xds

package
v0.6.0-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 8, 2023 License: Apache-2.0 Imports: 115 Imported by: 0

README

Debug interface

The debug handlers are configured on the monitoring port (default 15014) as well as on the http port (8080).

PILOT=istiod.istio-system:15014

# What is sent to envoy
# Listeners and routes
curl $PILOT/debug/adsz

# Endpoints
curl $PILOT/debug/edsz

# Clusters
curl $PILOT/debug/cdsz

Each handler takes an extra parameter, "debug=0|1" which flips the verbosity of the messages for that component (similar with envoy).

An extra parameter "push=1" triggers a config push to all connected endpoints.

Handlers should list, in json format:

  • one entry for each connected envoy
  • the timestamp of the connection

In addition, Pilot debug interface can show pilot's internal view of the config:

# General metrics
curl $PILOT/metrics

# All services/external services from all registries
curl $PILOT/debug/registryz

# All endpoints
curl $PILOT/debug/endpointz[?brief=1]

# All configs.
curl $PILOT/debug/configz

Example for EDS:

{

   // Cluster
   "echosrv.istio-system.svc.cluster.local|grpc-ping": {
    "EdsClients": {
      // One for each connected envoy.
      "sidecar~172.17.0.8~echosrv-deployment-5b7878cc9-dlm8j.istio-system~istio-system.svc.cluster.local-116": {
        // Should match the info in the node (this is the real remote address)
        "PeerAddr": "172.17.0.8:42044",
        "Clusters": [
          // Should match the cluster, this is what is monitored
          "echosrv.istio-system.svc.cluster.local|grpc-ping"
        ],
        // Time the sidecar connected to pilot
        "Connect": "2018-03-22T15:01:07.527304202Z"
      },
      "sidecar~172.17.0.9~echosrv-deployment-5b7878cc9-wb9b7.istio-system~istio-system.svc.cluster.local-75": {
        "PeerAddr": "172.17.0.9:47182",
        "Clusters": [
          "echosrv.istio-system.svc.cluster.local|grpc-ping"
        ],
        "Connect": "2018-03-22T15:01:00.465066249Z"
      }
    },
    // The info pushed to each connected sidecar watching the cluster.
    "LoadAssignment": {
      "cluster_name": "echosrv.istio-system.svc.cluster.local|grpc-ping",
      "endpoints": [
        {
          "locality": {},
          "lb_endpoints": [
           {
              // Should match the endpoint and port from 'kubectl get ep'
              "endpoint": {
                "address": {
                  "Address": {
                    "SocketAddress": {
                      "address": "172.17.0.8",
                      "PortSpecifier": {
                        "PortValue": 8079
                      },
                      "ipv4_compat": true
                    }
                  }
                }
              }
            },
          ]
          }
      ]
      }
    }

Log messages

Verbose messages for v2 is controlled by env variables PILOT_DEBUG_{EDS,CDS,LDS}. Setting it to "0" disables debug, setting it to "1" enables - debug is currently enabled by default, since it is not very verbose.

Messages are prefixed with EDS/LDS/CDS.

What we log and how to use it:

  • sidecar connecting to pilot: "EDS/CDS/LDS: REQ ...". This includes the node, IP and the discovery request proto. Should show up when the sidecar starts up.

  • sidecar disconnecting from pilot: xDS: close. This happens when a pod is stopped.

  • push events - whenever we push a config to the sidecar.

  • "XDS: Registry event..." - indicates a registry event, should be followed by PUSH messages for each endpoint.

  • "EDS: no instances": pay close attention to this event, it indicates that Envoy asked for a cluster but pilot doesn't have any valid instance. At some point after, when the instance eventually shows up you should see an EDS PUSH message.

In addition, the registry has slightly more verbose messages about the events, so it is possible to map an event in the registry to config pushes.

Example requests and responses

EDS:

node:<id:"ingress~~istio-ingress-6796c456f4-7zqtm.istio-system~istio-system.svc.cluster.local"
cluster:"istio-ingress"
build_version:"0/1.6.0-dev//RELEASE" >
resource_names:"echosrv.istio-system.svc.cluster.local|http-echo"
type_url:"type.googleapis.com/envoy.api.v2.ClusterLoadAssignment"

Documentation

Overview

Copyright Istio Authors

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	// TypeURLConnect generate connect event.
	TypeURLConnect = "istio.io/connect"

	// TypeURLDisconnect generate disconnect event.
	TypeURLDisconnect = "istio.io/disconnect"

	// TypeURLNACK will receive messages of type DiscoveryRequest, containing
	// the 'NACK' from envoy on rejected configs. Only ID is set in metadata.
	// This includes all the info that envoy (client) provides.
	TypeURLNACK = "istio.io/nack"

	// TypeDebugSyncronization requests Envoy CSDS for proxy sync status
	TypeDebugSyncronization = "istio.io/debug/syncz"

	// TypeDebugConfigDump requests Envoy configuration for a proxy without creating one
	TypeDebugConfigDump = "istio.io/debug/config_dump"
)
View Source 
const (
	// TypeDebug requests debug info from istio, a secured implementation for istio debug interface
	TypeDebug = "istio.io/debug"
)
View Source 
const VersionLen = 12

VersionLen is the Config Version and is only used as the nonce prefix, but we can reconstruct it because is is a b64 encoding of a 64 bit array, which will always be 12 chars in length. len = ceil(bitlength/(2^6))+1

Variables

View Source 
var AllEventTypes = map[EventType]struct{}{
	v3.ClusterType:  {},
	v3.ListenerType: {},
	v3.RouteType:    {},
	v3.EndpointType: {},
}
View Source 
var AllEventTypesList = []EventType{v3.ClusterType, v3.ListenerType, v3.RouteType, v3.EndpointType}

AllEventTypesList is AllEventTypes in list form, for convenience

View Source 
var AuthPlaintext = env.RegisterBoolVar("XDS_AUTH_PLAINTEXT", false,
	"Authenticate plain text requests - used if Istiod is behind a gateway handling TLS").Get()
View Source 
var KnownOrderedTypeUrls = map[string]struct{}{
	v3.ClusterType:  {},
	v3.EndpointType: {},
	v3.ListenerType: {},
	v3.RouteType:    {},
	v3.SecretType:   {},
}

KnownOrderedTypeUrls has typeUrls for which we know the order of push.

