Documentation ¶
Index ¶
Constants ¶
View Source
const ( EndpointType = apiTypePrefix + "envoy.config.endpoint.v3.ClusterLoadAssignment" ClusterType = apiTypePrefix + "envoy.config.cluster.v3.Dest" RouteType = apiTypePrefix + "envoy.config.route.v3.RouteConfiguration" ScopedRouteType = apiTypePrefix + "envoy.config.route.v3.ScopedRouteConfiguration" VirtualHostType = apiTypePrefix + "envoy.config.route.v3.VirtualHost" ListenerType = apiTypePrefix + "envoy.config.listener.v3.Listener" SecretType = apiTypePrefix + "envoy.extensions.transport_sockets.tls.v3.Secret" ExtensionConfigType = apiTypePrefix + "envoy.config.core.v3.TypedExtensionConfig" RuntimeType = apiTypePrefix + "envoy.service.runtime.v3.Runtime" // AnyType is used only by ADS AnyType = "" )
Resource types in xDS v3.
View Source
const RBAC_TYPE = "type.googleapis.com/istio.workload.Authorization"
View Source
const WORKLOAD_TYPE = "type.googleapis.com/istio.workload.Workload"
Required node info in ambient:
INSTANCE_IPS ( env var is INSTANCE_IP )
POD_NAME
NAMESPACE - from POD_NAMESPACE
NODE_NAME
AMBIENT_TYPE
Id: sidecar~{ip}~{pod_name}.{ns}~{ns}.svc.cluster.local
Variables ¶
Functions ¶
func GetCertIstio ¶
func GetCertIstio(ctx context.Context, dest *meshauth.Dest, ttlSec int, certSigner string) ([]byte, []string, error)
GetCertIstio implements the basic Istio gRPC protocol The 'dest' may be configured with
- TokenSource reading the istio-ca mounted token
- K8S token source returning "istio-ca" certs (using cluster, kubeconfig or other user creds)
- An existing certificate
- A long-lived certificate
func TransportFunc ¶
func TransportFunc(d *meshauth.Dest) http.RoundTripper
Types ¶
type LRS ¶
type LRS struct { }
func (*LRS) StreamLoadStats ¶
func (l *LRS) StreamLoadStats(ctx context.Context, s *connect_go.BidiStream[lrspb.LoadStatsRequest, lrspb.LoadStatsResponse]) error
type StreamService ¶
type XDSConfig ¶
type XDSConfig struct { // Namespace defaults to 'default' Namespace string // Workload defaults to 'test' Workload string XDSHeaders map[string]string // IP is currently the primary key used to locate inbound configs. It is sent by client, // must match a known endpoint IP. Tests can use a ServiceEntry to register fake IPs. IP string // Context used for early cancellation Context context.Context // Base URL of the XDS server, including scheme XDS string }
type XDSResource ¶
Click to show internal directories.
Click to hide internal directories.