v1alpha3 · pkg.go.dev

Documentation

Index ¶

Constants
Variables
func MergeTrafficPolicy(original, subsetPolicy *networking.TrafficPolicy, port *model.Port) *networking.TrafficPolicy
type AccessLogBuilder
type ClusterBuilder
- func NewClusterBuilder(proxy *model.Proxy, push *model.PushContext) *ClusterBuilder
type ClusterInstances
type ClusterMode
type ConfigGenTest
- func NewConfigGenTest(t test.Failer, opts TestOptions) *ConfigGenTest
- func (f *ConfigGenTest) Clusters(p *model.Proxy) []*cluster.Cluster
- func (f *ConfigGenTest) Env() *model.Environment
- func (f *ConfigGenTest) Listeners(p *model.Proxy) []*listener.Listener
- func (f *ConfigGenTest) PushContext() *model.PushContext
- func (f *ConfigGenTest) Routes(p *model.Proxy) []*route.RouteConfiguration
- func (f *ConfigGenTest) Run()
- func (f *ConfigGenTest) SetupProxy(p *model.Proxy) *model.Proxy
- func (f *ConfigGenTest) Store() model.ConfigStoreCache
type ConfigGeneratorImpl
- func NewConfigGenerator(plugins []plugin.Plugin, cache model.XdsCache) *ConfigGeneratorImpl
- func (configgen *ConfigGeneratorImpl) BuildClusters(proxy *model.Proxy, push *model.PushContext) []*cluster.Cluster
- func (configgen *ConfigGeneratorImpl) BuildExtensionConfiguration(proxy *model.Proxy, push *model.PushContext, extensionConfigNames []string) []*core.TypedExtensionConfig
- func (configgen *ConfigGeneratorImpl) BuildHTTPRoutes(node *model.Proxy, push *model.PushContext, routeNames []string) []*route.RouteConfiguration
- func (configgen *ConfigGeneratorImpl) BuildListeners(node *model.Proxy, push *model.PushContext) []*listener.Listener
- func (configgen *ConfigGeneratorImpl) BuildNameTable(node *model.Proxy, push *model.PushContext) *nds.NameTable
- func (configgen *ConfigGeneratorImpl) MeshConfigChanged(_ *meshconfig.MeshConfig)
type FakeXdsUpdater
- func (f *FakeXdsUpdater) ConfigUpdate(*model.PushRequest)
- func (f *FakeXdsUpdater) EDSCacheUpdate(_, _, _ string, _ []*model.IstioEndpoint)
- func (f *FakeXdsUpdater) EDSUpdate(_, _, _ string, _ []*model.IstioEndpoint)
- func (f *FakeXdsUpdater) ProxyUpdate(_, _ string)
- func (f *FakeXdsUpdater) SvcUpdate(_, _, _ string, _ model.Event)
type FilterChainMatchOptions
type ListenerBuilder
- func NewListenerBuilder(node *model.Proxy, push *model.PushContext) *ListenerBuilder
type ListenerClass
type TestOptions

Constants ¶

const (
	// EnvoyTextLogFormat format for envoy text based access logs for Istio 1.3 onwards
	EnvoyTextLogFormat = "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% " +
		"%PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% " +
		"\"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% " +
		"%DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" " +
		"\"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" " +
		"%UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% " +
		"%DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n"
	// EnvoyTextLogFormatIstio19 format for envoy text based access logs for Istio 1.9 onwards.
	// This includes the additional new operator RESPONSE_CODE_DETAILS and CONNECTION_TERMINATION_DETAILS that tells
	// the reason why Envoy rejects a request.
	EnvoyTextLogFormatIstio19 = "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% " +
		"%PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% " +
		"%RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% " +
		"\"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% " +
		"%DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" " +
		"\"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" " +
		"%UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% " +
		"%DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n"

	// EnvoyServerName for istio's envoy
	EnvoyServerName = "istio-envoy"

	// EnvoyAccessLogCluster is the cluster name that has details for server implementing Envoy ALS.
	// This cluster is created in bootstrap.
	EnvoyAccessLogCluster = "envoy_accesslog_service"
)

View Source

const (
	NoConflict = iota
	// Incoming HTTP existing HTTP
	HTTPOverHTTP
	// Incoming HTTP existing TCP
	HTTPOverTCP
	// Incoming HTTP existing AUTO
	HTTPOverAuto
	// Incoming TCP existing HTTP
	TCPOverHTTP
	// Incoming TCP existing TCP
	TCPOverTCP
	// Incoming TCP existing AUTO
	TCPOverAuto
	// Incoming AUTO existing HTTP
	AutoOverHTTP
	// Incoming AUTO existing TCP
	AutoOverTCP
	// Incoming AUTO existing AUTO
	AutoOverAuto
)

View Source

const (
	// RDSHttpProxy is the special name for HTTP PROXY route
	RDSHttpProxy = "http_proxy"

	// VirtualOutboundListenerName is the name for traffic capture listener
	VirtualOutboundListenerName = "virtualOutbound"

	// VirtualOutboundCatchAllTCPFilterChainName is the name of the catch all tcp filter chain
	VirtualOutboundCatchAllTCPFilterChainName = "virtualOutbound-catchall-tcp"

	// VirtualOutboundCatchAllTCPFilterChainName is the name of the filter chain to blackhole undesired traffic
	VirtualOutboundBlackholeFilterChainName = "virtualOutbound-blackhole"
	// VirtualInboundCatchAllTCPFilterChainName is the name of the filter chain to blackhole undesired traffic
	VirtualInboundBlackholeFilterChainName = "virtualInbound-blackhole"

	// VirtualInboundListenerName is the name for traffic capture listener
	VirtualInboundListenerName = "virtualInbound"

	// WildcardAddress binds to all IP addresses
	WildcardAddress = "0.0.0.0"

	// WildcardIPv6Address binds to all IPv6 addresses
	WildcardIPv6Address = "::"

	// LocalhostAddress for local binding
	LocalhostAddress = "127.0.0.1"

	// LocalhostIPv6Address for local binding
	LocalhostIPv6Address = "::1"

	// ProxyInboundListenPort is the port on which all inbound traffic to the pod/vm will be captured to
	// TODO: allow configuration through mesh config
	ProxyInboundListenPort = 15006

	ThriftRLSDefaultTimeoutMS = 50
)

View Source

const (
	// DefaultLbType set to round robin
	DefaultLbType = networking.LoadBalancerSettings_ROUND_ROBIN
)

Variables ¶

View Source

var (

	// EnvoyJSONLogFormat map of values for envoy json based access logs for Istio 1.3 onwards
	EnvoyJSONLogFormat = &structpb.Struct{
		Fields: map[string]*structpb.Value{
			"start_time":                        {Kind: &structpb.Value_StringValue{StringValue: "%START_TIME%"}},
			"route_name":                        {Kind: &structpb.Value_StringValue{StringValue: "%ROUTE_NAME%"}},
			"method":                            {Kind: &structpb.Value_StringValue{StringValue: "%REQ(:METHOD)%"}},
			"path":                              {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%"}},
			"protocol":                          {Kind: &structpb.Value_StringValue{StringValue: "%PROTOCOL%"}},
			"response_code":                     {Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_CODE%"}},
			"response_flags":                    {Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_FLAGS%"}},
			"bytes_received":                    {Kind: &structpb.Value_StringValue{StringValue: "%BYTES_RECEIVED%"}},
			"bytes_sent":                        {Kind: &structpb.Value_StringValue{StringValue: "%BYTES_SENT%"}},
			"duration":                          {Kind: &structpb.Value_StringValue{StringValue: "%DURATION%"}},
			"upstream_service_time":             {Kind: &structpb.Value_StringValue{StringValue: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%"}},
			"x_forwarded_for":                   {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-FORWARDED-FOR)%"}},
			"user_agent":                        {Kind: &structpb.Value_StringValue{StringValue: "%REQ(USER-AGENT)%"}},
			"request_id":                        {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-REQUEST-ID)%"}},
			"authority":                         {Kind: &structpb.Value_StringValue{StringValue: "%REQ(:AUTHORITY)%"}},
			"upstream_host":                     {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_HOST%"}},
			"upstream_cluster":                  {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_CLUSTER%"}},
			"upstream_local_address":            {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_LOCAL_ADDRESS%"}},
			"downstream_local_address":          {Kind: &structpb.Value_StringValue{StringValue: "%DOWNSTREAM_LOCAL_ADDRESS%"}},
			"downstream_remote_address":         {Kind: &structpb.Value_StringValue{StringValue: "%DOWNSTREAM_REMOTE_ADDRESS%"}},
			"requested_server_name":             {Kind: &structpb.Value_StringValue{StringValue: "%REQUESTED_SERVER_NAME%"}},
			"upstream_transport_failure_reason": {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_TRANSPORT_FAILURE_REASON%"}},
		},
	}

