import "istio.io/istio/pilot/pkg/xds"
Copyright Istio Authors
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
ads.go ads_common.go authentication.go cds.go debug.go discovery.go ecds.go eds.go endpoint_builder.go ep_filters.go eventhandler.go fake.go gen.go lds.go monitoring.go nds.go pushqueue.go rds.go sds.go simple.go statusgen.go util.go
const (
// TypeURLConnect generate connect event.
TypeURLConnect = "istio.io/connect"
// TypeURLDisconnect generate disconnect event.
TypeURLDisconnect = "istio.io/disconnect"
// TypeURLNACK will receive messages of type DiscoveryRequest, containing
// the 'NACK' from envoy on rejected configs. Only ID is set in metadata.
// This includes all the info that envoy (client) provides.
TypeURLNACK = "istio.io/nack"
// TypeDebugSyncronization requests Envoy CSDS for proxy sync status
TypeDebugSyncronization = "istio.io/debug/syncz"
// TypeDebugConfigDump requests Envoy configuration for a proxy without creating one
TypeDebugConfigDump = "istio.io/debug/config_dump"
)const (
// GatewaySdsCaSuffix is the suffix of the sds resource name for root CA. All resource
// names for gateway root certs end with "-cacert".
GatewaySdsCaSuffix = "-cacert"
)const VersionLen = 12The Config Version is only used as the nonce prefix, but we can reconstruct it because is is a b64 encoding of a 64 bit array, which will always be 12 chars in length. len = ceil(bitlength/(2^6))+1
var AllEventTypes = map[EventType]struct{}{ v3.ClusterType: {}, v3.ListenerType: {}, v3.RouteType: {}, v3.EndpointType: {}, }
var AllEventTypesList = []EventType{v3.ClusterType, v3.ListenerType, v3.RouteType, v3.EndpointType}
AllEventTypesList is AllEventTypes in list form, for convenience
var KnownPushOrder = map[string]struct{}{ v3.ClusterType: {}, v3.EndpointType: {}, v3.ListenerType: {}, v3.RouteType: {}, v3.SecretType: {}, }
var PushOrder = []string{v3.ClusterType, v3.EndpointType, v3.ListenerType, v3.RouteType, v3.SecretType}
PushOrder defines the order that updates will be pushed in. Any types not listed here will be pushed in random order after the types listed here
var SkipLogTypes = map[string]struct{}{ v3.EndpointType: {}, v3.SecretType: {}, }
func AdsPushAll(s *DiscoveryServer)
AdsPushAll will send updates to all nodes, for a full config or incremental EDS.
ConfigAffectsProxy checks if a pushEv will affect a specified proxy. That means whether the push will be performed towards the proxy.
func ControlPlane() *corev3.ControlPlane
ControlPlane identifies the instance and Istio version.
DefaultProxyNeedsPush check if a proxy needs push for this push event.
func GetTunnelBuilderType(clusterName string, proxy *model.Proxy, push *model.PushContext) networking.TunnelType
Return the tunnel type for this endpoint builder. If the endpoint builder builds h2tunnel, the final endpoint collection includes only the endpoints which support H2 tunnel and the non-tunnel endpoints. The latter case is to support multi-cluster service. Revisit non-tunnel endpoint decision once the gateways supports tunnel. TODO(lambdai): Propose to istio api.
type AdsClient struct {
ConnectionID string `json:"connectionId"`
ConnectedAt time.Time `json:"connectedAt"`
PeerAddress string `json:"address"`
Watches map[string][]string `json:"watches"`
}AdsClient defines the data that is displayed on "/adsz" endpoint.
AdsClients is collection of AdsClient connected to this Istiod.
func NewXdsTest(t test.Failer, conn *grpc.ClientConn, getClient func(conn *grpc.ClientConn) (DiscoveryClient, error)) *AdsTest
DrainResponses reads all responses, but does nothing to them
ExpectError waits until an error is received and returns it
ExpectNoResponse waits a short period of time and ensures no response is received
func (a *AdsTest) ExpectResponse() *discovery.DiscoveryResponse
ExpectResponse waits until a response is received and returns it
func (a *AdsTest) Request(req *discovery.DiscoveryRequest)
func (a *AdsTest) RequestResponseAck(req *discovery.DiscoveryRequest) *discovery.DiscoveryResponse
RequestResponseAck does a full XDS exchange: Send a request, get a response, and ACK the response
func (a *AdsTest) RequestResponseNack(req *discovery.DiscoveryRequest) *discovery.DiscoveryResponse
RequestResponseAck does a full XDS exchange with an error: Send a request, get a response, and NACK the response
func (a *AdsTest) WithMetadata(m model.NodeMetadata) *AdsTest
type AuthorizationDebug struct {
AuthorizationPolicies *model.AuthorizationPolicies `json:"authorization_policies"`
}AuthorizationDebug holds debug information for authorization policy.
type CdsGenerator struct {
Server *DiscoveryServer
}func (c CdsGenerator) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, req *model.PushRequest) (model.Resources, error)
type Connection struct {
// PeerAddr is the address of the client, from network layer.
PeerAddr string
// Defines associated identities for the connection
Identities []string
// Time of connection, for debugging
Connect time.Time
// ConID is the connection identifier, used as a key in the connection table.
// Currently based on the node name and a counter.
ConID string
// contains filtered or unexported fields
}Connection holds information about connected client.
func (conn *Connection) Clusters() []string
func (conn *Connection) NonceAcked(typeUrl string) string
nolint
func (conn *Connection) NonceSent(typeUrl string) string
nolint
func (conn *Connection) Routes() []string
func (conn *Connection) Stop()
func (conn *Connection) Synced(typeUrl string) (bool, bool)
nolint Synced checks if the type has been synced, meaning the most recent push was ACKed
func (conn *Connection) Watched(typeUrl string) *model.WatchedResource
nolint
func (conn *Connection) Watching(typeUrl string) bool
nolint
type DiscoveryClient = discovery.AggregatedDiscoveryService_StreamAggregatedResourcesClient
DiscoveryClient is a client interface for XDS.
type DiscoveryServer struct {
// Env is the model environment.
Env *model.Environment
// MemRegistry is used for debug and load testing, allow adding services. Visible for testing.
MemRegistry *memory.ServiceDiscovery
// ConfigGenerator is responsible for generating data plane configuration using Istio networking
// APIs and service registry info
ConfigGenerator core.ConfigGenerator
// Generators allow customizing the generated config, based on the client metadata.
// Key is the generator type - will match the Generator metadata to set the per-connection
// default generator, or the combination of Generator metadata and TypeUrl to select a
// different generator for a type.
// Normal istio clients use the default generator - will not be impacted by this.
Generators map[string]model.XdsResourceGenerator
// ProxyNeedsPush is a function that determines whether a push can be completely skipped. Individual generators
// may also choose to not send any updates.
ProxyNeedsPush func(proxy *model.Proxy, req *model.PushRequest) bool
// InboundUpdates describes the number of configuration updates the discovery server has received
InboundUpdates *atomic.Int64
// CommittedUpdates describes the number of configuration updates the discovery server has
// received, process, and stored in the push context. If this number is less than InboundUpdates,
// there are updates we have not yet processed.
// Note: This does not mean that all proxies have received these configurations; it is strictly
// the push context, which means that the next push to a proxy will receive this configuration.
CommittedUpdates *atomic.Int64
// EndpointShards for a service. This is a global (per-server) list, built from
// incremental updates. This is keyed by service and namespace
EndpointShardsByService map[string]map[string]*EndpointShards
StatusReporter DistributionStatusCache
// Authenticators for XDS requests. Should be same/subset of the CA authenticators.
