1.8.0 (Oct 4, 2018)¶
access log: added response flag filter to filter based on the presence of Envoy response flags.
access log: added RESPONSE_DURATION and RESPONSE_TX_DURATION.
access log: added REQUESTED_SERVER_NAME for SNI to tcp_proxy and http
cli: added support for component log level command line option for configuring log levels of individual components.
cluster: added option to merge health check/weight/metadata updates within the given duration.
config: regex validation added to limit to a maximum of 1024 characters.
config: v1 disabled by default. v1 support remains available until October via flipping –v2-config-only=false.
config: v1 disabled by default. v1 support remains available until October via deprecated flag –allow-deprecated-v1-api.
config: fixed stat inconsistency between xDS and ADS implementation. update_failure stat is incremented in case of network failure and update_rejected stat is incremented in case of schema/validation error.
config: added a stat connected_state that indicates current connected state of Envoy with management server.
ext_authz: added support for configuring additional authorization headers to be sent from Envoy to the authorization service.
grpc-json: added support for building HTTP response from google.api.HttpBody.
health check: added support for custom health check.
health check: added support for specifying jitter as a percentage.
health_check: added support for health check event logging.
health_check: added support for specifying custom request headers to HTTP health checker requests.
http: added support for a per-stream idle timeout. This applies at both connection manager and per-route granularity. The timeout defaults to 5 minutes; if you have other timeouts (e.g. connection idle timeout, upstream response per-retry) that are longer than this in duration, you may want to consider setting a non-default per-stream idle timeout.
http: added upstream_rq_completed counter for total requests completed to dynamic HTTP counters.
http: added generic Upgrade support.
http: better handling of HEAD requests. Now sending transfer-encoding: chunked rather than content-length: 0.
http: fixed missing support for appending to predefined inline headers, e.g. authorization, in features that interact with request and response headers, e.g. request_headers_to_add. For example, a request header authorization: token1 will appear as authorization: token1,token2, after having request_headers_to_add with authorization: token2 applied.
http: response filters not applied to early error paths such as http_parser generated 400s.
http: restrictions added to reject :-prefixed pseudo-headers in custom request headers.
http: hpack_table_size now controls dynamic table size of both: encoder and decoder.
http: added support for removing request headers using request_headers_to_remove.
http: added support for a delayed close timeout to mitigate race conditions when closing connections to downstream HTTP clients. The timeout defaults to 1 second.
jwt-authn filter: add support for per route JWT requirements.
lua: added connection() wrapper and ssl() API.
lua: added streamInfo() wrapper and protocol() API.
lua: added streamInfo():dynamicMetadata() API.
network: introduced sni_cluster network filter that forwards connections to the upstream cluster specified by the SNI value presented by the client during a TLS handshake.
proxy_protocol: added support for HAProxy Proxy Protocol v2 (AF_INET/AF_INET6 only).
ratelimit: added support for api/envoy/service/ratelimit/v2/rls.proto. Lyft’s reference implementation of the ratelimit service also supports the data-plane-api proto as of v1.1.0. Envoy can use either proto to send client requests to a ratelimit server with the use of the
use_data_plane_protoboolean flag in the ratelimit configuration. Support for the legacy proto
source/common/ratelimit/ratelimit.protois deprecated and will be removed at the start of the 1.9.0 release cycle.
ratelimit: added failure_mode_deny option to control traffic flow in case of rate limit service error.
rbac config: added a principal_name field and removed the old
namefield to give more flexibility for matching certificate identity.
rbac network filter: a role-based access control network filter has been added.
rest-api: added ability to set the request timeout for REST API requests.
route checker: added v2 config support and removed support for v1 configs.
router: added ability to set request/response headers at the route.Route level.
stats: added option to configure the DogStatsD metric name prefix to DogStatsdSink.
tcp_proxy: added support for weighted clusters.
thrift_proxy: introduced thrift routing, moved configuration to correct location
thrift_proxy: introduced thrift configurable decoder filters
tls: implemented Secret Discovery Service.
tracing: added support for configuration of tracing sampling.
upstream: added configuration option to the subset load balancer to take locality weights into account when selecting a host from a subset.
Use of the v1 API (including
*.deprecated_v1fields in the v2 API) is deprecated. See envoy-announce email.
Use of the legacy ratelimit.proto is deprecated, in favor of the proto defined in date-plane-api Prior to 1.8.0, Envoy can use either proto to send client requests to a ratelimit server with the use of the
use_data_plane_protoboolean flag in the ratelimit configuration. However, when using the deprecated client a warning is logged.
Use of the –v2-config-only flag.
Setting hosts via
Clusteris deprecated. Use
request_headers_to_addare deprecated at the
RouteActionlevel. Please use the configuration options at the
RouteMatch, found in route.proto. Set the
Use of the string
Authenticatedin rbac.proto is deprecated in favor of the new