forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcurrent.yaml
219 lines (213 loc) · 11.9 KB
/
current.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
date: Pending
behavior_changes:
# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
- area: build
change: |
Moved the subset, ring_hash, and maglev LB code into extensions. If you use these load balancers and override
extensions_build_config.bzl you will need to include them explicitly.
- area: build
change: |
Moved xDS code extensions. If you use the xDS and override extensions_build_config.bzl you will
need to include the new config_subscriptions explicitly.
- area: http
change: |
When ``append_x_forwarded_host`` is enabled for a given route action it is now only appended iff it is different from the last
value in the list. This resolves issues where a retry caused the same value to be appended multiple times. This
behavioral change can be temporarily reverted by setting runtime guard ``envoy_reloadable_features_append_xfh_idempotent`` to false.
minor_behavior_changes:
# *Changes that may cause incompatibilities for some users, but should not for most*
- area: connection pool
change: |
Increase granularity mapping connection pool failures to specific stream failure reasons to make it more transparent why
the stream is reset when a connection pool's connection fails.
- area: custom response
change: |
The filter now traverses matchers from most specific to least specific per filter config till a match is found for the response.
- area: http1
change: |
The HTTP1 server-side codec no longer considers encoding 1xx headers as
starting the response. This allows the codec to raise protocol errors,
sending detailed local replies instead of just closing the connection. This
behavior can be reverted by setting runtime flag
``envoy.reloadable_features.http1_allow_codec_error_response_after_1xx_headers``
to false.
- area: uhv
change: |
Preserve case of %-encoded triplets in the default header validator. This behavior can be reverted by setting runtime flag
``envoy.reloadable_features.uhv_preserve_url_encoded_case`` to false, in which case %-encoded triplets are normalized
to uppercase characters. This setting is only applicable when the Unversal Header Validator is enabled and has no effect otherwise.
- area: uhv
change: |
Allow malformed URL encoded triplets in the default header validator. This behavior can be reverted by setting runtime flag
``envoy.reloadable_features.uhv_allow_malformed_url_encoding`` to false, in which case requests with malformed URL encoded triplets
in path are rejected. This setting is only applicable when the Unversal Header Validator is enabled and has no effect otherwise.
- area: ext_proc
change: |
When :ref:`clear_route_cache <envoy_v3_api_field_service.ext_proc.v3.CommonResponse.clear_route_cache>` is set, ext_proc will check
for header mutations beforce clearing the route cache. Failures due to this check will be counted under the
clear_route_cache_ignored stat.
- area: aws
change: |
Added support for fetching credentials from the AWS credentials file, which only happens if credentials cannot be fetched
from environment variables. This behavioral change can be reverted by setting runtime guard
``envoy.reloadable_features.enable_aws_credentials_file`` to ``false``.
- area: http cookies
change: |
Changed internal format of http cookie to protobuf and added expiry timestamp. Processing expired cookie
results in selection of a new upstream host and sending a new cookie to the client. Previous format of
the cookie is still accepted, but is planned to be obsoleted in the future.
This behavior change can be reverted by setting
``envoy.reloadable_features.stateful_session_encode_ttl_in_cookie`` to ``false``.
- area: resource_monitors
change: |
Changed behavior of the fixed heap monitor to count unused mapped pages as
free memory. This change can be reverted temporarily by setting the runtime guard
``envoy.reloadable_features.count_unused_mapped_pages_as_free`` to false.
- area: ext_proc
change: |
Filter metadata containing ext proc stats has been moved from ext-proc-logging-info to a namespace corresponding
to the name of the ext_proc filter.
bug_fixes:
# *Changes expected to improve the state of the world and are unlikely to have negative effects*
- area: oauth2
change: |
The Max-Age attribute of Set-Cookie HTTP response header was being assigned a value representing Seconds Since
the Epoch, causing cookies to expire in ~53 years. This was fixed an now it is being assinged a value representing
the number of seconds until the cookie expires.
This behavioral change can be temporarily reverted by setting runtime guard
``envoy.reloadable_features.oauth_use_standard_max_age_value`` to false.
- area: tls
change: |
Fix build FIPS compliance when using both FIPS mode and Wasm extensions (``--define boringssl=fips`` and ``--define wasm=v8``).
- area: ext_authz
change: |
Fix a bug where the ext_authz filter will ignore the request body when the
:ref:`pack_as_bytes <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.BufferSettings.pack_as_bytes>` is set to true and
HTTP authorization service is configured.
- area: router
change: |
Fixed the bug that updating :ref:`scope_key_builder
<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.ScopedRoutes.scope_key_builder>`
of SRDS config doesn't work and multiple HCM share the same ``scope_key_builder``.
- area: logging
change: |
Do not display GRPC_STATUS_NUMBER for non gRPC requests.
This behavioral change can be temporarily reverted by setting runtime guard
``envoy.reloadable_features.validate_grpc_header_before_log_grpc_status`` to false.
- area: boringssl
change: |
Fixed the crash that occurs when contrib is compiled with ``boringssl=fips`` defined.
removed_config_or_runtime:
# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
- area: http
change: |
removed runtime key ``envoy.reloadable_features.closer_shadow_behavior`` and legacy code paths.
- area: http
change: |
removed runtime key ``envoy.reloadable_features.allow_upstream_filters`` and legacy code paths.
