Documentation
¶
Index ¶
- Constants
- Variables
- func GetADSConfigSource() *xds_core.ConfigSource
- func GetAccessLog() []*xds_accesslog_filter.AccessLog
- func GetAddress(address string, port uint32) *xds_core.Address
- func GetDownstreamTLSContext(serviceName service.MeshService, mTLS bool) *xds_auth.DownstreamTlsContext
- func GetTLSParams() *xds_auth.TlsParameters
- func GetUpstreamTLSContext(serviceName service.MeshService, sni string) *xds_auth.UpstreamTlsContext
- func MessageToAny(pb proto.Message) (*any.Any, error)
- type Proxy
- func (p Proxy) GetAnnouncementsChannel() chan interface{}
- func (p Proxy) GetCommonName() certificate.CommonName
- func (p Proxy) GetConnectedAt() time.Time
- func (p Proxy) GetIP() net.Addr
- func (p Proxy) GetLastAppliedVersion(typeURI TypeURI) uint64
- func (p *Proxy) GetLastSentNonce(typeURI TypeURI) string
- func (p Proxy) GetLastSentVersion(typeURI TypeURI) uint64
- func (p *Proxy) IncrementLastSentVersion(typeURI TypeURI) uint64
- func (p *Proxy) SetLastAppliedVersion(typeURI TypeURI, version uint64)
- func (p *Proxy) SetLastSentVersion(typeURI TypeURI, ver uint64)
- func (p *Proxy) SetNewNonce(typeURI TypeURI) string
- func (p Proxy) String() string
- type SDSCert
- type SDSCertType
- type SDSDirection
- type TypeURI
Constants ¶
const ( // ServiceCertType is the prefix for the service certificate resource name. Example: "service-cert:webservice" ServiceCertType SDSCertType = "service-cert" // RootCertTypeForMTLSOutbound is the prefix for the mTLS root certificate resource name for upstream connectivity. Example: "root-cert-for-mtls-outbound:webservice" RootCertTypeForMTLSOutbound SDSCertType = "root-cert-for-mtls-outbound" // RootCertTypeForMTLSInbound is the prefix for the mTLS root certificate resource name for downstream connectivity. Example: "root-cert-for-mtls-inbound:webservice" RootCertTypeForMTLSInbound SDSCertType = "root-cert-for-mtls-inbound" // RootCertTypeForHTTPS is the prefix for the HTTPS root certificate resource name. Example: "root-cert-https:webservice" RootCertTypeForHTTPS SDSCertType = "root-cert-https" // Outbound refers to Envoy upstream connectivity direction for TLS certs Outbound SDSDirection = true // Inbound refers to Envoy downstream connectivity direction for TLS certs Inbound SDSDirection = false // Separator is the separator between the prefix and the name of the certificate. Separator = ":" // TransportProtocolTLS is the TLS transport protocol used in Envoy configurations TransportProtocolTLS = "tls" // OutboundPassthroughCluster is the outbound passthrough cluster name OutboundPassthroughCluster = "passthrough-outbound" )
Variables ¶
var ALPNInMesh = []string{"osm"}
ALPNInMesh indicates that the proxy is connecting to an in-mesh destination. It is set as a part of configuring the UpstreamTLSContext.
var ValidURI = map[string]TypeURI{ string(TypeSDS): TypeSDS, string(TypeCDS): TypeCDS, string(TypeLDS): TypeLDS, string(TypeRDS): TypeRDS, string(TypeEDS): TypeEDS, string(TypeUpstreamTLSContext): TypeUpstreamTLSContext, string(TypeZipkinConfig): TypeZipkinConfig, }
ValidURI defines valid URIs
var ( // XDSResponseOrder is the order in which we send xDS responses: CDS, EDS, LDS, RDS // See: https://github.com/envoyproxy/go-control-plane/issues/59 XDSResponseOrder = []TypeURI{TypeCDS, TypeEDS, TypeLDS, TypeRDS, TypeSDS} )
Functions ¶
func GetADSConfigSource ¶
func GetADSConfigSource() *xds_core.ConfigSource
GetADSConfigSource creates an Envoy ConfigSource struct.
func GetAccessLog ¶
func GetAccessLog() []*xds_accesslog_filter.AccessLog
GetAccessLog creates an Envoy AccessLog struct.
func GetAddress ¶
GetAddress creates an Envoy Address struct.
