gloo

Dependency Bumps

• solo-io/solo-kit has been upgraded to v0.10.5.

New Features

• Add native generated Kubernetes types for Gloo config resources (https://github.com/solo-io/gloo/issues/)

Dependency Bumps

• solo-io/solo-kit has been upgraded to v0.11.2.
• solo-io/solo-kit has been upgraded to v0.11.0.
• solo-io/solo-kit has been upgraded to v0.11.5.
• solo-io/reporting-client has been upgraded to v0.1.0.

Breaking Changes

• Make FDS default to whitelist mode (https://github.com/solo-io/gloo/issues/1171)
• Flatten prefix rewrite and host rewrite APIs. Move auto_host_rewrite from static upstream to route plugins since it's a route-level Envoy config; this fixes confusing behavior where a single static upstream on a route sets auto_host_rewrite for the entire route. (https://github.com/solo-io/gloo/issues/1171)
• Add support for multiple matchers on a Gateway/Gloo Route to reduce user duplication in yaml/user code. Also allows users to omit matchers on routes (the / prefix matcher will be used) to allow all requests to match the route. (https://github.com/solo-io/gloo/issues/1171)
• Remove deprecated messages from rbac and jwt. (https://github.com/solo-io/gloo/issues/1171)
• Remove deprecated messages from waf. (https://github.com/solo-io/gloo/issues/1171)
• Remove the glooctl --version command in favor of glooctl version (https://github.com/solo-io/gloo/issues/1285)
• Update glooctl to write using the new strongly-typed API. (https://github.com/solo-io/gloo/issues/1171)

New Features

• Allow usage stats collection to be disabled at install time (https://github.com/solo-io/solo-projects/issues/1226)
• Introduce examples project for organizing resources associated with docs and tutorials. (https://github.com/solo-io/gloo/issues/1460)
• Add filter level support for matchers in transformation filter. (https://github.com/solo-io/envoy-gloo/issues/34)

Fixes

• Fix generated API field links in docs.solo.io/gloo/latest/. (https://github.com/solo-io/gloo/issues/1477)
• Make prefix_rewrite and host_rewrite nullable. (https://github.com/solo-io/gloo/issues/1373)

Dependency Bumps

• solo-io/go-utils has been upgraded to v0.10.20.
• solo-io/solo-kit has been upgraded to v0.11.4.

New Features

• In order to enable routing directly to Kubernetes services (by using KubernetesServiceDestinations), Gloo currently scans the cluster for services and creates a special type of in-memory Upstream (via the HybridUpstreamClient). If the cluster contains a lot of services and the user does not take advantage of this feature, this results in unnecessary overhead. This change adds a new disable_kubernetes_destinations attribute to the Settings resource to allow disabling the feature. (https://github.com/solo-io/gloo/issues/1466)
• Support matching on headers that do NOT match the specified criteria. (https://github.com/solo-io/gloo/issues/1424)
• Add Enterprise API to allow for customization of waf intervention message. (https://github.com/solo-io/solo-projects/issues/1235)
• Allow running the rate limit filter before the auth filters. NOTE that, when this new setting is used, it will result in the loss of the extauth-aware rate limiting feature (ie, different rate limits for authenticated vs unauthenticated users) (https://github.com/solo-io/gloo/issues/1445)

Fixes

• Avoid panicking on routes without matchers. (https://github.com/solo-io/gloo/issues/1438)
• Fix controller pod crash when settings is missing (https://github.com/solo-io/gloo/issues/1498)
• Mute logging of kubernetes health check in gateway (https://github.com/solo-io/gloo/issues/1435)
• The Helm chart contained a Role/ClusterRole named kube-crd-creator which was unused. This role caused problems to users with limited privileges and effectively prevented them from installing Gloo in namespace-scoped mode. This fix removes the kube-crd-creator resource from the Helm chart. (https://github.com/solo-io/gloo/issues/1491)

Fixes

• Support setting external traffic policy on gateway proxy services via helm. (https://github.com/solo-io/gloo/issues/1410)

New Features

• Add support for custom authentication. You can now provide your own external authentication/authorization server and configure Gloo to call it on the virtual hosts, routes, and weighted destinations that you want to secure. (https://github.com/solo-io/gloo/issues/1396)
• The default version of GlooE installed by the CLI is now 0.20.4. (https://github.com/solo-io/gloo/issues/1386)
• Add support for users to provide their own Envoy grpc rate-limit server. (https://github.com/solo-io/gloo/issues/1398)

