grpc
/
grpc-java
mirror of https://github.com/grpc/grpc-java.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

xds: add xDS v3 protos in preparation for agentless security (#7091)

This commit is contained in:
sanjaypujare 2020-06-04 10:03:33 -07:00 committed by GitHub
parent c551fe3807
commit 2740901673
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
33 changed files with 6645 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
xds/third_party/envoy/import.sh vendored
View File

@ -58,23 +58,53 @@ envoy/api/v2/route/route.proto
envoy/api/v2/route/route_components.proto envoy/api/v2/route/route_components.proto
envoy/api/v2/scoped_route.proto envoy/api/v2/scoped_route.proto
envoy/api/v2/srds.proto envoy/api/v2/srds.proto
envoy/config/accesslog/v3/accesslog.proto
envoy/config/cluster/v3/circuit_breaker.proto
envoy/config/cluster/v3/cluster.proto
envoy/config/cluster/v3/filter.proto
envoy/config/cluster/v3/outlier_detection.proto
envoy/config/core/v3/address.proto
envoy/config/core/v3/backoff.proto
envoy/config/core/v3/base.proto
envoy/config/core/v3/config_source.proto
envoy/config/core/v3/grpc_service.proto
envoy/config/core/v3/health_check.proto
envoy/config/core/v3/http_uri.proto
envoy/config/core/v3/protocol.proto
envoy/config/core/v3/socket_option.proto
envoy/config/endpoint/v3/endpoint.proto
envoy/config/endpoint/v3/endpoint_components.proto
envoy/config/filter/accesslog/v2/accesslog.proto envoy/config/filter/accesslog/v2/accesslog.proto
envoy/config/filter/fault/v2/fault.proto envoy/config/filter/fault/v2/fault.proto
envoy/config/filter/http/fault/v2/fault.proto envoy/config/filter/http/fault/v2/fault.proto
envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto
envoy/config/listener/v2/api_listener.proto envoy/config/listener/v2/api_listener.proto
envoy/config/listener/v3/api_listener.proto
envoy/config/listener/v3/listener.proto
envoy/config/listener/v3/listener_components.proto
envoy/config/listener/v3/udp_listener_config.proto
envoy/config/route/v3/route_components.proto
envoy/config/trace/v2/trace.proto envoy/config/trace/v2/trace.proto
envoy/extensions/transport_sockets/tls/v3/cert.proto
envoy/service/discovery/v2/ads.proto envoy/service/discovery/v2/ads.proto
envoy/service/discovery/v2/sds.proto envoy/service/discovery/v2/sds.proto
envoy/service/load_stats/v2/lrs.proto envoy/service/load_stats/v2/lrs.proto
envoy/type/http.proto envoy/type/http.proto
envoy/type/matcher/regex.proto envoy/type/matcher/regex.proto
envoy/type/matcher/string.proto envoy/type/matcher/string.proto
envoy/type/matcher/v3/regex.proto
envoy/type/matcher/v3/string.proto
envoy/type/metadata/v2/metadata.proto envoy/type/metadata/v2/metadata.proto
envoy/type/metadata/v3/metadata.proto
envoy/type/percent.proto envoy/type/percent.proto
envoy/type/range.proto envoy/type/range.proto
envoy/type/semantic_version.proto envoy/type/semantic_version.proto
envoy/type/tracing/v2/custom_tag.proto envoy/type/tracing/v2/custom_tag.proto
envoy/type/tracing/v3/custom_tag.proto
envoy/type/v3/http.proto
envoy/type/v3/percent.proto
envoy/type/v3/range.proto
envoy/type/v3/semantic_version.proto
) )
pushd `git rev-parse --show-toplevel`/xds/third_party/envoy pushd `git rev-parse --show-toplevel`/xds/third_party/envoy

298
xds/third_party/envoy/src/main/proto/envoy/config/accesslog/v3/accesslog.proto vendored Normal file
View File

@ -0,0 +1,298 @@
syntax = "proto3";
package envoy.config.accesslog.v3;
import "envoy/config/core/v3/base.proto";
import "envoy/config/route/v3/route_components.proto";
import "envoy/type/v3/percent.proto";
import "google/protobuf/any.proto";
import "google/protobuf/struct.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.accesslog.v3";
option java_outer_classname = "AccesslogProto";
option java_multiple_files = true;
// [#protodoc-title: Common access log types]
message AccessLog {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.AccessLog";
reserved 3;
reserved "config";
// The name of the access log implementation to instantiate. The name must
// match a statically registered access log. Current built-in loggers include:
//
// #. "envoy.access_loggers.file"
// #. "envoy.access_loggers.http_grpc"
// #. "envoy.access_loggers.tcp_grpc"
string name = 1;
// Filter which is used to determine if the access log needs to be written.
AccessLogFilter filter = 2;
// Custom configuration that depends on the access log being instantiated. Built-in
// configurations include:
//
// #. "envoy.access_loggers.file": :ref:`FileAccessLog
// <envoy_api_msg_extensions.access_loggers.file.v3.FileAccessLog>`
// #. "envoy.access_loggers.http_grpc": :ref:`HttpGrpcAccessLogConfig
// <envoy_api_msg_extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig>`
// #. "envoy.access_loggers.tcp_grpc": :ref:`TcpGrpcAccessLogConfig
// <envoy_api_msg_extensions.access_loggers.grpc.v3.TcpGrpcAccessLogConfig>`
oneof config_type {
google.protobuf.Any typed_config = 4;
}
}
// [#next-free-field: 12]
message AccessLogFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.AccessLogFilter";
oneof filter_specifier {
option (validate.required) = true;
// Status code filter.
StatusCodeFilter status_code_filter = 1;
// Duration filter.
DurationFilter duration_filter = 2;
// Not health check filter.
NotHealthCheckFilter not_health_check_filter = 3;
// Traceable filter.
TraceableFilter traceable_filter = 4;
// Runtime filter.
RuntimeFilter runtime_filter = 5;
// And filter.
AndFilter and_filter = 6;
// Or filter.
OrFilter or_filter = 7;
// Header filter.
HeaderFilter header_filter = 8;
// Response flag filter.
ResponseFlagFilter response_flag_filter = 9;
// gRPC status filter.
GrpcStatusFilter grpc_status_filter = 10;
// Extension filter.
ExtensionFilter extension_filter = 11;
}
}
// Filter on an integer comparison.
message ComparisonFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.ComparisonFilter";
enum Op {
// =
EQ = 0;
// >=
GE = 1;
// <=
LE = 2;
}
// Comparison operator.
Op op = 1 [(validate.rules).enum = {defined_only: true}];
// Value to compare against.
core.v3.RuntimeUInt32 value = 2;
}
// Filters on HTTP response/status code.
message StatusCodeFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.StatusCodeFilter";
// Comparison.
ComparisonFilter comparison = 1 [(validate.rules).message = {required: true}];
}
// Filters on total request duration in milliseconds.
message DurationFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.DurationFilter";
// Comparison.
ComparisonFilter comparison = 1 [(validate.rules).message = {required: true}];
}
// Filters for requests that are not health check requests. A health check
// request is marked by the health check filter.
message NotHealthCheckFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.NotHealthCheckFilter";
}
// Filters for requests that are traceable. See the tracing overview for more
// information on how a request becomes traceable.
message TraceableFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.TraceableFilter";
}
// Filters for random sampling of requests.
message RuntimeFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.RuntimeFilter";
// Runtime key to get an optional overridden numerator for use in the *percent_sampled* field.
// If found in runtime, this value will replace the default numerator.
string runtime_key = 1 [(validate.rules).string = {min_bytes: 1}];
// The default sampling percentage. If not specified, defaults to 0% with denominator of 100.
type.v3.FractionalPercent percent_sampled = 2;
// By default, sampling pivots on the header
// :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` being present. If
// :ref:`x-request-id<config_http_conn_man_headers_x-request-id>` is present, the filter will
// consistently sample across multiple hosts based on the runtime key value and the value
// extracted from :ref:`x-request-id<config_http_conn_man_headers_x-request-id>`. If it is
// missing, or *use_independent_randomness* is set to true, the filter will randomly sample based
// on the runtime key value alone. *use_independent_randomness* can be used for logging kill
// switches within complex nested :ref:`AndFilter
// <envoy_api_msg_config.accesslog.v3.AndFilter>` and :ref:`OrFilter
// <envoy_api_msg_config.accesslog.v3.OrFilter>` blocks that are easier to reason about
// from a probability perspective (i.e., setting to true will cause the filter to behave like
// an independent random variable when composed within logical operator filters).
bool use_independent_randomness = 3;
}
// Performs a logical and operation on the result of each filter in filters.
// Filters are evaluated sequentially and if one of them returns false, the
// filter returns false immediately.
message AndFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.AndFilter";
repeated AccessLogFilter filters = 1 [(validate.rules).repeated = {min_items: 2}];
}
// Performs a logical or operation on the result of each individual filter.
// Filters are evaluated sequentially and if one of them returns true, the
// filter returns true immediately.
message OrFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.OrFilter";
repeated AccessLogFilter filters = 2 [(validate.rules).repeated = {min_items: 2}];
}
// Filters requests based on the presence or value of a request header.
message HeaderFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.HeaderFilter";
// Only requests with a header which matches the specified HeaderMatcher will pass the filter
// check.
route.v3.HeaderMatcher header = 1 [(validate.rules).message = {required: true}];
}
// Filters requests that received responses with an Envoy response flag set.
// A list of the response flags can be found
// in the access log formatter :ref:`documentation<config_access_log_format_response_flags>`.
message ResponseFlagFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.ResponseFlagFilter";
// Only responses with the any of the flags listed in this field will be logged.
// This field is optional. If it is not specified, then any response flag will pass
// the filter check.
repeated string flags = 1 [(validate.rules).repeated = {
items {
string {
in: "LH"
in: "UH"
in: "UT"
in: "LR"
in: "UR"
in: "UF"
in: "UC"
in: "UO"
in: "NR"
in: "DI"
in: "FI"
in: "RL"
in: "UAEX"
in: "RLSE"
in: "DC"
in: "URX"
in: "SI"
in: "IH"
in: "DPE"
}
}
}];
}
// Filters gRPC requests based on their response status. If a gRPC status is not provided, the
// filter will infer the status from the HTTP status code.
message GrpcStatusFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.GrpcStatusFilter";
enum Status {
OK = 0;
CANCELED = 1;
UNKNOWN = 2;
INVALID_ARGUMENT = 3;
DEADLINE_EXCEEDED = 4;
NOT_FOUND = 5;
ALREADY_EXISTS = 6;
PERMISSION_DENIED = 7;
RESOURCE_EXHAUSTED = 8;
FAILED_PRECONDITION = 9;
ABORTED = 10;
OUT_OF_RANGE = 11;
UNIMPLEMENTED = 12;
INTERNAL = 13;
UNAVAILABLE = 14;
DATA_LOSS = 15;
UNAUTHENTICATED = 16;
}
// Logs only responses that have any one of the gRPC statuses in this field.
repeated Status statuses = 1 [(validate.rules).repeated = {items {enum {defined_only: true}}}];
// If included and set to true, the filter will instead block all responses with a gRPC status or
// inferred gRPC status enumerated in statuses, and allow all other responses.
bool exclude = 2;
}
// Extension filter is statically registered at runtime.
message ExtensionFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.filter.accesslog.v2.ExtensionFilter";
reserved 2;
reserved "config";
// The name of the filter implementation to instantiate. The name must
// match a statically registered filter.
string name = 1;
// Custom configuration that depends on the filter being instantiated.
oneof config_type {
google.protobuf.Any typed_config = 3;
}
}

104
xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/circuit_breaker.proto vendored Normal file
View File

@ -0,0 +1,104 @@
syntax = "proto3";
package envoy.config.cluster.v3;
import "envoy/config/core/v3/base.proto";
import "envoy/type/v3/percent.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.cluster.v3";
option java_outer_classname = "CircuitBreakerProto";
option java_multiple_files = true;
// [#protodoc-title: Circuit breakers]
// :ref:`Circuit breaking<arch_overview_circuit_break>` settings can be
// specified individually for each defined priority.
message CircuitBreakers {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.cluster.CircuitBreakers";
// A Thresholds defines CircuitBreaker settings for a
// :ref:`RoutingPriority<envoy_api_enum_config.core.v3.RoutingPriority>`.
// [#next-free-field: 9]
message Thresholds {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.cluster.CircuitBreakers.Thresholds";
message RetryBudget {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.cluster.CircuitBreakers.Thresholds.RetryBudget";
// Specifies the limit on concurrent retries as a percentage of the sum of active requests and
// active pending requests. For example, if there are 100 active requests and the
// budget_percent is set to 25, there may be 25 active retries.
//
// This parameter is optional. Defaults to 20%.
type.v3.Percent budget_percent = 1;
// Specifies the minimum retry concurrency allowed for the retry budget. The limit on the
// number of active retries may never go below this number.
//
// This parameter is optional. Defaults to 3.
google.protobuf.UInt32Value min_retry_concurrency = 2;
}
// The :ref:`RoutingPriority<envoy_api_enum_config.core.v3.RoutingPriority>`
// the specified CircuitBreaker settings apply to.
core.v3.RoutingPriority priority = 1 [(validate.rules).enum = {defined_only: true}];
// The maximum number of connections that Envoy will make to the upstream
// cluster. If not specified, the default is 1024.
google.protobuf.UInt32Value max_connections = 2;
// The maximum number of pending requests that Envoy will allow to the
// upstream cluster. If not specified, the default is 1024.
google.protobuf.UInt32Value max_pending_requests = 3;
// The maximum number of parallel requests that Envoy will make to the
// upstream cluster. If not specified, the default is 1024.
google.protobuf.UInt32Value max_requests = 4;
// The maximum number of parallel retries that Envoy will allow to the
// upstream cluster. If not specified, the default is 3.
google.protobuf.UInt32Value max_retries = 5;
// Specifies a limit on concurrent retries in relation to the number of active requests. This
// parameter is optional.
//
// .. note::
//
// If this field is set, the retry budget will override any configured retry circuit
// breaker.
RetryBudget retry_budget = 8;
// If track_remaining is true, then stats will be published that expose
// the number of resources remaining until the circuit breakers open. If
// not specified, the default is false.
//
// .. note::
//
// If a retry budget is used in lieu of the max_retries circuit breaker,
// the remaining retry resources remaining will not be tracked.
bool track_remaining = 6;
// The maximum number of connection pools per cluster that Envoy will concurrently support at
// once. If not specified, the default is unlimited. Set this for clusters which create a
// large number of connection pools. See
// :ref:`Circuit Breaking <arch_overview_circuit_break_cluster_maximum_connection_pools>` for
// more details.
google.protobuf.UInt32Value max_connection_pools = 7;
}
// If multiple :ref:`Thresholds<envoy_api_msg_config.cluster.v3.CircuitBreakers.Thresholds>`
// are defined with the same :ref:`RoutingPriority<envoy_api_enum_config.core.v3.RoutingPriority>`,
// the first one in the list is used. If no Thresholds is defined for a given
// :ref:`RoutingPriority<envoy_api_enum_config.core.v3.RoutingPriority>`, the default values
// are used.
repeated Thresholds thresholds = 1;
}

