contour: Index | Files

package envoy

import ""

Package envoy contains APIs for translating between Contour objects and Envoy configuration APIs and types.


Package Files

accesslog.go auth.go bootstrap.go cluster.go endpoint.go healthcheck.go listener.go regex.go route.go secret.go socket.go stats.go tcp_keepalive.go


const (
    TCP_KEEPIDLE  = 0x4 // Linux syscall.TCP_KEEPIDLE
    TCP_KEEPINTVL = 0x5 // Linux syscall.TCP_KEEPINTVL
    TCP_KEEPCNT   = 0x6 // Linux syscall.TCP_KEEPCNT

    // The following are Linux syscall constants for all
    // architectures except MIPS.
    SOL_SOCKET   = 0x1
    SO_KEEPALIVE = 0x9

    // IPPROTO_TCP has the same value across Go platforms, but
    // is defined here for consistency.

We only support Envoy on Linux so always configure Linux TCP keep-alive socket options regardless of the platform that Contour is running on.


var DefaultFields = []string{

DefaultFields are fields that will be included by default when JSON logging is enabled.

var JSONFields = map[string]string{
    "@timestamp":                "%START_TIME%",
    "ts":                        "%START_TIME%",
    "authority":                 "%REQ(:AUTHORITY)%",
    "bytes_received":            "%BYTES_RECEIVED%",
    "bytes_sent":                "%BYTES_SENT%",
    "downstream_local_address":  "%DOWNSTREAM_LOCAL_ADDRESS%",
    "downstream_remote_address": "%DOWNSTREAM_REMOTE_ADDRESS%",
    "duration":                  "%DURATION%",
    "method":                    "%REQ(:METHOD)%",
    "path":                      "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%",
    "protocol":                  "%PROTOCOL%",
    "request_id":                "%REQ(X-REQUEST-ID)%",
    "requested_server_name":     "%REQUESTED_SERVER_NAME%",
    "response_code":             "%RESPONSE_CODE%",
    "response_flags":            "%RESPONSE_FLAGS%",
    "uber_trace_id":             "%REQ(UBER-TRACE-ID)%",
    "upstream_cluster":          "%UPSTREAM_CLUSTER%",
    "upstream_host":             "%UPSTREAM_HOST%",
    "upstream_local_address":    "%UPSTREAM_LOCAL_ADDRESS%",
    "upstream_service_time":     "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%",
    "user_agent":                "%REQ(USER-AGENT)%",
    "x_forwarded_for":           "%REQ(X-FORWARDED-FOR)%",
    "x_trace_id":                "%REQ(X-TRACE-ID)%",

JSONFields is the canonical translation table for JSON fields to Envoy log template formats, used for specifying fields for Envoy to log when JSON logging is enabled. Only fields specified in this map may be used for JSON logging.

func AppendHeader Uses

func AppendHeader(key, value string) *envoy_api_v2_core.HeaderValueOption

func Cluster Uses

func Cluster(c *dag.Cluster) *v2.Cluster

Cluster creates new v2.Cluster from dag.Cluster.

func ClusterCommonLBConfig Uses

func ClusterCommonLBConfig() *v2.Cluster_CommonLbConfig

ClusterCommonLBConfig creates a *v2.Cluster_CommonLbConfig with HealthyPanicThreshold disabled.

func ClusterDiscoveryType Uses

func ClusterDiscoveryType(t v2.Cluster_DiscoveryType) *v2.Cluster_Type

ClusterDiscoveryType returns the type of a ClusterDiscovery as a Cluster_type.

func ClusterLoadAssignment Uses

func ClusterLoadAssignment(name string, addrs ...*envoy_api_v2_core.Address) *v2.ClusterLoadAssignment

ClusterLoadAssignment returns a *v2.ClusterLoadAssignment with a single LocalityLbEndpoints of the supplied addresses.

func ClusterLoadAssignmentName Uses

func ClusterLoadAssignmentName(service types.NamespacedName, port string) string

ClusterLoadAssignmentName generates the name used for an EDS ClusterLoadAssignment, given a fully qualified Service name and port. This name is a contract between the producer of a cluster (i.e. the EDS service) and the consumer of a cluster (most likely a HTTP Route Action).

func Clustername Uses

func Clustername(cluster *dag.Cluster) string

Clustername returns the name of the CDS cluster for this service.

func ConfigSource Uses

func ConfigSource(cluster string) *envoy_api_v2_core.ConfigSource

ConfigSource returns a *envoy_api_v2_core.ConfigSource for cluster.

func ContainsFallbackFilterChain Uses

func ContainsFallbackFilterChain(filterchains []*envoy_api_v2_listener.FilterChain) bool

func DownstreamTLSContext Uses

func DownstreamTLSContext(serverSecret *dag.Secret, tlsMinProtoVersion envoy_api_v2_auth.TlsParameters_TlsProtocol, peerValidationContext *dag.PeerValidationContext, alpnProtos ...string) *envoy_api_v2_auth.DownstreamTlsContext

DownstreamTLSContext creates a new DownstreamTlsContext.

func DownstreamTLSTransportSocket Uses

func DownstreamTLSTransportSocket(tls *envoy_api_v2_auth.DownstreamTlsContext) *envoy_api_v2_core.TransportSocket

DownstreamTLSTransportSocket returns a custom transport socket using the DownstreamTlsContext provided.

func Endpoints Uses

func Endpoints(addrs ...*envoy_api_v2_core.Address) []*envoy_api_v2_endpoint.LocalityLbEndpoints

Endpoints returns a slice of LocalityLbEndpoints. The slice contains one entry, with one LbEndpoint per *envoy_api_v2_core.Address supplied.

func FileAccessLogEnvoy Uses

func FileAccessLogEnvoy(path string) []*accesslog.AccessLog

FileAccessLogEnvoy returns a new file based access log filter that will output Envoy's default access logs.

func FileAccessLogJSON Uses

func FileAccessLogJSON(path string, keys []string) []*accesslog.AccessLog

FileAccessLogJSON returns a new file based access log filter that will log in JSON format

func FilterChain Uses

func FilterChain(filters ...*envoy_api_v2_listener.Filter) *envoy_api_v2_listener.FilterChain

FilterChain retruns a *envoy_api_v2_listener.FilterChain for the supplied filters.

func FilterChainTLS Uses

func FilterChainTLS(domain string, downstream *envoy_api_v2_auth.DownstreamTlsContext, filters []*envoy_api_v2_listener.Filter) *envoy_api_v2_listener.FilterChain

FilterChainTLS returns a TLS enabled envoy_api_v2_listener.FilterChain.

func FilterChainTLSFallback Uses

func FilterChainTLSFallback(downstream *envoy_api_v2_auth.DownstreamTlsContext, filters []*envoy_api_v2_listener.Filter) *envoy_api_v2_listener.FilterChain

FilterChainTLSFallback returns a TLS enabled envoy_api_v2_listener.FilterChain conifgured for FallbackCertificate.

func FilterChains Uses

func FilterChains(filters ...*envoy_api_v2_listener.Filter) []*envoy_api_v2_listener.FilterChain

FilterChains returns a []*envoy_api_v2_listener.FilterChain for the supplied filters.

func FilterMisdirectedRequests Uses

func FilterMisdirectedRequests(fqdn string) *http.HttpFilter

func Filters Uses

func Filters(filters ...*envoy_api_v2_listener.Filter) []*envoy_api_v2_listener.Filter

Filters returns a []*envoy_api_v2_listener.Filter for the supplied filters.

func HTTPConnectionManager Uses

func HTTPConnectionManager(routename string, accesslogger []*accesslog.AccessLog, requestTimeout time.Duration) *envoy_api_v2_listener.Filter

HTTPConnectionManager creates a new HTTP Connection Manager filter for the supplied route, access log, and client request timeout.

func HTTPConnectionManagerBuilder Uses

func HTTPConnectionManagerBuilder() *httpConnectionManagerBuilder

func HeaderValueList Uses

func HeaderValueList(hvm map[string]string, app bool) []*envoy_api_v2_core.HeaderValueOption

HeaderValueList creates a list of Envoy HeaderValueOptions from the provided map.

func Headers Uses

func Headers(first *envoy_api_v2_core.HeaderValueOption, rest ...*envoy_api_v2_core.HeaderValueOption) []*envoy_api_v2_core.HeaderValueOption

func LBEndpoint Uses

func LBEndpoint(addr *envoy_api_v2_core.Address) *envoy_api_v2_endpoint.LbEndpoint

LBEndpoint creates a new LbEndpoint.

func Listener Uses

func Listener(name, address string, port int, lf []*envoy_api_v2_listener.ListenerFilter, filters ...*envoy_api_v2_listener.Filter) *v2.Listener

Listener returns a new v2.Listener for the supplied address, port, and filters.

func ListenerFilters Uses

func ListenerFilters(filters ...*envoy_api_v2_listener.ListenerFilter) []*envoy_api_v2_listener.ListenerFilter

ListenerFilters returns a []*envoy_api_v2_listener.ListenerFilter for the supplied listener filters.

func ProtoNamesForVersions Uses

func ProtoNamesForVersions(versions ...HTTPVersionType) []string

ProtoNamesForVersions returns the slice of ALPN protocol names for the give HTTP versions.

func ProxyProtocol Uses

func ProxyProtocol() *envoy_api_v2_listener.ListenerFilter

ProxyProtocol returns a new Proxy Protocol listener filter.

func RouteConfiguration Uses

func RouteConfiguration(name string, virtualhosts ...*envoy_api_v2_route.VirtualHost) *v2.RouteConfiguration

RouteConfiguration returns a *v2.RouteConfiguration.

func RouteMatch Uses

func RouteMatch(route *dag.Route) *envoy_api_v2_route.RouteMatch

RouteMatch creates a *envoy_api_v2_route.RouteMatch for the supplied *dag.Route.

func RouteRoute Uses

func RouteRoute(r *dag.Route) *envoy_api_v2_route.Route_Route

RouteRoute creates a *envoy_api_v2_route.Route_Route for the services supplied. If len(services) is greater than one, the route's action will be a weighted cluster.

