The existing RestApiFetcher implementation used a hard-coded request
timeout of 1s which wouldn't suit all environments. This commit enables
the configuration of request timeout in the RestApiFetcher.
Signed-off-by: Venil Noronha <veniln@vmware.com>
Mirrored from https://github.com/envoyproxy/envoy @ a3364380ae8dbfac692977f3d5a846b7498eb4ba
This change introduces a new configuration parameter for clusters,
`time_between_updates`.
If this is set, all cluster updates — membership changes, metadata
changes on endpoints, or healtcheck state changes — that happen
within a `time_between_updates` duration will be merged and delivered
at once when the duration ends.
This is useful for big clusters (> 1k endpoints) using the subset LB.
Partially addresses https://github.com/envoyproxy/envoy/issues/3929.
Signed-off-by: Raul Gutierrez Segales <rgs@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 62441f9fe2933d4846cfc3d166e52a9178be755f
The issue is due to on the crash of Envoy::Network::Utility::getAddressWithPort because of the invalid port_value. Added max constraint validate rule to the port_value field.
Risk Level: Low
Testing: Tested unit tests (bazel test //test/server/config_validation:config_fuzz_test), built and ran fuzzers with oss-fuzz.
Signed-off-by: Anirudh M <m.anirudh18@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7d61b00171fb3cc349a9d834dafdf10f0c70adda
Minor fixups for the xDS protocol documentation.
Signed-off-by: Nick Travers <n.e.travers@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ ed131cfa9d3065872d5c880d8514ffa0bb39ec5d
As discussed in Slack, these should have been under api/config/filter/network
to begin with. Added a note to the style doc to make this clear in the
future.
*Risk level*: low (rename only)
*Testing*: existing tests suffice
*Doc Changes*: n/a
*Release Notes*: updated
Signed-off-by: Stephan Zuercher <stephan@turbinelabs.io>
Mirrored from https://github.com/envoyproxy/envoy @ 1dfde38343e7dfafe2c9f211229109bb22491257
Provides a very basic thrift router that can route to clusters
based on method name only. A Thrift DecoderFilter interface is
introduced, but the only available filter is the Router. The
Network filter and router are capable of translating transports
and protocols but presently cannot be configured to do so.
Relates to #2247.
*Risk Level*: low
*Testing*: unit and integration testing
*Docs Changes*: protobuf documentation updated
*Release Notes*: introduced a basic thrift_proxy routing extension
Signed-off-by: Stephan Zuercher <stephan@turbinelabs.io>
Mirrored from https://github.com/envoyproxy/envoy @ 72a964c7b6f52746f4f7c357dcf667e533470567
This PR contains changes to implement feature requested in issue #3823
- Adding DropOverload in eds policy which can be used to specify
drop_percentage per category.
- Adding DroppedRequests in load_report which can report deliberately
dropped requests for each category.
Signed-off-by: vishalpowar <vishal.powar@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 3ee3aa34d826fa1783c201fbf99dfec3a21eed53
This adds the ability to specify response_headers_to_* and request_headers_to_add at the route level, for #3520
Risk Level: low
Testing: updated unit tests
Docs Changes: added
Fixes Issue: #3520
Signed-off-by: Derek Argueta <dereka@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ ec0179a78b6928f2ae96a43811c27b059d9186d7
This patch implements load_assigment field in CDS' Cluster.
This change specifically adds the implementation of the new load_assigment field
for clusters with discovery-type: STATIC, STRICT_DNS and LOGICAL_DNS.
While adding this load_assigment field implementation to Cluster,
this patch also allows specifying optional (active) health check config per specified upstream host.
Risk Level: medium
Testing: unit tests
Docs Changes:
This unhides docs for endpoint health check config
Release Notes: N/A
Fixes#439
Signed-off-by: Dhi Aurrahman <dio@rockybars.com>
Mirrored from https://github.com/envoyproxy/envoy @ b32eabfc141760ec14622a4a2a2f0ab0a741cd6c
Make the YAML examples use lists for `audiences` and avoid starting
lists for non-repeating fields.
Risk Level: Low
Testing: N/A
Docs Changes: N/A
Release Notes: N/A
Signed-off-by: Tal Nordan <tal.nordan@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ c4b6aecdd1bf5fb7a05a3f2a6f58e6ec42dc1393
This is a followup to #3841, where we introduce HCM-wide stream idle timeouts. This has two effects:
1. We can now timeout immediately after stream creation, potentially before receiving request headers and routing.
2. A default timeout can be configured across all routes. This is overridable on a per-route basis.
The default and overriding semantics are explained in the docs. Also added as a bonus some docs
about how timeouts interact more generally in Envoy.
Fixes#3853.
Risk Level: Low. While there is some change to the per-route vs. HCM wide semantics for stream idle
timeouts, it's not anticipated this feature is in common use yet (it's only a couple of days since
landing), and the caveats in #3841 with the new 5 minute default timeout should already apply.
Testing: Unit/integration tests added.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 672083c7ba4e92fe9548252c45d84d583a95102d
Some sites where we consume HeaderValue, e.g. in Google gRPC client library metadata, require
non-empty keys as a precondition. This seems a general property; there shouldn't be any use case for
a header key that is empty.
Found with server_fuzz_test under oss-fuzz (issue 9373). As a bonus, also fixed another proto
descriptor crash that occurs with this corpus addition due to missing proto descriptor pool entries
in server_fuzz_test.
Risk level: Low
Testing: New server_fuzz corpus entry.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 8ed7c157c4b672763ae74e526e69ef43dda52549
Fix the description of an `RBAC` Protobuf message example, so that it
matches the changes made to the YAML code block in PR #3477.
Risk Level: Low
Testing: N/A
Docs Changes: N/A
Release Notes: N/A
Signed-off-by: Tal Nordan <tal.nordan@solo.io>
Mirrored from https://github.com/envoyproxy/envoy @ 0f68948434039eb5e2fe3610e9b315989d843296
Add an extensible resource monitor framework for monitoring resource "pressures" (usage/limit). This will be used by the overload manager to implement downstream circuit breaking (issue #373 - see design doc linked from there).
Risk Level: low (not yet used in envoy main)
Signed-off-by: Elisha Ziskind <eziskind@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0e71582b338b97d5667be7deaff831a062a96d1f
This PR avoids a situation in which we were losing track of data plane requests as follows:
1. Management server asks Envoy to track load stats for cluster Foo in a LoadStatsResponse for a 10s period. Envoy resets stats for Foo.
2. After the 10s timer, Envoy responds with Foo's stats, resetting them.
3. Management server asks Envoy to track load stats for cluster Foo in a LoadStatsResponse for a 10s period. Envoy resets stats for Foo.
4. After the 10s timer, Envoy responds with Foo's stats, resetting them.
Between 2 and 3, any stats for Foo requests that arrive were previously unaccounted for. We resolve
this (in a relatively backward compatible way) by not making any protocol changes except to require
Envoy to not reset stats for already tracked clusters.
If we were to design LRS from scratch to avoid this, there are better approaches, e.g. making it a
periodic reporting service rather than request-response, but we probably already have a bunch of
existing users of LRS and don't want to break them.
Rist Level: Low
Testing: Modified load_stats_integration_test.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 27c99de910788c2c5ca95a87cee00e55a33da638
Fixes#1778.
Risk level: Medium. A very conservative 5 minute default idle timeout has been set, which should not affect most deployments with default timeout already kicking in for connection idle or upstream idle. This will however affect things like hanging POSTs.
Testing: Integration and unit tests added for various timeout scenarios.
Signed-off-by: Harvey Tuch <htuch@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 45fe83e4eb5344afd1d6a7b0017570ab459f4877
This patch prepares HTTP response when an upstream gRPC service method
uses google.api.HttpBody proto as its message output type.
Risk Level: Low
Testing: Unit
Docs Changes:
Added notes on sending arbitrary content as HTTP response by using google.api.HttpBody.
Release Notes:
Added support for encoding google.api.HttpBody when building HTTP response.
Fixes#3205
Signed-off-by: Dhi Aurrahman <dio@rockybars.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0cf947f44247e83dad4274a39067e738a17b2994
Adds a flag to the subset lb config which will cause the subset
lb to respect the locality weights of the original host set. This allows
subset matching on clusters that are configured with locality weights.
Risk Level: Low, new optional feature
Testing: Unit tests
Docs Changes: Added documentation to proto definition
Release Notes: Added note about new configuration option to release notes
Fixes#3123
Signed-off-by: Snow Pettersen <snowp@squareup.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0a0914e9a1c18c94dc7a02faac1e8b1903d4e2e5
This is the complete HTTP/1.1 implementation of #3301, new style websockets.
It should preserve existing behavior for "old style" websockets except for handling transfer-encoding requests (we all agree shouldn't happen) and responses (actually could happen and have been requested) better.
Risk Level: High (should be self contained but still lots of core code changes)
Testing: Thorough integration tests. unit tests for http1 codec
Docs Changes: added websocket FAQ
Release Notes: added
Fixes#3301 (modulo timeouts not working, which will be addressed by #3654 or #1778)
Signed-off-by: Alyssa Wilk <alyssar@chromium.org>
Mirrored from https://github.com/envoyproxy/envoy @ 95c3e1343de707edee58defbec03ba87c9e969de
I think this broke in a recent refactor.
Signed-off-by: Matt Klein <mklein@lyft.com>
Mirrored from https://github.com/envoyproxy/envoy @ 866597fcb8cc3cdd53a767d66755506036261f3c
adds the required visibility rules and delegates the rest to the generic
api_proto_library. I tested the change by doing the following without
getting errors.
./ci/run_envoy_docker.sh './ci/do_ci.sh docs'
I changed the BUILD files using the following commands.
/envoy/api$ find . -type f -name BUILD | xargs sed -i -e 's/api_proto_library(/api_proto_library_internal(/g'
envoy/api$ find . -type f -name BUILD | xargs sed -i -e 's/"api_proto_library"/"api_proto_library_internal"/g'
Signed-off-by: mickey <mickeyju@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 4b871c0ab9350882271a490adcee44e613ed9807
This PR extends the current Ext_Authz filter to allow optional HTTP attributes being passed from the Authorization service down to client or, to the upstream services. I would like to get some feedback on the changes to the current gRPC async client and filter before moving to implementation of HTTP part of this extension and tests.
*issue: #2828
Risk Level: Medium
Testing: Manual, unit testing.
Docs Changes: envoyproxy/data-plane-api#563
Signed-off-by: Gabriel <gsagula@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5244597e93c70b4945c03a9fc55f8924a2da6fbc
Added the /clusters?format=json admin endpoint along with a proto representation of /clusters.
Risk Level: Low
Testing: Added a unit test for the new format.
Docs Changes: Added a brief description on the admin docs and linked to the more detailed proto definition.
Release Notes: Added release notes.
Fixes#2020
Signed-off-by: Matt Rice <mattrice@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 64605338ef040a949c5ea205bdd472a8fe42306c
Added a health discovery service config option in bootstrap.proto.
There is skeleton code for this service in source/common/upstream/health_discovery_service.cc
and an integration test that tests connectivity between envoy running hds and a management server.
This work is for #1310.
Risk Level: Low
Signed-off-by: Lilika Markatou <lilika@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 1413d5697c9a6c5c43d7b3d23bdab23cc8c2604b