model

package
v0.0.0-...-730bba4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 12, 2018 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// IstioAPIGroupDomain defines API group domain of all Istio configuration resources.
	// Group domain suffix to the proto schema's group to generate the full resource group.
	IstioAPIGroupDomain = ".istio.io"

	// HeaderURI is URI HTTP header
	HeaderURI = "uri"

	// HeaderAuthority is authority HTTP header
	HeaderAuthority = "authority"

	// HeaderMethod is method HTTP header
	HeaderMethod = "method"

	// HeaderScheme is scheme HTTP header
	HeaderScheme = "scheme"

	// NamespaceAll is a designated symbol for listing across all namespaces
	NamespaceAll = ""
)
View Source 
const (

	// IngressCertsPath is the path location for ingress certificates
	IngressCertsPath = "/etc/istio/ingress-certs/"

	// AuthCertsPath is the path location for mTLS certificates
	AuthCertsPath = "/etc/certs/"

	// CertChainFilename is mTLS chain file
	CertChainFilename = "cert-chain.pem"

	// KeyFilename is mTLS private key
	KeyFilename = "key.pem"

	// RootCertFilename is mTLS root cert
	RootCertFilename = "root-cert.pem"

	// IngressCertFilename is the ingress cert file name
	IngressCertFilename = "tls.crt"

	// IngressKeyFilename is the ingress private key file name
	IngressKeyFilename = "tls.key"

	// ConfigPathDir config directory for storing envoy json config files.
	// It also stores core files as per
	// https://github.com/istio/istio/blob/master/install/kubernetes/templates/istio-sidecar-injector-configmap-debug.yaml.tmpl#L27
	ConfigPathDir = "/etc/istio/proxy"

	// BinaryPathFilename envoy binary location
	BinaryPathFilename = "/usr/local/bin/envoy"

	// ServiceClusterName service cluster name used in xDS calls
	ServiceClusterName = "istio-proxy"

	// DiscoveryPlainAddress discovery IP address:port with plain text
	DiscoveryPlainAddress = "istio-pilot:15007"
)

Variables

View Source 
var (
	// MockConfig is used purely for testing
	MockConfig = ProtoSchema{
		Type:        "mock-config",
		Plural:      "mock-configs",
		Group:       "test",
		Version:     "v1",
		MessageName: "test.MockConfig",
		Validate: func(config proto.Message) error {
			if config.(*test.MockConfig).Key == "" {
				return errors.New("empty key")
			}
			return nil
		},
	}

	// RouteRule describes route rules
	RouteRule = ProtoSchema{
		Type:        "route-rule",
		Plural:      "route-rules",
		Group:       "config",
		Version:     istioAPIVersion,
		MessageName: "istio.routing.v1alpha1.RouteRule",
		Validate:    ValidateRouteRule,
	}

	// VirtualService describes v1alpha2 route rules
	VirtualService = ProtoSchema{
		Type:        "virtual-service",
		Plural:      "virtual-services",
		Group:       "networking",
		Version:     "v1alpha3",
		MessageName: "istio.networking.v1alpha3.VirtualService",
		Validate:    ValidateVirtualService,
	}

	// Gateway describes a gateway (how a proxy is exposed on the network)
	Gateway = ProtoSchema{
		Type:        "gateway",
		Plural:      "gateways",
		Group:       "networking",
		Version:     "v1alpha3",
		MessageName: "istio.networking.v1alpha3.Gateway",
		Validate:    ValidateGateway,
	}

	// IngressRule describes ingress rules
	IngressRule = ProtoSchema{
		Type:        "ingress-rule",
		Plural:      "ingress-rules",
		Group:       "config",
		Version:     istioAPIVersion,
		MessageName: "istio.routing.v1alpha1.IngressRule",
		Validate:    ValidateIngressRule,
	}

	// EgressRule describes egress rule
	EgressRule = ProtoSchema{
		Type:        "egress-rule",
		Plural:      "egress-rules",
		Group:       "config",
		Version:     istioAPIVersion,
		MessageName: "istio.routing.v1alpha1.EgressRule",
		Validate:    ValidateEgressRule,
	}

	// ExternalService describes external services
	ExternalService = ProtoSchema{
		Type:        "external-service",
		Plural:      "external-services",
		Group:       "networking",
		Version:     "v1alpha3",
		MessageName: "istio.networking.v1alpha3.ExternalService",
		Validate:    ValidateExternalService,
	}

	// DestinationPolicy describes destination rules
	DestinationPolicy = ProtoSchema{
		Type:        "destination-policy",
		Plural:      "destination-policies",
		Group:       "config",
		Version:     istioAPIVersion,
		MessageName: "istio.routing.v1alpha1.DestinationPolicy",
		Validate:    ValidateDestinationPolicy,
	}

	// DestinationRule describes destination rules
	DestinationRule = ProtoSchema{
		Type:        "destination-rule",
		Plural:      "destination-rules",
		Group:       "networking",
		Version:     "v1alpha3",
		MessageName: "istio.networking.v1alpha3.DestinationRule",
		Validate:    ValidateDestinationRule,
	}

	// HTTPAPISpec describes an HTTP API specification.
	HTTPAPISpec = ProtoSchema{
		Type:        "http-api-spec",
		Plural:      "http-api-specs",
		Group:       "config",
		Version:     istioAPIVersion,
		MessageName: "istio.mixer.v1.config.client.HTTPAPISpec",
		Validate:    ValidateHTTPAPISpec,
	}

	// HTTPAPISpecBinding describes an HTTP API specification binding.
	HTTPAPISpecBinding = ProtoSchema{
		Type:        "http-api-spec-binding",
		Plural:      "http-api-spec-bindings",
		Group:       "config",
		Version:     istioAPIVersion,
		MessageName: "istio.mixer.v1.config.client.HTTPAPISpecBinding",
		Validate:    ValidateHTTPAPISpecBinding,
	}

	// QuotaSpec describes an Quota specification.
	QuotaSpec = ProtoSchema{
		Type:        "quota-spec",
		Plural:      "quota-specs",
		Group:       "config",
		Version:     istioAPIVersion,
		MessageName: "istio.mixer.v1.config.client.QuotaSpec",
		Validate:    ValidateQuotaSpec,
	}

	// QuotaSpecBinding describes an Quota specification binding.
	QuotaSpecBinding = ProtoSchema{
		Type:        "quota-spec-binding",
		Plural:      "quota-spec-bindings",
		Group:       "config",
		Version:     istioAPIVersion,
		MessageName: "istio.mixer.v1.config.client.QuotaSpecBinding",
		Validate:    ValidateQuotaSpecBinding,
	}

	// AuthenticationPolicy describes an authentication policy.
	AuthenticationPolicy = ProtoSchema{
		Type:        "policy",
		Plural:      "policies",
		Group:       "authentication",
		Version:     "v1alpha1",
		MessageName: "istio.authentication.v1alpha1.Policy",
		Validate:    ValidateAuthenticationPolicy,
	}

	// EndUserAuthenticationPolicySpec describes an end-user authentication policy.
	EndUserAuthenticationPolicySpec = ProtoSchema{
		Type:        "end-user-authentication-policy-spec",
		Plural:      "end-user-authentication-policy-specs",
		Group:       "config",
		Version:     istioAPIVersion,
		MessageName: "istio.mixer.v1.config.client.EndUserAuthenticationPolicySpec",
		Validate:    ValidateEndUserAuthenticationPolicySpec,
	}

	// EndUserAuthenticationPolicySpecBinding describes an EndUserAuthenticationPolicy specification binding.
	EndUserAuthenticationPolicySpecBinding = ProtoSchema{
		Type:        "end-user-authentication-policy-spec-binding",
		Plural:      "end-user-authentication-policy-spec-bindings",
		Group:       "config",
		Version:     istioAPIVersion,
		MessageName: "istio.mixer.v1.config.client.EndUserAuthenticationPolicySpecBinding",
		Validate:    ValidateEndUserAuthenticationPolicySpecBinding,
	}

	// IstioConfigTypes lists all Istio config types with schemas and validation
	IstioConfigTypes = ConfigDescriptor{
		RouteRule,
		VirtualService,
		IngressRule,
		Gateway,
		EgressRule,
		ExternalService,
		DestinationPolicy,
		DestinationRule,
		HTTPAPISpec,
		HTTPAPISpecBinding,
		QuotaSpec,
		QuotaSpecBinding,
		EndUserAuthenticationPolicySpec,
		EndUserAuthenticationPolicySpecBinding,
		AuthenticationPolicy,
	}
)

Functions

func ApplyJSON 

func ApplyJSON(js string, pb proto.Message) error

ApplyJSON unmarshals a JSON string into a proto message

func ApplyMeshConfigDefaults 

func ApplyMeshConfigDefaults(yaml string) (*meshconfig.MeshConfig, error)

ApplyMeshConfigDefaults returns a new MeshConfig decoded from the input YAML with defaults applied to omitted configuration values.

func ApplyYAML 

func ApplyYAML(yml string, pb proto.Message) error

ApplyYAML unmarshals a YAML string into a proto message

func DefaultMeshConfig 

func DefaultMeshConfig() meshconfig.MeshConfig

DefaultMeshConfig configuration

func DefaultProxyConfig 

func DefaultProxyConfig() meshconfig.ProxyConfig

DefaultProxyConfig for individual proxies

func IsApplicationNodeType 

func IsApplicationNodeType(nType NodeType) bool

IsApplicationNodeType verifies that the NodeType is one of the declared constants in the model

func IsDNS1123Label 

func IsDNS1123Label(value string) bool

IsDNS1123Label tests for a string that conforms to the definition of a label in DNS (RFC 1123).

func IsEgressRulesSupportedHTTPProtocol 

func IsEgressRulesSupportedHTTPProtocol(protocol Protocol) bool

IsEgressRulesSupportedHTTPProtocol returns true if the protocol is supported by egress rules, as an HTTP protocol (service names can contain wildcard domain names)

func IsEgressRulesSupportedProtocol 

func IsEgressRulesSupportedProtocol(protocol Protocol) bool

IsEgressRulesSupportedProtocol returns true if the protocol is supported by egress rules

func IsEgressRulesSupportedTCPProtocol 

func IsEgressRulesSupportedTCPProtocol(protocol Protocol) bool

IsEgressRulesSupportedTCPProtocol returns true if the protocol is supported by egress rules, as a TCP protocol (service names can contain CIDR)

func IsWildcardDNS1123Label 

func IsWildcardDNS1123Label(value string) bool

IsWildcardDNS1123Label tests for a string that conforms to the definition of a label in DNS (RFC 1123), but allows the wildcard label (`*`), and typical labels with a leading astrisk instead of alphabetic character (e.g. "*-foo")

func Key 

func Key(typ, name, namespace string) string

Key function for the configuration objects

func MatchSource 

func MatchSource(meta ConfigMeta, source *routing.IstioService, instances []*ServiceInstance) bool

MatchSource checks that a rule applies for source service instances. Empty source match condition applies for all cases.

func MergeGateways 

func MergeGateways(dst, src *networking.Gateway) error

MergeGateways merges servers from src into the server set on dst

Merging happens on a per-server basis. When comparing two servers, there are three possible results:

  1. If the servers have distinct port numbers and port names, then the resulting Gateway (dst) will contain both
  2. If the servers have identical port number, port name, and tls config then their hosts are merged into a single server on the result (dst)
  3. Otherwise, the servers are in considered to be in conflict and an error will be returned

Missing features (TODO)

  • respect the 'selector' field
  • allow merging when ports exactly match but tls config differs (SNI)
  • allow merging h1, h2 and grpc protocols

See also: Merging Gateways and RouteRules 

https://docs.google.com/document/d/1z9jOZ1f4MhC3Fvisduio8IoUqd1_Eqrd3kG65M6n854

func ParsePort 

func ParsePort(addr string) int

ParsePort extracts port number from a valid proxy address

func ParseServiceKey 

func ParseServiceKey(s string) (hostname string, ports PortList, labels LabelsCollection)

