1.8.0 (October 4, 2018)
access log: added response flag filter to filter based on the presence of Envoy response flags.
access log: added
REQUESTED_SERVER_NAMEfor SNI to tcp_proxy and http.
access log: added
cli: added support for component log level command line option for configuring log levels of individual components.
cluster: added option to merge health check/weight/metadata updates within the given duration.
config: added a stat connected_state that indicates current connected state of Envoy with management server.
config: fixed stat inconsistency between xDS and ADS implementation. update_failure stat is incremented in case of network failure and update_rejected stat is incremented in case of schema/validation error.
config: regex validation added to limit to a maximum of 1024 characters.
config: v1 disabled by default. v1 support remains available until October via deprecated flag
config: v1 disabled by default. v1 support remains available until October via flipping
ext_authz: added support for configuring additional authorization headers to be sent from Envoy to the authorization service.
grpc-json: added support for building HTTP response from google.api.HttpBody.
health check: added support for custom health check.
health check: added support for specifying jitter as a percentage.
health_check: added support for health check event logging.
health_check: added support for specifying custom request headers to HTTP health checker requests.
http: hpack_table_size now controls dynamic table size of both: encoder and decoder.
http: added generic Upgrade support.
http: added support for a delayed close timeout to mitigate race conditions when closing connections to downstream HTTP clients. The timeout defaults to 1 second.
http: added support for a per-stream idle timeout. This applies at both connection manager and per-route granularity. The timeout defaults to 5 minutes; if you have other timeouts (e.g. connection idle timeout, upstream response per-retry) that are longer than this in duration, you may want to consider setting a non-default per-stream idle timeout.
http: added support for removing request headers using request_headers_to_remove.
http: added upstream_rq_completed counter for total requests completed to dynamic HTTP counters.
http: better handling of HEAD requests. Now sending transfer-encoding: chunked rather than content-length: 0.
http: fixed missing support for appending to predefined inline headers, e.g.
authorization, in features that interact with request and response headers, e.g. request_headers_to_add. For example, a request header
authorization: token1will appear as
authorization: token1,token2, after having request_headers_to_add with
http: response filters not applied to early error paths such as http_parser generated 400s.
http: restrictions added to reject
:-prefixed pseudo-headers in custom request headers.
jwt-authn filter: add support for per route JWT requirements.
lua: added connection() wrapper and
lua: added streamInfo() wrapper and
lua: added streamInfo():dynamicMetadata() API.
network: introduced sni_cluster network filter that forwards connections to the upstream cluster specified by the SNI value presented by the client during a TLS handshake.
proxy_protocol: added support for HAProxy Proxy Protocol v2 (AF_INET/AF_INET6 only).
ratelimit: added failure_mode_deny option to control traffic flow in case of rate limit service error.
ratelimit: added support for api/envoy/service/ratelimit/v2/rls.proto. Lyft’s reference implementation of the ratelimit service also supports the data-plane-api proto as of v1.1.0. Envoy can use either proto to send client requests to a ratelimit server with the use of the
use_data_plane_protoboolean flag in the ratelimit configuration. Support for the legacy proto
source/common/ratelimit/ratelimit.protois deprecated and will be removed at the start of the 1.9.0 release cycle.
rbac config: added a principal_name field and removed the old
namefield to give more flexibility for matching certificate identity.
rbac network filter: a role-based access control network filter has been added.
rest-api: added ability to set the request timeout for REST API requests.
route checker: added v2 config support and removed support for v1 configs.
router: added ability to set request/response headers at the route.Route level.
stats: added option to configure the DogStatsD metric name prefix to DogStatsdSink.
tcp_proxy: added support for weighted clusters.
thrift_proxy: introduced thrift configurable decoder filters.
thrift_proxy: introduced thrift routing, moved configuration to correct location.
tls: implemented Secret Discovery Service.
tracing: added support for configuration of tracing sampling.
upstream: added configuration option to the subset load balancer to take locality weights into account when selecting a host from a subset.
api: Use of the v1 API (including
*.deprecated_v1fields in the v2 API) is deprecated. See envoy-announce email.
clusters: Setting hosts via
Clusteris deprecated. Use
options: Use of the
rate_limiting: Use of the legacy ratelimit.proto is deprecated, in favor of the proto defined in date-plane-api Prior to 1.8.0, Envoy can use either proto to send client requests to a ratelimit server with the use of the
use_data_plane_protoboolean flag in the ratelimit configuration. However, when using the deprecated client a warning is logged.
rbac: Use of the string
Authenticatedin rbac.proto is deprecated in favor of the new
routing: Use of
request_headers_to_addare deprecated at the
RouteActionlevel. Please use the configuration options at the
routing: Use of
RouteMatch, found in route.proto. Set the