Commit Message:
proxy_protocol_filter: Add field stat_prefix to the filter configuration
Additional Description:
This field allows for differentiating statistics when multiple proxy protocol listener filters are configured.
This PR is a follow-up from previous conversation: #32861 (comment)
Risk Level: Low
All client-facing behavior changes are guarded by new filter config field.
Testing:
Stats unit tests
Proxy protocol listener filter integration tests
Docs Changes:
Done
Release Notes:
Done
Platform Specific Features:
None
Signed-off-by: Teju Nareddy <tnareddy@confluent.io>
Mirrored from https://github.com/envoyproxy/envoy @ 69d4ef8d04678710ec1633e1e7effbda6623cc8d
Allows to preserve the exsting authorization header in oauth2 filter
Signed-off-by: Dennis Kniep <kniepdennis@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7fcc47414c9ebc3915616730612b0608031ea8e9
Commit Message: Add the ability to bypass overload manager for listeners
Additional Description: This flag can be used to disable overload manager on specific listeners where, for instance, we don't want to stop accepting requests. In my company, we implemented a CPU Utilization resource monitor that helps us drop requests when we hit a certain utilization percentage, but there are certain listeners that receive administrative traffic that we don't want overload manager to touch. Another use case is, we want to only throttle ingress traffic but not egress traffic going via Envoy. Another contributor authored #29781, but it has been marked as stale.
Risk Level: Low
Testing: Unit tests & Integration tests added
Docs Changes: No
Release Notes: Add bypass_overload_manager flag to Listener in order to prevent overload manager from taking actions on the traffic going through the said listener.
Platform Specific Features:
Signed-off-by: Fernando Cainelli <fernando.cainelli-external@getyourguide.com>
Signed-off-by: Can Cecen <ccecen@netflix.com>
Mirrored from https://github.com/envoyproxy/envoy @ ea982dc8dd1afc2d4cacbcbb484cf00bc48dab93
resource_api_version has also been removed from all tests and
examples, as it isn't used for anything.
Signed-off-by: Greg Greenway <ggreenway@apple.com>
Mirrored from https://github.com/envoyproxy/envoy @ 505a8603f7997ef7a8ddd81fcba382caa2be5867
Commit Message: Add a way to configure a quic connection debug visitor factory that will be used to attach a debug visitor to all quic connections on the listener. Adds an interface for this new type of factory.
Additional Description:
Risk Level: Low
Testing: Added new tests and modified existing tests in /test/common/quic. Also performed manual testing on a real machine and sent traffic to it using quic_client.
Docs Changes: Update envoy.config.listener.v3.quic_config.proto inline.
Release Notes: N/A
Platform Specific Features: N/A
Signed-off-by: Will Lampert <wlampert@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 0c28205942066b2b5b2ef2a344c9357f27f642c7
This allows using system root certs in gRPC. For details, see grpc/proposal#436.
Risk Level: Low
Testing: N/A
Docs Changes: Included in PR
Signed-off-by: Mark D. Roth <roth@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ 6364882088d5fce4b39d5ad3d0c0fac51c761b09
Expose config option for tcmalloc [memory background release rate](bf4db7e4c8/tcmalloc/malloc_extension.h (L637C15-L637C39), that eases tuning of tcmalloc in Envoy. Gperf tcmalloc is not yet supported in this change, as gperf tcmalloc memory release does not function the same way as tcmalloc does and introduced test flakiness.
Commit Message:
Additional Description:
Risk Level:
Testing: Unit tests
Docs Changes: API docs
Release Notes:
Platform Specific Features:
Signed-off-by: Kateryna Nezdolii <kateryna.nezdolii@gmail.com>
Signed-off-by: Kateryna Nezdolii <kateryna.nezdolii@docker.com>
Co-authored-by: Matt Klein <mattklein123@gmail.com>
Mirrored from https://github.com/envoyproxy/envoy @ 02dc6af0bd66af3105bb47919ee67102b6611feb
For apache thrift compatible HTTP requests and responses, this filter parses the thrift metadata and put them into filter dynamic metadata for other filter usage.
