Documentation ¶
Overview ¶
Copyright Istio Authors
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Constants
- Variables
- func AdsPushAll(s *DiscoveryServer)
- func ConfigAffectsProxy(req *model.PushRequest, proxy *model.Proxy) bool
- func ControlPlane() *core.ControlPlane
- func DefaultProxyNeedsPush(proxy *model.Proxy, req *model.PushRequest) bool
- func ResourceSize(r model.Resources) int
- func ValidateCertificate(data []byte) error
- type AdsClient
- type AdsClients
- type AdsTest
- func (a *AdsTest) Cleanup()
- func (a *AdsTest) DrainResponses()
- func (a *AdsTest) ExpectError(t test.Failer) error
- func (a *AdsTest) ExpectNoResponse(t test.Failer)
- func (a *AdsTest) ExpectResponse(t test.Failer) *discovery.DiscoveryResponse
- func (a *AdsTest) Request(t test.Failer, req *discovery.DiscoveryRequest)
- func (a *AdsTest) RequestResponseAck(t test.Failer, req *discovery.DiscoveryRequest) *discovery.DiscoveryResponse
- func (a *AdsTest) RequestResponseNack(t test.Failer, req *discovery.DiscoveryRequest) *discovery.DiscoveryResponse
- func (a *AdsTest) WithID(id string) *AdsTest
- func (a *AdsTest) WithMetadata(m model.NodeMetadata) *AdsTest
- func (a *AdsTest) WithTimeout(t time.Duration) *AdsTest
- func (a *AdsTest) WithType(typeURL string) *AdsTest
- type AuthorizationDebug
- type CdsGenerator
- func (c CdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
- func (c CdsGenerator) GenerateDeltas(proxy *model.Proxy, req *model.PushRequest, w *model.WatchedResource) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)
- type Connection
- func (conn *Connection) Close()
- func (conn *Connection) Clusters() []string
- func (conn *Connection) Initialize(node *core.Node) error
- func (conn *Connection) Process(req *discovery.DiscoveryRequest) error
- func (conn *Connection) Proxy() *model.Proxy
- func (conn *Connection) Push(ev any) error
- func (conn *Connection) Watcher() xds.Watcher
- func (conn *Connection) XdsConnection() *xds.Connection
- type DebounceOptions
- type DebugGen
- func (dg *DebugGen) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
- func (dg *DebugGen) GenerateDeltas(proxy *model.Proxy, req *model.PushRequest, w *model.WatchedResource) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)
- type DeltaAdsTest
- func (a *DeltaAdsTest) Cleanup()
- func (a *DeltaAdsTest) DrainResponses()
- func (a *DeltaAdsTest) ExpectEmptyResponse() *discovery.DeltaDiscoveryResponse
- func (a *DeltaAdsTest) ExpectError() error
- func (a *DeltaAdsTest) ExpectNoResponse()
- func (a *DeltaAdsTest) ExpectResponse() *discovery.DeltaDiscoveryResponse
- func (a *DeltaAdsTest) Request(req *discovery.DeltaDiscoveryRequest)
- func (a *DeltaAdsTest) RequestResponseAck(req *discovery.DeltaDiscoveryRequest) *discovery.DeltaDiscoveryResponse
- func (a *DeltaAdsTest) RequestResponseNack(req *discovery.DeltaDiscoveryRequest) *discovery.DeltaDiscoveryResponse
- func (a *DeltaAdsTest) WithID(id string) *DeltaAdsTest
- func (a *DeltaAdsTest) WithMetadata(m model.NodeMetadata) *DeltaAdsTest
- func (a *DeltaAdsTest) WithNodeType(t model.NodeType) *DeltaAdsTest
- func (a *DeltaAdsTest) WithTimeout(t time.Duration) *DeltaAdsTest
- func (a *DeltaAdsTest) WithType(typeURL string) *DeltaAdsTest
- type DeltaDiscoveryClient
- type DeltaDiscoveryStream
- type DiscoveryClient
- type DiscoveryServer
- func (s *DiscoveryServer) AddDebugHandlers(mux, internalMux *http.ServeMux, enableProfiling bool, ...)
- func (s *DiscoveryServer) AdsPushAll(req *model.PushRequest)
- func (s *DiscoveryServer) AllClients() []*Connection
- func (s *DiscoveryServer) CachesSynced()
- func (s *DiscoveryServer) Clients() []*Connection
- func (s *DiscoveryServer) ConfigDump(w http.ResponseWriter, req *http.Request)
- func (s *DiscoveryServer) ConfigUpdate(req *model.PushRequest)
- func (s *DiscoveryServer) Debug(w http.ResponseWriter, req *http.Request)
- func (s *DiscoveryServer) DebugEndpoints() []string
- func (s *DiscoveryServer) DeltaAggregatedResources(stream discovery.AggregatedDiscoveryService_DeltaAggregatedResourcesServer) error
- func (s *DiscoveryServer) EDSCacheUpdate(shard model.ShardKey, serviceName string, namespace string, ...)
