Update dependency kubernetes-sigs/gateway-api to v1 #159
+1
−1
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.4.3&timeout=90s
->v1.2.0
Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Release Notes
kubernetes-sigs/gateway-api (kubernetes-sigs/gateway-api)
v1.2.0
Compare Source
On behalf of Kubernetes SIG Network, we are excited to announce the release of v1.2!
This release includes the graduation of 3 features to the standard channel and the introduction of 4 new features to the experimental channel, along with several improvements in many project areas.
Breaking Changes
GRPCRoute
andReferenceGrant
v1alpha2
removalAs per a previous deprecation notice, in this version, both Experimental
and Standard channel CRDs will no longer serve the
v1alpha2
versionsof
GRPCRoute
andReferenceGrant
.#3361
Upgrades
Before upgrading to Gateway API v1.2, you'll want to confirm that any
implementations of Gateway API have been upgraded to support the
v1
APIversion of these resources instead of the
v1alpha2
API version. Note thateven if you've been using
v1
in your YAML manifests, a controller may still beusing
v1alpha2
which would cause it to fail during this upgrade.Once you've confirmed that the implementations you're relying on have upgraded
to v1, it's time to install the v1.2 CRDs. In most cases, this will work without
any additional effort.
If you ran into issues installing these CRDs, it likely means that you have
v1alpha2
in thestoredVersions
of one or both of these CRDs. This field isused to indicate which API versions have ever been used to persist one of these
resources. Unfortunately, this field is not automatically pruned. To check these
values, you can run the following commands:
If either of these return a list that includes "v1alpha2", it means that we need
to manually remove that version from
storedVersions
.Before doing that, it would be good to ensure that all your ReferenceGrants and
GRPCRoutes have been updated to the latest storage version:
Now that all your ReferenceGrant and GRPCRoute resources have been updated to
use the latest storage version, you can patch the ReferenceGrant and GRPCRoute
CRDs:
With these steps complete, upgrading to the latest GRPCRoute and ReferenceGrant
should work well now.
Experimental Channel: GatewayClass Supported Features
The Experimental
supportedFeatures
field in GatewayClassstatus
has changedfrom being a list of strings to being a list of objects/structs with a
name
field.
This is to allow adding in extra information to each entry at a later date.
Relevant PRs:
objects by @LiorLieberman in
#3200
Changes since v1.2.0-rc2
There was one small change since RC2 - the Gateway Infrastructure conformance
test has been marked as provisional as we're not sure that the same-namespace
requirement imposed by this test is necessary. #3373
Release Cycle changes
This was our first release using a new release
cycle that is
meant to make Gateway API releases more frequent and predictable.
There are now four phases:
of features we want to include in the release. A key deliverable here is
ensuring that the Experimental channel does not get any bigger than it already
is; we want to ensure that features make their way to Standard or are removed.
solidify and meet graduation criteria for in-scope GEPs.
changes from GEPs into changes to both the API specification and
documentation.
required upstream reviews, get any further required changes in, and release
our release candidates so that implementations can get started with work on
the new features asap.
For all the detail about this, please see the Release Cycle
docs.
Relevant PRs:
#3063
Standard Channel Additions and Changes
The Standard channel is Gateway API's set of maximally-stable install files.
Only features with the best testing and support are added to the standard
channel. This channel should be considered GA or stable, and future changes will
be fully backwards compatible.
Infrastructure Labels and Annotations 🎉
GEP-1867 added an
infrastructure
stanza to Gateway objects that is intended to carryinfrastructure configuration specific to that Gateway object.
GEP-1762 adds a section for
labels
andannotations
to this stanza that specifies labels and annotationsto be annotated to all resources created to fulfill that Gateway request.
This feature can be used to affect the labels and annotations created on
LoadBalancer Services by in-cluster implementations to fulfill the Gateway
contract or by Cloud Load Balancing resources created by Cloud Providers.
This feature has graduated to Standard and is now considered GA or Stable.
This feature's name for conformance tests and GatewayClass status reporting is
GatewayInfrastructurePropagation
.This feature's status is Extended, meaning that it is optional for
implementations to support. If you're using Experimental Channel, you can refer
to the
supportedFeatures
field in thestatus
of any GatewayClass.Relevant PRs:
#3272
@snorwin in #3284
HTTPRoute Timeouts and Durations 🎉
The HTTPRoute
Timeouts
field on Route Rules has graduated to Standard and isnow considered GA or Stable.
This field allows you to configure overall Request Timeouts as well as Backend
Request Timeouts. For more information, refer to GEP
1742.
The relevant feature names this for conformance tests and GatewayClass status
reporting are:
HTTPRouteRequestTimeout
forhttproute.spec.rules[].timeouts.request
HTTPRouteBackendTimeout
forhttproute.spec.rules[].timeouts.backendRequest
This feature's status is Extended, meaning that it is optional for
implementations to support. If you're using Experimental Channel, you can refer
to the
supportedFeatures
field in thestatus
of any GatewayClass.Relevant PRs:
#3210
#3271
BackendProtocol Support 🎉
The previous coordinated work across both Gateway API and upstream Kubernetes
which defined 3 new values for the AppProtocol field on Service Ports has
graduated to Standard and is now considered GA or Stable.
The values are:
kubernetes.io/h2c
- HTTP/2 over cleartext as described inRFC7540
kubernetes.io/ws
- WebSocket over cleartext as described inRFC6445
kubernetes.io/wss
- WebSocket over TLS as described inRFC6455
These can now be used with Gateway API to describe the protocol to use for
connections to Kubernetes Services. For more information, refer to GEP
1911.
The relevant feature names this for conformance tests and GatewayClass status
reporting are:
HTTPRouteBackendProtocolH2C
for H2C support, whenservice.spec.ports[].appProtocol
iskubernetes.io/h2c
.HTTPRouteBackendProtocolWebSocket
for Websocket support, whenservice.spec.ports[].appProtocol
iskubernetes.io/ws
orkubernetes.io/wss
.This feature's status is Extended, meaning that it is optional for
implementations to support. If you're using Experimental Channel, you can refer
to the
supportedFeatures
field in thestatus
of any GatewayClass.Relevant PRs:
HTTPRoute Extended Conformance by @dprotaso in
#3108
Other Standard channel changes
#3205
GatewayClassConditionReason "InvalidParameters" should be preferred by
@mikemorris in
#3048
have any healthy endpoints by @dprotaso in
#3121
#2263
#3166
@gauravkghildiyal in
#3195
#3185
Experimental Channel Additions and Changes
The Experimental Channel is Gateway API's channel for testing out changes and
gaining confidence with them before allowing them to go to Standard.
This channel may include features that are changed or removed later!
HTTPRoute Retry support
GEP-1731 described how to add
configuration of retries on HTTPRoute objects, and in this release, this change
has moved to Experimental.
Please see the GEP reference document or the API reference for the details.
This feature has graduated to Experimental amd should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.
This feature does not currently have a feature name defined.
This feature's status is Extended, meaning that it is optional for
implementations to support.
As there is no feature name or conformance tests available for this feature as
yet, please see your implementation's documentation to see if it is supported.
Relevant PRs:
#3301
retry
stanza within HTTPRouteRule to configure retrying unsuccessfulrequests to backends before sending a response to a client by @mikemorris in
#3199
Percentage-based request mirroring
The existing Request Mirroring feature has been enhanced by allowing users to
specify a percentage of requests they'd like mirrored. These changes are
described in GEP-3171.
Please see the GEP reference document or the API reference for the details.
This feature has graduated to Experimental amd should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.
This feature does not currently have a feature name defined.
This feature's status is Extended, meaning that it is optional for
implementations to support.
As there is no feature name or conformance tests available for this feature as
yet, please see your implementation's documentation to see if it is supported.
Relevant PRs:
#3178
#3283
#3302
Improvements to backend TLS configuration
Some changes have been made to Gateway API's support for configuring TLS
connections between the Gateway and backends.
Gateway has a new Experimental field that contains configuration for the client
certificate Gateways should use when connecting to Backends.
The existing BackendTLSPolicy object has had additions as well:
See GEP-3155 for all the
details.
This feature has graduated to Experimental amd should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.
This feature does not currently have a feature name defined.
This feature's status is Extended, meaning that it is optional for
implementations to support.
As there is no feature name or conformance tests available for this feature as
yet, please see your implementation's documentation to see if it is supported.
Relevant PRs:
#3180
#3304
Named Route Rules
All Route Rule types (GRPCRouteRule, HTTPRouteRule, TCPRouteRule, TLSRouteRule
and UDPRouteRule) have had a new, optional
name
field to support referencingindividual rules by name.
This name, if present, may be used in
status
and logging to indicate whichroute rule is being referenced in messages in a more readable way than an array
index.
This feature has graduated to Experimental amd should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.
This feature does not currently have a feature name defined.
This feature's status is Extended, meaning that it is optional for
implementations to support.
As there is no feature name or conformance tests available for this feature as
yet, please see your implementation's documentation to see if it is supported.
Relevant PRs:
#2985
3299
Other specification changes
#3127
#3186
#3192
#3218
@sanposhiho in
#3215
#3227
by @mlavacca in
#3153
#3252
in #3257
#3073
#3083
Leadership changes
In this release timeframe, Gateway API has been working on building our
contributor pool and promoting more contributors up our contributor ladder.
Congratulations to @mlavacca on being promoted into the core Gateway API
maintainer team!
Thanks to @keithmattix for all your work as one of the GAMMA leads, and
congratulations to @mikemorris on being promoted into the GAMMA lead team.
We've added two new GEP Reviewers: @kflynn and @arkodg
Also promoted in the conformance team:
Last but most certainly not least, @guicassolato has become a reviewer for
gwctl
.Congratulations to everyone on the promotions, and thanks for your continued
contributions to the Gateway API community!
Relevant PRs:
in #3109
#3231
#3253
#3254
#3255
#3296
#3303
Testing
Name. The API Channel has been set as a field for such a struct in
#3287
#3095
gwctl
In this release, gwctl is moving to a separate repo:
kubernetes-sigs/gwctl. This will
enable a more flexible and independent release process. Significant new updates
are coming to gwctl, follow the new repo for the latest updates on that project.
Although these changes won't be part of Gateway API v1.2 and will instead be
part of the separate gwctl release, we're noting them as they were merged while
the project was part of this repo:
InheritedPolicies by @gauravkghildiyal in
#3198
(using the
--for
flag) by @gauravkghildiyal in#3068
#3051
gwctl describe httproute <NAME>
now includes more details by@gauravkghildiyal in
#3181
Print
inBackendsPrinter with
PrintTable
by @deszhou in#3129
methods of other resources @deszhou in
#3076
#3136
#3145
Documentation Changes
#3066
#3067
#3085
#3084
#3113
in #3114
#3107
#3105
#3135
#3126
#3163
#3202
#3236
#3238
#3240
#3179
#3261
#3241
#3264
#3319
#3316
#3315
#3359
Testing and Conformance changes
#3119
request by @ciarams87 in
#3130
#3153
#3088
#3243
#3167
#3211
#3110
during a failed test by @TheInvincibleRalph in
#3286
#3317
#3343
#3350
New Contributors
#3083
#3085
#3105
#3152
#3130
#2263
#3218
#3215
#3178
#3180
#3238
#3257
#3211
#3261
#3289
#3286
#3315
Dependencies
Added
0393e58
Changed
v2.3.0
555b57e
1eb8caa
v1.2.1
v1.1.62
f48c80b
→bda5523
6ceb2ff
→ef581f9
6ceb2ff
→ef581f9
6ceb2ff
→f966b18
Removed
v1.1.0
Compare Source
v1.1.0
On behalf of Kubernetes SIG Network, we are pleased to announce the v1.1 release!
This release includes the graduation of several features to GA, including both
GRPCRoute and Service Mesh. We are also introducing several new experimental
features, including Session Persistence and Gateway Client Cert Verification.
The following represents the changes since v1.0.0:
Standard Channel
GRPCRoute has Graduated to GA 🎉
GRPCRoute has graduated to GA (v1) and is now part of the Standard Channel. If
you are already using the experimental version GRPCRoute, we recommend holding
off on upgrading to the standard channel version of GRPCRoute until the
controllers you're using have been updated to support GRPCRoute v1. Until then,
it is safe to upgrade to the experimental channel version of GRPCRoute in v1.1
that includes both v1alpha2 and v1 API versions.
Leading Contributor: @gnossen
Service Mesh Support has Graduated to GA 🎉
The standard for using Gateway API for Mesh has formally graduated to GA (v1)
and is now part of the Standard Channel.
Service mesh support in Gateway API allows service mesh users to use the same
API to manage ingress traffic and mesh traffic, reusing the same policy and
routing interfaces. In Gateway API v1.1, routes (such as HTTPRoute) can now have
a
Service
as aparentRef
, to control how traffic to specific servicesbehave. For more information, read the service
mesh documentation or see the list of
implementations.
