Skip to content

v1.2.0

Latest
Compare
Choose a tag to compare
@mlavacca mlavacca released this 03 Oct 20:24
· 37 commits to main since this release
f735045

On behalf of Kubernetes SIG Network, we are excited to announce the release of v1.2!
This release includes the graduation of 3 features to the standard channel and the introduction of 4 new features to the experimental channel, along with several improvements in many project areas.

Breaking Changes

GRPCRoute and ReferenceGrant v1alpha2 removal

As per a previous deprecation notice, in this version, both Experimental
and Standard channel CRDs will no longer serve the v1alpha2 versions
of GRPCRoute and ReferenceGrant.

  • Disable v1alpha2 versions for GRPCRoute and ReferenceGrant by @youngnick in
    #3361

Upgrades

Before upgrading to Gateway API v1.2, you'll want to confirm that any
implementations of Gateway API have been upgraded to support the v1 API
version of these resources instead of the v1alpha2 API version. Note that
even if you've been using v1 in your YAML manifests, a controller may still be
using v1alpha2 which would cause it to fail during this upgrade.

Once you've confirmed that the implementations you're relying on have upgraded
to v1, it's time to install the v1.2 CRDs. In most cases, this will work without
any additional effort.

If you ran into issues installing these CRDs, it likely means that you have
v1alpha2 in the storedVersions of one or both of these CRDs. This field is
used to indicate which API versions have ever been used to persist one of these
resources. Unfortunately, this field is not automatically pruned. To check these
values, you can run the following commands:

kubectl get crd grpcroutes.gateway.networking.k8s.io -ojsonpath="{.status.storedVersions}"
kubectl get crd referencegrants.gateway.networking.k8s.io -ojsonpath="{.status.storedVersions}"

If either of these return a list that includes "v1alpha2", it means that we need
to manually remove that version from storedVersions.

Before doing that, it would be good to ensure that all your ReferenceGrants and
GRPCRoutes have been updated to the latest storage version:

crds=("GRPCRoutes" "ReferenceGrants")

for crd in "${crds[@]}"; do
  output=$(kubectl get "${crd}" -A -o json)

  echo "$output" | jq -c '.items[]' | while IFS= read -r resource; do
    namespace=$(echo "$resource" | jq -r '.metadata.namespace')
    name=$(echo "$resource" | jq -r '.metadata.name')
    kubectl patch "${crd}" "${name}" -n "${namespace}" --type='json' -p='[{"op": "replace", "path": "/metadata/annotations/migration-time", "value": "'"$(date +%Y-%m-%dT%H:%M:%S)"'" }]'
  done
done

Now that all your ReferenceGrant and GRPCRoute resources have been updated to
use the latest storage version, you can patch the ReferenceGrant and GRPCRoute
CRDs:

kubectl patch customresourcedefinitions referencegrants.gateway.networking.k8s.io --subresource='status' --type='merge' -p '{"status":{"storedVersions":["v1beta1"]}}'
kubectl patch customresourcedefinitions grpcroutes.gateway.networking.k8s.io --subresource='status' --type='merge' -p '{"status":{"storedVersions":["v1"]}}'

With these steps complete, upgrading to the latest GRPCRoute and ReferenceGrant
should work well now.

Experimental Channel: GatewayClass Supported Features

The Experimental supportedFeatures field in GatewayClass status has changed
from being a list of strings to being a list of objects/structs with a name
field.

This is to allow adding in extra information to each entry at a later date.

Relevant PRs:

  • SupportedFeatures field in Gateway Class status are now presented as a list of
    objects by @LiorLieberman in
    #3200

Changes since v1.2.0-rc2

There was one small change since RC2 - the Gateway Infrastructure conformance
test has been marked as provisional as we're not sure that the same-namespace
requirement imposed by this test is necessary. #3373

Release Cycle changes

This was our first release using a new release
cycle
that is
meant to make Gateway API releases more frequent and predictable.

There are now four phases:

  • Scoping: 4-6 weeks, where the maintainers and community determine the set
    of features we want to include in the release. A key deliverable here is
    ensuring that the Experimental channel does not get any bigger than it already
    is; we want to ensure that features make their way to Standard or are removed.
  • GEP Iteration and Review: 5-7 weeks, where we work to update GEPs, and
    solidify and meet graduation criteria for in-scope GEPs.
  • API Refinement and Documentation: 3-5 weeks, where we translate proposed
    changes from GEPs into changes to both the API specification and
    documentation.
  • SIG-Network Review and Release Candidates: 2-4 weeks, where we perform our
    required upstream reviews, get any further required changes in, and release
    our release candidates so that implementations can get started with work on
    the new features asap.

For all the detail about this, please see the Release Cycle
docs
.

Relevant PRs:

Standard Channel Additions and Changes

The Standard channel is Gateway API's set of maximally-stable install files.
Only features with the best testing and support are added to the standard
channel. This channel should be considered GA or stable, and future changes will
be fully backwards compatible.

Infrastructure Labels and Annotations 🎉

GEP-1867 added an
infrastructure stanza to Gateway objects that is intended to carry
infrastructure configuration specific to that Gateway object.

GEP-1762 adds a section for
labels and annotations to this stanza that specifies labels and annotations
to be annotated to all resources created to fulfill that Gateway request.

This feature can be used to affect the labels and annotations created on
LoadBalancer Services by in-cluster implementations to fulfill the Gateway
contract or by Cloud Load Balancing resources created by Cloud Providers.

This feature has graduated to Standard and is now considered GA or Stable.

This feature's name for conformance tests and GatewayClass status reporting is
GatewayInfrastructurePropagation.

This feature's status is Extended, meaning that it is optional for
implementations to support. If you're using Experimental Channel, you can refer
to the supportedFeatures field in the status of any GatewayClass.

Relevant PRs:

  • Remove experimental from gateway infrastructure by @keithmattix in
    #3272
  • Validation for label keys and values according to Kubernetes specification by
    @snorwin in #3284

HTTPRoute Timeouts and Durations 🎉

The HTTPRoute Timeouts field on Route Rules has graduated to Standard and is
now considered GA or Stable.

This field allows you to configure overall Request Timeouts as well as Backend
Request Timeouts. For more information, refer to GEP
1742
.

The relevant feature names this for conformance tests and GatewayClass status
reporting are:

  • HTTPRouteRequestTimeout for httproute.spec.rules[].timeouts.request
  • HTTPRouteBackendTimeout for httproute.spec.rules[].timeouts.backendRequest

This feature's status is Extended, meaning that it is optional for
implementations to support. If you're using Experimental Channel, you can refer
to the supportedFeatures field in the status of any GatewayClass.

Relevant PRs:

BackendProtocol Support 🎉

The previous coordinated work across both Gateway API and upstream Kubernetes
which defined 3 new values for the AppProtocol field on Service Ports has
graduated to Standard and is now considered GA or Stable.

The values are:

  • kubernetes.io/h2c - HTTP/2 over cleartext as described in
    RFC7540
  • kubernetes.io/ws - WebSocket over cleartext as described in
    RFC6445
  • kubernetes.io/wss - WebSocket over TLS as described in
    RFC6455

These can now be used with Gateway API to describe the protocol to use for
connections to Kubernetes Services. For more information, refer to GEP
1911
.

The relevant feature names this for conformance tests and GatewayClass status
reporting are:

  • HTTPRouteBackendProtocolH2C for H2C support, when
    service.spec.ports[].appProtocol is kubernetes.io/h2c.
  • HTTPRouteBackendProtocolWebSocket for Websocket support, when
    service.spec.ports[].appProtocol is kubernetes.io/ws or
    kubernetes.io/wss.

This feature's status is Extended, meaning that it is optional for
implementations to support. If you're using Experimental Channel, you can refer
to the supportedFeatures field in the status of any GatewayClass.