- func (s *DiscoveryServer) EDSUpdate(shard model.ShardKey, serviceName string, namespace string, ...)
- func (s *DiscoveryServer) InitDebug(mux *http.ServeMux, enableProfiling bool, ...) *http.ServeMux
- func (s *DiscoveryServer) IsServerReady() bool
- func (s *DiscoveryServer) NextVersion() string
- func (s *DiscoveryServer) ProxyUpdate(clusterID cluster.ID, ip string)
- func (s *DiscoveryServer) Push(req *model.PushRequest)
- func (s *DiscoveryServer) Register(rpcs *grpc.Server)
- func (s *DiscoveryServer) RemoveShard(shardKey model.ShardKey)
- func (s *DiscoveryServer) Shutdown()
- func (s *DiscoveryServer) SortedClients() []*Connection
- func (s *DiscoveryServer) Start(stopCh <-chan struct{})
- func (s *DiscoveryServer) StartPush(req *model.PushRequest)
- func (s *DiscoveryServer) Stream(stream DiscoveryStream) error
- func (s *DiscoveryServer) StreamAggregatedResources(stream DiscoveryStream) error
- func (s *DiscoveryServer) StreamDeltas(stream DeltaDiscoveryStream) error
- func (s *DiscoveryServer) SvcUpdate(shard model.ShardKey, hostname string, namespace string, event model.Event)
- func (s *DiscoveryServer) Syncz(w http.ResponseWriter, req *http.Request)
- func (s *DiscoveryServer) WaitForRequestLimit(ctx context.Context) error
- type DiscoveryStream
- type EcdsGenerator
- func (e *EcdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
- func (e *EcdsGenerator) GeneratePullSecrets(proxy *model.Proxy, secretResources []SecretResource, ...) map[string][]byte
- func (e *EcdsGenerator) SetCredController(creds credscontroller.MulticlusterController)
- type EdsGenerator
- func (eds *EdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
- func (eds *EdsGenerator) GenerateDeltas(proxy *model.Proxy, req *model.PushRequest, w *model.WatchedResource) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)
- type Event
- type EventType
- type IstioControlPlaneInstance
- type LdsGenerator
- type NdsGenerator
- type PcdsGenerator
- type PushContextDebug
- type PushQueue
- type RdsGenerator
- type ResourceStatus
- type ResponseCapture
- type SecretGen
- type SecretResource
- type StatusGen
- func (sg *StatusGen) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
- func (sg *StatusGen) GenerateDeltas(proxy *model.Proxy, req *model.PushRequest, w *model.WatchedResource) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)
- type SyncStatus
- type SyncedVersions
- type TelemetryDebug
- type WorkloadGenerator
- func (e WorkloadGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
- func (e WorkloadGenerator) GenerateDeltas(proxy *model.Proxy, req *model.PushRequest, w *model.WatchedResource) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)
- type WorkloadRBACGenerator
- func (e WorkloadRBACGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
- func (e WorkloadRBACGenerator) GenerateDeltas(proxy *model.Proxy, req *model.PushRequest, w *model.WatchedResource) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)
Constants ¶
const ( TypeDebugPrefix = v3.DebugType + "/" // TypeDebugSyncronization requests Envoy CSDS for proxy sync status TypeDebugSyncronization = v3.DebugType + "/syncz" // TypeDebugConfigDump requests Envoy configuration for a proxy without creating one TypeDebugConfigDump = v3.DebugType + "/config_dump" )
Variables ¶
var AllTrackingEventTypes = sets.New[EventType]( v3.ClusterType, v3.ListenerType, v3.RouteType, v3.EndpointType, )
var KnownOrderedTypeUrls = sets.New(PushOrder...)
KnownOrderedTypeUrls has typeUrls for which we know the order of push.
var PushOrder = []string{ v3.ClusterType, v3.EndpointType, v3.ListenerType, v3.RouteType, v3.SecretType, v3.AddressType, v3.WorkloadType, v3.WorkloadAuthorizationType, }
PushOrder defines the order that updates will be pushed in. Any types not listed here will be pushed in random order after the types listed here
var UnAffectedConfigKinds = map[model.NodeType]sets.Set[kind.Kind]{ model.Router: sets.New(kind.Sidecar), model.SidecarProxy: sets.New(kind.Gateway, kind.KubernetesGateway), }
UnAffectedConfigKinds contains config types which does not affect certain proxy types.
