/3270)
v1.5.0-beta6
Fixes
- Fix issue where gateway-level extauth could not be overriden by lower-level virtualhost, route, and weighted destination extauth config. (https://github.com/solo-io/gloo/issues/3270)
v1.5.0-beta5
New Features
- Prepend the TlsInspector filter when no SNI domains are available to match on, as without the ServerName match envoy does not automatically prepend it (https://github.com/solo-io/gloo/issues/3288)
- Expose IncludeRequestAttemptCount and IncludeAttemptCountInResponse as VirtualHost options. They both default to false. (https://github.com/solo-io/gloo/issues/3182)
Fixes
- Removed the 30 second timeout on the knative syncer propagating the proxy status. Now we have eventual consistency and the proxy will eventually report as ready even if eg a secret is added after a config which uses it. (https://github.com/solo-io/gloo/issues/3281)
- Properly validate
RouteTableroutes without matchers. Like with regularVirtualServiceroutes, these routes will be assigned the default/prefix matcher. Consequently, the route is valid only if the parent route also has a\prefix matcher (either explicitly defined, or by default). (https://github.com/solo-io/gloo/issues/3291) - Report delegation cycle errors on the offending
RouteTable, not only onVirtualServicesthat use the table. (https://github.com/solo-io/gloo/issues/3144)
v1.2.25
Dependency Bumps
- envoy-gloo/solo-io has been upgraded to v1.13.3-patch1.
Fixes
- Fix issue where two ssl certs with the same name but different namespaces were merged. (https://github.com/solo-io/gloo/issues/2605)
v1.3.31
CVEs
Updated envoy-gloo to one based on envoy 1.14.3, which includes security fixes in envoy. For more details on the CVEs, see the envoy release notes here.
Note that one of the CVEs requires setting the global_downstream_max_connections, which may affect traffic if you perform a rolling upgrade from a version vulnerable to the CVE. The max connections is configurable and defaults to 250,000.
Dependency Bumps
- envoy-gloo/solo-io has been upgraded to v1.14.3-patch1.
Fixes
- Ingress: fixed updating status.loadBalancer field (https://github.com/solo-io/gloo/issues/2473)
- Properly suffix all cluster-scoped RBAC resources, including those only relevant to ingress- and knative-mode installations. This ensures that multi-tenant Gloo installations will not experience conflicts on those RBAC resources. (https://github.com/solo-io/gloo/issues/3103)
- Default gateway proxy to running as non-root and disabling NET_BIND_SERVICE by default. (https://github.com/solo-io/gloo/issues/3084)
- Enable certgen to run in a fully restricted kubernetes environment. Certgen now runs without root privileges. (https://github.com/solo-io/gloo/issues/3084)
v1.4.2
CVEs
Updated envoy-gloo to one based on envoy master (1.15.0), which includes security fixes in envoy. For more details on the CVEs, see the envoy release notes here.
Note that one of the CVEs requires setting the global_downstream_max_connections, which may affect traffic if you perform a rolling upgrade from a version vulnerable to the CVE. The max connections is configurable and defaults to 250,000.
Dependency Bumps
- envoy-gloo/solo-io has been upgraded to v1.15.0-rc1.
Fixes
- Add Envoy host with port rule for Ingress (https://github.com/solo-io/gloo/issues/3244)
- Fix TCP multi-cluster routing by enabling routing via SNI name. Gloo adds new APIs to expose the envoy tcp SNI filter. (https://github.com/solo-io/gloo/issues/3223)
v1.5.0-beta4
CVEs
Updated envoy-gloo to one based on envoy master (1.15.0), which includes security fixes in envoy. For more details on the CVEs, see the envoy release notes here.
Note that one of the CVEs requires setting the global_downstream_max_connections, which may affect traffic if you perform a rolling upgrade from a version vulnerable to the CVE. The max connections is configurable and defaults to 250,000.
Dependency Bumps
- envoy-gloo/solo-io has been upgraded to v1.15.0-rc1.
