envoyproxy/gateway v1.2.0-rc.1 on GitHub

Breaking changes

Gateway API GRPCRoute and ReferenceGrant v1alpha2 have been removed.
Please refer to the Gateway API v1.2.0 documentation for more information.
Removed default CPU limit of the Envoy Gateway deployment
Changed default Envoy shutdown settings: drain strategy has been changed to immediate, default minDrainDuration, drainTimeout and terminationGracePeriodSeconds have been set to 10s, 60s and 360s respectively

New features

Added support for Gateway-API v1.2.0
Added support for IPv4/IPv6 Dual Stack for Envoy listeners and BackendRef resources
Added support for EG standalone(host deployment) mode (experimental)
Added support for JWT claims based Authorization in SecurityPolicy CRD
Added support for Direct Response in HTTPRouteFilter CRD
Added support for Response Override in BackendTrafficPolicy CRD
Added support for RequestTimeout in BackendTrafficPolicy CRD
Added support for inverting header matches for rate limit in BackendTrafficPolicy CRD
Added support for client TLS session resumption in ClientTrafficPolicy CRD
Added support for HTTPRouteFilter and path regex rewrite
Added support for host header rewrite in HTTPRouteFilter CRD
Added support for Listener Access Log in EnvoyProxy CRD
Added support for Datadog tracing support in EnvoyProxy CRD
Added support for request response sizes stats in EnvoyProxy CRD
Added support for wildcard matching for CORS AllowMethods and AllowHeaders settings in SecurityPolicy CRD
Added support for match conditions for access log in EnvoyProxy CRD
Added support for using BackendCluster to represent OIDCProvider
Added support for RecomputeRoute for ExtAuth in SecurityPolicy CRD
Added support for sharing token cookies between multiple domains in SecurityPolicy CRD
Added support for JSONPatches for proxy bootstrap modifications in EnvoyProxy CRD
Added support for LB priority for non xRoute endpoints
Added support for configuring the GRPC Health Checker in the BackendTrafficPolicy CRD
Added support for early request header mutation in the ClientTrafficPolicy CRD
Added support for JsonPath in the EnvoyPatchPolicy CRD
Added support for cluster settings for tracing and access log backends in EnvoyProxy CRD
Added support for cluster settings for non xRoute-generated backend refs
Added support for socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy CRD
Added support for http2 upstream settings in BackendTrafficPolicy CRD
Added support for DNS resolution settings in BackendTrafficPolicy CRD
Added support for configuring service annotations in the Envoy Gateway helm chart
Added support for configuring priorityClassName to Envoy Gateway helm chart
Added support for ratelimit metrics monitoring in grafana in the addons helm chart
Added support for default user group and user id for the SecurityContexts in the Envoy Gateway helm chart
Added support for maxUnavailable in the PodDisruptionBudget in the Envoy Gateway helm chart
Added support for configuring NodeSelector in the Envoy Gateway helm chart
Added support for nonce in the OIDC auth flow
Added support for choosing an HTTPRoute's non-wildcard hostname as the default Host
Added support for returning 500 when EnvoyExtensionTrafficPolicy translation fails
Added support for returning 500 when SecurityPolicy translation fails
Added support for multiple backendRefs for ExtAuth and ExtProc
Added support for session persistence in HTTPRoute rules
Added support for the Backend resource for ExtAuth
Added support for target selectors on Envoy Gateway Extension Server policies
Added support for non-Kubernetes Backends for TLSRoute
Added support for fallback to the Backend API
Added support for reloadable EnvoyGateway configuration
Added support for adding Labels to the Envoy Service
Added support for custom name for ratelimit deployment
Added default SecurityContext for EG components
Added startupProbe to all provisioned containers
Added support for local validations for egctl translate and file provider
Added support for egctl x collect to collect information from the cluster for debugging
Added support for a native prometheus metrics endpoint in the ratelimit server

Bug fixes

Fixed unsupported listener protocol type causing an error while updating Gateway Status
Fixed some status updates were being discarded by the status updater
Fixed Gateway crash adding BackendTLSPolicy to External Backend of an HTTPRoute
Fixed Delay in SecurityPolicy change propagation for HTTPRoute when using targetSelectors
Fixed JSONPath not correctly translated to JSONPatch paths
Fixed allow empty slowStart when using LeastRequest
Fixed Backends which should be rejected are still used as an HTTPRoute's destination
Fixed losing timeout settings that originate from the route when translating the backend traffic policy
Fixed Backend resources don't get status updates
Fixed Active Health check requires expectedStatuses field to work
Fixed HTTPHeaderFilter processing doesn't correctly support multiple header values
Fixed multiple reference grants in same namespace
Fixed upstream get unwanted /.
Fixed creation of SecurityPolicy with targetSelectors fails
Fixed wrong gateway is chosen as HTTPRoute parent
Fixed override issue for EEP
Fixed nil pointer err translating hash load balancing
Fixed ratelimit does not work across multiple GatewayClasses
Fixed upstream mTLS only works for HTTPS listeners
Fixed nil pointer if backedtls.minVersion is set but backedtls.maxVersion is not
Fixed empty connection limit causes XDS rejection
Fixed ratelimit not working with both headers and cidr matches
Fixed EDS didn't update when deployments was created after services
Fixed RBAC issue for deleting infrastructure resources
Fixed customized infrastructure resources not being deleted
Fixed Gateways never become ready/programmed when running Envoy as a Daemonset
Fixed Ratelimit Deployment ignoring pod labels and annotation merge
Fixed the API Server receives unnecessary requests
Fixed terminating envoy pods don't respond with "Connection: close" (H1) or GOAWAY(H2) on shutdown, switch to an immediate drain strategy
Fixed ratelimit statsd not working
Fixed not generating selector of deployment/daemonset based on the custom label configuration of EnvoyProxy
Fixed egctl experimental translate using a wrong ns