Fixes

• Glooctl no longer registers CRDs when performing read/write operations (https://github.com/solo-io/gloo/issues/1380)
• Fix nil pointer when validating nil proxy (https://github.com/solo-io/gloo/issues/1369)

Fixes

• fix nil pointer when validating nil proxy (https://github.com/solo-io/gloo/issues/1369)
• check resource hash in validator (prevents validating status updates) (https://github.com/solo-io/gloo/issues/1368)

Fixes

• Some boolean fields on Helm value structs have an omitempty json tag. This causes the JSON encoder to considered the whole struct empty in cases where we only the boolean field is set to false and might lead to unexpected behavior. (https://github.com/solo-io/gloo/issues/1360)
• Fix interface conversion panic on glooctl command to print route table for a virtual service (https://github.com/solo-io/gloo/issues/1350)

Updated to include envoy 1.11.2 and address CVE-2019-15225 and CVE-2019-15226.

Dependency Bumps

• solo-io/envoy-gloo has been upgraded to v0.1.17.

New Features

• The default version of GlooE installed by the CLI is now 0.20.1. (https://github.com/solo-io/gloo/issues/1272)
• Glooctl can now add routes to Route Tables (https://github.com/solo-io/gloo/issues/1320)
• Glooctl can now add delegate action routes (https://github.com/solo-io/gloo/issues/1319)
• Glooctl can now get/list Route Tables (https://github.com/solo-io/gloo/issues/1318)
• add ValidatingWebhook for Gateway resources (https://github.com/solo-io/gloo/pull/1234)

Fixes

• Gateway waits for Gloo validation server to become available during setup (https://github.com/solo-io/gloo/issues/1322)
• Fix panic on nil route matcher (https://github.com/solo-io/gloo/issues/1316)
• Fix issue where validation cannot be enabled via helm due to treatment of zero values (https://github.com/solo-io/gloo/issues/1314)

New Features

• Flatten enterprise RBAC config by removing useless 'config' nesting from new (not-yet documented/supported) strongly-typed API; deprecated opaque RBAC API unchanged and still supported. Also add ability to disable RBAC on vhosts in strongly-typed API (routes already supported in deprecated config) (https://github.com/solo-io/gloo/issues/1171)
• Flatten ratelimit config by creating v2 version of settings (https://github.com/solo-io/gloo/issues/1171)
• Flatten strongly-typed WAF config (https://github.com/solo-io/gloo/issues/1171)
• Gloo can now report warnings on resources for certain types of invalid configuration. (https://github.com/solo-io/gloo/issues/1290)

Fixes

• Better implementation to flatten ratelimit API; use more intuitive name for service settings rather than a v2 (https://github.com/solo-io/gloo/issues/1171)
• Fix issue where gloo validation server does not restart properly (https://github.com/solo-io/gloo/issues/1296)
• Add weighted_destination_plugins field to WeightedDestination object. The previous weighed_destination_plugins (no "t") has been deprecated and is still supported. (https://github.com/solo-io/gloo/issues/1307)
• Fix reporting on Route Tables (https://github.com/solo-io/gloo/issues/1291)

Fixes

• When deploying OS gloo with the admin console, use a known version for the chart that packages the read-only UI, which is versioned with enterprise Gloo, instead of looking for the current open source version. (https://github.com/solo-io/gloo/issues/1278)

Breaking Changes

• require parent route prefix to be present in delegated routes (https://github.com/solo-io/gloo/pull/1262)

New Features

• The default version of GlooE installed by the CLI is now 0.19.0. (https://github.com/solo-io/gloo/issues/1272)
• Update enterprise API to support strongly typed external auth configurations in settings, virtual hosts, routes, and weighted destinations. The current format based on opaque extensions has been deprecated but is still fully supported. (https://github.com/solo-io/gloo/issues/1171)

Fixes

• Remove the grafana and prometheus pods on uninstall (https://github.com/solo-io/solo-projects/issues/1157)

New Features

• Allow using IAM credentials with AWS Upstreams (https://github.com/solo-io/gloo/issues/680)
• Update enterprise API to have strongly-typed JWT & RBAC config; deprecated opaque extensions config still supported (https://github.com/solo-io/gloo/issues/1171)