ParseServiceKey is the inverse of the Service.String() method

func ResolveFQDN 

func ResolveFQDN(host, domain string) string

ResolveFQDN ensures a host is a FQDN. If the host is a short name (i.e. has no dots in the name) and the domain is non-empty the FQDN is built by concatenating the host and domain with a dot. Otherwise host is assumed to be a FQDN and is returned unchanged.

func ResolveFQDNFromDestination 

func ResolveFQDNFromDestination(meta ConfigMeta, destination *networking.Destination) string

ResolveFQDNFromDestination returns FQDN for destination, in namespace and domain defines by config meta.

func ResolveHostname 

func ResolveHostname(meta ConfigMeta, svc *routing.IstioService) string

ResolveHostname uses metadata information to resolve a service reference to a fully qualified hostname. The metadata namespace and domain are used as fallback values to fill up the complete name.

func ServiceKey 

func ServiceKey(hostname string, servicePorts PortList, labelsList LabelsCollection) string

ServiceKey generates a service key for a collection of ports and labels

func SortEndUserAuthenticationPolicySpec 

func SortEndUserAuthenticationPolicySpec(specs []Config)

SortEndUserAuthenticationPolicySpec sorts a slice in a stable manner.

func SortHTTPAPISpec 

func SortHTTPAPISpec(specs []Config)

SortHTTPAPISpec sorts a slice in a stable manner.

func SortQuotaSpec 

func SortQuotaSpec(specs []Config)

SortQuotaSpec sorts a slice in a stable manner.

func SortRouteRules 

func SortRouteRules(rules []Config)

SortRouteRules sorts a slice of v1alpha1 rules by precedence in a stable manner. non-v1alpha1 rules are sorted low without a guaranteed relative ordering.

func ToJSON 

func ToJSON(msg proto.Message) (string, error)

ToJSON marshals a proto to canonical JSON

func ToJSONMap 

func ToJSONMap(msg proto.Message) (map[string]interface{}, error)

ToJSONMap converts a proto message to a generic map using canonical JSON encoding JSON encoding is specified here: https://developers.google.com/protocol-buffers/docs/proto3#json

func ToYAML 

func ToYAML(msg proto.Message) (string, error)

ToYAML marshals a proto to canonical YAML

func ValidateAbort 

func ValidateAbort(abort *routing.HTTPFaultInjection_Abort) (errs error)

ValidateAbort checks that fault injection abort is well-formed

func ValidateAbortHTTPStatus 

func ValidateAbortHTTPStatus(httpStatus *routing.HTTPFaultInjection_Abort_HttpStatus) (errs error)

ValidateAbortHTTPStatus checks that fault injection abort HTTP status is valid

func ValidateAuthenticationPolicy 

func ValidateAuthenticationPolicy(msg proto.Message) error

ValidateAuthenticationPolicy checks that AuthenticationPolicy is well-formed.

func ValidateCircuitBreaker 

func ValidateCircuitBreaker(cb *routing.CircuitBreaker) (errs error)

ValidateCircuitBreaker validates Circuit Breaker

func ValidateConnectTimeout 

func ValidateConnectTimeout(timeout *duration.Duration) error

ValidateConnectTimeout validates the envoy conncection timeout

func ValidateDelay 

func ValidateDelay(delay *routing.HTTPFaultInjection_Delay) (errs error)

ValidateDelay checks that fault injection delay is well-formed

func ValidateDestinationPolicy 

func ValidateDestinationPolicy(msg proto.Message) error

ValidateDestinationPolicy checks proxy policies

func ValidateDestinationRule 

func ValidateDestinationRule(msg proto.Message) (errs error)

ValidateDestinationRule checks proxy policies

func ValidateDestinationWeight 

func ValidateDestinationWeight(dw *routing.DestinationWeight) (errs error)

ValidateDestinationWeight validates DestinationWeight

func ValidateDuration 

func ValidateDuration(pd *duration.Duration) error

ValidateDuration checks that a proto duration is well-formed

func ValidateDurationRange 

func ValidateDurationRange(dur, min, max time.Duration) error

ValidateDurationRange verifies range is in specified duration

func ValidateEgressRule 

func ValidateEgressRule(msg proto.Message) error

ValidateEgressRule checks egress rules

func ValidateEgressRuleDestination 

func ValidateEgressRuleDestination(destination *routing.IstioService) error

ValidateEgressRuleDestination checks that valid destination is used for an egress-rule only service field is allowed, all other fields are forbidden

func ValidateEgressRuleDomain 

func ValidateEgressRuleDomain(domain string) error

ValidateEgressRuleDomain validates domains in the egress rules domains are according to the definion of Envoy's domain of virtual hosts.

Wildcard hosts are supported in the form of “*.foo.com” or “*-bar.foo.com”. Note that the wildcard will not match the empty string. e.g. “*-bar.foo.com” will match “baz-bar.foo.com” but not “-bar.foo.com”. Additionally, a special entry “*” is allowed which will match any host/authority header.

func ValidateEgressRulePort 

func ValidateEgressRulePort(port *routing.EgressRule_Port) error

ValidateEgressRulePort checks the port of the egress rule (communication port and protocol)

func ValidateEgressRuleService 

func ValidateEgressRuleService(service string) error

ValidateEgressRuleService validates service field of egress rules. Service field of egress rule contains either domain, according to the definition of Envoy's domain of virtual hosts, or CIDR, according to the definition of destination_ip_list of a route in Envoy's TCP Proxy filter.

func ValidateEndUserAuthenticationPolicySpec 

func ValidateEndUserAuthenticationPolicySpec(msg proto.Message) error

ValidateEndUserAuthenticationPolicySpec checks that EndUserAuthenticationPolicySpec is well-formed.

func ValidateEndUserAuthenticationPolicySpecBinding 

func ValidateEndUserAuthenticationPolicySpecBinding(msg proto.Message) error

ValidateEndUserAuthenticationPolicySpecBinding checks that EndUserAuthenticationPolicySpecBinding is well-formed.

func ValidateExternalService 

func ValidateExternalService(config proto.Message) (errs error)

ValidateExternalService validates a external service.

func ValidateFQDN 

func ValidateFQDN(fqdn string) error

ValidateFQDN checks a fully-qualified domain name

func ValidateFloatPercent 

func ValidateFloatPercent(val float32) error

ValidateFloatPercent checks that percent is in range

func ValidateGateway 

func ValidateGateway(msg proto.Message) (errs error)

ValidateGateway checks gateway specifications

func ValidateGogoDuration 

func ValidateGogoDuration(in *types.Duration) error

ValidateGogoDuration validates the gogoproto variant of duration.

func ValidateHTTPAPISpec 

func ValidateHTTPAPISpec(msg proto.Message) error

ValidateHTTPAPISpec checks that HTTPAPISpec is well-formed.

func ValidateHTTPAPISpecBinding 

func ValidateHTTPAPISpecBinding(msg proto.Message) error

ValidateHTTPAPISpecBinding checks that HTTPAPISpecBinding is well-formed.

func ValidateHTTPFault 

func ValidateHTTPFault(fault *routing.HTTPFaultInjection) (errs error)

ValidateHTTPFault validates HTTP Fault

func ValidateHTTPHeaderName 

func ValidateHTTPHeaderName(name string) error

ValidateHTTPHeaderName checks that the name is lower-case

func ValidateHTTPRetries 

func ValidateHTTPRetries(retry *routing.HTTPRetry) (errs error)

ValidateHTTPRetries validates HTTP Retries

func ValidateHTTPTimeout 

func ValidateHTTPTimeout(timeout *routing.HTTPTimeout) (errs error)

ValidateHTTPTimeout validates HTTP Timeout

func ValidateIPv4Address 

func ValidateIPv4Address(addr string) error

ValidateIPv4Address validates that a string in "CIDR notation" or "Dot-decimal notation"

func ValidateIPv4Subnet 

func ValidateIPv4Subnet(subnet string) error

ValidateIPv4Subnet checks that a string is in "CIDR notation" or "Dot-decimal notation"

func ValidateIngressRule 

func ValidateIngressRule(msg proto.Message) error

ValidateIngressRule checks ingress rules

func ValidateIstioService 

func ValidateIstioService(svc *routing.IstioService) (errs error)

ValidateIstioService checks for validity of a service reference

func ValidateL4Fault 

func ValidateL4Fault(fault *routing.L4FaultInjection) (errs error)

ValidateL4Fault validates L4 Fault

func ValidateL4MatchAttributes 

func ValidateL4MatchAttributes(ma *routing.L4MatchAttributes) (errs error)

ValidateL4MatchAttributes validates L4 Match Attributes

func ValidateLoadBalancing 

func ValidateLoadBalancing(lb *routing.LoadBalancing) (errs error)

ValidateLoadBalancing validates Load Balancing

func ValidateMatchCondition 

func ValidateMatchCondition(mc *routing.MatchCondition) (errs error)

ValidateMatchCondition validates a match condition

func ValidateMeshConfig 

func ValidateMeshConfig(mesh *meshconfig.MeshConfig) (errs error)

ValidateMeshConfig checks that the mesh config is well-formed

func ValidateMixerAttributes 

func ValidateMixerAttributes(msg proto.Message) error

ValidateMixerAttributes checks that Mixer attributes is well-formed.

func ValidateParentAndDrain 

func ValidateParentAndDrain(drainTime, parentShutdown *duration.Duration) (errs error)

ValidateParentAndDrain checks that parent and drain durations are valid

func ValidatePercent 

func ValidatePercent(val int32) error

ValidatePercent checks that percent is in range

func ValidatePort 

func ValidatePort(port int) error

ValidatePort checks that the network port is in range

func ValidateProxyAddress 

func ValidateProxyAddress(hostAddr string) error

ValidateProxyAddress checks that a network address is well-formed

func ValidateProxyConfig 

func ValidateProxyConfig(config *meshconfig.ProxyConfig) (errs error)

ValidateProxyConfig checks that the mesh config is well-formed

func ValidateQuotaSpec 

func ValidateQuotaSpec(msg proto.Message) error

ValidateQuotaSpec checks that Quota is well-formed.

func ValidateQuotaSpecBinding 

func ValidateQuotaSpecBinding(msg proto.Message) error

ValidateQuotaSpecBinding checks that QuotaSpecBinding is well-formed.

func ValidateRefreshDelay 

func ValidateRefreshDelay(refresh *duration.Duration) error

ValidateRefreshDelay validates the discovery refresh delay time

func ValidateRouteRule 

func ValidateRouteRule(msg proto.Message) error

ValidateRouteRule checks routing rules

func ValidateStringMatch 

func ValidateStringMatch(match *routing.StringMatch) error

ValidateStringMatch checks that the match types are correct

func ValidateSubnet 

func ValidateSubnet(subnet string) error

ValidateSubnet checks that IPv4 subnet form

func ValidateTerminate 

func ValidateTerminate(terminate *routing.L4FaultInjection_Terminate) (errs error)

ValidateTerminate checks that fault injection terminate is well-formed

func ValidateThrottle 

func ValidateThrottle(throttle *routing.L4FaultInjection_Throttle) (errs error)

ValidateThrottle checks that fault injections throttle is well-formed

func ValidateVirtualService 

func ValidateVirtualService(msg proto.Message) (errs error)

ValidateVirtualService checks that a v1alpha2 route rule is well-formed.

func ValidateWeights 

func ValidateWeights(routes []*routing.DestinationWeight) (errs error)

ValidateWeights checks that destination weights sum to 100

func ValidateWildcardDomain 

func ValidateWildcardDomain(domain string) error

ValidateWildcardDomain checks that a domain is a valid FQDN, but also allows wildcard prefixes.

