Skip to content

v1.19.0-beta3

Latest
Latest
Compare
Choose a tag to compare
@sheidkamp sheidkamp released this 16 Jan 16:11
· 1 commit to main since this release
v1.19.0-beta3
65196f5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Dependency Bumps

  • golang.org/crypto has been upgraded to v0.31.0.
  • solo-io/envoy-gloo has been upgraded to v1.31.5-patch1.
  • golang.org/x/net has been upgraded to v0.33.0.

Helm Changes

  • Adds support for match conditions (defined via Common Expression Language (CEL)) to the validating webhook to allow fine grained request filtering. They can be set via two new helm values : - gateway.validation.matchConditions on the Gloo webhook - gateway.validation.kubeCoreMatchConditions on the Kube webhook Note that match labels are supported from Kubernetes v1.30+ but need to be enabled in Kubernetes v1.27 to v1.30 via the AdmissionWebhookMatchConditions feature gate. (kgateway-dev#9828)

New Features

  • Add a new Ports field to the GatewayParameters Kube.Service Spec in order to allow admin users to configure additional information about the ports that the Gateway should listen on. This is useful if the user wants to specify a static NodePort. (solo-io/solo-projects#7504)
  • Add new SSL options to GatewayTLSConfig to enable configuring additional SSL options which were previously available using the edge API. This includes cipher suites, minimum TLS version, maximum TLS version, client certificate validation, and one way TLS. (solo-io/solo-projects#7505)
  • gateway2: allow route delegation using wellknown label

There is a product requirement to enable users to use
a label to select HTTPRoutes to delegate to instead
of GVK ref to other HTTPRoutes (includes wildcards).

To strike a balance between flexibility and performance,
this change implements the proposal to use a well known
label delegation.gateway.solo.io/label=<value> to
allow users to delegate to other HTTPRoutes using a label.
HTTPRoutes are indexed using this well known label key that
enable O(1) lookups of routes matching this label value. (solo-io/solo-projects#7626)

  • Add ability to configure proxy service External Traffic Policy via Gateway Params (kgateway-dev#9879)

Fixes

  • Export IsGatewayInstalled for use in other packages (solo-io/solo-projects#7432)
  • Fixes an issue where the ai semantic caching distance is not being set correctly in the cache. Also move the distance threshold to the cache configuration, rather than per datastore. (solo-io/solo-projects#7440)
  • Fixes an issue where an error is thrown instead of an InvalidDestinationWarning when a tracing collector references a missing upstream. (kgateway-dev#10293)
  • gateway2/delegation: enable inherited policy overrides

Adds the ability to override inherited policy fields when
explicitly permitted by a parent route using the annotation
delegation.gateway.solo.io/enable-policy-overrides.
It supports a wildcard value "*" or a comma separated list
of field names such as "faults,timeouts,retries,headermanipulation".

Functionally, a child RouteOption may only override the RouteOptions
derived from its parent if the above annotation exists on the parent
route. This is required to make the override behavior safe to use.

Testing done:

  • Translator tests for the new scenarios. (solo-io/solo-projects#7315)
  • Route delegation makes use of delegation.gateway.solo.io/*
    annotations, so changes to annotations should reconcile HTTPRoutes. (solo-io/solo-projects#7514)
  • Add PERSIST_INSTALL environment variable to control Gloo installation while running e2e tests (both new and old versions). If set to true, the the installation of Gloo will be skipped if it is already installed, and will install Gloo if not already installed. When set to true, teardown will also be skipped.
    The TEAR_DOWN flag will now also be usable with the new kubernetes e2e tests, and common logic is now beign used to control Gloo installtion and teardown for both new and old e2e tests. (solo-io/solo-projects#7432)
  • Fix a memory leaking a log name. (solo-io/solo-projects#7573)
  • When merging parent-child policies, the merging should allow child
    policies to augment parent policies such that fields unset on the
    parent can be set by the child. There is a bug when using policy
    override capability with route delegation that disallows this when
    the annotation specifies non-wildcard fields, such that even if
    a field is unset by the parent only the fields specified in the
    override annotation are merged in - which is incorrect because
    the annotation only applies to fields that are being overriden
    (set by the parent). This change fixes the bug. (solo-io/solo-projects#7601)
Assets 12
Loading