Merge branch 'main' into rolds/envoy_large_validation

solo-io · Nov 18, 2024 · c6b0908 · c6b0908
2 parents ec7e518 + 3f99c52
commit c6b0908
Show file tree

Hide file tree

Showing 167 changed files with 4,051 additions and 14,342 deletions.
diff --git a/changelog/v1.18.0-beta35/bump-kubectl-image.yaml b/changelog/v1.18.0-beta35/bump-kubectl-image.yaml
@@ -0,0 +1,6 @@
+changelog:
+  - type: FIX
+    issueLink: https://github.com/solo-io/gloo-mesh-enterprise/issues/19119
+    resolvesIssue: false
+    description: >-
+      Bump the kubectl image from 1.29.6 to to 1.31.1 to address CVE-2023-45288.
diff --git a/changelog/v1.18.0-beta35/deprecate-graphql.yaml b/changelog/v1.18.0-beta35/deprecate-graphql.yaml
@@ -0,0 +1,6 @@
+changelog:
+  - type: FIX
+    issueLink: https://github.com/solo-io/solo-projects/issues/7159
+    resolvesIssue: false
+    description: >-
+      The GraphQL feature of Gloo Gateway is deprecated and will be removed in a future release
diff --git a/changelog/v1.18.0-beta35/helm-doc-gen.yaml b/changelog/v1.18.0-beta35/helm-doc-gen.yaml
@@ -0,0 +1,6 @@
+changelog:
+  - type: NON_USER_FACING
+    issueLink: https://github.com/solo-io/solo-projects/issues/6888
+    resolvesIssue: false
+    description: >-
+      Update helm public docs generation to work from main branch and only pull in released changes
diff --git a/changelog/v1.18.0-beta35/portal-auth-api.yaml b/changelog/v1.18.0-beta35/portal-auth-api.yaml
@@ -0,0 +1,6 @@
+changelog:
+  - type: NEW_FEATURE
+    issueLink: https://github.com/solo-io/solo-projects/issues/7170
+    resolvesIssue: false
+    description: >-
+      Add API for configuring authentication for APIs managed by Gloo Portal.
diff --git a/changelog/v1.18.0-beta35/remove-external-apis.yaml b/changelog/v1.18.0-beta35/remove-external-apis.yaml
@@ -0,0 +1,11 @@
+changelog:
+  - type: FIX
+    issueLink: https://github.com/solo-io/solo-projects/issues/6768
+    resolvesIssue: false
+    description: >-
+      Remove docs for external APIs
+  - type: DEPENDENCY_BUMP
+    dependencyOwner: solo-io
+    dependencyRepo: solo-kit
+    dependencyTag: v0.36.2
+    issueLink: https://github.com/solo-io/solo-projects/issues/6768
diff --git a/changelog/v1.18.0-beta35/remove-hardcoded-namespace-in-tracing-test-master.yaml b/changelog/v1.18.0-beta35/remove-hardcoded-namespace-in-tracing-test-master.yaml
@@ -0,0 +1,6 @@
+changelog:
+  - type: NON_USER_FACING
+    issueLink: https://github.com/solo-io/solo-projects/issues/7223
+    resolvesIssue: true
+    description: >-
+      Remove hard-coded namespaces from the tracing tests. This issue is causing tests to pass in OSS gloo, but fail in solo-projects.
diff --git a/docs/build-docs.sh b/docs/build-docs.sh
@@ -265,11 +265,6 @@ firebaseJson=$(cat <<EOF
         "destination": "/gloo-edge/:version/reference/api/github.com/solo-io/gloo/projects/gateway/api/v1/virtual_service.proto.sk/",
         "type":"301"
       },
-      {
-        "source": "/gloo-edge/:version/v1/github.com/solo-io/gloo/projects/gloo/api/v1/plugins/transformation/transformation.proto.sk/",
-        "destination": "/gloo-edge/:version/reference/api/github.com/solo-io/gloo/projects/gloo/api/external/envoy/extensions/transformation/transformation.proto.sk/",
-        "type":"301"
-      },
       {
         "source": "/gloo-edge/:version/v1/github.com/solo-io/gloo/projects/gloo/api/v1/proxy.proto.sk/",
         "destination": "/gloo-edge/:version/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/proxy.proto.sk/",

diff --git a/docs/cmd/generate_docs.go b/docs/cmd/generate_docs.go
@@ -454,11 +454,9 @@ func fetchEnterpriseHelmValues(_ []string) error {
 	if err != nil {
 		return err
 	}
-	version, err := semver.NewVersion(string(semverReleaseTag))
-	if err != nil {
-		return err
-	}
-	minorReleaseTag := fmt.Sprintf("v%d.%d.x", version.Major(), version.Minor())
+
+	minorReleaseTag := "v" + string(semverReleaseTag)
+
 	files, err := githubutils.GetFilesFromGit(ctx, client, repoOwner, glooEnterpriseRepo, minorReleaseTag, path)
 	if err != nil {
 		return err

diff --git a/docs/content/guides/graphql/_index.md b/docs/content/guides/graphql/_index.md
@@ -6,6 +6,9 @@ description: Enable GraphQL resolution.
 
 Set up API gateway and GraphQL server functionality for your apps in the same process by using Gloo Gateway.
 
+{{% notice warning %}}
+This feature is deprecated in Gloo Gateway 1.18 and will be removed in a future release
+{{% /notice %}}
 {{% notice note %}}
 This feature is available only in Gloo Gateway Enterprise.
 {{% /notice %}}

diff --git a/docs/content/guides/security/csrf/_index.md b/docs/content/guides/security/csrf/_index.md
@@ -440,4 +440,4 @@ x-envoy-upstream-service-time: 2
 
 In this guide, we described what is Cross Site Request Forgery (CSRF) and approaches for dealing with these attacks.  We delved into one Gloo Gateway approach that directly uses an integrated Envoy filter.
 
-For more information, check out both the [Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/csrf_filter#config-http-filters-csrf) and [Gloo docs]({{% versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gloo/api/external/envoy/extensions/filters/http/csrf/v3/csrf.proto.sk/" %}}).
+For more information, check out the [Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/csrf_filter#config-http-filters-csrf).
diff --git a/docs/content/guides/security/waf/_index.md b/docs/content/guides/security/waf/_index.md
@@ -27,15 +27,14 @@ You have several options for using ModSecurity to write WAF policies:
 * Use publicly available rule sets that provide a generic set of detection rules to protect against the most common security threats. For example, the [OWASP Core Rule Set](https://github.com/coreruleset/coreruleset) is an open source project that protects apps against a wide range of attacks, including the "OWASP Top Ten."
 * Write your own custom rules by following the [ModSecurity rules language](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-(v3.x)). For examples, see [Configure WAF policies](#configure-waf-policies).
 
-For more information, see the [Gloo API docs]({{% versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gloo/api/external/envoy/extensions/waf/waf.proto.sk/" %}}).
 
 ### Understand the WAF API {#about-api}
 
 The WAF filter supports a list of `RuleSet` objects which are loaded into the ModSecurity library.  The Gloo Gateway API has a few conveniences built on top of that to allow easier access to the OWASP Core Rule Set (via the [`coreRuleSet`](#core-rule-set) field). 
 
 You can disable each rule set on a route independently of other rule sets. Rule sets are applied on top of each other in order. This order means that later rule sets overwrite any conflicting rules in previous rule sets. For more fine-grained control, you can add a custom `rule_str`, which is applied after any files of rule sets.
 
-Review the following `RuleSet` API example and explanation. For more information, see the [Gloo API docs]({{% versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gloo/api/external/envoy/extensions/waf/waf.proto.sk/" %}}).
+Review the following `RuleSet`
 
 ```proto
 message ModSecurity {
@@ -429,7 +428,7 @@ of envoy's access logging. This means that directives that configure the audit e
 This is **intentional** - to make sure that ModSecurity doesn't degrade
 envoy performance. While the way we emit the logs is different, you have _all the features_ that 
 ModSecurity audit-logging provides:
-- You can use the `action` property of the [audit logging configuration]({{% versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gloo/api/external/envoy/extensions/waf/waf.proto.sk/#auditlogging" %}}) instead of [SecAuditEngine](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#SecAuditEngine) to choose when to log.
+- You can use the `action` property of the audit logging configuration instead of [SecAuditEngine](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#SecAuditEngine) to choose when to log.
 - You can still use the [SecAuditLogParts](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#SecAuditLogParts), 
 [SecAuditLogRelevantStatus](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#SecAuditLogRelevantStatus) and (assuming action is RELEVANT_ONLY) `noauditlog` features of ModSecurity.
 - The format of the log is controlled by [SecAuditLogFormat](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#SecAuditLogFormat).
@@ -451,8 +450,7 @@ is better for your specific use-case.
 
 Let's see this in action!
 
-To enable audit logging, edit the [auditLogging]({{% versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gloo/api/external/envoy/extensions/waf/waf.proto.sk/#auditlogging" %}}) field in your 
-[WAF settings]({{% versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/waf/waf.proto.sk/#settings" %}}).
+To enable audit logging, edit the auditLogging field in your WAF settings.
 
 For example, lets edit our `VirtualService` with some
 rules and audit logging:

diff --git a/docs/content/guides/traffic_management/buffering/_index.md b/docs/content/guides/traffic_management/buffering/_index.md
@@ -31,7 +31,7 @@ You can configure a maximum payload size on a gateway (`perConnectionBufferLimit
 
 ## Route
 
-You can set buffer limits and other connection options with the [Buffer]({{< versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gloo/api/external/envoy/extensions/filters/http/buffer/v3/buffer.proto.sk/" >}}) settings in the options of a [Route]({{< versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gateway/api/v1/virtual_service.proto.sk/#route" >}}) in a [RouteTable]({{< versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gateway/api/v1/route_table.proto.sk/" >}}).
+You can set buffer limits and other connection options with the Buffer settings in the options of a [Route]({{< versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gateway/api/v1/virtual_service.proto.sk/#route" >}}) in a [RouteTable]({{< versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gateway/api/v1/route_table.proto.sk/" >}}).
 
 ```yaml
 apiVersion: gateway.solo.io/v1

diff --git a/docs/content/installation/advanced_configuration/gzip.md b/docs/content/installation/advanced_configuration/gzip.md
@@ -43,8 +43,6 @@ spec:
 
 Once that is saved, you're all set. Traffic on the http gateway will call the gzip filter.
 
-You can learn about the configuration options [here]({{< versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gloo/api/external/envoy/config/filter/http/gzip/v2/gzip.proto.sk" >}}).
-
 More information about the Gzip filter can be found in the [relevant Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/gzip_filter). If data is not being compressed, you may want to check that all the necessary conditions for the Envoy filter are met.
 See the [How it works](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/gzip_filter#how-it-works)
 section for information on when compression will be skipped.

diff --git a/docs/content/introduction/traffic_filter.md b/docs/content/introduction/traffic_filter.md
@@ -103,7 +103,7 @@ Review the following diagram of how Gloo Gateway filters traffic, depending on w
     * **CORS**: See the [Cross-origin resources sharing security guide]({{% versioned_link_path fromRoot="/guides/security/cors/" %}}).
     * **DLP**: See the [Data loss prevention security guide]({{% versioned_link_path fromRoot="/guides/security/data_loss_prevention/" %}}).
     * **WAF**: See the [Web application firewall security guide]({{% versioned_link_path fromRoot="/guides/security/waf/" %}}).
-    * **Sanitize**: See the [sanitize proto reference]({{% versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gloo/api/external/envoy/extensions/extauth/sanitize.proto.sk/" %}}).
+    * **Sanitize**
 4.  **Filters only after external auth**: Review the information about other filters that you can apply only after external auth.
     * **RBAC**: Note that the RBAC filter requires the `JwtStaged` filter. See the [RBAC proto reference]({{% versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/rbac/rbac.proto.sk/" %}}).
     * **gRPC-web**: See the [gRPC web guide]({{% versioned_link_path fromRoot="/guides/traffic_management/listener_configuration/grpc_web/" %}}).

diff --git a/docs/content/operations/advanced/zero-downtime-gateway-rollout/_index.md b/docs/content/operations/advanced/zero-downtime-gateway-rollout/_index.md
@@ -82,8 +82,6 @@ In the previous example, `Upstream` pings are issued every 2 seconds. You might
 ```
 {{< /highlight >}}
 
-For more information, see the [health check API documentation]({{% versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gloo/api/external/envoy/api/v2/core/health_check.proto.sk/#healthcheck" %}}).
-
 [Retries]({{% versioned_link_path fromRoot="/guides/traffic_management/request_processing/retries/" %}}) are configured on `VirtualServices` at the route level:
 
 {{< highlight yaml "hl_lines=17" >}}

diff --git a/docs/content/operations/production_deployment/_index.md b/docs/content/operations/production_deployment/_index.md
@@ -285,7 +285,7 @@ Also, consider using `retries` on your _routes_. The default value for this attr
 
 ### Proxy latency filter
 
-In the `httpGateway.options` section of your Gateway resource, you can enable the proxy latency filter. This Envoy filter measures the request and response latency incurred by the filter chain in additional histograms and access log parameters. For more information about the `proxyLatency` section, see the [API reference]({{% versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gloo/api/external/envoy/extensions/proxylatency/proxylatency.proto.sk/#proxylatency" %}}).
+In the `httpGateway.options` section of your Gateway resource, you can enable the proxy latency filter. This Envoy filter measures the request and response latency incurred by the filter chain in additional histograms and access log parameters.
 
 ### Grafana dashboards
 

diff --git a/docs/content/reference/api/envoy/api/v2/route/route.proto.sk.md b/docs/content/reference/api/envoy/api/v2/route/route.proto.sk.md
diff --git a/...ference/api/github.com/solo-io/gloo/projects/gateway/api/v1/gateway.proto.sk.md b/...ference/api/github.com/solo-io/gloo/projects/gateway/api/v1/gateway.proto.sk.md
diff --git a/...hub.com/solo-io/gloo/projects/gateway/api/v1/matchable_http_gateway.proto.sk.md b/...hub.com/solo-io/gloo/projects/gateway/api/v1/matchable_http_gateway.proto.sk.md
Original file line number	Diff line number	Diff line change
Expand Up		@@ -440,4 +440,4 @@ x-envoy-upstream-service-time: 2

		In this guide, we described what is Cross Site Request Forgery (CSRF) and approaches for dealing with these attacks. We delved into one Gloo Gateway approach that directly uses an integrated Envoy filter.

		For more information, check out both the [Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/csrf_filter#config-http-filters-csrf) and [Gloo docs]({{% versioned_link_path fromRoot="/reference/api/github.com/solo-io/gloo/projects/gloo/api/external/envoy/extensions/filters/http/csrf/v3/csrf.proto.sk/" %}}).
		For more information, check out the [Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/csrf_filter#config-http-filters-csrf).