For xDS over the file system, sometimes more control is required over
what directory/file is watched for symbolic link swaps. Specifically,
in order to deliver xDS over a Kubernetes ConfigMap, this extra
configuration is required.
Fixes https://github.com/envoyproxy/envoy/issues/10979
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8670309bce9a488ccfc04a87d0c4367ca59c4179
* [API] Add new field that enables providing the random value through
configuration.
Signed-off-by: Tianyu Xia <tyxia@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5ef1b2f6d73d34f4d3ae7eb15b506342f03f60e3
Replace code in mutation_utils.cc with code that calls into the new
mutation_rules library. Add the ability to keep a counter of failed
header mutations, and also add the ability for an invalid mutation
to cause the HTTP request to fail.
Signed-off-by: Gregory Brail <gregbrail@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1bea8aea1590ffab5bb185d32232f9bf265e6b1e
([cluster] Use alt_stat_name for general observability purposes (access log, tracing, admin)),
which introduced a runtime guarded feature, which has been enabled by default for 6 months, so remove
the old code path.
Risk Level: Low
Testing: n/a
Docs Changes: updated
Release Notes: Deprecate envoy.reloadable_features.use_observable_cluster_name.
Platform Specific Features: n/a
Signed-off-by: Loong <loong.dai@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 198ae65234223f48cbe2284eb145e16598593963
Allowing auto_http to assume some domains support HTTP/3 without trying TCP first.
Risk Level: low
Testing: unit test
Docs Changes: API docs
Release Notes: not yet
Fixes#19427
An error occurred
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 7c60c855ba9e1264604ff5e8b7809d99589de03e
This protobuf will be used initialy by the ext_proc filter to control
which headers may be changed by an external processing server.
This begins to address #14789
An error occurred
.
If the proto and the location are OK, I'll go on to add a common library to test a proposed header mutation against these rules and then incorporate them into the ext_proc filter.
The eventual result is that, by default, an external processor for ext_proc will be able to modify any header, but there will be controls that an administrator can use when connecting to a processor to control whether that processor is actually allowed to make all possible changes.
Risk Level: Low -- just the proto for now
Signed-off-by: Gregory Brail <gregbrail@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ a3e50ecd88943536b4ce412c172a246dacb6288a
Normalize QuicProtocolOptions::idle_timout and crypto_handshake_timeout to 1ms and 5s respectively if they are configured smaller than those.
Signed-off-by: Dan Zhang <danzh@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 199d2f555161cec38b879ad9ca50e3027ff52541
* Fix whitespace typo in transcoder documentation.
The documentation for `convert_grpc_status` had two leading spaces in the text
following a code block, causing the text to be rendered as part of the code block.
* Remove whitespace from transcoder.proto.
Signed-off-by: Pras Velagapudi <psigen@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ e9f36d2c49a3c9176340303b44ef593bd0b78c35
Return 1xx HTTP status by the direct response isn't valid use-case, so refuse the 1xx status from direct response directly.
Risk Level: low
Testing: n/a
Docs Changes: n/a
Release Notes: add note for minor behavior change.
Fixes#19159
Add a new build option enabling support for Perfetto SDK which can be used to trace Envoy code paths.
Risk Level: low
Testing: manual
Docs Changes: add notes to bazel/PPROF.md
Release Notes: updated current.rst
Platform Specific Features: n/a
Fixes#16988
An error occurred
Signed-off-by: Dmitry Rozhkov <dmitry.rozhkov@intel.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4c76813087c07171996d2cd8a9c591604b9124d8
This PR establishes the ability to filter access log production via CEL expressions over the set of Envoy attributes. This can simply the creation of Envoy access log filters, allowing complex tailoring.
