-
Notifications
You must be signed in to change notification settings - Fork 4.7k
/
1.11.0.yaml
281 lines (279 loc) · 15.1 KB
/
1.11.0.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
date: July 11, 2019
changes:
- area: access log
change: |
added a new field for downstream TLS session ID to file and gRPC access logger.
- area: access log
change: |
added a new field for route name to file and gRPC access logger.
- area: access log
change: |
added a new field for response code details in :ref:`file access logger <config_access_log_format_response_code_details>` and :ref:`gRPC access logger <envoy_api_field_data.accesslog.v2.HTTPResponseProperties.response_code_details>`.
- area: access log
change: |
added several new variables for exposing information about the downstream TLS connection to :ref:`file access logger <config_access_log_format_response_code_details>` and :ref:`gRPC access logger <envoy_api_field_data.accesslog.v2.AccessLogCommon.tls_properties>`.
- area: access log
change: |
added a new flag for request rejected due to failed strict header check.
- area: admin
change: |
the administration interface now includes a :ref:`/ready endpoint <operations_admin_interface>` for easier readiness checks.
- area: admin
change: |
extend :ref:`/runtime_modify endpoint <operations_admin_interface_runtime_modify>` to support parameters within the request body.
- area: admin
change: |
the :ref:`/listener endpoint <operations_admin_interface_listeners>` now returns :ref:`listeners.proto <envoy_api_msg_admin.v2alpha.Listeners>` which includes listener names and ports.
- area: admin
change: |
added host priority to :http:get:`/clusters` and :http:get:`/clusters?format=json` endpoint response.
- area: admin
change: |
the :ref:`/clusters endpoint <operations_admin_interface_clusters>` now shows hostname
for each host, useful for DNS based clusters.
- area: api
change: |
track and report requests issued since last load report.
- area: build
change: |
releases are built with Clang and linked with LLD.
- area: config
change: |
added :ref:`stats_server_version_override <envoy_api_field_config.bootstrap.v2.bootstrap.stats_config>` in bootstrap, that can be used to override :ref:`server.version statistic <statistics>`.
- area: control-plane
change: |
management servers can respond with HTTP 304 to indicate that config is up to date for Envoy proxies polling a :ref:`REST API Config Type <envoy_api_field_core.ApiConfigSource.api_type>`.
- area: csrf
change: |
added support for allowlisting additional source origins.
- area: dns
change: |
added support for getting DNS record TTL which is used by STRICT_DNS/LOGICAL_DNS cluster as DNS refresh rate.
- area: dubbo_proxy
change: |
support the :ref:`dubbo proxy filter <config_network_filters_dubbo_proxy>`.
- area: dynamo_request_parser
change: |
adding support for transactions. Adds check for new types of dynamodb operations (TransactWriteItems, TransactGetItems) and awareness for new types of dynamodb errors (IdempotentParameterMismatchException, TransactionCanceledException, TransactionInProgressException).
- area: eds
change: |
added support to specify max time for which endpoints can be used :ref:`gRPC filter <envoy_api_msg_ClusterLoadAssignment.Policy>`.
- area: eds
change: |
removed max limit for ``load_balancing_weight``.
- area: event
change: |
added :ref:`loop duration and poll delay statistics <operations_performance>`.
- area: ext_authz
change: |
added a ``x-envoy-auth-partial-body`` metadata header set to ``false|true`` indicating if there is a partial body sent in the authorization request message.
- area: ext_authz
change: |
added configurable status code that allows customizing HTTP responses on filter check status errors.
- area: ext_authz
change: |
added option to ``ext_authz`` that allows the filter clearing route cache.
- area: grpc-json
change: |
added support for :ref:`auto mapping
<envoy_api_field_config.filter.http.transcoder.v2.GrpcJsonTranscoder.auto_mapping>`.
- area: health check
change: |
added :ref:`initial jitter <envoy_api_field_core.HealthCheck.initial_jitter>` to add jitter to the first health check in order to prevent thundering herd on Envoy startup.
- area: hot restart
change: |
stats are no longer shared between hot restart parent/child via shared memory, but rather by RPC. Hot restart version incremented to 11.
- area: http
change: |
added the ability to pass a URL encoded PEM encoded peer certificate chain in the
:ref:`config_http_conn_man_headers_x-forwarded-client-cert` header.
- area: http
change: |
fixed a bug where large unbufferable responses were not tracked in stats and logs correctly.
- area: http
change: |
fixed a crashing bug where gRPC local replies would cause segfaults when upstream access logging was on.
- area: http
change: |
mitigated a race condition with the :ref:`delayed_close_timeout <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.delayed_close_timeout>` where it could trigger while actively flushing a pending write buffer for a downstream connection.
- area: http
change: |
added support for :ref:`preserve_external_request_id <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.preserve_external_request_id>` that represents whether the x-request-id should not be reset on edge entry inside mesh.
- area: http
change: |
changed ``sendLocalReply`` to send percent-encoded ``GrpcMessage``.
- area: http
change: |
added a :ref:`header_prefix <envoy_api_field_config.bootstrap.v2.Bootstrap.header_prefix>` configuration option to allow Envoy to send and process x-custom- prefixed headers rather than x-envoy.
- area: http
change: |
added :ref:`dynamic forward proxy <arch_overview_http_dynamic_forward_proxy>` support.
- area: http
change: |
tracking the active stream and dumping state in Envoy crash handlers. This can be disabled by building with ``--define disable_object_dump_on_signal_trace=disabled``.
- area: jwt_authn
change: |
make filter's parsing of JWT more flexible, allowing syntax like ``jwt=eyJhbGciOiJS...ZFnFIw,extra=7,realm=123``.
- area: listener
change: |
added :ref:`source IP <envoy_api_field_listener.FilterChainMatch.source_prefix_ranges>`
and :ref:`source port <envoy_api_field_listener.FilterChainMatch.source_ports>` filter
chain matching.
- area: lua
change: |
exposed functions to Lua to verify digital signature.
- area: original_src filter
change: |
added the :ref:`filter <config_http_filters_original_src>`.
- area: outlier_detector
change: |
added configuration :ref:`outlier_detection.split_external_local_origin_errors <envoy_api_field_cluster.OutlierDetection.split_external_local_origin_errors>` to distinguish locally and externally generated errors. See :ref:`arch_overview_outlier_detection` for full details.
- area: rbac
change: |
migrated from v2alpha to v2.
- area: redis
change: |
add support for Redis cluster custom cluster type.
- area: redis
change: |
automatically route commands using cluster slots for Redis cluster.
- area: redis
change: |
added :ref:`prefix routing <envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.prefix_routes>` to enable routing commands based on their key's prefix to different upstream.
- area: redis
change: |
added :ref:`request mirror policy <envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.PrefixRoutes.Route.request_mirror_policy>` to enable shadow traffic and/or dual writes.
- area: redis
change: |
add support for zpopmax and zpopmin commands.
- area: redis
change: |
added
:ref:`max_buffer_size_before_flush <envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.ConnPoolSettings.max_buffer_size_before_flush>` to batch commands together until the encoder buffer hits a certain size, and
:ref:`buffer_flush_timeout <envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.ConnPoolSettings.buffer_flush_timeout>` to control how quickly the buffer is flushed if it is not full.
- area: redis
change: |
added auth support :ref:`downstream_auth_password <envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.downstream_auth_password>` for downstream client authentication, and :ref:`auth_password <envoy_api_field_config.filter.network.redis_proxy.v2.RedisProtocolOptions.auth_password>` to configure authentication passwords for upstream server clusters.
- area: retry
change: |
added a retry predicate that :ref:`rejects canary hosts. <envoy_api_field_route.RetryPolicy.retry_host_predicate>`.
- area: router
change: |
add support for configuring a :ref:`gRPC timeout offset <envoy_api_field_route.RouteAction.grpc_timeout_offset>` on incoming requests.
- area: router
change: |
added ability to control retry back-off intervals via :ref:`retry policy <envoy_api_msg_route.RetryPolicy.RetryBackOff>`.
- area: router
change: |
added ability to issue a hedged retry in response to a per try timeout via a :ref:`hedge policy <envoy_api_msg_route.HedgePolicy>`.
- area: router
change: |
added a route name field to each http route in route.Route list.
- area: router
change: |
added several new variables for exposing information about the downstream TLS connection via :ref:`header
formatters <config_http_conn_man_headers_custom_request_headers>`.
- area: router
change: |
per try timeouts will no longer start before the downstream request has been received in full by the router.This ensures that the per try timeout does not account for slow downstreams and that will not start before the global timeout.
- area: router
change: |
added :ref:`RouteAction's auto_host_rewrite_header <envoy_api_field_route.RouteAction.auto_host_rewrite_header>` to allow upstream host header substitution with some other header's value.
- area: router
change: |
added support for UPSTREAM_REMOTE_ADDRESS :ref:`header formatter
<config_http_conn_man_headers_custom_request_headers>`.
- area: router
change: |
add ability to reject a request that includes invalid values for
headers configured in :ref:`strict_check_headers <envoy_api_field_config.filter.http.router.v2.Router.strict_check_headers>`.
