properties

package
v0.24.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 18, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package properties provides helper functions for retrieving properties in the Envoy/Istio specific environment.

WARNING: There's absolutely no guarantee that all properties will be available across versions, and the availability is totally dependent of the configuration, so users are highly encouraged to ensure that plugins work as expected when deploying the plugins using these properties.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetClusterName 

func GetClusterName() (string, error)

GetClusterName returns the upstream cluster name.

Example value: "outbound|80||httpbin.org".

func GetDownstreamConnectionID 

func GetDownstreamConnectionID() (uint64, error)

GetDownstreamConnectionID returns the connection ID of the downstream connection.

func GetDownstreamDnsSanLocalCertificate 

func GetDownstreamDnsSanLocalCertificate() (string, error)

GetDownstreamDnsSanLocalCertificate returns The first DNS entry in the SAN field of the local certificate in the downstream TLS connection.

func GetDownstreamDnsSanPeerCertificate 

func GetDownstreamDnsSanPeerCertificate() (string, error)

GetDownstreamDnsSanPeerCertificate returns The first DNS entry in the SAN field of the peer certificate in the downstream TLS connection.

func GetDownstreamLocalAddress 

func GetDownstreamLocalAddress() (string, error)

GetDownstreamLocalAddress returns the local address of the downstream connection.

func GetDownstreamLocalPort 

func GetDownstreamLocalPort() (uint64, error)

GetDownstreamLocalPort returns the local port of the downstream connection.

func GetDownstreamRemoteAddress 

func GetDownstreamRemoteAddress() (string, error)

GetDownstreamRemoteAddress returns the remote address of the downstream connection.

func GetDownstreamRemotePort 

func GetDownstreamRemotePort() (uint64, error)

GetDownstreamRemotePort returns the remote port of the downstream connection.

func GetDownstreamRequestedServerName 

func GetDownstreamRequestedServerName() (string, error)

GetDownstreamRequestedServerName returns the requested server name of the downstream connection.

func GetDownstreamSha256PeerCertificateDigest 

func GetDownstreamSha256PeerCertificateDigest() (string, error)

GetDownstreamSha256PeerCertificateDigest returns the SHA256 digest of a peer certificate digest of the downstream connection.

func GetDownstreamSubjectLocalCertificate 

func GetDownstreamSubjectLocalCertificate() (string, error)

GetDownstreamSubjectLocalCertificate returns the subject field of the local certificate in the downstream TLS connection.

func GetDownstreamSubjectPeerCertificate 

func GetDownstreamSubjectPeerCertificate() (string, error)

GetDownstreamSubjectPeerCertificate returns the subject field of the peer certificate in the downstream TLS connection.

func GetDownstreamTerminationDetails 

func GetDownstreamTerminationDetails() (string, error)

GetDownstreamTerminationDetails returns the internal termination details of the connection (subject to change).

func GetDownstreamTlsVersion 

func GetDownstreamTlsVersion() (string, error)

GetDownstreamTlsVersion returns the TLS version of the downstream connection.

func GetDownstreamUriSanLocalCertificate 

func GetDownstreamUriSanLocalCertificate() (string, error)

GetDownstreamUriSanLocalCertificate returns the first URI entry in the SAN field of the local certificate in the downstream TLS connection

func GetDownstreamUriSanPeerCertificate 

func GetDownstreamUriSanPeerCertificate() (string, error)

GetDownstreamUriSanPeerCertificate returns The first URI entry in the SAN field of the peer certificate in the downstream TLS connection.

func GetNodeClientFeatures 

func GetNodeClientFeatures() ([]string, error)

GetNodeClientFeatures returns the node client features. These are well known features described in the Envoy API repository for a given major version of an API. Client features use reverse DNS naming scheme, for example "com.acme.feature".

func GetNodeCluster 

func GetNodeCluster() (string, error)

GetNodeCluster returns the node cluster, which defines the local service cluster name where envoy is running. Though optional, it should be set if any of the following features are used: statsd, health check cluster verification, runtime override directory, user agent addition, HTTP global rate limiting, CDS, and HTTP tracing, either in this message or via --service-cluster

Example value: istio-ingress.istio-ingress

func GetNodeDynamicParams 

func GetNodeDynamicParams() (string, error)

