Documentation ¶
Index ¶
- func InferServiceProtocol(endpoints []core_xds.Endpoint) mesh_core.Protocol
- type CompositeResourceGenerator
- type DirectAccessProxyGenerator
- type Endpoint
- type Endpoints
- type InboundProxyGenerator
- type OutboundProxyGenerator
- type PrometheusEndpointGenerator
- type ProxyTemplateGenerator
- type ProxyTemplateProfileSource
- type ProxyTemplateRawSource
- type ResourceGenerator
- type TransparentProxyGenerator
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CompositeResourceGenerator ¶
type CompositeResourceGenerator []ResourceGenerator
func (CompositeResourceGenerator) Generate ¶
func (c CompositeResourceGenerator) Generate(ctx xds_context.Context, proxy *model.Proxy) ([]*model.Resource, error)
type DirectAccessProxyGenerator ¶
type DirectAccessProxyGenerator struct { }
Transparent Proxy is based on having 1 IP for cluster (ex. ClusterIP of Service on K8S), so consuming apps by their IP is unknown destination from Envoy perspective. Therefore such request will go trough pass_trough cluster and won't be encrypted by mTLS. This generates listener for every IP and redirect traffic trough "direct_access" cluster which is configured to encrypt connections. Generating listener for every endpoint will cause XDS snapshot to be large therefore it should be used only if really needed.
Second approach to consider was to use FilterChainMatch on catch_all listener with list of all direct access endpoints instead of generating outbound listener, but it seemed to not work with Listener#UseOriginalDst
func (DirectAccessProxyGenerator) Generate ¶
func (_ DirectAccessProxyGenerator) Generate(ctx xds_context.Context, proxy *core_xds.Proxy) ([]*core_xds.Resource, error)
type InboundProxyGenerator ¶
type InboundProxyGenerator struct { }
func (InboundProxyGenerator) Generate ¶
func (g InboundProxyGenerator) Generate(ctx xds_context.Context, proxy *model.Proxy) ([]*model.Resource, error)
type OutboundProxyGenerator ¶
type OutboundProxyGenerator struct { }
func (OutboundProxyGenerator) Generate ¶
func (g OutboundProxyGenerator) Generate(ctx xds_context.Context, proxy *model.Proxy) ([]*model.Resource, error)
type PrometheusEndpointGenerator ¶
type PrometheusEndpointGenerator struct { }
PrometheusEndpointGenerator generates an inbound Envoy listener that forwards HTTP requests into the `/stats/prometheus` endpoint of the Envoy Admin API.
When generating such a listener, it's important not to overshadow a port that is already in use by the application or other Envoy listeners. In the latter case we prefer not generate Prometheus endpoint at all rather than introduce undeterministic behaviour.
func (PrometheusEndpointGenerator) Generate ¶
func (g PrometheusEndpointGenerator) Generate(ctx xds_context.Context, proxy *core_xds.Proxy) ([]*core_xds.Resource, error)
type ProxyTemplateGenerator ¶
type ProxyTemplateGenerator struct {
ProxyTemplate *kuma_mesh.ProxyTemplate
}
func (*ProxyTemplateGenerator) Generate ¶
func (g *ProxyTemplateGenerator) Generate(ctx xds_context.Context, proxy *model.Proxy) ([]*model.Resource, error)
type ProxyTemplateProfileSource ¶
type ProxyTemplateProfileSource struct {
ProfileName string
}
func (*ProxyTemplateProfileSource) Generate ¶
func (s *ProxyTemplateProfileSource) Generate(ctx xds_context.Context, proxy *model.Proxy) ([]*model.Resource, error)
type ProxyTemplateRawSource ¶
type ProxyTemplateRawSource struct {
Resources []*kuma_mesh.ProxyTemplateRawResource
}
func (*ProxyTemplateRawSource) Generate ¶
func (s *ProxyTemplateRawSource) Generate(_ xds_context.Context, proxy *model.Proxy) ([]*model.Resource, error)
type ResourceGenerator ¶
type ResourceGenerator interface {
Generate(xds_context.Context, *model.Proxy) ([]*model.Resource, error)
}
func NewDefaultProxyProfile ¶
func NewDefaultProxyProfile() ResourceGenerator
type TransparentProxyGenerator ¶
type TransparentProxyGenerator struct { }
func (TransparentProxyGenerator) Generate ¶
func (_ TransparentProxyGenerator) Generate(ctx xds_context.Context, proxy *model.Proxy) ([]*model.Resource, error)