forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path1.8.0.yaml
246 lines (244 loc) · 12.6 KB
/
1.8.0.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
date: October 4, 2018
changes:
- area: access log
change: |
added :ref:`response flag filter <envoy_api_msg_config.filter.accesslog.v2.ResponseFlagFilter>`
to filter based on the presence of Envoy response flags.
- area: access log
change: |
added ``RESPONSE_DURATION`` and ``RESPONSE_TX_DURATION``.
- area: access log
change: |
added ``REQUESTED_SERVER_NAME`` for SNI to tcp_proxy and http.
- area: admin
change: |
added :http:get:`/hystrix_event_stream` as an endpoint for monitoring envoy's statistics
through `Hystrix dashboard <https://github.com/Netflix-Skunkworks/hystrix-dashboard/wiki>`_.
- area: cli
change: |
added support for :ref:`component log level <operations_cli>` command line option for configuring log levels of individual components.
- area: cluster
change: |
added :ref:`option <envoy_api_field_Cluster.CommonLbConfig.update_merge_window>` to merge
health check/weight/metadata updates within the given duration.
- area: config
change: |
regex validation added to limit to a maximum of 1024 characters.
- area: config
change: |
v1 disabled by default. v1 support remains available until October via flipping ``--v2-config-only=false``.
- area: config
change: |
v1 disabled by default. v1 support remains available until October via deprecated flag ``--allow-deprecated-v1-api``.
- area: config
change: |
fixed stat inconsistency between xDS and ADS implementation. :ref:`update_failure <config_cluster_manager_cds>`
stat is incremented in case of network failure and :ref:`update_rejected <config_cluster_manager_cds>` stat is incremented
in case of schema/validation error.
- area: config
change: |
added a stat :ref:`connected_state <management_server_stats>` that indicates current connected state of Envoy with
management server.
- area: ext_authz
change: |
added support for configuring additional :ref:`authorization headers <envoy_api_field_config.filter.http.ext_authz.v2alpha.httpservice.authorization_headers_to_add>`
to be sent from Envoy to the authorization service.
- area: fault
change: |
added support for fractional percentages in :ref:`FaultDelay <envoy_api_field_config.filter.fault.v2.FaultDelay.percentage>`
and in :ref:`FaultAbort <envoy_api_field_config.filter.http.fault.v2.FaultAbort.percentage>`.
- area: grpc-json
change: |
added support for building HTTP response from
`google.api.HttpBody <https://github.com/googleapis/googleapis/blob/master/google/api/httpbody.proto>`_.
- area: health check
change: |
added support for :ref:`custom health check <envoy_api_field_core.HealthCheck.custom_health_check>`.
- area: health check
change: |
added support for :ref:`specifying jitter as a percentage <envoy_api_field_core.HealthCheck.interval_jitter_percent>`.
- area: health_check
change: |
added support for :ref:`health check event logging <arch_overview_health_check_logging>`.
- area: health_check
change: |
added :ref:`timestamp <envoy_api_field_data.core.v2alpha.HealthCheckEvent.timestamp>`
to the :ref:`health check event <envoy_api_msg_data.core.v2alpha.HealthCheckEvent>` definition.
- area: health_check
change: |
added support for specifying :ref:`custom request headers <config_http_conn_man_headers_custom_request_headers>`
to HTTP health checker requests.
- area: http
change: |
added support for a :ref:`per-stream idle timeout
<envoy_api_field_route.RouteAction.idle_timeout>`. This applies at both :ref:`connection manager
<envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.stream_idle_timeout>`
and :ref:`per-route granularity <envoy_api_field_route.RouteAction.idle_timeout>`. The timeout
defaults to 5 minutes; if you have other timeouts (e.g. connection idle timeout, upstream
response per-retry) that are longer than this in duration, you may want to consider setting a
non-default per-stream idle timeout.
- area: http
change: |
added upstream_rq_completed counter for :ref:`total requests completed <config_cluster_manager_cluster_stats_dynamic_http>` to dynamic HTTP counters.
- area: http
change: |
added downstream_rq_completed counter for :ref:`total requests completed <config_http_conn_man_stats>`, including on a :ref:`per-listener basis <config_http_conn_man_stats_per_listener>`.
