Open Source Gloo Edge
Changelog
v1.7
v1.7.0-beta23
This release contained no user-facing changes.
v1.7.0-beta22
Fixes
- Support using settings.UpstreamOptions on upstreams that define one-way tls (https://github.com/solo-io/gloo/issues/4285)
v1.7.0-beta21
Helm Changes
- Added HorizontalPodAutoscaler helm values for the gateway-proxy. (https://github.com/solo-io/gloo/issues/2229)
- Expose the imagePullSecret in our 2 kubernetes jobs (https://github.com/solo-io/gloo/issues/4262)
- Added PodDisruptionBudget helm values for the gateway-proxy. (https://github.com/solo-io/gloo/issues/2229)
New Features
- Added istioMetaMeshId and istioMetaClusterId helm values for the gateway-proxy as well as glooctl. (https://github.com/solo-io/gloo/issues/4325)
Fixes
- Deep merge default gateway proxy values into the proxy templates (https://github.com/solo-io/gloo/issues/3142)
- Fix helm values mapping and test for .Values.settings.InvalidConfigPolicy (https://github.com/solo-io/gloo/issues/4321)
Pre-release
This is a release due to the build-bot failing to start the release. Changes will be in v1.7.0-beta22 and up.##### v1.7.0-beta20 This release contained no user-facing changes.
v1.7.0-beta19
This release contained no user-facing changes.
v1.7.0-beta18
Helm Changes
- Added disableHttpGateway and disableHttpsGateway helm values for more fine grained control over gateway creation. (https://github.com/solo-io/gloo/issues/3450)
New Features
- Provides an option to define global SslParameters that will be applied to all upstreams by default. An individual upstream can override these properties by specifying SslParameters. (https://github.com/solo-io/gloo/issues/4285)
v1.7.0-beta17
Helm Changes
- Added a new accessLoggingService Helm value that allows users to define access logs from helm. (https://github.com/solo-io/gloo/issues/4096)
- Added a new affinity Helm value that allows users to define more fine grained affinity rules. (https://github.com/solo-io/gloo/issues/3995)
New Features
- Provides an enterprise-only option to use the leftmost IP address from the x-forwarded-for header and set it as the downstream address. This is useful if the network topology (load balancers, etc.) prior to gloo is unknown or dynamic. If using this option, be sure to sanitize this header from downstream requests to prevent security risks. (https://github.com/solo-io/gloo/issues/4014)
- Add new
regexRewrite
option to routes. This new field can be used to substitute matched regex patterns for alternate text in request paths, optionally including capture groups from the regex. (https://github.com/solo-io/gloo/issues/3321)
v1.7.0-beta16
Helm Changes
- Added a new externalIPs Helm value that allows users to define a list of IP addresses for which nodes in the cluster will also accept traffic. (https://github.com/solo-io/gloo/issues/3791)
Fixes
- Improve error message when outlier detection interval is erroneously configured as nil. (https://github.com/solo-io/gloo/issues/4217)
v1.7.0-beta15
This release contained no user-facing changes.
v1.7.0-beta14
Upgrade Notes
- Upgrade gloo’s envoy api to remove v2 references. This marks the complete transition from v2 to v3. (https://github.com/solo-io/gloo/issues/4042)
Helm Changes
- Added a new extraVolumes and extraProxyVolumeMounts Helm value that allows users to define additional volumes and volume mounts on the gateway proxy container. (https://github.com/solo-io/gloo/issues/4198)
v1.7.0-beta13
Dependency Bumps
- solo-io/skv2 has been upgraded to v0.17.2.
New Features
- Add ability for the Gloo Edge Enterprise external auth server to validate OAuth 2.0 access tokens based on access token scopes. The new
requiredScopes
field of AccessTokenValidation can be used to specify a list of required scopes for a token. Omitting the field means that scope validation is skipped. (https://github.com/solo-io/gloo/issues/4224)
v1.7.0-beta12
Dependency Bumps
- solo-io/protoc-gen-ext has been upgraded to v0.0.15.
- solo-io/go-utils has been upgraded to v0.20.2.
Fixes
- Fixed a bug where some protobufs were erroneously being considered
equal when comparing values inside of a
oneOf
interface. This resulted in some subtle bugs where sometimes proxies would not receive updates when reconciled in certain situations where only very small changes were made.
This bug affected Gloo Edge 1.6.0 to 1.6.6 and 1.7.0-beta1 to 1.7.0-beta11 versions only. (https://github.com/solo-io/gloo/issues/4215)
v1.7.0-beta11
New Features
- Allow for the configuration of socket options on the envoy listener. This is useful, for example, to set TCP keep alive for downstream connections to envoy (e.g., NLB in front of envoy). (https://github.com/solo-io/gloo/issues/3758)
v1.7.0-beta10
New Features
- Added the new
transport_api_version
field to theextauth
settings. The field determines the API version for theext_authz
transport protocol that will be used by Envoy to communicate with the auth server. The currently allowed values areV2
andV3
, with the former being the default; this was done to maintain compatibility with existing custom auth servers. Note that in order for the external auth server to be able to emit dynamic metadata the field needs to be set toV3
. For more info, see thetransport_api_version
field here. (https://github.com/solo-io/gloo/issues/4160)
v1.7.0-beta9
Dependency Bumps
- solo-io/skv1 has been upgraded to v0.7.0.
- solo-io/solo-apis has been upgraded to v0.0.0-20210122142844-ac0df2dce136.
- helm/helm has been upgraded to v3.4.2.
- containerd/containerd has been upgraded to v1.4.3.
- k8s.io/kube-openapi has been upgraded to v0.0.0-20200805222855-6aeccd4b50c6.
- k8s.io/utils has been upgraded to v0.0.0-20201110183641-67b214c5f920.
- k8s.io/controller-runtime has been upgraded to v0.7.0.
- k8s.io/kubernetes has been upgraded to v1.19.6.
