dp_server

package
v0.0.0-...-03849dc Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 26, 2024 License: Apache-2.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DpServerAuthServiceAccountToken = "serviceAccountToken"
	DpServerAuthDpToken             = "dpToken"
	DpServerAuthZoneToken           = "zoneToken"
	DpServerAuthNone                = "none"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type DpProxyAuthnConfig

type DpProxyAuthnConfig struct {
	// Type of authentication. Available values: "serviceAccountToken", "dpToken", "none".
	// If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "dpToken" on Universal.
	Type string `json:"type" envconfig:"DUBBO_DP_SERVER_AUTHN_DP_PROXY_TYPE"`
	// Configuration of dpToken authentication method
	DpToken DpTokenAuthnConfig `json:"dpToken"`
}

type DpServerAuthnConfig

type DpServerAuthnConfig struct {
	// Configuration for data plane proxy authentication.
	DpProxy DpProxyAuthnConfig `json:"dpProxy"`
	// Configuration for zone proxy authentication.
	ZoneProxy ZoneProxyAuthnConfig `json:"zoneProxy"`
	// If true then Envoy uses Google gRPC instead of Envoy gRPC which lets a proxy reload the auth data (service account token, dp token etc.) from path without proxy restart.
	EnableReloadableTokens bool `json:"enableReloadableTokens" envconfig:"DUBBO_DP_SERVER_AUTHN_ENABLE_RELOADABLE_TOKENS"`
}

type DpServerConfig

type DpServerConfig struct {
	config.BaseConfig
	// ReadHeaderTimeout defines the amount of time DP server will be
	// allowed to read request headers. The connection's read deadline is reset
	// after reading the headers and the Handler can decide what is considered
	// too slow for the body. If ReadHeaderTimeout is zero there is no timeout.
	//
	// The timeout is configurable as in rare cases, when Dubbo CP was restarting,
	// 1s which is explicitly set in other servers was insufficient and DPs
	// were failing to reconnect (we observed this in Projected Service Account
	// Tokens e2e tests, which started flaking a lot after introducing explicit
	// 1s timeout)
	// TlsCertFile defines a path to a file with PEM-encoded TLS cert. If empty, start the plain HTTP/2 server (h2c).
	TlsCertFile string `json:"tlsCertFile" envconfig:"DUBBO_DP_SERVER_TLS_CERT_FILE"`
	// TlsKeyFile defines a path to a file with PEM-encoded TLS key. If empty, start the plain HTTP/2 server (h2c).
	TlsKeyFile        string                `json:"tlsKeyFile" envconfig:"KUMA_DIAGNOSTICS_TLS_KEY_FILE"`
	ReadHeaderTimeout config_types.Duration `json:"readHeaderTimeout" envconfig:"DUBBO_DP_SERVER_READ_HEADER_TIMEOUT"`
	// Port of the DP Server
	Port int `json:"port" envconfig:"dubbo_dp_server_port"`
	// Authn defines authentication configuration for the DP Server.
	Authn DpServerAuthnConfig `json:"authn"`
	// Hds defines a Health Discovery Service configuration
	Hds *HdsConfig `json:"hds"`
}

DpServerConfig defines the data plane Server configuration that serves API like Bootstrap/XDS.

func DefaultDpServerConfig

func DefaultDpServerConfig() *DpServerConfig

func (*DpServerConfig) PostProcess

func (a *DpServerConfig) PostProcess() error

func (*DpServerConfig) Validate

func (a *DpServerConfig) Validate() error

type DpTokenAuthnConfig

type DpTokenAuthnConfig struct {
	// If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline.
	EnableIssuer bool `json:"enableIssuer" envconfig:"DUBBO_DP_SERVER_AUTHN_DP_PROXY_DP_TOKEN_ENABLE_ISSUER"`
	// DP Token validator configuration
	Validator DpTokenValidatorConfig `json:"validator"`
}

type DpTokenValidatorConfig

type DpTokenValidatorConfig struct {
	// If true then Dubbo secrets with prefix "dataplane-token-signing-key-{mesh}" are considered as signing keys.
	UseSecrets bool `json:"useSecrets" envconfig:"DUBBO_DP_SERVER_AUTHN_DP_PROXY_DP_TOKEN_VALIDATOR_USE_SECRETS"`
	// List of public keys used to validate the token
	PublicKeys []config_types.MeshedPublicKey `json:"publicKeys"`
}