- area: http
change: |
added generic :ref:`Upgrade support
<envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.upgrade_configs>`.
- area: http
change: |
better handling of HEAD requests. Now sending transfer-encoding: chunked rather than content-length: 0.
- area: http
change: |
fixed missing support for appending to predefined inline headers, e.g.
``authorization``, in features that interact with request and response headers,
e.g. :ref:`request_headers_to_add
<envoy_api_field_route.Route.request_headers_to_add>`. For example, a
request header ``authorization: token1`` will appear as ``authorization:
token1,token2``, after having :ref:`request_headers_to_add
<envoy_api_field_route.Route.request_headers_to_add>` with ``authorization:
token2`` applied.
- area: http
change: |
response filters not applied to early error paths such as http_parser generated 400s.
- area: http
change: |
restrictions added to reject ``:``-prefixed pseudo-headers in :ref:`custom
request headers <config_http_conn_man_headers_custom_request_headers>`.
- area: http
change: |
:ref:`hpack_table_size <envoy_api_field_core.Http2ProtocolOptions.hpack_table_size>` now controls
dynamic table size of both: encoder and decoder.
- area: http
change: |
added support for removing request headers using :ref:`request_headers_to_remove
<envoy_api_field_route.Route.request_headers_to_remove>`.
- area: http
change: |
added support for a :ref:`delayed close timeout <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.delayed_close_timeout>` to mitigate race conditions when closing connections to downstream HTTP clients. The timeout defaults to 1 second.
- area: jwt-authn filter
change: |
add support for per route JWT requirements.
- area: listeners
change: |
added the ability to match :ref:`FilterChain <envoy_api_msg_listener.FilterChain>` using
:ref:`destination_port <envoy_api_field_listener.FilterChainMatch.destination_port>` and
:ref:`prefix_ranges <envoy_api_field_listener.FilterChainMatch.prefix_ranges>`.
- area: lua
change: |
added :ref:`connection() <config_http_filters_lua_connection_wrapper>` wrapper and ``ssl()`` API.
- area: lua
change: |
added :ref:`streamInfo() <config_http_filters_lua_request_info_wrapper>` wrapper and ``protocol()-`` API.
- area: lua
change: |
added :ref:`streamInfo():dynamicMetadata() <config_http_filters_lua_request_info_dynamic_metadata_wrapper>` API.
- area: network
change: |
introduced :ref:`sni_cluster <config_network_filters_sni_cluster>` network filter that forwards connections to the
upstream cluster specified by the SNI value presented by the client during a TLS handshake.
- area: proxy_protocol
change: |
added support for HAProxy Proxy Protocol v2 (AF_INET/AF_INET6 only).
- area: ratelimit
change: |
added support for :repo:`api/envoy/service/ratelimit/v2/rls.proto`.
Lyft's reference implementation of the `ratelimit <https://github.com/envoyproxy/ratelimit>`_ service also supports the data-plane-api proto as of v1.1.0.
Envoy can use either proto to send client requests to a ratelimit server with the use of the
``use_data_plane_proto`` boolean flag in the ratelimit configuration.
Support for the legacy proto ``source/common/ratelimit/ratelimit.proto`` is deprecated and will be removed at the start of the 1.9.0 release cycle.
- area: ratelimit
change: |
added :ref:`failure_mode_deny <envoy_api_msg_config.filter.http.rate_limit.v2.RateLimit>` option to control traffic flow in
case of rate limit service error.
- area: rbac config
change: |
added a :ref:`principal_name <envoy_api_field_config.rbac.v2alpha.principal.authenticated.principal_name>` field and
removed the old ``name`` field to give more flexibility for matching certificate identity.
- area: rbac network filter
change: |
a :ref:`role-based access control network filter <config_network_filters_rbac>` has been added.
- area: rest-api
change: |
added ability to set the :ref:`request timeout <envoy_api_field_core.ApiConfigSource.request_timeout>` for REST API requests.
- area: route checker
change: |
added v2 config support and removed support for v1 configs.
- area: router
change: |
added ability to set request/response headers at the :ref:`v1.8:envoy_api_msg_route.Route` level.
- area: stats
change: |
added :ref:`option to configure the DogStatsD metric name prefix <envoy_api_field_config.metrics.v2.DogStatsdSink.prefix>` to DogStatsdSink.
- area: tcp_proxy
change: |
added support for :ref:`weighted clusters <envoy_api_field_config.filter.network.tcp_proxy.v2.TcpProxy.weighted_clusters>`.
- area: thrift_proxy
change: |
introduced thrift routing, moved configuration to correct location.
- area: thrift_proxy
change: |
introduced thrift configurable decoder filters.
- area: tls
change: |
implemented :ref:`Secret Discovery Service <config_secret_discovery_service>`.
- area: tracing
change: |
added support for configuration of :ref:`tracing sampling
<envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.tracing>`.
- area: upstream
change: |
added configuration option to the subset load balancer to take locality weights into account when
selecting a host from a subset.
- area: upstream
change: |
require opt-in to use the :ref:`x-envoy-original-dst-host <config_http_conn_man_headers_x-envoy-original-dst-host>` header
for overriding destination address when using the :ref:`Original Destination <arch_overview_load_balancing_types_original_destination>`
load balancing policy.
deprecated:
- area: api
change: |
Use of the v1 API (including ``*.deprecated_v1`` fields in the v2 API) is deprecated.
See envoy-announce `email <https://groups.google.com/forum/#!topic/envoy-announce/oPnYMZw8H4U>`_.
- area: rate_limiting
change: |
Use of the legacy
`ratelimit.proto <https://github.com/envoyproxy/envoy/blob/b0a518d064c8255e0e20557a8f909b6ff457558f/source/common/ratelimit/ratelimit.proto>`_
is deprecated, in favor of the proto defined in
`date-plane-api <https://github.com/envoyproxy/envoy/blob/main/api/envoy/service/ratelimit/v2/rls.proto>`_
Prior to 1.8.0, Envoy can use either proto to send client requests to a ratelimit server with the use of the
``use_data_plane_proto`` boolean flag in the `ratelimit configuration <https://github.com/envoyproxy/envoy/blob/main/api/envoy/config/ratelimit/v2/rls.proto>`_.
However, when using the deprecated client a warning is logged.
- area: options
change: |
Use of the ``--v2-config-only`` flag.
- area: websockets
change: |
Use of both ``use_websocket`` and ``websocket_config`` in
`route.proto <https://github.com/envoyproxy/envoy/blob/main/api/envoy/api/v2/route/route.proto>`_
is deprecated. Please use the new ``upgrade_configs`` in the
`HttpConnectionManager <https://github.com/envoyproxy/envoy/blob/main/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto>`_
instead.
- area: fault_delay
change: |
Use of the integer ``percent`` field in `FaultDelay <https://github.com/envoyproxy/envoy/blob/main/api/envoy/config/filter/fault/v2/fault.proto>`_
and in `FaultAbort <https://github.com/envoyproxy/envoy/blob/main/api/envoy/config/filter/http/fault/v2/fault.proto>`_ is deprecated in favor
of the new ``FractionalPercent`` based ``percentage`` field.
- area: clusters
change: |
Setting hosts via ``hosts`` field in ``Cluster`` is deprecated. Use ``load_assignment`` instead.
- area: routing
change: |
Use of ``response_headers_to_*`` and ``request_headers_to_add`` are deprecated at the ``RouteAction``
level. Please use the configuration options at the ``Route`` level.
- area: routing
change: |
Use of ``runtime`` in ``RouteMatch``, found in
`route.proto <https://github.com/envoyproxy/envoy/blob/main/api/envoy/api/v2/route/route.proto>`_.
Set the ``runtime_fraction`` field instead.
- area: rbac
change: |
Use of the string ``user`` field in ``Authenticated`` in `rbac.proto <https://github.com/envoyproxy/envoy/blob/release/v1.8/api/envoy/config/rbac/v2alpha/rbac.proto>`_
is deprecated in favor of the new ``StringMatcher`` based ``principal_name`` field.