View Source 
var PushOrder = []string{v3.ClusterType, v3.EndpointType, v3.ListenerType, v3.RouteType, v3.SecretType}

PushOrder defines the order that updates will be pushed in. Any types not listed here will be pushed in random order after the types listed here

Functions

func AdsPushAll 

func AdsPushAll(s *DiscoveryServer)

AdsPushAll will send updates to all nodes, for a full config or incremental EDS.

func ConfigAffectsProxy 

func ConfigAffectsProxy(req *model.PushRequest, proxy *model.Proxy) bool

ConfigAffectsProxy checks if a pushEv will affect a specified proxy. That means whether the push will be performed towards the proxy.

func ControlPlane 

func ControlPlane() *corev3.ControlPlane

ControlPlane identifies the instance and Istio version.

func DefaultProxyNeedsPush 

func DefaultProxyNeedsPush(proxy *model.Proxy, req *model.PushRequest) bool

DefaultProxyNeedsPush check if a proxy needs push for this push event.

func GetTunnelBuilderType 

func GetTunnelBuilderType(_ string, proxy *model.Proxy, _ *model.PushContext) networking.TunnelType

Return the tunnel type for this endpoint builder. If the endpoint builder builds h2tunnel, the final endpoint collection includes only the endpoints which support H2 tunnel and the non-tunnel endpoints. The latter case is to support multi-cluster service. Revisit non-tunnel endpoint decision once the gateways supports tunnel. TODO(lambdai): Propose to istio api.

func ResourceSize 

func ResourceSize(r model.Resources) int

Types

type AdsClient 

type AdsClient struct {
	ConnectionID string              `json:"connectionId"`
	ConnectedAt  time.Time           `json:"connectedAt"`
	PeerAddress  string              `json:"address"`
	Metadata     *model.NodeMetadata `json:"metadata,omitempty"`
	Watches      map[string][]string `json:"watches,omitempty"`
}

AdsClient defines the data that is displayed on "/adsz" endpoint.

type AdsClients 

type AdsClients struct {
	Total     int         `json:"totalClients"`
	Connected []AdsClient `json:"clients,omitempty"`
}

AdsClients is collection of AdsClient connected to this Istiod.

type AdsTest 

type AdsTest struct {
	ID   string
	Type string
	// contains filtered or unexported fields
}

func NewAdsTest 

func NewAdsTest(t test.Failer, conn *grpc.ClientConn) *AdsTest

func NewSdsTest 

func NewSdsTest(t test.Failer, conn *grpc.ClientConn) *AdsTest

func NewXdsTest 

func NewXdsTest(t test.Failer, conn *grpc.ClientConn, getClient func(conn *grpc.ClientConn) (DiscoveryClient, error)) *AdsTest

func (*AdsTest) Cleanup 

func (a *AdsTest) Cleanup()

func (*AdsTest) DrainResponses 

func (a *AdsTest) DrainResponses()

DrainResponses reads all responses, but does nothing to them

func (*AdsTest) ExpectError 

func (a *AdsTest) ExpectError(t test.Failer) error

ExpectError waits until an error is received and returns it

func (*AdsTest) ExpectNoResponse 

func (a *AdsTest) ExpectNoResponse(t test.Failer)

ExpectNoResponse waits a short period of time and ensures no response is received

func (*AdsTest) ExpectResponse 

func (a *AdsTest) ExpectResponse(t test.Failer) *discovery.DiscoveryResponse

ExpectResponse waits until a response is received and returns it

func (*AdsTest) Request 

func (a *AdsTest) Request(t test.Failer, req *discovery.DiscoveryRequest)

func (*AdsTest) RequestResponseAck 

func (a *AdsTest) RequestResponseAck(t test.Failer, req *discovery.DiscoveryRequest) *discovery.DiscoveryResponse

RequestResponseAck does a full XDS exchange: Send a request, get a response, and ACK the response

func (*AdsTest) RequestResponseNack 

func (a *AdsTest) RequestResponseNack(t test.Failer, req *discovery.DiscoveryRequest) *discovery.DiscoveryResponse

RequestResponseAck does a full XDS exchange with an error: Send a request, get a response, and NACK the response

func (*AdsTest) WithID 

func (a *AdsTest) WithID(id string) *AdsTest

func (*AdsTest) WithMetadata 

func (a *AdsTest) WithMetadata(m model.NodeMetadata) *AdsTest

func (*AdsTest) WithTimeout 

func (a *AdsTest) WithTimeout(t time.Duration) *AdsTest

func (*AdsTest) WithType 

func (a *AdsTest) WithType(typeURL string) *AdsTest

type AuthorizationDebug 

type AuthorizationDebug struct {
	AuthorizationPolicies *model.AuthorizationPolicies `json:"authorization_policies"`
}

AuthorizationDebug holds debug information for authorization policy.

type BootstrapGenerator 

type BootstrapGenerator struct {
	Server *DiscoveryServer
}

Bootstrap generator produces an Envoy bootstrap from node descriptors.

func (*BootstrapGenerator) Generate 

func (e *BootstrapGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

Generate returns a bootstrap discovery response.

type CdsGenerator 

type CdsGenerator struct {
	Server *DiscoveryServer
}

func (CdsGenerator) Generate 

func (c CdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

func (CdsGenerator) GenerateDeltas 

func (c CdsGenerator) GenerateDeltas(proxy *model.Proxy, req *model.PushRequest,
	w *model.WatchedResource) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)

GenerateDeltas for CDS currently only builds deltas when services change. todo implement changes for DestinationRule, etc

type Connection 

type Connection struct {
	// contains filtered or unexported fields
}

Connection holds information about connected client.

func (*Connection) Clusters 

func (conn *Connection) Clusters() []string

func (*Connection) NonceAcked 

func (conn *Connection) NonceAcked(typeUrl string) string

nolint

func (*Connection) NonceSent 

func (conn *Connection) NonceSent(typeUrl string) string

nolint

func (*Connection) Routes 

func (conn *Connection) Routes() []string

func (*Connection) Stop 

func (conn *Connection) Stop()

func (*Connection) Synced 

func (conn *Connection) Synced(typeUrl string) (bool, bool)

nolint Synced checks if the type has been synced, meaning the most recent push was ACKed

func (*Connection) Watched 

func (conn *Connection) Watched(typeUrl string) *model.WatchedResource

nolint

func (*Connection) Watching 

func (conn *Connection) Watching(typeUrl string) bool

nolint

type DebugGen 

type DebugGen struct {
	Server          *DiscoveryServer
	SystemNamespace string
	DebugMux        *http.ServeMux
}

DebugGen is a Generator for istio debug info

func NewDebugGen 

func NewDebugGen(s *DiscoveryServer, systemNamespace string) *DebugGen

func (*DebugGen) Generate 

func (dg *DebugGen) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

Generate XDS debug responses according to the incoming debug request

type DeltaAdsTest 

type DeltaAdsTest struct {
	ID   string
	Type string
	// contains filtered or unexported fields
}

func NewDeltaAdsTest 

func NewDeltaAdsTest(t test.Failer, conn *grpc.ClientConn) *DeltaAdsTest

func NewDeltaXdsTest 

func NewDeltaXdsTest(t test.Failer, conn *grpc.ClientConn,
	getClient func(conn *grpc.ClientConn) (DeltaDiscoveryClient, error)) *DeltaAdsTest

func (*DeltaAdsTest) Cleanup 

func (a *DeltaAdsTest) Cleanup()

func (*DeltaAdsTest) DrainResponses 

func (a *DeltaAdsTest) DrainResponses()

DrainResponses reads all responses, but does nothing to them

func (*DeltaAdsTest) ExpectError 

func (a *DeltaAdsTest) ExpectError() error

ExpectError waits until an error is received and returns it

func (*DeltaAdsTest) ExpectNoResponse 

func (a *DeltaAdsTest) ExpectNoResponse()

ExpectNoResponse waits a short period of time and ensures no response is received

func (*DeltaAdsTest) ExpectResponse 

func (a *DeltaAdsTest) ExpectResponse() *discovery.DeltaDiscoveryResponse

ExpectResponse waits until a response is received and returns it

func (*DeltaAdsTest) Request 

func (a *DeltaAdsTest) Request(req *discovery.DeltaDiscoveryRequest)

func (*DeltaAdsTest) RequestResponseAck 

func (a *DeltaAdsTest) RequestResponseAck(req *discovery.DeltaDiscoveryRequest) *discovery.DeltaDiscoveryResponse

RequestResponseAck does a full XDS exchange: Send a request, get a response, and ACK the response

func (*DeltaAdsTest) RequestResponseNack 

func (a *DeltaAdsTest) RequestResponseNack(req *discovery.DeltaDiscoveryRequest) *discovery.DeltaDiscoveryResponse

RequestResponseNack does a full XDS exchange with an error: Send a request, get a response, and NACK the response

func (*DeltaAdsTest) WithID 

func (a *DeltaAdsTest) WithID(id string) *DeltaAdsTest

func (*DeltaAdsTest) WithMetadata 

func (a *DeltaAdsTest) WithMetadata(m model.NodeMetadata) *DeltaAdsTest

func (*DeltaAdsTest) WithTimeout 

func (a *DeltaAdsTest) WithTimeout(t time.Duration) *DeltaAdsTest

func (*DeltaAdsTest) WithType 

func (a *DeltaAdsTest) WithType(typeURL string) *DeltaAdsTest

type DeltaDiscoveryClient 

type DeltaDiscoveryClient = discovery.AggregatedDiscoveryService_DeltaAggregatedResourcesClient

DeltaDiscoveryClient is a client interface for Delta XDS.

type DeltaDiscoveryStream 

type DeltaDiscoveryStream = discovery.AggregatedDiscoveryService_DeltaAggregatedResourcesServer

DeltaDiscoveryStream is a server interface for Delta XDS.

type DiscoveryClient 

type DiscoveryClient = discovery.AggregatedDiscoveryService_StreamAggregatedResourcesClient

DiscoveryClient is a client interface for XDS.

type DiscoveryServer 

type DiscoveryServer struct {
	// Env is the model environment.
	Env *model.Environment

	// MemRegistry is used for debug and load testing, allow adding services. Visible for testing.
	MemRegistry *memory.ServiceDiscovery

	// ConfigGenerator is responsible for generating data plane configuration using Istio networking
	// APIs and service registry info
	ConfigGenerator core.ConfigGenerator

	// Generators allow customizing the generated config, based on the client metadata.
	// Key is the generator type - will match the Generator metadata to set the per-connection
	// default generator, or the combination of Generator metadata and TypeUrl to select a
	// different generator for a type.
	// Normal istio clients use the default generator - will not be impacted by this.
	Generators map[string]model.XdsResourceGenerator

	// ProxyNeedsPush is a function that determines whether a push can be completely skipped. Individual generators
	// may also choose to not send any updates.
	ProxyNeedsPush func(proxy *model.Proxy, req *model.PushRequest) bool

	// InboundUpdates describes the number of configuration updates the discovery server has received
	InboundUpdates *atomic.Int64
	// CommittedUpdates describes the number of configuration updates the discovery server has
	// received, process, and stored in the push context. If this number is less than InboundUpdates,
	// there are updates we have not yet processed.
	// Note: This does not mean that all proxies have received these configurations; it is strictly
	// the push context, which means that the next push to a proxy will receive this configuration.
	CommittedUpdates *atomic.Int64