Functions ¶
func AdsPushAll ¶
func AdsPushAll(s *DiscoveryServer)
AdsPushAll will send updates to all nodes, with a full push. Mainly used in Debug interface.
func ConfigAffectsProxy ¶
func ConfigAffectsProxy(req *model.PushRequest, proxy *model.Proxy) bool
ConfigAffectsProxy checks if a pushEv will affect a specified proxy. That means whether the push will be performed towards the proxy.
func ControlPlane ¶
func ControlPlane() *core.ControlPlane
ControlPlane identifies the instance and Istio version.
func DefaultProxyNeedsPush ¶
func DefaultProxyNeedsPush(proxy *model.Proxy, req *model.PushRequest) bool
DefaultProxyNeedsPush check if a proxy needs push for this push event.
func ResourceSize ¶
func ValidateCertificate ¶
Types ¶
type AdsClient ¶
type AdsClient struct { ConnectionID string `json:"connectionId"` ConnectedAt time.Time `json:"connectedAt"` PeerAddress string `json:"address"` Labels map[string]string `json:"labels,omitempty"` Metadata *model.NodeMetadata `json:"metadata,omitempty"` Locality *core.Locality `json:"locality,omitempty"` Watches map[string][]string `json:"watches,omitempty"` }
AdsClient defines the data that is displayed on "/adsz" endpoint.
type AdsClients ¶
type AdsClients struct { Total int `json:"totalClients"` Connected []AdsClient `json:"clients,omitempty"` }
AdsClients is collection of AdsClient connected to this Istiod.
type AdsTest ¶
func NewAdsTest ¶
func NewAdsTest(t test.Failer, conn *grpc.ClientConn) *AdsTest
func NewSdsTest ¶
func NewSdsTest(t test.Failer, conn *grpc.ClientConn) *AdsTest
func NewXdsTest ¶
func NewXdsTest(t test.Failer, conn *grpc.ClientConn, getClient func(conn *grpc.ClientConn) (DiscoveryClient, error)) *AdsTest
func (*AdsTest) DrainResponses ¶
func (a *AdsTest) DrainResponses()
DrainResponses reads all responses, but does nothing to them
func (*AdsTest) ExpectError ¶
ExpectError waits until an error is received and returns it
func (*AdsTest) ExpectNoResponse ¶
ExpectNoResponse waits a short period of time and ensures no response is received
func (*AdsTest) ExpectResponse ¶
func (a *AdsTest) ExpectResponse(t test.Failer) *discovery.DiscoveryResponse
ExpectResponse waits until a response is received and returns it
func (*AdsTest) RequestResponseAck ¶
func (a *AdsTest) RequestResponseAck(t test.Failer, req *discovery.DiscoveryRequest) *discovery.DiscoveryResponse
RequestResponseAck does a full XDS exchange: Send a request, get a response, and ACK the response
func (*AdsTest) RequestResponseNack ¶
func (a *AdsTest) RequestResponseNack(t test.Failer, req *discovery.DiscoveryRequest) *discovery.DiscoveryResponse
RequestResponseAck does a full XDS exchange with an error: Send a request, get a response, and NACK the response
func (*AdsTest) WithMetadata ¶
func (a *AdsTest) WithMetadata(m model.NodeMetadata) *AdsTest
type AuthorizationDebug ¶
type AuthorizationDebug struct {
AuthorizationPolicies *model.AuthorizationPolicies `json:"authorization_policies"`
}
AuthorizationDebug holds debug information for authorization policy.
type CdsGenerator ¶
type CdsGenerator struct {
ConfigGenerator core.ConfigGenerator
}
func (CdsGenerator) Generate ¶
func (c CdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
func (CdsGenerator) GenerateDeltas ¶
func (c CdsGenerator) GenerateDeltas(proxy *model.Proxy, req *model.PushRequest, w *model.WatchedResource, ) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)
GenerateDeltas for CDS currently only builds deltas when services change. todo implement changes for DestinationRule, etc
type Connection ¶
type Connection struct { xds.Connection // contains filtered or unexported fields }
func (*Connection) Close ¶
func (conn *Connection) Close()
func (*Connection) Clusters ¶
func (conn *Connection) Clusters() []string
func (*Connection) Initialize ¶
func (conn *Connection) Initialize(node *core.Node) error
func (*Connection) Process ¶
func (conn *Connection) Process(req *discovery.DiscoveryRequest) error
func (*Connection) Proxy ¶
func (conn *Connection) Proxy() *model.Proxy
func (*Connection) Push ¶
func (conn *Connection) Push(ev any) error
func (*Connection) Watcher ¶
func (conn *Connection) Watcher() xds.Watcher
func (*Connection) XdsConnection ¶
func (conn *Connection) XdsConnection() *xds.Connection
type DebounceOptions ¶
type DebounceOptions struct { // DebounceAfter is the delay added to events to wait // after a registry/config event for debouncing. // This will delay the push by at least this interval, plus // the time getting subsequent events. If no change is // detected the push will happen, otherwise we'll keep // delaying until things settle. DebounceAfter time.Duration // contains filtered or unexported fields }
type DebugGen ¶
type DebugGen struct { Server *DiscoveryServer SystemNamespace string DebugMux *http.ServeMux }
DebugGen is a Generator for istio debug info
func NewDebugGen ¶
func NewDebugGen(s *DiscoveryServer, systemNamespace string, debugMux *http.ServeMux) *DebugGen
func (*DebugGen) Generate ¶
func (dg *DebugGen) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
Generate XDS debug responses according to the incoming debug request
func (*DebugGen) GenerateDeltas ¶
func (dg *DebugGen) GenerateDeltas( proxy *model.Proxy, req *model.PushRequest, w *model.WatchedResource, ) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)
GenerateDeltas XDS debug responses according to the incoming debug request
type DeltaAdsTest ¶
func NewDeltaAdsTest ¶
func NewDeltaAdsTest(t test.Failer, conn *grpc.ClientConn) *DeltaAdsTest
func NewDeltaXdsTest ¶
func NewDeltaXdsTest(t test.Failer, conn *grpc.ClientConn, getClient func(conn *grpc.ClientConn) (DeltaDiscoveryClient, error), ) *DeltaAdsTest
func (*DeltaAdsTest) Cleanup ¶
func (a *DeltaAdsTest) Cleanup()
func (*DeltaAdsTest) DrainResponses ¶
func (a *DeltaAdsTest) DrainResponses()
DrainResponses reads all responses, but does nothing to them
func (*DeltaAdsTest) ExpectEmptyResponse ¶
func (a *DeltaAdsTest) ExpectEmptyResponse() *discovery.DeltaDiscoveryResponse
ExpectResponse waits until a response is received and returns it
func (*DeltaAdsTest) ExpectError ¶
func (a *DeltaAdsTest) ExpectError() error
ExpectError waits until an error is received and returns it
func (*DeltaAdsTest) ExpectNoResponse ¶
func (a *DeltaAdsTest) ExpectNoResponse()
ExpectNoResponse waits a short period of time and ensures no response is received
func (*DeltaAdsTest) ExpectResponse ¶
func (a *DeltaAdsTest) ExpectResponse() *discovery.DeltaDiscoveryResponse
ExpectResponse waits until a response is received and returns it
func (*DeltaAdsTest) Request ¶
func (a *DeltaAdsTest) Request(req *discovery.DeltaDiscoveryRequest)
func (*DeltaAdsTest) RequestResponseAck ¶
func (a *DeltaAdsTest) RequestResponseAck(req *discovery.DeltaDiscoveryRequest) *discovery.DeltaDiscoveryResponse
RequestResponseAck does a full XDS exchange: Send a request, get a response, and ACK the response
func (*DeltaAdsTest) RequestResponseNack ¶
func (a *DeltaAdsTest) RequestResponseNack(req *discovery.DeltaDiscoveryRequest) *discovery.DeltaDiscoveryResponse
RequestResponseNack does a full XDS exchange with an error: Send a request, get a response, and NACK the response
func (*DeltaAdsTest) WithID ¶
func (a *DeltaAdsTest) WithID(id string) *DeltaAdsTest
func (*DeltaAdsTest) WithMetadata ¶
func (a *DeltaAdsTest) WithMetadata(m model.NodeMetadata) *DeltaAdsTest
func (*DeltaAdsTest) WithNodeType ¶
func (a *DeltaAdsTest) WithNodeType(t model.NodeType) *DeltaAdsTest
func (*DeltaAdsTest) WithTimeout ¶
func (a *DeltaAdsTest) WithTimeout(t time.Duration) *DeltaAdsTest
func (*DeltaAdsTest) WithType ¶
func (a *DeltaAdsTest) WithType(typeURL string) *DeltaAdsTest
type DeltaDiscoveryClient ¶
type DeltaDiscoveryClient = discovery.AggregatedDiscoveryService_DeltaAggregatedResourcesClient
DeltaDiscoveryClient is a client interface for Delta XDS.
