forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcurrent.yaml
165 lines (159 loc) · 8.93 KB
/
current.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
date: Pending
behavior_changes:
# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
- area: http
change: |
Flip runtime flag ``envoy.reloadable_features.no_downgrade_to_canonical_name`` to true. Name downgrading in the
per filter config searching will be disabled by default. This behavior can be temporarily reverted by setting
the flag to false explicitly.
See doc :ref:`Http filter route specific config <arch_overview_http_filters_per_filter_config>` or
issue https://github.com/envoyproxy/envoy/issues/29461 for more specific detail and examples.
- area: listener
change: |
undeprecated runtime key ``overload.global_downstream_max_connections`` until :ref:`downstream connections monitor
<envoy_v3_api_msg_extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig>` extension becomes stable.
- area: stats dns_filter
change: |
Fixed tag extraction so that :ref:`stat_prefix <envoy_v3_api_msg_extensions.filters.udp.dns_filter.v3.DnsFilterConfig>`
is properly extracted. This changes the Prometheus name from
dns_filter_myprefix_local_a_record_answers{} to dns_filter_local_a_record_answers{envoy.dns_filter_prefix="myprefix"}.
minor_behavior_changes:
# *Changes that may cause incompatibilities for some users, but should not for most*
- area: aws
change: |
uses http async client to fetch the credentials from EC2 instance metadata and ECS task metadata providers instead of libcurl
which is deprecated. To revert this behavior set ``envoy.reloadable_features.use_libcurl_to_fetch_aws_credentials`` to true.
- area: upstream
change: |
Fixed a reported issue (https://github.com/envoyproxy/envoy/issues/11004) that causes the Least
Request load balancer policy to be unfair when the number of hosts are very small, when the number
of hosts is smaller than the choice_count, instead of randomly selection hosts from the list, we
perform a full scan on it to choose the host with least requests.
- area: local_rate_limit
change: |
Added new configuration field :ref:`rate_limited_as_resource_exhausted
<envoy_v3_api_field_extensions.filters.http.local_ratelimit.v3.LocalRateLimit.rate_limited_as_resource_exhausted>`
to allow for setting if rate limit grpc response should be RESOURCE_EXHAUSTED instead of the default UNAVAILABLE.
- area: http2
change: |
Flip the runtime guard ``envoy.reloadable_features.defer_processing_backedup_streams`` to be on by default.
This feature improves flow control within the proxy by deferring work on the receiving end if the other
end is backed up.
bug_fixes:
# *Changes expected to improve the state of the world and are unlikely to have negative effects*
- area: xds
change: |
Fixed a bug (https://github.com/envoyproxy/envoy/issues/27702) that caused ADS initialization
to fail on the first attempt and set a back-off retry interval of up to 1 second, if ADS is
using an Envoy Cluster for the backend. The issue was fixed to ensure that ADS initialization
happens after the Envoy Cluster it depends upon has been properly initialized. ADS that does
not depend on an Envoy Cluster (i.e. GoogleGrpc) is not affected by this change.
- area: grpc
change: |
Fixed a bug in gRPC async client cache which intermittently causes CPU spikes due to busy loop in timer expiration.
- area: quic
change: |
Fixed a bug in QUIC and HCM interaction which could cause use-after-free during asynchronous certificates retrieval.
The fix is guarded by runtime ``envoy.reloadable_features.quic_fix_filter_manager_uaf``.
- area: redis
change: |
Fixed a bug causing crash if incoming redis key does not match against a prefix_route and catch_all_route is not defined.
- area: ext_proc
change: |
Fixed content_length related issues when body mutation by external processor is enabled. ext_proc filter removes the content
length header in 1)STREAMED BodySendMode 2) BUFFERED_PARTIAL BodySendMode and 3) BUFFERED BodySendMode + SKIP HeaderSendMode.
This will enable chunked-encoding whenever feasible in HTTP1.1. Besides, ext_proc filter keep content length header
in BUFFERED BodySendMode + SEND HeaderSendMode. It is now external processor's responsibility to set the content length
correctly matched to the mutated body. if those two doesn't match, the mutation will be rejected and local reply with error
status will be returned.
removed_config_or_runtime:
# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
- area: http
change: |
Removed ``envoy.reloadable_features.expand_agnostic_stream_lifetime`` and legacy code paths.
