1# Changelog
2
3## Table of Contents
4
5- [v1.0.0][#v100]
6- [v1.0.0-rc2][#v100-rc2]
7- [v1.0.0-rc1][#v100-rc1]
8- [v0.8.1](#v081)
9- [v0.8.0](#v080)
10- [v0.8.0-rc2](#v080-rc2)
11- [v0.8.0-rc1](#v080-rc1)
12- [v0.7.1](#v071)
13- [v0.7.0](#v070)
14- [v0.7.0-rc2](#v070-rc2)
15- [v0.7.0-rc1](#v070-rc1)
16- [v0.6.2](#v062)
17- [v0.6.1](#v061)
18- [v0.6.0](#v060)
19- [v0.6.0-rc2](#v060-rc2)
20- [v0.6.0-rc1](#v060-rc1)
21- [v0.5.1](#v051)
22- [v0.5.0](#v050)
23- [v0.5.0-rc2](#v050-rc2)
24- [v0.5.0-rc1](#v050-rc1)
25- [v0.4.3](#v043)
26- [v0.4.2](#v042)
27- [v0.4.1](#v041)
28- [v0.4.0](#v040)
29- [v0.4.0-rc2](#v040-rc2)
30- [v0.4.0-rc1](#v040-rc1)
31- [v0.3.0](#v030)
32- [v0.2.0](#v020)
33- [v0.1.0](#v010)
34- [v0.1.0-rc2](#v010-rc2)
35- [v0.1.0-rc1](#v010-rc1)
36
37# v1.0.0
38
39On behalf of Kubernetes SIG Network, we are pleased to announce the v1.0 release!
40This release marks a huge milestone for this project. Several key APIs are
41graduating to GA (generally available), while other significant features have
42been added to the Experimental channel.
43
44It's been four years since this project began, and we would never have gotten
45here without the support of a dedicated and active community. The maintainers
46would like to thanks _everyone_ who's contributed to Gateway API, whether in the
47form of commits to the repo, discussion, ideas, or general support. We literally
48couldn't have gotten this far without you.
49
50This project is nowhere near finished, as you can see from the large amount of
51features being added into the Experimental Channel. With such a big set of
52things still to do, contributors and contributions are more vital than ever.
53Please feel welcome to join our
54[community!](https://gateway-api.sigs.k8s.io/contributing/)!
55
56## Gateway, GatewayClass, and HTTPRoute are GA 🎉
57
58Gateway, GatewayClass, and HTTPRoute have all graduated to GA with a `v1` API
59version. Although these APIs will continue to grow with future additions, the
60versions of these resources available via the Standard Channel are stable and
61recommended for use in production. Many implementations are fully passing
62conformance tests that cover the functionality of each of these resources. These
63APIs are graduating to GA with only minor spec clarifications since the v0.8.0
64release.
65
66## CEL Migration
67
68Starting in v0.8.0, Gateway API CRDs now include CEL validation. In this release
69the validating webhook is no longer bundled with CRD installation. Instead we
70include a separate `webhook-install.yaml` file as part of the release artifacts.
71
72If you're running Kubernetes 1.25+, we do not recommend installing the webhook
73and additionally suggest that you uninstall any previously installed versions of
74the webhook.
75
76If you're still running Kubernetes 1.23 or 1.24, we recommend installing the
77webhook until you can upgrade to Kubernetes 1.25 or newer.
78
79## New Experimental Features
80
81There are several exciting new experimental features in this release:
82
83### BackendTLSPolicy
84A new `BackendTLSPolicy` resource has been introduced for configuring TLS
85connections from Gateways to Backends. This allows you to configure the Gateway
86to validate the certificates served by Backends. For more information, refer to
87[GEP 1897](https://gateway-api.sigs.k8s.io/geps/gep-1897/).
88
89Primary Author: @candita
90
91### HTTPRoute Timeouts
92HTTPRoute has a new `Timeouts` field on Route Rules. This allows you to
93configure overall Request Timeouts as well as Backend Request Timeouts. For more
94information, refer to [GEP 1742](https://gateway-api.sigs.k8s.io/geps/gep-1742/).
95
96Primary Authors: @frankbu, @SRodi
97
98### Gateway Infrastructure Labels
99Gateway has a new `Infrastructure` field that allows you to specify `Labels` or
100`Annotations` that you'd like to be propagated to each resource generated for a
101Gateway. For example, these labels and annotations may be copied to Services and
102Deployments provisioned for in-cluster Gateways, or to other
103implementation-specific resources, such as Cloud Load Balancers. For more
104information, refer to [GEP
1051762](https://gateway-api.sigs.k8s.io/geps/gep-1762/).
106
107Primary Author: @howardjohn
108
109### WebSockets, HTTP/2, and More
110Some coordinated work across both Gateway API and upstream Kubernetes has
111defined 3 new values for the AppProtocol field on Service Ports:
112
113* `kubernetes.io/h2c` - HTTP/2 over cleartext as described in
114 [RFC7540](https://www.rfc-editor.org/rfc/rfc7540)
115* `kubernetes.io/ws` - WebSocket over cleartext as described in
116 [RFC6445](https://www.rfc-editor.org/rfc/rfc6455)
117* `kubernetes.io/wss` - WebSocket over TLS as described in
118 [RFC6455](https://www.rfc-editor.org/rfc/rfc6455)
119
120These can now be used with Gateway API to describe the protocol to use for
121connections to Kubernetes Services. For more information, refer to [GEP
1221911](https://gateway-api.sigs.k8s.io/geps/gep-1911/).
123
124### A new CLI tool: gwctl
125An experimental new CLI tool and kubectl plugin, gwctl aims to improve the UX
126when interacting with Gateway API. Initially it is focused on Policy Attachment,
127making it easier to understand which policies are available in a cluster, and
128which have been applied. In future releases, we hope to expand the scope of this
129tool to provide more detailed responses when getting and describing Gateway API
130resources. Note that this tool is still in very early stages and it's very
131likely that future releases will include breaking changes for gwctl. For more
132information, refer to the [gwctl
133Readme](https://github.com/kubernetes-sigs/gateway-api/tree/main/gwctl).
134
135Primary Author: @gauravkghildiyal
136
137## Everything Else
138
139Of course there's a lot more in this release:
140
141### Spec Clarifications
142- Clarify that the Gateway Listener status AttachedRoutes field is a count of
143 the number of Routes associated with a Listener regardless of Gateway or Route
144 status. (#2396, @sunjayBhatia)
145- Gateway: A new concept called "Listener Isolation" has been introduced to
146 describe the recommendation that at most one Listener matches a request, and
147 only Routes attached to that Listener are used for routing. (#2465, @robscott)
148- Experimental Channel: For ParentRefs to be considered distinct, they either
149 both need to specify a distinct SectionName, both need to specify a distinct
150 Port, or both. (#2433, @robscott)
151- Updated rules about Listener uniqueness to use the term `distinct` (#2436,
152 @youngnick)
153
154### Status
155- GatewayClass Status: A new experimental `supportedFeatures` field has been
156 added. Implementations should populate this with the features they support.
157 (#2461, @Liorlieberman, @robscott)
158- GatewayClass Status: A new SupportedVersion condition has been added that MUST
159 be set when a GatewayClass is accepted. (#2384, @robscott)
160- Route Status: A new "PartiallyInvalid" condition has been added for all Route
161 types. This condition also includes guidance for how partially invalid states
162 should be handled with Gateway API. (#2429, @robscott)
163- The condition reason `GatewayReasonUnsupportedAddress` for `Accepted` now ONLY
164 applies when an address type is provided for a `Gateway` which it does not
165 support.
166 (#2412 @shaneutt)
167- The condition reason `GatewayReasonAddressNotAssigned` for `Programmed` now
168 ONLY applies to problems with dynamic address allocation.
169 (#2412 @shaneutt)
170- The condition reason `GatewayReasonAddressNotUsable` for `Programmed` has been
171 added to deal with situations where a static address has been provided for a
172 Gateway which is of a supported type, and is syntactically valid, but for some
173 reason it can not be used for this Gateway (e.g. the address is already in use
174 on the network).
175 (#2412 @shaneutt)
176
177### Documentation
178- A guide for Gateway API implementers is now included in the specification.
179 (#2454, @youngnick)
180- Gateway API versioning will continue to rely on two release channels -
181 Standard and Experimental. New resources will start in the Experimental
182 Channel with an alpha API Version and then graduate to the Standard Channel
183 with a GA API version. Resources that already have Beta API versions will
184 continue to have them, but no additional Gateway API resources will get a Beta
185 API version. (#2446, @robscott)
186
187### Cleanup
188- Validating Webhook logs now use `Errorf` instead of `Fatalf`. (#2361, @yylt)
189
190### Bug Fixes
191* CEL validation for BackendTLSPolicy was fixed with corresponding tests added
192 (#2491, @ygnas)
193* Fixes the API version for `ReferenceGrant` from `v1` to `v1beta1` in the
194 `GatewaySecretInvalidReferenceGrant` conformance test YAML (#2494, @arkodg)
195* Gateway infrastructure field is now a pointer (#2508, @danehans)
196
197## Conformance Tests
198* h2c Backend Protocol conformance tests were added (#2456, @dprotaso)
199* WebSocket Backend Protocol conformance tests were added (#2495, @dprotaso)
200* New conformance test for Gateway Status AttachedRoutes (#2477, @danehans)
201* Implemented the `ExemptFeatures` field for Experimental Conformance Profiles
202 (#2515, @arkodg)
203
204### Other (Cleanup or Flake)
205- Resources related to the validating webhook such as the `gateway-system`
206 namespace and the `gateway-api-admission-server` deployment have been removed
207 from the installation manifests, in favor of CEL based Validations that are
208 built into the CRD definition. These are still available in
209 `webhook-install.yaml` in case you would like to optionally install them.
210 (#2401, @arkodg)
211
212# v1.0.0-rc2
213
214The working group expects that this release candidate is quite close to the
215final v0.8.0 release. However, breaking API changes are still possible.
216
217This release candidate is suitable for implementors, but the working group does
218not recommend shipping products based on a release candidate API due to the
219possibility of incompatible changes prior to the final release. The following
220represents the changes since v1.0.0-rc1:
221
222## Bug Fixes
223* CEL validation for BackendTLSPolicy was fixed with corresponding tests added
224 (#2491, @ygnas)
225* Fixes the API version for `ReferenceGrant` from `v1` to `v1beta1` in the
226 `GatewaySecretInvalidReferenceGrant` conformance test YAML (#2494, @arkodg)
227* Gateway infrastructure field is now a pointer (#2508, @danehans)
228
229## Conformance Tests
230* h2c Backend Protocol conformance tests were added (#2456, @dprotaso)
231* WebSocket Backend Protocol conformance tests were added (#2495, @dprotaso)
232* New conformance test for Gateway Status AttachedRoutes (#2477, @danehans)
233* Implemented the `ExemptFeatures` field for Experimental Conformance Profiles
234 (#2515, @arkodg)
235
236# v1.0.0-rc1
237
238The working group expects that this release candidate is quite close to the
239final v0.8.0 release. However, breaking API changes are still possible.
240
241This release candidate is suitable for implementors, but the working group does
242not recommend shipping products based on a release candidate API due to the
243possibility of incompatible changes prior to the final release. The following
244represents the changes since v0.8.0-rc1:
245
246## Gateway, GatewayClass, and HTTPRoute are GA 🎉
247
248Gateway, GatewayClass, and HTTPRoute have all graduated to GA with a `v1` API
249version. Although these APIs will continue to grow with future additions, the
250versions of these resources available via the Standard Channel are stable and
251recommended for use in production. Many implementations are fully passing
252conformance tests that cover the functionality of each of these resources. These
253APIs are graduating to GA with only minor spec clarifications since the v0.8.0
254release.
255
256## CEL Migration
257
258Starting in v0.8.0, Gateway API CRDs now include CEL validation. In this release
259the validating webhook is no longer bundled with CRD installation. Instead we
260include a separate `webhook-install.yaml` file as part of the release artifacts.
261
262If you're running Kubernetes 1.25+, we do not recommend installing the webhook
263and additionally suggest that you uninstall any previously installed versions of
264the webhook.
265
266If you're still running Kubernetes 1.23 or 1.24, we recommend installing the
267webhook until you can upgrade to Kubernetes 1.25 or newer.
268
269## New Experimental Features
270
271There are several exciting new experimental features in this release:
272
273### BackendTLSPolicy
274A new `BackendTLSPolicy` resource has been introduced for configuring TLS
275connections from Gateways to Backends. This allows you to configure the Gateway
276to validate the certificates served by Backends. For more information, refer to
277[GEP 1897](https://gateway-api.sigs.k8s.io/geps/gep-1897/).
278
279Primary Author: @candita
280
281### HTTPRoute Timeouts
282HTTPRoute has a new `Timeouts` field on Route Rules. This allows you to
283configure overall Request Timeouts as well as Backend Request Timeouts. For more
284information, refer to [GEP 1742](https://gateway-api.sigs.k8s.io/geps/gep-1742/).
285
286Primary Authors: @frankbu, @SRodi
287
288### Gateway Infrastructure Labels
289Gateway has a new `Infrastructure` field that allows you to specify `Labels` or
290`Annotations` that you'd like to be propagated to each resource generated for a
291Gateway. For example, these labels and annotations may be copied to Services and
292Deployments provisioned for in-cluster Gateways, or to other
293implementation-specific resources, such as Cloud Load Balancers. For more
294information, refer to [GEP
2951762](https://gateway-api.sigs.k8s.io/geps/gep-1762/).
296
297Primary Author: @howardjohn
298
299### WebSockets, HTTP/2, and More
300Some coordinated work across both Gateway API and upstream Kubernetes has
301defined 3 new values for the AppProtocol field on Service Ports:
302
303* `kubernetes.io/h2c` - HTTP/2 over cleartext as described in
304 [RFC7540](https://www.rfc-editor.org/rfc/rfc7540)
305* `kubernetes.io/ws` - WebSocket over cleartext as described in
306 [RFC6445](https://www.rfc-editor.org/rfc/rfc6455)
307* `kubernetes.io/wss` - WebSocket over TLS as described in
308 [RFC6455](https://www.rfc-editor.org/rfc/rfc6455)
309
310These can now be used with Gateway API to describe the protocol to use for
311connections to Kubernetes Services. For more information, refer to [GEP
3121911](https://gateway-api.sigs.k8s.io/geps/gep-1911/).
313
314### A new CLI tool: gwctl
315An experimental new CLI tool and kubectl plugin, gwctl aims to improve the UX
316when interacting with Gateway API. Initially it is focused on Policy Attachment,
317making it easier to understand which policies are available in a cluster, and
318which have been applied. In future releases, we hope to expand the scope of this
319tool to provide more detailed responses when getting and describing Gateway API
320resources. Note that this tool is still in very early stages and it's very
321likely that future releases will include breaking changes for gwctl. For more
322information, refer to the [gwctl
323Readme](https://github.com/kubernetes-sigs/gateway-api/tree/main/gwctl).