856
xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/cluster.proto vendored Normal file
View File

@ -0,0 +1,856 @@
syntax = "proto3";
package envoy.config.cluster.v3;
import "envoy/config/cluster/v3/circuit_breaker.proto";
import "envoy/config/cluster/v3/filter.proto";
import "envoy/config/cluster/v3/outlier_detection.proto";
import "envoy/config/core/v3/address.proto";
import "envoy/config/core/v3/base.proto";
import "envoy/config/core/v3/config_source.proto";
import "envoy/config/core/v3/health_check.proto";
import "envoy/config/core/v3/protocol.proto";
import "envoy/config/endpoint/v3/endpoint.proto";
import "envoy/type/v3/percent.proto";
import "google/protobuf/any.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/versioning.proto";
import "envoy/annotations/deprecation.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.cluster.v3";
option java_outer_classname = "ClusterProto";
option java_multiple_files = true;
// [#protodoc-title: Cluster configuration]
// Configuration for a single upstream cluster.
// [#next-free-field: 48]
message Cluster {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster";
// Refer to :ref:`service discovery type <arch_overview_service_discovery_types>`
// for an explanation on each type.
enum DiscoveryType {
// Refer to the :ref:`static discovery type<arch_overview_service_discovery_types_static>`
// for an explanation.
STATIC = 0;
// Refer to the :ref:`strict DNS discovery
// type<arch_overview_service_discovery_types_strict_dns>`
// for an explanation.
STRICT_DNS = 1;
// Refer to the :ref:`logical DNS discovery
// type<arch_overview_service_discovery_types_logical_dns>`
// for an explanation.
LOGICAL_DNS = 2;
// Refer to the :ref:`service discovery type<arch_overview_service_discovery_types_eds>`
// for an explanation.
EDS = 3;
// Refer to the :ref:`original destination discovery
// type<arch_overview_service_discovery_types_original_destination>`
// for an explanation.
ORIGINAL_DST = 4;
}
// Refer to :ref:`load balancer type <arch_overview_load_balancing_types>` architecture
// overview section for information on each type.
enum LbPolicy {
reserved 4;
reserved "ORIGINAL_DST_LB";
// Refer to the :ref:`round robin load balancing
// policy<arch_overview_load_balancing_types_round_robin>`
// for an explanation.
ROUND_ROBIN = 0;
// Refer to the :ref:`least request load balancing
// policy<arch_overview_load_balancing_types_least_request>`
// for an explanation.
LEAST_REQUEST = 1;
// Refer to the :ref:`ring hash load balancing
// policy<arch_overview_load_balancing_types_ring_hash>`
// for an explanation.
RING_HASH = 2;
// Refer to the :ref:`random load balancing
// policy<arch_overview_load_balancing_types_random>`
// for an explanation.
RANDOM = 3;
// Refer to the :ref:`Maglev load balancing policy<arch_overview_load_balancing_types_maglev>`
// for an explanation.
MAGLEV = 5;
// This load balancer type must be specified if the configured cluster provides a cluster
// specific load balancer. Consult the configured cluster's documentation for whether to set
// this option or not.
CLUSTER_PROVIDED = 6;
// [#not-implemented-hide:] Use the new :ref:`load_balancing_policy
// <envoy_api_field_config.cluster.v3.Cluster.load_balancing_policy>` field to determine the LB policy.
// [#next-major-version: In the v3 API, we should consider deprecating the lb_policy field
// and instead using the new load_balancing_policy field as the one and only mechanism for
// configuring this.]
LOAD_BALANCING_POLICY_CONFIG = 7;
}
// When V4_ONLY is selected, the DNS resolver will only perform a lookup for
// addresses in the IPv4 family. If V6_ONLY is selected, the DNS resolver will
// only perform a lookup for addresses in the IPv6 family. If AUTO is
// specified, the DNS resolver will first perform a lookup for addresses in
// the IPv6 family and fallback to a lookup for addresses in the IPv4 family.
// For cluster types other than
// :ref:`STRICT_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>` and
// :ref:`LOGICAL_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`,
// this setting is
// ignored.
enum DnsLookupFamily {
AUTO = 0;
V4_ONLY = 1;
V6_ONLY = 2;
}
enum ClusterProtocolSelection {
// Cluster can only operate on one of the possible upstream protocols (HTTP1.1, HTTP2).
// If :ref:`http2_protocol_options <envoy_api_field_config.cluster.v3.Cluster.http2_protocol_options>` are
// present, HTTP2 will be used, otherwise HTTP1.1 will be used.
USE_CONFIGURED_PROTOCOL = 0;
// Use HTTP1.1 or HTTP2, depending on which one is used on the downstream connection.
USE_DOWNSTREAM_PROTOCOL = 1;
}
// TransportSocketMatch specifies what transport socket config will be used
// when the match conditions are satisfied.
message TransportSocketMatch {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Cluster.TransportSocketMatch";
// The name of the match, used in stats generation.
string name = 1 [(validate.rules).string = {min_len: 1}];
// Optional endpoint metadata match criteria.
// The connection to the endpoint with metadata matching what is set in this field
// will use the transport socket configuration specified here.
// The endpoint's metadata entry in *envoy.transport_socket_match* is used to match
// against the values specified in this field.
google.protobuf.Struct match = 2;
// The configuration of the transport socket.
core.v3.TransportSocket transport_socket = 3;
}
// Extended cluster type.
message CustomClusterType {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Cluster.CustomClusterType";
// The type of the cluster to instantiate. The name must match a supported cluster type.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
// Cluster specific configuration which depends on the cluster being instantiated.
// See the supported cluster for further documentation.
google.protobuf.Any typed_config = 2;
}
// Only valid when discovery type is EDS.
message EdsClusterConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Cluster.EdsClusterConfig";
// Configuration for the source of EDS updates for this Cluster.
core.v3.ConfigSource eds_config = 1;
// Optional alternative to cluster name to present to EDS. This does not
// have the same restrictions as cluster name, i.e. it may be arbitrary
// length.
string service_name = 2;
}
// Optionally divide the endpoints in this cluster into subsets defined by
// endpoint metadata and selected by route and weighted cluster metadata.
// [#next-free-field: 8]
message LbSubsetConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Cluster.LbSubsetConfig";
// If NO_FALLBACK is selected, a result
// equivalent to no healthy hosts is reported. If ANY_ENDPOINT is selected,
// any cluster endpoint may be returned (subject to policy, health checks,
// etc). If DEFAULT_SUBSET is selected, load balancing is performed over the
// endpoints matching the values from the default_subset field.
enum LbSubsetFallbackPolicy {
NO_FALLBACK = 0;
ANY_ENDPOINT = 1;
DEFAULT_SUBSET = 2;
}
// Specifications for subsets.
message LbSubsetSelector {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Cluster.LbSubsetConfig.LbSubsetSelector";
// Allows to override top level fallback policy per selector.
enum LbSubsetSelectorFallbackPolicy {
// If NOT_DEFINED top level config fallback policy is used instead.
NOT_DEFINED = 0;
// If NO_FALLBACK is selected, a result equivalent to no healthy hosts is reported.
NO_FALLBACK = 1;
// If ANY_ENDPOINT is selected, any cluster endpoint may be returned
// (subject to policy, health checks, etc).
ANY_ENDPOINT = 2;
// If DEFAULT_SUBSET is selected, load balancing is performed over the
// endpoints matching the values from the default_subset field.
DEFAULT_SUBSET = 3;
// If KEYS_SUBSET is selected, subset selector matching is performed again with metadata
// keys reduced to
// :ref:`fallback_keys_subset<envoy_api_field_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetSelector.fallback_keys_subset>`.
// It allows for a fallback to a different, less specific selector if some of the keys of
// the selector are considered optional.
KEYS_SUBSET = 4;
}
// List of keys to match with the weighted cluster metadata.
repeated string keys = 1;
// The behavior used when no endpoint subset matches the selected route's
// metadata.
LbSubsetSelectorFallbackPolicy fallback_policy = 2
[(validate.rules).enum = {defined_only: true}];
// Subset of
// :ref:`keys<envoy_api_field_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetSelector.keys>` used by
// :ref:`KEYS_SUBSET<envoy_api_enum_value_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetSelector.LbSubsetSelectorFallbackPolicy.KEYS_SUBSET>`
// fallback policy.
// It has to be a non empty list if KEYS_SUBSET fallback policy is selected.
// For any other fallback policy the parameter is not used and should not be set.
// Only values also present in
// :ref:`keys<envoy_api_field_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetSelector.keys>` are allowed, but
// `fallback_keys_subset` cannot be equal to `keys`.
repeated string fallback_keys_subset = 3;
}
// The behavior used when no endpoint subset matches the selected route's
// metadata. The value defaults to
// :ref:`NO_FALLBACK<envoy_api_enum_value_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetFallbackPolicy.NO_FALLBACK>`.
LbSubsetFallbackPolicy fallback_policy = 1 [(validate.rules).enum = {defined_only: true}];
// Specifies the default subset of endpoints used during fallback if
// fallback_policy is
// :ref:`DEFAULT_SUBSET<envoy_api_enum_value_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetFallbackPolicy.DEFAULT_SUBSET>`.
// Each field in default_subset is
// compared to the matching LbEndpoint.Metadata under the *envoy.lb*
// namespace. It is valid for no hosts to match, in which case the behavior
// is the same as a fallback_policy of
// :ref:`NO_FALLBACK<envoy_api_enum_value_config.cluster.v3.Cluster.LbSubsetConfig.LbSubsetFallbackPolicy.NO_FALLBACK>`.
google.protobuf.Struct default_subset = 2;
// For each entry, LbEndpoint.Metadata's
// *envoy.lb* namespace is traversed and a subset is created for each unique
// combination of key and value. For example:
//
// .. code-block:: json
//
// { "subset_selectors": [
// { "keys": [ "version" ] },
// { "keys": [ "stage", "hardware_type" ] }
// ]}
//
// A subset is matched when the metadata from the selected route and
// weighted cluster contains the same keys and values as the subset's
// metadata. The same host may appear in multiple subsets.
repeated LbSubsetSelector subset_selectors = 3;
// If true, routing to subsets will take into account the localities and locality weights of the
// endpoints when making the routing decision.
//
// There are some potential pitfalls associated with enabling this feature, as the resulting
// traffic split after applying both a subset match and locality weights might be undesirable.
//
// Consider for example a situation in which you have 50/50 split across two localities X/Y
// which have 100 hosts each without subsetting. If the subset LB results in X having only 1
// host selected but Y having 100, then a lot more load is being dumped on the single host in X
// than originally anticipated in the load balancing assignment delivered via EDS.
bool locality_weight_aware = 4;
// When used with locality_weight_aware, scales the weight of each locality by the ratio
// of hosts in the subset vs hosts in the original subset. This aims to even out the load
// going to an individual locality if said locality is disproportionately affected by the
// subset predicate.
bool scale_locality_weight = 5;
// If true, when a fallback policy is configured and its corresponding subset fails to find
// a host this will cause any host to be selected instead.
//
// This is useful when using the default subset as the fallback policy, given the default
// subset might become empty. With this option enabled, if that happens the LB will attempt
// to select a host from the entire cluster.
bool panic_mode_any = 6;
// If true, metadata specified for a metadata key will be matched against the corresponding
// endpoint metadata if the endpoint metadata matches the value exactly OR it is a list value
// and any of the elements in the list matches the criteria.
bool list_as_any = 7;
}
// Specific configuration for the LeastRequest load balancing policy.
message LeastRequestLbConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Cluster.LeastRequestLbConfig";
// The number of random healthy hosts from which the host with the fewest active requests will
// be chosen. Defaults to 2 so that we perform two-choice selection if the field is not set.
google.protobuf.UInt32Value choice_count = 1 [(validate.rules).uint32 = {gte: 2}];
}
// Specific configuration for the :ref:`RingHash<arch_overview_load_balancing_types_ring_hash>`
// load balancing policy.
message RingHashLbConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Cluster.RingHashLbConfig";
// The hash function used to hash hosts onto the ketama ring.
enum HashFunction {
// Use `xxHash <https://github.com/Cyan4973/xxHash>`_, this is the default hash function.
XX_HASH = 0;
// Use `MurmurHash2 <https://sites.google.com/site/murmurhash/>`_, this is compatible with
// std:hash<string> in GNU libstdc++ 3.4.20 or above. This is typically the case when compiled
// on Linux and not macOS.
MURMUR_HASH_2 = 1;
}
reserved 2;
// Minimum hash ring size. The larger the ring is (that is, the more hashes there are for each
// provided host) the better the request distribution will reflect the desired weights. Defaults
// to 1024 entries, and limited to 8M entries. See also
// :ref:`maximum_ring_size<envoy_api_field_config.cluster.v3.Cluster.RingHashLbConfig.maximum_ring_size>`.
google.protobuf.UInt64Value minimum_ring_size = 1 [(validate.rules).uint64 = {lte: 8388608}];
// The hash function used to hash hosts onto the ketama ring. The value defaults to
// :ref:`XX_HASH<envoy_api_enum_value_config.cluster.v3.Cluster.RingHashLbConfig.HashFunction.XX_HASH>`.
HashFunction hash_function = 3 [(validate.rules).enum = {defined_only: true}];
// Maximum hash ring size. Defaults to 8M entries, and limited to 8M entries, but can be lowered
// to further constrain resource use. See also
// :ref:`minimum_ring_size<envoy_api_field_config.cluster.v3.Cluster.RingHashLbConfig.minimum_ring_size>`.
google.protobuf.UInt64Value maximum_ring_size = 4 [(validate.rules).uint64 = {lte: 8388608}];
}
// Specific configuration for the
// :ref:`Original Destination <arch_overview_load_balancing_types_original_destination>`
// load balancing policy.
message OriginalDstLbConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Cluster.OriginalDstLbConfig";
// When true, :ref:`x-envoy-original-dst-host
// <config_http_conn_man_headers_x-envoy-original-dst-host>` can be used to override destination
// address.
//
// .. attention::
//
// This header isn't sanitized by default, so enabling this feature allows HTTP clients to
// route traffic to arbitrary hosts and/or ports, which may have serious security
// consequences.
bool use_http_header = 1;
}
// Common configuration for all load balancer implementations.
// [#next-free-field: 7]
message CommonLbConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Cluster.CommonLbConfig";
// Configuration for :ref:`zone aware routing
// <arch_overview_load_balancing_zone_aware_routing>`.
message ZoneAwareLbConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Cluster.CommonLbConfig.ZoneAwareLbConfig";
// Configures percentage of requests that will be considered for zone aware routing
// if zone aware routing is configured. If not specified, the default is 100%.
// * :ref:`runtime values <config_cluster_manager_cluster_runtime_zone_routing>`.
// * :ref:`Zone aware routing support <arch_overview_load_balancing_zone_aware_routing>`.
type.v3.Percent routing_enabled = 1;
// Configures minimum upstream cluster size required for zone aware routing
// If upstream cluster size is less than specified, zone aware routing is not performed
// even if zone aware routing is configured. If not specified, the default is 6.
// * :ref:`runtime values <config_cluster_manager_cluster_runtime_zone_routing>`.
// * :ref:`Zone aware routing support <arch_overview_load_balancing_zone_aware_routing>`.
google.protobuf.UInt64Value min_cluster_size = 2;
// If set to true, Envoy will not consider any hosts when the cluster is in :ref:`panic
// mode<arch_overview_load_balancing_panic_threshold>`. Instead, the cluster will fail all
// requests as if all hosts are unhealthy. This can help avoid potentially overwhelming a
// failing service.
bool fail_traffic_on_panic = 3;
}
// Configuration for :ref:`locality weighted load balancing
// <arch_overview_load_balancing_locality_weighted_lb>`
message LocalityWeightedLbConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Cluster.CommonLbConfig.LocalityWeightedLbConfig";
}
// Configures the :ref:`healthy panic threshold <arch_overview_load_balancing_panic_threshold>`.
// If not specified, the default is 50%.
// To disable panic mode, set to 0%.
//
// .. note::
// The specified percent will be truncated to the nearest 1%.
type.v3.Percent healthy_panic_threshold = 1;
oneof locality_config_specifier {
ZoneAwareLbConfig zone_aware_lb_config = 2;
LocalityWeightedLbConfig locality_weighted_lb_config = 3;
}
// If set, all health check/weight/metadata updates that happen within this duration will be
// merged and delivered in one shot when the duration expires. The start of the duration is when
// the first update happens. This is useful for big clusters, with potentially noisy deploys
// that might trigger excessive CPU usage due to a constant stream of healthcheck state changes
// or metadata updates. The first set of updates to be seen apply immediately (e.g.: a new
// cluster). Please always keep in mind that the use of sandbox technologies may change this
// behavior.
//
// If this is not set, we default to a merge window of 1000ms. To disable it, set the merge
// window to 0.
//
// Note: merging does not apply to cluster membership changes (e.g.: adds/removes); this is
// because merging those updates isn't currently safe. See
// https://github.com/envoyproxy/envoy/pull/3941.
google.protobuf.Duration update_merge_window = 4;
// If set to true, Envoy will not consider new hosts when computing load balancing weights until
// they have been health checked for the first time. This will have no effect unless
// active health checking is also configured.
//
// Ignoring a host means that for any load balancing calculations that adjust weights based
// on the ratio of eligible hosts and total hosts (priority spillover, locality weighting and
// panic mode) Envoy will exclude these hosts in the denominator.
//
// For example, with hosts in two priorities P0 and P1, where P0 looks like
// {healthy, unhealthy (new), unhealthy (new)}
// and where P1 looks like
// {healthy, healthy}
// all traffic will still hit P0, as 1 / (3 - 2) = 1.
//
// Enabling this will allow scaling up the number of hosts for a given cluster without entering
// panic mode or triggering priority spillover, assuming the hosts pass the first health check.
//
// If panic mode is triggered, new hosts are still eligible for traffic; they simply do not
// contribute to the calculation when deciding whether panic mode is enabled or not.
bool ignore_new_hosts_until_first_hc = 5;
// If set to `true`, the cluster manager will drain all existing
// connections to upstream hosts whenever hosts are added or removed from the cluster.
bool close_connections_on_host_set_change = 6;
}
message RefreshRate {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Cluster.RefreshRate";
// Specifies the base interval between refreshes. This parameter is required and must be greater
// than zero and less than
// :ref:`max_interval <envoy_api_field_config.cluster.v3.Cluster.RefreshRate.max_interval>`.
google.protobuf.Duration base_interval = 1 [(validate.rules).duration = {
required: true
gt {nanos: 1000000}
}];
// Specifies the maximum interval between refreshes. This parameter is optional, but must be
// greater than or equal to the
// :ref:`base_interval <envoy_api_field_config.cluster.v3.Cluster.RefreshRate.base_interval>` if set. The default
// is 10 times the :ref:`base_interval <envoy_api_field_config.cluster.v3.Cluster.RefreshRate.base_interval>`.
google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {nanos: 1000000}}];
}
reserved 12, 15, 7, 11, 35;
reserved "hosts", "tls_context", "extension_protocol_options";
// Configuration to use different transport sockets for different endpoints.
// The entry of *envoy.transport_socket* in the
// :ref:`LbEndpoint.Metadata <envoy_api_field_config.endpoint.v3.LbEndpoint.metadata>`
// is used to match against the transport sockets as they appear in the list. The first
// :ref:`match <envoy_api_msg_config.cluster.v3.Cluster.TransportSocketMatch>` is used.
// For example, with the following match
//
// .. code-block:: yaml
//
// transport_socket_matches:
// - name: "enableMTLS"
// match:
// acceptMTLS: true
// transport_socket:
// name: envoy.transport_sockets.tls
// config: { ... } # tls socket configuration
// - name: "defaultToPlaintext"
// match: {}
// transport_socket:
// name: envoy.transport_sockets.raw_buffer
//
// Connections to the endpoints whose metadata value under *envoy.transport_socket*
// having "acceptMTLS"/"true" key/value pair use the "enableMTLS" socket configuration.
//
// If a :ref:`socket match <envoy_api_msg_config.cluster.v3.Cluster.TransportSocketMatch>` with empty match
// criteria is provided, that always match any endpoint. For example, the "defaultToPlaintext"
// socket match in case above.
//
// If an endpoint metadata's value under *envoy.transport_socket* does not match any
// *TransportSocketMatch*, socket configuration fallbacks to use the *tls_context* or
// *transport_socket* specified in this cluster.
//
// This field allows gradual and flexible transport socket configuration changes.
//
// The metadata of endpoints in EDS can indicate transport socket capabilities. For example,
// an endpoint's metadata can have two key value pairs as "acceptMTLS": "true",
// "acceptPlaintext": "true". While some other endpoints, only accepting plaintext traffic
// has "acceptPlaintext": "true" metadata information.
//
// Then the xDS server can configure the CDS to a client, Envoy A, to send mutual TLS
// traffic for endpoints with "acceptMTLS": "true", by adding a corresponding
// *TransportSocketMatch* in this field. Other client Envoys receive CDS without
// *transport_socket_match* set, and still send plain text traffic to the same cluster.
//
// [#comment:TODO(incfly): add a detailed architecture doc on intended usage.]
repeated TransportSocketMatch transport_socket_matches = 43;
// Supplies the name of the cluster which must be unique across all clusters.
// The cluster name is used when emitting
// :ref:`statistics <config_cluster_manager_cluster_stats>` if :ref:`alt_stat_name
// <envoy_api_field_config.cluster.v3.Cluster.alt_stat_name>` is not provided.
// Any ``:`` in the cluster name will be converted to ``_`` when emitting statistics.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
// An optional alternative to the cluster name to be used while emitting stats.
// Any ``:`` in the name will be converted to ``_`` when emitting statistics. This should not be
// confused with :ref:`Router Filter Header
// <config_http_filters_router_x-envoy-upstream-alt-stat-name>`.
string alt_stat_name = 28;
oneof cluster_discovery_type {
// The :ref:`service discovery type <arch_overview_service_discovery_types>`
// to use for resolving the cluster.
DiscoveryType type = 2 [(validate.rules).enum = {defined_only: true}];
// The custom cluster type.
CustomClusterType cluster_type = 38;
}
// Configuration to use for EDS updates for the Cluster.
EdsClusterConfig eds_cluster_config = 3;
// The timeout for new network connections to hosts in the cluster.
google.protobuf.Duration connect_timeout = 4 [(validate.rules).duration = {gt {}}];
// Soft limit on size of the clusters connections read and write buffers. If
// unspecified, an implementation defined default is applied (1MiB).
google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5;
// The :ref:`load balancer type <arch_overview_load_balancing_types>` to use
// when picking a host in the cluster.
LbPolicy lb_policy = 6 [(validate.rules).enum = {defined_only: true}];
// Setting this is required for specifying members of
// :ref:`STATIC<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STATIC>`,
// :ref:`STRICT_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`
// or :ref:`LOGICAL_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>` clusters.
// This field supersedes the *hosts* field in the v2 API.
//
// .. attention::
//
// Setting this allows non-EDS cluster types to contain embedded EDS equivalent
// :ref:`endpoint assignments<envoy_api_msg_config.endpoint.v3.ClusterLoadAssignment>`.
//
endpoint.v3.ClusterLoadAssignment load_assignment = 33;
// Optional :ref:`active health checking <arch_overview_health_checking>`
// configuration for the cluster. If no
// configuration is specified no health checking will be done and all cluster
// members will be considered healthy at all times.
repeated core.v3.HealthCheck health_checks = 8;
// Optional maximum requests for a single upstream connection. This parameter
// is respected by both the HTTP/1.1 and HTTP/2 connection pool
// implementations. If not specified, there is no limit. Setting this
// parameter to 1 will effectively disable keep alive.
google.protobuf.UInt32Value max_requests_per_connection = 9;
// Optional :ref:`circuit breaking <arch_overview_circuit_break>` for the cluster.
CircuitBreakers circuit_breakers = 10;
// HTTP protocol options that are applied only to upstream HTTP connections.
// These options apply to all HTTP versions.
core.v3.UpstreamHttpProtocolOptions upstream_http_protocol_options = 46;
// Additional options when handling HTTP requests upstream. These options will be applicable to
// both HTTP1 and HTTP2 requests.
core.v3.HttpProtocolOptions common_http_protocol_options = 29;
// Additional options when handling HTTP1 requests.
core.v3.Http1ProtocolOptions http_protocol_options = 13;
// Even if default HTTP2 protocol options are desired, this field must be
// set so that Envoy will assume that the upstream supports HTTP/2 when
// making new HTTP connection pool connections. Currently, Envoy only
// supports prior knowledge for upstream connections. Even if TLS is used
// with ALPN, `http2_protocol_options` must be specified. As an aside this allows HTTP/2
// connections to happen over plain text.
core.v3.Http2ProtocolOptions http2_protocol_options = 14;
// The extension_protocol_options field is used to provide extension-specific protocol options
// for upstream connections. The key should match the extension filter name, such as
// "envoy.filters.network.thrift_proxy". See the extension's documentation for details on
// specific options.
map<string, google.protobuf.Any> typed_extension_protocol_options = 36;
// If the DNS refresh rate is specified and the cluster type is either
// :ref:`STRICT_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`,
// or :ref:`LOGICAL_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`,
// this value is used as the clusters DNS refresh
// rate. The value configured must be at least 1ms. If this setting is not specified, the
// value defaults to 5000ms. For cluster types other than
// :ref:`STRICT_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`
// and :ref:`LOGICAL_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`
// this setting is ignored.
google.protobuf.Duration dns_refresh_rate = 16
[(validate.rules).duration = {gt {nanos: 1000000}}];
// If the DNS failure refresh rate is specified and the cluster type is either
// :ref:`STRICT_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`,
// or :ref:`LOGICAL_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`,
// this is used as the clusters DNS refresh rate when requests are failing. If this setting is
// not specified, the failure refresh rate defaults to the DNS refresh rate. For cluster types
// other than :ref:`STRICT_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>` and
// :ref:`LOGICAL_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>` this setting is
// ignored.
RefreshRate dns_failure_refresh_rate = 44;
// Optional configuration for setting cluster's DNS refresh rate. If the value is set to true,
// cluster's DNS refresh rate will be set to resource record's TTL which comes from DNS
// resolution.
bool respect_dns_ttl = 39;
// The DNS IP address resolution policy. If this setting is not specified, the
// value defaults to
// :ref:`AUTO<envoy_api_enum_value_config.cluster.v3.Cluster.DnsLookupFamily.AUTO>`.
DnsLookupFamily dns_lookup_family = 17 [(validate.rules).enum = {defined_only: true}];
// If DNS resolvers are specified and the cluster type is either
// :ref:`STRICT_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`,
// or :ref:`LOGICAL_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`,
// this value is used to specify the clusters dns resolvers.
// If this setting is not specified, the value defaults to the default
// resolver, which uses /etc/resolv.conf for configuration. For cluster types
// other than
// :ref:`STRICT_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.STRICT_DNS>`
// and :ref:`LOGICAL_DNS<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.LOGICAL_DNS>`
// this setting is ignored.
repeated core.v3.Address dns_resolvers = 18;
// [#next-major-version: Reconcile DNS options in a single message.]
// Always use TCP queries instead of UDP queries for DNS lookups.
bool use_tcp_for_dns_lookups = 45;
// If specified, outlier detection will be enabled for this upstream cluster.
// Each of the configuration values can be overridden via
// :ref:`runtime values <config_cluster_manager_cluster_runtime_outlier_detection>`.
OutlierDetection outlier_detection = 19;
// The interval for removing stale hosts from a cluster type
// :ref:`ORIGINAL_DST<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.ORIGINAL_DST>`.
// Hosts are considered stale if they have not been used
// as upstream destinations during this interval. New hosts are added
// to original destination clusters on demand as new connections are
// redirected to Envoy, causing the number of hosts in the cluster to
// grow over time. Hosts that are not stale (they are actively used as
// destinations) are kept in the cluster, which allows connections to
// them remain open, saving the latency that would otherwise be spent
// on opening new connections. If this setting is not specified, the
// value defaults to 5000ms. For cluster types other than
// :ref:`ORIGINAL_DST<envoy_api_enum_value_config.cluster.v3.Cluster.DiscoveryType.ORIGINAL_DST>`
// this setting is ignored.
google.protobuf.Duration cleanup_interval = 20 [(validate.rules).duration = {gt {}}];
// Optional configuration used to bind newly established upstream connections.
// This overrides any bind_config specified in the bootstrap proto.
// If the address and port are empty, no bind will be performed.
core.v3.BindConfig upstream_bind_config = 21;
// Configuration for load balancing subsetting.
LbSubsetConfig lb_subset_config = 22;
// Optional configuration for the load balancing algorithm selected by
// LbPolicy. Currently only
// :ref:`RING_HASH<envoy_api_enum_value_config.cluster.v3.Cluster.LbPolicy.RING_HASH>` and
// :ref:`LEAST_REQUEST<envoy_api_enum_value_config.cluster.v3.Cluster.LbPolicy.LEAST_REQUEST>`
// has additional configuration options.
// Specifying ring_hash_lb_config or least_request_lb_config without setting the corresponding
// LbPolicy will generate an error at runtime.
oneof lb_config {
// Optional configuration for the Ring Hash load balancing policy.
RingHashLbConfig ring_hash_lb_config = 23;
// Optional configuration for the Original Destination load balancing policy.
OriginalDstLbConfig original_dst_lb_config = 34;
// Optional configuration for the LeastRequest load balancing policy.
LeastRequestLbConfig least_request_lb_config = 37;
}
// Common configuration for all load balancer implementations.
CommonLbConfig common_lb_config = 27;
// Optional custom transport socket implementation to use for upstream connections.
// To setup TLS, set a transport socket with name `tls` and
// :ref:`UpstreamTlsContexts <envoy_api_msg_extensions.transport_sockets.tls.v3.UpstreamTlsContext>` in the `typed_config`.
// If no transport socket configuration is specified, new connections
// will be set up with plaintext.
core.v3.TransportSocket transport_socket = 24;
// The Metadata field can be used to provide additional information about the
// cluster. It can be used for stats, logging, and varying filter behavior.
// Fields should use reverse DNS notation to denote which entity within Envoy
// will need the information. For instance, if the metadata is intended for
// the Router filter, the filter name should be specified as *envoy.filters.http.router*.
core.v3.Metadata metadata = 25;
// Determines how Envoy selects the protocol used to speak to upstream hosts.
ClusterProtocolSelection protocol_selection = 26;
// Optional options for upstream connections.
UpstreamConnectionOptions upstream_connection_options = 30;
// If an upstream host becomes unhealthy (as determined by the configured health checks
// or outlier detection), immediately close all connections to the failed host.
//
// .. note::
//
// This is currently only supported for connections created by tcp_proxy.
//
// .. note::
//
// The current implementation of this feature closes all connections immediately when
// the unhealthy status is detected. If there are a large number of connections open
// to an upstream host that becomes unhealthy, Envoy may spend a substantial amount of
// time exclusively closing these connections, and not processing any other traffic.
bool close_connections_on_host_health_failure = 31;
// If set to true, Envoy will ignore the health value of a host when processing its removal
// from service discovery. This means that if active health checking is used, Envoy will *not*
// wait for the endpoint to go unhealthy before removing it.
bool ignore_health_on_host_removal = 32;
// An (optional) network filter chain, listed in the order the filters should be applied.
// The chain will be applied to all outgoing connections that Envoy makes to the upstream
// servers of this cluster.
repeated Filter filters = 40;
// [#not-implemented-hide:] New mechanism for LB policy configuration. Used only if the
// :ref:`lb_policy<envoy_api_field_config.cluster.v3.Cluster.lb_policy>` field has the value
// :ref:`LOAD_BALANCING_POLICY_CONFIG<envoy_api_enum_value_config.cluster.v3.Cluster.LbPolicy.LOAD_BALANCING_POLICY_CONFIG>`.
LoadBalancingPolicy load_balancing_policy = 41;
// [#not-implemented-hide:]
// If present, tells the client where to send load reports via LRS. If not present, the
// client will fall back to a client-side default, which may be either (a) don't send any
// load reports or (b) send load reports for all clusters to a single default server
// (which may be configured in the bootstrap file).
//
// Note that if multiple clusters point to the same LRS server, the client may choose to
// create a separate stream for each cluster or it may choose to coalesce the data for
// multiple clusters onto a single stream. Either way, the client must make sure to send
// the data for any given cluster on no more than one stream.
//
// [#next-major-version: In the v3 API, we should consider restructuring this somehow,
// maybe by allowing LRS to go on the ADS stream, or maybe by moving some of the negotiation
// from the LRS stream here.]
core.v3.ConfigSource lrs_server = 42;
// If track_timeout_budgets is true, the :ref:`timeout budget histograms
// <config_cluster_manager_cluster_stats_timeout_budgets>` will be published for each
// request. These show what percentage of a request's per try and global timeout was used. A value
// of 0 would indicate that none of the timeout was used or that the timeout was infinite. A value
// of 100 would indicate that the request took the entirety of the timeout given to it.
bool track_timeout_budgets = 47;
}
// [#not-implemented-hide:] Extensible load balancing policy configuration.
//
// Every LB policy defined via this mechanism will be identified via a unique name using reverse
// DNS notation. If the policy needs configuration parameters, it must define a message for its
// own configuration, which will be stored in the config field. The name of the policy will tell
// clients which type of message they should expect to see in the config field.
//
// Note that there are cases where it is useful to be able to independently select LB policies
// for choosing a locality and for choosing an endpoint within that locality. For example, a
// given deployment may always use the same policy to choose the locality, but for choosing the
// endpoint within the locality, some clusters may use weighted-round-robin, while others may
// use some sort of session-based balancing.
//
// This can be accomplished via hierarchical LB policies, where the parent LB policy creates a
// child LB policy for each locality. For each request, the parent chooses the locality and then
// delegates to the child policy for that locality to choose the endpoint within the locality.
//
// To facilitate this, the config message for the top-level LB policy may include a field of
// type LoadBalancingPolicy that specifies the child policy.
message LoadBalancingPolicy {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.LoadBalancingPolicy";
message Policy {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.LoadBalancingPolicy.Policy";
reserved 2;
reserved "config";
// Required. The name of the LB policy.
string name = 1;
google.protobuf.Any typed_config = 3;
}
// Each client will iterate over the list in order and stop at the first policy that it
// supports. This provides a mechanism for starting to use new LB policies that are not yet
// supported by all clients.
repeated Policy policies = 1;
}
// An extensible structure containing the address Envoy should bind to when
// establishing upstream connections.
message UpstreamBindConfig {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.UpstreamBindConfig";
// The address Envoy should bind to when establishing upstream connections.
core.v3.Address source_address = 1;
}
message UpstreamConnectionOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.UpstreamConnectionOptions";
// If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.
core.v3.TcpKeepalive tcp_keepalive = 1;
}

