istio: istio.io/istio/pilot/pkg/proxy/envoy/v2 Index | Files

package v2

import "istio.io/istio/pilot/pkg/proxy/envoy/v2"

Copyright 2019 Istio Authors

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Package Files

ads.go cds.go debug.go discovery.go eds.go ep_filters.go lds.go mem.go monitoring.go pushqueue.go rds.go

Constants

const (

    // ClusterType is used for cluster discovery. Typically first request received
    ClusterType = typePrefix + "Cluster"
    // EndpointType is used for EDS and ADS endpoint discovery. Typically second request.
    EndpointType = typePrefix + "ClusterLoadAssignment"
    // ListenerType is sent after clusters and endpoints.
    ListenerType = typePrefix + "Listener"
    // RouteType is sent after listeners.
    RouteType = typePrefix + "RouteConfiguration"
)
const VersionLen = 12

The Config Version is only used as the nonce prefix, but we can reconstruct it because is is a b64 encoding of a 64 bit array, which will always be 12 chars in length. len = ceil(bitlength/(2^6))+1

Variables

var (

    // DebounceAfter is the delay added to events to wait
    // after a registry/config event for debouncing.
    // This will delay the push by at least this interval, plus
    // the time getting subsequent events. If no change is
    // detected the push will happen, otherwise we'll keep
    // delaying until things settle.
    DebounceAfter time.Duration

    // DebounceMax is the maximum time to wait for events
    // while debouncing. Defaults to 10 seconds. If events keep
    // showing up with no break for this time, we'll trigger a push.
    DebounceMax time.Duration
)
var (

    // SendTimeout is the max time to wait for a ADS send to complete. This helps detect
    // clients in a bad state (not reading). In future it may include checking for ACK
    SendTimeout = 5 * time.Second
)

func AdsPushAll Uses

func AdsPushAll(s *DiscoveryServer)

AdsPushAll will send updates to all nodes, for a full config or incremental EDS.

func EndpointsByNetworkFilter Uses

func EndpointsByNetworkFilter(endpoints []*endpoint.LocalityLbEndpoints, conn *XdsConnection, env *model.Environment) []*endpoint.LocalityLbEndpoints

EndpointsByNetworkFilter is a network filter function to support Split Horizon EDS - filter the endpoints based on the network of the connected sidecar. The filter will filter out all endpoints which are not present within the sidecar network and add a gateway endpoint to remote networks that have endpoints (if gateway exists). Information for the mesh networks is provided as a MeshNetwork config map.

func EvaluateTLSState Uses

func EvaluateTLSState(clientMode *networking.TLSSettings, serverMode authn_model.MutualTLSMode) string

EvaluateTLSState returns the conflict state (string) for the input client+server settings. The output string could be: - "OK": both client and server TLS settings are set correctly. - "CONFLICT": both client and server TLS settings are set, but could be incompatible.

func LoadBalancingWeightNormalize Uses

func LoadBalancingWeightNormalize(endpoints []*endpoint.LocalityLbEndpoints) []*endpoint.LocalityLbEndpoints

LoadBalancingWeightNormalize set LoadBalancingWeight with a valid value.

func ProxyNeedsPush Uses

func ProxyNeedsPush(proxy *model.Proxy, pushEv *XdsEvent) bool

func Syncz Uses

func Syncz(w http.ResponseWriter, _ *http.Request)

Syncz dumps the synchronization status of all Envoys connected to this Pilot instance

type AuthenticationDebug Uses

type AuthenticationDebug struct {
    Host                     string `json:"host"`
    Port                     int    `json:"port"`
    AuthenticationPolicyName string `json:"authentication_policy_name"`
    DestinationRuleName      string `json:"destination_rule_name"`
    ServerProtocol           string `json:"server_protocol"`
    ClientProtocol           string `json:"client_protocol"`
    TLSConflictStatus        string `json:"TLS_conflict_status"`
}

AuthenticationDebug holds debug information for service authentication policy.

func AnalyzeMTLSSettings Uses

func AnalyzeMTLSSettings(hostname host.Name, port *model.Port, authnPolicy *authn.Policy, authnMeta *model.ConfigMeta,
    destConfig *model.Config) []*AuthenticationDebug

AnalyzeMTLSSettings returns mTLS compatibility status between client and server policies.

func (*AuthenticationDebug) String Uses

func (p *AuthenticationDebug) String() string

Pretty to-string function for unit test log.

type DiscoveryServer Uses

type DiscoveryServer struct {
    // Env is the model environment.
    Env *model.Environment

    // MemRegistry is used for debug and load testing, allow adding services. Visible for testing.
    MemRegistry *MemServiceDiscovery

    // ConfigGenerator is responsible for generating data plane configuration using Istio networking
    // APIs and service registry info
    ConfigGenerator core.ConfigGenerator

    // ConfigController provides readiness info (if initial sync is complete)
    ConfigController model.ConfigStoreCache

    // KubeController provides readiness info (if initial sync is complete)
    KubeController *controller.Controller

    // DebugConfigs controls saving snapshots of configs for /debug/adsz.
    // Defaults to false, can be enabled with PILOT_DEBUG_ADSZ_CONFIG=1
    DebugConfigs bool

    // EndpointShards for a service. This is a global (per-server) list, built from
    // incremental updates. This is keyed by service and namespace
    EndpointShardsByService map[string]map[string]*EndpointShards
    // contains filtered or unexported fields
}

DiscoveryServer is Pilot's gRPC implementation for Envoy's v2 xds APIs

func NewDiscoveryServer Uses

func NewDiscoveryServer(
    env *model.Environment,
    generator core.ConfigGenerator,
    ctl model.Controller,
    kubeController *controller.Controller,
    configCache model.ConfigStoreCache) *DiscoveryServer

NewDiscoveryServer creates DiscoveryServer that sources data from Pilot's internal mesh data structures

func (*DiscoveryServer) AdsPushAll Uses

func (s *DiscoveryServer) AdsPushAll(version string, req *model.PushRequest)

AdsPushAll implements old style invalidation, generated when any rule or endpoint changes. Primary code path is from v1 discoveryService.clearCache(), which is added as a handler to the model ConfigStorageCache and Controller.

func (*DiscoveryServer) Authenticationz Uses

func (s *DiscoveryServer) Authenticationz(w http.ResponseWriter, req *http.Request)

Authenticationz dumps the authn tls-check info. This handler lists what authentication policy is used for a service and destination rules to that service that a proxy instance received. Proxy ID (<pod>.<namespace> need to be provided to correctly determine which destination rules are visible.

func (*DiscoveryServer) ClearCache Uses

func (s *DiscoveryServer) ClearCache()

ClearCache is wrapper for clearCache method, used when new controller gets instantiated dynamically

func (*DiscoveryServer) ConfigDump Uses

func (s *DiscoveryServer) ConfigDump(w http.ResponseWriter, req *http.Request)

ConfigDump returns information in the form of the Envoy admin API config dump for the specified proxy The dump will only contain dynamic listeners/clusters/routes and can be used to compare what an Envoy instance should look like according to Pilot vs what it currently does look like.

func (*DiscoveryServer) ConfigUpdate Uses

func (s *DiscoveryServer) ConfigUpdate(req *model.PushRequest)

ConfigUpdate implements ConfigUpdater interface, used to request pushes. It replaces the 'clear cache' from v1.

func (*DiscoveryServer) DeltaAggregatedResources Uses

func (s *DiscoveryServer) DeltaAggregatedResources(stream ads.AggregatedDiscoveryService_DeltaAggregatedResourcesServer) error

DeltaAggregatedResources is not implemented.

func (*DiscoveryServer) EDSUpdate Uses

func (s *DiscoveryServer) EDSUpdate(clusterID, serviceName string, namespace string,
    istioEndpoints []*model.IstioEndpoint) error

EDSUpdate computes destination address membership across all clusters and networks. This is the main method implementing EDS. It replaces InstancesByPort in model - instead of iterating over all endpoints it uses the hostname-keyed map. And it avoids the conversion from Endpoint to ServiceEntry to envoy on each step: instead the conversion happens once, when an endpoint is first discovered.

func (*DiscoveryServer) InitDebug Uses

func (s *DiscoveryServer) InitDebug(mux *http.ServeMux, sctl *aggregate.Controller)

InitDebug initializes the debug handlers and adds a debug in-memory registry.

func (*DiscoveryServer) ProxyUpdate Uses

func (s *DiscoveryServer) ProxyUpdate(clusterID, ip string)

func (*DiscoveryServer) Push Uses

func (s *DiscoveryServer) Push(req *model.PushRequest)

Push is called to push changes on config updates using ADS. This is set in DiscoveryService.Push, to avoid direct dependencies.

func (*DiscoveryServer) PushStatusHandler Uses

func (s *DiscoveryServer) PushStatusHandler(w http.ResponseWriter, req *http.Request)

PushStatusHandler dumps the last PushContext

func (*DiscoveryServer) Register Uses

func (s *DiscoveryServer) Register(rpcs *grpc.Server)

Register adds the ADS and EDS handles to the grpc server

func (*DiscoveryServer) Start Uses

func (s *DiscoveryServer) Start(stopCh <-chan struct{})

func (*DiscoveryServer) StreamAggregatedResources Uses

func (s *DiscoveryServer) StreamAggregatedResources(stream ads.AggregatedDiscoveryService_StreamAggregatedResourcesServer) error

StreamAggregatedResources implements the ADS interface.

func (*DiscoveryServer) SvcUpdate Uses

func (s *DiscoveryServer) SvcUpdate(cluster, hostname string, ports map[string]uint32, _ map[uint32]string)

SvcUpdate is a callback from service discovery when service info changes.

type DiscoveryStream Uses

type DiscoveryStream interface {
    Send(*xdsapi.DiscoveryResponse) error
    Recv() (*xdsapi.DiscoveryRequest, error)
    grpc.ServerStream
}

DiscoveryStream is a common interface for EDS and ADS. It also has a shorter name.

type EdsCluster Uses

type EdsCluster struct {

    // LoadAssignment has the pre-computed EDS response for this cluster. Any sidecar asking for the
    // cluster will get this response.
    LoadAssignment *xdsapi.ClusterLoadAssignment

    // EdsClients keeps track of all nodes monitoring the cluster.
    EdsClients map[string]*XdsConnection `json:"-"`
    // contains filtered or unexported fields
}

EdsCluster tracks eds-related info for monitored cluster. Used in 1.0, where cluster info is not source-dependent.

type EndpointShards Uses

type EndpointShards struct {

    // Shards is used to track the shards. EDS updates are grouped by shard.
    // Current implementation uses the registry name as key - in multicluster this is the
    // name of the k8s cluster, derived from the config (secret).
    Shards map[string][]*model.IstioEndpoint

    // ServiceAccounts has the concatenation of all service accounts seen so far in endpoints.
    // This is updated on push, based on shards. If the previous list is different than
    // current list, a full push will be forced, to trigger a secure naming update.
    // Due to the larger time, it is still possible that connection errors will occur while
    // CDS is updated.
    ServiceAccounts map[string]bool
    // contains filtered or unexported fields
}

EndpointShards holds the set of endpoint shards of a service. Registries update individual shards incrementally. The shards are aggregated and split into clusters when a push for the specific cluster is needed.

type EndpointsFilterFunc Uses

type EndpointsFilterFunc func(endpoints []endpoint.LocalityLbEndpoints, conn *XdsConnection, env *model.Environment) []*endpoint.LocalityLbEndpoints

EndpointsFilterFunc is a function that filters data from the ClusterLoadAssignment and returns updated one

type MemServiceController Uses

type MemServiceController struct {
    sync.RWMutex
    // contains filtered or unexported fields
}

MemServiceController is a mock service controller

func (*MemServiceController) AppendInstanceHandler Uses

func (c *MemServiceController) AppendInstanceHandler(f func(*model.ServiceInstance, model.Event)) error

AppendInstanceHandler appends a service instance handler to the controller

func (*MemServiceController) AppendServiceHandler Uses

func (c *MemServiceController) AppendServiceHandler(f func(*model.Service, model.Event)) error

AppendServiceHandler appends a service handler to the controller

func (*MemServiceController) Run Uses

func (c *MemServiceController) Run(<-chan struct{})