- area: http
change: |
removed ``envoy.reloadable_features.correctly_validate_alpn`` and legacy code paths.
- area: maglev
change: |
Removed ``envoy.reloadable_features.allow_compact_maglev`` and legacy code paths.
- area: router
change: |
Removed the deprecated ``envoy.reloadable_features.prohibit_route_refresh_after_response_headers_sent``
runtime flag and legacy code path.
- area: upstream
change: |
Removed the deprecated ``envoy.reloadable_features.validate_detailed_override_host_statuses``
runtime flag and legacy code path.
- area: grpc
change: |
Removed the deprecated ``envoy.reloadable_features.service_sanitize_non_utf8_strings``
runtime flag and legacy code path.
- area: access log
change: |
Removed the deprecated ``envoy.reloadable_features.format_ports_as_numbers``
runtime flag and legacy code path.
new_features:
- area: filters
change: |
Added :ref:`the Basic Auth filter <envoy_v3_api_msg_extensions.filters.http.basic_auth.v3.BasicAuth>`, which can be used to
authenticate user credentials in the HTTP Authentication heaer defined in `RFC7617 <https://tools.ietf.org/html/rfc7617>`_.
- area: upstream
change: |
Added :ref:`enable_full_scan <envoy_v3_api_msg_extensions.load_balancing_policies.least_request.v3.LeastRequest>`
option to the least requested load balancer. If set to true, Envoy will perform a full scan on the list of hosts
instead of using :ref:`choice_count
<envoy_v3_api_msg_extensions.load_balancing_policies.least_request.v3.LeastRequest>`
to select the hosts.
- area: stats
change: |
added :ref:`per_endpoint_stats <envoy_v3_api_field_config.cluster.v3.TrackClusterStats.per_endpoint_stats>` to get some metrics
for each endpoint in a cluster.
- area: jwt
change: |
The jwt filter can now serialize non-primitive custom claims when maping claims to headers.
These claims will be serialized as JSON and encoded as Base64.
- area: tcp_proxy
change: |
added support to TCP Proxy for recording the latency in ``UpstreamTiming`` from when the first
initial connection to the upstream cluster was attempted to when either the
connection was successfully established or the filiter failed to initialize
any connection to the upstream.
- area: ratelimit
change: |
Ratelimit supports setting the HTTP status that is returned to the client when the ratelimit server
returns an error or cannot be reached with :ref:`status_on_error
<envoy_v3_api_field_extensions.filters.http.ratelimit.v3.RateLimit.status_on_error>`
configuration flag.
- area: tracing
change: |
Added support for configuring resource detectors on the OpenTelemetry tracer.
- area: tracing
change: |
Added support to configure a sampler for the OpenTelemetry tracer.
- area: ext_authz
change: |
New config parameter :ref:`charge_cluster_response_stats
<envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.charge_cluster_response_stats>`
for not incrementing cluster statistics on ext_authz response. Default true, no behavior change.
- area: ext_authz
change: |
forward :ref:`filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.filter_metadata>` selected by
:ref:`route_metadata_context_namespaces
<envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.route_metadata_context_namespaces>`
and :ref:`typed_filter_metadata <envoy_v3_api_field_config.core.v3.Metadata.typed_filter_metadata>` selected by
:ref:`route_typed_metadata_context_namespaces
<envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.route_typed_metadata_context_namespaces>`
from the metadata of the selected route to external auth service.
This metadata propagation is independent from the dynamic metadata from connection and request.
- area: ext_authz_filter
change: |
added :ref:`with_request_body
<envoy_v3_api_field_extensions.filters.http.ext_authz.v3.CheckSettings.with_request_body>` to optionally override
the default behavior of sending the request body to the authorization server from the per-route filter.
- area: ratelimit
change: |
Ratelimit supports optional additional prefix to use when emitting statistics with :ref:`stat_prefix
<envoy_v3_api_field_extensions.filters.http.ratelimit.v3.RateLimit.stat_prefix>`
configuration flag.
deprecated: