v1.18.0-beta32

New Features

• Adds new Portal enablement helm value to simplify enabling the Developer Portal in Gloo Gateway. (gloo.kubeGateway.portal.enabled) (solo-io/solo-projects#6470)
• Initial support for Istio's DestinationRule resource for purposes of failover. (solo-io#10251)

v1.18.0-beta31

Helm Changes

• Expose new Helm values kubeGateway.gatewayParameters.glooGateway.service.extraLabels and kubeGateway.gatewayParameters.glooGateway.service.extraAnnotations to set extra labels and extra annotations on the default GatewayParameters. (solo-io/solo-projects#7090)

New Features

• Add an API to allow configuring CHAT_STREAMING to support Gemini streaming API. (hhttps://github.com/solo-io/solo-projects/issues/7030)
• Add API to enable passthrough auth strategy for AI services. This allows users to pass through the token to the AI service, rather than requiring them to supply a seprate token for the AI service. This can be useful if Identity federation has already been done for the backend in question (solo-io/solo-projects#7115)
• Add API to add moderation as a possible Prompt Guard step. This allows users to add run the user prompt through a moderation service before sending it to the backend LLM. (solo-io/solo-projects#7070)
• The existing Helm values settings.aws.enableServiceAccountCredentials and settings.aws.stsCredentialsRegion are now respected when using Kubernetes Gateway API, as part of supporting AWS Lambda with EKS ServiceAccounts. When settings.aws.enableServiceAccountCredentials is true, a aws_sts_cluster cluster, configured with the STS endpoint specified by settings.aws.stsCredentialsRegion, will automatically be added to dynamically provisioned proxies, so that Envoy can reach AWS to assume the role needed to access Lambdas. (solo-io/solo-projects#6847)

Fixes

• Fix glooctl check so that it only checks Proxies in the write namespace (where all proxies are written), instead of checking in each of the watch namespaces. (solo-io#9935)

v1.18.0-beta30

New Features

• Expose close_connections_on_host_set_change on LoadBalancerConfig. Setting this value configures the Envoy LB policy to drain connections when the upstream host set changes. This is useful when using Ring Hash or Maglev load balancing policies and helps ensure rebalancing when recovering from disruptions. Connections are not immediately closed and are allowed to drain. This feature is disabled by default. (solo-io#9505) (solo-io#9505)

Fixes

• Fixes a bug where gloo segfaults if resources are applied to a unwatched namespace. (solo-io/solo-projects#7082)

v1.17.15

Dependency Bumps

• solo-io/envoy-gloo-ee has been upgraded to v1.30.6-patch2.

Fixes

• Fixes a bug where gloo segfaults if resources are applied to a unwatched namespace. (solo-io/solo-projects#7082)

v1.18.0-beta29

This release contained no user-facing changes.

v1.18.0-beta28

This release contained no user-facing changes.

v1.18.0-beta27

Dependency Bumps

• solo-io/envoy-gloo has been upgraded to 1.31.2-patch1.

New Features

• Add an API to allow configuring Gemini as AI upstream. (hhttps://github.com/solo-io/solo-projects/issues/7030)
• Add the initial API for the AI Prompt Guard Webhook. (solo-io/solo-projects#6983)
• Updated the datadog tracer config proto to match envoy v1.31. New fields include collector_hostname and remote_config. Remote config can now be configured or disabled completely. (solo-io#10145)

v1.18.0-beta26

Fixes

• Previously, the controller would only watch Gateway objects for generation field changes which is not updated when annotations change. Since Gateway reconciliation should be triggered when the gateway.gloo.solo.io/gateway-parameters-name annotation is added, removed, or modified, the predicate was updated to check for changes in either the generation field or the annotations. (solo-io#10099)

v1.15.34

This release contained no user-facing changes.

v1.18.0-beta25

Helm Changes

• Add value to enable full Envoy validation after translation. This functionality is disabled by default but can be enabled with gateway.validation.fullEnvoyValidation=true. (solo-io#5720)

New Features

• Adds feature to utilize Envoy's validate mode to validate all config during translation. This will be helpful in catching issues which Gloo translation cannot or otherwise does not view as errors before the config gets served to Envoy. (solo-io#5720)

Fixes

• Updates the Gateway API CRDs to from v1.0.0-rc1 to v1.0.0. (solo-io#10115)
• Changes to downgrade the level of strictness added in 1.17.8 for TLS secret validation. We still validate several pieces of the cert but also scrub down to usable bits. This means we avoid envoy nacks while allowing more non-useful or functional info in our TLS secrets. This means we are RFC compliant but it may mean that there could exist some cert data in an edge case which we will elide from envoy but previously would be nacked. (https://github.com/solo-io/solo-projects/issues/6772)