Commit Message: clear route cache when dynamic metadata is written because route matching can be done on the dynamic metadata
Risk Level: low, recently added in #30699
Testing: done
Docs Changes: none
Release Notes: none
Mirrored from https://github.com/envoyproxy/envoy @ 90929a0b8827b8132d0ae1d8790a380a9fa87c36
* internal redirects: Support passing headers from response to request
This adds a new (repeated) field in the internal redirect policy,
"response_headers_to_preserve". When set, the headers named there
will be copied from the response that triggers an internal redirect
into the request that follows.
This allows some limited information passing through the internal
redirect system.
The current system is faithful to the idea that internal redirects are
purely a latency optimization, and should behave similarly to if the
redirect had been passed to the downstream user-agent. This does
violate that idea.
Other proxies, such as Nginx, have a much more flexible way of
handling internal redirects that allows a fair bit of information
passing like this. This should allow implementations to adopt Envoy
that are using this kind of information passing, with reduced needs to
rearchitect.
Fixes: #30441Fixes: #16777
Signed-off-by: Ryan Anderson <ryan.anderson@snowflake.com>
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Switching loops to references
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Clarify that downstream filters will not run
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Use a vector of LowerCaseStrings
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Format fixes
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Fully qualify 'downstream_'
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Rename from ..._to_preserve to ..._to_copy
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Reject configs that specify HTTP/2 style headers or Host
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Fight with clang-tidy by hand
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Fixup bad doc references
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* punctuation
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* More doc fixups
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Add a small comment about request_headers_to_copy_
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Rip out the complicated header copying/restore logic and replace
This removes the existing specialized save/restore logic in favor of
just copying every header into another map, updating the original map
with the necessary changes, and then restoring the whole thing later on.
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Use copyFrom() instead of doing it by hand
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Return a reference instead of copying
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Deauto things
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* fight with clang-format
Signed-off-by: Ryan Anderson <ryan@michonline.com>
* Just use copyFrom()
Signed-off-by: Ryan Anderson <ryan@michonline.com>
---------
Signed-off-by: Ryan Anderson <ryan.anderson@snowflake.com>
Signed-off-by: Ryan Anderson <ryan@michonline.com>
Mirrored from https://github.com/envoyproxy/envoy @ 65bbace5fb0647ac6edc338c62cfc8fc69fda36e
* Implemented API and added code to handle strict routing to a host.
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
* Adjusted existing tests.
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
* Added unit and integration tests for header-based stateful session with strict mode.
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
* Added release notes.
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
* Fixed proto format.
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
* Fixed router's test.
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
* Fixed cluster manager test.
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
* Moved strict mode to stateful session API. It applies to cookie and header
based stateful sessions.
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
* refactored setUpstreamOverrideHost method.
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
* Pass parameter to setUpstreamOverrideHost as value.
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
* Formatting.
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
---------
Signed-off-by: Christoph Pakulski <christoph@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 62f4a14e35b4988dc62ebb51a070875fda59e1fe
Commit Message: proto: correct go_package of contrib
Additional Description:
This fixes up the go_package descriptor on contrib/ protos. I am not sure how the bazel protoc stuff works, but standard proto compiler seems trip up on this being incorrect, and generate invalid imports
Risk Level: Low
Testing: Manual
Mirrored from https://github.com/envoyproxy/envoy @ f97242a970eb6637b2aa8bba916f589672a1d190
Add access log options for UDP session access log to support flushing session access log periodically, and support flushing session access log on upstream tunnel connected when using UDP tunneling.
Additional Description:
Risk Level: low
Testing: unit tests, integration tests
Docs Changes:
Release Notes:
Platform Specific Features: None
Signed-off-by: Issa Abu Kalbein <iabukalbein@microsoft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1d4981bacacf33fdc5f60cfd56bede2802770a79
ConnectMatcher is now match CONNECT-UDP requests as well. I updated
the description of ConnectMatcher accordingly.
Signed-off-by: Jeongseok Son <jeongseok.son@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7f84968b32bf33f93fb48e5fcfc3e14fbea95301
allowed_upstream_headers_to_append appends to client request, not response.
Signed-off-by: spacewander <spacewanderlzx@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 86e608693d62d8bec8b1e52035202f7d5ebca7b2
Introduce the ability to send attributes in the External Processing Request
---------
Signed-off-by: Jacob Bohanon <jacob.bohanon@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ 64c6d04a5fb7b08624df6223f6ef08264b9604a5
bazel: fix incorrect version of `com_github_cncf_xds`
Signed-off-by: Sergii Tkachenko <sergiitk@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ab976b10bc527ce3549da9c36c61803490de629e
Add support for saving upstream response headers and trailers to downstream info
Risk Level: low
Testing: integration tests
Docs Changes: API
Signed-off-by: Issa Abu Kalbein <iabukalbein@microsoft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 876753ad28d6601b91c25b8af59db4f4737c84a5
e9ce688...523115e
- cel: add a description to the AST (cncf/xds#61)
- Bump bazel to 4.2.2 (cncf/xds#68)
- bazel: fix "missing strict dependencies" build issue (cncf/xds#72)
- bazel version updated from `4.2.2` to `6.3.2`
- `protoc-gen-validate` dependencies updated to match Envoy's
Signed-off-by: Sergii Tkachenko <sergiitk@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ b500165160ce60020ad55bf6b10c6d5cc0b5f54c
* rlqs: update and document failure mode behaviors
RLQS documentation updates intended to prevent memory exhaustion
caused by the number of tracked buckets.
- Changes the default behavior of unset
ExpiredAssignmentBehavior.expired_assignment_behavior_timeout from
"retain unlimited time" to "abandon immediately"
- Clarifies the retention policy for the buckets that never received
the initial assignment.
- Clarifies the implementation details for evicting buckets that
never received the initial assignment.
---------
Signed-off-by: Sergii Tkachenko <sergiitk@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 487f57ddc4a1d47828a5c8ceee91a08a879fc6dd
Make the cached grpc client eviction time configurable, and before it is fixed 50s.
Risk Level: Low
Testing:
Docs Changes:
Release Notes:
Platform Specific Features:
Signed-off-by: Boteng Yao <boteng@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 83c66e18e7a32c77cf084dc8bb797c84a3e84bec
The repo has been renamed from cncf/udpa to cncf/xds long time ago, this is just to reflect this in the bazel repo name.
Otherwise this is a noop.
Risk Level: Low
Testing: do_ci.sh
Signed-off-by: Sergii Tkachenko <sergiitk@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ f66bd34bf2060e71516456354202abb8ea23ba71
Signed-off-by: Adam Kotwasinski <adam.kotwasinski@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 70ba63a2e676f8676ab65840066729667c0af9bb
Add the ability to ext_authz that collect specified namespaces from route metadata, and propagate them to external auth service. #30252
The instruction of what namespace to select from route metadata, and the field in CheckRequest where the metadata context from route is filled are totally separate from those metadata context from connection or request.
Risk Level: Low
Testing: Unit tests
Signed-off-by: Yujian Zhao <zhaosukima@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6b78796398528e6d9d5c60c24ab1f54bdc57db8e
Envoy build with boringssl-fips is broken. #30001 introduces a patch to
remove BoringSSL-specific definition of BN_bn2lebinpad in ipp-crypto
library. It works for non-fips build but fips build fails with
declaration error, remove the patch for fips build.
Signed-off-by: LeiZhang <lei.a.zhang@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 29f6998d0751962eb1dd5ba628225564e998a42d
Signed-off-by: Adam Kotwasinski <adam.kotwasinski@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ c2630addb1ac2984531c07317af5f9dd882b2a01
Commit Message: Allow specifying resource detectors for the OpenTelemetry tracer via a new configuration resource_detectors. The resource detector reads from the env variable OTEL_RESOURCE_ATTRIBUTES which is defined by the OTel specification. The detector returns a resource object populated with the detected attributes, which is sent as part of the OTLP request.
Additional Description: This PR adds the "foundation" for building other resource detectors in Envoy. It is based on the OTel collector implementation. Users can configure multiple resource detectors, and they work together to "merge" all the detected attributes into a single resource object, which is then part of the OTLP message exported.
Risk Level: Low
Testing: Multiple unit tests, that cover all new code/scenarios. I also did manual testing, running Envoy locally with the OTel tracer + env resource detector enabled. Resource attributes detected from my environment is successfully exported as seen in the Jaeger screenshot.
resource-detectors-env-jaeger
Docs Changes: Not sure if I should add/where. Happy to do it.
Release Notes: N/A
Platform Specific Features: N/A
[Optional Runtime guard:] N/A
[Optional Fixes#28929]
Here is how the new config is used:
tracing:
provider:
name: envoy.tracers.opentelemetry
typed_config:
"@type": type.googleapis.com/envoy.config.trace.v3.OpenTelemetryConfig
grpc_service:
envoy_grpc:
cluster_name: opentelemetry_collector
timeout: 0.250s
service_name: envoy-gRPC-exporter
resource_detectors: # --> NEW CONFIG
- name: envoy.tracers.opentelemetry.resource_detectors.environment
typed_config:
"@type": type.googleapis.com/envoy.extensions.tracers.opentelemetry.resource_detectors.v3.EnvironmentResourceDetectorConfig
Signed-off-by: Joao Grassi <joao.grassi@dynatrace.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4eaa1f866164eee5d51e46406bcb31d8dec99bdd
API to address gaps with the downstream Istio filter to finish upstreaming.
Issue: #29681
Signed-off-by: Kuat Yessenov <kuat@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ e9366f2b34be537b1b30ed17a4fd75b4715b5990
* Add new idea for selecting hosts among those not selected yet.
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
* Change how we choose full table scan
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
* Remove cout
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
* Fix Tests for load_balancer_impl_test
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
* Fix format and make sure full scan happens only when selected or the number of choices is larger than the size.
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
* Enable new option on extesions api only
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
* Fix Integration tests.
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
* Add release notes for full scan in least request LB.
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
* Fix ref for release note.
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
* Fix release notes
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
* Update release note
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
---------
Signed-off-by: Leonardo da Mata <ldamata@spotify.com>
Signed-off-by: Leonardo da Mata <barroca@gmail.com>
Co-authored-by: Leonardo da Mata <ldamata@spotify.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3ea2bc40590c1a48f26e8297ae55d7a6d08083e9
update-envoy[bot]