xds

package
v0.0.0-...-3112392 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 19, 2024 License: Apache-2.0 Imports: 80 Imported by: 3

Documentation

Overview

Copyright Istio Authors

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at 

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Index

Constants

View Source 
const (
	TypeDebugPrefix = v3.DebugType + "/"

	// TypeDebugSyncronization requests Envoy CSDS for proxy sync status
	TypeDebugSyncronization = v3.DebugType + "/syncz"

	// TypeDebugConfigDump requests Envoy configuration for a proxy without creating one
	TypeDebugConfigDump = v3.DebugType + "/config_dump"
)
View Source 
const DistributionTrackingDisabledMessage = "Pilot Version tracking is disabled. It may be enabled by setting the " +
	"PILOT_ENABLE_CONFIG_DISTRIBUTION_TRACKING environment variable to true."
View Source 
const VersionLen = 12

VersionLen is the Config Version and is only used as the nonce prefix, but we can reconstruct it because is is a b64 encoding of a 64 bit array, which will always be 12 chars in length. len = ceil(bitlength/(2^6))+1

Variables

View Source 
var AllTrackingEventTypes = sets.New[EventType](
	v3.ClusterType,
	v3.ListenerType,
	v3.RouteType,
	v3.EndpointType,
)
View Source 
var KnownOrderedTypeUrls = sets.New(PushOrder...)

KnownOrderedTypeUrls has typeUrls for which we know the order of push.

View Source 
var PushOrder = []string{v3.ClusterType, v3.EndpointType, v3.ListenerType, v3.RouteType, v3.SecretType}

PushOrder defines the order that updates will be pushed in. Any types not listed here will be pushed in random order after the types listed here

View Source 
var UnAffectedConfigKinds = map[model.NodeType]sets.Set[kind.Kind]{

	model.Router: sets.New(kind.Sidecar),

	model.SidecarProxy: sets.New(kind.Gateway, kind.KubernetesGateway),
}

UnAffectedConfigKinds contains config types which does not affect certain proxy types.

Functions

func AdsPushAll 

func AdsPushAll(s *DiscoveryServer)

AdsPushAll will send updates to all nodes, with a full push. Mainly used in Debug interface.

func ConfigAffectsProxy 

func ConfigAffectsProxy(req *model.PushRequest, proxy *model.Proxy) bool

ConfigAffectsProxy checks if a pushEv will affect a specified proxy. That means whether the push will be performed towards the proxy.

func ControlPlane 

func ControlPlane() *core.ControlPlane

ControlPlane identifies the instance and Istio version.

func DefaultProxyNeedsPush 

func DefaultProxyNeedsPush(proxy *model.Proxy, req *model.PushRequest) bool

DefaultProxyNeedsPush check if a proxy needs push for this push event.

func ResetConnectionNumberForTest 

func ResetConnectionNumberForTest()

Only used for test

func ResourceSize 

func ResourceSize(r model.Resources) int

func ValidateCertificate 

func ValidateCertificate(data []byte) error

Types

type AdsClient 

type AdsClient struct {
	ConnectionID string              `json:"connectionId"`
	ConnectedAt  time.Time           `json:"connectedAt"`
	PeerAddress  string              `json:"address"`
	Labels       map[string]string   `json:"labels"`
	Metadata     *model.NodeMetadata `json:"metadata,omitempty"`
	Locality     *core.Locality      `json:"locality,omitempty"`
	Watches      map[string][]string `json:"watches,omitempty"`
}

AdsClient defines the data that is displayed on "/adsz" endpoint.

type AdsClients 

type AdsClients struct {
	Total     int         `json:"totalClients"`
	Connected []AdsClient `json:"clients,omitempty"`
}

AdsClients is collection of AdsClient connected to this Istiod.

