v1.18.0-rc1

Dependency Bumps

• solo-io/solo-kit has been upgraded to v0.36.2.

Helm Changes

• Adds the following new fields that configure the Kubernetes Gloo Gateway pod :
  • kubeGateway.gatewayParameters.glooGateway.podTemplate.terminationGracePeriodSeconds to specify the terminationGracePeriodSeconds.
  • kubeGateway.gatewayParameters.glooGateway.podTemplate.gracefulShutdown to configure the graceful shutdown config for the envoy container.
  • kubeGateway.gatewayParameters.glooGateway.podTemplate.customLivenessProbe to specify a custom liveness probe for the envoy container. No default liveness probe is set
  • kubeGateway.gatewayParameters.glooGateway.podTemplate.customReadinessProbe to specify a custom readiness probe for the envoy container.
  • kubeGateway.gatewayParameters.glooGateway.podTemplate.probes to enable the readiness probe. If the customReadinessProbe is not specified, a default readiness probe is set. No default liveness probe is set. (solo-io/solo-projects#7084)

New Features

• Adds a common category to all Gloo Gateway CRDs. kubectl get gloo-gateway -A can now be used to list all GG CRs on your cluster. Also adds the "solo-io" category to GG enterprise CRDs. (solo-io/solo-projects#6605)
• Adds the ability for users to enable as well as add custom readiness and liveness probes to the Kubernetes Gloo Gateway. (solo-io/solo-projects#7084)
• Add API for configuring authentication for APIs managed by Gloo Portal. (solo-io/solo-projects#7170)

Fixes

• Bump the kubectl image from 1.29.6 to to 1.31.1 to address CVE-2023-45288. (solo-io/gloo-mesh-enterprise#19119)
• The GraphQL feature of Gloo Gateway is deprecated and will be removed in a future release (solo-io/solo-projects#7159)
• Remove docs for external APIs (solo-io/solo-projects#6768)

v1.18.0-beta34

Dependency Bumps

• golang/go has been upgraded to v1.23.3.
• solo-io/envoy-gloo has been upgraded to 1.31.2-patch3.
• solo-io/k8s-utils has been upgraded to v0.8.1.

New Features

• Add glooctl proxy snapshot command, which can be pointed at a Gloo Gateway instance and will produce a zip archive containing all Envoy state, for the purposes of simplified issue reporting and triage. (solo-io/solo-projects#7131)
• Add listenerTcpStats: true|false to the ListenerOptions API. If true will enable Envoy TCP stats collection for all listeners. This can be useful for L4 debugging. (solo-io/solo-projects#7176)
• Added support for early header manipulation on Gateways. This feature allows headers to be manipulated before significant processing and routing decisions. It affords the ability to add or remove headers that affect request processing and can be used to implement override headers. This can be configured by setting the gateway.spec.httpGateway.options.httpConnectionManagerSettings.earlyHeaderMutation field. The headersToAdd field will add key-value pair headers to the request if not already present or overwrite them unless append is set to true. The headersToRemove field removes the specified headers and is processed after the headers have been added. (#9604)
• Support exportTo for Istio's DestinationRule. (solo-io/solo-projects#7101)
• Enable modifying the span name for tracing purposes using InjaTemplates in the transformation filter. More information on OpenTelemetry span names can be found here: https://opentelemetry.io/docs/specs/semconv/http/http-spans/ (#9848)
• Split the validating webhook to allow different failure policies for gloo/non-gloo resources. The split out webhook for kubernetes resources shares all configuration with the existing webhook except for the failure policy, which can be set with gateway.validation.kubeCoreFailurePolicy (#10247)

Fixes

• Fix issue where Gloo Gateway did not respect the cluster domain for the xds host address. (#10268)
• Adds basic support for Gateway API TCPRoute. (#10073)
• Makes the Gateway API TCPRoute controller optional. (#10304)
• Removes the endpoints resource from Helm RBAC manifest when kubeGateway is enabled. (#10323)
• Updates the gateway2 project to use EndpointSlice instead of Endpoints for creating upstream endpoints. (solo-io/solo-projects#6910)

v1.17.16

Dependency Bumps

• solo-io/envoy-gloo has been upgraded to 1.30.6-patch5.
• solo-io/envoy-gloo has been upgraded to v1.30.6-patch3.