func (DpTokenValidatorConfig) Validate

func (d DpTokenValidatorConfig) Validate() error

type HdsCheck

type HdsCheck struct {
	config.BaseConfig

	// Timeout is a time to wait for a health check response. If the timeout is reached the
	// health check attempt will be considered a failure.
	Timeout config_types.Duration `json:"timeout" envconfig:"DUBBO_DP_SERVER_HDS_CHECK_TIMEOUT"`
	// Interval between health checks.
	Interval config_types.Duration `json:"interval" envconfig:"DUBBO_DP_SERVER_HDS_CHECK_INTERVAL"`
	// NoTrafficInterval is a special health check interval that is used when a cluster has
	// never had traffic routed to it.
	NoTrafficInterval config_types.Duration `json:"noTrafficInterval" envconfig:"DUBBO_DP_SERVER_HDS_CHECK_NO_TRAFFIC_INTERVAL"`
	// HealthyThreshold is a number of healthy health checks required before a host is marked
	// healthy.
	HealthyThreshold uint32 `json:"healthyThreshold" envconfig:"DUBBO_DP_SERVER_HDS_CHECK_HEALTHY_THRESHOLD"`
	// UnhealthyThreshold is a number of unhealthy health checks required before a host is marked
	// unhealthy.
	UnhealthyThreshold uint32 `json:"unhealthyThreshold" envconfig:"DUBBO_DP_SERVER_HDS_CHECK_UNHEALTHY_THRESHOLD"`
}

func (*HdsCheck) Validate

func (h *HdsCheck) Validate() error

type HdsConfig

type HdsConfig struct {
	config.BaseConfig

	// Enabled if true then Envoy will actively check application's ports, but only on Universal.
	// On Kubernetes this feature disabled for now regardless the flag value
	Enabled bool `json:"enabled" envconfig:"DUBBO_DP_SERVER_HDS_ENABLED"`
	// Interval for Envoy to send statuses for HealthChecks
	Interval config_types.Duration `json:"interval" envconfig:"DUBBO_DP_SERVER_HDS_INTERVAL"`
	// RefreshInterval is an interval for re-genarting configuration for Dataplanes connected to the Control Plane
	RefreshInterval config_types.Duration `json:"refreshInterval" envconfig:"DUBBO_DP_SERVER_HDS_REFRESH_INTERVAL"`
	// CheckDefaults defines a HealthCheck configuration
	CheckDefaults *HdsCheck `json:"checkDefaults"`
}

func DefaultHdsConfig

func DefaultHdsConfig() *HdsConfig

func (*HdsConfig) PostProcess

func (h *HdsConfig) PostProcess() error

func (*HdsConfig) Validate

func (h *HdsConfig) Validate() error

type ZoneProxyAuthnConfig

type ZoneProxyAuthnConfig struct {
	// Type of authentication. Available values: "serviceAccountToken", "zoneToken", "none".
	// If empty, autoconfigured based on the environment - "serviceAccountToken" on Kubernetes, "zoneToken" on Universal.
	Type string `json:"type" envconfig:"DUBBO_DP_SERVER_AUTHN_ZONE_PROXY_TYPE"`
	// Configuration for zoneToken authentication method.
	ZoneToken ZoneTokenAuthnConfig `json:"zoneToken"`
}

type ZoneTokenAuthnConfig

type ZoneTokenAuthnConfig struct {
	// If true the control plane token issuer is enabled. It's recommended to set it to false when all the tokens are issued offline.
	EnableIssuer bool `json:"enableIssuer" envconfig:"DUBBO_DP_SERVER_AUTHN_ZONE_PROXY_ZONE_TOKEN_ENABLE_ISSUER"`
	// Zone Token validator configuration
	Validator ZoneTokenValidatorConfig `json:"validator"`
}

type ZoneTokenValidatorConfig

type ZoneTokenValidatorConfig struct {
	// If true then Dubbo secrets with prefix "zone-token-signing-key" are considered as signing keys.
	UseSecrets bool `json:"useSecrets" envconfig:"DUBBO_DP_SERVER_AUTHN_ZONE_PROXY_ZONE_TOKEN_VALIDATOR_USE_SECRETS"`
	// List of public keys used to validate the token
	PublicKeys []config_types.PublicKey `json:"publicKeys"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL