Skip to content

v1.0.0-rc2

Pre-release
Pre-release
Compare
Choose a tag to compare
@kdorosh kdorosh released this 06 Nov 19:01
v1.0.0-rc2
a41bd6a

Dependency Bumps

  • solo-io/go-utils has been upgraded to v0.10.22.
  • solo-io/go-utils has been upgraded to v0.10.25.
  • solo-io/envoy-gloo has been upgraded to v0.1.18.
  • solo-io/solo-kit has been upgraded to v0.11.7.

Breaking Changes

  • Remove some deprecated APIs:
  1. weighed_destination_plugins on WeightedDestinations, prefer weighted_destination_plugins
  2. gateway_proxy_name on Gateway, prefer proxy_names
  3. role_arns on UpstreamSpec, prefer role_arn
  4. Extauth's VhostExtension and RouteExtension, among other minor removals. Prefer configuring Gloo Enterprise ExtAuth using AuthConfig Custom Resources, and configure Virtual Services via ExtAuthExtension to either reference these AuthConfigs or reference your own custom auth implementation using CustomAuth. (solo-io#1171)
  • This release changes the names of Gloo's ClusterRoles. By default, cluster-scoped roles will have the namespace of the associated Gloo installation appended to their name (i.e., the cluster-scoped role gloo-resource-reader created along with a Gloo installation to the gloo-system namespace will now become gloo-resource-reader-gloo-system). This may cause a problem during upgrades from Gloo <0.21.0 to Gloo >=0.21.0 for both open-source and enterprise Gloo, as the role ref in a ClusterRoleBinding is immutable. To resolve this, you can delete the existing ClusterRoleBindings with kubectl

Helm Changes

  • At install time, set an installation ID on all resources. This ID is determined by using the value of the new Helm setting "installConfig.installationId", or selecting an ID at random if that setting is not provided. If providing your own installation ID, the value you provide must be a valid kubernetes label (refer to https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#syntax-and-character-set). (solo-io#1589)
  • Fix casing of helm value global.glooRbac.namespaced in the generated docs. The value global.glooRbac.namespaced has always been supported but we had been generating docs that have the value capitalized (global.glooRbac.Namespaced), incorrectly. (solo-io#1569)
  • Allow RBAC resource names to receive custom suffixes through the introduction of the new Helm setting "global.glooRbac.nameSuffix". This enables, for example, blue/green deployments of Gloo to different namespaces within the same cluster when using cluster-scoped RBAC resources. This change is backwards compatible. However, if you are performing an upgrade of Gloo from a version prior to this change and plan to use the new Helm value, then you may end up with duplicate RBAC resources in your cluster (e.g. Roles/RoleBindings with and without the suffix). If this is the case, the old resources (without the suffix) can be safely cleaned up. (solo-io#1459)

New Features

  • Add API for data loss prevention filter. (solo-io#1500)
  • Allow the gateway-proxy pod to optionally receive both init containers to run and extra volumes to define through helm (solo-io#1537)
  • Support for Envoy's forward_client_cert_details and set_current_client_cert_details HTTP connection manager options (solo-io#1577)
  • Add native generated Kubernetes types for Gloo config resources (solo-io#1520)
  • This change adds new features to the transformation API. It is now possible to define Extractors which target the request/response body and use the resulting data in templates. You can decide whether to parse the body as JSON or as raw text; in the latter case extraction happens via regular expressions, in the former you will also be able to use all the templating capabilities. These have been augmented with three new template functions: body() will return the whole request body, context() will return the base JSON context (allowing for example to range on a JSON body that is an array), and env(NAME) will return the value of an environment variable with the given name. Finally, it is now possible to set Dynamic Metadata using all the available extraction and templating features. You can now use this metadata to include any request/response property you like in the access logs (see the DYNAMIC_METADATA command operator here). (solo-io#1546)
  • Add glooctl commands to create and get AuthConfigs, and update glooctl create vs command to allow providing AuthConfig refs to configure extauth. (solo-io#1171)

Fixes

  • Update docs as part of fix to standard DLP SSN and credit card regexes to ignore boundary characters during regex match. This fixes potential issues where DLP masks characters outside the interesting part of the match, for example, the opening quote if the SSN/Credit Card is part of a JSON response. Before this fix, DLP would incorrectly transform this response into invalid JSON by masking the opening parenthesis. (solo-io#1591)
  • Make sure glooctl reports the same signature across multiple invocations (solo-io#1559)
  • Mute logging of kubernetes health check in gateway (solo-io#1435)
  • Currently Gloo logs a warning each time it replaces an illegal character in the name of a Virtual Host. Change it to a debug level message to not flood the logs. (solo-io#1604)
Assets 11
Loading