GetNodeDynamicParams returns the node dynamic parameters. These may vary at runtime (unlike other fields in this message). For example, the xDS client may have a shared identifier that changes during the lifetime of the xDS client. In Envoy, this would be achieved by updating the dynamic context on the Server::Instance’s LocalInfo context provider. The shard ID dynamic parameter then appears in this field during future discovery requests

func GetNodeId 

func GetNodeId() (string, error)

GetNodeId returns the node id, an opaque node identifier for the Envoy node. This also provides the local service node name. It should be set if any of the following features are used: statsd, CDS, and HTTP tracing, either in this message or via --service-node

Example value: router~10.244.0.22~istio-ingress-6d78c67d85-qsbtz.istio-ingress~istio-ingress.svc.cluster.local

func GetNodeListeningAddresses 

func GetNodeListeningAddresses() ([]string, error)

GetNodeListeningAddresses returns the node listening addresses.

func GetNodeMetaAnnotations 

func GetNodeMetaAnnotations() (map[string]string, error)

GetNodeMetaAnnotations returns the node annotations

func GetNodeMetaAppContainers 

func GetNodeMetaAppContainers() (string, error)

GetNodeMetaAppContainers returns the app containers of the node

func GetNodeMetaClusterId 

func GetNodeMetaClusterId() (string, error)

GetNodeMetaClusterId returns the cluster ID of the node, which defines the cluster the node belongs to

func GetNodeMetaEnvoyPrometheusPort 

func GetNodeMetaEnvoyPrometheusPort() (float64, error)

GetNodeMetaEnvoyPrometheusPort returns the Envoy Prometheus port of the node

func GetNodeMetaEnvoyStatusPort 

func GetNodeMetaEnvoyStatusPort() (float64, error)

GetNodeMetaEnvoyStatusPort returns the Envoy status port of the node

func GetNodeMetaInstanceIps 

func GetNodeMetaInstanceIps() (string, error)

GetNodeMetaInstanceIps returns the instance IPs of the node

func GetNodeMetaIstioProxySha 

func GetNodeMetaIstioProxySha() (string, error)

GetNodeMetaIstioProxySha returns the Istio proxy SHA of the node

func GetNodeMetaIstioVersion 

func GetNodeMetaIstioVersion() (string, error)

GetNodeMetaIstioVersion returns the Istio version of the node

func GetNodeMetaLabels 

func GetNodeMetaLabels() (map[string]string, error)

GetNodeMetaLabels returns the labels of the node

func GetNodeMetaMeshId 

func GetNodeMetaMeshId() (string, error)

GetNodeMetaMeshId returns the mesh ID of the node

func GetNodeMetaName 

func GetNodeMetaName() (string, error)

GetNodeMetaName returns the name of the node

func GetNodeMetaNamespace 

func GetNodeMetaNamespace() (string, error)

GetNodeMetaNamespace returns the namespace of the node

func GetNodeMetaNodeName 

func GetNodeMetaNodeName() (string, error)

GetNodeMetaNodeName returns the node name of the node

func GetNodeMetaOwner 

func GetNodeMetaOwner() (string, error)

GetNodeMetaOwner returns the owner of the node (opaque string). Typically, this is the owning controller of of the workload instance (ex: k8s deployment for a k8s pod)

func GetNodeMetaPilotSan 

func GetNodeMetaPilotSan() ([]string, error)

GetNodeMetaPilotSan returns the pilot SAN (subject alternate names) of the node's xDS server

func GetNodeMetaPodPorts 

func GetNodeMetaPodPorts() (string, error)

GetNodeMetaPodPorts returns the pod ports of the node. This is used to lookup named ports

func GetNodeMetaProxyConfigBinaryPath 

func GetNodeMetaProxyConfigBinaryPath() (string, error)

GetNodeMetaProxyConfigBinaryPath returns the path to the proxy binary

func GetNodeMetaProxyConfigConcurrency 

func GetNodeMetaProxyConfigConcurrency() (float64, error)

GetNodeMetaProxyConfigConcurrency returns the concurrency configuration of the proxy which is the number of worker threads to run. If unset, this will be automatically determined based on CPU requests/limits. If set to 0, all cores on the machine will be used. Default is 2 worker threads

func GetNodeMetaProxyConfigConfigPath 

func GetNodeMetaProxyConfigConfigPath() (string, error)