type DeltaDiscoveryStream ¶
type DeltaDiscoveryStream = discovery.AggregatedDiscoveryService_DeltaAggregatedResourcesServer
DeltaDiscoveryStream is a server interface for Delta XDS.
type DiscoveryClient ¶
type DiscoveryClient = discovery.AggregatedDiscoveryService_StreamAggregatedResourcesClient
DiscoveryClient is a client interface for XDS.
type DiscoveryServer ¶
type DiscoveryServer struct { // Env is the model environment. Env *model.Environment // Generators allow customizing the generated config, based on the client metadata. // Key is the generator type - will match the Generator metadata to set the per-connection // default generator, or the combination of Generator metadata and TypeUrl to select a // different generator for a type. // Normal istio clients use the default generator - will not be impacted by this. Generators map[string]model.XdsResourceGenerator // ProxyNeedsPush is a function that determines whether a push can be completely skipped. Individual generators // may also choose to not send any updates. ProxyNeedsPush func(proxy *model.Proxy, req *model.PushRequest) bool // RequestRateLimit limits the number of new XDS requests allowed. This helps prevent thundering hurd of incoming requests. RequestRateLimit *rate.Limiter // InboundUpdates describes the number of configuration updates the discovery server has received InboundUpdates *atomic.Int64 // CommittedUpdates describes the number of configuration updates the discovery server has // received, process, and stored in the push context. If this number is less than InboundUpdates, // there are updates we have not yet processed. // Note: This does not mean that all proxies have received these configurations; it is strictly // the push context, which means that the next push to a proxy will receive this configuration. CommittedUpdates *atomic.Int64 // Authenticators for XDS requests. Should be same/subset of the CA authenticators. Authenticators []security.Authenticator WorkloadEntryController *autoregistration.Controller DebounceOptions DebounceOptions // Cache for XDS resources Cache model.XdsCache // JwtKeyResolver holds a reference to the JWT key resolver instance. JwtKeyResolver *model.JwksResolver // ListRemoteClusters collects debug information about other clusters this istiod reads from. ListRemoteClusters func() []cluster.DebugInfo // ClusterAliases are alias names for cluster. When a proxy connects with a cluster ID // and if it has a different alias we should use that a cluster ID for proxy. ClusterAliases map[cluster.ID]cluster.ID // DiscoveryStartTime is the time since the binary started DiscoveryStartTime time.Time // contains filtered or unexported fields }
DiscoveryServer is Pilot's gRPC implementation for Envoy's xds APIs
func NewDiscoveryServer ¶
func NewDiscoveryServer(env *model.Environment, clusterAliases map[string]string) *DiscoveryServer
NewDiscoveryServer creates DiscoveryServer that sources data from Pilot's internal mesh data structures
func (*DiscoveryServer) AddDebugHandlers ¶
func (*DiscoveryServer) AdsPushAll ¶
func (s *DiscoveryServer) AdsPushAll(req *model.PushRequest)
AdsPushAll will send updates to all nodes, for a full config or incremental EDS.
func (*DiscoveryServer) AllClients ¶
func (s *DiscoveryServer) AllClients() []*Connection
AllClients returns all connected clients, per Clients, but additionally includes uninitialized connections Warning: callers must take care not to rely on the con.proxy field being set
func (*DiscoveryServer) CachesSynced ¶
func (s *DiscoveryServer) CachesSynced()
CachesSynced is called when caches have been synced so that server can accept connections.
func (*DiscoveryServer) Clients ¶
func (s *DiscoveryServer) Clients() []*Connection
Clients returns all currently connected clients. This method can be safely called concurrently, but care should be taken with the underlying objects (ie model.Proxy) to ensure proper locking. This method returns only fully initialized connections; for all connections, use AllClients
func (*DiscoveryServer) ConfigDump ¶
func (s *DiscoveryServer) ConfigDump(w http.ResponseWriter, req *http.Request)
ConfigDump returns information in the form of the Envoy admin API config dump for the specified proxy The dump will only contain dynamic listeners/clusters/routes and can be used to compare what an Envoy instance should look like according to Pilot vs what it currently does look like.
func (*DiscoveryServer) ConfigUpdate ¶
func (s *DiscoveryServer) ConfigUpdate(req *model.PushRequest)
ConfigUpdate implements ConfigUpdater interface, used to request pushes.
func (*DiscoveryServer) Debug ¶
func (s *DiscoveryServer) Debug(w http.ResponseWriter, req *http.Request)
Debug lists all the supported debug endpoints.
func (*DiscoveryServer) DebugEndpoints ¶
func (s *DiscoveryServer) DebugEndpoints() []string
DebugEndpoints lists all the supported debug endpoints.
func (*DiscoveryServer) DeltaAggregatedResources ¶
func (s *DiscoveryServer) DeltaAggregatedResources(stream discovery.AggregatedDiscoveryService_DeltaAggregatedResourcesServer) error
DeltaAggregatedResources is not implemented. Instead, Generators may send only updates/add, with Delete indicated by an empty spec. This works if both ends follow this model. For example EDS and the API generator follow this pattern.
The delta protocol changes the request, adding unsubscribe/subscribe instead of sending full list of resources. On the response it adds 'removed resources' and sends changes for everything.
func (*DiscoveryServer) EDSCacheUpdate ¶
func (s *DiscoveryServer) EDSCacheUpdate(shard model.ShardKey, serviceName string, namespace string, istioEndpoints []*model.IstioEndpoint, )
EDSCacheUpdate computes destination address membership across all clusters and networks. This is the main method implementing EDS. It replaces InstancesByPort in model - instead of iterating over all endpoints it uses the hostname-keyed map. And it avoids the conversion from Endpoint to ServiceEntry to envoy on each step: instead the conversion happens once, when an endpoint is first discovered.
Note: the difference with `EDSUpdate` is that it only update the cache rather than requesting a push
func (*DiscoveryServer) EDSUpdate ¶
func (s *DiscoveryServer) EDSUpdate(shard model.ShardKey, serviceName string, namespace string, istioEndpoints []*model.IstioEndpoint, )
EDSUpdate computes destination address membership across all clusters and networks. This is the main method implementing EDS. It replaces InstancesByPort in model - instead of iterating over all endpoints it uses the hostname-keyed map. And it avoids the conversion from Endpoint to ServiceEntry to envoy on each step: instead the conversion happens once, when an endpoint is first discovered.
func (*DiscoveryServer) InitDebug ¶
func (s *DiscoveryServer) InitDebug( mux *http.ServeMux, enableProfiling bool, fetchWebhook func() map[string]string, ) *http.ServeMux
InitDebug initializes the debug handlers and adds a debug in-memory registry.
func (*DiscoveryServer) IsServerReady ¶
func (s *DiscoveryServer) IsServerReady() bool
func (*DiscoveryServer) NextVersion ¶
func (s *DiscoveryServer) NextVersion() string
func (*DiscoveryServer) ProxyUpdate ¶
func (s *DiscoveryServer) ProxyUpdate(clusterID cluster.ID, ip string)
func (*DiscoveryServer) Push ¶
func (s *DiscoveryServer) Push(req *model.PushRequest)
Push is called to push changes on config updates using ADS.
func (*DiscoveryServer) Register ¶
func (s *DiscoveryServer) Register(rpcs *grpc.Server)
Register adds the ADS handler to the grpc server
func (*DiscoveryServer) RemoveShard ¶
func (s *DiscoveryServer) RemoveShard(shardKey model.ShardKey)
func (*DiscoveryServer) Shutdown ¶
func (s *DiscoveryServer) Shutdown()
Shutdown shuts down DiscoveryServer components.
func (*DiscoveryServer) SortedClients ¶
func (s *DiscoveryServer) SortedClients() []*Connection
SortedClients returns all currently connected clients in an ordered manner. Sorting order priority is as follows: ClusterID, Namespace, ID.
func (*DiscoveryServer) Start ¶
func (s *DiscoveryServer) Start(stopCh <-chan struct{})
func (*DiscoveryServer) StartPush ¶
func (s *DiscoveryServer) StartPush(req *model.PushRequest)
Send a signal to all connections, with a push event.
func (*DiscoveryServer) Stream ¶
func (s *DiscoveryServer) Stream(stream DiscoveryStream) error
func (*DiscoveryServer) StreamAggregatedResources ¶
func (s *DiscoveryServer) StreamAggregatedResources(stream DiscoveryStream) error
StreamAggregatedResources implements the ADS interface.
func (*DiscoveryServer) StreamDeltas ¶
func (s *DiscoveryServer) StreamDeltas(stream DeltaDiscoveryStream) error
func (*DiscoveryServer) SvcUpdate ¶
func (s *DiscoveryServer) SvcUpdate(shard model.ShardKey, hostname string, namespace string, event model.Event)
SvcUpdate is a callback from service discovery when service info changes.
func (*DiscoveryServer) Syncz ¶
func (s *DiscoveryServer) Syncz(w http.ResponseWriter, req *http.Request)
Syncz dumps the synchronization status of all Envoys connected to this Pilot instance
func (*DiscoveryServer) WaitForRequestLimit ¶
func (s *DiscoveryServer) WaitForRequestLimit(ctx context.Context) error
type DiscoveryStream ¶
type DiscoveryStream = xds.DiscoveryStream
DiscoveryStream is a server interface for XDS.
type EcdsGenerator ¶
type EcdsGenerator struct { ConfigGenerator core.ConfigGenerator // contains filtered or unexported fields }
EcdsGenerator generates ECDS configuration.
func (*EcdsGenerator) Generate ¶
func (e *EcdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
Generate returns ECDS resources for a given proxy.
func (*EcdsGenerator) GeneratePullSecrets ¶
func (e *EcdsGenerator) GeneratePullSecrets(proxy *model.Proxy, secretResources []SecretResource, secretController credscontroller.Controller, ) map[string][]byte
func (*EcdsGenerator) SetCredController ¶
func (e *EcdsGenerator) SetCredController(creds credscontroller.MulticlusterController)
type EdsGenerator ¶
type EdsGenerator struct { Cache model.XdsCache EndpointIndex *model.EndpointIndex }
EdsGenerator implements the new Generate method for EDS, using the in-memory, optimized endpoint storage in DiscoveryServer.
func (*EdsGenerator) Generate ¶
func (eds *EdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
func (*EdsGenerator) GenerateDeltas ¶
func (eds *EdsGenerator) GenerateDeltas(proxy *model.Proxy, req *model.PushRequest, w *model.WatchedResource, ) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)
type Event ¶
type Event struct {
// contains filtered or unexported fields
}
Event represents a config or registry event that results in a push.
type EventType ¶
type EventType = string
EventType represents the type of object we are tracking, mapping to envoy TypeUrl.
type IstioControlPlaneInstance ¶
type IstioControlPlaneInstance struct { // The Istio component type (e.g. "istiod") Component string // The ID of the component instance ID string // The Istio version Info istioversion.BuildInfo }
IstioControlPlaneInstance defines the format Istio uses for when creating Envoy config.core.v3.ControlPlane.identifier
type LdsGenerator ¶
type LdsGenerator struct {
ConfigGenerator core.ConfigGenerator
}
func (LdsGenerator) Generate ¶
func (l LdsGenerator) Generate(proxy *model.Proxy, _ *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
type NdsGenerator ¶
type NdsGenerator struct {
ConfigGenerator core.ConfigGenerator
}
NdsGenerator generates config for Nds i.e. Name Discovery Service. Istio agents send NDS requests to istiod and istiod responds with a list of services and their associated IPs (including service entries). The agent then updates its internal DNS based on this data. If DNS capture is enabled in the pod the agent will capture all DNS requests and attempt to resolve locally before forwarding to upstream dns servers.
func (NdsGenerator) Generate ¶
func (n NdsGenerator) Generate(proxy *model.Proxy, _ *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
type PcdsGenerator ¶
type PcdsGenerator struct {
TrustBundle *tb.TrustBundle
}
PcdsGenerator generates proxy configuration for proxies to consume
func (*PcdsGenerator) Generate ¶
func (e *PcdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
Generate returns ProxyConfig protobuf containing TrustBundle for given proxy
type PushContextDebug ¶
type PushContextDebug struct { AuthorizationPolicies *model.AuthorizationPolicies NetworkGateways []model.NetworkGateway UnresolvedGateways []model.NetworkGateway }
PushContextDebug holds debug information for push context.
type PushQueue ¶
type PushQueue struct {
// contains filtered or unexported fields
}
func NewPushQueue ¶
func NewPushQueue() *PushQueue
func (*PushQueue) Dequeue ¶
func (p *PushQueue) Dequeue() (con *Connection, request *model.PushRequest, shutdown bool)
Remove a proxy from the queue. If there are no proxies ready to be removed, this will block
func (*PushQueue) Enqueue ¶
func (p *PushQueue) Enqueue(con *Connection, pushRequest *model.PushRequest)
Enqueue will mark a proxy as pending a push. If it is already pending, pushInfo will be merged. ServiceEntry updates will be added together, and full will be set if either were full
func (*PushQueue) MarkDone ¶
func (p *PushQueue) MarkDone(con *Connection)
type RdsGenerator ¶
type RdsGenerator struct {
ConfigGenerator core.ConfigGenerator
}
func (RdsGenerator) Generate ¶
func (c RdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
type ResourceStatus ¶
type ResponseCapture ¶
type ResponseCapture struct {
// contains filtered or unexported fields
}
func NewResponseCapture ¶
func NewResponseCapture() *ResponseCapture
func (ResponseCapture) Header ¶
func (r ResponseCapture) Header() http.Header
func (ResponseCapture) WriteHeader ¶
func (r ResponseCapture) WriteHeader(statusCode int)
type SecretGen ¶
type SecretGen struct {
// contains filtered or unexported fields
}
func NewSecretGen ¶
func NewSecretGen(sc credscontroller.MulticlusterController, cache model.XdsCache, configCluster cluster.ID, meshConfig *mesh.MeshConfig, ) *SecretGen
func (*SecretGen) Generate ¶
func (s *SecretGen) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
type SecretResource ¶
type SecretResource struct { credentials.SecretResource // contains filtered or unexported fields }
SecretResource wraps the authnmodel type with cache functions implemented
func (SecretResource) Cacheable ¶
func (sr SecretResource) Cacheable() bool
func (SecretResource) DependentConfigs ¶
func (sr SecretResource) DependentConfigs() []model.ConfigHash
func (SecretResource) Key ¶
func (sr SecretResource) Key() any
func (SecretResource) Type ¶
func (sr SecretResource) Type() string
type StatusGen ¶
type StatusGen struct {
Server *DiscoveryServer
}
StatusGen is a Generator for XDS status: connections, syncz, configdump
func NewStatusGen ¶
func NewStatusGen(s *DiscoveryServer) *StatusGen
func (*StatusGen) Generate ¶
func (sg *StatusGen) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
Generate XDS responses about internal events: - connection status - NACKs We can also expose ACKS.
