istio: Index | Files | Directories

package xds

import ""

Copyright Istio Authors

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.


Package Files

ads.go ads_common.go authentication.go cds.go debug.go discovery.go ecds.go eds.go endpoint_builder.go ep_filters.go eventhandler.go fake.go gen.go lds.go monitoring.go nds.go pushqueue.go rds.go sds.go simple.go statusgen.go util.go


const (
    // TypeURLConnect generate connect event.
    TypeURLConnect = ""

    // TypeURLDisconnect generate disconnect event.
    TypeURLDisconnect = ""

    // TypeURLNACK will receive messages of type DiscoveryRequest, containing
    // the 'NACK' from envoy on rejected configs. Only ID is set in metadata.
    // This includes all the info that envoy (client) provides.
    TypeURLNACK = ""

    // TypeDebugSyncronization requests Envoy CSDS for proxy sync status
    TypeDebugSyncronization = ""

    // TypeDebugConfigDump requests Envoy configuration for a proxy without creating one
    TypeDebugConfigDump = ""
const (
    // GatewaySdsCaSuffix is the suffix of the sds resource name for root CA. All resource
    // names for gateway root certs end with "-cacert".
    GatewaySdsCaSuffix = "-cacert"
const VersionLen = 12

The Config Version is only used as the nonce prefix, but we can reconstruct it because is is a b64 encoding of a 64 bit array, which will always be 12 chars in length. len = ceil(bitlength/(2^6))+1


var AllEventTypes = map[EventType]struct{}{
    v3.ClusterType:  {},
    v3.ListenerType: {},
    v3.RouteType:    {},
    v3.EndpointType: {},
var AllEventTypesList = []EventType{v3.ClusterType, v3.ListenerType, v3.RouteType, v3.EndpointType}

AllEventTypesList is AllEventTypes in list form, for convenience

var KnownPushOrder = map[string]struct{}{
    v3.ClusterType:  {},
    v3.EndpointType: {},
    v3.ListenerType: {},
    v3.RouteType:    {},
    v3.SecretType:   {},
var PushOrder = []string{v3.ClusterType, v3.EndpointType, v3.ListenerType, v3.RouteType, v3.SecretType}

PushOrder defines the order that updates will be pushed in. Any types not listed here will be pushed in random order after the types listed here

var SkipLogTypes = map[string]struct{}{
    v3.EndpointType: {},
    v3.SecretType:   {},

func AdsPushAll Uses

func AdsPushAll(s *DiscoveryServer)

AdsPushAll will send updates to all nodes, for a full config or incremental EDS.

func ConfigAffectsProxy Uses

func ConfigAffectsProxy(req *model.PushRequest, proxy *model.Proxy) bool

ConfigAffectsProxy checks if a pushEv will affect a specified proxy. That means whether the push will be performed towards the proxy.

func ControlPlane Uses

func ControlPlane() *corev3.ControlPlane

ControlPlane identifies the instance and Istio version.

func DefaultProxyNeedsPush Uses

func DefaultProxyNeedsPush(proxy *model.Proxy, req *model.PushRequest) bool

DefaultProxyNeedsPush check if a proxy needs push for this push event.

func GetTunnelBuilderType Uses

func GetTunnelBuilderType(clusterName string, proxy *model.Proxy, push *model.PushContext) networking.TunnelType

Return the tunnel type for this endpoint builder. If the endpoint builder builds h2tunnel, the final endpoint collection includes only the endpoints which support H2 tunnel and the non-tunnel endpoints. The latter case is to support multi-cluster service. Revisit non-tunnel endpoint decision once the gateways supports tunnel. TODO(lambdai): Propose to istio api.

func ResourceSize Uses

func ResourceSize(r model.Resources) int

type AdsClient Uses

type AdsClient struct {
    ConnectionID string              `json:"connectionId"`
    ConnectedAt  time.Time           `json:"connectedAt"`
    PeerAddress  string              `json:"address"`
    Watches      map[string][]string `json:"watches"`

AdsClient defines the data that is displayed on "/adsz" endpoint.

type AdsClients Uses

type AdsClients struct {
    Connected []AdsClient `json:"clients"`

AdsClients is collection of AdsClient connected to this Istiod.