	// EnvoyJSONLogFormatIstio19 map of values for envoy json based access logs for Istio 1.9 onwards.
	// This includes the additional log operator RESPONSE_CODE_DETAILS and CONNECTION_TERMINATION_DETAILS that tells
	// the reason why Envoy rejects a request.
	EnvoyJSONLogFormatIstio19 = &structpb.Struct{
		Fields: map[string]*structpb.Value{
			"start_time":                        {Kind: &structpb.Value_StringValue{StringValue: "%START_TIME%"}},
			"route_name":                        {Kind: &structpb.Value_StringValue{StringValue: "%ROUTE_NAME%"}},
			"method":                            {Kind: &structpb.Value_StringValue{StringValue: "%REQ(:METHOD)%"}},
			"path":                              {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%"}},
			"protocol":                          {Kind: &structpb.Value_StringValue{StringValue: "%PROTOCOL%"}},
			"response_code":                     {Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_CODE%"}},
			"response_flags":                    {Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_FLAGS%"}},
			"response_code_details":             {Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_CODE_DETAILS%"}},
			"connection_termination_details":    {Kind: &structpb.Value_StringValue{StringValue: "%CONNECTION_TERMINATION_DETAILS%"}},
			"bytes_received":                    {Kind: &structpb.Value_StringValue{StringValue: "%BYTES_RECEIVED%"}},
			"bytes_sent":                        {Kind: &structpb.Value_StringValue{StringValue: "%BYTES_SENT%"}},
			"duration":                          {Kind: &structpb.Value_StringValue{StringValue: "%DURATION%"}},
			"upstream_service_time":             {Kind: &structpb.Value_StringValue{StringValue: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%"}},
			"x_forwarded_for":                   {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-FORWARDED-FOR)%"}},
			"user_agent":                        {Kind: &structpb.Value_StringValue{StringValue: "%REQ(USER-AGENT)%"}},
			"request_id":                        {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-REQUEST-ID)%"}},
			"authority":                         {Kind: &structpb.Value_StringValue{StringValue: "%REQ(:AUTHORITY)%"}},
			"upstream_host":                     {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_HOST%"}},
			"upstream_cluster":                  {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_CLUSTER%"}},
			"upstream_local_address":            {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_LOCAL_ADDRESS%"}},
			"downstream_local_address":          {Kind: &structpb.Value_StringValue{StringValue: "%DOWNSTREAM_LOCAL_ADDRESS%"}},
			"downstream_remote_address":         {Kind: &structpb.Value_StringValue{StringValue: "%DOWNSTREAM_REMOTE_ADDRESS%"}},
			"requested_server_name":             {Kind: &structpb.Value_StringValue{StringValue: "%REQUESTED_SERVER_NAME%"}},
			"upstream_transport_failure_reason": {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_TRANSPORT_FAILURE_REASON%"}},
		},
	}
)

View Source

var NilClusterPatcher = clusterPatcher{}

Functions ¶

func MergeTrafficPolicy ¶

func MergeTrafficPolicy(original, subsetPolicy *networking.TrafficPolicy, port *model.Port) *networking.TrafficPolicy

MergeTrafficPolicy returns the merged TrafficPolicy for a destination-level and subset-level policy on a given port.

