-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pr/jrajahalme/envoy 1.17.3 backport v1.8 #16115
Conversation
test-backport-1.8 |
0434818
to
718164a
Compare
Added #14462 |
test-backport-1.8 |
Travis CI for amd64 failed due to docker pull rate limit, arm64 build succeeded:
|
Will rerun after rebase once #16105 lands. |
Every test other than Travis passed. |
Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
[ upstream commit df0c9bb ] Envoy v2 APIs have been deprecarted in the newer Envoy releases, prepare for their removal by shifting to v3 APIs. NPDS and NPHDS still use v2 API elements for backwards compatibility with running Istio sidecars. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit e8d7307 ] Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit 09af6a6 ] Add access log message type for Kafka. Split multiple topics to separate access log messages on the cilium agent side for backwards compatibility. Refine the so far unused Kafka rule message. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
Use new options instead of these deprecated fields to avoid deprecation warnings: - RouteAction.max_grpc_timeout - Cluster.protocol_selection - Cluster.http2_protocol_options Define runtime option "overload.global_downstream_max_connections" to avoid a warning like: "there is no configured limit to the number of allowed active connections. Set a limit via the runtime key overload.global_downstream_max_connections" Fixes: #14919 Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
[ upstream commit 2df25bb ] protobuf.Message may contain a mutex, which trips the go vet linter in the CI. Fix by using .String() instead on debug messages, and using a pointer to transfer ownership rather than a copy. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
[ upstream commit f4407e7 ] The updated protobuf implementation contains cyclical data structures and unexported fields that can not be compared. Add a new checker "ExportedEquals" that only compares exported fields of the given data structures. This ignoring of unexported fields is not safe for comparing arbitrary data structures which may store internal state in unexported fields. Use this new "ExportedEquals" checker to compare protobuf Messages. This avoids comparing global data structures pointer to by protobuf implementation specific fields. Avoid infinite recursion by keeping track which pointers have already been followed. Change existing use of checker.Equals to use simple Equals or HasLen instead when possible. Signed-off-by: Jarno Rajahalme <jarno@covalent.io>
[ upstream commit d7b7672 ] Update Envoy to release 1.17.3 which fixes CVE-2021-29492. Configure cilium-envoy with path normalization, path slash merge, and path escaped slash unescaping by default. This setting can be reverted with Cilium agent option --http-normalize-path=false. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
718164a
to
e833482
Compare
test-backport-1.8 |
This reverts commit 60aa69b. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
1db3dab
to
3a93ce3
Compare
test-backport-1.8 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I recognize that this is quite a bit of churn for v1.8 this late, but given that (1) these are mostly backports for changes that users have been running already in v1.9 for some time and (2) the security background for this (+ benefits for future updates), I think it's a reasonable tradeoff.
Everything else passed, good to merge 👍 |
Once this PR is merged, you can update the PR labels via: