envoy

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 15, 2020 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// ServiceCertType is the prefix for the service certificate resource name. Example: "service-cert:webservice"
	ServiceCertType SDSCertType = "service-cert"

	// RootCertTypeForMTLSOutbound is the prefix for the mTLS root certificate resource name for upstream connectivity. Example: "root-cert-for-mtls-outbound:webservice"
	RootCertTypeForMTLSOutbound SDSCertType = "root-cert-for-mtls-outbound"

	// RootCertTypeForMTLSInbound is the prefix for the mTLS root certificate resource name for downstream connectivity. Example: "root-cert-for-mtls-inbound:webservice"
	RootCertTypeForMTLSInbound SDSCertType = "root-cert-for-mtls-inbound"

	// RootCertTypeForHTTPS is the prefix for the HTTPS root certificate resource name. Example: "root-cert-https:webservice"
	RootCertTypeForHTTPS SDSCertType = "root-cert-https"

	// Outbound refers to Envoy upstream connectivity direction for TLS certs
	Outbound SDSDirection = true

	// Inbound refers to Envoy downstream connectivity direction for TLS certs
	Inbound SDSDirection = false

	// Separator is the separator between the prefix and the name of the certificate.
	Separator = ":"

	// TransportProtocolTLS is the TLS transport protocol used in Envoy configurations
	TransportProtocolTLS = "tls"

	// OutboundPassthroughCluster is the outbound passthrough cluster name
	OutboundPassthroughCluster = "passthrough-outbound"
)

Variables

View Source 
var ALPNInMesh = []string{"osm"}

ALPNInMesh indicates that the proxy is connecting to an in-mesh destination. It is set as a part of configuring the UpstreamTLSContext.

View Source 
var ValidURI = map[string]TypeURI{
	string(TypeSDS):                TypeSDS,
	string(TypeCDS):                TypeCDS,
	string(TypeLDS):                TypeLDS,
	string(TypeRDS):                TypeRDS,
	string(TypeEDS):                TypeEDS,
	string(TypeUpstreamTLSContext): TypeUpstreamTLSContext,
	string(TypeZipkinConfig):       TypeZipkinConfig,
}

ValidURI defines valid URIs

View Source 
var (
	// XDSResponseOrder is the order in which we send xDS responses: CDS, EDS, LDS, RDS
	// See: https://github.com/envoyproxy/go-control-plane/issues/59
	XDSResponseOrder = []TypeURI{TypeCDS, TypeEDS, TypeLDS, TypeRDS, TypeSDS}
)

Functions

func GetADSConfigSource 

func GetADSConfigSource() *xds_core.ConfigSource

GetADSConfigSource creates an Envoy ConfigSource struct.

func GetAccessLog 

func GetAccessLog() []*xds_accesslog_filter.AccessLog

GetAccessLog creates an Envoy AccessLog struct.

func GetAddress 

func GetAddress(address string, port uint32) *xds_core.Address

GetAddress creates an Envoy Address struct.

func GetDownstreamTLSContext 

func GetDownstreamTLSContext(upstreamSvc service.MeshService, mTLS bool) *xds_auth.DownstreamTlsContext

GetDownstreamTLSContext creates a downstream Envoy TLS Context

func GetEnvoyServiceNodeID added in v0.6.0 

func GetEnvoyServiceNodeID(nodeID string) string

GetEnvoyServiceNodeID creates the string for Envoy's "--service-node" CLI argument for the Kubernetes sidecar container Command/Args

func GetLocalClusterNameForService added in v0.6.0 

func GetLocalClusterNameForService(proxyService service.MeshService) string

GetLocalClusterNameForService returns the name of the local cluster for the given service. The local cluster refers to the cluster corresponding to the service the proxy is fronting, accessible over localhost by the proxy.

func GetLocalClusterNameForServiceCluster added in v0.6.0 

func GetLocalClusterNameForServiceCluster(clusterName string) string

GetLocalClusterNameForServiceCluster returns the name of the local cluster for the given service cluster. The local cluster refers to the cluster corresponding to the service the proxy is fronting, accessible over localhost by the proxy.

func GetTLSParams 

func GetTLSParams() *xds_auth.TlsParameters

GetTLSParams creates Envoy TlsParameters struct.

func GetUpstreamTLSContext 

func GetUpstreamTLSContext(downstreamSvc, upstreamSvc service.MeshService) *xds_auth.UpstreamTlsContext

GetUpstreamTLSContext creates an upstream Envoy TLS Context for the given downstream and upstream service pair

Types

type PodMetadata added in v0.6.0 

type PodMetadata struct {
	UID            string
	Namespace      string
	IP             string
	ServiceAccount string
	Cluster        string
	EnvoyNodeID    string
}

PodMetadata is a struct holding information on the Pod on which a given Envoy proxy is installed This struct is initialized *eventually*, when the metadata arrives via xDS.

func ParseEnvoyServiceNodeID added in v0.6.0 

func ParseEnvoyServiceNodeID(serviceNodeID string) (*PodMetadata, error)

ParseEnvoyServiceNodeID parses the given Envoy service node ID and returns the encoded metadata

type Proxy 

type Proxy struct {
	certificate.CommonName
	net.Addr

	// Records metadata around the Kubernetes Pod on which this Envoy Proxy is installed.
	// This could be nil if the Envoy is not operating in a Kubernetes cluster (VM for example)
	// NOTE: This field may be not be set at the time Proxy struct is initialized. This would
	// eventually be set when the metadata arrives via the xDS protocol.
	PodMetadata *PodMetadata
	// contains filtered or unexported fields
}