Types ¶

type AccessLogBuilder ¶

type AccessLogBuilder struct {
	// contains filtered or unexported fields
}

type ClusterBuilder ¶

type ClusterBuilder struct {
	// contains filtered or unexported fields
}

ClusterBuilder interface provides an abstraction for building Envoy Clusters.

func NewClusterBuilder ¶

func NewClusterBuilder(proxy *model.Proxy, push *model.PushContext) *ClusterBuilder

NewClusterBuilder builds an instance of ClusterBuilder.

type ClusterInstances ¶

type ClusterInstances struct {
	PrimaryInstance *model.ServiceInstance
	AllInstances    []*model.ServiceInstance
}

type ClusterMode ¶

type ClusterMode string

ClusterMode defines whether the cluster is being built for SNI-DNATing (sni passthrough) or not

const (
	// SniDnatClusterMode indicates cluster is being built for SNI dnat mode
	SniDnatClusterMode ClusterMode = "sni-dnat"
	// DefaultClusterMode indicates usual cluster with mTLS et al
	DefaultClusterMode ClusterMode = "outbound"
)

type ConfigGenTest ¶

type ConfigGenTest struct {
	ConfigGen            *ConfigGeneratorImpl
	MemRegistry          *memregistry.ServiceDiscovery
	ServiceEntryRegistry *serviceentry.ServiceEntryStore
	Registry             model.Controller
	// contains filtered or unexported fields
}

func NewConfigGenTest ¶

func NewConfigGenTest(t test.Failer, opts TestOptions) *ConfigGenTest

func (*ConfigGenTest) Clusters ¶

func (f *ConfigGenTest) Clusters(p *model.Proxy) []*cluster.Cluster

func (*ConfigGenTest) Env ¶

func (f *ConfigGenTest) Env() *model.Environment

func (*ConfigGenTest) Listeners ¶

func (f *ConfigGenTest) Listeners(p *model.Proxy) []*listener.Listener

TODO do we need lock around push context?

func (*ConfigGenTest) PushContext ¶

func (f *ConfigGenTest) PushContext() *model.PushContext

func (*ConfigGenTest) Routes ¶

func (f *ConfigGenTest) Routes(p *model.Proxy) []*route.RouteConfiguration

func (*ConfigGenTest) Run ¶

func (f *ConfigGenTest) Run()

func (*ConfigGenTest) SetupProxy ¶

func (f *ConfigGenTest) SetupProxy(p *model.Proxy) *model.Proxy

SetupProxy initializes a proxy for the current environment. This should generally be used when creating any proxy. For example, `p := SetupProxy(&model.Proxy{...})`.

func (*ConfigGenTest) Store ¶

func (f *ConfigGenTest) Store() model.ConfigStoreCache

type ConfigGeneratorImpl ¶

type ConfigGeneratorImpl struct {
	// List of plugins that modify code generated by this config generator
	Plugins []plugin.Plugin
	Cache   model.XdsCache
}

func NewConfigGenerator ¶

func NewConfigGenerator(plugins []plugin.Plugin, cache model.XdsCache) *ConfigGeneratorImpl

func (*ConfigGeneratorImpl) BuildClusters ¶

func (configgen *ConfigGeneratorImpl) BuildClusters(proxy *model.Proxy, push *model.PushContext) []*cluster.Cluster

BuildClusters returns the list of clusters for the given proxy. This is the CDS output For outbound: Cluster for each service/subset hostname or cidr with SNI set to service hostname Cluster type based on resolution For inbound (sidecar only): Cluster for each inbound endpoint port and for each service port

func (*ConfigGeneratorImpl) BuildExtensionConfiguration ¶

func (configgen *ConfigGeneratorImpl) BuildExtensionConfiguration(
	proxy *model.Proxy, push *model.PushContext, extensionConfigNames []string) []*core.TypedExtensionConfig

BuildExtensionConfiguration returns the list of extension configuration for the given proxy and list of names. This is the ECDS output.

func (*ConfigGeneratorImpl) BuildHTTPRoutes ¶

func (configgen *ConfigGeneratorImpl) BuildHTTPRoutes(node *model.Proxy, push *model.PushContext,
	routeNames []string) []*route.RouteConfiguration

BuildHTTPRoutes produces a list of routes for the proxy

func (*ConfigGeneratorImpl) BuildListeners ¶

func (configgen *ConfigGeneratorImpl) BuildListeners(node *model.Proxy,
	push *model.PushContext) []*listener.Listener

BuildListeners produces a list of listeners and referenced clusters for all proxies

func (*ConfigGeneratorImpl) BuildNameTable ¶

func (configgen *ConfigGeneratorImpl) BuildNameTable(node *model.Proxy, push *model.PushContext) *nds.NameTable

BuildNameTable produces a table of hostnames and their associated IPs that can then be used by the agent to resolve DNS. This logic is always active. However, local DNS resolution will only be effective if DNS capture is enabled in the proxy

func (*ConfigGeneratorImpl) MeshConfigChanged ¶

func (configgen *ConfigGeneratorImpl) MeshConfigChanged(_ *meshconfig.MeshConfig)

Called when mesh config is changed.

type FakeXdsUpdater ¶

type FakeXdsUpdater struct{}

func (*FakeXdsUpdater) ConfigUpdate ¶

func (f *FakeXdsUpdater) ConfigUpdate(*model.PushRequest)

func (*FakeXdsUpdater) EDSCacheUpdate ¶

func (f *FakeXdsUpdater) EDSCacheUpdate(_, _, _ string, _ []*model.IstioEndpoint)

func (*FakeXdsUpdater) EDSUpdate ¶

func (f *FakeXdsUpdater) EDSUpdate(_, _, _ string, _ []*model.IstioEndpoint)

func (*FakeXdsUpdater) ProxyUpdate ¶

func (f *FakeXdsUpdater) ProxyUpdate(_, _ string)

func (*FakeXdsUpdater) SvcUpdate ¶

func (f *FakeXdsUpdater) SvcUpdate(_, _, _ string, _ model.Event)

type FilterChainMatchOptions ¶

type FilterChainMatchOptions struct {
	// Application protocols of the filter chain match
	ApplicationProtocols []string
	// Transport protocol of the filter chain match. "tls" or empty
	TransportProtocol string
	// Filter chain protocol. HTTP for HTTP proxy and TCP for TCP proxy
	Protocol istionetworking.ListenerProtocol
}

type ListenerBuilder ¶

type ListenerBuilder struct {
	// contains filtered or unexported fields
}

A stateful listener builder Support the below intentions 1. Use separate inbound capture listener(:15006) and outbound capture listener(:15001) 2. The above listeners use bind_to_port sub listeners or filter chains.

func NewListenerBuilder ¶

func NewListenerBuilder(node *model.Proxy, push *model.PushContext) *ListenerBuilder

type ListenerClass ¶

type ListenerClass int

ListenerClass defines the class of the listener

const (
	ListenerClassUndefined ListenerClass = iota
	ListenerClassSidecarInbound
	ListenerClassSidecarOutbound
	ListenerClassGateway
)

type TestOptions ¶

type TestOptions struct {
	// If provided, these configs will be used directly
	Configs        []config.Config
	ConfigPointers []*config.Config

	// If provided, the yaml string will be parsed and used as configs
	ConfigString string
	// If provided, the ConfigString will be treated as a go template, with this as input params
	ConfigTemplateInput interface{}

	// Services to pre-populate as part of the service discovery
	Services  []*model.Service
	Instances []*model.ServiceInstance

	// If provided, this mesh config will be used
	MeshConfig      *meshconfig.MeshConfig
	NetworksWatcher mesh.NetworksWatcher

	// Additional service registries to use. A ServiceEntry and memory registry will always be created.
	ServiceRegistries []serviceregistry.Instance

	// Additional ConfigStoreCache to use
	ConfigStoreCaches []model.ConfigStoreCache

	// ConfigGen plugins to use. If not set, all default plugins will be used
	Plugins []plugin.Plugin

	// Mutex used for push context access. Should generally only be used by NewFakeDiscoveryServer
	PushContextLock *sync.RWMutex

	// If set, we will not run immediately, allowing adding event handlers, etc prior to start.
	SkipRun bool
}

Source Files

View all

Directories

Path	Synopsis
envoyfilter
loadbalancer packages used for load balancer setting	packages used for load balancer setting
route
retry

?	: This menu
/	: Search site
f or F	: Jump to