28
xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/filter.proto vendored Normal file
View File

@ -0,0 +1,28 @@
syntax = "proto3";
package envoy.config.cluster.v3;
import "google/protobuf/any.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.cluster.v3";
option java_outer_classname = "FilterProto";
option java_multiple_files = true;
// [#protodoc-title: Upstream filters]
// Upstream filters apply to the connections to the upstream cluster hosts.
message Filter {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.cluster.Filter";
// The name of the filter to instantiate. The name must match a
// :ref:`supported filter <config_network_filters>`.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
// Filter specific configuration which depends on the filter being
// instantiated. See the supported filters for further documentation.
google.protobuf.Any typed_config = 2;
}

150
xds/third_party/envoy/src/main/proto/envoy/config/cluster/v3/outlier_detection.proto vendored Normal file
View File

@ -0,0 +1,150 @@
syntax = "proto3";
package envoy.config.cluster.v3;
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.cluster.v3";
option java_outer_classname = "OutlierDetectionProto";
option java_multiple_files = true;
// [#protodoc-title: Outlier detection]
// See the :ref:`architecture overview <arch_overview_outlier_detection>` for
// more information on outlier detection.
// [#next-free-field: 21]
message OutlierDetection {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.cluster.OutlierDetection";
// The number of consecutive 5xx responses or local origin errors that are mapped
// to 5xx error codes before a consecutive 5xx ejection
// occurs. Defaults to 5.
google.protobuf.UInt32Value consecutive_5xx = 1;
// The time interval between ejection analysis sweeps. This can result in
// both new ejections as well as hosts being returned to service. Defaults
// to 10000ms or 10s.
google.protobuf.Duration interval = 2 [(validate.rules).duration = {gt {}}];
// The base time that a host is ejected for. The real time is equal to the
// base time multiplied by the number of times the host has been ejected.
// Defaults to 30000ms or 30s.
google.protobuf.Duration base_ejection_time = 3 [(validate.rules).duration = {gt {}}];
// The maximum % of an upstream cluster that can be ejected due to outlier
// detection. Defaults to 10% but will eject at least one host regardless of the value.
google.protobuf.UInt32Value max_ejection_percent = 4 [(validate.rules).uint32 = {lte: 100}];
// The % chance that a host will be actually ejected when an outlier status
// is detected through consecutive 5xx. This setting can be used to disable
// ejection or to ramp it up slowly. Defaults to 100.
google.protobuf.UInt32Value enforcing_consecutive_5xx = 5 [(validate.rules).uint32 = {lte: 100}];
// The % chance that a host will be actually ejected when an outlier status
// is detected through success rate statistics. This setting can be used to
// disable ejection or to ramp it up slowly. Defaults to 100.
google.protobuf.UInt32Value enforcing_success_rate = 6 [(validate.rules).uint32 = {lte: 100}];
// The number of hosts in a cluster that must have enough request volume to
// detect success rate outliers. If the number of hosts is less than this
// setting, outlier detection via success rate statistics is not performed
// for any host in the cluster. Defaults to 5.
google.protobuf.UInt32Value success_rate_minimum_hosts = 7;
// The minimum number of total requests that must be collected in one
// interval (as defined by the interval duration above) to include this host
// in success rate based outlier detection. If the volume is lower than this
// setting, outlier detection via success rate statistics is not performed
// for that host. Defaults to 100.
google.protobuf.UInt32Value success_rate_request_volume = 8;
// This factor is used to determine the ejection threshold for success rate
// outlier ejection. The ejection threshold is the difference between the
// mean success rate, and the product of this factor and the standard
// deviation of the mean success rate: mean - (stdev *
// success_rate_stdev_factor). This factor is divided by a thousand to get a
// double. That is, if the desired factor is 1.9, the runtime value should
// be 1900. Defaults to 1900.
google.protobuf.UInt32Value success_rate_stdev_factor = 9;
// The number of consecutive gateway failures (502, 503, 504 status codes)
// before a consecutive gateway failure ejection occurs. Defaults to 5.
google.protobuf.UInt32Value consecutive_gateway_failure = 10;
// The % chance that a host will be actually ejected when an outlier status
// is detected through consecutive gateway failures. This setting can be
// used to disable ejection or to ramp it up slowly. Defaults to 0.
google.protobuf.UInt32Value enforcing_consecutive_gateway_failure = 11
[(validate.rules).uint32 = {lte: 100}];
// Determines whether to distinguish local origin failures from external errors. If set to true
// the following configuration parameters are taken into account:
// :ref:`consecutive_local_origin_failure<envoy_api_field_config.cluster.v3.OutlierDetection.consecutive_local_origin_failure>`,
// :ref:`enforcing_consecutive_local_origin_failure<envoy_api_field_config.cluster.v3.OutlierDetection.enforcing_consecutive_local_origin_failure>`
// and
// :ref:`enforcing_local_origin_success_rate<envoy_api_field_config.cluster.v3.OutlierDetection.enforcing_local_origin_success_rate>`.
// Defaults to false.
bool split_external_local_origin_errors = 12;
// The number of consecutive locally originated failures before ejection
// occurs. Defaults to 5. Parameter takes effect only when
// :ref:`split_external_local_origin_errors<envoy_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is set to true.
google.protobuf.UInt32Value consecutive_local_origin_failure = 13;
// The % chance that a host will be actually ejected when an outlier status
// is detected through consecutive locally originated failures. This setting can be
// used to disable ejection or to ramp it up slowly. Defaults to 100.
// Parameter takes effect only when
// :ref:`split_external_local_origin_errors<envoy_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is set to true.
google.protobuf.UInt32Value enforcing_consecutive_local_origin_failure = 14
[(validate.rules).uint32 = {lte: 100}];
// The % chance that a host will be actually ejected when an outlier status
// is detected through success rate statistics for locally originated errors.
// This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
// Parameter takes effect only when
// :ref:`split_external_local_origin_errors<envoy_api_field_config.cluster.v3.OutlierDetection.split_external_local_origin_errors>`
// is set to true.
google.protobuf.UInt32Value enforcing_local_origin_success_rate = 15
[(validate.rules).uint32 = {lte: 100}];
// The failure percentage to use when determining failure percentage-based outlier detection. If
// the failure percentage of a given host is greater than or equal to this value, it will be
// ejected. Defaults to 85.
google.protobuf.UInt32Value failure_percentage_threshold = 16
[(validate.rules).uint32 = {lte: 100}];
// The % chance that a host will be actually ejected when an outlier status is detected through
// failure percentage statistics. This setting can be used to disable ejection or to ramp it up
// slowly. Defaults to 0.
//
// [#next-major-version: setting this without setting failure_percentage_threshold should be
// invalid in v4.]
google.protobuf.UInt32Value enforcing_failure_percentage = 17
[(validate.rules).uint32 = {lte: 100}];
// The % chance that a host will be actually ejected when an outlier status is detected through
// local-origin failure percentage statistics. This setting can be used to disable ejection or to
// ramp it up slowly. Defaults to 0.
google.protobuf.UInt32Value enforcing_failure_percentage_local_origin = 18
[(validate.rules).uint32 = {lte: 100}];
// The minimum number of hosts in a cluster in order to perform failure percentage-based ejection.
// If the total number of hosts in the cluster is less than this value, failure percentage-based
// ejection will not be performed. Defaults to 5.
google.protobuf.UInt32Value failure_percentage_minimum_hosts = 19;
// The minimum number of total requests that must be collected in one interval (as defined by the
// interval duration above) to perform failure percentage-based ejection for this host. If the
// volume is lower than this setting, failure percentage-based ejection will not be performed for
// this host. Defaults to 50.
google.protobuf.UInt32Value failure_percentage_request_volume = 20;
}

144
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/address.proto vendored Normal file
View File