type AdsTest Uses

type AdsTest struct {
    ID   string
    Type string
    // contains filtered or unexported fields

func NewAdsTest Uses

func NewAdsTest(t test.Failer, conn *grpc.ClientConn) *AdsTest

func NewSdsTest Uses

func NewSdsTest(t test.Failer, conn *grpc.ClientConn) *AdsTest

func NewXdsTest Uses

func NewXdsTest(t test.Failer, conn *grpc.ClientConn, getClient func(conn *grpc.ClientConn) (DiscoveryClient, error)) *AdsTest

func (*AdsTest) Cleanup Uses

func (a *AdsTest) Cleanup()

func (*AdsTest) DrainResponses Uses

func (a *AdsTest) DrainResponses()

DrainResponses reads all responses, but does nothing to them

func (*AdsTest) ExpectError Uses

func (a *AdsTest) ExpectError() error

ExpectError waits until an error is received and returns it

func (*AdsTest) ExpectNoResponse Uses

func (a *AdsTest) ExpectNoResponse()

ExpectNoResponse waits a short period of time and ensures no response is received

func (*AdsTest) ExpectResponse Uses

func (a *AdsTest) ExpectResponse() *discovery.DiscoveryResponse

ExpectResponse waits until a response is received and returns it

func (*AdsTest) Request Uses

func (a *AdsTest) Request(req *discovery.DiscoveryRequest)

func (*AdsTest) RequestResponseAck Uses

func (a *AdsTest) RequestResponseAck(req *discovery.DiscoveryRequest) *discovery.DiscoveryResponse

RequestResponseAck does a full XDS exchange: Send a request, get a response, and ACK the response

func (*AdsTest) RequestResponseNack Uses

func (a *AdsTest) RequestResponseNack(req *discovery.DiscoveryRequest) *discovery.DiscoveryResponse

RequestResponseAck does a full XDS exchange with an error: Send a request, get a response, and NACK the response

func (*AdsTest) WithID Uses

func (a *AdsTest) WithID(id string) *AdsTest

func (*AdsTest) WithMetadata Uses

func (a *AdsTest) WithMetadata(m model.NodeMetadata) *AdsTest

func (*AdsTest) WithTimeout Uses

func (a *AdsTest) WithTimeout(t time.Duration) *AdsTest

func (*AdsTest) WithType Uses

func (a *AdsTest) WithType(typeURL string) *AdsTest

type AuthorizationDebug Uses

type AuthorizationDebug struct {
    AuthorizationPolicies *model.AuthorizationPolicies `json:"authorization_policies"`

AuthorizationDebug holds debug information for authorization policy.

type CdsGenerator Uses

type CdsGenerator struct {
    Server *DiscoveryServer

func (CdsGenerator) Generate Uses

func (c CdsGenerator) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, req *model.PushRequest) (model.Resources, error)

type Connection Uses

type Connection struct {
    // PeerAddr is the address of the client, from network layer.
    PeerAddr string

    // Defines associated identities for the connection
    Identities []string

    // Time of connection, for debugging
    Connect time.Time

    // ConID is the connection identifier, used as a key in the connection table.
    // Currently based on the node name and a counter.
    ConID string
    // contains filtered or unexported fields

Connection holds information about connected client.

func (*Connection) Clusters Uses

func (conn *Connection) Clusters() []string

func (*Connection) NonceAcked Uses

func (conn *Connection) NonceAcked(typeUrl string) string


func (*Connection) NonceSent Uses

func (conn *Connection) NonceSent(typeUrl string) string


func (*Connection) Routes Uses

func (conn *Connection) Routes() []string

func (*Connection) Stop Uses

func (conn *Connection) Stop()

func (*Connection) Synced Uses

func (conn *Connection) Synced(typeUrl string) (bool, bool)

nolint Synced checks if the type has been synced, meaning the most recent push was ACKed

func (*Connection) Watched Uses

func (conn *Connection) Watched(typeUrl string) *model.WatchedResource


func (*Connection) Watching Uses

func (conn *Connection) Watching(typeUrl string) bool


type DiscoveryClient Uses

type DiscoveryClient = discovery.AggregatedDiscoveryService_StreamAggregatedResourcesClient

DiscoveryClient is a client interface for XDS.

type DiscoveryServer Uses

type DiscoveryServer struct {
    // Env is the model environment.
    Env *model.Environment

    // MemRegistry is used for debug and load testing, allow adding services. Visible for testing.
    MemRegistry *memory.ServiceDiscovery

    // ConfigGenerator is responsible for generating data plane configuration using Istio networking
    // APIs and service registry info
    ConfigGenerator core.ConfigGenerator

    // Generators allow customizing the generated config, based on the client metadata.
    // Key is the generator type - will match the Generator metadata to set the per-connection
    // default generator, or the combination of Generator metadata and TypeUrl to select a
    // different generator for a type.
    // Normal istio clients use the default generator - will not be impacted by this.
    Generators map[string]model.XdsResourceGenerator

    // ProxyNeedsPush is a function that determines whether a push can be completely skipped. Individual generators
    // may also choose to not send any updates.
    ProxyNeedsPush func(proxy *model.Proxy, req *model.PushRequest) bool

    // InboundUpdates describes the number of configuration updates the discovery server has received
    InboundUpdates *atomic.Int64
    // CommittedUpdates describes the number of configuration updates the discovery server has
    // received, process, and stored in the push context. If this number is less than InboundUpdates,
    // there are updates we have not yet processed.
    // Note: This does not mean that all proxies have received these configurations; it is strictly
    // the push context, which means that the next push to a proxy will receive this configuration.
    CommittedUpdates *atomic.Int64

    // EndpointShards for a service. This is a global (per-server) list, built from
    // incremental updates. This is keyed by service and namespace
    EndpointShardsByService map[string]map[string]*EndpointShards

    StatusReporter DistributionStatusCache

    // Authenticators for XDS requests. Should be same/subset of the CA authenticators.
    Authenticators []security.Authenticator

    // StatusGen is notified of connect/disconnect/nack on all connections
    StatusGen               *StatusGen
    WorkloadEntryController *workloadentry.Controller

    // Cache for XDS resources
    Cache model.XdsCache
    // contains filtered or unexported fields

DiscoveryServer is Pilot's gRPC implementation for Envoy's xds APIs

func NewDiscoveryServer Uses

func NewDiscoveryServer(env *model.Environment, plugins []string, instanceID string) *DiscoveryServer

NewDiscoveryServer creates DiscoveryServer that sources data from Pilot's internal mesh data structures

func (*DiscoveryServer) AddDebugHandlers Uses

func (s *DiscoveryServer) AddDebugHandlers(mux *http.ServeMux, enableProfiling bool, webhook func() map[string]string)

func (*DiscoveryServer) AdsPushAll Uses

func (s *DiscoveryServer) AdsPushAll(version string, req *model.PushRequest)

AdsPushAll implements old style invalidation, generated when any rule or endpoint changes. Primary code path is from v1 discoveryService.clearCache(), which is added as a handler to the model ConfigStorageCache and Controller.

func (*DiscoveryServer) AllClients Uses

func (s *DiscoveryServer) AllClients() []*Connection

AllClients returns all connected clients, per Clients, but additionally includes unintialized connections Warning: callers must take care not to rely on the con.proxy field being set

func (*DiscoveryServer) Authorizationz Uses

func (s *DiscoveryServer) Authorizationz(w http.ResponseWriter, req *http.Request)

Authorizationz dumps the internal authorization policies.

func (*DiscoveryServer) CachesSynced Uses

func (s *DiscoveryServer) CachesSynced()

CachesSynced is called when caches have been synced so that server can accept connections.

func (*DiscoveryServer) Clients Uses

func (s *DiscoveryServer) Clients() []*Connection

Clients returns all currently connected clients. This method can be safely called concurrently, but care should be taken with the underlying objects (ie model.Proxy) to ensure proper locking. This method returns only fully initialized connections; for all connections, use AllClients

func (*DiscoveryServer) ClientsOf Uses

func (s *DiscoveryServer) ClientsOf(typeUrl string) []*Connection

nolint ClientsOf returns the clients that are watching the given resource.

func (*DiscoveryServer) ConfigDump Uses

func (s *DiscoveryServer) ConfigDump(w http.ResponseWriter, req *http.Request)

ConfigDump returns information in the form of the Envoy admin API config dump for the specified proxy The dump will only contain dynamic listeners/clusters/routes and can be used to compare what an Envoy instance should look like according to Pilot vs what it currently does look like.

func (*DiscoveryServer) ConfigUpdate Uses

func (s *DiscoveryServer) ConfigUpdate(req *model.PushRequest)

ConfigUpdate implements ConfigUpdater interface, used to request pushes. It replaces the 'clear cache' from v1.

func (*DiscoveryServer) Debug Uses

func (s *DiscoveryServer) Debug(w http.ResponseWriter, req *http.Request)

lists all the supported debug endpoints.

func (*DiscoveryServer) DeltaAggregatedResources Uses

func (s *DiscoveryServer) DeltaAggregatedResources(stream discovery.AggregatedDiscoveryService_DeltaAggregatedResourcesServer) error

DeltaAggregatedResources is not implemented. Instead, Generators may send only updates/add, with Delete indicated by an empty spec. This works if both ends follow this model. For example EDS and the API generator follow this pattern.

