This repository has been archived by the owner on Nov 20, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathcurrent.yaml
230 lines (224 loc) · 12.2 KB
/
current.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
date: Pending
behavior_changes:
# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
- area: http
change: |
Remove the hop by hop TE header from downstream request headers if it's not set to ``trailers``, else keep it. This change can be
temporarily reverted by setting ``envoy.reloadable_features.sanitize_te`` to false.
- area: stats
change: |
The runtime flag ``envoy.reloadable_features.enable_include_histograms`` is now enabled by default.
This causes the ``includeHistogram()`` method on ``Stats::SinkPredicates`` to filter histograms to
be flushed to stat sinks.
minor_behavior_changes:
# *Changes that may cause incompatibilities for some users, but should not for most*
- area: adaptive concurrency filter stats
change: |
Multiply the gradient value stat by 1000 to make it more granular (values will range between 500 and 2000).
- area: quic
change: |
:ref:`Server preferred address <envoy_v3_api_field_config.listener.v3.QuicProtocolOptions.server_preferred_address_config>` is
now sent to non-quiche quic clients when configured. This behavior can be disabled with runtime flag
``envoy.reloadable_features.quic_send_server_preferred_address_to_all_clients``.
- area: dns
change: |
Allowing <envoy_v3_api_field_extensions.common.dynamic_forward_proxy.v3.DnsCacheConfig.dns_min_refresh_rate>` to go as low as 1s.
- area: upstream
change: |
Upstream now excludes hosts set to ``DRAINING`` state via EDS from load balancing and panic routing
threshold calculation. This feature can be disabled by setting
``envoy.reloadable_features.exclude_host_in_eds_status_draining`` to false.
- area: golang
change: |
Change ``RegisterHttpFilterConfigFactoryAndParser`` to ``RegisterHttpFilterFactoryAndConfigParser``.
- area: QUIC
change: |
Port migration is default turned off. QUIC client connections will no longer attempt to migrate to a new port when connections
is degrading. Can be manually turned on via
:ref:`port_migration <envoy_v3_api_field_config.core.v3.QuicProtocolOptions.num_timeouts_to_trigger_port_migration>`.
- area: aws
change: |
AWS region string is now retrieved from environment and profile consistently within aws_request_signer and
grpc_credentials/aws_iam extensions. Region field in aws_request_signer is now optional, explicitly configured
xDS region will take preference. aws_request_signer documentation now reflects the region chain.
- area: http
change: |
Enable obsolete line folding in BalsaParser (for behavior parity with http-parser, the
previously used HTTP/1 parser).
bug_fixes:
# *Changes expected to improve the state of the world and are unlikely to have negative effects*
- area: tracers
change: |
use unary RPC calls for OpenTelemetry trace exports, rather than client-side streaming connections.
- area: stateful_session
change: |
Support 0 TTL for proto-encoded cookies, which disables cookie expiration by Envoy.
- area: load balancing
change: |
Added randomization in locality load-balancing initialization. This helps desynchronizing Envoys across
a fleet by randomizing the scheduler starting point. This can be temporarily reverted by setting runtime guard
``envoy.reloadable_features.edf_lb_locality_scheduler_init_fix`` to false.
- area: load balancing
change: |
Added randomization in host load-balancing initialization. This helps desynchronizing Envoys across
a fleet by randomizing the scheduler starting point. This can be temporarily reverted by setting runtime guard
``envoy.reloadable_features.edf_lb_host_scheduler_init_fix`` to false.
- area: UDP and TCP tunneling
change: |
fixed a bug where second HTTP response headers received would cause Envoy to crash in cases where
``propagate_response_headers`` and retry configurations are enabled at the same time, and an upstream
request is retried multiple times.
- area: xds
change: |
Reject xDS configurations where the rate-limit's :ref:`fill_rate <envoy_v3_api_field_config.core.v3.RateLimitSettings.fill_rate>`
is set to Infinity or NaN.
- area: tracing
change: |
Prevent Envoy from crashing at start up when the OpenTelemetry environment resource detector cannot detect any attributes.
- area: proxy protocol
change: |
Fixed a crash when Envoy is configured for PROXY protocol on both a listener and cluster, and the listener receives
a PROXY protocol header with address type LOCAL (typically used for health checks).
- area: url matching
change: |
Fixed excessive CPU utilization when using regex URL template matcher.
- area: http
change: |
Fixed crash when HTTP request idle and per try timeouts occurs within backoff interval.
- area: proxy_protocol
change: |
Fix crash due to uncaught exception when the operating system does not support an address type (such as IPv6) that is
received in a proxy protocol header. Connections will instead be dropped/reset.
- area: proxy_protocol
change: |
Fixed a bug where TLVs with non utf8 characters were inserted as protobuf values into filter metadata circumventing
ext_authz checks when ``failure_mode_allow`` is set to ``true``.
- area: tls
change: |
Fix crash due to uncaught exception when the operating system does not support an address type (such as IPv6) that is
received in an mTLS client cert IP SAN. These SANs will be ignored. This applies only when using formatter
``%DOWNSTREAM_PEER_IP_SAN%``.
- area: tcp_proxy
change: |
When tunneling TCP over HTTP, closed the downstream connection (for writing only) when upstream trailers are read
to support half close semantics during TCP tunneling.
This behavioral change can be temporarily reverted by setting runtime guard
``envoy.reloadable_features.tcp_tunneling_send_downstream_fin_on_upstream_trailers`` to false.
- area: jwt_authn
change: |
Fixed JWT extractor, which concatenated headers with a comma, resultig in invalid tokens.