Leading Contributors: @howardjohn, @keithmattix, @kflynn, @mikemorris
Conformance Profiles and Reports
The Conformance Reports API and the corresponding test suite have been graduated
to GA. The Conformance report API has been expanded with the
mode
field(intended to specify the working mode of the implementation), and the
gatewayAPIChannel
(standard or experimental). ThegatewayAPIVersion
andgatewayAPIChannel
are now filled in automatically by the suite machinery,along with a brief description of the testing outcome. The Reports have been
reorganized in a more structured way, and the implementations can now add
information on how the tests have been run and provide reproduction steps.
Leading Contributors: @mlavacca, @shaneutt
ParentRef Port field Graduated to GA
The
port
field in ParentRefs has graduated to GA (v1) and is now part of theStandard Channel. You can use the
port
field to attach resources to Gateways,Services, or other parent resources. For example, you can attach an HTTPRoute to
one or more specific Listeners of a Gateway based on the Listener
port
,instead of
name
field.Leading Contributor: @frankbu
Experimental Channel
Session Persistence + BackendLBPolicy
Session Persistence is being introduced to Gateway API via a new policy
(BackendLBPolicy) for Service-level configuration and as fields within HTTPRoute
and GRPCRoute for Route-level configuration. The BackendLBPolicy and Route-level
APIs provide the same session persistence configuration, including session
timeouts, session name, session type, and cookie lifetime type.
Leading Contributors: @gcs278, @ginayeh
Gateway Client Cert Verification
Gateways can now configure client cert verification for each Gateway Listener by
introducing a new field
frontendValidation
field withintls
. This fieldsupports configuring a list of CA Certificates that can be used as a trust
anchor to validate the certificates presented by the client.
Leading Contributors: @arkodg
BackendTLSPolicy
As part of a broader goal of making our TLS terminology more consistent
throughout the API, we've introduced some breaking changes to BackendTLSPolicy.
This has resulted in a new API version (v1alpha3) and will require any existing
users of this policy to uninstall the v1alpha2 version before installing this
newer version.
Any references to v1alpha2 BackendTLSPolicy fields will need to be updated.
Specific changes include:
targetRef
field is now atargetRefs
list and these references nolonger include a
namespace
field.tls
field has been renamed tovalidation
caCertRefs
field has been renamed tocaCertificateRefs
wellKnownCACerts
field has been renamed towellKnownCACertificates
Leading Contributors: @candita
Gateway Params
Gateways now feature a new field that allows references to
implementation-specific parameters, similar to GatewayClass.
Leading Contributors: @howardjohn
Everything Else
gwctl
get
command to support gateways, gatewayclasses, andnamespaces. (#2865, #2782, #2847, @jongwooo)
get
command now provides more detailed information for httproutes,policies, and policycrds. (#2805, #2808, #2811, @jongwooo)
describe
command now supports descriptions of policycrds and namespaces.(#2872, #2836, @Devaansh-Kumar)
-l
flag) with both the
get
anddescribe
commands. (#2892, #2915, #2934,@yeedove)
(#2894, @pmalek)
@yashvardhan-kukreja)
Validation Changes
flexible TLS configuration. (#2721, @robscott)
Conformance Tests
Mesh-GRPC
profile has beenadded (#3019, @mlavacca):
HTTPRoute status includes an "Accepted: False" condition because this is not
required by the specification. (#2548, @frankbu)
extended features supported by every implementation that has submitted a
conformance report (#2874, @xtineskim)
features to more clearly communicate the purpose of existing Mesh conformance
tests (#3035, @howardjohn)
Dependencies
Cleanup
CRDs and replaces the webhook. (#2595, @robscott)
implementation-specific support (#2741, @sunjayBhatia)
names. (#2442, @maleck13)
v1.0.0
Compare Source
On behalf of Kubernetes SIG Network, we are pleased to announce the v1.0 release!
This release marks a huge milestone for this project. Several key APIs are
graduating to GA (generally available), while other significant features have
been added to the Experimental channel.
It's been four years since this project began, and we would never have gotten
here without the support of a dedicated and active community. The maintainers
would like to thanks everyone who's contributed to Gateway API, whether in the
form of commits to the repo, discussion, ideas, or general support. We literally
couldn't have gotten this far without you.
This project is nowhere near finished, as you can see from the large amount of
features being added into the Experimental Channel. With such a big set of
things still to do, contributors and contributions are more vital than ever.
Please feel welcome to join our community!!