func (*StatusGen) GenerateDeltas ¶
func (sg *StatusGen) GenerateDeltas( proxy *model.Proxy, req *model.PushRequest, w *model.WatchedResource, ) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)
Generate delta XDS responses about internal events: - connection status - NACKs We can also expose ACKS.
type SyncStatus ¶
type SyncStatus struct { ClusterID string `json:"cluster_id,omitempty"` ProxyID string `json:"proxy,omitempty"` ProxyType model.NodeType `json:"proxy_type,omitempty"` ProxyVersion string `json:"proxy_version,omitempty"` IstioVersion string `json:"istio_version,omitempty"` ClusterSent string `json:"cluster_sent,omitempty"` ClusterAcked string `json:"cluster_acked,omitempty"` ListenerSent string `json:"listener_sent,omitempty"` ListenerAcked string `json:"listener_acked,omitempty"` RouteSent string `json:"route_sent,omitempty"` RouteAcked string `json:"route_acked,omitempty"` EndpointSent string `json:"endpoint_sent,omitempty"` EndpointAcked string `json:"endpoint_acked,omitempty"` ExtensionConfigSent string `json:"extensionconfig_sent,omitempty"` ExtensionConfigAcked string `json:"extensionconfig_acked,omitempty"` Resources map[string]ResourceStatus `json:"resources,omitempty"` }
SyncStatus is the synchronization status between Pilot and a given Envoy
type SyncedVersions ¶
type SyncedVersions struct { ProxyID string `json:"proxy,omitempty"` ClusterVersion string `json:"cluster_acked,omitempty"` ListenerVersion string `json:"listener_acked,omitempty"` RouteVersion string `json:"route_acked,omitempty"` EndpointVersion string `json:"endpoint_acked,omitempty"` }
SyncedVersions shows what resourceVersion of a given resource has been acked by Envoy.
type TelemetryDebug ¶
type TelemetryDebug struct {
Telemetries *model.Telemetries `json:"telemetries"`
}
AuthorizationDebug holds debug information for authorization policy.
type WorkloadGenerator ¶
type WorkloadGenerator struct {
Server *DiscoveryServer
}
func (WorkloadGenerator) Generate ¶
func (e WorkloadGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
func (WorkloadGenerator) GenerateDeltas ¶
func (e WorkloadGenerator) GenerateDeltas( proxy *model.Proxy, req *model.PushRequest, w *model.WatchedResource, ) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)
GenerateDeltas computes Workload resources. This is design to be highly optimized to delta updates, and supports *on-demand* client usage. A client can subscribe with a wildcard subscription and get all resources (with delta updates), or on-demand and only get responses for specifically subscribed resources.
Incoming requests may be for VIP or Pod IP addresses. However, all responses are Workload resources, which are pod based. This means subscribing to a VIP may end up pushing many resources of different name than the request. On-demand clients are expected to handle this (for wildcard, this is not applicable, as they don't specify any resources at all).
type WorkloadRBACGenerator ¶
type WorkloadRBACGenerator struct {
Server *DiscoveryServer
}
func (WorkloadRBACGenerator) Generate ¶
func (e WorkloadRBACGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)
func (WorkloadRBACGenerator) GenerateDeltas ¶
func (e WorkloadRBACGenerator) GenerateDeltas( proxy *model.Proxy, req *model.PushRequest, w *model.WatchedResource, ) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)