324
325Primary Author: @gauravkghildiyal
326
327## Everything Else
328
329Of course there's a lot more in this release:
330
331### Spec Clarifications
332- Clarify that the Gateway Listener status AttachedRoutes field is a count of
333 the number of Routes associated with a Listener regardless of Gateway or Route
334 status. (#2396, @sunjayBhatia)
335- Gateway: A new concept called "Listener Isolation" has been introduced to
336 describe the recommendation that at most one Listener matches a request, and
337 only Routes attached to that Listener are used for routing. (#2465, @robscott)
338- Experimental Channel: For ParentRefs to be considered distinct, they either
339 both need to specify a distinct SectionName, both need to specify a distinct
340 Port, or both. (#2433, @robscott)
341- Updated rules about Listener uniqueness to use the term `distinct` (#2436,
342 @youngnick)
343
344### Status
345- GatewayClass Status: A new experimental `supportedFeatures` field has been
346 added. Implementations should populate this with the features they support.
347 (#2461, @Liorlieberman, @robscott)
348- GatewayClass Status: A new SupportedVersion condition has been added that MUST
349 be set when a GatewayClass is accepted. (#2384, @robscott)
350- Route Status: A new "PartiallyInvalid" condition has been added for all Route
351 types. This condition also includes guidance for how partially invalid states
352 should be handled with Gateway API. (#2429, @robscott)
353- The condition reason `GatewayReasonUnsupportedAddress` for `Accepted` now ONLY
354 applies when an address type is provided for a `Gateway` which it does not
355 support.
356 (#2412 @shaneutt)
357- The condition reason `GatewayReasonAddressNotAssigned` for `Programmed` now
358 ONLY applies to problems with dynamic address allocation.
359 (#2412 @shaneutt)
360- The condition reason `GatewayReasonAddressNotUsable` for `Programmed` has been
361 added to deal with situations where a static address has been provided for a
362 Gateway which is of a supported type, and is syntactically valid, but for some
363 reason it can not be used for this Gateway (e.g. the address is already in use
364 on the network).
365 (#2412 @shaneutt)
366
367### Documentation
368- A guide for Gateway API implementers is now included in the specification.
369 (#2454, @youngnick)
370- Gateway API versioning will continue to rely on two release channels -
371 Standard and Experimental. New resources will start in the Experimental
372 Channel with an alpha API Version and then graduate to the Standard Channel
373 with a GA API version. Resources that already have Beta API versions will
374 continue to have them, but no additional Gateway API resources will get a Beta
375 API version. (#2446, @robscott)
376
377### Cleanup
378- Validating Webhook logs now use `Errorf` instead of `Fatalf`. (#2361, @yylt)
379
380### Other (Cleanup or Flake)
381- Resources related to the validating webhook such as the `gateway-system`
382 namespace and the `gateway-api-admission-server` deployment have been removed
383 from the installation manifests, in favor of CEL based Validations that are
384 built into the CRD definition. These are still available in
385 `webhook-install.yaml` in case you would like to optionally install them.
386 (#2401, @arkodg)
387
388
389# v0.8.1
390
391This is a patch release that includes small bug fixes and a new conformance test
392as a follow up to the v0.8.0 release.
393
394## Changes by Kind
395
396### Bug Fixes
397
398- Fix CEL validation not handling missing listener hostname correctly. (#2370,
399 @frankbu)
400- Fix IPv6 parsing in conformance tests (#2375, @keithmattix)
401
402### Conformance Tests
403
404- Add conformance test for multiple mirror filters. (#2359, @levikobi)
405
406# v0.8.0
407
408## Major Themes
409
410### GAMMA (Service Mesh)
411Service mesh support per the GAMMA initiative has moved to **experimental** in
412`v0.8.0`. As an experimental API, **it is still possible that this will
413change**; the working group does not recommend shipping products based on any
414experimental API.
415
416When using the Gateway API to configure a service mesh, the Gateway and
417GatewayClass resources are not used (as there will typically only be one mesh
418in the cluster) and, instead, individual route resources are associated
419directly with Service resources. This permits configuring mesh routing while
420preserving the Gateway API's overall semantics.
421
422We encourage service mesh implementers and users to try this new support and
423we welcome feedback! Once again, though, the working group does not recommend
424shipping products based on this or any other experimental API. due to the
425possibility of incompatible changes prior to the final release.
426
427### CEL Validation
428This release marks the beginning of a transition from webhook validation to CEL
429validation that is built into the CRDs. That will mean different things
430depending on the version of Kubernetes you're using:
431
432#### Kubernetes 1.25+
433CEL validation is fully supported. Most validation is now covered by the
434validating webhook, but unfortunately not quite everything.
435
436All but one validation has been translated from the
437webhook to CEL. Currently the CRDs only have a case-sensitive uniqueness check
438for header names in header modifier filters. The webhook validation is more
439thorough, ensuring that the uniqueness is case-insensitive. Unfortunately that
440is not possible to represent with CEL today. There is more information in
441[#2277](https://github.com/kubernetes-sigs/gateway-api/issues/2277).
442
443Installing the validating webhook is still recommended for this release to allow
444controllers to catch up to cover this gap in CEL validation. We expect this is
445the last release we will make this recommendation for, for more information,
446refer to [#2319](https://github.com/kubernetes-sigs/gateway-api/issues/2319).
447
448#### Kubernetes 1.23 and 1.24
449CEL validation is not supported, but Gateway API v0.8.0 CRDs can still be
450installed. When you upgrade to Kubernetes 1.25+, the validation included in
451these CRDs will automatically take effect. We recommend continuing to install
452the validating webhook on these Kubernetes versions.
453
454#### Kubernetes 1.22 and older
455Unfortunately Gateway API v0.8.0 is not supported on these Kubernetes versions.
456Gateway API v0.8.0 CRDs include CEL validation and cannot be installed on these
457versions of Kubernetes. Note that Gateway API only commits to providing support
458for the [5 most recent versions of
459Kubernetes](https://gateway-api.sigs.k8s.io/concepts/versioning/#supported-versions),
460and thus these versions are no longer supported by Gateway API.
461
462### API Version Changes
463As we prepare for a v1.0 release that will graduate Gateway, GatewayClass, and
464HTTPRoute to the `v1` API Version from `v1beta1`, we are continuing the process
465of moving away from `v1alpha2` for resources that have graduated to `v1beta1`.
466The following changes are included in this release:
467
468- `v1alpha2` of Gateway, GatewayClass, and HTTPRoute is no longer served
469- `v1alpha2` of ReferenceGrant is deprecated
470- `v1beta1` is now the storage version for ReferenceGrant
471
472Those changes mean that:
473
474- Users and implementations that were reading or writing from `v1alpha2` of
475 Gateway, GatewayClass, or HTTPRoute MUST upgrade to use `v1beta1`.
476- Users and implementations that were reading or writing from `v1alpha2` of
477 ReferenceGrant SHOULD upgrade to use `v1beta1`.
478
479For more information, refer to
480[#2069](https://github.com/kubernetes-sigs/gateway-api/pull/2069).
481
482### Multiple RequestMirror filters in the same HTTPRoute or GRPCRoute Rule
483Gateway API now supports multiple RequestMirror filters within the same rule.
484This enables implementations to mirror a request to multiple backends which
485was not supported before. (#2199, #2256, @Liorlieberman)
486
487### Supported Features and Conformance Levels
488Gateway API conformance tests have a concept of "Supported Features".
489Implementations state which features they support, and then all the tests
490covering that set of features are run.
491
492Prior to v0.8.0, we had a concept of "StandardCoreFeatures" that represented the
493set of features we expected every implementation to implement. Support for the
494Gateway and HTTPRoute resources was included in that list.
495
496Alongside that, Gateway API also has a concept of "Support Levels" such as
497"Core", "Extended", and "Implementation-Specific". The API had labeled 2
498resources as having support levels, but these didn't really make sense with
499the modular API model of Gateway API.
500
501In this release, we've simplified the concepts here. Individual resources no
502longer have assigned support levels, instead these are represented as "Supported
503Features." Implementations can separately claim to support Gateway,
504ReferenceGrant, or any other resource. This change helps accommodate incoming
505Mesh implementations, many of which do not support one or both of these
506resources.
507
508For more information refer to
509[#2323](https://github.com/kubernetes-sigs/gateway-api/pull/2323).
510
511
512## Other Changes
513
514### Status
515- Add IncompatibleFilters reason for implementations to specify when a route is
516 invalid due to an invalid combination of route filters. (#2150, @sunjayBhatia)
517
518### Validation
519
520- Add CEL validation for GRPCRoute. (#2305, @gnossen)
521- HTTPRoute and GRPCRoute CRDs now provide built-in validation that ensures the
522 uniqueness of names in Header Modifier "Remove" lists. (#2306, @robscott)
523
524### Spec Clarifications
525
526- RequestMirrorFilter: Enhanced the doc string to be explicit about sending the
527 mirrored request to a single destination endpoint within the backendRef
528 specified. (#2317, @arkodg)
529- HTTPRoute Method matching precedence has been clarified (#2054,
530 @gauravkghildiyal)
531- Clarify that implementations must not modify HTTP Host header. Adds
532 specificity alongside spec that port in Host header must be ignored when
533 matching on host. (#2092, @sunjayBhatia)
534- Fix typo: rename GatewaReasonUnsupportedAddress ->
535 GatewayReasonUnsupportedAddress (#2149, @panslava)
536- HTTPRoute: Clarified that exact path matches are truly exact, both trailing
537 slashes and capitalization are meaningful. (#2055, @robscott)
538- Implementations MUST ignore any port value specified in the HTTP Host header
539 while performing a match against HTTPRoute.Hostnames (#1980,
540 @gauravkghildiyal)
541- Clarify support for using the same filter multiple times within the same HTTP or GRPC rule (#2199, #2256, @Liorlieberman)
542
543### Conformance
544
545- Add conformance tests against accepting invalid ReferenceGrants in HTTPRoute
546 and TLSRoute (#2076, @meyskens)
547- Fixed an issues causing conformance tests to fail when using IPv6 addresses
548 (#2024, @howardjohn)
549- HTTPRoute connectivity is in now enforced in conformance tests if a relevant
550 ReferenceGrant gets deleted. (#1853, @pmalek)
551- The `--skip-tests` flag has been added to the conformance CLI to enable tests
552 opt-out when using it. (#2170, @mlavacca)
553- The experimental conformance profile suite can now be added as a stand-alone
554 cli and by means of `go test`. (#2066, @mlavacca)
555- GEPs now must have a Conformance Details section that specifies the feature's
556 name for conformance purposes. (#2115, @youngnick)
557- Better support mesh-only conformance testing (#2312, @kflynn)
558- SupportedFeatures have been restructured to be per-resource (#2323, @robscott)
559- Add SupportedFeature for port 8080 on Gateway (#2184, @xtineskim)
560- Fixes for IPv6 in Mesh (#2340, @keithmattix)
561- Fix leaking TCP connections which can lead to conformance test failures
562 (#2358, @gauravkghildiyal)
563
564### Webhook
565
566- Changed default imagePullPolicy for gateway-api-admission-server to
567 IfNotPresent. (#2215, @networkhermit)
568- Webhook config works with PodAdmission restricted (#2016, @jcpunk)
569
570### Documentation
571
572- Adds support for ParentRef targeting a Kubernetes Service resource for mesh
573 implementations. (#2146, @mikemorris)
574- Clarify wording on website around Gateway API vs API Gateway (#2191,
575 @david-martin)
576- GEP-1282, Backend Properties, has been declined. (#2132, @youngnick)
577- Added missing GEPs. (#2114, @levikobi)
578
579### Bug Fixes
580
581- Added the missing ReferenceGrant resource the kustomization.yaml for the
582 standard channel (#2084, @howardjohn)
583- Webhook validation now ensures that BackendRefs can not be specified in the
584 same HTTPRoute rule as a Redirect filter (#2161, @slayer321)
585- GRPCRoute: The default match has been removed as it was invalid (it only
586 specified a type of "Exact" without a corresponding Service or Method). Note
587 that the match type still defaults to "Exact". (#2311, @gauravkghildiyal)
588
589
590# v0.8.0-rc2
591
592The working group expects that this release candidate is quite close to the final
593v0.8.0 release. However, breaking API changes are still possible.
594
595This release candidate is suitable for implementors, but the working group does
596not recommend shipping products based on a release candidate API due to the
597possibility of incompatible changes prior to the final release. The following
598represents the changes since v0.8.0-rc1:
599
600## Changes by Kind
601
602### Validation
603
604- Add CEL validation for GRPCRoute. (#2305, @gnossen)
605- HTTPRoute and GRPCRoute CRDs now provide built-in validation that ensures the
606 uniqueness of names in Header Modifier "Remove" lists. (#2306, @robscott)
607
608### Bug Fixes
609
610- GRPCRoute: The default match has been removed as it was invalid (it only
611 specified a type of "Exact" without a corresponding Service or Method). Note
612 that the match type still defaults to "Exact". (#2311, @gauravkghildiyal)
613
614### Spec Clarifications
615
616- RequestMirrorFilter: Enhanced the doc string to be explicit about sending the
617 mirrored request to a single destination endpoint within the backendRef
618 specified. (#2317, @arkodg)
619- Resources no longer have support levels, implementations can choose to support
620 whichever set of resources they want (#2323, @robscott)
621
622### Conformance
623
624- Better support mesh-only conformance testing (#2312, @kflynn)
625- SupportedFeatures have been restructured to be per-resource (#2323, @robscott)
626
627# v0.8.0-rc1
628
629The working group expects that this release candidate is quite close to the final
630v0.8.0 release. However, breaking API changes are still possible.
631
632This release candidate is suitable for implementors, but the working group does
633not recommend shipping products based on a release candidate API due to the
634possibility of incompatible changes prior to the final release.
635
636## Major Themes
637
638### GAMMA (Service Mesh)
639Service mesh support per the GAMMA initiative has moved to **experimental** in
640`v0.8.0`. As an experimental API, **it is still possible that this will
641change**; the working group does not recommend shipping products based on any
642experimental API.
643
644When using the Gateway API to configure a service mesh, the Gateway and
645GatewayClass resources are not used (as there will typically only be one mesh
646in the cluster) and, instead, individual route resources are associated
647directly with Service resources. This permits configuring mesh routing while
648preserving the Gateway API's overall semantics.
649
650We encourage service mesh implementers and users to try this new support and
651we welcome feedback! Once again, though, the working group does not recommend
652shipping products based on this or any other experimental API. due to the
653possibility of incompatible changes prior to the final release.
654
655### CEL Validation
656This release marks the beginning of a transition from webhook validation to CEL
657validation that is built into the CRDs. That will mean different things
658depending on the version of Kubernetes you're using:
659
660#### Kubernetes 1.25+
661CEL validation is fully supported. Most validation is now covered by the
662validating webhook, but unfortunately not quite everything.
663
664**Standard Channel:** All but one validation has been translated from the
665webhook to CEL. Currently the CRDs only have a case-sensitive uniqueness check
666for header names in header modifier filters. The webhook validation is more
667thorough, ensuring that the uniqueness is case-insensitive. Unfortunately that
668is not possible to represent with CEL today. There is more information in
669[#2277](https://github.com/kubernetes-sigs/gateway-api/issues/2277).
670
671**Experimental Channel:** TCPRoute, TLSRoute, and UDPRoute are fully covered by
672CEL validation. GRPCRoute still has some significant gaps in CEL validation that
673will be covered in a future release.
674
675#### Kubernetes 1.23 and 1.24
676CEL validation is not supported, but Gateway API v0.8.0 CRDs can still be
677installed. When you upgrade to Kubernetes 1.25+, the validation included in
678these CRDs will automatically take effect. We recommend continuing to install
679the validating webhook on these Kubernetes versions.
