1.7.0 (June 21, 2018)
Changes
access log: added HeaderFilter to filter logs based on request headers.
access log: added
%([1-9])?f
as one ofSTART_TIME
specifiers to render subseconds.access log: added
DYNAMIC_METADATA
access log formatter.access log: added ability to format START_TIME.
access log: added ability to log response trailers.
access log: gRPC Access Log Service (ALS) support added for HTTP access logs.
access log: improved WebSocket logging.
admin: added
GET /clusters?format=json
for outputing a JSON-serialized proto detailing the current status of all clusters.admin: added
GET /config_dump
for dumping the current configuration and associated xDS version information (if applicable).admin: added
GET /stats/prometheus
as an alternative endpoint for getting stats in prometheus format.admin: added /runtime_modify endpoint to add or change runtime values.
admin: mutations must be sent as POSTs, rather than GETs. Mutations include:
POST /cpuprofiler
,POST /healthcheck/fail
,POST /healthcheck/ok
,POST /logging
,POST /quitquitquit
,POST /reset_counters
,POST /runtime_modify?key1=value1&key2=value2&keyN=valueN
.admin: removed
/routes
endpoint; route configs can now be found at the /config_dump endpoint.buffer filter: the buffer filter can be optionally disabled or overridden with route-local configuration.
cli: added
--config-yaml
flag to the Envoy binary. When set its value is interpreted as a yaml representation of the bootstrap config and overrides--config-path
.cluster: added option to close
tcp_proxy
upstream connections when health checks fail.cluster: added option to drain connections from hosts after they are removed from service discovery, regardless of health status.
cluster: fixed bug preventing the deletion of all endpoints in a priority.
debug: added symbolized stack traces (where supported).
ext-authz filter: added support to gRPC responses to carry HTTP attributes.
ext-authz filter: added support to raw HTTP authorization.
grpc: support added for the full set of Google gRPC call credentials.
gzip filter: added stats to the filter.
gzip filter: sending
accept-encoding
header asidentity
no longer compresses the payload.header to metadata: added HTTP Header to Metadata filter.
health check: added ability to set additional HTTP headers for HTTP health check.
health check: added interval overrides for health state transitions from healthy to unhealthy, unhealthy to healthy and for subsequent checks on unhealthy hosts.
health check: added support for custom health check.
health check: added support for EDS delivered endpoint health status.
health check: health check connections can now be configured to use http/2.
health check http filter: added generic header matching to trigger health check response. Deprecated the endpoint option.
http: added a configuration option to elide
x-forwarded-for-
header modifications.http: added support for via header append.
http: added the ability to pass DNS type Subject Alternative Names of the client certificate in the x-forwarded-client-cert header.
http: filters can now optionally support virtual host, route, and weighted cluster local configuration.
http: fixed a bug in inline headers where
addCopy
andaddViaMove
didn’t add header values when encountering inline headers with multiple instances.http: local responses to gRPC requests are now sent as trailers-only gRPC responses instead of plain HTTP responses. Notably the HTTP response code is always “200” in this case, and the gRPC error code is carried in “grpc-status” header, optionally accompanied with a text message in “grpc-message” header.
listeners:
sni_domains
has been deprecated/renamed to server_names.listeners: added tcp_fast_open_queue_length option.
listeners: added the ability to match FilterChain using application_protocols (e.g. ALPN for TLS protocol).
listeners: removed restriction on all filter chains having identical filters.
load balancer: locality weighted load balancing is now supported.
load balancer: ability to configure zone aware load balancer settings through the API.
load balancer: added weighted round robin support. The round robin scheduler now respects endpoint weights and also has improved fidelity across picks.
load balancer: the weighted least request load balancing algorithm has been improved to have better balance when operating in weighted mode.
logger: added the ability to optionally set the log format via the
--log-format
option.logger: all logging levels can be configured at run-time: trace debug info warning error critical.
rbac http filter: a role-based access control http filter has been added.
router: added ‘unavailable’ to the retriable gRPC status codes that can be specified through x-envoy-retry-grpc-on.
router: added
START_TIME
as one of supported variables in header formatters.router: added a configuration option to disable x-envoy- header generation.
router: added a max_grpc_timeout config option to specify the maximum allowable value for timeouts decoded from gRPC header field
grpc-timeout
.router: added an invert_match config option which supports inverting all other match types to match based on headers which are not a desired value.
router: added an prefix_match match type to explicitly match based on the prefix of a header value.
router: added an present_match match type to explicitly match based on a header’s presence.
router: added an suffix_match match type to explicitly match based on the suffix of a header value.
router: allow cookie routing to generate session cookies.
router: changed the behavior of source IP routing to ignore the source port.
router: the behavior of per-try timeouts have changed in the case where a portion of the response has already been proxied downstream when the timeout occurs. Previously, the response would be reset leading to either an HTTP/2 reset or an HTTP/1 closed connection and a partial response. Now, the timeout will be ignored and the response will continue to proxy up to the global request timeout.
sockets: added tap transport socket extension to support recording plain text traffic and PCAP generation.
sockets: added
IP_FREEBIND
socket option support for listeners and upstream connections via cluster manager wide and cluster specific options.sockets: added
IP_TRANSPARENT
socket option support for listeners.sockets: added
SO_KEEPALIVE
socket option for upstream connections per cluster.stats: added option to configure the statsd prefix.
stats: added support for histograms.
stats: updated stats sink interface to flush through a single call.
tls: added support for verify_certificate_spki.
tls: added support for renegotiation when acting as a client.
tls: added support for allowing expired certificates with allow_expired_certificate.
tls: added support for multiple verify_certificate_hash values.
tls: added support for using verify_certificate_spki and verify_certificate_hash without trusted_ca.
tls: removed support for legacy SHA-2 CBC cipher suites.
tracing: the sampling decision is now delegated to the tracers, allowing the tracer to decide when and if to use it. For example, if the x-b3-sampled header is supplied with the client request, its value will override any sampling decision made by the Envoy proxy.
upstream: added support for host override for a request in Original destination host request header.
websocket: support configuring idle_timeout and max_connect_attempts.
Deprecated
admin: Admin mutations should be sent as POSTs rather than GETs. HTTP GETs will result in an error status code and will not have their intended effect. Prior to 1.7, GETs can be used for admin mutations, but a warning is logged.
grpc: gRPC service configuration via the
cluster_names
field inApiConfigSource
is deprecated. Usegrpc_services
instead. Prior to 1.7, a warning is logged.health_checking: Redis health checker configuration via the
redis_health_check
field inHealthCheck
is deprecated. Usecustom_health_check
with nameenvoy.health_checkers.redis
instead. Prior to 1.7,redis_health_check
can be used, but warning is logged.health_checking: The
endpoint
field in the http health check filter is deprecated in favor of theheaders
field where one can specify HeaderMatch objects to match on.rate_limiting: Rate limit service configuration via the
cluster_name
field is deprecated. Usegrpc_service
instead.sni: The
sni_domains
field in the filter chain match was deprecated/renamed toserver_names
.tls:
SAN
is replaced byURI
in thex-forwarded-client-cert
header.