1.8.0 (Oct 4, 2018)

Changes

  • access log: added response flag filter to filter based on the presence of Envoy response flags.

  • access log: added RESPONSE_DURATION and RESPONSE_TX_DURATION.

  • access log: added REQUESTED_SERVER_NAME for SNI to tcp_proxy and http

  • admin: added GET /hystrix_event_stream as an endpoint for monitoring envoy’s statistics through Hystrix dashboard.

  • cli: added support for component log level command line option for configuring log levels of individual components.

  • cluster: added option to merge health check/weight/metadata updates within the given duration.

  • config: regex validation added to limit to a maximum of 1024 characters.

  • config: v1 disabled by default. v1 support remains available until October via flipping –v2-config-only=false.

  • config: v1 disabled by default. v1 support remains available until October via deprecated flag –allow-deprecated-v1-api.

  • config: fixed stat inconsistency between xDS and ADS implementation. update_failure stat is incremented in case of network failure and update_rejected stat is incremented in case of schema/validation error.

  • config: added a stat connected_state that indicates current connected state of Envoy with management server.

  • ext_authz: added support for configuring additional authorization headers to be sent from Envoy to the authorization service.

  • fault: added support for fractional percentages in FaultDelay and in FaultAbort.

  • grpc-json: added support for building HTTP response from google.api.HttpBody.

  • health check: added support for custom health check.

  • health check: added support for specifying jitter as a percentage.

  • health_check: added support for health check event logging.

  • health_check: added timestamp to the health check event definition.

  • health_check: added support for specifying custom request headers to HTTP health checker requests.

  • http: added support for a per-stream idle timeout. This applies at both connection manager and per-route granularity. The timeout defaults to 5 minutes; if you have other timeouts (e.g. connection idle timeout, upstream response per-retry) that are longer than this in duration, you may want to consider setting a non-default per-stream idle timeout.

  • http: added upstream_rq_completed counter for total requests completed to dynamic HTTP counters.

  • http: added downstream_rq_completed counter for total requests completed, including on a per-listener basis.

  • http: added generic Upgrade support.

  • http: better handling of HEAD requests. Now sending transfer-encoding: chunked rather than content-length: 0.

  • http: fixed missing support for appending to predefined inline headers, e.g. authorization, in features that interact with request and response headers, e.g. request_headers_to_add. For example, a request header authorization: token1 will appear as authorization: token1,token2, after having request_headers_to_add with authorization: token2 applied.

  • http: response filters not applied to early error paths such as http_parser generated 400s.

  • http: restrictions added to reject :-prefixed pseudo-headers in custom request headers.

  • http: hpack_table_size now controls dynamic table size of both: encoder and decoder.

  • http: added support for removing request headers using request_headers_to_remove.

  • http: added support for a delayed close timeout to mitigate race conditions when closing connections to downstream HTTP clients. The timeout defaults to 1 second.

  • jwt-authn filter: add support for per route JWT requirements.

  • listeners: added the ability to match FilterChain using destination_port and prefix_ranges.

  • lua: added connection() wrapper and ssl() API.

  • lua: added streamInfo() wrapper and protocol() API.

  • lua: added streamInfo():dynamicMetadata() API.

  • network: introduced sni_cluster network filter that forwards connections to the upstream cluster specified by the SNI value presented by the client during a TLS handshake.

  • proxy_protocol: added support for HAProxy Proxy Protocol v2 (AF_INET/AF_INET6 only).

  • ratelimit: added support for api/envoy/service/ratelimit/v2/rls.proto. Lyft’s reference implementation of the ratelimit service also supports the data-plane-api proto as of v1.1.0. Envoy can use either proto to send client requests to a ratelimit server with the use of the use_data_plane_proto boolean flag in the ratelimit configuration. Support for the legacy proto source/common/ratelimit/ratelimit.proto is deprecated and will be removed at the start of the 1.9.0 release cycle.

  • ratelimit: added failure_mode_deny option to control traffic flow in case of rate limit service error.

  • rbac config: added a principal_name field and removed the old name field to give more flexibility for matching certificate identity.

  • rbac network filter: a role-based access control network filter has been added.

  • rest-api: added ability to set the request timeout for REST API requests.

  • route checker: added v2 config support and removed support for v1 configs.

  • router: added ability to set request/response headers at the route.Route level.

  • stats: added option to configure the DogStatsD metric name prefix to DogStatsdSink.

  • tcp_proxy: added support for weighted clusters.

  • thrift_proxy: introduced thrift routing, moved configuration to correct location

  • thrift_proxy: introduced thrift configurable decoder filters

  • tls: implemented Secret Discovery Service.

  • tracing: added support for configuration of tracing sampling.

  • upstream: added configuration option to the subset load balancer to take locality weights into account when selecting a host from a subset.

  • upstream: require opt-in to use the x-envoy-original-dst-host header for overriding destination address when using the Original Destination load balancing policy.

Deprecated

  • Use of the v1 API (including *.deprecated_v1 fields in the v2 API) is deprecated. See envoy-announce email.

  • Use of the legacy ratelimit.proto is deprecated, in favor of the proto defined in date-plane-api Prior to 1.8.0, Envoy can use either proto to send client requests to a ratelimit server with the use of the use_data_plane_proto boolean flag in the ratelimit configuration. However, when using the deprecated client a warning is logged.

  • Use of the –v2-config-only flag.

  • Use of both use_websocket and websocket_config in route.proto is deprecated. Please use the new upgrade_configs in the HttpConnectionManager instead.

  • Use of the integer percent field in FaultDelay and in FaultAbort is deprecated in favor of the new FractionalPercent based percentage field.

  • Setting hosts via hosts field in Cluster is deprecated. Use load_assignment instead.

  • Use of response_headers_to_* and request_headers_to_add are deprecated at the RouteAction level. Please use the configuration options at the Route level.

  • Use of runtime in RouteMatch, found in route.proto. Set the runtime_fraction field instead.

  • Use of the string user field in Authenticated in rbac.proto is deprecated in favor of the new StringMatcher based principal_name field.