envoy

package

v0.0.0-...-4b75dde Latest Latest Go to latest Published: Sep 15, 2023 License: Apache-2.0 Imports: 327 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

Documentation ¶

Overview ¶

Package envoy implements utility routines related to Envoy proxy, and models an instance of a proxy to be able to generate XDS configurations for it.

Index ¶

Constants
Variables
func GetADSConfigSource() *xds_core.ConfigSource
func GetAddress(address string, port uint32) *xds_core.Address
func GetCIDRRangeFromStr(cidr string) (*xds_core.CidrRange, error)
func GetDownstreamTLSContext(upstreamIdentity identity.ServiceIdentity, mTLS bool, ...) *xds_auth.DownstreamTlsContext
func GetTLSParams(sidecarSpec configv1alpha2.SidecarSpec) *xds_auth.TlsParameters
func GetUpstreamTLSContext(downstreamIdentity identity.ServiceIdentity, upstreamSvc service.MeshService, ...) *xds_auth.UpstreamTlsContext
func IsWildcardTypeURI(t TypeURI) bool
type TypeURI
- func (t TypeURI) Short() string
- func (t TypeURI) String() string

Constants ¶

View Source

const (
	// HTTP filters
	// TODO: once https://github.com/envoyproxy/go-control-plane/issues/588, we can use any name we want.
	HTTPConnectionManagerFilterName = wellknown.HTTPConnectionManager
	HTTPRouterFilterName            = "http_router"
	HTTPLuaFilterName               = "http_lua"

	HTTPExtAuthzFilterName    = "http_external_authz"
	HTTPHealthCheckFilterName = "http_health_check"

	// The HTTP typed filters referenced in the RDS configuration still need to
	// use wellknown names. These filters are configured as a map where the key is
	// the filter name and value is the marshalled filter config.
	// See https://github.com/envoyproxy/envoy/issues/21759#issuecomment-1163570994
	HTTPRBACFilterName            = "envoy.filters.http.rbac"
	HTTPLocalRateLimitFilterName  = "envoy.filters.http.local_ratelimit"
	HTTPGlobalRateLimitFilterName = "envoy.filters.http.ratelimit"

	// Network (L4) filters
	TCPProxyFilterName          = "tcp_proxy"
	L4LocalRateLimitFilterName  = "l4_local_rate_limit"
	L4GlobalRateLimitFilterName = "l4_global_rate_limit"
	L4RBACFilterName            = "l4_rbac"

	// Listener filters
	OriginalDstFilterName   = "original_dst"
	TLSInspectorFilterName  = "tls_inspector"
	HTTPInspectorFilterName = "http_inspector"
)

Filter names - can be any name (not used by Envoy to determine the filter to use) *Note: HTTP typed filters referenced in RDS require a wellknown name

View Source

const (
	HTTPRouterFilterTypeURL    = "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
	HTTPRBACFilterTypeURL      = "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC"
	OriginalDstFilterTypeURL   = "type.googleapis.com/envoy.extensions.filters.listener.original_dst.v3.OriginalDst"
	TLSInspectorFilterTypeURL  = "type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector"
	HTTPInspectorFilterTypeURL = "type.googleapis.com/envoy.extensions.filters.listener.http_inspector.v3.HttpInspector"
)

Filter TypeURLs - used by Envoy to determine the filter to use

View Source

const (
	// EnvoyActiveHealthCheckPath is the HTTP endpoint to be used to receive
	// active health checks.
	EnvoyActiveHealthCheckPath = "/healthz/osm"

	// EnvoyActiveHealthCheckHeaderKey is the HTTP header key used to identify
	// active health check traffic.
	EnvoyActiveHealthCheckHeaderKey = "x-osm-envoy-healthcheck"
)

View Source

const (
	// TransportProtocolTLS is the TLS transport protocol used in Envoy configurations
	TransportProtocolTLS = "tls"

	// OutboundPassthroughCluster is the outbound passthrough cluster name
	OutboundPassthroughCluster = "passthrough-outbound"

	// StreamAccessLoggerName is name used for the envoy stream access logger
	StreamAccessLoggerName = "envoy.access_loggers.stream"
)

Variables ¶

View Source

var ALPNInMesh = []string{"osm"}

ALPNInMesh indicates that the proxy is connecting to an in-mesh destination. It is set as a part of configuring the UpstreamTLSContext.

