istio: istio.io/istio/pilot/pkg/networking/core/v1alpha3 Index | Files | Directories

package v1alpha3

import "istio.io/istio/pilot/pkg/networking/core/v1alpha3"

Index

Package Files

accesslog.go cluster.go cluster_builder.go configgen.go extension_config_builder.go fake.go gateway.go httproute.go listener.go listener_builder.go name_table.go networkfilter.go thriftroute.go tls.go

Constants

const (
    // EnvoyTextLogFormat format for envoy text based access logs for Istio 1.3 onwards
    EnvoyTextLogFormat = "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% " +
        "%PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% " +
        "\"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% " +
        "%DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" " +
        "\"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" " +
        "%UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% " +
        "%DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n"
    // EnvoyTextLogFormatIstio19 format for envoy text based access logs for Istio 1.9 onwards.
    // This includes the additional new operator RESPONSE_CODE_DETAILS and CONNECTION_TERMINATION_DETAILS that tells
    // the reason why Envoy rejects a request.
    EnvoyTextLogFormatIstio19 = "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% " +
        "%PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% " +
        "%RESPONSE_CODE_DETAILS% %CONNECTION_TERMINATION_DETAILS% " +
        "\"%UPSTREAM_TRANSPORT_FAILURE_REASON%\" %BYTES_RECEIVED% %BYTES_SENT% " +
        "%DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" " +
        "\"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\" " +
        "%UPSTREAM_CLUSTER% %UPSTREAM_LOCAL_ADDRESS% %DOWNSTREAM_LOCAL_ADDRESS% " +
        "%DOWNSTREAM_REMOTE_ADDRESS% %REQUESTED_SERVER_NAME% %ROUTE_NAME%\n"

    // EnvoyServerName for istio's envoy
    EnvoyServerName = "istio-envoy"

    // EnvoyAccessLogCluster is the cluster name that has details for server implementing Envoy ALS.
    // This cluster is created in bootstrap.
    EnvoyAccessLogCluster = "envoy_accesslog_service"
)
const (
    NoConflict = iota
    // Incoming HTTP existing HTTP
    HTTPOverHTTP
    // Incoming HTTP existing TCP
    HTTPOverTCP
    // Incoming HTTP existing AUTO
    HTTPOverAuto
    // Incoming TCP existing HTTP
    TCPOverHTTP
    // Incoming TCP existing TCP
    TCPOverTCP
    // Incoming TCP existing AUTO
    TCPOverAuto
    // Incoming AUTO existing HTTP
    AutoOverHTTP
    // Incoming AUTO existing TCP
    AutoOverTCP
    // Incoming AUTO existing AUTO
    AutoOverAuto
)
const (
    // RDSHttpProxy is the special name for HTTP PROXY route
    RDSHttpProxy = "http_proxy"

    // VirtualOutboundListenerName is the name for traffic capture listener
    VirtualOutboundListenerName = "virtualOutbound"

    // VirtualOutboundCatchAllTCPFilterChainName is the name of the catch all tcp filter chain
    VirtualOutboundCatchAllTCPFilterChainName = "virtualOutbound-catchall-tcp"

    // VirtualOutboundCatchAllTCPFilterChainName is the name of the filter chain to blackhole undesired traffic
    VirtualOutboundBlackholeFilterChainName = "virtualOutbound-blackhole"
    // VirtualInboundCatchAllTCPFilterChainName is the name of the filter chain to blackhole undesired traffic
    VirtualInboundBlackholeFilterChainName = "virtualInbound-blackhole"

    // VirtualInboundListenerName is the name for traffic capture listener
    VirtualInboundListenerName = "virtualInbound"

    // WildcardAddress binds to all IP addresses
    WildcardAddress = "0.0.0.0"

    // WildcardIPv6Address binds to all IPv6 addresses
    WildcardIPv6Address = "::"

    // LocalhostAddress for local binding
    LocalhostAddress = "127.0.0.1"

    // LocalhostIPv6Address for local binding
    LocalhostIPv6Address = "::1"

    // ProxyInboundListenPort is the port on which all inbound traffic to the pod/vm will be captured to
    // TODO: allow configuration through mesh config
    ProxyInboundListenPort = 15006

    ThriftRLSDefaultTimeoutMS = 50
)
const (
    // DefaultLbType set to round robin
    DefaultLbType = networking.LoadBalancerSettings_ROUND_ROBIN
)