- area: quic
change: |
removed runtime key ``envoy.reloadable_features.quic_defer_send_in_response_to_packet`` and legacy code paths.
- area: upstream
change: |
removed runtime key ``envoy.reloadable_features.fix_hash_key`` and legacy code paths.
- area: logging
change: |
removed runtime key ``envoy.reloadable_features.correct_remote_address`` and legacy code paths.
- area: http
change: |
removed runtime key ``envoy.reloadable_features.http_response_half_close`` and legacy code paths.
- area: udp
change: |
removed runtime key ``envoy.reloadable_features.udp_proxy_connect`` and legacy code paths.
- area: header_formatters
change: |
removed runtime key ``envoy.reloadable_features.unified_header_formatter`` and legacy code paths.
- area: config
change: |
removed runtime key ``envoy.reloadable_features.delta_xds_subscription_state_tracking_fix`` and legacy code paths.
new_features:
- area: access_log
change: |
added %ACCESS_LOG_TYPE% substitution string, to help distinguishing between access log records and when they are being
recorded. Please refer to the access log configuration documentation for more information.
- area: access_log
change: |
added :ref:`CEL <envoy_v3_api_msg_extensions.formatter.cel.v3.Cel>` access log formatter to print CEL expression.
- area: dynamic_forward_proxy
change: |
added :ref:`sub_clusters_config
<envoy_v3_api_field_extensions.clusters.dynamic_forward_proxy.v3.ClusterConfig.sub_clusters_config>` to enable
independent sub cluster for each host:port, with STRICT_DNS cluster type.
- area: http
change: |
added Runtime feature ``envoy.reloadable_features.max_request_headers_size_kb`` to override the default value of
:ref:`max request headers size
<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.max_request_headers_kb>`.
- area: load shed point
change: |
added load shed point ``envoy.load_shed_points.http_connection_manager_decode_headers`` that rejects new http streams
by sending a local reply.
- area: load shed point
change: |
added load shed point ``envoy.load_shed_points.http1_server_abort_dispatch`` that rejects HTTP1 server processing of requests.
- area: load shed point
change: |
added load shed point ``envoy.load_shed_points.http2_server_go_away_on_dispatch`` that sends
``GOAWAY`` for HTTP2 server processing of requests. When a ``GOAWAY`` frame is submitted by
this the counter ``http2.goaway_sent`` will be incremented.
- area: matchers
change: |
Added :ref:`RuntimeFraction <envoy_v3_api_msg_extensions.matching.input_matchers.runtime_fraction.v3.RuntimeFraction>` input
matcher. It allows matching hash of the input on a runtime key.
- area: stat_sinks
change: |
Added ``envoy.stat_sinks.open_telemetry`` stats_sink, that supports flushing metrics by the OTLP protocol,
for supported Open Telemetry collectors.
- area: redis_proxy
change: |
added new configuration field :ref:`key_formatter
<envoy_v3_api_field_extensions.filters.network.redis_proxy.v3.RedisProxy.PrefixRoutes.Route.key_formatter>` to format redis key.
The field supports using %KEY% as a formatter command for substituting the redis key as part of the substitution formatter expression.
- area: ratelimit
change: |
added new configuration field :ref:`domain
<envoy_v3_api_field_extensions.filters.http.ratelimit.v3.RateLimitPerRoute.domain>` to allow for setting rate limit domains on a
per-route basis.
- area: access_log
change: |
added access log filter :ref:`log_type_filter <envoy_v3_api_field_config.accesslog.v3.AccessLogFilter.log_type_filter>`
to filter access log records based on the type of the record.
- area: ext_proc
change: |
added new configuration field
:ref:`disable_clear_route_cache <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.disable_clear_route_cache>`
to force the ext_proc filter from clearing the route cache. Failures to clear from setting this field will be counted under the
clear_route_cache_disabled stat.
- area: redis_proxy
change: |
added new field :ref:`connection_rate_limit
<envoy_v3_api_field_extensions.filters.network.redis_proxy.v3.RedisProxy.ConnPoolSettings.connection_rate_limit>`
to limit reconnection rate to redis server to avoid reconnection storm.
- area: access_log
change: |
added additional HCM access log option :ref:`flush_log_on_tunnel_successfully_established
<envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.HcmAccessLogOptions.flush_log_on_tunnel_successfully_established>`.
Enabling this option will write a log to all access loggers when HTTP tunnels (e.g. Websocket and CONNECT)
are successfully established.
- area: admin
change: |
Adds a new admin stats html bucket-mode ``detailed`` to generate all recorded buckets and summary percentiles.
- area: fault
change: |
added new field ``envoy.extensions.filters.http.fault.v3.HTTPFault.filter_metadata`` to aid in logging.
Metadata will be stored in StreamInfo dynamic metadata under a namespace corresponding to the name of the fault filter.
- area: ext_proc
change: |
added new field ``filter_metadata <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExtProc.filter_metadata`` to aid in logging.
Metadata will be stored in StreamInfo filter metadata under a namespace corresponding to the name of the ext proc filter.
deprecated:
- area: access_log
change: |
deprecated (1.25.0) :ref:`intermediate_log_entry <envoy_v3_api_field_data.accesslog.v3.AccessLogCommon.intermediate_log_entry>`
in favour of :ref:`access_log_type <envoy_v3_api_field_data.accesslog.v3.AccessLogCommon.access_log_type>`.