This patch begins addressing #540, adding per_filter_config fields to both VirtualHost. ClusterWeight and Route configs. A following PR will, as an initial PoC/example, implement vhost/route specific configs for the HTTP buffer filter.
Signed-off-by: Chris Roche <croche@lyft.com>
This provides an alternative health check port, if set it allows an
upstream host to have different health check address port.
Signed-off-by: Dhi Aurrahman <dio@rockybars.com>
This unhides request headers to add field for HTTP health check and put a
release note line in the version history.
Signed-off-by: Dhi Aurrahman <dio@rockybars.com>
This PR includes the necessary modifications in support of envoyproxy/envoy#2828.
Added additional configuration to ext_authz.proto so that the filter is able to call an HTTP/1.1 authorization service.
In external_auth.proto, added a nested message to CheckResponse that allows the authorization service to pass additional HTTP response attributes back to the authz filter.
Signed-off-by: Gabriel <gsagula@gmail.com>
These are required to generate xDS responses from a Go binary. If they
don't exist, implementations are required to vendor the data-plane-api
with this change applied.
Signed-off-by: John Millikin <jmillikin@stripe.com>
This follows up from #558 which made IP_FREEBIND a BoolValue for LDS but
not for upstream. I think it makes sense to have it in both places given
the new socket options setup introduce in
https://github.com/envoyproxy/envoy/pull/2734.
Some bonus docs fixups thrown in.
Signed-off-by: Harvey Tuch <htuch@google.com>
Introduce the concept of locality weighted LB (as distinct from zone
aware LB) in the docs and a new field in Cluster, locality_weighted_lb,
for configuring this behavior.
Signed-off-by: Harvey Tuch <htuch@google.com>
Document the behavior when each option is set to true, set to false,
or unset.
Document that the transparent option should be used in conjunction
the original_dst_filter to restore the original destination address.
Signed-off-by: Romain Lenglet <romain@covalent.io>
See envoyproxy/envoy#2771 for context
I will add documentation once the interfaces and placement of these things is settled. Current location (new admin package) was agreed upon as a good start with @htuch but i don't feel strongly about that or naming.
Signed-off-by: James Sedgwick <jsedgwick@lyft.com>
This is a follow-up PR of #325.
I mistook to add an unnecessary field here. What actually we need is just making dog_statsd_specifier oneof field, not adding tcp_cluster_name field.
We can safely drop this field because users has ended up with
initializing errors if they had specified this field.
[critical][main] source/server/server.cc:71] error initializing configuration '/envoy.yaml': Address must be a socket or pipe
This field has
never been used in envoy repo: 7d03b231c7/source/server/config/stats/dog_statsd.cc (L19-L23)
Signed-off-by: Taiki Ono <taiki-ono@cookpad.com>
Add an option "freebind" in LDS for listeners and the BindConfig which
is used for outgoing upstream connections. If true, set IP_FREEBIND
socket option. Defaults to false.
PR description will be updated with Envoy implementation PR# once it is
created.
Signed-off-by: Dan Noé <dpn@google.com>
Unhide the request_headers_to_add, response_headers_to_add, and response_headers_to_remove fields in ClusterWeight. Update HTTP conn manager docs related to same.
Doc update for envoyproxy/envoy#2765.
Signed-off-by: Stephan Zuercher stephan@turbinelabs.io
Add a "transparent" option to Listener to set the SOL_IP/IP_TRANSPARENT option on listen sockets, which allows using Envoy with the iptables TPROXY target.
Unlike the iptables REDIRECT target, TPROXY allows preserving both the source and destination IP addresses and ports of accepted connections.
API changes for: envoyproxy/envoy#2719
Signed-off-by: Romain Lenglet <romain@covalent.io>
* tcp proxy: add metadata_match to tcp proxy config
This should allow the tcp proxy to target a specific subset of endpoints
in a cluster by matching on the metadata, similar to what is currently
possible in the http_connection_manager filter.
See https://github.com/envoyproxy/envoy/issues/2696
Signed-off-by: Snow Pettersen <snowp@squareup.com>
V1 configuration does not support ip tagging. This pr cleans references to IP Tagging in V1 configs.
Signed-off-by: Constance Caramanolis <ccaramanolis@lyft.com>
1) Add ability to runtime filter to configure default, divisor, and
whether independent randomness is used.
2) Also add LE to the comparison filter.
Signed-off-by: Matt Klein <mklein@lyft.com>
In the proxy we've added an Unauthorized response flag. This PR adds the same to filter access logs.
Once this PR is merged it will be possible to set the flag in source/common/access_log/grpc_access_log_impl.cc
See also, comment in envoyproxy/envoy#2415
Signed-off-by: Saurabh Mohan <saurabh+github@tigera.io>
This enables generating generic service stubs for all the data-plane-api
proto services when generating Java classes with protoc.
This is generally not needed when implementing a gRPC server but in our case we're implementing
it behind our legacy protobuf RPC framework which rely on these stubs. As far as I know the only negative
with enabling these is generating some potentially unnecessary Java classes.
Signed-off-by: Snow Pettersen <snowp@squareup.com>