Introduce new optional configuration parameter initial_fetch_timeout to ConfigSource proto.
This parameter can be used to limit time Envoy spend on initialization of CDS, LDS and RDS.
Enabling this timeout prevents Envoy from being stuck in PRE_INITIALIZING or INITIALIZING phase, as described in #5862.
Risk Level: Low (optional feature, disabled by default)
Testing: manual testing, unit tests
Docs Changes: add new parameter initial_fetch_timeout to ConfigSource proto
Release Notes: Added
Fixes#5862
Signed-off-by: Marcin Falkowski <marcin.falkowski@allegro.pl>
Mirrored from https://github.com/envoyproxy/envoy @ 06576443805cc651a8b404da995aa26f9a8720f5
Using proto.MarshalAny results in unstable output due to non-deterministic map ordering. This in turn causes Envoy's diff to reload a config since the hash of the structure changes.
Enable stable marshaler for gogoproto to avoid this problem. See #6252
Risk Level: low
Testing: n/a
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 15a19b9cb1cc8bd5a5ec71d125177b3f6c9a3cf5
Description: Code for Envoy to speak delta CDS with a management server. DELTA_GRPC added to config_source.proto's ApiTypes, to allow bootstrap configs to ask for incremental xDS.
Part of #4991. Was #5466; giving up on broken DCO craziness.
Risk Level: medium
Testing: new integration test
Signed-off-by: Fred Douglas <fredlas@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8116b6ddb53409c3cea6f55fb00367aa43d7e845
We use the default subset as our fallback policy. However, if there's
a problem with our metadata it's possible for the default subset
to become empty. In this case, we'd like any host to be selected.
This change adds a panic_mode_any boolean option to LbSubsetConfig
to enable this behavior.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 718682f22bdb548624df076813208660fb928188
Users can now choose between buffered tapping (simpler) and
streaming tapping (more flexible but harder to work with).
Streaming tapping for the transport socket will be added in a
follow-up.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ e2e4baaa85a98b14f2bee6ea5aa16dd79cb832d4
This PR replaces deprecated HTTP links by HTTPS links for security and consistency.
Signed-off-by: Vu Cong Tuan <tuanvc@vn.fujitsu.com>
Mirrored from https://github.com/envoyproxy/envoy @ b47112f62b5186bb087bdf335f6df6fb072e2a46
Fixes oss-fuzz issue https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=13327
For ring hash lb, move all configuration parsing from Ring's ctor to the LB's ctor, where it's safe to throw exceptions from. Also, re-add proto field constraints to guard against extreme inputs from clusterfuzz and other actors of questionable intent.
Risk Level: Low
Testing: Added clusterfuzz testcase; existing tests still pass.
Signed-off-by: Dan Rosen <mergeconflict@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 99696cda3336af26fe0b048d91e0d6eb279bb81c
This new field gives LRS management server the extra info that two clusters may be using the same set of hosts to serve, and it's the management server's call whether to aggregate on the clusterStats.
Risk Level: LOW (new field)
Testing: unit test
Fixes#5986
Signed-off-by: Xin Zhuang <stevenzzz@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ f5bb174c5f2f598df497cec04b0e144af9612570
Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com>
Signed-off-by: Kim Bao Long <longkb@vn.fujitsu.com>
Mirrored from https://github.com/envoyproxy/envoy @ 445fdd01ad460a2af28870d65caaa75b5b8922b5
Currently, when we access **httpwg.org** with **HTTP**, it is
redirected to **HTTPS** automatically. So this commit aims to
replace **http://httpwg.org** by **https://httpwg.org** for security.
Co-Authored-By: Nguyen Phuong An <AnNP@vn.fujitsu.com>
Signed-off-by: Kim Bao Long <longkb@vn.fujitsu.com>
Mirrored from https://github.com/envoyproxy/envoy @ 81cce2e2634bcf609663a25967cdc9da39f0e7ea
This adds a new message HedgePolicy which is a field in VirtualHost and
RouteAction similar to RetryPolicy. The configuration is plumbed through
to the various classes but not used to affect behavior yet.
Signed-off-by: Michael Puncel <mpuncel@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 68afa63800e15e07329e116becaf59b71e02e618
Adds a DEGRADED HealthStatus value that can be set on a host through
LoadAssignment, allowing for a host to be marked degraded without
the need for active health checking.
Moves the mapping of EDS flag to health flag to inside
`registerHostForPriority`, which means that we're now consistently setting
the EDS health flag for EDS/STATIC/STRICT_DNS/LOGICAL_DNS.
Simplifies the check for whether the health flag value of a host has
changed during EDS updates.
Adds tests for the EDS mapping as well as tests to verify that we're
honoring the EDS flag for non-EDS cluster types.
Risk Level: High, substantial refactoring of how we determine whether health flag has changed.
Testing: UTs coverage for new health flag values.
Docs Changes: n/a
Release Notes: n/a
Fixes#5637#5063
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8c6bf40042543713eb7493e0d4ff29b312c78772
This PR adds API support required for #5770 . Once #5844 lands, I will output it using the text stat.
Risk Level: Low
Testing: N/A
Signed-off-by: Rama Chavali <rama.rao@salesforce.com>
Mirrored from https://github.com/envoyproxy/envoy @ 28fbbaa76026f52412c2550ff78664ca79c35487
Allows both upstream-driven and filter-controlled internal redirects, basically rerunning the whole filter chain for a new stream.
The current implementation is limited to requests-sans-bodies and complete-requests, and num-redirects = 1, but could be fairly easily extended (probably in a follow-up) to remove any of these restrictions.
I do need to add more unit tests here, but I want to make sure we're happy both the validation we're doing and where we do it. For example while this implementation forces N=1 for upstream internal redirects it allows filters to impose their own separate limits and allows them to screw up w.r.t. redirect loops. We could globally enforce by disallowing recreateStream if is_internally_created_ true but I could imagine wanting different limits for a filter redirect than an external redirect so am mildly inclined to allow filters to enforce on their own with internal checks as the router filter does.
TODO(alyssawilk) in a follow-up before killing off the initial stream, pass it the original StreamInfo and copy relevant fields (downstream timing info etc.)
Risk Level: Medium (some refactors of existing code, new high risk code paths well guarded)
Testing: E2E tests. E_INSUFFICIENT_UNIT_TESTS
Docs Changes: inline
Release Notes: yep.
Part of #3250
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ bbf5674c2c9a901ec4e964e4dd1d845516e672b2
Adds the API for an additional EDS indirection that allows endpoints to
specified outside the LB structure. This opens up for being able to
reference the same endpoint multiple times in a single CLA.
Risk Level: Low, only API changes for now
Testing: n/a
Docs Changes: n/a
Release Notes: n/a
#4280
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ b49e37989160913e91a42824c91b664de82e7a05
Add support of Any as opaque config for extensions. Deprecates Struct configs. Fixes#4475.
Risk Level: Low
Testing: CI
Docs Changes: Added.
Release Notes: Added.
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 851f591f4ed84594e5e5041e7ada4167a4f3a273
* api: add proto options for java
* add ci for checking proto options
Signed-off-by: Penn (Dapeng) Zhang <zdapeng@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 02659d411332e9f20d229f482931c15304ea17fd
No functional changes.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 58bf369ab877058f7ee24d1ed9212b26a7f04c41
This allows setting a default value for a mirroring policy.
Fixes#5273
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 85b6a7c5ffe1bc4d41d2170ed0c59474c9ca97f2
This reverts commit 36db7761cc963a7790eb31eb7bccd7cfb248146c.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 553c21b796f9dd7b3d1ae01cdfc4bebdd3b28338
This PR wraps up #1319. The patch enables multiple TLS certificate
ingest for downstream TLS contexts, adds related unit and integration
tests, docs and release notes.
Risk Level: Low
Testing: Additional unit and integration tests. To avoid combinatorial
explosion, we validate mixed TLS v1.2/1.3 behavior in
ssl_integration_test only, and have more targeted certificate
selection tests in ssl_socket_Test.
Docs Changes: Added to architectural overview of TLS support.
Fixes#1319.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ fdb08806dc3d42bd3e3f9d467e526359689996af
Plumbs through the value set for the overprovisioning factor for
STATIC/STRICT_DNS. Previously these values would be ignored.
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 25b143c9813671c320561f8b0b8b31d7e0a3dac4
This change allows user to configure custom authority headers to be
sent with gRPC health checks. It defaults to the name of the cluster,
thus maintaining backward compatibility.
Signed-off-by: Yuan Liu <yuan@stripe.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6af566f536fe03afed2823622fad075a73d7e385
This adds support for password encrypted private keys. The password is
to be supplied as a regular data source in the TlsCertificate
configuration.
Signed-off-by: Venil Noronha <veniln@vmware.com>
Mirrored from https://github.com/envoyproxy/envoy @ 94eb347914fc5812ee35c1c2a66c1784579bfb87
Move the hard-coded 15s timeout in TLS inspector into
the connection handler such that it covers all listener
filters. Also make it configurable as well as add useful
stats to see how many connections are currently undergoing
listener filter processing.
Fixes https://github.com/envoyproxy/envoy/issues/5217
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ e96425aabcce10ab2030de66f69cbb20a867322f
Description: This field is used to carry opaque and implementation
dependent information of the upstream endpoints. The information may
be used by management server for debugging purposes.
Example: Consider a requirement of per 'user' load stastics for
debugging. Envoy will embed user info into the metadata field for
every upstream endpoint it sends load to. This user information will
be used by management server for debugging.
Sample message:
message ClusterStats {
cluster_name = ...
message UpstreamLocalityStats {
locality = ...
message UpstreamEndpointStats {
address = "endpoint1"
metadata = { "user" : "alice"}
...
}
message UpstreamEndpointStats {
address = "endpoint1"
metadata = { "user" : "bob"}
...
}
message UpstreamEndpointStats {
address = "endpoint2"
metadata = { "user" : "alice"}
...
}
message UpstreamEndpointStats {
address = "endpoint3"
metadata = { "user" : "bob"}
...
}
}
}
Risk Level: Low
Testing: Compiles successfully.
Signed-off-by: Karthik Reddy <rekarthik@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8d8cb4a7c63b74633b0b459af9104143b13f657f
Signed-off-by: Daniel Hochman <danielhochman@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9388c05db87ddaf1c2afe45d9b72ec4d8601f380
Add filter chain match for source_type. Possible options are
ANY (default)
LOCAL
EXTERNAL
This allows for explicitly specifying local connectivity detection, which is needed in specific use cases.
Risk Level: Low
Docs Changes: Inline proto comments
Related to #4535.
Signed-off-by: Nikolay Nikolaev <nnikolay@vmware.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2c764e7de2666e256c286d76f3db23a3c0f670e7
This PR starts to plumb multiple TLS certs from the proto level into the SSL context. We stop short
of enabling multiple TLS certificates, but instead have sufficient mechanism and interface changes
to propagate them to the SSL context. Future PRs will extend this with the SSL context
implementation.
Risk Level: Low
Testing: bazel test //test/...
Part of #1319.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9d1d959c5e8fc8e02754ea28e6cba9f7b1e3d1fc