Fixes

• Fix glooctl version output formatting. (https://github.com/solo-io/gloo/issues/1243)
• The grafana and prometheus pods are now installed to the correct gloo system namespace instead of default (https://github.com/solo-io/solo-projects/issues/1146)

New Features

• Allow the default gateways to be configurable through helm (https://github.com/solo-io/gloo/issues/1048)
• Option to install Gloo with a visual dashboard. (https://github.com/solo-io/gloo/issues/1218)
• Update enterprise API to have strongly-typed WAF config; deprecated opaque extensions WAF config still supported (https://github.com/solo-io/gloo/issues/1171)

Fixes

• Make sure that glooctl check catches all possible pod conditions (https://github.com/solo-io/solo-projects/issues/1121)

Marked as pre-release due to helm-chart publish issue.

Dependency Bumps

• solo-io/go-utils has been upgraded to v0.10.8.

Breaking Changes

• Update the external auth APIs to support configuring authentication/authorization on routes and weighted destinations, in addition to virtual hosts. The auth configuration that currently is defined directly on the virtual service/proxy resources (under virtualHostPlugins) will become a top-level solo-kit resource (in the context of Kubernetes this means a new CRD). Resources that need to use a particular auth configuration can now just reference the correspondent new AuthConfig resource. The advantages of this change are twofold: besides reducing the duplication of configuration, it guarantees the stability of secured upstreams between auth configuration updates. (https://github.com/solo-io/gloo/issues/1201)

New Features

• Add plugin to enable envoy health check filter (https://github.com/solo-io/gloo/pull/1230)
• Allow users to specify the kubernetes cluster name in glooctl proxy url and glooctl proxy address (https://github.com/solo-io/gloo/issues/1095)

Fixes

• Speed up the Helm tests. (https://github.com/solo-io/gloo/issues/1226)
• Gloo will not re-start it's XDS service when settings change (https://github.com/solo-io/gloo/issues/1191)
• Gloo will optionally wait for EDS to be ready before continuing (https://github.com/solo-io/gloo/issues/1191)

New Features

• Add glooctl debug log command, which prints out all the gloo pod logs. A --zip flag will save them in a tar file (location optionally specified by the --file flag). A --errors-only flag will filter the logs for 'error' level logs. (https://github.com/solo-io/gloo/issues/997)

Fixes

• fix ratelimit setting propagation with new config location (https://github.com/solo-io/gloo/issues/1209)
• Fix upstream status write status error from hybrid client, and generation hash mismatch. (https://github.com/solo-io/gloo/issues/1212)

New Features

• Ability to specify non-standard kube config from glooctl. (https://github.com/solo-io/gloo/issues/1094)
• Move rate-limit API from opaque extensions to strongly-typed enterprise tag and deprecate old api (https://github.com/solo-io/gloo/issues/1171)
• add gloo and gateway configuration options to settings (https://github.com/solo-io/gloo/pull/1145)
• add detailed proxy validation to gloo translator (https://github.com/solo-io/gloo/pull/1165)
• add proxy validation server to gloo (https://github.com/solo-io/gloo/pull/1166)

Fixes

• fix prepending of route prefixes when the prefix is a / (https://github.com/solo-io/gloo/pull/1178)
• Allow you to skip choosing a function when adding routes interactively. (https://github.com/solo-io/gloo/issues/470)

New Features

• Allow container user ids to be dynamically set by the cluster (https://github.com/solo-io/customers/issues/5)
• Modify glooctl version command to output both client and server versions (https://github.com/solo-io/gloo/issues/722)
• Add support for add route query parameter matching. (https://github.com/solo-io/gloo/issues/932)

Fixes

• Add back the virtualservice create consul related flags. (https://github.com/solo-io/gloo/issues/1172)
• If we run glooctl uninstall -all with a nonexistent namespace, still uninstall everything instead of erroring out. (https://github.com/solo-io/gloo/issues/602)
• For both glooctl add and glooctl create, a --dry-run will output a kube-yaml file unless the --output flag overrides it. (https://github.com/solo-io/gloo/issues/907)

New Features

• add route metadata with owner reference to gloo routes (https://github.com/solo-io/gloo/pull/1139)

Fixes

• Fix apiserver RBAC - allow listing setting. (https://github.com/solo-io/gloo/issues/1156)