GetNodeMetaProxyConfigConfigPath returns the path to the proxy configuration, Proxy agent generates the actual configuration and stores it in this directory

func GetNodeMetaServiceAccount 

func GetNodeMetaServiceAccount() (string, error)

GetNodeMetaServiceAccount returns the service account of the node

func GetNodeMetaWorkloadName 

func GetNodeMetaWorkloadName() (string, error)

GetNodeMetaWorkloadName returns the workload name of the node

func GetNodeProxyConfigControlPlaneAuthPolicy 

func GetNodeProxyConfigControlPlaneAuthPolicy() (string, error)

GetNodeProxyConfigControlPlaneAuthPolicy returns the control plane authentication policy of the proxy. The authenticationPolicy defines how the proxy is authenticated when it connects to the control plane. Default is set to MUTUAL_TLS

func GetNodeProxyConfigDiscoveryAddress 

func GetNodeProxyConfigDiscoveryAddress() (string, error)

GetNodeProxyConfigDiscoveryAddress returns the discovery address of the proxy. The discovery service exposes xDS over an mTLS connection. The inject configuration may override this value

func GetNodeProxyConfigDrainDuration 

func GetNodeProxyConfigDrainDuration() (string, error)

GetNodeProxyConfigDrainDuration returns the drain duration of the proxy, the time in seconds that Envoy will drain connections during a hot restart. MUST be >=1s (e.g., 1s/1m/1h). Default drain duration is 45s

func GetNodeProxyConfigExtraStatTags 

func GetNodeProxyConfigExtraStatTags() ([]string, error)

GetNodeProxyConfigExtraStatTags returns the extra stat tags of the proxy to extract from the in-proxy Istio telemetry. These extra tags can be added by configuring the telemetry extension. Each additional tag needs to be present in this list. Extra tags emitted by the telemetry extensions must be listed here so that they can be processed and exposed as Prometheus metrics

func GetNodeProxyConfigHoldApplicationUntilProxyStarts 

func GetNodeProxyConfigHoldApplicationUntilProxyStarts() (bool, error)

GetNodeProxyConfigHoldApplicationUntilProxyStarts returns whether to hold the application until the proxy starts. A boolean flag for enabling/disabling the holdApplicationUntilProxyStarts behavior. This feature adds hooks to delay application startup until the pod proxy is ready to accept traffic, mitigating some startup race conditions. Default value is ‘false’

func GetNodeProxyConfigProxyAdminPort 

func GetNodeProxyConfigProxyAdminPort() (float64, error)

GetNodeProxyConfigProxyAdminPort returns the admin port of the proxy for administrative commands. Default port is 15000

func GetNodeProxyConfigServiceCluster 

func GetNodeProxyConfigServiceCluster() (string, error)

GetNodeProxyConfigServiceCluster returns the name of the service cluster of the proxy that is shared by all Envoy instances. This setting corresponds to --service-cluster flag in Envoy. In a typical Envoy deployment, the service-cluster flag is used to identify the caller, for source-based routing scenarios. Since Istio does not assign a local service version to each Envoy instance, the name is same for all of them. However, the source/caller’s identity (e.g., IP address) is encoded in the --service-node flag when launching Envoy. When the RDS service receives API calls from Envoy, it uses the value of the service-node flag to compute routes that are relative to the service instances located at that IP address

func GetNodeProxyConfigStatNameLength 

func GetNodeProxyConfigStatNameLength() (float64, error)

GetNodeProxyConfigStatNameLength returns the stat name length of the proxy, The length of the name field is determined by the length of a name field in a service and the set of labels that comprise a particular version of the service. The default value is set to 189 characters. Envoy’s internal metrics take up 67 characters, for a total of 256 character name per metric. Increase the value of this field if you find that the metrics from Envoys are truncated

func GetNodeProxyConfigStatusPort 

func GetNodeProxyConfigStatusPort() (float64, error)

GetNodeProxyConfigStatusPort returns the port on which the agent should listen for administrative commands such as readiness probe. Default is set to port 15020

func GetNodeProxyConfigTerminationDrainDuration 

func GetNodeProxyConfigTerminationDrainDuration() (string, error)

