v1alpha3

package
v0.6.0-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 8, 2023 License: Apache-2.0 Imports: 102 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// EnvoyTextLogFormat format for envoy text based access logs for Istio 1.9 onwards.
	// This includes the additional new operator RESPONSE_CODE_DETAILS and CONNECTION_TERMINATION_DETAILS that tells
	// the reason why Envoy rejects a request.
	EnvoyTextLogFormat = "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% " +
		"%PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% " +
		"%RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% " +
		"\"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% " +
		"%DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" " +
		"\"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" " +
		"%UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% " +
		"%DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n"

	// EnvoyServerName for istio's envoy
	EnvoyServerName = "istio-envoy"

	// EnvoyAccessLogCluster is the cluster name that has details for server implementing Envoy ALS.
	// This cluster is created in bootstrap.
	EnvoyAccessLogCluster = "envoy_accesslog_service"
)
View Source 
const (
	NoConflict = iota
	// HTTPOverTCP represents incoming HTTP existing TCP
	HTTPOverTCP
	// TCPOverHTTP represents incoming TCP existing HTTP
	TCPOverHTTP
	// TCPOverTCP represents incoming TCP existing TCP
	TCPOverTCP
	// TCPOverAuto represents incoming TCP existing AUTO
	TCPOverAuto
	// AutoOverHTTP represents incoming AUTO existing HTTP
	AutoOverHTTP
	// AutoOverTCP represents incoming AUTO existing TCP
	AutoOverTCP
)
View Source 
const (
	// WildcardAddress binds to all IP addresses
	WildcardAddress = "0.0.0.0"

	// WildcardIPv6Address binds to all IPv6 addresses
	WildcardIPv6Address = "::"

	// LocalhostAddress for local binding
	LocalhostAddress = "127.0.0.1"

	// LocalhostIPv6Address for local binding
	LocalhostIPv6Address = "::1"

	// 6 is the magical number for inbound: 15006, 127.0.0.6, ::6
	InboundPassthroughBindIpv4 = "127.0.0.6"
	InboundPassthroughBindIpv6 = "::6"
)
View Source 
const (
	// ProxyInboundListenPort is the port on which all inbound traffic to the pod/vm will be captured to
	// TODO: allow configuration through mesh config
	ProxyInboundListenPort = 15006
)

Variables

View Source 
var (
	IPv4PasstrhoughCIDR = []*core.CidrRange{util.ConvertAddressToCidr("0.0.0.0/0")}
	IPv6PasstrhoughCIDR = []*core.CidrRange{util.ConvertAddressToCidr("::/0")}
)
View Source 
var (
	// EnvoyJSONLogFormatIstio map of values for envoy json based access logs for Istio 1.9 onwards.
	// This includes the additional log operator RESPONSE_CODE_DETAILS and CONNECTION_TERMINATION_DETAILS that tells
	// the reason why Envoy rejects a request.
	EnvoyJSONLogFormatIstio = &structpb.Struct{
		Fields: map[string]*structpb.Value{
			"start_time":                        {Kind: &structpb.Value_StringValue{StringValue: "%START_TIME%"}},
			"route_name":                        {Kind: &structpb.Value_StringValue{StringValue: "%ROUTE_NAME%"}},
			"method":                            {Kind: &structpb.Value_StringValue{StringValue: "%REQ(:METHOD)%"}},
			"path":                              {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%"}},
			"protocol":                          {Kind: &structpb.Value_StringValue{StringValue: "%PROTOCOL%"}},
			"response_code":                     {Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_CODE%"}},
			"response_flags":                    {Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_FLAGS%"}},
			"response_code_details":             {Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_CODE_DETAILS%"}},
			"connection_termination_details":    {Kind: &structpb.Value_StringValue{StringValue: "%CONNECTION_TERMINATION_DETAILS%"}},
			"bytes_received":                    {Kind: &structpb.Value_StringValue{StringValue: "%BYTES_RECEIVED%"}},
			"bytes_sent":                        {Kind: &structpb.Value_StringValue{StringValue: "%BYTES_SENT%"}},
			"duration":                          {Kind: &structpb.Value_StringValue{StringValue: "%DURATION%"}},
			"upstream_service_time":             {Kind: &structpb.Value_StringValue{StringValue: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%"}},
			"x_forwarded_for":                   {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-FORWARDED-FOR)%"}},
			"user_agent":                        {Kind: &structpb.Value_StringValue{StringValue: "%REQ(USER-AGENT)%"}},
			"request_id":                        {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-REQUEST-ID)%"}},
			"authority":                         {Kind: &structpb.Value_StringValue{StringValue: "%REQ(:AUTHORITY)%"}},
			"upstream_host":                     {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_HOST%"}},
			"upstream_cluster":                  {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_CLUSTER%"}},
			"upstream_local_address":            {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_LOCAL_ADDRESS%"}},
			"downstream_local_address":          {Kind: &structpb.Value_StringValue{StringValue: "%DOWNSTREAM_LOCAL_ADDRESS%"}},
			"downstream_remote_address":         {Kind: &structpb.Value_StringValue{StringValue: "%DOWNSTREAM_REMOTE_ADDRESS%"}},
			"requested_server_name":             {Kind: &structpb.Value_StringValue{StringValue: "%REQUESTED_SERVER_NAME%"}},
			"upstream_transport_failure_reason": {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_TRANSPORT_FAILURE_REASON%"}},
		},
	}
)

