The Feature-rich, Kubernetes-native, Next-Generation API Gateway Built on Envoy
APACHE-2.0 License
Bot releases are visible (Hide)
Helm Changes
gateway.validation.webhook.enablePolicyApi
which controls whether or not RouteOptions and VirtualHostOptions CRs are subject to validation. By default, this value is true. The validation of these Policy APIs only runs if the Kubernetes Gateway integration is enabled (kubeGateway.enabled
). (https://github.com/solo-io/solo-projects/issues/6352)New Features
host_rewrite_header
to the route options to allow envoy to swapped the host header with the content of given downstream or custom header. Pay attention to the potential security implications of using this option. Provided header must come from trusted source. (https://github.com/solo-io/gloo/issues/9579)AuthConfig
CRD. (https://github.com/solo-io/gloo-mesh-enterprise/issues/16010)MAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVER
environment variable defines the maximum duration the gloo pod can run and attempt to reconnect to the kube apiserver if it is unreachable. Exceeding this duration will lead to the pod quitting. To enable this feature, set the MAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVER
environment variable to the desired duration in the gloo container. This can be done either by modifying the gloo deployment or by specifying the gloo.deployment.customEnv[0].Name=MAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVER
and gloo.deployment.customEnv[0].Value=60s
helm values. (https://github.com/solo-io/gloo/issues/8107)Implements merging of targetRef based RouteOptions and
VirtualHostOptions in a specific order of precedence from
oldest to newest created resource.
The merging uses shallow merging such that for an option
A that is higher priority than option B, merge(A,B) merges
the top-level options of B that have not already been set on A.
This allows options later in the precedence chain to augment
the existing options during a merge but not overwrite them. (https://github.com/solo-io/solo-projects/issues/6313)
Fixes
requestHeadersToAdd
parameter. This resulted in envoy throwing an invalid header name
error. Now, header names are validated according to RFC 9110, which is the same validation used by envoy. If a header name consisting of invalid characters is passed via the aforementioned parameters, it is caught and rejected in edge and does not propagate to envoy. (https://github.com/solo-io/gloo/issues/9622)Published by davidjumani 4 months ago
New Features
MAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVER
environment variable defines the maximum duration the gloo pod can run and attempt to reconnect to the kube apiserver if it is unreachable. Exceeding this duration will lead to the pod quitting. To enable this feature, set the MAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVER
environment variable to the desired duration in the gloo container. This can be done either by modifying the gloo deployment or by specifying the gloo.deployment.customEnv[0].Name=MAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVER
and gloo.deployment.customEnv[0].Value=60s
helm values. (https://github.com/solo-io/gloo/issues/8107)Fixes
host_rewrite_header
to the route options to allow envoy to swapped the host header with the content of given downstream or custom header. Pay attention to the potential security implications of using this option. Provided header must come from trusted source. (https://github.com/solo-io/gloo/issues/9579)requestHeadersToAdd
parameter. This resulted in envoy throwing an invalid header name
error. Now, header names are validated according to RFC 9110, which is the same validation used by envoy. If a header name consisting of invalid characters is passed via the aforementioned parameters, it is caught and rejected in edge and does not propagate to envoy. (https://github.com/solo-io/gloo/issues/9622)Published by nfuden 4 months ago
Fixes
host_rewrite_header
to the route options to allow envoy to swapped the host header with the content of given downstream or custom header. Pay attention to the potential security implications of using this option. Provided header must come from trusted source. (https://github.com/solo-io/gloo/issues/9579)requestHeadersToAdd
parameter. This resulted in envoy throwing an invalid header name
error. Now, header names are validated according to RFC 9110, which is the same validation used by envoy. If a header name consisting of invalid characters is passed via the aforementioned parameters, it is caught and rejected in edge and does not propagate to envoy. (https://github.com/solo-io/gloo/issues/9622)Published by npolshakova 4 months ago
New Features
Fixes
glooctl check
to not rely on existence of proxy deployments when checking proxies. (https://github.com/solo-io/solo-projects/issues/5741)Published by bewebi 4 months ago
Dependency Bumps
Helm Changes
New Features
stateful_session
which can be used to configure the filter. Envoy notes about this filter: - Stateful sessions can result in imbalanced load across upstreams and allow external actors to direct requests to specific upstream hosts. Operators should carefully consider the security and reliability implications of stateful sessions before enabling this feature. - This extension is functional but has not had substantial production burn time, use only with this caveat. - This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted. (https://github.com/solo-io/gloo/issues/9104)Published by nfuden 4 months ago
Dependency Bumps
Published by sheidkamp 4 months ago
Helm Changes
kubeGateway.gatewayParameters.glooGateway.image
to kubeGateway.gatewayParameters.glooGateway.envoyContainer.image
. (https://github.com/solo-io/solo-projects/issues/6107)New Features
Fixes
json_to_proto
value from the gloo API to the envoy API for dynamic metadata transformations. (https://github.com/solo-io/solo-projects/issues/5890)Published by sam-heilbron 5 months ago
Helm Changes
Fixes
Published by lgadban 5 months ago
New Features
Published by jenshu 5 months ago
Helm Changes
New Features
Adds capability to integrate self-managed gateways
that are not meant to be auto-provisioned by the
controller. This is required to support use cases
where gateways are statically provisioned, such
as when running the gateways external to k8s on
VMs.
