Adds the API for an additional EDS indirection that allows endpoints to
specified outside the LB structure. This opens up for being able to
reference the same endpoint multiple times in a single CLA.
Risk Level: Low, only API changes for now
Testing: n/a
Docs Changes: n/a
Release Notes: n/a
#4280
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ b49e37989160913e91a42824c91b664de82e7a05
Add support of Any as opaque config for extensions. Deprecates Struct configs. Fixes#4475.
Risk Level: Low
Testing: CI
Docs Changes: Added.
Release Notes: Added.
Signed-off-by: Lizan Zhou <lizan@tetrate.io>
Mirrored from https://github.com/envoyproxy/envoy @ 851f591f4ed84594e5e5041e7ada4167a4f3a273
Adds a filter that allows converting a gRPC request into an HTTP/1.1
request with a custom content-type. Allows a vanilla HTTP/1.1 upstream
to handle incoming requests by reading and responding with protobuf
messages in binary octet format.
For now this shields the upstream from any gRPC association: the filter
removes the gRPC specific message prefix and manages the conversion of
the HTTP status code into grpc-status.
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ a97e138ffc58c13dc5be277b877c6a5949083023
* api: add proto options for java
* add ci for checking proto options
Signed-off-by: Penn (Dapeng) Zhang <zdapeng@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 02659d411332e9f20d229f482931c15304ea17fd
No functional changes.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 58bf369ab877058f7ee24d1ed9212b26a7f04c41
This allows a host to be marked as degraded by having x-envoy-degraded
returned from the HTTP active health checking response.
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7b6d7a2706ac5290e5e87535c23c11def49275db
Description: The new request_timeout in http connection manager covers the filter chain.
Risk Level: N/A
Fixes#4830
Signed-off-by: Auni Ahsan <auni@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 92e932a9a26ca178ad77a8e3616fadd57d3f807d
Part of #2456
Signed-off-by: Emil Mikulic <g-easy@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4b475977f649c3614371940a819611f7d17e3a4e
This allows setting a default value for a mirroring policy.
Fixes#5273
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 85b6a7c5ffe1bc4d41d2170ed0c59474c9ca97f2
This reverts commit 36db7761cc963a7790eb31eb7bccd7cfb248146c.
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 553c21b796f9dd7b3d1ae01cdfc4bebdd3b28338
This PR wraps up #1319. The patch enables multiple TLS certificate
ingest for downstream TLS contexts, adds related unit and integration
tests, docs and release notes.
Risk Level: Low
Testing: Additional unit and integration tests. To avoid combinatorial
explosion, we validate mixed TLS v1.2/1.3 behavior in
ssl_integration_test only, and have more targeted certificate
selection tests in ssl_socket_Test.
Docs Changes: Added to architectural overview of TLS support.
Fixes#1319.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ fdb08806dc3d42bd3e3f9d467e526359689996af
Plumbs through the value set for the overprovisioning factor for
STATIC/STRICT_DNS. Previously these values would be ignored.
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 25b143c9813671c320561f8b0b8b31d7e0a3dac4
This change allows user to configure custom authority headers to be
sent with gRPC health checks. It defaults to the name of the cluster,
thus maintaining backward compatibility.
Signed-off-by: Yuan Liu <yuan@stripe.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6af566f536fe03afed2823622fad075a73d7e385
This adds support for password encrypted private keys. The password is
to be supplied as a regular data source in the TlsCertificate
configuration.
Signed-off-by: Venil Noronha <veniln@vmware.com>
Mirrored from https://github.com/envoyproxy/envoy @ 94eb347914fc5812ee35c1c2a66c1784579bfb87
This identifies downstream disconnects from within the HTTP Connection
Manager and eventually echoes it out via the access log.
Signed-off-by: Venil Noronha <veniln@vmware.com>
Mirrored from https://github.com/envoyproxy/envoy @ 988f7d81f973e17c76db3f900cf145c371d6e8b3
Move the hard-coded 15s timeout in TLS inspector into
the connection handler such that it covers all listener
filters. Also make it configurable as well as add useful
stats to see how many connections are currently undergoing
listener filter processing.
Fixes https://github.com/envoyproxy/envoy/issues/5217
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ e96425aabcce10ab2030de66f69cbb20a867322f
This adds the host's weight to the `/clusters?format=json` response.
Signed-off-by: Venil Noronha <veniln@vmware.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9039f24198c35939af411c4102fe64b9aba7d6b1
Description: This field is used to carry opaque and implementation
dependent information of the upstream endpoints. The information may
be used by management server for debugging purposes.
Example: Consider a requirement of per 'user' load stastics for
debugging. Envoy will embed user info into the metadata field for
every upstream endpoint it sends load to. This user information will
be used by management server for debugging.
Sample message:
message ClusterStats {
cluster_name = ...
message UpstreamLocalityStats {
locality = ...
message UpstreamEndpointStats {
address = "endpoint1"
metadata = { "user" : "alice"}
...
}
message UpstreamEndpointStats {
address = "endpoint1"
metadata = { "user" : "bob"}
...
}
message UpstreamEndpointStats {
address = "endpoint2"
metadata = { "user" : "alice"}
...
}
message UpstreamEndpointStats {
address = "endpoint3"
metadata = { "user" : "bob"}
...
}
}
}
Risk Level: Low
Testing: Compiles successfully.
Signed-off-by: Karthik Reddy <rekarthik@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8d8cb4a7c63b74633b0b459af9104143b13f657f
Signed-off-by: Daniel Hochman <danielhochman@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9388c05db87ddaf1c2afe45d9b72ec4d8601f380
Add filter chain match for source_type. Possible options are
ANY (default)
LOCAL
EXTERNAL
This allows for explicitly specifying local connectivity detection, which is needed in specific use cases.
Risk Level: Low
Docs Changes: Inline proto comments
Related to #4535.
Signed-off-by: Nikolay Nikolaev <nnikolay@vmware.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2c764e7de2666e256c286d76f3db23a3c0f670e7
This PR starts to plumb multiple TLS certs from the proto level into the SSL context. We stop short
of enabling multiple TLS certificates, but instead have sufficient mechanism and interface changes
to propagate them to the SSL context. Future PRs will extend this with the SSL context
implementation.
Risk Level: Low
Testing: bazel test //test/...
Part of #1319.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9d1d959c5e8fc8e02754ea28e6cba9f7b1e3d1fc
Allowing the HCM upgrades to be on or off by default, and adding per-route overrides to turn it off or on.
Risk Level: Medium (refactors existing code)
Testing: new unit and e2e tests
Docs Changes: proto docs
Release Notes: inline
Fixes#4921
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ d72eaaf6d1905f7d478ab80cc7163684fc271fd9
Description: Allow envoy to proxy metadata in responses.
Risk Level: Low. Not used.
Testing: Integration test. (Unit tests will be added with filters)
Docs Changes: inline
Release Notes: n/a
Part of #2394
Signed-off-by: Yang Song <yasong@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ b6ff832b9159fad4aef3e93d6243753f9427494c
Adds an option that allows smoothing out the locality weights when used
with subset lb: weights are scaled by the number of hosts that were
removed due to the subset filter. This allows for less of a step
function when a small number of hosts in a locality are updated to be
included in the subset.
Fixes#4837
Signed-off-by: Snow Pettersen snowp@squareup.com
Risk Level: Low, new optional feature
Testing: UTs
Docs Changes: Inline in protos
Release Notes: added release note
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ b094017026ce57d52762513bd5c0f774da0fc39e