Version history

access log: added ability to log response trailers.
access log: added ability to format START_TIME.
access log: added DYNAMIC_METADATA .
access log: added HeaderFilter to filter logs based on request headers.
access log: added %([1-9])?f as one of START_TIME specifiers to render subseconds.
access log: gRPC Access Log Service (ALS) support added for .
access log: improved WebSocket logging.
admin: added for dumping the current configuration and associated xDS version information (if applicable).
admin: added as an alternative endpoint for getting stats in prometheus format.
admin: added /runtime_modify endpoint to add or change runtime values.
admin: mutations must be sent as POSTs, rather than GETs. Mutations include: , POST /healthcheck/fail, , POST /logging, , POST /reset_counters, .
admin: removed /routes endpoint; route configs can now be found at the /config_dump endpoint.
buffer filter: the buffer filter can be optionally or overridden with route-local configuration.
cli: added –config-yaml flag to the Envoy binary. When set its value is interpreted as a yaml representation of the bootstrap config and overrides –config-path.
cluster: added to close tcp_proxy upstream connections when health checks fail.
cluster: added option to drain connections from hosts after they are removed from service discovery, regardless of health status.
cluster: fixed bug preventing the deletion of all endpoints in a priority.
debug: added symbolized stack traces (where supported).
grpc: support added for the full set of .
gzip filter: added stats to the filter.
gzip filter: sending accept-encoding header as identity no longer compresses the payload.
health check: added ability to set for HTTP health check.
health check: added support for EDS delivered endpoint health status.
health check: added interval overrides for health state transitions from , unhealthy to healthy and for subsequent checks on .
health check: added support for custom health check.
health check: health check connections can now be configured to use http/2.
health check http filter: added to trigger health check response. Deprecated the endpoint option.
http: filters can now optionally support , route, and local configuration.
http: added the ability to pass DNS type Subject Alternative Names of the client certificate in the x-forwarded-client-cert header.
http: local responses to gRPC requests are now sent as trailers-only gRPC responses instead of plain HTTP responses. Notably the HTTP response code is always “200” in this case, and the gRPC error code is carried in “grpc-status” header, optionally accompanied with a text message in “grpc-message” header.
http: added support for append.
http: added a configuration option to elide x-forwarded-for header modifications.
http: fixed a bug in inline headers where addCopy and addViaMove didn’t add header values when encountering inline headers with multiple instances.
listeners: added option.
listeners: added the ability to match FilterChain using (e.g. ALPN for TLS protocol).
listeners: sni_domains has been deprecated/renamed to .
listeners: removed restriction on all filter chains having identical filters.
load balancer: added weighted round robin support. The round robin scheduler now respects endpoint weights and also has improved fidelity across picks.
load balancer: is now supported.
load balancer: ability to configure zone aware load balancer settings through the API.
load balancer: the load balancing algorithm has been improved to have better balance when operating in weighted mode.
logger: added the ability to optionally set the log format via the --log-format option.
logger: all can be configured at run-time: trace debug info warning error critical.
rbac http filter: a role-based access control http filter has been added.
router: the behavior of per-try timeouts have changed in the case where a portion of the response has already been proxied downstream when the timeout occurs. Previously, the response would be reset leading to either an HTTP/2 reset or an HTTP/1 closed connection and a partial response. Now, the timeout will be ignored and the response will continue to proxy up to the global request timeout.
router: changed the behavior of to ignore the source port.
router: added an prefix_match match type to explicitly match based on the prefix of a header value.
router: added an match type to explicitly match based on the suffix of a header value.
router: added an present_match match type to explicitly match based on a header’s presence.
router: added an config option which supports inverting all other match types to match based on headers which are not a desired value.
router: allow cookie routing to generate session cookies.
router: added START_TIME as one of supported variables in .
router: added a max_grpc_timeout config option to specify the maximum allowable value for timeouts decoded from gRPC header field grpc-timeout.
router: added a to disable x-envoy- header generation.
router: added ‘unavailable’ to the retriable gRPC status codes that can be specified through x-envoy-retry-grpc-on.
sockets: added to support recording plain text traffic and PCAP generation.
sockets: added IP_FREEBIND socket option support for listeners and upstream connections via and cluster specific options.
sockets: added IP_TRANSPARENT socket option support for .
sockets: added SO_KEEPALIVE socket option for upstream connections per cluster.
stats: added support for histograms.
stats: added .
stats: updated stats sink interface to flush through a single call.
tls: added support for verify_certificate_spki.
tls: added support for multiple values.
tls: added support for using verify_certificate_spki and without trusted_ca.
tls: added support for allowing expired certificates with .
tls: added support for renegotiation when acting as a client.
tls: removed support for legacy SHA-2 CBC cipher suites.
tracing: the sampling decision is now delegated to the tracers, allowing the tracer to decide when and if to use it. For example, if the header is supplied with the client request, its value will override any sampling decision made by the Envoy proxy.
websocket: support configuring idle_timeout and max_connect_attempts.
upstream: added support for host override for a request in .
header to metadata: added HTTP Header to Metadata filter.

