Skip to content

Releases: envoyproxy/gateway

latest

23 Dec 02:37
4a64034
Compare
Choose a tag to compare
latest Pre-release
Pre-release

This is the "latest" release of Envoy Gateway, which contains the most recent commits from the main branch.

This release might not be stable.

It is only intended for developers wishing to try out the latest features in Envoy Gateway, some of which may not be fully implemented.

We use v0.0.0-latest as the latest chart version to install latest envoy-gateway:

helm install eg oci://docker.io/envoyproxy/gateway-helm --version v0.0.0-latest -n envoy-gateway-system --create-namespace

Try latest version of egctl with:

curl -Ls https://gateway.envoyproxy.io/get-egctl.sh | VERSION=latest bash

v1.2.4

13 Dec 05:04
6ca4fe3
Compare
Choose a tag to compare

Release Announcement

Check out the v1.2.4 release announcement to learn more about the release.

Bug fixes

  • Fixed BackendTLSPolicy not supporting the use of a port name as the sectionName in targetRefs.
  • Fixed reference grant from EnvoyExtensionPolicy to the referenced ext-proc backend not being respected.
  • Fixed BackendTrafficPolicy not applying to Gateway Routes when a Route has a Request Timeout defined.
  • Fixed proxies connected to the secondary Envoy Gateway not receiving xDS configuration.
  • Fixed traffic splitting not working when some backends were invalid.

Other changes

  • Bumped Envoy to version 1.32.2.

What's Changed

Full Changelog: v1.2.3...v1.2.4

v1.1.4

13 Dec 13:15
127d356
Compare
Choose a tag to compare

Release Announcement

Check out the v1.1.4 release announcement to learn more about the release.

Bug fixes

  • Fixed validate proto messages before converting them to anypb.Any
  • Fixed BackendTlsPolicy specify multiple targetRefs of the same service, only one will work
  • Fixed Envoy rejecting TCP Listeners that have no attached TCPRoutes
  • Fixed frequent 503 errors when connecting to a Service experiencing high Pod churn
  • Fixed reference grant from EnvoyExtensionPolicy to referenced ext-proc backend not respected
  • Fixed BackendTrafficPolicy not applying to Gateway Route when Route has a Request Timeout defined

Other changes

  • Bumped Rate Limit to 49af5cca
  • Bumped golang.org/x/crypto to 0.31.0

What's Changed

Full Changelog: v1.1.3...v1.1.4

v1.2.3

02 Dec 04:08
9fe25ce
Compare
Choose a tag to compare

Release Announcement

Check out the v1.2.3 release announcement to learn more about the release.

Bug fixes

  • Disabled the retry policy for the JWT provider to reduce requests sent to the JWKS endpoint. Failed async fetches will retry every 1s.
  • Used a waitGroup instead of an enabled channel in the status updater.

Other changes

  • EG Listens on IPv4 by default, but if IPFamily is set to IPv6 or DualStack, it listens on :: and enables ipv4_compat for DualStack.
  • Bumped Gateway API to v1.2.1.

What's Changed

Full Changelog: v1.2.2...v1.2.3

v1.2.2

28 Nov 03:59
4901ba0
Compare
Choose a tag to compare

Release Announcement

Check out the v1.2.2 release announcement to learn more about the release.

Bug fixes

  • Fixed Envoy rejecting TCP Listeners that have no attached TCPRoutes.
  • Fixed failed to update SecurityPolicy resources with the backendRef field specified.
  • Fixed xDS translation failed when oidc tokenEndpoint and jwt remoteJWKS are specified in the same SecurityPolicy and using the same hostname.
  • Fixed frequent 503 errors when connecting to a Service experiencing high Pod churn.

Other changes

  • Bump the RateLimit image to 49af5cca.
  • Always use :: and IPv4Compact enabled on dynamic listeners.
  • Use V4_PREFERRED instead of V4_ONLY by default for the cluster's DnsLookupFamily.

What's Changed

Full Changelog: v1.2.1...v1.2.2

v1.2.1

07 Nov 07:31
1e7263b
Compare
Choose a tag to compare

Release Announcement

Check out the v1.2.1 release announcement to learn more about the release.

Bug fixes

  • Fixed a panic in the provider goroutine when the body in the direct response configuration was nil.

What's Changed

  • [release/v1.2] fix panic in provider when the direct response body is nil (#4647) by @arkodg in #4654
  • [release/v1.2] Cherry-pick release note and version bump by @arkodg in #4657
  • [release/v1.2] fix lint by @arkodg in #4659

Full Changelog: v1.2.0...v1.2.1

v1.2.0

06 Nov 15:55
dd1c66f
Compare
Choose a tag to compare

Envoy Gateway v1.2.0 Release Notes

Release Date: November 6, 2024

The Envoy Gateway v1.2.0 release brings a host of new features, performance improvements, and critical bug fixes to enhance networking, traffic management, and security. Explore the latest changes below.


🚨 Breaking Changes

  • Gateway API Updates: Removed support for the v1alpha2 versions for GRPCRoute and ReferenceGrant. See the Gateway API v1.2.0 documentation for details.
  • CPU Limits: Removed default CPU limit for Envoy Gateway deployment to avoid throttling.
  • Envoy Shutdown Settings: Drain strategy set to immediate, with default values as follows:
    • minDrainDuration: 10s
    • drainTimeout: 60s
    • terminationGracePeriodSeconds: 360s
  • Endpoint Health On Host Removal: Enabled ignore_health_on_host_removal for clusters with static endpoints to allow faster removal of endpoints that have been deleted by the control plane, without waiting for the results of an active health check.
  • Logging Level Adjustment: Set xDS and Infra IR logs to Debug level instead of Info, so they will no longer appear in Envoy Gateway logs by default. You can change the logging level to debug to view them.

✨ New Features

API & Traffic Management Enhancements

  • Gateway-API v1.2.0 Support: Fully compatible with the latest Gateway-API standards.
  • IPv4/IPv6 Dual Stack: Now available for EnvoyProxy fleet and BackendRef resources.
  • Standalone Mode: Experimental support for Envoy Gateway standalone (host deployment) mode.
  • Response Override: Added support for Response Override and RequestTimeout in BackendTrafficPolicy.
  • Active Passive Failover: Supported with the new fallback field in the Backend API.
  • Session Persistence in HTTPRoute: Session persistence is supported in HTTPRoute rules for stateful traffic management.
  • HTTPRouteFilter: Adds support for Direct Response and Path Regex Rewrites in HTTPRouteFilter

Security Enhancements

  • JWT Claims-Based Authorization: Advanced security control with claims-based policies in SecurityPolicy.
  • CORS Wildcard Matching: Wildcard matching for AllowMethods and AllowHeaders settings.
  • OIDC Flow Support: Added nonce support for OIDC authorization.

Observability & Tracing

  • Datadog Tracing Integration: Improved support for Datadog tracing in EnvoyProxy CRD.
  • Listener Access Logs: Adds support for configuring Listener level Access Logs for EnvoyProxy.
  • Native Prometheus Metrics: Introduced a Prometheus metrics endpoint for rate limit monitoring.

Helm Customization

  • SecurityContext Options: Customizable security context for improved deployment.
  • NodeSelector and PriorityClassName: Added for more granular deployment configuration.

🐞 Bug Fixes

  • Fixed xDS translation failure when the WASM HTTP code source was configured without an SHA.
  • Resolved unsupported listener protocol types causing errors in Gateway status updates.
  • Fixed BackendTLSPolicy causing crashes due to invalid sectionName in Backend configurations.
  • Fixed propagation delays in SecurityPolicy updates for HTTPRoute when using targetSelectors.
  • Improved JSONPath to JSONPatch translation accuracy.
  • Fixed unwanted / appearing in paths when using prefix rewrites.
  • Corrected nil pointer errors when configuring hash load balancing.
  • Fixed active health check issues where expectedStatuses was not functioning properly.
  • Ensured correct status updates for Backend resources and HTTPRoute.

🚀 Performance Improvements

  • Memory Optimization: Enhanced memory usage by eliminating redundant resource storage.

⚙️ Other Notable Changes

  • Envoy Upgrade: Now using Envoy v1.32.1 for added stability and performance.
  • Optional Alpha CRD Watching: Allows Envoy Gateway to run with older Gateway API versions.

For more information and full API documentation, please visit the Envoy Gateway Documentation.


This release strengthens Envoy Gateway with enhanced API support, security policies, and observability features to better serve high-demand environments.

What's Changed

Read more

v1.1.3

04 Nov 23:41
abd3397
Compare
Choose a tag to compare

Release Announcement

Check out the v1.1.3 release announcement to learn more about the release.

Breaking changes

New features

Bug fixes

  • Fixed unsupported listener protocol type causing an error while updating Gateway Status
  • Fixed some status updates were being discarded by the status updater
  • Fixed error level logging for admin and metrics modules
  • Fixed Dashboard typos
  • Fixed Ratelimit Deployment ignoring pod labels and annotation merge
  • Fixed the API Server receives unnecessary requests
  • Fixed set invalid Listener.SupportedKinds to empty list
  • Fixed losing timeout settings that originate from the route when translating the backend traffic policy
  • Fixed xds translation failure when wasm http code source configured without sha

Performance improvements

Other changes

  • Bumped Envoy proxy to 1.31.3
  • Bumped github.com/docker/docker to 27.3.1+incompatible

What's Changed

  • [release/v1.1] fix: don't lose timeout settings that originate from the route when t… by @zhaohuabing in #4450
  • [release/v1.1] Fix: xds translation failed when wasm http code source configured wit… by @zhaohuabing in #4557
  • Release v1.1.3 cherry-pick by @guydc in #4578
  • [release/v1.1] bump envoy by @guydc in #4596
  • [release/v1.1] Release/v1.1.3 by @guydc in #4613

Full Changelog: v1.1.2...v1.1.3

v1.2.0-rc.1

25 Oct 09:03
19eb5f5
Compare
Choose a tag to compare
v1.2.0-rc.1 Pre-release
Pre-release

Breaking changes

  • Gateway API GRPCRoute and ReferenceGrant v1alpha2 have been removed.
  • Please refer to the Gateway API v1.2.0 documentation for more information.
  • Removed default CPU limit of the Envoy Gateway deployment
  • Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively

New features

  • Added support for Gateway-API v1.2.0
  • Added support for IPv4/IPv6 Dual Stack for Envoy listeners and BackendRef resources
  • Added support for EG standalone(host deployment) mode (experimental)
  • Added support for JWT claims based Authorization in SecurityPolicy CRD
  • Added support for Direct Response in HTTPRouteFilter CRD
  • Added support for Response Override in BackendTrafficPolicy CRD
  • Added support for RequestTimeout in BackendTrafficPolicy CRD
  • Added support for inverting header matches for rate limit in BackendTrafficPolicy CRD
  • Added support for client TLS session resumption in ClientTrafficPolicy CRD
  • Added support for HTTPRouteFilter and path regex rewrite
  • Added support for host header rewrite in HTTPRouteFilter CRD
  • Added support for Listener Access Log in EnvoyProxy CRD
  • Added support for Datadog tracing support in EnvoyProxy CRD
  • Added support for request response sizes stats in EnvoyProxy CRD
  • Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD
  • Added support for match conditions for access log in EnvoyProxy CRD
  • Added support for using BackendCluster to represent OIDCProvider
  • Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD
  • Added support for sharing token cookies between multiple domains in SecurityPolicy CRD
  • Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD
  • Added support for LB priority for non xRoute endpoints
  • Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD
  • Added support for early request header mutation in the ClientTrafficPolicy CRD
  • Added support for JsonPath in the EnvoyPatchPolicy CRD
  • Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD
  • Added support for cluster settings for non xRoute-generated backend refs
  • Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD
  • Added support for http2 upstream settings in BackendTrafficPolicy CRD
  • Added support for DNS resolution settings in BackendTrafficPolicy CRD
  • Added support for configuring service annotations in the Envoy Gateway helm chart
  • Added support for configuring priorityClassName to Envoy Gateway helm chart
  • Added support for ratelimit metrics monitoring in grafana in the addons helm chart
  • Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart
  • Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart
  • Added support for configuring NodeSelector in the Envoy Gateway helm chart
  • Added support for nonce in the OIDC auth flow
  • Added support for choosing an HTTPRoute's non-wildcard hostname as the default Host
  • Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails
  • Added support for returning 500 when SecurityPolicy translation fails
  • Added support for multiple backendRefs for ExtAuth and ExtProc
  • Added support for session persistence in HTTPRoute rules
  • Added support for the Backend resource for ExtAuth
  • Added support for target selectors on Envoy Gateway Extension Server policies
  • Added support for non-Kubernetes Backends for TLSRoute
  • Added support for fallback to the Backend API
  • Added support for reloadable EnvoyGateway configuration
  • Added support for adding Labels to the Envoy Service
  • Added support for custom name for ratelimit deployment
  • Added default SecurityContext for EG components
  • Added startupProbe to all provisioned containers
  • Added support for local validations for egctl translate and file provider
  • Added support for egctl x collect to collect information from the cluster for debugging
  • Added support for a native prometheus metrics endpoint in the ratelimit server