680
681#### Kubernetes 1.22 and older
682Unfortunately Gateway API v0.8.0 is not supported on these Kubernetes versions.
683Gateway API v0.8.0 CRDs include CEL validation and cannot be installed on these
684versions of Kubernetes. Note that Gateway API only commits to providing support
685for the [5 most recent versions of
686Kubernetes](https://gateway-api.sigs.k8s.io/concepts/versioning/#supported-versions),
687and thus these versions are no longer supported by Gateway API.
688
689### API Version Changes
690As we prepare for a v1.0 release that will graduate Gateway, GatewayClass, and
691HTTPRoute to the `v1` API Version from `v1beta1`, we are continuing the process
692of moving away from `v1alpha2` for resources that have graduated to `v1beta1`.
693The following changes are included in this release:
694
695- `v1alpha2` of Gateway, GatewayClass, and HTTPRoute is no longer served
696- `v1alpha2` of ReferenceGrant is deprecated
697- `v1beta1` is now the storage version for ReferenceGrant
698
699Those changes mean that:
700
701- Users and implementations that were reading or writing from `v1alpha2` of
702 Gateway, GatewayClass, or HTTPRoute MUST upgrade to use `v1beta1`.
703- Users and implementations that were reading or writing from `v1alpha2` of
704 ReferenceGrant SHOULD upgrade to use `v1beta1`.
705
706For more information, refer to
707[#2069](https://github.com/kubernetes-sigs/gateway-api/pull/2069).
708
709## Other Changes
710
711### Status
712- Add IncompatibleFilters reason for implementations to specify when a route is
713 invalid due to an invalid combination of route filters. (#2150, @sunjayBhatia)
714
715### Spec Clarifications
716
717- HTTPRoute Method matching precedence has been clarified (#2054,
718 @gauravkghildiyal)
719- Clarify that implementations must not modify HTTP Host header. Adds
720 specificity alongside spec that port in Host header must be ignored when
721 matching on host. (#2092, @sunjayBhatia)
722- Fix typo: rename GatewaReasonUnsupportedAddress ->
723 GatewayReasonUnsupportedAddress (#2149, @panslava)
724- HTTPRoute: Clarified that exact path matches are truly exact, both trailing
725 slashes and capitalization are meaningful. (#2055, @robscott)
726- Implementations MUST ignore any port value specified in the HTTP Host header
727 while performing a match against HTTPRoute.Hostnames (#1980,
728 @gauravkghildiyal)
729
730### Conformance
731
732- Add conformance tests against accepting invalid ReferenceGrants in HTTPRoute
733 and TLSRoute (#2076, @meyskens)
734- Fixed an issues causing conformance tests to fail when using IPv6 addresses
735 (#2024, @howardjohn)
736- HTTPRoute connectivity is in now enforced in conformance tests if a relevant
737 ReferenceGrant gets deleted. (#1853, @pmalek)
738- The `--skip-tests` flag has been added to the conformance CLI to enable tests
739 opt-out when using it. (#2170, @mlavacca)
740- The experimental conformance profile suite can now be added as a stand-alone
741 cli and by means of `go test`. (#2066, @mlavacca)
742- GEPs now must have a Conformance Details section that specifies the feature's
743 name for conformance purposes. (#2115, @youngnick)
744
745### Webhook
746
747- Changed default imagePullPolicy for gateway-api-admission-server to
748 IfNotPresent. (#2215, @networkhermit)
749- Webhook config works with PodAdmission restricted (#2016, @jcpunk)
750
751### Documentation
752
753- Adds support for ParentRef targeting a Kubernetes Service resource for mesh
754 implementations. (#2146, @mikemorris)
755- Clarify wording on website around Gateway API vs API Gateway (#2191,
756 @david-martin)
757- GEP-1282, Backend Properties, has been declined. (#2132, @youngnick)
758- Added missing GEPs. (#2114, @levikobi)
759
760### Bug Fixes
761
762- Added the missing ReferenceGrant resource the kustomization.yaml for the
763 standard channel (#2084, @howardjohn)
764- Webhook validation now ensures that BackendRefs can not be specified in the
765 same HTTPRoute rule as a Redirect filter (#2161, @slayer321)
766
767# v0.7.1
768
769This is a patch release that includes small fixes, clarifications, and
770conformance tests as a follow up to the v0.7.0 release.
771
772## Changes by Kind
773
774### Conformance Tests
775
776- Fixed an issues causing conformance tests to fail when using IPv6 addresses.
777 (#2024, @howardjohn)
778- HTTPRoute connectivity is in now enforced in conformance tests if a relevant
779 ReferenceGrant gets deleted. (#1853, @pmalek)
780- New: Conformance tests for HTTP request mirroring. (#1912, @liorlieberman)
781- Fixes to port and scheme redirect tests: Tests now send HTTPS requests with
782 consistent SNI and Host, Gateway now has the correct SANs. (#2039, @sunjaybhatia)
783- TLSRoute test now waits for namespaces to be ready. (#2067, @skriss)
784
785### Validating Webhook
786
787- Webhook config works with "restricted" Pod Security level. (#2016, @jcpunk)
788
789### Clarifications
790
791- HTTPRoute Method matching precedence has been clarified. (#2054,
792 @gauravkghildiyal)
793- Implementations MUST ignore any port value specified in the HTTP Host header
794 while performing a match against HTTPRoute.Hostnames. (#1980,
795 @gauravkghildiyal)
796- HTTPRoute: Clarified that exact path matches are truly exact, both trailing
797 slashes and capitalization are meaningful. (#2055, @robscott)
798- Gateway: Clarified that AttachedRoutes should only consider Routes that have
799 been accepted. (#2050, @mlavacca)
800
801# v0.7.0
802
803The v0.7.0 release focuses on refining and stabilizing existing APIs. This
804included a focus on both conformance tests and clarifying ambiguous parts of the
805API spec.
806
807## Features Graduating to Standard
808In addition to those broad focuses, 2 features are graduating to the
809standard channel:
810
811* GEP-1323: Response Header Modifiers (#1905, @robscott)
812* GEP-726: Path Redirects and Rewrites (#1905, @robscott)
813
814## GEPs
815There are a lot of interesting GEPs in the pipeline right now, but only some of
816these GEPs have made it to experimental status in time for v0.7.0. The GEPs
817highlighted below are both in an experimental state and are either entirely new
818(GEP-1748) or had significant new concepts introduced (GEP-713):
819
820### GEP-713: Policy Attachment
821This GEP received a major update, splitting policy attachment into two
822categories "Direct" and "Inherited". The new "Direct" mode enables a simplified
823form of policy attachment for targeting a single resource (#1565, @youngnick).
824
825### GEP-1748: Gateway API Interaction with Multi-Cluster Services
826A new GEP was introduced to define how Gateway API interacts with Multi-Cluster
827Services. At a high level, this states that ServiceImports have "Extended"
828support and can be used anywhere Services can throughout the API. There's a lot
829more nuance here, so for the full details, refer to the GEP. (#1843, @robscott)
830
831## Other Changes by Kind
832
833### Status Changes
834
835- The "Ready" Gateway and Listener condition has been reserved for future use.
836 (#1888, @howardjohn)
837- The UnsupportedAddress Listener condition reason has been moved to a Gateway
838 condition reason. (#1888, @howardjohn)
839- The AddressNotAssigned Gateway condition reasons has moved from Accepted to
840 Programmed. (#1888, @howardjohn)
841- The NoResources Gateway condition reasons has moved from Ready to Programmed.
842 (#1888, @howardjohn)
843
844### Spec Cleanup
845
846- Clarification that port redirects should not add port number to Location
847 header for HTTP and HTTPS requests on 80 and 443. (#1908, @robscott)
848- Port redirect when empty will depend on the configured Redirect scheme (#1880,
849 @gauravkghildiyal)
850- Updated spec to clarify that Exact matches have precedence over Prefix matches
851 and RegularExpression matches have implementation specific precedence. (#1855,
852 @Xunzhuo)
853- The `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer is no
854 longer required and is now just recommended. (#1917, @howardjohn)
855
856### Validation Fixes
857
858- Removes GRPCRoute method match defaulting to allow for matching all requests,
859 or matching only by header. (#1753, @skriss)
860- Update route validation to comply with RFC-3986 "p-char" characters. (#1644,
861 @jackstine)
862- Illegal names like " " will be not allowed for query param name in
863 HTTPQueryParamMatch. (#1796, @gyohuangxin)
864* Webhook: Port is now considered when validating that ParentRefs are unique
865 (#1995, @howardjohn)
866
867### Conformance
868
869- No conformance tests run by default anymore, including tests for GatewayClass
870 and Gateway. A new SupportGateway feature must be opted into in order to run
871 those tests (similar to what we've done previously for ReferenceGrant and
872 HTTPRoute). Also with this release, `EnableAllSupportedFeatures` enables all
873 Gateway AND Mesh features (where previously that was just Gateway). (#1894,
874 @shaneutt)
875- Gateways must publish the "Programmed" condition. (#1732, @robscott)
876- Add `all-features` flag to enable all supported feature conformance tests.
877 (#1642, @gyohuangxin)
878- A new SkipTests field has been added to the conformance test options to
879 opt-out of specific tests. (#1578, @mlavacca)
880- Added: conformance tests for http rewrite host and path filters. (#1622,
881 @LiorLieberman)
882- In Conformance tests, when a Route references a gateway having no listener
883 whose allowedRoutes criteria permit the route, the reason
884 NotAllowedByListeners should be used for the accepted condition. (#1669,
885 @mlavacca)
886- Support configurable timeout for GatewayObservedGenerationBump (#1887,
887 @Xunzhuo)
888- The conformance test HTTPRouteInvalidCrossNamespaceParentRef now requires the
889 HTTPRoute accepted condition to be failing with the ParentRefNotPermitted
890 reason. (#1694, @mlavacca)
891- The conformance tests always check that the HTTPRoute ResolvedRefs condition
892 is enforced, even when the status is true. (#1668, @mlavacca)
893- Checks for the NotAllowedByListeners reason on the HTTPRoute's Accepted: false
894 condition in the HTTPRouteInvalidCrossNamespaceParentRef conformance test.
895 (#1714, @skriss)
896- Added conformance test to verify that path matching precedence is
897 implemented correctly. (#1855, @Xunzhuo)
898- Remove a test that only covered redirect status without any other changes.
899 (#2007, @robscott)
900- Port redirect when empty will depend on the configured Redirect scheme (#1880,
901 @gauravkghildiyal)
902- Fixes for mesh conformance tests (#2017, @keithmattix)
903
904### Documentation
905
906- Updated outdated content on list of resources in installation guide page.
907 (#1857, @randmonkey)
908- Fix description of ReferenceGrant example in documentation by making it use
909 the correct resources. (#1864, @matteoolivi)
910- Fix grammar mistake in ReferenceGrant implementation guidelines. (#1865,
911 @matteoolivi)
912
913# v0.7.0-rc2
914
915We expect this to be our final release candidate before launching v0.7.0. This
916release candidate includes a variety of clarifications and conformance updates.
917The changelog below represents the changes since v0.7.0-rc1.
918
919## Changes by Kind
920
921### Spec Clarification
922
923- Port redirect when empty will depend on the configured Redirect scheme (#1880,
924 @gauravkghildiyal)
925
926### Conformance
927
928- Remove a test that only covered redirect status without any other changes.
929 (#2007, @robscott)
930- Port redirect when empty will depend on the configured Redirect scheme (#1880,
931 @gauravkghildiyal)
932
933### Validation Fixes
934
935* Webhook: Port is now considered when validating that ParentRefs are unique
936 (#1995, @howardjohn)
937
938# v0.7.0-rc1
939
940## Changes by Kind
941
942### Graduating to Standard
943
944- GEP-1323: Response Header Modifier has graduated to standard (#1905,
945 @robscott)
946- GEP-726: Path Redirects and Rewrites has graduated to the standard channel.
947 (#1874, @robscott)
948
949### Experimental GEPs
950
951- The Policy Attachment GEP received a major update, splitting policy attachment
952 into two categories "Direct" and "Inherited". The new "Direct" mode enables a
953 simplified form of policy attachment for targeting a single resource (#1565,
954 @youngnick)
955- A new GEP was introduced to define how Gateway API interacts with
956 Multi-Cluster Services (#1843, @robscott)
957
958### Status Changes
959
960- The "Ready" Gateway and Listener condition has been reserved for future use.
961 (#1888, @howardjohn)
962- The UnsupportedAddress Listener condition reason has been moved to a Gateway
963 condition reason. (#1888, @howardjohn)
964- The AddressNotAssigned Gateway condition reasons has moved from Accepted to
965 Programmed. (#1888, @howardjohn)
966- The NoResources Gateway condition reasons has moved from Ready to Programmed.
967 (#1888, @howardjohn)
968
969### Spec Cleanup
970
971- Clarification that port redirects should not add port number to Location
972 header for HTTP and HTTPS requests on 80 and 443. (#1908, @robscott)
973- Updated spec to clarify that Exact matches have precedence over Prefix matches
974 and RegularExpression matches have implementation specific precedence. (#1855,
975 @Xunzhuo)
976- The `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer is no
977 longer required and is now just recommended. (#1917, @howardjohn)
978
979### Validation Fixes
980
981- Removes GRPCRoute method match defaulting to allow for matching all requests,
982 or matching only by header. (#1753, @skriss)
983- Update route validation to comply with RFC-3986 "p-char" characters. (#1644,
984 @jackstine)
985- Illegal names like " " will be not allowed for query param name in
986 HTTPQueryParamMatch. (#1796, @gyohuangxin)
987
988### Conformance
989
990- No conformance tests run by default anymore, including tests for GatewayClass
991 and Gateway. A new SupportGateway feature must be opted into in order to run
992 those tests (similar to what we've done previously for ReferenceGrant and
993 HTTPRoute). Also with this release, `EnableAllSupportedFeatures` enables all
994 Gateway AND Mesh features (where previously that was just Gateway). (#1894,
995 @shaneutt)
996- Gateways must publish the "Programmed" condition. (#1732, @robscott)
997- Add `all-features` flag to enable all supported feature conformance tests.
998 (#1642, @gyohuangxin)
999- A new SkipTests field has been added to the conformance test options to
1000 opt-out of specific tests. (#1578, @mlavacca)
1001- Added: conformance tests for http rewrite host and path filters. (#1622,
1002 @LiorLieberman)
1003- In Conformance tests, when a Route references a gateway having no listener
1004 whose allowedRoutes criteria permit the route, the reason
1005 NotAllowedByListeners should be used for the accepted condition. (#1669,
1006 @mlavacca)
1007- Support configurable timeout for GatewayObservedGenerationBump (#1887,
1008 @Xunzhuo)
1009- The conformance test HTTPRouteInvalidCrossNamespaceParentRef now requires the
1010 HTTPRoute accepted condition to be failing with the ParentRefNotPermitted
1011 reason. (#1694, @mlavacca)
1012- The conformance tests always check that the HTTPRoute ResolvedRefs condition
1013 is enforced, even when the status is true. (#1668, @mlavacca)
1014- Checks for the NotAllowedByListeners reason on the HTTPRoute's Accepted: false
1015 condition in the HTTPRouteInvalidCrossNamespaceParentRef conformance test.
1016 (#1714, @skriss)
1017- Added conformance test to verify that path matching precedence is
1018 implemented correctly. (#1855, @Xunzhuo)
1019
1020### Documentation
1021
1022- Updated outdated content on list of resources in installation guide page.