Fixes
- Add Envoy host with port rule for Ingress (https://github.com/solo-io/gloo/issues/3244)
- Make glooctl debug command respect -f flag for unzipped log output (https://github.com/solo-io/gloo/issues/3124)
v1.5.0-beta3
Dependency Bumps
- solo-io/go-utils has been upgraded to v0.16.3.
v1.5.0-beta2
Dependency Bumps
- solo-io/go-utils has been upgraded to v0.16.3.
v1.5.0-beta1
Dependency Bumps
- solo-io/go-utils has been upgraded to v0.16.1.
New Features
- Add the envoy Upstream Cluster from SNI filter to the TCP proxy. This filter allows for the sni name of a tls request to be used as the cluster name when routing requests through a TCP listener. (https://github.com/solo-io/gloo/issues/3223)
Fixes
- Fix bug in UDS where Health Checks and Outlier Detection config are being overwritten by updated upstreams. In addition add the
UseHttp2option to the list of checked fields. Part of this involved switching the UseHttp2 option on the Upstream to awrappers.BoolValue. This has no impact on the API itself, but only on the Go implementations. (https://github.com/solo-io/gloo/issues/3216)
v1.4.1
Fixes
- Fix bug in UDS where Health Checks and Outlier Detection config are being overwritten by updated upstreams. In addition add the
UseHttp2option to the list of checked fields. Part of this involved switching the UseHttp2 option on the Upstream to awrappers.BoolValue. This has no impact on the API itself, but only on the Go implementations. (https://github.com/solo-io/gloo/issues/3216)
v1.4.0
Helm Changes
- The loadBalancerIP for the ingress-proxy service can now be configured in helm. This is controlled through the new Helm string value
ingressProxy.service.loadBalancerIP. (https://github.com/solo-io/gloo/issues/3184)
New Features
- Default gateway proxy to mount volumes as non-root. (https://github.com/solo-io/gloo/issues/3084)
Fixes
- Ingress: fixed updating status.loadBalancer field (https://github.com/solo-io/gloo/issues/2473)
v1.4.0-beta16
Marked as a pre-release as some of the XDS code still returns v3 resources as v2 resources, which may, in rare cases, cause bugs. The envoy v3 API changes will be reverted in the next release, and completed in a future release.
Helm Changes
- In “gateway” installations of Gloo, enable configuration of the loopback address used for binding the Envoy admin port. This is controlled through the new Helm string value
gatewayProxies.gatewayProxy.loopBackAddress. That same Helm value is also now used to configure the address used for Envoy’s readiness probes in a Kubernetes environment. In “ingress” installations of Gloo, Envoy’s admin port address is configured using the Helm string valueingressProxy.loopBackAddress. And in “knative” installations, it is configured using the Helm string valuesettings.integrations.knative.proxy.loopBackAddress. (https://github.com/solo-io/gloo/issues/3114)
Fixes
- Properly suffix all cluster-scoped RBAC resources, including those only relevant to ingress- and knative-mode installations. This ensures that multi-tenant Gloo installations will not experience conflicts on those RBAC resources. (https://github.com/solo-io/gloo/issues/3103)
- Re add SDS V2 API to SDS container along side new V3 API so that both may run simultaneously while we transition to V3 API in envoy across different components. This change only affects gloo running in MTLS mode. In addition, removing the top level locality field of the Failover API introduce in
v1.4.0-beta15as it does not have any meaningful effect on the underlying implementation. (https://github.com/solo-io/gloo/pull/3191)
v1.3.30
Fixes
- Expose a validation setting (
allowWarnings, defaulttrue) in the API and in helm that was intended to be exposed. When set to false, the validation webhook will begin rejecting resources that cause warnings in addition to resources that would cause errors. For this to take effect, note that the validation settingalwaysAcceptmust be set to false. (defaulttrue) (https://github.com/solo-io/gloo/issues/3099) - Register listener plugin so that listener options are translated to Envoy configuration. (https://github.com/solo-io/gloo/issues/2904)
- Expose
perConnectionBufferLimitBytesas an optional configuration on an upstream connection. If unset, Envoy uses the default of 1MiB. (https://github.com/solo-io/gloo/issues/2861)
v1.4.0-beta15
Marked as pre-release due to mTLS mode regression (detailed in #3191) with v2 -> v3 envoy API migration. Will also remove an unnecessary component from the new Failover API added in this release.
