diff --git a/xds/third_party/envoy/import.sh b/xds/third_party/envoy/import.sh index 44b8febb1c..f6cd11c70a 100755 --- a/xds/third_party/envoy/import.sh +++ b/xds/third_party/envoy/import.sh @@ -18,7 +18,7 @@ set -e BRANCH=main # import VERSION from one of the google internal CLs -VERSION=af17f954653afcab6a189673e3500b2e988f1aef +VERSION=ac9a2637336decdcc52c24add5e8fc39edebb962 GIT_REPO="https://github.com/envoyproxy/envoy.git" GIT_BASE_DIR=envoy SOURCE_PROTO_BASE_DIR=envoy/api diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/auth/cert.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/auth/cert.proto index 49e8b8c70f..6a9cbddd25 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/auth/cert.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/auth/cert.proto @@ -3,7 +3,6 @@ syntax = "proto3"; package envoy.api.v2.auth; import "udpa/annotations/migrate.proto"; -import "udpa/annotations/status.proto"; import public "envoy/api/v2/auth/common.proto"; import public "envoy/api/v2/auth/secret.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/base.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/base.proto index 39846bc658..32cd90b4ee 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/base.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/base.proto @@ -9,7 +9,6 @@ import "envoy/type/percent.proto"; import "envoy/type/semantic_version.proto"; import "google/protobuf/any.proto"; -import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/config_source.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/config_source.proto index 7032b2c10d..6cf44dbe9b 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/config_source.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/config_source.proto @@ -26,10 +26,10 @@ enum ApiVersion { // When not specified, we assume v2, to ease migration to Envoy's stable API // versioning. If a client does not support v2 (e.g. due to deprecation), this // is an invalid value. - AUTO = 0; + AUTO = 0 [deprecated = true]; // Use xDS v2 API. - V2 = 1; + V2 = 1 [deprecated = true]; // Use xDS v3 API. V3 = 2; diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/protocol.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/protocol.proto index 9c47e388ee..ae1a86424c 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/protocol.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/core/protocol.proto @@ -201,7 +201,7 @@ message Http2ProtocolOptions { // Still under implementation. DO NOT USE. // // Allows metadata. See [metadata - // docs](https://github.com/envoyproxy/envoy/blob/master/source/docs/h2_metadata.md) for more + // docs](https://github.com/envoyproxy/envoy/blob/main/source/docs/h2_metadata.md) for more // information. bool allow_metadata = 6; diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/eds.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/eds.proto index b0d5c7c473..d757f17fc2 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/eds.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/eds.proto @@ -5,13 +5,10 @@ package envoy.api.v2; import "envoy/api/v2/discovery.proto"; import "google/api/annotations.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/wrappers.proto"; import "envoy/annotations/resource.proto"; import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; -import "validate/validate.proto"; import public "envoy/api/v2/endpoint.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/endpoint.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/endpoint.proto index 92a2b13a89..70bac3c6c4 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/endpoint.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/endpoint.proto @@ -5,7 +5,6 @@ package envoy.api.v2; import "envoy/api/v2/endpoint/endpoint_components.proto"; import "envoy/type/percent.proto"; -import "google/api/annotations.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/endpoint/endpoint.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/endpoint/endpoint.proto index 9724fd7281..247c9ae265 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/endpoint/endpoint.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/endpoint/endpoint.proto @@ -2,8 +2,6 @@ syntax = "proto3"; package envoy.api.v2.endpoint; -import "udpa/annotations/status.proto"; - import public "envoy/api/v2/endpoint/endpoint_components.proto"; option java_package = "io.envoyproxy.envoy.api.v2.endpoint"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/lds.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/lds.proto index d1e528f247..01d9949777 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/lds.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/lds.proto @@ -5,13 +5,10 @@ package envoy.api.v2; import "envoy/api/v2/discovery.proto"; import "google/api/annotations.proto"; -import "google/protobuf/duration.proto"; -import "google/protobuf/wrappers.proto"; import "envoy/annotations/resource.proto"; import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; -import "validate/validate.proto"; import public "envoy/api/v2/listener.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/listener.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/listener.proto index a93df10c31..26544c6c4a 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/listener.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/listener.proto @@ -10,7 +10,6 @@ import "envoy/api/v2/listener/udp_listener_config.proto"; import "envoy/config/filter/accesslog/v2/accesslog.proto"; import "envoy/config/listener/v2/api_listener.proto"; -import "google/api/annotations.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/listener/listener.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/listener/listener.proto index 671da24b04..273b29cb5d 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/listener/listener.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/listener/listener.proto @@ -2,8 +2,6 @@ syntax = "proto3"; package envoy.api.v2.listener; -import "udpa/annotations/status.proto"; - import public "envoy/api/v2/listener/listener_components.proto"; option java_package = "io.envoyproxy.envoy.api.v2.listener"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/rds.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/rds.proto index fad73f1758..faa5fdcf31 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/rds.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/rds.proto @@ -5,12 +5,10 @@ package envoy.api.v2; import "envoy/api/v2/discovery.proto"; import "google/api/annotations.proto"; -import "google/protobuf/wrappers.proto"; import "envoy/annotations/resource.proto"; import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; -import "validate/validate.proto"; import public "envoy/api/v2/route.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/route/route.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/route/route.proto index 92e44f1e19..ec13e9e5c8 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/route/route.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/route/route.proto @@ -2,8 +2,6 @@ syntax = "proto3"; package envoy.api.v2.route; -import "udpa/annotations/status.proto"; - import public "envoy/api/v2/route/route_components.proto"; option java_package = "io.envoyproxy.envoy.api.v2.route"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/api/v2/route/route_components.proto b/xds/third_party/envoy/src/main/proto/envoy/api/v2/route/route_components.proto index c1e84a5618..d73fbb8674 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/api/v2/route/route_components.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/api/v2/route/route_components.proto @@ -1133,13 +1133,18 @@ message HedgePolicy { // [#not-implemented-hide:] type.FractionalPercent additional_request_chance = 2; - // Indicates that a hedged request should be sent when the per-try timeout - // is hit. This will only occur if the retry policy also indicates that a - // timed out request should be retried. - // Once a timed out request is retried due to per try timeout, the router - // filter will ensure that it is not retried again even if the returned - // response headers would otherwise be retried according the specified - // :ref:`RetryPolicy `. + // Indicates that a hedged request should be sent when the per-try timeout is hit. + // This means that a retry will be issued without resetting the original request, leaving multiple upstream requests in flight. + // The first request to complete successfully will be the one returned to the caller. + // + // * At any time, a successful response (i.e. not triggering any of the retry-on conditions) would be returned to the client. + // * Before per-try timeout, an error response (per retry-on conditions) would be retried immediately or returned ot the client + // if there are no more retries left. + // * After per-try timeout, an error response would be discarded, as a retry in the form of a hedged request is already in progress. + // + // Note: For this to have effect, you must have a :ref:`RetryPolicy ` that retries at least + // one error code and specifies a maximum number of retries. + // // Defaults to false. bool hedge_on_per_try_timeout = 3; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto b/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto index d85c6af829..b709e89199 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto @@ -8,7 +8,6 @@ import "envoy/type/matcher/v3/metadata.proto"; import "envoy/type/v3/percent.proto"; import "google/protobuf/any.proto"; -import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; import "udpa/annotations/status.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto index 130887c76a..145a8b6951 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto @@ -20,10 +20,7 @@ import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; import "xds/core/v3/collection_entry.proto"; -import "xds/core/v3/resource_locator.proto"; -import "envoy/annotations/deprecation.proto"; -import "udpa/annotations/migrate.proto"; import "udpa/annotations/security.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -187,13 +184,8 @@ message Cluster { // Optional alternative to cluster name to present to EDS. This does not // have the same restrictions as cluster name, i.e. it may be arbitrary - // length. - string service_name = 2 [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; - - // Resource locator for EDS. This is mutually exclusive to *service_name*. - // [#not-implemented-hide:] - xds.core.v3.ResourceLocator eds_resource_locator = 3 - [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; + // length. This may be a xdstp:// URL. + string service_name = 2; } // Optionally divide the endpoints in this cluster into subsets defined by @@ -542,25 +534,9 @@ message Cluster { // https://github.com/envoyproxy/envoy/pull/3941. google.protobuf.Duration update_merge_window = 4; - // If set to true, Envoy will not consider new hosts when computing load balancing weights until - // they have been health checked for the first time. This will have no effect unless - // active health checking is also configured. - // - // Ignoring a host means that for any load balancing calculations that adjust weights based - // on the ratio of eligible hosts and total hosts (priority spillover, locality weighting and - // panic mode) Envoy will exclude these hosts in the denominator. - // - // For example, with hosts in two priorities P0 and P1, where P0 looks like - // {healthy, unhealthy (new), unhealthy (new)} - // and where P1 looks like - // {healthy, healthy} - // all traffic will still hit P0, as 1 / (3 - 2) = 1. - // - // Enabling this will allow scaling up the number of hosts for a given cluster without entering - // panic mode or triggering priority spillover, assuming the hosts pass the first health check. - // - // If panic mode is triggered, new hosts are still eligible for traffic; they simply do not - // contribute to the calculation when deciding whether panic mode is enabled or not. + // If set to true, Envoy will :ref:`exclude ` new hosts + // when computing load balancing weights until they have been health checked for the first time. + // This will have no effect unless active health checking is also configured. bool ignore_new_hosts_until_first_hc = 5; // If set to `true`, the cluster manager will drain all existing @@ -589,11 +565,10 @@ message Cluster { google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {nanos: 1000000}}]; } - // [#not-implemented-hide:] - message PrefetchPolicy { + message PreconnectPolicy { // Indicates how many streams (rounded up) can be anticipated per-upstream for each - // incoming stream. This is useful for high-QPS or latency-sensitive services. Prefetching - // will only be done if the upstream is healthy. + // incoming stream. This is useful for high-QPS or latency-sensitive services. Preconnecting + // will only be done if the upstream is healthy and the cluster has traffic. // // For example if this is 2, for an incoming HTTP/1.1 stream, 2 connections will be // established, one for the new incoming stream, and one for a presumed follow-up stream. For @@ -601,46 +576,46 @@ message Cluster { // serve both the original and presumed follow-up stream. // // In steady state for non-multiplexed connections a value of 1.5 would mean if there were 100 - // active streams, there would be 100 connections in use, and 50 connections prefetched. + // active streams, there would be 100 connections in use, and 50 connections preconnected. // This might be a useful value for something like short lived single-use connections, // for example proxying HTTP/1.1 if keep-alive were false and each stream resulted in connection // termination. It would likely be overkill for long lived connections, such as TCP proxying SMTP // or regular HTTP/1.1 with keep-alive. For long lived traffic, a value of 1.05 would be more - // reasonable, where for every 100 connections, 5 prefetched connections would be in the queue + // reasonable, where for every 100 connections, 5 preconnected connections would be in the queue // in case of unexpected disconnects where the connection could not be reused. // // If this value is not set, or set explicitly to one, Envoy will fetch as many connections // as needed to serve streams in flight. This means in steady state if a connection is torn down, - // a subsequent streams will pay an upstream-rtt latency penalty waiting for streams to be - // prefetched. + // a subsequent streams will pay an upstream-rtt latency penalty waiting for a new connection. // - // This is limited somewhat arbitrarily to 3 because prefetching connections too aggressively can - // harm latency more than the prefetching helps. - google.protobuf.DoubleValue per_upstream_prefetch_ratio = 1 + // This is limited somewhat arbitrarily to 3 because preconnecting too aggressively can + // harm latency more than the preconnecting helps. + google.protobuf.DoubleValue per_upstream_preconnect_ratio = 1 [(validate.rules).double = {lte: 3.0 gte: 1.0}]; // Indicates how many many streams (rounded up) can be anticipated across a cluster for each // stream, useful for low QPS services. This is currently supported for a subset of // deterministic non-hash-based load-balancing algorithms (weighted round robin, random). - // Unlike per_upstream_prefetch_ratio this prefetches across the upstream instances in a + // Unlike *per_upstream_preconnect_ratio* this preconnects across the upstream instances in a // cluster, doing best effort predictions of what upstream would be picked next and // pre-establishing a connection. // - // For example if prefetching is set to 2 for a round robin HTTP/2 cluster, on the first - // incoming stream, 2 connections will be prefetched - one to the first upstream for this - // cluster, one to the second on the assumption there will be a follow-up stream. + // Preconnecting will be limited to one preconnect per configured upstream in the cluster and will + // only be done if there are healthy upstreams and the cluster has traffic. // - // Prefetching will be limited to one prefetch per configured upstream in the cluster. + // For example if preconnecting is set to 2 for a round robin HTTP/2 cluster, on the