1023 (#1857, @randmonkey)
1024- Fix description of ReferenceGrant example in documentation by making it use
1025 the correct resources. (#1864, @matteoolivi)
1026- Fix grammar mistake in ReferenceGrant implementation guidelines. (#1865,
1027 @matteoolivi)
1028
1029# v0.6.2
1030
1031This is a patch release that predominantly includes updated conformance tests
1032for implementations to implement.
1033
1034For all major changes since the `v0.5.x` release series, please see the
1035[v0.6.0](/#v060) release notes.
1036
1037## Maintenance
1038
1039- As per [changes in upstream to container image registries] we replaced all
1040 usage of the k8s.gcr.io registry with registry.k8s.io.
1041 (#1736, @shaneutt)
1042
1043[changes in upstream to container image registries]:https://github.com/kubernetes/k8s.io/issues/4738
1044
1045## Bug Fixes
1046
1047- Fix invalid HTTP redirect/rewrite examples.
1048 (#1787, @Xunzhuo)
1049
1050## Conformance Test Updates
1051
1052- The `HTTPRouteInvalidCrossNamespaceParentRef` conformance test now checks for
1053 the `NotAllowedByListeners` reason on the `HTTPRoute`'s `Accepted: false`
1054 condition to better indicate why the route was note accepted.
1055 (#1714, @skriss)
1056- A conformance test was added for `HTTPRoute` to cover the behavior of a
1057 non-matching `SectionName` similar to what was already present for
1058 `ListenerPort`.
1059 (#1719, @zaunist)
1060- Fixed an issue where tests may fail erroneously on the removal of resources
1061 that are already removed.
1062 (#1745, @mlavacca)
1063- Logging in conformance utilities related to resource's `ObservedGeneration`
1064 has been improved to emit the `ObservedGenerations that are found for the
1065 purpose of making it easier to debug test failures and be more verbose about
1066 the objects in question.
1067 (#1761, @briantkennedy)
1068 (#1763, @briantkennedy)
1069- Patch instead of update in some places in conformance tests to reduce noise
1070 in logs.
1071 (#1760, @michaelbeaumont)
1072- Added `AttachedRoutes` testing to conformance tests.
1073 (#1624, @ChaningHwang)
1074- The conformance tests always check that the HTTPRoute ResolvedRefs condition
1075 is enforced, even when the status is true.
1076 (#1668, @mlavacca)
1077
1078# v0.6.1
1079
1080This is a patch release that predominantly includes updated conformance tests
1081for implementations to implement.
1082
1083For all major changes since the `v0.5.x` release series, please see the
1084[v0.6.0](/#v060) release notes.
1085
1086## Bug Fixes
1087
1088- Our regex for validating path characters was updated to accurately identify
1089 "p-chars" as per RFC-3986.
1090 (#1644, @jackstine)
1091- An erroneous "namespace" field was present in our webhook ClusterRoleBindings
1092 and has been removed.
1093 (#1684, @tao12345666333)
1094
1095## New Features
1096
1097- Conditions for Policies have been added to the Golang library, enabling
1098 Go-based implementations to re-use those for their downstream Policies.
1099 (#1682, @mmamczur)
1100
1101## Conformance Test Updates
1102
1103- Added conformance tests for checking Port, Scheme and Path to the extended and
1104 experimental features.
1105 (#1611, @LiorLieberman)
1106- Added conformance tests for HTTP rewrite
1107 (#1622, #1628, @LiorLieberman)
1108- Added more conformance tests for path matching to catch known edge cases.
1109 (#1627, @sunjayBhatia)
1110- Added some initial conformance tests for TLSRoute passthrough.
1111 (#1579, @candita)
1112- Added conformance tests that exercise NotAllowedByListeners reason.
1113 (#1669, @mlavacca)
1114- Loosen the Accepted check in GatewayClass observed generation tests to
1115 provide a more realistic test for implementations.
1116 (#1655, @arkodg)
1117- A "SkipTests" field has been added to accommodate implementations in
1118 running subsets of the tests as needed, this can be particularly helpful
1119 for new implementations that want to add conformance iteratively.
1120 (#1578, @mlavacca)
1121- Fixed a broken test for GRPCRoute that caused an erroneous failure.
1122 (#1692, @arkodg)
1123- Added "all-features" flag to conformance test to enable all supported
1124 features on test runs.
1125 (#1642, @gyohuangxin)
1126- Fixed usage of `net/http` default client in conformance test suite
1127 (#1617, @howardjohn)
1128- Fixed missing reference to NoMatchingParent in godoc
1129 (#1671, @mlavacca)
1130
1131# v0.6.0
1132
1133## Major Changes
1134
1135### ReferenceGrant moves to `v1beta1`, ReferencePolicy removed
1136
1137With more implementations now supporting ReferenceGrant (and more conformance coverage of the resource), we've moved ReferenceGrant to `v1beta1` in this release. **Note** that moving to beta also moves the object to the Standard channel (it was Experimental previously).
1138
1139We've also removed the already-deprecated ReferencePolicy resource, so please move over to the shiny new ReferenceGrant, which has all the same features.
1140
1141- Promotes ReferenceGrant to the v1beta1 API and the standard release channel
1142 (#1455, @nathancoleman)
1143- ReferencePolicy has been removed from the API in favor of ReferenceGrant.
1144 (#1406, @robscott)
1145
1146### Introduce GRPCRoute
1147
1148The `GRPCRoute` resource has been introduced in order to simplify the routing of GRPC requests.
1149Its design is described in [GEP-1016](https://gateway-api.sigs.k8s.io/geps/gep-1016/).
1150As it is a new resource, it is introduced in the experimental channel.
1151
1152Thanks to @gnossen for pushing this ahead.
1153
1154- Introduce GRPCRoute resource. (#1115, @gnossen)
1155
1156### Status updates
1157
1158As described in [GEP-1364](https://gateway-api.sigs.k8s.io/geps/gep-1364/), status conditions have been updated within the Gateway resource to make it more consistent with the rest of the API. These changes, along with some other status changes, are detailed below.
1159
1160Gateway:
1161
1162* New `Accepted` and `Programmed` conditions introduced.
1163* `Scheduled` condition deprecated.
1164* Core Conditions now `Accepted` and `Programmed`.
1165* Moves to Extended: `Ready`.
1166
1167Gateway Listener:
1168
1169* New `Accepted` and `Programmed` conditions introduced.
1170* `Detached` condition deprecated.
1171* Core Conditions now `Accepted`, `Programmed`, `ResolvedRefs`, and `Conflicted`.
1172* Moves to Extended: `Ready`.
1173
1174All Resources:
1175
1176* The `Accepted` Condition now has a `Pending` reason, which is the default until
1177 the condition is updated by a controller.
1178
1179Route resources:
1180
1181* The `Accepted` Condition now has a `NoMatchingParent` reason, to be set on routes
1182 when no matching parent can be found.
1183
1184The purpose of these changes is to make the status flows more consistent across objects, and to provide a clear pattern for new objects as we evolve the API.
1185
1186> **Note**: This change will require updates for implementations to be able to pass conformance tests. Implementations may choose to publish both new and old conditions, or only new conditions.
1187
1188- Adds `Accepted` and deprecates `Detached` Listener conditions and reasons (#1446, @mikemorris)
1189- Adds `Accepted` and deprecates `Scheduled` Gateway conditions and reasons (#1447, @mikemorris)
1190- Adds `Pending` reason for use with all `Accepted` conditions throughout the API (#1453, @youngnick)
1191- Adds `Programmed` Gateway and Listener conditions, moves `Ready` to extended
1192 conformance (#1499, @LCaparelli)
1193- Add `RouteReasonNoMatchingParent` reason for `Accepted` condition. (#1516, @pmalek)
1194
1195## Other Changes by type
1196
1197### Deprecations
1198
1199- GatewayClass, Gateway, and HTTPRoute are now only supported with the v1beta1
1200 version of the API. The v1alpha2 API versions of these resources will be fully
1201 removed in a future release. Additionally, v1alpha2 is marked as deprecated
1202 everywhere. (#1348 and #1405, @robscott)
1203
1204### API Changes
1205
1206- A new field `responseHeaderModifier` is added to `.spec.rules.filters`, which
1207 allows for modification of HTTP response headers (#1373, @aryan9600)
1208- Display the Programmed condition instead of the Ready condition in the output
1209- HTTPRoute: Validating webhook now ensures that Exact and Prefix path match
1210 values can now only include valid path values per RFC-3986. (RegularExpression
1211 path matches are not affected by this change). (#1599, @robscott)
1212- `RegularExpression` type selectors have been clarified to all be
1213 `ImplementationSpecific` conformance. (#1604, @youngnick)
1214
1215### Documentation
1216
1217- Clarify that BackendObjectReference's Port field specifies a service port, not
1218 a target port, for Kubernetes Service backends. (#1332, @Miciah)
1219- HTTPRequestHeaderFilter and HTTPResponseHeaderFilter forbid configuring
1220 multiple actions for the same header. (#1497, @rainest)
1221- Changes "custom" conformance level to "implementation-specific" (#1436,
1222 @LCaparelli)
1223- Clarification that changes to ReferenceGrants MUST be reconciled (#1429,
1224 @robscott)
1225
1226### Conformance Tests
1227
1228- ExemptFeatures have been merged into SupportedFeatures providing implementations
1229 a uniform way to specify the features they support.
1230 (#1507, @robscott) (#1394, @gyohuangxin)
1231- To be conformant with the API, if there is no ReferenceGrant that grants a
1232 listener to reference a secret in another namespace, the
1233 ListenerConditionReason for the condition ResolvedRefs must be set to
1234 RefNotPermitted instead of InvalidCertificateRef. (#1305, @mlavacca)
1235- A new test has been added to cover HTTP Redirects (#1556, @LiorLieberman)
1236- Fix Gateway reference in HTTPRouteInvalidParentRefNotMatchingListenerPort
1237 (#1591, @sayboras)
1238
1239### Build Changes
1240
1241- We now provide a [multi-arch](https://www.docker.com/blog/multi-arch-images/)
1242 image including new support for `arm64` in addition to `amd64` for our
1243 validating webhook.
1244 (#627, @wilsonwu & @Xunzhuo)
1245
1246### Developer Notes
1247
1248- Deprecated `v1alpha2` Go types are now aliases to their `v1beta1` versions
1249 (#1390, @howardjohn)
1250
1251# v0.6.0-rc2
1252
1253We expect this to be our final release candidate before launching v0.6.0. This
1254release candidate includes a variety of cleanup and documentation updates. The
1255changelog below represents the changes since v0.6.0-rc1.
1256
1257### Conformance Tests
1258
1259- A new test has been added to cover HTTP Redirects (#1556, @LiorLieberman)
1260- Fix Gateway reference in HTTPRouteInvalidParentRefNotMatchingListenerPort
1261 (#1591, @sayboras)
1262
1263### General Cleanup
1264
1265- Display the Programmed condition instead of the Ready condition in the output
1266 of `kubectl get gateways`. (#1602, @skriss)
1267- GRPCRoute: Regex validation for Method and Service has been tightened to match
1268 GRPC spec. (#1599, @robscott)
1269- GRPCRoute: Webhook validation of GRPCRoute has been expanded to closely match
1270 HTTPRoute validation. (#1599, @robscott)
1271- HTTPRoute and Gateway: Gaps between webhook validation for v1alpha2 and
1272 v1beta1 have been closed. (#1599, @robscott)
1273- HTTPRoute: Validating webhook now ensures that Exact and Prefix path match
1274 values can now only include valid path values per RFC-3986. (RegularExpression
1275 path matches are not affected by this change). (#1599, @robscott)
1276- The Gateway default conditions list now includes the Programmed condition.
1277 (#1604, @youngnick)
1278- `RegularExpression` type selectors have been clarified to all be
1279 `ImplementationSpecific` conformance. (#1604, @youngnick)
1280
1281# v0.6.0-rc1
1282
1283## Major Changes
1284
1285### ReferenceGrant moves to `v1beta1`, ReferencePolicy removed
1286
1287With more implementations now supporting ReferenceGrant (and more conformance coverage of the resource), we've moved ReferenceGrant to `v1beta1` in this release. **Note** that moving to beta also moves the object to the Standard channel (it was Experimental previously).
1288
1289We've also removed the already-deprecated ReferencePolicy resource, so please move over to the shiny new ReferenceGrant, which has all the same features.
1290
1291- Promotes ReferenceGrant to the v1beta1 API and the standard release channel
1292 (#1455, @nathancoleman)
1293- ReferencePolicy has been removed from the API in favor of ReferenceGrant.
1294 (#1406, @robscott)
1295
1296### Introduce GRPCRoute
1297
1298The `GRPCRoute` resource has been introduced in order to simplify the routing of GRPC requests.
1299Its design is described in [GEP-1016](https://gateway-api.sigs.k8s.io/geps/gep-1016/).
1300As it is a new resource, it is introduced in the experimental channel.
1301
1302Thanks to @gnossen for pushing this ahead.
1303
1304- Introduce GRPCRoute resource. (#1115, @gnossen)
1305
1306### Status updates
1307
1308As described in [GEP-1364](https://gateway-api.sigs.k8s.io/geps/gep-1364/), status conditions have been updated within the Gateway resource to make it more consistent with the rest of the API. These changes, along with some other status changes, are detailed below.
1309
1310Gateway:
1311
1312* New `Accepted` and `Programmed` conditions introduced.
1313* `Scheduled` condition deprecated.
1314* Core Conditions now `Accepted` and `Programmed`.
1315* Moves to Extended: `Ready`.
1316
1317Gateway Listener:
1318
1319* New `Accepted` and `Programmed` conditions introduced.
1320* `Detached` condition deprecated.
1321* Core Conditions now `Accepted`, `Programmed`, `ResolvedRefs`, and `Conflicted`.
1322* Moves to Extended: `Ready`.
1323
1324All Resources:
1325
1326* The `Accepted` Condition now has a `Pending` reason, which is the default until
1327 the condition is updated by a controller.
1328
1329Route resources:
1330
1331* The `Accepted` Condition now has a `NoMatchingParent` reason, to be set on routes
1332 when no matching parent can be found.
1333
1334The purpose of these changes is to make the status flows more consistent across objects, and to provide a clear pattern for new objects as we evolve the API.
1335
1336> **Note**: This change will require updates for implementations to be able to pass conformance tests. Implementations may choose to publish both new and old conditions, or only new conditions.
1337
1338- Adds `Accepted` and deprecates `Detached` Listener conditions and reasons (#1446, @mikemorris)
1339- Adds `Accepted` and deprecates `Scheduled` Gateway conditions and reasons (#1447, @mikemorris)
1340- Adds `Pending` reason for use with all `Accepted` conditions throughout the API (#1453, @youngnick)
1341- Adds `Programmed` Gateway and Listener conditions, moves `Ready` to extended
1342 conformance (#1499, @LCaparelli)
1343- Add `RouteReasonNoMatchingParent` reason for `Accepted` condition. (#1516, @pmalek)
1344
1345## Other Changes by type
1346
1347### Deprecations
1348
1349- GatewayClass, Gateway, and HTTPRoute are now only supported with the v1beta1
1350 version of the API. The v1alpha2 API versions of these resources will be fully
1351 removed in a future release. Additionally, v1alpha2 is marked as deprecated
1352 everywhere. (#1348 and #1405, @robscott)
1353
1354### API Changes
1355
1356- A new field `responseHeaderModifier` is added to `.spec.rules.filters`, which
1357 allows for modification of HTTP response headers (#1373, @aryan9600)
1358
1359### Conformance Tests
1360
1361- ExemptFeatures have been merged into SupportedFeatures providing implementations
1362 a uniform way to specify the features they support.
