Release notes

Introduction link

The release notes include important installation changes and known issues. They also highlight ways that you can take advantage of new features or enhancements to improve your product usage.

For more information, see the following related resources:

• Changelog: A full list of changes, including the ability to compare previous patch and minor versions.
• Upgrade guide: Steps to upgrade from the previous minor version to the current version.
• Version reference: Information about Solo’s version support.

🔥 Breaking changes link

Review details about the following breaking changes. To review when breaking changes were released, you can use the comparison feature of the changelog. The severity is intended as a guide to help you assess how much attention to pay to this area during the upgrade, but can vary depending on your environment.

• No breaking changes are currently reported.

🌟 New features link

Review the following new features that are introduced in version 2.9 and that you can enable in your environment.

• No new features are currently reported.

🔄 Feature changes link

Review the following changes that might impact how you use certain features in your Gloo environment.

• No feature changes are currently reported.

🗑️ Removed features link

• No features are currently removed in version 2.9.

🚧 Known issues link

The Solo team fixes bugs, delivers new features, and makes changes on a regular basis as described in the changelog. Some issues, however, might impact many users for common use cases. These known issues are as follows:

• Cluster names: Do not use underscores (_) in the names of your clusters or in the kubeconfig context for your clusters.
• Istio:
  • Due to a lack of support for the Istio CNI and iptables for the Istio proxy, you cannot run Istio (and therefore Gloo Mesh Gateway) on AWS Fargate. For more information, see the Amazon EKS issue.
  • Istio 1.22 is supported only as patch version 1.22.1-patch0 and later. Do not use patch versions 1.22.0 and 1.22.1, which contain bugs that impact several Gloo Mesh Gateway routing features that rely on virtual destinations. Additionally, in Istio 1.22.0-1.22.3, the ISTIO_DELTA_XDS environment variable must be set to false. For more information, see this upstream Istio issue. Note that this issue is resolved in Istio 1.22.4.
  • Istio 1.20 is supported only as patch version 1.20.1-patch1 and later. Do not use patch versions 1.20.0 and 1.20.1, which contain bugs that impact several Gloo Mesh Gateway features that rely on Istio ServiceEntries.
  • If you have multiple external services that use the same host and plan to use Istio 1.21 or 1.22, you must use patch versions 1.21.3 or 1.22.1-patch0 or later to ensure that the Istio service entry that is created for those external services is correct.
  • The WasmDeploymentPolicy Gloo CR is currently unsupported in Istio versions 1.18 and later.
• OTel pipeline: FIPS-compliant builds are not currently supported for the OTel collector agent image.
• Workspaces: If you run Istio version 1.21 or earlier and you reconfigure your Gloo workspaces, such as by moving from one workspace to multiple workspaces, routing to services that are exposed with a virtual destination might fail. You must re-apply the virtual destination to fix routing for these services. Note that this issue is fixed in Istio version 1.22 and later.

🔥 Breaking changes link

Review details about the following breaking changes. To review when breaking changes were released, you can use the comparison feature of the changelog. The severity is intended as a guide to help you assess how much attention to pay to this area during the upgrade, but can vary depending on your environment.

• No breaking changes are currently reported for version 2.8.

🌟 New features link

Review the following new features that are introduced in version 2.8 and that you can enable in your environment.

Debug report tool in the Gloo UI link

If you need to open a support ticket, you can now use the new Debug Report tool in the Gloo UI. This tool automatically gathers details that can help the Solo support team understand your environment, which you can use to submit a ticket. For more information, see Generate a debug report in the Gloo UI.

jsonToProto dynamic metadata in Inja template tranformations link

If you use Inja templates in transformation policies, you can now specify the dynamicMetadataValues.jsonToProto setting in your template. Note that this setting is supported only in Istio versions 1.22 and later.

New insights link

The following new insights are added in version 2.8. For more information, see Insights.