- area: runtime
change: |
added support for :ref:`flexible layering configuration
<envoy_api_field_config.bootstrap.v2.Bootstrap.layered_runtime>`.
- area: runtime
change: |
added support for statically :ref:`specifying the runtime in the bootstrap configuration
<envoy_api_field_config.bootstrap.v2.Runtime.base>`.
- area: runtime
change: |
:ref:`Runtime Discovery Service (RTDS) <config_runtime_rtds>` support added to layered runtime configuration.
- area: sandbox
change: |
added :ref:`CSRF sandbox <install_sandboxes_csrf>`.
- area: server
change: |
``--define manual_stamp=manual_stamp`` was added to allow server stamping outside of binary rules.
more info in the `bazel docs <https://github.com/envoyproxy/envoy/blob/main/bazel/README.md#enabling-optional-features>`_.
- area: server
change: |
added :ref:`server state <statistics>` statistic.
- area: server
change: |
added :ref:`initialization_time_ms <statistics>` statistic.
- area: subset
change: |
added :ref:`list_as_any <envoy_api_field_Cluster.LbSubsetConfig.list_as_any>` option to
the subset lb which allows matching metadata against any of the values in a list value
on the endpoints.
- area: tools
change: |
added `proto <https://github.com/envoyproxy/envoy/blob/v1.11.0/test/tools/router_check/validation.proto>`_ support for :ref:`router check tool <install_tools_route_table_check_tool>` tests.
- area: tracing
change: |
add trace sampling configuration to the route, to override the route level.
- area: upstream
change: |
added :ref:`upstream_cx_pool_overflow <config_cluster_manager_cluster_stats>` for the connection pool circuit breaker.
- area: upstream
change: |
an EDS management server can now force removal of a host that is still passing active
health checking by first marking the host as failed via EDS health check and subsequently removing
it in a future update. This is a mechanism to work around a race condition in which an EDS
implementation may remove a host before it has stopped passing active HC, thus causing the host
to become stranded until a future update.
- area: upstream
change: |
added :ref:`an option <envoy_api_field_Cluster.CommonLbConfig.ignore_new_hosts_until_first_hc>`
that allows ignoring new hosts for the purpose of load balancing calculations until they have
been health checked for the first time.
- area: upstream
change: |
added runtime error checking to prevent setting dns type to STRICT_DNS or LOGICAL_DNS when custom resolver name is specified.
- area: upstream
change: |
added possibility to override fallback_policy per specific selector in :ref:`subset load balancer <arch_overview_load_balancer_subsets>`.
- area: upstream
change: |
the :ref:`logical DNS cluster <arch_overview_service_discovery_types_logical_dns>` now
displays the current resolved IP address in admin output instead of 0.0.0.0.
deprecated:
- area: options
change: |
The --max-stats and --max-obj-name-len flags no longer has any effect.
- area: redis
change: |
Use of :ref:`cluster <envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.cluster>` in :ref:`redis_proxy.proto <envoy_api_file_envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto>` is deprecated. Set a :ref:`catch_all_route <envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.PrefixRoutes.catch_all_route>` instead.
- area: redis
change: |
Use of :ref:`catch_all_cluster <envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.PrefixRoutes.catch_all_cluster>` in :ref:`redis_proxy.proto <envoy_api_file_envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto>` is deprecated. Set a :ref:`catch_all_route <envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.PrefixRoutes.catch_all_route>` instead.
- area: router_check_tool
change: |
Use of json based schema in router check tool tests. The tests should follow validation `schema <https://github.com/envoyproxy/envoy/blob/v1.11.0/test/tools/router_check/validation.proto>`_.
- area: listener
change: |
Use of the v1 style route configuration for the :ref:`TCP proxy filter <config_network_filters_tcp_proxy>`
is now fully replaced with listener :ref:`filter chain matching <envoy_api_msg_listener.FilterChainMatch>`.
Use this instead.
- area: config
change: |
Use of :ref:`runtime <envoy_api_field_config.bootstrap.v2.Bootstrap.runtime>` in :ref:`Bootstrap
<envoy_api_msg_config.bootstrap.v2.Bootstrap>`. Use :ref:`layered_runtime
<envoy_api_field_config.bootstrap.v2.Bootstrap.layered_runtime>` instead.
- area: config
change: |
Specifying "deprecated_v1: true" in HTTP and network filter configuration to allow loading JSON
configuration is now deprecated and will be removed in a following release. Update any custom
filters to use protobuf configuration. A struct can be used for a mostly 1:1 conversion if needed.
The ``envoy.deprecated_features.v1_filter_json_config`` runtime key can be used to temporarily
enable this feature once the deprecation becomes fail by default.