1.8.0 (Oct 4, 2018)¶
access log: added response flag filter to filter based on the presence of Envoy response flags.
access log: added RESPONSE_DURATION and RESPONSE_TX_DURATION.
access log: added REQUESTED_SERVER_NAME for SNI to tcp_proxy and http
cli: added support for component log level command line option for configuring log levels of individual components.
cluster: added option to merge health check/weight/metadata updates within the given duration.
config: regex validation added to limit to a maximum of 1024 characters.
config: v1 disabled by default. v1 support remains available until October via flipping –v2-config-only=false.
config: v1 disabled by default. v1 support remains available until October via deprecated flag –allow-deprecated-v1-api.
config: fixed stat inconsistency between xDS and ADS implementation. update_failure stat is incremented in case of network failure and update_rejected stat is incremented in case of schema/validation error.
config: added a stat connected_state that indicates current connected state of Envoy with management server.
ext_authz: added support for configuring additional authorization headers to be sent from Envoy to the authorization service.
grpc-json: added support for building HTTP response from google.api.HttpBody.
health check: added support for custom health check.
health check: added support for specifying jitter as a percentage.
health_check: added support for health check event logging.
health_check: added support for specifying custom request headers to HTTP health checker requests.
http: added support for a per-stream idle timeout. This applies at both connection manager and per-route granularity. The timeout defaults to 5 minutes; if you have other timeouts (e.g. connection idle timeout, upstream response per-retry) that are longer than this in duration, you may want to consider setting a non-default per-stream idle timeout.
http: added upstream_rq_completed counter for total requests completed to dynamic HTTP counters.
http: added generic Upgrade support.
http: better handling of HEAD requests. Now sending transfer-encoding: chunked rather than content-length: 0.
http: fixed missing support for appending to predefined inline headers, e.g. authorization, in features that interact with request and response headers, e.g. request_headers_to_add. For example, a request header authorization: token1 will appear as authorization: token1,token2, after having request_headers_to_add with authorization: token2 applied.
http: response filters not applied to early error paths such as http_parser generated 400s.
http: restrictions added to reject :-prefixed pseudo-headers in custom request headers.
http: hpack_table_size now controls dynamic table size of both: encoder and decoder.
http: added support for removing request headers using request_headers_to_remove.
http: added support for a delayed close timeout to mitigate race conditions when closing connections to downstream HTTP clients. The timeout defaults to 1 second.
jwt-authn filter: add support for per route JWT requirements.
lua: added connection() wrapper and ssl() API.
lua: added streamInfo() wrapper and protocol() API.
lua: added streamInfo():dynamicMetadata() API.
network: introduced sni_cluster network filter that forwards connections to the upstream cluster specified by the SNI value presented by the client during a TLS handshake.
proxy_protocol: added support for HAProxy Proxy Protocol v2 (AF_INET/AF_INET6 only).
ratelimit: added support for api/envoy/service/ratelimit/v2/rls.proto. Lyft’s reference implementation of the ratelimit service also supports the data-plane-api proto as of v1.1.0. Envoy can use either proto to send client requests to a ratelimit server with the use of the use_data_plane_proto boolean flag in the ratelimit configuration. Support for the legacy proto source/common/ratelimit/ratelimit.proto is deprecated and will be removed at the start of the 1.9.0 release cycle.
ratelimit: added failure_mode_deny option to control traffic flow in case of rate limit service error.
rbac config: added a principal_name field and removed the old name field to give more flexibility for matching certificate identity.
rbac network filter: a role-based access control network filter has been added.
rest-api: added ability to set the request timeout for REST API requests.
route checker: added v2 config support and removed support for v1 configs.
router: added ability to set request/response headers at the route.Route level.
stats: added option to configure the DogStatsD metric name prefix to DogStatsdSink.
tcp_proxy: added support for weighted clusters.
thrift_proxy: introduced thrift routing, moved configuration to correct location
thrift_proxy: introduced thrift configurable decoder filters
tls: implemented Secret Discovery Service.
tracing: added support for configuration of tracing sampling.
upstream: added configuration option to the subset load balancer to take locality weights into account when selecting a host from a subset.
Use of the v1 API (including *.deprecated_v1 fields in the v2 API) is deprecated. See envoy-announce email.
Use of the legacy ratelimit.proto is deprecated, in favor of the proto defined in date-plane-api Prior to 1.8.0, Envoy can use either proto to send client requests to a ratelimit server with the use of the use_data_plane_proto boolean flag in the ratelimit configuration. However, when using the deprecated client a warning is logged.
Use of the –v2-config-only flag.
Setting hosts via hosts field in Cluster is deprecated. Use load_assignment instead.
Use of response_headers_to_* and request_headers_to_add are deprecated at the RouteAction level. Please use the configuration options at the Route level.
Use of runtime in RouteMatch, found in route.proto. Set the runtime_fraction field instead.
Use of the string user field in Authenticated in rbac.proto is deprecated in favor of the new StringMatcher based principal_name field.