New Features
- Added the new
envoy_metadata
route option. This field can be used to provide additional information which can be consumed by the Envoy filters that process requests that match the route. For more info about metadata, see here. (https://github.com/solo-io/gloo/issues/4160) - Add support for metadata actions to the rate limit API. The new
metadata
action type can now be used to generate rate limit descriptors based on both static and dynamic Envoy metadata. (https://github.com/solo-io/gloo/issues/4160)
Fixes
- Re-enable REST EDS. Change the helm template to avoid this helm issue (https://github.com/Masterminds/sprig/issues/111). (https://github.com/solo-io/gloo/issues/4151)
- Changes helm to make rest_xds_cluster deployment optional. (https://github.com/solo-io/gloo/issues/4164)
v1.7.0-beta8
New Features
- On a Gloo OS release, push the open source protos to the solo-apis repository. (https://github.com/solo-io/gloo/issues/3518)
Fixes
- Fix a race condition in the gateway-validation-webhook, where resources applied concurrently can avoid validation. (https://github.com/solo-io/gloo/issues/4136)
v1.7.0-beta7
New Features
- Add the
glooctl get ratelimitconfig
command. (https://github.com/solo-io/gloo/issues/4085) - Add warnings when users try to use enterprise-only Gloo Edge features when running the Open Source edition of Gloo Edge (https://github.com/solo-io/gloo/issues/4020)
Fixes
- Stop leaking memory for a timer in consul EDS. (https://github.com/solo-io/gloo/issues/4112)
v1.7.0-beta6
New Features
- Adds API to support two different instances of JWT validation, before the extauth filter in envoy and after. (https://github.com/solo-io/gloo/issues/3207)
v1.7.0-beta5
Fixes
- CPU profile of Gloo at scale (5000+ upstreams) indicated that the
generateXDSSnapshot
function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using creating hashes for the XDS snapshot using deterministic proto marshalling and fnv hashing rather than the reflection-basedmitchellh/hashstructure
which was benchmarked to be several orders of magnitude slower. (https://github.com/solo-io/gloo/issues/4084)
v1.7.0-beta4
Fixes
- CPU profile of Gloo at scale (5000+ upstreams) indicated that the
endpointsForUpstream
function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using a map instead of looping over all endpoints for each upstream. (https://github.com/solo-io/gloo/issues/4084)
v1.7.0-beta3
Helm Changes
- Add 3 configuration values under global.istioIntegration to control automatic discovery and sidecar injection for Gloo pods by Istio. LabelInstallNamespace adds a label to mark the namespace for Istio discovery if the namespace is designated to be created in the chart. WhitelistDiscovery explicitly annotates Gloo’s discovery pod for Istio sidecar injection. DisableAutoinjection annotates all pods that aren’t more specifically noted elsewhere never receive Istio sidecar injection. (https://github.com/solo-io/gloo/issues/3924)
v1.7.0-beta2
Dependency Bumps
- solo-io/protoc-gen-ext has been upgraded to v0.0.14.
New Features
- Gloo Edge now proactively reports warnings on virtual services that have matchers that are short-circuited.
To enable, update the Gloo
Settings
such thatspec.gateway.validation.warnRouteShortCircuiting=true
The cases now additionally covered are:- routes that have simple OR regex header matchers, ensuring each one of the OR’ed matchers can be reached
- the same logic, but with method matchers In addition, we support aggressively reporting errors on virtual services with invalid regex matchers. (no need to enable short-circuiting reporting) (https://github.com/solo-io/gloo/issues/3334)
- Possibility to configure custom auth server to retrieve request body as bytes (Support Envoys packAsBytes) (https://github.com/solo-io/gloo/issues/3937)
Fixes
- Switching CSRF mode from enabled to shadow mode does not apply default enabled value to filter. (https://github.com/solo-io/gloo/issues/4053)
v1.7.0-beta1
Fixes
- Introduce LocalityWeightedLb API. This will be used to support locality weighted load balancing on clusters (https://github.com/solo-io/gloo/issues/3038)
v1.6
v1.6.8
Fixes
- Provides an option to define global SslParameters that will be applied to all upstreams by default. An individual upstream can override these properties by specifying SslParameters. (https://github.com/solo-io/gloo/issues/4285)
v1.6.7
Dependency Bumps
- solo-io/protoc-gen-ext has been upgraded to v0.0.15.
Fixes
- Fixed a bug where some protobufs were erroneously being considered
equal when comparing values inside of a
oneOf
interface. This resulted in some subtle bugs where sometimes proxies would not receive updates when reconciled in certain situations where only very small changes were made.
This bug affected Gloo Edge 1.6.0 to 1.6.6 and 1.7.0-beta1 to 1.7.0-beta11 versions only. (https://github.com/solo-io/gloo/issues/4215)
v1.6.6
Fixes
- Allow for the configuration of socket options on the envoy listener. This is useful, for example, to set TCP keep alive for downstream connections to envoy (e.g., NLB in front of envoy). (https://github.com/solo-io/gloo/issues/3758)
v1.6.5
Fixes
- Re-enable REST EDS. Change the helm template to avoid this helm issue (https://github.com/Masterminds/sprig/issues/111). (https://github.com/solo-io/gloo/issues/4151)
- Changes helm to make rest_xds_cluster deployment optional. (https://github.com/solo-io/gloo/issues/4164)
v1.6.4
New Features
- Adds API to support two different instances of JWT validation, before the envoy extauth filter and after. (https://github.com/solo-io/gloo/issues/3207)
v1.6.3
Fixes
- CPU profile of Gloo at scale (5000+ upstreams) indicated that the
generateXDSSnapshot
function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using creating hashes for the XDS snapshot using deterministic proto marshalling and fnv hashing rather than the reflection-basedmitchellh/hashstructure
which was benchmarked to be several orders of magnitude slower. (https://github.com/solo-io/gloo/issues/4084) - CPU profile of Gloo at scale (5000+ upstreams) indicated that the
endpointsForUpstream
function was taking upwards of 5 seconds of CPU on a ~50 second sample. This change optimizes the code by using a map instead of looping over all endpoints for each upstream. (https://github.com/solo-io/gloo/issues/4084) - Gloo Edge now proactively reports warnings on virtual services that have matchers that are short-circuited.
To enable, update the Gloo
Settings
such thatspec.gateway.validation.warnRouteShortCircuiting=true
The cases now additionally covered are:- routes that have simple OR regex header matchers, ensuring each one of the OR’ed matchers can be reached
- the same logic, but with method matchers In addition, we support aggressively reporting errors on virtual services with invalid regex matchers. (no need to enable short-circuiting reporting) (https://github.com/solo-io/gloo/issues/3334)
- Fix a race condition in the gateway-validation-webhook, where resources applied concurrently can avoid validation. (https://github.com/solo-io/gloo/issues/4136)
v1.6.2
Dependency Bumps
- solo-io/protoc-gen-ext has been upgraded to v0.0.14.
New Features
- Possibility to configure custom auth server to retrieve request body as bytes (Support Envoys packAsBytes) (https://github.com/solo-io/gloo/issues/3937)
Fixes
- Gloo Edge now proactively reports warnings on virtual services that have matchers that are short-circuited.
To enable, update the Gloo
Settings
such thatspec.gateway.validation.warnRouteShortCircuiting=true
The cases now additionally covered are:- routes that have simple OR regex header matchers, ensuring each one of the OR’ed matchers can be reached
- the same logic, but with method matchers In addition, we support aggressively reporting errors on virtual services with invalid regex matchers. (no need to enable short-circuiting reporting) (https://github.com/solo-io/gloo/issues/3334)
- Switching CSRF mode from enabled to shadow mode does not apply default enabled value to filter. (https://github.com/solo-io/gloo/issues/4053)
v1.6.1
Fixes
- Introduce LocalityWeightedLb API. This will be used to support locality weighted load balancing on clusters (https://github.com/solo-io/gloo/issues/3038)
v1.6.0
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to v1.17.0-rc4.
New Features
- Gloo Edge can now more proactively report warnings on virtual services that are likely misconfigured.
To enable, update the Gloo
Settings
such thatspec.gateway.validation.warnRouteShortCircuiting=true
The cases now additionally covered are:- routes on the same virtual host that have the same matcher
- routes that get short-circuited by prefix/regex matchers in earlier routes (https://github.com/solo-io/gloo/issues/3334)
Fixes
- RateLimitConfig CRD is now removed with glooctl uninstall command. (https://github.com/solo-io/gloo/issues/4010)
- Envoy has deprecated gzip filter support in favor of the HTTP Compressor filter. Fixes gloo gzip filter to work with envoy’s compressor filter. (https://github.com/solo-io/gloo/issues/4016)
- Kubernetes plugin reports error when encountering upstream with nonexistant ServiceNamespace instead of crashing. (https://github.com/solo-io/gloo/issues/4006)
v1.6.0-beta25
Upgrade Notes
- Experimental wasm features have been removed from Gloo Edge. Wasm support is now a feature of Gloo Edge Enterprise. (https://github.com/solo-io/gloo/issues/4025)
v1.6.0-beta24
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to v1.17.0-rc3.
Helm Changes
- Add the helm value
gatewayProxies.gatewayProxy.readConfigMulticluster
, set to false by default. Setting this to true will add a gateway-proxy-config-dump-service Service to the gloo installation namespace. This service allows multicluster management planes to access the envoy config dump on port 8082 of the gateway-proxy. (https://github.com/solo-io/gloo/issues/4012)
New Features
- Adds a new
headers_to_append
field to the HTTP request transformation API. This allows users to specify headers which can contain multiple values and to specify transformations for each of the values. (https://github.com/solo-io/gloo/issues/3901)
Fixes
- Buffer envoy filter is now added to the filter chain correctly so it can be used other than on the Gateway level. Added end-to-end tests for buffer filter. (https://github.com/solo-io/gloo/issues/4000)
- Disable REST EDS server by default, which is no longer necessary now that upstream envoy has fixed https://github.com/envoyproxy/envoy/issues/13070 (https://github.com/solo-io/gloo/issues/3805)
- Csrf envoy filter shadow mode now gets correctly applied to the envoy config. (https://github.com/solo-io/gloo/issues/3898)
v1.6.0-beta23
New Features
- Add the defaultDashboardFolderId value to the settings proto definition for use in gloo-E. (https://github.com/solo-io/gloo/issues/3920)
- Gloo now supports enabling the upstream Envoy CSRF filter by configuring
spec.httpGateway.options.csrf
of the desired Gateway. This can also be overridden on virtual services at the virtual host or route level, and on weighted destinations. See envoy csrf for more details. (https://github.com/solo-io/gloo/issues/3898)
v1.6.0-beta22
New Features
- Add support for the new
inheritablePathMatchers
value onRoute
config. This new setting is similar to theinheritableMatchers
boolean value that allows delegated routes (i.e., routes on route tables) to optionally opt into inheriting HTTP header, method, or query parameter matching from the parent route. The newinheritablePathMatchers
is used to optionally opt into inheriting HTTP path matcher config from the parent. (https://github.com/solo-io/gloo/issues/3726)
Fixes
- Fix a bug where the
inheritableMatchers
value itself was being read from the parent route, rather than the child route (as documented and intended). (https://github.com/solo-io/gloo/issues/4008) - Fix generated resource clients watch functions to not block infinitely, therefore leaking go-routines. (https://github.com/solo-io/gloo/issues/4001)
v1.6.0-beta21
Dependency Bumps
- solo-io/skv2 has been upgraded to v0.15.2.
Helm Changes
- Update the version of Istio used by the Istio sidecar in the gateway-proxy pod for mTLS cert generation when the helm value global.istioSDS.enabled is set to true. New Istio version is 1.8.1. (https://github.com/solo-io/gloo/issues/3967)
New Features
- Adding case sensitivity option on the path matcher. (https://github.com/solo-io/gloo/issues/3976)
- Allows Jwt authentication to be compatible with other auth mechanisms in enterprise authentication. (https://github.com/solo-io/gloo/issues/3207)
- Introduce an API to support a passthrough grpc ext auth service. This service authorizes requests by delegating to an external service which implements the envoy external auth API: https://github.com/envoyproxy/envoy/blob/ae1ed1fa74f096dabe8dd5b19fc70333621b0309/api/envoy/service/auth/v3/external_auth.proto#L29 This enables GlooE users to use custom external auth services in addition to GlooE out of the box features, without requiring users to write and maintain extauth go plugins (https://github.com/solo-io/gloo/issues/3645)
Fixes
- Update
glooctl cluster register
andglooctl cluster deregister
commands to use the default Kubernetes config when registering and deregistering clusters. (https://github.com/solo-io/gloo/issues/3972)
v1.6.0-beta20
This release contained no user-facing changes.
v1.6.0-beta19
Fixes
- Ripout gogo proto in favor of golang proto (https://github.com/solo-io/gloo/issues/3926)
v1.6.0-beta18
Dependency Bumps
- solo-io/go-utils has been upgraded to v0.20.1.
Helm Changes
- Add a helm value for setting extauth field for gloo.solo.io.Settings. This allows to configure custom external auth server while installing Helm chart, without need to post-render or patch Settings object after helm chart was installed or upgraded. (https://github.com/solo-io/gloo/issues/1892)
Fixes
- Fix the proxycontroller docs example code, and the corresponding documentation. (https://github.com/solo-io/gloo/issues/3941)
- fixes bug where route validation marks redirect and direct response route destinations as invalid. (https://github.com/solo-io/gloo/issues/3975)
- Changed Istio’s default discoveryAddress used by the glooctl istio commands and helm installations when istioSDS is enabled (https://github.com/solo-io/gloo/issues/3908)
v1.6.0-beta17
_Marked as a pre-release to due a regression with redirectActions, see https://github.com/solo-io/gloo/issues/3975_
New Features
- Add the ability to configure the propagation of the tracing header x-envoy-decorator-operation, for me info: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto.html?highlight=decorator#config-route-v3-decorator (https://github.com/solo-io/gloo/issues/3931)
Fixes
- Fixes a bug where routes that use a deleted lambda function as destination causes gloo to crash. (https://github.com/solo-io/gloo/issues/3895)
- When configuring tracing, you can specify a cluster where traces are collected. If the collector is an upstream, tracing works as expected. However, if the cluster is statically defined in the envoy bootstrap, traces do not get collected. This adds support for statically defined tracing collector clusters. (https://github.com/solo-io/gloo/issues/3954)
v1.6.0-beta16
Dependency Bumps
- solo-io/go-utils has been upgraded to v0.20.0.
New Features
- Add the ability to add static clusters to the envoy bootstrap config via helm. This option can be accessed via “
.envoyStaticClusters”. The value should be a list of static clusters which will be passed directly to envoy, so the yaml must be correct. The api can be found here: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster. This is meant to be used for advanced use cases (https://github.com/solo-io/gloo/issues/3905) - Add the ability to add bootstrap extensions to the envoy bootstrap config via helm. This option can be accessed via “
.envoyBootstrapExtensions”. The value should be a list of bootstrap extensions which will be passed directly envoy, so the yaml must be correct. The main use case being wasm services, for the purpose of creating singletons. Bootstrap extensions is a list of typed extension config (https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/extension.proto#envoy-v3-api-msg-config-core-v3-typedextensionconfig) so the list must be passed with the name, and type url. The API for the wasm service specfically can be found here: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/wasm/v3/wasm.proto#extensions-wasm-v3-wasmservice. This is meant to be used for advanced use cases (https://github.com/solo-io/gloo/issues/3943)
v1.6.0-beta15
New Features
- Add API to support optional OIDC configuration override for ext-auth. OIDC Configuration is discovered at
/.well-known/openid-configuration and this configuration can override those discovered values. (https://github.com/solo-io/gloo/issues/3879) - Support XDS V2/V3 APIs simultaneously from rate-limit server. (https://github.com/solo-io/gloo/issues/2815)
Fixes
- In multi-proxy environments, resources that were invalid on one proxy (error or warning) but valid on another may have a status written of accepted, despite internally calculating (and logging) a warning. This is now fixed. (https://github.com/solo-io/gloo/issues/3935)
- cert-manager can be used to create a Certificate (https://cert-manager.io/docs/concepts/certificate/). This is used to generate a TLS key and certificate, and they are stored in a Kubernetes secret. This can be configured to include an optional property on the secret, ca.crt, which holds a root CA certificate. If cert-manager is used to generate this Kubernetes secret, and the root CA certificate is included, we were not including it when converting to a Gloo secret, causing Gloo to crash. (https://github.com/solo-io/gloo/issues/3652)
- Turn the certgen job into a no-op if the previously generated certs still exist, and are still valid. (https://github.com/solo-io/gloo/issues/3790)
v1.6.0-beta14
Helm Changes
- When doing a helm install where
istioSDS.enabled
is set totrue
, theISTIO_META_CLUSTER_ID
environment variable is now initialized to “Kubernetes”. (https://github.com/solo-io/gloo/issues/3881) - Panic mode allows Envoy load balancing to disregard host’s health status. (https://github.com/solo-io/gloo/issues/3747)
v1.6.0-beta13
Dependency Bumps
- linux/alpine has been upgraded to v3.12.1.
v1.6.0-beta12
New Features
- Allow an external tracing provider to be configured on a listener via the Gloo API. See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/trace/v3/http_tracer.proto#envoy-v3-api-msg-config-trace-v3-tracing-http for more details on this setting. (https://github.com/solo-io/gloo/issues/3762)
v1.6.0-beta11
New Features
- Expose envoy’s cluster_header field in the gloo api See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-cluster-header for more details about this field. (https://github.com/solo-io/gloo/issues/3749)
v1.6.0-beta10
New Features
- Add Istio 1.8.x support to the existing glooctl istio integrations. (https://github.com/solo-io/gloo/issues/3855)
Fixes
- Disable gloo metrics service as it is unused, and CPU intensive. (https://github.com/solo-io/gloo/issues/3849)
- Fixed a bug where a bad authconfig which should invalidate a single virtual service was incorrectly invalidating the entire gateway (https://github.com/solo-io/gloo/issues/3538)
- Fixed a bug where invalid route replacement did not correctly replace routes that referred to a missing
UpstreamGroup
, which potentially resulted in incorrect config being sent to envoy. Now, the route will be replaced correctly according to the invalid config policy. (https://github.com/solo-io/gloo/issues/3818)
v1.6.0-beta9
New Features
- Expose the server_header_transformation setting via the Gloo API. See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/network/http_connection_manager/v2/http_connection_manager.proto for more details on this setting. (https://github.com/solo-io/gloo/issues/3769)
Fixes
- fixes glooctl check error messages that are displayed when deployments checks have failed (https://github.com/solo-io/gloo/issues/2952)
v1.6.0-beta8
Dependency Bumps
- solo-io/solo-apis has been upgraded to rate-limiter-v0.1.2.
New Features
- Define the API to allow for set-style rate limiting. The previous rate-limiting implementation uses a tree structure for descriptors. This adds capability to use a set structure instead, where the descriptors are treated as an unordered set such that a given rule will apply if all the relevant descriptors match, regardless of the values of the other descriptors and regardless of descriptor order. For example, the rule may require
type: a
andnumber: 1
but theremote_address
descriptor can have any value. This can also be understood asremote_address: *
where * is a wildcard. (https://github.com/solo-io/gloo/issues/2695)
v1.6.0-beta7
This release contained no user-facing changes.
v1.6.0-beta6
Dependency Bumps
- solo-kit/solo-io has been upgraded to v0.13.14.
Helm Changes
- This change stops ConfigMap, Service, and Gateway objects from being created for gateway proxies if “disabled = true” under the helm chart values override. (https://github.com/solo-io/gloo/issues/3751)
New Features
- Allow toggling of EDS to rest XDS to avoid the envoy issue described in the following issue: https://github.com/envoyproxy/envoy/issues/13070. Set to true by default starting in version >
v1.6.0
(https://github.com/solo-io/gloo/issues/3805)
Fixes
- Fix EDS so modifying configs on a TLS enabled Upstream no longer results in 503s (https://github.com/solo-io/gloo/issues/3673)
- Gloo will no longer remove upstreams after editing their spec. (https://github.com/solo-io/gloo/issues/3710)
- Fix EDS so modifying health checks on Upstream no longer results in 503s (https://github.com/solo-io/gloo/issues/3219)
- Allow static upstream endpoints have individual SNI entries (https://github.com/solo-io/gloo/issues/3806)
v1.6.0-beta5
Helm Changes
- Set route prefix_rewrite in ingress proxy and knative proxy configs from
global.glooStats.routePrefixRewrite
helm value. This allows Gloo to integrate with other monitoring systems instead of just Prometheus. (https://github.com/solo-io/gloo/issues/3752) - Adds a single helm value that can be used to configure all sds/envoy-sidecar container resource usages. (https://github.com/solo-io/gloo/issues/2979)
v1.6.0-beta4
Helm Changes
- Add possibility to pass image pull secret to all deployments in helm chart (https://github.com/solo-io/gloo/issues/3729)
- Add a helm value for stats prefix rewrite. This allows Gloo to integrate with other monitoring systems instead of just Prometheus, by setting the
global.glooStats.routePrefixRewrite
helm value. (https://github.com/solo-io/gloo/issues/3752)
Fixes
- Fix an issue where ssl configurations across different virtual services may be incorrectly cached if they ssl configurations only differ by ssl-parameters (e.g., min tls version). After this change, ssl configurations that are only different by ssl parameters must have different sni domains. Prior to this change, such a configuration would not error but could result in one ssl configuration being selected over another; now an explicit error is recorded on the virtual service. (https://github.com/solo-io/gloo/issues/3776)
- Fix the validation API to return all errors encountered while validating a list of resources, rather than immediately returning on the first unmarshal error encountered for a resource in a list resource. (https://github.com/solo-io/gloo/issues/3610)
- Fix the validation API error reporting to include the resource associated with the error returned. (https://github.com/solo-io/gloo/issues/3610)
v1.6.0-beta3
Dependency Bumps
- envoy-gloo/solo-io has been upgraded to v1.17.0-rc1.
Helm Changes
- Removed the
global.wasm.enabled
HELM value for toggling experimental wasm support. Wasm is now enabled by default. This flag is no longer required as there is no more need for a separate gateway-proxy image since wasm support was merged into upstream envoy. (https://github.com/solo-io/gloo/issues/3753) - Addresses minor issue of adding consul configs into helm. (https://github.com/solo-io/gloo/issues/3698)
New Features
- Use official wasm support from upstream envoy, rather than envoy-wasm fork. (https://github.com/solo-io/gloo/issues/3753)
- Allow automatic discovery of TLS when using consul services. Requires serveral changes to gloo’s helm config to use:
Set the
settings.integrations.consul.useTls
flag to true. Assign a tag for gloo to recognize as the TLS tag if the default (settings.integrations.consul.tlsTagName=glooUseTls) is insufficient. Add the consul root CA for gloo to use at settings.integrations.consul.rootCA Once these are setup in gloo, adding the tlsTagName value as a tag to consul services should cause upstreams to automatically have TLS when discovered by gloo. As part of this change, the behavior of tag matching between gloo upstreams and consul service instances was changed from an exact set match to a subset match. Now a match is found if an upstream’s instanceTags are a subset of a service instance’s tags. (https://github.com/solo-io/gloo/issues/2544)
Fixes
- Fix the validation API to only return proxies that would be generated by proposed resources if requested. This change means the default behavior matches the kubernetes validation webhook API. By including the top-level value
returnProxies=true
in the json/yaml request to the API, you can signal the endpoint to return the proxies that would be generated (previously, always returning by default). (https://github.com/solo-io/gloo/issues/3613)
v1.6.0-beta2
This release contained no user-facing changes.
v1.6.0-beta1
Helm Changes
- Fix helm chart to honor
.Values.settings.replaceInvalidRoutes
value. This change makes the default invalid route behavior match what’s documented (disabled by default). To enable again, set.Values.settings.replaceInvalidRoutes=true
(https://github.com/solo-io/gloo/issues/3619) - Remove duplicate helm values that are no longer needed to keep hook-created values in helm releases. (https://github.com/solo-io/gloo/issues/3498)
New Features
- With each release, we will additionally be publishing an alternate set of docker containers (tagged as usual but with the “-extended” suffix) that have some additional dependencies built in (e.g.,
curl
for debugging). You can deploy these images by setting the helm valueglobal.image.extended=true
. (https://github.com/solo-io/gloo/issues/3399) - Expose the max_connection_duration and max_stream_duration settings via the Gloo API. See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#config-core-v3-httpprotocoloptions for more details on these settings. (https://github.com/solo-io/gloo/issues/3628)
Fixes
- Ensure the rest of our docker containers run with user 10101 rather than root (https://github.com/solo-io/gloo/issues/3346)
- Fix misleading message in
glooctl install
output when the install namespace already exists. (https://github.com/solo-io/gloo/issues/3704)
v1.5
v1.5.16
Fixes
- Allow for the configuration of socket options on the envoy listener. This is useful, for example, to set TCP keep alive for downstream connections to envoy (e.g., NLB in front of envoy). (https://github.com/solo-io/gloo/issues/3758)
v1.5.15
Fixes
- Fix a race condition in the gateway-validation-webhook, where resources applied concurrently can avoid validation. (https://github.com/solo-io/gloo/issues/4136)
v1.5.14
Fixes
- fixes bug where route validation marks routes with redirect and direct response actions as invalid. (https://github.com/solo-io/gloo/issues/3975)
v1.5.13
_Marked as a pre-release to due a regression with redirectActions, see https://github.com/solo-io/gloo/issues/3975_
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to v1.16.1-patch1.