Relevant PRs:

  • Backend Protocol Selection is no longer experimental and is now part of
    HTTPRoute Extended Conformance by @dprotaso in
    #3108

Other Standard channel changes

  • Increased the limit on HTTPRoute matches from 8 to 64 by @howardjohn in
    #3205
  • Adds the GatewayClassConditionReason "Unsupported" and clarifies when
    GatewayClassConditionReason "InvalidParameters" should be preferred by
    @mikemorris in
    #3048
  • HTTPRoute - 503 Status Code MAY be returned for Kubernetes Services who don't
    have any healthy endpoints by @dprotaso in
    #3121
  • Document the route kinds compatible for each protocolType by @abs007 in
    #2263
  • Move GEP-995 to Implementable by @guicassolato in
    #3166
  • Add policy label to BackendLBPolicy to make it recognizable in gwctl by
    @gauravkghildiyal in
    #3195
  • remove unnecessary S in ProtocolType validation by @spacewander in
    #3185

Experimental Channel Additions and Changes

The Experimental Channel is Gateway API's channel for testing out changes and
gaining confidence with them before allowing them to go to Standard.

This channel may include features that are changed or removed later!

HTTPRoute Retry support

GEP-1731 described how to add
configuration of retries on HTTPRoute objects, and in this release, this change
has moved to Experimental.

Please see the GEP reference document or the API reference for the details.

This feature has graduated to Experimental amd should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.

This feature does not currently have a feature name defined.

This feature's status is Extended, meaning that it is optional for
implementations to support.

As there is no feature name or conformance tests available for this feature as
yet, please see your implementation's documentation to see if it is supported.

Relevant PRs:

  • Adds support for configuring retries in HTTPRoute by @mikemorris in
    #3301
  • Adds retry stanza within HTTPRouteRule to configure retrying unsuccessful
    requests to backends before sending a response to a client by @mikemorris in
    #3199

Percentage-based request mirroring

The existing Request Mirroring feature has been enhanced by allowing users to
specify a percentage of requests they'd like mirrored. These changes are
described in GEP-3171.

Please see the GEP reference document or the API reference for the details.

This feature has graduated to Experimental amd should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.

This feature does not currently have a feature name defined.

This feature's status is Extended, meaning that it is optional for
implementations to support.

As there is no feature name or conformance tests available for this feature as
yet, please see your implementation's documentation to see if it is supported.

Relevant PRs:

Improvements to backend TLS configuration

Some changes have been made to Gateway API's support for configuring TLS
connections between the Gateway and backends.

Gateway has a new Experimental field that contains configuration for the client
certificate Gateways should use when connecting to Backends.

The existing BackendTLSPolicy object has had additions as well:

  • Ability to specify SANs on BackendTLSPolicy
  • Add TLS options to BackendTLSPolicy to mirror TLS config on Gateways

See GEP-3155 for all the
details.

This feature has graduated to Experimental amd should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.

This feature does not currently have a feature name defined.

This feature's status is Extended, meaning that it is optional for
implementations to support.

As there is no feature name or conformance tests available for this feature as
yet, please see your implementation's documentation to see if it is supported.

Relevant PRs:

Named Route Rules

All Route Rule types (GRPCRouteRule, HTTPRouteRule, TCPRouteRule, TLSRouteRule
and UDPRouteRule) have had a new, optional name field to support referencing
individual rules by name.

This name, if present, may be used in status and logging to indicate which
route rule is being referenced in messages in a more readable way than an array
index.

This feature has graduated to Experimental amd should now be used for testing
and verification purposes only. Experimental features may be changed or removed
in a future version.

This feature does not currently have a feature name defined.

This feature's status is Extended, meaning that it is optional for
implementations to support.

As there is no feature name or conformance tests available for this feature as
yet, please see your implementation's documentation to see if it is supported.

Relevant PRs:

Other specification changes

Leadership changes

In this release timeframe, Gateway API has been working on building our
contributor pool and promoting more contributors up our contributor ladder.

Congratulations to @mlavacca on being promoted into the core Gateway API
maintainer team!

Thanks to @keithmattix for all your work as one of the GAMMA leads, and
congratulations to @mikemorris on being promoted into the GAMMA lead team.

We've added two new GEP Reviewers: @kflynn and @arkodg

Also promoted in the conformance team:

Last but most certainly not least, @guicassolato has become a reviewer for
gwctl.

Congratulations to everyone on the promotions, and thanks for your continued
contributions to the Gateway API community!

Relevant PRs:

Testing

  • Features have been re-arranged to a struct containing metadata and feature
    Name. The API Channel has been set as a field for such a struct in
    #3287
  • Exposing grpc client interface as a option in the conformance suite in
    #3095

gwctl

In this release, gwctl is moving to a separate repo:
kubernetes-sigs/gwctl. This will
enable a more flexible and independent release process. Significant new updates
are coming to gwctl, follow the new repo for the latest updates on that project.

Although these changes won't be part of Gateway API v1.2 and will instead be
part of the separate gwctl release, we're noting them as they were merged while
the project was part of this repo:

  • Describing Gateways and Backends will include a separate field showing
    InheritedPolicies by @gauravkghildiyal in
    #3198
  • Gwctl allows filtering results to only those related to the specified resource
    (using the --for flag) by @gauravkghildiyal in
    #3068
  • Show Events and Analysis when describing resources by @gauravkghildiyal in
    #3051
  • The output of gwctl describe httproute <NAME> now includes more details by
    @gauravkghildiyal in
    #3181
  • Support wide output format for get commands (-o wide) and Replace Print in
    BackendsPrinter with PrintTable by @deszhou in
    #3129
  • Optimize print and reduce repeated logic. Maintain agreement with print
    methods of other resources @deszhou in
    #3076
  • Outputs ns for gateways in gwctl by @xtineskim in
    #3136
  • gwctl performance improvements by @gauravkghildiyal in
    #3145

Documentation Changes

Testing and Conformance changes

New Contributors

Dependencies

Added

  • cel.dev/expr: v0.15.0
  • github.com/planetscale/vtprotobuf:
    0393e58

Changed

  • cloud.google.com/go/compute/metadata: v0.2.3 → v0.3.0
  • github.com/cespare/xxhash/v2: v2.2.0 →
    v2.3.0
  • github.com/cncf/xds/go: 0fa0005 →
    555b57e
  • github.com/envoyproxy/go-control-plane: v0.12.0 →
    1eb8caa
  • github.com/golang/glog: v1.2.0 →
    v1.2.1
  • github.com/miekg/dns: v1.1.58 →
    v1.1.62
  • golang.org/x/crypto: v0.22.0 → v0.26.0
  • golang.org/x/mod: v0.17.0 → v0.18.0
  • golang.org/x/net: v0.24.0 → v0.28.0
  • golang.org/x/oauth2: v0.19.0 → v0.21.0
  • golang.org/x/sync: v0.7.0 → v0.8.0
  • golang.org/x/sys: v0.19.0 → v0.23.0
  • golang.org/x/telemetry: f48c80b → bda5523
  • golang.org/x/term: v0.19.0 → v0.23.0
  • golang.org/x/text: v0.14.0 → v0.17.0
  • golang.org/x/tools: v0.20.0 → v0.22.0
  • google.golang.org/appengine: v1.6.8 → v1.6.7
  • google.golang.org/genproto/googleapis/api: 6ceb2ff → ef581f9
  • google.golang.org/genproto/googleapis/rpc: 6ceb2ff → ef581f9
  • google.golang.org/genproto: 6ceb2ff → f966b18
  • google.golang.org/grpc/cmd/protoc-gen-go-grpc: v1.3.0 → v1.5.1
  • google.golang.org/grpc: v1.63.2 → v1.66.2
  • google.golang.org/protobuf: v1.33.0 → v1.34.2
  • k8s.io/api: v0.30.0 → v0.31.1
  • k8s.io/apiextensions-apiserver: v0.30.0 → v0.31.1
  • k8s.io/apimachinery: v0.30.0 → v0.31.1
  • k8s.io/client-go: v0.30.0 → v0.31.1
  • k8s.io/code-generator: v0.30.0 → v0.31.1

Removed

  • cloud.google.com/go/compute: v1.24.0