Engineering Release Summary – Gloo 1.3.29 and 1.3.9

Since the release of Gloo 1.3 open source and enterprise on April 15th, we’ve been hard at work working on both improving the current release and preparing for the next one. The current versions are 1.3.29 for open source and 1.3.9 for enterprise. Gloo enterprise is released once a quarter with more frequent updates of Gloo open source. Our updates are categorized in New Features, Fixes, Dependency Bumps and Helm Chart Updates. If you are interested in getting involved, check out the Help Wanted and Good First Issue labels in the GitHub repo. 


Gloo Open Source Updates 1.3.29

We’ve made a number of enhancements and fixes and have upgraded the dependencies as well to Kubernetes 1.17.1 and Helm 3.1.2. Below are some of the highlights from the minor releases since 1.3 to 1.3.29.

Ordering routes across multiple RouteTables with an optional weight field in the RouteTable resource that Gloo inspects to determine the order route tables are to be evaluated when a selector matches multiple ones. This gives the user control over the order that the routes will appear on the final Proxy resource. Gloo processes the route tables matched by a selector in ascending order by weight and collects the routes of each route table in the order they are defined. If multiple route tables define the same weight, Gloo will sort the routes that belong to those tables to avoid short-circuiting and alerts the user by adding a warning to the status of the parent resource (the one that specifies the RouteTableSelector). (

Avoid unnecessary downtime and with safer upgrades default. Gloo will now wait up to five minutes (configurable) for discovery and EDS to warm before propagating config to Envoy, and panic if it does not happen within the warming timeout (

Helm Chart updates provides more options to customize the Gloo system configurations. Add extra custom environment variables to gloo, discovery, gateway, gateway-proxy, ingress, and ingress-proxy deployments (, add custom options for default HTTP and HTTPS gateways (, and add a custom service name for the gateway-proxy ( Define additional volume mounts on the gateway proxy ( Support for ipv4 networks in addition to the default ipv6  ( Specify the IP ranges that are allowed to access the load balancer (  Improved stackdriver log ingestion (

glooctl enhancements improve the end user experience in operating Gloo. Some of these improvements include having: glooctl uninstall cleans up developer portal resources (, glooctl uninstall --all will now properly delete ClusterRoles and ClusterRoleBindings associated with Prometheus (, glooctl check no longer requiring the user to have access to all namespaces and glooctl get vs working without cluster-scoped RBAC permissions (, glooctl check reporting Gloo custom resource status warnings (, and glooctl get displays an error when Gloo is searching for resources in non-existent namespaces ( glooctl check also reports an error when Enterprise Gloo is installed and is reporting a stat indicating it is out of sync with the Rate Limit server ( or any of the data plane components have reported a nack (

Improve system performance by reducing noisy logging, interactions and unnecessary re-syncs in Gloo ( and (


Gloo Enterprise Updates 1.3.9

Gloo enterprise includes all of the enhancements and fixes of open source and provides additional features available with a subscription. The current enterprise version is 1.3.9 and we release major and minor releases on a quarterly basis with patches released as needed to address any issues. 

Expanded logs, stats and healthchecks to improve Gloo operations.  Fixes to the queries used in the default Grafana charts in the Admin UI ( Auth Configs updates to only validate auth configs that are referenced in Virtual Services ( and write a status to Auth Configs Custom Resource for configuration errors ( Extauth healthcheck flake now waits for the extauth server to start before doing the first healthcheck ( New stat is published: glooe_rate_limit_connected_state, 1 if there is a valid rate limit config and 0 if there is an error (

Enhancements and Fixes to the Admin UI and Developer Portal. The domain name for the Developer Portal can be added/edited at any time ( Gloo now correctly proxies the apiserver which serves as a backend for the Gloo Admin UI with the added “true” annotation to the apiserver Kubernetes service, so discovery will set useHttp2 to true on the corresponding upstream. (

For users building their own external auth Go plugins, We now build both the extauth server and the verify-plugins-linux-amd64 script in module-aware mode, which causes all packages to be loaded from the modules cache located at /go/pkg/mod, thus providing for predictable package paths that our toolkit (and yours) can rely on ( 


Getting Started 

Many thanks to the end users and customers for the feedback to help us improve Gloo. Join the community slack to ask questions and we appreciate your feedback via issues and PRs on GitHub. View the changelog for more details. Download Gloo open source, request an enterprise trial, or join us at an upcoming webinar to learn more.