Fixes
- Add the ability to configure the propagation of the tracing header x-envoy-decorator-operation, for more info: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto.html?highlight=decorator#config-route-v3-decorator (https://github.com/solo-io/gloo/issues/3931)
- Fixes a bug where routes that use a deleted lambda function as destination causes gloo to crash. (https://github.com/solo-io/gloo/issues/3895)
v1.5.12
Helm Changes
- Fix helm template and documentation for configuring tracing (https://github.com/solo-io/gloo/issues/3896)
v1.5.11
Fixes
- Expose envoy’s cluster_header field in the gloo api See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-cluster-header for more details about this field. (https://github.com/solo-io/gloo/issues/3749)
v1.5.10
Fixes
- Disable gloo metrics service as it is unused, and CPU intensive. (https://github.com/solo-io/gloo/issues/3849)
- Fixed a bug where a bad authconfig which should invalidate a single virtual service was incorrectly invalidating the entire gateway (https://github.com/solo-io/gloo/issues/3538)
- Fixed a bug where invalid route replacement did not correctly replace routes that referred to a missing
UpstreamGroup
, which potentially resulted in incorrect config being sent to envoy. Now, the route will be replaced correctly according to the invalid config policy. (https://github.com/solo-io/gloo/issues/3818)
v1.5.9
Fixes
- Expose the server_header_transformation setting via the Gloo API. See https://www.envoyproxy.io/docs/envoy/latest/api-v2/config/filter/network/http_connection_manager/v2/http_connection_manager.proto for more details on this setting. (https://github.com/solo-io/gloo/issues/3769)
v1.5.8
This release contained no user-facing changes.
v1.5.7
Helm Changes
- This change stops ConfigMap, Service, and Gateway objects from being created for gateway proxies if “disabled = true” under the helm chart values override. (https://github.com/solo-io/gloo/issues/3751)
v1.5.6
Dependency Bumps
- solo-kit/solo-io has been upgraded to v0.13.14.
Fixes
- Fix EDS so modifying configs on a TLS enabled Upstream no longer results in 503s (https://github.com/solo-io/gloo/issues/3673)
- Gloo will no longer remove upstreams after editing their spec. (https://github.com/solo-io/gloo/issues/3710)
- Fix EDS so modifying health checks on Upstream no longer results in 503s (https://github.com/solo-io/gloo/issues/3219)
- Allow toggling of EDS to rest XDS to avoid the envoy issue described in the following issue: https://github.com/envoyproxy/envoy/issues/13070. Set to true by default starting in version >
v1.6.0
(https://github.com/solo-io/gloo/issues/3805)
v1.5.5
Fixes
- Allow static upstream endpoints have individual SNI entries (https://github.com/solo-io/gloo/issues/3806)
v1.5.4
Helm Changes
- Adds a two helm values that can be used to configure all sds/envoy-sidecar container resource usages. (https://github.com/solo-io/gloo/issues/2979)
v1.5.3
Fixes
- Fix an issue where ssl configurations across different virtual services may be incorrectly cached if they ssl configurations only differ by ssl-parameters (e.g., min tls version). After this change, ssl configurations that are only different by ssl parameters must have different sni domains. Prior to this change, such a configuration would not error but could result in one ssl configuration being selected over another; now an explicit error is recorded on the virtual service. (https://github.com/solo-io/gloo/issues/3776)
v1.5.2
Fixes
- Fix the validation API to only return proxies that would be generated by proposed resources if requested. This change means the default behavior matches the kubernetes validation webhook API. By including the top-level value
returnProxies=true
in the json/yaml request to the API, you can signal the endpoint to return the proxies that would be generated (previously, always returning by default). (https://github.com/solo-io/gloo/issues/3613) - Fix the validation API to return all errors encountered while validating a list of resources, rather than immediately returning on the first unmarshal error encountered for a resource in a list resource. (https://github.com/solo-io/gloo/issues/3610)
- Fix the validation API error reporting to include the resource associated with the error returned. (https://github.com/solo-io/gloo/issues/3610)
v1.5.1
Helm Changes
- Fix helm chart to honor
.Values.settings.replaceInvalidRoutes
value. This change makes the default invalid route behavior match what’s documented (disabled by default). To enable again, set.Values.settings.replaceInvalidRoutes=true
(https://github.com/solo-io/gloo/issues/3619) - Remove duplicate helm values that are no longer needed to keep hook-created values in helm releases. Backport for v1.5. (https://github.com/solo-io/gloo/issues/3498)
Fixes
- Ensure the rest of our docker containers run with user 10101 rather than root (https://github.com/solo-io/gloo/issues/3346)
- With each release, we will additionally be publishing an alternate set of docker containers (tagged as usual but with the “-extended” suffix) that have some additional dependencies built in (e.g.,
curl
for debugging). You can deploy these images by setting the helm valueglobal.image.extended=true
. (https://github.com/solo-io/gloo/issues/3399) - Fixed the max_connection_duration and max_stream_duration settings not being exposed the Gloo API. See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#config-core-v3-httpprotocoloptions for more details on these settings. (https://github.com/solo-io/gloo/issues/3628)
v1.5.0
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to 1.16.0-rc4.
Fixes
- Upgrade envoy-gloo version to fix seg fault in aws lambda filter (https://github.com/solo-io/gloo/issues/3684)
- Update default remote cluster registration namespace to “gloo-system” to simplify the Gloo Fed cluster registration process for most users. (https://github.com/solo-io/gloo/issues/3689)
v1.5.0-beta28
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to 1.16.0-rc3.