Performance improvements

Fixed repeated resources and optimize memory usage

Other changes

Removed grafana test framework from the addons helm chart
Disabled ALPN for non-HTTP routes
Added statPrefix for HCM and TCPProxy
Enabled GatewayHTTPListenerIsolation conformance test
Enabled GRPC conformance profile
Enabled HTTPRouteBackendRequestHeaderModifier conformance test
Added e2e test for Daemonset mode
Updated upgrades tests to use VERSION env variable
Fixed OVS scanner wrong license warnings
Added e2e test for TLS session resumption
Added heap profile into benchmark report
Added e2e test for RecomputeRoute in ExtAuth
Added benchmark memory profiles into report
Fixed flaky gateway_with_conflicted_listener_cannot_be_merged e2e test
Fixed flaky Zipkin Tracing e2e test
Added e2e test for cookie based consistent hash load balancing
Added e2e test for load balancing
Fixed flaky authorization tests
Enabled upgrade test
Fixed flaky basic auth e2e test
Enabled use-client-protocol e2e test
Added performance benchmarking test for 1000 HTTPRoutes
Added e2e test for Datadog tracing
Added e2e tests for ratelimit invert matching headers
Reduced readinessProbe failureThreshold and periodSeconds
Bumped go-control-plane to v0.13.1