Functions

func ApplyRingHashLoadBalancer 

func ApplyRingHashLoadBalancer(c *cluster.Cluster, lb *networking.LoadBalancerSettings)

ApplyRingHashLoadBalancer will set the LbPolicy and create an LbConfig for RING_HASH if used in LoadBalancerSettings

func BuildListenerTLSContext 

func BuildListenerTLSContext(serverTLSSettings *networking.ServerTLSSettings,
	proxy *model.Proxy, transportProtocol istionetworking.TransportProtocol) *auth.DownstreamTlsContext

func BuildSidecarOutboundVirtualHosts 

func BuildSidecarOutboundVirtualHosts(node *model.Proxy, push *model.PushContext,
	routeName string,
	listenerPort int,
	efKeys []string,
	xdsCache model.XdsCache,
) ([]*route.VirtualHost, *discovery.Resource, *istio_route.Cache)

func CastDestinationRule 

func CastDestinationRule(config *config.Config) *networking.DestinationRule

CastDestinationRule returns the destination rule enclosed by the config, if not null. Otherwise, return nil.

func GenerateAltVirtualHosts 

func GenerateAltVirtualHosts(hostname string, port int, proxyDomain string) []string

GenerateAltVirtualHosts given a service and a port, generates all possible HTTP Host headers. For example, a service of the form foo.local.campus.net on port 80, with local domain "local.campus.net" could be accessed as http://foo:80 within the .local network, as http://foo.local:80 (by other clients in the campus.net domain), as http://foo.local.campus:80, etc. NOTE: When a sidecar in remote.campus.net domain is talking to foo.local.campus.net, we should only generate foo.local, foo.local.campus, etc (and never just "foo").

- Given foo.local.campus.net on proxy domain local.campus.net, this function generates foo:80, foo.local:80, foo.local.campus:80, with and without ports. It will not generate foo.local.campus.net (full hostname) since its already added elsewhere.

- Given foo.local.campus.net on proxy domain remote.campus.net, this function generates foo.local:80, foo.local.campus:80

- Given foo.local.campus.net on proxy domain "" or proxy domain example.com, this function returns nil

func MergeTrafficPolicy 

func MergeTrafficPolicy(original, subsetPolicy *networking.TrafficPolicy, port *model.Port) *networking.TrafficPolicy

MergeTrafficPolicy returns the merged TrafficPolicy for a destination-level and subset-level policy on a given port.

Types

type AccessLogBuilder 

type AccessLogBuilder struct {
	// contains filtered or unexported fields
}

type ClusterBuilder 

type ClusterBuilder struct {
	// contains filtered or unexported fields
}

ClusterBuilder interface provides an abstraction for building Envoy Clusters.

func NewClusterBuilder 

func NewClusterBuilder(proxy *model.Proxy, req *model.PushRequest, cache model.XdsCache) *ClusterBuilder

NewClusterBuilder builds an instance of ClusterBuilder.

func (*ClusterBuilder) IsHttp2Cluster 

func (cb *ClusterBuilder) IsHttp2Cluster(mc *MutableCluster) bool

nolint

type ClusterMode 

type ClusterMode string

ClusterMode defines whether the cluster is being built for SNI-DNATing (sni passthrough) or not 

const (
	// SniDnatClusterMode indicates cluster is being built for SNI dnat mode
	SniDnatClusterMode ClusterMode = "sni-dnat"
	// DefaultClusterMode indicates usual cluster with mTLS et al
	DefaultClusterMode ClusterMode = "outbound"
)

type ConfigGenTest 

type ConfigGenTest struct {
	ConfigGen            *ConfigGeneratorImpl
	MemRegistry          *memregistry.ServiceDiscovery
	ServiceEntryRegistry *serviceentry.Controller
	Registry             model.Controller
	// contains filtered or unexported fields
}