	// EndpointShards for a service. This is a global (per-server) list, built from
	// incremental updates. This is keyed by service and namespace
	EndpointIndex *model.EndpointIndex

	StatusReporter DistributionStatusCache

	// Authenticators for XDS requests. Should be same/subset of the CA authenticators.
	Authenticators []security.Authenticator

	// StatusGen is notified of connect/disconnect/nack on all connections
	StatusGen               *StatusGen
	WorkloadEntryController *workloadentry.Controller

	// Cache for XDS resources
	Cache model.XdsCache

	// JwtKeyResolver holds a reference to the JWT key resolver instance.
	JwtKeyResolver *model.JwksResolver

	// ListRemoteClusters collects debug information about other clusters this istiod reads from.
	ListRemoteClusters func() []cluster.DebugInfo

	// ClusterAliases are aliase names for cluster. When a proxy connects with a cluster ID
	// and if it has a different alias we should use that a cluster ID for proxy.
	ClusterAliases map[cluster.ID]cluster.ID
	// contains filtered or unexported fields
}

DiscoveryServer is Pilot's gRPC implementation for Envoy's xds APIs

func NewDiscoveryServer 

func NewDiscoveryServer(env *model.Environment, instanceID string, clusterAliases map[string]string) *DiscoveryServer

NewDiscoveryServer creates DiscoveryServer that sources data from Pilot's internal mesh data structures

func (*DiscoveryServer) AddDebugHandlers 

func (s *DiscoveryServer) AddDebugHandlers(mux, internalMux *http.ServeMux, enableProfiling bool, webhook func() map[string]string)

func (*DiscoveryServer) AdsPushAll 

func (s *DiscoveryServer) AdsPushAll(version string, req *model.PushRequest)

AdsPushAll implements old style invalidation, generated when any rule or endpoint changes. Primary code path is from v1 discoveryService.clearCache(), which is added as a handler to the model ConfigStorageCache and Controller.

func (*DiscoveryServer) AllClients 

func (s *DiscoveryServer) AllClients() []*Connection

AllClients returns all connected clients, per Clients, but additionally includes unintialized connections Warning: callers must take care not to rely on the con.proxy field being set

func (*DiscoveryServer) CachesSynced 

func (s *DiscoveryServer) CachesSynced()

CachesSynced is called when caches have been synced so that server can accept connections.

func (*DiscoveryServer) Clients 

func (s *DiscoveryServer) Clients() []*Connection

Clients returns all currently connected clients. This method can be safely called concurrently, but care should be taken with the underlying objects (ie model.Proxy) to ensure proper locking. This method returns only fully initialized connections; for all connections, use AllClients

func (*DiscoveryServer) ClientsOf 

func (s *DiscoveryServer) ClientsOf(typeUrl string) []*Connection

nolint ClientsOf returns the clients that are watching the given resource.

func (*DiscoveryServer) ConfigDump 

func (s *DiscoveryServer) ConfigDump(w http.ResponseWriter, req *http.Request)

ConfigDump returns information in the form of the Envoy admin API config dump for the specified proxy The dump will only contain dynamic listeners/clusters/routes and can be used to compare what an Envoy instance should look like according to Pilot vs what it currently does look like.

func (*DiscoveryServer) ConfigUpdate 

func (s *DiscoveryServer) ConfigUpdate(req *model.PushRequest)

ConfigUpdate implements ConfigUpdater interface, used to request pushes. It replaces the 'clear cache' from v1.

func (*DiscoveryServer) Debug 

func (s *DiscoveryServer) Debug(w http.ResponseWriter, req *http.Request)

Debug lists all the supported debug endpoints.

func (*DiscoveryServer) DeltaAggregatedResources 

func (s *DiscoveryServer) DeltaAggregatedResources(stream discovery.AggregatedDiscoveryService_DeltaAggregatedResourcesServer) error

DeltaAggregatedResources is not implemented. Instead, Generators may send only updates/add, with Delete indicated by an empty spec. This works if both ends follow this model. For example EDS and the API generator follow this pattern.

The delta protocol changes the request, adding unsubscribe/subscribe instead of sending full list of resources. On the response it adds 'removed resources' and sends changes for everything.

func (*DiscoveryServer) EDSCacheUpdate 

func (s *DiscoveryServer) EDSCacheUpdate(shard model.ShardKey, serviceName string, namespace string,
	istioEndpoints []*model.IstioEndpoint)

EDSCacheUpdate computes destination address membership across all clusters and networks. This is the main method implementing EDS. It replaces InstancesByPort in model - instead of iterating over all endpoints it uses the hostname-keyed map. And it avoids the conversion from Endpoint to ServiceEntry to envoy on each step: instead the conversion happens once, when an endpoint is first discovered.

Note: the difference with `EDSUpdate` is that it only update the cache rather than requesting a push

func (*DiscoveryServer) EDSUpdate 

func (s *DiscoveryServer) EDSUpdate(shard model.ShardKey, serviceName string, namespace string,
	istioEndpoints []*model.IstioEndpoint)

EDSUpdate computes destination address membership across all clusters and networks. This is the main method implementing EDS. It replaces InstancesByPort in model - instead of iterating over all endpoints it uses the hostname-keyed map. And it avoids the conversion from Endpoint to ServiceEntry to envoy on each step: instead the conversion happens once, when an endpoint is first discovered.

func (*DiscoveryServer) Edsz 

func (s *DiscoveryServer) Edsz(w http.ResponseWriter, req *http.Request)

Edsz implements a status and debug interface for EDS. It is mapped to /debug/edsz on the monitor port (15014).

func (*DiscoveryServer) InitDebug 

func (s *DiscoveryServer) InitDebug(mux *http.ServeMux, sctl *aggregate.Controller, enableProfiling bool,
	fetchWebhook func() map[string]string)

InitDebug initializes the debug handlers and adds a debug in-memory registry.

func (*DiscoveryServer) InitGenerators 

func (s *DiscoveryServer) InitGenerators(env *model.Environment, systemNameSpace string)