Types

type Config 

type Config struct {
	ConfigMeta

	// Spec holds the configuration object as a protobuf message
	Spec proto.Message
}

Config is a configuration unit consisting of the type of configuration, the key identifier that is unique per type, and the content represented as a protobuf message.

func RejectConflictingEgressRules 

func RejectConflictingEgressRules(rules []Config) ([]Config, error)

RejectConflictingEgressRules rejects conflicting egress rules. The conflicts occur either than two egress rules share the same domain, or when they define different protocols on the same port

type ConfigDescriptor 

type ConfigDescriptor []ProtoSchema

ConfigDescriptor defines the bijection between the short type name and its fully qualified protobuf message name

func (ConfigDescriptor) GetByMessageName 

func (descriptor ConfigDescriptor) GetByMessageName(name string) (ProtoSchema, bool)

GetByMessageName finds a schema by message name if it is available

func (ConfigDescriptor) GetByType 

func (descriptor ConfigDescriptor) GetByType(name string) (ProtoSchema, bool)

GetByType finds a schema by type if it is available

func (ConfigDescriptor) Types 

func (descriptor ConfigDescriptor) Types() []string

Types lists all known types in the config schema

func (ConfigDescriptor) Validate 

func (descriptor ConfigDescriptor) Validate() error

Validate checks that each name conforms to the spec and has a ProtoMessage

func (ConfigDescriptor) ValidateConfig 

func (descriptor ConfigDescriptor) ValidateConfig(typ string, obj interface{}) error

ValidateConfig ensures that the config object is well-defined TODO: also check name and namespace

type ConfigMeta 

type ConfigMeta struct {
	// Type is a short configuration name that matches the content message type
	// (e.g. "route-rule")
	Type string `json:"type,omitempty"`

	// Group is the API group of the config.
	Group string `json:"group,omitempty"`

	// Version is the API version of the Config.
	Version string `json:"version,omitempty"`

	// Name is a unique immutable identifier in a namespace
	Name string `json:"name,omitempty"`

	// Namespace defines the space for names (optional for some types),
	// applications may choose to use namespaces for a variety of purposes
	// (security domains, fault domains, organizational domains)
	Namespace string `json:"namespace,omitempty"`

	// Domain defines the suffix of the fully qualified name past the namespace.
	// Domain is not a part of the unique key unlike name and namespace.
	Domain string `json:"domain,omitempty"`

	// Map of string keys and values that can be used to organize and categorize
	// (scope and select) objects.
	Labels map[string]string `json:"labels,omitempty"`

	// Annotations is an unstructured key value map stored with a resource that may be
	// set by external tools to store and retrieve arbitrary metadata. They are not
	// queryable and should be preserved when modifying objects.
	Annotations map[string]string `json:"annotations,omitempty"`

	// ResourceVersion is an opaque identifier for tracking updates to the config registry.
	// The implementation may use a change index or a commit log for the revision.
	// The config client should not make any assumptions about revisions and rely only on
	// exact equality to implement optimistic concurrency of read-write operations.
	//
	// The lifetime of an object of a particular revision depends on the underlying data store.
	// The data store may compactify old revisions in the interest of storage optimization.
	//
	// An empty revision carries a special meaning that the associated object has
	// not been stored and assigned a revision.
	ResourceVersion string `json:"resourceVersion,omitempty"`
}

ConfigMeta is metadata attached to each configuration unit. The revision is optional, and if provided, identifies the last update operation on the object.

func (*ConfigMeta) Key 

func (meta *ConfigMeta) Key() string

Key is the unique identifier for a configuration object

type ConfigStore 

type ConfigStore interface {
	// ConfigDescriptor exposes the configuration type schema known by the config store.
	// The type schema defines the bidrectional mapping between configuration
	// types and the protobuf encoding schema.
	ConfigDescriptor() ConfigDescriptor

	// Get retrieves a configuration element by a type and a key
	Get(typ, name, namespace string) (config *Config, exists bool)

	// List returns objects by type and namespace.
	// Use "" for the namespace to list across namespaces.
	List(typ, namespace string) ([]Config, error)

	// Create adds a new configuration object to the store. If an object with the
	// same name and namespace for the type already exists, the operation fails
	// with no side effects.
	Create(config Config) (revision string, err error)

	// Update modifies an existing configuration object in the store.  Update
	// requires that the object has been created.  Resource version prevents
	// overriding a value that has been changed between prior _Get_ and _Put_
	// operation to achieve optimistic concurrency. This method returns a new
	// revision if the operation succeeds.
	Update(config Config) (newRevision string, err error)

	// Delete removes an object from the store by key
	Delete(typ, name, namespace string) error
}

ConfigStore describes a set of platform agnostic APIs that must be supported by the underlying platform to store and retrieve Istio configuration.

Configuration key is defined to be a combination of the type, name, and namespace of the configuration object. The configuration key is guaranteed to be unique in the store.

The storage interface presented here assumes that the underlying storage layer supports _Get_ (list), _Update_ (update), _Create_ (create) and _Delete_ semantics but does not guarantee any transactional semantics.

_Update_, _Create_, and _Delete_ are mutator operations. These operations are asynchronous, and you might not see the effect immediately (e.g. _Get_ might not return the object by key immediately after you mutate the store.) Intermittent errors might occur even though the operation succeeds, so you should always check if the object store has been modified even if the mutating operation returns an error. Objects should be created with _Create_ operation and updated with _Update_ operation.

Resource versions record the last mutation operation on each object. If a mutation is applied to a different revision of an object than what the underlying storage expects as defined by pure equality, the operation is blocked. The client of this interface should not make assumptions about the structure or ordering of the revision identifier.

Object references supplied and returned from this interface should be treated as read-only. Modifying them violates thread-safety.

type ConfigStoreCache 

type ConfigStoreCache interface {
	ConfigStore

	// RegisterEventHandler adds a handler to receive config update events for a
	// configuration type
	RegisterEventHandler(typ string, handler func(Config, Event))

	// Run until a signal is received
	Run(stop <-chan struct{})

	// HasSynced returns true after initial cache synchronization is complete
	HasSynced() bool
}

ConfigStoreCache is a local fully-replicated cache of the config store. The cache actively synchronizes its local state with the remote store and provides a notification mechanism to receive update events. As such, the notification handlers must be registered prior to calling _Run_, and the cache requires initial synchronization grace period after calling _Run_.

Update notifications require the following consistency guarantee: the view in the cache must be AT LEAST as fresh as the moment notification arrives, but MAY BE more fresh (e.g. if _Delete_ cancels an _Add_ event).