It adds a selfManaged field to the GatewayParameters
CRD which is used to skip the deployment of Gateway
related objects (deployment, service, etc.). When
a gateway is self-managed, it is expected to be
correctly bootstrapped with an envoy config that
matches the Gateway resource's name and namespace,
specifically the node
field must be configured
correctly to link a self-managed gateway to the
Gateway resource. (https://github.com/solo-io/solo-projects/issues/6196)
Fixes
glooctl get proxy
that returned duplicate proxies. (https://github.com/solo-io/solo-projects/issues/6088)Published by davidjumani 5 months ago
Dependency Bumps
Breaking Changes
ErrNoSupportedSidecar
has been removed from the projects/gloo/cli/pkg/cmd/istio/sidecars
package as we no longer support any versions that would trigger this error. (https://github.com/solo-io/gloo/issues/8990)Helm Changes
Fixes
Published by jbohanon 5 months ago
Dependency Bumps
Helm Changes
New Features
In the current design, a child route must have route matchers
that match the parent's to be considered in the delegation chain.
There's a request to enable matcher inheritance from the parent
such that instead of child routes needing to specify paths
that include the parent's path as prefix, they instead inherit
the parent prefix, headers, query params, etc. The result
is that the paths specified by child routes are relative
to the parent paths. Headers and query params are merged
from the parent into the child while giving preference to
parent matchers in case of conflicts. (https://github.com/solo-io/solo-projects/issues/6228)
Fixes
Published by inFocus7 5 months ago
Fixes
Published by sheidkamp 5 months ago
Dependency Bumps
Helm Changes
Fixes
Published by sheidkamp 5 months ago
This release contained no user-facing changes.
Published by sheidkamp 5 months ago
Dependency Bumps
Helm Changes
New Features
Fixes
This change simplifies how plugins may perform merging
of policies in a delegation chain, particularly in the
case of RouteOptions. It performs an in-place merge
such that the policy on a child route may be overridden
by by a subsequent call to the plugin with a different
route context.
Further, it accurately tracks the source RouteOptions
involved in the merge so that the statuses on them
can be correctly reported. (https://github.com/solo-io/solo-projects/issues/6204)
--proxy-ns
flag from glooctl get proxy
, as proxies are now all written to the discoveryNamespace specified in settings. (https://github.com/solo-io/solo-projects/issues/6088)Published by npolshakova 5 months ago
Helm Changes
global.additionalLabels
that specifies additional labels to add to gloo resources. (https://github.com/solo-io/gloo/issues/9035)New Features
Published by davidjumani 5 months ago
New Features
Additionally, it does the following:
Fixes
Further, it avoids prioritizing regex based matchers based on their
lengths as this is rather abitrary. E.g., /a/b./. is longer than
/a/b./c but less specific, so it's relative order should be lower
in the sorted order but if prioritized based on length it would
appear before a more specific match. If there is a tie among
regex routes, the other precedence rules govern the relative
ordering among them. (https://github.com/solo-io/solo-projects/issues/6175)
Published by jmhbh 6 months ago
Dependency Bumps
Fixes
unwrapAsApiGateway
enabled would result in a 500 response to the caller (https://github.com/solo-io/gloo/issues/8867)Published by bewebi 6 months ago
Dependency Bumps
Fixes
unwrapAsApiGateway
enabled would result in a 500 response to the caller (https://github.com/solo-io/gloo/issues/8867)