func NewConfigGenTest 

func NewConfigGenTest(t test.Failer, opts TestOptions) *ConfigGenTest

func (*ConfigGenTest) Clusters 

func (f *ConfigGenTest) Clusters(p *model.Proxy) []*cluster.Cluster

func (*ConfigGenTest) DeltaClusters 

func (f *ConfigGenTest) DeltaClusters(
	p *model.Proxy,
	configUpdated map[model.ConfigKey]struct{},
	watched *model.WatchedResource,
) ([]*cluster.Cluster, []string, bool)

func (*ConfigGenTest) Env 

func (f *ConfigGenTest) Env() *model.Environment

func (*ConfigGenTest) Listeners 

func (f *ConfigGenTest) Listeners(p *model.Proxy) []*listener.Listener

func (*ConfigGenTest) PushContext 

func (f *ConfigGenTest) PushContext() *model.PushContext

func (*ConfigGenTest) Routes 

func (f *ConfigGenTest) Routes(p *model.Proxy) []*route.RouteConfiguration

func (*ConfigGenTest) RoutesFromListeners 

func (f *ConfigGenTest) RoutesFromListeners(p *model.Proxy, l []*listener.Listener) []*route.RouteConfiguration

func (*ConfigGenTest) Run 

func (f *ConfigGenTest) Run()

func (*ConfigGenTest) SetupProxy 

func (f *ConfigGenTest) SetupProxy(p *model.Proxy) *model.Proxy

SetupProxy initializes a proxy for the current environment. This should generally be used when creating any proxy. For example, `p := SetupProxy(&model.Proxy{...})`.

func (*ConfigGenTest) Store 

func (f *ConfigGenTest) Store() model.ConfigStoreController

type ConfigGeneratorImpl 

type ConfigGeneratorImpl struct {
	Cache model.XdsCache
}

func NewConfigGenerator 

func NewConfigGenerator(cache model.XdsCache) *ConfigGeneratorImpl

func (*ConfigGeneratorImpl) BuildClusters 

func (configgen *ConfigGeneratorImpl) BuildClusters(proxy *model.Proxy, req *model.PushRequest) ([]*discovery.Resource, model.XdsLogDetails)

BuildClusters returns the list of clusters for the given proxy. This is the CDS output For outbound: Cluster for each service/subset hostname or cidr with SNI set to service hostname Cluster type based on resolution For inbound (sidecar only): Cluster for each inbound endpoint port and for each service port

func (*ConfigGeneratorImpl) BuildDeltaClusters 

func (configgen *ConfigGeneratorImpl) BuildDeltaClusters(proxy *model.Proxy, updates *model.PushRequest,
	watched *model.WatchedResource,
) ([]*discovery.Resource, []string, model.XdsLogDetails, bool)

BuildDeltaClusters generates the deltas (add and delete) for a given proxy. Currently, only service changes are reflected with deltas. Otherwise, we fall back onto generating everything.

func (*ConfigGeneratorImpl) BuildExtensionConfiguration 

func (configgen *ConfigGeneratorImpl) BuildExtensionConfiguration(
	proxy *model.Proxy, push *model.PushContext, extensionConfigNames []string, pullSecrets map[string][]byte) []*core.TypedExtensionConfig

BuildExtensionConfiguration returns the list of extension configuration for the given proxy and list of names. This is the ECDS output.

func (*ConfigGeneratorImpl) BuildHTTPRoutes 

func (configgen *ConfigGeneratorImpl) BuildHTTPRoutes(
	node *model.Proxy,
	req *model.PushRequest,
	routeNames []string,
) ([]*discovery.Resource, model.XdsLogDetails)

BuildHTTPRoutes produces a list of routes for the proxy

func (*ConfigGeneratorImpl) BuildListeners 

func (configgen *ConfigGeneratorImpl) BuildListeners(node *model.Proxy,
	push *model.PushContext) []*listener.Listener

BuildListeners produces a list of listeners and referenced clusters for all proxies

func (*ConfigGeneratorImpl) BuildNameTable 

func (configgen *ConfigGeneratorImpl) BuildNameTable(node *model.Proxy, push *model.PushContext) *dnsProto.NameTable

BuildNameTable produces a table of hostnames and their associated IPs that can then be used by the agent to resolve DNS. This logic is always active. However, local DNS resolution will only be effective if DNS capture is enabled in the proxy

func (*ConfigGeneratorImpl) MeshConfigChanged 

func (configgen *ConfigGeneratorImpl) MeshConfigChanged(_ *meshconfig.MeshConfig)

MeshConfigChanged is called when mesh config is changed.

type FakeXdsUpdater 

type FakeXdsUpdater struct{}

func (*FakeXdsUpdater) ConfigUpdate 

func (f *FakeXdsUpdater) ConfigUpdate(*model.PushRequest)

func (*FakeXdsUpdater) EDSCacheUpdate 

func (f *FakeXdsUpdater) EDSCacheUpdate(_ model.ShardKey, _, _ string, _ []*model.IstioEndpoint)

func (*FakeXdsUpdater) EDSUpdate 

func (f *FakeXdsUpdater) EDSUpdate(_ model.ShardKey, _, _ string, _ []*model.IstioEndpoint)

func (*FakeXdsUpdater) ProxyUpdate 

func (f *FakeXdsUpdater) ProxyUpdate(_ cluster2.ID, _ string)

func (*FakeXdsUpdater) RemoveShard 

func (f *FakeXdsUpdater) RemoveShard(_ model.ShardKey)

func (*FakeXdsUpdater) SvcUpdate 

func (f *FakeXdsUpdater) SvcUpdate(_ model.ShardKey, _, _ string, _ model.Event)

type FilterChainMatchOptions 

type FilterChainMatchOptions struct {
	// Application protocols of the filter chain match
	ApplicationProtocols []string
	// Transport protocol of the filter chain match. "tls" or empty
	TransportProtocol string
	// Filter chain protocol. HTTP for HTTP proxy and TCP for TCP proxy
	Protocol networking.ListenerProtocol
	// Whether this chain should terminate TLS or not
	TLS bool
}

FilterChainMatchOptions describes options used for filter chain matches.

func (FilterChainMatchOptions) ToTransportSocket 

func (opt FilterChainMatchOptions) ToTransportSocket(mtls plugin.MTLSSettings) *tls.DownstreamTlsContext

type ListenerBuilder 

type ListenerBuilder struct {
	// contains filtered or unexported fields
}

A stateful listener builder Support the below intentions 1. Use separate inbound capture listener(:15006) and outbound capture listener(:15001) 2. The above listeners use bind_to_port sub listeners or filter chains.

func NewListenerBuilder 

func NewListenerBuilder(node *model.Proxy, push *model.PushContext) *ListenerBuilder

type MutableCluster 

type MutableCluster struct {
	// contains filtered or unexported fields
}

MutableCluster wraps Cluster object along with options.

func NewMutableCluster 

func NewMutableCluster(cluster *cluster.Cluster) *MutableCluster

NewMutableCluster initializes MutableCluster with the cluster passed.

type MutableListener 

type MutableListener struct {
	istionetworking.MutableObjects
}

MutableListener represents a listener that is being built.

type ServiceInstancePort 

type ServiceInstancePort struct {
	// Name ascribes a human readable name for the port object. When a
	// service has multiple ports, the name field is mandatory
	Name string `json:"name,omitempty"`

	// Port number where the service can be reached. Does not necessarily
	// map to the corresponding port numbers for the instances behind the
	// service.
	Port uint32 `json:"port"`

	TargetPort uint32 `json:"targetPort"`

	// Protocol to be used for the port.
	Protocol protocol.Instance `json:"protocol,omitempty"`
}

ServiceInstancePort defines a port that has both a port and targetPort (which distinguishes it from model.Port) Note: ServiceInstancePort only makes sense in the context of a specific ServiceInstance, because TargetPort depends on a specific instance.

type TestOptions 

type TestOptions struct {
	// If provided, these configs will be used directly
	Configs        []config.Config
	ConfigPointers []*config.Config

	// If provided, the yaml string will be parsed and used as configs
	ConfigString string
	// If provided, the ConfigString will be treated as a go template, with this as input params
	ConfigTemplateInput interface{}

	// Services to pre-populate as part of the service discovery
	Services  []*model.Service
	Instances []*model.ServiceInstance
	Gateways  []model.NetworkGateway

	// If provided, this mesh config will be used
	MeshConfig      *meshconfig.MeshConfig
	NetworksWatcher mesh.NetworksWatcher

	// Additional service registries to use. A ServiceEntry and memory registry will always be created.
	ServiceRegistries []serviceregistry.Instance

	// Additional ConfigStoreController to use
	ConfigStoreCaches []model.ConfigStoreController

	// CreateConfigStore defines a function that, given a ConfigStoreController, returns another ConfigStoreController to use
	CreateConfigStore func(c model.ConfigStoreController) model.ConfigStoreController

	// Mutex used for push context access. Should generally only be used by NewFakeDiscoveryServer
	PushContextLock *sync.RWMutex

	// If set, we will not run immediately, allowing adding event handlers, etc prior to start.
	SkipRun bool

	// Used to set the serviceentry registry's cluster id
	ClusterID cluster2.ID
}

Source Files

View all Source files

Directories

Path Synopsis
packages used for load balancer setting
 packages used for load balancer setting
retry

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.