What's changed

fix quickstart link in helm chart by @zhaohuabing in #3793
fix release note file name by @guydc in #3792
build(deps): bump golang.org/x/sys from 0.21.0 to 0.22.0 by @dependabot in #3780
build(deps): bump distroless/static from e9ac71e to 8dd8d3c in /tools/docker/envoy-gateway by @dependabot in #3778
build(deps): bump fortio.org/log from 1.12.2 to 1.14.0 by @dependabot in #3782
build(deps): bump google.golang.org/grpc from 1.64.0 to 1.65.0 by @dependabot in #3783
docs: move release-notes out of version by @zirain in #3765
ci: update cherry-pick v1.1.0 by @guydc in #3803
doc: how to build a wasm image by @zhaohuabing in #3806
Use Wasm instead of WASM by @mathetake in #3812
docs: generate v1.1.0-rc.1 release note by @Xunzhuo in #3794
chore: release-notes-docs be part of generate by @zirain in #3815
fix: enable client timeout test by @guydc in #3811
chore: add benchmark report into release artifacts by @shawnh2 in #3756
docs: fix grafana link by @zirain in #3818
e2e: make sure ALS server is ready by @zirain in #3816
Revert "docs: fix grafana link" by @zirain in #3822
feat: support target selectors on Envoy Gateway Extension Server policies by @liorokman in #3800
docs: updating the documentation for Extension Servers and adding an example extension server by @liorokman in #3788
docs for ip allowlist/denylist by @zhaohuabing in #3784
docs: gRPC Access Log Service (ALS) sink by @zirain in #3768
docs: update v1.1.0-rc.1 release notes by @guydc in #3821
docs: add task for wasm extensions by @zhaohuabing in #3796
community: promote shawnh2 to maintainer and move qicz to emeritus by @Xunzhuo in #3760
chore: report a translate error to errChan to make it observed correctly by @sanposhiho in #3827
chore: upgrade to golang v1.22.5 by @sanposhiho in #3829
chore: add make lint.fix-golint to address auto fixable lint issues by @sanposhiho in #3828
docs: patch field within EnvoyService by @shawnh2 in #3820
accesslog: remove ALS gRPC initialMetadata by @zirain in #3751
docs: add fixed links to the current version of eg docs by @zhaohuabing in #3819
fix: backendtls minversion by @guydc in #3835
fix: enable use-client-protocol test by @guydc in #3825
fix: backendtls client cert by @guydc in #3839
fix: prevent xdsIR updates from overwriting RateLimit configs from other xdsIR by @sanposhiho in #3771
docs: use v[x.y] instead of v[x.y.z] by @zirain in #3836
e2e: fix basic auth flaky by @zirain in #3833
design: add wasm extension supports OCI image code source by @zhaohuabing in #3313
fix: enable upgrade test by @guydc in #3764
chore: go mod tidy by @zirain in #3842
fix flaky authorization tests by @zhaohuabing in #3844
build(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 by @dependabot in #3849
build(deps): bump fortio.org/fortio from 1.65.0 to 1.66.0 by @dependabot in #3848
build(deps): bump helm.sh/helm/v3 from 3.15.2 to 3.15.3 by @dependabot in #3850
chore: move UDP test resources out of the base by @zhaohuabing in #3857
chore: replace targetRef with targetRefs in e2e by @shawnh2 in #3858
docs: Remove the older versions from linkinator ignore list by @zirain in #3846
build(deps): bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 by @dependabot in #3854
build(deps): bump github.com/norwoodj/helm-docs from 1.13.0 to 1.14.2 in /tools/src/helm-docs by @dependabot in #3847
chore: move connection limit test resources out of the base by @zhaohuabing in #3859
build(deps): bump actions/setup-node from 4.0.2 to 4.0.3 by @dependabot in #3853
build(deps): bump google/osv-scanner-action from 1.8.1 to 1.8.2 by @dependabot in #3851
build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 in /tools/github-actions/setup-deps by @dependabot in #3855
build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in #3852
docs: add backend tls docs by @guydc in #3843
chore: move zipkin test resources out of the base by @zhaohuabing in #3864
chore: move tcp test resources out of the base by @zhaohuabing in #3863
docs: create concepts docs page and diagram by @missBerg in #3808
benchmark: enable prometheus to scrape metrics from by @shawnh2 in #3772
chore: move backend tls test resources out of the base by @zhaohuabing in #3862
chore: remove cherrypicker action by @zirain in #3831
chore: update linkinator comment by @zirain in #3870
chore: make format as part of gen-check by @zirain in #3877
chore: update LINKINATOR_IGNORE by @zirain in #3879
return 500 error for failed SecurityPolicies to avoid unauthorized access to xRoutes by @zhaohuabing in #3869
lint: update yamllint and codespell skip by @zirain in #3882
e2e: increase test timeout by @zirain in #3883
chore: client mtls test by @guydc in #3874
fix: nil pointer err during hash load balancing build by @shawnh2 in #3886
fix override issue for EEP by @zhaohuabing in #3881
accesslog: fix different CelMatches on AccessLog by @zirain in #3885
rm gateway-api translation error message from direct response by @arkodg in #3878
GetParentReferences should use namespace from RouteContext by @zirain in #3876
Add e2e test for load balancing by @shawnh2 in #3868
egctl: introduce egctl x collect by @zirain in #3775
e2e: add e2e test for cookie based consistent hash load balancing by @shawnh2 in #3890