Helm Changes

• Expose new Helm values kubeGateway.gatewayParameters.glooGateway.service.extraLabels and kubeGateway.gatewayParameters.glooGateway.service.extraAnnotations to set extra labels and extra annotations on the default GatewayParameters. (solo-io/solo-projects#7090)

Fixes

• Added support for early header manipulation on Gateways. This feature allows headers to be manipulated before significant processing and routing decisions. It affords the ability to add or remove headers that affect request processing and can be used to implement override headers. This can be configured by setting the gateway.spec.httpGateway.options.httpConnectionManagerSettings.earlyHeaderMutation field. The headersToAdd field will add key-value pair headers to the request if not already present or overwrite them unless append is set to true. The headersToRemove field removes the specified headers and is processed after the headers have been added. (#9604)
• Fix glooctl check so that it only checks Proxies in the write namespace (where all proxies are written), instead of checking in each of the watch namespaces. (#9935)
• When using the Kubernetes Gateway API, the provisioned ServiceAccount's labels and annotations are now configurable via the GatewayParameters fields spec.kube.serviceAccount.extraLabels and spec.kube.serviceAccount.extraAnnotations. These values can also be set on the default GatewayParameters during install/upgrade using the Helm values kubeGateway.gatewayParameters.glooGateway.serviceAccount.extraLabels and kubeGateway.gatewayParameters.glooGateway.serviceAccount.extraAnnotations. (solo-io/solo-projects#6846)
• Enable modifying the span name for tracing purposes using InjaTemplates in the transformation filter. More information on OpenTelemetry span names can be found here: https://opentelemetry.io/docs/specs/semconv/http/http-spans/ (#9848)
• Add metrics for translatation timing and time for taken to sync served xDS entries.
  skipCI-kube-tests skipCI-docs-build (#10278)

v1.18.0-beta33

New Features

• Support port level settings for lb and outlier detection in Istio's DestinationRule. (solo-io/solo-projects#7101)

v1.18.0-beta32

New Features

• Adds new Portal enablement helm value to simplify enabling the Developer Portal in Gloo Gateway. (gloo.kubeGateway.portal.enabled) (solo-io/solo-projects#6470)
• Initial support for Istio's DestinationRule resource for purposes of failover. (#10251)

v1.18.0-beta31

Helm Changes

• Expose new Helm values kubeGateway.gatewayParameters.glooGateway.service.extraLabels and kubeGateway.gatewayParameters.glooGateway.service.extraAnnotations to set extra labels and extra annotations on the default GatewayParameters. (solo-io/solo-projects#7090)

New Features

• Add an API to allow configuring CHAT_STREAMING to support Gemini streaming API. (hhttps://github.com/solo-io/solo-projects/issues/7030)
• Add API to enable passthrough auth strategy for AI services. This allows users to pass through the token to the AI service, rather than requiring them to supply a seprate token for the AI service. This can be useful if Identity federation has already been done for the backend in question (solo-io/solo-projects#7115)
• Add API to add moderation as a possible Prompt Guard step. This allows users to add run the user prompt through a moderation service before sending it to the backend LLM. (solo-io/solo-projects#7070)
• The existing Helm values settings.aws.enableServiceAccountCredentials and settings.aws.stsCredentialsRegion are now respected when using Kubernetes Gateway API, as part of supporting AWS Lambda with EKS ServiceAccounts. When settings.aws.enableServiceAccountCredentials is true, a aws_sts_cluster cluster, configured with the STS endpoint specified by settings.aws.stsCredentialsRegion, will automatically be added to dynamically provisioned proxies, so that Envoy can reach AWS to assume the role needed to access Lambdas. (solo-io/solo-projects#6847)

Fixes

• Fix glooctl check so that it only checks Proxies in the write namespace (where all proxies are written), instead of checking in each of the watch namespaces. (#9935)

v1.18.0-beta30

New Features

• Expose close_connections_on_host_set_change on LoadBalancerConfig. Setting this value configures the Envoy LB policy to drain connections when the upstream host set changes. This is useful when using Ring Hash or Maglev load balancing policies and helps ensure rebalancing when recovering from disruptions. Connections are not immediately closed and are allowed to drain. This feature is disabled by default. (#9505) (#9505)

Fixes

• Fixes a bug where gloo segfaults if resources are applied to a unwatched namespace. (solo-io/solo-projects#7082)

v1.17.15

Dependency Bumps

• solo-io/envoy-gloo-ee has been upgraded to v1.30.6-patch2.

Fixes

• Fixes a bug where gloo segfaults if resources are applied to a unwatched namespace. (solo-io/solo-projects#7082)

v1.18.0-beta29

This release contained no user-facing changes.

v1.18.0-beta28

This release contained no user-facing changes.