Update to Envoy 07bece5 (for Istio 1.29.0)#17
Open
gavin-jeong wants to merge 15 commits intorelease/07bece5-sendbird-customfrom
Open
Update to Envoy 07bece5 (for Istio 1.29.0)#17gavin-jeong wants to merge 15 commits intorelease/07bece5-sendbird-customfrom
gavin-jeong wants to merge 15 commits intorelease/07bece5-sendbird-customfrom
Conversation
Include code formatting improvements for consistent style in trace test files.
This commit introduces QUIC/HTTP3 keylog functionality in Envoy, enabling generation of NSS Key Log Format files for Wireshark and other debugging tools. - Keylog callback registration in OnNewSslCtx() - Implementation of EnvoyQuicProofSource::setupQuicKeylogCallback() and quicKeylogCallback() - TLS context–based keylog configuration with per–filter chain caching and thread safety - Address filtering via local/remote IP lists - Fallback to SSLKEYLOGFILE environment variable for compatibility with existing workflows - QuicKeylogBridge integration with Envoy’s existing TLS keylog infrastructure - RawBufferSocket fallback fix in QuicServerTransportSocketFactory::createDownstreamTransportSocket() - Comprehensive unit tests including edge cases Signed-off-by: Chanhun Jeong <keyolk@gmail.com>
…uction This commit combines multiple fixes for Redis cluster stability: - Fix race conditions in cluster destruction by capturing is_destroying_ flag - Add comprehensive null checks to prevent segfaults during cluster destruction - Use local shared_ptr copies to prevent race conditions - Use shared_from_this() to keep RedisDiscoverySession alive during timer callbacks - Fix use-after-free by using session-owned flag instead of parent reference These fixes ensure safe cleanup of Redis clusters and prevent crashes during cluster removal and timer callback execution.
Add TraceSampledFormatter that uses Envoy's internal tracing decision (stream_info.traceReason()) This approach works correctly at trace origin points (e.g., Istio Ingress Gateway) where no incoming traceparent header exists. Usage: %TRACE_SAMPLED% in access log format Returns: "true" if traced, "false" otherwise Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add per-shard statistics for Redis proxy to track hot shard usage: - enable_per_shard_stats: Emits per-shard request counters - upstream_rq_total: Total requests to each shard - upstream_rq_success: Successful requests - upstream_rq_failure: Failed requests - upstream_rq_active: Active requests (gauge) - enable_per_shard_latency_stats: Emits latency histogram - upstream_rq_time: Request latency in microseconds All metrics are scoped under: cluster.<cluster_name>.shard.<host_address>.* Per-shard command-level stats are also recorded when enable_command_stats is enabled alongside the per-shard options. Note: These options may significantly increase metric cardinality in large clusters. Use with caution in production environments.
This change implements zone-aware routing for Redis Cluster, allowing read requests to be routed to replicas in the same availability zone as the client. Key changes: - Add enable_zone_discovery config option to redis_cluster.proto - Add az_affinity and az_affinity_replicas_and_primary read policies - Implement INFO command-based zone discovery during cluster slot updates - Store zone info in host locality for standard Envoy locality handling - RedisShard groups replicas by zone for efficient zone-aware routing Zone Discovery Flow: 1. CLUSTER SLOTS response triggers zone discovery when enabled 2. INFO command sent to each unique node to get availability_zone 3. Zones stored in host->locality().zone() when hosts are created 4. RedisShard reads zone from host locality, groups replicas by zone Read Policies: - AzAffinity: local replicas -> any replica -> primary - AzAffinityReplicasAndPrimary: local replicas -> local primary -> any replica -> primary Note: This feature currently works with Valkey only. Valkey exposes availability_zone in its INFO response. Standard Redis does not support this field. Signed-off-by: Doogie Min <doogie.min@sendbird.com>
Add TLS certificate compression with brotli, zstd, and zlib algorithms. This reduces TLS handshake size, especially beneficial for QUIC where the ServerHello needs to fit in the initial response. Key changes: - Move cert_compression from quic/ to tls/ for shared use - Add brotli and zstd algorithms alongside existing zlib - Add compression stats: ssl.certificate_compression.<algo>.* - Add runtime flag (default: disabled) for safe rollout - Fix SSL_CTX app_data crash risk for QUIC by using SSL_CTX_get_ex_new_index() Runtime guard: envoy.reloadable_features.tls_support_certificate_compression Cherry-picked from upstream PR envoyproxy#42690 (not yet merged).
The HostImpl constructor expects a const reference, not a shared_ptr.
gavin-jeong
force-pushed
the
update_to_07bece5
branch
from
98620bd to
d4ad1c5
Compare
- //bazel/foreign_cc:zlib -> //bazel:zlib (foreign_cc removed in v1.37) - //bazel/foreign_cc:zstd -> @zstd (external dep)
In v1.37, FormatterProvider uses format/formatValue with Context& instead of formatWithContext/formatValueWithContext with HttpFormatterContext&. Updated TraceSampledFormatter accordingly.
In v1.37, HostImpl's constructor expects shared_ptr<const Locality> instead of const Locality&. Remove dereference of makeLocalityWithZone result to pass the shared_ptr directly.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
07bece5476a5e3c95c8b0a3df4e41d3dd0769df4release/v1.35.6-sendbird-customEnvoy Details
Cherry-picked Patches (11)
Test Plan
Related PRs
Merge Order