Run will run the controller

type MemServiceDiscovery Uses

type MemServiceDiscovery struct {
    WantGetProxyServiceInstances  []*model.ServiceInstance
    ServicesError                 error
    GetServiceError               error
    InstancesError                error
    GetProxyServiceInstancesError error

    ClusterID string

    // XDSUpdater will push EDS changes to the ADS model.
    EDSUpdater model.XDSUpdater
    // contains filtered or unexported fields
}

MemServiceDiscovery is a mock discovery interface

func NewMemServiceDiscovery Uses

func NewMemServiceDiscovery(services map[host.Name]*model.Service, versions int) *MemServiceDiscovery

NewMemServiceDiscovery builds an in-memory MemServiceDiscovery

func (*MemServiceDiscovery) AddEndpoint Uses

func (sd *MemServiceDiscovery) AddEndpoint(service host.Name, servicePortName string, servicePort int, address string, port int) *model.ServiceInstance

AddEndpoint adds an endpoint to a service.

func (*MemServiceDiscovery) AddHTTPService Uses

func (sd *MemServiceDiscovery) AddHTTPService(name, vip string, port int)

AddHTTPService is a helper to add a service of type http, named 'http-main', with the specified vip and port.

func (*MemServiceDiscovery) AddInstance Uses

func (sd *MemServiceDiscovery) AddInstance(service host.Name, instance *model.ServiceInstance)

AddInstance adds an in-memory instance.

func (*MemServiceDiscovery) AddService Uses

func (sd *MemServiceDiscovery) AddService(name host.Name, svc *model.Service)

AddService adds an in-memory service.

func (*MemServiceDiscovery) AddWorkload Uses

func (sd *MemServiceDiscovery) AddWorkload(ip string, labels labels.Instance)

func (*MemServiceDiscovery) ClearErrors Uses

func (sd *MemServiceDiscovery) ClearErrors()

ClearErrors clear errors used for mocking failures during model.MemServiceDiscovery interface methods

func (*MemServiceDiscovery) GetIstioServiceAccounts Uses

func (sd *MemServiceDiscovery) GetIstioServiceAccounts(svc *model.Service, ports []int) []string

GetIstioServiceAccounts gets the Istio service accounts for a service hostname.

func (*MemServiceDiscovery) GetProxyServiceInstances Uses

func (sd *MemServiceDiscovery) GetProxyServiceInstances(node *model.Proxy) ([]*model.ServiceInstance, error)

GetProxyServiceInstances returns service instances associated with a node, resulting in 'in' services.

func (*MemServiceDiscovery) GetProxyWorkloadLabels Uses

func (sd *MemServiceDiscovery) GetProxyWorkloadLabels(proxy *model.Proxy) (labels.Collection, error)

func (*MemServiceDiscovery) GetService Uses

func (sd *MemServiceDiscovery) GetService(hostname host.Name) (*model.Service, error)

GetService implements discovery interface Each call to GetService() should return a new *model.Service

func (*MemServiceDiscovery) Instances Uses

func (sd *MemServiceDiscovery) Instances(hostname host.Name, ports []string,
    labels labels.Collection) ([]*model.ServiceInstance, error)

Instances filters the service instances by labels. This assumes single port, as is used by EDS/ADS.

func (*MemServiceDiscovery) InstancesByPort Uses

func (sd *MemServiceDiscovery) InstancesByPort(svc *model.Service, port int,
    labels labels.Collection) ([]*model.ServiceInstance, error)

InstancesByPort filters the service instances by labels. This assumes single port, as is used by EDS/ADS.

func (*MemServiceDiscovery) ManagementPorts Uses

func (sd *MemServiceDiscovery) ManagementPorts(addr string) model.PortList

ManagementPorts implements discovery interface

func (*MemServiceDiscovery) Services Uses

func (sd *MemServiceDiscovery) Services() ([]*model.Service, error)

Services implements discovery interface Each call to Services() should return a list of new *model.Service

func (*MemServiceDiscovery) SetEndpoints Uses

func (sd *MemServiceDiscovery) SetEndpoints(service string, namespace string, endpoints []*model.IstioEndpoint)

SetEndpoints update the list of endpoints for a service, similar with K8S controller.

