docs: generate v1.5 docs

site/content/en/news/releases/notes/v1.5.0-rc1.md → site/content/en/news/releases/notes/v1.5.0.md

@@ -1,28 +1,28 @@
 ---
-title: "v1.5.0-rc1"
-publishdate: 2025-07-30
+title: "v1.5.0"
+publishdate: 2025-08-08
 ---
 
-Date: July 30, 2025
+Date: August 8, 2025
 
 ## Breaking changes
 - Use gateway name as proxy fleet name for gateway namespace mode.
 - Endpoints that are absent from service discovery are removed even if their active health checks succeed.
-- The xDS listener name are now renamed based on its listening port and protocol, instead of the Gateway name and section name. This breaks existing EnvoyPatchPolicies and ExtensionManagers as they depend on the old naming scheme. This change is guarded by the `XDSNameSchemeV2` runtime flag. This flag is disabled by default in v1.5, and it will be enabled in v1.6. We recommend users to migrate their EnvoyPatchPolicies and ExtensionManagers to use the new listener names before v1.6.
+- The xDS listener name are now renamed based on its listening port and protocol, instead of the Gateway name and section name. This breaks existing EnvoyPatchPolicies and ExtensionManagers as they depend on the old naming scheme. This change is guarded by the `XDSNameSchemeV2` runtime flag. This flag is disabled by default in v1.5, and it will be enabled in v1.6. We recommend users to migrate their EnvoyPatchPolicies and ExtensionManagers to use the new listener names before v1.6. Visit [migration guide](../../../v1.5/tasks/extensibility/envoy-patch-policy#xds-name-scheme-v2) to view the new naming scheme.
+- Removed `xds-translator` and `xds-server` values from the `runner` label in `watchable_subscribe_total`. Use `xds` instead.
+- Accessloggers of type ALS now have http2 enabled on the cluster by default.
 
 ## Security updates
-- Disable automountServiceAccountToken for proxy and ratelimit deployments and serviceAccounts
+- Disable automountServiceAccountToken for proxy and ratelimit deployments and serviceAccounts.
 
 ## New features
-- Added support for percentage-based request mirroring
 - Added support for setting `initialJitter` in the BackendTrafficPolicy active health check.
 - Add an option to OIDC authentication to bypass it and defer to JWT when the request contains an "Authorization: Bearer ..." header.
 - Added support for configuring Subject Alternative Names (SANs) for upstream TLS validation via `BackendTLSPolicy.validation.subjectAltNames`.
 - Added support for local rate limit header.
 - Added XDS metadata for clusters and endpoints from xRoutes and referenced backend resources (Backend, Service, ServiceImport).
 - Added support for setting ownerreference to infra resources when enable gateway namespace mode.
 - Added support for configuring hostname in active HTTP healthchecks.
-- Added support for GatewayInfrastructure in gateway namespace mode.
 - Added support for configuring maxConnectionsToAcceptPerSocketEvent in listener via ClientTrafficPolicy.
 - Added support for setting GatewayClass ownerreference to infra resources when all cases except gateway namespace mode.
 - Added support for setting previous priorities retry predicate.
@@ -38,20 +38,20 @@ Date: July 30, 2025
 - Added support for customizing the name of the ServiceAccount used by the Proxy.
 - Added support for custom backendRefs via extension server using PostClusterModify hook.
 - Added support for SecurityPolicy and EnvoyExtensionPolicy to target ServiceImport via BackendRefs.
-- Introduce validation strictness levels for Lua scripts in EnvoyExtensionPolicies.
 - Added metric `watchable_publish_total` counting store events in watchable message queues.
 - Added support for forwarding client ID header and sanitizing API keys for API Key authentication in SecurityPolicy.
-- Accessloggers of type ALS now have http2 enabled on the cluster by default.
-- Extends BackendTLSSettings support to all Backend types.
 - Added support for using ClusterTrustBundle as CA.
 - Added support for using Secret as a source of the OIDC client ID.
 - Added support for listeners and routes in PostTranslateModifyHook extension hook.
 - Added admin console support with web UI for the Envoy Gateway admin server.
 - Added support for configuring Zone Aware Routing via BackendTrafficPolicy.
 - Added support for endpoint override policy based on Header.
+- Added rate limiting support for month and year periods.
+- Introduce validation strictness levels for Lua scripts in EnvoyExtensionPolicies.
+- Extends BackendTLSSettings support to all Backend types.
+- Enhanced route rule support in SecurityPolicy target.
 
 ## Bug fixes
-- Handle integer zone annotation values
 - Fixed issue where WASM cache init failure caused routes with WASM-less EnvoyExtensionPolicies to have 500 direct responses.
 - Fixed issue which UDP listeners were not created in the Envoy proxy config when Gateway was created.
 - Keep ALPN configuration for listeners with overlapping certificates when ALPN is explicitly set in ClientTrafficPolicy.
@@ -69,9 +69,13 @@ Date: July 30, 2025
 - Fixed issue that failed to update policy status when there are more than 16 ancestors.
 - Fixed race condition in watchable.Map Snapshot subscription.
 - Fixed issue where HTTPRoutes with sessionPersistence caused the Envoy listeners to drain.
+- Fixed deployment creation blocking when EnvoyProxy secret is missing.
+- Increased earlyRequestHeaders limit from 16 to 64.
 
 ## Performance improvements
-- 
+- Reduced xDS cluster DNS lookups for improved performance.
+- Combined xds-translator and xds-server runners into xds runner reducing memory by upto 25%
+- Removed custom Equal functions for watchable types by pre sorting Gateway API resources in the provider layer
 
 ## Deprecations
 - 

site/content/en/news/releases/v1.5.md

@@ -0,0 +1,137 @@
+---
+title: Announcing Envoy Gateway v1.5
+subtitle: Minor Update
+linktitle: Release v1.5
+description: Envoy Gateway v1.5 release announcement.
+publishdate: 2025-08-08
+release: v1.5.0
+skip_list: true
+---
+
+We are excited to announce the release of Envoy Gateway v1.5.0.
+
+This release delivers new capabilities across traffic management, security, extensibility, observability, and infrastructure — along with key bug fixes and performance improvements. We extend our thanks to the entire Envoy Gateway community for your ongoing contributions, feedback, and collaboration. Your efforts make each release possible.
+
+| [Release Notes][] | [Docs][docs] | [Compatibility Matrix][matrix] | [Install][] |
+|-------------------|--------------|--------------------------------|--------------|
+
+## What's New
+
+Envoy Gateway v1.5.0 introduces powerful enhancements, resolves critical issues, and lays the groundwork for upcoming changes in v1.6.
+
+---
+
+## 🚨 Breaking Changes
+
+- **Gateway Namespace Mode Naming**: Gateway name is now used as the proxy fleet name when running in gateway namespace mode.
+- **Endpoint Removal Behavior**: Endpoints absent from service discovery are removed even if their active health checks succeed.
+- **xDS Listener Naming**: Listeners are now named based on listening port and protocol instead of Gateway and section names.  
+  - This affects existing `EnvoyPatchPolicies` and `ExtensionManagers`.  
+  - Controlled by the `XDSNameSchemeV2` runtime flag (disabled in v1.5, enabled in v1.6).  
+  - See the [migration guide](../../v1.5/tasks/extensibility/envoy-patch-policy#xds-name-scheme-v2) to prepare.
+- **Metrics Label Change**: Removed `xds-translator` and `xds-server` values from the `runner` label in `watchable_subscribe_total`; use `xds` instead.
+- **ALS Access Loggers**: ALS now has HTTP/2 enabled on the cluster by default.
+
+---
+
+## 🔒 Security Updates
+
+- Disabled `automountServiceAccountToken` for Proxy and RateLimit deployments and their ServiceAccounts.
+
+---
+
+## ✨ New Features
+
+### API & Traffic Management Enhancements
+
+- Added `initialJitter` option to `BackendTrafficPolicy` active health checks.
+- Option to bypass OIDC authentication and defer to JWT when the request includes `Authorization: Bearer ...`.
+- Configure Subject Alternative Names (SANs) for upstream TLS validation via `BackendTLSPolicy.validation.subjectAltNames`.
+- Added local rate limit header support.
+- Added zone-aware routing configuration via `BackendTrafficPolicy`.
+- Added endpoint override policy based on request header.
+- Added rate limiting support for month and year periods.
+- Configure `maxConnectionsToAcceptPerSocketEvent` via `ClientTrafficPolicy`.
+- Configure cluster stat name for `HTTPRoute` and `GRPCRoute` in `EnvoyProxy` CRD.
+- Enhanced route rule support in `SecurityPolicy` targets.
+
+### Security Enhancements
+
+- Client certificate validation (SPKI, hash, SAN) in `ClientTrafficPolicy`.
+- Forward client ID header and sanitize API keys for API Key authentication in `SecurityPolicy`.
+- OIDC RP-initiated logout when end session endpoint is specified or discovered.
