1.8.0 (Oct 4, 2018)¶
Changes¶
access log: added response flag filter to filter based on the presence of Envoy response flags.
access log: added RESPONSE_DURATION and RESPONSE_TX_DURATION.
access log: added REQUESTED_SERVER_NAME for SNI to tcp_proxy and http
admin: added
GET /hystrix_event_stream
as an endpoint for monitoring envoy’s statistics through Hystrix dashboard.cli: added support for component log level command line option for configuring log levels of individual components.
cluster: added option to merge health check/weight/metadata updates within the given duration.
config: regex validation added to limit to a maximum of 1024 characters.
config: v1 disabled by default. v1 support remains available until October via flipping –v2-config-only=false.
config: v1 disabled by default. v1 support remains available until October via deprecated flag –allow-deprecated-v1-api.
config: fixed stat inconsistency between xDS and ADS implementation. update_failure stat is incremented in case of network failure and update_rejected stat is incremented in case of schema/validation error.
config: added a stat connected_state that indicates current connected state of Envoy with management server.
ext_authz: added support for configuring additional authorization headers to be sent from Envoy to the authorization service.
fault: added support for fractional percentages in FaultDelay and in FaultAbort.
grpc-json: added support for building HTTP response from google.api.HttpBody.
health check: added support for custom health check.
health check: added support for specifying jitter as a percentage.
health_check: added support for health check event logging.
health_check: added timestamp to the health check event definition.
health_check: added support for specifying custom request headers to HTTP health checker requests.
http: added support for a per-stream idle timeout. This applies at both connection manager and per-route granularity. The timeout defaults to 5 minutes; if you have other timeouts (e.g. connection idle timeout, upstream response per-retry) that are longer than this in duration, you may want to consider setting a non-default per-stream idle timeout.
http: added upstream_rq_completed counter for total requests completed to dynamic HTTP counters.
http: added downstream_rq_completed counter for total requests completed, including on a per-listener basis.
http: added generic Upgrade support.
http: better handling of HEAD requests. Now sending transfer-encoding: chunked rather than content-length: 0.
http: fixed missing support for appending to predefined inline headers, e.g. authorization, in features that interact with request and response headers, e.g. request_headers_to_add. For example, a request header authorization: token1 will appear as authorization: token1,token2, after having request_headers_to_add with authorization: token2 applied.
http: response filters not applied to early error paths such as http_parser generated 400s.
http: restrictions added to reject :-prefixed pseudo-headers in custom request headers.
http: hpack_table_size now controls dynamic table size of both: encoder and decoder.
http: added support for removing request headers using request_headers_to_remove.
http: added support for a delayed close timeout to mitigate race conditions when closing connections to downstream HTTP clients. The timeout defaults to 1 second.
jwt-authn filter: add support for per route JWT requirements.
listeners: added the ability to match FilterChain using destination_port and prefix_ranges.
lua: added connection() wrapper and ssl() API.
lua: added streamInfo() wrapper and protocol() API.
lua: added streamInfo():dynamicMetadata() API.
network: introduced sni_cluster network filter that forwards connections to the upstream cluster specified by the SNI value presented by the client during a TLS handshake.
proxy_protocol: added support for HAProxy Proxy Protocol v2 (AF_INET/AF_INET6 only).
ratelimit: added support for api/envoy/service/ratelimit/v2/rls.proto. Lyft’s reference implementation of the ratelimit service also supports the data-plane-api proto as of v1.1.0. Envoy can use either proto to send client requests to a ratelimit server with the use of the use_data_plane_proto boolean flag in the ratelimit configuration. Support for the legacy proto source/common/ratelimit/ratelimit.proto is deprecated and will be removed at the start of the 1.9.0 release cycle.
ratelimit: added failure_mode_deny option to control traffic flow in case of rate limit service error.
rbac config: added a principal_name field and removed the old name field to give more flexibility for matching certificate identity.
rbac network filter: a role-based access control network filter has been added.
rest-api: added ability to set the request timeout for REST API requests.
route checker: added v2 config support and removed support for v1 configs.
router: added ability to set request/response headers at the route.Route level.
stats: added option to configure the DogStatsD metric name prefix to DogStatsdSink.
tcp_proxy: added support for weighted clusters.
thrift_proxy: introduced thrift routing, moved configuration to correct location
thrift_proxy: introduced thrift configurable decoder filters
tls: implemented Secret Discovery Service.
tracing: added support for configuration of tracing sampling.
upstream: added configuration option to the subset load balancer to take locality weights into account when selecting a host from a subset.
upstream: require opt-in to use the x-envoy-original-dst-host header for overriding destination address when using the Original Destination load balancing policy.
Deprecated¶
Use of the v1 API (including *.deprecated_v1 fields in the v2 API) is deprecated. See envoy-announce email.
Use of the legacy ratelimit.proto is deprecated, in favor of the proto defined in date-plane-api Prior to 1.8.0, Envoy can use either proto to send client requests to a ratelimit server with the use of the use_data_plane_proto boolean flag in the ratelimit configuration. However, when using the deprecated client a warning is logged.
Use of the –v2-config-only flag.
Use of both use_websocket and websocket_config in route.proto is deprecated. Please use the new upgrade_configs in the HttpConnectionManager instead.
Use of the integer percent field in FaultDelay and in FaultAbort is deprecated in favor of the new FractionalPercent based percentage field.
Setting hosts via hosts field in Cluster is deprecated. Use load_assignment instead.
Use of response_headers_to_* and request_headers_to_add are deprecated at the RouteAction level. Please use the configuration options at the Route level.
Use of runtime in RouteMatch, found in route.proto. Set the runtime_fraction field instead.
Use of the string user field in Authenticated in rbac.proto is deprecated in favor of the new StringMatcher based principal_name field.