Skip to content

Commit ffb3354

Browse files
XunzhuoXunzhuo
authored
Merge branch 'main' into policy-status-for-epp
2 parents c4fae25 + c734f29 commit ffb3354

File tree

129 files changed

+19736
-114
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

129 files changed

+19736
-114
lines changed

VERSION

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
v1.0.0-rc.1
1+
v1.0.0

go.mod

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ go 1.21
44

55
require (
66
fortio.org/fortio v1.63.4
7+
fortio.org/log v1.12.0
78
github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa
89
github.com/davecgh/go-spew v1.1.1
910
github.com/envoyproxy/go-control-plane v0.12.0
@@ -53,7 +54,6 @@ require (
5354

5455
require (
5556
fortio.org/dflag v1.7.0 // indirect
56-
fortio.org/log v1.12.0 // indirect
5757
fortio.org/sets v1.0.3 // indirect
5858
fortio.org/struct2env v0.4.0 // indirect
5959
fortio.org/version v1.0.3 // indirect

internal/xds/translator/listener.go

Lines changed: 8 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -277,12 +277,12 @@ func (t *Translator) addXdsHTTPFilterChain(xdsListener *listenerv3.Listener, irL
277277
if irListener.TLS != nil {
278278
var tSocket *corev3.TransportSocket
279279
if http3Listener {
280-
tSocket, err = buildDownstreamQUICTransportSocket(irListener.TLS, http3Listener)
280+
tSocket, err = buildDownstreamQUICTransportSocket(irListener.TLS)
281281
if err != nil {
282282
return err
283283
}
284284
} else {
285-
tSocket, err = buildXdsDownstreamTLSSocket(irListener.TLS, http3Listener)
285+
tSocket, err = buildXdsDownstreamTLSSocket(irListener.TLS)
286286
if err != nil {
287287
return err
288288
}
@@ -388,7 +388,7 @@ func addXdsTCPFilterChain(xdsListener *listenerv3.Listener, irListener *ir.TCPLi
388388
}
389389

390390
if isTLSTerminate {
391-
tSocket, err := buildXdsDownstreamTLSSocket(irListener.TLS.Terminate, false)
391+
tSocket, err := buildXdsDownstreamTLSSocket(irListener.TLS.Terminate)
392392
if err != nil {
393393
return err
394394
}
@@ -427,12 +427,12 @@ func addXdsTLSInspectorFilter(xdsListener *listenerv3.Listener) error {
427427
return nil
428428
}
429429

430-
func buildDownstreamQUICTransportSocket(tlsConfig *ir.TLSConfig, http3Listener bool) (*corev3.TransportSocket, error) {
430+
func buildDownstreamQUICTransportSocket(tlsConfig *ir.TLSConfig) (*corev3.TransportSocket, error) {
431431
tlsCtx := &quicv3.QuicDownstreamTransport{
432432
DownstreamTlsContext: &tlsv3.DownstreamTlsContext{
433433
CommonTlsContext: &tlsv3.CommonTlsContext{
434434
TlsParams: buildTLSParams(tlsConfig),
435-
AlpnProtocols: buildALPNProtocols(tlsConfig.ALPNProtocols, http3Listener),
435+
AlpnProtocols: []string{"h3"},
436436
},
437437
},
438438
}
@@ -468,11 +468,11 @@ func buildDownstreamQUICTransportSocket(tlsConfig *ir.TLSConfig, http3Listener b
468468
}, nil
469469
}
470470

471-
func buildXdsDownstreamTLSSocket(tlsConfig *ir.TLSConfig, http3Listener bool) (*corev3.TransportSocket, error) {
471+
func buildXdsDownstreamTLSSocket(tlsConfig *ir.TLSConfig) (*corev3.TransportSocket, error) {
472472
tlsCtx := &tlsv3.DownstreamTlsContext{
473473
CommonTlsContext: &tlsv3.CommonTlsContext{
474474
TlsParams: buildTLSParams(tlsConfig),
475-
AlpnProtocols: buildALPNProtocols(tlsConfig.ALPNProtocols, http3Listener),
475+
AlpnProtocols: buildALPNProtocols(tlsConfig.ALPNProtocols),
476476
TlsCertificateSdsSecretConfigs: []*tlsv3.SdsSecretConfig{},
477477
},
478478
}
@@ -551,12 +551,9 @@ func buildTLSVersion(version *ir.TLSVersion) tlsv3.TlsParameters_TlsProtocol {
551551
return tlsv3.TlsParameters_TLS_AUTO
552552
}
553553

554-
func buildALPNProtocols(alpn []string, http3Listener bool) []string {
554+
func buildALPNProtocols(alpn []string) []string {
555555
if len(alpn) == 0 {
556556
out := []string{"h2", "http/1.1"}
557-
if http3Listener {
558-
out = append(out, "h3")
559-
}
560557
return out
561558
}
562559
return alpn

internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -40,8 +40,6 @@
4040
downstreamTlsContext:
4141
commonTlsContext:
4242
alpnProtocols:
43-
- h2
44-
- http/1.1
4543
- h3
4644
tlsCertificateSdsSecretConfigs:
4745
- name: envoy-gateway-tls-secret-1

release-notes/v1.0.0.yaml

Lines changed: 180 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,180 @@
1+
date: Nov 1, 2023
2+
3+
changes:
4+
- area: documentation
5+
change: |
6+
Added User Guide for Local Ratelimit
7+
Added User Guide for Circuit Breaker
8+
Added User Guide for fault injection
9+
Added User Guide for EnvoyProxy extraArgs
10+
Added User Guide for Timeouts in ClientTrafficPolicy
11+
Added User Guide for JWT claim base routing
12+
Added User Guide for HTTP Timeout
13+
Added User Guide for Retry in BackendTrafficPolicy
14+
Added User Guide for Basic Auth
15+
Added User Guide for OIDC
16+
Added User Guide for ClientTrafficPolicy
17+
Added User Guide for BackendTrafficPolicy
18+
Added User Guide for Basic Auth using HTTPS
19+
Added User Guide for External Authorization
20+
Added User Guide for Routing Outside Kubernetes
21+
Added User Guide for BackendTLSPolicy
22+
Added User Guide for Mutual TLS from External Clients to the Gateway
23+
Added User Guide for Control Plane Authentication using custom certs
24+
Added User Guide for Multiple Gatewayclass and Merge Gateways Deployment Mode
25+
Added `Type` and `required` for CRD API doc
26+
Refactored Structure of User Guide docs
27+
Refactored Move Design docs under "Get Involved"
28+
Updated crd-ref-docs to 0.0.10
29+
Updated Envoy proxy image to envoy:distroless-dev in main
30+
31+
32+
- area: installation
33+
change: |
34+
Added Support for Pulling envoyGateway image from a private registry
35+
Added Support for Configuring resources for certgen job
36+
Added Support for Configuring affinity for EnvoyGateway pod
37+
38+
- area: api
39+
change: |
40+
Added Support for Downstream QUIC/HTTP3 in ClientTrafficPolicy CRD
41+
Added Support for Downstream MTLS in ClientTrafficPolicy CRD
42+
Added Support for Enabling EnvoyHeaders in ClientTrafficPolicy CRD
43+
Added Support for DisableMergeSlash and escapedSlashesAction in ClientTrafficPolicy CRD
44+
Added Support for EnableTrailers in HTTP/1.1 in ClientTrafficPolicy CRD
45+
Added Support for Preserving header letter-case on HTTP/1 in ClientTrafficPolicy CRD
46+
Added Support for Enabling HTTP/1.0 and HTTP/0.9 in ClientTrafficPolicy CRD
47+
Added Support for Client IP Detection using XFF in ClientTrafficPolicy CRD
48+
Added Support for Client IP Detection using Custom Header in ClientTrafficPolicy CRD
49+
Added Support for Connection Timeouts in ClientTrafficPolicy CRD
50+
Added Support for Common TLS configuration properties in ClientTrafficPolicy CRD
51+
Added Support for Proxy protocol in ClientTrafficPolicy CRD
52+
Added Support for TCPKeepAlive in ClientTrafficPolicy CRD
53+
Added Support for Local rate limit in BackendTrafficPolicy CRD
54+
Added Support for CircuitBreaker in BackendTrafficPolicy CRD
55+
Added Support for Fault injection in BackendTrafficPolicy CRD
56+
Added Support for Passive Health Checks in BackendTrafficPolicy CRD
57+
Added Support for Active Health Checks in BackendTrafficPolicy CRD
58+
Added Support for Connection Timeouts in BackendTrafficPolicy CRD
59+
Added Support for Compressor/Decompressor in BackendTrafficPolicy CRD
60+
Added Support for Retry in BackendTrafficPolicy CRD
61+
Added Support for Slow start mode in BackendTrafficPolicy CRD
62+
Added Support for Proxy protocol in BackendTrafficPolicy CRD
63+
Added Support for TCPKeepAlive in BackendTrafficPolicy CRD
64+
Added Support for PolicyStatus in BackendTrafficPolicy CRD
65+
Added Support for PolicyStatus in ClientTrafficPolicy CRD
66+
Added Support for PolicyStatus in SecurityPolicy CRD
67+
Added Support for OIDC in SecurityPolicy CRD
68+
Added Support for Basic Auth in SecurityPolicy CRD
69+
Added Support for RedirectURL and signoutPath to OIDC in SecurityPolicy CRD
70+
Added Support for ExtractFrom headers and params to JWT in SecurityPolicy CRD
71+
Added Support for External Authorization in SecurityPolicy CRD
72+
Added Support for RecomputeRoute field to JWT in SecurityPolicy CRD
73+
Added Support for AllowCredentials knob to CORS setting in SecurityPolicy CRD
74+
Added Support for Extract from different identifier to JWT in SecurityPolicy CRD
75+
Added Support for Secret resource in EnvoyPatchPolicy CRD
76+
Added Support for Making the value optional for JSONPatchOperation in EnvoyPatchPolicy CRD
77+
Added Support for `From` field to JSONPatchOperation in EnvoyPatchPolicy CRD
78+
Added Support for MergeGateways in EnvoyPatchPolicy CRD
79+
Added Support for Upstream TLS by implementing BackendTLSPolicy CRD
80+
Added Support for LabelSelector type for NamespaceSelectors in EnvoyGateway Configuration
81+