Bug fixes

  • Fixed unsupported listener protocol type causing an error while updating Gateway Status
  • Fixed some status updates were being discarded by the status updater
  • Fixed Gateway crash adding BackendTLSPolicy to External Backend of an HTTPRoute
  • Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors
  • Fixed JSONPath not correctly translated to JSONPatch paths
  • Fixed allow empty slowStart when using LeastRequest
  • Fixed Backends which should be rejected are still used as an HTTPRoute's destination
  • Fixed losing timeout settings that originate from the route when translating the backend traffic policy
  • Fixed Backend resources don't get status updates
  • Fixed Active Health check requires expectedStatuses field to work
  • Fixed HTTPHeaderFilter processing doesn't correctly support multiple header values
  • Fixed multiple reference grants in same namespace
  • Fixed upstream get unwanted /.
  • Fixed creation of SecurityPolicy with targetSelectors fails
  • Fixed wrong gateway is chosen as HTTPRoute parent
  • Fixed override issue for EEP
  • Fixed nil pointer err translating hash load balancing
  • Fixed ratelimit does not work across multiple GatewayClasses
  • Fixed upstream mTLS only works for HTTPS listeners
  • Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not
  • Fixed empty connection limit causes XDS rejection
  • Fixed ratelimit not working with both headers and cidr matches
  • Fixed EDS didn't update when deployments was created after services
  • Fixed RBAC issue for deleting infrastructure resources
  • Fixed customized infrastructure resources not being deleted
  • Fixed Gateways never become ready/programmed when running Envoy as a Daemonset
  • Fixed Ratelimit Deployment ignoring pod labels and annotation merge
  • Fixed the API Server receives unnecessary requests
  • Fixed terminating envoy pods don't respond with "Connection: close" (H1) or GOAWAY(H2) on shutdown, switch to an immediate drain strategy
  • Fixed ratelimit statsd not working
  • Fixed not generating selector of deployment/daemonset based on the custom label configuration of EnvoyProxy
  • Fixed egctl experimental translate using a wrong ns

Performance improvements

  • Fixed repeated resources and optimize memory usage

Other changes

  • Removed grafana test framework from the addons helm chart
  • Disabled ALPN for non-HTTP routes
  • Added statPrefix for HCM and TCPProxy
  • Enabled GatewayHTTPListenerIsolation conformance test
  • Enabled GRPC conformance profile
  • Enabled HTTPRouteBackendRequestHeaderModifier conformance test
  • Added e2e test for Daemonset mode
  • Updated upgrades tests to use VERSION env variable
  • Fixed OVS scanner wrong license warnings
  • Added e2e test for TLS session resumption
  • Added heap profile into benchmark report
  • Added e2e test for RecomputeRoute in ExtAuth
  • Added benchmark memory profiles into report
  • Fixed flaky gateway_with_conflicted_listener_cannot_be_merged e2e test
  • Fixed flaky Zipkin Tracing e2e test
  • Added e2e test for cookie based consistent hash load balancing
  • Added e2e test for load balancing
  • Fixed flaky authorization tests
  • Enabled upgrade test
  • Fixed flaky basic auth e2e test
  • Enabled use-client-protocol e2e test
  • Added performance benchmarking test for 1000 HTTPRoutes
  • Added e2e test for Datadog tracing
  • Added e2e tests for ratelimit invert matching headers
  • Reduced readinessProbe failureThreshold and periodSeconds
  • Bumped go-control-plane to v0.13.1

What's changed

Read more

v1.1.2

24 Sep 18:35
70b1697
Compare
Choose a tag to compare

What's Changed

Full Changelog: v1.1.1...v1.1.2