GetNodeProxyConfigTerminationDrainDuration returns the stat name length of the proxy, the amount of time allowed for connections to complete on proxy shutdown. On receiving SIGTERM or SIGINT, istio-agent tells the active Envoy to start draining, preventing any new connections and allowing existing connections to complete. It then sleeps for the termination_drain_duration and then kills any remaining active Envoy processes. If not set, a default of 5s will be applied

func GetNodeProxyConfigTracingDatadogAddress 

func GetNodeProxyConfigTracingDatadogAddress() (string, error)

GetNodeProxyConfigTracingDatadogAddress returns the address of the Datadog service (e.g. datadog-agent.sre.svc.cluster.local:8126)

func GetNodeProxyConfigTracingOpenCensusAgentAddress 

func GetNodeProxyConfigTracingOpenCensusAgentAddress() (string, error)

GetNodeProxyConfigTracingOpenCensusAgentAddress returns the gRPC address for the OpenCensus agent (e.g. dns://authority/host:port or unix:path)

func GetNodeProxyConfigTracingZipkinAddress 

func GetNodeProxyConfigTracingZipkinAddress() (string, error)

GetNodeProxyConfigTracingZipkinAddress returns address of the Zipkin service (e.g. zipkin.sre.svc.cluster.local:9411)

func GetNodeUserAgentBuildVersion 

func GetNodeUserAgentBuildVersion() (string, error)

GetNodeUserAgentBuildVersion returns the node user agent build version.

func GetNodeUserAgentName 

func GetNodeUserAgentName() (string, error)

GetNodeUserAgentName returns the node user agent name.

Example: “envoy” or “grpc”.

func GetNodeUserAgentVersion 

func GetNodeUserAgentVersion() (string, error)

GetNodeUserAgentVersion returns the node user agent version.

Example “1.12.2” or “abcd1234”, or “SpecialEnvoyBuild”.

func GetPluginName 

func GetPluginName() (string, error)

GetPluginName returns the plugin name.

This matches <metadata.name>.<metadata.namespace> in an istio WasmPlugin CR.

func GetPluginRootId 

func GetPluginRootId() (string, error)

GetPluginRootId returns the plugin root id.

This matches the <spec.pluginName> in the istio WasmPlugin CR.

func GetPluginVmId 

func GetPluginVmId() (string, error)

GetPluginVmId returns the plugin vm id.

func GetRequestDuration 

func GetRequestDuration() (uint64, error)

GetRequestDuration returns the total duration of the request, approximated to nano-seconds.

func GetRequestHeaders 

func GetRequestHeaders() (map[string]string, error)

GetRequestHeaders returns all request headers indexed by the lower-cased header name.

func GetRequestHost 

func GetRequestHost() (string, error)

GetRequestHost returns the host portion of the URL.

func GetRequestId 

func GetRequestId() (string, error)

GetRequestId returns the request ID corresponding to x-request-id header value.

func GetRequestMethod 

func GetRequestMethod() (string, error)

GetRequestMethod returns the request method e.g. “GET”.

func GetRequestPath 

func GetRequestPath() (string, error)

GetRequestPath return the path portion of the URL.

func GetRequestProtocol 

func GetRequestProtocol() (string, error)

GetRequestProtocol returns the request protocol (“HTTP/1.0”, “HTTP/1.1”, “HTTP/2”, or “HTTP/3”).

func GetRequestQuery 

func GetRequestQuery() (string, error)

GetRequestQuery returns the query portion of the URL in the format of “name1=value1&name2=value2”.

func GetRequestReferer 

func GetRequestReferer() (string, error)

GetRequestReferer returns the referer request header.

func GetRequestScheme 

func GetRequestScheme() (string, error)

GetRequestScheme returns the scheme portion of the URL e.g. “http”.

func GetRequestSize 

func GetRequestSize() (uint64, error)

GetRequestSize returns the size of the request body. Content length header is used if available.

func GetRequestTime 

func GetRequestTime() (time.Time, error)

GetRequestTime returns the UTC time of the first byte received, approximated to nano-seconds.

func GetRequestTotalSize 

func GetRequestTotalSize() (uint64, error)