Proxy is a representation of an Envoy proxy connected to the xDS server. This should at some point have a 1:1 match to an Endpoint (which is a member of a meshed service).

func NewProxy 

func NewProxy(cn certificate.CommonName, ip net.Addr) *Proxy

NewProxy creates a new instance of an Envoy proxy connected to the xDS servers.

func (Proxy) GetAnnouncementsChannel 

func (p Proxy) GetAnnouncementsChannel() chan announcements.Announcement

GetAnnouncementsChannel returns the announcement channel for the given Envoy proxy.

func (Proxy) GetCommonName 

func (p Proxy) GetCommonName() certificate.CommonName

GetCommonName returns the Subject Common Name from the mTLS certificate of the Envoy proxy connected to xDS.

func (Proxy) GetConnectedAt 

func (p Proxy) GetConnectedAt() time.Time

GetConnectedAt returns the timestamp of when the given proxy connected to the control plane.

func (Proxy) GetIP 

func (p Proxy) GetIP() net.Addr

GetIP returns the IP address of the Envoy proxy connected to xDS.

func (Proxy) GetLastAppliedVersion 

func (p Proxy) GetLastAppliedVersion(typeURI TypeURI) uint64

GetLastAppliedVersion returns the last version successfully applied to the given Envoy proxy.

func (*Proxy) GetLastSentNonce 

func (p *Proxy) GetLastSentNonce(typeURI TypeURI) string

GetLastSentNonce returns last sent nonce.

func (Proxy) GetLastSentVersion 

func (p Proxy) GetLastSentVersion(typeURI TypeURI) uint64

GetLastSentVersion returns the last sent version.

func (*Proxy) HasPodMetadata added in v0.6.0 

func (p *Proxy) HasPodMetadata() bool

HasPodMetadata answers the question - has the Pod metadata been recorded for the given Envoy proxy

func (*Proxy) IncrementLastSentVersion 

func (p *Proxy) IncrementLastSentVersion(typeURI TypeURI) uint64

IncrementLastSentVersion increments last sent version.

func (*Proxy) SetLastAppliedVersion 

func (p *Proxy) SetLastAppliedVersion(typeURI TypeURI, version uint64)

SetLastAppliedVersion records the version of the given Envoy proxy that was last acknowledged.

func (*Proxy) SetLastSentVersion 

func (p *Proxy) SetLastSentVersion(typeURI TypeURI, ver uint64)

SetLastSentVersion records the version of the given config last sent to the proxy.

func (*Proxy) SetNewNonce 

func (p *Proxy) SetNewNonce(typeURI TypeURI) string

SetNewNonce sets and returns a new nonce.

func (Proxy) String 

func (p Proxy) String() string

String returns the CommonName of the proxy.

type SDSCert 

type SDSCert struct {
	// MeshService is a service within the mesh
	MeshService service.MeshService

	// CertType is the certificate type
	CertType SDSCertType
}

SDSCert is only used to interface the naming and related functions to Marshal/Unmarshal a resource name, this avoids having sprintf/parsing logic all over the place

func UnmarshalSDSCert 

func UnmarshalSDSCert(str string) (*SDSCert, error)

UnmarshalSDSCert parses and returns Certificate type and a service given a correctly formatted string, otherwise returns error

func (SDSCert) String 

func (sdsc SDSCert) String() string

String is a common facility/interface to generate a string resource name out of a SDSCert This is to keep the sprintf logic and/or separators used agnostic to other modules

type SDSCertType 

type SDSCertType string

SDSCertType is a type of a certificate requested by an Envoy proxy via SDS.

func (SDSCertType) String 

func (ct SDSCertType) String() string

type SDSDirection 

type SDSDirection bool

SDSDirection is a type to identify TLS certificate connectivity direction.

type TypeURI 

type TypeURI string

TypeURI is a string describing the Envoy xDS payload. 

const (
	// TypeSDS is the SDS type URI.
	TypeSDS TypeURI = "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret"

	// TypeCDS is the CDS type URI.
	TypeCDS TypeURI = "type.googleapis.com/envoy.config.cluster.v3.Cluster"

	// TypeLDS is the LDS type URI.
	TypeLDS TypeURI = "type.googleapis.com/envoy.config.listener.v3.Listener"

	// TypeRDS is the RDS type URI.
	TypeRDS TypeURI = "type.googleapis.com/envoy.config.route.v3.RouteConfiguration"

	// TypeEDS is the EDS type URI.
	TypeEDS TypeURI = "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment"

	// TypeUpstreamTLSContext is an Envoy type URI.
	TypeUpstreamTLSContext TypeURI = "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext"

	// TypeZipkinConfig is an Envoy type URI.
	TypeZipkinConfig TypeURI = "type.googleapis.com/envoy.config.trace.v3.ZipkinConfig"
)

func (TypeURI) String 

func (t TypeURI) String() string

Source Files

View all Source files

Directories

Path Synopsis
Package rbac implements Envoy XDS RBAC policies.
 Package rbac implements Envoy XDS RBAC policies.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.