enable HTTPRouteBackendRequestHeaderModifier test by @arkodg in #3891
disable writing into GatewayClass.Status.SupportedFeatures by @arkodg in #3888
validate for reconcile should check reference from EnvoyProxy by @zirain in #3895
chore: add grafonnet dashboards support by @shawnh2 in #3785
add startupProbe to all provisioned containers by @arkodg in #3893
e2e: move als test resources out of the base by @zirain in #3884
e2e: fix ZipkinTracing flaky by @zirain in #3899
doc: add load balancing usage by @shawnh2 in #3903
fix: typos in release notes by @Xunzhuo in #3909
fix: fix the CEL definitions to allow policies that use target selectors without explicit targetRefs by @liorokman in #3904
feat(logger): Add tlog for better test logging by @Manoramsharma in #3913
e2e: add hook to debug OIDC fail by @zirain in #3914
e2e: refactor and improve lb test by @zirain in #3912
tools: remove sphinx by @zirain in #3927
release v1.1.0 by @guydc in #3932
build(deps): bump github.com/google/go-containerregistry from 0.19.2 to 0.20.1 by @dependabot in #3924
build(deps): bump github/codeql-action from 3.25.12 to 3.25.13 by @dependabot in #3921
build(deps): bump softprops/action-gh-release from 2.0.6 to 2.0.8 by @dependabot in #3920
build(deps): bump fortio.org/log from 1.14.0 to 1.15.0 by @dependabot in #3926
build(deps): bump github.com/replicatedhq/troubleshoot from 0.95.1-0.20240707233129-f5f02f5a807c to 0.95.1 by @dependabot in #3925
doc: utilize hugo boilerplates for latest by @shawnh2 in #3910
fix: flaky e2e gateway_with_conflicted_listener_cannot_be_merged by @shawnh2 in #3911
docs: add helm-version and yaml-version shortcode by @zirain in #3766
fix: remove namespace in policies by @Xunzhuo in #3947
doc: authorization api by @zhaohuabing in #3949
chore: Update k8s by @zirain in #3936
chore: cleaning up EnvoyFilter types by @zhaohuabing in #3948
docs: add note for Mac user by @zirain in #3953
printing name of the target when a policy fails to attach by @sadovnikov in #3943
docs: use yaml-version for quickstart yaml by @zirain in #3952
chore: bump crd-ref-docs by @zirain in #3945
chore: add resoure requirements for statsd exporter by @zhaohuabing in #3957
build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @dependabot in #3964
build(deps): bump github.com/bufbuild/buf from 1.34.0 to 1.35.1 in /tools/src/buf by @dependabot in #3969
build(deps): bump github.com/docker/cli from 27.0.3+incompatible to 27.1.1+incompatible by @dependabot in #3968
build(deps): bump fortio.org/log from 1.15.0 to 1.16.0 by @dependabot in #3967
build(deps): bump github.com/docker/docker from 27.0.3+incompatible to 27.1.1+incompatible by @dependabot in #3966
build(deps): bump docker/login-action from 3.2.0 to 3.3.0 by @dependabot in #3963
build(deps): bump github/codeql-action from 3.25.13 to 3.25.15 by @dependabot in #3962
build(deps): bump github.com/replicatedhq/troubleshoot from 0.95.1 to 0.98.0 by @dependabot in #3965
chore: clean up cross ns checking for policies by @zhaohuabing in #3961
set default SecurityContext for EG components by @zhaohuabing in #3940
docs: fix dropdown by @zirain in #3975
conformance(experimental): enable grpc conformance profile by @Xunzhuo in #3976
add benchmark memory profiles into report by @shawnh2 in #3951
chore: udpate release mgmt docs and upgrade test by @guydc in #3979
feat: Support DNS resolution settings by @alexwo in #3974
feat(translator): Set statPrefix for HCM and TCPProxy by @aoledk in #3728
docs: fix missing heading self-links by @zirain in #3991
bugfix: fix upstream get unwanted /. by @qicz in #3990
feat(translator): http2 upstream settings by @guydc in #3682
refactor: clean envoygateway validate methods by @shawnh2 in #3997
build(deps): bump github.com/google/cel-go from 0.20.1 to 0.21.0 by @dependabot in #3999
api: add socket buffer limit field in ClientTrafficPolicy and BackendTrafficPolicy by @aoledk in #3724
feat: add support for cluster-level settings for non xRoute-generated backend refs by @liorokman in #3954
fix: change the wasm download URL to point to the envoy examples repository by @liorokman in #4014
fix: multiple reference grants in same namespace by @ardikabs in #4008
move upgrade notes to install section by @arkodg in #4013
bump golang.org/x/sys from 0.22.0 to 0.23.0 by @zhaohuabing in #4007
feat: support cluster settings for tracing and accesslog backends by @liorokman in #4012
reduce readinessProbe failureThreshold and periodSeconds by @arkodg in #4021
feat: Support the Backend resource for Ext-Auth by @zirain in #4016
feat: support session persistence in HTTPRouteRule by @sanposhiho in #3841
docs: Attach EnvoyProxy to Gateway by @arkodg in #4020
docs: Steps for migrating to Envoy Gateway by @Manoramsharma in #3973
fix: add header values as described in the documentation by @liorokman in #4031
build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot in #4030
bugfix: fatal error: concurrent map writes by @qicz in #3986
bugfix: fix egctl experimental translate with error ns. by @qicz in #3984
build(deps): bump google/osv-scanner-action from 1.8.2 to 1.8.3 by @dependabot in #4029
feat(translator): JsonPath in PatchPolicy by @denniskniep in #3757
fix: backend tls docs by @guydc in #4039