1.6.0 (March 20, 2018)

access log: added DOWNSTREAM_REMOTE_ADDRESS, DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT, and DOWNSTREAM_LOCAL_ADDRESS . DOWNSTREAM_ADDRESS access log formatter has been deprecated.
access log: added less than or equal (LE) comparison filter.
access log: added configuration to to set default sampling rate, divisor, and whether to use independent randomness or not.
admin: added /runtime admin endpoint to read the current runtime values.
build: added support for . This change allows scripts loaded with the Lua filter to load shared object libraries such as those installed via LuaRocks.
config: added support for sending error details as in DiscoveryRequest.
config: added support for of TLS certificates and private keys.
config: added restrictions for the backing config sources of xDS resources. For filesystem based xDS the file must exist at configuration time. For cluster based xDS the backing cluster must be statically defined and be of non-EDS type.
grpc: the Google gRPC C++ library client is now supported as specified in the and GrpcService.
grpc-json: added support for .
health check: added ability to set host header value for http health check.
health check: extended the health check filter to support computation of the health check response based on the .
health check: added setting for no-traffic interval.
http: added idle timeout for .
http: added support for proxying 100-Continue responses.
http: added the ability to pass a URL encoded PEM encoded peer certificate in the header.
http: added support for trusting additional hops in the x-forwarded-for request header.
http: added support for .
hot restart: added SIGTERM propagation to children to hot-restarter.py, which enables using it as a parent of containers.
ip tagging: added .
listeners: added support for listening for both IPv4 and IPv6 when binding to ::.
listeners: added support for listening on .
listeners: added support for abstract unix domain sockets on Linux. The abstract namespace can be used by prepending ‘@’ to a socket path.
load balancer: added cluster configuration for percentage.
load balancer: added Maglev consistent hash load balancer.
load balancer: added support for priorities.
lua: added headers replace() API.
lua: extended to support API.
redis: added local PING support to the Redis filter.
redis: added GEORADIUS_RO and GEORADIUSBYMEMBER_RO to the whitelist.
router: added DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT, DOWNSTREAM_LOCAL_ADDRESS, DOWNSTREAM_LOCAL_ADDRESS_WITHOUT_PORT, PROTOCOL, and UPSTREAM_METADATA header formatters. The CLIENT_IP header formatter has been deprecated.
router: added gateway-error policy.
router: added support for route matching based on URL query string parameters.
router: added support for more granular weighted cluster routing by allowing the to be specified in configuration.
router: added support for custom request/response headers with mixed static and dynamic values.
router: added support for . I.e., sending a preconfigured HTTP response without proxying anywhere.
router: added support for HTTPS redirects on specific routes.
router: added support for for redirects.
router: added support for stripping the query string for redirects.
router: added support for downstream request/upstream response in weighted cluster.
router: added support for for request routing.
squash: added support for the Squash microservices debugger. Allows debugging an incoming request to a microservice in the mesh.
stats: added metrics service API implementation.
stats: added native support.
stats: added support for fixed stats tag values which will be added to all metrics.
tcp proxy: added support for specifying a for upstream clusters in the tcp filter.
tcp proxy: improved TCP proxy to correctly proxy TCP half-close.
tcp proxy: added idle timeout.
tcp proxy: access logs now bring an IP address without a port when using DOWNSTREAM_ADDRESS. Use instead.
tracing: added support for dynamically loading an OpenTracing tracer.
tracing: when using the Zipkin tracer, it is now possible for clients to specify the sampling decision (using the header) and have the decision propagated through to subsequently invoked services.
tracing: when using the Zipkin tracer, it is no longer necessary to propagate the x-ot-span-context header. See more on trace context propagation .
transport sockets: added transport socket interface to allow custom implementations of transport sockets. A transport socket provides read and write logic with buffer encryption and decryption (if applicable). The existing TLS implementation has been refactored with the interface.
upstream: added support for specifying an alternate stats name while emitting stats for clusters.
Many small bug fixes and performance improvements not listed.

