istio · istio-testing · Dec 13, 2022 · Dec 9, 2022 · Dec 12, 2022
@@ -1411,6 +1411,15 @@ <h2 id="LoadBalancerSettings-ConsistentHashLB">LoadBalancerSettings.ConsistentHa
 properties. The affinity to a particular destination host may be
 lost when one or more hosts are added/removed from the destination
 service.</p>
+<p>Note: consistent hashing is less reliable at maintaining affinity than common
+&ldquo;sticky sessions&rdquo; implementations, which often encode a specific destination in
+a cookie, ensuring affinity is maintained as long as the backend remains.
+With consistent hash, the guarantees are weaker; any host addition or removal can
+break affinity for <code>1/backends</code> requests.</p>
+<p>Warning: consistent hashing depends on each proxy having a consistent view of endpoints.
+This is not the case when locality load balancing is enabled. Locality load balancing
+and consistent hash will only work together when all proxies are in the same locality,
+or a high level load balancer handles locality affinity.</p>
 
 <table class="message-fields">
 <thead>

@@ -10,14 +10,16 @@
 number_of_entries: 1
 ---
 <p>Accesslog Policy plugin is a stateful http log sampler.
-It decides whether a request is logged based on the following rules.
- 1. All requests resulting in errors are logged.
- 2. First successful request within log<em>window</em>duration from a specific
- source ip (source principal) is logged.
-The plugin records its decision in the istio.access<em>log</em>policy attribute with
+It decides whether a request is logged based on the following rules.</p>
+<ol>
+<li>All requests resulting in errors are logged.</li>
+<li>First successful request within log_window_duration from a specific
+source ip (source principal) is logged.
+The plugin records its decision in the istio.access_log_policy attribute with
 a value of &ldquo;no&rdquo;. A downstream plugin may honor the the attribute. For
 example, Stackdriver plugin will not produce an access log entry if this
-attribute is set.</p>
+attribute is set.</li>
+</ol>
 
 <h2 id="AccessLogPolicyConfig">AccessLogPolicyConfig</h2>
 <section>

@@ -10,15 +10,13 @@
 weight: 20
 number_of_entries: 3
 ---
-<p>AttributeGen plugin uses <a href="https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/rbac_filter#condition">builtin attributes</a>
+<p>AttributeGen plugin uses <a href="https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes">builtin
+attributes</a>
 as inputs and produces new attributes that can be used by downstream plugins.</p>
-
 <p>The following is an example of a configuration that produces one attribute
 named <code>istio_operationId</code> using <code>request.url_path</code> and <code>request.method</code>.</p>
-
 <p>{{<tabset category-name="example">}}
 {{<tab name="v1alpha3" category-value="v1alpha3">}}</p>
-
 <pre><code class="language-yaml">{
   &quot;attributes&quot;: [
     {
@@ -46,20 +44,15 @@
 }
 
 </code></pre>
-
 <p>{{</tab>}}
 {{</tabset>}}</p>
-
 <p>If the Stats plugin runs after AttributeGen, it can use <code>istio_operationId</code>
 to populate a dimension on a metric.</p>
-
 <p>The following is an example of response codes being mapped into a smaller
 number of response classes as the <code>istio_responseClass</code> attribute. For
 example, all response codes in 200s are mapped to <code>2xx</code>.</p>
-
 <p>{{<tabset category-name="example">}}
 {{<tab name="v1alpha3" category-value="v1alpha3">}}</p>
-
 <pre><code class="language-yaml">{
   &quot;attributes&quot;: [
     {
@@ -99,11 +92,9 @@
 }
 
 </code></pre>
-
 <p>{{</tab>}}
 {{</tabset>}}</p>
-
-<p>If multiple AttributeGene configurations produce the same attribute, the
+<p>If multiple AttributeGen configurations produce the same attribute, the
 result of the last configuration will be visible to downstream filters.</p>
 
 <h2 id="PluginConfig">PluginConfig</h2>
@@ -168,22 +159,17 @@ <h2 id="AttributeGeneration">AttributeGeneration</h2>
 <p>The name of the attribute that is populated on a successful match.
 An attribute name SHOULD NOT contain a <code>.</code>. You may use underscores for
 namespacing instead.</p>
-
 <p>Example: <code>istio_operationId</code></p>
-
 <p><code>istio_</code> attribute namespace is reserved by Istio.</p>
-
 <p>AttributeGeneration may fail to evaluate when an attribute is not
 available. For example, <code>response.code</code> may not be available when a request
 ends abruptly. When attribute generation fails, it will not populate the
 attribute.</p>
-
 <p>If the generated attribute is used by an authz plugin, it should account
 for the possibility that the attribute may be missing. Use
 <code>has(attribute_name)</code> function to check for presence of an attribute before
 using its value, and provide appropriate defaults. For example the
 following is a safe use of <code>response.code</code></p>
-
 <p><code>has(response.code)?response.code:200</code></p>
 
 </td>
@@ -228,37 +214,29 @@ <h2 id="Match">Match</h2>
 <td>
 <p>The condition is a <a href="https://github.com/google/cel-spec/blob/master/doc/langdef.md">CEL
 expression</a>
-that may use <a href="https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes#attributes">builtin attributes</a>.</p>
-
+that may use <a href="https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/advanced/attributes#attributes">builtin
+attributes</a>.</p>
 <p>Example:</p>
-
 <p>{{<tabset category-name="example">}}
 {{<tab name="attribute-match" >}}</p>
-
 <pre><code class="language-yaml">   {
      &quot;value&quot;: &quot;GetBook&quot;,
      &quot;condition&quot;:
      &quot;request.url_path.matches('^/shelves/[[:alnum:]]*/books/[[:alnum:]]*$')
      &amp;&amp; request.method == 'GET'&quot;
    },
 </code></pre>
-
 <p>Note: CEL uses <a href="https://github.com/google/re2/wiki/Syntax">re2</a> regex
 library. Use anchors <code>{^, $}</code> to ensure that the regex evaluates
 efficiently.</p>
-
 <p>Note: <code>request.url_path</code> is normalized and stripped of query params.</p>
-
 <p>a Read only operation on books</p>
-
 <pre><code class="language-yaml">{ &quot;value&quot;: &quot;ReadOnlyBooks&quot;,
   &quot;condition&quot;: &quot;request.url_path.startsWith('/books/') &amp;&amp;
   in(request.method, ['GET', 'HEAD'])&quot;}
 </code></pre>
-
 <p>{{</tab>}}
 {{</tabset>}}</p>
-
 <p>An empty condition evaluates to <code>true</code> and should be used to provide a
 default value.</p>
 

@@ -40,7 +40,6 @@ <h2 id="PluginConfig">PluginConfig</h2>
 <h2 id="google-protobuf-UInt32Value">google.protobuf.UInt32Value</h2>
 <section>
 <p>Wrapper message for <code>uint32</code>.</p>
-
 <p>The JSON representation for <code>UInt32Value</code> is JSON number.</p>
 
 <table class="message-fields">