New Features
- Define the API to specify Prioritized Failover in Gloo. This API allows for a user to define a list of endpoint sets which will be used in the case that the main upstream endpoint becomes unhealthy. Failover supports optional locality weighted load balancing which assigns additional weighted load balancing based on the locality assigned to each of the endpoint sets. (https://github.com/solo-io/gloo/issues/3141)
- Default gateway proxy to running as non-root and disabling NET_BIND_SERVICE by default. (https://github.com/solo-io/gloo/issues/3084)
- Enable certgen to run in a fully restricted kubernetes environment. Certgen now runs without root privileges. (https://github.com/solo-io/gloo/issues/3084)
Fixes
- Expose a validation setting (
allowWarnings, defaulttrue) in the API and in helm that was intended to be exposed. When set to false, the validation webhook will begin rejecting resources that cause warnings in addition to resources that would cause errors. For this to take effect, note that the validation settingalwaysAcceptmust be set to false. (defaulttrue) (https://github.com/solo-io/gloo/issues/3099) - Fix setting custom runAsUser during helm install via –set (https://github.com/solo-io/gloo/issues/3152)
v1.3.29
Fixes
- Add Go tags to the extauth config protos to allow redacting sensitive data in log statements in the extauth server. (https://github.com/solo-io/gloo/issues/3105)
v1.4.0-beta14
Dependency Bumps
- solo-io/solo-kit has been upgraded to v0.13.8.
New Features
- Add a Gloo golang extension to allow for adding/editing of EDS endpoints before they are sent to envoy. This interface will be called from within the Gloo translator and allow for extension of Gloo EDS programmatically. (https://github.com/solo-io/gloo/issues/3131)
- Gloo now supports enabling the Envoy buffer filter by configuring
spec.httpGateway.options.bufferof the desired Gateway. This can also be overridden on virtual services at the virtual host or route level, and on weighted destinations. See envoy buffer for more details. (https://github.com/solo-io/gloo/issues/2444)
Fixes
- Add Go tags to the extauth config protos to allow redacting sensitive data in log statements in the extauth server. (https://github.com/solo-io/gloo/issues/3105)
- Allow for spaces around parameter names in gRPC parameter options (https://github.com/solo-io/gloo/issues/3123)
v1.4.0-beta13
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to v1.4.3.
v1.3.28
Helm Changes
- Support for specifying the IP ranges that are allowed to access the load balancer via loadBalancerSourceRanges. Refer to Restrict Access For LoadBalancer Service (https://github.com/solo-io/gloo/issues/2358)
- Setting nodeport numbers in values.yml did not work due to a typo in the gateway-proxy-service template. Fixed the typo. (https://github.com/solo-io/gloo/issues/3015)
Fixes
- Expose
perConnectionBufferLimitBytesas a listener option. If left unset, Envoy will continue to use the default1MiB. (https://github.com/solo-io/gloo/issues/2835) - Fixes a bug where
glooctl checkwas always reporting that Gloo was out of sync with the rate limiting server when Enterprise Gloo was installed. (https://github.com/solo-io/gloo/issues/3030) - Expose envoy’s core.Http1ProtocolOptions.HeaderKeyFormat in the Gloo API as httpConnectionManager.http_protocol_options.proper_case_header_key_format. By default, all header keys are lower cased. If proper_case_header_key_format is set to true, envoy formats the header by proper casing words: the first character and any character following a special character will be capitalized if it’s an alpha character. For example, “content-type” becomes “Content-Type”, and “foo$b#$are” becomes “Foo$B#$Are”. Note that while this results in most headers following conventional casing, certain headers are not covered. For example, the “TE” header will be formatted as “Te”. (https://github.com/solo-io/gloo/issues/2940)