Fixes
- Upgrade envoy-gloo version to handle CVE-2020-25017 and CVE-2020-25018 (https://github.com/solo-io/gloo/issues/3687)
- Allow compressing the spec for Proxy objects. (https://github.com/solo-io/gloo/issues/3663)
v1.5.0-beta27
New Features
- Add API to
AuthConfig
that allows users to specify a boolean expression to determine how to evaluate auth configs within an auth chain. Previously, each config on an auth config must be authorized for the entire request to be authorized. This remains the default, but now users can additionally specify a boolean expression (thebooleanExpr
field on an auth config) to reference the auth configs and AND/OR/NOT them together to achieve the desired access policy. (https://github.com/solo-io/gloo/issues/3207)
v1.5.0-beta26
Fixes
- Fix for Istio mTLS integration for Istio versions 1.6.9+ and Istio 1.7.1+ (https://github.com/solo-io/gloo/issues/3650)
- Update the envoy-wasm version to the latest 1.16.x version, which now replies with a NACK on a wasm image cache miss, fixing several caching issues. (https://github.com/solo-io/gloo/issues/3624)
v1.5.0-beta25
New Features
- Add new field
inheritableMatchers
boolean field (default false) to virtual services and route tables that, when true, changes how route delegation handles header, method, and query parameter matchers from the parent resource. By default, route tables must have matchers that are a superset of those from the parent, as this improves readability. By settinginheritableMatchers
to true, any header, method, and query parameter matchers from the parent that are absent from the child will be automatically included on the generated route. (https://github.com/solo-io/gloo/issues/3327) - Generate standard Kubernetes
go
types and clients forAuthConfig
custom resources so users can programmatically manage these objects without having to use our solo-kit based clients. (https://github.com/solo-io/gloo/issues/3643)
Fixes
- Fix a bug that was causing
glooctl istio inject
to use the wrong version for the SDS sidecar in GlooE environments. (https://github.com/solo-io/gloo/issues/3641)
v1.5.0-beta24
Fixes
- Change the tutorial install script to install the latest stable version, instead of possibly installing beta releases. (https://github.com/solo-io/gloo/issues/3589)
v1.5.0-beta23
Dependency Bumps
- envoyproxy/envoy has been upgraded to v1.16-rc2.
- solo-io/skv2 has been upgraded to v0.8.1.
New Features
- Added improvements to the user experience for using gloo with Istio. Added helper commands for glooctl, so that users can simply perform
glooctl istio inject
andglooctl istio enable-mtls --upstream foo
in order to have Gloo and Istio up and running and communicating together over mTLS. (https://github.com/solo-io/gloo/issues/3532) - Allow secrets to be added to request headers by referencing a k8s secret resource via its namespace and name. (https://github.com/solo-io/gloo/issues/2751)
- Change the
glooctl cluster unregister
command toglooctl cluster deregister
. The deregister command now deletes the service account, cluster role, and cluster role binding created on the remote cluster during the cluster registration process. Example usage isglooctl cluster deregister --cluster-name kind-remote --remote-context kind-remote
. (https://github.com/solo-io/gloo/issues/3369)
Fixes
- Virtual Services with overlapping SNI domains in the same gateway are invalid. This change fixes our matching rules to consider cases where the sni domain is unset, and not allow multiple configs with an unset sni domain. (https://github.com/solo-io/gloo/issues/3459)
- Fix the default clustername in sds to match the name given in the docs. (https://github.com/solo-io/gloo/issues/3573)
- Expose Envoy’s cluster configuration
common_http_protocol_options
parameters in the Gloo API. (https://github.com/solo-io/gloo/issues/3560)
v1.5.0-beta22
This release contained no user-facing changes.
v1.5.0-beta21
Helm Changes
- Removes ratelimit from default values template, which should prevent ratelimit warnings on gloo installation. (https://github.com/solo-io/gloo/issues/3467)
New Features
- Add AWS lambda function discovery using EKS Service Account credentials. (https://github.com/solo-io/gloo/issues/3559)
- Add route table delegation selector expressions. (https://github.com/solo-io/gloo/issues/3586)
- Added support for query parameter matchers, header matchers, and method matchers to the route table delegation API. Delegated routes must still use the prefix matcher, but now they can also leverage the aforementioned matchers so long as the delegated route’s matchers are a superset of the parent route’s matchers. (https://github.com/solo-io/gloo/issues/3327)
Fixes
- Handle an edge case where the gateway does not publish the status for its resources. (https://github.com/solo-io/gloo/issues/3592)
- Allow changing a label value for ingress proxy to enable multiple ingress proxy instances in the same cluster. (https://github.com/solo-io/gloo/issues/3587)
- Fix opentracing causing envoy failure. Adds type-checking for all envoy go-control-plane data structures. (https://github.com/solo-io/gloo/issues/3496)
- Added a prometheus metric to the gateway pod that indicates whether the validating admission webhook determined that the config was valid. (https://github.com/solo-io/gloo/issues/3408)
v1.5.0-beta20
New Features
- Adds the ability to build Gloo for ARM64 architectures (https://github.com/solo-io/gloo/issues/3486)
Fixes
- Fixes an issue where Istio certificates used in mTLS were not being rotated in envoy. (https://github.com/solo-io/gloo/issues/3295)
v1.5.0-beta19
Helm Changes
- Add ability to supply arbitrary labels to gloo pods via helm configuration (https://github.com/solo-io/gloo/issues/3441)
New Features
- Expose the raw envoy configuration for the gRPC to JSON transcoding filter, which can be leveraged to expose a gRPC service both as a gRPC service and as a REST API. Exposing the underlying envoy configuration allows users more granular control over the gRPC to JSON mappings than the current Gloo API for gRPC to JSON (that doesn’t require explicit protobuf descriptors to be provided since they will be discovered). One example where users may want more granular control of their gRPC to JSON mappings may be to leverage query parameter transcoding. (https://github.com/solo-io/gloo/issues/2188)
- Allow users to specify extra headers for health check requests as secrets. New gloo secret type “header”, containing header name-value pairs, can now be created (details here). Health checks can reference header secrets for additional headers to add in addition to specifying them explicitly. (https://github.com/solo-io/gloo/issues/2914)
Fixes
- Virtual Services with overlapping SNI domains in the same gateway are invalid. This adds some checks to make sure such changes are rejected before they reach envoy. (https://github.com/solo-io/gloo/issues/3459)
v1.5.0-beta18
Dependency Bumps
- solo-io/solo-apis has been upgraded to gloo-fed-v0.0.19.
