Note: This is a release candidate for v1.4.0. If while testing and running conformance for this release candidate you run into any problems, please send your feedback here (and feel free to create an issue as well)!

v1.4 Changelog

Table of Contents

• v1.4.0-rc.1

v1.4.0-rc.1

Major Changes since v1.3.0

Breaking Changes

Experimental CORS Support in HTTPRoute - Breaking Change for AllowCredentials Field

Users of the Experimental CORS AllowCredentials field can now specify false.
The underlying API specification type has changed from a enum of type boolean to
just a boolean, so users deploying HTTPRoutes via libraries and evaluating the
experimental CORS support will need to adjust for the change in types. Please
see #3895 for more details.

Standard GRPCRoute - Spec Field Required (Technicality)

This PR makes grpcroute.spec a required field. This is technically a
backward-incompatible change, as previously the field was unintentionally
treated as optional because we erroneously used omitempty on .spec (unlike
other APIs). Since the codebase didn't yet enforce explicit required markers,
that omitempty allowed a missing .spec.

Because .spec contains essential route configuration, omitting it renders a
GRPCRoute unusable and causes route implementation to fail, so we expect this
change will not have adverse effects, but wanted to call it out all the same.
Please see #3937 for more details.

GEPs

New Features

In this release, the following major features are moving to the Standard
channel and are now considered generally available:

• GEP-1897 BackendTLSPolicy - Configuration of TLS from the Gateway to Backends
• GEP-3164 SupportedFeatures - Status information about the features that an implementation supports.

In this release, we introduced the following new features are moving to the
Experimental channel, for implementations to evaluate:

• GEP-3949 Mesh Resource - Mesh-wide configuration and supported features.
• GEP-3793 Default Gateways - Allowing Gateways to program some routes by default.
• GEP-1494 HTTP External Auth - Enabling External Auth for HTTPRoute.

Other Iterations

• GEP-1897: standardizing behavior for invalid BackendTLSPolicy by @snorwin in #3909
• GEP-1897: describe TargetRefs conflict-resolution rules in BackendTLSPolicy by @snorwin in #4048
• GEP-2627: DNS Configuration - Initial Provisional PR by @maleck13 in #2712
• GEP-1713: Revisions by @dprotaso in #3744
• GEP 91: Update Goals and Prior Art by @arkodg in #3838
• GEP-91: Address connection coalescing security issue - API updates by @kl52752 in #3960 and #3942
• GEP-1494: Update gRPC Auth config by @youngnick in #4061
• GEP 3779: East/West Identity-Based Authorization by @LiorLieberman in #3822
• GEP-3792: Off-Cluster Gateways by @kflynn in #3851
• GEP-3798: Adding initial Provisional GEP for client ip based session persistence by @arihantg in #3844
• GEP-696: Update the possible states by @mlavacca in #3901
• TLSRoute: Require hostnames and bump version to v1alpha3 by @rostislavbobo in #3872
• TLSRoute: Require hostnames via +required by @rostislavbobo in #3918
• TLSRoute: Set MaxItems=1 for rules[] in v1alpha3 by @rostislavbobo in #3971
• Update Auth GEP with Implementable details by @youngnick in #3884
• add GRPCRouteExtendedFeatures to AllFeatures list by @skriss in #4046
• Allow preprepared CoreDNS image to be used by @aaronjwood in #3906
• Specify SAN validation precedence over Hostname validation by @kl52752 in #4039
• docs: move GEP-3798 to Deferred for now by @shaneutt in #3947

Bug or Regression

• The boolean "TrueField" introduced for CORS can cause generator issues by @shaneutt in #3895
• Mark grpcroutes spec as required by @rikatz in #3937

Administrative

• chore: remove inactive reviewers by @shaneutt in #3829
• Adding Lior to Mesh Leads by @robscott in #3877

Changes by Kind

API

HTTPRoute

In the Standard channel, we've now added a Name field to HTTPRouteRule
and HTTPRouteMatch.

Documentation

• Enable dark mode switch on docs by @rikatz in #3977
• docs: Add v1.3 conformance report table by @snorwin in #3810
• docs: Update HTTPRoute status example by @jonstacks in #3784
• Add time extensions to release management doc by @shaneutt in #3943
• Update implementations.md with removal policy by @youngnick in #3863
• TLSRoute: Hostnames godoc by @rostislavbobo in #3925
• Make feature name required for Experimental by @youngnick in #3859
• Support comparison of response protocol by @zirain in #3986
• docs: note about expectations when a gep misses a release timeline by @shaneutt in #3866

CI & Testing

• Enable Kubernetes API Linter by @rikatz in #3917
• Use envtest for CRD validation tests by @rikatz in #3948

Conformance Tests

• Add mesh conformance tests structure and a first test by @LiorLieberman in #3729
• Add mesh conformance tests for httproute redirect(s) by @LiorLieberman in #3777
• Improve feature name readability in conformance reports by @08volt in #3564
• conformance: add Hook in ConformanceTestSuite by @zirain in #3786
• add mesh conformance for request header modifier by @LiorLieberman in #3812
• add httproute weight based routing mesh conformance tests by @LiorLieberman in #3827
• Add mesh core conformance tests for httproute same-namespace attachment by @LiorLieberman in #3833
• add httproute matching conformance mesh by @LiorLieberman in #3831
• add mesh conformance for httproute-queryparmas-match by @LiorLieberman in #3834
• fix meshredirectport and schemeredirect mesh conformance features by @LiorLieberman in #3847
• Add body to http.Request and roundTripper.request to extend conformance testutil ability to send request with body. by @zetxqx in #3853
• Infer SupportedFeatures in Conformance Tests (GEP-2162) [#3759] by @bexxmodd in #3848
• Improve distribution tests in conformance for MeshHTTPRouteWeight by @carsontham in #3855
• feat(conformance): validate implementation flags by @mlavacca in #3715
• Issue 3138 - Conformance Tests for BackendTLSPolicy - normative by @candita in #3212
• Fix(conformance report) Add Skip test count in Conformance Report if RunTest is configured. by @zetxqx in #3966
• Add Conformance test for Invalid BackendTLSPolicy TLS settings by @kl52752 in #3930
• Improve distribution tests in conformance for HTTPRouteWeight by @carsontham in #3880
• BackendTLSPolicy conformance tests for observedGeneration bump by @snorwin in #3997
• conformance: add test for optional address value by @EyalPazz in #3689
• BackendTLSPolicy conformance tests for ResolvedRefs status condition by @snorwin in #4010
• conformance: add test to check for proper cors allow-credentials behvior by @EyalPazz in #3990
• Add Conformance tests for BackendTLSPolicy validating SANs with Type dsnName by @kl52752 in #3983
• fix conformance test HTTPRouteWeight by @fabian4 in #4038
• BackendTLSPolicy conformance tests for conflict resolution by @snorwin in #4043
• Updated a new field on supported features inference from boolean to enum and remove from report. by @bexxmodd in #3885
• Add GRPCRoute weighted backendRefs test by @sarthyparty in #3962

Cleanup

• Remove unused dependabot config for Github actions by @FelipeYepez in #3816
• rm duplicate explanation by @naruse666 in #3780
• fix: remove misleading description by @snorwin in #3778
• Fix typo for the file name case type in GEP-2162 doc. by @bexxmodd in #3807
• fix(gep-1911): remove duplicated header in table by @davinkevin in #3818
• Fix godoc comment for GatewaySpecAddress by @syw14 in #3845
• Updated index.md to reflect changes in GEP-2162 by @bexxmodd in #3898
• GEP-3792 and GEP-3793 title fixes 🤦‍♂️ by @kflynn in #3870
• docs: fix typo and add contents about "ngrok Kubernetes Operator" by @Seo-yul in #3874
• docs: Fix links to nonexistent anchors by @blake in #3862
• kubecon talk link updated. by @kundan2707 in #3660
• Fix Godoc for BackendTLSPolicyValidation struct for Hostname field by @mayuka-c in #3923
• Fix malformed URL typo in index.md by @HaeyoonJo in #3926
• Lint required optional by @rikatz in #3929
• Fix Gateway API community meeting schedule documentation by @jgreeer in #3975
• ListenerSet adjust PortNumber kubebuilder validations by @dprotaso in #3750
• Fix OpenAPI validations by adding API list markers by @erikgb in #3964
• fix typo by @maheshrijal in #3976
• Add gateway class label to generated objects by @howardjohn in #3955
• Change to ignore Mesh features in GWC instead of erroring out. by @bexxmodd in #3938
• fix(docs): remove unnecessary array in incorrect example @ gep-1767 by @EyalPazz in #3991
• Update devguide.md to include docker as a pre-req for verify by @PronomitaDey in #4000
• Add ResolvedRefs condition for BackendTLSPolicy by @snorwin in #3994
• Update status fields with clearer definitions by @youngnick in #4008
• Add API changes for HTTP External Auth by @youngnick in #4001
• remove http non mesh features from mesh profile by @LiorLieberman in #4029
• Move BackendTLS configuration to GatewayTLSConfig by @kl52752 in #4009
• Fix cors cel by @rikatz in #4032
• simplify BackendTLSPolicy test infrastructure and remove unnecessary code by @snorwin in #4016
• Upgrade dependencies to K8s 1.34 by @erikgb in #4044
• chore(build): Clean up excessive warnings from "make generate" by @kflynn in #4045
• Update release manager role description by @youngnick in #4040
• Clarify terminology for gateway TLS by @kl52752 in #4036
• add BackendTLSPolicyExtendedFeatures to AllFeatures list by @snorwin in #4047
• Fix PortNumber type to support controller-gen by @erikgb in #4049
• prevent controller-runtime stack traces logger by @aojea in #4054
• Add new BackendTLSPolicy configuration options to documentation by @08volt in #3563
• Add default timeout to UDPRoute test and improve logs by @cnvergence in #4027
• API for default Gateways by @kflynn in #4031
• Improve some ListenetSet gep descriptions by @rikatz in #3978
• Update index.md field after moving BackendTLS struct by @kl52752 in #4041
• concepts/tooling.md: Add Headlamp tool by @illume in #4083

New Contributors

• @szviagintsev made their first contribution in #3782
• @jonstacks made their first contribution in #3784
• @naruse666 made their first contribution in #3780
• @08volt made their first contribution in #3564
• @bexxmodd made their first contribution in #3807
• @davinkevin made their first contribution in #3818
• @FelipeYepez made their first contribution in #3816
• @samcrichard made their first contribution in #3775
• @dawid-nowak made their first contribution in #3813
• @syw14 made their first contribution in #3845
• @zetxqx made their first contribution in #3853
• @arihantg made their first contribution in #3844
• @Seo-yul made their first contribution in #3874
• @carsontham made their first contribution in #3855
• @rostislavbobo made their first contribution in #3872
• @mayuka-c made their first contribution in #3923
• @rikatz made their first contribution in #3917
• @HaeyoonJo made their first contribution in #3926
• @furykerry made their first contribution in #3968
• @jgreeer made their first contribution in #3975
• @erikgb made their first contribution in #3964
• @maheshrijal made their first contribution in #3976
• @PronomitaDey made their first contribution in #4000
• @idebeijer made their first contribution in #4018
• @fabian4 made their first contribution in #4038
• @sarthyparty made their first contribution in #3962
• @aaronjwood made their first contribution in #3906
• @illume made their first contribution in #4083

Full Changelog: v1.3.0...v1.4.0-rc.1