Added Support for Ratelimit prometheus in EnvoyGateway Configuration
82+
Added Support for Gracefully drain listeners before envoy shutdown on pod termination in EnvoyProxy CRD
83+
Added Support for Configuring externalTrafficPolicy to the envoy service in EnvoyProxy CRD
84+
Added Support for Envoy extra args in EnvoyProxy CRD
85+
Added Support for Mergepatch to envoyproxy/ratelimit deployment in EnvoyProxy CRD
86+
Added Support for Mergepatch to envoyproxy service in EnvoyProxy CRD
87+
Added Support for NodeSelector to PodSpec in EnvoyProxy CRD
88+
Added Support for HorizontalPodAutoscaler in EnvoyProxy CRD
89+
Added Support for TopologySpreadConstraints to PodSpec in EnvoyProxy CRD
90+
Added Support for ImagePullSecrets to PodSpec in EnvoyProxy CRD
91+
92+
breaking-change: |
93+
Use wildcard to match AllowOrigins to CORS in SecurityPolicy CRD
94+
Remove Hostnetwork support in EnvoyProxy CRD
95+
96+
- area: conformance
97+
change: |
98+
Replaced backend image from gcr.io/k8s-staging-ingressconformance/echoserver to gcr.io/k8s-staging-gateway-api/echo-basic
99+
100+
101+
- area: testing
102+
change: |
103+
Added e2e test for Header Case-Preserving
104+
Added e2e test for Timeout in ClientTrafficPolicy
105+
Added e2e test for JWT claim base routing
106+
Added e2e test for OIDC
107+
Added e2e test for BackendTrafficPolicy Retry
108+
Added e2e test for Backend Upgrade
109+
Added e2e test for External Authorization
110+
Added e2e test for Backend TLS policy
111+
Added e2e test for Envoy Gateway Release Upgrade
112+
Added e2e test for Weighted backend
113+
Added validation for LoadBalancerIP to prevent trailing period
114+
115+
116+
- area: translator
117+
change: |
118+
Fixed Prefix match to prevent mismatching routes with the same prefix
119+
Fixed Multiple reconciling by implementing comparable interface for ir.Infra
120+
Fixed EndpointSlice with empty conditions {}
121+
Fixed Error handling when parsing the http request timeout
122+
Fixed No status when EnvoyPatchPolicy is disabled
123+
Fixed Printable for xds and infra IRs
124+
Fixed Skip backendRefs with weight set to 0
125+
Fixed AND Header matches in ratelimiting not working
126+
Fixed Deletion logics when no gatewayclasses exist
127+
Fixed Match mergedGateways irKey for ClientTrafficPolicy
128+
Fixed Policies should apply only to gateways they were attached to when mergeGateways is true
129+
Fixed Listener status is not surfaced for gateways when MergeGateways enabled
130+
Fixed GRPCroute websocket not working by moving web socket upgrade config from hcm to route
131+
Fixed Configure idle timeout when timeout is set on HTTPRoute
132+
Fixed Relaxing HTTPS restriction for OIDC token endpoint
133+
Fixed Panic when translating routes with empty backends
134+
Fixed Xds translation should be done in a best-effort manner
135+
Fixed Delete unused status keys from watchable
136+
Fixed Ignoring finalizers when comparing envoy proxy service
137+
Fixed Don't override the ALPN array if HTTP/3 is enabled
138+
Fixed Add h3 ALPN by default if HTTP/3 is enabled
139+
Fixed Change the Merge behavior to Replace for SecurityPolicy/BackendTrafficPolicy
140+
Fixed Use service port in alt-svc header if HTTP/3 is enabled
141+
Fixed Prevent policies targeting non-TLS listeners on the same port from conflicting
142+
Fixed Skip the ReasonTargetNotFound for all policies
143+
Fixed Skip publishing empty status for all policies
144+
Added Support for validating regex before sending to Envoy
145+
Added Support for setting spec.addresses.value into ClusterIP when Service Type is ClusterIP
146+
Added Unsupported status condition for filters within BackendRef
147+
Added List instead of map for Provider Resources for order stability
148+
Added Suffix for oauth cookies to prevent multiple oauth filters from overwriting each other's cookies
149+
Added Support for overriding condition to BackendTrafficPolicy and SecurityPolicy
150+
Added Support for default retry budget and retry host predicate
151+
Added Support for implementing gateway.spec.infrastructure
152+
Added Support for Upstream TLS to multiple Backends
153+
Added Validation for CA Cert in ClientTrafficPolicy
154+
155+
156+
- area: providers
157+
change: |
158+
Added Support for multiple GatewayClass per controller
159+
Added SecurityPolicyIndexers in Kubernetes Provider
160+
Added Support for generating HMAC secret in CertGen Job
161+
Fixed Finalizer logic when deleting Gatewayclasses
162+
Fixed MergeGateways panics when restarting control plane
163+
164+
165+
- area: xds
166+
change: |
167+
Added Support for EDS cache
168+
Added Support for ADS cache to ensure the rule order
169+
Fixed Deprecated field error when using RequestHeaderModifier filter
170+
Fixed Envoy rejects XDS at runtime losing all routes on restart
171+
Fixed Requests not matching defined routes trigger per-route filters
172+
Bumped go-control-plane to v0.12.0
173+
174+
175+
- area: cli
176+
change: |
177+
Added Support for egctl x status
178+
Added Support for egctl experimental dashboard envoy-proxy
179+
Added Support for egctl config ratelimit
180+
Added Support for egctl translate from gateway-api resources to IR

site/content/en/_index.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,10 @@ title: Envoy Gateway
33
---
44

55
{{< blocks/cover title="Welcome to Envoy Gateway!" image_anchor="top" height="full" >}}
6-
<a class="btn btn-lg btn-primary me-3 mb-4" href="/v0.6.0">
6+
<a class="btn btn-lg btn-primary me-3 mb-4" href="/v1.0.0">
77
GET STARTED <i class="fas fa-arrow-alt-circle-right ms-2"></i>
88
</a>
9-
<a class="btn btn-lg btn-secondary me-3 mb-4" href="/v0.6.0/contributions">
9+
<a class="btn btn-lg btn-secondary me-3 mb-4" href="/v1.0.0/contributions">
1010
CONTRIBUTING <i class="fa fa-heartbeat ms-2 "></i>
1111
</a>
1212
<p class="lead mt-5">Manages Envoy Proxy as a Standalone or Kubernetes-based Application Gateway</p>

site/content/en/announcements/v0.5.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ skip_list: true
1010

1111
We are pleased to announce the release of Envoy Gateway v0.5!
1212

13-
This is the third functional release of Envoy Gateway. We would like to thank the entire Envoy Gateway community for
13+
This is the fourth functional release of Envoy Gateway. We would like to thank the entire Envoy Gateway community for
1414
helping publish the release.
1515

1616
| [Release Notes][] | [Docs][docs] | [Compatibility Matrix][matrix] | [Download][] |

0 commit comments

Comments
 (0)