Releases: solo-io/gloo
v1.17.0-beta32
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to v1.30.1-patch1.
Helm Changes
- Introduced new fields to kubeGateway top-level field which configure the deployed Gateway proxies generated from a Gateway. Also introduced a new default GatewayParameters to be rendered when kubeGateway.enabled=true. This contains defaults for Istio/SDS, as well as things like envoy image, deployment replicas, and extra labels in the pod template. (solo-io/solo-projects#6107)
New Features
- Introduced a new default GatewayParameters which is associated with a GatewayClass and represents the default values applied to Gateways created from that GatewayClass that don't otherwise have a specific GatewayParameters attached. (solo-io/solo-projects#6107)
- gateway2/delegation: enable optional parent matcher inheritance
In the current design, a child route must have route matchers
that match the parent's to be considered in the delegation chain.
There's a request to enable matcher inheritance from the parent
such that instead of child routes needing to specify paths
that include the parent's path as prefix, they instead inherit
the parent prefix, headers, query params, etc. The result
is that the paths specified by child routes are relative
to the parent paths. Headers and query params are merged
from the parent into the child while giving preference to
parent matchers in case of conflicts. (solo-io/solo-projects#6228)
Fixes
- Added default service type of LoadBalancer to default GatewayParameters. This value will be inherited by each deployed gateway proxy unless it is overridden in a GatewayParameters attached to the Gateway resource which generated it. (solo-io/solo-projects#6113)
- Fixes bug that prevented deleted HTTPRoutes from being fully reconciled to proxies (#9508)
- Make GatewayParameters fields nullable so they are more easily overridable. (solo-io/solo-projects#6107)
v1.17.0-beta31
Fixes
- Set the previously-missing HTTPS listener data when the listeners are translated. (solo-io/solo-projects#6201)
v1.17.0-beta30
This release contained no user-facing changes.
v1.16.14
Dependency Bumps
- solo-io/k8s-utils has been upgraded to v0.6.3.
Helm Changes
-
- Add helm values for all containers to allow defining containers' securityContexts * Add global.podSecurityStandards.enableRestrictedContainerDefaults to default to using a restricted set of container defaults * Add new helper template to render the container securityContexts and apply the defaults if neccessary (#8864)
Fixes
- Add helm values for all containers to allow for conforming to Pod Security Standards (#8864)
v1.17.0-beta29
Dependency Bumps
- solo-io/k8s-utils has been upgraded to v0.6.3.
Helm Changes
-
- Add helm values for all containers to allow defining containers' securityContexts * Add global.podSecurityStandards.enableRestrictedContainerDefaults to default to using a restricted set of container defaults * Add new helper template to render the container securityContexts and apply the defaults if neccessary (#8864)
New Features
- Add helm values for all containers to allow for conforming to Pod Security Standards (#8864)
Fixes
- gateway2: simplify how plugins handle delegated routes
This change simplifies how plugins may perform merging
of policies in a delegation chain, particularly in the
case of RouteOptions. It performs an in-place merge
such that the policy on a child route may be overridden
by by a subsequent call to the plugin with a different
route context.
Further, it accurately tracks the source RouteOptions
involved in the merge so that the statuses on them
can be correctly reported. (solo-io/solo-projects#6204)
- Removed the
--proxy-nsflag fromglooctl get proxy, as proxies are now all written to the discoveryNamespace specified in settings. (solo-io/solo-projects#6088)
v1.17.0-beta28
Helm Changes
- Adds a new helm value
global.additionalLabelsthat specifies additional labels to add to gloo resources. (#9035)
New Features
- Adds webhook validation for Gloo Gateway Policies (e.g. RouteOption and VirtualHostOption) when used with Kubernetes Gateway API (solo-io/solo-projects#6063)
v1.17.0-beta27
New Features
- This change implements policy inheritance, specifically
in the context of RouteOptions, such that a child route
in a delegation chain may inherit RouteOptions from its
ancestors. Parents higher in the hierarchy are given
preference when merging the RouteOptions down the delegation
chain, i.e. for a tree A->B->C the RouteOptions of A are
prioritized first, then the RouteOptions of B augment that
of A without overriding the options in A, then the options
of C augment the merge of A and B without overriding fields.
Additionally, it does the following:
- Refactors the RouteOption query API to perform merging
and prioritization within the query. - Translator tests for the many scenarios of policy inheritance.
- Converts delegation translator test to a table-driven test.
- E2e tests to verify the inheritance and merge functionality. (solo-io/solo-projects#6161)
Fixes
- This change updates the route sorting such that regex based matchers
are prioritized over prefix based matchers to be consistent with
Gloo gateway v1. The Gateway API states that the precedence of
regex matches is implementation specific, so this change conforms
to the API requirements.
Further, it avoids prioritizing regex based matchers based on their
lengths as this is rather abitrary. E.g., /a/b./. is longer than
/a/b./c but less specific, so it's relative order should be lower
in the sorted order but if prioritized based on length it would
appear before a more specific match. If there is a tie among
regex routes, the other precedence rules govern the relative
ordering among them. (solo-io/solo-projects#6175)
- Refactor our TestInstallation to make it more re-usable with Portal E2E tests. (solo-io/solo-projects#6029)
v1.17.0-beta26
Dependency Bumps
- bitnami/kubectl has been upgraded to 1.28.9.
- solo-io/envoy-gloo has been upgraded to v1.29.3-patch2.
Fixes
- Fix a bug where Lambdas returning multiValueHeaders with non-string type with
unwrapAsApiGatewayenabled would result in a 500 response to the caller (#8867)
