Envoy Runtime Feature [envoy.reloadable_features.use_http_client_to_fetch_aws_credentials : true ]

Question

How do I enable Envoy runtime feature envoy.reloadable_features.use_http_client_to_fetch_aws_credentials : true?

I added directly in the Envoy config.yaml file but it was not recognized and EKS pod running Envoy is crashing. Is there a way to enable a runtime feature?

Envoy config.yaml snippet:

envoy.reloadable_features.use_http_client_to_fetch_aws_credentials: true

static_resources:
  listeners:
    - address:
        socket_address:
          address: 0.0.0.0
          port_value: 8080
      filter_chains:
        - transport_socket:
            name: envoy.transport_sockets.tls
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
....

Envoy process: /usr/local/bin/envoy -c /config/config.yaml

Error logs:

[2024-03-07 20:53:34.022][1][debug][init] [source/common/init/watcher_impl.cc:31] init manager Server destroyed
Protobuf message (type envoy.config.bootstrap.v3.Bootstrap reason INVALID_ARGUMENT: invalid JSON   in envoy.config.bootstrap.v3.Bootstrap,   near 1:4724  (offset 4723): no   such field: 'envoy.reloadable_f
eatures.use_http_client_to_fetch_aws_credentials') has unknown fields

Answer 1

I got the clue that we can set the runtime variable using layers.

Reference: https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#config-runtime-bootstrap

cat config.yaml

layered_runtime:
  layers:
    - name: static_layer
      static_layer:
        envoy.reloadable_features.use_http_client_to_fetch_aws_credentials: true


static_resources:
  listeners:
    - address:
        socket_address:
          address: 0.0.0.0
          port_value: 8080
      filter_chains:
        - transport_socket:
            name: envoy.transport_sockets.tls
            typed_config:
              "@type": type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext
....