Releases: kubernetes-sigs/gateway-api
v1.0.0-rc1
The working group expects that this release candidate is quite close to the
final v0.8.0 release. However, breaking API changes are still possible.
This release candidate is suitable for implementors, but the working group does
not recommend shipping products based on a release candidate API due to the
possibility of incompatible changes prior to the final release. The following
represents the changes since v0.8.0-rc1:
Gateway, GatewayClass, and HTTPRoute are GA 🎉
Gateway, GatewayClass, and HTTPRoute have all graduated to GA with a v1
API
version. Although these APIs will continue to grow with future additions, the
versions of these resources available via the Standard Channel are stable and
recommended for use in production. Many implementations are fully passing
conformance tests that cover the functionality of each of these resources. These
APIs are graduating to GA with only minor spec clarifications since the v0.8.0
release.
CEL Migration
Starting in v0.8.0, Gateway API CRDs now include CEL validation. In this release
the validating webhook is no longer bundled with CRD installation. Instead we
include a separate webhook-install.yaml
file as part of the release artifacts.
If you're running Kubernetes 1.25+, we do not recommend installing the webhook
and additionally suggest that you uninstall any previously installed versions of
the webhook.
If you're still running Kubernetes 1.23 or 1.24, we recommend installing the
webhook until you can upgrade to Kubernetes 1.25 or newer.
New Experimental Features
There are several exciting new experimental features in this release:
BackendTLSPolicy
A new BackendTLSPolicy
resource has been introduced for configuring TLS
connections from Gateways to Backends. This allows you to configure the Gateway
to validate the certificates served by Backends. For more information, refer to
GEP 1897.
Primary Author: @candita
HTTPRoute Timeouts
HTTPRoute has a new Timeouts
field on Route Rules. This allows you to
configure overall Request Timeouts as well as Backend Request Timeouts. For more
information, refer to GEP 1742.
Primary Authors: @frankbu, @SRodi
Gateway Infrastructure Labels
Gateway has a new Infrastructure
field that allows you to specify Labels
or
Annotations
that you'd like to be propagated to each resource generated for a
Gateway. For example, these labels and annotations may be copied to Services and
Deployments provisioned for in-cluster Gateways, or to other
implementation-specific resources, such as Cloud Load Balancers. For more
information, refer to GEP 1762.
Primary Author: @howardjohn
WebSockets, HTTP/2, and More
Some coordinated work across both Gateway API and upstream Kubernetes has
defined 3 new values for the AppProtocol field on Service Ports:
kubernetes.io/h2c
- HTTP/2 over cleartext as described in
RFC7540kubernetes.io/ws
- WebSocket over cleartext as described in
RFC6445kubernetes.io/wss
- WebSocket over TLS as described in
RFC6455
These can now be used with Gateway API to describe the protocol to use for
connections to Kubernetes Services. For more information, refer to GEP
1911.
A new CLI tool: gwctl
An experimental new CLI tool and kubectl plugin, gwctl aims to improve the UX
when interacting with Gateway API. Initially it is focused on Policy Attachment,
making it easier to understand which policies are available in a cluster, and
which have been applied. In future releases, we hope to expand the scope of this
tool to provide more detailed responses when getting and describing Gateway API
resources. Note that this tool is still in very early stages and it's very
likely that future releases will include breaking changes for gwctl. For more
information, refer to the gwctl Readme.
Primary Author: @gauravkghildiyal
Everything Else
Of course there's a lot more in this release:
Spec Clarifications
- Clarify that the Gateway Listener status AttachedRoutes field is a count of
the number of Routes associated with a Listener regardless of Gateway or Route
status. (#2396, @sunjayBhatia) - Gateway: A new concept called "Listener Isolation" has been introduced to
describe the recommendation that at most one Listener matches a request, and
only Routes attached to that Listener are used for routing. (#2465, @robscott) - Experimental Channel: For ParentRefs to be considered distinct, they either
both need to specify a distinct SectionName, both need to specify a distinct
Port, or both. (#2433, @robscott) - Updated rules about Listener uniqueness to use the term
distinct
(#2436,
@youngnick)
Status
- GatewayClass Status: A new experimental
supportedFeatures
field has been
added. Implementations should populate this with the features they support.
(#2461, @LiorLieberman, @robscott) - GatewayClass Status: A new SupportedVersion condition has been added that MUST
be set when a GatewayClass is accepted. (#2384, @robscott) - Route Status: A new "PartiallyInvalid" condition has been added for all Route
types. This condition also includes guidance for how partially invalid states
should be handled with Gateway API. (#2429, @robscott) - The condition reason
GatewayReasonUnsupportedAddress
forAccepted
now ONLY
applies when an address type is provided for aGateway
which it does not
support.
(#2412 @shaneutt) - The condition reason
GatewayReasonAddressNotAssigned
forProgrammed
now
ONLY applies to problems with dynamic address allocation.
(#2412 @shaneutt) - The condition reason
GatewayReasonAddressNotUsable
forProgrammed
has been
added to deal with situations where a static address has been provided for a
Gateway which is of a supported type, and is syntatically valid, but for some
reason it can not be used for this Gateway (e.g. the address is already in use
on the network).
(#2412 @shaneutt)
Documentation
- A guide for Gateway API implementers is now included in the specification.
(#2454, @youngnick) - Gateway API versioning will continue to rely on two release channels -
Standard and Experimental. New resources will start in the Experimental
Channel with an alpha API Version and then graduate to the Standard Channel
with a GA API version. Resources that already have Beta API versions will
continue to have them, but no additional Gateway API resources will get a Beta
API version. (#2446, @robscott)
Cleanup
Other (Cleanup or Flake)
- Resources related to the validating webhook such as the
gateway-system
namespace and thegateway-api-admission-server
deployment have been removed
from the installation manifests, in favor of CEL based Validations that are
built into the CRD definition. These are still available in
webhook-install.yaml
in case you would like to optionally install them.
(#2401, @arkodg)
v0.8.1
v0.8.1
This is a patch release that includes small bug fixes and a new conformance test
as a follow up to the v0.8.0 release.
Changes by Kind
Bug Fixes
- Fix CEL validation not handling missing listener hostname correctly. (#2370, @frankbu)
- Fix IPv6 parsing in conformance tests (#2375, @keithmattix)
Conformance Tests
v0.8.0
Major Themes
GAMMA (Service Mesh)
Service mesh support per the GAMMA initiative has moved to experimental in
v0.8.0
. As an experimental API, it is still possible that this will
change; the working group does not recommend shipping products based on any
experimental API.
When using the Gateway API to configure a service mesh, the Gateway and
GatewayClass resources are not used (as there will typically only be one mesh
in the cluster) and, instead, individual route resources are associated
directly with Service resources. This permits configuring mesh routing while
preserving the Gateway API's overall semantics.
We encourage service mesh implementers and users to try this new support and
we welcome feedback! Once again, though, the working group does not recommend
shipping products based on this or any other experimental API. due to the
possibility of incompatible changes prior to the final release.
CEL Validation
This release marks the beginning of a transition from webhook validation to CEL
validation that is built into the CRDs. That will mean different things
depending on the version of Kubernetes you're using:
Kubernetes 1.25+
CEL validation is fully supported. Most validation is now covered by the
validating webhook, but unfortunately not quite everything.
All but one validation has been translated from the
webhook to CEL. Currently the CRDs only have a case-sensitive uniqueness check
for header names in header modifier filters. The webhook validation is more
thorough, ensuring that the uniqueness is case-insensitive. Unfortunately that
is not possible to represent with CEL today. There is more information in
#2277.
Installing the validating webhook is still recommended for this release to allow
controllers to catch up to cover this gap in CEL validation. We expect this is
the last release we will make this recommendation for, for more information,
refer to #2319.
Kubernetes 1.23 and 1.24
CEL validation is not supported, but Gateway API v0.8.0 CRDs can still be
installed. When you upgrade to Kubernetes 1.25+, the validation included in
these CRDs will automatically take effect. We recommend continuing to install
the validating webhook on these Kubernetes versions.
Kubernetes 1.22 and older
Unfortunately Gateway API v0.8.0 is not supported on these Kubernetes versions.
Gateway API v0.8.0 CRDs include CEL validation and cannot be installed on these
versions of Kubernetes. Note that Gateway API only commits to providing support
for the 5 most recent versions of Kubernetes,
and thus these versions are no longer supported by Gateway API.
API Version Changes
As we prepare for a v1.0 release that will graduate Gateway, GatewayClass, and
HTTPRoute to the v1
API Version from v1beta1
, we are continuing the process
of moving away from v1alpha2
for resources that have graduated to v1beta1
.
The following changes are included in this release:
v1alpha2
of Gateway, GatewayClass, and HTTPRoute is no longer servedv1alpha2
of ReferenceGrant is deprecatedv1beta1
is now the storage version for ReferenceGrant
Those changes mean that:
- Users and implementations that were reading or writing from
v1alpha2
of
Gateway, GatewayClass, or HTTPRoute MUST upgrade to usev1beta1
. - Users and implementations that were reading or writing from
v1alpha2
of
ReferenceGrant SHOULD upgrade to usev1beta1
.
For more information, refer to
#2069.
Supported Features and Conformance Levels
Gateway API conformance tests have a concept of "Supported Features".
Implementations state which features they support, and then all the tests
covering that set of features are run.
Prior to v0.8.0, we had a concept of "StandardCoreFeatures" that represented the
set of features we expected every implementation to implement. Support for the
Gateway and HTTPRoute resources was included in that list.
Alongside that, Gateway API also has a concept of "Support Levels" such as
"Core", "Extended", and "Implementation-Specific". The API had labeled 2
resources as having support levels, but these didn't really make sense with
the modular API model of Gateway API.
In this release, we've simplified the concepts here. Individual resources no
longer have assigned support levels, instead these are represented as "Supported
Features." Implementations can separately claim to support Gateway,
ReferenceGrant, or any other resource. This change helps accommodate incoming
Mesh implementations, many of which do not support one or both of these
resources.
For more information refer to
#2323.
Other Changes
Status
- Add IncompatibleFilters reason for implementations to specify when a route is
invalid due to an invalid combination of route filters. (#2150, @sunjayBhatia)
Validation
- Add CEL validation for GRPCRoute. (#2305, @gnossen)
- HTTPRoute and GRPCRoute CRDs now provide built-in validation that ensures the
uniqueness of names in Header Modifier "Remove" lists. (#2306, @robscott)
Spec Clarifications
- RequestMirrorFilter: Enhanced the doc string to be explicit about sending the
mirrored request to a single destination endpoint within the backendRef
specified. (#2317, @arkodg) - HTTPRoute Method matching precedence has been clarified (#2054,
@gauravkghildiyal) - Clarify that implementations must not modify HTTP Host header. Adds
specificity alongside spec that port in Host header must be ignored when
matching on host. (#2092, @sunjayBhatia) - Fix typo: rename GatewaReasonUnsupportedAddress ->
GatewayReasonUnsupportedAddress (#2149, @panslava) - HTTPRoute: Clarified that exact path matches are truly exact, both trailing
slashes and capitalization are meaningful. (#2055, @robscott) - Implementations MUST ignore any port value specified in the HTTP Host header
while performing a match against HTTPRoute.Hostnames (#1980,
@gauravkghildiyal)
Conformance
- Add conformance tests against accepting invalid ReferenceGrants in HTTPRoute
and TLSRoute (#2076, @meyskens) - Fixed an issues causing conformance tests to fail when using IPv6 addresses
(#2024, @howardjohn) - HTTPRoute connectivity is in now enforced in conformance tests if a relevant
ReferenceGrant gets deleted. (#1853, @pmalek) - The
--skip-tests
flag has been added to the conformance CLI to enable tests
opt-out when using it. (#2170, @mlavacca) - The experimental conformance profile suite can now be added as a stand-alone
cli and by means ofgo test
. (#2066, @mlavacca) - GEPs now must have a Conformance Details section that specifies the feature's
name for conformance purposes. (#2115, @youngnick) - Better support mesh-only conformance testing (#2312, @kflynn)
- SupportedFeatures have been restructured to be per-resource (#2323, @robscott)
- Add SupportedFeature for port 8080 on Gateway (#2184, @xtineskim)
- Fixes for IPv6 in Mesh (#2340, @keithmattix)
- Fix leaking TCP connections which can lead to conformance test failures
(#2358, @gauravkghildiyal)
Webhook
- Changed default imagePullPolicy for gateway-api-admission-server to
IfNotPresent. (#2215, @networkhermit) - Webhook config works with PodAdmission restricted (#2016, @jcpunk)
Documentation
