Documentation
¶
Overview ¶
Package trafficpolicy defines the types to represent traffic policies internally in the OSM control plane, and utility routines to process them.
Index ¶
- type EgressClusterConfig
- type EgressHTTPRouteConfig
- type EgressHTTPRoutingRule
- type EgressTrafficPolicy
- type HTTPRouteMatch
- type InboundMeshTrafficPolicy
- type InboundTrafficPolicy
- type IngressTrafficMatch
- type IngressTrafficPolicy
- type MeshClusterConfig
- type OutboundMeshTrafficPolicy
- type OutboundTrafficPolicy
- type PathMatchType
- type RetryPolicy
- type RouteWeightedClusters
- type Rule
- type TCPRouteMatch
- type TrafficMatch
- type TrafficSpecMatchName
- type TrafficSpecName
- type TrafficTargetWithRoutes
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EgressClusterConfig ¶ added in v0.9.0
type EgressClusterConfig struct {
// Name defines the name of the external cluster
Name string
// Host defines the DNS resolvabe hostname for the external cluster.
// If specified, the cluster's address will be resolved using DNS.
// HTTP based clusters will set the Host attribute.
// If unspecified, the cluster's address will be resolved to its original
// destination in the request prior to being redirected by iptables.
// TCP based clusters will not set the Host attribute.
// +optional
Host string
// Port defines the port number of the external cluster's endpoint
Port int
}
EgressClusterConfig is the type used to represent an external cluster corresponding to a destination specified in an Egress policy.
func DeduplicateClusterConfigs ¶ added in v0.9.0
func DeduplicateClusterConfigs(configs []*EgressClusterConfig) ([]*EgressClusterConfig, error)
DeduplicateClusterConfigs deduplicates the given slice of EgressClusterConfig objects, and an error if the deduplication cannot be performed.
type EgressHTTPRouteConfig ¶ added in v0.9.0
type EgressHTTPRouteConfig struct {
// Name defines the name of the Egress HTTP route configuration
Name string
// Hostnames defines the list of hostnames corresponding to the Egress HTTP route configuration.
// The Hostnames match against the :host header in the HTTP request and subject matching requests
// to the routing rules defined by `RoutingRules`.
Hostnames []string
// RoutingRules defines the list of routes for the Egress HTTP route configuration, and corresponding
// rules to be applied to those routes.
RoutingRules []*EgressHTTPRoutingRule
}
EgressHTTPRouteConfig is the type used to represent an HTTP route configuration along with associated routing rules
type EgressHTTPRoutingRule ¶ added in v0.9.0
type EgressHTTPRoutingRule struct {
// Route defines the HTTP route match and its associated cluster.
Route RouteWeightedClusters
// AllowedDestinationIPRanges defines the destination IP ranges allowed for the `Route` defined in the routing rule.
AllowedDestinationIPRanges []string
}
EgressHTTPRoutingRule is the type used to represent an Egress HTTP routing rule with its route and associated permissions
type EgressTrafficPolicy ¶ added in v0.9.0
type EgressTrafficPolicy struct {
// TrafficMatches defines the list of traffic matches for matching Egress traffic.
// The matches specified are used to match outbound traffic as Egress traffic, and
// subject matching traffic to Egress traffic policies.
TrafficMatches []*TrafficMatch
// HTTPRouteConfigsPerPort defines the Egress HTTP route configurations per port.
// Egress HTTP routes are grouped based on their port to avoid route conflicts that
// can arise when the same host headers are to be routed differently based on the
// port specified in an egress policy.
HTTPRouteConfigsPerPort map[int][]*EgressHTTPRouteConfig
// ClustersConfigs defines the list of Egress cluster configurations.
// The specified config is used to program external clusters corresponding to
// the external endpoints defined in an Egress policy.
ClustersConfigs []*EgressClusterConfig
}
EgressTrafficPolicy is the type used to represent the different egress traffic policy configurations applicable to a client of Egress destinations.
type HTTPRouteMatch ¶ added in v0.6.0
type HTTPRouteMatch struct {
Path string `json:"path:omitempty"`
PathMatchType PathMatchType `json:"path_match_type:omitempty"`
Methods []string `json:"methods:omitempty"`
Headers map[string]string `json:"headers:omitempty"`
}
HTTPRouteMatch is a struct to represent an HTTP route match comprised of an HTTP path, path matching type, methods, and headers
var WildCardRouteMatch HTTPRouteMatch = HTTPRouteMatch{ Path: constants.RegexMatchAll, PathMatchType: PathMatchRegex, Methods: []string{constants.WildcardHTTPMethod}, }
WildCardRouteMatch represents a wildcard HTTP route match condition
type InboundMeshTrafficPolicy ¶ added in v0.11.0
type InboundMeshTrafficPolicy struct {
// TrafficMatches defines the list of traffic matches for matching inbound mesh traffic.
// The matches specified are used to match inbound traffic as mesh traffic, and
// subject matching traffic to mesh traffic policies.
TrafficMatches []*TrafficMatch
// HTTPRouteConfigsPerPort defines the inbound mesh HTTP route configurations per port.
// Mesh HTTP routes are grouped based on their port to avoid route conflicts that
// can arise when the same host headers are to be routed differently based on the port.
HTTPRouteConfigsPerPort map[int][]*InboundTrafficPolicy
// ClustersConfigs defines the list of mesh cluster configurations.
// The specified config is used to program local clusters on the upstream server.
ClustersConfigs []*MeshClusterConfig
}
InboundMeshTrafficPolicy is the type used to represent the inbound mesh traffic policy configurations applicable to an upstream server.
type InboundTrafficPolicy ¶ added in v0.6.0
type InboundTrafficPolicy struct {
Name string `json:"name:omitempty"`
Hostnames []string `json:"hostnames"`
Rules []*Rule `json:"rules:omitempty"`
}
InboundTrafficPolicy is a struct that associates incoming traffic on a set of Hostnames with a list of Rules
func MergeInboundPolicies ¶ added in v0.7.0
func MergeInboundPolicies(allowPartialHostnamesMatch bool, original []*InboundTrafficPolicy, latest ...*InboundTrafficPolicy) []*InboundTrafficPolicy
MergeInboundPolicies merges latest InboundTrafficPolicies into a slice of InboundTrafficPolicies that already exists (original) allowPartialHostnamesMatch when set to true merges inbound policies by partially comparing (subset of one another) the hostnames of the original traffic policy to the latest traffic policy A partial match on hostnames should be allowed for the following scenarios : 1. when an ingress policy is being merged with other ingress traffic policies or 2. when a policy having its hostnames from a host header needs to be merged with other inbound traffic policies in either of these cases the will be only a single hostname and there is a possibility that this hostname is part of an existing traffic policy hence the rules need to be merged
func NewInboundTrafficPolicy ¶ added in v0.7.0
func NewInboundTrafficPolicy(name string, hostnames []string) *InboundTrafficPolicy
NewInboundTrafficPolicy takes a name and list of hostnames and returns an *InboundTrafficPolicy
func (*InboundTrafficPolicy) AddRule ¶ added in v0.6.0
func (in *InboundTrafficPolicy) AddRule(route RouteWeightedClusters, allowedServiceIdentities identity.ServiceIdentity)
AddRule adds a Rule to an InboundTrafficPolicy based on the given HTTP route match, weighted cluster, and allowed service account
parameters. If a Rule for the given HTTP route match exists, it will add the given service account to the Rule. If the the given route match is not already associated with a Rule, it will create a Rule for the given route and service account.
type IngressTrafficMatch ¶ added in v0.10.0
type IngressTrafficMatch struct {
Name string
Port uint32
Protocol string
SourceIPRanges []string
ServerNames []string
SkipClientCertValidation bool
}
IngressTrafficMatch defines the attributes to match ingress traffic for a given backend
type IngressTrafficPolicy ¶ added in v0.10.0
type IngressTrafficPolicy struct {
TrafficMatches []*IngressTrafficMatch
HTTPRoutePolicies []*InboundTrafficPolicy
}
IngressTrafficPolicy defines the ingress traffic match and routes for a given backend
type MeshClusterConfig ¶ added in v0.11.0
type MeshClusterConfig struct {
// Name is the cluster's name, as referenced in an RDS route or TCP proxy filter
Name string
// Service is the MeshService the cluster corresponds to.