Variables

var (

    // EnvoyJSONLogFormat map of values for envoy json based access logs for Istio 1.3 onwards
    EnvoyJSONLogFormat = &structpb.Struct{
        Fields: map[string]*structpb.Value{
            "start_time":                        {Kind: &structpb.Value_StringValue{StringValue: "%START_TIME%"}},
            "route_name":                        {Kind: &structpb.Value_StringValue{StringValue: "%ROUTE_NAME%"}},
            "method":                            {Kind: &structpb.Value_StringValue{StringValue: "%REQ(:METHOD)%"}},
            "path":                              {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%"}},
            "protocol":                          {Kind: &structpb.Value_StringValue{StringValue: "%PROTOCOL%"}},
            "response_code":                     {Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_CODE%"}},
            "response_flags":                    {Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_FLAGS%"}},
            "bytes_received":                    {Kind: &structpb.Value_StringValue{StringValue: "%BYTES_RECEIVED%"}},
            "bytes_sent":                        {Kind: &structpb.Value_StringValue{StringValue: "%BYTES_SENT%"}},
            "duration":                          {Kind: &structpb.Value_StringValue{StringValue: "%DURATION%"}},
            "upstream_service_time":             {Kind: &structpb.Value_StringValue{StringValue: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%"}},
            "x_forwarded_for":                   {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-FORWARDED-FOR)%"}},
            "user_agent":                        {Kind: &structpb.Value_StringValue{StringValue: "%REQ(USER-AGENT)%"}},
            "request_id":                        {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-REQUEST-ID)%"}},
            "authority":                         {Kind: &structpb.Value_StringValue{StringValue: "%REQ(:AUTHORITY)%"}},
            "upstream_host":                     {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_HOST%"}},
            "upstream_cluster":                  {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_CLUSTER%"}},
            "upstream_local_address":            {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_LOCAL_ADDRESS%"}},
            "downstream_local_address":          {Kind: &structpb.Value_StringValue{StringValue: "%DOWNSTREAM_LOCAL_ADDRESS%"}},
            "downstream_remote_address":         {Kind: &structpb.Value_StringValue{StringValue: "%DOWNSTREAM_REMOTE_ADDRESS%"}},
            "requested_server_name":             {Kind: &structpb.Value_StringValue{StringValue: "%REQUESTED_SERVER_NAME%"}},
            "upstream_transport_failure_reason": {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_TRANSPORT_FAILURE_REASON%"}},
        },
    }

    // EnvoyJSONLogFormatIstio19 map of values for envoy json based access logs for Istio 1.9 onwards.
    // This includes the additional log operator RESPONSE_CODE_DETAILS and CONNECTION_TERMINATION_DETAILS that tells
    // the reason why Envoy rejects a request.
    EnvoyJSONLogFormatIstio19 = &structpb.Struct{
        Fields: map[string]*structpb.Value{
            "start_time":                        {Kind: &structpb.Value_StringValue{StringValue: "%START_TIME%"}},
            "route_name":                        {Kind: &structpb.Value_StringValue{StringValue: "%ROUTE_NAME%"}},
            "method":                            {Kind: &structpb.Value_StringValue{StringValue: "%REQ(:METHOD)%"}},
            "path":                              {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%"}},
            "protocol":                          {Kind: &structpb.Value_StringValue{StringValue: "%PROTOCOL%"}},
            "response_code":                     {Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_CODE%"}},
            "response_flags":                    {Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_FLAGS%"}},
            "response_code_details":             {Kind: &structpb.Value_StringValue{StringValue: "%RESPONSE_CODE_DETAILS%"}},
            "connection_termination_details":    {Kind: &structpb.Value_StringValue{StringValue: "%CONNECTION_TERMINATION_DETAILS%"}},
            "bytes_received":                    {Kind: &structpb.Value_StringValue{StringValue: "%BYTES_RECEIVED%"}},
            "bytes_sent":                        {Kind: &structpb.Value_StringValue{StringValue: "%BYTES_SENT%"}},
            "duration":                          {Kind: &structpb.Value_StringValue{StringValue: "%DURATION%"}},
            "upstream_service_time":             {Kind: &structpb.Value_StringValue{StringValue: "%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%"}},
            "x_forwarded_for":                   {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-FORWARDED-FOR)%"}},
            "user_agent":                        {Kind: &structpb.Value_StringValue{StringValue: "%REQ(USER-AGENT)%"}},
            "request_id":                        {Kind: &structpb.Value_StringValue{StringValue: "%REQ(X-REQUEST-ID)%"}},
            "authority":                         {Kind: &structpb.Value_StringValue{StringValue: "%REQ(:AUTHORITY)%"}},
            "upstream_host":                     {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_HOST%"}},
            "upstream_cluster":                  {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_CLUSTER%"}},
            "upstream_local_address":            {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_LOCAL_ADDRESS%"}},
            "downstream_local_address":          {Kind: &structpb.Value_StringValue{StringValue: "%DOWNSTREAM_LOCAL_ADDRESS%"}},
            "downstream_remote_address":         {Kind: &structpb.Value_StringValue{StringValue: "%DOWNSTREAM_REMOTE_ADDRESS%"}},
            "requested_server_name":             {Kind: &structpb.Value_StringValue{StringValue: "%REQUESTED_SERVER_NAME%"}},
            "upstream_transport_failure_reason": {Kind: &structpb.Value_StringValue{StringValue: "%UPSTREAM_TRANSPORT_FAILURE_REASON%"}},
        },
    }
)
var NilClusterPatcher = clusterPatcher{}