View Source

var ValidURI = map[string]TypeURI{
	string(TypeEmptyURI):           TypeEmptyURI,
	string(TypeSDS):                TypeSDS,
	string(TypeCDS):                TypeCDS,
	string(TypeLDS):                TypeLDS,
	string(TypeRDS):                TypeRDS,
	string(TypeEDS):                TypeEDS,
	string(TypeUpstreamTLSContext): TypeUpstreamTLSContext,
	string(TypeZipkinConfig):       TypeZipkinConfig,
}

ValidURI defines valid URIs

View Source

var (
	// XDSResponseOrder is the order in which we send xDS responses: CDS, EDS, LDS, RDS
	// See: https://github.com/envoyproxy/go-control-plane/issues/59
	XDSResponseOrder = []TypeURI{TypeCDS, TypeEDS, TypeLDS, TypeRDS, TypeSDS}
)

View Source

var XDSShortURINames = map[TypeURI]string{
	TypeEmptyURI: "EmptyURI",
	TypeSDS:      "SDS",
	TypeCDS:      "CDS",
	TypeLDS:      "LDS",
	TypeRDS:      "RDS",
	TypeEDS:      "EDS",
}

XDSShortURINames are shortened versions of the URI types

Functions ¶

func GetADSConfigSource ¶

func GetADSConfigSource() *xds_core.ConfigSource

GetADSConfigSource creates an Envoy ConfigSource struct.

func GetAddress ¶

func GetAddress(address string, port uint32) *xds_core.Address

GetAddress creates an Envoy Address struct.

func GetCIDRRangeFromStr ¶

func GetCIDRRangeFromStr(cidr string) (*xds_core.CidrRange, error)

GetCIDRRangeFromStr converts the given CIDR as a string to an XDS CidrRange object

func GetDownstreamTLSContext ¶

func GetDownstreamTLSContext(upstreamIdentity identity.ServiceIdentity, mTLS bool, sidecarSpec configv1alpha2.SidecarSpec) *xds_auth.DownstreamTlsContext

GetDownstreamTLSContext creates a downstream Envoy TLS Context to be configured on the upstream for the given upstream's identity Note: ServiceIdentity must be in the format "name.namespace" [https://github.com/kpbaseten/bookstore/issues/3188]

func GetTLSParams ¶

func GetTLSParams(sidecarSpec configv1alpha2.SidecarSpec) *xds_auth.TlsParameters

GetTLSParams creates Envoy TlsParameters struct.

func GetUpstreamTLSContext ¶

func GetUpstreamTLSContext(downstreamIdentity identity.ServiceIdentity, upstreamSvc service.MeshService, sidecarSpec configv1alpha2.SidecarSpec) *xds_auth.UpstreamTlsContext

GetUpstreamTLSContext creates an upstream Envoy TLS Context for the given downstream identity and upstream service pair Note: ServiceIdentity must be in the format "name.namespace" [https://github.com/kpbaseten/bookstore/issues/3188]

func IsWildcardTypeURI ¶

func IsWildcardTypeURI(t TypeURI) bool

IsWildcardTypeURI returns if a given TypeURI is an expected wildcard TypeURI or not. XDS proto defines general client behavior as: "Envoy will always use wildcard subscriptions for Listener and Cluster resources" https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol#client-behavior

Types ¶

type TypeURI ¶

type TypeURI string

TypeURI is a string describing the Envoy xDS payload.

const (
	// TypeEmptyURI is an Empty URI type representation
	TypeEmptyURI TypeURI = ""

	// TypeSDS is the SDS type URI.
	TypeSDS TypeURI = "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret"

	// TypeCDS is the CDS type URI.
	TypeCDS TypeURI = "type.googleapis.com/envoy.config.cluster.v3.Cluster"

	// TypeLDS is the LDS type URI.
	TypeLDS TypeURI = "type.googleapis.com/envoy.config.listener.v3.Listener"

	// TypeRDS is the RDS type URI.
	TypeRDS TypeURI = "type.googleapis.com/envoy.config.route.v3.RouteConfiguration"

	// TypeEDS is the EDS type URI.
	TypeEDS TypeURI = "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment"

	// TypeUpstreamTLSContext is an Envoy type URI.
	TypeUpstreamTLSContext TypeURI = "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext"

	// TypeZipkinConfig is an Envoy type URI.
	TypeZipkinConfig TypeURI = "type.googleapis.com/envoy.config.trace.v3.ZipkinConfig"

	// TypeADS is not actually used by Envoy - but useful within OSM for logging
	TypeADS TypeURI = "ADS"
)

Envoy TypeURIs

func (TypeURI) Short ¶

func (t TypeURI) Short() string

Short returns an abbreviated version of the TypeURI, which is easier to spot in logs and metrics.

func (TypeURI) String ¶

func (t TypeURI) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
bootstrap Package bootstrap implements functionality related to Envoy's bootstrap config.	Package bootstrap implements functionality related to Envoy's bootstrap config.
test Package test implements utility routes to test the functionality provided by the injector package.	Package test implements utility routes to test the functionality provided by the injector package.
generator
cds Package cds implements Envoy's Cluster Discovery Service (CDS).	Package cds implements Envoy's Cluster Discovery Service (CDS).
eds Package eds implements Envoy's Endpoint Discovery Service (EDS).	Package eds implements Envoy's Endpoint Discovery Service (EDS).
lds Package lds implements Envoy's Listener Discovery Service (LDS).	Package lds implements Envoy's Listener Discovery Service (LDS).
rds Package rds implements Envoy's Route Discovery Service (RDS).	Package rds implements Envoy's Route Discovery Service (RDS).
sds
rbac
registry
secrets
server Package server implements Envoy's Aggregated Discovery Service (ADS).	Package server implements Envoy's Aggregated Discovery Service (ADS).

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL