Upgrade gRPC to 1.25 which has gRPC STS feature#145
Upgrade gRPC to 1.25 which has gRPC STS feature#145PiotrSikora merged 3 commits intoistio:release-1.4from
Conversation
|
cc @istio/release-managers-1-4 |
howardjohn
left a comment
howardjohn
left a comment
There was a problem hiding this comment.
shouldn't there be an Envoy upstream PR that applies your patch and is cherry picked back here? otherwise we would be maintaining a diverging branch. This applies even more so to master and 1.5 branch but I think is relevant here as well
I will update envoy upstream in a separate PR today or tomorrow, and upgrade gRPC SHA to the same SHA as this PR. If I upgrade envoy upstream from gRPC 1.25 to that SHA, the change is only in repository_locations.bzl. when I cherry-pick that upgrade PR into istio/envoy 1.4 branch, I still need to make changes to other files to fix the build issue. I think the risk of diverge is low. |
|
Ok I think this makes sense, but I would like approval from a proxy owner before merging |
Thanks a lot! |
|
Two comments:
|
|
Merging, because but I still think it's a bad idea... |
This reverts commit 03ecfad.
…fixes. (#180) * Revert "fix opencensus tracer (#155)" This reverts commit 063eeb9. * Revert "Add x-goog-user-proj header for sts credential (#152)" This reverts commit 37dbbd4. * Revert "Update GrpcService to add StsService. (envoyproxy#411)" This reverts commit ab59731. * Revert "fix tracer ssl credential (#151)" This reverts commit 02901d0. * Revert "remove url validation as it is not implemented" This reverts commit 3eb2101. * Revert "Use gRPC Security Token Service (STS) to get call credentials (envoyproxy#9101)" This reverts commit ec6b907. * Revert "[release-1.4] Use sts for call credential when STS_PORT is provided in node metadata #144 (#148)" This reverts commit 7081e43. * Revert "Upgrade gRPC to 1.25 which has gRPC STS feature (#145)" This reverts commit 03ecfad. * ci: mark //test/integration:protocol_integration_test as flaky. (#162) Backport envoyproxy/envoy-wasm#422 and its prerequisite (envoyproxy#10009). * Plumb the flaky flag from envoy_cc_test to the native.cc_test (envoyproxy#10009) Signed-off-by: Yan Avlasov <yavlasov@google.com> * ci: mark //test/integration:protocol_integration_test as flaky. (envoyproxy#422) Signed-off-by: Piotr Sikora <piotrsikora@google.com> * Remove wasm filter stress test Signed-off-by: gargnupur <gargnupur@google.com> * Remove wasm stress test framework Signed-off-by: gargnupur <gargnupur@google.com> Co-authored-by: Piotr Sikora <piotrsikora@google.com> Co-authored-by: Nupur Garg <37600866+gargnupur@users.noreply.github.com>
…eject partial headers that exceed configured limits (#145) Signed-off-by: Antonio Vicente <avd@google.com>
…eject partial headers that exceed configured limits (#145) Improve the robustness of HTTP1 request and response header size checks by including the request URL in the request header size, and add missing header size check when parsing header field names. The missing header field name size check can result in excessive buffering up to a hard-coded 32MB limit until timeout. The missing request URL size check can result in Envoy attempting to route match and proxy HTTP/1.1 requests with URLs up to a hard-coded 32MB limit, which could result in excess memory usage or performance problems in regex route matches. Signed-off-by: Antonio Vicente <avd@google.com> Signed-off-by: John Plevyak <jplevyak@gmail.com>
…eject partial headers that exceed configured limits (#145) Improve the robustness of HTTP1 request and response header size checks by including the request URL in the request header size, and add missing header size check when parsing header field names. The missing header field name size check can result in excessive buffering up to a hard-coded 32MB limit until timeout. The missing request URL size check can result in Envoy attempting to route match and proxy HTTP/1.1 requests with URLs up to a hard-coded 32MB limit, which could result in excess memory usage or performance problems in regex route matches. Signed-off-by: Antonio Vicente <avd@google.com> Signed-off-by: John Plevyak <jplevyak@gmail.com>
…eject partial headers that exceed configured limits (#145) Signed-off-by: antonio <avd@google.com>
5 participants
For an explanation of how to fill out the fields, please see the relevant section
in PULL_REQUESTS.md
Upgrade gRPC to d8f4928fa779f6005a7fe55a176bdb373b0f910f (1.25.x).
Follow envoyproxy#9041 that updates gRPC from 1.22 to 1.25.
Follow envoyproxy#6584 that fixes compile issues complained by clang-8.
Description:
Risk Level: Low
Testing: Existing Tests
Docs Changes: N/A
Release Notes: N/A
istio/istio#20133