Open Source Gloo Edge


Changelog

v1.8

v1.8.0-beta11

Fixes

v1.8.0-beta10

Dependency Bumps

  • envoy-gloo/solo-io has been upgraded to v1.19.0-rc1.
v1.8.0-beta9

Dependency Bumps

  • golang/go has been upgraded to v1.16.3.

Helm Changes

  • Allow users to set custom annotations on gateway webhook, which enables for example use of cert-manager’s ca-injector to inject the caBundle. (https://github.com/solo-io/gloo/issues/3790)
  • Allow users to opt-out from using Helm pre-install Hook to install gateway webhook. This can be usefull for GitOps workflows in which case the webhook must be updated (not just installed) via Helm. (https://github.com/solo-io/gloo/issues/2679)

New Features

  • Allows configuration of max gRPC message size for Proxy CRD validation from gateway to gloo. (https://github.com/solo-io/gloo/issues/4594)
  • Staged transformations can be inherited from parent routes (Virtual Host -> Route tables -> Routes). This can be enabled using the inheritTransformation option in StagedTransformations. Parent staged transformations will be appended to a child’s Transformations. Only the first transformation to match the route will be evaluated, with child transformations receiving priority over parent transformations. (https://github.com/solo-io/gloo/issues/3798)
  • Allows configuration of query parameters to add the the Gloo extauth service’s OIDC token request. This can be useful as part of OIDC PKCE to set the code_verifier. (https://github.com/solo-io/gloo/issues/4329)

Fixes

v1.8.0-beta8

Dependency Bumps

  • envoy-gloo/solo-io has been upgraded to v1.18.0.
v1.8.0-beta7

Fixes

v1.8.0-beta6

Fixes

v1.8.0-beta5

Fixes

v1.8.0-beta4

Fixes

v1.8.0-beta3

Helm Changes

Fixes

v1.8.0-beta2

Helm Changes

  • Provision to add extra Annotations to the helm deployments (https://github.com/solo-io/gloo/issues/4232)
  • Add ‘omitempty’ tag to all values defined in the gloo chart, and made most primitive values pointers to said values instead. Also added a test to ensure that new values require these features as well. Finally, modified a couple chart values to avoid plugging in nil values. (https://github.com/solo-io/gloo/issues/3470)

Fixes

v1.8.0-beta1

Dependency Bumps

  • solo.io/solo-kit has been upgraded to v0.18.3.

Helm Changes

New Features

v1.7

v1.7.3

Helm Changes

  • Allow users to set custom annotations on gateway webhook, which enables for example use of cert-manager’s ca-injector to inject the caBundle. (https://github.com/solo-io/gloo/issues/3790)
  • Allow users to opt-out from using Helm pre-install Hook to install gateway webhook. This can be usefull for GitOps workflows in which case the webhook must be updated (not just installed) via Helm. (https://github.com/solo-io/gloo/issues/2679)

New Features

Fixes

v1.7.2

Dependency Bumps

  • envoy-gloo/solo-io has been upgraded to v1.18.0.

Fixes

v1.7.1

Helm Changes

Fixes

v1.7.0

Helm Changes

Fixes

v1.7.0-rc2

Breaking Changes

v1.7.0-rc1

Helm Changes

New Features

  • Add oneWayTls boolean configuration to the SslConfig (referenced on VirtualServices) to allow users to configure TLS termination to use one-way TLS rather than mTLS even if the root CA is provided (e.g., by default with TLS secrets from cert-manager). (https://github.com/solo-io/gloo/issues/4254)
v1.7.0-beta32

This release contained no user-facing changes.

v1.7.0-beta31

Dependency Bumps

  • linux/alpine has been upgraded to v3.13.2.