- area: router
change: |
Fix a timing issue when upstream requests are empty when decoding data and send local reply when that happends. This is
controlled by ``envoy_reloadable_features_send_local_reply_when_no_buffer_and_upstream_request``.
- area: deps
change: |
Updated QUICHE dependencies to incorporate fixes for https://github.com/envoyproxy/envoy/issues/32401.
- area: tracing
change: |
Dynatrace resource detector: Only log warning message when no enrichment attributes are found.
removed_config_or_runtime:
# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
- area: http
change: |
Removed ``envoy.reloadable_features.allow_absolute_url_with_mixed_scheme`` runtime flag and legacy code paths.
- area: active health check
change: |
Removed ``envoy.reloadable_features.keep_endpoint_active_hc_status_on_locality_update`` runtime flag and legacy code paths.
- area: http1
change: |
Removed ``envoy.reloadable_features.http1_allow_codec_error_response_after_1xx_headers`` runtime flag and legacy code paths.
- area: overload manager
change: |
removed ``envoy.reloadable_features.overload_manager_error_unknown_action`` and legacy code paths.
- area: http
change: |
Removed ``envoy_reloadable_features_append_xfh_idempotent`` runtime flag and legacy code paths.
- area: resource_monitors
change: |
removed ``envoy.reloadable_features.count_unused_mapped_pages_as_free`` runtime flag and legacy code paths.
- area: aws
change: |
Removed ``envoy.reloadable_features.enable_aws_credentials_file`` runtime flag and legacy code paths.
- area: upstream
change: |
removed ``envoy_reloadable_features_initialize_upstream_filters`` and legacy code paths.
new_features:
- area: aws_request_signing
change: |
Update ``aws_request_signing`` filter to support use as an upstream HTTP filter. This allows successful calculation of
signatures after the forwarding stage has completed, particularly if the path element is modified.
- area: aws_lambda
change: |
Update ``aws_lambda`` filter to support use as an upstream HTTP filter. This allows successful calculation of
signatures after the forwarding stage has completed, particularly if the path element is modified.
- area: grpc reverse bridge
change: |
Change HTTP status to 200 to respect the gRPC protocol. This may cause problems for incorrect gRPC clients expecting the filter
to preserve HTTP 1.1 responses. This behavioral change can be temporarily reverted by setting runtime guard
``envoy.reloadable_features.grpc_http1_reverse_bridge_change_http_status`` to false.
- area: quic
change: |
Added QUIC protocol option :ref:`send_disable_active_migration
<envoy_v3_api_field_config.listener.v3.QuicProtocolOptions.send_disable_active_migration>` to make the server send clients a transport
parameter to discourage client endpoints from active migration.
- area: ext_proc
change: |
implemented
:ref:`request_attributes <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.request_attributes>`
and
:ref:`response_attributes <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.response_attributes>`
config APIs to enable sending and receiving attributes to/from the external processing server.
- area: access log
change: |
added support for :ref:`%UPSTREAM_CONNECTION_ID% <config_access_log_format_upstream_connection_id>` for the upstream connection
identifier.
- area: aws_lambda
change: |
Added :ref:`host_rewrite <envoy_v3_api_field_extensions.filters.http.aws_lambda.v3.Config.host_rewrite>` config to be used
during signature.
- area: ext_proc
change: |
added
:ref:`metadata_options <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.metadata_options>`
config API to enable sending and receiving metadata from/to the external processing server. Both typed and untyped dynamic
metadata may be sent to the server. If
:ref:`receiving_namespaces <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.MetadataOptions.receiving_namespaces>`
is defined, returned metadata may be written to the specified allowed namespaces.
- area: wasm
change: |
added ``verify_signature`` foreign function to verify cryptographic signatures.
- area: monitoring
change: |
Add ``Envoy::ExecutionContext``, which is notified by ``ScopeTrackerScopeState``'s constructor and destructor. This feature is
disabled by default, it can be enabled by runtime feature flag ``envoy.restart_features.enable_execution_context``. For more details,
please see https://github.com/envoyproxy/envoy/issues/32012.
- area: rbac
change: |
Added :ref:`uri_template<envoy_v3_api_field_config.rbac.v3.Permission.uri_template>` which uses existing
:ref:`UriTemplateMatchConfig<envoy_v3_api_msg_extensions.path.match.uri_template.v3.UriTemplateMatchConfig>`
to allow use of glob patterns for URI path matching in RBAC.
- area: upstream
change: |
Added :ref:`selection_method <envoy_v3_api_msg_extensions.load_balancing_policies.least_request.v3.LeastRequest>`
option to the least request load balancer. If set to ``FULL_SCAN``,
Envoy will select the host with the fewest active requests from the entire host set rather than
:ref:`choice_count <envoy_v3_api_msg_extensions.load_balancing_policies.least_request.v3.LeastRequest>`
random choices.
- area: access_loggers
change: |
Added :ref:`Fluentd access logger <envoy_v3_api_msg_extensions.access_loggers.fluentd.v3.FluentdAccessLogConfig>`
to support flushing access logs in `Fluentd format <https://github.com/fluent/fluentd/wiki/Forward-Protocol-Specification-v1>`_.
- area: redis
change: |
Added support for the ``ECHO`` command.
- area: tcp_proxy
change: |
added an option to dynamically set a per downstream connection idle timeout period object under the key
``envoy.tcp_proxy.per_connection_idle_timeout_ms``. If this filter state value exists, it will override the idle timeout
specified in the filter configuration and the default idle timeout.
deprecated:
- area: listener
change: |
deprecated runtime key ``overload.global_downstream_max_connections`` in favor of :ref:`downstream connections monitor
<envoy_v3_api_msg_extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig>`.