+- Configure `SameSite` attribute for OAuth cookies in OIDC authentication.
+- Support for `ClusterTrustBundle` as a CA.
+- Use Kubernetes Secret as the OIDC client ID source.
+- Allow `SecurityPolicy` and `EnvoyExtensionPolicy` to target `ServiceImport` via `BackendRefs`.
+
+### Extensibility
+
+- Added XDS metadata for clusters and endpoints from xRoutes and backend resources.
+- Support for extension server policies in `PostTranslateModify` hook.
+- Support for custom backendRefs via extension server using `PostClusterModify` hook.
+- Support for listeners and routes in `PostTranslateModifyHook`.
+- Validation strictness levels for Lua scripts in `EnvoyExtensionPolicies`.
+- Extended `BackendTLSSettings` support to all Backend types.
+
+### Infrastructure
+
+- Support for setting OwnerReferences to infra resources in gateway namespace mode.
+- Support for GatewayClass OwnerReferences in all other cases.
+- Configure deployment annotations via Helm chart.
+- Customize the name of the ServiceAccount used by the Proxy.
+- Configure hostname in active HTTP health checks.
+- Configure cache sync period for Kubernetes provider.
+- Fallback to first key when loading CA certificate from Secret or ConfigMap.
+- Configure user-provided names for generated HPA and PDB resources.
+- Added admin console with web UI for the Envoy Gateway admin server.
+
+### Observability
+
+- Added metric `watchable_publish_total` counting store events in watchable message queues.
+
+---
+
+## 🐞 Bug Fixes
+
+- Fixed WASM cache initialization failures affecting EnvoyExtensionPolicies without WASM filters.
+- Restored UDP listener creation when Gateway is created.
+- Retained ALPN configuration for listeners with overlapping certificates when explicitly set in `ClientTrafficPolicy`.
+- Fixed `BackendTLSPolicy` SAN type enum handling and namespace reference validation.
+- Fixed SAN overlap detection in listeners.
+- Fixed trailers not sent in `ExtProc` FullDuplexStreamed mode.
+- Fixed validation for `ExtProc` with `failOpen=true` and FullDuplexStreamed mode.
+- Added ConfigMap indexers for Lua change reconciliation in EnvoyExtensionPolicies.
+- Fixed default access log format not applying.
+- Fixed Redis `rateLimit` URL parsing with multiple comma-separated hosts.
+- Fixed DualStack NodePort Gateway addresses in status.
+- Allowed overriding Prometheus annotation in `EnvoyProxy` CRD.
+- Skipped invalid FailOpen configurations for `ExtProc`, `Wasm`, and `ExtAuth`.
+- Fixed policy status update failures with more than 16 ancestors.
+- Fixed race condition in `watchable.Map` Snapshot subscription.
+- Fixed listener drain caused by `HTTPRoute` with sessionPersistence.
+- Fixed deployment creation block when `EnvoyProxy` secret is missing.
+- Increased `earlyRequestHeaders` limit from 16 to 64.
+
+---
+
+## 🚀 Performance Improvements
+
+- Reduced xDS cluster DNS lookups.
+- Combined `xds-translator` and `xds-server` runners into a single `xds` runner, reducing memory usage by up to 25%.
+- Removed custom Equal functions for watchable types by pre-sorting Gateway API resources in the provider layer.
+
+---
+
+## 🛑 Deprecations
+
+- `EnableProxyProtocol` is deprecated, and use `ProxyProtocol` instead in ClientTrafficPolicy
+
+---
+
+We encourage all users to upgrade to v1.5.0 to take advantage of the new features, security improvements, and performance gains, and to prepare for the `XDSNameSchemeV2` migration in v1.6. For full details, see the [Release Notes][] and updated [Documentation][docs].
+
+[Release Notes]: ./notes/v1.5.0.md
+[docs]: https://gateway.envoyproxy.io
+[matrix]: https://gateway.envoyproxy.io/news/releases/matrix/
+[Install]: https://gateway.envoyproxy.io/docs/tasks/quickstart/

site/content/en/v1.5/_index.md

@@ -0,0 +1,15 @@
++++
+title = "Welcome to Envoy Gateway"
+linktitle = "Documentation"
+description = "Envoy Gateway Documents"
+
+[[cascade]]
+type = "docs"
++++
+
+Envoy Gateway is an open source project for managing [Envoy Proxy](https://www.envoyproxy.io/) as a standalone or Kubernetes-based application
+gateway. [Gateway API](https://gateway-api.sigs.k8s.io/) resources are used to dynamically provision and configure the managed Envoy Proxies.
+
+![architecture](/img/traffic.png)
+
+## Ready to get started?

site/content/en/v1.5/api/_index.md

@@ -0,0 +1,5 @@
+---
+title: "API References"
+description: This section includes API References.
+weight: 80
+---