InitGenerators initializes generators to be used by XdsServer.

func (*DiscoveryServer) IsServerReady 

func (s *DiscoveryServer) IsServerReady() bool

func (*DiscoveryServer) List 

func (s *DiscoveryServer) List(w http.ResponseWriter, req *http.Request)

List all the supported debug commands in json.

func (*DiscoveryServer) ProxyUpdate 

func (s *DiscoveryServer) ProxyUpdate(clusterID cluster.ID, ip string)

func (*DiscoveryServer) Push 

func (s *DiscoveryServer) Push(req *model.PushRequest)

Push is called to push changes on config updates using ADS. This is set in DiscoveryService.Push, to avoid direct dependencies.

func (*DiscoveryServer) Register 

func (s *DiscoveryServer) Register(rpcs *grpc.Server)

Register adds the ADS handler to the grpc server

func (*DiscoveryServer) RemoveShard 

func (s *DiscoveryServer) RemoveShard(shardKey model.ShardKey)

func (*DiscoveryServer) SendResponse 

func (s *DiscoveryServer) SendResponse(connections []*Connection, res *discovery.DiscoveryResponse)

SendResponse will immediately send the response to all connections. TODO: additional filters can be added, for example namespace.

func (*DiscoveryServer) Shutdown 

func (s *DiscoveryServer) Shutdown()

shutdown shuts down DiscoveryServer components.

func (*DiscoveryServer) Start 

func (s *DiscoveryServer) Start(stopCh <-chan struct{})

func (*DiscoveryServer) Stream 

func (s *DiscoveryServer) Stream(stream DiscoveryStream) error

func (*DiscoveryServer) StreamAggregatedResources 

func (s *DiscoveryServer) StreamAggregatedResources(stream discovery.AggregatedDiscoveryService_StreamAggregatedResourcesServer) error

StreamAggregatedResources implements the ADS interface.

func (*DiscoveryServer) StreamDeltas 

func (s *DiscoveryServer) StreamDeltas(stream DeltaDiscoveryStream) error

func (*DiscoveryServer) SvcUpdate 

func (s *DiscoveryServer) SvcUpdate(shard model.ShardKey, hostname string, namespace string, event model.Event)

SvcUpdate is a callback from service discovery when service info changes.

func (*DiscoveryServer) Syncz 

func (s *DiscoveryServer) Syncz(w http.ResponseWriter, _ *http.Request)

Syncz dumps the synchronization status of all Envoys connected to this Pilot instance

func (*DiscoveryServer) UpdateServiceAccount 

func (s *DiscoveryServer) UpdateServiceAccount(shards *model.EndpointShards, serviceName string) bool

UpdateServiceAccount updates the service endpoints' sa when service/endpoint event happens. Note: it is not concurrent safe.

func (*DiscoveryServer) UpdateServiceShards 

func (s *DiscoveryServer) UpdateServiceShards(push *model.PushContext) error

UpdateServiceShards will list the endpoints and create the shards. This is used to reconcile and to support non-k8s registries (until they migrate). Note that aggregated list is expensive (for large numbers) - we want to replace it with a model where DiscoveryServer keeps track of all endpoint registries directly, and calls them one by one.

func (*DiscoveryServer) WaitForRequestLimit 

func (s *DiscoveryServer) WaitForRequestLimit(ctx context.Context) error

type DiscoveryStream 

type DiscoveryStream = discovery.AggregatedDiscoveryService_StreamAggregatedResourcesServer

DiscoveryStream is a server interface for XDS.

type DistributionStatusCache 

type DistributionStatusCache interface {
	// RegisterEvent notifies the implementer of an xDS ACK, and must be non-blocking
	RegisterEvent(conID string, eventType EventType, nonce string)
	RegisterDisconnect(s string, types []EventType)
	QueryLastNonce(conID string, eventType EventType) (noncePrefix string)
}

EventHandler allows for generic monitoring of xDS ACKS and disconnects, for the purpose of tracking Config distribution through the mesh.

type EcdsGenerator 

type EcdsGenerator struct {
	Server *DiscoveryServer
	// contains filtered or unexported fields
}

EcdsGenerator generates ECDS configuration.

func (*EcdsGenerator) Generate 

func (e *EcdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

Generate returns ECDS resources for a given proxy.

func (*EcdsGenerator) GeneratePullSecrets 

func (e *EcdsGenerator) GeneratePullSecrets(proxy *model.Proxy, secretResources []SecretResource,
	secretController credscontroller.Controller,
) map[string][]byte

func (*EcdsGenerator) SetCredController 

func (e *EcdsGenerator) SetCredController(creds credscontroller.MulticlusterController)

type EdsGenerator 

type EdsGenerator struct {
	Server *DiscoveryServer
}

EdsGenerator implements the new Generate method for EDS, using the in-memory, optimized endpoint storage in DiscoveryServer.

func (*EdsGenerator) Generate 

func (eds *EdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

func (*EdsGenerator) GenerateDeltas 

func (eds *EdsGenerator) GenerateDeltas(proxy *model.Proxy, req *model.PushRequest,
	w *model.WatchedResource) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)

type EndpointBuilder 

type EndpointBuilder struct {
	// contains filtered or unexported fields
}

func NewEndpointBuilder 

func NewEndpointBuilder(clusterName string, proxy *model.Proxy, push *model.PushContext) EndpointBuilder

func (*EndpointBuilder) ApplyTunnelSetting 

func (b *EndpointBuilder) ApplyTunnelSetting(llbOpts []*LocLbEndpointsAndOptions, tunnelType networking.TunnelType) []*LocLbEndpointsAndOptions

TODO(lambdai): Handle ApplyTunnel error return value by filter out the failed endpoint.