type AdsTest 

type AdsTest struct {
	ID   string
	Type string
	// contains filtered or unexported fields
}

func NewAdsTest 

func NewAdsTest(t test.Failer, conn *grpc.ClientConn) *AdsTest

func NewSdsTest 

func NewSdsTest(t test.Failer, conn *grpc.ClientConn) *AdsTest

func NewXdsTest 

func NewXdsTest(t test.Failer, conn *grpc.ClientConn, getClient func(conn *grpc.ClientConn) (DiscoveryClient, error)) *AdsTest

func (*AdsTest) Cleanup 

func (a *AdsTest) Cleanup()

func (*AdsTest) DrainResponses 

func (a *AdsTest) DrainResponses()

DrainResponses reads all responses, but does nothing to them

func (*AdsTest) ExpectError 

func (a *AdsTest) ExpectError(t test.Failer) error

ExpectError waits until an error is received and returns it

func (*AdsTest) ExpectNoResponse 

func (a *AdsTest) ExpectNoResponse(t test.Failer)

ExpectNoResponse waits a short period of time and ensures no response is received

func (*AdsTest) ExpectResponse 

func (a *AdsTest) ExpectResponse(t test.Failer) *discovery.DiscoveryResponse

ExpectResponse waits until a response is received and returns it

func (*AdsTest) Request 

func (a *AdsTest) Request(t test.Failer, req *discovery.DiscoveryRequest)

func (*AdsTest) RequestResponseAck 

func (a *AdsTest) RequestResponseAck(t test.Failer, req *discovery.DiscoveryRequest) *discovery.DiscoveryResponse

RequestResponseAck does a full XDS exchange: Send a request, get a response, and ACK the response

func (*AdsTest) RequestResponseNack 

func (a *AdsTest) RequestResponseNack(t test.Failer, req *discovery.DiscoveryRequest) *discovery.DiscoveryResponse

RequestResponseAck does a full XDS exchange with an error: Send a request, get a response, and NACK the response

func (*AdsTest) WithID 

func (a *AdsTest) WithID(id string) *AdsTest

func (*AdsTest) WithMetadata 

func (a *AdsTest) WithMetadata(m model.NodeMetadata) *AdsTest

func (*AdsTest) WithTimeout 

func (a *AdsTest) WithTimeout(t time.Duration) *AdsTest

func (*AdsTest) WithType 

func (a *AdsTest) WithType(typeURL string) *AdsTest

type AuthorizationDebug 

type AuthorizationDebug struct {
	AuthorizationPolicies *model.AuthorizationPolicies `json:"authorization_policies"`
}

AuthorizationDebug holds debug information for authorization policy.

type CdsGenerator 

type CdsGenerator struct {
	ConfigGenerator core.ConfigGenerator
}

func (CdsGenerator) Generate 

func (c CdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

func (CdsGenerator) GenerateDeltas 

func (c CdsGenerator) GenerateDeltas(proxy *model.Proxy, req *model.PushRequest,
	w *model.WatchedResource,
) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)

GenerateDeltas for CDS currently only builds deltas when services change. todo implement changes for DestinationRule, etc

type Connection 

type Connection struct {
	// contains filtered or unexported fields
}

Connection holds information about connected client.

func (*Connection) Clusters 

func (conn *Connection) Clusters() []string

func (*Connection) ConnectedAt 

func (conn *Connection) ConnectedAt() time.Time

func (*Connection) ID 

func (conn *Connection) ID() string

func (*Connection) NonceAcked 

func (conn *Connection) NonceAcked(typeUrl string) string

nolint

func (*Connection) NonceSent 

func (conn *Connection) NonceSent(typeUrl string) string

nolint

func (*Connection) Proxy 

func (conn *Connection) Proxy() *model.Proxy

func (*Connection) Stop 

func (conn *Connection) Stop()

type DebounceOptions 

type DebounceOptions struct {
	// DebounceAfter is the delay added to events to wait
	// after a registry/config event for debouncing.
	// This will delay the push by at least this interval, plus
	// the time getting subsequent events. If no change is
	// detected the push will happen, otherwise we'll keep
	// delaying until things settle.
	DebounceAfter time.Duration
	// contains filtered or unexported fields
}

type DebugGen 

type DebugGen struct {
	Server          *DiscoveryServer
	SystemNamespace string
	DebugMux        *http.ServeMux
}

