envoy

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 8, 2021 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Overview

Package envoy implements utility routines related to Envoy proxy, and models an instance of a proxy to be able to generate XDS configurations for it.

Index

Constants

View Source 
const (
	// EnvoyActiveHealthCheckPath is the HTTP endpoint to be used to receive
	// active health checks.
	EnvoyActiveHealthCheckPath = "/healthz/osm"

	// EnvoyActiveHealthCheckHeaderKey is the HTTP header key used to identify
	// active health check traffic.
	EnvoyActiveHealthCheckHeaderKey = "x-osm-envoy-healthcheck"
)
View Source 
const (
	// TransportProtocolTLS is the TLS transport protocol used in Envoy configurations
	TransportProtocolTLS = "tls"

	// OutboundPassthroughCluster is the outbound passthrough cluster name
	OutboundPassthroughCluster = "passthrough-outbound"

	// AccessLoggerName is name used for the envoy access loggers.
	AccessLoggerName = "envoy.access_loggers.stream"

	// MulticlusterGatewayCluster is the tls passthough cluster name for multicluster gateway
	MulticlusterGatewayCluster = "passthrough-multicluster-gateway"
)

Variables

View Source 
var (
	// ErrInvalidCertificateCN is an error for when a certificate has a CommonName, which does not match expected string format.
	ErrInvalidCertificateCN = errors.New("invalid cn")

	// ErrMoreThanOnePodForCertificate is an error for when OSM finds more than one pod for a given xDS certificate. There should always be exactly one Pod for a given xDS certificate.
	ErrMoreThanOnePodForCertificate = errors.New("found more than one pod for xDS certificate")

	// ErrDidNotFindPodForCertificate is an error for when OSM cannot not find a pod for the given xDS certificate.
	ErrDidNotFindPodForCertificate = errors.New("did not find pod for certificate")

	// ErrServiceAccountDoesNotMatchCertificate is an error for when the service account of a Pod does not match the xDS certificate.
	ErrServiceAccountDoesNotMatchCertificate = errors.New("service account does not match certificate")

	// ErrNamespaceDoesNotMatchCertificate is an error for when the namespace of the Pod does not match the xDS certificate.
	ErrNamespaceDoesNotMatchCertificate = errors.New("namespace does not match certificate")
)
View Source 
var ALPNInMesh = []string{"osm"}

ALPNInMesh indicates that the proxy is connecting to an in-mesh destination. It is set as a part of configuring the UpstreamTLSContext.

View Source 
var ValidURI = map[string]TypeURI{
	string(TypeEmptyURI):           TypeEmptyURI,
	string(TypeSDS):                TypeSDS,
	string(TypeCDS):                TypeCDS,
	string(TypeLDS):                TypeLDS,
	string(TypeRDS):                TypeRDS,
	string(TypeEDS):                TypeEDS,
	string(TypeUpstreamTLSContext): TypeUpstreamTLSContext,
	string(TypeZipkinConfig):       TypeZipkinConfig,
}

ValidURI defines valid URIs

View Source 
var (
	// XDSResponseOrder is the order in which we send xDS responses: CDS, EDS, LDS, RDS
	// See: https://github.com/envoyproxy/go-control-plane/issues/59
	XDSResponseOrder = []TypeURI{TypeCDS, TypeEDS, TypeLDS, TypeRDS, TypeSDS}
)
View Source 
var XDSShortURINames = map[TypeURI]string{
	TypeEmptyURI: "EmptyURI",
	TypeSDS:      "SDS",
	TypeCDS:      "CDS",
	TypeLDS:      "LDS",
	TypeRDS:      "RDS",
	TypeEDS:      "EDS",
}

XDSShortURINames are shortened versions of the URI types

Functions

func GetADSConfigSource 

func GetADSConfigSource() *xds_core.ConfigSource

GetADSConfigSource creates an Envoy ConfigSource struct.

func GetAccessLog 

func GetAccessLog() []*xds_accesslog_filter.AccessLog

GetAccessLog creates an Envoy AccessLog struct.

func GetAddress 

func GetAddress(address string, port uint32) *xds_core.Address

GetAddress creates an Envoy Address struct.

func GetCIDRRangeFromStr added in v0.11.0 

func GetCIDRRangeFromStr(cidr string) (*xds_core.CidrRange, error)

GetCIDRRangeFromStr converts the given CIDR as a string to an XDS CidrRange object

func GetDownstreamTLSContext 

func GetDownstreamTLSContext(upstreamIdentity identity.ServiceIdentity, mTLS bool) *xds_auth.DownstreamTlsContext

GetDownstreamTLSContext creates a downstream Envoy TLS Context to be configured on the upstream for the given upstream's identity Note: ServiceIdentity must be in the format "name.namespace" [https://github.com/openservicemesh/osm/issues/3188]

func GetEnvoyServiceNodeID added in v0.6.0 

func GetEnvoyServiceNodeID(nodeID, workloadKind, workloadName string) string

GetEnvoyServiceNodeID creates the string for Envoy's "--service-node" CLI argument for the Kubernetes sidecar container Command/Args

func GetHTTP2ProtocolOptions added in v0.9.0 

func GetHTTP2ProtocolOptions() (map[string]*any.Any, error)

GetHTTP2ProtocolOptions creates an Envoy http configuration that matches the downstream protocol

func GetPodFromCertificate added in v0.9.0 

func GetPodFromCertificate(cn certificate.CommonName, kubecontroller k8s.Controller) (*v1.Pod, error)

GetPodFromCertificate returns the Kubernetes Pod object for a given certificate.

func GetServiceIdentityFromProxyCertificate added in v0.10.0 

func GetServiceIdentityFromProxyCertificate(cn certificate.CommonName) (identity.ServiceIdentity, error)

GetServiceIdentityFromProxyCertificate returns the ServiceIdentity information encoded in the XDS certificate CN

func GetTLSParams 

func GetTLSParams() *xds_auth.TlsParameters

GetTLSParams creates Envoy TlsParameters struct.

func GetUpstreamTLSContext 

func GetUpstreamTLSContext(downstreamIdentity identity.ServiceIdentity, upstreamSvc service.MeshService) *xds_auth.UpstreamTlsContext

GetUpstreamTLSContext creates an upstream Envoy TLS Context for the given downstream identity and upstream service pair Note: ServiceIdentity must be in the format "name.namespace" [https://github.com/openservicemesh/osm/issues/3188]

func IsWildcardTypeURI added in v0.9.2 

func IsWildcardTypeURI(t TypeURI) bool

IsWildcardTypeURI returns if a given TypeURI is an expected wildcard TypeURI or not. XDS proto defines general client behavior as: "Envoy will always use wildcard subscriptions for Listener and Cluster resources" https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol#client-behavior

func NewXDSCertCommonName added in v0.10.0 

func NewXDSCertCommonName(proxyUUID uuid.UUID, kind ProxyKind, serviceAccount, namespace string) certificate.CommonName

NewXDSCertCommonName returns a newly generated CommonName for a certificate of the form: <ProxyUUID>.<kind>.<serviceAccount>.<namespace>

Types

type PodMetadata added in v0.6.0 

type PodMetadata struct {
	UID            string
	Name           string
	Namespace      string
	IP             string
	ServiceAccount identity.K8sServiceAccount
	Cluster        string
	EnvoyNodeID    string
	WorkloadKind   string
	WorkloadName   string
}

PodMetadata is a struct holding information on the Pod on which a given Envoy proxy is installed This struct is initialized *eventually*, when the metadata arrives via xDS.

func ParseEnvoyServiceNodeID added in v0.6.0 

func ParseEnvoyServiceNodeID(serviceNodeID string) (*PodMetadata, error)

ParseEnvoyServiceNodeID parses the given Envoy service node ID and returns the encoded metadata

type Proxy 

type Proxy struct {
	net.Addr

	// Records metadata around the Kubernetes Pod on which this Envoy Proxy is installed.
	// This could be nil if the Envoy is not operating in a Kubernetes cluster (VM for example)
	// NOTE: This field may be not be set at the time Proxy struct is initialized. This would
	// eventually be set when the metadata arrives via the xDS protocol.
	PodMetadata *PodMetadata
	// contains filtered or unexported fields
}