Authenticators []security.Authenticator
// StatusGen is notified of connect/disconnect/nack on all connections
StatusGen *StatusGen
WorkloadEntryController *workloadentry.Controller
// Cache for XDS resources
Cache model.XdsCache
// contains filtered or unexported fields
}DiscoveryServer is Pilot's gRPC implementation for Envoy's xds APIs
func NewDiscoveryServer(env *model.Environment, plugins []string, instanceID string) *DiscoveryServer
NewDiscoveryServer creates DiscoveryServer that sources data from Pilot's internal mesh data structures
func (s *DiscoveryServer) AddDebugHandlers(mux *http.ServeMux, enableProfiling bool, webhook func() map[string]string)
func (s *DiscoveryServer) AdsPushAll(version string, req *model.PushRequest)
AdsPushAll implements old style invalidation, generated when any rule or endpoint changes. Primary code path is from v1 discoveryService.clearCache(), which is added as a handler to the model ConfigStorageCache and Controller.
func (s *DiscoveryServer) AllClients() []*Connection
AllClients returns all connected clients, per Clients, but additionally includes unintialized connections Warning: callers must take care not to rely on the con.proxy field being set
func (s *DiscoveryServer) Authorizationz(w http.ResponseWriter, req *http.Request)
Authorizationz dumps the internal authorization policies.
func (s *DiscoveryServer) CachesSynced()
CachesSynced is called when caches have been synced so that server can accept connections.
func (s *DiscoveryServer) Clients() []*Connection
Clients returns all currently connected clients. This method can be safely called concurrently, but care should be taken with the underlying objects (ie model.Proxy) to ensure proper locking. This method returns only fully initialized connections; for all connections, use AllClients
func (s *DiscoveryServer) ClientsOf(typeUrl string) []*Connection
nolint ClientsOf returns the clients that are watching the given resource.
func (s *DiscoveryServer) ConfigDump(w http.ResponseWriter, req *http.Request)
ConfigDump returns information in the form of the Envoy admin API config dump for the specified proxy The dump will only contain dynamic listeners/clusters/routes and can be used to compare what an Envoy instance should look like according to Pilot vs what it currently does look like.
func (s *DiscoveryServer) ConfigUpdate(req *model.PushRequest)
ConfigUpdate implements ConfigUpdater interface, used to request pushes. It replaces the 'clear cache' from v1.
func (s *DiscoveryServer) Debug(w http.ResponseWriter, req *http.Request)
lists all the supported debug endpoints.
func (s *DiscoveryServer) DeltaAggregatedResources(stream discovery.AggregatedDiscoveryService_DeltaAggregatedResourcesServer) error
DeltaAggregatedResources is not implemented. Instead, Generators may send only updates/add, with Delete indicated by an empty spec. This works if both ends follow this model. For example EDS and the API generator follow this pattern.
The delta protocol changes the request, adding unsubscribe/subscribe instead of sending full list of resources. On the response it adds 'removed resources' and sends changes for everything. TODO: we could implement this method if needed, the change is not very big.
func (s *DiscoveryServer) EDSCacheUpdate(clusterID, serviceName string, namespace string, istioEndpoints []*model.IstioEndpoint)
EDSCacheUpdate computes destination address membership across all clusters and networks. This is the main method implementing EDS. It replaces InstancesByPort in model - instead of iterating over all endpoints it uses the hostname-keyed map. And it avoids the conversion from Endpoint to ServiceEntry to envoy on each step: instead the conversion happens once, when an endpoint is first discovered.
Note: the difference with `EDSUpdate` is that it only update the cache rather than requesting a push
func (s *DiscoveryServer) EDSUpdate(clusterID, serviceName string, namespace string, istioEndpoints []*model.IstioEndpoint)
EDSUpdate computes destination address membership across all clusters and networks. This is the main method implementing EDS. It replaces InstancesByPort in model - instead of iterating over all endpoints it uses the hostname-keyed map. And it avoids the conversion from Endpoint to ServiceEntry to envoy on each step: instead the conversion happens once, when an endpoint is first discovered.
func (s *DiscoveryServer) Edsz(w http.ResponseWriter, req *http.Request)
Edsz implements a status and debug interface for EDS. It is mapped to /debug/edsz on the monitor port (15014).
func (s *DiscoveryServer) ForceDisconnect(w http.ResponseWriter, req *http.Request)
func (s *DiscoveryServer) InitDebug(mux *http.ServeMux, sctl *aggregate.Controller, enableProfiling bool, fetchWebhook func() map[string]string)
InitDebug initializes the debug handlers and adds a debug in-memory registry.
func (s *DiscoveryServer) InjectTemplateHandler(webhook func() map[string]string) func(http.ResponseWriter, *http.Request)
InjectTemplateHandler dumps the injection template Replaces dumping the template at startup.
func (s *DiscoveryServer) IsServerReady() bool
func (s *DiscoveryServer) MeshHandler(w http.ResponseWriter, r *http.Request)
MeshHandler dumps the mesh config
func (s *DiscoveryServer) Ndsz(w http.ResponseWriter, req *http.Request)
Ndsz implements a status and debug interface for NDS. It is mapped to /debug/Ndsz on the monitor port (15014).
func (s *DiscoveryServer) ProxyUpdate(clusterID, ip string)
func (s *DiscoveryServer) Push(req *model.PushRequest)
Push is called to push changes on config updates using ADS. This is set in DiscoveryService.Push, to avoid direct dependencies.
func (s *DiscoveryServer) PushContextHandler(w http.ResponseWriter, req *http.Request)
PushContextHandler dumps the current PushContext
func (s *DiscoveryServer) PushStatusHandler(w http.ResponseWriter, req *http.Request)
PushStatusHandler dumps the last PushContext
func (s *DiscoveryServer) Register(rpcs *grpc.Server)
Register adds the ADS handler to the grpc server
func (s *DiscoveryServer) SendResponse(connections []*Connection, res *discovery.DiscoveryResponse)
SendResponse will immediately send the response to all connections. TODO: additional filters can be added, for example namespace.
func (s *DiscoveryServer) Shutdown()
shutdown shuts down DiscoveryServer components.
func (s *DiscoveryServer) Start(stopCh <-chan struct{})
func (s *DiscoveryServer) Stream(stream DiscoveryStream) error
func (s *DiscoveryServer) StreamAggregatedResources(stream discovery.AggregatedDiscoveryService_StreamAggregatedResourcesServer) error
StreamAggregatedResources implements the ADS interface.
SvcUpdate is a callback from service discovery when service info changes.
func (s *DiscoveryServer) Syncz(w http.ResponseWriter, _ *http.Request)
Syncz dumps the synchronization status of all Envoys connected to this Pilot instance
func (s *DiscoveryServer) UpdateServiceShards(push *model.PushContext) error
UpdateServiceShards will list the endpoints and create the shards. This is used to reconcile and to support non-k8s registries (until they migrate). Note that aggregated list is expensive (for large numbers) - we want to replace it with a model where DiscoveryServer keeps track of all endpoint registries directly, and calls them one by one.
type DiscoveryStream = discovery.AggregatedDiscoveryService_StreamAggregatedResourcesServer
DiscoveryStream is a server interface for XDS.
type DistributionStatusCache interface {
// RegisterEvent notifies the implementer of an xDS ACK, and must be non-blocking
RegisterEvent(conID string, eventType EventType, nonce string)
RegisterDisconnect(s string, types []EventType)
QueryLastNonce(conID string, eventType EventType) (noncePrefix string)
}EventHandler allows for generic monitoring of xDS ACKS and disconnects, for the purpose of tracking Config distribution through the mesh.
type EcdsGenerator struct {
Server *DiscoveryServer
}EcdsGenerator generates ECDS configuration.
func (e *EcdsGenerator) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, req *model.PushRequest) (model.Resources, error)
Generate returns ECDS resources for a given proxy.
type EdsGenerator struct {
Server *DiscoveryServer
}EdsGenerator implements the new Generate method for EDS, using the in-memory, optimized endpoint storage in DiscoveryServer.
func (eds *EdsGenerator) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, req *model.PushRequest) (model.Resources, error)
type EndpointBuilder struct {
// contains filtered or unexported fields
}func NewEndpointBuilder(clusterName string, proxy *model.Proxy, push *model.PushContext) EndpointBuilder
func (b *EndpointBuilder) ApplyTunnelSetting(llbOpts []*LocLbEndpointsAndOptions, tunnelType networking.TunnelType) []*LocLbEndpointsAndOptions
TODO(lambdai): Handle ApplyTunnel error return value by filter out the failed endpoint.
func (b EndpointBuilder) Cacheable() bool
func (b EndpointBuilder) DependentConfigs() []model.ConfigKey
func (b EndpointBuilder) DestinationRule() *networkingapi.DestinationRule
func (b *EndpointBuilder) EndpointsByNetworkFilter(endpoints []*LocLbEndpointsAndOptions) []*LocLbEndpointsAndOptions
EndpointsByNetworkFilter is a network filter function to support Split Horizon EDS - filter the endpoints based on the network of the connected sidecar. The filter will filter out all endpoints which are not present within the sidecar network and add a gateway endpoint to remote networks that have endpoints (if gateway exists and its IP is an IP and not a dns name). Information for the mesh networks is provided as a MeshNetwork config map.
func (b EndpointBuilder) Key() string
Key provides the eds cache key and should include any information that could change the way endpoints are generated.
func (b *EndpointBuilder) MultiNetworkConfigured() bool
MultiNetworkConfigured determines if we have gateways to use for building cross-network endpoints.
type EndpointH2TunnelApplier struct{}func (t *EndpointH2TunnelApplier) ApplyTunnel(lep *endpoint.LbEndpoint, tunnelType networking.TunnelType) (*endpoint.LbEndpoint, error)
TODO(lambdai): Set original port if the default cluster original port is not the same.
type EndpointNoTunnelApplier struct{}func (t *EndpointNoTunnelApplier) ApplyTunnel(lep *endpoint.LbEndpoint, tunnelType networking.TunnelType) (*endpoint.LbEndpoint, error)
Note that this will not return error if another tunnel typs requested.
type EndpointShards struct {
// Shards is used to track the shards. EDS updates are grouped by shard.
// Current implementation uses the registry name as key - in multicluster this is the
// name of the k8s cluster, derived from the config (secret).
Shards map[string][]*model.IstioEndpoint
// ServiceAccounts has the concatenation of all service accounts seen so far in endpoints.
// This is updated on push, based on shards. If the previous list is different than
// current list, a full push will be forced, to trigger a secure naming update.
// Due to the larger time, it is still possible that connection errors will occur while
// CDS is updated.
ServiceAccounts sets.Set
// contains filtered or unexported fields
}EndpointShards holds the set of endpoint shards of a service. Registries update individual shards incrementally. The shards are aggregated and split into clusters when a push for the specific cluster is needed.
type EndpointTunnelApplier interface {
// Mutate LbEndpoint in place. Return non-nil on failure.
ApplyTunnel(lep *endpoint.LbEndpoint, tunnelType networking.TunnelType) (*endpoint.LbEndpoint, error)
}TODO(lambdai): Receive port value(15009 by default), builder to cover wide cases.
func MakeTunnelApplier(le *endpoint.LbEndpoint, tunnelOpt networking.TunnelAbility) EndpointTunnelApplier
Return prefer H2 tunnel metadata.
type Event struct {
// contains filtered or unexported fields
}Event represents a config or registry event that results in a push.
EventType represents the type of object we are tracking, mapping to envoy TypeUrl.
type FakeDiscoveryServer struct {
*v1alpha3.ConfigGenTest
Discovery *DiscoveryServer
Listener *bufconn.Listener
KubeRegistry *kube.FakeController
// contains filtered or unexported fields
}func NewFakeDiscoveryServer(t test.Failer, opts FakeOptions) *FakeDiscoveryServer
Connect starts an ADS connection to the server using adsc. It will automatically be cleaned up when the test ends watch can be configured to determine the resources to watch initially, and wait can be configured to determine what resources we should initially wait for.
func (f *FakeDiscoveryServer) ConnectADS() *AdsTest
ConnectADS starts an ADS connection to the server. It will automatically be cleaned up when the test ends
func (f *FakeDiscoveryServer) Endpoints(p *model.Proxy) []*endpoint.ClusterLoadAssignment
func (f *FakeDiscoveryServer) KubeClient() kubelib.Client
func (f *FakeDiscoveryServer) PushContext() *model.PushContext
type FakeOptions struct {
// If provided, a service registry with the name of each map key will be created with the given objects.
KubernetesObjectsByCluster map[string][]runtime.Object
// If provided, these objects will be used directly for the default cluster ("Kubernetes")
KubernetesObjects []runtime.Object
// If provided, the yaml string will be parsed and used as objects for the default cluster ("Kubernetes")
KubernetesObjectString string
// Endpoint mode for the Kubernetes service registry
KubernetesEndpointMode kube.EndpointMode
// If provided, these configs will be used directly
Configs []config.Config
// If provided, the yaml string will be parsed and used as configs
ConfigString string
// If provided, the ConfigString will be treated as a go template, with this as input params
ConfigTemplateInput interface{}
// If provided, this mesh config will be used
MeshConfig *meshconfig.MeshConfig
NetworksWatcher mesh.NetworksWatcher
// Time to debounce
// By default, set to 0s to speed up tests
DebounceTime time.Duration
}type IstioControlPlaneInstance struct {
// The Istio component type (e.g. "istiod")
Component string
// The ID of the component instance
ID string
// The Istio version
Info istioversion.BuildInfo
}IstioControlPlaneInstance defines the format Istio uses for when creating Envoy config.core.v3.ControlPlane.identifier
type LdsGenerator struct {
Server *DiscoveryServer
}func (l LdsGenerator) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, req *model.PushRequest) (model.Resources, error)
type LocLbEndpointsAndOptions struct {
// contains filtered or unexported fields
}func (e *LocLbEndpointsAndOptions) AssertInvarianceInTest()
type NdsGenerator struct {
Server *DiscoveryServer
}Nds stands for Name Discovery Service. Istio agents send NDS requests to istiod istiod responds with a list of service entries and their associated IPs (including k8s services) The agent then updates its internal DNS based on this data. If DNS capture is enabled in the pod the agent will capture all DNS requests and attempt to resolve locally before forwarding to upstream dns servers/
func (n NdsGenerator) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, req *model.PushRequest) (model.Resources, error)
type ProxyGen struct {
// contains filtered or unexported fields
}ProxyGen implements a proxy generator - any request is forwarded using the agent ADSC connection. Responses are forwarded back on the connection that they are received.
func (p *ProxyGen) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, updates *model.PushRequest) (model.Resources, error)
Generate will forward the request to all remote XDS servers. Responses will be forwarded back to the client.
TODO: allow clients to indicate which requests they handle ( similar with topic )
HandleResponse will dispatch a response from a federated XDS server to all connections listening for that type.
type PushContextDebug struct {
AuthorizationPolicies *model.AuthorizationPolicies
NetworkGateways map[string][]*model.Gateway
}PushContextDebug holds debug information for push context.
type PushQueue struct {
// contains filtered or unexported fields
}func (p *PushQueue) Dequeue() (con *Connection, request *model.PushRequest, shutdown bool)
Remove a proxy from the queue. If there are no proxies ready to be removed, this will block
func (p *PushQueue) Enqueue(con *Connection, pushRequest *model.PushRequest)
Enqueue will mark a proxy as pending a push. If it is already pending, pushInfo will be merged. ServiceEntry updates will be added together, and full will be set if either were full
func (p *PushQueue) MarkDone(con *Connection)
Get number of pending proxies
ShutDown will cause queue to ignore all new items added to it. As soon as the worker goroutines have drained the existing items in the queue, they will be instructed to exit.
type RdsGenerator struct {
Server *DiscoveryServer
}func (c RdsGenerator) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, req *model.PushRequest) (model.Resources, error)
type SecretGen struct {
// contains filtered or unexported fields
}func (s *SecretGen) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, req *model.PushRequest) (model.Resources, error)
func (sr SecretResource) Cacheable() bool
func (sr SecretResource) DependentConfigs() []model.ConfigKey
func (sr SecretResource) Key() string
type SimpleServer struct {
// DiscoveryServer is the gRPC XDS implementation
// Env and MemRegistry are available as fields, as well as the default
// PushContext.
DiscoveryServer *DiscoveryServer
// MemoryStore is an in-memory config store, part of the aggregate store
// used by the discovery server.
MemoryConfigStore model.IstioConfigStore
// GRPCListener is the listener used for GRPC. For agent it is
// an insecure port, bound to 127.0.0.1
GRPCListener net.Listener
ConfigStoreCache model.ConfigStoreCache
// contains filtered or unexported fields
}Server represents the XDS serving feature of Istiod (pilot). Unlike bootstrap/, this packet has no dependencies on K8S, CA, and other features. It'll be used initially in the istio-agent, to provide a minimal proxy while reusing the same code as istiod. Portions of the code will also be used in istiod - after it becomes stable the plan is to refactor bootstrap to use this code instead of directly bootstrapping XDS.
The server support proxy/federation of multiple sources - last part or parity with MCP/Galley and MCP-over-XDS.
func NewXDS(stop chan struct{}) *SimpleServerCreates an basic, functional discovery server, using the same code as Istiod, but backed by an in-memory config and endpoint stores.
Can be used in tests, or as a minimal XDS discovery server with no dependency on K8S or the complex bootstrap used by Istiod. A memory registry and memory config store are used to generate the configs - they can be programmatically updated.
func (s *SimpleServer) NewProxy() *ProxyGen
func (s *SimpleServer) StartGRPC(addr string) error
type StatusGen struct {
Server *DiscoveryServer
}StatusGen is a Generator for XDS status: connections, syncz, configdump
func NewStatusGen(s *DiscoveryServer) *StatusGen
func (sg *StatusGen) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, updates *model.PushRequest) (model.Resources, error)
Generate XDS responses about internal events: - connection status - NACKs We can also expose ACKS.
func (sg *StatusGen) OnConnect(con *Connection)
func (sg *StatusGen) OnDisconnect(con *Connection)
type SyncStatus struct {
ProxyID string `json:"proxy,omitempty"`
ProxyVersion string `json:"proxy_version,omitempty"`
IstioVersion string `json:"istio_version,omitempty"`
ClusterSent string `json:"cluster_sent,omitempty"`
ClusterAcked string `json:"cluster_acked,omitempty"`
ListenerSent string `json:"listener_sent,omitempty"`
ListenerAcked string `json:"listener_acked,omitempty"`
RouteSent string `json:"route_sent,omitempty"`
RouteAcked string `json:"route_acked,omitempty"`
EndpointSent string `json:"endpoint_sent,omitempty"`
EndpointAcked string `json:"endpoint_acked,omitempty"`
}SyncStatus is the synchronization status between Pilot and a given Envoy
type SyncedVersions struct {
ProxyID string `json:"proxy,omitempty"`
ClusterVersion string `json:"cluster_acked,omitempty"`
ListenerVersion string `json:"listener_acked,omitempty"`
RouteVersion string `json:"route_acked,omitempty"`
}SyncedVersions shows what resourceVersion of a given resource has been acked by Envoy.
| Path | Synopsis |
|---|---|
| filters | |
| v2 | |
| v3 |
Package xds imports 88 packages (graph) and is imported by 14 packages. Updated 2021-01-26. Refresh now. Tools for package owners.