DebugGen is a Generator for istio debug info

func NewDebugGen 

func NewDebugGen(s *DiscoveryServer, systemNamespace string, debugMux *http.ServeMux) *DebugGen

func (*DebugGen) Generate 

func (dg *DebugGen) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

Generate XDS debug responses according to the incoming debug request

func (*DebugGen) GenerateDeltas 

func (dg *DebugGen) GenerateDeltas(
	proxy *model.Proxy,
	req *model.PushRequest,
	w *model.WatchedResource,
) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)

GenerateDeltas XDS debug responses according to the incoming debug request

type DeltaAdsTest 

type DeltaAdsTest struct {
	ID   string
	Type string
	// contains filtered or unexported fields
}

func NewDeltaAdsTest 

func NewDeltaAdsTest(t test.Failer, conn *grpc.ClientConn) *DeltaAdsTest

func NewDeltaXdsTest 

func NewDeltaXdsTest(t test.Failer, conn *grpc.ClientConn,
	getClient func(conn *grpc.ClientConn) (DeltaDiscoveryClient, error),
) *DeltaAdsTest

func (*DeltaAdsTest) Cleanup 

func (a *DeltaAdsTest) Cleanup()

func (*DeltaAdsTest) DrainResponses 

func (a *DeltaAdsTest) DrainResponses()

DrainResponses reads all responses, but does nothing to them

func (*DeltaAdsTest) ExpectEmptyResponse 

func (a *DeltaAdsTest) ExpectEmptyResponse() *discovery.DeltaDiscoveryResponse

ExpectResponse waits until a response is received and returns it

func (*DeltaAdsTest) ExpectError 

func (a *DeltaAdsTest) ExpectError() error

ExpectError waits until an error is received and returns it

func (*DeltaAdsTest) ExpectNoResponse 

func (a *DeltaAdsTest) ExpectNoResponse()

ExpectNoResponse waits a short period of time and ensures no response is received

func (*DeltaAdsTest) ExpectResponse 

func (a *DeltaAdsTest) ExpectResponse() *discovery.DeltaDiscoveryResponse

ExpectResponse waits until a response is received and returns it

func (*DeltaAdsTest) Request 

func (a *DeltaAdsTest) Request(req *discovery.DeltaDiscoveryRequest)

func (*DeltaAdsTest) RequestResponseAck 

func (a *DeltaAdsTest) RequestResponseAck(req *discovery.DeltaDiscoveryRequest) *discovery.DeltaDiscoveryResponse

RequestResponseAck does a full XDS exchange: Send a request, get a response, and ACK the response

func (*DeltaAdsTest) RequestResponseNack 

func (a *DeltaAdsTest) RequestResponseNack(req *discovery.DeltaDiscoveryRequest) *discovery.DeltaDiscoveryResponse

RequestResponseNack does a full XDS exchange with an error: Send a request, get a response, and NACK the response

func (*DeltaAdsTest) WithID 

func (a *DeltaAdsTest) WithID(id string) *DeltaAdsTest

func (*DeltaAdsTest) WithMetadata 

func (a *DeltaAdsTest) WithMetadata(m model.NodeMetadata) *DeltaAdsTest

func (*DeltaAdsTest) WithNodeType 

func (a *DeltaAdsTest) WithNodeType(t model.NodeType) *DeltaAdsTest

func (*DeltaAdsTest) WithTimeout 

func (a *DeltaAdsTest) WithTimeout(t time.Duration) *DeltaAdsTest

func (*DeltaAdsTest) WithType 

func (a *DeltaAdsTest) WithType(typeURL string) *DeltaAdsTest

type DeltaDiscoveryClient 

type DeltaDiscoveryClient = discovery.AggregatedDiscoveryService_DeltaAggregatedResourcesClient

DeltaDiscoveryClient is a client interface for Delta XDS.

type DeltaDiscoveryStream 

type DeltaDiscoveryStream = discovery.AggregatedDiscoveryService_DeltaAggregatedResourcesServer