@ -0,0 +1,144 @@
syntax = "proto3";
package envoy.config.core.v3;
import "envoy/config/core/v3/socket_option.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.core.v3";
option java_outer_classname = "AddressProto";
option java_multiple_files = true;
// [#protodoc-title: Network addresses]
message Pipe {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Pipe";
// Unix Domain Socket path. On Linux, paths starting with '@' will use the
// abstract namespace. The starting '@' is replaced by a null byte by Envoy.
// Paths starting with '@' will result in an error in environments other than
// Linux.
string path = 1 [(validate.rules).string = {min_bytes: 1}];
// The mode for the Pipe. Not applicable for abstract sockets.
uint32 mode = 2 [(validate.rules).uint32 = {lte: 511}];
}
// [#next-free-field: 7]
message SocketAddress {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SocketAddress";
enum Protocol {
TCP = 0;
UDP = 1;
}
Protocol protocol = 1 [(validate.rules).enum = {defined_only: true}];
// The address for this socket. :ref:`Listeners <config_listeners>` will bind
// to the address. An empty address is not allowed. Specify ``0.0.0.0`` or ``::``
// to bind to any address. [#comment:TODO(zuercher) reinstate when implemented:
// It is possible to distinguish a Listener address via the prefix/suffix matching
// in :ref:`FilterChainMatch <envoy_api_msg_config.listener.v3.FilterChainMatch>`.] When used
// within an upstream :ref:`BindConfig <envoy_api_msg_config.core.v3.BindConfig>`, the address
// controls the source address of outbound connections. For :ref:`clusters
// <envoy_api_msg_config.cluster.v3.Cluster>`, the cluster type determines whether the
// address must be an IP (*STATIC* or *EDS* clusters) or a hostname resolved by DNS
// (*STRICT_DNS* or *LOGICAL_DNS* clusters). Address resolution can be customized
// via :ref:`resolver_name <envoy_api_field_config.core.v3.SocketAddress.resolver_name>`.
string address = 2 [(validate.rules).string = {min_bytes: 1}];
oneof port_specifier {
option (validate.required) = true;
uint32 port_value = 3 [(validate.rules).uint32 = {lte: 65535}];
// This is only valid if :ref:`resolver_name
// <envoy_api_field_config.core.v3.SocketAddress.resolver_name>` is specified below and the
// named resolver is capable of named port resolution.
string named_port = 4;
}
// The name of the custom resolver. This must have been registered with Envoy. If
// this is empty, a context dependent default applies. If the address is a concrete
// IP address, no resolution will occur. If address is a hostname this
// should be set for resolution other than DNS. Specifying a custom resolver with
// *STRICT_DNS* or *LOGICAL_DNS* will generate an error at runtime.
string resolver_name = 5;
// When binding to an IPv6 address above, this enables `IPv4 compatibility
// <https://tools.ietf.org/html/rfc3493#page-11>`_. Binding to ``::`` will
// allow both IPv4 and IPv6 connections, with peer IPv4 addresses mapped into
// IPv6 space as ``::FFFF:<IPv4-address>``.
bool ipv4_compat = 6;
}
message TcpKeepalive {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.TcpKeepalive";
// Maximum number of keepalive probes to send without response before deciding
// the connection is dead. Default is to use the OS level configuration (unless
// overridden, Linux defaults to 9.)
google.protobuf.UInt32Value keepalive_probes = 1;
// The number of seconds a connection needs to be idle before keep-alive probes
// start being sent. Default is to use the OS level configuration (unless
// overridden, Linux defaults to 7200s (i.e., 2 hours.)
google.protobuf.UInt32Value keepalive_time = 2;
// The number of seconds between keep-alive probes. Default is to use the OS
// level configuration (unless overridden, Linux defaults to 75s.)
google.protobuf.UInt32Value keepalive_interval = 3;
}
message BindConfig {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.BindConfig";
// The address to bind to when creating a socket.
SocketAddress source_address = 1 [(validate.rules).message = {required: true}];
// Whether to set the *IP_FREEBIND* option when creating the socket. When this
// flag is set to true, allows the :ref:`source_address
// <envoy_api_field_config.cluster.v3.UpstreamBindConfig.source_address>` to be an IP address
// that is not configured on the system running Envoy. When this flag is set
// to false, the option *IP_FREEBIND* is disabled on the socket. When this
// flag is not set (default), the socket is not modified, i.e. the option is
// neither enabled nor disabled.
google.protobuf.BoolValue freebind = 2;
// Additional socket options that may not be present in Envoy source code or
// precompiled binaries.
repeated SocketOption socket_options = 3;
}
// Addresses specify either a logical or physical address and port, which are
// used to tell Envoy where to bind/listen, connect to upstream and find
// management servers.
message Address {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Address";
oneof address {
option (validate.required) = true;
SocketAddress socket_address = 1;
Pipe pipe = 2;
}
}
// CidrRange specifies an IP Address and a prefix length to construct
// the subnet mask for a `CIDR <https://tools.ietf.org/html/rfc4632>`_ range.
message CidrRange {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.CidrRange";
// IPv4 or IPv6 address, e.g. ``192.0.0.0`` or ``2001:db8::``.
string address_prefix = 1 [(validate.rules).string = {min_bytes: 1}];
// Length of prefix, e.g. 0, 32.
google.protobuf.UInt32Value prefix_len = 2 [(validate.rules).uint32 = {lte: 128}];
}

35
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/backoff.proto vendored Normal file
View File

@ -0,0 +1,35 @@
syntax = "proto3";
package envoy.config.core.v3;
import "google/protobuf/duration.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.core.v3";
option java_outer_classname = "BackoffProto";
option java_multiple_files = true;
// [#protodoc-title: Backoff Strategy]
// Configuration defining a jittered exponential back off strategy.
message BackoffStrategy {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.BackoffStrategy";
// The base interval to be used for the next back off computation. It should
// be greater than zero and less than or equal to :ref:`max_interval
// <envoy_api_field_config.core.v3.BackoffStrategy.max_interval>`.
google.protobuf.Duration base_interval = 1 [(validate.rules).duration = {
required: true
gte {nanos: 1000000}
}];
// Specifies the maximum interval between retries. This parameter is optional,
// but must be greater than or equal to the :ref:`base_interval
// <envoy_api_field_config.core.v3.BackoffStrategy.base_interval>` if set. The default
// is 10 times the :ref:`base_interval
// <envoy_api_field_config.core.v3.BackoffStrategy.base_interval>`.
google.protobuf.Duration max_interval = 2 [(validate.rules).duration = {gt {}}];
}

406
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/base.proto vendored Normal file
View File

@ -0,0 +1,406 @@
syntax = "proto3";
package envoy.config.core.v3;
import "envoy/config/core/v3/address.proto";
import "envoy/config/core/v3/backoff.proto";
import "envoy/config/core/v3/http_uri.proto";
import "envoy/type/v3/percent.proto";
import "envoy/type/v3/semantic_version.proto";
import "google/protobuf/any.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.core.v3";
option java_outer_classname = "BaseProto";
option java_multiple_files = true;
// [#protodoc-title: Common types]
// Envoy supports :ref:`upstream priority routing
// <arch_overview_http_routing_priority>` both at the route and the virtual
// cluster level. The current priority implementation uses different connection
// pool and circuit breaking settings for each priority level. This means that
// even for HTTP/2 requests, two physical connections will be used to an
// upstream host. In the future Envoy will likely support true HTTP/2 priority
// over a single upstream connection.
enum RoutingPriority {
DEFAULT = 0;
HIGH = 1;
}
// HTTP request method.
enum RequestMethod {
METHOD_UNSPECIFIED = 0;
GET = 1;
HEAD = 2;
POST = 3;
PUT = 4;
DELETE = 5;
CONNECT = 6;
OPTIONS = 7;
TRACE = 8;
PATCH = 9;
}
// Identifies the direction of the traffic relative to the local Envoy.
enum TrafficDirection {
// Default option is unspecified.
UNSPECIFIED = 0;
// The transport is used for incoming traffic.
INBOUND = 1;
// The transport is used for outgoing traffic.
OUTBOUND = 2;
}
// Identifies location of where either Envoy runs or where upstream hosts run.
message Locality {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Locality";
// Region this :ref:`zone <envoy_api_field_config.core.v3.Locality.zone>` belongs to.
string region = 1;
// Defines the local service zone where Envoy is running. Though optional, it
// should be set if discovery service routing is used and the discovery
// service exposes :ref:`zone data <envoy_api_field_config.endpoint.v3.LocalityLbEndpoints.locality>`,
// either in this message or via :option:`--service-zone`. The meaning of zone
// is context dependent, e.g. `Availability Zone (AZ)
// <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html>`_
// on AWS, `Zone <https://cloud.google.com/compute/docs/regions-zones/>`_ on
// GCP, etc.
string zone = 2;
// When used for locality of upstream hosts, this field further splits zone
// into smaller chunks of sub-zones so they can be load balanced
// independently.
string sub_zone = 3;
}
// BuildVersion combines SemVer version of extension with free-form build information
// (i.e. 'alpha', 'private-build') as a set of strings.
message BuildVersion {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.BuildVersion";
// SemVer version of extension.
type.v3.SemanticVersion version = 1;
// Free-form build information.
// Envoy defines several well known keys in the source/common/common/version.h file
google.protobuf.Struct metadata = 2;
}
// Version and identification for an Envoy extension.
// [#next-free-field: 6]
message Extension {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Extension";
// This is the name of the Envoy filter as specified in the Envoy
// configuration, e.g. envoy.filters.http.router, com.acme.widget.
string name = 1;
// Category of the extension.
// Extension category names use reverse DNS notation. For instance "envoy.filters.listener"
// for Envoy's built-in listener filters or "com.acme.filters.http" for HTTP filters from
// acme.com vendor.
// [#comment:TODO(yanavlasov): Link to the doc with existing envoy category names.]
string category = 2;
// [#not-implemented-hide:] Type descriptor of extension configuration proto.
// [#comment:TODO(yanavlasov): Link to the doc with existing configuration protos.]
// [#comment:TODO(yanavlasov): Add tests when PR #9391 lands.]
string type_descriptor = 3;
// The version is a property of the extension and maintained independently
// of other extensions and the Envoy API.
// This field is not set when extension did not provide version information.
BuildVersion version = 4;
// Indicates that the extension is present but was disabled via dynamic configuration.
bool disabled = 5;
}
// Identifies a specific Envoy instance. The node identifier is presented to the
// management server, which may use this identifier to distinguish per Envoy
// configuration for serving.
// [#next-free-field: 12]
message Node {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Node";
reserved 5;
reserved "build_version";
// An opaque node identifier for the Envoy node. This also provides the local
// service node name. It should be set if any of the following features are
// used: :ref:`statsd <arch_overview_statistics>`, :ref:`CDS
// <config_cluster_manager_cds>`, and :ref:`HTTP tracing
// <arch_overview_tracing>`, either in this message or via
// :option:`--service-node`.
string id = 1;
// Defines the local service cluster name where Envoy is running. Though
// optional, it should be set if any of the following features are used:
// :ref:`statsd <arch_overview_statistics>`, :ref:`health check cluster
// verification
// <envoy_api_field_config.core.v3.HealthCheck.HttpHealthCheck.service_name_matcher>`,
// :ref:`runtime override directory <envoy_api_msg_config.bootstrap.v3.Runtime>`,
// :ref:`user agent addition
// <envoy_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.add_user_agent>`,
// :ref:`HTTP global rate limiting <config_http_filters_rate_limit>`,
// :ref:`CDS <config_cluster_manager_cds>`, and :ref:`HTTP tracing
// <arch_overview_tracing>`, either in this message or via
// :option:`--service-cluster`.
string cluster = 2;
// Opaque metadata extending the node identifier. Envoy will pass this
// directly to the management server.
google.protobuf.Struct metadata = 3;
// Locality specifying where the Envoy instance is running.
Locality locality = 4;
// Free-form string that identifies the entity requesting config.
// E.g. "envoy" or "grpc"
string user_agent_name = 6;
oneof user_agent_version_type {
// Free-form string that identifies the version of the entity requesting config.
// E.g. "1.12.2" or "abcd1234", or "SpecialEnvoyBuild"
string user_agent_version = 7;
// Structured version of the entity requesting config.
BuildVersion user_agent_build_version = 8;
}
// List of extensions and their versions supported by the node.
repeated Extension extensions = 9;
// Client feature support list. These are well known features described
// in the Envoy API repository for a given major version of an API. Client features
// use reverse DNS naming scheme, for example `com.acme.feature`.
// See :ref:`the list of features <client_features>` that xDS client may
// support.
repeated string client_features = 10;
// Known listening ports on the node as a generic hint to the management server
// for filtering :ref:`listeners <config_listeners>` to be returned. For example,
// if there is a listener bound to port 80, the list can optionally contain the
// SocketAddress `(0.0.0.0,80)`. The field is optional and just a hint.
repeated Address listening_addresses = 11;
}
// Metadata provides additional inputs to filters based on matched listeners,
// filter chains, routes and endpoints. It is structured as a map, usually from
// filter name (in reverse DNS format) to metadata specific to the filter. Metadata
// key-values for a filter are merged as connection and request handling occurs,
// with later values for the same key overriding earlier values.
//
// An example use of metadata is providing additional values to
// http_connection_manager in the envoy.http_connection_manager.access_log
// namespace.
//
// Another example use of metadata is to per service config info in cluster metadata, which may get
// consumed by multiple filters.
//
// For load balancing, Metadata provides a means to subset cluster endpoints.
// Endpoints have a Metadata object associated and routes contain a Metadata
// object to match against. There are some well defined metadata used today for
// this purpose:
//
// * ``{"envoy.lb": {"canary": <bool> }}`` This indicates the canary status of an
// endpoint and is also used during header processing
// (x-envoy-upstream-canary) and for stats purposes.
// [#next-major-version: move to type/metadata/v2]
message Metadata {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.Metadata";
// Key is the reverse DNS filter name, e.g. com.acme.widget. The envoy.*
// namespace is reserved for Envoy's built-in filters.
map<string, google.protobuf.Struct> filter_metadata = 1;
}
// Runtime derived uint32 with a default when not specified.
message RuntimeUInt32 {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RuntimeUInt32";
// Default value if runtime value is not available.
uint32 default_value = 2;
// Runtime key to get value for comparison. This value is used if defined.
string runtime_key = 3 [(validate.rules).string = {min_bytes: 1}];
}
// Runtime derived bool with a default when not specified.
message RuntimeFeatureFlag {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.RuntimeFeatureFlag";
// Default value if runtime value is not available.
google.protobuf.BoolValue default_value = 1 [(validate.rules).message = {required: true}];
// Runtime key to get value for comparison. This value is used if defined. The boolean value must
// be represented via its
// `canonical JSON encoding <https://developers.google.com/protocol-buffers/docs/proto3#json>`_.
string runtime_key = 2 [(validate.rules).string = {min_bytes: 1}];
}
// Header name/value pair.
message HeaderValue {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.HeaderValue";
// Header name.
string key = 1
[(validate.rules).string =
{min_bytes: 1 max_bytes: 16384 well_known_regex: HTTP_HEADER_NAME strict: false}];
// Header value.
//
// The same :ref:`format specifier <config_access_log_format>` as used for
// :ref:`HTTP access logging <config_access_log>` applies here, however
// unknown header values are replaced with the empty string instead of `-`.
string value = 2 [
(validate.rules).string = {max_bytes: 16384 well_known_regex: HTTP_HEADER_VALUE strict: false}
];
}
// Header name/value pair plus option to control append behavior.
message HeaderValueOption {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.HeaderValueOption";
// Header name/value pair that this option applies to.
HeaderValue header = 1 [(validate.rules).message = {required: true}];
// Should the value be appended? If true (default), the value is appended to
// existing values.
google.protobuf.BoolValue append = 2;
}
// Wrapper for a set of headers.
message HeaderMap {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.HeaderMap";
repeated HeaderValue headers = 1;
}
// Data source consisting of either a file or an inline value.
message DataSource {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.DataSource";
oneof specifier {
option (validate.required) = true;
// Local filesystem data source.
string filename = 1 [(validate.rules).string = {min_bytes: 1}];
// Bytes inlined in the configuration.
bytes inline_bytes = 2 [(validate.rules).bytes = {min_len: 1}];
// String inlined in the configuration.
string inline_string = 3 [(validate.rules).string = {min_bytes: 1}];
}
}
// The message specifies the retry policy of remote data source when fetching fails.
message RetryPolicy {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RetryPolicy";
// Specifies parameters that control :ref:`retry backoff strategy <envoy_api_msg_config.core.v3.BackoffStrategy>`.
// This parameter is optional, in which case the default base interval is 1000 milliseconds. The
// default maximum interval is 10 times the base interval.
BackoffStrategy retry_back_off = 1;
// Specifies the allowed number of retries. This parameter is optional and
// defaults to 1.
google.protobuf.UInt32Value num_retries = 2;
}
// The message specifies how to fetch data from remote and how to verify it.
message RemoteDataSource {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.RemoteDataSource";
// The HTTP URI to fetch the remote data.
HttpUri http_uri = 1 [(validate.rules).message = {required: true}];
// SHA256 string for verifying data.
string sha256 = 2 [(validate.rules).string = {min_bytes: 1}];
// Retry policy for fetching remote data.
RetryPolicy retry_policy = 3;
}
// Async data source which support async data fetch.
message AsyncDataSource {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.AsyncDataSource";
oneof specifier {
option (validate.required) = true;
// Local async data source.
DataSource local = 1;
// Remote async data source.
RemoteDataSource remote = 2;
}
}
// Configuration for transport socket in :ref:`listeners <config_listeners>` and
// :ref:`clusters <envoy_api_msg_config.cluster.v3.Cluster>`. If the configuration is
// empty, a default transport socket implementation and configuration will be
// chosen based on the platform and existence of tls_context.
message TransportSocket {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.TransportSocket";
reserved 2;
reserved "config";
// The name of the transport socket to instantiate. The name must match a supported transport
// socket implementation.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
// Implementation specific configuration which depends on the implementation being instantiated.
// See the supported transport socket implementations for further documentation.
oneof config_type {
google.protobuf.Any typed_config = 3;
}
}
// Runtime derived FractionalPercent with defaults for when the numerator or denominator is not
// specified via a runtime key.
//
// .. note::
//
// Parsing of the runtime key's data is implemented such that it may be represented as a
// :ref:`FractionalPercent <envoy_api_msg_type.v3.FractionalPercent>` proto represented as JSON/YAML
// and may also be represented as an integer with the assumption that the value is an integral
// percentage out of 100. For instance, a runtime key lookup returning the value "42" would parse
// as a `FractionalPercent` whose numerator is 42 and denominator is HUNDRED.
message RuntimeFractionalPercent {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.RuntimeFractionalPercent";
// Default value if the runtime value's for the numerator/denominator keys are not available.
type.v3.FractionalPercent default_value = 1 [(validate.rules).message = {required: true}];
// Runtime key for a YAML representation of a FractionalPercent.
string runtime_key = 2;
}
// Identifies a specific ControlPlane instance that Envoy is connected to.
message ControlPlane {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ControlPlane";
// An opaque control plane identifier that uniquely identifies an instance
// of control plane. This can be used to identify which control plane instance,
// the Envoy is connected to.
string identifier = 1;
}

