forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path1.7.0.yaml
334 lines (331 loc) · 14.5 KB
/
1.7.0.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
date: June 21, 2018
changes:
- area: access log
change: |
added ability to log response trailers.
- area: access log
change: |
added ability to format START_TIME.
- area: access log
change: |
added ``DYNAMIC_METADATA`` :ref:`access log formatter <config_access_log_format>`.
- area: access log
change: |
added :ref:`HeaderFilter <envoy_api_msg_config.filter.accesslog.v2.HeaderFilter>`
to filter logs based on request headers.
- area: access log
change: |
added ``%([1-9])?f`` as one of ``START_TIME`` specifiers to render subseconds.
- area: access log
change: |
gRPC Access Log Service (ALS) support added for :ref:`HTTP access logs
<envoy_api_msg_config.accesslog.v2.HttpGrpcAccessLogConfig>`.
- area: access log
change: |
improved WebSocket logging.
- area: admin
change: |
added :http:get:`/config_dump` for dumping the current configuration and associated xDS
version information (if applicable).
- area: admin
change: |
added :http:get:`/clusters?format=json` for outputing a JSON-serialized proto detailing
the current status of all clusters.
- area: admin
change: |
added :http:get:`/stats/prometheus` as an alternative endpoint for getting stats in prometheus format.
- area: admin
change: |
added :ref:`/runtime_modify endpoint <operations_admin_interface_runtime_modify>` to add or change runtime values.
- area: admin
change: |
mutations must be sent as POSTs, rather than GETs. Mutations include:
:http:post:`/cpuprofiler`, :http:post:`/healthcheck/fail`, :http:post:`/healthcheck/ok`,
:http:post:`/logging`, :http:post:`/quitquitquit`, :http:post:`/reset_counters`,
:http:post:`/runtime_modify?key1=value1&key2=value2&keyN=valueN`.
- area: admin
change: |
removed ``/routes`` endpoint; route configs can now be found at the :ref:`/config_dump endpoint <operations_admin_interface_config_dump>`.
- area: buffer filter
change: |
the buffer filter can be optionally
:ref:`disabled <envoy_api_field_config.filter.http.buffer.v2.BufferPerRoute.disabled>` or
:ref:`overridden <envoy_api_field_config.filter.http.buffer.v2.BufferPerRoute.buffer>` with
route-local configuration.
- area: cli
change: |
added ``--config-yaml`` flag to the Envoy binary. When set its value is interpreted as a yaml
representation of the bootstrap config and overrides ``--config-path``.
- area: cluster
change: |
added :ref:`option <envoy_api_field_Cluster.close_connections_on_host_health_failure>`
to close ``tcp_proxy`` upstream connections when health checks fail.
- area: cluster
change: |
added :ref:`option <envoy_api_field_Cluster.drain_connections_on_host_removal>` to drain
connections from hosts after they are removed from service discovery, regardless of health status.
- area: cluster
change: |
fixed bug preventing the deletion of all endpoints in a priority.
- area: debug
change: |
added symbolized stack traces (where supported).
- area: ext-authz filter
change: |
added support to raw HTTP authorization.
- area: ext-authz filter
change: |
added support to gRPC responses to carry HTTP attributes.
- area: grpc
change: |
support added for the full set of :ref:`Google gRPC call credentials
<envoy_api_msg_core.GrpcService.GoogleGrpc.CallCredentials>`.
- area: gzip filter
change: |
added :ref:`stats <gzip-statistics>` to the filter.
- area: gzip filter
change: |
sending ``accept-encoding`` header as ``identity`` no longer compresses the payload.
- area: health check
change: |
added ability to set :ref:`additional HTTP headers
<envoy_api_field_core.HealthCheck.HttpHealthCheck.request_headers_to_add>` for HTTP health check.
- area: health check
change: |
added support for EDS delivered :ref:`endpoint health status
<envoy_api_field_endpoint.LbEndpoint.health_status>`.
- area: health check
change: |
added interval overrides for health state transitions from :ref:`healthy to unhealthy
<envoy_api_field_core.HealthCheck.unhealthy_edge_interval>`, :ref:`unhealthy to healthy
<envoy_api_field_core.HealthCheck.healthy_edge_interval>` and for subsequent checks on
:ref:`unhealthy hosts <envoy_api_field_core.HealthCheck.unhealthy_interval>`.
- area: health check
change: |
added support for :ref:`custom health check <envoy_api_field_core.HealthCheck.custom_health_check>`.
- area: health check
change: |
health check connections can now be configured to use http/2.
- area: health check http filter
change: |
added
:ref:`generic header matching <envoy_api_field_config.filter.http.health_check.v2.HealthCheck.headers>`
to trigger health check response. Deprecated the endpoint option.
- area: http
change: |
filters can now optionally support
:ref:`virtual host <envoy_api_field_route.VirtualHost.per_filter_config>`,
:ref:`route <envoy_api_field_route.Route.per_filter_config>`, and
:ref:`weighted cluster <envoy_api_field_route.WeightedCluster.ClusterWeight.per_filter_config>`
local configuration.
- area: http
change: |
added the ability to pass DNS type Subject Alternative Names of the client certificate in the
:ref:`v1.7:config_http_conn_man_headers_x-forwarded-client-cert` header.
- area: http
change: |
local responses to gRPC requests are now sent as trailers-only gRPC responses instead of plain HTTP responses.
Notably the HTTP response code is always "200" in this case, and the gRPC error code is carried in "grpc-status"
header, optionally accompanied with a text message in "grpc-message" header.
- area: http
change: |
added support for :ref:`via header
<envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.via>`
append.
- area: http
change: |
added a :ref:`configuration option
<envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.skip_xff_append>`
to elide ``x-forwarded-for-`` header modifications.
- area: http
change: |
fixed a bug in inline headers where ``addCopy`` and ``addViaMove`` didn't add header values when
encountering inline headers with multiple instances.
- area: listeners
change: |
added :ref:`tcp_fast_open_queue_length <envoy_api_field_Listener.tcp_fast_open_queue_length>` option.
- area: listeners
change: |
added the ability to match :ref:`FilterChain <envoy_api_msg_listener.FilterChain>` using
:ref:`application_protocols <envoy_api_field_listener.FilterChainMatch.application_protocols>`
(e.g. ALPN for TLS protocol).
- area: listeners
change: |
``sni_domains`` has been deprecated/renamed to :ref:`server_names <envoy_api_field_listener.FilterChainMatch.server_names>`.
- area: listeners
change: |
removed restriction on all filter chains having identical filters.
- area: load balancer
change: |
added :ref:`weighted round robin
<arch_overview_load_balancing_types_round_robin>` support. The round robin
scheduler now respects endpoint weights and also has improved fidelity across
picks.
- area: load balancer
change: |
:ref:`locality weighted load balancing
<arch_overview_load_balancer_subsets>` is now supported.
- area: load balancer
change: |
ability to configure zone aware load balancer settings :ref:`through the API
<envoy_api_field_Cluster.CommonLbConfig.zone_aware_lb_config>`.
- area: load balancer
change: |
the :ref:`weighted least request
<arch_overview_load_balancing_types_least_request>` load balancing algorithm has been improved
to have better balance when operating in weighted mode.
- area: logger
change: |
added the ability to optionally set the log format via the :option:`--log-format` option.
- area: logger
change: |
all :ref:`logging levels <operations_admin_interface_logging>` can be configured
at run-time: trace debug info warning error critical.
- area: rbac http filter
change: |
a :ref:`role-based access control http filter <config_http_filters_rbac>` has been added.
- area: router
change: |
the behavior of per-try timeouts have changed in the case where a portion of the response has
already been proxied downstream when the timeout occurs. Previously, the response would be reset
leading to either an HTTP/2 reset or an HTTP/1 closed connection and a partial response. Now, the
timeout will be ignored and the response will continue to proxy up to the global request timeout.
- area: router
change: |
changed the behavior of :ref:`source IP routing <envoy_api_field_route.RouteAction.HashPolicy.ConnectionProperties.source_ip>`
to ignore the source port.
- area: router
change: |
added an :ref:`prefix_match <envoy_api_field_route.HeaderMatcher.prefix_match>` match type
to explicitly match based on the prefix of a header value.
- area: router
change: |
added an :ref:`suffix_match <envoy_api_field_route.HeaderMatcher.suffix_match>` match type
to explicitly match based on the suffix of a header value.
- area: router
change: |
added an :ref:`present_match <envoy_api_field_route.HeaderMatcher.present_match>` match type
to explicitly match based on a header's presence.
- area: router
change: |
added an :ref:`invert_match <envoy_api_field_route.HeaderMatcher.invert_match>` config option
which supports inverting all other match types to match based on headers which are not a desired value.
- area: router
change: |
allow :ref:`cookie routing <envoy_api_msg_route.RouteAction.HashPolicy.Cookie>` to
generate session cookies.
- area: router
change: |
added ``START_TIME`` as one of supported variables in :ref:`header
formatters <config_http_conn_man_headers_custom_request_headers>`.
- area: router
change: |
added a :ref:`max_grpc_timeout <envoy_api_field_route.RouteAction.max_grpc_timeout>`
config option to specify the maximum allowable value for timeouts decoded from gRPC header field
``grpc-timeout``.
- area: router
change: |
added a :ref:`configuration option
<envoy_api_field_config.filter.http.router.v2.Router.suppress_envoy_headers>` to disable *x-envoy-*
header generation.
- area: router
change: |
added 'unavailable' to the retriable gRPC status codes that can be specified
through :ref:`x-envoy-retry-grpc-on <config_http_filters_router_x-envoy-retry-grpc-on>`.
- area: sockets
change: |
added :ref:`tap transport socket extension <operations_traffic_capture>` to support
recording plain text traffic and PCAP generation.
- area: sockets
change: |
added ``IP_FREEBIND`` socket option support for :ref:`listeners
<envoy_api_field_Listener.freebind>` and upstream connections via
:ref:`cluster manager wide
<envoy_api_field_config.bootstrap.v2.ClusterManager.upstream_bind_config>` and
:ref:`cluster specific <envoy_api_field_Cluster.upstream_bind_config>` options.
- area: sockets
change: |
added ``IP_TRANSPARENT`` socket option support for :ref:`listeners
<envoy_api_field_Listener.transparent>`.
- area: sockets
change: |
added ``SO_KEEPALIVE`` socket option for upstream connections
:ref:`per cluster <envoy_api_field_Cluster.upstream_connection_options>`.
- area: stats
change: |
added support for histograms.
- area: stats
change: |
added :ref:`option to configure the statsd prefix <envoy_api_field_config.metrics.v2.StatsdSink.prefix>`.
- area: stats
change: |
updated stats sink interface to flush through a single call.
- area: tls
change: |
added support for
:ref:`verify_certificate_spki <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>`.
- area: tls
change: |
added support for multiple
:ref:`verify_certificate_hash <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`
values.
- area: tls
change: |
added support for using
:ref:`verify_certificate_spki <envoy_api_field_auth.CertificateValidationContext.verify_certificate_spki>`
and :ref:`verify_certificate_hash <envoy_api_field_auth.CertificateValidationContext.verify_certificate_hash>`
without :ref:`trusted_ca <envoy_api_field_auth.CertificateValidationContext.trusted_ca>`.
- area: tls
change: |
added support for allowing expired certificates with
:ref:`allow_expired_certificate <envoy_api_field_auth.CertificateValidationContext.allow_expired_certificate>`.
- area: tls
change: |
added support for :ref:`renegotiation <envoy_api_field_auth.UpstreamTlsContext.allow_renegotiation>`
when acting as a client.
- area: tls
change: |
removed support for legacy SHA-2 CBC cipher suites.
- area: tracing
change: |
the sampling decision is now delegated to the tracers, allowing the tracer to decide when and if
to use it. For example, if the :ref:`x-b3-sampled <config_http_conn_man_headers_x-b3-sampled>` header
is supplied with the client request, its value will override any sampling decision made by the Envoy proxy.
- area: websocket
change: |
support configuring idle_timeout and max_connect_attempts.
- area: upstream
change: |
added support for host override for a request in :ref:`Original destination host request header <arch_overview_load_balancing_types_original_destination_request_header>`.
- area: header to metadata
change: |
added :ref:`HTTP Header to Metadata filter <config_http_filters_header_to_metadata>`.
deprecated:
- area: admin
change: |
Admin mutations should be sent as POSTs rather than GETs. HTTP GETs will result in an error
status code and will not have their intended effect. Prior to 1.7, GETs can be used for
admin mutations, but a warning is logged.
- area: rate_limiting
change: |
Rate limit service configuration via the ``cluster_name`` field is deprecated. Use ``grpc_service``
instead.
- area: grpc
change: |
gRPC service configuration via the ``cluster_names`` field in ``ApiConfigSource`` is deprecated. Use
``grpc_services`` instead. Prior to 1.7, a warning is logged.
- area: health_checking
change: |
Redis health checker configuration via the ``redis_health_check`` field in ``HealthCheck`` is
deprecated. Use ``custom_health_check`` with name ``envoy.health_checkers.redis`` instead. Prior
to 1.7, ``redis_health_check`` can be used, but warning is logged.
- area: tls
change: |
``SAN`` is replaced by ``URI`` in the ``x-forwarded-client-cert`` header.
- area: health_checking
change: |
The ``endpoint`` field in the http health check filter is deprecated in favor of the ``headers``
field where one can specify HeaderMatch objects to match on.
- area: sni
change: |
The ``sni_domains`` field in the filter chain match was deprecated/renamed to ``server_names``.