From 5ee7195e234ad417c306dcc3203a7320e8f48e23 Mon Sep 17 00:00:00 2001 From: Alyssa Wilk Date: Mon, 4 Oct 2021 11:11:14 -0400 Subject: [PATCH 1/5] docs: fixes for release notes for 1.20 Signed-off-by: Alyssa Wilk --- docs/root/version_history/current.rst | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 5179376bfc90..9447094141b8 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -5,7 +5,7 @@ Incompatible Behavior Changes ----------------------------- *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* -* config: the ``--bootstrap-version`` CLI flag has been removed, Envoy has only been able to accept v3 +* config: the ``--bootstrap-version`` CLI flag has been removed, Envoy has been able to accept v3 bootstrap configurations since 1.18.0. * contrib: the :ref:`squash filter ` has been moved to :ref:`contrib images `. @@ -26,7 +26,6 @@ Incompatible Behavior Changes Control planes upgrading from Envoy 1.19.0 and 1.19.1 will need to vendor the corresponding protobuf definitions to ensure that the renumbered fields have the types expected by those releases. -* ext_authz: fixed skipping authentication when returning either a direct response or a redirect. This behavior can be temporarily reverted by setting the ``envoy.reloadable_features.http_ext_authz_do_not_skip_direct_response_and_redirect`` runtime guard to false. * extensions: deprecated extension names now default to triggering a configuration error. The previous warning-only behavior may be temporarily reverted by setting the runtime key ``envoy.deprecated_features.allow_deprecated_extension_names`` to true. @@ -35,9 +34,9 @@ Minor Behavior Changes ---------------------- *Changes that may cause incompatibilities for some users, but should not for most* -* client_ssl_auth filter: now sets additional termination details and **UAEX** response flag when the client certificate is not in the allowed-list. +* client_ssl_auth filter: now sets additional termination details and ``UAEX`` response flag when the client certificate is not in the allowed-list. * config: configuration files ending in .yml now load as YAML. -* config: configuration file extensions now ignore case when deciding the file type. E.g., .JSON file load as JSON. +* config: configuration file extensions now ignore case when deciding the file type. E.g., .JSON files load as JSON. * config: reduced log level for "Unable to establish new stream" xDS logs to debug. The log level for "gRPC config stream closed" is now reduced to debug when the status is ``Ok`` or has been retriable (``DeadlineExceeded``, ``ResourceExhausted``, or ``Unavailable``) for less than 30 @@ -50,6 +49,7 @@ Minor Behavior Changes APIs that are known to be implicitly not work-in-progress have been force migrated and are individually indicated elsewhere in the release notes. A server-wide ``wip_protos`` counter has also been added in :ref:`server statistics ` to track this. +* ext_authz: fixed skipping authentication when returning either a direct response or a redirect. This behavior can be temporarily reverted by setting the ``envoy.reloadable_features.http_ext_authz_do_not_skip_direct_response_and_redirect`` runtime guard to false. * grpc: gRPC async client can be cached and shared across filter instances in the same thread, this feature is turned off by default, can be turned on by setting runtime guard ``envoy.reloadable_features.enable_grpc_async_client_cache`` to true. * http: correct the use of the ``x-forwarded-proto`` header and the ``:scheme`` header. Where they differ (which is rare) ``:scheme`` will now be used for serving redirect URIs and cached content. This behavior @@ -67,13 +67,13 @@ Minor Behavior Changes feature to a non-negative number will override the default value. * http: stop processing pending H/2 frames if connection transitioned to a closed state. This behavior can be temporarily reverted by setting the ``envoy.reloadable_features.skip_dispatching_frames_for_closed_connection`` to false. * listener: added the :ref:`enable_reuse_port ` - field and changed the default for reuse_port from false to true, as the feature is now well + field and changed the default for ``reuse_port`` from false to true, as the feature is now well supported on the majority of production Linux kernels in use. The default change is aware of the hot restart, as otherwise, the change would not be backward compatible between restarts. This means that hot restarting onto a new binary will retain the default of false until the binary undergoes a full restart. To retain the previous behavior, either explicitly set the new configuration field to false, or set the runtime feature flag ``envoy.reloadable_features.listener_reuse_port_default_enabled`` - to false. As part of this change, the use of reuse_port for TCP listeners on both macOS and + to false. As part of this change, the use of ``reuse_port`` for TCP listeners on both macOS and Windows has been disabled due to suboptimal behavior. See the field documentation for more information. * listener: destroy per network filter chain stats when a network filter chain is removed during the listener in-place update. @@ -138,7 +138,7 @@ New Features * rbac: added :ref:`matcher` along with extension category ``extension_category_envoy.rbac.matchers`` for custom RBAC permission matchers. Added reference implementation for matchers :ref:`envoy.rbac.matchers.upstream_ip_port `. * route config: added :ref:`dynamic_metadata ` for routing based on dynamic metadata. * router: added retry options predicate extensions configured via - :ref:` `. These + :ref:``. These extensions allow modification of requests between retries at the router level. There are not currently any built-in extensions that implement this extension point. * router: added :ref:`per_try_idle_timeout ` timeout configuration. From c2912113d9da033e179ce571f39cdf1baba1e8fe Mon Sep 17 00:00:00 2001 From: Alyssa Wilk Date: Mon, 4 Oct 2021 11:20:29 -0400 Subject: [PATCH 2/5] the rest of the gorp Signed-off-by: Alyssa Wilk --- RELEASES.md | 3 ++- VERSION | 2 +- docs/root/version_history/current.rst | 4 ++-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/RELEASES.md b/RELEASES.md index c72eeb63805a..cf3fce13c72a 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -72,6 +72,7 @@ deadline of 3 weeks. | 1.17.0 | 2020/12/31 | 2021/01/11 | +11 days | 2022/01/11 | | 1.18.0 | 2021/03/31 | 2021/04/15 | +15 days | 2022/04/15 | | 1.19.0 | 2021/06/30 | 2021/07/13 | +13 days | 2022/07/13 | -| 1.20.0 | 2021/09/30 | | | | +| 1.20.0 | 2021/09/30 | 2021/10/05 | +5 days | 2022/10/13 | +| 1.20.1 | 2021/12/30 | | | | [repokitteh]: https://github.com/repokitteh diff --git a/VERSION b/VERSION index 734375f897d0..398935591556 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.20.0-dev +1.20.0 diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 9447094141b8..2e5322da2b00 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -1,5 +1,5 @@ -1.20.0 (Pending) -================ +1.20.0 (October 5, 2021) +======================== Incompatible Behavior Changes ----------------------------- From 5e09cf7c3cca1927550d3e192ebc2f3ae7a9310c Mon Sep 17 00:00:00 2001 From: Alyssa Wilk Date: Mon, 4 Oct 2021 11:34:44 -0400 Subject: [PATCH 3/5] fix Signed-off-by: Alyssa Wilk --- docs/root/version_history/current.rst | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 2e5322da2b00..8cb3eb133417 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -137,10 +137,7 @@ New Features * rbac: added :ref:`destination_port_range ` for matching range of destination ports. * rbac: added :ref:`matcher` along with extension category ``extension_category_envoy.rbac.matchers`` for custom RBAC permission matchers. Added reference implementation for matchers :ref:`envoy.rbac.matchers.upstream_ip_port `. * route config: added :ref:`dynamic_metadata ` for routing based on dynamic metadata. -* router: added retry options predicate extensions configured via - :ref:``. These - extensions allow modification of requests between retries at the router level. There are not - currently any built-in extensions that implement this extension point. +* router: added retry options predicate extensions configured via :ref:`retry_options_predicates. ` These extensions allow modification of requests between retries at the router level. There are not currently any built-in extensions that implement this extension point. * router: added :ref:`per_try_idle_timeout ` timeout configuration. * router: added an optional :ref:`override_auto_sni_header ` to support setting SNI value from an arbitrary header other than host/authority. * sxg_filter: added filter to transform response to SXG package to :ref:`contrib images `. This can be enabled by setting :ref:`SXG ` configuration. From 90bf92e78b43028d569142e50336110f97482c61 Mon Sep 17 00:00:00 2001 From: Alyssa Wilk Date: Mon, 4 Oct 2021 12:09:05 -0400 Subject: [PATCH 4/5] another reflink fix Signed-off-by: Alyssa Wilk --- docs/root/version_history/current.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index 8cb3eb133417..b1dd2f1a4050 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -133,7 +133,7 @@ New Features * listener: new listener metric ``downstream_cx_transport_socket_connect_timeout`` to track transport socket timeouts. * lua: added ``header:getAtIndex()`` and ``header:getNumValues()`` methods to :ref:`header object ` for retrieving the value of a header at certain index and get the total number of values for a given header. * matcher: added :ref:`invert ` for inverting the match result in the metadata matcher. -* overload: add a new overload action that resets streams using a lot of memory. To enable the tracking of allocated bytes in buffers that a stream is using we need to configure the minimum threshold for tracking via:ref:`buffer_factory_config `. We have an overload action ``Envoy::Server::OverloadActionNameValues::ResetStreams`` that takes advantage of the tracking to reset the most expensive stream first. +* overload: add a new overload action that resets streams using a lot of memory. To enable the tracking of allocated bytes in buffers that a stream is using we need to configure the minimum threshold for tracking via :ref:`buffer_factory_config `. We have an overload action ``Envoy::Server::OverloadActionNameValues::ResetStreams`` that takes advantage of the tracking to reset the most expensive stream first. * rbac: added :ref:`destination_port_range ` for matching range of destination ports. * rbac: added :ref:`matcher` along with extension category ``extension_category_envoy.rbac.matchers`` for custom RBAC permission matchers. Added reference implementation for matchers :ref:`envoy.rbac.matchers.upstream_ip_port `. * route config: added :ref:`dynamic_metadata ` for routing based on dynamic metadata. From 4af3bd55b455219e6643b01d5c80e8c382170258 Mon Sep 17 00:00:00 2001 From: Alyssa Wilk Date: Tue, 5 Oct 2021 08:53:33 -0400 Subject: [PATCH 5/5] fix bad merge Signed-off-by: Alyssa Wilk --- docs/root/version_history/current.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/root/version_history/current.rst b/docs/root/version_history/current.rst index c80d3894b4c5..1378e06c09ab 100644 --- a/docs/root/version_history/current.rst +++ b/docs/root/version_history/current.rst @@ -5,7 +5,6 @@ Incompatible Behavior Changes ----------------------------- *Changes that are expected to cause an incompatibility if applicable; deployment changes are likely required* -* config: the ``--bootstrap-version`` CLI flag has been removed, Envoy has been able to accept v3 * config: due to the switch to using work-in-progress annotations and warnings to indicate APIs subject to change, the following API packages have been force migrated from ``v3alpha`` to ``v3``: ``envoy.extensions.access_loggers.open_telemetry.v3``,