- Adds support for ParentRef targeting a Kubernetes Service resource for mesh
implementations. (#2146, @mikemorris) - Clarify wording on website around Gateway API vs API Gateway (#2191,
@david-martin) - GEP-1282, Backend Properties, has been declined. (#2132, @youngnick)
- Added missing GEPs. (#2114, @levikobi)
Bug Fixes
- Added the missing ReferenceGrant resource the kustomization.yaml for the
standard channel (#2084, @howardjohn) - Webhook validation now ensures that BackendRefs can not be specified in the
same HTTPRoute rule as a Redirect filter (#2161, @slayer321) - GRPCRoute: The default match has been removed as it was invalid (it only
specified a type of "Exact" without a corresponding Service or Method). Note
that the match type still defaults to "Exact". (#2311, @gauravkghildiyal)
New Contributors
- @jcpunk made their first contribution in #2016
- @evankanderson made their first contribution in #2100
- @spacewander made their first contribution in #2130
- @levikobi made their first contribution in #2114
- @mmorel-35 made their first contribution in #2138
- @Treenhan made their first contribution in #2101
- @meyskens made their first contribution in #2076
- @kflynn made their first contribution in #2182
- @AmaliMatharaarachchi made their first contribution in #2168
- @xtineskim made their first contribution in #2184
- @saltbo made their first contribution in #2185
- @slayer321 made their first contribution in #2161
- @adleong made their first contribution in #2164
- @david-martin made their first contribution in https://github.com/kuber...
v0.8.0-rc2
The working group expects that this release candidate is quite close to the final
v0.8.0 release. However, breaking API changes are still possible.
This release candidate is suitable for implementors, but the working group does
not recommend shipping products based on a release candidate API due to the
possibility of incompatible changes prior to the final release. The following
represents the changes since v0.8.0-rc1:
Changes by Kind
Validation
- Add CEL validation for GRPCRoute. (#2305, @gnossen)
- HTTPRoute and GRPCRoute CRDs now provide built-in validation that ensures the
uniqueness of names in Header Modifier "Remove" lists. (#2306, @robscott)
Bug Fixes
- GRPCRoute: The default match has been removed as it was invalid (it only
specified a type of "Exact" without a corresponding Service or Method). Note
that the match type still defaults to "Exact". (#2311, @gauravkghildiyal)
Spec Clarifications
- RequestMirrorFilter: Enhanced the doc string to be explicit about sending the
mirrored request to a single destination endpoint within the backendRef
specified. (#2317, @arkodg) - Resources no longer have support levels, implementations can choose to support
whichever set of resources they want (#2323, @robscott)
Conformance
- Better support mesh-only conformance testing (#2312, @kflynn)
- SupportedFeatures have been restructured to be per-resource (#2323, @robscott)
New Contributors
- @whitneygriffith made their first contribution in #2301
- @uucloud made their first contribution in #2308
- @caroltyk made their first contribution in #2291
Full Changelog: v0.8.0-rc1...v0.8.0-rc2
v0.8.0-rc1
The working group expects that this release candidate is quite close to the final
v0.8.0 release. However, breaking API changes are still possible.
This release candidate is suitable for implementors, but the working group does
not recommend shipping products based on a release candidate API due to the
possibility of incompatible changes prior to the final release.
Major Themes
GAMMA (Service Mesh)
Service mesh support per the GAMMA initiative has moved to experimental in
v0.8.0
. As an experimental API, it is still possible that this will
change; the working group does not recommend shipping products based on any
experimental API.
When using the Gateway API to configure a service mesh, the Gateway and
GatewayClass resources are not used (as there will typically only be one mesh
in the cluster) and, instead, individual route resources are associated
directly with Service resources. This permits configuring mesh routing while
preserving the Gateway API's overall semantics.
We encourage service mesh implementers and users to try this new support and
we welcome feedback! Once again, though, the working group does not recommend
shipping products based on this or any other experimental API. due to the
possibility of incompatible changes prior to the final release.
CEL Validation
This release marks the beginning of a transition from webhook validation to CEL
validation that is built into the CRDs. That will mean different things
depending on the version of Kubernetes you're using:
Kubernetes 1.25+
CEL validation is fully supported. Most validation is now covered by the
validating webhook, but unfortunately not quite everything.
Standard Channel: All but one validation has been translated from the
webhook to CEL. Currently the CRDs only have a case-sensitive uniqueness check
for header names in header modifier filters. The webhook validation is more
thorough, ensuring that the uniqueness is case-insensitive. Unfortunately that
is not possible to represent with CEL today. There is more information in
#2277.
Experimental Channel: TCPRoute, TLSRoute, and UDPRoute are fully covered by
CEL validation. GRPCRoute still has some significant gaps in CEL validation that
will be covered in a future release.
Kubernetes 1.23 and 1.24
CEL validation is not supported, but Gateway API v0.8.0 CRDs can still be
installed. When you upgrade to Kubernetes 1.25+, the validation included in
these CRDs will automatically take effect. We recommend continuing to install
the validating webhook on these Kubernetes versions.
Kubernetes 1.22 and older
Unfortunately Gateway API v0.8.0 is not supported on these Kubernetes versions.
Gateway API v0.8.0 CRDs include CEL validation and cannot be installed on these
versions of Kubernetes. Note that Gateway API only commits to providing support
for the 5 most recent versions of
Kubernetes,
and thus these versions are no longer supported by Gateway API.
API Version Changes
As we prepare for a v1.0 release that will graduate Gateway, GatewayClass, and
HTTPRoute to the v1
API Version from v1beta1
, we are continuing the process
of moving away from v1alpha2
for resources that have graduated to v1beta1
.
The following changes are included in this release:
v1alpha2
of Gateway, GatewayClass, and HTTPRoute is no longer servedv1alpha2
of ReferenceGrant is deprecratedv1beta1
is now the storage version for ReferenceGrant
Those changes mean that:
- Users and implementations that were reading or writing from
v1alpha2
of
Gateway, GatewayClass, or HTTPRoute MUST upgrade to usev1beta1
. - Users and implementations that were reading or writing from
v1alpha2
of
ReferenceGrant SHOULD upgrade to usev1beta1
.
For more information, refer to
#2069.
Other Changes
Status
- Add IncompatibleFilters reason for implementations to specify when a route is
invalid due to an invalid combination of route filters. (#2150, @sunjayBhatia)
Spec Clarifications
- HTTPRoute Method matching precedence has been clarified (#2054,
@gauravkghildiyal) - Clarify that implementations must not modify HTTP Host header. Adds
specificity alongside spec that port in Host header must be ignored when
matching on host. (#2092, @sunjayBhatia) - Fix typo: rename GatewaReasonUnsupportedAddress ->
GatewayReasonUnsupportedAddress (#2149, @panslava) - HTTPRoute: Clarified that exact path matches are truly exact, both trailing
slashes and capitalization are meaningful. (#2055, @robscott) - Implementations MUST ignore any port value specified in the HTTP Host header
while performing a match against HTTPRoute.Hostnames (#1980,
@gauravkghildiyal)
Conformance
- Add conformance tests against accepting invalid ReferenceGrants in HTTPRoute
and TLSRoute (#2076, @meyskens) - Fixed an issues causing conformance tests to fail when using IPv6 addresses
(#2024, @howardjohn) - HTTPRoute connectivity is in now enforced in conformance tests if a relevant
ReferenceGrant gets deleted. (#1853, @pmalek) - The
--skip-tests
flag has been added to the conformance CLI to enable tests
opt-out when using it. (#2170, @mlavacca) - The experimental conformance profile suite can now be added as a stand-alone
cli and by means ofgo test
. (#2066, @mlavacca) - GEPs now must have a Conformance Details section that specifies the feature's
name for conformance purposes. (#2115, @youngnick)
Webhook
- Changed default imagePullPolicy for gateway-api-admission-server to
IfNotPresent. (#2215, @networkhermit) - Webhook config works with PodAdmission restricted (#2016, @jcpunk)
Documentation
- Adds support for ParentRef targeting a Kubernetes Service resource for mesh
implementations. (#2146, @mikemorris) - Clarify wording on website around Gateway API vs API Gateway (#2191,
@david-martin) - GEP-1282, Backend Properties, has been declined. (#2132, @youngnick)
- Added missing GEPs. (#2114, @levikobi)
Bug Fixes
- Added the missing ReferenceGrant resource the kustomization.yaml for the
standard channel (#2084, @howardjohn) - Webhook validation now ensures that BackendRefs can not be specified in the
same HTTPRoute rule as a Redirect filter (#2161, @slayer321)
v0.7.1
This is a patch release that includes small fixes, clarifications, and
conformance tests as a follow up to the v0.7.0 release.
Changes by Kind
Conformance Tests
- Fixed an issues causing conformance tests to fail when using IPv6 addresses.
(#2024, @howardjohn) - HTTPRoute connectivity is in now enforced in conformance tests if a relevant
ReferenceGrant gets deleted. (#1853, @pmalek) - New: Conformance tests for HTTP request mirroring. (#1912, @LiorLieberman)
- Fixes to port and scheme redirect tests: Tests now send HTTPS requests with
consistent SNI and Host, Gateway now has the correct SANs. (#2039, @sunjayBhatia) - TLSRoute test now waits for namespaces to be ready. (#2067, @skriss)
Validating Webhook
Clarifications
- HTTPRoute Method matching precedence has been clarified. (#2054,
@gauravkghildiyal) - Implementations MUST ignore any port value specified in the HTTP Host header
while performing a match against HTTPRoute.Hostnames. (#1980,
@gauravkghildiyal) - HTTPRoute: Clarified that exact path matches are truly exact, both trailing
slashes and capitalization are meaningful. (#2055, @robscott) - Gateway: Clarified that AttachedRoutes should only consider Routes that have
been accepted. (#2050, @mlavacca)
v0.7.0
The v0.7.0 release focuses on refining and stabilizing existing APIs. This
included a focus on both conformance tests and clarifying ambiguous parts of the
API spec.
Features Graduating to Standard
In addition to those broad focuses, 2 features are graduating to the
standard channel:
- GEP-1323: Response Header Modifiers (#1905, @robscott)
- GEP-726: Path Redirects and Rewrites (#1874, @robscott)
GEPs
There are a lot of interesting GEPs in the pipeline right now, but only some of
these GEPs have made it to experimental status in time for v0.7.0. The GEPs
highlighted below are both in an experimental state and are either entirely new
(GEP-1748) or had significant new concepts introduced (GEP-713):
GEP-713: Policy Attachment
This GEP received a major update, splitting policy attachment into two
categories "Direct" and "Inherited". The new "Direct" mode enables a simplified
form of policy attachment for targeting a single resource (#1565, @youngnick).
GEP-1748: Gateway API Interaction with Multi-Cluster Services
A new GEP was introduced to define how Gateway API interacts with Multi-Cluster
Services. At a high level, this states that ServiceImports have "Extended"
support and can be used anywhere Services can throughout the API. There's a lot
more nuance here, so for the full details, refer to the GEP. (#1843, @robscott)
Other Changes by Kind
Status Changes
- The "Ready" Gateway and Listener condition has been reserved for future use.
(#1888, @howardjohn) - The UnsupportedAddress Listener condition reason has been moved to a Gateway
condition reason. (#1888, @howardjohn) - The AddressNotAssigned Gateway condition reasons has moved from Accepted to
Programmed. (#1888, @howardjohn) - The NoResources Gateway condition reasons has moved from Ready to Programmed.
(#1888, @howardjohn)
Spec Cleanup
- Clarification that port redirects should not add port number to Location
header for HTTP and HTTPS requests on 80 and 443. (#1908, @robscott) - Port redirect when empty will depend on the configured Redirect scheme (#1880,
@gauravkghildiyal) - Updated spec to clarify that Exact matches have precedence over Prefix matches
and RegularExpression matches have implementation specific precedence. (#1855,
@Xunzhuo) - The
gateway-exists-finalizer.gateway.networking.k8s.io
finalizer is no
longer required and is now just recommended. (#1917, @howardjohn)
Validation Fixes
- Removes GRPCRoute method match defaulting to allow for matching all requests,
or matching only by header. (#1753, @skriss) - Update route validation to comply with RFC-3986 "p-char" characters. (#1644,
@jackstine) - Illegal names like " " will be not allowed for query param name in
HTTPQueryParamMatch. (#1796, @gyohuangxin)
- Webhook: Port is now considered when validating that ParentRefs are unique
(#1995, @howardjohn)
Conformance
- No conformance tests run by default anymore, including tests for GatewayClass
and Gateway. A new SupportGateway feature must be opted into in order to run
those tests (similar to what we've done previously for ReferenceGrant and
HTTPRoute). Also with this release,EnableAllSupportedFeatures
enables all
Gateway AND Mesh features (where previously that was just Gateway). (#1894,
@shaneutt) - Gateways must publish the "Programmed" condition. (#1732, @robscott)
- Add
all-features
flag to enable all supported feature conformance tests.