The delta protocol changes the request, adding unsubscribe/subscribe instead of sending full list of resources. On the response it adds 'removed resources' and sends changes for everything. TODO: we could implement this method if needed, the change is not very big.

func (*DiscoveryServer) EDSCacheUpdate Uses

func (s *DiscoveryServer) EDSCacheUpdate(clusterID, serviceName string, namespace string,
    istioEndpoints []*model.IstioEndpoint)

EDSCacheUpdate computes destination address membership across all clusters and networks. This is the main method implementing EDS. It replaces InstancesByPort in model - instead of iterating over all endpoints it uses the hostname-keyed map. And it avoids the conversion from Endpoint to ServiceEntry to envoy on each step: instead the conversion happens once, when an endpoint is first discovered.

Note: the difference with `EDSUpdate` is that it only update the cache rather than requesting a push

func (*DiscoveryServer) EDSUpdate Uses

func (s *DiscoveryServer) EDSUpdate(clusterID, serviceName string, namespace string,
    istioEndpoints []*model.IstioEndpoint)

EDSUpdate computes destination address membership across all clusters and networks. This is the main method implementing EDS. It replaces InstancesByPort in model - instead of iterating over all endpoints it uses the hostname-keyed map. And it avoids the conversion from Endpoint to ServiceEntry to envoy on each step: instead the conversion happens once, when an endpoint is first discovered.

func (*DiscoveryServer) Edsz Uses

func (s *DiscoveryServer) Edsz(w http.ResponseWriter, req *http.Request)

Edsz implements a status and debug interface for EDS. It is mapped to /debug/edsz on the monitor port (15014).

func (*DiscoveryServer) ForceDisconnect Uses

func (s *DiscoveryServer) ForceDisconnect(w http.ResponseWriter, req *http.Request)

func (*DiscoveryServer) InitDebug Uses

func (s *DiscoveryServer) InitDebug(mux *http.ServeMux, sctl *aggregate.Controller, enableProfiling bool, fetchWebhook func() map[string]string)

InitDebug initializes the debug handlers and adds a debug in-memory registry.

func (*DiscoveryServer) InjectTemplateHandler Uses

func (s *DiscoveryServer) InjectTemplateHandler(webhook func() map[string]string) func(http.ResponseWriter, *http.Request)

InjectTemplateHandler dumps the injection template Replaces dumping the template at startup.

func (*DiscoveryServer) IsServerReady Uses

func (s *DiscoveryServer) IsServerReady() bool

func (*DiscoveryServer) MeshHandler Uses

func (s *DiscoveryServer) MeshHandler(w http.ResponseWriter, r *http.Request)

MeshHandler dumps the mesh config

func (*DiscoveryServer) Ndsz Uses

func (s *DiscoveryServer) Ndsz(w http.ResponseWriter, req *http.Request)

Ndsz implements a status and debug interface for NDS. It is mapped to /debug/Ndsz on the monitor port (15014).

func (*DiscoveryServer) ProxyUpdate Uses

func (s *DiscoveryServer) ProxyUpdate(clusterID, ip string)

func (*DiscoveryServer) Push Uses

func (s *DiscoveryServer) Push(req *model.PushRequest)

Push is called to push changes on config updates using ADS. This is set in DiscoveryService.Push, to avoid direct dependencies.

func (*DiscoveryServer) PushContextHandler Uses

func (s *DiscoveryServer) PushContextHandler(w http.ResponseWriter, req *http.Request)

PushContextHandler dumps the current PushContext

func (*DiscoveryServer) PushStatusHandler Uses

func (s *DiscoveryServer) PushStatusHandler(w http.ResponseWriter, req *http.Request)

PushStatusHandler dumps the last PushContext

func (*DiscoveryServer) Register Uses

func (s *DiscoveryServer) Register(rpcs *grpc.Server)

Register adds the ADS handler to the grpc server

func (*DiscoveryServer) SendResponse Uses

func (s *DiscoveryServer) SendResponse(connections []*Connection, res *discovery.DiscoveryResponse)

SendResponse will immediately send the response to all connections. TODO: additional filters can be added, for example namespace.

func (*DiscoveryServer) Shutdown Uses

func (s *DiscoveryServer) Shutdown()

shutdown shuts down DiscoveryServer components.

func (*DiscoveryServer) Start Uses

func (s *DiscoveryServer) Start(stopCh <-chan struct{})

func (*DiscoveryServer) Stream Uses

func (s *DiscoveryServer) Stream(stream DiscoveryStream) error

func (*DiscoveryServer) StreamAggregatedResources Uses

func (s *DiscoveryServer) StreamAggregatedResources(stream discovery.AggregatedDiscoveryService_StreamAggregatedResourcesServer) error

StreamAggregatedResources implements the ADS interface.

func (*DiscoveryServer) SvcUpdate Uses

func (s *DiscoveryServer) SvcUpdate(cluster, hostname string, namespace string, event model.Event)

SvcUpdate is a callback from service discovery when service info changes.

func (*DiscoveryServer) Syncz Uses

func (s *DiscoveryServer) Syncz(w http.ResponseWriter, _ *http.Request)

Syncz dumps the synchronization status of all Envoys connected to this Pilot instance

func (*DiscoveryServer) UpdateServiceShards Uses

func (s *DiscoveryServer) UpdateServiceShards(push *model.PushContext) error

UpdateServiceShards will list the endpoints and create the shards. This is used to reconcile and to support non-k8s registries (until they migrate). Note that aggregated list is expensive (for large numbers) - we want to replace it with a model where DiscoveryServer keeps track of all endpoint registries directly, and calls them one by one.

type DiscoveryStream Uses

type DiscoveryStream = discovery.AggregatedDiscoveryService_StreamAggregatedResourcesServer

DiscoveryStream is a server interface for XDS.

type DistributionStatusCache Uses

type DistributionStatusCache interface {
    // RegisterEvent notifies the implementer of an xDS ACK, and must be non-blocking
    RegisterEvent(conID string, eventType EventType, nonce string)
    RegisterDisconnect(s string, types []EventType)
    QueryLastNonce(conID string, eventType EventType) (noncePrefix string)

EventHandler allows for generic monitoring of xDS ACKS and disconnects, for the purpose of tracking Config distribution through the mesh.

type EcdsGenerator Uses

type EcdsGenerator struct {
    Server *DiscoveryServer

EcdsGenerator generates ECDS configuration.

func (*EcdsGenerator) Generate Uses

func (e *EcdsGenerator) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, req *model.PushRequest) (model.Resources, error)

Generate returns ECDS resources for a given proxy.

type EdsGenerator Uses

type EdsGenerator struct {
    Server *DiscoveryServer

EdsGenerator implements the new Generate method for EDS, using the in-memory, optimized endpoint storage in DiscoveryServer.

func (*EdsGenerator) Generate Uses

func (eds *EdsGenerator) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, req *model.PushRequest) (model.Resources, error)

type EndpointBuilder Uses

type EndpointBuilder struct {
    // contains filtered or unexported fields

func NewEndpointBuilder Uses

func NewEndpointBuilder(clusterName string, proxy *model.Proxy, push *model.PushContext) EndpointBuilder

func (*EndpointBuilder) ApplyTunnelSetting Uses

func (b *EndpointBuilder) ApplyTunnelSetting(llbOpts []*LocLbEndpointsAndOptions, tunnelType networking.TunnelType) []*LocLbEndpointsAndOptions

TODO(lambdai): Handle ApplyTunnel error return value by filter out the failed endpoint.

func (EndpointBuilder) Cacheable Uses

func (b EndpointBuilder) Cacheable() bool

func (EndpointBuilder) DependentConfigs Uses

func (b EndpointBuilder) DependentConfigs() []model.ConfigKey

func (EndpointBuilder) DestinationRule Uses

func (b EndpointBuilder) DestinationRule() *networkingapi.DestinationRule

func (*EndpointBuilder) EndpointsByNetworkFilter Uses

func (b *EndpointBuilder) EndpointsByNetworkFilter(endpoints []*LocLbEndpointsAndOptions) []*LocLbEndpointsAndOptions

EndpointsByNetworkFilter is a network filter function to support Split Horizon EDS - filter the endpoints based on the network of the connected sidecar. The filter will filter out all endpoints which are not present within the sidecar network and add a gateway endpoint to remote networks that have endpoints (if gateway exists and its IP is an IP and not a dns name). Information for the mesh networks is provided as a MeshNetwork config map.

func (EndpointBuilder) Key Uses

func (b EndpointBuilder) Key() string

Key provides the eds cache key and should include any information that could change the way endpoints are generated.

func (*EndpointBuilder) MultiNetworkConfigured Uses

func (b *EndpointBuilder) MultiNetworkConfigured() bool

MultiNetworkConfigured determines if we have gateways to use for building cross-network endpoints.

type EndpointH2TunnelApplier Uses

type EndpointH2TunnelApplier struct{}

func (*EndpointH2TunnelApplier) ApplyTunnel Uses

func (t *EndpointH2TunnelApplier) ApplyTunnel(lep *endpoint.LbEndpoint, tunnelType networking.TunnelType) (*endpoint.LbEndpoint, error)

TODO(lambdai): Set original port if the default cluster original port is not the same.

type EndpointNoTunnelApplier Uses

type EndpointNoTunnelApplier struct{}

func (*EndpointNoTunnelApplier) ApplyTunnel Uses

func (t *EndpointNoTunnelApplier) ApplyTunnel(lep *endpoint.LbEndpoint, tunnelType networking.TunnelType) (*endpoint.LbEndpoint, error)

Note that this will not return error if another tunnel typs requested.

type EndpointShards Uses

type EndpointShards struct {

    // Shards is used to track the shards. EDS updates are grouped by shard.
    // Current implementation uses the registry name as key - in multicluster this is the
    // name of the k8s cluster, derived from the config (secret).
    Shards map[string][]*model.IstioEndpoint

    // ServiceAccounts has the concatenation of all service accounts seen so far in endpoints.
    // This is updated on push, based on shards. If the previous list is different than
    // current list, a full push will be forced, to trigger a secure naming update.
    // Due to the larger time, it is still possible that connection errors will occur while
    // CDS is updated.
    ServiceAccounts sets.Set
    // contains filtered or unexported fields

EndpointShards holds the set of endpoint shards of a service. Registries update individual shards incrementally. The shards are aggregated and split into clusters when a push for the specific cluster is needed.

type EndpointTunnelApplier Uses

type EndpointTunnelApplier interface {
    // Mutate LbEndpoint in place. Return non-nil on failure.
    ApplyTunnel(lep *endpoint.LbEndpoint, tunnelType networking.TunnelType) (*endpoint.LbEndpoint, error)

TODO(lambdai): Receive port value(15009 by default), builder to cover wide cases.

func MakeTunnelApplier Uses

func MakeTunnelApplier(le *endpoint.LbEndpoint, tunnelOpt networking.TunnelAbility) EndpointTunnelApplier

Return prefer H2 tunnel metadata.

type Event Uses

type Event struct {
    // contains filtered or unexported fields

Event represents a config or registry event that results in a push.

type EventType Uses

type EventType = string

EventType represents the type of object we are tracking, mapping to envoy TypeUrl.

type FakeDiscoveryServer Uses

type FakeDiscoveryServer struct {

    Discovery *DiscoveryServer
    Listener  *bufconn.Listener

    KubeRegistry *kube.FakeController
    // contains filtered or unexported fields

func NewFakeDiscoveryServer Uses

func NewFakeDiscoveryServer(t test.Failer, opts FakeOptions) *FakeDiscoveryServer

func (*FakeDiscoveryServer) Connect Uses

func (f *FakeDiscoveryServer) Connect(p *model.Proxy, watch []string, wait []string) *adsc.ADSC

Connect starts an ADS connection to the server using adsc. It will automatically be cleaned up when the test ends watch can be configured to determine the resources to watch initially, and wait can be configured to determine what resources we should initially wait for.

func (*FakeDiscoveryServer) ConnectADS Uses

func (f *FakeDiscoveryServer) ConnectADS() *AdsTest

ConnectADS starts an ADS connection to the server. It will automatically be cleaned up when the test ends

func (*FakeDiscoveryServer) Endpoints Uses

func (f *FakeDiscoveryServer) Endpoints(p *model.Proxy) []*endpoint.ClusterLoadAssignment

func (*FakeDiscoveryServer) KubeClient Uses

func (f *FakeDiscoveryServer) KubeClient() kubelib.Client

func (*FakeDiscoveryServer) PushContext Uses

func (f *FakeDiscoveryServer) PushContext() *model.PushContext

type FakeOptions Uses

type FakeOptions struct {
    // If provided, a service registry with the name of each map key will be created with the given objects.
    KubernetesObjectsByCluster map[string][]runtime.Object
    // If provided, these objects will be used directly for the default cluster ("Kubernetes")
    KubernetesObjects []runtime.Object
    // If provided, the yaml string will be parsed and used as objects for the default cluster ("Kubernetes")
    KubernetesObjectString string
    // Endpoint mode for the Kubernetes service registry
    KubernetesEndpointMode kube.EndpointMode
    // If provided, these configs will be used directly
    Configs []config.Config
    // If provided, the yaml string will be parsed and used as configs
    ConfigString string
    // If provided, the ConfigString will be treated as a go template, with this as input params
    ConfigTemplateInput interface{}
    // If provided, this mesh config will be used
    MeshConfig      *meshconfig.MeshConfig
    NetworksWatcher mesh.NetworksWatcher

    // Time to debounce
    // By default, set to 0s to speed up tests
    DebounceTime time.Duration

type IstioControlPlaneInstance Uses

type IstioControlPlaneInstance struct {
    // The Istio component type (e.g. "istiod")
    Component string
    // The ID of the component instance
    ID  string
    // The Istio version
    Info istioversion.BuildInfo

IstioControlPlaneInstance defines the format Istio uses for when creating Envoy config.core.v3.ControlPlane.identifier

type LdsGenerator Uses

type LdsGenerator struct {
    Server *DiscoveryServer

func (LdsGenerator) Generate Uses

func (l LdsGenerator) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, req *model.PushRequest) (model.Resources, error)

type LocLbEndpointsAndOptions Uses

type LocLbEndpointsAndOptions struct {
    // contains filtered or unexported fields

func (*LocLbEndpointsAndOptions) AssertInvarianceInTest Uses

func (e *LocLbEndpointsAndOptions) AssertInvarianceInTest()

type NdsGenerator Uses

type NdsGenerator struct {
    Server *DiscoveryServer

Nds stands for Name Discovery Service. Istio agents send NDS requests to istiod istiod responds with a list of service entries and their associated IPs (including k8s services) The agent then updates its internal DNS based on this data. If DNS capture is enabled in the pod the agent will capture all DNS requests and attempt to resolve locally before forwarding to upstream dns servers/

func (NdsGenerator) Generate Uses

func (n NdsGenerator) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, req *model.PushRequest) (model.Resources, error)

type ProxyGen Uses

type ProxyGen struct {
    // contains filtered or unexported fields

ProxyGen implements a proxy generator - any request is forwarded using the agent ADSC connection. Responses are forwarded back on the connection that they are received.

func (*ProxyGen) AddClient Uses

func (p *ProxyGen) AddClient(adsc *adsc.ADSC)

func (*ProxyGen) Close Uses

func (p *ProxyGen) Close()

func (*ProxyGen) Generate Uses

func (p *ProxyGen) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, updates *model.PushRequest) (model.Resources, error)

Generate will forward the request to all remote XDS servers. Responses will be forwarded back to the client.

TODO: allow clients to indicate which requests they handle ( similar with topic )

func (*ProxyGen) HandleResponse Uses

func (p *ProxyGen) HandleResponse(con *adsc.ADSC, res *discovery.DiscoveryResponse)

HandleResponse will dispatch a response from a federated XDS server to all connections listening for that type.

type PushContextDebug Uses

type PushContextDebug struct {
    AuthorizationPolicies *model.AuthorizationPolicies
    NetworkGateways       map[string][]*model.Gateway

PushContextDebug holds debug information for push context.

type PushQueue Uses

type PushQueue struct {
    // contains filtered or unexported fields

func NewPushQueue Uses

func NewPushQueue() *PushQueue

func (*PushQueue) Dequeue Uses

func (p *PushQueue) Dequeue() (con *Connection, request *model.PushRequest, shutdown bool)

Remove a proxy from the queue. If there are no proxies ready to be removed, this will block

func (*PushQueue) Enqueue Uses

func (p *PushQueue) Enqueue(con *Connection, pushRequest *model.PushRequest)

Enqueue will mark a proxy as pending a push. If it is already pending, pushInfo will be merged. ServiceEntry updates will be added together, and full will be set if either were full

func (*PushQueue) MarkDone Uses

func (p *PushQueue) MarkDone(con *Connection)

func (*PushQueue) Pending Uses

func (p *PushQueue) Pending() int

Get number of pending proxies

func (*PushQueue) ShutDown Uses

func (p *PushQueue) ShutDown()

ShutDown will cause queue to ignore all new items added to it. As soon as the worker goroutines have drained the existing items in the queue, they will be instructed to exit.

type RdsGenerator Uses

type RdsGenerator struct {
    Server *DiscoveryServer

func (RdsGenerator) Generate Uses

func (c RdsGenerator) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, req *model.PushRequest) (model.Resources, error)

type SecretGen Uses

type SecretGen struct {
    // contains filtered or unexported fields

func NewSecretGen Uses

func NewSecretGen(sc secrets.MulticlusterController, cache model.XdsCache) *SecretGen

func (*SecretGen) Generate Uses

func (s *SecretGen) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, req *model.PushRequest) (model.Resources, error)

type SecretResource Uses

type SecretResource struct {
    Type         string
    Name         string
    Namespace    string
    ResourceName string

func (SecretResource) Cacheable Uses

func (sr SecretResource) Cacheable() bool

func (SecretResource) DependentConfigs Uses

func (sr SecretResource) DependentConfigs() []model.ConfigKey

func (SecretResource) Key Uses

func (sr SecretResource) Key() string

type SimpleServer Uses

type SimpleServer struct {
    // DiscoveryServer is the gRPC XDS implementation
    // Env and MemRegistry are available as fields, as well as the default
    // PushContext.
    DiscoveryServer *DiscoveryServer

    // MemoryStore is an in-memory config store, part of the aggregate store
    // used by the discovery server.
    MemoryConfigStore model.IstioConfigStore

    // GRPCListener is the listener used for GRPC. For agent it is
    // an insecure port, bound to
    GRPCListener net.Listener

    ConfigStoreCache model.ConfigStoreCache
    // contains filtered or unexported fields

Server represents the XDS serving feature of Istiod (pilot). Unlike bootstrap/, this packet has no dependencies on K8S, CA, and other features. It'll be used initially in the istio-agent, to provide a minimal proxy while reusing the same code as istiod. Portions of the code will also be used in istiod - after it becomes stable the plan is to refactor bootstrap to use this code instead of directly bootstrapping XDS.

The server support proxy/federation of multiple sources - last part or parity with MCP/Galley and MCP-over-XDS.

func NewXDS Uses

func NewXDS(stop chan struct{}) *SimpleServer

Creates an basic, functional discovery server, using the same code as Istiod, but backed by an in-memory config and endpoint stores.

Can be used in tests, or as a minimal XDS discovery server with no dependency on K8S or the complex bootstrap used by Istiod. A memory registry and memory config store are used to generate the configs - they can be programmatically updated.

func (*SimpleServer) NewProxy Uses

func (s *SimpleServer) NewProxy() *ProxyGen

func (*SimpleServer) StartGRPC Uses

func (s *SimpleServer) StartGRPC(addr string) error

type StatusGen Uses

type StatusGen struct {
    Server *DiscoveryServer

StatusGen is a Generator for XDS status: connections, syncz, configdump

func NewStatusGen Uses

func NewStatusGen(s *DiscoveryServer) *StatusGen

func (*StatusGen) Generate Uses

func (sg *StatusGen) Generate(proxy *model.Proxy, push *model.PushContext, w *model.WatchedResource, updates *model.PushRequest) (model.Resources, error)

Generate XDS responses about internal events: - connection status - NACKs We can also expose ACKS.

func (*StatusGen) OnConnect Uses

func (sg *StatusGen) OnConnect(con *Connection)

func (*StatusGen) OnDisconnect Uses

func (sg *StatusGen) OnDisconnect(con *Connection)

func (*StatusGen) OnNack Uses

func (sg *StatusGen) OnNack(node *model.Proxy, dr *discovery.DiscoveryRequest)

type SyncStatus Uses

type SyncStatus struct {
    ProxyID       string `json:"proxy,omitempty"`
    ProxyVersion  string `json:"proxy_version,omitempty"`
    IstioVersion  string `json:"istio_version,omitempty"`
    ClusterSent   string `json:"cluster_sent,omitempty"`
    ClusterAcked  string `json:"cluster_acked,omitempty"`
    ListenerSent  string `json:"listener_sent,omitempty"`
    ListenerAcked string `json:"listener_acked,omitempty"`
    RouteSent     string `json:"route_sent,omitempty"`
    RouteAcked    string `json:"route_acked,omitempty"`
    EndpointSent  string `json:"endpoint_sent,omitempty"`
    EndpointAcked string `json:"endpoint_acked,omitempty"`

SyncStatus is the synchronization status between Pilot and a given Envoy

type SyncedVersions Uses

type SyncedVersions struct {
    ProxyID         string `json:"proxy,omitempty"`
    ClusterVersion  string `json:"cluster_acked,omitempty"`
    ListenerVersion string `json:"listener_acked,omitempty"`
    RouteVersion    string `json:"route_acked,omitempty"`

SyncedVersions shows what resourceVersion of a given resource has been acked by Envoy.



Package xds imports 88 packages (graph) and is imported by 14 packages. Updated 2021-01-26. Refresh now. Tools for package owners.