v1.4.0-beta12
Helm Changes
- Support for specifying the IP ranges that are allowed to access the load balancer via loadBalancerSourceRanges. Refer to Restrict Access For LoadBalancer Service (https://github.com/solo-io/gloo/issues/2358)
- Setting nodeport numbers in values.yml did not work due to a typo in the gateway-proxy-service template. Fixed the typo. (https://github.com/solo-io/gloo/issues/3015)
New Features
- Added additional metrics reporting and examples to the gRPC access logging service. This service is intended to be built upon to handle specific needs for reporting and observability in different advanced use cases. (https://github.com/solo-io/gloo/issues/2804)
- Adds support for the use of named ports on Kubernetes Ingress objects. (https://github.com/solo-io/gloo/issues/3050)
- Adds the
customIngressClassvariable to the Gloo Helm Chart, which, when set, will allow overriding the defaultkubernetes.io/ingress.classIngress Class used by Gloo. Use in combination withrequireIngressClassto allow multiple Gloo controllers to partition the Ingress objects within a cluster. (https://github.com/solo-io/gloo/issues/3047) - Add extauth and ratelimit settings to Gateway httpGateway.options.extauth and httpGateway.options.ratelimit. This takes precedence over the global extauth and ratelimit settings on the Settings object, and allows users to set per-gateway extauth or rate-limit configuration for a set of virtual services. (https://github.com/solo-io/gloo/issues/2257)
- Expose envoy’s core.Http1ProtocolOptions.HeaderKeyFormat in the Gloo API as httpConnectionManager.http_protocol_options.proper_case_header_key_format. By default, all header keys are lower cased. If proper_case_header_key_format is set to true, envoy formats the header by proper casing words: the first character and any character following a special character will be capitalized if it’s an alpha character. For example, “content-type” becomes “Content-Type”, and “foo$b#$are” becomes “Foo$B#$Are”. Note that while this results in most headers following conventional casing, certain headers are not covered. For example, the “TE” header will be formatted as “Te”. (https://github.com/solo-io/gloo/issues/2940)
Fixes
- Fixes a bug where
glooctl checkwas always reporting that Gloo was out of sync with the rate limiting server when Enterprise Gloo was installed. (https://github.com/solo-io/gloo/issues/3030) - Fixes a bug where the Gloo Ingress Controller (
ingresspod) would stop processing Ingress updates when a detected Ingressbackendincorrectly referenced a service port. (https://github.com/solo-io/gloo/issues/3051) - Suppress the usage message for glooctl on error. This makes error messages easier to find. (https://github.com/solo-io/gloo/issues/2880)
v1.3.27
Helm Changes
- Add new helm value to disable the validation admission webhook (https://github.com/solo-io/gloo/issues/3016)
New Features
glooctl checknow reports an error when Enterprise Gloo is installed and is reporting a stat indicating it is out of sync with the Rate Limit server. (https://github.com/solo-io/gloo/issues/2832)glooctl checknow reports an error when Enterprise Gloo is installed and any of the data plane components have reported a nack. (https://github.com/solo-io/gloo/issues/1627)
Fixes
- Gloo no longer reports a warning when route tables share a weight, since that is the default behavior. This means
glooctl checkno longer errors out on this route table warning. (https://github.com/solo-io/gloo/issues/2793) glooctl uninstallnow cleans up developer portal resources when Gloo was installed withglooctl install gateway --dry-run | kubectl apply -f -. (https://github.com/solo-io/gloo/issues/2836)
v1.4.0-beta11
Dependency Bumps
- solo-io/solo-kit has been upgraded to v0.13.7.
Helm Changes
- Add new helm value to disable the validation admission webhook (https://github.com/solo-io/gloo/issues/3016)
New Features
glooctl checknow reports an error when Enterprise Gloo is installed and is reporting a stat indicating it is out of sync with the Rate Limit server. (https://github.com/solo-io/gloo/issues/2832)glooctl checknow reports an error when Enterprise Gloo is installed and any of the data plane components have reported a nack. (https://github.com/solo-io/gloo/issues/1627)
Fixes
- Gloo pod will now log a clear message when an upstream’s port does not match that of its underlying kubernetes service. (https://github.com/solo-io/gloo/issues/2905)
- Gloo no longer reports a warning when route tables share a weight, since that is the default behavior. This means
glooctl checkno longer errors out on this route table warning. (https://github.com/solo-io/gloo/issues/2793) glooctl uninstallnow cleans up developer portal resources when Gloo was installed withglooctl install gateway --dry-run | kubectl apply -f -. (https://github.com/solo-io/gloo/issues/2836)
v1.3.26
Helm Changes
- Allow nodeport numbers to be pre-defined in the values.yml if setting gateway proxy service to nodeport. (https://github.com/solo-io/gloo/issues/2899)
Fixes
- When AuthConfigs are updated, gloo resyncs, which should trigger a gateway resync as well. (https://github.com/solo-io/gloo/issues/2920)
- When static upstreams are converted to Envoy clusters, add hostnames to each endpoint so that host headers for requests and healthchecks are set to the endpoint hostname rather than the Envoy cluster name. This change only applies if
autoHostRewriteis set to true on route routing to the static upstream. (https://github.com/solo-io/gloo/issues/2794)
v1.4.0-beta10
Helm Changes
- Allow nodeport numbers to be pre-defined in the values.yml if setting gateway proxy service to nodeport. (https://github.com/solo-io/gloo/issues/2899)
Fixes
- When AuthConfigs are updated, gloo resyncs, which should trigger a gateway resync as well. (https://github.com/solo-io/gloo/issues/2920)
v1.4.0-beta9
Fixes
- Fix Helm chart bug where the
gateway.readGatewaysFromAllNamespacesflag was ignored when validation disabled. (https://github.com/solo-io/gloo/issues/2935) - We allow virtual services, route tables, and upstreams to refer to an upstream by name only, leaving the namespace field empty. Gloo will assume that the upstream’s namespace is the namespace of the parent resource (the upstream group, virtual service or route table). Previously, this caused Envoy to be in a bad state, and the route would return a 503 error. (https://github.com/solo-io/gloo/issues/2730)
- When static upstreams are converted to Envoy clusters, add hostnames to each endpoint so that host headers for requests and healthchecks are set to the endpoint hostname rather than the Envoy cluster name. This change only applies if
autoHostRewriteis set to true on route routing to the static upstream. (https://github.com/solo-io/gloo/issues/2794)
v1.3.25
New Features
- Gloo’s validation webhook now validates inja compilation syntax before accepting/rejecting virtual services that use transformations. Note that strict validation is still disabled by default, and must be enabled in the Gloo settings. Users can now rely more on
kubectl apply --server-dry-runagainst live clusters to properly validate whether config is valid before attempting to apply them to their cluster. (https://github.com/solo-io/gloo/issues/2114)
Fixes
glooctl checkno longer hangs while checking secrets if the user doesn’t have cluster-wide permissions. (https://github.com/solo-io/gloo/issues/2820)glooctl checkno longer requires the user to have access to all namespaces. The user must still have access to the namespaces that Gloo watches. (https://github.com/solo-io/gloo/issues/2375)glooctl checkwas always using the default namespace for the version mismatch check. Now it uses the default namespace only if no specific namespace flag was provided. (https://github.com/solo-io/gloo/issues/2581)- Fix race condition when adding and deleting a virtual service in quick succession caused a race condition in which the validator rewrote the virtual service when it updated its status. (https://github.com/solo-io/gloo/issues/2900)
v1.4.0-beta8
Fixes
glooctl checkno longer hangs while checking secrets if the user doesn’t have cluster-wide permissions. (https://github.com/solo-io/gloo/issues/2820)glooctl checkno longer requires the user to have access to all namespaces. The user must still have access to the namespaces that Gloo watches. (https://github.com/solo-io/gloo/issues/2375)glooctl checkwas always using the default namespace for the version mismatch check. Now it uses the default namespace only if no specific namespace flag was provided. (https://github.com/solo-io/gloo/issues/2581)- Fix race condition when adding and deleting a virtual service in quick succession caused a race condition in which the validator rewrote the virtual service when it updated its status. (https://github.com/solo-io/gloo/issues/2900)
v1.3.24
Fixes
- Allow creating secret with just ca cert with glooctl. (https://github.com/solo-io/gloo/issues/2823)
- Allow specifying empty ssl configs for clients. (https://github.com/solo-io/gloo/issues/2871)
v1.4.0-beta7
Helm Changes
- Add a helm chart value
settings.integrations.knative.proxy.service.loadBalancerIP. This allows you to assign a static IP to the Knative external proxy. (https://github.com/solo-io/gloo/issues/2778)
Fixes
- Register listener plugin so that listener options are translated to Envoy configuration. (https://github.com/solo-io/gloo/issues/2904)
- Allow creating secret with just ca cert with glooctl. (https://github.com/solo-io/gloo/issues/2823)
- Allow specifying empty ssl configs for clients. (https://github.com/solo-io/gloo/issues/2871)
v1.4.0-beta6
New Features
- Expose
perConnectionBufferLimitBytesas an optional configuration on an upstream connection. If unset, Envoy uses the default of 1MiB. (https://github.com/solo-io/gloo/issues/2861)
v1.4.0-beta5
Dependency Bumps
- helm/helm has been upgraded to v3.1.2.