build(deps): bump github.com/bufbuild/buf from 1.35.1 to 1.36.0 in /tools/src/buf by @dependabot in #4028
fix: not generate selector of deployment/daemonset based on the custom label configuration of EnvoyProxy by @sanposhiho in #3995
docs: correct concepts page by @zirain in #4040
update dependabot configuration by @zirain in #4041
feat(translator): early request header modifier by @guydc in #4004
docs: mark BackendRef in shared_types.go optional by @MdSahil-oss in #4058
build(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by @dependabot in #4051
chore: replace targetRef with targetRefs in doc by @shawnh2 in #4048
chore: bump deps by @zirain in #4045
chore: enable copyloopvar lint by @shawnh2 in #4047
feat: gateway http listener isolation by @levikobi in #4000
feat(translator): add support for configuring the GRPC Health Checker by @liorokman in #4046
fix: rename ServiceName to Service in the gRPC active health check structure. by @liorokman in #4063
build(deps): bump github.com/prometheus/client_golang from 1.19.1 to 1.20.0 by @dependabot in #4056
build(deps): bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 by @dependabot in #4026
build(deps): bump helm.sh/helm/v3 from 3.15.3 to 3.15.4 by @dependabot in #4057
bump github.com/golangci/golangci-lint from 1.59.1 to 1.60.1 by @zirain in #4067
bump github.com/replicatedhq/troubleshoot from 0.98.0 to 0.99.0 by @zirain in #4065
feat: support LB priority for non xRoute endpoints by @alexwo in #4033
docs: added defaults for load balancing by @luvk1412 in #4071
use sets and return stable result by @zirain in #4074
docs: fix basic-auth.md formatting by @LiorLieberman in #4034
build(deps): bump sigs.k8s.io/kind from 0.23.0 to 0.24.0 in /tools/src/kind by @dependabot in #4077
build(deps): bump github.com/docker/cli from 27.1.1+incompatible to 27.1.2+incompatible by @dependabot in #4082
build(deps): bump github.com/ohler55/ojg from 1.22.1 to 1.24.0 by @dependabot in #4080
build(deps): bump github.com/bufbuild/buf from 1.36.0 to 1.37.0 in /tools/src/buf by @dependabot in #4076
chore: fix Unchanged files with check annotations by @zirain in #4075
fix ratelimit statsd not working by @zirain in #4073
chore: remove BackendTrafficPolicyConnection by @zhaohuabing in #4010
build(deps): bump github.com/docker/docker from 27.1.1+incompatible to 27.1.2+incompatible by @dependabot in #4079
fix: active http healthcheck documents a default for expected status, but doesn't use it by @liorokman in #4090
support custom name for ratelimit deployment by @arkodg in #4094
chore: remove tcp options from the UDPRoute IR by @zhaohuabing in #4084
bump the k8s-io group to v0.31.0 by @zirain in #4066
API: api for setting OIDC token cookie domain by @zhaohuabing in #4093
build(deps): bump google/osv-scanner-action from 1.8.3 to 1.8.4 by @dependabot in #4110
build(deps): bump github/codeql-action from 3.26.2 to 3.26.5 by @dependabot in #4109
build(deps): bump github.com/bufbuild/buf from 1.37.0 to 1.38.0 in /tools/src/buf by @dependabot in #4111
docs: removes unimplemented attributes in the extproc example by @mathetake in #4115
build(deps): bump github.com/miekg/dns from 1.1.61 to 1.1.62 by @dependabot in #4104
deps: Bump go control plane to 0.13.0 by @zirain in #4113
build(deps): bump helm.sh/helm/v3 from 3.15.3 to 3.15.4 by @dependabot in #4105
fix: remove the limitation for only one backendRef from ext-auth and ext-proc by @liorokman in #4086
[api] Add Failover field to Backend by @arkodg in #4099
refactor: Return 500 when BackendTrafficPolicy translation fails by @MdSahil-oss in #4092
ossf: fix pinned-dependencies by @mmorel-35 in #4119
add-nodeSelector by @magorKathy in #4017
build(deps): bump github.com/prometheus/client_golang from 1.20.0 to 1.20.2 by @dependabot in #4107
rename failover to fallback backend by @arkodg in #4121
fix: don't lose timeout settings that originate from the route when translating the backend traffic policy by @liorokman in #4095
chore: use sets by @zirain in #4123
docs: Clarification for type which calls itself "JSON" but actually cannot be. by @mt-inside in #4117
Fix IsNotFound check for secret and configmap by @TasdidurRahman in #4126
chore: bump deps by @zirain in #4122
chore: remove test package by @zirain in #4148
build(deps): bump actions/upload-artifact from 4.3.4 to 4.4.0 by @dependabot in #4131
build(deps): bump github/codeql-action from 3.26.5 to 3.26.6 by @dependabot in #4130
build(deps): bump google.golang.org/grpc from 1.65.0 to 1.66.0 in /examples/extension-server by @dependabot in #4139
build(deps): bump github.com/docker/docker from 27.1.2+incompatible to 27.2.0+incompatible by @dependabot in #4137
build(deps): bump github.com/bufbuild/buf from 1.38.0 to 1.39.0 in /tools/src/buf by @dependabot in #4133
build(deps): bump github.com/prometheus/common from 0.55.0 to 0.57.0 by @dependabot in #4134
build(deps): bump github.com/replicatedhq/troubleshoot from 0.99.0 to 0.100.0 by @dependabot in #4135
fix: assign sugar logger name. by @qicz in #4144
chore: code polish & ratelimit env optimize by @qicz in #4142
fix: controller-runtime logger by @qicz in #4146
build(deps): bump busybox from 9ae97d3 to 8274294 in /tools/docker/envoy-gateway by @dependabot in #4132
