forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
current.yaml
203 lines (197 loc) · 10.5 KB
/
current.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
date: Pending
behavior_changes:
# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
- area: thread_local
change: |
Changes the behavior of the ``SlotImpl`` class destructor. With this change the destructor can be called on any thread.
This behavior can be reverted by setting the runtime flag ``envoy.reloadable_features.allow_slot_destroy_on_worker_threads``
to false.
- area: ext_proc
change: |
Adding support for
:ref:`route_cache_action <envoy_v3_api_field_extensions.filters.http.ext_proc.v3.ExternalProcessor.route_cache_action>`.
It specifies the route action to be taken when an external processor response is received in response to request headers.
- area: http2
change: |
Changes the default value of ``envoy.reloadable_features.http2_use_oghttp2`` to true. This changes the codec used for HTTP/2
requests and responses. This behavior can be reverted by setting the feature to false.
- area: proxy_protocol
change: |
Populate typed metadata by default in proxy protocol listener. Typed metadata can be consumed as
:ref:`TlvsMetadata type <envoy_v3_api_msg_data.core.v3.TlvsMetadata>`.
This change can be temporarily disabled by setting the runtime flag
``envoy.reloadable_features.use_typed_metadata_in_proxy_protocol_listener`` to ``false``.
minor_behavior_changes:
# *Changes that may cause incompatibilities for some users, but should not for most*
- area: grpc
change: |
Changes in ``AsyncStreamImpl`` now propagate tracing context headers in bidirectional streams when using
:ref:`Envoy gRPC client <envoy_v3_api_field_config.core.v3.GrpcService.envoy_grpc>`. Previously, tracing context headers
were not being set when calling external services such as ``ext_proc``.
- area: tracers
change: |
Set status code for OpenTelemetry tracers (previously unset).
- area: config
change: |
Stricter validation of a ``google.protobuf.Duration`` field in a config, rejecting invalid values (where the number
of years is over 292). This can be temporarily reverted by setting runtime guard
``envoy.reloadable_features.strict_duration_validation`` to ``false``.
- area: xds
change: |
Updated xDS-TP path naming to better comply with RFC-3986. Encoded resource paths can now include an a colon ``:``,
instead of ``%3A``. This behavior can be reverted by setting the runtime flag
``envoy.reloadable_features.xdstp_path_avoid_colon_encoding`` to ``false``.
- area: udp
change: |
Change GRO read buffer to 64kB to avoid MSG_TRUNC. And change the way to limit the number of packets processed per event
loop to work with GRO. This behavior can be reverted by setting runtime guard
``envoy.reloadable_features.udp_socket_apply_aggregated_read_limit`` to false.
- area: statistics
change: |
Hot restart statistics like hot_restart_epoch are only set when hot restart is enabled.
- area: dns
change: |
Changes the behavior of the getaddrinfo DNS resolver so that it treats EAI_NODATA and EAI_NONAME
as successful queries with empty results, instead of as DNS failures. This change brings the
getaddrinfo behavior in-line with the c-ares resolver behavior. This behavior can be reverted by
setting the runtime guard ``envoy.reloadable_features.dns_nodata_noname_is_success`` to false.
- area: access_log
change: |
The upstream connection address, rather than the upstream host address, will be used for the ``%UPSTREAM_REMOTE_ADDRESS%``,
``%UPSTREAM_REMOTE_PORT%`` and ``%UPSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%`` access log format specifiers.
This behavior can be reverted by setting the runtime guard
``envoy.reloadable_features.upstream_remote_address_use_connection`` to false.
- area: quic
change: |
When a quic connection socket is created, the socket's detected transport protocol will be set to "quic".
bug_fixes:
# *Changes expected to improve the state of the world and are unlikely to have negative effects*
- area: admission control
change: |
Fixed the thread-local controller's average RPS calculation to be calculated over the full
lookback window. Previously, the controller would calculate the average RPS over the amount of
time elapsed since the oldest valid request sample. This change brings the behavior in line with
the documentation.
- area: outlier detection
change: |
Fixed :ref:`successful_active_health_check_uneject_host
<envoy_v3_api_field_config.cluster.v3.OutlierDetection.successful_active_health_check_uneject_host>`.
Before, a failed health check could uneject the host if the ``FAILED_ACTIVE_HC`` health flag had not been set.
- area: tls
change: |
Fix a RELEASE_ASSERT when using :ref:`auto_sni <envoy_v3_api_field_config.core.v3.UpstreamHttpProtocolOptions.auto_sni>`
if the downstream request ``:authority`` was longer than 255 characters.
- area: ext_authz
change: |
Added field
:ref:`validate_mutations <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.validate_mutations>`,
which, when set to true, adds header & query parameter mutation validation to the http ext_authz
filter. If an authz response contains invalid mutations, the filter responds to the downstream
request with HTTP 500 Internal Server Error. If you use ext_authz with an untrusted side stream,
it's recommended you set this to true.
- area: http
change: |
Fix a crash when reloading the HTTP Connection Manager via ECDS.
