forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path1.10.0.yaml
236 lines (234 loc) · 11.7 KB
/
1.10.0.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
date: April 5, 2019
changes:
- area: access log
change: |
added a new flag for upstream retry count exceeded.
- area: access log
change: |
added a :ref:`gRPC filter <envoy_api_msg_config.filter.accesslog.v2.GrpcStatusFilter>` to allow filtering on gRPC status.
- area: access log
change: |
added a new flag for stream idle timeout.
- area: access log
change: |
added a new field for upstream transport failure reason in :ref:`file access logger <config_access_log_format_upstream_transport_failure_reason>` and
:ref:`gRPC access logger <envoy_api_field_data.accesslog.v2.AccessLogCommon.upstream_transport_failure_reason>` for HTTP access logs.
- area: access log
change: |
added new fields for downstream x509 information (URI sans and subject) to file and gRPC access logger.
- area: admin
change: |
the admin server can now be accessed via HTTP/2 (prior knowledge).
- area: admin
change: |
changed HTTP response status code from 400 to 405 when attempting to GET a POST-only route (such as /quitquitquit).
- area: buffer
change: |
fix vulnerabilities when allocation fails.
- area: build
change: |
releases are built with GCC-7 and linked with LLD.
- area: build
change: |
dev docker images :ref:`have been split <install_binaries>` from tagged images for easier
discoverability in Docker Hub. Additionally, we now build images for point releases.
- area: config
change: |
added support of using google.protobuf.Any in opaque configs for extensions.
- area: config
change: |
logging warnings when deprecated fields are in use.
- area: config
change: |
removed deprecated --v2-config-only from command line config.
- area: config
change: |
removed deprecated_v1 sds_config from :ref:`Bootstrap config <config_overview_v2_bootstrap>`.
- area: config
change: |
removed the deprecated_v1 config option from :ref:`ring hash <envoy_api_msg_Cluster.RingHashLbConfig>`.
- area: config
change: |
removed REST_LEGACY as a valid :ref:`ApiType <envoy_api_field_core.ApiConfigSource.api_type>`.
- area: config
change: |
finish cluster warming only when a named response i.e. ClusterLoadAssignment associated to the cluster being warmed comes in the EDS response. This is a behavioural change from the current implementation where warming of cluster completes on missing load assignments also.
- area: config
change: |
use Envoy cpuset size to set the default number or worker threads if :option:`--cpuset-threads` is enabled.
- area: config
change: |
added support for :ref:`initial_fetch_timeout <envoy_api_field_core.ConfigSource.initial_fetch_timeout>`. The timeout is disabled by default.
- area: cors
change: |
added :ref:`filter_enabled & shadow_enabled RuntimeFractionalPercent flags <cors-runtime>` to filter.
- area: csrf
change: |
added.
- area: ext_authz
change: |
added support for buffering request body.
- area: ext_authz
change: |
migrated from v2alpha to v2 and improved docs.
- area: ext_authz
change: |
added a configurable option to make the gRPC service cross-compatible with V2Alpha. Note that this feature is already deprecated. It should be used for a short time, and only when transitioning from alpha to V2 release version.
- area: ext_authz
change: |
migrated from v2alpha to v2 and improved the documentation.
- area: ext_authz
change: |
authorization request and response configuration has been separated into two distinct objects: :ref:`authorization request
<envoy_api_field_config.filter.http.ext_authz.v2.HttpService.authorization_request>` and :ref:`authorization response
<envoy_api_field_config.filter.http.ext_authz.v2.HttpService.authorization_response>`. In addition, :ref:`client headers
<envoy_api_field_config.filter.http.ext_authz.v2.AuthorizationResponse.allowed_client_headers>` and :ref:`upstream headers
<envoy_api_field_config.filter.http.ext_authz.v2.AuthorizationResponse.allowed_upstream_headers>` replaces the previous ``allowed_authorization_headers-`` object.
All the control header lists now support :ref:`string matcher <envoy_api_msg_type.matcher.StringMatcher>` instead of standard string.
- area: fault
change: |
added the :ref:`max_active_faults
<envoy_api_field_config.filter.http.fault.v2.HTTPFault.max_active_faults>` setting, as well as
:ref:`statistics <config_http_filters_fault_injection_stats>` for the number of active faults
and the number of faults the overflowed.
- area: fault
change: |
added :ref:`response rate limit
<envoy_api_field_config.filter.http.fault.v2.HTTPFault.response_rate_limit>` fault injection.
- area: fault
change: |
added :ref:`HTTP header fault configuration
<config_http_filters_fault_injection_http_header>` to the HTTP fault filter.
- area: governance
change: |
extending Envoy deprecation policy from 1 release (0-3 months) to 2 releases (3-6 months).
- area: health check
change: |
expected response codes in http health checks are now :ref:`configurable <envoy_api_msg_core.HealthCheck.HttpHealthCheck>`.
- area: http
change: |
added new grpc_http1_reverse_bridge filter for converting gRPC requests into HTTP/1.1 requests.
- area: http
change: |
fixed a bug where Content-Length:0 was added to HTTP/1 204 responses.
- area: http
change: |
added :ref:`max request headers size <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.max_request_headers_kb>`. The default behaviour is unchanged.
- area: http
change: |
added modifyDecodingBuffer/modifyEncodingBuffer to allow modifying the buffered request/response data.
- area: http
change: |
added encodeComplete/decodeComplete. These are invoked at the end of the stream, after all data has been encoded/decoded respectively. Default implementation is a no-op.
- area: outlier_detection
change: |
added support for :ref:`outlier detection event protobuf-based logging <arch_overview_outlier_detection_logging>`.
- area: mysql
change: |
added a MySQL proxy filter that is capable of parsing SQL queries over MySQL wire protocol. Refer to :ref:`MySQL proxy <config_network_filters_mysql_proxy>` for more details.
- area: performance
change: |
new buffer implementation (disabled by default; to test it, add "--use-libevent-buffers 0" to the command-line arguments when starting Envoy).
- area: jwt_authn
change: |
added :ref:`filter_state_rules <envoy_api_field_config.filter.http.jwt_authn.v2alpha.jwtauthentication.rules>` to allow specifying requirements from filterState by other filters.
- area: ratelimit
change: |
removed deprecated rate limit configuration from bootstrap.
- area: redis
change: |
added :ref:`hashtagging <envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.ConnPoolSettings.enable_hashtagging>` to guarantee a given key's upstream.
- area: redis
change: |
added :ref:`latency stats <config_network_filters_redis_proxy_per_command_stats>` for commands.
- area: redis
change: |
added :ref:`success and error stats <config_network_filters_redis_proxy_per_command_stats>` for commands.
- area: redis
change: |
migrate hash function for host selection to `MurmurHash2 <https://sites.google.com/site/murmurhash>`_ from std::hash. MurmurHash2 is compatible with std::hash in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled on Linux and not macOS.
- area: redis
change: |
added :ref:`latency_in_micros <envoy_api_field_config.filter.network.redis_proxy.v2.RedisProxy.latency_in_micros>` to specify the redis commands stats time unit in microseconds.
- area: router
change: |
added ability to configure a :ref:`retry policy <envoy_api_msg_route.RetryPolicy>` at the
virtual host level.
- area: router
change: |
added reset reason to response body when upstream reset happens. After this change, the response body will be of the form ``upstream connect error or disconnect/reset before headers. reset reason:``.
- area: router
change: |
added :ref:`rq_reset_after_downstream_response_started <config_http_filters_router_stats>` counter stat to router stats.
- area: router
change: |
added per-route configuration of :ref:`internal redirects <envoy_api_field_route.RouteAction.internal_redirect_action>`.
- area: router
change: |
removed deprecated route-action level headers_to_add/remove.
- area: router
change: |
made :ref:`max retries header <config_http_filters_router_x-envoy-max-retries>` take precedence over the number of retries in route and virtual host retry policies.
- area: router
change: |
added support for prefix wildcards in :ref:`virtual host domains <envoy_api_field_route.VirtualHost.domains>`.
- area: stats
change: |
added support for histograms in prometheus.
- area: stats
change: |
added usedonly flag to prometheus stats to only output metrics which have been
updated at least once.
- area: stats
change: |
added gauges tracking remaining resources before circuit breakers open.
- area: tap
change: |
added new alpha :ref:`HTTP tap filter <config_http_filters_tap>`.
- area: tls
change: |
enabled TLS 1.3 on the server-side (non-FIPS builds).
- area: upstream
change: |
add hash_function to specify the hash function for :ref:`ring hash <envoy_api_msg_Cluster.RingHashLbConfig>` as either xxHash or `murmurHash2 <https://sites.google.com/site/murmurhash>`_. MurmurHash2 is compatible with std::hash in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled on Linux and not macOS.
- area: upstream
change: |
added :ref:`degraded health value <arch_overview_load_balancing_degraded>` which allows
routing to certain hosts only when there are insufficient healthy hosts available.
- area: upstream
change: |
add cluster factory to allow creating and registering :ref:`custom cluster type <arch_overview_service_discovery_types_custom>`.
- area: upstream
change: |
added a :ref:`circuit breaker <arch_overview_circuit_break_cluster_maximum_connection_pools>` to limit the number of concurrent connection pools in use.
- area: tracing
change: |
added :ref:`verbose <envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.tracing>` to support logging annotations on spans.
- area: upstream
change: |
added support for host weighting and :ref:`locality weighting <arch_overview_load_balancing_locality_weighted_lb>` in the :ref:`ring hash load balancer <arch_overview_load_balancing_types_ring_hash>`, and added a :ref:`maximum_ring_size <envoy_api_field_Cluster.RingHashLbConfig.maximum_ring_size>` config parameter to strictly bound the ring size.
- area: zookeeper
change: |
added a ZooKeeper proxy filter that parses ZooKeeper messages (requests/responses/events).
Refer to :ref:`ZooKeeper proxy <config_network_filters_zookeeper_proxy>` for more details.
- area: upstream
change: |
added configuration option to select any host when the fallback policy fails.
- area: upstream
change: |
stopped incrementing upstream_rq_total for HTTP/1 conn pool when request is circuit broken.
deprecated:
- area: ext_authz
change: |
Use of ``use_alpha`` in :ref:`Ext-Authz Authorization Service <envoy_api_file_envoy/service/auth/v2/external_auth.proto>` is deprecated. It should be used for a short time, and only when transitioning from alpha to V2 release version.
- area: cors
change: |
Use of ``enabled`` in ``CorsPolicy``, found in
:ref:`route.proto <envoy_api_file_envoy/api/v2/route/route.proto>`.
Set the ``filter_enabled`` field instead.
- area: fault_delay
change: |
Use of the ``type`` field in the ``FaultDelay`` message (found in
:ref:`fault.proto <envoy_api_file_envoy/config/filter/fault/v2/fault.proto>`)
has been deprecated. It was never used and setting it has no effect. It will be removed in the
following release.