func (EndpointBuilder) Cacheable 

func (b EndpointBuilder) Cacheable() bool

func (EndpointBuilder) DependentConfigs 

func (b EndpointBuilder) DependentConfigs() []model.ConfigKey

func (EndpointBuilder) DependentTypes 

func (b EndpointBuilder) DependentTypes() []config.GroupVersionKind

func (EndpointBuilder) DestinationRule 

func (b EndpointBuilder) DestinationRule() *networkingapi.DestinationRule

func (*EndpointBuilder) EndpointsByNetworkFilter 

func (b *EndpointBuilder) EndpointsByNetworkFilter(endpoints []*LocLbEndpointsAndOptions) []*LocLbEndpointsAndOptions

EndpointsByNetworkFilter is a network filter function to support Split Horizon EDS - filter the endpoints based on the network of the connected sidecar. The filter will filter out all endpoints which are not present within the sidecar network and add a gateway endpoint to remote networks that have endpoints (if gateway exists and its IP is an IP and not a dns name). Information for the mesh networks is provided as a MeshNetwork config map.

func (*EndpointBuilder) EndpointsWithMTLSFilter 

func (b *EndpointBuilder) EndpointsWithMTLSFilter(endpoints []*LocLbEndpointsAndOptions) []*LocLbEndpointsAndOptions

EndpointsWithMTLSFilter removes all endpoints that do not handle mTLS. This is determined by looking at auto-mTLS, DestinationRule, and PeerAuthentication to determine if we would send mTLS to these endpoints. Note there is no guarantee these destinations *actually* handle mTLS; just that we are configured to send mTLS to them.

func (EndpointBuilder) Key 

func (b EndpointBuilder) Key() string

Key provides the eds cache key and should include any information that could change the way endpoints are generated.

type EndpointH2TunnelApplier 

type EndpointH2TunnelApplier struct{}

func (*EndpointH2TunnelApplier) ApplyTunnel 

func (t *EndpointH2TunnelApplier) ApplyTunnel(lep *endpoint.LbEndpoint, tunnelType networking.TunnelType) (*endpoint.LbEndpoint, error)

TODO(lambdai): Set original port if the default cluster original port is not the same.

type EndpointNoTunnelApplier 

type EndpointNoTunnelApplier struct{}

func (*EndpointNoTunnelApplier) ApplyTunnel 

func (t *EndpointNoTunnelApplier) ApplyTunnel(lep *endpoint.LbEndpoint, _ networking.TunnelType) (*endpoint.LbEndpoint, error)

Note that this will not return error if another tunnel typs requested.

type EndpointTunnelApplier 

type EndpointTunnelApplier interface {
	// Mutate LbEndpoint in place. Return non-nil on failure.
	ApplyTunnel(lep *endpoint.LbEndpoint, tunnelType networking.TunnelType) (*endpoint.LbEndpoint, error)
}

TODO(lambdai): Receive port value(15009 by default), builder to cover wide cases.

func MakeTunnelApplier 

func MakeTunnelApplier(_ *endpoint.LbEndpoint, tunnelOpt networking.TunnelAbility) EndpointTunnelApplier

Return prefer H2 tunnel metadata.

type Event 

type Event struct {
	// contains filtered or unexported fields
}

Event represents a config or registry event that results in a push.

type EventType 

type EventType = string

EventType represents the type of object we are tracking, mapping to envoy TypeUrl.

type FakeDiscoveryServer 

type FakeDiscoveryServer struct {
	*v1alpha3.ConfigGenTest

	Discovery   *DiscoveryServer
	Listener    net.Listener
	BufListener *bufconn.Listener

	KubeRegistry *kube.FakeController
	XdsUpdater   model.XDSUpdater
	// contains filtered or unexported fields
}

func NewFakeDiscoveryServer 

func NewFakeDiscoveryServer(t test.Failer, opts FakeOptions) *FakeDiscoveryServer

func (*FakeDiscoveryServer) Connect 

func (f *FakeDiscoveryServer) Connect(p *model.Proxy, watch []string, wait []string) *adsc.ADSC

Connect starts an ADS connection to the server using adsc. It will automatically be cleaned up when the test ends watch can be configured to determine the resources to watch initially, and wait can be configured to determine what resources we should initially wait for.

func (*FakeDiscoveryServer) ConnectADS 

func (f *FakeDiscoveryServer) ConnectADS() *AdsTest

ConnectADS starts an ADS connection to the server. It will automatically be cleaned up when the test ends

func (*FakeDiscoveryServer) ConnectDeltaADS 

func (f *FakeDiscoveryServer) ConnectDeltaADS() *DeltaAdsTest

ConnectDeltaADS starts a Delta ADS connection to the server. It will automatically be cleaned up when the test ends

func (*FakeDiscoveryServer) Endpoints 

func (f *FakeDiscoveryServer) Endpoints(p *model.Proxy) []*endpoint.ClusterLoadAssignment

func (*FakeDiscoveryServer) KubeClient 

func (f *FakeDiscoveryServer) KubeClient() kubelib.Client

func (*FakeDiscoveryServer) PushContext 

func (f *FakeDiscoveryServer) PushContext() *model.PushContext

type FakeOptions 

type FakeOptions struct {
	// If provided, sets the name of the "default" or local cluster to the similaed pilots. (Defaults to opts.DefaultClusterName)
	DefaultClusterName cluster.ID
	// If provided, the minor version will be overridden for calls to GetKubernetesVersion to 1.minor
	KubernetesVersion string
	// If provided, a service registry with the name of each map key will be created with the given objects.
	KubernetesObjectsByCluster map[cluster.ID][]runtime.Object
	// If provided, these objects will be used directly for the default cluster ("Kubernetes" or DefaultClusterName)
	KubernetesObjects []runtime.Object
	// If provided, a service registry with the name of each map key will be created with the given objects.
	KubernetesObjectStringByCluster map[cluster.ID]string
	// If provided, the yaml string will be parsed and used as objects for the default cluster ("Kubernetes" or DefaultClusterName)
	KubernetesObjectString string
	// Endpoint mode for the Kubernetes service registry
	KubernetesEndpointMode kube.EndpointMode
	// If provided, these configs will be used directly
	Configs []config.Config
	// If provided, the yaml string will be parsed and used as configs
	ConfigString string
	// If provided, the ConfigString will be treated as a go template, with this as input params
	ConfigTemplateInput interface{}
	// If provided, this mesh config will be used
	MeshConfig      *meshconfig.MeshConfig
	NetworksWatcher mesh.NetworksWatcher