Helm Changes

v1.7.0-beta30

Dependency Bumps

  • solo-io/k8s-utils has been upgraded to v0.0.7.
  • solo-io/go-utils has been upgraded to v0.21.0.
v1.7.0-beta29

Dependency Bumps

  • solo-io/solo-kit has been upgraded to v0.18.2.
v1.7.0-beta28

Fixes

v1.7.0-beta27

Helm Changes

Fixes

  • Fixes docs issue where clicking the “Copy” button next to code blocks causes unintentional scrolling behaviour. (https://github.com/solo-io/gloo/issues/4413)
  • It was possible to install mTLS, enable it on upstreams, remove mTLS and the configuration still be defined on upstreams. This caused the data plane to become out of sync, since envoy clusters would be configured to get their secrets from a non-existent cluster. Add protection to the glooctl istio uninject command to prevent users from unknowingly causing the data plane to become out of sync. (https://github.com/solo-io/gloo/issues/4390)
v1.7.0-beta26

Dependency Bumps

  • solo-io/go-utils has been upgraded to v0.20.5.
  • solo-io/envoy-gloo has been upgraded to 1.18.0-rc2.

Helm Changes

New Features

Fixes

v1.7.0-beta25

New Features

v1.7.0-beta24

New Features

v1.7.0-beta23

This release contained no user-facing changes.

v1.7.0-beta22

Fixes

v1.7.0-beta21

Helm Changes

New Features

Fixes

Pre-release

This is a release due to the build-bot failing to start the release. Changes will be in v1.7.0-beta22 and up.##### v1.7.0-beta20 This release contained no user-facing changes.

v1.7.0-beta19

This release contained no user-facing changes.

v1.7.0-beta18

Helm Changes

New Features

  • Provides an option to define global SslParameters that will be applied to all upstreams by default. An individual upstream can override these properties by specifying SslParameters. (https://github.com/solo-io/gloo/issues/4285)
v1.7.0-beta17

Helm Changes

New Features

  • Provides an enterprise-only option to use the leftmost IP address from the x-forwarded-for header and set it as the downstream address. This is useful if the network topology (load balancers, etc.) prior to gloo is unknown or dynamic. If using this option, be sure to sanitize this header from downstream requests to prevent security risks. (https://github.com/solo-io/gloo/issues/4014)
  • Add new regexRewrite option to routes. This new field can be used to substitute matched regex patterns for alternate text in request paths, optionally including capture groups from the regex. (https://github.com/solo-io/gloo/issues/3321)
v1.7.0-beta16

Helm Changes

Fixes

v1.7.0-beta15

This release contained no user-facing changes.

v1.7.0-beta14

Upgrade Notes

Helm Changes

v1.7.0-beta13

Dependency Bumps

  • solo-io/skv2 has been upgraded to v0.17.2.

New Features

  • Add ability for the Gloo Edge Enterprise external auth server to validate OAuth 2.0 access tokens based on access token scopes. The new requiredScopes field of AccessTokenValidation can be used to specify a list of required scopes for a token. Omitting the field means that scope validation is skipped. (https://github.com/solo-io/gloo/issues/4224)
v1.7.0-beta12

Dependency Bumps

  • solo-io/protoc-gen-ext has been upgraded to v0.0.15.
  • solo-io/go-utils has been upgraded to v0.20.2.

Fixes

  • Fixed a bug where some protobufs were erroneously being considered equal when comparing values inside of a oneOf interface. This resulted in some subtle bugs where sometimes proxies would not receive updates when reconciled in certain situations where only very small changes were made.

This bug affected Gloo Edge 1.6.0 to 1.6.6 and 1.7.0-beta1 to 1.7.0-beta11 versions only. (https://github.com/solo-io/gloo/issues/4215)

v1.7.0-beta11

New Features

  • Allow for the configuration of socket options on the envoy listener. This is useful, for example, to set TCP keep alive for downstream connections to envoy (e.g., NLB in front of envoy). (https://github.com/solo-io/gloo/issues/3758)
v1.7.0-beta10

New Features

  • Added the new transport_api_version field to the extauth settings. The field determines the API version for the ext_authz transport protocol that will be used by Envoy to communicate with the auth server. The currently allowed values are V2 and V3, with the former being the default; this was done to maintain compatibility with existing custom auth servers. Note that in order for the external auth server to be able to emit dynamic metadata the field needs to be set to V3. For more info, see the transport_api_version field here. (https://github.com/solo-io/gloo/issues/4160)
v1.7.0-beta9

Dependency Bumps

  • solo-io/skv1 has been upgraded to v0.7.0.
  • solo-io/solo-apis has been upgraded to v0.0.0-20210122142844-ac0df2dce136.
  • helm/helm has been upgraded to v3.4.2.
  • containerd/containerd has been upgraded to v1.4.3.
  • k8s.io/kube-openapi has been upgraded to v0.0.0-20200805222855-6aeccd4b50c6.
  • k8s.io/utils has been upgraded to v0.0.0-20201110183641-67b214c5f920.
  • k8s.io/controller-runtime has been upgraded to v0.7.0.
  • k8s.io/kubernetes has been upgraded to v1.19.6.

New Features

Fixes

v1.7.0-beta8

New Features

Fixes

v1.7.0-beta7

New Features

Fixes

v1.7.0-beta6

New Features

v1.7.0-beta5

Fixes

  • CPU profile of Gloo at scale (5000+ upstreams) indicated that the generateXDSSnapshot function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using creating hashes for the XDS snapshot using deterministic proto marshalling and fnv hashing rather than the reflection-based mitchellh/hashstructure which was benchmarked to be several orders of magnitude slower. (https://github.com/solo-io/gloo/issues/4084)
v1.7.0-beta4

Fixes

  • CPU profile of Gloo at scale (5000+ upstreams) indicated that the endpointsForUpstream function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using a map instead of looping over all endpoints for each upstream. (https://github.com/solo-io/gloo/issues/4084)
v1.7.0-beta3

Helm Changes

  • Add 3 configuration values under global.istioIntegration to control automatic discovery and sidecar injection for Gloo pods by Istio. LabelInstallNamespace adds a label to mark the namespace for Istio discovery if the namespace is designated to be created in the chart. WhitelistDiscovery explicitly annotates Gloo’s discovery pod for Istio sidecar injection. DisableAutoinjection annotates all pods that aren’t more specifically noted elsewhere never receive Istio sidecar injection. (https://github.com/solo-io/gloo/issues/3924)
v1.7.0-beta2

Dependency Bumps

  • solo-io/protoc-gen-ext has been upgraded to v0.0.14.

New Features

  • Gloo Edge now proactively reports warnings on virtual services that have matchers that are short-circuited. To enable, update the Gloo Settings such that spec.gateway.validation.warnRouteShortCircuiting=true The cases now additionally covered are:
    • routes that have simple OR regex header matchers, ensuring each one of the OR’ed matchers can be reached
    • the same logic, but with method matchers In addition, we support aggressively reporting errors on virtual services with invalid regex matchers. (no need to enable short-circuiting reporting) (https://github.com/solo-io/gloo/issues/3334)
  • Possibility to configure custom auth server to retrieve request body as bytes (Support Envoys packAsBytes) (https://github.com/solo-io/gloo/issues/3937)

Fixes

v1.7.0-beta1

Fixes

v1.6

v1.6.24

Fixes

  • Apply alpn protocols when resolving common ssl config to support Istio mtls in permissive mode. (https://github.com/solo-io/gloo/issues/3994)
  • Add oneWayTls boolean configuration to the SslConfig (referenced on VirtualServices) to allow users to configure TLS termination to use one-way TLS rather than mTLS even if the root CA is provided (e.g., by default with TLS secrets from cert-manager). (https://github.com/solo-io/gloo/issues/4254)
v1.6.23

Dependency Bumps

  • envoy-gloo/solo-io has been upgraded to v1.17.3-patch1.

Helm Changes

  • Allow users to set custom annotations on gateway webhook, which enables for example use of cert-manager’s ca-injector to inject the caBundle. (https://github.com/solo-io/gloo/issues/3790)
  • Allow users to opt-out from using Helm pre-install Hook to install gateway webhook. This can be usefull for GitOps workflows in which case the webhook must be updated (not just installed) via Helm. (https://github.com/solo-io/gloo/issues/2679)

New Features

v1.6.22

Dependency Bumps

  • envoy-gloo/solo-io has been upgraded to v1.17.2.
v1.6.21

This release contained no user-facing changes.

v1.6.20

This release build failed.

Fixes

v1.6.19

Helm Changes

v1.6.18

This release contained no user-facing changes.

v1.6.17

This release contained no user-facing changes.

v1.6.16

Dependency Bumps

  • linux/alpine has been upgraded to v3.13.2.
  • solo-io/solo-kit has been upgraded to v0.17.4.

Helm Changes

Fixes

v1.6.15

Fixes

v1.6.14

Fixes

v1.6.13

This release contained no user-facing changes.

v1.6.11

New Features

v1.6.10

New Features

v1.6.9

Fixes

v1.6.8

Fixes

  • Provides an option to define global SslParameters that will be applied to all upstreams by default. An individual upstream can override these properties by specifying SslParameters. (https://github.com/solo-io/gloo/issues/4285)
v1.6.7

Dependency Bumps

  • solo-io/protoc-gen-ext has been upgraded to v0.0.15.

Fixes

  • Fixed a bug where some protobufs were erroneously being considered equal when comparing values inside of a oneOf interface. This resulted in some subtle bugs where sometimes proxies would not receive updates when reconciled in certain situations where only very small changes were made.

This bug affected Gloo Edge 1.6.0 to 1.6.6 and 1.7.0-beta1 to 1.7.0-beta11 versions only. (https://github.com/solo-io/gloo/issues/4215)

v1.6.6

Fixes

  • Allow for the configuration of socket options on the envoy listener. This is useful, for example, to set TCP keep alive for downstream connections to envoy (e.g., NLB in front of envoy). (https://github.com/solo-io/gloo/issues/3758)
v1.6.5

Fixes

v1.6.4

New Features

v1.6.3

Fixes

  • CPU profile of Gloo at scale (5000+ upstreams) indicated that the generateXDSSnapshot function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using creating hashes for the XDS snapshot using deterministic proto marshalling and fnv hashing rather than the reflection-based mitchellh/hashstructure which was benchmarked to be several orders of magnitude slower. (https://github.com/solo-io/gloo/issues/4084)
  • CPU profile of Gloo at scale (5000+ upstreams) indicated that the endpointsForUpstream function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using a map instead of looping over all endpoints for each upstream. (https://github.com/solo-io/gloo/issues/4084)
  • Gloo Edge now proactively reports warnings on virtual services that have matchers that are short-circuited. To enable, update the Gloo Settings such that spec.gateway.validation.warnRouteShortCircuiting=true The cases now additionally covered are:
    • routes that have simple OR regex header matchers, ensuring each one of the OR’ed matchers can be reached
    • the same logic, but with method matchers In addition, we support aggressively reporting errors on virtual services with invalid regex matchers. (no need to enable short-circuiting reporting) (https://github.com/solo-io/gloo/issues/3334)
  • Fix a race condition in the gateway-validation-webhook, where resources applied concurrently can avoid validation. (https://github.com/solo-io/gloo/issues/4136)
v1.6.2

Dependency Bumps

  • solo-io/protoc-gen-ext has been upgraded to v0.0.14.

New Features

Fixes

  • Gloo Edge now proactively reports warnings on virtual services that have matchers that are short-circuited. To enable, update the Gloo Settings such that spec.gateway.validation.warnRouteShortCircuiting=true The cases now additionally covered are:
    • routes that have simple OR regex header matchers, ensuring each one of the OR’ed matchers can be reached
    • the same logic, but with method matchers In addition, we support aggressively reporting errors on virtual services with invalid regex matchers. (no need to enable short-circuiting reporting) (https://github.com/solo-io/gloo/issues/3334)
  • Switching CSRF mode from enabled to shadow mode does not apply default enabled value to filter. (https://github.com/solo-io/gloo/issues/4053)
v1.6.1

Fixes

v1.6.0

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to v1.17.0-rc4.

New Features

  • Gloo Edge can now more proactively report warnings on virtual services that are likely misconfigured. To enable, update the Gloo Settings such that spec.gateway.validation.warnRouteShortCircuiting=true The cases now additionally covered are:

Fixes

v1.6.0-beta25

Upgrade Notes

v1.6.0-beta24

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to v1.17.0-rc3.

Helm Changes

  • Add the helm value gatewayProxies.gatewayProxy.readConfigMulticluster, set to false by default. Setting this to true will add a gateway-proxy-config-dump-service Service to the gloo installation namespace. This service allows multicluster management planes to access the envoy config dump on port 8082 of the gateway-proxy. (https://github.com/solo-io/gloo/issues/4012)

New Features

  • Adds a new headers_to_append field to the HTTP request transformation API. This allows users to specify headers which can contain multiple values and to specify transformations for each of the values. (https://github.com/solo-io/gloo/issues/3901)

Fixes

v1.6.0-beta23

New Features

v1.6.0-beta22

New Features

  • Add support for the new inheritablePathMatchers value on Route config. This new setting is similar to the inheritableMatchers boolean value that allows delegated routes (i.e., routes on route tables) to optionally opt into inheriting HTTP header, method, or query parameter matching from the parent route. The new inheritablePathMatchers is used to optionally opt into inheriting HTTP path matcher config from the parent. (https://github.com/solo-io/gloo/issues/3726)

Fixes

v1.6.0-beta21

Dependency Bumps

  • solo-io/skv2 has been upgraded to v0.15.2.

Helm Changes

  • Update the version of Istio used by the Istio sidecar in the gateway-proxy pod for mTLS cert generation when the helm value global.istioSDS.enabled is set to true. New Istio version is 1.8.1. (https://github.com/solo-io/gloo/issues/3967)

New Features

Fixes

v1.6.0-beta20

This release contained no user-facing changes.

v1.6.0-beta19

Fixes

v1.6.0-beta18

Dependency Bumps

  • solo-io/go-utils has been upgraded to v0.20.1.

Helm Changes

  • Add a helm value for setting extauth field for gloo.solo.io.Settings. This allows to configure custom external auth server while installing Helm chart, without need to post-render or patch Settings object after helm chart was installed or upgraded. (https://github.com/solo-io/gloo/issues/1892)

Fixes

v1.6.0-beta17

_Marked as a pre-release to due a regression with redirectActions, see https://github.com/solo-io/gloo/issues/3975_

New Features

Fixes

  • Fixes a bug where routes that use a deleted lambda function as destination causes gloo to crash. (https://github.com/solo-io/gloo/issues/3895)
  • When configuring tracing, you can specify a cluster where traces are collected. If the collector is an upstream, tracing works as expected. However, if the cluster is statically defined in the envoy bootstrap, traces do not get collected. This adds support for statically defined tracing collector clusters. (https://github.com/solo-io/gloo/issues/3954)
v1.6.0-beta16

Dependency Bumps

  • solo-io/go-utils has been upgraded to v0.20.0.

New Features

v1.6.0-beta15

New Features

Fixes

  • In multi-proxy environments, resources that were invalid on one proxy (error or warning) but valid on another may have a status written of accepted, despite internally calculating (and logging) a warning. This is now fixed. (https://github.com/solo-io/gloo/issues/3935)
  • cert-manager can be used to create a Certificate (https://cert-manager.io/docs/concepts/certificate/). This is used to generate a TLS key and certificate, and they are stored in a Kubernetes secret. This can be configured to include an optional property on the secret, ca.crt, which holds a root CA certificate. If cert-manager is used to generate this Kubernetes secret, and the root CA certificate is included, we were not including it when converting to a Gloo secret, causing Gloo to crash. (https://github.com/solo-io/gloo/issues/3652)
  • Turn the certgen job into a no-op if the previously generated certs still exist, and are still valid. (https://github.com/solo-io/gloo/issues/3790)
v1.6.0-beta14

Helm Changes

v1.6.0-beta13

Dependency Bumps

  • linux/alpine has been upgraded to v3.12.1.
v1.6.0-beta12

New Features

v1.6.0-beta11

New Features

v1.6.0-beta10

New Features

Fixes

v1.5

v1.5.20

Fixes

v1.5.19

Dependency Bumps

  • envoy-gloo/solo-io has been upgraded to v1.16.3.

Fixes

v1.5.18

This release contained no user-facing changes.

v1.5.17

This release contained no user-facing changes.

v1.5.16

Fixes

  • Allow for the configuration of socket options on the envoy listener. This is useful, for example, to set TCP keep alive for downstream connections to envoy (e.g., NLB in front of envoy). (https://github.com/solo-io/gloo/issues/3758)
v1.5.15

Fixes

v1.5.14

Fixes

v1.5.13

_Marked as a pre-release to due a regression with redirectActions, see https://github.com/solo-io/gloo/issues/3975_

Dependency Bumps

  • solo-io/envoy-gloo has been upgraded to v1.16.1-patch1.

Fixes

v1.5.12

Helm Changes

v1.5.11

Fixes

v1.5.10

Fixes