New Features
- Support a flag “-x” for excluding certain checks with glooctl. (https://github.com/solo-io/gloo/issues/3492)
Fixes
- Update the version of golang Gloo was built with from 1.14.0 to 1.14.6, to pickup patch fixes to go; most notably, a workaround in go for a bug in affected Linux kernels (5.2.x, 5.3.0-5.3.14, 5.4.0-5.4.1) that could result in a corrupted AVX register and crash Gloo. (https://github.com/solo-io/gloo/issues/3493)
v1.5.0-beta17
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to v1.16.0-rc1.
Helm Changes
- Add helm value for rate limit descriptors in settings. (https://github.com/solo-io/gloo/issues/3422)
New Features
- Define the API to allow adding arbitrary API key secret data to the headers of successfully authorized requests. (https://github.com/solo-io/gloo/issues/3385)
- Define the API to allow users to change the name of the header that the Gloo Enterprise external auth server inspects for API keys. (https://github.com/solo-io/gloo/issues/3390)
- The API keys can now be provided as simple Kubernetes secrets. Instead of being nested in a YAML document inside the secret data, the key is now simply the value of the
api-key
data key. This change is backwards compatible, i.e. Gloo will still support existing secrets with the old format.glooctl create secret apikey
will now generate secrets with the new format. (https://github.com/solo-io/gloo/issues/3472) - Support a Kubernetes-style plugin system for glooctl. (See https://kubernetes.io/docs/tasks/extend-kubectl/kubectl-plugins/). This allows users to invoke arbitrary binary plugins via glooctl
, where a plugin is defined as any executable on the user’s PATH that is prefixed with glooctl-. (https://github.com/solo-io/gloo/issues/3460)
Fixes
- Update envoy to pull in grpc-web fix for safari. (https://github.com/solo-io/gloo/issues/3474)
v1.5.0-beta16
This release contained no user-facing changes.
v1.5.0-beta15
This release build failed.
New Features
- Support assuming AWS iam roles for lambda requests via the AWS STS AssumeRoleWithWebToken API. This feature allows Gloo instances running in EKS to use AWS Service Account credentials to authenticate requests directly. (https://github.com/solo-io/gloo/issues/3309)
v1.4
v1.4.15
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to 1.15.0-patch4.
Fixes
- Upgrade envoy-gloo version to handle CVE-2020-25017 and CVE-2020-25018 (https://github.com/solo-io/gloo/issues/3687)
v1.4.14
Fixes
- Generate standard Kubernetes
go
types and clients forAuthConfig
custom resources so users can programmatically manage these objects without having to use our solo-kit based clients. (https://github.com/solo-io/gloo/issues/3643)
v1.4.13
Fixes
- Changes our sni domain checking logic to more broadly check against duplicate filter chain matches in a listener like envoy. Backport for gloo 1.4. (https://github.com/solo-io/gloo/issues/3459)
- Allow changing a label value for ingress proxy to enable multiple ingress proxy instances in the same cluster. (https://github.com/solo-io/gloo/issues/3587)
- Expose Envoy’s cluster configuration
common_http_protocol_options
parameters in the Gloo API. (https://github.com/solo-io/gloo/issues/3560)
v1.4.12
Fixes
- Virtual Services with overlapping SNI domains in the same gateway are invalid. This adds some checks to make sure such changes are rejected before they reach envoy. (https://github.com/solo-io/gloo/issues/3459)
- Handle and edge case where the gateway does not publish the status for its resources. (https://github.com/solo-io/gloo/issues/3592)
v1.4.11
New Features
- Allow users to specify extra headers for health check requests as secrets. New gloo secret type “header”, containing header name-value pairs, can now be created (details here). Health checks can reference header secrets for additional headers to add in addition to specifying them explicitly. (https://github.com/solo-io/gloo/issues/2914)
v1.4.10
This release contained no user-facing changes.
v1.4.9
Helm Changes
- Add helm value for rate limit descriptors in settings. (https://github.com/solo-io/gloo/issues/3422)
Fixes
- Update the version of golang Gloo was built with from 1.14.0 to 1.14.6, to pickup patch fixes to go; most notably, a workaround in go for a bug in affected Linux kernels (5.2.x, 5.3.0-5.3.14, 5.4.0-5.4.1) that could result in a corrupted AVX register and crash Gloo. (https://github.com/solo-io/gloo/issues/3493)
v1.4.8
Helm Changes
- Support a Kubernetes
preStop
hook to enable a “graceful shutdown” when relying on external loadbalancers. This will allow envoy to fail external facing healthchecks while still processing existing requests. This feature is controlled via a helm value, specifically thegatewayProxies.gatewayProxy.podTemplate.gracefulShutdown
object. You can enable the hook viagatewayProxies.gatewayProxy.podTemplate.gracefulShutdown.enabled
and control the actual time of the grace period viagatewayProxies.gatewayProxy.podTemplate.gracefulShutdownsleepTimeSeconds
(https://github.com/solo-io/gloo/issues/3308)
Fixes
- The gateway validation API now honors dry-run requests. Previously, any dry-run requests could still modify the internal resource cache, making future gateway validation results incorrect. (https://github.com/solo-io/gloo/issues/3437)
v1.4.8-patch1
This release build failed.
Fixes
- Allow compressing the spec for Proxy objects. (https://github.com/solo-io/gloo/issues/3663)
v1.3
v1.3.34
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to 1.14.3-patch2.
Fixes
- Upgrade envoy-gloo version to handle CVE-2020-25017 and CVE-2020-25018 (https://github.com/solo-io/gloo/issues/3687)
v1.3.33
Fixes
- Generate standard Kubernetes
go
types and clients forAuthConfig
custom resources so users can programmatically manage these objects without having to use our solo-kit based clients. (https://github.com/solo-io/gloo/issues/3643)
v1.3.32
Dependency Bumps
- solo-io/solo-kit has been upgraded to v0.13.8.
Fixes
- Fix a bug where a virtual service has an inconsistent state, by keeping only the last version of it and reducing the number of go-routines. (https://github.com/solo-io/gloo/issues/3115)