chore: add ExtensionGroupKinds debug log by @zirain in #4124
chore: concurrent map write in internal/metric test. by @qicz in #4141
build(deps): bump github.com/docker/cli from 27.1.2+incompatible to 27.2.0+incompatible by @dependabot in #4138
build(deps): bump google.golang.org/grpc from 1.65.0 to 1.66.0 by @dependabot in #4136
refactor: return 500 when EnvoyExtensionTrafficPolicy translation fails by @alexwo in #4154
feat: support JSONPatches for proxy bootstrap modifications by @liorokman in #4116
ci: fix osv vulnerability and license scans and add license overrides by @shahar-h in #4157
API: authorization api for jwt claims by @zhaohuabing in #4009
impl for setting OIDC token cookie domain by @zhaohuabing in #4102
remove MPL packages by @zirain in #4161
ci: bump support Kubernetes version by @zirain in #4169
bump to go1.22.7 by @zirain in #4175
docs: improve Private Key Provider page layout by @zirain in #4179
build(deps): bump distroless/static from 8dd8d3c to 42d15c6 in /tools/docker/envoy-gateway by @dependabot in #4191
build(deps): bump github.com/bufbuild/buf from 1.39.0 to 1.40.1 in /tools/src/buf by @dependabot in #4185
build(deps): bump github.com/prometheus/common from 0.57.0 to 0.59.1 by @dependabot in #4187
build(deps): bump github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.0 by @dependabot in #4190
build(deps): bump github.com/prometheus/client_golang from 1.20.2 to 1.20.3 by @dependabot in #4189
build(deps): bump the golang-org group across 2 directories with 2 updates by @dependabot in #4186
feat: support RecomputeRoute for ExtAuth by @zirain in #4178
lint: ignore gosec G115 by @zirain in #4184
ci: fix openssf-scorecard permission issue by @shahar-h in #4198
feat: choose a default HTTP1.0 route based on HTTPRoutes if possible. by @liorokman in #4183
build(deps): bump busybox from 8274294 to 34b191d in /tools/docker/envoy-gateway by @dependabot in #4192
chore: add a jwks public private key pair for testing by @zhaohuabing in #4200
fix: reject invalid backends in route validation by @guydc in #4209
API: use BackendCluster to represent OIDCProvider by @zhaohuabing in #4128
fix: allow empty slowStart when using LeastRequest by @zirain in #4204
bump ENVTEST_K8S_VERSION by @zirain in #4201
feat: add file resource provider for EG standalone mode by @shawnh2 in #3159
affinity and toleration patch for certgen by @ncsham in #4195
chore: set fail-fast: false to continue testing as e2e tests are flaky by @zhaohuabing in #4210
ci: bump to golang1.23.1 by @zirain in #4206
fix: write backend status by @guydc in #4219
release: v1.1.1 by @guydc in #4207
e2e: increase timeout for FileAccessLog by @zirain in #4215
build(deps): bump fortio.org/fortio from 1.66.1 to 1.66.2 by @zirain in #4223
Fix website version by @arkodg in #4229
fix: Switch to an immediate drain strategy by @arkodg in #4230
docs: fix make command from benchmark-test to benchmark by @juwon8891 in #4237
api: HTTPRouteFilter by @guydc in #4171
refactor: add gatewayapi/resource pkg by @shawnh2 in #4235
api: unhide Matches in ProxyAccessLog by @zirain in #4224
api: support inverting matches in rate limit by @rudrakhp in #4176
docs: fix incorrect decoding command in developer documentation by @juwon8891 in #4241
feat: Add maxUnavailable PDB support to helm chart by @jukie in #4239
chore: bump deps by @zirain in #4255
build(deps): bump github/codeql-action from 3.26.6 to 3.26.7 by @dependabot in #4252
build(deps): bump github.com/golangci/golangci-lint from 1.60.3 to 1.61.0 in /tools/src/golangci-lint by @dependabot in #4247
build(deps): bump busybox from 34b191d to c230832 in /tools/docker/envoy-gateway by @dependabot in #4244
build(deps): bump github.com/bufbuild/buf from 1.40.1 to 1.41.0 in /tools/src/buf by @dependabot in #4245
CORS: support wildcard matching for AllowMethods and AllowHeaders by @zhaohuabing in #4168
chore: fix merge nit by @zirain in #4260
build(deps): bump helm.sh/helm/v3 from 3.15.4 to 3.16.1 by @dependabot in #4251
build(deps): bump github.com/replicatedhq/troubleshoot from 0.100.0 to 0.102.0 by @dependabot in #4261
build(deps): bump google/osv-scanner-action from 1.8.4 to 1.8.5 by @dependabot in #4253
ci: remove license override for github.com/moby/patternmatcher by @shahar-h in #4274
ci: enable osv-scanner call analysis by @shahar-h in #4273
OIDC: add nonce support to the oauth2 filter by @zhaohuabing in #4271
moving away from promStatsdExporterContainer by @zirain in #4272
performance: changing Infra and Xds IR log values to JSONString by @shawnh2 in #4263
e2e: add test for RecomputeRoute in ExtAuth by @zirain in #4222
EnvoyPatchPolicy JsonPath docs & fixes by @denniskniep in #4256
chore: include heap profile into benchmark report and add notes for profiles by @shawnh2 in #4284
fix: Reconcile on HTTPRoute labels change by @luvk1412 in #4279
fix: handle invalid sectionName in BackendTLSPolicy for Backend by @arkodg in #4296
chore: e2e: expose --allow-crds-mismatch from conformace test by @unicell in #4297
revisit envoy shutdown settings by @arkodg in #4288
build(deps): bump github/codeql-action from 3.26.7 to 3.26.8 by @dependabot in #4310
build(deps): bump github.com/ohler55/ojg from 1.24.0 to 1.24.1 by @dependabot in #4302
