forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcurrent.yaml
152 lines (146 loc) · 6.99 KB
/
current.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
date: Pending
behavior_changes:
# *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required*
- area: tracing
change: |
Removed support for (long deprecated) opentracing. See `issue 27401
<https://github.com/envoyproxy/envoy/issues/27401>`_ for details.
- area: stats scoped_rds
change: |
Added new tag extraction so that scoped rds stats have their :ref:'scope_route_config_name
<envoy_v3_api_msg_config/route/v3/scoped_route>' and stat prefix extracted.
minor_behavior_changes:
# *Changes that may cause incompatibilities for some users, but should not for most*
- area: command line options
change: |
:option:`--enable-fine-grain-logging` and :option:`--component-log-level` were incompatible in that one
would make the other ineffective. Setting both options at once is now an error, to reduce potential confusion.
- area: tcp
change: |
Added support for :ref:`connection_pool_per_downstream_connection
<envoy_v3_api_field_config.cluster.v3.Cluster.connection_pool_per_downstream_connection>` flag in tcp connection pool.
- area: lua
change: |
When Lua script executes httpCall, backpressure is exercised when receiving body from downstream client. This behavior can be reverted
by setting the runtime guard ``envoy.reloadable_features.lua_flow_control_while_http_call`` to false.
bug_fixes:
# *Changes expected to improve the state of the world and are unlikely to have negative effects*
- area: dns
change: |
The DNS filter no longer returns FORMERR if a message has an ID of 0.
- area: quic
change: |
Fixes access log formatter %CONNECTION_ID% for QUIC connections.
- area: c-ares
change: |
Applying a C-ares patch to fix DNS resoultion by the Google gRPC library.
- area: ext_authz
change: |
Fixed fail-open behavior of the :ref:`failure_mode_allow config option
<envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.failure_mode_allow>`
when a grpc external authz server is used.
The behavior can be enabled by ``envoy_reloadable_features_process_ext_authz_grpc_error_codes_as_errors``.
- area: websocket
change: |
Fixed a bug where the websocket upgrade filter would not take into account per-filter configs.
- area: ext_proc
change: |
Add runtime guard for timeout error code 504 Gateway Timeout that is returned to downstream. If runtime flag
``envoy.reloadable_features.ext_proc_timeout_error`` is set to false, old error code 500 Internal Server Error will be returned.
removed_config_or_runtime:
# *Normally occurs at the end of the* :ref:`deprecation period <deprecated>`
- area: upstream
change: |
Removed runtime flag ``envoy.reloadable_features.avoid_zombie_streams`` and legacy code paths.
- area: ext_proc
change: |
Removed runtime flag ``envoy_reloadable_features_immediate_response_use_filter_mutation_rule`` and legacy code
path.
- area: ext_proc
change: |
Removed runtime flag ``envoy_reloadable_features_send_header_raw_value`` and legacy code path.
- area: http
change: |
Removed runtime flag ``envoy.reloadable_features.no_downgrade_to_canonical_name`` and legacy code
path.
- area: DNS
change: |
Removed ``envoy.reloadable_features.dns_cache_set_first_resolve_complete`` runtime flag and legacy code paths.
- area: tls
change: |
Removed runtime flag ``envoy.reloadable_features.ssl_transport_failure_reason_format``.
- area: http
change: |
Removed runtime flag ``envoy.reloadable_features.abort_filter_chain_on_stream_reset`` and legacy
code path.
- area: grpc reverse bridge
change: |
Removed ``envoy.reloadable_features.grpc_http1_reverse_bridge_handle_empty_response`` runtime
flag and legacy code paths.
- area: grpc reverse bridge
change: |
Removed ``envoy.reloadable_features.grpc_http1_reverse_bridge_change_http_status`` runtime flag
and legacy code paths.
- area: stateful_session
change: |
Removed ``envoy.reloadable_features.stateful_session_encode_ttl_in_cookie`` runtime flag and legacy code paths.
- area: quic
change: |
Removed ``envoy.reloadable_features.quic_fix_filter_manager_uaf`` runtime flag and legacy code paths.
- area: udp
change: |
Removed ``envoy.restart_features.udp_read_normalize_addresses`` runtime flag and legacy code paths.
- area: upstream
change: |
Removed runtime flag ``envoy.reloadable_features.upstream_allow_connect_with_2xx`` and legacy code paths.
- area: upstream flow control
change: |
Removed ``envoy.reloadable_features.upstream_wait_for_response_headers_before_disabling_read`` runtime flag
and legacy code paths.
new_features:
- area: tls
change: |
Added :ref:`prefer_client_ciphers
<envoy_v3_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.prefer_client_ciphers>`
to support enabling client cipher preference instead of server's for TLS handshakes.
- area: ext_authz
change: |
Added config field
:ref:`filter_metadata <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.filter_metadata>`
for injecting arbitrary data to the filter state for logging.
- area: access_log
change: |
added %UPSTREAM_CLUSTER_RAW% access log formatter to log the original upstream cluster name, regardless of whether
``alt_stat_name`` is set.
- area: formatter
change: |
Added full feature absl::FormatTime() support to the DateFormatter. This allows the timepoint formatters (like
``%START_TIME%``) to use ``%E#S``, ``%E*S``, ``%E#f`` and ``%E*f`` to format the subsecond part of the timepoint.
- area: sockets
change: |
Added socket ``type`` field for specifying a socket type to apply the socket option to under :ref:`SocketOption
<envoy_v3_api_msg_config.core.v3.SocketOption>`. If not specified, the socket option will be applied to all socket
types.
- area: tls
change: |
Added an extension point :ref:`custom_tls_certificate_selector
<envoy_v3_api_field_extensions.transport_sockets.tls.v3.CommonTlsContext.custom_tls_certificate_selector>`
to allow overriding TLS certificate selection behavior.
An extension can select certificate base on the incoming SNI, in both sync and async mode.
- area: matching
change: |
Added dynamic metadata matcher support :ref:`Dynamic metadata input <extension_envoy.matching.inputs.dynamic_metadata>`
and :ref:`Dynamic metadata input matcher <extension_envoy.matching.matchers.metadata_matcher>`.
- area: ratelimit
change: |
Added the ability to modify :ref:`hits_addend <envoy_v3_api_field_service.ratelimit.v3.RateLimitRequest.hits_addend>`
by setting by setting filter state value ``envoy.ratelimit.hits_addend`` to the desired value.
- area: access_log
change: |
Added new access log command operators ``%START_TIME_LOCAL%`` and ``%EMIT_TIME_LOCAL%``,
similar to ``%START_TIME%`` and ``%EMIT_TIME%``, but use local time zone.
- area: dns
change: |
Prefer using IPv6 address when addresses from both families are available.
Can be reverted by setting ``envoy.reloadable_features.prefer_ipv6_dns_on_macos`` to false.
deprecated: