Release notes
Review summaries of the main changes in the Gloo 2.7 release.
Make sure that you review the breaking changes đĨ that were introduced in this release and the impact that they have on your current environment.
Introduction
The release notes include important installation changes and known issues. They also highlight ways that you can take advantage of new features or enhancements to improve your product usage.
For more information, see the following related resources:
- Upgrade guide: Steps to upgrade from the previous minor version to the current version.
- Version reference: Information about Solo’s version support.
đĨ Breaking changes
Review details about the following breaking changes. The severity is intended as a guide to help you assess how much attention to pay to this area during the upgrade, but can vary depending on your environment.
đ¨ High
Review severe changes that can impact production and require manual intervention.
- No high-severity changes are currently reported.
đ Medium
Review changes that might have impact to production and require manual intervention, but possibly not until the next version is released.
- No medium-severity changes are currently reported.
âšī¸ Low
Review informational updates that you might want to implement but that are unlikely to materially impact production.
- Dashboard upgrades: The
gloo-mesh-uideployment no longer watches secrets and config maps that are used to secure access to the dashboard. If you update these resources, such as to rotate a secret, you must now restart thegloo-mesh-uideployment after the Helm upgrade. Note that this change does not impact if you customize the secret or config map names during the initial Helm installation.
âī¸ Installation changes
In addition to comparing differences across versions in the changelog, review the following installation changes from the previous minor version to version 2.7.
Disable Redis stream pipeline by default
The logs/redis_stream_cilium_flows pipeline is now set to false by default. The pipeline is dependent on the logs/cilium_flows pipeline, which was already false by default. This change was made to better align the pipeline values and reduce the complexity of the installation settings.
If you updated your installation to enable the Cilium flow logs and you want to keep the Redis stream logs enabled, make sure to explicitly set the logs/redis_stream_cilium_flows pipeline to true before you upgrade to version 2.7.
đ New features
Review the following new features that are introduced in version 2.7 and that you can enable in your environment.
Deployment overrides and other options for external auth service and rate limiter
Now, you can set deployment overrides for the external auth service and rate limiter in the Helm values file for your Gloo Mesh Core installation. This way, you can customize the default deployment settings, such as the metadata or resource limits for CPU and memory. Or, you might want to provide your own resource such as a config map, service account, or volume that you mount to the deployment. For more information, see Overrides for default components.
You also now can set the number of replicas for the rate limiter with the new rateLimiter.rateLimiter.replicas setting. For more information, see the Helm reference docs.
Delimiters in JWT token claims
Now, you can configure custom delimiters when you extract claims from JWT tokens. This way, you can append the claim information in a header in a different format than the default comma-delimited format. For example steps, see Extract claims to headers.
đ Feature changes
Review the following changes that might impact how you use certain features in your Gloo environment.
đ§ Known issues
The Solo team fixes bugs, delivers new features, and makes changes on a regular basis as described in the changelog. Some issues, however, might impact many users for common use cases. These known issues are as follows:
- Cluster names: Do not use underscores (
_) in the names of your clusters or in thekubeconfigcontext for your clusters. - Istio:
- Due to a lack of support for the Istio CNI and iptables for the Istio proxy, you cannot run Istio (and therefore Gloo Mesh Core) on AWS Fargate. For more information, see the Amazon EKS issue.
- Due to a lack of support for the Istio CNI and iptables for the Istio proxy, you cannot run Istio (and therefore Gloo Mesh Core) on AWS Fargate. For more information, see the Amazon EKS issue.
- In Gloo Mesh Core version 2.6, ambient mode requires the Solo distribution of Istio version 1.22.3 or later (
1.22.3-solo).
- In Istio 1.22.0-1.22.3, the
ISTIO_DELTA_XDSenvironment variable must be set tofalse. For more information, see this upstream Istio issue. Note that this issue is resolved in Istio 1.22.4. - Istio 1.20 is supported only as patch version
1.20.1-patch1and later. Do not use patch versions 1.20.0 and 1.20.1, which contain bugs that impact several Gloo Mesh Core features that rely on Istio ServiceEntries.