1363 (#1507, @robscott) (#1394, @gyohuangxin)
1364- To be conformant with the API, if there is no ReferenceGrant that grants a
1365 listener to reference a secret in another namespace, the
1366 ListenerConditionReason for the condition ResolvedRefs must be set to
1367 RefNotPermitted instead of InvalidCertificateRef. (#1305, @mlavacca)
1368
1369### Developer Notes
1370
1371- Deprecated `v1alpha2` Go types are now aliases to their `v1beta1` versions
1372 (#1390, @howardjohn)
1373- Moved type translation helpers from the `utils` package to a new package named
1374 `translator`. (#1337, @carlisia)
1375
1376### Documentation
1377
1378- Clarify that BackendObjectReference's Port field specifies a service port, not
1379 a target port, for Kubernetes Service backends. (#1332, @Miciah)
1380- HTTPRequestHeaderFilter and HTTPResponseHeaderFilter forbid configuring
1381 multiple actions for the same header. (#1497, @rainest)
1382- Changes "custom" conformance level to "implementation-specific" (#1436,
1383 @LCaparelli)
1384- Clarification that changes to ReferenceGrants MUST be reconciled (#1429,
1385 @robscott)
1386
1387## v0.5.1
1388
1389API versions: v1beta1, v1alpha2
1390
1391This release includes a number of bug fixes and clarifications:
1392
1393### API Spec
1394
1395* The spec has been clarified to state that the port specified in BackendRef
1396 refers to the Service port number, not the target port, when a Service is
1397 referenced. [#1332](https://github.com/kubernetes-sigs/gateway-api/pull/1332)
1398* The spec has been clarified to state that "Accepted" should be used instead of
1399 "Attached" on HTTPRoute.
1400 [#1382](https://github.com/kubernetes-sigs/gateway-api/pull/1382)
1401
1402### Webhook:
1403
1404* The duplicate gateway-system namespace definitions have been removed.
1405 [#1387](https://github.com/kubernetes-sigs/gateway-api/pull/1387)
1406* The webhook has been updated to watch v1beta1.
1407 [#1365](https://github.com/kubernetes-sigs/gateway-api/pull/1368)
1408
1409### Conformance:
1410
1411* The expected condition for a cross-namespace certificate reference that has
1412 not been allowed by a ReferenceGrant has been changed from
1413 "InvalidCertificateRef" to "RefNotPermitted" to more closely match the spec.
1414 [#1351](https://github.com/kubernetes-sigs/gateway-api/pull/1351)
1415* A new test has been added to cover when a Gateway references a Secret that
1416 does not exist
1417 [#1334](https://github.com/kubernetes-sigs/gateway-api/pull/1334)
1418
1419
1420## v0.5.0
1421
1422API versions: v1beta1, v1alpha2
1423
1424This release is all about stability.
1425
1426Changes in this release can largely be divided into the following categories:
1427
1428- Release Channels
1429- Resources graduating to beta
1430- New experimental features
1431- Bug Fixes
1432- General Improvements
1433- Breaking Changes
1434 - Validation improvements
1435 - Internal type cleanup
1436
1437Note: This release is largely identical to v0.5.0-rc2, this changelog tracks
1438the difference between v0.5.0 and v0.4.3.
1439
1440### Release channels
1441
1442In this release, we've made two release channels available, `experimental` and
1443`standard`.
1444
1445The `experimental` channel contains all resources and fields, while `standard`
1446contains only resources that mave moved to beta status.
1447
1448We've also added a way to flag particular fields within a resource as
1449experimental, and any fields marked in this way are only present in the
1450`experimental` channel. Please see the [versioning][vers] docs for a more
1451detailed explanation.
1452
1453One caveat for the standard channel - due to work on the new ReferenceGrant
1454resource: conformance tests may not pass with the `standard` set of CRDs.
1455
1456[vers]:https://gateway-api.sigs.k8s.io/concepts/versioning/
1457
1458### Resources Graduating to BETA
1459
1460The following APIs have been promoted to a `v1beta1` maturity:
1461
1462- `GatewayClass`
1463- `Gateway`
1464- `HTTPRoute`
1465
1466[#1192](https://github.com/kubernetes-sigs/gateway-api/pull/1192)
1467
1468### New Experimental Features
1469
1470- Routes can now select `Gateway` listeners by port number
1471 [#1002](https://github.com/kubernetes-sigs/gateway-api/pull/1002)
1472- Gateway API now includes "Experimental" release channel. Consequently, CRDs now
1473 include `gateway.networking.k8s.io/bundle-version` and
1474 `gateway.networking.k8s.io/channel` annotations.
1475 [#945](https://github.com/kubernetes-sigs/gateway-api/pull/945)
1476- URL Rewrites and Path redirects have been added as new "Experimental" features
1477 [#945](https://github.com/kubernetes-sigs/gateway-api/pull/945)
1478
1479### Bug Fixes
1480
1481- Fixes a problem that would cause webhook deployment to fail on Kubernetes
1482 v1.22 and greater.
1483 [#991](https://github.com/kubernetes-sigs/gateway-api/pull/991)
1484- Fixes a bug where the `Namespace` could be unspecified in `ReferencePolicy`
1485 [#964](https://github.com/kubernetes-sigs/gateway-api/pull/964)
1486- Fixes a bug where v1alpha2 GatewayClass controller names were not being
1487 shown in the output of `kubectl get gatewayclasses`
1488 [#909](https://github.com/kubernetes-sigs/gateway-api/pull/909)
1489
1490### General Improvements
1491
1492- Conformance tests were introduced with [GEP-917][gep-917] and multiple
1493 conformance tests were added from a variety of contributors under the
1494 `conformance/` directory.
1495- The status of the GatewayClass "Accepted" condition for the `GatewayClass`
1496 is now present in `kubectl get` output.
1497 [#1168](https://github.com/kubernetes-sigs/gateway-api/pull/1168)
1498- New `RouteConditionReason` types `RouteReasonNotAllowedByListeners` and
1499 `RouteReasonNoMatchingListenerHostname` were added.
1500 [#1155](https://github.com/kubernetes-sigs/gateway-api/pull/1155)
1501- New `RouteConditionReason` type added with `RouteReasonAccepted`,
1502 `RouteReasonResolvedRefs` and `RouteReasonRefNotPermitted` constants.
1503 [#1114](https://github.com/kubernetes-sigs/gateway-api/pull/1114)
1504- Introduced PreciseHostname which prevents wildcard characters in relevant
1505 Hostname values.
1506 [#956](https://github.com/kubernetes-sigs/gateway-api/pull/956)
1507
1508[gep-917]:https://gateway-api.sigs.k8s.io/geps/gep-917/
1509
1510### Validation Improvements
1511
1512- Webhook validation now ensures that a path match exists when required by path
1513 modifier in filter.
1514 [#1171](https://github.com/kubernetes-sigs/gateway-api/pull/1171)
1515- Webhook validation was added to ensure that only type-appropriate fields are
1516 set in `HTTPPathModifier`.
1517 [#1124](https://github.com/kubernetes-sigs/gateway-api/pull/1124)
1518- The Gateway API webhook is now deployed in a `gateway-system` namespace
1519 instead of `gateway-api`.
1520 [#1051](https://github.com/kubernetes-sigs/gateway-api/pull/1051)
1521- Adds webhook validation to ensure that no HTTP header or query param is
1522 matched more than once in a given route rule. (#1230, @skriss)
1523
1524### Breaking Changes
1525
1526- The v1alpha1 API version was deprecated and removed.
1527 [#1197](https://github.com/kubernetes-sigs/gateway-api/pull/1197)
1528 [#906](https://github.com/kubernetes-sigs/gateway-api/issues/906)
1529- The `NamedAddress` value for `Gateway`'s `spec.addresses[].type` field has
1530 been deprecated, and support for domain-prefixed values (like
1531 `example.com/NamedAddress`) has been added instead to better represent the
1532 custom nature of this support.
1533 [#1178](https://github.com/kubernetes-sigs/gateway-api/pull/1178)
1534- Implementations are now expected to use `500` instead of `503` responses when
1535 the data-plane has no matching route.
1536 [#1151](https://github.com/kubernetes-sigs/gateway-api/pull/1151),
1537 [#1258](https://github.com/kubernetes-sigs/gateway-api/pull/1258)
1538
1539#### UX and Status Improvements
1540
1541The following are **breaking changes** related to status updates and end-user
1542experience changes.
1543
1544- The `UnsupportedExtension` named `ListenerConditionReason` has been removed.
1545 [#1146](https://github.com/kubernetes-sigs/gateway-api/pull/1146)
1546- The `RouteConflict` named `ListenerConditionReason` has been removed.
1547 [#1145](https://github.com/kubernetes-sigs/gateway-api/pull/1145)
1548
1549#### Internal Type Cleanup
1550
1551These changes will only affect implementations. Implementors will need to adjust
1552for the type changes when updating the Gateway API dependency in their projects.
1553
1554**NOTE**: These kinds of changes are not always present in the CHANGELOG so
1555 please be aware that the CHANGELOG is not an exhaustive list of Go
1556 type changes. In this case there were a significant number of changes
1557 in a single release, so we included them for extra visibility for
1558 implementors.
1559
1560- `ReferencePolicy` has been renamed to `ReferenceGrant`.
1561 [#1179](https://github.com/kubernetes-sigs/gateway-api/pull/1179)
1562- `GatewayTLSConfig`'s `CertificateRefs` field is now a slice of pointers to
1563 structs instead of the structs directly.
1564 [#1176](https://github.com/kubernetes-sigs/gateway-api/pull/1176)
1565- `HTTPPathModifier` field `Absolute` renamed to `ReplaceFullPath`
1566 [#1124](https://github.com/kubernetes-sigs/gateway-api/pull/1124)
1567- the `ParentRef` type was renamed to `ParentReference`
1568 [#982](https://github.com/kubernetes-sigs/gateway-api/pull/982)
1569- Types `ConditionRouteAccepted` and `ConditionRouteResolvedRefs` are now
1570 deprecated in favor of `RouteConditionAccepted` & `RouteConditionResolvedRefs`
1571 [#1114](https://github.com/kubernetes-sigs/gateway-api/pull/1114)
1572
1573
1574## v0.5.0-rc2
1575
1576API versions: v1beta1, v1alpha2
1577
1578We expect this to be our final release candidate before launching v0.5.0. This
1579release candidate includes a variety of cleanup and documentation updates.
1580
1581### Webhook
1582
1583- Adds webhook validation to ensure that no HTTP header or query param is
1584 matched more than once in a given route rule. (#1230, @skriss)
1585
1586### Documentation
1587
1588- Add examples and documentation for v1beta1 (#1238, @EmilyShepherd)
1589- Add policy attachment example (#1233, @keithmattix)
1590- Add warning headers for experimental resources/concepts (#1234, @keithmattix)
1591- All Enum API fields have had updates to clarify that we may add values at any
1592 time, and that implementations must handle unknown Enum values. (#1258,
1593 @youngnick)
1594- Spacing has been improved around the documentation of feature-level
1595 core/extended support for better readability and clarity. (#1241, @acnodal-tc)
1596- Update ReferenceGrant docs to include Gateways that reference a Secret in a
1597 different namespace (#1181, @nathancoleman)
1598
1599### Cleanup
1600
1601- ReferencePolicyList Items is an array of ReferencePolicy again (#1239,
1602 @dprotaso)
1603- This release of experimental-install.yaml will apply successfully. Previous
1604 releases had some extraneous yaml. (#1232, @acnodal-tc)
1605- The NamedAddress type is back to support backwards compatibility but it is
1606 still formally deprecated. (#1252, @robscott)
1607
1608## v0.5.0-rc1
1609
1610API versions: v1beta1, v1alpha2
1611
1612This release is all about stability.
1613
1614Changes in this release can largely be divided into the following categories:
1615
1616- Release Channels
1617- Resources graduating to beta
1618- New experimental features
1619- Bug Fixes
1620- General Improvements
1621- Breaking Changes
1622 - Validation improvements
1623 - Internal type cleanup
1624
1625### Release channels
1626
1627In this release, we've made two release channels available, `experimental` and
1628`standard`.
1629
1630The `experimental` channel contains all resources and fields, while `standard`
1631contains only resources that mave moved to beta status.
1632
1633We've also added a way to flag particular fields within a resource as
1634experimental, and any fields marked in this way are only present in the
1635`experimental` channel. Please see the [versioning][vers] docs for a more
1636detailed explanation.
1637
1638One caveat for the standard channel - due to work on the new ReferenceGrant
1639resource: conformance tests may not pass with the `standard` set of CRDs.
1640
1641[vers]:https://gateway-api.sigs.k8s.io/concepts/versioning/
1642
1643### Resources Graduating to BETA
1644
1645The following APIs have been promoted to a `v1beta1` maturity:
1646
1647- `GatewayClass`
1648- `Gateway`
1649- `HTTPRoute`
1650
1651[#1192](https://github.com/kubernetes-sigs/gateway-api/pull/1192)
1652
1653### New Experimental Features
1654
1655- Routes can now select `Gateway` listeners by port number
1656 [#1002](https://github.com/kubernetes-sigs/gateway-api/pull/1002)
1657- Gateway API now includes "Experimental" release channel. Consequently, CRDs now
1658 include `gateway.networking.k8s.io/bundle-version` and
1659 `gateway.networking.k8s.io/channel` annotations.
1660 [#945](https://github.com/kubernetes-sigs/gateway-api/pull/945)
1661- URL Rewrites and Path redirects have been added as new "Experimental" features
1662 [#945](https://github.com/kubernetes-sigs/gateway-api/pull/945)
1663
1664### Bug Fixes
1665
1666- Fixes a problem that would cause webhook deployment to fail on Kubernetes
1667 v1.22 and greater.
1668 [#991](https://github.com/kubernetes-sigs/gateway-api/pull/991)
1669- Fixes a bug where the `Namespace` could be unspecified in `ReferencePolicy`
1670 [#964](https://github.com/kubernetes-sigs/gateway-api/pull/964)
1671- Fixes a bug where v1alpha2 GatewayClass controller names were not being
1672 shown in the output of `kubectl get gatewayclasses`
1673 [#909](https://github.com/kubernetes-sigs/gateway-api/pull/909)
1674
1675### General Improvements
1676
1677- Conformance tests were introduced with [GEP-917][gep-917] and multiple
1678 conformance tests were added from a variety of contributors under the
1679 `conformance/` directory.
1680- The status of the GatewayClass "Accepted" condition for the `GatewayClass`
1681 is now present in `kubectl get` output.
1682 [#1168](https://github.com/kubernetes-sigs/gateway-api/pull/1168)
1683- New `RouteConditionReason` types `RouteReasonNotAllowedByListeners` and
1684 `RouteReasonNoMatchingListenerHostname` were added.
1685 [#1155](https://github.com/kubernetes-sigs/gateway-api/pull/1155)
1686- New `RouteConditionReason` type added with `RouteReasonAccepted`,
1687 `RouteReasonResolvedRefs` and `RouteReasonRefNotPermitted` constants.