Service service.MeshService
// Address is the IP address/hostname of this cluster
// This is set for local (upstream) clusters accepting traffic from a downstream client.
// +optional
Address string
// Port is the port on which this cluster is listening for downstream connections.
// This is set for local (upstream) clusters accepting traffic from a downstream client.
// +optional
Port uint32
// EnableEnvoyActiveHealthChecks enables Envoy's active health checks for the cluster
// +optional
EnableEnvoyActiveHealthChecks bool
}
MeshClusterConfig is the type used to represent a cluster configuration for that is programmed for either: 1. A downstream to connect to an upstream cluster, OR 2. An upstream cluster to accept traffic from a downstream
type OutboundMeshTrafficPolicy ¶ added in v0.11.0
type OutboundMeshTrafficPolicy struct {
// TrafficMatches defines the list of traffic matches for matching outbound mesh traffic.
// The matches specified are used to match outbound traffic as mesh traffic, and
// subject matching traffic to mesh traffic policies.
TrafficMatches []*TrafficMatch
// HTTPRouteConfigsPerPort defines the outbound mesh HTTP route configurations per port.
// Mesh HTTP routes are grouped based on their port to avoid route conflicts that
// can arise when the same host headers are to be routed differently based on the port.
HTTPRouteConfigsPerPort map[int][]*OutboundTrafficPolicy
// ClustersConfigs defines the list of mesh cluster configurations.
// The specified config is used to program clusters corresponding to
// mesh destinations.
ClustersConfigs []*MeshClusterConfig
}
OutboundMeshTrafficPolicy is the type used to represent the outbound mesh traffic policy configurations applicable to a downstream client.
type OutboundTrafficPolicy ¶ added in v0.6.0
type OutboundTrafficPolicy struct {
Name string `json:"name:omitempty"`
Hostnames []string `json:"hostnames"`
Routes []*RouteWeightedClusters `json:"routes:omitempty"`
}
OutboundTrafficPolicy is a struct that associates a list of Routes with outbound traffic on a set of Hostnames
func NewOutboundTrafficPolicy ¶ added in v0.7.0
func NewOutboundTrafficPolicy(name string, hostnames []string) *OutboundTrafficPolicy
NewOutboundTrafficPolicy takes a name and list of hostnames and returns an *OutboundTrafficPolicy
func (*OutboundTrafficPolicy) AddRoute ¶ added in v0.7.0
func (out *OutboundTrafficPolicy) AddRoute(httpRouteMatch HTTPRouteMatch, weightedClusters ...service.WeightedCluster) error
AddRoute adds a route to an OutboundTrafficPolicy given an HTTP route match and weighted cluster. If a Route with the given HTTP route match
already exists, an error will be returned. If a Route with the given HTTP route match does not exist, a Route with the given HTTP route match and weighted clusters will be added to the Routes on the OutboundTrafficPolicy
type PathMatchType ¶ added in v0.9.0
type PathMatchType int
PathMatchType is the type used to represent the patch matching type: regex, exact, or prefix
const ( // PathMatchRegex is the type used to specify regex based path matching PathMatchRegex PathMatchType = iota // PathMatchExact is the type used to specify exact path matching PathMatchExact PathMatchType = iota // PathMatchPrefix is the type used to specify prefix based path matching PathMatchPrefix PathMatchType = iota )
type RetryPolicy ¶ added in v0.11.0
type RetryPolicy struct {
RetryOn string `json:"retry_on,omitempty"`
NumRetries *wrapperspb.UInt32Value `json:"num_retries,omitempty"`
PerTryTimeout *duration.Duration `json:"per_try_timeout,omitempty"`
}
RetryPolicy is a struct of the RetryPolicy
type RouteWeightedClusters ¶
type RouteWeightedClusters struct {
HTTPRouteMatch HTTPRouteMatch `json:"http_route_match:omitempty"`
WeightedClusters mapset.Set `json:"weighted_clusters:omitempty"`