func SafeRegexMatch Uses

func SafeRegexMatch(regex string) *matcher.RegexMatcher

SafeRegexMatch retruns a matcher.RegexMatcher for the supplied regex. SafeRegexMatch does not escape regex meta characters.

func Secret Uses

func Secret(s *dag.Secret) *envoy_api_v2_auth.Secret

Secret creates new envoy_api_v2_auth.Secret from secret.

func Secretname Uses

func Secretname(s *dag.Secret) string

Secretname returns the name of the SDS secret for this secret.

func SocketAddress Uses

func SocketAddress(address string, port int) *envoy_api_v2_core.Address

SocketAddress creates a new TCP envoy_api_v2_core.Address.

func StaticClusterLoadAssignment Uses

func StaticClusterLoadAssignment(service *dag.Service) *v2.ClusterLoadAssignment

StaticClusterLoadAssignment creates a *v2.ClusterLoadAssignment pointing to the external DNS address of the service

func StatsListener Uses

func StatsListener(address string, port int) *v2.Listener

StatsListener returns a *v2.Listener configured to serve prometheus metrics on /stats.

func TCPKeepaliveSocketOptions Uses

func TCPKeepaliveSocketOptions() []*envoy_api_v2_core.SocketOption

func TCPProxy Uses

func TCPProxy(statPrefix string, proxy *dag.TCPProxy, accesslogger []*accesslog.AccessLog) *envoy_api_v2_listener.Filter

TCPProxy creates a new TCPProxy filter.

func TLSInspector Uses

func TLSInspector() *envoy_api_v2_listener.ListenerFilter

TLSInspector returns a new TLS inspector listener filter.

func UpgradeHTTPS Uses

func UpgradeHTTPS() *envoy_api_v2_route.Route_Redirect

UpgradeHTTPS returns a route Action that redirects the request to HTTPS.

func UpstreamTLSContext Uses

func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni string, alpnProtocols ...string) *envoy_api_v2_auth.UpstreamTlsContext

UpstreamTLSContext creates an envoy_api_v2_auth.UpstreamTlsContext. By default UpstreamTLSContext returns a HTTP/1.1 TLS enabled context. A list of additional ALPN protocols can be provided.

func UpstreamTLSTransportSocket Uses

func UpstreamTLSTransportSocket(tls *envoy_api_v2_auth.UpstreamTlsContext) *envoy_api_v2_core.TransportSocket

UpstreamTLSTransportSocket returns a custom transport socket using the UpstreamTlsContext provided.

func VirtualHost Uses

func VirtualHost(hostname string, routes ...*envoy_api_v2_route.Route) *envoy_api_v2_route.VirtualHost

VirtualHost creates a new route.VirtualHost.

func WriteBootstrap Uses

func WriteBootstrap(c *BootstrapConfig) error

WriteBootstrap writes bootstrap configuration to files.

type BootstrapConfig Uses

type BootstrapConfig struct {
    // AdminAccessLogPath is the path to write the access log for the administration server.
    // Defaults to /dev/null.
    AdminAccessLogPath string

    // AdminAddress is the TCP address that the administration server will listen on.
    // Defaults to
    AdminAddress string

    // AdminPort is the port that the administration server will listen on.
    // Defaults to 9001.
    AdminPort int

    // XDSAddress is the TCP address of the gRPC XDS management server.
    // Defaults to
    XDSAddress string

    // XDSGRPCPort is the management server port that provides the v2 gRPC API.
    // Defaults to 8001.
    XDSGRPCPort int

    // Namespace is the namespace where Contour is running
    Namespace string

    //GrpcCABundle is the filename that contains a CA certificate chain that can
    //verify the client cert.
    GrpcCABundle string

    // GrpcClientCert is the filename that contains a client certificate. May contain a full bundle if you
    // don't want to pass a CA Bundle.
    GrpcClientCert string

    // GrpcClientKey is the filename that contains a client key for secure gRPC with TLS.
    GrpcClientKey string

    // Path is the filename for the bootstrap configuration file to be created.
    Path string

    // ResourcesDir is the directory where out of line Envoy resources can be placed.
    ResourcesDir string

    // SkipFilePathCheck specifies whether to skip checking whether files
    // referenced in the configuration actually exist. This option is for
    // testing only.
    SkipFilePathCheck bool

BootstrapConfig holds configuration values for a v2.Bootstrap.

type HTTPVersionType Uses

type HTTPVersionType = http.HttpConnectionManager_CodecType
const (
    HTTPVersionAuto HTTPVersionType = http.HttpConnectionManager_AUTO
    HTTPVersion1    HTTPVersionType = http.HttpConnectionManager_HTTP1
    HTTPVersion2    HTTPVersionType = http.HttpConnectionManager_HTTP2
    HTTPVersion3    HTTPVersionType = http.HttpConnectionManager_HTTP3

func CodecForVersions Uses

func CodecForVersions(versions ...HTTPVersionType) HTTPVersionType

CodecForVersions determines a single Envoy HTTP codec constant that support all the given HTTP protocol versions.

Package envoy imports 39 packages (graph) and is imported by 8 packages. Updated 2020-08-12. Refresh now. Tools for package owners.