Documentation ¶
Overview ¶
Package envoy contains APIs for translating between Contour objects and Envoy configuration APIs and types.
Index ¶
- Constants
- Variables
- func AltStatName(service *dag.Service) string
- func AnyPositive(first uint32, rest ...uint32) bool
- func Clustername(cluster *dag.Cluster) string
- func Hashname(l int, s ...string) string
- func HostReplaceHeader(hp *dag.HeadersPolicy) string
- func Secretname(s *dag.Secret) string
- func SingleSimpleCluster(clusters []*dag.Cluster) bool
- func Timeout(d timeout.Setting) *duration.Duration
- func WriteConfig(filename string, config proto.Message) (err error)
- type BootstrapConfig
Constants ¶
const ( // Default healthcheck / lb algorithm values HCTimeout = 2 * time.Second HCInterval = 10 * time.Second HCUnhealthyThreshold = 3 HCHealthyThreshold = 2 HCHost = "contour-envoy-healthcheck" )
const ( TCP_KEEPIDLE = 0x4 // Linux syscall.TCP_KEEPIDLE TCP_KEEPINTVL = 0x5 // Linux syscall.TCP_KEEPINTVL TCP_KEEPCNT = 0x6 // Linux syscall.TCP_KEEPCNT // The following are Linux syscall constants for all // architectures except MIPS. SOL_SOCKET = 0x1 SO_KEEPALIVE = 0x9 // IPPROTO_TCP has the same value across Go platforms, but // is defined here for consistency. IPPROTO_TCP = syscall.IPPROTO_TCP )
We only support Envoy on Linux so always configure Linux TCP keep-alive socket options regardless of the platform that Contour is running on.
const SDSResourcesSubdirectory = "sds"
SDSResourcesSubdirectory stores the subdirectory name where SDS path resources are stored to.
const SDSTLSCertificateFile = "xds-tls-certificate.json"
SDSTLSCertificateFile stores the path to the SDS resource with Envoy's client certificate and key for XDS gRPC connection.
const SDSValidationContextFile = "xds-validation-context.json"
SDSValidationContextFile stores the path to the SDS resource with CA certificates for Envoy to use for the XDS gRPC connection.
Variables ¶
var ( // Ciphers contains the list of default ciphers used by Contour. A handful are // commented out, as they're arguably less secure. They're also unnecessary // - most of the clients that might need to use the commented ciphers are // unable to connect without TLS 1.0, which contour never enables. // // This list is ignored if the client and server negotiate TLS 1.3. // // The commented ciphers are left in place to simplify updating this list for future // versions of envoy. Ciphers = []string{ "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]", "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]", "ECDHE-ECDSA-AES128-SHA", "ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-ECDSA-AES256-SHA", } )
Functions ¶
func AltStatName ¶ added in v1.9.0
AltStatName generates an alternative stat name for the service using format ns_name_port
func AnyPositive ¶ added in v1.9.0
AnyPositive indicates if any of the values provided are greater than zero.
func Clustername ¶ added in v0.7.0
Clustername returns the name of the CDS cluster for this service.
func Hashname ¶ added in v1.9.0
Hashname takes a length l and a varargs of strings s and returns a string whose length which does not exceed l. Internally s is joined with strings.Join(s, "/"). If the combined length exceeds l then hashname truncates each element in s, starting from the end using a hash derived from the contents of s (not the current element). This process continues until the length of s does not exceed l, or all elements have been truncated. In which case, the entire string is replaced with a hash not exceeding the length of l.
func HostReplaceHeader ¶ added in v1.9.0
func HostReplaceHeader(hp *dag.HeadersPolicy) string
func Secretname ¶ added in v1.0.0
Secretname returns the name of the SDS secret for this secret.
func SingleSimpleCluster ¶ added in v1.9.0
SingleSimpleCluster determines whether we can use a RouteAction_Cluster or must use a RouteAction_WeighedCluster to encode additional routing data.
func Timeout ¶ added in v1.9.0
Timeout converts a timeout.Setting to a protobuf.Duration that's appropriate for Envoy. In general (though there are exceptions), Envoy uses the following semantics:
- not passing a value means "use Envoy default"
- explicitly passing a 0 means "disable this timeout"
- passing a positive value uses that value
Types ¶
type BootstrapConfig ¶ added in v0.10.0
type BootstrapConfig struct { // AdminAccessLogPath is the path to write the access log for the administration server. // Defaults to /dev/null. AdminAccessLogPath string // AdminAddress is the TCP address that the administration server will listen on. // Defaults to 127.0.0.1. AdminAddress string // AdminPort is the port that the administration server will listen on. // Defaults to 9001. AdminPort int // XDSAddress is the TCP address of the gRPC XDS management server. // Defaults to 127.0.0.1. XDSAddress string // XDSGRPCPort is the management server port that provides the v3 gRPC API. // Defaults to 8001. XDSGRPCPort int // XDSResourceVersion defines the XDS Server Version to use. // Defaults to "v3" XDSResourceVersion config.ResourceVersion // Namespace is the namespace where Contour is running Namespace string // GrpcCABundle is the filename that contains a CA certificate chain that can // verify the client cert. GrpcCABundle string // GrpcClientCert is the filename that contains a client certificate. May contain a full bundle if you // don't want to pass a CA Bundle. GrpcClientCert string // GrpcClientKey is the filename that contains a client key for secure gRPC with TLS. GrpcClientKey string // Path is the filename for the bootstrap configuration file to be created. Path string // ResourcesDir is the directory where out of line Envoy resources can be placed. ResourcesDir string // SkipFilePathCheck specifies whether to skip checking whether files // referenced in the configuration actually exist. This option is for // testing only. SkipFilePathCheck bool }
BootstrapConfig holds configuration values for a Bootstrap configuration.
func (*BootstrapConfig) GetAdminAccessLogPath ¶ added in v1.9.0
func (c *BootstrapConfig) GetAdminAccessLogPath() string
func (*BootstrapConfig) GetAdminAddress ¶ added in v1.9.0
func (c *BootstrapConfig) GetAdminAddress() string
func (*BootstrapConfig) GetAdminPort ¶ added in v1.9.0
func (c *BootstrapConfig) GetAdminPort() int
func (*BootstrapConfig) GetXdsAddress ¶ added in v1.9.0
func (c *BootstrapConfig) GetXdsAddress() string
func (*BootstrapConfig) GetXdsGRPCPort ¶ added in v1.9.0
func (c *BootstrapConfig) GetXdsGRPCPort() int