Risk Level: low
Testing: unit
Docs Changes: included
Release Notes: updated
Signed-off-by: Douglas Reid <douglas-reid@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ 77ca6cc0d9aaf0892aec3e2025fe2ad7cf0c39ff
Risk Level: Low
Testing: new integration test
Docs Changes: made API more clear when requests count as connections :-/
Release Notes: inline
Fixes#19033
An error occurred
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 2bf847854610db8bc5a44ef3046fcc8f3a23518e
If, for a request, the host/authority header is changed when the
request is proxied, set the x-forwarded-host header as:
x-forwarded-host = append(x-forwarded-host, host)
Risk Level: Low
Testing: unit test and manual testing
Docs Changes:
Added x-forwarded-host header in HTTP header manipulation
(configuration/http/http_conn_man/headers).
Under the host_rewrite options in route_components.proto
(in v3), added that when host is rewritten, the XFH header is
appended with the original value of host header if append_x_forwarded_host
option is set.
Release Notes: router: added support for x-forwarded-host header.
Platform Specific Features: N/A
Fixes#5940
An error occurred
Signed-off-by: Arun Olappamanna Vasudevan <arun.vasudev@nutanix.com>
Mirrored from https://github.com/envoyproxy/envoy @ 91c2e6ba81f6892e4ab132f934d9f6179a50bbc2
This should reduce the binary size, which is particularly important for Envoy Mobile. Looking at a
local opt build with debug symbols, I'm seeing a drop from ~400MB to ~380MB, so maybe 5% saving. @Reflejo indicates that optimized Envoy Mobile without symbols is observing ~20% improvement.
Related to #10943
An error occurred
Risk level: Low
Testing: bazel query deps to confirm no more v2 API deps.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 53fca618e47702f6c8dbc323db9bd39d15725457
Adds a new variant to type.v3.HashPolicy to generate a hash from an object in FilterState. This implementation mirrors what already exists for HTTP filters (see RouteAction.HashPolicy.FilterState), and is usable by network filters such as TcpProxy.
Risk Level: low
Testing: updated tests in tcp_proxy:config_test
Docs Changes: N/A
Release Notes: added an entry under tcp
Platform Specific Features: N/A
Signed-off-by: Dan Rosen <mergeconflict@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 38739c32b39da483782fa18dc5a5aa77cee677ab
This change updates Envoy to consider the load balancing configuration
set in load_balancing_policy, regardless of what is set in lb_policy.
Previously the load_balancing_policy field was only considered if lb_policy
was set to LOAD_BALANCING_POLICY_CONFIG.
Going forward the approach is to only use the load_balancing_policy field
and the extensible configuration mechanism it provides to configure
all load balancing policies, which makes lb_policy deprecated.
This change still preserves backward compatibility, allowing old clients
to continue using the lb_policy field and new ones to switch to just
considering load_balancing_policy.
Commit Message: Prefer the load_balancing_policy cluster field over lb_policy
Additional Description: This change updates Envoy to consider the load
balancing configuration set in load_balancing_policy, regardless of what
is set in lb_policy.
Risk Level: Low
Testing: New unit tests for upstream_impl.cc
Docs Changes: Documentation to follow once consensus on this
change is reached.
Release Notes: Not currently user impacting as backward compatibility
is maintained.
Platform Specific Features: None.
Signed-off-by: Terry Wilson <tmwilson@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ bc641dbb9157460b346fa0d3ef387f05e5ce9881
keepalive probing can be configured in envoy.config.core.v3.QuicProtocolOptions for upstream and downstream. If absent, use the QUICHE default behavior which sends PING frame every 15s on client side and no-op on server side.
Fixes#16751
Add support to DataSource to read data from environment variables.
Risk Level: Low
Testing: Unit test for well-known environment variable, no environment variable, and empty environment variable.
Docs Changes: N/A
Release Notes: config: added environment_variable to the DataSource.
Platform Specific Features: N/A
Fixes#18277
An error occurred
Signed-off-by: Anthony Rossi <anrossi@microsoft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5d4a457615cf19294dc077b1f7123c480ffdaa94
Support an inline RouteConfiguration in ScopedRouteConfiguration.
This change enables fully inlined scoped route configuration by
allowing users to specify an inline `RouteConfiguration` in the scope's
config, as opposed to requiring a `route_configuration_name` to use for
an RDS subscription.
Signed-off-by: Andres Guedez <aguedez@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ cbc05d480cc24fc96bbbbd476cc31b25402d6777
Commit Message: upstream: support max connection duration for upstream connections
Risk Level: low, isolated opt-in feature
Testing: new unit tests
Docs Changes: updated protobuf definition to no longer mention that max lifetime is not implemented for upstream connections
Release Notes: upstream: support max connection duration for upstream connections
Platform Specific Features:
Fixes#15107
An error occurred
Signed-off-by: John Esmet <john.esmet@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 9a4a861a6b22959205fb70454bcdf238e3ebd4f9
Adds support for using the matching API in the route table. This wires up using the generic match as part of a virtual host, making it possible to define a match tree that results in Route actions that reuses the same routing actions currently in use by the router.
Signed-off-by: Snow Pettersen <snowp@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 94d00135bd9f0f7701c89c7a9220691e51068aec
This PR currently only implements query string modifications when using a gRPC authorization server.
Signed-off-by: John Esmet <john.esmet@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ c42a018d332920f3e523f1a0409b6056bd805853
Adds a new API field for http health checks that allows specifying ranges of status codes that are considered retriable. If these status codes are received, those failures will contribute towards the configured unhealthy threshold rather that immediately considering the cluster member unhealthy as is the case today.
Signed-off-by: Weston Carlson <wez470@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 42f9fc3b000fbc01fa5d500cc071f477bebaa638
grpc_json envoy filter adds a new field 'query_param_unescape_plus` to enable the support of converting "+" to space in query parameters.
The actual unescape code is implemented in grpc-httpjson-transcoding.
Risk Level: None
Testing: integration tests
Docs Changes: None
Release Notes: Yes
Signed-off-by: Wayne Zhang <qiwzhang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1ba355b5e9f00cda595d5b52e3390d473fa5ecce
Based on the dicsussion in the issue https://github.com/envoyproxy/envoy/issues/17410, this PR adds
implementation for ability to add rbac policy to filter upstream ip addresses for dynamically
resolved domains (by dynamic proxy filter).
Signed-off-by: Jojy George Varghese <jojy_varghese@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 53f95570a7e9d7fa5414a4bc145852524fa017ed
This is a first step towards https://github.com/envoyproxy/envoy/issues/17920
A single proto (kafka mesh) has been swapped from using the udpa
file_status annotation to the xds file_status annotation to avoid a
large amount of churn and a forthcoming migration of many alpha/wip
protos to non alpha/wip. The rest will be audited and swapped in
future PRs. This single one was done to make sure the doc machinary
works properly.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ f0f17a3caa75106a9e28b99edc27dd09c1bed488
This PR adds some more description around max_connection_duration in the Timeout FAQs.
Commit Message: add more description for max_connection_duration in timeout faqs.
Additional Description: -
Risk Level: N/A
Testing: N/A
Docs Changes: Added some more description around max_connection_duration in the Timeout FAQs.
Release Notes: N/A
Platform Specific Features: N/A
Signed-off-by: Rohit Agrawal <rohit.agrawal@databricks.com>
Mirrored from https://github.com/envoyproxy/envoy @ 2e8efdefef86f7749aee3ca30d0752218a07ca8a
Risk Level: low
Testing: new unit tests. integration test TODO in a follow up
Docs Changes: n/a
Release Notes: will land with integration test.
Fixes#18034
An error occurred
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 7f63632be6b08193550041c4069e63f557b16c5d
This was built for Envoy Mobile, but will allow generic modification
of router behavior between retries. Currently it only supports modifying
upstream socket options (to in practice impact interface binding), but
in the future is likely to be extended to modify timeouts, retry back
off times, request headers, etc.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5b1015cffbf6e02a7ccec9c12a6b7f246f8f3d30