Handlers execute on the single worker queue in the order they are appended. Handlers receive the notification event and the associated object. Note that all handlers must be registered before starting the cache controller.

type Controller 

type Controller interface {
	// AppendServiceHandler notifies about changes to the service catalog.
	AppendServiceHandler(f func(*Service, Event)) error

	// AppendInstanceHandler notifies about changes to the service instances
	// for a service.
	AppendInstanceHandler(f func(*ServiceInstance, Event)) error

	// Run until a signal is received
	Run(stop <-chan struct{})
}

Controller defines an event controller loop. Proxy agent registers itself with the controller loop and receives notifications on changes to the service topology or changes to the configuration artifacts.

The controller guarantees the following consistency requirement: registry view in the controller is as AT LEAST as fresh as the moment notification arrives, but MAY BE more fresh (e.g. "delete" cancels an "add" event). For example, an event for a service creation will see a service registry without the service if the event is immediately followed by the service deletion event.

Handlers execute on the single worker queue in the order they are appended. Handlers receive the notification event and the associated object. Note that all handlers must be appended before starting the controller.

type Environment 

type Environment struct {
	// Discovery interface for listing services and instances
	ServiceDiscovery

	// Accounts interface for listing service accounts
	ServiceAccounts

	// Config interface for listing routing rules
	IstioConfigStore

	// Mesh is the mesh config (to be merged into the config store)
	Mesh *meshconfig.MeshConfig

	// Mixer subject alternate name for mutual TLS
	MixerSAN []string
}

Environment provides an aggregate environmental API for Pilot

type Event 

type Event int

Event represents a registry update event 

const (
	// EventAdd is sent when an object is added
	EventAdd Event = iota

	// EventUpdate is sent when an object is modified
	// Captures the modified object
	EventUpdate

	// EventDelete is sent when an object is deleted
	// Captures the object at the last known state
	EventDelete
)

func (Event) String 

func (event Event) String() string

type IstioConfigStore 

type IstioConfigStore interface {
	ConfigStore

	// EgressRules lists all egress rules
	EgressRules() []Config

	// ExternalServices lists all external services
	ExternalServices() []Config

	// RouteRules selects routing rules by source service instances and
	// destination service.  A rule must match at least one of the input service
	// instances since the proxy does not distinguish between source instances in
	// the request.
	RouteRules(source []*ServiceInstance, destination string, domain string) []Config

	// RouteRulesByDestination selects routing rules associated with destination
	// service instances.  A rule must match at least one of the input
	// destination instances.
	RouteRulesByDestination(destination []*ServiceInstance, domain string) []Config

	// Policy returns a policy for a service version that match at least one of
	// the source instances.  The labels must match precisely in the policy.
	Policy(source []*ServiceInstance, destination string, labels Labels) *Config

	// DestinationRule returns a destination rule for a service name in a given domain.
	// Name can be short name or FQDN.
	DestinationRule(name, domain string) *Config

	// HTTPAPISpecByDestination selects Mixerclient HTTP API Specs
	// associated with destination service instances.
	HTTPAPISpecByDestination(instance *ServiceInstance) []Config

	// QuotaSpecByDestination selects Mixerclient quota specifications
	// associated with destination service instances.
	QuotaSpecByDestination(instance *ServiceInstance) []Config

	// EndUserAuthenticationPolicySpecByDestination selects
	// Mixerclient end user authn policy specifications associated
	// with destination service instances.
	EndUserAuthenticationPolicySpecByDestination(instance *ServiceInstance) []Config

	// AuthenticationPolicyByDestination selects authentication policy associated
	// with a service + port. Hostname must be FQDN.
	// If there are more than one policies at different scopes (global, namespace, service)
	// the one with the most specific scope will be selected. If there are more than
	// one with the same scope, the first one seen will be used (later, we should
	// have validation at submitting time to prevent this scenario from happening)
	AuthenticationPolicyByDestination(hostname string, port *Port) *Config
}

IstioConfigStore is a specialized interface to access config store using Istio configuration types

func MakeIstioStore 

func MakeIstioStore(store ConfigStore) IstioConfigStore

MakeIstioStore creates a wrapper around a store

type Labels 

type Labels map[string]string

Labels is a non empty set of arbitrary strings. Each version of a service can be differentiated by a unique set of labels associated with the version. These labels are assigned to all instances of a particular service version. For example, lets say catalog.mystore.com has 2 versions v1 and v2. v1 instances could have labels gitCommit=aeiou234, region=us-east, while v2 instances could have labels name=kittyCat,region=us-east.

func ParseLabelsString 

func ParseLabelsString(s string) Labels

ParseLabelsString extracts labels from a string

func (Labels) Equals 

func (l Labels) Equals(that Labels) bool

Equals returns true if the labels are identical

func (Labels) String 

func (l Labels) String() string

func (Labels) SubsetOf 

func (l Labels) SubsetOf(that Labels) bool

SubsetOf is true if the tag has identical values for the keys

func (Labels) Validate 

func (l Labels) Validate() error

Validate ensures tag is well-formed

type LabelsCollection 

type LabelsCollection []Labels

LabelsCollection is a collection of labels used for comparing labels against a collection of labels

func (LabelsCollection) HasSubsetOf 

func (labels LabelsCollection) HasSubsetOf(that Labels) bool

HasSubsetOf returns true if the input labels are a super set of one labels in a collection or if the tag collection is empty

type NetworkEndpoint 

type NetworkEndpoint struct {
	// Address of the network endpoint, typically an IPv4 address
	Address string `json:"ip_address,omitempty"`

	// Port number where this instance is listening for connections This
	// need not be the same as the port where the service is accessed.
	// e.g., catalog.mystore.com:8080 -> 172.16.0.1:55446
	Port int `json:"port"`

	// Port declaration from the service declaration This is the port for
	// the service associated with this instance (e.g.,
	// catalog.mystore.com)
	ServicePort *Port `json:"service_port"`
}

NetworkEndpoint defines a network address (IP:port) associated with an instance of the service. A service has one or more instances each running in a container/VM/pod. If a service has multiple ports, then the same instance IP is expected to be listening on multiple ports (one per each service port). Note that the port associated with an instance does not have to be the same as the port associated with the service. Depending on the network setup (NAT, overlays), this could vary.

For e.g., if catalog.mystore.com is accessible through port 80 and 8080, and it maps to an instance with IP 172.16.0.1, such that connections to port 80 are forwarded to port 55446, and connections to port 8080 are forwarded to port 33333,

then internally, we have two two endpoint structs for the service catalog.mystore.com 

--> 172.16.0.1:54546 (with ServicePort pointing to 80) and
--> 172.16.0.1:33333 (with ServicePort pointing to 8080)

type NodeType 

type NodeType string

NodeType decides the responsibility of the proxy serves in the mesh 

const (
	// Sidecar type is used for sidecar proxies in the application containers
	Sidecar NodeType = "sidecar"

	// Ingress type is used for cluster ingress proxies
	Ingress NodeType = "ingress"

	// Router type is used for standalone proxies acting as L7/L4 routers
	Router NodeType = "router"
)

type Port 

type Port struct {
	// Name ascribes a human readable name for the port object. When a
	// service has multiple ports, the name field is mandatory
	Name string `json:"name,omitempty"`

	// Port number where the service can be reached. Does not necessarily
	// map to the corresponding port numbers for the instances behind the
	// service. See NetworkEndpoint definition below.
	Port int `json:"port"`

	// Protocol to be used for the port.
	Protocol Protocol `json:"protocol,omitempty"`

	// In combine with the mesh's AuthPolicy, controls authentication for
	// Envoy-to-Envoy communication.
	// This value is extracted from service annotation.
	AuthenticationPolicy meshconfig.AuthenticationPolicy `json:"authentication_policy"`
}

Port represents a network port where a service is listening for connections. The port should be annotated with the type of protocol used by the port.

func (Port) Match 

func (port Port) Match(portSelector *networking.PortSelector) bool

Match returns true if port matches with port selector criteria.

type PortList 

type PortList []*Port

PortList is a set of ports

func (PortList) Get 

func (ports PortList) Get(name string) (*Port, bool)

Get retrieves a port declaration by name

func (PortList) GetByPort 

func (ports PortList) GetByPort(num int) (*Port, bool)

GetByPort retrieves a port declaration by port value

func (PortList) GetNames 

func (ports PortList) GetNames() []string

GetNames returns port names

type ProtoSchema 

type ProtoSchema struct {
	// Type is the config proto type.
	Type string

	// Plural is the type in plural.
	Plural string

	// Group is the config proto group.
	Group string

	// Version is the config proto version.
	Version string

	// MessageName refers to the protobuf message type name corresponding to the type
	MessageName string

	// Validate configuration as a protobuf message assuming the object is an
	// instance of the expected message type
	Validate func(config proto.Message) error
}

ProtoSchema provides description of the configuration schema and its key function

func (*ProtoSchema) FromJSON 

func (ps *ProtoSchema) FromJSON(js string) (proto.Message, error)

FromJSON converts a canonical JSON to a proto message

func (*ProtoSchema) FromJSONMap 

func (ps *ProtoSchema) FromJSONMap(data interface{}) (proto.Message, error)

FromJSONMap converts from a generic map to a proto message using canonical JSON encoding JSON encoding is specified here: https://developers.google.com/protocol-buffers/docs/proto3#json

func (*ProtoSchema) FromYAML 

func (ps *ProtoSchema) FromYAML(yml string) (proto.Message, error)

FromYAML converts a canonical YAML to a proto message

func (*ProtoSchema) Make 

func (ps *ProtoSchema) Make() (proto.Message, error)

Make creates a new instance of the proto message

type Protocol 

type Protocol string

Protocol defines network protocols for ports 

const (
	// ProtocolGRPC declares that the port carries gRPC traffic
	ProtocolGRPC Protocol = "GRPC"
	// ProtocolHTTPS declares that the port carries HTTPS traffic
	ProtocolHTTPS Protocol = "HTTPS"
	// ProtocolHTTP2 declares that the port carries HTTP/2 traffic
	ProtocolHTTP2 Protocol = "HTTP2"
	// ProtocolHTTP declares that the port carries HTTP/1.1 traffic.
	// Note that HTTP/1.0 or earlier may not be supported by the proxy.
	ProtocolHTTP Protocol = "HTTP"
	// ProtocolTCP declares the the port uses TCP.
	// This is the default protocol for a service port.
	ProtocolTCP Protocol = "TCP"
	// ProtocolUDP declares that the port uses UDP.
	// Note that UDP protocol is not currently supported by the proxy.
	ProtocolUDP Protocol = "UDP"
	// ProtocolMongo declares that the port carries mongoDB traffic
	ProtocolMongo Protocol = "Mongo"
	// ProtocolRedis declares that the port carries redis traffic
	ProtocolRedis Protocol = "Redis"
	// ProtocolUnsupported - value to signify that the protocol is unsupported
	ProtocolUnsupported Protocol = "UnsupportedProtocol"
)

func ConvertCaseInsensitiveStringToProtocol 

func ConvertCaseInsensitiveStringToProtocol(protocolAsString string) Protocol

ConvertCaseInsensitiveStringToProtocol converts a case-insensitive protocol to Protocol

func (Protocol) IsHTTP 

func (p Protocol) IsHTTP() bool

IsHTTP is true for protocols that use HTTP as transport protocol

type Proxy 

type Proxy struct {
	// Type specifies the node type
	Type NodeType

	// IPAddress is the IP address of the proxy used to identify it and its
	// co-located service instances. Example: "10.60.1.6"
	IPAddress string

	// ID is the unique platform-specific sidecar proxy ID
	ID string

	// Domain defines the DNS domain suffix for short hostnames (e.g.
	// "default.svc.cluster.local")
	Domain string
}

Proxy defines the proxy attributes used by xDS identification

func ParseServiceNode 

func ParseServiceNode(s string) (Proxy, error)

ParseServiceNode is the inverse of service node function

func (Proxy) ServiceNode 

func (node Proxy) ServiceNode() string

ServiceNode encodes the proxy node attributes into a URI-acceptable string

type Service 

type Service struct {
	// Hostname of the service, e.g. "catalog.mystore.com"
	Hostname string `json:"hostname"`

	// Address specifies the service IPv4 address of the load balancer
	Address string `json:"address,omitempty"`

	// Ports is the set of network ports where the service is listening for
	// connections
	Ports PortList `json:"ports,omitempty"`

	// ExternalName is only set for external services and holds the external
	// service DNS name.  External services are name-based solution to represent
	// external service instances as a service inside the cluster.
	ExternalName string `json:"external"`

	// ServiceAccounts specifies the service accounts that run the service.
	ServiceAccounts []string `json:"serviceaccounts,omitempty"`

	// LoadBalancingDisabled indicates that no load balancing should be done for this service.
	LoadBalancingDisabled bool `json:"-"`
}

Service describes an Istio service (e.g., catalog.mystore.com:8080) Each service has a fully qualified domain name (FQDN) and one or more ports where the service is listening for connections. *Optionally*, a service can have a single load balancer/virtual IP address associated with it, such that the DNS queries for the FQDN resolves to the virtual IP address (a load balancer IP).

E.g., in kubernetes, a service foo is associated with foo.default.svc.cluster.local hostname, has a virtual IP of 10.0.1.1 and listens on ports 80, 8080

func (*Service) External 

func (s *Service) External() bool

External predicate checks whether the service is external

func (*Service) Key 

func (s *Service) Key(port *Port, labels Labels) string

Key generates a unique string referencing service instances for a given port and labels. The separator character must be exclusive to the regular expressions allowed in the service declaration.

func (*Service) Validate 

func (s *Service) Validate() error

Validate ensures that the service object is well-defined

type ServiceAccounts 

type ServiceAccounts interface {
	// GetIstioServiceAccounts returns a list of service accounts looked up from
	// the specified service hostname and ports.
	GetIstioServiceAccounts(hostname string, ports []string) []string
}

ServiceAccounts exposes Istio service accounts

type ServiceDiscovery 

type ServiceDiscovery interface {
	// Services list declarations of all services in the system
	Services() ([]*Service, error)

	// GetService retrieves a service by host name if it exists
	GetService(hostname string) (*Service, error)

	// Instances retrieves instances for a service and its ports that match
	// any of the supplied labels. All instances match an empty tag list.
	//
	// For example, consider the example of catalog.mystore.com as described in NetworkEndpoints
	// Instances(catalog.myservice.com, 80) ->
	//      --> NetworkEndpoint(172.16.0.1:8888), Service(catalog.myservice.com), Labels(foo=bar)
	//      --> NetworkEndpoint(172.16.0.2:8888), Service(catalog.myservice.com), Labels(foo=bar)
	//      --> NetworkEndpoint(172.16.0.3:8888), Service(catalog.myservice.com), Labels(kitty=cat)
	//      --> NetworkEndpoint(172.16.0.4:8888), Service(catalog.myservice.com), Labels(kitty=cat)
	//
	// Calling Instances with specific labels returns a trimmed list.
	// e.g., Instances(catalog.myservice.com, 80, foo=bar) ->
	//      --> NetworkEndpoint(172.16.0.1:8888), Service(catalog.myservice.com), Labels(foo=bar)
	//      --> NetworkEndpoint(172.16.0.2:8888), Service(catalog.myservice.com), Labels(foo=bar)
	//
	// Similar concepts apply for calling this function with a specific
	// port, hostname and labels.
	Instances(hostname string, ports []string, labels LabelsCollection) ([]*ServiceInstance, error)

	// GetProxyServiceInstances returns the service instances that co-located with a given Proxy
	//
	// Co-located generally means running in the same network namespace and security context.
	//
	// A Proxy operating as a Sidecar will return a non-empty slice.  A stand-alone Proxy
	// will return an empty slice.
	//
	// There are two reasons why this returns multiple ServiceInstances instead of one:
	// - A ServiceInstance has a single NetworkEndpoint which has a single Port.  But a Service
	//   may have many ports.  So a workload implementing such a Service would need
	//   multiple ServiceInstances, one for each port.
	// - A single workload may implement multiple logical Services.
	//
	// In the second case, multiple services may be implemented by the same physical port number,
	// though with a different ServicePort and NetworkEndpoint for each.  If any of these overlapping
	// services are not HTTP or H2-based, behavior is undefined, since the listener may not be able to
	// determine the intended destination of a connection without a Host header on the request.
	GetProxyServiceInstances(Proxy) ([]*ServiceInstance, error)

	// ManagementPorts lists set of management ports associated with an IPv4 address.
	// These management ports are typically used by the platform for out of band management
	// tasks such as health checks, etc. In a scenario where the proxy functions in the
	// transparent mode (traps all traffic to and from the service instance IP address),
	// the configuration generated for the proxy will not manipulate traffic destined for
	// the management ports
	ManagementPorts(addr string) PortList
}

ServiceDiscovery enumerates Istio service instances.

type ServiceInstance 

type ServiceInstance struct {
	Endpoint         NetworkEndpoint `json:"endpoint,omitempty"`
	Service          *Service        `json:"service,omitempty"`
	Labels           Labels          `json:"labels,omitempty"`
	AvailabilityZone string          `json:"az,omitempty"`
	ServiceAccount   string          `json:"serviceaccount,omitempty"`
}

ServiceInstance represents an individual instance of a specific version of a service. It binds a network endpoint (ip:port), the service description (which is oblivious to various versions) and a set of labels that describe the service version associated with this instance.

Since a ServiceInstance has a single NetworkEndpoint, which has a single port, multiple ServiceInstances are required to represent a workload that listens on multiple ports.

The labels associated with a service instance are unique per a network endpoint. There is one well defined set of labels for each service instance network endpoint.

For example, the set of service instances associated with catalog.mystore.com are modeled like this 

--> NetworkEndpoint(172.16.0.1:8888), Service(catalog.myservice.com), Labels(foo=bar)
--> NetworkEndpoint(172.16.0.2:8888), Service(catalog.myservice.com), Labels(foo=bar)
--> NetworkEndpoint(172.16.0.3:8888), Service(catalog.myservice.com), Labels(kitty=cat)
--> NetworkEndpoint(172.16.0.4:8888), Service(catalog.myservice.com), Labels(kitty=cat)

func (*ServiceInstance) Validate 

func (instance *ServiceInstance) Validate() error

Validate ensures that the service instance is well-defined

Source Files

View all Source files

Directories

Path Synopsis
Package test is a generated protocol buffer package.
 Package test is a generated protocol buffer package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.