Documentation
¶
Index ¶
Constants ¶
View Source
const ( TLSTransportProtocol = "tls" RawBufferTransportProtocol = "raw_buffer" // Alpn HTTP filter name which will override the ALPN for upstream TLS connection. AlpnFilterName = "istio.alpn" MxFilterName = "istio.metadata_exchange" // EnvoyJwtFilterName is the name of the Envoy JWT filter. EnvoyJwtFilterName = "envoy.filters.http.jwt_authn" // EnvoyJwtFilterPayload is the struct field for the payload in dynamic metadata in Envoy JWT filter. EnvoyJwtFilterPayload = "payload" )
Variables ¶
View Source
var ( RetryPreviousHosts = &route.RetryPolicy_RetryHostPredicate{ Name: "envoy.retry_host_predicates.previous_hosts", ConfigType: &route.RetryPolicy_RetryHostPredicate_TypedConfig{ TypedConfig: protoconv.MessageToAny(&previoushost.PreviousHostsPredicate{}), }, } RawBufferTransportSocket = &core.TransportSocket{ Name: wellknown.TransportSocketRawBuffer, ConfigType: &core.TransportSocket_TypedConfig{ TypedConfig: protoconv.MessageToAny(&rawbuffer.RawBuffer{}), }, } Cors = &hcm.HttpFilter{ Name: wellknown.CORS, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&cors.Cors{}), }, } Fault = &hcm.HttpFilter{ Name: wellknown.Fault, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&fault.HTTPFault{}), }, } GrpcWeb = &hcm.HttpFilter{ Name: wellknown.GRPCWeb, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&grpcweb.GrpcWeb{}), }, } GrpcStats = &hcm.HttpFilter{ Name: wellknown.HTTPGRPCStats, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&grpcstats.FilterConfig{ EmitFilterState: true, PerMethodStatSpecifier: &grpcstats.FilterConfig_StatsForAllMethods{ StatsForAllMethods: &wrapperspb.BoolValue{Value: false}, }, }), }, } TLSInspector = &listener.ListenerFilter{ Name: wellknown.TLSInspector, ConfigType: &listener.ListenerFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&tlsinspector.TlsInspector{ InitialReadBufferSize: &wrapperspb.UInt32Value{Value: 512}, }), }, } HTTPInspector = &listener.ListenerFilter{ Name: wellknown.HTTPInspector, ConfigType: &listener.ListenerFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&httpinspector.HttpInspector{}), }, } OriginalDestination = &listener.ListenerFilter{ Name: wellknown.OriginalDestination, ConfigType: &listener.ListenerFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&originaldst.OriginalDst{}), }, } OriginalSrc = &listener.ListenerFilter{ Name: wellknown.OriginalSource, ConfigType: &listener.ListenerFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&originalsrc.OriginalSrc{ Mark: 1337, }), }, } ProxyProtocol = &listener.ListenerFilter{ Name: wellknown.ProxyProtocol, ConfigType: &listener.ListenerFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&proxy_proto.ProxyProtocol{}), }, } EmptySessionFilter = &hcm.HttpFilter{ Name: util.StatefulSessionFilter, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&statefulsession.StatefulSession{}), }, } Alpn = &hcm.HttpFilter{ Name: AlpnFilterName, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&alpn.FilterConfig{ AlpnOverride: []*alpn.FilterConfig_AlpnOverride{ { UpstreamProtocol: alpn.FilterConfig_HTTP10, AlpnOverride: mtlsHTTP10ALPN, }, { UpstreamProtocol: alpn.FilterConfig_HTTP11, AlpnOverride: mtlsHTTP11ALPN, }, { UpstreamProtocol: alpn.FilterConfig_HTTP2, AlpnOverride: mtlsHTTP2ALPN, }, }, }), }, } TCPListenerMx = &listener.Filter{ Name: MxFilterName, ConfigType: &listener.Filter_TypedConfig{TypedConfig: tcpMx}, } TCPClusterMx = &cluster.Filter{ Name: MxFilterName, TypedConfig: tcpMx, } WaypointDownstreamMetadataFilter = &hcm.HttpFilter{ Name: "waypoint_downstream_peer_metadata", ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.TypedStructWithFields("type.googleapis.com/io.istio.http.peer_metadata.Config", map[string]any{ "downstream_discovery": []any{ map[string]any{ "workload_discovery": map[string]any{}, }, }, "shared_with_upstream": true, }), }, } WaypointUpstreamMetadataFilter = &hcm.HttpFilter{ Name: "waypoint_upstream_peer_metadata", ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.TypedStructWithFields("type.googleapis.com/io.istio.http.peer_metadata.Config", map[string]any{ "upstream_discovery": []any{ map[string]any{ "workload_discovery": map[string]any{}, }, }, }), }, } SidecarInboundMetadataFilter = &hcm.HttpFilter{ Name: MxFilterName, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.TypedStructWithFields("type.googleapis.com/io.istio.http.peer_metadata.Config", map[string]any{ "downstream_discovery": []any{ map[string]any{ "istio_headers": map[string]any{}, }, map[string]any{ "workload_discovery": map[string]any{}, }, }, "downstream_propagation": []any{ map[string]any{ "istio_headers": map[string]any{}, }, }, }), }, } SidecarOutboundMetadataFilter = &hcm.HttpFilter{ Name: MxFilterName, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.TypedStructWithFields("type.googleapis.com/io.istio.http.peer_metadata.Config", map[string]any{ "upstream_discovery": []any{ map[string]any{ "istio_headers": map[string]any{}, }, map[string]any{ "workload_discovery": map[string]any{}, }, }, "upstream_propagation": []any{ map[string]any{ "istio_headers": map[string]any{}, }, }, }), }, } // TODO https://github.com/istio/istio/issues/46740 // false values can be omitted in protobuf, results in diff JSON values between control plane and envoy config dumps // long term fix will be to add the metadata config to istio/api and use that over TypedStruct SidecarOutboundMetadataFilterSkipHeaders = &hcm.HttpFilter{ Name: MxFilterName, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.TypedStructWithFields("type.googleapis.com/io.istio.http.peer_metadata.Config", map[string]any{ "upstream_discovery": []any{ map[string]any{ "istio_headers": map[string]any{}, }, map[string]any{ "workload_discovery": map[string]any{}, }, }, "upstream_propagation": []any{ map[string]any{ "istio_headers": map[string]any{ "skip_external_clusters": true, }, }, }, }), }, } ConnectAuthorityFilter = &hcm.HttpFilter{ Name: "connect_authority", ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&sfs.Config{ OnRequestHeaders: []*sfsvalue.FilterStateValue{ { Key: &sfsvalue.FilterStateValue_ObjectKey{ ObjectKey: "envoy.filters.listener.original_dst.local_ip", }, Value: &sfsvalue.FilterStateValue_FormatString{ FormatString: &core.SubstitutionFormatString{ Format: &core.SubstitutionFormatString_TextFormatSource{ TextFormatSource: &core.DataSource{ Specifier: &core.DataSource_InlineString{ InlineString: "%REQ(:AUTHORITY)%", }, }, }, }, }, SharedWithUpstream: sfsvalue.FilterStateValue_ONCE, }, { Key: &sfsvalue.FilterStateValue_ObjectKey{ ObjectKey: "envoy.filters.listener.original_dst.remote_ip", }, Value: &sfsvalue.FilterStateValue_FormatString{ FormatString: &core.SubstitutionFormatString{ Format: &core.SubstitutionFormatString_TextFormatSource{ TextFormatSource: &core.DataSource{ Specifier: &core.DataSource_InlineString{ InlineString: "%DOWNSTREAM_REMOTE_ADDRESS%", }, }, }, }, }, SharedWithUpstream: sfsvalue.FilterStateValue_ONCE, }, { Key: &sfsvalue.FilterStateValue_ObjectKey{ ObjectKey: "io.istio.peer_principal", }, FactoryKey: "envoy.string", Value: &sfsvalue.FilterStateValue_FormatString{ FormatString: &core.SubstitutionFormatString{ Format: &core.SubstitutionFormatString_TextFormatSource{ TextFormatSource: &core.DataSource{ Specifier: &core.DataSource_InlineString{ InlineString: "%DOWNSTREAM_PEER_URI_SAN%", }, }, }, }, }, SharedWithUpstream: sfsvalue.FilterStateValue_ONCE, }, { Key: &sfsvalue.FilterStateValue_ObjectKey{ ObjectKey: "io.istio.local_principal", }, FactoryKey: "envoy.string", Value: &sfsvalue.FilterStateValue_FormatString{ FormatString: &core.SubstitutionFormatString{ Format: &core.SubstitutionFormatString_TextFormatSource{ TextFormatSource: &core.DataSource{ Specifier: &core.DataSource_InlineString{ InlineString: "%DOWNSTREAM_LOCAL_URI_SAN%", }, }, }, }, }, SharedWithUpstream: sfsvalue.FilterStateValue_ONCE, }, }, }), }, } ConnectAuthorityNetworkFilter = &listener.Filter{ Name: "connect_authority", ConfigType: &listener.Filter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&sfsnetwork.Config{ OnNewConnection: []*sfsvalue.FilterStateValue{{ Key: &sfsvalue.FilterStateValue_ObjectKey{ ObjectKey: "envoy.filters.listener.original_dst.local_ip", }, Value: &sfsvalue.FilterStateValue_FormatString{ FormatString: &core.SubstitutionFormatString{ Format: &core.SubstitutionFormatString_TextFormatSource{ TextFormatSource: &core.DataSource{ Specifier: &core.DataSource_InlineString{ InlineString: "%FILTER_STATE(envoy.filters.listener.original_dst.local_ip:PLAIN)%", }, }, }, }, }, SharedWithUpstream: sfsvalue.FilterStateValue_ONCE, }}, }), }, } )
Define static filters to be reused across the codebase. This avoids duplicate marshaling/unmarshaling This should not be used for filters that will be mutated
View Source
var ( EnvironmentResourceDetector = &core.TypedExtensionConfig{ Name: "envoy.tracers.opentelemetry.resource_detectors.environment", TypedConfig: protoconv.MessageToAny(&resourcedetectors.EnvironmentResourceDetectorConfig{}), } DynatraceResourceDetector = &core.TypedExtensionConfig{ Name: "envoy.tracers.opentelemetry.resource_detectors.dynatrace", TypedConfig: protoconv.MessageToAny(&resourcedetectors.DynatraceResourceDetectorConfig{}), } )
OpenTelemetry Resource Detectors
Functions ¶
func BuildRouterFilter ¶
func BuildRouterFilter(ctx RouterFilterContext) *hcm.HttpFilter
Types ¶
type RouterFilterContext ¶
Source Files
Click to show internal directories.
Click to hide internal directories.