Releases: solo-io/gloo
Releases · solo-io/gloo
v1.18.0-beta27
Dependency Bumps
- solo-io/envoy-gloo has been upgraded to 1.31.2-patch1.
New Features
- Add an API to allow configuring Gemini as AI upstream. (hhttps://github.com/solo-io/solo-projects/issues/7030)
- Add the initial API for the AI Prompt Guard Webhook. (solo-io/solo-projects#6983)
- Updated the datadog tracer config proto to match envoy v1.31. New fields include
collector_hostnameandremote_config. Remote config can now be configured or disabled completely. (#10145)
v1.18.0-beta26
Fixes
- Previously, the controller would only watch Gateway objects for generation field changes which is not updated when annotations change. Since Gateway reconciliation should be triggered when the gateway.gloo.solo.io/gateway-parameters-name annotation is added, removed, or modified, the predicate was updated to check for changes in either the generation field or the annotations. (#10099)
v1.15.34
v1.18.0-beta25
Helm Changes
- Add value to enable full Envoy validation after translation. This functionality is disabled by default but can be enabled with gateway.validation.fullEnvoyValidation=true. (#5720)
New Features
- Adds feature to utilize Envoy's validate mode to validate all config during translation. This will be helpful in catching issues which Gloo translation cannot or otherwise does not view as errors before the config gets served to Envoy. (#5720)
Fixes
- Updates the Gateway API CRDs to from v1.0.0-rc1 to v1.0.0. (#10115)
- Changes to downgrade the level of strictness added in 1.17.8 for TLS secret validation. We still validate several pieces of the cert but also scrub down to usable bits. This means we avoid envoy nacks while allowing more non-useful or functional info in our TLS secrets. This means we are RFC compliant but it may mean that there could exist some cert data in an edge case which we will elide from envoy but previously would be nacked. (solo-io/solo-projects#6772)
v1.17.14
v1.17.13
v1.17.12
Fixes
- Changes to downgrade the level of strictness added in 1.17.8 for TLS secret validation. We still validate several pieces of the cert but also scrub down to usable bits. This means we avoid envoy nacks while allowing more non-useful or functional info in our TLS secrets. This means we are RFC compliant but it may mean that there could exist some cert data in an edge case which we will elide from envoy but previously would be nacked. (solo-io/solo-projects#6772)
v1.16.22
v1.15.33
v1.18.0-beta24
Dependency Bumps
- sigs.k8s.io/gateway-api has been upgraded to v1.1.0.
- solo-io/solo-kit has been upgraded to v0.36.1.
Helm Changes
- Adds a new helm value
settings.watchNamespaceSelectors. This allows users to specify namespaces to watch based on label selectors that can be specified viasettings.watchNamespaceSelectors.matchLabelsfor an exact label match andsettings.watchNamespaceSelectors.matchExpressionsfor more generic requirements. Thesettings.watchNamespacesfield will override this if specified. (#9274)
New Features
- When using the Kubernetes Gateway API, the provisioned ServiceAccount's labels and annotations are now configurable via the GatewayParameters fields
spec.kube.serviceAccount.extraLabelsandspec.kube.serviceAccount.extraAnnotations. These values can also be set on the default GatewayParameters during install/upgrade using the Helm valueskubeGateway.gatewayParameters.glooGateway.serviceAccount.extraLabelsandkubeGateway.gatewayParameters.glooGateway.serviceAccount.extraAnnotations. (solo-io/solo-projects#6846) - Adds a new field
watchNamespaceSelectorsto the settings CR. This allows users to specify namespaces to watch based on label selectors. ThewatchNamespacesfield will override this if specified. (#9274)
Fixes
- Fix a bug that caused discovered Upstreams to not reflect the updated state of parent Services discovered using watchLabels (#8635)