Document changes in envoy 1.31 upgrade

Question

Document changes in envoy 1.31 upgrade

andy-fong opened this issue 3 months ago · 0 comments

andy-fong commented 3 months ago

Version

main (1.18.x beta)

Gateway API

Gloo Edge API

Describe the requested changes

Removed config setting:

We mentioned using “envoy.reloadable_features.token_passed_entirely in docs/content/operations/upgrading/faq.md when gloo 1.17 upgraded to 1.29 from 1.27 envoy. This runtime flag is removed and can no longer be turned off. So, need to remove that for our doc and probably call this out in the upgrade FAQ

jwt_authn change:

jwt_authn: jwt_authn now validates provider URIs. If the validation is too strict it can temporarily be disabled by setting the runtime guard envoy.reloadable_features.jwt_authn_validate_uri to false.

This might impact customers if their provider URI is not strictly following the RFC. Here is some common issue that might work before but will not longer work (envoy would not start):
Common Validation Failure with this release:

hostname contains _ (underscore character)
url contains non-English characters (ASCII code > 127)
url contains unencoded (space character)
url contains TAB (ASCII code 9) or FormFeed (ASCII code 12) characters

The parser code used to validate the URL is here. The compile time flag HTTP_PARSER_STRICT is on by default and we have not disabled it.

Other changes:
Other changes are minor and might just need to be called out in the change log but the full list can be found in this doc under Action Items -> ChangeLog Callouts

Link to any relevant existing docs

https://docs.solo.io/gloo-edge/latest/operations/upgrading/faq/#breaking-changes

Browser Information

No response

Additional Context

No response