contour: github.com/projectcontour/contour/internal/envoy Index | Files | Directories

package envoy

import "github.com/projectcontour/contour/internal/envoy"

Package envoy contains APIs for translating between Contour objects and Envoy configuration APIs and types.

Index

Package Files

accesslog.go auth.go bootstrap.go cluster.go healthcheck.go route.go secret.go tcp_keepalive.go

Constants

const (
    // Default healthcheck / lb algorithm values
    HCTimeout            = 2 * time.Second
    HCInterval           = 10 * time.Second
    HCUnhealthyThreshold = 3
    HCHealthyThreshold   = 2
    HCHost               = "contour-envoy-healthcheck"
)
const (
    TCP_KEEPIDLE  = 0x4 // Linux syscall.TCP_KEEPIDLE
    TCP_KEEPINTVL = 0x5 // Linux syscall.TCP_KEEPINTVL
    TCP_KEEPCNT   = 0x6 // Linux syscall.TCP_KEEPCNT

    // The following are Linux syscall constants for all
    // architectures except MIPS.
    SOL_SOCKET   = 0x1
    SO_KEEPALIVE = 0x9

    // IPPROTO_TCP has the same value across Go platforms, but
    // is defined here for consistency.
    IPPROTO_TCP = syscall.IPPROTO_TCP
)

We only support Envoy on Linux so always configure Linux TCP keep-alive socket options regardless of the platform that Contour is running on.

const SDSResourcesSubdirectory = "sds"

SDSResourcesSubdirectory stores the subdirectory name where SDS path resources are stored to.

const SDSTLSCertificateFile = "xds-tls-certificate.json"

SDSTLSCertificateFile stores the path to the SDS resource with Envoy's client certificate and key for XDS gRPC connection.

const SDSValidationContextFile = "xds-validation-context.json"

SDSValidationContextFile stores the path to the SDS resource with CA certificates for Envoy to use for the XDS gRPC connection.

Variables

var (
    // Ciphers contains the list of default ciphers used by Contour. A handful are
    // commented out, as they're arguably less secure. They're also unnecessary
    // - most of the clients that might need to use the commented ciphers are
    // unable to connect without TLS 1.0, which contour never enables.
    //
    // This list is ignored if the client and server negotiate TLS 1.3.
    //
    // The commented ciphers are left in place to simplify updating this list for future
    // versions of envoy.
    Ciphers = []string{
        "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]",
        "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]",
        "ECDHE-ECDSA-AES128-SHA",
        "ECDHE-RSA-AES128-SHA",

        "ECDHE-ECDSA-AES256-GCM-SHA384",
        "ECDHE-RSA-AES256-GCM-SHA384",
        "ECDHE-ECDSA-AES256-SHA",
        "ECDHE-RSA-AES256-SHA",
    }
)

func AltStatName Uses

func AltStatName(service *dag.Service) string

AltStatName generates an alternative stat name for the service using format ns_name_port

func AnyPositive Uses

func AnyPositive(first uint32, rest ...uint32) bool

AnyPositive indicates if any of the values provided are greater than zero.

func Clustername Uses

func Clustername(cluster *dag.Cluster) string

Clustername returns the name of the CDS cluster for this service.

func Hashname Uses

func Hashname(l int, s ...string) string

Hashname takes a length l and a varargs of strings s and returns a string whose length which does not exceed l. Internally s is joined with strings.Join(s, "/"). If the combined length exceeds l then hashname truncates each element in s, starting from the end using a hash derived from the contents of s (not the current element). This process continues until the length of s does not exceed l, or all elements have been truncated. In which case, the entire string is replaced with a hash not exceeding the length of l.

func HostReplaceHeader Uses

func HostReplaceHeader(hp *dag.HeadersPolicy) string

func Secretname Uses

func Secretname(s *dag.Secret) string

Secretname returns the name of the SDS secret for this secret.

func SingleSimpleCluster Uses

func SingleSimpleCluster(clusters []*dag.Cluster) bool

SingleSimpleCluster determines whether we can use a RouteAction_Cluster or must use a RouteAction_WeighedCluster to encode additional routing data.

func Timeout Uses

func Timeout(d timeout.Setting) *duration.Duration

Timeout converts a timeout.Setting to a protobuf.Duration that's appropriate for Envoy. In general (though there are exceptions), Envoy uses the following semantics:

- not passing a value means "use Envoy default"
- explicitly passing a 0 means "disable this timeout"
- passing a positive value uses that value

func WriteConfig Uses

func WriteConfig(filename string, config proto.Message) (err error)

type BootstrapConfig Uses

type BootstrapConfig struct {
    // AdminAccessLogPath is the path to write the access log for the administration server.
    // Defaults to /dev/null.
    AdminAccessLogPath string

    // AdminAddress is the TCP address that the administration server will listen on.
    // Defaults to 127.0.0.1.
    AdminAddress string

    // AdminPort is the port that the administration server will listen on.
    // Defaults to 9001.
    AdminPort int

    // XDSAddress is the TCP address of the gRPC XDS management server.
    // Defaults to 127.0.0.1.
    XDSAddress string

    // XDSGRPCPort is the management server port that provides the v3 gRPC API.
    // Defaults to 8001.
    XDSGRPCPort int

    // XDSResourceVersion defines the XDS Server Version to use.
    // Defaults to "v3"
    XDSResourceVersion config.ResourceVersion

    // Namespace is the namespace where Contour is running
    Namespace string

    // GrpcCABundle is the filename that contains a CA certificate chain that can
    // verify the client cert.
    GrpcCABundle string

    // GrpcClientCert is the filename that contains a client certificate. May contain a full bundle if you
    // don't want to pass a CA Bundle.
    GrpcClientCert string

    // GrpcClientKey is the filename that contains a client key for secure gRPC with TLS.
    GrpcClientKey string

    // Path is the filename for the bootstrap configuration file to be created.
    Path string

    // ResourcesDir is the directory where out of line Envoy resources can be placed.
    ResourcesDir string

    // SkipFilePathCheck specifies whether to skip checking whether files
    // referenced in the configuration actually exist. This option is for
    // testing only.
    SkipFilePathCheck bool
}

BootstrapConfig holds configuration values for a Bootstrap configuration.

func (*BootstrapConfig) GetAdminAccessLogPath Uses

func (c *BootstrapConfig) GetAdminAccessLogPath() string

func (*BootstrapConfig) GetAdminAddress Uses

func (c *BootstrapConfig) GetAdminAddress() string

func (*BootstrapConfig) GetAdminPort Uses

func (c *BootstrapConfig) GetAdminPort() int

func (*BootstrapConfig) GetXdsAddress Uses

func (c *BootstrapConfig) GetXdsAddress() string

func (*BootstrapConfig) GetXdsGRPCPort Uses

func (c *BootstrapConfig) GetXdsGRPCPort() int

Directories

PathSynopsis
v2
v3

Package envoy imports 15 packages (graph) and is imported by 11 packages. Updated 2020-11-26. Refresh now. Tools for package owners.