access log: added fields for .
admin: added JSON output for stats admin endpoint.
admin: added basic for stats admin endpoint. Histograms are not currently output.
admin: added version_info to the /clusters admin endpoint.
config: the is now considered production ready.
config: added --v2-config-only CLI flag.
cors: added .
health check: added x-envoy-immediate-health-check-fail header support.
health check: added option.
http: added per-listener stats.
http: end-to-end HTTP flow control is now complete across both connections, streams, and filters.
load balancer: added .
load balancer: added ring size and hash configuration options. This used to be configurable via runtime. The runtime configuration was deleted without deprecation as we are fairly certain no one is using it.
log: added the ability to optionally log to a file instead of stderr via the option.
listeners: added drain_type option.
lua: added experimental .
mongo filter: added fault injection.
mongo filter: added support.
outlier detection: added HTTP gateway failure type. See for outlier detection stats deprecations in this release.
redis: the redis proxy filter is now considered production ready.
redis: added functionality.
router: added x-envoy-overloaded support.
router: added route matching.
router: added custom request headers for upstream requests.
router: added for HTTP ketama routing.
router: added cookie hashing.
router: added option to create child span for egress calls.
router: added optional upstream logs.
router: added complete of request/response headers.
router: added support to specify response code during redirect.
router: added to return either a 404 or 503 if the upstream cluster does not exist.
runtime: added comment capability.
server: change default log level () to info.
stats: maximum stat/name sizes and maximum number of stats are now variable via the --max-obj-name-len and options.
tcp proxy: added access logging.
tcp proxy: added .
tcp proxy: enable use of outlier detector.
tls: added .
tls: added support for specifying TLS session ticket keys.
tls: allow configuration of the and max TLS protocol versions.
tracing: added .
Many small bug fixes and performance improvements not listed.

1.4.0 (August 24, 2017)

macOS is now supported. (A few features are missing such as hot restart and original destination routing).
YAML is now directly supported for .
Added /routes admin endpoint.
Log verbosity compile time flag added.
Hot restart added.
Original destination cluster and added.
WebSocket is now supported.
Virtual cluster priorities have been hard removed without deprecation as we are reasonably sure no one is using this feature.
Route option added.
x-envoy-downstream-service-node header added.
header added.
Initial HTTP/1 forward proxy support for absolute URLs has been added.
HTTP/2 codec settings are now .
gRPC/JSON transcoder filter added.
gRPC web added.
Configurable timeout for the rate limit service call in the network and rate limit filters.
x-envoy-retry-grpc-on header added.
added.
TLS require_client_certificate option added.
added.
JSON schema check tool added.
Config validation mode added via the option.
--local-address-ip-version option added.
IPv6 support is now complete.
UDP option added.
Per-cluster DNS resolvers added.
enhancements and fixes.
Several features are deprecated as of the 1.4.0 release. They will be removed at the beginning of the 1.5.0 release cycle. We explicitly call out that the HttpFilterConfigFactory filter API has been deprecated in favor of NamedHttpFilterConfigFactory.
Many small bug fixes and performance improvements not listed.

As of this release, we now have an official . Note that there are numerous breaking configuration changes in this release. They are not listed here. Future releases will adhere to the policy and have clear documentation on deprecations and changes.
Bazel is now the canonical build system (replacing CMake). There have been a huge number of changes to the development/build/test flow. See /bazel/README.md and for more information.
Outlier detection has been expanded to include success rate variance, and all parameters are now configurable in both runtime and in the JSON configuration.
TCP level and cluster connections now have configurable receive buffer limits at which point connection level back pressure is applied. Full end to end flow control will be available in a future release.
has been added as an active health check type. Full Redis support will be documented/supported in 1.4.0.
TCP health checking now supports a “connect only” mode that only checks if the remote server can be connected to without writing/reading any data.
is now the only supported TLS provider. The default cipher suites and ECDH curves have been updated with more modern defaults for both listener and connections.
The header value match rate limit action has been expanded to include an expect match parameter.
Route level HTTP rate limit configurations now do not inherit the virtual host level configurations by default. The to inherit the virtual host level options if desired.
HTTP routes can now add request headers on a per route and per virtual host basis via the request_headers_to_add option.
The have been refreshed to demonstrate the latest features.
per_try_timeout_ms can now be configured in a route’s retry policy in addition to via the HTTP header.
HTTP virtual host matching now includes support for prefix wildcard domains (e.g., *.lyft.com).
The default for tracing random sampling has been changed to 100% and is still configurable in .
HTTP tracing configuration has been extended to allow tags to be populated from arbitrary HTTP headers.
The can now be applied to internal, external, or all requests via the request_type option.
Listener binding now requires specifying an address field. This can be used to bind a listener to both a specific address as well as a port.
The now emits a stat for queries that do not have $maxTimeMS set.
The MongoDB filter now emits logs that are fully valid JSON.
The CPU profiler output path is now .
A watchdog system has been added that can kill the server if a deadlock is detected.
A has been added that can be used to test route tables before use.
We have added an example repo that shows how to compile/link a custom filter.
Added additional cluster wide information related to outlier detection to the .
Multiple SANs can now be verified via the verify_subject_alt_name setting. Additionally, URI type SANs can be verified.
HTTP filters can now be passed specified on a per route basis.
By default Envoy now has a built in crash handler that will print a back trace. This behavior can be disabled if desired via the Bazel option.
Zipkin has been added as a supported tracing provider.
Numerous small changes and fixes not listed here.

1.2.0 (March 7, 2017)

.
Outlier detection (passive health checking).
Envoy configuration is now checked against a .
Ring hash consistent load balancer, as well as HTTP consistent hash routing .
Vastly enhanced global rate limit configuration via the HTTP rate limiting filter.
HTTP routing to a cluster .
Weighted cluster HTTP routing.
during HTTP routing.
Regex header matching during HTTP routing.
HTTP access log .
LightStep tracer parent/child span association.
.
HTTP router x-envoy-upstream-rq-timeout-alt-response header support.
use_original_dst and bind_to_port (useful for iptables based transparent proxy support).
TCP proxy filter route table support.
Configurable .
Various third party library upgrades, including using BoringSSL as the default SSL provider.
No longer maintain closed HTTP/2 streams for priority calculations. Leads to substantial memory savings for large meshes.
Numerous small changes and fixes not listed here.

Switch from Jannson to RapidJSON for our JSON library (allowing for a configuration schema in 1.2.0).
Upgrade of various other libraries.
Configurable DNS refresh rate for DNS service discovery types.
Upstream circuit breaker configuration can be .
Zone aware routing support.
Generic .
HTTP/2 graceful connection draining (double GOAWAY).
DynamoDB filter (pre-release AWS feature).
Initial release of the fault injection HTTP filter.
HTTP enhancements (note that the configuration for HTTP rate limiting is going to be overhauled in 1.2.0).
Added refused-stream retry policy.
Multiple for upstream clusters (configurable on a per route basis, with separate connection pools, circuit breakers, etc.).
Added max connection circuit breaking to the TCP proxy filter.
Added options for setting the logging file flush interval as well as the drain/shutdown time during hot restart.
A very large number of performance enhancements for core HTTP/TCP proxy flows as well as a few new configuration flags to allow disabling expensive features if they are not needed (specifically request ID generation and dynamic response code stats).
Support Mongo 3.2 in the Mongo sniffing filter.

Version history

Version history

1.6.0 (March 20, 2018)

1.4.0 (August 24, 2017)

1.2.0 (March 7, 2017)

1.0.0 (September 12, 2016)