Documentation
¶
Index ¶
Constants ¶
View Source
const ( TLSTransportProtocol = "tls" RawBufferTransportProtocol = "raw_buffer" // Alpn HTTP filter name which will override the ALPN for upstream TLS connection. AlpnFilterName = "istio.alpn" // MxFilterName TCP MX is an Istio filter defined in https://github.com/istio/proxy/tree/master/source/extensions/filters/network/metadata_exchange. MxFilterName = "istio.metadata_exchange" // EnvoyJwtFilterName is the name of the Envoy JWT filter. EnvoyJwtFilterName = "envoy.filters.http.jwt_authn" // EnvoyJwtFilterPayload is the struct field for the payload in dynamic metadata in Envoy JWT filter. EnvoyJwtFilterPayload = "payload" PeerMetadataTypeURL = "type.googleapis.com/io.istio.http.peer_metadata.Config" MetadataExchangeTypeURL = "type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange" // OriginalDstFilterStateKey is a filter state key where we store the :authority. This has traditionally been an // IP address, but it can also be a hostname if the incoming CONNECT tunnel was sent via double-HBONE. // It will fail if the value is not a valid IP address. OriginalDstFilterStateKey = "envoy.filters.listener.original_dst.local_ip" // Authority Key is another filter state key where we store :authority. Because this is not a // well-known filter state key, we can store non-IP address :authorities in here AuthorityFilterStateKey = "io.istio.connect_authority" )
Variables ¶
View Source
var ( RetryPreviousHosts = &route.RetryPolicy_RetryHostPredicate{ Name: "envoy.retry_host_predicates.previous_hosts", ConfigType: &route.RetryPolicy_RetryHostPredicate_TypedConfig{ TypedConfig: protoconv.MessageToAny(&previoushost.PreviousHostsPredicate{}), }, } RawBufferTransportSocket = &core.TransportSocket{ Name: wellknown.TransportSocketRawBuffer, ConfigType: &core.TransportSocket_TypedConfig{ TypedConfig: protoconv.MessageToAny(&rawbuffer.RawBuffer{}), }, } Cors = &hcm.HttpFilter{ Name: wellknown.CORS, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&cors.Cors{}), }, } Fault = &hcm.HttpFilter{ Name: wellknown.Fault, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&fault.HTTPFault{}), }, } GrpcWeb = &hcm.HttpFilter{ Name: wellknown.GRPCWeb, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&grpcweb.GrpcWeb{}), }, } GrpcStats = &hcm.HttpFilter{ Name: wellknown.HTTPGRPCStats, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&grpcstats.FilterConfig{ EmitFilterState: true, PerMethodStatSpecifier: &grpcstats.FilterConfig_StatsForAllMethods{ StatsForAllMethods: &wrapperspb.BoolValue{Value: false}, }, }), }, } TLSInspector = &listener.ListenerFilter{ Name: wellknown.TLSInspector, ConfigType: &listener.ListenerFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&tlsinspector.TlsInspector{ InitialReadBufferSize: &wrapperspb.UInt32Value{Value: 512}, }), }, } HTTPInspector = &listener.ListenerFilter{ Name: wellknown.HTTPInspector, ConfigType: &listener.ListenerFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&httpinspector.HttpInspector{}), }, } OriginalDestination = &listener.ListenerFilter{ Name: wellknown.OriginalDestination, ConfigType: &listener.ListenerFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&originaldst.OriginalDst{}), }, } OriginalSrc = &listener.ListenerFilter{ Name: wellknown.OriginalSource, ConfigType: &listener.ListenerFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&originalsrc.OriginalSrc{ Mark: 1337, }), }, } ProxyProtocol = &listener.ListenerFilter{ Name: wellknown.ProxyProtocol, ConfigType: &listener.ListenerFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&proxy_proto.ProxyProtocol{}), }, } EmptySessionFilter = &hcm.HttpFilter{ Name: util.StatefulSessionFilter, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&statefulsession.StatefulSession{}), }, } Alpn = &hcm.HttpFilter{ Name: AlpnFilterName, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&alpn.FilterConfig{ AlpnOverride: []*alpn.FilterConfig_AlpnOverride{ { UpstreamProtocol: alpn.FilterConfig_HTTP10, AlpnOverride: mtlsHTTP10ALPN, }, { UpstreamProtocol: alpn.FilterConfig_HTTP11, AlpnOverride: mtlsHTTP11ALPN, }, { UpstreamProtocol: alpn.FilterConfig_HTTP2, AlpnOverride: mtlsHTTP2ALPN, }, }, }), }, } WaypointDownstreamMetadataFilter = &hcm.HttpFilter{ Name: "waypoint_downstream_peer_metadata", ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.TypedStructWithFields(PeerMetadataTypeURL, map[string]any{ "downstream_discovery": []any{ map[string]any{ "workload_discovery": map[string]any{}, }, }, "shared_with_upstream": true, }), }, } WaypointUpstreamMetadataFilter = &hcm.HttpFilter{ Name: "waypoint_upstream_peer_metadata", ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.TypedStructWithFields(PeerMetadataTypeURL, map[string]any{ "upstream_discovery": []any{ map[string]any{ "workload_discovery": map[string]any{}, }, }, }), }, } ConnectAuthorityFilter = &hcm.HttpFilter{ Name: "connect_authority", ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&sfs.Config{ OnRequestHeaders: []*sfsvalue.FilterStateValue{ { Key: &sfsvalue.FilterStateValue_ObjectKey{ ObjectKey: OriginalDstFilterStateKey, }, Value: &sfsvalue.FilterStateValue_FormatString{ FormatString: &core.SubstitutionFormatString{ Format: &core.SubstitutionFormatString_TextFormatSource{ TextFormatSource: &core.DataSource{ Specifier: &core.DataSource_InlineString{ InlineString: "%REQ(:AUTHORITY)%", }, }, }, }, }, SharedWithUpstream: sfsvalue.FilterStateValue_ONCE, }, { Key: &sfsvalue.FilterStateValue_ObjectKey{ ObjectKey: AuthorityFilterStateKey, }, Value: &sfsvalue.FilterStateValue_FormatString{ FormatString: &core.SubstitutionFormatString{ Format: &core.SubstitutionFormatString_TextFormatSource{ TextFormatSource: &core.DataSource{ Specifier: &core.DataSource_InlineString{ InlineString: "%REQ(:AUTHORITY)%", }, }, }, }, }, FactoryKey: "envoy.string", SharedWithUpstream: sfsvalue.FilterStateValue_ONCE, }, { Key: &sfsvalue.FilterStateValue_ObjectKey{ ObjectKey: "envoy.filters.listener.original_dst.remote_ip", }, Value: &sfsvalue.FilterStateValue_FormatString{ FormatString: &core.SubstitutionFormatString{ Format: &core.SubstitutionFormatString_TextFormatSource{ TextFormatSource: &core.DataSource{ Specifier: &core.DataSource_InlineString{ InlineString: "%DOWNSTREAM_REMOTE_ADDRESS%", }, }, }, }, }, SharedWithUpstream: sfsvalue.FilterStateValue_ONCE, }, { Key: &sfsvalue.FilterStateValue_ObjectKey{ ObjectKey: "io.istio.peer_principal", }, FactoryKey: "envoy.string", Value: &sfsvalue.FilterStateValue_FormatString{ FormatString: &core.SubstitutionFormatString{ Format: &core.SubstitutionFormatString_TextFormatSource{ TextFormatSource: &core.DataSource{ Specifier: &core.DataSource_InlineString{ InlineString: "%DOWNSTREAM_PEER_URI_SAN%", }, }, }, }, }, SharedWithUpstream: sfsvalue.FilterStateValue_ONCE, }, { Key: &sfsvalue.FilterStateValue_ObjectKey{ ObjectKey: "io.istio.local_principal", }, FactoryKey: "envoy.string", Value: &sfsvalue.FilterStateValue_FormatString{ FormatString: &core.SubstitutionFormatString{ Format: &core.SubstitutionFormatString_TextFormatSource{ TextFormatSource: &core.DataSource{ Specifier: &core.DataSource_InlineString{ InlineString: "%DOWNSTREAM_LOCAL_URI_SAN%", }, }, }, }, }, SharedWithUpstream: sfsvalue.FilterStateValue_ONCE, }, }, }), }, } ConnectAuthorityNetworkFilter = &listener.Filter{ Name: "connect_authority", ConfigType: &listener.Filter_TypedConfig{ TypedConfig: protoconv.MessageToAny(&sfsnetwork.Config{ OnNewConnection: []*sfsvalue.FilterStateValue{{ Key: &sfsvalue.FilterStateValue_ObjectKey{ ObjectKey: OriginalDstFilterStateKey, }, Value: &sfsvalue.FilterStateValue_FormatString{ FormatString: &core.SubstitutionFormatString{ Format: &core.SubstitutionFormatString_TextFormatSource{ TextFormatSource: &core.DataSource{ Specifier: &core.DataSource_InlineString{ InlineString: "%FILTER_STATE(envoy.filters.listener.original_dst.local_ip:PLAIN)%", }, }, }, }, }, SharedWithUpstream: sfsvalue.FilterStateValue_ONCE, }}, }), }, } )
Define static filters to be reused across the codebase. This avoids duplicate marshaling/unmarshaling This should not be used for filters that will be mutated
View Source
var ( EnvironmentResourceDetector = &core.TypedExtensionConfig{ Name: "envoy.tracers.opentelemetry.resource_detectors.environment", TypedConfig: protoconv.MessageToAny(&resourcedetectors.EnvironmentResourceDetectorConfig{}), } DynatraceResourceDetector = &core.TypedExtensionConfig{ Name: "envoy.tracers.opentelemetry.resource_detectors.dynatrace", TypedConfig: protoconv.MessageToAny(&resourcedetectors.DynatraceResourceDetectorConfig{}), } )
OpenTelemetry Resource Detectors
View Source
var ( TCPClusterMx = func() *cluster.Filter { cfg := map[string]any{ "protocol": "istio-peer-exchange", "enable_discovery": true, } additionalLabels(cfg) return &cluster.Filter{ Name: MxFilterName, TypedConfig: protoconv.TypedStructWithFields(MetadataExchangeTypeURL, cfg), } }() TCPListenerMx = func() *listener.Filter { cfg := map[string]any{ "protocol": "istio-peer-exchange", "enable_discovery": true, } additionalLabels(cfg) return &listener.Filter{ Name: MxFilterName, ConfigType: &listener.Filter_TypedConfig{ TypedConfig: protoconv.TypedStructWithFields(MetadataExchangeTypeURL, cfg), }, } }() SidecarInboundMetadataFilter = func() *hcm.HttpFilter { cfg := map[string]any{ "downstream_discovery": []any{ map[string]any{ "istio_headers": map[string]any{}, }, map[string]any{ "workload_discovery": map[string]any{}, }, }, "downstream_propagation": []any{ map[string]any{ "istio_headers": map[string]any{}, }, }, } additionalLabels(cfg) return &hcm.HttpFilter{ Name: MxFilterName, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.TypedStructWithFields(PeerMetadataTypeURL, cfg), }, } }() SidecarOutboundMetadataFilter = func() *hcm.HttpFilter { cfg := map[string]any{ "upstream_discovery": []any{ map[string]any{ "istio_headers": map[string]any{}, }, map[string]any{ "workload_discovery": map[string]any{}, }, }, "upstream_propagation": []any{ map[string]any{ "istio_headers": map[string]any{}, }, }, } additionalLabels(cfg) return &hcm.HttpFilter{ Name: MxFilterName, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.TypedStructWithFields(PeerMetadataTypeURL, cfg), }, } }() SidecarOutboundMetadataFilterSkipHeaders = func() *hcm.HttpFilter { cfg := map[string]any{ "upstream_discovery": []any{ map[string]any{ "istio_headers": map[string]any{}, }, map[string]any{ "workload_discovery": map[string]any{}, }, }, "upstream_propagation": []any{ map[string]any{ "istio_headers": map[string]any{ "skip_external_clusters": true, }, }, }, } additionalLabels(cfg) return &hcm.HttpFilter{ Name: MxFilterName, ConfigType: &hcm.HttpFilter_TypedConfig{ TypedConfig: protoconv.TypedStructWithFields(PeerMetadataTypeURL, cfg), }, } }() )
Functions ¶
func BuildRouterFilter ¶
func BuildRouterFilter(ctx RouterFilterContext) *hcm.HttpFilter
Types ¶
type RouterFilterContext ¶
Source Files
Click to show internal directories.
Click to hide internal directories.