v1.16.20

Helm Changes

• New field gateway.validation.warnMissingTlsSecret controls whether missing TLS secrets referenced in SslConfig and UpstreamSslConfig will be treated as a warning instead of an error during validation. Defaults to false. This field has no effect if allowWarnings is false or acceptAllResources is true. (#6957)

Fixes

• Fix for issue where a missing TLS secret was treated by validation as an error, potentially bringing down the entire HTTPS gateway if the gloo pod restarts while in this bad state. This is a breaking change in the default behavior of validation. To enable this behavior, use the helm setting gateway.validation.warnMissingTlsSecret=true or the same field on the Settings CR. This field has no effect if allowWarnings is false or acceptAllResources is true. (#6957)

v1.18.0-beta19

New Features

• Added support for route level JWT configuration by introducing new jwtProvidersStaged field on the RouteOptions. (solo-io/solo-projects#6541)

v1.18.0-beta18

Helm Changes

• helm/gloo: introduce component label for grouping resources

Introduces a gloo.solo.io/component label to group Helm resources
that are associated with a given component. This is required by
downstream projects that use Helm as a templating engine to be able
to group resources associated with a component and customize their
behavior. This change groups resources related required by the
certgen component using the new label. (solo-io/solo-projects#6824)

Fixes

• Give each test summary artifact a unique name and refactor summary code into reusable package (solo-io/solo-projects#6646)

v1.17.7

This release contained no user-facing changes.

v1.17.6

This release contained no user-facing changes.

v1.18.0-beta17

New Features

• Add new API fields to AI Semantic Caching API.
• Mode field to control whether the proxy will cache responses, or only read.
• scoreThreshold field to control the minimum similarity score required for a cached response to be used. (solo-io/solo-projects#6783)

Fixes

• Don't multiply custom filters by plugins. (#9915)
• Fix a bug where an empty GWP seg faults. (#9922)

v1.17.5

Helm Changes

• New field gateway.validation.warnMissingTlsSecret controls whether missing TLS secrets referenced in SslConfig and UpstreamSslConfig will be treated as a warning instead of an error during validation. Defaults to false. This field has no effect if allowWarnings is false or acceptAllResources is true. (#6957)

Fixes

• Fix for issue where a missing TLS secret was treated by validation as an error, potentially bringing down the entire HTTPS gateway if the gloo pod restarts while in this bad state. This is a breaking change in the default behavior of validation.
  To enable this behavior, use the helm setting gateway.validation.warnMissingTlsSecret=true or the same field on the Settings CR. This field has no effect if allowWarnings is false or acceptAllResources is true. (#6957)

v1.18.0-beta16

Breaking Changes

• Fix for issue where a missing TLS secret was treated by validation as an error, potentially bringing down the entire HTTPS gateway if the gloo pod restarts while in this bad state. This is a breaking change in the default behavior of validation.
  To disable this behavior, use the helm setting gateway.validation.warnMissingTlsSecret=false or the same field on the Settings CR. This field has no effect if allowWarnings is false or acceptAllResources is true. (#6957)

Helm Changes

• Ensure that gateway-proxy deployments respect the gatewayProxy.NAME.kind.deployment.priorityClassName field. This API allows you to set the PriorityClassName for gateway-proxy Pods. This is already supported on all other Gloo deployments. (#8677)
• New field gateway.validation.warnMissingTlsSecret controls whether missing TLS secrets referenced in SslConfig and UpstreamSslConfig will be treated as a warning instead of an error during validation. Defaults to true. This field has no effect if allowWarnings is false or acceptAllResources is true. (#6957)

Fixes

• Set the 'message' field on various HTTPRoute conditions to enable easier troubleshooting (#9859)
• Support defining the PriorityClassName on a GatewayProxy deployment. This allows users to attach pods to PriorityClasses (https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) (#9010)

v1.17.4

Dependency Bumps

• solo-io/envoy-gloo has been upgraded to 1.30.4-patch4.

Helm Changes

• Ensure that gateway-proxy deployments respect the gatewayProxy.NAME.kind.deployment.priorityClassName field. This API allows you to set the PriorityClassName for gateway-proxy Pods. This is already supported on all other Gloo deployments. (#8677)
• Introduce gatewayProxies.gatewayProxy.istioSpiffeCertProviderAddress which overrides the Istio SPIFFE certificate provider (CA_ADDR env variable). It defaults to gatewayProxies.gatewayProxy.discoveryAddress. (#9855)

Fixes

• gateway2/route-options: merge extensionRef based attachments

Enables merging of multiple ExtensionRef based RouteOption
attachments for a rule within an HTTPRoute. (solo-io/solo-projects#6675)

• Only update the K8s Gateway resource statuses on change to improve HTTPRoute translation time. (solo-io/solo-projects#6638)
• Support defining the PriorityClassName on a GatewayProxy deployment. This allows users to attach pods to PriorityClasses (https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) (#9010)
• gateway2: merge multiple targetRef based Route & VirtualHost options

Implements merging of targetRef based RouteOptions and
VirtualHostOptions in a specific order of precedence from
oldest to newest created resource.

The merging uses shallow merging such that for an option
A that is higher priority than option B, merge(A,B) merges
the top-level options of B that have not already been set on A.
This allows options later in the precedence chain to augment
the existing options during a merge but not overwrite them. (solo-io/solo-projects#6313)

• Update Envoy to enable thread-local slots to be deallocated on worker threads. This provides greater stability in Envoy when the main thread is under heavy load. This behaviour can be disabled by toggling the runtime flag envoy_restart_features_allow_slot_destroy_on_worker_threads. (solo-io/solo-projects#6713)

v1.16.19

Dependency Bumps

• solo-io/envoy-gloo has been upgraded to v1.27.7-patch2.

Helm Changes

• Introduce gatewayProxies.gatewayProxy.istioSpiffeCertProviderAddress which overrides the Istio SPIFFE certificate provider (CA_ADDR env variable). It defaults to gatewayProxies.gatewayProxy.discoveryAddress. (#9855)

Fixes

• Update Envoy to enable thread-local slots to be deallocated on worker threads. This provides greater stability in Envoy when the main thread is under heavy load. This behaviour can be disabled by toggling the runtime flag envoy_restart_features_allow_slot_destroy_on_worker_threads. (solo-io/solo-projects#6713)
• Fix a bug where the service and function names of a discovered gRPC service are not printed in JSON and YAML
  output when running glooctl get upstreams (#9743)