DeltaDiscoveryStream is a server interface for Delta XDS.

type DiscoveryClient 

type DiscoveryClient = discovery.AggregatedDiscoveryService_StreamAggregatedResourcesClient

DiscoveryClient is a client interface for XDS.

type DiscoveryServer 

type DiscoveryServer struct {
	// Env is the model environment.
	Env *model.Environment

	// Generators allow customizing the generated config, based on the client metadata.
	// Key is the generator type - will match the Generator metadata to set the per-connection
	// default generator, or the combination of Generator metadata and TypeUrl to select a
	// different generator for a type.
	// Normal istio clients use the default generator - will not be impacted by this.
	Generators map[string]model.XdsResourceGenerator

	// ProxyNeedsPush is a function that determines whether a push can be completely skipped. Individual generators
	// may also choose to not send any updates.
	ProxyNeedsPush func(proxy *model.Proxy, req *model.PushRequest) bool

	// RequestRateLimit limits the number of new XDS requests allowed. This helps prevent thundering hurd of incoming requests.
	RequestRateLimit *rate.Limiter

	// InboundUpdates describes the number of configuration updates the discovery server has received
	InboundUpdates *atomic.Int64
	// CommittedUpdates describes the number of configuration updates the discovery server has
	// received, process, and stored in the push context. If this number is less than InboundUpdates,
	// there are updates we have not yet processed.
	// Note: This does not mean that all proxies have received these configurations; it is strictly
	// the push context, which means that the next push to a proxy will receive this configuration.
	CommittedUpdates *atomic.Int64

	StatusReporter DistributionStatusCache

	// Authenticators for XDS requests. Should be same/subset of the CA authenticators.
	Authenticators []security.Authenticator

	WorkloadEntryController *autoregistration.Controller

	DebounceOptions DebounceOptions

	// Cache for XDS resources
	Cache model.XdsCache

	// JwtKeyResolver holds a reference to the JWT key resolver instance.
	JwtKeyResolver *model.JwksResolver

	// ListRemoteClusters collects debug information about other clusters this istiod reads from.
	ListRemoteClusters func() []cluster.DebugInfo

	// ClusterAliases are alias names for cluster. When a proxy connects with a cluster ID
	// and if it has a different alias we should use that a cluster ID for proxy.
	ClusterAliases map[cluster.ID]cluster.ID

	// DiscoveryStartTime is the time since the binary started
	DiscoveryStartTime time.Time
	// contains filtered or unexported fields
}

DiscoveryServer is Pilot's gRPC implementation for Envoy's xds APIs

func NewDiscoveryServer 

func NewDiscoveryServer(env *model.Environment, clusterAliases map[string]string) *DiscoveryServer

NewDiscoveryServer creates DiscoveryServer that sources data from Pilot's internal mesh data structures

func (*DiscoveryServer) AddDebugHandlers 

func (s *DiscoveryServer) AddDebugHandlers(mux, internalMux *http.ServeMux, enableProfiling bool, webhook func() map[string]string)

func (*DiscoveryServer) AdsPushAll 

func (s *DiscoveryServer) AdsPushAll(req *model.PushRequest)

AdsPushAll will send updates to all nodes, for a full config or incremental EDS.

func (*DiscoveryServer) AllClients 

func (s *DiscoveryServer) AllClients() []*Connection

AllClients returns all connected clients, per Clients, but additionally includes uninitialized connections Warning: callers must take care not to rely on the con.proxy field being set

func (*DiscoveryServer) CachesSynced 

func (s *DiscoveryServer) CachesSynced()

CachesSynced is called when caches have been synced so that server can accept connections.

func (*DiscoveryServer) Clients 

func (s *DiscoveryServer) Clients() []*Connection

Clients returns all currently connected clients. This method can be safely called concurrently, but care should be taken with the underlying objects (ie model.Proxy) to ensure proper locking. This method returns only fully initialized connections; for all connections, use AllClients

func (*DiscoveryServer) ConfigDump 

func (s *DiscoveryServer) ConfigDump(w http.ResponseWriter, req *http.Request)

ConfigDump returns information in the form of the Envoy admin API config dump for the specified proxy The dump will only contain dynamic listeners/clusters/routes and can be used to compare what an Envoy instance should look like according to Pilot vs what it currently does look like.

func (*DiscoveryServer) ConfigUpdate 

func (s *DiscoveryServer) ConfigUpdate(req *model.PushRequest)

ConfigUpdate implements ConfigUpdater interface, used to request pushes.

func (*DiscoveryServer) Debug 

func (s *DiscoveryServer) Debug(w http.ResponseWriter, req *http.Request)

Debug lists all the supported debug endpoints.

func (*DiscoveryServer) DeltaAggregatedResources 

func (s *DiscoveryServer) DeltaAggregatedResources(stream discovery.AggregatedDiscoveryService_DeltaAggregatedResourcesServer) error

DeltaAggregatedResources is not implemented. Instead, Generators may send only updates/add, with Delete indicated by an empty spec. This works if both ends follow this model. For example EDS and the API generator follow this pattern.

The delta protocol changes the request, adding unsubscribe/subscribe instead of sending full list of resources. On the response it adds 'removed resources' and sends changes for everything.

func (*DiscoveryServer) EDSCacheUpdate 

func (s *DiscoveryServer) EDSCacheUpdate(shard model.ShardKey, serviceName string, namespace string,
	istioEndpoints []*model.IstioEndpoint,
)

EDSCacheUpdate computes destination address membership across all clusters and networks. This is the main method implementing EDS. It replaces InstancesByPort in model - instead of iterating over all endpoints it uses the hostname-keyed map. And it avoids the conversion from Endpoint to ServiceEntry to envoy on each step: instead the conversion happens once, when an endpoint is first discovered.

Note: the difference with `EDSUpdate` is that it only update the cache rather than requesting a push

func (*DiscoveryServer) EDSUpdate 

func (s *DiscoveryServer) EDSUpdate(shard model.ShardKey, serviceName string, namespace string,
	istioEndpoints []*model.IstioEndpoint,
)

EDSUpdate computes destination address membership across all clusters and networks. This is the main method implementing EDS. It replaces InstancesByPort in model - instead of iterating over all endpoints it uses the hostname-keyed map. And it avoids the conversion from Endpoint to ServiceEntry to envoy on each step: instead the conversion happens once, when an endpoint is first discovered.

func (*DiscoveryServer) Edsz 

func (s *DiscoveryServer) Edsz(w http.ResponseWriter, req *http.Request)

Edsz implements a status and debug interface for EDS. It is mapped to /debug/edsz on the monitor port (15014).

func (*DiscoveryServer) InitDebug 

func (s *DiscoveryServer) InitDebug(
	mux *http.ServeMux,
	enableProfiling bool,
	fetchWebhook func() map[string]string,
) *http.ServeMux

InitDebug initializes the debug handlers and adds a debug in-memory registry.

func (*DiscoveryServer) IsServerReady 

func (s *DiscoveryServer) IsServerReady() bool

func (*DiscoveryServer) NextVersion 

func (s *DiscoveryServer) NextVersion() string

func (*DiscoveryServer) ProxyUpdate 

func (s *DiscoveryServer) ProxyUpdate(clusterID cluster.ID, ip string)

func (*DiscoveryServer) Push 

func (s *DiscoveryServer) Push(req *model.PushRequest)

Push is called to push changes on config updates using ADS.

func (*DiscoveryServer) Register 

func (s *DiscoveryServer) Register(rpcs *grpc.Server)

Register adds the ADS handler to the grpc server

func (*DiscoveryServer) RemoveShard 

func (s *DiscoveryServer) RemoveShard(shardKey model.ShardKey)

func (*DiscoveryServer) Shutdown 

func (s *DiscoveryServer) Shutdown()

Shutdown shuts down DiscoveryServer components.

func (*DiscoveryServer) SortedClients 

func (s *DiscoveryServer) SortedClients() []*Connection

SortedClients returns all currently connected clients in an ordered manner. Sorting order priority is as follows: ClusterID, Namespace, ID.

func (*DiscoveryServer) Start 

func (s *DiscoveryServer) Start(stopCh <-chan struct{})

func (*DiscoveryServer) StartPush 

func (s *DiscoveryServer) StartPush(req *model.PushRequest)

Send a signal to all connections, with a push event.

func (*DiscoveryServer) Stream 

func (s *DiscoveryServer) Stream(stream DiscoveryStream) error

func (*DiscoveryServer) StreamAggregatedResources 

func (s *DiscoveryServer) StreamAggregatedResources(stream DiscoveryStream) error

StreamAggregatedResources implements the ADS interface.

func (*DiscoveryServer) StreamDeltas 

func (s *DiscoveryServer) StreamDeltas(stream DeltaDiscoveryStream) error

func (*DiscoveryServer) SvcUpdate 

func (s *DiscoveryServer) SvcUpdate(shard model.ShardKey, hostname string, namespace string, event model.Event)

SvcUpdate is a callback from service discovery when service info changes.

func (*DiscoveryServer) Syncz 

func (s *DiscoveryServer) Syncz(w http.ResponseWriter, req *http.Request)

Syncz dumps the synchronization status of all Envoys connected to this Pilot instance

func (*DiscoveryServer) WaitForRequestLimit 

func (s *DiscoveryServer) WaitForRequestLimit(ctx context.Context) error

type DiscoveryStream 

type DiscoveryStream = discovery.AggregatedDiscoveryService_StreamAggregatedResourcesServer

DiscoveryStream is a server interface for XDS.

type DistributionStatusCache 

type DistributionStatusCache interface {
	// RegisterEvent notifies the implementer of an xDS ACK, and must be non-blocking
	RegisterEvent(conID string, eventType EventType, nonce string)
	RegisterDisconnect(s string, types sets.Set[EventType])
	QueryLastNonce(conID string, eventType EventType) (noncePrefix string)
}

EventHandler allows for generic monitoring of xDS ACKS and disconnects, for the purpose of tracking Config distribution through the mesh.

type EcdsGenerator 

type EcdsGenerator struct {
	ConfigGenerator core.ConfigGenerator
	// contains filtered or unexported fields
}

EcdsGenerator generates ECDS configuration.

func (*EcdsGenerator) Generate 

func (e *EcdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

Generate returns ECDS resources for a given proxy.

func (*EcdsGenerator) GeneratePullSecrets 

func (e *EcdsGenerator) GeneratePullSecrets(proxy *model.Proxy, secretResources []SecretResource,
	secretController credscontroller.Controller,
) map[string][]byte

func (*EcdsGenerator) SetCredController 

func (e *EcdsGenerator) SetCredController(creds credscontroller.MulticlusterController)

type EdsGenerator 

type EdsGenerator struct {
	Cache         model.XdsCache
	EndpointIndex *model.EndpointIndex
}

EdsGenerator implements the new Generate method for EDS, using the in-memory, optimized endpoint storage in DiscoveryServer.

func (*EdsGenerator) Generate 

func (eds *EdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

func (*EdsGenerator) GenerateDeltas 

func (eds *EdsGenerator) GenerateDeltas(proxy *model.Proxy, req *model.PushRequest,
	w *model.WatchedResource,
) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)

type Event 

type Event struct {
	// contains filtered or unexported fields
}

Event represents a config or registry event that results in a push.

type EventType 

type EventType = string

EventType represents the type of object we are tracking, mapping to envoy TypeUrl.

type IstioControlPlaneInstance 

type IstioControlPlaneInstance struct {
	// The Istio component type (e.g. "istiod")
	Component string
	// The ID of the component instance
	ID string
	// The Istio version
	Info istioversion.BuildInfo
}

IstioControlPlaneInstance defines the format Istio uses for when creating Envoy config.core.v3.ControlPlane.identifier

type LdsGenerator 

type LdsGenerator struct {
	ConfigGenerator core.ConfigGenerator
}

func (LdsGenerator) Generate 

func (l LdsGenerator) Generate(proxy *model.Proxy, _ *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

type NdsGenerator 

type NdsGenerator struct {
	ConfigGenerator core.ConfigGenerator
}

NdsGenerator generates config for Nds i.e. Name Discovery Service. Istio agents send NDS requests to istiod and istiod responds with a list of services and their associated IPs (including service entries). The agent then updates its internal DNS based on this data. If DNS capture is enabled in the pod the agent will capture all DNS requests and attempt to resolve locally before forwarding to upstream dns servers.

func (NdsGenerator) Generate 

func (n NdsGenerator) Generate(proxy *model.Proxy, _ *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

type PcdsGenerator 

type PcdsGenerator struct {
	TrustBundle *tb.TrustBundle
}

PcdsGenerator generates proxy configuration for proxies to consume

func (*PcdsGenerator) Generate 

func (e *PcdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

Generate returns ProxyConfig protobuf containing TrustBundle for given proxy

type PushContextDebug 

type PushContextDebug struct {
	AuthorizationPolicies *model.AuthorizationPolicies
	NetworkGateways       []model.NetworkGateway
	UnresolvedGateways    []model.NetworkGateway
}

PushContextDebug holds debug information for push context.

type PushQueue 

type PushQueue struct {
	// contains filtered or unexported fields
}

func NewPushQueue 

func NewPushQueue() *PushQueue

func (*PushQueue) Dequeue 

func (p *PushQueue) Dequeue() (con *Connection, request *model.PushRequest, shutdown bool)

Remove a proxy from the queue. If there are no proxies ready to be removed, this will block

func (*PushQueue) Enqueue 

func (p *PushQueue) Enqueue(con *Connection, pushRequest *model.PushRequest)

Enqueue will mark a proxy as pending a push. If it is already pending, pushInfo will be merged. ServiceEntry updates will be added together, and full will be set if either were full

func (*PushQueue) MarkDone 

func (p *PushQueue) MarkDone(con *Connection)

func (*PushQueue) Pending 

func (p *PushQueue) Pending() int

Get number of pending proxies

func (*PushQueue) ShutDown 

func (p *PushQueue) ShutDown()

ShutDown will cause queue to ignore all new items added to it. As soon as the worker goroutines have drained the existing items in the queue, they will be instructed to exit.

type RdsGenerator 

type RdsGenerator struct {
	ConfigGenerator core.ConfigGenerator
}

func (RdsGenerator) Generate 

func (c RdsGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

type ResponseCapture 

type ResponseCapture struct {
	// contains filtered or unexported fields
}

func NewResponseCapture 

func NewResponseCapture() *ResponseCapture

func (ResponseCapture) Header 

func (r ResponseCapture) Header() http.Header

func (ResponseCapture) Write 

func (r ResponseCapture) Write(i []byte) (int, error)

func (ResponseCapture) WriteHeader 

func (r ResponseCapture) WriteHeader(statusCode int)

type SecretGen 

type SecretGen struct {
	// contains filtered or unexported fields
}

func NewSecretGen 

func NewSecretGen(sc credscontroller.MulticlusterController, cache model.XdsCache, configCluster cluster.ID,
	meshConfig *mesh.MeshConfig,
) *SecretGen

func (*SecretGen) Generate 

func (s *SecretGen) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

type SecretResource 

type SecretResource struct {
	credentials.SecretResource
	// contains filtered or unexported fields
}

SecretResource wraps the authnmodel type with cache functions implemented

func (SecretResource) Cacheable 

func (sr SecretResource) Cacheable() bool

func (SecretResource) DependentConfigs 

func (sr SecretResource) DependentConfigs() []model.ConfigHash

func (SecretResource) Key 

func (sr SecretResource) Key() any

func (SecretResource) Type 

func (sr SecretResource) Type() string

type StatusGen 

type StatusGen struct {
	Server *DiscoveryServer
}

StatusGen is a Generator for XDS status: connections, syncz, configdump

func NewStatusGen 

func NewStatusGen(s *DiscoveryServer) *StatusGen

func (*StatusGen) Generate 

func (sg *StatusGen) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

Generate XDS responses about internal events: - connection status - NACKs We can also expose ACKS.

func (*StatusGen) GenerateDeltas 

func (sg *StatusGen) GenerateDeltas(
	proxy *model.Proxy,
	req *model.PushRequest,
	w *model.WatchedResource,
) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)

Generate delta XDS responses about internal events: - connection status - NACKs We can also expose ACKS.

type SyncStatus 

type SyncStatus struct {
	ClusterID            string         `json:"cluster_id,omitempty"`
	ProxyID              string         `json:"proxy,omitempty"`
	ProxyType            model.NodeType `json:"proxy_type,omitempty"`
	ProxyVersion         string         `json:"proxy_version,omitempty"`
	IstioVersion         string         `json:"istio_version,omitempty"`
	ClusterSent          string         `json:"cluster_sent,omitempty"`
	ClusterAcked         string         `json:"cluster_acked,omitempty"`
	ListenerSent         string         `json:"listener_sent,omitempty"`
	ListenerAcked        string         `json:"listener_acked,omitempty"`
	RouteSent            string         `json:"route_sent,omitempty"`
	RouteAcked           string         `json:"route_acked,omitempty"`
	EndpointSent         string         `json:"endpoint_sent,omitempty"`
	EndpointAcked        string         `json:"endpoint_acked,omitempty"`
	ExtensionConfigSent  string         `json:"extensionconfig_sent,omitempty"`
	ExtensionConfigAcked string         `json:"extensionconfig_acked,omitempty"`
}

SyncStatus is the synchronization status between Pilot and a given Envoy

type SyncedVersions 

type SyncedVersions struct {
	ProxyID         string `json:"proxy,omitempty"`
	ClusterVersion  string `json:"cluster_acked,omitempty"`
	ListenerVersion string `json:"listener_acked,omitempty"`
	RouteVersion    string `json:"route_acked,omitempty"`
	EndpointVersion string `json:"endpoint_acked,omitempty"`
}

SyncedVersions shows what resourceVersion of a given resource has been acked by Envoy.

type TelemetryDebug 

type TelemetryDebug struct {
	Telemetries *model.Telemetries `json:"telemetries"`
}

AuthorizationDebug holds debug information for authorization policy.

type WorkloadGenerator 

type WorkloadGenerator struct {
	Server *DiscoveryServer
}

func (WorkloadGenerator) Generate 

func (e WorkloadGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

func (WorkloadGenerator) GenerateDeltas 

func (e WorkloadGenerator) GenerateDeltas(
	proxy *model.Proxy,
	req *model.PushRequest,
	w *model.WatchedResource,
) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)

GenerateDeltas computes Workload resources. This is design to be highly optimized to delta updates, and supports *on-demand* client usage. A client can subscribe with a wildcard subscription and get all resources (with delta updates), or on-demand and only get responses for specifically subscribed resources.

Incoming requests may be for VIP or Pod IP addresses. However, all responses are Workload resources, which are pod based. This means subscribing to a VIP may end up pushing many resources of different name than the request. On-demand clients are expected to handle this (for wildcard, this is not applicable, as they don't specify any resources at all).

type WorkloadRBACGenerator 

type WorkloadRBACGenerator struct {
	Server *DiscoveryServer
}

func (WorkloadRBACGenerator) Generate 

func (e WorkloadRBACGenerator) Generate(proxy *model.Proxy, w *model.WatchedResource, req *model.PushRequest) (model.Resources, model.XdsLogDetails, error)

func (WorkloadRBACGenerator) GenerateDeltas 

func (e WorkloadRBACGenerator) GenerateDeltas(
	proxy *model.Proxy,
	req *model.PushRequest,
	w *model.WatchedResource,
) (model.Resources, model.DeletedResources, model.XdsLogDetails, bool, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.