Marked as pre-release due to mTLS mode regression (detailed in #3191) with v2 -> v3 envoy API migration. Will also remove an unnecessary component from the new Failover API added in this release.
New Features
- Define the API to specify Prioritized Failover in Gloo. This API allows for a user to define a list of endpoint sets which will be used in the case that the main upstream endpoint becomes unhealthy. Failover supports optional locality weighted load balancing which assigns additional weighted load balancing based on the locality assigned to each of the endpoint sets. (#3141)
- Default gateway proxy to running as non-root and disabling NET_BIND_SERVICE by default. (#3084)
- Enable certgen to run in a fully restricted kubernetes environment. Certgen now runs without root privileges. (#3084)
Fixes
- Expose a validation setting (
allowWarnings, defaulttrue) in the API and in helm that was intended to be exposed. When set to false, the validation webhook will begin rejecting resources that cause warnings in addition to resources that would cause errors. For this to take effect, note that the validation settingalwaysAcceptmust be set to false. (defaulttrue) (#3099) - Fix setting custom runAsUser during helm install via --set (#3152)