1.8.0 (Oct 4, 2018) =================== Changes ------- * access log: added :ref:`response flag filter ` to filter based on the presence of Envoy response flags. * access log: added RESPONSE_DURATION and RESPONSE_TX_DURATION. * access log: added REQUESTED_SERVER_NAME for SNI to tcp_proxy and http * admin: added :http:get:`/hystrix_event_stream` as an endpoint for monitoring envoy's statistics through `Hystrix dashboard `_. * cli: added support for :ref:`component log level ` command line option for configuring log levels of individual components. * cluster: added :ref:`option ` to merge health check/weight/metadata updates within the given duration. * config: regex validation added to limit to a maximum of 1024 characters. * config: v1 disabled by default. v1 support remains available until October via flipping --v2-config-only=false. * config: v1 disabled by default. v1 support remains available until October via deprecated flag --allow-deprecated-v1-api. * config: fixed stat inconsistency between xDS and ADS implementation. :ref:`update_failure ` stat is incremented in case of network failure and :ref:`update_rejected ` stat is incremented in case of schema/validation error. * config: added a stat :ref:`connected_state ` that indicates current connected state of Envoy with management server. * ext_authz: added support for configuring additional :ref:`authorization headers ` to be sent from Envoy to the authorization service. * fault: added support for fractional percentages in :ref:`FaultDelay ` and in :ref:`FaultAbort `. * grpc-json: added support for building HTTP response from `google.api.HttpBody `_. * health check: added support for :ref:`custom health check `. * health check: added support for :ref:`specifying jitter as a percentage `. * health_check: added support for :ref:`health check event logging `. * health_check: added :ref:`timestamp ` to the :ref:`health check event ` definition. * health_check: added support for specifying :ref:`custom request headers ` to HTTP health checker requests. * http: added support for a :ref:`per-stream idle timeout `. This applies at both :ref:`connection manager ` and :ref:`per-route granularity `. The timeout defaults to 5 minutes; if you have other timeouts (e.g. connection idle timeout, upstream response per-retry) that are longer than this in duration, you may want to consider setting a non-default per-stream idle timeout. * http: added upstream_rq_completed counter for :ref:`total requests completed ` to dynamic HTTP counters. * http: added downstream_rq_completed counter for :ref:`total requests completed `, including on a :ref:`per-listener basis `. * http: added generic :ref:`Upgrade support `. * http: better handling of HEAD requests. Now sending transfer-encoding: chunked rather than content-length: 0. * http: fixed missing support for appending to predefined inline headers, e.g. *authorization*, in features that interact with request and response headers, e.g. :ref:`request_headers_to_add `. For example, a request header *authorization: token1* will appear as *authorization: token1,token2*, after having :ref:`request_headers_to_add ` with *authorization: token2* applied. * http: response filters not applied to early error paths such as http_parser generated 400s. * http: restrictions added to reject *:*-prefixed pseudo-headers in :ref:`custom request headers `. * http: :ref:`hpack_table_size ` now controls dynamic table size of both: encoder and decoder. * http: added support for removing request headers using :ref:`request_headers_to_remove `. * http: added support for a :ref:`delayed close timeout ` to mitigate race conditions when closing connections to downstream HTTP clients. The timeout defaults to 1 second. * jwt-authn filter: add support for per route JWT requirements. * listeners: added the ability to match :ref:`FilterChain ` using :ref:`destination_port ` and :ref:`prefix_ranges `. * lua: added :ref:`connection() ` wrapper and *ssl()* API. * lua: added :ref:`streamInfo() ` wrapper and *protocol()* API. * lua: added :ref:`streamInfo():dynamicMetadata() ` API. * network: introduced :ref:`sni_cluster ` network filter that forwards connections to the upstream cluster specified by the SNI value presented by the client during a TLS handshake. * proxy_protocol: added support for HAProxy Proxy Protocol v2 (AF_INET/AF_INET6 only). * ratelimit: added support for :repo:`api/envoy/service/ratelimit/v2/rls.proto`. Lyft's reference implementation of the `ratelimit `_ service also supports the data-plane-api proto as of v1.1.0. Envoy can use either proto to send client requests to a ratelimit server with the use of the ``use_data_plane_proto`` boolean flag in the ratelimit configuration. Support for the legacy proto ``source/common/ratelimit/ratelimit.proto`` is deprecated and will be removed at the start of the 1.9.0 release cycle. * ratelimit: added :ref:`failure_mode_deny ` option to control traffic flow in case of rate limit service error. * rbac config: added a :ref:`principal_name ` field and removed the old ``name`` field to give more flexibility for matching certificate identity. * rbac network filter: a :ref:`role-based access control network filter ` has been added. * rest-api: added ability to set the :ref:`request timeout ` for REST API requests. * route checker: added v2 config support and removed support for v1 configs. * router: added ability to set request/response headers at the :ref:`v1.8:envoy_api_msg_route.Route` level. * stats: added :ref:`option to configure the DogStatsD metric name prefix ` to DogStatsdSink. * tcp_proxy: added support for :ref:`weighted clusters `. * thrift_proxy: introduced thrift routing, moved configuration to correct location * thrift_proxy: introduced thrift configurable decoder filters * tls: implemented :ref:`Secret Discovery Service `. * tracing: added support for configuration of :ref:`tracing sampling `. * upstream: added configuration option to the subset load balancer to take locality weights into account when selecting a host from a subset. * upstream: require opt-in to use the :ref:`x-envoy-original-dst-host ` header for overriding destination address when using the :ref:`Original Destination ` load balancing policy. Deprecated ---------- * Use of the v1 API (including ``*.deprecated_v1`` fields in the v2 API) is deprecated. See envoy-announce `email `_. * Use of the legacy `ratelimit.proto `_ is deprecated, in favor of the proto defined in `date-plane-api `_ Prior to 1.8.0, Envoy can use either proto to send client requests to a ratelimit server with the use of the ``use_data_plane_proto`` boolean flag in the `ratelimit configuration `_. However, when using the deprecated client a warning is logged. * Use of the --v2-config-only flag. * Use of both ``use_websocket`` and ``websocket_config`` in `route.proto `_ is deprecated. Please use the new ``upgrade_configs`` in the `HttpConnectionManager `_ instead. * Use of the integer ``percent`` field in `FaultDelay `_ and in `FaultAbort `_ is deprecated in favor of the new ``FractionalPercent`` based ``percentage`` field. * Setting hosts via ``hosts`` field in ``Cluster`` is deprecated. Use ``load_assignment`` instead. * Use of ``response_headers_to_*`` and ``request_headers_to_add`` are deprecated at the ``RouteAction`` level. Please use the configuration options at the ``Route`` level. * Use of ``runtime`` in ``RouteMatch``, found in `route.proto `_. Set the ``runtime_fraction`` field instead. * Use of the string ``user`` field in ``Authenticated`` in `rbac.proto `_ is deprecated in favor of the new ``StringMatcher`` based ``principal_name`` field.