1.19.0 (July 13, 2021)
Incompatible Behavior Changes
Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required
grpc_bridge_filter: the filter no longer collects grpc stats in favor of the existing grpc stats filter. The behavior can be reverted by changing runtime key
envoy.reloadable_features.grpc_bridge_stats_disabled
.tracing: update Apache SkyWalking tracer version to be compatible with 8.4.0 data collect protocol. This change will introduce incompatibility with SkyWalking 8.3.0.
Minor Behavior Changes
Changes that may cause incompatibilities for some users, but should not for most
access_log: added new access_log command operator
%REQUEST_TX_DURATION%
.access_log: removed extra quotes on metadata string values. This behavior can be temporarily reverted by setting
envoy.reloadable_features.unquote_log_string_values
to false.admission control: added max_rejection_probability which defaults to 80%, which means that the upper limit of the default rejection probability of the filter is changed from 100% to 80%.
aws_request_signing: requests are now buffered by default to compute signatures which include the payload hash, making the filter compatible with most AWS services. Previously, requests were never buffered, which only produced correct signatures for requests without a body, or for requests to S3, ES or Glacier, which used the literal string
UNSIGNED-PAYLOAD
. Buffering can be now be disabled in favor of using unsigned payloads with compatible services via the newuse_unsigned_payload
filter option (default false).cache filter: serve HEAD requests from cache.
cluster: added default value of 5 seconds for connect_timeout.
dns: changed apple resolver implementation to not reuse the UDS to the local DNS daemon.
dns cache: the new dns_query_timeout option has a default of 5s. See below for more information.
http: disable the integration between ExtensionWithMatcher and HTTP filters by default to reflect its experimental status. This feature can be enabled by setting
envoy.reloadable_features.experimental_matching_api
to true.http: replaced setting
envoy.reloadable_features.strict_1xx_and_204_response_headers
with settingsenvoy.reloadable_features.require_strict_1xx_and_204_response_headers
(require upstream 1xx or 204 responses to not have Transfer-Encoding or non-zero Content-Length headers) andenvoy.reloadable_features.send_strict_1xx_and_204_response_headers
(do not send 1xx or 204 responses with these headers). Both are true by default.http: stop sending the transfer-encoding header for 304. This behavior can be temporarily reverted by setting
envoy.reloadable_features.no_chunked_encoding_header_for_304
to false.http: the behavior of the
present_match
in route header matcher changed. The value ofpresent_match
was ignored in the past. The new behavior ispresent_match
is performed when the value is true. An absent match performed when the value is false. Please reference present_match.listener: respect the connection balance config defined within the listener where the sockets are redirected to. Clear that field to restore the previous behavior.
listener: when balancing across active listeners and wildcard matching is used, the behavior has been changed to return the listener that matches the IP family type associated with the listener’s socket address. Any unexpected behavioral changes can be reverted by setting runtime guard
envoy.reloadable_features.listener_wildcard_match_ip_family
to false.tcp: switched to the new connection pool by default. Any unexpected behavioral changes can be reverted by setting runtime guard
envoy.reloadable_features.new_tcp_connection_pool
to false.udp: limit each UDP listener to read maximum 6000 packets per event loop. This behavior can be temporarily reverted by setting
envoy.reloadable_features.udp_per_event_loop_read_limit
to false.
Bug Fixes
Changes expected to improve the state of the world and are unlikely to have negative effects
aws_lambda: if
payload_passthrough
is set tofalse
, the downstream response content-type header will now be set from the content-type entry in the JSON response’s headers map, if present.cluster: fixed the cluster stats histograms by moving the accounting into the router filter. This means that we now properly compute the number of bytes sent as well as handling retries which were previously ignored.
hot_restart: fix double counting of
server.seconds_until_first_ocsp_response_expiring
andserver.days_until_first_cert_expiring
during hot-restart. This stat was only incorrect until the parent process terminated.http: fix erroneous handling of invalid nghttp2 frames with the
NGHTTP2_ERR_REFUSED_STREAM
error. Prior to the fix, Envoy would close the entire connection when nghttp2 triggered the invalid frame callback for the said error. The fix will cause Envoy to terminate just the refused stream and retain the connection. This behavior can be temporarily reverted by setting theenvoy.reloadable_features.http2_consume_stream_refused_errors
runtime guard to false.http: port stripping now works for CONNECT requests, though the port will be restored if the CONNECT request is sent upstream. This behavior can be temporarily reverted by setting
envoy.reloadable_features.strip_port_from_connect
to false.jwt_authn: unauthorized responses now correctly include a www-authenticate header.
listener: fix a crash which could happen when a filter chain only listener update is followed by listener removal or a full listener update.
validation: fix an issue that causes TAP sockets to panic during config validation mode.
xray: fix the default sampling rate for AWS X-Ray tracer extension to be 5% as opposed to 50%.
zipkin: fix timestamp serialization in annotations. A prior bug fix exposed an issue with timestamps being serialized as strings.
Removed Config or Runtime
Normally occurs at the end of the deprecation period
event: removed
envoy.reloadable_features.activate_timers_next_event_loop
runtime guard and legacy code path.gzip: removed legacy HTTP Gzip filter and runtime guard
envoy.deprecated_features.allow_deprecated_gzip_http_filter
.http: removed
envoy.reloadable_features.allow_500_after_100
runtime guard and the legacy code path.http: removed
envoy.reloadable_features.always_apply_route_header_rules
runtime guard and legacy code path.http: removed
envoy.reloadable_features.hcm_stream_error_on_invalid_message
for disabling closing HTTP/1.1 connections on error. Connection-closing can still be disabled by setting the HTTP/1 configuration override_stream_error_on_invalid_http_message.http: removed
envoy.reloadable_features.http_set_copy_replace_all_headers
runtime guard and legacy code paths.http: removed
envoy.reloadable_features.overload_manager_disable_keepalive_drain_http2
; Envoy will now always send GOAWAY to HTTP2 downstreams when the disable_keepalive overload action is active.http: removed
envoy.reloadable_features.http_match_on_all_headers
runtime guard and legacy code paths.http: removed
envoy.reloadable_features.unify_grpc_handling
runtime guard and legacy code paths.tls: removed
envoy.reloadable_features.tls_use_io_handle_bio
runtime guard and legacy code path.
New Features
access_log: added the new response flag for overload manager termination. The response flag will be set when the http stream is terminated by overload manager.
admission control: added rps_threshold option that when average RPS of the sampling window is below this threshold, the filter will not throttle requests. Added max_rejection_probability option to set an upper limit on the probability of rejection.
bandwidth_limit: added new HTTP bandwidth limit filter.
bootstrap: added dns_resolution_config to aggregate all of the DNS resolver configuration in a single message. By setting
no_default_search_domain
to true the DNS resolver will not use the default search domains. By setting theresolvers
the external DNS servers to be used for external DNS queries can be specified.cluster: added dns_resolution_config to aggregate all of the DNS resolver configuration in a single message. By setting
no_default_search_domain
to true the DNS resolver will not use the default search domains.cluster: added host_rewrite_literal to WeightedCluster.
cluster: added wait_for_warm_on_init, which allows cluster readiness to not block on cluster warm-up. It is true by default, which preserves existing behavior. Currently, only applicable for DNS-based clusters.
composite filter: can now be used with filters that also add an access logger, such as the WASM filter.
config: added stat config_reload_time_ms.
connection_limit: added new Network connection limit filter.
crash support: restore crash context when continuing to processing requests or responses as a result of an asynchronous callback that invokes a filter directly. This is unlike the call stacks that go through the various network layers, to eventually reach the filter. For a concrete example see:
Envoy::Extensions::HttpFilters::Cache::CacheFilter::getHeaders
which posts a callback on the dispatcher that will invoke the filter directly.dns cache: added preresolve_hostnames option to the DNS cache config. This option allows hostnames to be preresolved into the cache upon cache creation. This might provide performance improvement, in the form of cache hits, for hostnames that are going to be resolved during steady state and are known at config load time.
dns cache: added dns_query_timeout option to the DNS cache config. This option allows explicitly controlling the timeout of underlying queries independently of the underlying DNS platform implementation. Coupled with success and failure retry policies the use of this timeout will lead to more deterministic DNS resolution times.
dns resolver: added
DnsResolverOptions
protobuf message to reconcile all of the DNS lookup option flags. By setting the configuration option use_tcp_for_dns_lookups as true we can make the underlying dns resolver library to make only TCP queries to the DNS servers and by setting the configuration option no_default_search_domain as true the DNS resolver library will not use the default search domains.dns resolver: added
DnsResolutionConfig
to combine dns_resolver_options and resolvers in a single protobuf message. The fieldresolvers
can be specified with a list of DNS resolver addresses. If specified, DNS client library will perform resolution via the underlying DNS resolvers. Otherwise, the default system resolvers (e.g., /etc/resolv.conf) will be used.dns_filter: added dns_resolution_config to aggregate all of the DNS resolver configuration in a single message. By setting the configuration option
use_tcp_for_dns_lookups
to true we can make dns filter’s external resolvers to answer queries using TCP only, by setting the configuration optionno_default_search_domain
as true the DNS resolver will not use the default search domains. And by setting the configurationresolvers
we can specify the external DNS servers to be used for external DNS query which replaces the pre-existing alpha api fieldupstream_resolvers
.dynamic_forward_proxy: added dns_resolution_config option to the DNS cache config in order to aggregate all of the DNS resolver configuration in a single message. By setting one such configuration option
no_default_search_domain
as true the DNS resolver will not use the default search domains. And by setting the configurationresolvers
we can specify the external DNS servers to be used for external DNS query instead of the system default resolvers.ext_authz_filter: added bootstrap_metadata_labels_key option to configure labels of destination service.
http: added new field
is_optional
toextensions.filters.network.http_connection_manager.v3.HttpFilter
. When set totrue
, unsupported http filters will be ignored by envoy. This is also same with unsupported http filter in the typed per filter config. For more information, please reference HttpFilter.http: added scheme options for adding or overwriting scheme.
http: added stripping trailing host dot from host header support.
http: added support for original IP detection extensions. Two initial extensions were added, the custom header extension and the xff extension.
http: added a new option to upstream HTTP/2 keepalive to send a PING ahead of a new stream if the connection has been idle for a sufficient duration.
http: added the ability to unescape slash sequences in the path. Requests with unescaped slashes can be proxied, rejected or redirected to the new unescaped path. By default this feature is disabled. The default behavior can be overridden through http_connection_manager.path_with_escaped_slashes_action runtime variable. This action can be selectively enabled for a portion of requests by setting the http_connection_manager.path_with_escaped_slashes_action_sampling runtime variable.
http: added upstream and downstream alpha HTTP/3 support! See quic_options for downstream and the new http3_protocol_options in http_protocol_options for upstream HTTP/3.
http: raise max configurable max_request_headers_kb limit to 8192 KiB (8MiB) from 96 KiB in http connection manager.
input matcher: added a new input matcher that matches an IP address against a list of CIDR ranges.
jwt_authn: added support to fetch remote jwks asynchronously specified by async_fetch.
jwt_authn: added support to add padding in the forwarded JWT payload specified by pad_forward_payload_header.
listener: added ability to change an existing listener’s address.
listener: added filter chain match support for direct source address.
local_rate_limit_filter: added suppoort for locally rate limiting http requests on a per connection basis. This can be enabled by setting the local_rate_limit_per_downstream_connection field to true.
metric service: added support for sending metric tags as labels. This can be enabled by setting the emit_tags_as_labels field to true.
proxy protocol: added support for generating the header while using the HTTP connection manager. This is done using the Proxy Protocol Transport Socket on upstream clusters. This feature is currently affected by a memory leak issue.
req_without_query: added access log formatter extension implementing command operator REQ_WITHOUT_QUERY to log the request path, while excluding the query string.
router: added option
suppress_grpc_request_failure_code_stats
to the router to allow users to exclude incrementing HTTP status code stats on gRPC requests.stats: added native Graphite-formatted tag support.
tcp: added support for preconnecting. Preconnecting is off by default, but recommended for clusters serving latency-sensitive traffic.
thrift_proxy: added per upstream metrics within the thrift router for request and response size histograms.
thrift_proxy: added support for outlier detection.
tls: allow dual ECDSA/RSA certs via SDS. Previously, SDS only supported a single certificate per context, and dual cert was only supported via non-SDS.
tracing: add option use_request_id_for_trace_sampling which allows configuring whether to perform sampling based on x-request-id or not.
udp_proxy: added key as another hash policy to support hash based routing on any given key.
windows container image: added user, EnvoyUser which is part of the Network Configuration Operators group to the container image.
Deprecated
bootstrap: the field use_tcp_for_dns_lookups is deprecated in favor of dns_resolution_config which aggregates all of the DNS resolver configuration in a single message.
cluster: the fields use_tcp_for_dns_lookups and dns_resolvers are deprecated in favor of dns_resolution_config which aggregates all of the DNS resolver configuration in a single message.
dns_filter: the field known_suffixes is deprecated. The internal data management of the filter has changed and the filter no longer uses the known_suffixes field.
dynamic_forward_proxy: the field use_tcp_for_dns_lookups is deprecated in favor of dns_resolution_config which aggregates all of the DNS resolver configuration in a single message.
http: xff_num_trusted_hops is deprecated in favor of original IP detection extensions.