func (*MemServiceDiscovery) UpdateWorkloadLabels Uses

func (sd *MemServiceDiscovery) UpdateWorkloadLabels(ip string, labels labels.Instance)

UpdateWorkloadLabels updates the workload labels, similar with K8S controller.

func (*MemServiceDiscovery) WorkloadHealthCheckInfo Uses

func (sd *MemServiceDiscovery) WorkloadHealthCheckInfo(addr string) model.ProbeList

WorkloadHealthCheckInfo implements discovery interface

type PushQueue Uses

type PushQueue struct {
    // contains filtered or unexported fields
}

func NewPushQueue Uses

func NewPushQueue() *PushQueue

func (*PushQueue) Dequeue Uses

func (p *PushQueue) Dequeue() (*XdsConnection, *model.PushRequest)

Remove a proxy from the queue. If there are no proxies ready to be removed, this will block

func (*PushQueue) Enqueue Uses

func (p *PushQueue) Enqueue(proxy *XdsConnection, pushInfo *model.PushRequest)

Add will mark a proxy as pending a push. If it is already pending, pushInfo will be merged. edsUpdatedServices will be added together, and full will be set if either were full

func (*PushQueue) MarkDone Uses

func (p *PushQueue) MarkDone(con *XdsConnection)

func (*PushQueue) Pending Uses

func (p *PushQueue) Pending() int

Get number of pending proxies

type SyncStatus Uses

type SyncStatus struct {
    ProxyID         string `json:"proxy,omitempty"`
    ProxyVersion    string `json:"proxy_version,omitempty"`
    IstioVersion    string `json:"istio_version,omitempty"`
    ClusterSent     string `json:"cluster_sent,omitempty"`
    ClusterAcked    string `json:"cluster_acked,omitempty"`
    ListenerSent    string `json:"listener_sent,omitempty"`
    ListenerAcked   string `json:"listener_acked,omitempty"`
    RouteSent       string `json:"route_sent,omitempty"`
    RouteAcked      string `json:"route_acked,omitempty"`
    EndpointSent    string `json:"endpoint_sent,omitempty"`
    EndpointAcked   string `json:"endpoint_acked,omitempty"`
    EndpointPercent int    `json:"endpoint_percent,omitempty"`
}

SyncStatus is the synchronization status between Pilot and a given Envoy

type SyncedVersions Uses

type SyncedVersions struct {
    ProxyID         string `json:"proxy,omitempty"`
    ClusterVersion  string `json:"cluster_acked,omitempty"`
    ListenerVersion string `json:"listener_acked,omitempty"`
    RouteVersion    string `json:"route_acked,omitempty"`
}

SyncedVersions shows what resourceVersion of a given resource has been acked by Envoy.

type XdsConnection Uses

type XdsConnection struct {

    // PeerAddr is the address of the client envoy, from network layer
    PeerAddr string

    // Time of connection, for debugging
    Connect time.Time

    // ConID is the connection identifier, used as a key in the connection table.
    // Currently based on the node name and a counter.
    ConID string

    LDSListeners []*xdsapi.Listener                    `json:"-"`
    RouteConfigs map[string]*xdsapi.RouteConfiguration `json:"-"`
    CDSClusters  []*xdsapi.Cluster

    // Last nonce sent and ack'd (timestamps) used for debugging
    ClusterNonceSent, ClusterNonceAcked   string
    ListenerNonceSent, ListenerNonceAcked string
    RouteNonceSent, RouteNonceAcked       string
    RouteVersionInfoSent                  string
    EndpointNonceSent, EndpointNonceAcked string
    EndpointPercent                       int

    // current list of clusters monitored by the client
    Clusters []string

    // Routes is the list of watched Routes.
    Routes []string

    // LDSWatch is set if the remote server is watching Listeners
    LDSWatch bool
    // CDSWatch is set if the remote server is watching Clusters
    CDSWatch bool
    // contains filtered or unexported fields
}

XdsConnection is a listener connection type.

type XdsEvent Uses

type XdsEvent struct {
    // contains filtered or unexported fields
}

XdsEvent represents a config or registry event that results in a push.

Package v2 imports 50 packages (graph) and is imported by 7 packages. Updated 2019-10-16. Refresh now. Tools for package owners.