1.8.0 (October 4, 2018)¶
Changes¶
access log: added response flag filter to filter based on the presence of Envoy response flags.
access log: added
REQUESTED_SERVER_NAME
for SNI to tcp_proxy and http.access log: added
RESPONSE_DURATION
andRESPONSE_TX_DURATION
.admin: added
GET /hystrix_event_stream
as an endpoint for monitoring envoy’s statistics through Hystrix dashboard.cli: added support for component log level command line option for configuring log levels of individual components.
cluster: added option to merge health check/weight/metadata updates within the given duration.
config: added a stat connected_state that indicates current connected state of Envoy with management server.
config: fixed stat inconsistency between xDS and ADS implementation. update_failure stat is incremented in case of network failure and update_rejected stat is incremented in case of schema/validation error.
config: regex validation added to limit to a maximum of 1024 characters.
config: v1 disabled by default. v1 support remains available until October via deprecated flag
--allow-deprecated-v1-api
.config: v1 disabled by default. v1 support remains available until October via flipping
--v2-config-only=false
.ext_authz: added support for configuring additional authorization headers to be sent from Envoy to the authorization service.
fault: added support for fractional percentages in FaultDelay and in FaultAbort.
grpc-json: added support for building HTTP response from google.api.HttpBody.
health check: added support for custom health check.
health check: added support for specifying jitter as a percentage.
health_check: added timestamp to the health check event definition.
health_check: added support for health check event logging.
health_check: added support for specifying custom request headers to HTTP health checker requests.
http: hpack_table_size now controls dynamic table size of both: encoder and decoder.
http: added downstream_rq_completed counter for total requests completed, including on a per-listener basis.
http: added generic Upgrade support.
http: added support for a delayed close timeout to mitigate race conditions when closing connections to downstream HTTP clients. The timeout defaults to 1 second.
http: added support for a per-stream idle timeout. This applies at both connection manager and per-route granularity. The timeout defaults to 5 minutes; if you have other timeouts (e.g. connection idle timeout, upstream response per-retry) that are longer than this in duration, you may want to consider setting a non-default per-stream idle timeout.
http: added support for removing request headers using request_headers_to_remove.
http: added upstream_rq_completed counter for total requests completed to dynamic HTTP counters.
http: better handling of HEAD requests. Now sending transfer-encoding: chunked rather than content-length: 0.
http: fixed missing support for appending to predefined inline headers, e.g.
authorization
, in features that interact with request and response headers, e.g. request_headers_to_add. For example, a request headerauthorization: token1
will appear asauthorization: token1,token2
, after having request_headers_to_add withauthorization: token2
applied.http: response filters not applied to early error paths such as http_parser generated 400s.
http: restrictions added to reject
:
-prefixed pseudo-headers in custom request headers.jwt-authn filter: add support for per route JWT requirements.
listeners: added the ability to match FilterChain using destination_port and prefix_ranges.
lua: added connection() wrapper and
ssl()
API.lua: added streamInfo() wrapper and
protocol()-
API.lua: added streamInfo():dynamicMetadata() API.
network: introduced sni_cluster network filter that forwards connections to the upstream cluster specified by the SNI value presented by the client during a TLS handshake.
proxy_protocol: added support for HAProxy Proxy Protocol v2 (AF_INET/AF_INET6 only).
ratelimit: added failure_mode_deny option to control traffic flow in case of rate limit service error.
ratelimit: added support for api/envoy/service/ratelimit/v2/rls.proto. Lyft’s reference implementation of the ratelimit service also supports the data-plane-api proto as of v1.1.0. Envoy can use either proto to send client requests to a ratelimit server with the use of the
use_data_plane_proto
boolean flag in the ratelimit configuration. Support for the legacy protosource/common/ratelimit/ratelimit.proto
is deprecated and will be removed at the start of the 1.9.0 release cycle.rbac config: added a principal_name field and removed the old
name
field to give more flexibility for matching certificate identity.rbac network filter: a role-based access control network filter has been added.
rest-api: added ability to set the request timeout for REST API requests.
route checker: added v2 config support and removed support for v1 configs.
router: added ability to set request/response headers at the route.Route level.
stats: added option to configure the DogStatsD metric name prefix to DogStatsdSink.
tcp_proxy: added support for weighted clusters.
thrift_proxy: introduced thrift configurable decoder filters.
thrift_proxy: introduced thrift routing, moved configuration to correct location.
tls: implemented Secret Discovery Service.
tracing: added support for configuration of tracing sampling.
upstream: added configuration option to the subset load balancer to take locality weights into account when selecting a host from a subset.
upstream: require opt-in to use the x-envoy-original-dst-host header for overriding destination address when using the Original Destination load balancing policy.
Deprecated¶
api: Use of the v1 API (including
*.deprecated_v1
fields in the v2 API) is deprecated. See envoy-announce email.clusters: Setting hosts via
hosts
field inCluster
is deprecated. Useload_assignment
instead.fault_delay: Use of the integer
percent
field in FaultDelay and in FaultAbort is deprecated in favor of the newFractionalPercent
basedpercentage
field.options: Use of the
--v2-config-only
flag.rate_limiting: Use of the legacy ratelimit.proto is deprecated, in favor of the proto defined in date-plane-api Prior to 1.8.0, Envoy can use either proto to send client requests to a ratelimit server with the use of the
use_data_plane_proto
boolean flag in the ratelimit configuration. However, when using the deprecated client a warning is logged.rbac: Use of the string
user
field inAuthenticated
in rbac.proto is deprecated in favor of the newStringMatcher
basedprincipal_name
field.routing: Use of
response_headers_to_*
andrequest_headers_to_add
are deprecated at theRouteAction
level. Please use the configuration options at theRoute
level.routing: Use of
runtime
inRouteMatch
, found in route.proto. Set theruntime_fraction
field instead.websockets: Use of both
use_websocket
andwebsocket_config
in route.proto is deprecated. Please use the newupgrade_configs
in the HttpConnectionManager instead.