New Features
- Expose
perConnectionBufferLimitBytesas a new listener option. If left unset, Envoy will continue to use the default1MiB. (https://github.com/solo-io/gloo/issues/2835) - Gloo’s validation webhook now validates inja compilation syntax before accepting/rejecting virtual services that use transformations. Note that strict validation is still disabled by default, and must be enabled in the Gloo settings. Users can now rely more on
kubectl apply --server-dry-runagainst live clusters to properly validate whether config is valid before attempting to apply them to their cluster. (https://github.com/solo-io/gloo/issues/2114)
Fixes
- Fix an issue where big regexes were rejected, by allowing configuration of the max regex size. (https://github.com/solo-io/gloo/issues/2805)
- Fix upstream status to report when an upstream points to a service that does not exist. (https://github.com/solo-io/gloo/issues/2660)
v1.3.23
Dependency Bumps
- helm/helm has been upgraded to v3.1.2.
v1.3.22
Fixes
- Fix an issue where big regexes were rejected, by allowing configuration of the max regex size. (https://github.com/solo-io/gloo/issues/2805)
v1.3.21
Helm Changes
- Fix documented helm values for gateway proxy resources. Allow ingress resources to be set, and allow access logger resources and custom env to be set, as documented. (https://github.com/solo-io/gloo/issues/2758)
Fixes
- Some users saw commands such as glooctl check or glooctl proxy dump fail due to harsh timeout restrictions on the port-forward glooctl does under the covers. This results in “Connection Refused” errors that could have been avoided. This PR updates the port forward timeouts from 3 to 30 seconds to allow these commands more time to finish. (https://github.com/solo-io/gloo/issues/2771)
- Fix race condition with proxy status and proxy status propagation (e.g., virtual service status) when multiple resources are applied at the same time by copying over the previous proxy status (rather than marking as pending for re-processing) when it changes from the gateway’s point of view but hashes to the same thing (i.e., unchanged from gloo’s point of view). (https://github.com/solo-io/gloo/issues/2714)
v1.4.0-beta4
Helm Changes
- Fix documented helm values for gateway proxy resources. Allow ingress resources to be set, and allow access logger resources and custom env to be set, as documented. (https://github.com/solo-io/gloo/issues/2758)
Fixes
- Some users saw commands such as glooctl check or glooctl proxy dump fail due to harsh timeout restrictions on the port-forward glooctl does under the covers. This results in “Connection Refused” errors that could have been avoided. This PR updates the port forward timeouts from 3 to 30 seconds to allow these commands more time to finish. (https://github.com/solo-io/gloo/issues/2771)
- Fix race condition with proxy status and proxy status propagation (e.g., virtual service status) when multiple resources are applied at the same time by copying over the previous proxy status (rather than marking as pending for re-processing) when it changes from the gateway’s point of view but hashes to the same thing (i.e., unchanged from gloo’s point of view). (https://github.com/solo-io/gloo/issues/2714)