1688 [#1114](https://github.com/kubernetes-sigs/gateway-api/pull/1114)
1689- Introduced PreciseHostname which prevents wildcard characters in relevant
1690 Hostname values.
1691 [#956](https://github.com/kubernetes-sigs/gateway-api/pull/956)
1692
1693[gep-917]:https://gateway-api.sigs.k8s.io/geps/gep-917/
1694
1695### Validation Improvements
1696
1697- Webhook validation now ensures that a path match exists when required by path
1698 modifier in filter.
1699 [#1171](https://github.com/kubernetes-sigs/gateway-api/pull/1171)
1700- Webhook validation was added to ensure that only type-appropriate fields are
1701 set in `HTTPPathModifier`.
1702 [#1124](https://github.com/kubernetes-sigs/gateway-api/pull/1124)
1703- The Gateway API webhook is now deployed in a `gateway-system` namespace
1704 instead of `gateway-api`.
1705 [#1051](https://github.com/kubernetes-sigs/gateway-api/pull/1051)
1706
1707### Breaking Changes
1708
1709- The v1alpha1 API version was deprecated and removed.
1710 [#1197](https://github.com/kubernetes-sigs/gateway-api/pull/1197)
1711 [#906](https://github.com/kubernetes-sigs/gateway-api/issues/906)
1712- The `NamedAddress` value for `Gateway`'s `spec.addresses[].type` field has
1713 been deprecated, and support for domain-prefixed values (like
1714 `example.com/NamedAddress`) has been added instead to better represent the
1715 custom nature of this support.
1716 [#1178](https://github.com/kubernetes-sigs/gateway-api/pull/1178)
1717- Implementations are now expected to use `500` instead of `503` responses when
1718 the data-plane has no matching route.
1719 [#1151](https://github.com/kubernetes-sigs/gateway-api/pull/1151)
1720
1721#### UX and Status Improvements
1722
1723The following are **breaking changes** related to status updates and end-user
1724experience changes.
1725
1726- The `UnsupportedExtension` named `ListenerConditionReason` has been removed.
1727 [#1146](https://github.com/kubernetes-sigs/gateway-api/pull/1146)
1728- The `RouteConflict` named `ListenerConditionReason` has been removed.
1729 [#1145](https://github.com/kubernetes-sigs/gateway-api/pull/1145)
1730
1731#### Internal Type Cleanup
1732
1733These changes will only affect implementations. Implementors will need to adjust
1734for the type changes when updating the Gateway API dependency in their projects.
1735
1736**NOTE**: These kinds of changes are not always present in the CHANGELOG so
1737 please be aware that the CHANGELOG is not an exhaustive list of Go
1738 type changes. In this case there were a significant number of changes
1739 in a single release, so we included them for extra visibility for
1740 implementors.
1741
1742- `ReferencePolicy` has been renamed to `ReferenceGrant`.
1743 [#1179](https://github.com/kubernetes-sigs/gateway-api/pull/1179)
1744- `GatewayTLSConfig`'s `CertificateRefs` field is now a slice of pointers to
1745 structs instead of the structs directly.
1746 [#1176](https://github.com/kubernetes-sigs/gateway-api/pull/1176)
1747- `HTTPPathModifier` field `Absolute` renamed to `ReplaceFullPath`
1748 [#1124](https://github.com/kubernetes-sigs/gateway-api/pull/1124)
1749- the `ParentRef` type was renamed to `ParentReference`
1750 [#982](https://github.com/kubernetes-sigs/gateway-api/pull/982)
1751- Types `ConditionRouteAccepted` and `ConditionRouteResolvedRefs` are now
1752 deprecated in favor of `RouteConditionAccepted` & `RouteConditionResolvedRefs`
1753 [#1114](https://github.com/kubernetes-sigs/gateway-api/pull/1114)
1754
1755## v0.4.3
1756
1757API version: v1alpha2
1758
1759This release includes improvements to our webhook, including:
1760
1761* Migrating kube-webhook-certgen to k8s.gcr.io/ingress-nginx:v1.1.1.
1762 [#1126](https://github.com/kubernetes-sigs/gateway-api/pull/1126)
1763* New validation to ensure that a HTTPRouterFilter Type matches its value
1764 [#1071](https://github.com/kubernetes-sigs/gateway-api/pull/1071)
1765* A fix to ensure that Path match validation actually works
1766 [#1071](https://github.com/kubernetes-sigs/gateway-api/pull/1071)
1767
1768## v0.4.2
1769
1770API version: v1alpha2
1771
1772This release is intended to verify our webhook image tagging process.
1773
1774### Bug Fixes
1775
1776* Update image generation process with more consistent naming
1777 [#1034](https://github.com/kubernetes-sigs/gateway-api/pull/1034)
1778
1779## v0.4.1
1780
1781API version: v1alpha2
1782
1783This release contains minor bug fixes for v1alpha2.
1784
1785### Bug Fixes
1786
1787* ControllerName now prints correctly in kubectl output for GatewayClass
1788 [#909](https://github.com/kubernetes-sigs/gateway-api/pull/909)
1789* Namespace can no longer be left unspecified in ReferencePolicy
1790 [#964](https://github.com/kubernetes-sigs/gateway-api/pull/964)
1791* Wildcard characters can no longer be used in redirect Hostname values
1792 [#956](https://github.com/kubernetes-sigs/gateway-api/pull/956)
1793
1794## v0.4.0
1795
1796API version: v1alpha2
1797
1798This release contains significant breaking changes as we strive for a concise
1799API. We anticipate that this API will be very similar to a future v1beta1
1800release.
1801
1802The following changes have been made since v0.3.0:
1803
1804### Major Changes
1805
1806* The Gateway API APIGroup has moved from `networking.x-k8s.io` to
1807 `gateway.networking.k8s.io`. This means that, as far as the apiserver is
1808 concerned, this version is wholly distinct from v1alpha1, and automatic
1809 conversion is not possible. As part of this process, Gateway API is now
1810 subject to Kubernetes API review, the same as changes made to core API
1811 resources. More details in
1812 [#780](https://github.com/kubernetes-sigs/gateway-api/pull/780) and
1813 [#716](https://github.com/kubernetes-sigs/gateway-api/issues/716).
1814
1815* Gateway-Route binding changes ([GEP-724](https://gateway-api.sigs.k8s.io/geps/gep-724/)):
1816 In v1alpha1, Gateways chose which Routes were attached using a combination of
1817 object and namespace selectors, with the option of also specifying object
1818 names. This resulted in a very complex config, that's easy to misinterpret. As
1819 part of v1alpha2, we're changing to:
1820 * Gateways *may* specify what kind of Routes they support (defaults to same
1821 protocol if not specified), and where those Routes can be (defaults to same
1822 namespace).
1823 * Routes *must* directly reference the Gateways the want to attach to, this is
1824 a list, so a Route can attach to more than one Gateway.
1825 * The Route becomes attached only when the specifications intersect.
1826
1827 We believe this is quite a bit easier to understand, and still gives good
1828 flexibility for most use cases.
1829 GEP added in [#725](https://github.com/kubernetes-sigs/gateway-api/pull/725).
1830 Implemented in [#754](https://github.com/kubernetes-sigs/gateway-api/pull/754).
1831 Further documentation was added in [#762](https://github.com/kubernetes-sigs/gateway-api/pull/762).
1832
1833* Safer cross-namespace references ([GEP-709](https://gateway-api.sigs.k8s.io/geps/gep-709/)):
1834 This concerns (currently), references from Routes to Backends, and Gateways to
1835 Secrets. The new behavior is:
1836 * By default, references across namespaces are not permitted; creating a
1837 reference across a namespace (like a Route referencing a Service in another
1838 namespace) must be rejected by implementations.
1839 * These references can be accepted by creating a ReferencePolicy in the
1840 referent (target) namespace, that specifies what Kind is allowed to accept
1841 incoming references, and from what namespace and Kind the references may be.
1842
1843 The intent here is that the owner of the referent namespace must explicitly
1844 accept incoming references, otherwise we can run into all sorts of bad things
1845 from breaking the namespace security model.
1846 Implemented in [#741](https://github.com/kubernetes-sigs/gateway-api/pull/741).
1847
1848* Attaching Policy to objects ([GEP-713](https://gateway-api.sigs.k8s.io/geps/gep-713/)):
1849 This has been added so that we have an extensible mechanism for adding a
1850 cascading set of policy to Gateway API objects.
1851
1852 What policy? Well, it's kind of up to the implementations, but the best example
1853 to begin with is timeout policy.
1854
1855 Timeout policy for HTTP connections is highly dependent on how the underlying
1856 implementation handles policy - it's very difficult to extract commonalities.
1857
1858 This is intended to allow things like:
1859 * Attach a policy that specifies the default connection timeout for backends
1860 to a GatewayClass. All Gateways that are part of that Class will have Routes
1861 get that default connection timeout unless they specify differently.
1862 * If a Gateway that's a member of the GatewayClass has a different default
1863 attached, then that will beat the GatewayClass (for defaults, more specific
1864 object beats less specific object).
1865 * Alternatively, a Policy that mandates that you can't set the client timeout
1866 to "no timeout" can be attached to a GatewayClass as an override. An
1867 override will always take effect, with less specific beating more specific.
1868
1869 This one is a bit complex, but will allow implementations to solve some things
1870 that currently require tools like admission control.
1871 Implemented in [#736](https://github.com/kubernetes-sigs/gateway-api/pull/736).
1872
1873* As part of GEP-713, `BackendPolicy` has been removed, as its functionality is
1874 now better handled using that mechanism.
1875 [#732](https://github.com/kubernetes-sigs/gateway-api/pull/732).
1876
1877* Removal of certificate references from HTTPRoutes ([GEP-746](https://gateway-api.sigs.k8s.io/geps/gep-746/)):
1878 In v1alpha1, HTTPRoute objects have a stanza that allows referencing a TLS
1879 keypair, intended to allow people to have a more self-service model, where an
1880 app owner can provision a TLS keypair inside their own namespace, attach it to
1881 a HTTPRoute they control, and then have that used to secure their app.
1882 When implementing this, however, there are a large number of edge cases that
1883 are complex, hard to handle, and poorly defined - about checking SNI, hostname,
1884 and overrides, that made even writing a spec on how to implement this very
1885 difficult, let alone actually implementing it.
1886
1887 In removing certificate references from HTTPRoute, we're using the
1888 ReferencePolicy from GEP-709 to allow Gateways to securely create a
1889 cross-namespace reference to TLS keypairs in app namespaces.
1890 We're hopeful that this will hit most of the self-service use case, and even
1891 if not, provide a basis to build from to meet it eventually.
1892 GEP added in [#749](https://github.com/kubernetes-sigs/gateway-api/pull/749).
1893 Implemented in [#768](https://github.com/kubernetes-sigs/gateway-api/pull/768).
1894
1895 [GEP-851](https://github.com/kubernetes-sigs/gateway-api/blob/main/geps/gep-851.md)
1896 was a follow up on this change that allowed multiple Certificate Refs per
1897 Gateway Listener. This was implemented in
1898 [#852](https://github.com/kubernetes-sigs/gateway-api/pull/852).
1899
1900* The `RouteForwardTo` (YAML: `routeForwardTo`) struct/stanza has been reworked
1901 into the `BackendRef` (YAML: `backendRef`) struct/stanza,
1902 [GEP-718](https://gateway-api.sigs.k8s.io/geps/gep-718/). As part of this
1903 change, the `ServiceName` (YAML: `serviceName`) field has been removed, and
1904 Service references must instead now use the `BackendRef`/`backendRef`
1905 struct/stanza.
1906
1907### Small Changes
1908* Extension points within match blocks from all Routes have been removed
1909 [#829](https://github.com/kubernetes-sigs/gateway-api/pull/829). Implements
1910 [GEP-820](https://github.com/kubernetes-sigs/gateway-api/blob/main/geps/gep-820.md).
1911 These extension points have been removed because they are currently not used,
1912 are poorly understood, and we don't have good use cases for them. We may
1913 consider re-adding them in the future.
1914
1915* Controller is now a required field in Gateway references from Route status.
1916 [#671](https://github.com/kubernetes-sigs/gateway-api/pull/671).
1917
1918* Header Matching, Query Param Matching, and HTTPRequestHeaderFilter now use
1919 named subobjects instead of maps.
1920 [#657](https://github.com/kubernetes-sigs/gateway-api/pull/657) and
1921 [#681](https://github.com/kubernetes-sigs/gateway-api/pull/681)
1922
1923* [#796](https://github.com/kubernetes-sigs/gateway-api/pull/796) API Review
1924 suggestions:
1925 * listener.routes has been renamed to listener.allowedRoutes
1926 * The `NoSuchGatewayClass` has been removed after it was deprecated in
1927 v1alpha1
1928 * `*` is no longer a valid hostname. Instead, leaving hostname unspecified is
1929 interpreted as `*`.
1930
1931* The `scope` field has been removed from all object references.
1932 [#882](https://github.com/kubernetes-sigs/gateway-api/pull/882)
1933
1934* "Controller" has been renamed to "ControllerName"
1935 [#839](https://github.com/kubernetes-sigs/gateway-api/pull/839)
1936
1937* "Admitted" condition has been renamed to "Accepted" and now defaults to an
1938 "Unknown" state instead of "False"
1939 [#839](https://github.com/kubernetes-sigs/gateway-api/pull/839)
1940
1941* HTTPRequestRedirectFilter's Protocol field has been renamed to Scheme.
1942 [#863](https://github.com/kubernetes-sigs/gateway-api/pull/863)
1943
1944* ImplementationSpecific match types in HTTPRoute's path, query, and header
1945 matches have been removed.
1946 [#850](https://github.com/kubernetes-sigs/gateway-api/pull/850)
1947
1948* The "Prefix" path match type has been renamed "PathPrefix".
1949 [#898](https://github.com/kubernetes-sigs/gateway-api/pull/898)
1950
1951### Small Additions
1952* HTTP Method matching is now added into HTTPRoute, with Extended support:
1953 [#733](https://github.com/kubernetes-sigs/gateway-api/pull/733).
1954
1955* GatewayClass now has a 'Description' field that is printed as a column in
1956 `kubectl get` output. You can now end up with output that looks like this:
1957 ```shell
1958 $> kubectl get gatewayclass
1959 NAME CONTROLLER DESCRIPTION
1960 internal gateway-controller-internal For non-internet-facing Gateways.
1961 external gateway-controller-external For internet-facing Gateways.
1962 ```
1963 See [#610](https://github.com/kubernetes-sigs/gateway-api/issues/610) and
1964 [#653](https://github.com/kubernetes-sigs/gateway-api/pull/653) for the
1965 details.
1966
1967### Validation changes
1968* Ensure TLSConfig is empty when the protocol is HTTP, TCP, or UDP
1969 [#886](https://github.com/kubernetes-sigs/gateway-api/pull/886)
1970* Ensure Hostname is empty when the protocol is TCP or UDP.
1971 [#886](https://github.com/kubernetes-sigs/gateway-api/pull/886)
1972* Listener ProtocolType now has validation.
1973 [#871](https://github.com/kubernetes-sigs/gateway-api/pull/871)
1974* HTTP Path match values are now validated for PathMatchExact and
1975 PathMatchPrefix match types.
1976 [#894](https://github.com/kubernetes-sigs/gateway-api/pull/894)
1977* TLS options keys are now subject to the same validation as Kubernetes
1978 annotations. [#886](https://github.com/kubernetes-sigs/gateway-api/pull/886)
1979* TLS options values now have a max length of 4096 characters.