Gateway, GatewayClass, and HTTPRoute are GA 🎉
Gateway, GatewayClass, and HTTPRoute have all graduated to GA with a
v1
APIversion. Although these APIs will continue to grow with future additions, the
versions of these resources available via the Standard Channel are stable and
recommended for use in production. Many implementations are fully passing
conformance tests that cover the functionality of each of these resources. These
APIs are graduating to GA with only minor spec clarifications since the v0.8.0
release.
CEL Migration
Starting in v0.8.0, Gateway API CRDs now include CEL validation. In this release
the validating webhook is no longer bundled with CRD installation. Instead we
include a separate
webhook-install.yaml
file as part of the release artifacts.If you're running Kubernetes 1.25+, we do not recommend installing the webhook
and additionally suggest that you uninstall any previously installed versions of
the webhook.
If you're still running Kubernetes 1.23 or 1.24, we recommend installing the
webhook until you can upgrade to Kubernetes 1.25 or newer.
New Experimental Features
There are several exciting new experimental features in this release:
BackendTLSPolicy
A new
BackendTLSPolicy
resource has been introduced for configuring TLSconnections from Gateways to Backends. This allows you to configure the Gateway
to validate the certificates served by Backends. For more information, refer to
GEP 1897.
Primary Author: @candita
HTTPRoute Timeouts
HTTPRoute has a new
Timeouts
field on Route Rules. This allows you toconfigure overall Request Timeouts as well as Backend Request Timeouts. For more
information, refer to GEP 1742.
Primary Authors: @frankbu, @SRodi
Gateway Infrastructure Labels
Gateway has a new
Infrastructure
field that allows you to specifyLabels
orAnnotations
that you'd like to be propagated to each resource generated for aGateway. For example, these labels and annotations may be copied to Services and
Deployments provisioned for in-cluster Gateways, or to other
implementation-specific resources, such as Cloud Load Balancers. For more
information, refer to GEP 1762.
Primary Author: @howardjohn
WebSockets, HTTP/2, and More
Some coordinated work across both Gateway API and upstream Kubernetes has
defined 3 new values for the AppProtocol field on Service Ports:
kubernetes.io/h2c
- HTTP/2 over cleartext as described inRFC7540
kubernetes.io/ws
- WebSocket over cleartext as described inRFC6445
kubernetes.io/wss
- WebSocket over TLS as described inRFC6455
These can now be used with Gateway API to describe the protocol to use for
connections to Kubernetes Services. For more information, refer to GEP 1911.
A new CLI tool: gwctl
An experimental new CLI tool and kubectl plugin, gwctl aims to improve the UX
when interacting with Gateway API. Initially it is focused on Policy Attachment,
making it easier to understand which policies are available in a cluster, and
which have been applied. In future releases, we hope to expand the scope of this
tool to provide more detailed responses when getting and describing Gateway API
resources. Note that this tool is still in very early stages and it's very
likely that future releases will include breaking changes for gwctl. For more
information, refer to the gwctl Readme.
Primary Author: @gauravkghildiyal
Everything Else
Of course there's a lot more in this release:
Spec Clarifications
the number of Routes associated with a Listener regardless of Gateway or Route
status. (#2396, @sunjayBhatia)
describe the recommendation that at most one Listener matches a request, and
only Routes attached to that Listener are used for routing. (#2465, @robscott)
both need to specify a distinct SectionName, both need to specify a distinct
Port, or both. (#2433, @robscott)
distinct
(#2436,@youngnick)
Status
supportedFeatures
field has beenadded. Implementations should populate this with the features they support.
(#2461, @Liorlieberman, @robscott)
be set when a GatewayClass is accepted. (#2384, @robscott)
types. This condition also includes guidance for how partially invalid states
should be handled with Gateway API. (#2429, @robscott)
GatewayReasonUnsupportedAddress
forAccepted
now ONLYapplies when an address type is provided for a
Gateway
which it does notsupport.
(#2412 @shaneutt)
GatewayReasonAddressNotAssigned
forProgrammed
nowONLY applies to problems with dynamic address allocation.
(#2412 @shaneutt)
GatewayReasonAddressNotUsable
forProgrammed
has beenadded to deal with situations where a static address has been provided for a
Gateway which is of a supported type, and is syntactically valid, but for some
reason it can not be used for this Gateway (e.g. the address is already in use
on the network).
(#2412 @shaneutt)
Documentation
(#2454, @youngnick)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.