GetRequestTotalSize returns the total size of the request including the approximate uncompressed size of the headers.

func GetRequestUrlPath 

func GetRequestUrlPath() (string, error)

GetRequestUrlPath returns the path portion of the URL without the query string.

func GetRequestUserAgent 

func GetRequestUserAgent() (string, error)

GetRequestUserAgent returns the user agent request header.

func GetResponseCode 

func GetResponseCode() (uint64, error)

GetResponseCode returns the response HTTP status code.

func GetResponseCodeDetails 

func GetResponseCodeDetails() (string, error)

GetResponseCodeDetails returns the internal response code details (subject to change).

func GetResponseFlags 

func GetResponseFlags() (uint64, error)

GetResponseFlags returns additional details about the response beyond the standard response code encoded as a bit-vector.

https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-response-flags

func GetResponseGrpcStatusCode 

func GetResponseGrpcStatusCode() (uint64, error)

GetResponseGrpcStatusCode returns the response gRPC status code.

func GetResponseHeaders 

func GetResponseHeaders() (map[string]string, error)

GetResponseHeaders returns all response headers indexed by the lower-cased header name.

func GetResponseSize 

func GetResponseSize() (uint64, error)

GetResponseSize returns the size of the response body.

func GetResponseTotalSize 

func GetResponseTotalSize() (uint64, error)

GetResponseTotalSize returns the total size of the response including the approximate uncompressed size of the headers and the trailers.

func GetResponseTrailers 

func GetResponseTrailers() (map[string]string, error)

GetResponseTrailers returns all response trailers indexed by the lower-cased trailer name.

func GetRouteName 

func GetRouteName() (string, error)

GetRouteName returns the route name, only available in the response path (cfr getXdsRouteName()).

This matches the <spec.http.name> in the istio VirtualService CR.

func GetUpstreamAddress 

func GetUpstreamAddress() (string, error)

GetUpstreamAddress returns the upstream connection remote address.

func GetUpstreamDnsSanLocalCertificate 

func GetUpstreamDnsSanLocalCertificate() (string, error)

GetUpstreamDnsSanLocalCertificate returns the first DNS entry in the SAN field of the local certificate in the upstream TLS connection.

func GetUpstreamDnsSanPeerCertificate 

func GetUpstreamDnsSanPeerCertificate() (string, error)

GetUpstreamDnsSanPeerCertificate returns the first DNS entry in the SAN field of the peer certificate in the upstream TLS connection.

func GetUpstreamLocalAddress 

func GetUpstreamLocalAddress() (string, error)

GetUpstreamLocalAddress returns the local address of the upstream connection.

func GetUpstreamPort 

func GetUpstreamPort() (uint64, error)

GetUpstreamPort returns the upstream connection remote port.

func GetUpstreamSha256PeerCertificateDigest 

func GetUpstreamSha256PeerCertificateDigest() (string, error)

GetUpstreamSha256PeerCertificateDigest returns the SHA256 digest of the peer certificate in the upstream TLS connection if present.

func GetUpstreamSubjectLocalCertificate 

func GetUpstreamSubjectLocalCertificate() (string, error)

GetUpstreamSubjectLocalCertificate returns the subject field of the local certificate in the upstream TLS connection.

func GetUpstreamSubjectPeerCertificate 

func GetUpstreamSubjectPeerCertificate() (string, error)

GetUpstreamSubjectPeerCertificate returns the subject field of the peer certificate in the upstream TLS connection.

func GetUpstreamTlsVersion 

func GetUpstreamTlsVersion() (string, error)

GetUpstreamTlsVersion returns the TLS version of the upstream TLS connection.

func GetUpstreamTransportFailureReason 

func GetUpstreamTransportFailureReason() (string, error)

GetUpstreamTransportFailureReason returns the upstream transport failure reason e.g. certificate validation failed.

func GetUpstreamUriSanLocalCertificate 

func GetUpstreamUriSanLocalCertificate() (string, error)

GetUpstreamUriSanLocalCertificate returns the first URI entry in the SAN field of the local certificate in the upstream TLS connection.

func GetUpstreamUriSanPeerCertificate 

func GetUpstreamUriSanPeerCertificate() (string, error)

GetUpstreamUriSanPeerCertificate returns the first URI entry in the SAN field of the peer certificate in the upstream TLS connection.

func GetXdsClusterName 

func GetXdsClusterName() (string, error)

GetXdsClusterName returns the upstream cluster name.

Example value: "outbound|80||httpbin.org".

func GetXdsListenerFilterChainName 

func GetXdsListenerFilterChainName() (string, error)

GetXdsListenerFilterChainName returns the listener filter chain name.

func GetXdsRouteName 

func GetXdsRouteName() (string, error)

GetXdsRouteName returns the upstream route name (available in both the request response path, cfr getRouteName()). This matches the <spec.http.name> in an istio VirtualService CR.

func IsDownstreamConnectionTls 

func IsDownstreamConnectionTls() (bool, error)

IsDownstreamConnectionTls returns true if the downstream connection is TLS.

Types

type EnvoyExtension 

type EnvoyExtension struct {
	Name     string
	Category string
	TypeUrls []string
}

EnvoyExtension holds version and identification for an Envoy extension.

https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/base.proto#config-core-v3-extension

func GetNodeExtensions 

func GetNodeExtensions() ([]EnvoyExtension, error)

GetNodeExtensions returns the node extensions.

type EnvoyLocality 

type EnvoyLocality struct {
	Region  string
	Zone    string
	Subzone string
}

EnvoyLocality identifies location of where either Envoy runs or where upstream hosts run.

https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/base.proto#config-core-v3-locality

func GetNodeLocality 

func GetNodeLocality() (EnvoyLocality, error)

GetNodeLocality returns the node locality.

type EnvoyTrafficDirection 

type EnvoyTrafficDirection int

EnvoyTrafficDirection identifies the direction of the traffic relative to the local Envoy.

https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/base.proto#enum-config-core-v3-trafficdirection 

const (
	// EnvoyTrafficDirectionUnspecified means that the direction is not specified.
	EnvoyTrafficDirectionUnspecified EnvoyTrafficDirection = iota
	// EnvoyTrafficDirectionInbound means that the transport is used for incoming traffic.
	EnvoyTrafficDirectionInbound
	// EnvoyTrafficDirectionOutbound means that the transport is used for outgoing traffic.
	EnvoyTrafficDirectionOutbound
)

func GetListenerDirection 

func GetListenerDirection() (EnvoyTrafficDirection, error)

GetListenerDirection returns the listener direction.

Possible values are:

  • UNSPECIFIED: 0 (default option is unspecified)
  • INBOUND: 1 (⁣the transport is used for incoming traffic)
  • OUTBOUND: 2 (the transport is used for outgoing traffic)

func (EnvoyTrafficDirection) String 

func (t EnvoyTrafficDirection) String() string

String converts the EnvoyTrafficDirection enum value to its corresponding string representation. It returns "UNSPECIFIED" for Unspecified, "INBOUND" for Inbound, and "OUTBOUND" for Outbound. If the enum value doesn't match any of the predefined values, it defaults to "UNSPECIFIED".

type IstioFilterMetadata 

type IstioFilterMetadata struct {
	Config   string
	Services []IstioService
}

IstioFilterMetadata provides additional inputs to filters based on matched listeners, filter chains, routes and endpoints. It is structured as a map, usually from filter name (in reverse DNS format) to metadata specific to the filter. Metadata key-values for a filter are merged as connection and request handling occurs, with later values for the same key overriding earlier values.

https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/base.proto#config-core-v3-metadata

func GetClusterMetadata 

func GetClusterMetadata() (IstioFilterMetadata, error)

GetClusterMetadata returns the cluster metadata.

func GetListenerMetadata 

func GetListenerMetadata() (IstioFilterMetadata, error)

GetListenerMetadata returns the listener metadata.

func GetRouteMetadata 

func GetRouteMetadata() (IstioFilterMetadata, error)

GetRouteMetadata returns the route metadata.

func GetUpstreamHostMetadata 

func GetUpstreamHostMetadata() (IstioFilterMetadata, error)

GetUpstreamHostMetadata returns the upstream host metadata.

func GetXdsClusterMetadata 

func GetXdsClusterMetadata() (IstioFilterMetadata, error)

GetXdsClusterMetadata returns the upstream cluster metadata.