1980 [#886](https://github.com/kubernetes-sigs/gateway-api/pull/886)
1981* Make `MirrorFilter.BackendRef` a required field when the mirror filter is used
1982 [#837](https://github.com/kubernetes-sigs/gateway-api/pull/837).
1983
1984### Clarifications
1985* Updated guidance on how HTTP and TLS Route status should be populated when
1986 hostnames do not match.
1987 [#859](https://github.com/kubernetes-sigs/gateway-api/pull/859)
1988* Aligned path prefix matching with Ingress by clarifying that it is a prefix of
1989 path elements. [#869](https://github.com/kubernetes-sigs/gateway-api/pull/869)
1990* HTTP listeners may now be used for Cleartext HTTP/2.
1991 [#879](https://github.com/kubernetes-sigs/gateway-api/pull/879)
1992* Added clarification that implementation-specific TLS options MUST be
1993 domain-prefixed.
1994 [#899](https://github.com/kubernetes-sigs/gateway-api/pull/899)
1995
1996### Documentation Updates
1997* [#782](https://github.com/kubernetes-sigs/gateway-api/pull/782) : Restructure docs and split into versioned and unversioned
1998* [#777](https://github.com/kubernetes-sigs/gateway-api/pull/777) : Fix typo
1999* [#765](https://github.com/kubernetes-sigs/gateway-api/pull/765) : document multi-value headers as undefined
2000* [#761](https://github.com/kubernetes-sigs/gateway-api/pull/761) : minor improvements to navigation on docs site
2001* [#760](https://github.com/kubernetes-sigs/gateway-api/pull/760) : Remove references of vendor configurations in GatewayTLSConfig
2002* [#756](https://github.com/kubernetes-sigs/gateway-api/pull/756) : Clarify docs on invalid serviceName
2003* [#755](https://github.com/kubernetes-sigs/gateway-api/pull/755) : Document the supported kubernetes versions
2004* [#745](https://github.com/kubernetes-sigs/gateway-api/pull/745) : Remove RouteTLSConfig requirement for gateway TLS passthrough.
2005* [#744](https://github.com/kubernetes-sigs/gateway-api/pull/744) : automate nav for GEPs
2006* [#743](https://github.com/kubernetes-sigs/gateway-api/pull/743) : Add READY and ADDRESS to gateway printer columns
2007* [#742](https://github.com/kubernetes-sigs/gateway-api/pull/742) : Moving method match to v1alpha2 example
2008* [#729](https://github.com/kubernetes-sigs/gateway-api/pull/729) : Adding suggested reasons for when conditions are healthy
2009* [#728](https://github.com/kubernetes-sigs/gateway-api/pull/728) : Fixing wording in enhancement template
2010* [#723](https://github.com/kubernetes-sigs/gateway-api/pull/723) : Clarifying Redirect Support levels
2011* [#756](https://github.com/kubernetes-sigs/gateway-api/pull/756) : Clarify docs on invalid serviceName
2012* [#880](https://github.com/kubernetes-sigs/gateway-api/pull/880) : Reworking Policy vs. Filter Documentation
2013* [#878](https://github.com/kubernetes-sigs/gateway-api/pull/878) : Clarifying the fields that all Route types must include
2014* [#875](https://github.com/kubernetes-sigs/gateway-api/pull/875) : Fix HTTP path match documentation.
2015* [#864](https://github.com/kubernetes-sigs/gateway-api/pull/864) : Merging v1alpha2 concepts docs into unversioned docs
2016* [#858](https://github.com/kubernetes-sigs/gateway-api/pull/858) : Fixing broken link to spec page
2017* [#857](https://github.com/kubernetes-sigs/gateway-api/pull/857) : Adding missing references pages to docs navigation
2018* [#853](https://github.com/kubernetes-sigs/gateway-api/pull/853) : docs: Use v0.4.0-rc1 in "Getting started with Gateway APIs" for v1alpha2
2019* [#845](https://github.com/kubernetes-sigs/gateway-api/pull/845) : Fix markdown list formatting.
2020* [#844](https://github.com/kubernetes-sigs/gateway-api/pull/844) : docs: add ssl passthrough note in FAQ
2021* [#843](https://github.com/kubernetes-sigs/gateway-api/pull/843) : Add APISIX implementation
2022* [#834](https://github.com/kubernetes-sigs/gateway-api/pull/834) : Fixes some broken links
2023* [#807](https://github.com/kubernetes-sigs/gateway-api/pull/807) : docs: update multiple-ns guide for v1alpha2
2024* [#888](https://github.com/kubernetes-sigs/gateway-api/pull/888) : Corrected broken getting started
2025* [#885](https://github.com/kubernetes-sigs/gateway-api/pull/885) : Fix incorrect urls
2026* [#890](https://github.com/kubernetes-sigs/gateway-api/pull/890) : Updating HTTPRoute docs for v1alpha2
2027* [#870](https://github.com/kubernetes-sigs/gateway-api/pull/870) : Adding guidance on Kind vs. Resource in implementation guidelines
2028* [#865](https://github.com/kubernetes-sigs/gateway-api/pull/865) : Route cleanup for v1alpha2 sig-network review
2029
2030### Tooling and infra updates
2031* [#766](https://github.com/kubernetes-sigs/gateway-api/pull/766) : comment out the GEP notice
2032* [#758](https://github.com/kubernetes-sigs/gateway-api/pull/758) : bump up mkdocs and deps
2033* [#751](https://github.com/kubernetes-sigs/gateway-api/pull/751) : bump up deps to k8s v1.22
2034* [#748](https://github.com/kubernetes-sigs/gateway-api/pull/748) : fix kustomize to install v1a2 crds
2035* [#747](https://github.com/kubernetes-sigs/gateway-api/pull/747) : Cleaning up GEP Template
2036* [#889](https://github.com/kubernetes-sigs/gateway-api/pull/889) : remove outdated version label
2037* [#883](https://github.com/kubernetes-sigs/gateway-api/pull/883) : validating webhook cleanup
2038* [#872](https://github.com/kubernetes-sigs/gateway-api/pull/872) : Remove duplicate validation from CRD & Webhook
2039
2040## v0.4.0-rc2
2041
2042API version: v1alpha2
2043
2044The group expects that this release candidate has no changes before we release
2045v1alpha2 final, but are cutting here to allow implementations a chance to check
2046before we go to the final release.
2047
2048In general, most of the changes below have been made to reduce the complexity of
2049the API for v1alpha2, on the assumption that we can add functionality in later
2050in the API's lifecycle, but cannot remove it.
2051
2052The following changes have been made since v0.4.0-rc1:
2053
2054### GEP implementations
2055* Replace `CertificateRef` field with `CertificateRefs` in `GatewayTLSConfig`.
2056[#852](https://github.com/kubernetes-sigs/gateway-api/pull/852). This implements
2057[GEP-851](https://github.com/kubernetes-sigs/gateway-api/blob/main/geps/gep-851.md),
2058Allow Multiple Certificate Refs per Gateway Listener.
2059* Extension points within match blocks from all Routes have been removed
2060[#829](https://github.com/kubernetes-sigs/gateway-api/pull/829). Implements
2061[GEP-820](https://github.com/kubernetes-sigs/gateway-api/blob/main/geps/gep-820.md).
2062These extension points have been removed because they are currently not used,
2063are poorly understood, and we don't have good use cases for them. We may
2064consider re-adding them in the future.
2065
2066### Field changes
2067* Make `MirrorFilter.BackendRef` a required field when the mirror filter is used
2068[#837](https://github.com/kubernetes-sigs/gateway-api/pull/837).
2069* ImplementationSpecific match types in HTTPRoute's path, query, and header
2070matches have been removed.
2071[#850](https://github.com/kubernetes-sigs/gateway-api/pull/850)
2072* The "Prefix" path match type has been renamed "PathPrefix".
2073* The "ClassName" field in PolicyTargetReference has been removed.
2074* A new optional "Name" field has been added to ReferencePolicyTo.
2075[#898](https://github.com/kubernetes-sigs/gateway-api/pull/898)
2076
2077### Field Renames
2078* "Controller" has been renamed to "ControllerName"
2079* "Admitted" condition has been renamed to "Accepted" and now defaults to an
2080"Unknown" state instead of "False" [#839](https://github.com/kubernetes-sigs/gateway-api/pull/839)
2081* HTTPRequestRedirectFilter's Protocol field has been renamed to Scheme.
2082[#863](https://github.com/kubernetes-sigs/gateway-api/pull/863)
2083
2084
2085### Validation changes
2086* Validation: Ensure TLSConfig is empty when the protocol is HTTP, TCP, or UDP
2087[#886](https://github.com/kubernetes-sigs/gateway-api/pull/886)
2088* Validation: Ensure Hostname is empty when the protocol is TCP or UDP.
2089[#886](https://github.com/kubernetes-sigs/gateway-api/pull/886)
2090* Validation: Listener ProtocolType now has validation.
2091[#871](https://github.com/kubernetes-sigs/gateway-api/pull/871)
2092* Validation: HTTP Path match values are now validated for PathMatchExact and
2093PathMatchPrefix match types. [#894](https://github.com/kubernetes-sigs/gateway-api/pull/894)
2094
2095### Documentation and specification updates
2096* Updated guidance on how HTTP and TLS Route status should be populated when
2097hostnames do not match.
2098[#859](https://github.com/kubernetes-sigs/gateway-api/pull/859)
2099* Aligned path prefix matching with Ingress by clarifying that it is a prefix of
2100path elements. [#869](https://github.com/kubernetes-sigs/gateway-api/pull/869)
2101* HTTP listeners may now be used for Cleartext HTTP/2.
2102[#879](https://github.com/kubernetes-sigs/gateway-api/pull/879)
2103* The `scope` field has been removed from all object references.
2104* ParentRefs can no longer refer to cluster-scoped resources.
2105[#882](https://github.com/kubernetes-sigs/gateway-api/pull/882)
2106* TLS options keys are now subject to the same validation as Kubernetes
2107annotations. [#886](https://github.com/kubernetes-sigs/gateway-api/pull/886)
2108* TLS options values now have a max length of 4096 characters.
2109[#886](https://github.com/kubernetes-sigs/gateway-api/pull/886)
2110* Added clarification that implementation-specific TLS options MUST be domain-prefixed.
2111[#899](https://github.com/kubernetes-sigs/gateway-api/pull/899)
2112
2113### Other changes
2114* [#890](https://github.com/kubernetes-sigs/gateway-api/pull/890) : Updating HTTPRoute docs for v1alpha2
2115* [#889](https://github.com/kubernetes-sigs/gateway-api/pull/889) : remove outdated version label
2116* [#888](https://github.com/kubernetes-sigs/gateway-api/pull/888) : Corrected broken getting started
2117* [#885](https://github.com/kubernetes-sigs/gateway-api/pull/885) : Fix incorrect urls
2118* [#883](https://github.com/kubernetes-sigs/gateway-api/pull/883) : v1alpha2 validation fix/update
2119* [#880](https://github.com/kubernetes-sigs/gateway-api/pull/880) : Reworking Policy vs. Filter Documentation
2120* [#878](https://github.com/kubernetes-sigs/gateway-api/pull/878) : Clarifying the fields that all Route types must include
2121* [#875](https://github.com/kubernetes-sigs/gateway-api/pull/875) : Fix HTTP path match documentation.
2122* [#872](https://github.com/kubernetes-sigs/gateway-api/pull/872) : Remove duplicate validation from CRD & Webhook
2123* [#870](https://github.com/kubernetes-sigs/gateway-api/pull/870) : Adding guidance on Kind vs. Resource in implementation guidelines
2124* [#865](https://github.com/kubernetes-sigs/gateway-api/pull/865) : Route cleanup for v1alpha2 sig-network review
2125* [#864](https://github.com/kubernetes-sigs/gateway-api/pull/864) : Merging v1alpha2 concepts docs into unversioned docs
2126* [#858](https://github.com/kubernetes-sigs/gateway-api/pull/858) : Fixing broken link to spec page
2127* [#857](https://github.com/kubernetes-sigs/gateway-api/pull/857) : Adding missing references pages to docs navigation
2128* [#853](https://github.com/kubernetes-sigs/gateway-api/pull/853) : docs: Use v0.4.0-rc1 in "Getting started with Gateway APIs" for v1alpha2
2129* [#845](https://github.com/kubernetes-sigs/gateway-api/pull/845) : Fix markdown list formatting.
2130* [#844](https://github.com/kubernetes-sigs/gateway-api/pull/844) : docs: add ssl passthrough note in FAQ
2131* [#843](https://github.com/kubernetes-sigs/gateway-api/pull/843) : Add APISIX implementation
2132* [#834](https://github.com/kubernetes-sigs/gateway-api/pull/834) : Fixes some broken links
2133* [#807](https://github.com/kubernetes-sigs/gateway-api/pull/807) : docs: update multiple-ns guide for v1alpha2
2134
2135
2136## v0.4.0-rc1
2137
2138API version: v1alpha2
2139
2140The working group expects that this release candidate is quite close to the final
2141v1alpha2 API. However, breaking API changes are still possible.
2142
2143This release candidate is suitable for implementors, but the working group does
2144not recommend shipping products based on a release candidate API due to the
2145possibility of incompatible changes prior to the final release.
2146
2147### Major Changes
2148
2149* The Gateway API APIGroup has moved from `networking.x-k8s.io` to
2150`gateway.networking.k8s.io`. This means that, as far as the apiserver is
2151concerned, this version is wholly distinct from v1alpha1, and automatic conversion
2152is not possible. As part of this process, Gateway API is now subject to Kubernetes
2153API review, the same as changes made to core API resources. More details in
2154[#780](https://github.com/kubernetes-sigs/gateway-api/pull/780) and [#716](https://github.com/kubernetes-sigs/gateway-api/issues/716).
2155
2156* Gateway-Route binding changes:
2157[GEP-724](https://gateway-api.sigs.k8s.io/geps/gep-724/). Currently, Gateways
2158choose which Routes are attached using a combination of object and namespace
2159selectors, with the option of also specifying object names. This has made a very
2160complex config, that's easy to misinterpret. As part of v1alpha2, we're changing to:
2161 * Gateways *may* specify what kind of Routes they support (defaults to same
2162 protocol if not specified), and where those Routes can be (defaults to same
2163 namespace).
2164 * Routes *must* directly reference the Gateways the want to attach to, this is
2165 a list, so a Route can attach to more than one Gateway.
2166 * The Route becomes attached only when the specifications intersect.
2167
2168 We believe this is quite a bit easier to understand, and still gives good
2169 flexibility for most use cases.
2170 GEP added in [#725](https://github.com/kubernetes-sigs/gateway-api/pull/725).
2171 Implemented in [#754](https://github.com/kubernetes-sigs/gateway-api/pull/754).
2172 Further documentation was added in [#762](https://github.com/kubernetes-sigs/gateway-api/pull/762).
2173
2174
2175* Safer cross-namespace references:
2176([GEP-709](https://gateway-api.sigs.k8s.io/geps/gep-709/)): This concerns
2177(currently), references from Routes to Backends, and Gateways to Secrets. The
2178new behavior is:
2179 * By default, references across namespaces are not permitted; creating a
2180 reference across a namespace (like a Route referencing a Service in another
2181 namespace) must be rejected by implementations.