(#1642, @gyohuangxin) - A new SkipTests field has been added to the conformance test options to
opt-out of specific tests. (#1578, @mlavacca) - Added: conformance tests for http rewrite host and path filters. (#1622,
@LiorLieberman) - In Conformance tests, when a Route references a gateway having no listener
whose allowedRoutes criteria permit the route, the reason
NotAllowedByListeners should be used for the accepted condition. (#1669,
@mlavacca) - Support configurable timeout for GatewayObservedGenerationBump (#1887,
@Xunzhuo) - The conformance test HTTPRouteInvalidCrossNamespaceParentRef now requires the
HTTPRoute accepted condition to be failing with the ParentRefNotPermitted
reason. (#1694, @mlavacca) - The conformance tests always check that the HTTPRoute ResolvedRefs condition
is enforced, even when the status is true. (#1668, @mlavacca) - Checks for the NotAllowedByListeners reason on the HTTPRoute's Accepted: false
condition in the HTTPRouteInvalidCrossNamespaceParentRef conformance test.
(#1714, @skriss) - Added conformance test to verify that path matching precedence is
implemented correctly. (#1855, @Xunzhuo) - Remove a test that only covered redirect status without any other changes.
(#2007, @robscott) - Port redirect when empty will depend on the configured Redirect scheme (#1880,
@gauravkghildiyal) - Fixes for mesh conformance tests (#2017, @keithmattix)
Documentation
- Updated outdated content on list of resources in installation guide page.
(#1857, @randmonkey) - Fix description of ReferenceGrant example in documentation by making it use
the correct resources. (#1864, @matteoolivi) - Fix grammar mistake in ReferenceGrant implementation guidelines. (#1865,
@matteoolivi)
v0.7.0-rc2
We expect this to be our final release candidate before launching v0.7.0. This
release candidate includes a variety of clarifications and conformance updates.
The changelog below represents the changes since v0.7.0-rc1.
Changes by Kind
Spec Clarification
- Port redirect when empty will depend on the configured Redirect scheme (#1880,
@gauravkghildiyal)
Conformance
- Remove a test that only covered redirect status without any other changes.
(#2007, @robscott) - Port redirect when empty will depend on the configured Redirect scheme (#1880,
@gauravkghildiyal)
Validation Fixes
- Webhook: Port is now considered when validating that ParentRefs are unique
(#1995, @howardjohn)
v0.7.0-rc1
Changes by Kind
Graduating to Standard
- GEP-1323: Response Header Modifier has graduated to standard (#1905,
@robscott) - GEP-726: Path Redirects and Rewrites has graduated to the standard channel.
(#1874, @robscott)
Experimental GEPs
- The Policy Attachment GEP received a major update, splitting policy attachment
into two categories "Direct" and "Inherited". The new "Direct" mode enables a
simplified form of policy attachment for targeting a single resource (#1565,
@youngnick) - A new GEP was introduced to define how Gateway API interacts with
Multi-Cluster Services (#1843, @robscott)
Status Changes
- The "Ready" Gateway and Listener condition has been reserved for future use.
(#1888, @howardjohn) - The UnsupportedAddress Listener condition reason has been moved to a Gateway
condition reason. (#1888, @howardjohn) - The AddressNotAssigned Gateway condition reasons has moved from Accepted to
Programmed. (#1888, @howardjohn) - The NoResources Gateway condition reasons has moved from Ready to Programmed.