func GetXdsRouteMetadata 

func GetXdsRouteMetadata() (IstioFilterMetadata, error)

GetXdsRouteMetadata returns the upstream route metadata.

func GetXdsUpstreamHostMetadata 

func GetXdsUpstreamHostMetadata() (IstioFilterMetadata, error)

GetXdsUpstreamHostMetadata returns the upstream host metadata.

type IstioProxyStatsMatcher 

type IstioProxyStatsMatcher struct {
	InclusionPrefixes []string
	InclusionRegexps  []string
	InclusionSuffixes []string
}

IstioProxyStatsMatcher holds proxy stats name matches for stats creation. Note this is in addition to the minimum Envoy stats that Istio generates by default.

https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#ProxyConfig-ProxyStatsMatcher

func GetNodeProxyConfigProxyStatsMatcher 

func GetNodeProxyConfigProxyStatsMatcher() (IstioProxyStatsMatcher, error)

GetNodeProxyConfigProxyStatsMatcher returns the proxy stats matcher, which defines configuration for reporting custom Envoy stats. To reduce memory and CPU overhead from Envoy stats system, Istio proxies by default create and expose only a subset of Envoy stats. This option is to control creation of additional Envoy stats with prefix, suffix, and regex expressions match on the name of the stats. This replaces the stats inclusion annotations (sidecar.istio.io/statsInclusionPrefixes, sidecar.istio.io/statsInclusionRegexps, and sidecar.istio.io/statsInclusionSuffixes)

type IstioService 

type IstioService struct {
	Host      string
	Name      string
	Namespace string
}

IstioService holds information of the host, name and namespace of an Istio Service.

type IstioTrafficInterceptionMode 

type IstioTrafficInterceptionMode int

IstioTrafficInterceptionMode indicates how traffic to/from the workload is captured and sent to Envoy. This should not be confused with the CaptureMode in the API that indicates how the user wants traffic to be intercepted for the listener. IstioTrafficInterceptionMode is always derived from the Proxy metadata.

https://pkg.go.dev/istio.io/istio/pilot/pkg/model#TrafficInterceptionMode 

const (
	// IstioTrafficInterceptionModeNone indicates that the workload is not using IPtables for traffic interception.
	IstioTrafficInterceptionModeNone IstioTrafficInterceptionMode = iota
	// IstioTrafficInterceptionModeTproxy implies traffic intercepted by IPtables with TPROXY mode.
	IstioTrafficInterceptionModeTproxy
	// IstioTrafficInterceptionModeRedirect implies traffic intercepted by IPtables with REDIRECT mode. This is our default mode.
	IstioTrafficInterceptionModeRedirect
)

func GetNodeMetaInterceptionMode 

func GetNodeMetaInterceptionMode() (IstioTrafficInterceptionMode, error)

GetNodeMetaInterceptionMode returns the interception mode of the node

Possible values: 

REDIRECT	: REDIRECT mode uses iptables REDIRECT to NAT and redirect to Envoy. This mode
						loses source IP addresses during redirection
TPROXY		: TPROXY mode uses iptables TPROXY to redirect to Envoy. This mode preserves both
						the source and destination IP addresses and ports, so that they can be used for
						advanced filtering and manipulation. This mode also configures the sidecar to
						run with the CAP_NET_ADMIN capability, which is required to use TPROXY
NONE			: NONE mode does not configure redirect to Envoy at all. This is an advanced
						configuration that typically requires changes to user applications.

func ParseIstioTrafficInterceptionMode 

func ParseIstioTrafficInterceptionMode(s string) (IstioTrafficInterceptionMode, error)

ParseIstioTrafficInterceptionMode converts a string representation of IstioTrafficInterceptionMode to its corresponding enum value. It returns None for "NONE", Tproxy for "TPROXY", and Redirect for "REDIRECT". If the provided string doesn't match any of the predefined values, it returns an error and the default value Redirect.

func (IstioTrafficInterceptionMode) String 

func (t IstioTrafficInterceptionMode) String() string

String converts the IstioTrafficInterceptionMode enum value to its corresponding string representation. It returns "NONE" for None, "TPROXY" for Tproxy, and "REDIRECT" for Redirect. If the enum value doesn't match any of the predefined values, it defaults to "REDIRECT".

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.