- area: cares
change: |
Upgraded c-ares library to 1.20.1 and added fix to c-ares DNS implementation to additionally check for ``ARES_EREFUSED``,
``ARES_ESERVFAIL``and ``ARES_ENOTIMP`` status. Without this fix, ``DestroyChannelOnRefused`` and
``CustomResolverValidAfterChannelDestruction`` unit test will break.
- area: udp
change: |
Fixed a bug that would cause Envoy to crash when updates to a pre-existing cluster were made (e.g. ``HostSet`` changes).
- area: ext_authz
change: |
Handle ``append_action`` from :ref:`external authorization service <envoy_v3_api_msg_service.auth.v3.CheckResponse>`
that was ignored.
- area: http
change: |
Fix BalsaParser resetting state too early, guarded by default-true
``envoy.reloadable_features.http1_balsa_delay_reset``.
- area: ext_authz
change: |
Set the SNI value from the requested server name if it isn't available on the connection/socket. This applies when
``include_tls_session`` is true. The requested server name is set on a connection when filters such as the TLS
inspector are used.
removed_config_or_runtime:
# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
- area: http
change: |
Removed ``envoy.reloadable_features.use_cluster_cache_for_alt_protocols_filter`` runtime flag and lagacy code paths.
- area: http
change: |
Removed ``envoy.reloadable_features.proxy_status_upstream_request_timeout`` runtime flag and lagacy code paths.
- area: http
change: |
Removed ``envoy.reloadable_features.handle_uppercase_scheme`` runtime flag and legacy code paths.
- area: tcp
change: |
Removed ``envoy.reloadable_features.detect_and_raise_rst_tcp_connection`` runtime flag and legacy code paths.
- area: http
change: |
Removed ``envoy.reloadable_features.lowercase_scheme`` runtime flag and lagacy code paths.
- area: upstream
change: |
Removed ``envoy.reloadable_features.convert_legacy_lb_config`` runtime flag and lagacy code paths.
- area: router
change: |
Removed ``envoy.reloadable_features.copy_response_code_to_downstream_stream_info`` runtime flag and legacy code paths.
new_features:
- area: hot_restart
change: |
Added new command-line flag :option:`--skip-hot-restart-parent-stats`.
- area: matching
change: |
Added :ref:`Filter State Input <envoy_v3_api_msg_extensions.matching.common_inputs.network.v3.FilterStateInput>`
for matching http input based on filter state objects.
- area: ext_authz
change: |
Added :ref:`disallowed_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.disallowed_headers>`
to specify headers that should never be sent to the external authentication service. Overrides
:ref:`allowed_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.allowed_headers>`
if a header matches both.
- area: quic
change: |
Added support for QUIC server preferred address when there is a DNAT between the client and Envoy. See
:ref:`new config
<envoy_v3_api_field_extensions.quic.server_preferred_address.v3.FixedServerPreferredAddressConfig.AddressFamilyConfig.dnat_address>`.
- area: cares
change: |
Added :ref:`udp_max_queries<envoy_v3_api_field_extensions.network.dns_resolver.cares.v3.CaresDnsResolverConfig.udp_max_queries>`
option to limit the number of UDP queries.
- area: http
change: |
Added :ref:`disable_shadow_host_suffix_append
<envoy_v3_api_field_config.route.v3.RouteAction.RequestMirrorPolicy.disable_shadow_host_suffix_append>`
in :ref:`request_mirror_policies <envoy_v3_api_field_config.route.v3.RouteAction.request_mirror_policies>`
for disabling appending of the ``-shadow`` suffix to the shadowed host/authority header.
- area: redis
change: |
Added support for `inline commands <https://redis.io/docs/reference/protocol-spec/#inline-commands>`_.
- area: aws_lambda
change: |
The ``aws_lambda`` filter now supports the
:ref:`credentials <envoy_v3_api_field_extensions.filters.http.aws_lambda.v3.Config.credentials>` parameter.
This enables setting AWS credentials from the filter configuration.
- area: access_log
change: |
added support for :ref:`%UPSTREAM_HOST_NAME% <config_access_log_format_upstream_host_name>` for the upstream host
identifier.
- area: access_loggers
change: |
Added ``TRACE_ID`` :ref:`access log formatter <config_access_log_format>`.
- area: healthcheck
change: |
Added support to healthcheck with ProxyProtocol in TCP Healthcheck by setting
:ref:`health_check_config <envoy_v3_api_field_config.core.v3.HealthCheck.TcpHealthCheck.proxy_protocol_config>`.
- area: open_telemetry
change: |
added :ref:`stat_prefix
<envoy_v3_api_field_extensions.access_loggers.open_telemetry.v3.OpenTelemetryAccessLogConfig.stat_prefix>`
configuration to support additional stat prefix for the OpenTelemetry logger.
deprecated:
- area: tracing
change: |
Disable OpenCensus by default, as it is
`no longer supported/maintained upstream <https://opentelemetry.io/blog/2023/sunsetting-opencensus/>`_.
This extension can be replaced with the OpenTelemetry tracer and collector.