This is the initial proto design, which refers to other filters like json_to_metadata and payload_to_metadata.
Risk Level: low
Testing: build
Docs Changes: yes
#29371
Signed-off-by: kuochunghsu <kuochunghsu@pinterest.com>
Mirrored from https://github.com/envoyproxy/envoy @ 7081e5637c2cb0ecc90f1d1949c8acf27d576979
Created by Envoy dependency bot for @phlaxFix#34223
Signed-off-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Co-authored-by: dependency-envoy[bot] <148525496+dependency-envoy[bot]@users.noreply.github.com>
Mirrored from https://github.com/envoyproxy/envoy @ 580f37c7be39cae3bc9cf0eebf2227859487a86e
This PR provide a common data source provider to support file watching.
For the users who don't need the file watching or don't use the file data source, if the provider is used, then only need to pay 8 additional bytes and one additional if check (holds_alternative) compare to using the directly DataSource::read().
For the users who want to use the file watching, additional file watcher and TLS slot (ThreadLocalStorage) are necessary. This is much expensive but reasonable.
Risk Level: low.
Testing: unit.
Docs Changes: n/a.
Release Notes: n/a.
Platform Specific Features: n/a.
Signed-off-by: wbpcode <wbphub@live.com>
Signed-off-by: code <wangbaiping@corp.netease.com>
Mirrored from https://github.com/envoyproxy/envoy @ 838bc86a0fe46801320eef13cc599bc80bd88d10
* healthcheck: support TCP health check with ProxyProtocol
Signed-off-by: Rei Shimizu <shimizu.rei@linecorp.com>
Mirrored from https://github.com/envoyproxy/envoy @ a3ecbf09d08f457349126faaf64ce5005658637d
* Add command line flag to skip hot restart stats transfer
Signed-off-by: Raven Black <ravenblack@dropbox.com>
Mirrored from https://github.com/envoyproxy/envoy @ f0c232963ef5c36a3fe4f4697afc71ff3861873a
This PR is a follow up change for: #33582.
It is to support RouteCacheAction to force clearing the route cache in ext_proc filter even side stream server does not send the clear_route_cache in the response.
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ a7d3789c3eeda314c6a96be72485eb89a672a268
Risk Level: Low
Testing: Unit Tests
Signed-off-by: Yan Avlasov <yavlasov@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ad82647bf6311f18d12321bbf65383ee4c5fc807
Adding runtime key to protect drop overload feature.
The runtime key "load_balancing_policy.drop_overload_limit" can be configured with an integer 0 to 100. 0 means 0%. 100 means 100%. So, when there is an EDS update with drop_overloads configuration, if this runtime key is enabled, Envoy will pick up the smaller one between these two to perform the drops.
---------
Signed-off-by: Yanjun Xiang <yanjunxiang@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ef8a34d89f85f434e6df562c742b63a359d0ceb4
* inplace change the ImmediateResponse::body type from string to bytes
per discussion this should be a safe swap for c++ Envoy
Signed-off-by: Xin Zhuang <stevenzzz@google.com>
* add a unit test for non-utf8 body in extenal immediate response
Signed-off-by: Xin Zhuang <stevenzzz@google.com>
---------
Signed-off-by: Xin Zhuang <stevenzzz@google.com>
Mirrored from https://github.com/envoyproxy/envoy @ ab4b6f70b283905d5fcb5ddb0b0be34562873b51
This adds additional stats for `rules` and `shadow_rules` in the HTTP-based RBAC filter.
Fixes#32129
---------
Signed-off-by: Henry Wang <henry.wang@datadoghq.com>
Mirrored from https://github.com/envoyproxy/envoy @ 5eccc35176a77633c98bd96baa64d15bd3c5fe2f
update-envoy[bot]