2182 * These references can be accepted by creating a ReferencePolicy in the
2183 referent (target) namespace, that specifies what Kind is allowed to accept
2184 incoming references, and from what namespace and Kind the references may be.
2185
2186 The intent here is that the owner of the referent namespace must explicitly
2187 accept incoming references, otherwise we can run into all sorts of bad things
2188 from breaking the namespace security model.
2189 Implemented in [#741](https://github.com/kubernetes-sigs/gateway-api/pull/741).
2190
2191* Attaching Policy to objects:
2192[GEP-713](https://gateway-api.sigs.k8s.io/geps/gep-713/): This has been added
2193so that we have an extensible mechanism for adding a cascading set of policy to
2194Gateway API objects.
2195
2196 What policy? Well, it's kind of up to the implementations, but the best example
2197 to begin with is timeout policy.
2198
2199 Timeout policy for HTTP connections is highly dependent on how the underlying
2200 implementation handles policy - it's very difficult to extract commonalities.
2201
2202 This is intended to allow things like:
2203 * Attach a policy that specifies the default connection timeout for backends
2204 to a GatewayClass. All Gateways that are part of that Class will have Routes
2205 get that default connection timeout unless they specify differently.
2206 * If a Gateway that's a member of the GatewayClass has a different default
2207 attached, then that will beat the GatewayClass (for defaults, more specific
2208 object beats less specific object).
2209 * Alternatively, a Policy that mandates that you can't set the client timeout
2210 to "no timeout" can be attached to a GatewayClass as an override. An override
2211 will always take effect, with less specific beating more specific.
2212
2213 This one is a bit complex, but will allow implementations to solve some things
2214 that currently require tools like admission control.
2215 Implemented in [#736](https://github.com/kubernetes-sigs/gateway-api/pull/736).
2216
2217* As part of GEP-713, `BackendPolicy` has been removed, as its functionality is
2218now better handled using that mechanism. [#732](https://github.com/kubernetes-sigs/gateway-api/pull/732).
2219
2220* Removal of certificate references from HTTPRoutes:
2221[GEP-746](https://gateway-api.sigs.k8s.io/geps/gep-746/):
2222 In v1alpha1, HTTPRoute objects have a stanza that allows referencing a TLS
2223 keypair, intended to allow people to have a more self-service model, where an
2224 app owner can provision a TLS keypair inside their own namespace, attach it to
2225 a HTTPRoute they control, and then have that used to secure their app.
2226 When implementing this, however, there are a large number of edge cases that
2227 are complex, hard to handle, and poorly defined - about checking SNI, hostname,
2228 and overrides, that made even writing a spec on how to implement this very
2229 difficult, let alone actually implementing it.
2230
2231 In removing certificate references from HTTPRoute, we're using the
2232 ReferencePolicy from GEP-709 to allow Gateways to securely create a
2233 cross-namespace reference to TLS keypairs in app namespaces.
2234 We're hopeful that this will hit most of the self-service use case, and even
2235 if not, provide a basis to build from to meet it eventually.
2236 GEP added in [#749](https://github.com/kubernetes-sigs/gateway-api/pull/749).
2237 Implemented in [#768](https://github.com/kubernetes-sigs/gateway-api/pull/768).
2238
2239* The `RouteForwardTo` (YAML: `routeForwardTo`) struct/stanza has been reworked
2240into the `BackendRef` (YAML: `backendRef`) struct/stanza,
2241[GEP-718](https://gateway-api.sigs.k8s.io/geps/gep-718/). As part of this change,
2242the `ServiceName` (YAML: `serviceName`) field has been removed, and Service
2243references must instead now use the `BackendRef`/`backendRef` struct/stanza.
2244
2245### Other changes
2246* HTTP Method matching is now added into HTTPRoute, with Extended support:
2247[#733](https://github.com/kubernetes-sigs/gateway-api/pull/733).
2248
2249* GatewayClass now has a 'Description' field that is printed as a column in
2250`kubectl get` output. You can now end up with output that looks like this:
2251 ```shell
2252 $> kubectl get gatewayclass
2253 NAME CONTROLLER DESCRIPTION
2254 internal gateway-controller-internal For non-internet-facing Gateways.
2255 external gateway-controller-external For internet-facing Gateways.
2256 ```
2257 See [#610](https://github.com/kubernetes-sigs/gateway-api/issues/610) and
2258 [#653](https://github.com/kubernetes-sigs/gateway-api/pull/653) for the details.
2259
2260* [#671](https://github.com/kubernetes-sigs/gateway-api/pull/671): Controller is
2261now a required field in Gateway references from Route status. Fixes
2262[#669](https://github.com/kubernetes-sigs/gateway-api/pull/671).
2263
2264* [#657](https://github.com/kubernetes-sigs/gateway-api/pull/657): and
2265[#681](https://github.com/kubernetes-sigs/gateway-api/pull/681) Header Matching,
2266Query Param Matching, and HTTPRequestHeaderFilter now use named subobjects
2267instead of maps.
2268
2269* [#796](https://github.com/kubernetes-sigs/gateway-api/pull/796) API Review suggestions:
2270 * listener.routes has been renamed to listener.allowedRoutes
2271 * The `NoSuchGatewayClass` has been removed after it was deprecated in v1alpha1
2272 * `*` is no longer a valid hostname. Instead, leaving hostname unspecified is interpreted as `*`.
2273
2274### Documentation Updates
2275* [#782](https://github.com/kubernetes-sigs/gateway-api/pull/782) : Restructure docs and split into versioned and unversioned
2276* [#777](https://github.com/kubernetes-sigs/gateway-api/pull/777) : Fix typo
2277* [#765](https://github.com/kubernetes-sigs/gateway-api/pull/765) : document multi-value headers as undefined
2278* [#761](https://github.com/kubernetes-sigs/gateway-api/pull/761) : minor improvements to navigation on docs site
2279* [#760](https://github.com/kubernetes-sigs/gateway-api/pull/760) : Remove references of vendor configurations in GatewayTLSConfig
2280* [#756](https://github.com/kubernetes-sigs/gateway-api/pull/756) : Clarify docs on invalid serviceName
2281* [#755](https://github.com/kubernetes-sigs/gateway-api/pull/755) : Document the supported kubernetes versions
2282* [#745](https://github.com/kubernetes-sigs/gateway-api/pull/745) : Remove RouteTLSConfig requirement for gateway TLS passthrough.
2283* [#744](https://github.com/kubernetes-sigs/gateway-api/pull/744) : automate nav for GEPs
2284* [#743](https://github.com/kubernetes-sigs/gateway-api/pull/743) : Add READY and ADDRESS to gateway printer columns
2285* [#742](https://github.com/kubernetes-sigs/gateway-api/pull/742) : Moving method match to v1alpha2 example
2286* [#729](https://github.com/kubernetes-sigs/gateway-api/pull/729) : Adding suggested reasons for when conditions are healthy
2287* [#728](https://github.com/kubernetes-sigs/gateway-api/pull/728) : Fixing wording in enhancement template
2288* [#723](https://github.com/kubernetes-sigs/gateway-api/pull/723) : Clarifying Redirect Support levels
2289* [#756](https://github.com/kubernetes-sigs/gateway-api/pull/756) : Clarify docs on invalid serviceName
2290
2291### Tooling and infra updates
2292* [#766](https://github.com/kubernetes-sigs/gateway-api/pull/766) : comment out the GEP notice
2293* [#758](https://github.com/kubernetes-sigs/gateway-api/pull/758) : bump up mkdocs and deps
2294* [#751](https://github.com/kubernetes-sigs/gateway-api/pull/751) : bump up deps to k8s v1.22
2295* [#748](https://github.com/kubernetes-sigs/gateway-api/pull/748) : fix kustomize to install v1a2 crds
2296* [#747](https://github.com/kubernetes-sigs/gateway-api/pull/747) : Cleaning up GEP Template
2297
2298
2299## v0.3.0
2300
2301API Version: v1alpha1
2302
2303### API changes
2304
2305#### Gateway
2306- The `NoSuchGatewayClass` status reason has been deprecated.
2307 [#635](https://github.com/kubernetes-sigs/gateway-api/pull/635)
2308
2309#### HTTPRoute
2310- `.spec.rules.matches.path` now has a default `prefix` match on the `/` path.
2311 [#584](https://github.com/kubernetes-sigs/gateway-api/pull/584)
2312- Conflict resolution guidance has been added for rules within a route.
2313 [#620](https://github.com/kubernetes-sigs/gateway-api/pull/620)
2314- HTTPRoute now supports query param matching.
2315 [#631](https://github.com/kubernetes-sigs/gateway-api/pull/631)
2316
2317#### All Route Types
2318- Route status now includes controller name for each Gateway.
2319 [#616](https://github.com/kubernetes-sigs/gateway-api/pull/616)
2320- Conflict resolution guidance has been added for non-HTTP routes.
2321 [#626](https://github.com/kubernetes-sigs/gateway-api/pull/626)
2322
2323#### Misc
2324- Fields of type LocalObjectRef do not default to "secrets". All LocalObjectRef
2325 fields must be specified.
2326 [#570](https://github.com/kubernetes-sigs/gateway-api/pull/570)
2327- CRDs have been added to gateway-api category
2328 [#592](https://github.com/kubernetes-sigs/gateway-api/pull/592)
2329- New "Age" column has been added to all resources in `kubectl get` output.
2330 [#592](https://github.com/kubernetes-sigs/gateway-api/pull/592)
2331- A variety of Go types have been changed to pointers to better reflect their
2332 optional status.
2333 [#564](https://github.com/kubernetes-sigs/gateway-api/pull/564)
2334 [#572](https://github.com/kubernetes-sigs/gateway-api/pull/572)
2335 [#579](https://github.com/kubernetes-sigs/gateway-api/pull/579)
2336
2337#### Validation
2338- A new experimental validation package and validating webhook have been added.
2339 [#597](https://github.com/kubernetes-sigs/gateway-api/pull/597)
2340 [#617](https://github.com/kubernetes-sigs/gateway-api/pull/617)
2341
2342
2343## v0.2.0
2344
2345API Version: v1alpha1
2346
2347### API changes
2348
2349Service APIs has been renamed to Gateway API.
2350[#536](https://github.com/kubernetes-sigs/service-apis/issues/536).
2351
2352
2353#### GatewayClass
2354- The default status condition of GatewayClass resource is now `Admitted:false`
2355 instead of `InvalidParameters:Unknown`.
2356 [#471](https://github.com/kubernetes-sigs/service-apis/pull/471).
2357- `GatewayClass.spec.parametersRef` now has an optional `namespace` field to
2358 refer to a namespace-scoped resource in addition to cluster-scoped resource.
2359 [#543](https://github.com/kubernetes-sigs/service-apis/pull/543).
2360
2361#### Gateway
2362- `spec.listeners[].tls.mode` now defaults to `Terminate`.
2363 [#518](https://github.com/kubernetes-sigs/service-apis/pull/518).
2364- Empty `hostname` in a listener matches all request.
2365 [#525](https://github.com/kubernetes-sigs/service-apis/pull/525).
2366
2367#### HTTPRoute
2368- New `set` property has been introduced for `HTTPRequestHeader` Filter. Headers
2369 specified under `set` are overridden instead of added.
2370 [#475](https://github.com/kubernetes-sigs/service-apis/pull/475).
2371
2372#### Misc
2373- Maximum limit for `forwardTo` has been increased from `4` to `16` for all
2374 route types.
2375 [#493](https://github.com/kubernetes-sigs/service-apis/pull/493).
2376- Various changes have been made in the Kubernetes and Go API to align with
2377 upstream Kubernetes API conventions. Some of the fields have been changed to
2378 pointers in the Go API for this reason.
2379 [#538](https://github.com/kubernetes-sigs/service-apis/pull/538).
2380
2381### Documentation
2382
2383There are minor improvements to docs all around.
2384New guides, clarifications and various typos have been fixed.
2385
2386## v0.1.0
2387
2388API Version: v1alpha1
2389
2390### API changes since v0.1.0-rc2
2391#### GatewayClass
2392- CRD now includes `gc` short name.
2393- Change the standard condition for GatewayClass to `Admitted`, with
2394 `InvalidParameters` as a sample reason for it to be false.
2395
2396#### Gateway
2397- CRD now includes `gtw` short name.
2398- The `DroppedRoutes` condition has been renamed to `DegradedRoutes`.
2399- `ListenerStatus` now includes `Protocol` and `Hostname` to uniquely link the
2400 status to each listener.
2401
2402#### Routes
2403- HTTPRoute clarifications:
2404 - Header name matching must be case-insensitive.
2405 - Match tiebreaking semantics have been outlined in detail.
2406- TCPRoute, TLSRoute, and UDPRoute:
2407 - At least 1 ForwardTo must be specified in each rule.
2408 - Clarification that if no matches are specified, all requests should match a
2409 rule.
2410- TCPRoute and UDPRoute: Validation has been added to ensure that 1-16 rules are
2411 specified, matching other route types.
2412- TLSRoute: SNIs are now optional in matches. If no SNI or extensionRef are
2413 specified, all requests match.
2414
2415#### BackendPolicy
2416- CRD now includes `bp` short name.
2417- A new `networking.x-k8s.io/app-protocol` annotation can be used to specify
2418 AppProtocol on Services when the AppProtocol field is unavailable.
2419
2420
2421## v0.1.0-rc2
2422
2423API Version: v1alpha-rc2
2424
2425### API changes since v0.1.0-rc1
2426#### GatewayClass
2427- A recommendation to set a `gateway-exists-finalizer.networking.x-k8s.io`
2428 finalizer on GatewayClass has been added.
2429- `allowedGatewayNamespaces` has been removed from GatewayClass in favor of
2430 implementations with policy agents like Gatekeeper.
2431
2432#### Gateway
2433- Fields in `listeners.routes` have been renamed:
2434 - `routes.routeSelector` -> `routes.selector`
2435 - `routes.routeNamespaces`-> `routes.namespaces`
2436- `clientCertificateRef` has been removed from BackendPolicy.
2437- In Listeners, `routes.namespaces` now defaults to `{from: "Same"}`.
2438- In Listeners, support has been added for specifying custom, domain prefixed
2439 protocols.
2440- In Listeners, `hostname` now closely matches Route hostname matching with wildcard
2441 support.
2442- A new `UnsupportedAddress` condition has been added to Listeners to indicate
2443 that a requested address is not supported.
2444- Clarification has been added to note that listeners may be merged in certain
2445 instances.
2446
2447#### Routes
2448- HeaderMatchType now includes a RegularExpression option.
2449- Minimum weight has been decreased from 1 to 0.
2450- Port is now required on all Routes.
2451- On HTTPRoute, filters have been renamed:
2452 - `ModifyRequestHeader` -> `RequestHeaderModifier`
2453 - `MirrorRequest` -> `RequestMirror`
2454 - `Custom` -> `ExtensionRef`
2455- TLSRoute can now specify as many as 16 SNIs instead of 10.
2456- Limiting the number of Gateways that may be stored in RouteGatewayStatus to
2457 100.
2458- Support level of filters defined in ForwardTo has been clarified.
2459- Max weight has been increased to 1 million.
2460
2461
2462## v0.1.0-rc1
2463
2464API Version: v1alpha-rc1
2465
2466- Initial release candidate for v1alpha1.
View as plain text