From e63ffa09842ea7f274ce7a143aec3e8c0527b198 Mon Sep 17 00:00:00 2001 From: Guy Daich Date: Mon, 8 Jul 2024 20:05:48 -0500 Subject: [PATCH] release: v1.1.0-rc.1 (#3791) * release: v1.1.0-rc.1 Signed-off-by: Guy Daich * fix lint Signed-off-by: Guy Daich * review fixes Signed-off-by: Guy Daich --------- Signed-off-by: Guy Daich --- VERSION | 2 +- release-notes/v1.1.0-rc1.yaml | 229 +++++++++++++++++++++ site/content/en/latest/tasks/quickstart.md | 26 +++ 3 files changed, 256 insertions(+), 1 deletion(-) create mode 100644 release-notes/v1.1.0-rc1.yaml diff --git a/VERSION b/VERSION index 570c796513f..564e7810ec8 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v1.0.2 +v1.1.0-rc.1 diff --git a/release-notes/v1.1.0-rc1.yaml b/release-notes/v1.1.0-rc1.yaml new file mode 100644 index 00000000000..77009689224 --- /dev/null +++ b/release-notes/v1.1.0-rc1.yaml @@ -0,0 +1,229 @@ +date: July 8, 2024 + +changes: + - area: documentation + change: | + Added Performance Benchmarking Document + Added User Guide for Zipkin Tracing + Added User Guide for Customizing Ordering of Filters + Added User Guide for External Processing Filter in EnvoyExtensionPolicy + Added User Guide for installation of egctl with brew + Added User Guide for Client Buffer Size Limit + Added User Guide for Client Idle Timeout + Added Chinese translation for release notes, roadmap, installation, development, contribution and several User Guides + Added User Guide for Backend resource + Added GA Blog Post + Added Threat Model + Added Adopters section to docs + Added User Guide and Dashboards for Control Plane and Resource Observability + Added User Guide for Connection Limits in ClientTrafficPolicy + Added User Guide on using Private Key Provider + Added Design Doc for Authorization + Added Design Doc for XDS Metadata + Added Design Doc for Backend resource + Added Design Doc for Control Plane Observability + Added Design Doc for EnvoyExtensionPolicy + Added Design Doc for External Processing in EnvoyExtensionPolicy + Updated Access Logging User Guide to include filtering with CEL Expression + Updated Access Logging User Guide to include Metadata + Updated Development Guide to require Golang 1.22 + Updated Quickstart User Guide to fetch GATEWAY_HOST from Gateway resource + Updated Site to reflect GA status + Updated HTTP Redirect User Guide to not set a redirect port or require a BackendRef + Updated Observability User Guides to use gateway-addons-helm + Updated Gateway-API User Guide to reflect support for BackendRef filters + Updated HTTP Timeouts User Guide to highlight default Envoy timeouts + Updated Installation Guide to use server-side apply + Updated Installation Guide to refer to values.yaml docs + Updated BackendTLSPolicy User Guide to GW-API v1.1.0 + Updated User Guides to use tabs when applying yaml from file or stdin + Updated OIDC User Guide to use HTTPS redirect URLs + Updated Order of versions in Site + Updated Extensbility User Gudie to use yaml-format patches + Updated Quickstart Guide to include next steps + Updated CRD docs to include enum values + Updated Extensibility User Guide with Envoy Patch Policy examples + Updated structure of docs: rename Guides to Tasks, move Contribution + Updated Support Matrix + Updated egctl x status docs for xRoute and xPolicy + Updated egctl User Guide with Install and Uninstall commands + Updated GRPCRoute docs to use v1 instead of v1alpha2 + Fixed Rate Limiting User Guide to use correct CIDR matcher type names + Fixed User Guide for JWT-based routing + Fixed JSON Access Log Example + Use linkinator to detect dead links in docs + Use helm-docs to generate chart docs + Support Not-Implemented-Hide marker in API docs + + + - area: installation + change: | + Added new gateway-addons-helm chart for Observability + Added support for global image settings for all images in Envoy Gateway helm chart + Added Support for PodDistruptionBudget for Envoy Gateway + Added Support for TopologySpreadConstraints for Envoy Gateway + Added Support for Tolerations for Envoy Gateway + Added Support for Ratelimit image pull secrets and pull policy + Updated ttlSecondsAfterFinished on certgen job to 30 by default + Updated Envoy Gateway ImagePullPolicy to IfNotPresent released charts + Remove envoy-gateway-metrics-service and merge its contents into envoy-gateway service + + + - area: api + change: | + Added Support for Gateway-API v1.1.0 + Added new Backend CRD + Added new EnvoyExtensionPolicy CRD + Added Support for Plural Target Refs and Target Selectors in xPolicy CRDs + Added Support for Backend CRD BackendRefs in HTTPRoute, GRPCRoute and EnvoyExtensionPolicy CRDs + Added Support for Custom Extension Server Policy CRDs in EnvoyGateway Config + Added Support for Custom ShutDownManager Image in EnvoyGateway Config + Added Support for Leader Election in EnvoyGateway Config + Added Support for Connecting to Extension Server over Unix Domain Socket in EnvoyGateway Config + Added Support for Proxy PodDisruptionBudget in EnvoyProxy CRD + Added Support for Running Envoy Proxy as a Daemonset in EnvoyProxy CRD + Added Support for Proxy Loadbalancer Source Ranges in EnvoyProxy CRD + Added Support for Proxy Prometheus Metrics Compression in EnvoyProxy CRD + Added Support for BackendRefs in Access Log, Metric and Trace Sinks in EnvoyProxy CRD + Added Support for Rate Limiting Tracing in EnvoyProxy CRD + Added Support for Routing to Service IP in EnvoyProxy CRD + Added Support for Access Log CEL filters in EnvoyProxy CRD + Added Support for Access Log Formatters for File and OpenTelemetry in EnvoyProxy CRD + Added Support for Zipkin Tracing in EnvoyProxy CRD + Added Support for using the Listener port as a the Container port in EnvoyProxy CRD + Added Support for OpenTelemtry Sink Export Settings in EnvoyProxy CRD + Added Support for Backend Client Certificate Authentication in EnvoyProxy CRD + Added Support for Backend TLS Settings in EnvoyProxy CRD + Added Support for HTTP Filter Ordering in EnvoyProxy CRD + Added Support for gRPC Access Log Service (ALS) Sink in EnvoyProxy CRD + Added Support for OpenTelelemetry Sinks as a BackendRef in EnvoyProxy CRD + Added Support for User-Provided name for generate Kubernetes resources in EnvoyProxy CRD + Added Support for Per-Endpoint stats in EnvoyProxy CRD + Added Support for Targeting SectionNames in ClientTrafficPolicy CRD + Added Support for Preserving X-Request-ID header in ClientTrafficPolicy CRD + Added Support for Using Downstream Protocol in Upstream connections in ClientTrafficPolicy CRD + Added Support for HTTP/2 settings in ClientTrafficPolicy CRD + Added Support for Connection Buffer Size Limit in ClientTrafficPolicy CRD + Added Support for HTTP Health Check in ClientTrafficPolicy CRD + Added Support for Optionally requiring a Client Certificate in ClientTrafficPolicy CRD + Added Support for Headers with Underscores CRD in ClientTrafficPolicy CRD + Added Support for XFCC header processing in ClientTrafficPolicy CRD + Added Support for TCP Listener Idle Timeout in ClientTrafficPolicy CRD + Added Support for IdleTimeout in ClientTrafficPolicy CRD + Added Support for Connection Limits in ClientTrafficPolicy CRD + Added Support for additional OIDC settings related to Resource, Token and Cookie in SecurityPolicy CRD + Added Support for Optionally requiring a JWT in SecurityPolicy CRD + Added Support for BackendRefs for Ext-Auth in SecurityPolicy CRD + Added Support for Authorization in SecurityPolicy CRD + Added Support for Ext-Auth failOpen in SecurityPolicy CRD + Added Support for Loadbalancer Cookie Consistent Hashing in BackendTrafficPolicy CRD + Added Support for Disabling X-RateLimit headers in BackendTrafficPolicy CRD + Added Support for Connection Buffer Size Limit in BackendTrafficPolicy CRD + Added Support for Loadbalancing Consistent Hash Table Size in BackendTrafficPolicy CRD + Added Support for Loadbalancing Header Hash Policy in BackendTrafficPolicy CRD + Added Support for Cluster Connection Buffer Size Limit in BackendTrafficPolicy + Added Support for more Rate Limit Rules in BackendTrafficPolicy CRD + Added Support for WASM extension in EnvoyExtensionPolicy CRD + Added Support for External Processing extension in EnvoyExtensionPolicy CRD + Removed Status Print Column from xPolicy CRDs + + + breaking-change: | + Gateway-API BackendTLSPolicy v1alpha3 is incompatible with previous versions of the CRD + + + - area: conformance + change: | + Added Supported Features to Gateway Class + + + - area: testing + change: | + Added performance benchmarking test + Added e2e test for Zipking Tracing + Added e2e test for HTTP Health Checks + Added e2e test for CEL Access Log Filter + Added e2e test for GRPC Access Log Service Sink + Added e2e test for XDS Metadata + Added e2e test for WASM from OCI Images and HTTP Source + Added e2e test for Service IP Routing + Added e2e test for Multiple GatewayClasses + Added e2e test for HTTP Full Path rewrite + Added e2e test for Backend API + Added e2e test for Backend TLS Settings + Added e2e test for disabling X-RateLimit Headers + Added e2e test for Authorization + Added e2e test for BackendRefs in Ext-Auth + Added e2e test for Using Client Protocol in Upstream Connection + Added e2e test for Backend Client Cert Authentication + Added e2e test for External Processing Filter + Added e2e test for Merge Gateways Feature + Added e2e test for Option JWT authentication + Added e2e test for Infrastructure using Server-Side Apply + Added e2e test for Connection Limits + Added e2e test for Envoy Graceful Shutdown + Updated e2e test for Limit to cover multiple listeners + Updated e2e test for CORS to not require access-control-expose-headers + Run CEL tests on all supported K8s versions + Added OSV Scanner for Golang Vulnerabilities and Licenses + Added Trivy scanner for Docker images + + + - area: translator + change: | + Added Support for BackendRef HTTP Filters + Added Support for attaching EnvoyProxy to Gateways + Added Support for cross-namespace EnvoyProxy reference from GatewayClass + Added Support for Backend Traffic Policy for UDPRoute and TCPRoute + Added Support for ClientTrafficPolicy for UDPRoute and TCPRoute + Added Support for multiple BackendRefs in TCPRoute and UDPRoute + Added Metrics related to XDS Server, Infra Manager and Controller + Added Support for PolicyStatus in EnvoyPatchPolicy + Added Support for Websocket upgrades in HTTP/1 Routes + Added Support for custom controller name in egctl + Added Support for BackendTLSPoplicy CA Certificate reference to Secret + Added names to Filter Chains + Added Support extension server hooks for TCP and UDP listeners + Added Support for attaching EnvoyProxy resource to Gateways + Added Support for Exposing Prometheus Port in Rate Limiter Service + Added Support for Optional Rate Limit Backend Redis + Updated OAuth2 filter to preserve Authorization header if OIDC token forwarding is enabled + Updated Default Filter Order to have Fault filter first in the HTTP Filter Chain + Updated Ext-Auth Per-Route config to use filter-specific Config Type + Updated Overload Manager configuration according to Envoy recommendations by default + Updated Infrastructure resource management to user Server-Side Apply + Updated Reflection of Errors in Gateway Status when too many addresses are assigned + Fixed enforcement of same-namespace for BackendTLSPolicy and target + Fixed processing all listeners before returning with an error + Fixed creation of infrastructure resources if there are no listeners + Fixed use GatewayClass Name for Observability if Merge Gateways is enabled + Fixed CORS to not forward Not-Matching Preflights to Backends + Fixed BackendTLSPolicy status to fully conform with PolicyStatus + Fixed duplication of Ext-Auth, OIDC and Basic Auth Filters + Fixed Proxy Protocol Filter to always be the first Listener Filter + Fixed Translation Consistency by sorting Gateways + Fixed QUIC Listener to only Advertise HTTP/3 over ALPN + Fixed SNI matching for TCP Routes with TLS termination + Fixed Reconciliation when EnvoyProxy backendRefs changes + Fixed Reconciliation when a referenced Secret or ConfigMap changes + Fixed ReplaceFullPath not working for root path + Fixed Default Application Protocol to TCP for Zipkin Tracing + Fixed not appending well-known ports (80, 443) in rediret Location header + + - area: providers + change: | + Bumped K8s Client to v0.30.0 + + + - area: xds + change: | + Bumped go-control-plane to v0.12.1 + + + - area: cli + change: | + Added Support for Install and Uninstall Commands to egctl + Added Support for xRoute and xPolicy in egctl x status + Added Golang version to Envoy Gateway version command + Fixed egctl x status gatewayclass example message + diff --git a/site/content/en/latest/tasks/quickstart.md b/site/content/en/latest/tasks/quickstart.md index dc4225291dc..93458a4eb92 100644 --- a/site/content/en/latest/tasks/quickstart.md +++ b/site/content/en/latest/tasks/quickstart.md @@ -90,6 +90,32 @@ curl --verbose --header "Host: www.example.com" http://localhost:8888/get {{% /tab %}} {{< /tabpane >}} +## v1.1 Upgrade Notes + +Due to breaking changes in the Gateway API v1.1, some manual migration steps are required to upgrade Envoy Gateway to v1.1. + +Delete `BackendTLSPolicy` CRD (and resources): + +```shell +kubectl delete crd backendtlspolicies.gateway.networking.k8s.io +``` + +Update Gateway-API and Envoy Gateway CRDs: + +```shell +helm pull oci://docker.io/envoyproxy/gateway-helm --version v1.1.0 --untar +kubectl apply -f ./gateway-helm/crds/gatewayapi-crds.yaml +kubectl apply -f ./gateway-helm/crds/generated +``` + +Update your `BackendTLSPolicy` and `GRPCRoute` resources according to Gateway-API [v1.1 Upgrade Notes](https://gateway-api.sigs.k8s.io/guides/#v11-upgrade-notes) + +Install Envoy Gateway v1.1.0: + +```shell +helm upgrade eg oci://docker.io/envoyproxy/gateway-helm --version v1.1.0 -n envoy-gateway-system +``` + ## What to explore next? In this quickstart, you have: