New Features
- Adds the ability to recover if the Kubernetes API server is unreachable once the gloo pod comes up. The
MAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVERenvironment variable defines the maximum duration the gloo pod can run and attempt to reconnect to the kube apiserver if it is unreachable. Exceeding this duration will lead to the pod quitting. To enable this feature, set theMAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVERenvironment variable to the desired duration in the gloo container. This can be done either by modifying the gloo deployment or by specifying thegloo.deployment.customEnv[0].Name=MAX_RECOVERY_DURATION_WITHOUT_KUBE_API_SERVERandgloo.deployment.customEnv[0].Value=60shelm values. (#8107)
Fixes
- Adds the
host_rewrite_headerto the route options to allow envoy to swapped the host header with the content of given downstream or custom header. Pay attention to the potential security implications of using this option. Provided header must come from trusted source. (#9579) - Previously, header names consisting of invalid characters such as '()[]:;,<=>' were accepted when passed via the healthCheck or headerManipulation
requestHeadersToAddparameter. This resulted in envoy throwing aninvalid header nameerror. Now, header names are validated according to RFC 9110, which is the same validation used by envoy. If a header name consisting of invalid characters is passed via the aforementioned parameters, it is caught and rejected in edge and does not propagate to envoy. (#9622) - Fix issue where Kube Gateway proxies would have errors regarding status logged constantly (https://github.com/solo-io/solo-projects/issues/6252)