v1.8.0.rst

1.8.0 (Oct 4, 2018)

Changes

• access log: added :ref:`response flag filter <v1.8:envoy_api_msg_config.filter.accesslog.v2.ResponseFlagFilter>` to filter based on the presence of Envoy response flags.
• access log: added RESPONSE_DURATION and RESPONSE_TX_DURATION.
• access log: added REQUESTED_SERVER_NAME for SNI to tcp_proxy and http
• admin: added :http:get:`/hystrix_event_stream` as an endpoint for monitoring envoy's statistics through Hystrix dashboard.
• cli: added support for :ref:`component log level <v1.8:operations_cli>` command line option for configuring log levels of individual components.
• cluster: added :ref:`option <v1.8:envoy_api_field_Cluster.CommonLbConfig.update_merge_window>` to merge health check/weight/metadata updates within the given duration.
• config: regex validation added to limit to a maximum of 1024 characters.
• config: v1 disabled by default. v1 support remains available until October via flipping --v2-config-only=false.
• config: v1 disabled by default. v1 support remains available until October via deprecated flag --allow-deprecated-v1-api.
• config: fixed stat inconsistency between xDS and ADS implementation. :ref:`update_failure <v1.8:config_cluster_manager_cds>` stat is incremented in case of network failure and :ref:`update_rejected <v1.8:config_cluster_manager_cds>` stat is incremented in case of schema/validation error.
• config: added a stat :ref:`connected_state <v1.8:management_server_stats>` that indicates current connected state of Envoy with management server.
• ext_authz: added support for configuring additional :ref:`authorization headers <v1.8:envoy_api_field_config.filter.http.ext_authz.v2alpha.httpservice.authorization_headers_to_add>` to be sent from Envoy to the authorization service.
• fault: added support for fractional percentages in :ref:`FaultDelay <v1.8:envoy_api_field_config.filter.fault.v2.FaultDelay.percentage>` and in :ref:`FaultAbort <v1.8:envoy_api_field_config.filter.http.fault.v2.FaultAbort.percentage>`.
• grpc-json: added support for building HTTP response from google.api.HttpBody.
• health check: added support for :ref:`custom health check <v1.8:envoy_api_field_core.HealthCheck.custom_health_check>`.
• health check: added support for :ref:`specifying jitter as a percentage <v1.8:envoy_api_field_core.HealthCheck.interval_jitter_percent>`.
• health_check: added support for :ref:`health check event logging <v1.8:arch_overview_health_check_logging>`.
• health_check: added :ref:`timestamp <v1.8:envoy_api_field_data.core.v2alpha.HealthCheckEvent.timestamp>` to the :ref:`health check event <v1.8:envoy_api_msg_data.core.v2alpha.HealthCheckEvent>` definition.
• health_check: added support for specifying :ref:`custom request headers <v1.8:config_http_conn_man_headers_custom_request_headers>` to HTTP health checker requests.
• http: added support for a :ref:`per-stream idle timeout <v1.8:envoy_api_field_route.RouteAction.idle_timeout>`. This applies at both :ref:`connection manager <v1.8:envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.stream_idle_timeout>` and :ref:`per-route granularity <v1.8:envoy_api_field_route.RouteAction.idle_timeout>`. The timeout defaults to 5 minutes; if you have other timeouts (e.g. connection idle timeout, upstream response per-retry) that are longer than this in duration, you may want to consider setting a non-default per-stream idle timeout.
• http: added upstream_rq_completed counter for :ref:`total requests completed <v1.8:config_cluster_manager_cluster_stats_dynamic_http>` to dynamic HTTP counters.
• http: added downstream_rq_completed counter for :ref:`total requests completed <v1.8:config_http_conn_man_stats>`, including on a :ref:`per-listener basis <v1.8:config_http_conn_man_stats_per_listener>`.
• http: added generic :ref:`Upgrade support <v1.8:envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.upgrade_configs>`.
• http: better handling of HEAD requests. Now sending transfer-encoding: chunked rather than content-length: 0.
• http: fixed missing support for appending to predefined inline headers, e.g. authorization, in features that interact with request and response headers, e.g. :ref:`request_headers_to_add <v1.8:envoy_api_field_route.Route.request_headers_to_add>`. For example, a request header authorization: token1 will appear as authorization: token1,token2, after having :ref:`request_headers_to_add <v1.8:envoy_api_field_route.Route.request_headers_to_add>` with authorization: token2 applied.
• http: response filters not applied to early error paths such as http_parser generated 400s.
• http: restrictions added to reject :-prefixed pseudo-headers in :ref:`custom request headers <v1.8:config_http_conn_man_headers_custom_request_headers>`.
• http: :ref:`hpack_table_size <v1.8:envoy_api_field_core.Http2ProtocolOptions.hpack_table_size>` now controls dynamic table size of both: encoder and decoder.
• http: added support for removing request headers using :ref:`request_headers_to_remove <v1.8:envoy_api_field_route.Route.request_headers_to_remove>`.
• http: added support for a :ref:`delayed close timeout <v1.8:envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.delayed_close_timeout>` to mitigate race conditions when closing connections to downstream HTTP clients. The timeout defaults to 1 second.
• jwt-authn filter: add support for per route JWT requirements.
• listeners: added the ability to match :ref:`FilterChain <v1.8:envoy_api_msg_listener.FilterChain>` using :ref:`destination_port <v1.8:envoy_api_field_listener.FilterChainMatch.destination_port>` and :ref:`prefix_ranges <v1.8:envoy_api_field_listener.FilterChainMatch.prefix_ranges>`.
• lua: added :ref:`connection() <v1.8:config_http_filters_lua_connection_wrapper>` wrapper and ssl() API.
• lua: added :ref:`streamInfo() <v1.8:config_http_filters_lua_request_info_wrapper>` wrapper and protocol() API.
• lua: added :ref:`streamInfo():dynamicMetadata() <v1.8:config_http_filters_lua_request_info_dynamic_metadata_wrapper>` API.
• network: introduced :ref:`sni_cluster <v1.8:config_network_filters_sni_cluster>` network filter that forwards connections to the upstream cluster specified by the SNI value presented by the client during a TLS handshake.
• proxy_protocol: added support for HAProxy Proxy Protocol v2 (AF_INET/AF_INET6 only).
• ratelimit: added support for :repo:`api/envoy/service/ratelimit/v2/rls.proto`. Lyft's reference implementation of the ratelimit service also supports the data-plane-api proto as of v1.1.0. Envoy can use either proto to send client requests to a ratelimit server with the use of the use_data_plane_proto boolean flag in the ratelimit configuration. Support for the legacy proto source/common/ratelimit/ratelimit.proto is deprecated and will be removed at the start of the 1.9.0 release cycle.
• ratelimit: added :ref:`failure_mode_deny <v1.8:envoy_api_msg_config.filter.http.rate_limit.v2.RateLimit>` option to control traffic flow in case of rate limit service error.
• rbac config: added a :ref:`principal_name <v1.8:envoy_api_field_config.rbac.v2alpha.principal.authenticated.principal_name>` field and removed the old name field to give more flexibility for matching certificate identity.
• rbac network filter: a :ref:`role-based access control network filter <v1.8:config_network_filters_rbac>` has been added.
• rest-api: added ability to set the :ref:`request timeout <v1.8:envoy_api_field_core.ApiConfigSource.request_timeout>` for REST API requests.
• route checker: added v2 config support and removed support for v1 configs.
• router: added ability to set request/response headers at the :ref:`v1.8:envoy_api_msg_route.Route` level.
• stats: added :ref:`option to configure the DogStatsD metric name prefix <v1.8:envoy_api_field_config.metrics.v2.DogStatsdSink.prefix>` to DogStatsdSink.
• tcp_proxy: added support for :ref:`weighted clusters <v1.8:envoy_api_field_config.filter.network.tcp_proxy.v2.TcpProxy.weighted_clusters>`.
• thrift_proxy: introduced thrift routing, moved configuration to correct location
• thrift_proxy: introduced thrift configurable decoder filters
• tls: implemented :ref:`Secret Discovery Service <v1.8:config_secret_discovery_service>`.
• tracing: added support for configuration of :ref:`tracing sampling <v1.8:envoy_api_field_config.filter.network.http_connection_manager.v2.HttpConnectionManager.tracing>`.
• upstream: added configuration option to the subset load balancer to take locality weights into account when selecting a host from a subset.
• upstream: require opt-in to use the :ref:`x-envoy-original-dst-host <v1.8:config_http_conn_man_headers_x-envoy-original-dst-host>` header for overriding destination address when using the :ref:`Original Destination <v1.8:arch_overview_load_balancing_types_original_destination>` load balancing policy.

Deprecated

• Use of the v1 API (including *.deprecated_v1 fields in the v2 API) is deprecated. See envoy-announce email.
• Use of the legacy ratelimit.proto is deprecated, in favor of the proto defined in date-plane-api Prior to 1.8.0, Envoy can use either proto to send client requests to a ratelimit server with the use of the use_data_plane_proto boolean flag in the ratelimit configuration. However, when using the deprecated client a warning is logged.
• Use of the --v2-config-only flag.
• Use of both use_websocket and websocket_config in route.proto is deprecated. Please use the new upgrade_configs in the HttpConnectionManager instead.
• Use of the integer percent field in FaultDelay and in FaultAbort is deprecated in favor of the new FractionalPercent based percentage field.
• Setting hosts via hosts field in Cluster is deprecated. Use load_assignment instead.
• Use of response_headers_to_* and request_headers_to_add are deprecated at the RouteAction level. Please use the configuration options at the Route level.
• Use of runtime in RouteMatch, found in route.proto. Set the runtime_fraction field instead.
• Use of the string user field in Authenticated in rbac.proto is deprecated in favor of the new StringMatcher based principal_name field.