build(deps): bump distroless/static from 42d15c6 to dcd3f1f in /tools/docker/envoy-gateway by @dependabot in #4311
build(deps): bump github.com/docker/cli from 27.2.0+incompatible to 27.3.1+incompatible by @dependabot in #4306
build(deps): bump google.golang.org/grpc from 1.66.2 to 1.67.0 in /examples/extension-server by @dependabot in #4307
build(deps): bump github.com/bufbuild/buf from 1.41.0 to 1.42.0 in /tools/src/buf by @dependabot in #4308
build(deps): bump actions/setup-node from 4.0.3 to 4.0.4 by @dependabot in #4309
docs: fix patch command for adding TLS gateway listener by @Dean-Coakley in #4316
feat(translator): implement httproutefilter and path regex rewrite by @guydc in #4258
build(deps): bump github.com/prometheus/client_golang from 1.20.3 to 1.20.4 by @dependabot in #4304
build(deps): bump github.com/docker/docker from 27.2.0+incompatible to 27.3.1+incompatible by @dependabot in #4303
chore: update release page by @arkodg in #4319
chore: update roadmap page by @arkodg in #4318
ci: dual-stack support for kind cluster by @juwon8891 in #4301
[release/v1.1] release: v1.1.2 by @guydc in #4320
chore: add the exptected date for 1.2.0 by @zhaohuabing in #4321
set user group and user id for the default SecurityContext by @zhaohuabing in #4313
docs: remove comma by @muffl0n in #4300
Impl: JWT claim authorization by @zhaohuabing in #4167
chroe: fix license check by @zhaohuabing in #4327
api: access log types by @guydc in #4170
api: custom error response by @arkodg in #4259
bugfix: EG loglevel error for admin and metrics module by @qicz in #4340
fix: some status updates are discarded by the status updater by @zhaohuabing in #4337
fix: Unsupported listener protocol type error for nil supportKinds assign gateway status. by @qicz in #4345
feat: support request response sizes stats by @luvk1412 in #4314
Datadog tracing support by @Hartigan in #4298
set invalid Listener.SupportedKinds to empty list by @arkodg in #4352
feat: adds support for ratelimit metrics monitoring in grafana by @MdSahil-oss in #4083
chore: add envoy gateway logo into readme by @shawnh2 in #4355
doc: update benchmark result by @shawnh2 in #4354
feat: add priorityClassName support to helm chart by @jukie in #4357
feat: Add service annotations to helm chart by @jukie in #4359
feat: enable local validations for egctl translate and file provider by @shawnh2 in #4257
chore: fix receivers & check ResourceRender implements. by @qicz in #4344
helm: remove grafana testFramework by @zirain in #4360
bugfix: ignore some unnecessary requests to apiserver. by @qicz in #4362
chore: correct eg namespace by @zirain in #4365
build(deps): bump github.com/urfave/cli/v2 from 2.27.2 to 2.27.4 in /examples/extension-server by @dependabot in #4372
build(deps): bump github.com/replicatedhq/troubleshoot from 0.102.0 to 0.105.1 by @dependabot in #4371
build(deps): bump github/codeql-action from 3.26.8 to 3.26.9 by @dependabot in #4366
build(deps): bump distroless/static from dcd3f1f to 26f9b99 in /tools/docker/envoy-gateway by @dependabot in #4368
build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in #4367
build(deps): bump the go-opentelemetry-io group across 1 directory with 2 updates by @dependabot in #4369
[Gateway API 1.2.0] Upgrade Gateway API to 1.2.0-rc2 by @zhaohuabing in #4270
fix: rateLimitDeployment ignoring pod labels and annotation merge by @oscarboher in #4228
chore: fix gen-check by @zirain in #4376
build(deps): bump the golang-org group across 2 directories with 2 updates by @dependabot in #4401
build(deps): bump github.com/bufbuild/buf from 1.42.0 to 1.44.0 in /tools/src/buf by @dependabot in #4400
build(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 by @dependabot in #4399
build(deps): bump github/codeql-action from 3.26.9 to 3.26.11 by @dependabot in #4397
build(deps): bump github.com/replicatedhq/troubleshoot from 0.105.1 to 0.105.2 by @dependabot in #4404
build(deps): bump google/osv-scanner-action from 1.8.5 to 1.9.0 by @dependabot in #4398
build(deps): bump sigs.k8s.io/gateway-api from 1.2.0-rc2 to 1.2.0 in /examples/extension-server by @dependabot in #4407
build(deps): bump busybox from c230832 to 768e5c6 in /tools/docker/envoy-gateway by @dependabot in #4408
chore: remove +build tag by @zirain in #4392
chore: remove nit log by @zirain in #4391
build(deps): bump google.golang.org/grpc from 1.67.0 to 1.67.1 in /examples/extension-server by @dependabot in #4406
chore: recover Coverage Tests by @zirain in #4411
chore: fix docker build warning by @zirain in #4389
bump google.golang.org/grpc v1.67 by @zirain in #4390
chore: fix osv scanner by @zirain in #4414
chore: upgrade test should use VERSION by default by @zirain in #4393
build(deps): bump fortio.org/fortio from 1.66.3 to 1.67.1 by @dependabot in #4405
api: host header rewrite by @guydc in #4410
feat: support inverting header matches for rate limit by @rudrakhp in #4286
bump gwapi to 1.2.0 by @zirain in #4384
feat(translator): implement access log types by @guydc in #4341
fix dashboard typos by @haorenfsa in #4422
feat: add labels to envoyService config by @jukie in #4427
build(deps): bump helm.sh/helm/v3 from 3.16.1 to 3.16.2 by @dependabot in #4436
docs: Fix capital D in ratelimit example by @puerco in #4428
build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 in /examples/extension-server by @dependabot in #4439
build(deps): bump github.com/prometheus/common from 0.59.1 to 0.60.0 by @dependabot in #4438
build(deps): bump github.com/replicatedhq/troubleshoot from 0.105.2 to 0.107.0 by @dependabot in #4437
build(deps): bump github.com/bufbuild/buf from 1.44.0 to 1.45.0 in /tools/src/buf by @dependabot in #4440
build(deps): bump the go-opentelemetry-io group across 1 directory with 8 updates by @dependabot in #4434
feat(translator): client tls session resumption by @guydc in #4293
build(deps): bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in #4442
build(deps): bump aquasecurity/trivy-action from 0.24.0 to 0.27.0 by @dependabot in #4443
build(deps): bump github/codeql-action from 3.26.11 to 3.26.12 by @dependabot in #4444
build(deps): bump actions/upload-artifact from 4.4.0 to 4.4.3 by @dependabot in #4441
feat: allow running EnvoyProxy as DaemonSet by @jukie in #4429
feat: implement RequestTimeout in BackendTrafficPolicy by @sanposhiho in #4329
infra: use labels when deleting infra by @zirain in #4430
chore: set klog by @zirain in #4455
infra: fix DeleteAllOf rbac by @zirain in #4459
feat: implement fallback for the Backend API by @arkodg in #4461
chore: bump go control plane to 0.13.1 by @zhaohuabing in #4465
api: fix HeaderMatch list type to allow invert matches on same header by @rudrakhp in #4464
api: direct response by @arkodg in #4334
Use BackendCluster to represent OIDCProvider by @zhaohuabing in #4227
support reloadable EnvoyGateway configuration by @zirain in #4451
e2e: add tests for ratelimit invert matching headers by @rudrakhp in #4452
chore: update logo by @zirain in #4469
docs: correct the curl command by @zirain in #4467
chore: use ptr.Deref to simply code by @zirain in #4477
chore: bump crd-ref-docs by @zirain in #4474
docs: improve a little bit visual by @zirain in #4468
docs: update configuration kick in tips by @zirain in #4479
Fix wasm example link by @zhaohuabing in #4491
Unhide BackendCluster for OIDC provider by @zhaohuabing in #4490
build(deps): bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 by @dependabot in #4484
build(deps): bump github.com/prometheus/client_golang from 1.20.4 to 1.20.5 by @dependabot in #4486
build(deps): bump github.com/urfave/cli/v2 from 2.27.4 to 2.27.5 in /examples/extension-server by @dependabot in #4488
build(deps): bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in #4485
fix: ratelimit not working with both headers and cidr matches by @shawnh2 in #4377
chore: clean up gatewayapi v1alpha2 helpers by @shawnh2 in #4482
Docs/Tests: documentation and e2e tests for Datadog tracing by @Hartigan in #4480
impl: custom error response by @zhaohuabing in #4415
fix: enforce connection limit value by @guydc in #4458
Collect release note in each PR by @zhaohuabing in #4473
build(deps): bump github.com/replicatedhq/troubleshoot from 0.107.0 to 0.107.1 by @dependabot in #4487
docs: add docs for ratelimit invert match headers by @rudrakhp in #4483
feat: implement Backend API for TLSRoute by @zhaohuabing in #4493
helm: Remove default cpu limit inside chart by @RomainBelorgey in #4290
feat: add host-infra provider support by @shawnh2 in #4481
bugfix: filter repeated resources and optimize memory usage. by @qicz in #4454
feat(translator): implement httproutefilter host rewrite by @guydc in #4446
benchmark: test for 1000 HTTPRoutes by @arkodg in #4287
docs: update Backend docs by @zhaohuabing in #4497
e2e: add test for DaemonSet by @zirain in #4502
feat: direct response by @arkodg in #4508
fix: disable ALPN for non-HTTP routes by @guydc in #4460
chore: share UnitToDuration logic by @zirain in #4510
e2e: incr timeout by @zirain in #4512
chore: refactor byNamespaceSelectorEnabled by @zirain in #4513
feat: add ipv4/ipv6 dual stack support by @juwon8891 in #4375
docs: skip current in release-notes-docs by @zirain in #4521
release: v1.2.0-rc.1 by @zhaohuabing in #4476
[release/v1.2] pin envoy and ratelimit images by @zhaohuabing in #4526

New Contributors

@mathetake made their first contribution in #3812
@missBerg made their first contribution in #3808
@Manoramsharma made their first contribution in #3913
@sadovnikov made their first contribution in #3943
@denniskniep made their first contribution in #3757
@MdSahil-oss made their first contribution in #4058
@luvk1412 made their first contribution in #4071
@LiorLieberman made their first contribution in #4034
@magorKathy made their first contribution in #4017
@mt-inside made their first contribution in #4117
@ncsham made their first contribution in #4195
@juwon8891 made their first contribution in #4237
@rudrakhp made their first contribution in #4176
@jukie made their first contribution in #4239
@unicell made their first contribution in #4297
@Dean-Coakley made their first contribution in #4316
@muffl0n made their first contribution in #4300
@Hartigan made their first contribution in #4298
@oscarboher made their first contribution in #4228
@haorenfsa made their first contribution in #4422
@puerco made their first contribution in #4428
@RomainBelorgey made their first contribution in #4290

Full Changelog: v1.1.0...v1.2.0-rc.1