(#1888, @howardjohn)
Spec Cleanup
- Clarification that port redirects should not add port number to Location
header for HTTP and HTTPS requests on 80 and 443. (#1908, @robscott) - Updated spec to clarify that Exact matches have precedence over Prefix matches
and RegularExpression matches have implementation specific precedence. (#1855,
@Xunzhuo) - The
gateway-exists-finalizer.gateway.networking.k8s.io
finalizer is no
longer required and is now just recommended. (#1917, @howardjohn)
Validation Fixes
- Removes GRPCRoute method match defaulting to allow for matching all requests,
or matching only by header. (#1753, @skriss) - Update route validation to comply with RFC-3986 "p-char" characters. (#1644,
@jackstine) - Illegal names like " " will be not allowed for query param name in
HTTPQueryParamMatch. (#1796, @gyohuangxin)
Conformance
- No conformance tests run by default anymore, including tests for GatewayClass
and Gateway. A new SupportGateway feature must be opted into in order to run
those tests (similar to what we've done previously for ReferenceGrant and
HTTPRoute). Also with this release,EnableAllSupportedFeatures
enables all
Gateway AND Mesh features (where previously that was just Gateway). (#1894,
@shaneutt) - Gateways must publish the "Programmed" condition. (#1732, @robscott)
- Add
all-features
flag to enable all supported feature conformance tests.
(#1642, @gyohuangxin) - A new SkipTests field has been added to the conformance test options to
opt-out of specific tests. (#1578, @mlavacca) - Added: conformance tests for http rewrite host and path filters. (#1622,
@LiorLieberman) - In Conformance tests, when a Route references a gateway having no listener
whose allowedRoutes criteria permit the route, the reason
NotAllowedByListeners should be used for the accepted condition. (#1669,
@mlavacca) - Support configurable timeout for GatewayObservedGenerationBump (#1887,
@Xunzhuo) - The conformance test HTTPRouteInvalidCrossNamespaceParentRef now requires the
HTTPRoute accepted condition to be failing with the ParentRefNotPermitted
reason. (#1694, @mlavacca) - The conformance tests always check that the HTTPRoute ResolvedRefs condition
is enforced, even when the status is true. (#1668, @mlavacca) - Checks for the NotAllowedByListeners reason on the HTTPRoute's Accepted: false
condition in the HTTPRouteInvalidCrossNamespaceParentRef conformance test.
(#1714, @skriss) - Added conformance test to verify that path matching precedence is
implemented correctly. (#1855, @Xunzhuo)
Documentation
- Updated outdated content on list of resources in installation guide page.
(#1857, @randmonkey) - Fix description of ReferenceGrant example in documentation by making it use
the correct resources. (#1864, @matteoolivi) - Fix grammar mistake in ReferenceGrant implementation guidelines. (#1865,
@matteoolivi)
v0.6.2
API versions: v1beta1
, v1alpha2
This is a patch release that predominantly includes updated conformance tests
for implementations to implement.
For all major changes since the v0.5.x
release series, please see the
v0.6.0 release notes.
Maintenance
- As per changes in upstream to container image registries we replaced all
usage of the k8s.gcr.io registry with registry.k8s.io.
(#1736, @shaneutt)
Bug Fixes
Conformance Test Updates
- The
HTTPRouteInvalidCrossNamespaceParentRef
conformance test now checks for
theNotAllowedByListeners
reason on theHTTPRoute
'sAccepted: false
condition to better indicate why the route was note accepted.
(#1714, @skriss) - A conformance test was added for
HTTPRoute
to cover the behavior of a
non-matchingSectionName
similar to what was already present for
ListenerPort
.
(#1719, @zaunist) - Fixed an issue where tests may fail erroneously on the removal of resources
that are already removed.
(#1745, @mlavacca) - Logging in conformance utilities related to resource's
ObservedGeneration
has been improved to emit the `ObservedGenerations that are found for the
purpose of making it easier to debug test failures and be more verbose about
the objects in question.
(#1761, @briantkennedy)
(#1763, @briantkennedy) - Patch instead of update in some places in conformance tests to reduce noise
in logs.
(#1760, @michaelbeaumont) - Added
AttachedRoutes
testing to conformance tests.
(#1624, @ChaningHwang) - The conformance tests always check that the HTTPRoute ResolvedRefs condition
is enforced, even when the status is true.
(#1668, @mlavacca)