Gloo Mesh insights:

• CFG0067: Checks Istio and Kubernetes version compatibility in your cluster.
• CFG0077: A service is labeled to use a waypoint proxy, but the referenced waypoint cannot be found or is missing.
• CFG0078: A ServiceEntry is labeled to use a waypoint proxy, but the referenced waypoint cannot be found or is missing.
• CFG0079: Checks whether an AuthorizationPolicy can be enforced at a waypoint for each target reference.
• CFG0080: Checks whether an AuthorizationPolicy only has L4 attributes when a workload selector is defined.
• CFG0081: A service is trying to use a waypoint in a different namespace, but the waypoint does not allow its route.
• CFG0082: A ServiceEntry is trying to use a waypoint in a different namespace, but the waypoint does not allow its route.
• CFG0083: Checks whether HTTPRoute L7 policies can be applied to a service or ServiceEntry.
• CFG0084: A service uses a waypoint that does not support the service traffic type.
• CFG0085: A ServiceEntry uses a waypoint that does not support the service traffic type.
• CFG0086: Check the peering status for clusters in the multicluster mesh.
• HLT0041: Reports the Gloo Mesh RouteTable status.
• HLT0042: Reports the Gloo Mesh VirtualDestination status.
• SYS0027: A count of cluster configuration resources that are common across all Gloo product installations.
• SYS0030: A count of cluster configuration resources that are specific to Gloo Mesh Enterprise.

Gloo Gateway insights:

• CFG0068: Checks Gloo Gateway and Kubernetes Gateway API version compatability.
• CFG0069: Checks for orphaned RouteOptions.
• CFG0070: Checks for invalid references in RouteOptions.
• CFG0071: Checks for invalid targets in VirtualHostOptions
• CFG0072: Checks for invalid references in VirtualHostOptions.
• CFG0073: Checks for invalid targets in HttpListenerOptions.
• CFG0074: Checks for invalid targets in ListenerOptions.
• CFG0075: Checks for invalid parent references in HTTPRoutes.
• CFG0076: Checks Gateways for invalid GatewayParameter references.
• SYS0028: A count of cluster configuration resources that are specific to Gloo Gateway.

Tracing configuration for the rate limit server link

OpenTelemetry trace span exports can now be optionally enabled for the rate limit server component for enhanced observability and distributed tracing in your Gloo setup. You can configure the tracing settings in the rateLimiter.rateLimiter.tracing Helm values of the gloo-platform Helm chart, such as when you install the rate limiter during Gloo installation. To get started, see the Rate limit server setup guide.

🔄 Feature changes link

Review the following changes that might impact how you use certain features in your Gloo environment.

Metadata field change in output of translated resources link

Previously, when the Gloo Mesh management server translated resources, the output resources were created with the metadada.annotations.cluster.solo.io/cluster=<cluster> annotation to indicate the cluster where the resource is originally defined. Now, the metadata.generateName=<cluster> field replaces this annotation. Note that this field is only used internally by Solo for tooling that consumes snapshots, and simply serves as informational metadata when you examine translated resources.

🗑️ Removed features link

• No features are removed in version 2.8.

🚧 Known issues link

The Solo team fixes bugs, delivers new features, and makes changes on a regular basis as described in the changelog. Some issues, however, might impact many users for common use cases. These known issues are as follows:

• Cluster names: Do not use underscores (_) in the names of your clusters or in the kubeconfig context for your clusters.
• Istio:
  • Due to a lack of support for the Istio CNI and iptables for the Istio proxy, you cannot run Istio (and therefore Gloo Mesh Gateway) on AWS Fargate. For more information, see the Amazon EKS issue.
  • Istio 1.22 is supported only as patch version 1.22.1-patch0 and later. Do not use patch versions 1.22.0 and 1.22.1, which contain bugs that impact several Gloo Mesh Gateway routing features that rely on virtual destinations. Additionally, in Istio 1.22.0-1.22.3, the ISTIO_DELTA_XDS environment variable must be set to false. For more information, see this upstream Istio issue. Note that this issue is resolved in Istio 1.22.4.
  • Istio 1.20 is supported only as patch version 1.20.1-patch1 and later. Do not use patch versions 1.20.0 and 1.20.1, which contain bugs that impact several Gloo Mesh Gateway features that rely on Istio ServiceEntries.
  • If you have multiple external services that use the same host and plan to use Istio 1.21 or 1.22, you must use patch versions 1.21.3 or 1.22.1-patch0 or later to ensure that the Istio service entry that is created for those external services is correct.
  • The WasmDeploymentPolicy Gloo CR is currently unsupported in Istio versions 1.18 and later.
• OTel pipeline: FIPS-compliant builds are not currently supported for the OTel collector agent image.
• Workspaces: If you run Istio version 1.21 or earlier and you reconfigure your Gloo workspaces, such as by moving from one workspace to multiple workspaces, routing to services that are exposed with a virtual destination might fail. You must re-apply the virtual destination to fix routing for these services. Note that this issue is fixed in Istio version 1.22 and later.