Envoy Proxy has announced the release of 1.16 for general availability. The updates include the new support for ARM64 architecture, an update that has been a lot of work in the making with strong collaboration between ARM and the Envoy community.
Lizan Zhou commented that “The number of Arm64 platforms available in the market is increasing, from a single board computer to loud offerings such as a new type of AWS instance. Supporting Arm64 officially in Envoy has been asked for, for a long time, and it will help with larger adoption of Envoy.”
To dive deep into Envoy’s support for ARM64-based Linux, register now for EnvoyCon, Oct. 15, 2020. Tetrate’s Lizan Zhou, Envoy Maintainer, will speak on this topic at 8:10 a.m. PDT.
Other notable enhancements in 1.16 include:
- Admission control filter for client-side throttling
- The additional filter has been added to enable client-side request throttling which allows users to limit the number of requests per second on the client side.
- Addition of ‘use_tcp_for_dns_lookups’
- This new dynamic forward proxy update means that TCP will always be used for DNS lookups as opposed to UDP — presently, there’s minimal support for UDP, and this extension forces the use of TCP.
- More support for ‘dns_filter’
- Additional support has been added for answering service record queries.
- CDN loop filter, and documentation now available
- The CDN loop filter checks to see how many times a specific CDN identifier has appeared in the CDN-Loop header. Then, if the check passes, the filter then adds the CDN identifier to the end of the CDN-Loop header and passes the request to the next upstream filter. To find out more, read the new supporting documentation here.
- Fault injection support for redis proxy
- Addition of generic body matchers to automatically scan http requests to the tap component
- This works specifically for text strings and hex strings located in HTTP body, and must be found in the body for a positive match. Because the http body can be CPU sensitive, this addition also makes it possible to limit the search to a particular number of bytes before you start.
- Set limits of ‘max_downstream_connection_duration’ in TCP Proxy
- This addition allows users to define the maximum length of a connection to the service, if the maximum limit is reached, then the connection will be terminated.
- OCSP stapling support added to TLS
- The addition of ‘ocsp_staple’ and ‘ocsp_staple_policy’ adds an Online Certificate Status Protocol (OCSP) response to a TLS certificate during the handshake by allowing a pre-computed response to each request. OCSP responses must be valid and provide confirmation that the certificate has not been revoked, whilst the ‘ocsp_staple_policy’ controls whether Envoy continues or ceases to use a certificate without stapling when the expected OCSP response is missing or expired.
- Dynamic metadata filters
- In access logs, a newly added dynamic metadata filter changes how logs can be gathered using ‘matcher’ and ‘match_if_key_not_found’ with this addition, information is only logged if the matcher value is the same as the metadata value, if they don’t match, they won’t be logged.
A complete list of 1.16 features can be found in the Envoy community release notes.
- Get Envoy updates on Twitter: @envoyproxy and @GetEnvoyProxy
- Use GetEnvoy, Tetrate’s open source project that makes it easy to install and upgrade Envoy: www.getenvoy.io
- Contact Tetrate to receive insider updates on service mesh
- Read more about Envoy community events
Envoy is an edge and service proxy that functions as a service mesh data plane. Tetrate is a major contributor to the open source project and created GetEnvoy to make it easy to install and upgrade Envoy.