func MergeTrafficPolicy Uses

func MergeTrafficPolicy(original, subsetPolicy *networking.TrafficPolicy, port *model.Port) *networking.TrafficPolicy

MergeTrafficPolicy returns the merged TrafficPolicy for a destination-level and subset-level policy on a given port.

type AccessLogBuilder Uses

type AccessLogBuilder struct {
    // contains filtered or unexported fields
}

type ClusterBuilder Uses

type ClusterBuilder struct {
    // contains filtered or unexported fields
}

ClusterBuilder interface provides an abstraction for building Envoy Clusters.

func NewClusterBuilder Uses

func NewClusterBuilder(proxy *model.Proxy, push *model.PushContext) *ClusterBuilder

NewClusterBuilder builds an instance of ClusterBuilder.

type ClusterInstances Uses

type ClusterInstances struct {
    PrimaryInstance *model.ServiceInstance
    AllInstances    []*model.ServiceInstance
}

type ClusterMode Uses

type ClusterMode string

ClusterMode defines whether the cluster is being built for SNI-DNATing (sni passthrough) or not

const (
    // SniDnatClusterMode indicates cluster is being built for SNI dnat mode
    SniDnatClusterMode ClusterMode = "sni-dnat"
    // DefaultClusterMode indicates usual cluster with mTLS et al
    DefaultClusterMode ClusterMode = "outbound"
)

type ConfigGenTest Uses

type ConfigGenTest struct {
    ConfigGen            *ConfigGeneratorImpl
    MemRegistry          *memregistry.ServiceDiscovery
    ServiceEntryRegistry *serviceentry.ServiceEntryStore
    Registry             model.Controller
    // contains filtered or unexported fields
}

func NewConfigGenTest Uses

func NewConfigGenTest(t test.Failer, opts TestOptions) *ConfigGenTest

func (*ConfigGenTest) Clusters Uses

func (f *ConfigGenTest) Clusters(p *model.Proxy) []*cluster.Cluster

func (*ConfigGenTest) Env Uses

func (f *ConfigGenTest) Env() *model.Environment

func (*ConfigGenTest) Listeners Uses

func (f *ConfigGenTest) Listeners(p *model.Proxy) []*listener.Listener

TODO do we need lock around push context?

func (*ConfigGenTest) PushContext Uses

func (f *ConfigGenTest) PushContext() *model.PushContext

func (*ConfigGenTest) Routes Uses

func (f *ConfigGenTest) Routes(p *model.Proxy) []*route.RouteConfiguration

func (*ConfigGenTest) Run Uses

func (f *ConfigGenTest) Run()

func (*ConfigGenTest) SetupProxy Uses

func (f *ConfigGenTest) SetupProxy(p *model.Proxy) *model.Proxy

SetupProxy initializes a proxy for the current environment. This should generally be used when creating any proxy. For example, `p := SetupProxy(&model.Proxy{...})`.

func (*ConfigGenTest) Store Uses

func (f *ConfigGenTest) Store() model.ConfigStoreCache

type ConfigGeneratorImpl Uses

type ConfigGeneratorImpl struct {
    // List of plugins that modify code generated by this config generator
    Plugins []plugin.Plugin
    Cache   model.XdsCache
}

func NewConfigGenerator Uses

func NewConfigGenerator(plugins []plugin.Plugin, cache model.XdsCache) *ConfigGeneratorImpl

func (*ConfigGeneratorImpl) BuildClusters Uses

func (configgen *ConfigGeneratorImpl) BuildClusters(proxy *model.Proxy, push *model.PushContext) []*cluster.Cluster

BuildClusters returns the list of clusters for the given proxy. This is the CDS output For outbound: Cluster for each service/subset hostname or cidr with SNI set to service hostname Cluster type based on resolution For inbound (sidecar only): Cluster for each inbound endpoint port and for each service port

func (*ConfigGeneratorImpl) BuildExtensionConfiguration Uses

func (configgen *ConfigGeneratorImpl) BuildExtensionConfiguration(
    proxy *model.Proxy, push *model.PushContext, extensionConfigNames []string) []*core.TypedExtensionConfig

BuildExtensionConfiguration returns the list of extension configuration for the given proxy and list of names. This is the ECDS output.

func (*ConfigGeneratorImpl) BuildHTTPRoutes Uses

func (configgen *ConfigGeneratorImpl) BuildHTTPRoutes(node *model.Proxy, push *model.PushContext,
    routeNames []string) []*route.RouteConfiguration

BuildHTTPRoutes produces a list of routes for the proxy

func (*ConfigGeneratorImpl) BuildListeners Uses

func (configgen *ConfigGeneratorImpl) BuildListeners(node *model.Proxy,
    push *model.PushContext) []*listener.Listener

BuildListeners produces a list of listeners and referenced clusters for all proxies

func (*ConfigGeneratorImpl) BuildNameTable Uses

func (configgen *ConfigGeneratorImpl) BuildNameTable(node *model.Proxy, push *model.PushContext) *nds.NameTable

BuildNameTable produces a table of hostnames and their associated IPs that can then be used by the agent to resolve DNS. This logic is always active. However, local DNS resolution will only be effective if DNS capture is enabled in the proxy

func (*ConfigGeneratorImpl) MeshConfigChanged Uses

func (configgen *ConfigGeneratorImpl) MeshConfigChanged(_ *meshconfig.MeshConfig)

Called when mesh config is changed.

type FakeXdsUpdater Uses

type FakeXdsUpdater struct{}

func (*FakeXdsUpdater) ConfigUpdate Uses

func (f *FakeXdsUpdater) ConfigUpdate(*model.PushRequest)

func (*FakeXdsUpdater) EDSCacheUpdate Uses

func (f *FakeXdsUpdater) EDSCacheUpdate(_, _, _ string, _ []*model.IstioEndpoint)

func (*FakeXdsUpdater) EDSUpdate Uses

func (f *FakeXdsUpdater) EDSUpdate(_, _, _ string, _ []*model.IstioEndpoint)

func (*FakeXdsUpdater) ProxyUpdate Uses

func (f *FakeXdsUpdater) ProxyUpdate(_, _ string)

func (*FakeXdsUpdater) SvcUpdate Uses

func (f *FakeXdsUpdater) SvcUpdate(_, _, _ string, _ model.Event)

type FilterChainMatchOptions Uses

type FilterChainMatchOptions struct {
    // Application protocols of the filter chain match
    ApplicationProtocols []string
    // Transport protocol of the filter chain match. "tls" or empty
    TransportProtocol string
    // Filter chain protocol. HTTP for HTTP proxy and TCP for TCP proxy
    Protocol istionetworking.ListenerProtocol
}

type ListenerBuilder Uses

type ListenerBuilder struct {
    // contains filtered or unexported fields
}

A stateful listener builder Support the below intentions 1. Use separate inbound capture listener(:15006) and outbound capture listener(:15001) 2. The above listeners use bind_to_port sub listeners or filter chains.

func NewListenerBuilder Uses

func NewListenerBuilder(node *model.Proxy, push *model.PushContext) *ListenerBuilder

type ListenerClass Uses

type ListenerClass int

ListenerClass defines the class of the listener

const (
    ListenerClassUndefined ListenerClass = iota
    ListenerClassSidecarInbound
    ListenerClassSidecarOutbound
    ListenerClassGateway
)

type TestOptions Uses

type TestOptions struct {
    // If provided, these configs will be used directly
    Configs        []config.Config
    ConfigPointers []*config.Config

    // If provided, the yaml string will be parsed and used as configs
    ConfigString string
    // If provided, the ConfigString will be treated as a go template, with this as input params
    ConfigTemplateInput interface{}

    // Services to pre-populate as part of the service discovery
    Services  []*model.Service
    Instances []*model.ServiceInstance

    // If provided, this mesh config will be used
    MeshConfig      *meshconfig.MeshConfig
    NetworksWatcher mesh.NetworksWatcher

    // Additional service registries to use. A ServiceEntry and memory registry will always be created.
    ServiceRegistries []serviceregistry.Instance

    // Additional ConfigStoreCache to use
    ConfigStoreCaches []model.ConfigStoreCache

    // ConfigGen plugins to use. If not set, all default plugins will be used
    Plugins []plugin.Plugin

    // Mutex used for push context access. Should generally only be used by NewFakeDiscoveryServer
    PushContextLock *sync.RWMutex

    // If set, we will not run immediately, allowing adding event handlers, etc prior to start.
    SkipRun bool
}

Directories

PathSynopsis
envoyfilter
loadbalancerpackages used for load balancer setting
route
route/retry

Package v1alpha3 imports 77 packages (graph) and is imported by 8 packages. Updated 2021-01-22. Refresh now. Tools for package owners.