	// Callback to modify the server before it is started
	DiscoveryServerModifier func(s *DiscoveryServer)
	// Callback to modify the kube client before it is started
	KubeClientModifier func(c kubelib.Client)

	// ListenerBuilder, if specified, allows making the server use the given
	// listener instead of a buffered conn.
	ListenerBuilder func() (net.Listener, error)

	// Time to debounce
	// By default, set to 0s to speed up tests
	DebounceTime time.Duration

	// EnableFakeXDSUpdater will use a XDSUpdater that can be used to watch events
	EnableFakeXDSUpdater       bool
	DisableSecretAuthorization bool
	Services                   []*model.Service
	Gateways                   []model.NetworkGateway
}

type FakeXdsEvent 

type FakeXdsEvent struct {
	Kind      string
	Host      string
	Namespace string
	Endpoints int
	PushReq   *model.PushRequest
}

type FakeXdsUpdater 

type FakeXdsUpdater struct {
	// Events tracks notifications received by the updater
	Events   chan FakeXdsEvent
	Delegate model.XDSUpdater
}

func (*FakeXdsUpdater) ConfigUpdate 

func (fx *FakeXdsUpdater) ConfigUpdate(req *model.PushRequest)

func (*FakeXdsUpdater) EDSCacheUpdate 

func (fx *FakeXdsUpdater) EDSCacheUpdate(s model.ShardKey, hostname string, namespace string, entry []*model.IstioEndpoint)

func (*FakeXdsUpdater) EDSUpdate 

func (fx *FakeXdsUpdater) EDSUpdate(s model.ShardKey, hostname string, namespace string, entry []*model.IstioEndpoint)

func (*FakeXdsUpdater) ProxyUpdate 

func (fx *FakeXdsUpdater) ProxyUpdate(c cluster.ID, p string)

func (*FakeXdsUpdater) RemoveShard 

func (fx *FakeXdsUpdater) RemoveShard(_ model.ShardKey)

func (*FakeXdsUpdater) SvcUpdate 

func (fx *FakeXdsUpdater) SvcUpdate(s model.ShardKey, hostname string, namespace string, e model.Event)

func (*FakeXdsUpdater) Wait 

func (fx *FakeXdsUpdater) Wait(types ...string) *FakeXdsEvent

func (*FakeXdsUpdater) WaitDuration 

func (fx *FakeXdsUpdater) WaitDuration(duration time.Duration, types ...string) *FakeXdsEvent

func (*FakeXdsUpdater) WaitDurationOrFail 

func (fx *FakeXdsUpdater) WaitDurationOrFail(t test.Failer, duration time.Duration, types ...string) *FakeXdsEvent

func (*FakeXdsUpdater) WaitOrFail 

func (fx *FakeXdsUpdater) WaitOrFail(t test.Failer, types ...string) *FakeXdsEvent

type IstioControlPlaneInstance 

type IstioControlPlaneInstance struct {
	// The Istio component type (e.g. "istiod")
	Component string
	// The ID of the component instance
	ID string
	// The Istio version
	Info istioversion.BuildInfo
}

IstioControlPlaneInstance defines the format Istio uses for when creating Envoy config.core.v3.ControlPlane.identifier

type LdsGenerator 

type LdsGenerator struct {
	Server *DiscoveryServer
}

func (LdsGenerator) Generate 

func (l LdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

type LocLbEndpointsAndOptions 

type LocLbEndpointsAndOptions struct {
	// contains filtered or unexported fields
}

func (*LocLbEndpointsAndOptions) AssertInvarianceInTest 

func (e *LocLbEndpointsAndOptions) AssertInvarianceInTest()

type NdsGenerator 

type NdsGenerator struct {
	Server *DiscoveryServer
}

NdsGenerator Nds stands for Name Discovery Service. Istio agents send NDS requests to istiod istiod responds with a list of service entries and their associated IPs (including k8s services) The agent then updates its internal DNS based on this data. If DNS capture is enabled in the pod the agent will capture all DNS requests and attempt to resolve locally before forwarding to upstream dns servers/

func (NdsGenerator) Generate 

func (n NdsGenerator) Generate(proxy *model.Proxy, _ *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

type PcdsGenerator 

type PcdsGenerator struct {
	Server      *DiscoveryServer
	TrustBundle *tb.TrustBundle
}

PcdsGenerator generates proxy configuration for proxies to consume

func (*PcdsGenerator) Generate 

func (e *PcdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

Generate returns ProxyConfig protobuf containing TrustBundle for given proxy

type PushContextDebug 

type PushContextDebug struct {
	AuthorizationPolicies *model.AuthorizationPolicies
	NetworkGateways       map[network.ID][]model.NetworkGateway
}

PushContextDebug holds debug information for push context.

type PushQueue 

type PushQueue struct {
	// contains filtered or unexported fields
}

func NewPushQueue 

func NewPushQueue() *PushQueue

func (*PushQueue) Dequeue 

func (p *PushQueue) Dequeue() (con *Connection, request *model.PushRequest, shutdown bool)

Remove a proxy from the queue. If there are no proxies ready to be removed, this will block

func (*PushQueue) Enqueue 

func (p *PushQueue) Enqueue(con *Connection, pushRequest *model.PushRequest)

Enqueue will mark a proxy as pending a push. If it is already pending, pushInfo will be merged. ServiceEntry updates will be added together, and full will be set if either were full

func (*PushQueue) MarkDone 

func (p *PushQueue) MarkDone(con *Connection)

func (*PushQueue) Pending 

func (p *PushQueue) Pending() int

Get number of pending proxies

func (*PushQueue) ShutDown 

func (p *PushQueue) ShutDown()

ShutDown will cause queue to ignore all new items added to it. As soon as the worker goroutines have drained the existing items in the queue, they will be instructed to exit.

type PushType 

type PushType int

PushType is an enumeration that decides what type push we should do when we get EDS update. 

const (
	// NoPush does not push any thing.
	NoPush PushType = iota
	// IncrementalPush just pushes endpoints.
	IncrementalPush
	// FullPush triggers full push - typically used for new services.
	FullPush
)

type RdsGenerator 

type RdsGenerator struct {
	Server *DiscoveryServer
}

func (RdsGenerator) Generate 

func (c RdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

type ResponseCapture 

type ResponseCapture struct {
	// contains filtered or unexported fields
}

func NewResponseCapture 

func NewResponseCapture() *ResponseCapture

func (ResponseCapture) Header 

func (r ResponseCapture) Header() http.Header

func (ResponseCapture) Write 

func (r ResponseCapture) Write(i []byte) (int, error)

func (ResponseCapture) WriteHeader 

func (r ResponseCapture) WriteHeader(statusCode int)

type SecretGen 

type SecretGen struct {
	// contains filtered or unexported fields
}

func NewSecretGen 

func NewSecretGen(sc credscontroller.MulticlusterController, cache model.XdsCache, configCluster cluster.ID,
	meshConfig *mesh.MeshConfig) *SecretGen

func (*SecretGen) Generate 

func (s *SecretGen) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

type SecretResource 

type SecretResource struct {
	credentials.SecretResource
}

SecretResource wraps the authnmodel type with cache functions implemented

func (SecretResource) Cacheable 

func (sr SecretResource) Cacheable() bool

func (SecretResource) DependentConfigs 

func (sr SecretResource) DependentConfigs() []model.ConfigKey

func (SecretResource) DependentTypes 

func (sr SecretResource) DependentTypes() []config.GroupVersionKind

DependentTypes is not needed; we know exactly which configs impact SDS, so we can scope at DependentConfigs level

type SimpleServer 

type SimpleServer struct {
	// DiscoveryServer is the gRPC XDS implementation
	// Env and MemRegistry are available as fields, as well as the default
	// PushContext.
	DiscoveryServer *DiscoveryServer

	// MemoryStore is an in-memory config store, part of the aggregate store
	// used by the discovery server.
	MemoryConfigStore model.ConfigStore

	// GRPCListener is the listener used for GRPC. For agent it is
	// an insecure port, bound to 127.0.0.1
	GRPCListener net.Listener

	ConfigStoreCache model.ConfigStoreController
	// contains filtered or unexported fields
}

Server represents the XDS serving feature of Istiod (pilot). Unlike bootstrap/, this packet has no dependencies on K8S, CA, and other features. It'll be used initially in the istio-agent, to provide a minimal proxy while reusing the same code as istiod. Portions of the code will also be used in istiod - after it becomes stable the plan is to refactor bootstrap to use this code instead of directly bootstrapping XDS.

The server support proxy/federation of multiple sources - last part or parity with MCP/Galley and MCP-over-XDS.

func NewXDS 

func NewXDS(stop chan struct{}) *SimpleServer

Creates an basic, functional discovery server, using the same code as Istiod, but backed by an in-memory config and endpoint stores.

Can be used in tests, or as a minimal XDS discovery server with no dependency on K8S or the complex bootstrap used by Istiod. A memory registry and memory config store are used to generate the configs - they can be programmatically updated.

func (*SimpleServer) StartGRPC 

func (s *SimpleServer) StartGRPC(addr string) (string, error)

type StatusGen 

type StatusGen struct {
	Server *DiscoveryServer
}

StatusGen is a Generator for XDS status: connections, syncz, configdump

func NewStatusGen 

func NewStatusGen(s *DiscoveryServer) *StatusGen

func (*StatusGen) Generate 

func (sg *StatusGen) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

Generate XDS responses about internal events: - connection status - NACKs We can also expose ACKS.

func (*StatusGen) OnConnect 

func (sg *StatusGen) OnConnect(con *Connection)

func (*StatusGen) OnDisconnect 

func (sg *StatusGen) OnDisconnect(con *Connection)

func (*StatusGen) OnNack 

func (sg *StatusGen) OnNack(node *model.Proxy, dr *discovery.DiscoveryRequest)

type SyncStatus 

type SyncStatus struct {
	ClusterID            string `json:"cluster_id,omitempty"`
	ProxyID              string `json:"proxy,omitempty"`
	ProxyVersion         string `json:"proxy_version,omitempty"`
	IstioVersion         string `json:"istio_version,omitempty"`
	ClusterSent          string `json:"cluster_sent,omitempty"`
	ClusterAcked         string `json:"cluster_acked,omitempty"`
	ListenerSent         string `json:"listener_sent,omitempty"`
	ListenerAcked        string `json:"listener_acked,omitempty"`
	RouteSent            string `json:"route_sent,omitempty"`
	RouteAcked           string `json:"route_acked,omitempty"`
	EndpointSent         string `json:"endpoint_sent,omitempty"`
	EndpointAcked        string `json:"endpoint_acked,omitempty"`
	ExtensionConfigSent  string `json:"extensionconfig_sent,omitempty"`
	ExtensionConfigAcked string `json:"extensionconfig_acked,omitempty"`
}

SyncStatus is the synchronization status between Pilot and a given Envoy

type SyncedVersions 

type SyncedVersions struct {
	ProxyID         string `json:"proxy,omitempty"`
	ClusterVersion  string `json:"cluster_acked,omitempty"`
	ListenerVersion string `json:"listener_acked,omitempty"`
	RouteVersion    string `json:"route_acked,omitempty"`
}

SyncedVersions shows what resourceVersion of a given resource has been acked by Envoy.

type TelemetryDebug 

type TelemetryDebug struct {
	Telemetries *model.Telemetries `json:"telemetries"`
}

AuthorizationDebug holds debug information for authorization policy.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.