Proxy is a representation of an Envoy proxy connected to the xDS server. This should at some point have a 1:1 match to an Endpoint (which is a member of a meshed service).

func NewProxy 

func NewProxy(certCommonName certificate.CommonName, certSerialNumber certificate.SerialNumber, ip net.Addr) (*Proxy, error)

NewProxy creates a new instance of an Envoy proxy connected to the xDS servers.

func (*Proxy) GetCertificateCommonName added in v0.7.0 

func (p *Proxy) GetCertificateCommonName() certificate.CommonName

GetCertificateCommonName returns the Subject Common Name from the mTLS certificate of the Envoy proxy connected to xDS.

func (*Proxy) GetCertificateSerialNumber added in v0.7.0 

func (p *Proxy) GetCertificateSerialNumber() certificate.SerialNumber

GetCertificateSerialNumber returns the Serial Number of the certificate for the connected Envoy proxy.

func (*Proxy) GetConnectedAt 

func (p *Proxy) GetConnectedAt() time.Time

GetConnectedAt returns the timestamp of when the given proxy connected to the control plane.

func (*Proxy) GetHash added in v0.9.0 

func (p *Proxy) GetHash() uint64

GetHash returns the proxy hash based on its xDSCertificateCommonName

func (*Proxy) GetIP 

func (p *Proxy) GetIP() net.Addr

GetIP returns the IP address of the Envoy proxy connected to xDS.

func (*Proxy) GetLastAppliedVersion 

func (p *Proxy) GetLastAppliedVersion(typeURI TypeURI) uint64

GetLastAppliedVersion returns the last version successfully applied to the given Envoy proxy.

func (*Proxy) GetLastResourcesSent added in v0.9.0 

func (p *Proxy) GetLastResourcesSent(typeURI TypeURI) mapset.Set

GetLastResourcesSent returns a set of resources last sent for a proxy givne a TypeURL If none were sent, empty set is returned

func (*Proxy) GetLastSentNonce 

func (p *Proxy) GetLastSentNonce(typeURI TypeURI) string

GetLastSentNonce returns last sent nonce.

func (*Proxy) GetLastSentVersion 

func (p *Proxy) GetLastSentVersion(typeURI TypeURI) uint64

GetLastSentVersion returns the last sent version.

func (*Proxy) GetSubscribedResources added in v0.9.2 

func (p *Proxy) GetSubscribedResources(typeURI TypeURI) mapset.Set

GetSubscribedResources returns a set of resources subscribed for a proxy given a TypeURL If none were subscribed, empty set is returned

func (*Proxy) HasPodMetadata added in v0.6.0 

func (p *Proxy) HasPodMetadata() bool

HasPodMetadata answers the question - has the Pod metadata been recorded for the given Envoy proxy

func (*Proxy) IncrementLastSentVersion 

func (p *Proxy) IncrementLastSentVersion(typeURI TypeURI) uint64

IncrementLastSentVersion increments last sent version.

func (*Proxy) Kind added in v0.10.0 

func (p *Proxy) Kind() ProxyKind

Kind return the proxy's kind

func (*Proxy) PodMetadataString added in v0.10.0 

func (p *Proxy) PodMetadataString() string

PodMetadataString returns relevant pod metadata as a string

func (*Proxy) SetLastAppliedVersion 

func (p *Proxy) SetLastAppliedVersion(typeURI TypeURI, version uint64)

SetLastAppliedVersion records the version of the given Envoy proxy that was last acknowledged.

func (*Proxy) SetLastResourcesSent added in v0.9.0 

func (p *Proxy) SetLastResourcesSent(typeURI TypeURI, resourcesSet mapset.Set)

SetLastResourcesSent sets the last sent resources given a proxy for a TypeURL

func (*Proxy) SetLastSentVersion 

func (p *Proxy) SetLastSentVersion(typeURI TypeURI, ver uint64)

SetLastSentVersion records the version of the given config last sent to the proxy.

func (*Proxy) SetNewNonce 

func (p *Proxy) SetNewNonce(typeURI TypeURI) string

SetNewNonce sets and returns a new nonce.

func (*Proxy) SetSubscribedResources added in v0.9.2 

func (p *Proxy) SetSubscribedResources(typeURI TypeURI, resourcesSet mapset.Set)

SetSubscribedResources sets the input resources as subscribed resources given a proxy for a TypeURL

func (*Proxy) StatsHeaders added in v0.8.0 

func (p *Proxy) StatsHeaders() map[string]string

StatsHeaders returns the headers required for SMI metrics

func (*Proxy) String 

func (p *Proxy) String() string

type ProxyKind added in v0.10.0 

type ProxyKind string

ProxyKind is the type used to define the proxy's kind 

const (
	// KindSidecar implies the proxy is a sidecar
	KindSidecar ProxyKind = "sidecar"

	// KindGateway implies the proxy is a gateway
	KindGateway ProxyKind = "gateway"
)

func GetKindFromProxyCertificate added in v0.10.0 

func GetKindFromProxyCertificate(cn certificate.CommonName) (ProxyKind, error)

GetKindFromProxyCertificate returns the proxy kind, which is encoded in the Common Name of the XDS certificate.

type TypeURI 

type TypeURI string

TypeURI is a string describing the Envoy xDS payload. 

const (
	// TypeEmptyURI is an Empty URI type representation
	TypeEmptyURI TypeURI = ""

	// TypeSDS is the SDS type URI.
	TypeSDS TypeURI = "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret"

	// TypeCDS is the CDS type URI.
	TypeCDS TypeURI = "type.googleapis.com/envoy.config.cluster.v3.Cluster"

	// TypeLDS is the LDS type URI.
	TypeLDS TypeURI = "type.googleapis.com/envoy.config.listener.v3.Listener"

	// TypeRDS is the RDS type URI.
	TypeRDS TypeURI = "type.googleapis.com/envoy.config.route.v3.RouteConfiguration"

	// TypeEDS is the EDS type URI.
	TypeEDS TypeURI = "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment"

	// TypeUpstreamTLSContext is an Envoy type URI.
	TypeUpstreamTLSContext TypeURI = "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext"

	// TypeZipkinConfig is an Envoy type URI.
	TypeZipkinConfig TypeURI = "type.googleapis.com/envoy.config.trace.v3.ZipkinConfig"

	// TypeADS is not actually used by Envoy - but useful within OSM for logging
	TypeADS TypeURI = "ADS"
)

Envoy TypeURIs

func (TypeURI) Short added in v0.9.0 

func (t TypeURI) Short() string

Short returns an abbreviated version of the TypeURI, which is easier to spot in logs and metrics.

func (TypeURI) String 

func (t TypeURI) String() string

Source Files

View all Source files

Directories

Path Synopsis
Package ads implements Envoy's Aggregated Discovery Service (ADS).
 Package ads implements Envoy's Aggregated Discovery Service (ADS).
Package bootstrap implements functionality related to Envoy's bootstrap config.
 Package bootstrap implements functionality related to Envoy's bootstrap config.
Package cds implements Envoy's Cluster Discovery Service (CDS).
 Package cds implements Envoy's Cluster Discovery Service (CDS).
Package eds implements Envoy's Endpoint Discovery Service (EDS).
 Package eds implements Envoy's Endpoint Discovery Service (EDS).
Package lds implements Envoy's Listener Discovery Service (LDS).
 Package lds implements Envoy's Listener Discovery Service (LDS).
Package rbac implements Envoy XDS RBAC policies.
 Package rbac implements Envoy XDS RBAC policies.
rds
Package rds implements Envoy's Route Discovery Service (RDS).
 Package rds implements Envoy's Route Discovery Service (RDS).
route
Package route implements utility routines to build HTTP route configurations for Envoy proxies.
 Package route implements utility routines to build HTTP route configurations for Envoy proxies.
Package sds implements Envoy's Secret Discovery Service (SDS).
 Package sds implements Envoy's Secret Discovery Service (SDS).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.