RetryPolicy RetryPolicy
}
RouteWeightedClusters is a struct of an HTTPRoute, associated weighted clusters and the domains
func MergeRoutesRetryPolicy ¶ added in v0.11.0
func MergeRoutesRetryPolicy(routes []*RouteWeightedClusters, retryPolicy RetryPolicy) []*RouteWeightedClusters
MergeRoutesRetryPolicy adds the retry policy to the Route
func NewRouteWeightedCluster ¶ added in v0.7.0
func NewRouteWeightedCluster(route HTTPRouteMatch, weightedClusters []service.WeightedCluster) *RouteWeightedClusters
NewRouteWeightedCluster takes a route and weighted cluster and returns a *RouteWeightedCluster
func (*RouteWeightedClusters) TotalClustersWeight ¶ added in v0.7.0
func (rwc *RouteWeightedClusters) TotalClustersWeight() int
TotalClustersWeight returns total weight of the WeightedClusters in RouteWeightedClusters
type Rule ¶ added in v0.6.0
type Rule struct {
Route RouteWeightedClusters `json:"route:omitempty"`
AllowedServiceIdentities mapset.Set `json:"allowed_service_identities:omitempty"`
}
Rule is a struct that represents which service identities (authenticated principals) can access a Route
func MergeRules ¶ added in v0.11.0
MergeRules merges the give slices of rules such that there is one Rule for a Route with all allowed service accounts listed in the
returned slice of rules
type TCPRouteMatch ¶ added in v0.7.0
type TCPRouteMatch struct {
Ports []int `json:"ports:omitempty"`
}
TCPRouteMatch is a struct to represent a TCP route matching based on ports
type TrafficMatch ¶ added in v0.9.0
type TrafficMatch struct {
// DestinationPort defines the destination port number
DestinationPort int
// DestinationProtocol defines the protocol served by DestinationPort
DestinationProtocol string
// DestinationIPRanges defines the list of destination IP ranges
// +optional
DestinationIPRanges []string
// ServerNames defines the list of server names to be used as SNI when the
// DestinationProtocol is TLS based, ex. when the DestinationProtocol is 'https'
// +optional
ServerNames []string
// Cluster defines the cluster associated with this TrafficMatch, if possible.
// A TrafficMatch corresponding to an HTTP based cluster will not make use of
// this property since the cluster is determined based on the computed routes.
// A TraficMatch corresponding to a TCP based cluster will make use of this
// property to associate the match with the corresponding cluster.
// +optional
Cluster string
// Name for the match object
// +optional
Name string
// WeightedClusters is list of weighted clusters that this match should
// route traffic to. This is used by TCP based mesh clusters.
// +optional
WeightedClusters []service.WeightedCluster
}
TrafficMatch is the type used to represent attributes used to match traffic
func DeduplicateTrafficMatches ¶ added in v0.9.0
func DeduplicateTrafficMatches(matches []*TrafficMatch) ([]*TrafficMatch, error)
DeduplicateTrafficMatches deduplicates the given slice of TrafficMatch objects, and an error if the deduplication cannot be performed. The order of elements in a slice field does not determine uniqueness.
type TrafficSpecMatchName ¶
type TrafficSpecMatchName string
TrafficSpecMatchName is the name of a match in SMI TrafficSpec
type TrafficSpecName ¶
type TrafficSpecName string
TrafficSpecName is the namespaced name of the SMI TrafficSpec
type TrafficTargetWithRoutes ¶ added in v0.7.0
type TrafficTargetWithRoutes struct {
Name string `json:"name:omitempty"`
Destination identity.ServiceIdentity `json:"destination:omitempty"`
Sources []identity.ServiceIdentity `json:"sources:omitempty"`
TCPRouteMatches []TCPRouteMatch `json:"tcp_route_matches:omitempty"`
}
TrafficTargetWithRoutes is a struct to represent an SMI TrafficTarget resource composed of its associated routes
Source Files