func GetDownstreamTLSContext ¶
func GetDownstreamTLSContext(serviceName service.MeshService, mTLS bool) *xds_auth.DownstreamTlsContext
GetDownstreamTLSContext creates a downstream Envoy TLS Context
func GetTLSParams ¶
func GetTLSParams() *xds_auth.TlsParameters
GetTLSParams creates Envoy TlsParameters struct.
func GetUpstreamTLSContext ¶
func GetUpstreamTLSContext(serviceName service.MeshService, sni string) *xds_auth.UpstreamTlsContext
GetUpstreamTLSContext creates an upstream Envoy TLS Context
Types ¶
type Proxy ¶
type Proxy struct {
certificate.CommonName
net.Addr
// contains filtered or unexported fields
}
Proxy is a representation of an Envoy proxy connected to the xDS server. This should at some point have a 1:1 match to an Endpoint (which is a member of a meshed service).
func NewProxy ¶
func NewProxy(cn certificate.CommonName, ip net.Addr) *Proxy
NewProxy creates a new instance of an Envoy proxy connected to the xDS servers.
func (Proxy) GetAnnouncementsChannel ¶
func (p Proxy) GetAnnouncementsChannel() chan interface{}
GetAnnouncementsChannel returns the announcement channel for the given Envoy proxy.
func (Proxy) GetCommonName ¶
func (p Proxy) GetCommonName() certificate.CommonName
GetCommonName returns the Subject Common Name from the mTLS certificate of the Envoy proxy connected to xDS.
func (Proxy) GetConnectedAt ¶
GetConnectedAt returns the timestamp of when the given proxy connected to the control plane.
func (Proxy) GetLastAppliedVersion ¶
GetLastAppliedVersion returns the last version successfully applied to the given Envoy proxy.
func (*Proxy) GetLastSentNonce ¶
GetLastSentNonce returns last sent nonce.
func (Proxy) GetLastSentVersion ¶
GetLastSentVersion returns the last sent version.
func (*Proxy) IncrementLastSentVersion ¶
IncrementLastSentVersion increments last sent version.
func (*Proxy) SetLastAppliedVersion ¶
SetLastAppliedVersion records the version of the given Envoy proxy that was last acknowledged.
func (*Proxy) SetLastSentVersion ¶
SetLastSentVersion records the version of the given config last sent to the proxy.
func (*Proxy) SetNewNonce ¶
SetNewNonce sets and returns a new nonce.
type SDSCert ¶
type SDSCert struct {
// MeshService is a service within the mesh
MeshService service.MeshService
// CertType is the certificate type
CertType SDSCertType
}
SDSCert is only used to interface the naming and related functions to Marshal/Unmarshal a resource name, this avoids having sprintf/parsing logic all over the place
func UnmarshalSDSCert ¶
UnmarshalSDSCert parses and returns Certificate type and a service given a correctly formatted string, otherwise returns error
type SDSCertType ¶
type SDSCertType string
SDSCertType is a type of a certificate requested by an Envoy proxy via SDS.
func (SDSCertType) String ¶
func (ct SDSCertType) String() string
type SDSDirection ¶
type SDSDirection bool
SDSDirection is a type to identify TLS certificate connectivity direction.
type TypeURI ¶
type TypeURI string
TypeURI is a string describing the Envoy xDS payload.
const ( // TypeSDS is the SDS type URI. TypeSDS TypeURI = "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret" // TypeCDS is the CDS type URI. TypeCDS TypeURI = "type.googleapis.com/envoy.config.cluster.v3.Cluster" // TypeLDS is the LDS type URI. TypeLDS TypeURI = "type.googleapis.com/envoy.config.listener.v3.Listener" // TypeRDS is the RDS type URI. TypeRDS TypeURI = "type.googleapis.com/envoy.config.route.v3.RouteConfiguration" // TypeEDS is the EDS type URI. TypeEDS TypeURI = "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment" // TypeUpstreamTLSContext is an Envoy type URI. TypeUpstreamTLSContext TypeURI = "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext" // TypeZipkinConfig is an Envoy type URI. TypeZipkinConfig TypeURI = "type.googleapis.com/envoy.config.trace.v3.ZipkinConfig" //LocalClusterSuffix is the tag to append to local clusters LocalClusterSuffix = "-local" )
Source Files
Directories