first + // incoming stream, 2 connections will be preconnected - one to the first upstream for this + // cluster, one to the second on the assumption there will be a follow-up stream. // // If this value is not set, or set explicitly to one, Envoy will fetch as many connections // as needed to serve streams in flight, so during warm up and in steady state if a connection - // is closed (and per_upstream_prefetch_ratio is not set), there will be a latency hit for + // is closed (and per_upstream_preconnect_ratio is not set), there will be a latency hit for // connection establishment. // - // If both this and prefetch_ratio are set, Envoy will make sure both predicted needs are met, - // basically prefetching max(predictive-prefetch, per-upstream-prefetch), for each upstream. - // TODO(alyssawilk) per LB docs and LB overview docs when unhiding. - google.protobuf.DoubleValue predictive_prefetch_ratio = 2 + // If both this and preconnect_ratio are set, Envoy will make sure both predicted needs are met, + // basically preconnecting max(predictive-preconnect, per-upstream-preconnect), for each + // upstream. + google.protobuf.DoubleValue predictive_preconnect_ratio = 2 [(validate.rules).double = {lte: 3.0 gte: 1.0}]; } @@ -767,14 +742,37 @@ message Cluster { // HTTP protocol options that are applied only to upstream HTTP connections. // These options apply to all HTTP versions. - core.v3.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46; + // This has been deprecated in favor of + // :ref:`upstream_http_protocol_options ` + // in the :ref:`http_protocol_options ` message. + // upstream_http_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + // See ref:`upstream_http_protocol_options + // ` + // for example usage. + core.v3.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46 [deprecated = true]; // Additional options when handling HTTP requests upstream. These options will be applicable to // both HTTP1 and HTTP2 requests. - core.v3.HttpProtocolOptions common_http_protocol_options = 29; + // This has been deprecated in favor of + // :ref:`common_http_protocol_options ` + // in the :ref:`http_protocol_options ` message. + // common_http_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + // See ref:`upstream_http_protocol_options + // ` + // for example usage. + core.v3.HttpProtocolOptions common_http_protocol_options = 29 [deprecated = true]; // Additional options when handling HTTP1 requests. - core.v3.Http1ProtocolOptions http_protocol_options = 13; + // This has been deprecated in favor of http_protocol_options fields in the in the + // :ref:`http_protocol_options ` message. + // http_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + // See ref:`upstream_http_protocol_options + // ` + // for example usage. + core.v3.Http1ProtocolOptions http_protocol_options = 13 [deprecated = true]; // Even if default HTTP2 protocol options are desired, this field must be // set so that Envoy will assume that the upstream supports HTTP/2 when @@ -782,13 +780,21 @@ message Cluster { // supports prior knowledge for upstream connections. Even if TLS is used // with ALPN, `http2_protocol_options` must be specified. As an aside this allows HTTP/2 // connections to happen over plain text. + // This has been deprecated in favor of http2_protocol_options fields in the in the + // :ref:`http_protocol_options ` + // message. http2_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + // See ref:`upstream_http_protocol_options + // ` + // for example usage. core.v3.Http2ProtocolOptions http2_protocol_options = 14 - [(udpa.annotations.security).configure_for_untrusted_upstream = true]; + [deprecated = true, (udpa.annotations.security).configure_for_untrusted_upstream = true]; // The extension_protocol_options field is used to provide extension-specific protocol options // for upstream connections. The key should match the extension filter name, such as // "envoy.filters.network.thrift_proxy". See the extension's documentation for details on // specific options. + // [#next-major-version: make this a list of typed extensions.] map typed_extension_protocol_options = 36; // If the DNS refresh rate is specified and the cluster type is either @@ -913,7 +919,12 @@ message Cluster { core.v3.Metadata metadata = 25; // Determines how Envoy selects the protocol used to speak to upstream hosts. - ClusterProtocolSelection protocol_selection = 26; + // This has been deprecated in favor of setting explicit protocol selection + // in the :ref:`http_protocol_options + // ` message. + // http_protocol_options can be set via the cluster's + // :ref:`extension_protocol_options`. + ClusterProtocolSelection protocol_selection = 26 [deprecated = true]; // Optional options for upstream connections. UpstreamConnectionOptions upstream_connection_options = 30; @@ -998,9 +1009,8 @@ message Cluster { // Configuration to track optional cluster stats. TrackClusterStats track_cluster_stats = 49; - // [#not-implemented-hide:] - // Prefetch configuration for this cluster. - PrefetchPolicy prefetch_policy = 50; + // Preconnect configuration for this cluster. + PreconnectPolicy preconnect_policy = 50; // If `connection_pool_per_downstream_connection` is true, the cluster will use a separate // connection pool for every downstream connection diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto index c0b4d5732d..9bb5633e62 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto @@ -18,7 +18,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // See the :ref:`architecture overview ` for // more information on outlier detection. -// [#next-free-field: 21] +// [#next-free-field: 22] message OutlierDetection { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.cluster.OutlierDetection"; @@ -34,7 +34,8 @@ message OutlierDetection { google.protobuf.Duration interval = 2 [(validate.rules).duration = {gt {}}]; // The base time that a host is ejected for. The real time is equal to the - // base time multiplied by the number of times the host has been ejected. + // base time multiplied by the number of times the host has been ejected and is + // capped by :ref:`max_ejection_time`. // Defaults to 30000ms or 30s. google.protobuf.Duration base_ejection_time = 3 [(validate.rules).duration = {gt {}}]; @@ -148,4 +149,9 @@ message OutlierDetection { // volume is lower than this setting, failure percentage-based ejection will not be performed for // this host. Defaults to 50. google.protobuf.UInt32Value failure_percentage_request_volume = 20; + + // The maximum time that a host is ejected for. See :ref:`base_ejection_time` + // for more information. + // Defaults to 300000ms or 300s. + google.protobuf.Duration max_ejection_time = 21 [(validate.rules).duration = {gt {}}]; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto index 5b5339ea5b..c1f2a913aa 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto @@ -9,7 +9,6 @@ import "envoy/type/v3/percent.proto"; import "envoy/type/v3/semantic_version.proto"; import "google/protobuf/any.proto"; -import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; @@ -331,10 +330,10 @@ message DataSource { string filename = 1 [(validate.rules).string = {min_len: 1}]; // Bytes inlined in the configuration. - bytes inline_bytes = 2 [(validate.rules).bytes = {min_len: 1}]; + bytes inline_bytes = 2; // String inlined in the configuration. - string inline_string = 3 [(validate.rules).string = {min_len: 1}]; + string inline_string = 3; } } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto index 1ddaf6df8d..9de03625dc 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto @@ -27,10 +27,10 @@ enum ApiVersion { // When not specified, we assume v2, to ease migration to Envoy's stable API // versioning. If a client does not support v2 (e.g. due to deprecation), this // is an invalid value. - AUTO = 0; + AUTO = 0 [deprecated = true]; // Use xDS v2 API. - V2 = 1; + V2 = 1 [deprecated = true]; // Use xDS v3 API. V3 = 2; @@ -152,10 +152,9 @@ message RateLimitSettings { message ConfigSource { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ConfigSource"; - // Authorities that this config source may be used for. An authority specified - // in a *xds.core.v3.ResourceLocator* is resolved to a *ConfigSource* prior - // to configuration fetch. This field provides the association between - // authority name and configuration source. + // Authorities that this config source may be used for. An authority specified in a xdstp:// URL + // is resolved to a *ConfigSource* prior to configuration fetch. This field provides the + // association between authority name and configuration source. // [#not-implemented-hide:] repeated xds.core.v3.Authority authorities = 7; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto index ccd4739698..e4ad7429e0 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto @@ -13,7 +13,6 @@ import "google/protobuf/duration.proto"; import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; -import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; import "validate/validate.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto index 5acdd010e3..069028d25f 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto @@ -77,6 +77,10 @@ message HttpProtocolOptions { // .. warning:: // Disabling this timeout has a highly likelihood of yielding connection leaks due to lost TCP // FIN packets, etc. + // + // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" + // is configured, this timeout is scaled for downstream connections according to the value for + // :ref:`HTTP_DOWNSTREAM_CONNECTION_IDLE `. google.protobuf.Duration idle_timeout = 1; // The maximum duration of a connection. The duration is defined as a period since a connection @@ -262,7 +266,7 @@ message Http2ProtocolOptions { // Still under implementation. DO NOT USE. // // Allows metadata. See [metadata - // docs](https://github.com/envoyproxy/envoy/blob/master/source/docs/h2_metadata.md) for more + // docs](https://github.com/envoyproxy/envoy/blob/main/source/docs/h2_metadata.md) for more // information. bool allow_metadata = 6; @@ -297,9 +301,12 @@ message Http2ProtocolOptions { // of PRIORITY frames received over the lifetime of connection exceeds the value calculated // using this formula:: // - // max_inbound_priority_frames_per_stream * (1 + inbound_streams) + // max_inbound_priority_frames_per_stream * (1 + opened_streams) // - // the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks + // the connection is terminated. For downstream connections the `opened_streams` is incremented when + // Envoy receives complete response headers from the upstream server. For upstream connection the + // `opened_streams` is incremented when Envoy send the HEADERS frame for a new stream. The + // ``http2.inbound_priority_frames_flood`` stat tracks // the number of connections terminated due to flood mitigation. The default limit is 100. // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the // `envoy.reloadable_features.upstream_http2_flood_checks` flag. @@ -309,11 +316,14 @@ message Http2ProtocolOptions { // of WINDOW_UPDATE frames received over the lifetime of connection exceeds the value calculated // using this formula:: // - // 1 + 2 * (inbound_streams + - // max_inbound_window_update_frames_per_data_frame_sent * outbound_data_frames) + // 5 + 2 * (opened_streams + + // max_inbound_window_update_frames_per_data_frame_sent * outbound_data_frames) // - // the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks - // the number of connections terminated due to flood mitigation. The default limit is 10. + // the connection is terminated. For downstream connections the `opened_streams` is incremented when + // Envoy receives complete response headers from the upstream server. For upstream connections the + // `opened_streams` is incremented when Envoy sends the HEADERS frame for a new stream. The + // ``http2.inbound_priority_frames_flood`` stat tracks the number of connections terminated due to + // flood mitigation. The default max_inbound_window_update_frames_per_data_frame_sent value is 10. // Setting this to 1 should be enough to support HTTP/2 implementations with basic flow control, // but more complex implementations that try to estimate available bandwidth require at least 2. // NOTE: flood and abuse mitigation for upstream connections is presently enabled by the @@ -385,3 +395,11 @@ message GrpcProtocolOptions { Http2ProtocolOptions http2_protocol_options = 1; } + +// [#not-implemented-hide:] +// +// A message which allows using HTTP/3 as an upstream protocol. +// +// Eventually this will include configuration for tuning HTTP/3. +message Http3ProtocolOptions { +} diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/proxy_protocol.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/proxy_protocol.proto index 225a8971f2..40b33f33ff 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/proxy_protocol.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/proxy_protocol.proto @@ -3,7 +3,6 @@ syntax = "proto3"; package envoy.config.core.v3; import "udpa/annotations/status.proto"; -import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.core.v3"; option java_outer_classname = "ProxyProtocolProto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto index 10d99b878b..5d9c5b2ecd 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/core/v3/substitution_format_string.proto @@ -2,6 +2,9 @@ syntax = "proto3"; package envoy.config.core.v3; +import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/extension.proto"; + import "google/protobuf/struct.proto"; import "udpa/annotations/status.proto"; @@ -16,6 +19,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Configuration to use multiple :ref:`command operators ` // to generate a new string in either plain text or JSON format. +// [#next-free-field: 7] message SubstitutionFormatString { oneof format { option (validate.required) = true; @@ -36,7 +40,8 @@ message SubstitutionFormatString { // // upstream connect error:503:path=/foo // - string text_format = 1 [(validate.rules).string = {min_len: 1}]; + // Deprecated in favor of :ref:`text_format_source `. To migrate text format strings, use the :ref:`inline_string ` field. + string text_format = 1 [deprecated = true]; // Specify a format with command operators to form a JSON string. // Its details is described in :ref:`format dictionary`. @@ -61,6 +66,25 @@ message SubstitutionFormatString { // } // google.protobuf.Struct json_format = 2 [(validate.rules).message = {required: true}]; + + // Specify a format with command operators to form a text string. + // Its details is described in :ref:`format string`. + // + // For example, setting ``text_format`` like below, + // + // .. validated-code-block:: yaml + // :type-name: envoy.config.core.v3.SubstitutionFormatString + // + // text_format_source: + // inline_string: "%LOCAL_REPLY_BODY%:%RESPONSE_CODE%:path=%REQ(:path)%\n" + // + // generates plain text similar to: + // + // .. code-block:: text + // + // upstream connect error:503:path=/foo + // + DataSource text_format_source = 5; } // If set to true, when command operators are evaluated to null, @@ -80,4 +104,8 @@ message SubstitutionFormatString { // content_type: "text/html; charset=UTF-8" // string content_type = 4; + + // Specifies a collection of Formatter plugins that can be called from the access log configuration. + // See the formatters extensions documentation for details. + repeated TypedExtensionConfig formatters = 6; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint.proto b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint.proto index 214ce6c208..2db0ebcd7c 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint.proto @@ -5,7 +5,6 @@ package envoy.config.endpoint.v3; import "envoy/config/endpoint/v3/endpoint_components.proto"; import "envoy/type/v3/percent.proto"; -import "google/api/annotations.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto index beb5cd16f6..2b8a1d9298 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto @@ -11,7 +11,6 @@ import "envoy/config/listener/v3/api_listener.proto"; import "envoy/config/listener/v3/listener_components.proto"; import "envoy/config/listener/v3/udp_listener_config.proto"; -import "google/api/annotations.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; @@ -36,7 +35,7 @@ message ListenerCollection { repeated xds.core.v3.CollectionEntry entries = 1; } -// [#next-free-field: 26] +// [#next-free-field: 27] message Listener { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Listener"; @@ -60,12 +59,8 @@ message Listener { // bind can only receive connections redirected from other listeners that // set use_original_dst parameter to true. Default is true. // - // This is deprecated in v2, all Listeners will bind to their port. An - // additional filter chain must be created for every original destination - // port this listener may redirect to in v2, with the original port - // specified in the FilterChainMatch destination_port field. - // - // [#comment:TODO(PiotrSikora): Remove this once verified that we no longer need it.] + // This is deprecated. Use :ref:`Listener.bind_to_port + // ` google.protobuf.BoolValue bind_to_port = 1; } @@ -93,9 +88,7 @@ message Listener { } } - reserved 14, 4; - - reserved "use_original_dst"; + reserved 14; // The unique name by which this listener is known. If no name is provided, // Envoy will allocate an internal UUID for the listener. If the listener is to be dynamically @@ -116,6 +109,13 @@ message Listener { // :ref:`FAQ entry `. repeated FilterChain filter_chains = 3; + // If a connection is redirected using *iptables*, the port on which the proxy + // receives it might be different from the original destination address. When this flag is set to + // true, the listener hands off redirected connections to the listener associated with the + // original destination address. If there is no listener associated with the original destination + // address, the connection is handled by the listener that receives it. Defaults to false. + google.protobuf.BoolValue use_original_dst = 4; + // The default filter chain if none of the filter chain matches. If no default filter chain is supplied, // the connection will be closed. The filter chain match is ignored in this field. FilterChain default_filter_chain = 25; @@ -129,7 +129,7 @@ message Listener { core.v3.Metadata metadata = 6; // [#not-implemented-hide:] - DeprecatedV1 deprecated_v1 = 7; + DeprecatedV1 deprecated_v1 = 7 [deprecated = true]; // The type of draining to perform at a listener-wide level. DrainType drain_type = 8; @@ -267,4 +267,10 @@ message Listener { // The maximum length a tcp listener's pending connections queue can grow to. If no value is // provided net.core.somaxconn will be used on Linux and 128 otherwise. google.protobuf.UInt32Value tcp_backlog_size = 24; + + // Whether the listener should bind to the port. A listener that doesn't + // bind can only receive connections redirected from other listeners that set + // :ref:`use_original_dst ` + // to true. Default is true. + google.protobuf.BoolValue bind_to_port = 26; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto index c389c841e0..4ee2f1b53f 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto @@ -4,11 +4,11 @@ package envoy.config.listener.v3; import "envoy/config/core/v3/address.proto"; import "envoy/config/core/v3/base.proto"; +import "envoy/config/core/v3/extension.proto"; import "envoy/type/v3/range.proto"; import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; -import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; import "udpa/annotations/status.proto"; @@ -23,6 +23,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Listener components] // Listener :ref:`configuration overview ` +// [#next-free-field: 6] message Filter { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.listener.Filter"; @@ -34,10 +35,16 @@ message Filter { // :ref:`supported filter `. string name = 1 [(validate.rules).string = {min_len: 1}]; - // Filter specific configuration which depends on the filter being - // instantiated. See the supported filters for further documentation. oneof config_type { + // Filter specific configuration which depends on the filter being + // instantiated. See the supported filters for further documentation. google.protobuf.Any typed_config = 4; + + // Configuration source specifier for an extension configuration discovery + // service. In case of a failure and without the default configuration, the + // listener closes the connections. + // [#not-implemented-hide:] + core.v3.ExtensionConfigSource config_discovery = 5; } } @@ -218,7 +225,11 @@ message FilterChain { // load balancers including the AWS ELB support this option. If the option is // absent or set to false, Envoy will use the physical peer address of the // connection as the remote address. - google.protobuf.BoolValue use_proxy_proto = 4; + // + // This field is deprecated. Add a + // :ref:`PROXY protocol listener filter ` + // explicitly instead. + google.protobuf.BoolValue use_proxy_proto = 4 [deprecated = true]; // [#not-implemented-hide:] filter chain metadata. core.v3.Metadata metadata = 5; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/udp_listener_config.proto b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/udp_listener_config.proto index 9edbe59548..fe39be9b35 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/udp_listener_config.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/udp_listener_config.proto @@ -3,7 +3,6 @@ syntax = "proto3"; package envoy.config.listener.v3; import "google/protobuf/any.proto"; -import "google/protobuf/struct.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route.proto b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route.proto index a528d99bd4..4588af78cb 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route.proto @@ -21,7 +21,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // * Routing :ref:`architecture overview ` // * HTTP :ref:`router filter ` -// [#next-free-field: 11] +// [#next-free-field: 12] message RouteConfiguration { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.RouteConfiguration"; @@ -106,6 +106,19 @@ message RouteConfiguration { // option. Users may wish to override the default behavior in certain cases (for example when // using CDS with a static route table). google.protobuf.BoolValue validate_clusters = 7; + + // The maximum bytes of the response :ref:`direct response body + // ` size. If not specified the default + // is 4096. + // + // .. warning:: + // + // Envoy currently holds the content of :ref:`direct response body + // ` in memory. Be careful setting + // this to be larger than the default 4KB, since the allocated memory for direct response body + // is not subject to data plane buffering controls. + // + google.protobuf.UInt32Value max_direct_response_body_size_bytes = 11; } message Vhds { diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto index 62633012cf..8fe650ceb9 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto @@ -14,7 +14,6 @@ import "envoy/type/v3/range.proto"; import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; -import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; import "envoy/annotations/deprecation.proto"; @@ -139,6 +138,9 @@ message VirtualHost { // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter // specific; see the :ref:`HTTP filter documentation ` // for if and how it is utilized. + // [#comment: An entry's value may be wrapped in a + // :ref:`FilterConfig` + // message to specify additional options.] map typed_per_filter_config = 15; // Decides whether the :ref:`x-envoy-attempt-count @@ -249,6 +251,9 @@ message Route { // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter // specific; see the :ref:`HTTP filter documentation ` for // if and how it is utilized. + // [#comment: An entry's value may be wrapped in a + // :ref:`FilterConfig` + // message to specify additional options.] map typed_per_filter_config = 13; // Specifies a set of headers that will be added to requests matching this @@ -363,6 +368,9 @@ message WeightedCluster { // *envoy.filters.http.buffer* for the HTTP buffer filter. Use of this field is filter // specific; see the :ref:`HTTP filter documentation ` // for if and how it is utilized. + // [#comment: An entry's value may be wrapped in a + // :ref:`FilterConfig` + // message to specify additional options.] map typed_per_filter_config = 10; } @@ -741,10 +749,13 @@ message RouteAction { "envoy.api.v2.route.RouteAction.UpgradeConfig"; // Configuration for sending data upstream as a raw data payload. This is used for - // CONNECT requests, when forwarding CONNECT payload as raw TCP. + // CONNECT or POST requests, when forwarding request payload as raw TCP. message ConnectConfig { // If present, the proxy protocol header will be prepended to the CONNECT payload sent upstream. core.v3.ProxyProtocolConfig proxy_protocol_config = 1; + + // If set, the route will also allow forwarding POST payload as raw TCP. + bool allow_post = 2; } // The case-insensitive name of this upgrade, e.g. "websocket". @@ -980,7 +991,7 @@ message RouteAction { // // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" // is configured, this timeout is scaled according to the value for - // :ref:`HTTP_DOWNSTREAM_CONNECTION_IDLE `. + // :ref:`HTTP_DOWNSTREAM_STREAM_IDLE `. google.protobuf.Duration idle_timeout = 24; // Indicates that the route has a retry policy. Note that if this is set, @@ -1310,18 +1321,23 @@ message HedgePolicy { // [#not-implemented-hide:] type.v3.FractionalPercent additional_request_chance = 2; - // Indicates that a hedged request should be sent when the per-try timeout - // is hit. This will only occur if the retry policy also indicates that a - // timed out request should be retried. - // Once a timed out request is retried due to per try timeout, the router - // filter will ensure that it is not retried again even if the returned - // response headers would otherwise be retried according the specified - // :ref:`RetryPolicy `. + // Indicates that a hedged request should be sent when the per-try timeout is hit. + // This means that a retry will be issued without resetting the original request, leaving multiple upstream requests in flight. + // The first request to complete successfully will be the one returned to the caller. + // + // * At any time, a successful response (i.e. not triggering any of the retry-on conditions) would be returned to the client. + // * Before per-try timeout, an error response (per retry-on conditions) would be retried immediately or returned ot the client + // if there are no more retries left. + // * After per-try timeout, an error response would be discarded, as a retry in the form of a hedged request is already in progress. + // + // Note: For this to have effect, you must have a :ref:`RetryPolicy ` that retries at least + // one error code and specifies a maximum number of retries. + // // Defaults to false. bool hedge_on_per_try_timeout = 3; } -// [#next-free-field: 9] +// [#next-free-field: 10] message RedirectAction { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RedirectAction"; @@ -1392,6 +1408,31 @@ message RedirectAction { // :ref:`RouteAction's prefix_rewrite `. string prefix_rewrite = 5 [(validate.rules).string = {well_known_regex: HTTP_HEADER_VALUE strict: false}]; + + // Indicates that during redirect, portions of the path that match the + // pattern should be rewritten, even allowing the substitution of capture + // groups from the pattern into the new path as specified by the rewrite + // substitution string. This is useful to allow application paths to be + // rewritten in a way that is aware of segments with variable content like + // identifiers. + // + // Examples using Google's `RE2 `_ engine: + // + // * The path pattern ``^/service/([^/]+)(/.*)$`` paired with a substitution + // string of ``\2/instance/\1`` would transform ``/service/foo/v1/api`` + // into ``/v1/api/instance/foo``. + // + // * The pattern ``one`` paired with a substitution string of ``two`` would + // transform ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/two/zzz``. + // + // * The pattern ``^(.*?)one(.*)$`` paired with a substitution string of + // ``\1two\2`` would replace only the first occurrence of ``one``, + // transforming path ``/xxx/one/yyy/one/zzz`` into ``/xxx/two/yyy/one/zzz``. + // + // * The pattern ``(?i)/xxx/`` paired with a substitution string of ``/yyy/`` + // would do a case-insensitive match and transform path ``/aaa/XxX/bbb`` to + // ``/aaa/yyy/bbb``. + type.matcher.v3.RegexMatchAndSubstitute regex_rewrite = 9; } // The HTTP status code to use in the redirect response. The default response @@ -1511,10 +1552,11 @@ message VirtualCluster { } // Global rate limiting :ref:`architecture overview `. +// Also applies to Local rate limiting :ref:`using descriptors `. message RateLimit { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit"; - // [#next-free-field: 9] + // [#next-free-field: 10] message Action { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.route.RateLimit.Action"; @@ -1712,6 +1754,9 @@ message RateLimit { // Rate limit on metadata. MetaData metadata = 8; + + // Rate limit descriptor extension. See the rate limit descriptor extensions documentation. + core.v3.TypedExtensionConfig extension = 9; } } @@ -1908,3 +1953,20 @@ message InternalRedirectPolicy { // x-forwarded-proto. The default is false. bool allow_cross_scheme_redirect = 4; } + +// A simple wrapper for an HTTP filter config. This is intended to be used as a wrapper for the +// map value in +// :ref:`VirtualHost.typed_per_filter_config`, +// :ref:`Route.typed_per_filter_config`, +// or :ref:`WeightedCluster.ClusterWeight.typed_per_filter_config` +// to add additional flags to the filter. +// [#not-implemented-hide:] +message FilterConfig { + // The filter config. + google.protobuf.Any config = 1; + + // If true, the filter is optional, meaning that if the client does + // not support the specified filter, it may ignore the map entry rather + // than rejecting the config. + bool is_optional = 2; +} diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v2/opencensus.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v2/opencensus.proto index 8c8dab94a8..1a9a879b21 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v2/opencensus.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v2/opencensus.proto @@ -7,7 +7,6 @@ import "envoy/api/v2/core/grpc_service.proto"; import "opencensus/proto/trace/v1/trace_config.proto"; import "udpa/annotations/status.proto"; -import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.trace.v2"; option java_outer_classname = "OpencensusProto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v2/trace.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v2/trace.proto index 9f0670b28f..6ed394147d 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v2/trace.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v2/trace.proto @@ -2,8 +2,6 @@ syntax = "proto3"; package envoy.config.trace.v2; -import "udpa/annotations/status.proto"; - import public "envoy/config/trace/v2/datadog.proto"; import public "envoy/config/trace/v2/dynamic_ot.proto"; import public "envoy/config/trace/v2/http_tracer.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/http_tracer.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/http_tracer.proto index 33adea18a4..7146687b83 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/http_tracer.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/http_tracer.proto @@ -3,7 +3,6 @@ syntax = "proto3"; package envoy.config.trace.v3; import "google/protobuf/any.proto"; -import "google/protobuf/struct.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/opencensus.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/opencensus.proto index 3931313917..6ffce02392 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/opencensus.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/opencensus.proto @@ -9,7 +9,6 @@ import "opencensus/proto/trace/v1/trace_config.proto"; import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; -import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.config.trace.v3"; option java_outer_classname = "OpencensusProto"; @@ -72,11 +71,14 @@ message OpenCensusConfig { core.v3.GrpcService stackdriver_grpc_service = 13; // Enables the Zipkin exporter if set to true. The url and service name must - // also be set. - bool zipkin_exporter_enabled = 5; + // also be set. This is deprecated, prefer to use Envoy's :ref:`native Zipkin + // tracer `. + bool zipkin_exporter_enabled = 5 [deprecated = true]; - // The URL to Zipkin, e.g. "http://127.0.0.1:9411/api/v2/spans" - string zipkin_url = 6; + // The URL to Zipkin, e.g. "http://127.0.0.1:9411/api/v2/spans". This is + // deprecated, prefer to use Envoy's :ref:`native Zipkin tracer + // `. + string zipkin_url = 6 [deprecated = true]; // Enables the OpenCensus Agent exporter if set to true. The ocagent_address or // ocagent_grpc_service must also be set. diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/trace.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/trace.proto index e1db72a2fd..472e38b5ab 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/trace.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/trace.proto @@ -2,8 +2,6 @@ syntax = "proto3"; package envoy.config.trace.v3; -import "udpa/annotations/status.proto"; - import public "envoy/config/trace/v3/datadog.proto"; import public "envoy/config/trace/v3/dynamic_ot.proto"; import public "envoy/config/trace/v3/http_tracer.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/zipkin.proto b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/zipkin.proto index 928e139831..2c1026b830 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/zipkin.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/config/trace/v3/zipkin.proto @@ -20,7 +20,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Configuration for the Zipkin tracer. // [#extension: envoy.tracers.zipkin] -// [#next-free-field: 6] +// [#next-free-field: 7] message ZipkinConfig { option (udpa.annotations.versioning).previous_message_type = "envoy.config.trace.v2.ZipkinConfig"; @@ -65,4 +65,8 @@ message ZipkinConfig { // Determines the selected collector endpoint version. By default, the ``HTTP_JSON_V1`` will be // used. CollectorEndpointVersion collector_endpoint_version = 5; + + // Optional hostname to use when sending spans to the collector_cluster. Useful for collectors + // that require a specific hostname. Defaults to :ref:`collector_cluster ` above. + string collector_hostname = 6; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/common/fault/v3/fault.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/common/fault/v3/fault.proto index dc4f2c34ef..b5b1dbd463 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/common/fault/v3/fault.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/common/fault/v3/fault.proto @@ -6,7 +6,6 @@ import "envoy/type/v3/percent.proto"; import "google/protobuf/duration.proto"; -import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; import "validate/validate.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto index 2f30e95f34..877569ee47 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto @@ -16,12 +16,8 @@ import "envoy/type/v3/percent.proto"; import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; -import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; -import "xds/core/v3/resource_locator.proto"; - -import "envoy/annotations/deprecation.proto"; import "udpa/annotations/migrate.proto"; import "udpa/annotations/security.proto"; import "udpa/annotations/status.proto"; @@ -37,7 +33,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // HTTP connection manager :ref:`configuration overview `. // [#extension: envoy.filters.network.http_connection_manager] -// [#next-free-field: 42] +// [#next-free-field: 43] message HttpConnectionManager { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager"; @@ -342,6 +338,10 @@ message HttpConnectionManager { // ` does not apply to // this corner case. // + // If the :ref:`overload action ` "envoy.overload_actions.reduce_timeouts" + // is configured, this timeout is scaled according to the value for + // :ref:`HTTP_DOWNSTREAM_STREAM_IDLE `. + // // Note that it is possible to idle timeout even if the wire traffic for a stream is non-idle, due // to the granularity of events presented to the connection manager. For example, while receiving // very large request headers, it may be the case that there is traffic regularly arriving on the @@ -549,7 +549,20 @@ message HttpConnectionManager { // Without setting this option, incoming requests with host `example:443` will not match against // route with :ref:`domains` match set to `example`. Defaults to `false`. Note that port removal is not part // of `HTTP spec `_ and is provided for convenience. - bool strip_matching_host_port = 39; + // Only one of `strip_matching_host_port` or `strip_any_host_port` can be set. + bool strip_matching_host_port = 39 + [(udpa.annotations.field_migrate).oneof_promotion = "strip_port_mode"]; + + oneof strip_port_mode { + // Determines if the port part should be removed from host/authority header before any processing + // of request by HTTP filters or routing. The port would be removed only if request method is not CONNECT. + // This affects the upstream host header as well. + // Without setting this option, incoming requests with host `example:443` will not match against + // route with :ref:`domains` match set to `example`. Defaults to `false`. Note that port removal is not part + // of `HTTP spec `_ and is provided for convenience. + // Only one of `strip_matching_host_port` or `strip_any_host_port` can be set. + bool strip_any_host_port = 42; + } // Governs Envoy's behavior when receiving invalid HTTP from downstream. // If this option is false (default), Envoy will err on the conservative side handling HTTP @@ -651,13 +664,7 @@ message Rds { // API. This allows an Envoy configuration with multiple HTTP listeners (and // associated HTTP connection manager filters) to use different route // configurations. - string route_config_name = 2 - [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; - - // Resource locator for RDS. This is mutually exclusive to *route_config_name*. - // [#not-implemented-hide:] - xds.core.v3.ResourceLocator rds_resource_locator = 3 - [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; + string route_config_name = 2; } // This message is used to work around the limitations with 'oneof' and repeated fields. @@ -809,7 +816,7 @@ message ScopedRds { [(validate.rules).message = {required: true}]; } -// [#next-free-field: 6] +// [#next-free-field: 7] message HttpFilter { option (udpa.annotations.versioning).previous_message_type = "envoy.config.filter.network.http_connection_manager.v2.HttpFilter"; @@ -833,6 +840,12 @@ message HttpFilter { // Extension configs delivered through this mechanism are not expected to require warming (see https://github.com/envoyproxy/envoy/issues/12061). config.core.v3.ExtensionConfigSource config_discovery = 5; } + + // If true, clients that do not support this filter may ignore the + // filter but otherwise accept the config. + // Otherwise, clients that do not support this filter must reject the config. + // [#not-implemented-hide:] + bool is_optional = 6; } message RequestIDExtension { diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/cert.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/cert.proto index cf5dc597aa..b451d45381 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/cert.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/cert.proto @@ -2,8 +2,6 @@ syntax = "proto3"; package envoy.extensions.transport_sockets.tls.v3; -import "udpa/annotations/status.proto"; - import public "envoy/extensions/transport_sockets/tls/v3/common.proto"; import public "envoy/extensions/transport_sockets/tls/v3/secret.proto"; import public "envoy/extensions/transport_sockets/tls/v3/tls.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto index 2b545b35ee..1def231a37 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/common.proto @@ -6,7 +6,6 @@ import "envoy/config/core/v3/base.proto"; import "envoy/type/matcher/v3/string.proto"; import "google/protobuf/any.proto"; -import "google/protobuf/struct.proto"; import "google/protobuf/wrappers.proto"; import "udpa/annotations/sensitive.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/secret.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/secret.proto index 86f123be07..f7c849c033 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/secret.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/secret.proto @@ -6,9 +6,6 @@ import "envoy/config/core/v3/base.proto"; import "envoy/config/core/v3/config_source.proto"; import "envoy/extensions/transport_sockets/tls/v3/common.proto"; -import "xds/core/v3/resource_locator.proto"; - -import "udpa/annotations/migrate.proto"; import "udpa/annotations/sensitive.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -31,18 +28,10 @@ message GenericSecret { message SdsSecretConfig { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.SdsSecretConfig"; - // Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to. - // When both name and config are specified, then secret can be fetched and/or reloaded via - // SDS. When only name is specified, then secret will be loaded from static resources. - string name = 1 [ - (validate.rules).string = {min_len: 1}, - (udpa.annotations.field_migrate).oneof_promotion = "name_specifier" - ]; - - // Resource locator for SDS. This is mutually exclusive to *name*. - // [#not-implemented-hide:] - xds.core.v3.ResourceLocator sds_resource_locator = 3 - [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; + // Name by which the secret can be uniquely referred to. When both name and config are specified, + // then secret can be fetched and/or reloaded via SDS. When only name is specified, then secret + // will be loaded from static resources. + string name = 1 [(validate.rules).string = {min_len: 1}]; config.core.v3.ConfigSource sds_config = 2; } diff --git a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto index e11b269197..2c5a8bf21d 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/tls.proto @@ -6,7 +6,6 @@ import "envoy/config/core/v3/extension.proto"; import "envoy/extensions/transport_sockets/tls/v3/common.proto"; import "envoy/extensions/transport_sockets/tls/v3/secret.proto"; -import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/service/discovery/v3/discovery.proto b/xds/third_party/envoy/src/main/proto/envoy/service/discovery/v3/discovery.proto index c35c5595fc..4a2547df39 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/service/discovery/v3/discovery.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/service/discovery/v3/discovery.proto @@ -8,10 +8,6 @@ import "google/protobuf/any.proto"; import "google/protobuf/duration.proto"; import "google/rpc/status.proto"; -import "xds/core/v3/resource_locator.proto"; -import "xds/core/v3/resource_name.proto"; - -import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; @@ -108,7 +104,6 @@ message DiscoveryResponse { // required for non-stream based xDS implementations. string nonce = 5; - // [#not-implemented-hide:] // The control plane instance that sent the response. config.core.v3.ControlPlane control_plane = 6; } @@ -145,7 +140,7 @@ message DiscoveryResponse { // In particular, initial_resource_versions being sent at the "start" of every // gRPC stream actually entails a message for each type_url, each with its own // initial_resource_versions. -// [#next-free-field: 10] +// [#next-free-field: 8] message DeltaDiscoveryRequest { option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.DeltaDiscoveryRequest"; @@ -181,22 +176,9 @@ message DeltaDiscoveryRequest { // A list of Resource names to add to the list of tracked resources. repeated string resource_names_subscribe = 3; - // As with *resource_names_subscribe* but used when subscribing to resources indicated - // by a *xds.core.v3.ResourceLocator*. The directives in the resource locator - // are ignored and the context parameters are matched with - // *context_param_specifier* specific semantics. - // [#not-implemented-hide:] - repeated xds.core.v3.ResourceLocator xds_resources_subscribe = 8; - // A list of Resource names to remove from the list of tracked resources. repeated string resource_names_unsubscribe = 4; - // As with *resource_names_unsubscribe* but used when unsubscribing to resources indicated by a - // *xds.core.v3.ResourceLocator*. This must match a previously subscribed - // resource locator provided in *xds_resources_subscribe*. - // [#not-implemented-hide:] - repeated xds.core.v3.ResourceLocator xds_resources_unsubscribe = 9; - // Informs the server of the versions of the resources the xDS client knows of, to enable the // client to continue the same logical xDS session even in the face of gRPC stream reconnection. // It will not be populated: [1] in the very first stream of a session, since the client will @@ -235,22 +217,19 @@ message DeltaDiscoveryResponse { // Type URL for resources. Identifies the xDS API when muxing over ADS. // Must be consistent with the type_url in the Any within 'resources' if 'resources' is non-empty. - // This does not need to be set if *udpa_removed_resources* is used instead of - // *removed_resources*. string type_url = 4; // Resources names of resources that have be deleted and to be removed from the xDS Client. // Removed resources for missing resources can be ignored. repeated string removed_resources = 6; - // As with *removed_resources* but used when a removed resource was named in - // its *Resource*s with a *xds.core.v3.ResourceName*. - // [#not-implemented-hide:] - repeated xds.core.v3.ResourceName udpa_removed_resources = 7; - // The nonce provides a way for DeltaDiscoveryRequests to uniquely // reference a DeltaDiscoveryResponse when (N)ACKing. The nonce is required. string nonce = 5; + + // [#not-implemented-hide:] + // The control plane instance that sent the response. + config.core.v3.ControlPlane control_plane = 7; } // [#next-free-field: 8] @@ -267,11 +246,7 @@ message Resource { } // The resource's name, to distinguish it from others of the same type of resource. - string name = 3 [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; - - // Used instead of *name* when a resource with a *xds.core.v3.ResourceName* is delivered. - xds.core.v3.ResourceName xds_resource_name = 5 - [(udpa.annotations.field_migrate).oneof_promotion = "name_specifier"]; + string name = 3; // The aliases are a list of other names that this resource can go by. repeated string aliases = 4; diff --git a/xds/third_party/envoy/src/main/proto/envoy/service/load_stats/v2/lrs.proto b/xds/third_party/envoy/src/main/proto/envoy/service/load_stats/v2/lrs.proto index d8707bd62c..7ab87c2dfb 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/service/load_stats/v2/lrs.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/service/load_stats/v2/lrs.proto @@ -8,7 +8,6 @@ import "envoy/api/v2/endpoint/load_report.proto"; import "google/protobuf/duration.proto"; import "udpa/annotations/status.proto"; -import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.service.load_stats.v2"; option java_outer_classname = "LrsProto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/service/load_stats/v3/lrs.proto b/xds/third_party/envoy/src/main/proto/envoy/service/load_stats/v3/lrs.proto index 76705ba777..ca8377e1ca 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/service/load_stats/v3/lrs.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/service/load_stats/v3/lrs.proto @@ -9,7 +9,6 @@ import "google/protobuf/duration.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; -import "validate/validate.proto"; option java_package = "io.envoyproxy.envoy.service.load_stats.v3"; option java_outer_classname = "LrsProto"; diff --git a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/string.proto b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/string.proto index 7a91b58f3b..78e1572bf8 100644 --- a/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/string.proto +++ b/xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/string.proto @@ -4,7 +4,6 @@ package envoy.type.matcher.v3; import "envoy/type/matcher/v3/regex.proto"; -import "envoy/annotations/deprecation.proto"; import "udpa/annotations/status.proto"; import "udpa/annotations/versioning.proto"; import "validate/validate.proto";