192
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/config_source.proto vendored Normal file
View File

@ -0,0 +1,192 @@
syntax = "proto3";
package envoy.config.core.v3;
import "envoy/config/core/v3/grpc_service.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/versioning.proto";
import "envoy/annotations/deprecation.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.core.v3";
option java_outer_classname = "ConfigSourceProto";
option java_multiple_files = true;
// [#protodoc-title: Configuration sources]
// xDS API version. This is used to describe both resource and transport
// protocol versions (in distinct configuration fields).
enum ApiVersion {
// When not specified, we assume v2, to ease migration to Envoy's stable API
// versioning. If a client does not support v2 (e.g. due to deprecation), this
// is an invalid value.
AUTO = 0;
// Use xDS v2 API.
V2 = 1;
// Use xDS v3 API.
V3 = 2;
}
// API configuration source. This identifies the API type and cluster that Envoy
// will use to fetch an xDS API.
// [#next-free-field: 9]
message ApiConfigSource {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ApiConfigSource";
// APIs may be fetched via either REST or gRPC.
enum ApiType {
// Ideally this would be 'reserved 0' but one can't reserve the default
// value. Instead we throw an exception if this is ever used.
DEPRECATED_AND_UNAVAILABLE_DO_NOT_USE = 0
[deprecated = true, (envoy.annotations.disallowed_by_default_enum) = true];
// REST-JSON v2 API. The `canonical JSON encoding
// <https://developers.google.com/protocol-buffers/docs/proto3#json>`_ for
// the v2 protos is used.
REST = 1;
// gRPC v2 API.
GRPC = 2;
// Using the delta xDS gRPC service, i.e. DeltaDiscovery{Request,Response}
// rather than Discovery{Request,Response}. Rather than sending Envoy the entire state
// with every update, the xDS server only sends what has changed since the last update.
//
// DELTA_GRPC is not yet entirely implemented! Initially, only CDS is available.
// Do not use for other xDSes.
// [#comment:TODO(fredlas) update/remove this warning when appropriate.]
DELTA_GRPC = 3;
}
// API type (gRPC, REST, delta gRPC)
ApiType api_type = 1 [(validate.rules).enum = {defined_only: true}];
// API version for xDS transport protocol. This describes the xDS gRPC/REST
// endpoint and version of [Delta]DiscoveryRequest/Response used on the wire.
ApiVersion transport_api_version = 8 [(validate.rules).enum = {defined_only: true}];
// Cluster names should be used only with REST. If > 1
// cluster is defined, clusters will be cycled through if any kind of failure
// occurs.
//
// .. note::
//
// The cluster with name ``cluster_name`` must be statically defined and its
// type must not be ``EDS``.
repeated string cluster_names = 2;
// Multiple gRPC services be provided for GRPC. If > 1 cluster is defined,
// services will be cycled through if any kind of failure occurs.
repeated GrpcService grpc_services = 4;
// For REST APIs, the delay between successive polls.
google.protobuf.Duration refresh_delay = 3;
// For REST APIs, the request timeout. If not set, a default value of 1s will be used.
google.protobuf.Duration request_timeout = 5 [(validate.rules).duration = {gt {}}];
// For GRPC APIs, the rate limit settings. If present, discovery requests made by Envoy will be
// rate limited.
RateLimitSettings rate_limit_settings = 6;
// Skip the node identifier in subsequent discovery requests for streaming gRPC config types.
bool set_node_on_first_message_only = 7;
}
// Aggregated Discovery Service (ADS) options. This is currently empty, but when
// set in :ref:`ConfigSource <envoy_api_msg_config.core.v3.ConfigSource>` can be used to
// specify that ADS is to be used.
message AggregatedConfigSource {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.AggregatedConfigSource";
}
// [#not-implemented-hide:]
// Self-referencing config source options. This is currently empty, but when
// set in :ref:`ConfigSource <envoy_api_msg_config.core.v3.ConfigSource>` can be used to
// specify that other data can be obtained from the same server.
message SelfConfigSource {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SelfConfigSource";
}
// Rate Limit settings to be applied for discovery requests made by Envoy.
message RateLimitSettings {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.RateLimitSettings";
// Maximum number of tokens to be used for rate limiting discovery request calls. If not set, a
// default value of 100 will be used.
google.protobuf.UInt32Value max_tokens = 1;
// Rate at which tokens will be filled per second. If not set, a default fill rate of 10 tokens
// per second will be used.
google.protobuf.DoubleValue fill_rate = 2 [(validate.rules).double = {gt: 0.0}];
}
// Configuration for :ref:`listeners <config_listeners>`, :ref:`clusters
// <config_cluster_manager>`, :ref:`routes
// <envoy_api_msg_config.route.v3.RouteConfiguration>`, :ref:`endpoints
// <arch_overview_service_discovery>` etc. may either be sourced from the
// filesystem or from an xDS API source. Filesystem configs are watched with
// inotify for updates.
// [#next-free-field: 7]
message ConfigSource {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.ConfigSource";
oneof config_source_specifier {
option (validate.required) = true;
// Path on the filesystem to source and watch for configuration updates.
//
// .. note::
//
// The path to the source must exist at config load time.
//
// .. note::
//
// Envoy will only watch the file path for *moves.* This is because in general only moves
// are atomic. The same method of swapping files as is demonstrated in the
// :ref:`runtime documentation <config_runtime_symbolic_link_swap>` can be used here also.
string path = 1;
// API configuration source.
ApiConfigSource api_config_source = 2;
// When set, ADS will be used to fetch resources. The ADS API configuration
// source in the bootstrap configuration is used.
AggregatedConfigSource ads = 3;
// [#not-implemented-hide:]
// When set, the client will access the resources from the same server it got the
// ConfigSource from, although not necessarily from the same stream. This is similar to the
// :ref:`ads<envoy_api_field.ConfigSource.ads>` field, except that the client may use a
// different stream to the same server. As a result, this field can be used for things
// like LRS that cannot be sent on an ADS stream. It can also be used to link from (e.g.)
// LDS to RDS on the same server without requiring the management server to know its name
// or required credentials.
// [#next-major-version: In xDS v3, consider replacing the ads field with this one, since
// this field can implicitly mean to use the same stream in the case where the ConfigSource
// is provided via ADS and the specified data can also be obtained via ADS.]
SelfConfigSource self = 5;
}
// When this timeout is specified, Envoy will wait no longer than the specified time for first
// config response on this xDS subscription during the :ref:`initialization process
// <arch_overview_initialization>`. After reaching the timeout, Envoy will move to the next
// initialization phase, even if the first config is not delivered yet. The timer is activated
// when the xDS API subscription starts, and is disarmed on first config update or on error. 0
// means no timeout - Envoy will wait indefinitely for the first xDS config (unless another
// timeout applies). The default is 15s.
google.protobuf.Duration initial_fetch_timeout = 4;
// API version for xDS resources. This implies the type URLs that the client
// will request for resources and the resource type that the client will in
// turn expect to be delivered.
ApiVersion resource_api_version = 6 [(validate.rules).enum = {defined_only: true}];
}

260
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/grpc_service.proto vendored Normal file
View File

@ -0,0 +1,260 @@
syntax = "proto3";
package envoy.config.core.v3;
import "envoy/config/core/v3/base.proto";
import "google/protobuf/any.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/struct.proto";
import "udpa/annotations/sensitive.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.core.v3";
option java_outer_classname = "GrpcServiceProto";
option java_multiple_files = true;
// [#protodoc-title: gRPC services]
// gRPC service configuration. This is used by :ref:`ApiConfigSource
// <envoy_api_msg_config.core.v3.ApiConfigSource>` and filter configurations.
// [#next-free-field: 6]
message GrpcService {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.GrpcService";
message EnvoyGrpc {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.GrpcService.EnvoyGrpc";
// The name of the upstream gRPC cluster. SSL credentials will be supplied
// in the :ref:`Cluster <envoy_api_msg_config.cluster.v3.Cluster>` :ref:`transport_socket
// <envoy_api_field_config.cluster.v3.Cluster.transport_socket>`.
string cluster_name = 1 [(validate.rules).string = {min_bytes: 1}];
}
// [#next-free-field: 7]
message GoogleGrpc {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.GrpcService.GoogleGrpc";
// See https://grpc.io/grpc/cpp/structgrpc_1_1_ssl_credentials_options.html.
message SslCredentials {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.GrpcService.GoogleGrpc.SslCredentials";
// PEM encoded server root certificates.
DataSource root_certs = 1;
// PEM encoded client private key.
DataSource private_key = 2 [(udpa.annotations.sensitive) = true];
// PEM encoded client certificate chain.
DataSource cert_chain = 3;
}
// Local channel credentials. Only UDS is supported for now.
// See https://github.com/grpc/grpc/pull/15909.
message GoogleLocalCredentials {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.GrpcService.GoogleGrpc.GoogleLocalCredentials";
}
// See https://grpc.io/docs/guides/auth.html#credential-types to understand Channel and Call
// credential types.
message ChannelCredentials {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.GrpcService.GoogleGrpc.ChannelCredentials";
oneof credential_specifier {
option (validate.required) = true;
SslCredentials ssl_credentials = 1;
// https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61
google.protobuf.Empty google_default = 2;
GoogleLocalCredentials local_credentials = 3;
}
}
// [#next-free-field: 8]
message CallCredentials {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.GrpcService.GoogleGrpc.CallCredentials";
message ServiceAccountJWTAccessCredentials {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.GrpcService.GoogleGrpc.CallCredentials."
"ServiceAccountJWTAccessCredentials";
string json_key = 1;
uint64 token_lifetime_seconds = 2;
}
message GoogleIAMCredentials {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.GrpcService.GoogleGrpc.CallCredentials.GoogleIAMCredentials";
string authorization_token = 1;
string authority_selector = 2;
}
message MetadataCredentialsFromPlugin {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.GrpcService.GoogleGrpc.CallCredentials."
"MetadataCredentialsFromPlugin";
reserved 2;
reserved "config";
string name = 1;
oneof config_type {
google.protobuf.Any typed_config = 3;
}
}
// Security token service configuration that allows Google gRPC to
// fetch security token from an OAuth 2.0 authorization server.
// See https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16 and
// https://github.com/grpc/grpc/pull/19587.
// [#next-free-field: 10]
message StsService {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.GrpcService.GoogleGrpc.CallCredentials.StsService";
// URI of the token exchange service that handles token exchange requests.
// [#comment:TODO(asraa): Add URI validation when implemented. Tracked by
// https://github.com/envoyproxy/protoc-gen-validate/issues/303]
string token_exchange_service_uri = 1;
// Location of the target service or resource where the client
// intends to use the requested security token.
string resource = 2;
// Logical name of the target service where the client intends to
// use the requested security token.
string audience = 3;
// The desired scope of the requested security token in the
// context of the service or resource where the token will be used.
string scope = 4;
// Type of the requested security token.
string requested_token_type = 5;
// The path of subject token, a security token that represents the
// identity of the party on behalf of whom the request is being made.
string subject_token_path = 6 [(validate.rules).string = {min_bytes: 1}];
// Type of the subject token.
string subject_token_type = 7 [(validate.rules).string = {min_bytes: 1}];
// The path of actor token, a security token that represents the identity
// of the acting party. The acting party is authorized to use the
// requested security token and act on behalf of the subject.
string actor_token_path = 8;
// Type of the actor token.
string actor_token_type = 9;
}
oneof credential_specifier {
option (validate.required) = true;
// Access token credentials.
// https://grpc.io/grpc/cpp/namespacegrpc.html#ad3a80da696ffdaea943f0f858d7a360d.
string access_token = 1;
// Google Compute Engine credentials.
// https://grpc.io/grpc/cpp/namespacegrpc.html#a6beb3ac70ff94bd2ebbd89b8f21d1f61
google.protobuf.Empty google_compute_engine = 2;
// Google refresh token credentials.
// https://grpc.io/grpc/cpp/namespacegrpc.html#a96901c997b91bc6513b08491e0dca37c.
string google_refresh_token = 3;
// Service Account JWT Access credentials.
// https://grpc.io/grpc/cpp/namespacegrpc.html#a92a9f959d6102461f66ee973d8e9d3aa.
ServiceAccountJWTAccessCredentials service_account_jwt_access = 4;
// Google IAM credentials.
// https://grpc.io/grpc/cpp/namespacegrpc.html#a9fc1fc101b41e680d47028166e76f9d0.
GoogleIAMCredentials google_iam = 5;
// Custom authenticator credentials.
// https://grpc.io/grpc/cpp/namespacegrpc.html#a823c6a4b19ffc71fb33e90154ee2ad07.
// https://grpc.io/docs/guides/auth.html#extending-grpc-to-support-other-authentication-mechanisms.
MetadataCredentialsFromPlugin from_plugin = 6;
// Custom security token service which implements OAuth 2.0 token exchange.
// https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16
// See https://github.com/grpc/grpc/pull/19587.
StsService sts_service = 7;
}
}
// The target URI when using the `Google C++ gRPC client
// <https://github.com/grpc/grpc>`_. SSL credentials will be supplied in
// :ref:`channel_credentials <envoy_api_field_config.core.v3.GrpcService.GoogleGrpc.channel_credentials>`.
string target_uri = 1 [(validate.rules).string = {min_bytes: 1}];
ChannelCredentials channel_credentials = 2;
// A set of call credentials that can be composed with `channel credentials
// <https://grpc.io/docs/guides/auth.html#credential-types>`_.
repeated CallCredentials call_credentials = 3;
// The human readable prefix to use when emitting statistics for the gRPC
// service.
//
// .. csv-table::
// :header: Name, Type, Description
// :widths: 1, 1, 2
//
// streams_total, Counter, Total number of streams opened
// streams_closed_<gRPC status code>, Counter, Total streams closed with <gRPC status code>
string stat_prefix = 4 [(validate.rules).string = {min_bytes: 1}];
// The name of the Google gRPC credentials factory to use. This must have been registered with
// Envoy. If this is empty, a default credentials factory will be used that sets up channel
// credentials based on other configuration parameters.
string credentials_factory_name = 5;
// Additional configuration for site-specific customizations of the Google
// gRPC library.
google.protobuf.Struct config = 6;
}
reserved 4;
oneof target_specifier {
option (validate.required) = true;
// Envoy's in-built gRPC client.
// See the :ref:`gRPC services overview <arch_overview_grpc_services>`
// documentation for discussion on gRPC client selection.
EnvoyGrpc envoy_grpc = 1;
// `Google C++ gRPC client <https://github.com/grpc/grpc>`_
// See the :ref:`gRPC services overview <arch_overview_grpc_services>`
// documentation for discussion on gRPC client selection.
GoogleGrpc google_grpc = 2;
}
// The timeout for the gRPC request. This is the timeout for a specific
// request.
google.protobuf.Duration timeout = 3;
// Additional metadata to include in streams initiated to the GrpcService.
// This can be used for scenarios in which additional ad hoc authorization
// headers (e.g. ``x-foo-bar: baz-key``) are to be injected.
repeated HeaderValue initial_metadata = 5;
}

312
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/health_check.proto vendored Normal file
View File

@ -0,0 +1,312 @@
syntax = "proto3";
package envoy.config.core.v3;
import "envoy/config/core/v3/base.proto";
import "envoy/type/matcher/v3/string.proto";
import "envoy/type/v3/http.proto";
import "envoy/type/v3/range.proto";
import "google/protobuf/any.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/versioning.proto";
import "envoy/annotations/deprecation.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.core.v3";
option java_outer_classname = "HealthCheckProto";
option java_multiple_files = true;
// [#protodoc-title: Health check]
// * Health checking :ref:`architecture overview <arch_overview_health_checking>`.
// * If health checking is configured for a cluster, additional statistics are emitted. They are
// documented :ref:`here <config_cluster_manager_cluster_stats>`.
// Endpoint health status.
enum HealthStatus {
// The health status is not known. This is interpreted by Envoy as *HEALTHY*.
UNKNOWN = 0;
// Healthy.
HEALTHY = 1;
// Unhealthy.
UNHEALTHY = 2;
// Connection draining in progress. E.g.,
// `<https://aws.amazon.com/blogs/aws/elb-connection-draining-remove-instances-from-service-with-care/>`_
// or
// `<https://cloud.google.com/compute/docs/load-balancing/enabling-connection-draining>`_.
// This is interpreted by Envoy as *UNHEALTHY*.
DRAINING = 3;
// Health check timed out. This is part of HDS and is interpreted by Envoy as
// *UNHEALTHY*.
TIMEOUT = 4;
// Degraded.
DEGRADED = 5;
}
// [#next-free-field: 22]
message HealthCheck {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.HealthCheck";
// Describes the encoding of the payload bytes in the payload.
message Payload {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.HealthCheck.Payload";
oneof payload {
option (validate.required) = true;
// Hex encoded payload. E.g., "000000FF".
string text = 1 [(validate.rules).string = {min_bytes: 1}];
// [#not-implemented-hide:] Binary payload.
bytes binary = 2;
}
}
// [#next-free-field: 12]
message HttpHealthCheck {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.HealthCheck.HttpHealthCheck";
reserved 5, 7;
reserved "service_name", "use_http2";
// The value of the host header in the HTTP health check request. If
// left empty (default value), the name of the cluster this health check is associated
// with will be used.
string host = 1;
// Specifies the HTTP path that will be requested during health checking. For example
// */healthcheck*.
string path = 2 [(validate.rules).string = {min_bytes: 1}];
// [#not-implemented-hide:] HTTP specific payload.
Payload send = 3;
// [#not-implemented-hide:] HTTP specific response.
Payload receive = 4;
// Specifies a list of HTTP headers that should be added to each request that is sent to the
// health checked cluster. For more information, including details on header value syntax, see
// the documentation on :ref:`custom request headers
// <config_http_conn_man_headers_custom_request_headers>`.
repeated HeaderValueOption request_headers_to_add = 6
[(validate.rules).repeated = {max_items: 1000}];
// Specifies a list of HTTP headers that should be removed from each request that is sent to the
// health checked cluster.
repeated string request_headers_to_remove = 8;
// Specifies a list of HTTP response statuses considered healthy. If provided, replaces default
// 200-only policy - 200 must be included explicitly as needed. Ranges follow half-open
// semantics of :ref:`Int64Range <envoy_api_msg_type.v3.Int64Range>`. The start and end of each
// range are required. Only statuses in the range [100, 600) are allowed.
repeated type.v3.Int64Range expected_statuses = 9;
// Use specified application protocol for health checks.
type.v3.CodecClientType codec_client_type = 10 [(validate.rules).enum = {defined_only: true}];
// An optional service name parameter which is used to validate the identity of
// the health checked cluster using a :ref:`StringMatcher
// <envoy_api_msg_type.matcher.v3.StringMatcher>`. See the :ref:`architecture overview
// <arch_overview_health_checking_identity>` for more information.
type.matcher.v3.StringMatcher service_name_matcher = 11;
}
message TcpHealthCheck {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.HealthCheck.TcpHealthCheck";
// Empty payloads imply a connect-only health check.
Payload send = 1;
// When checking the response, fuzzy matching is performed such that each
// binary block must be found, and in the order specified, but not
// necessarily contiguous.
repeated Payload receive = 2;
}
message RedisHealthCheck {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.HealthCheck.RedisHealthCheck";
// If set, optionally perform ``EXISTS <key>`` instead of ``PING``. A return value
// from Redis of 0 (does not exist) is considered a passing healthcheck. A return value other
// than 0 is considered a failure. This allows the user to mark a Redis instance for maintenance
// by setting the specified key to any value and waiting for traffic to drain.
string key = 1;
}
// `grpc.health.v1.Health
// <https://github.com/grpc/grpc/blob/master/src/proto/grpc/health/v1/health.proto>`_-based
// healthcheck. See `gRPC doc <https://github.com/grpc/grpc/blob/master/doc/health-checking.md>`_
// for details.
message GrpcHealthCheck {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.HealthCheck.GrpcHealthCheck";
// An optional service name parameter which will be sent to gRPC service in
// `grpc.health.v1.HealthCheckRequest
// <https://github.com/grpc/grpc/blob/master/src/proto/grpc/health/v1/health.proto#L20>`_.
// message. See `gRPC health-checking overview
// <https://github.com/grpc/grpc/blob/master/doc/health-checking.md>`_ for more information.
string service_name = 1;
// The value of the :authority header in the gRPC health check request. If
// left empty (default value), the name of the cluster this health check is associated
// with will be used.
string authority = 2;
}
// Custom health check.
message CustomHealthCheck {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.HealthCheck.CustomHealthCheck";
reserved 2;
reserved "config";
// The registered name of the custom health checker.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
// A custom health checker specific configuration which depends on the custom health checker
// being instantiated. See :api:`envoy/config/health_checker` for reference.
oneof config_type {
google.protobuf.Any typed_config = 3;
}
}
// Health checks occur over the transport socket specified for the cluster. This implies that if a
// cluster is using a TLS-enabled transport socket, the health check will also occur over TLS.
//
// This allows overriding the cluster TLS settings, just for health check connections.
message TlsOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.HealthCheck.TlsOptions";
// Specifies the ALPN protocols for health check connections. This is useful if the
// corresponding upstream is using ALPN-based :ref:`FilterChainMatch
// <envoy_api_msg_config.listener.v3.FilterChainMatch>` along with different protocols for health checks
// versus data connections. If empty, no ALPN protocols will be set on health check connections.
repeated string alpn_protocols = 1;
}
reserved 10;
// The time to wait for a health check response. If the timeout is reached the
// health check attempt will be considered a failure.
google.protobuf.Duration timeout = 1 [(validate.rules).duration = {
required: true
gt {}
}];
// The interval between health checks.
google.protobuf.Duration interval = 2 [(validate.rules).duration = {
required: true
gt {}
}];
// An optional jitter amount in milliseconds. If specified, Envoy will start health
// checking after for a random time in ms between 0 and initial_jitter. This only
// applies to the first health check.
google.protobuf.Duration initial_jitter = 20;
// An optional jitter amount in milliseconds. If specified, during every
// interval Envoy will add interval_jitter to the wait time.
google.protobuf.Duration interval_jitter = 3;
// An optional jitter amount as a percentage of interval_ms. If specified,
// during every interval Envoy will add interval_ms *
// interval_jitter_percent / 100 to the wait time.
//
// If interval_jitter_ms and interval_jitter_percent are both set, both of
// them will be used to increase the wait time.
uint32 interval_jitter_percent = 18;
// The number of unhealthy health checks required before a host is marked
// unhealthy. Note that for *http* health checking if a host responds with 503
// this threshold is ignored and the host is considered unhealthy immediately.
google.protobuf.UInt32Value unhealthy_threshold = 4 [(validate.rules).message = {required: true}];
// The number of healthy health checks required before a host is marked
// healthy. Note that during startup, only a single successful health check is
// required to mark a host healthy.
google.protobuf.UInt32Value healthy_threshold = 5 [(validate.rules).message = {required: true}];
// [#not-implemented-hide:] Non-serving port for health checking.
google.protobuf.UInt32Value alt_port = 6;
// Reuse health check connection between health checks. Default is true.
google.protobuf.BoolValue reuse_connection = 7;
oneof health_checker {
option (validate.required) = true;
// HTTP health check.
HttpHealthCheck http_health_check = 8;
// TCP health check.
TcpHealthCheck tcp_health_check = 9;
// gRPC health check.
GrpcHealthCheck grpc_health_check = 11;
// Custom health check.
CustomHealthCheck custom_health_check = 13;
}
// The "no traffic interval" is a special health check interval that is used when a cluster has
// never had traffic routed to it. This lower interval allows cluster information to be kept up to
// date, without sending a potentially large amount of active health checking traffic for no
// reason. Once a cluster has been used for traffic routing, Envoy will shift back to using the
// standard health check interval that is defined. Note that this interval takes precedence over
// any other.
//
// The default value for "no traffic interval" is 60 seconds.
google.protobuf.Duration no_traffic_interval = 12 [(validate.rules).duration = {gt {}}];
// The "unhealthy interval" is a health check interval that is used for hosts that are marked as
// unhealthy. As soon as the host is marked as healthy, Envoy will shift back to using the
// standard health check interval that is defined.
//
// The default value for "unhealthy interval" is the same as "interval".
google.protobuf.Duration unhealthy_interval = 14 [(validate.rules).duration = {gt {}}];
// The "unhealthy edge interval" is a special health check interval that is used for the first
// health check right after a host is marked as unhealthy. For subsequent health checks
// Envoy will shift back to using either "unhealthy interval" if present or the standard health
// check interval that is defined.
//
// The default value for "unhealthy edge interval" is the same as "unhealthy interval".
google.protobuf.Duration unhealthy_edge_interval = 15 [(validate.rules).duration = {gt {}}];
// The "healthy edge interval" is a special health check interval that is used for the first
// health check right after a host is marked as healthy. For subsequent health checks
// Envoy will shift back to using the standard health check interval that is defined.
//
// The default value for "healthy edge interval" is the same as the default interval.
google.protobuf.Duration healthy_edge_interval = 16 [(validate.rules).duration = {gt {}}];
// Specifies the path to the :ref:`health check event log <arch_overview_health_check_logging>`.
// If empty, no event log will be written.
string event_log_path = 17;
// If set to true, health check failure events will always be logged. If set to false, only the
// initial health check failure event will be logged.
// The default value is false.
bool always_log_health_check_failures = 19;
// This allows overriding the cluster TLS settings, just for health check connections.
TlsOptions tls_options = 21;
}

55
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/http_uri.proto vendored Normal file
View File

@ -0,0 +1,55 @@
syntax = "proto3";
package envoy.config.core.v3;
import "google/protobuf/duration.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.core.v3";
option java_outer_classname = "HttpUriProto";
option java_multiple_files = true;
// [#protodoc-title: HTTP Service URI ]
// Envoy external URI descriptor
message HttpUri {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.HttpUri";
// The HTTP server URI. It should be a full FQDN with protocol, host and path.
//
// Example:
//
// .. code-block:: yaml
//
// uri: https://www.googleapis.com/oauth2/v1/certs
//
string uri = 1 [(validate.rules).string = {min_bytes: 1}];
// Specify how `uri` is to be fetched. Today, this requires an explicit
// cluster, but in the future we may support dynamic cluster creation or
// inline DNS resolution. See `issue
// <https://github.com/envoyproxy/envoy/issues/1606>`_.
oneof http_upstream_type {
option (validate.required) = true;
// A cluster is created in the Envoy "cluster_manager" config
// section. This field specifies the cluster name.
//
// Example:
//
// .. code-block:: yaml
//
// cluster: jwks_cluster
//
string cluster = 2 [(validate.rules).string = {min_bytes: 1}];
}
// Sets the maximum duration in milliseconds that a response can take to arrive upon request.
google.protobuf.Duration timeout = 3 [(validate.rules).duration = {
required: true
gte {}
}];
}

296
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/protocol.proto vendored Normal file
View File

@ -0,0 +1,296 @@
syntax = "proto3";
package envoy.config.core.v3;
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.core.v3";
option java_outer_classname = "ProtocolProto";
option java_multiple_files = true;
// [#protodoc-title: Protocol options]
// [#not-implemented-hide:]
message TcpProtocolOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.TcpProtocolOptions";
}
message UpstreamHttpProtocolOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.UpstreamHttpProtocolOptions";
// Set transport socket `SNI <https://en.wikipedia.org/wiki/Server_Name_Indication>`_ for new
// upstream connections based on the downstream HTTP host/authority header, as seen by the
// :ref:`router filter <config_http_filters_router>`.
bool auto_sni = 1;
// Automatic validate upstream presented certificate for new upstream connections based on the
// downstream HTTP host/authority header, as seen by the
// :ref:`router filter <config_http_filters_router>`.
// This field is intended to set with `auto_sni` field.
bool auto_san_validation = 2;
}
message HttpProtocolOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.HttpProtocolOptions";
// The idle timeout for connections. The idle timeout is defined as the
// period in which there are no active requests. If not set, there is no idle timeout. When the
// idle timeout is reached the connection will be closed. If the connection is an HTTP/2
// downstream connection a drain sequence will occur prior to closing the connection, see
// :ref:`drain_timeout
// <envoy_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.drain_timeout>`.
// Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive.
// If not specified, this defaults to 1 hour. To disable idle timeouts explicitly set this to 0.
//
// .. warning::
// Disabling this timeout has a highly likelihood of yielding connection leaks due to lost TCP
// FIN packets, etc.
google.protobuf.Duration idle_timeout = 1;
// The maximum duration of a connection. The duration is defined as a period since a connection
// was established. If not set, there is no max duration. When max_connection_duration is reached
// the connection will be closed. Drain sequence will occur prior to closing the connection if
// if's applicable. See :ref:`drain_timeout
// <envoy_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.drain_timeout>`.
// Note: not implemented for upstream connections.
google.protobuf.Duration max_connection_duration = 3;
// The maximum number of headers. If unconfigured, the default
// maximum number of request headers allowed is 100. Requests that exceed this limit will receive
// a 431 response for HTTP/1.x and cause a stream reset for HTTP/2.
google.protobuf.UInt32Value max_headers_count = 2 [(validate.rules).uint32 = {gte: 1}];
// Total duration to keep alive an HTTP request/response stream. If the time limit is reached the stream will be
// reset independent of any other timeouts. If not specified, this value is not set.
// The current implementation implements this timeout on downstream connections only.
// [#comment:TODO(shikugawa): add this functionality to upstream.]
google.protobuf.Duration max_stream_duration = 4;
}
// [#next-free-field: 6]
message Http1ProtocolOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.Http1ProtocolOptions";
message HeaderKeyFormat {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.Http1ProtocolOptions.HeaderKeyFormat";
message ProperCaseWords {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.Http1ProtocolOptions.HeaderKeyFormat.ProperCaseWords";
}
oneof header_format {
option (validate.required) = true;
// Formats the header by proper casing words: the first character and any character following
// a special character will be capitalized if it's an alpha character. For example,
// "content-type" becomes "Content-Type", and "foo$b#$are" becomes "Foo$B#$Are".
// Note that while this results in most headers following conventional casing, certain headers
// are not covered. For example, the "TE" header will be formatted as "Te".
ProperCaseWords proper_case_words = 1;
}
}
// Handle HTTP requests with absolute URLs in the requests. These requests
// are generally sent by clients to forward/explicit proxies. This allows clients to configure
// envoy as their HTTP proxy. In Unix, for example, this is typically done by setting the
// *http_proxy* environment variable.
google.protobuf.BoolValue allow_absolute_url = 1;
// Handle incoming HTTP/1.0 and HTTP 0.9 requests.
// This is off by default, and not fully standards compliant. There is support for pre-HTTP/1.1
// style connect logic, dechunking, and handling lack of client host iff
// *default_host_for_http_10* is configured.
bool accept_http_10 = 2;
// A default host for HTTP/1.0 requests. This is highly suggested if *accept_http_10* is true as
// Envoy does not otherwise support HTTP/1.0 without a Host header.
// This is a no-op if *accept_http_10* is not true.
string default_host_for_http_10 = 3;
// Describes how the keys for response headers should be formatted. By default, all header keys
// are lower cased.
HeaderKeyFormat header_key_format = 4;
// Enables trailers for HTTP/1. By default the HTTP/1 codec drops proxied trailers.
//
// .. attention::
//
// Note that this only happens when Envoy is chunk encoding which occurs when:
// - The request is HTTP/1.1.
// - Is neither a HEAD only request nor a HTTP Upgrade.
// - Not a response to a HEAD request.
// - The content length header is not present.
bool enable_trailers = 5;
}
// [#next-free-field: 14]
message Http2ProtocolOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.Http2ProtocolOptions";
// Defines a parameter to be sent in the SETTINGS frame.
// See `RFC7540, sec. 6.5.1 <https://tools.ietf.org/html/rfc7540#section-6.5.1>`_ for details.
message SettingsParameter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.Http2ProtocolOptions.SettingsParameter";
// The 16 bit parameter identifier.
google.protobuf.UInt32Value identifier = 1 [
(validate.rules).uint32 = {lte: 65536 gte: 1},
(validate.rules).message = {required: true}
];
// The 32 bit parameter value.
google.protobuf.UInt32Value value = 2 [(validate.rules).message = {required: true}];
}
// `Maximum table size <https://httpwg.org/specs/rfc7541.html#rfc.section.4.2>`_
// (in octets) that the encoder is permitted to use for the dynamic HPACK table. Valid values
// range from 0 to 4294967295 (2^32 - 1) and defaults to 4096. 0 effectively disables header
// compression.
google.protobuf.UInt32Value hpack_table_size = 1;
// `Maximum concurrent streams <https://httpwg.org/specs/rfc7540.html#rfc.section.5.1.2>`_
// allowed for peer on one HTTP/2 connection. Valid values range from 1 to 2147483647 (2^31 - 1)
// and defaults to 2147483647.
//
// For upstream connections, this also limits how many streams Envoy will initiate concurrently
// on a single connection. If the limit is reached, Envoy may queue requests or establish
// additional connections (as allowed per circuit breaker limits).
google.protobuf.UInt32Value max_concurrent_streams = 2
[(validate.rules).uint32 = {lte: 2147483647 gte: 1}];
// `Initial stream-level flow-control window
// <https://httpwg.org/specs/rfc7540.html#rfc.section.6.9.2>`_ size. Valid values range from 65535
// (2^16 - 1, HTTP/2 default) to 2147483647 (2^31 - 1, HTTP/2 maximum) and defaults to 268435456
// (256 * 1024 * 1024).
//
// NOTE: 65535 is the initial window size from HTTP/2 spec. We only support increasing the default
// window size now, so it's also the minimum.
//
// This field also acts as a soft limit on the number of bytes Envoy will buffer per-stream in the
// HTTP/2 codec buffers. Once the buffer reaches this pointer, watermark callbacks will fire to
// stop the flow of data to the codec buffers.
google.protobuf.UInt32Value initial_stream_window_size = 3
[(validate.rules).uint32 = {lte: 2147483647 gte: 65535}];
// Similar to *initial_stream_window_size*, but for connection-level flow-control
// window. Currently, this has the same minimum/maximum/default as *initial_stream_window_size*.
google.protobuf.UInt32Value initial_connection_window_size = 4
[(validate.rules).uint32 = {lte: 2147483647 gte: 65535}];
// Allows proxying Websocket and other upgrades over H2 connect.
bool allow_connect = 5;
// [#not-implemented-hide:] Hiding until envoy has full metadata support.
// Still under implementation. DO NOT USE.
//
// Allows metadata. See [metadata
// docs](https://github.com/envoyproxy/envoy/blob/master/source/docs/h2_metadata.md) for more
// information.
bool allow_metadata = 6;
// Limit the number of pending outbound downstream frames of all types (frames that are waiting to
// be written into the socket). Exceeding this limit triggers flood mitigation and connection is
// terminated. The ``http2.outbound_flood`` stat tracks the number of terminated connections due
// to flood mitigation. The default limit is 10000.
// [#comment:TODO: implement same limits for upstream outbound frames as well.]
google.protobuf.UInt32Value max_outbound_frames = 7 [(validate.rules).uint32 = {gte: 1}];
// Limit the number of pending outbound downstream frames of types PING, SETTINGS and RST_STREAM,
// preventing high memory utilization when receiving continuous stream of these frames. Exceeding
// this limit triggers flood mitigation and connection is terminated. The
// ``http2.outbound_control_flood`` stat tracks the number of terminated connections due to flood
// mitigation. The default limit is 1000.
// [#comment:TODO: implement same limits for upstream outbound frames as well.]
google.protobuf.UInt32Value max_outbound_control_frames = 8 [(validate.rules).uint32 = {gte: 1}];
// Limit the number of consecutive inbound frames of types HEADERS, CONTINUATION and DATA with an
// empty payload and no end stream flag. Those frames have no legitimate use and are abusive, but
// might be a result of a broken HTTP/2 implementation. The `http2.inbound_empty_frames_flood``
// stat tracks the number of connections terminated due to flood mitigation.
// Setting this to 0 will terminate connection upon receiving first frame with an empty payload
// and no end stream flag. The default limit is 1.
// [#comment:TODO: implement same limits for upstream inbound frames as well.]
google.protobuf.UInt32Value max_consecutive_inbound_frames_with_empty_payload = 9;
// Limit the number of inbound PRIORITY frames allowed per each opened stream. If the number
// of PRIORITY frames received over the lifetime of connection exceeds the value calculated
// using this formula::
//
// max_inbound_priority_frames_per_stream * (1 + inbound_streams)
//
// the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks
// the number of connections terminated due to flood mitigation. The default limit is 100.
// [#comment:TODO: implement same limits for upstream inbound frames as well.]
google.protobuf.UInt32Value max_inbound_priority_frames_per_stream = 10;
// Limit the number of inbound WINDOW_UPDATE frames allowed per DATA frame sent. If the number
// of WINDOW_UPDATE frames received over the lifetime of connection exceeds the value calculated
// using this formula::
//
// 1 + 2 * (inbound_streams +
// max_inbound_window_update_frames_per_data_frame_sent * outbound_data_frames)
//
// the connection is terminated. The ``http2.inbound_priority_frames_flood`` stat tracks
// the number of connections terminated due to flood mitigation. The default limit is 10.
// Setting this to 1 should be enough to support HTTP/2 implementations with basic flow control,
// but more complex implementations that try to estimate available bandwidth require at least 2.
// [#comment:TODO: implement same limits for upstream inbound frames as well.]
google.protobuf.UInt32Value max_inbound_window_update_frames_per_data_frame_sent = 11
[(validate.rules).uint32 = {gte: 1}];
// Allows invalid HTTP messaging and headers. When this option is disabled (default), then
// the whole HTTP/2 connection is terminated upon receiving invalid HEADERS frame. However,
// when this option is enabled, only the offending stream is terminated.
//
// See `RFC7540, sec. 8.1 <https://tools.ietf.org/html/rfc7540#section-8.1>`_ for details.
bool stream_error_on_invalid_http_messaging = 12;
// [#not-implemented-hide:]
// Specifies SETTINGS frame parameters to be sent to the peer, with two exceptions:
//
// 1. SETTINGS_ENABLE_PUSH (0x2) is not configurable as HTTP/2 server push is not supported by
// Envoy.
//
// 2. SETTINGS_ENABLE_CONNECT_PROTOCOL (0x8) is only configurable through the named field
// 'allow_connect'.
//
// Note that custom parameters specified through this field can not also be set in the
// corresponding named parameters:
//
// .. code-block:: text
//
// ID Field Name
// ----------------
// 0x1 hpack_table_size
// 0x3 max_concurrent_streams
// 0x4 initial_stream_window_size
//
// Collisions will trigger config validation failure on load/update. Likewise, inconsistencies
// between custom parameters with the same identifier will trigger a failure.
//
// See `IANA HTTP/2 Settings
// <https://www.iana.org/assignments/http2-parameters/http2-parameters.xhtml#settings>`_ for
// standardized identifiers.
repeated SettingsParameter custom_settings_parameters = 13;
}
// [#not-implemented-hide:]
message GrpcProtocolOptions {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.core.GrpcProtocolOptions";
Http2ProtocolOptions http2_protocol_options = 1;
}

55
xds/third_party/envoy/src/main/proto/envoy/config/core/v3/socket_option.proto vendored Normal file
View File

@ -0,0 +1,55 @@
syntax = "proto3";
package envoy.config.core.v3;
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.core.v3";
option java_outer_classname = "SocketOptionProto";
option java_multiple_files = true;
// [#protodoc-title: Socket Option ]
// Generic socket option message. This would be used to set socket options that
// might not exist in upstream kernels or precompiled Envoy binaries.
// [#next-free-field: 7]
message SocketOption {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.core.SocketOption";
enum SocketState {
// Socket options are applied after socket creation but before binding the socket to a port
STATE_PREBIND = 0;
// Socket options are applied after binding the socket to a port but before calling listen()
STATE_BOUND = 1;
// Socket options are applied after calling listen()
STATE_LISTENING = 2;
}
// An optional name to give this socket option for debugging, etc.
// Uniqueness is not required and no special meaning is assumed.
string description = 1;
// Corresponding to the level value passed to setsockopt, such as IPPROTO_TCP
int64 level = 2;
// The numeric name as passed to setsockopt
int64 name = 3;
oneof value {
option (validate.required) = true;
// Because many sockopts take an int value.
int64 int_value = 4;
// Otherwise it's a byte buffer.
bytes buf_value = 5;
}
// The state in which the option will be applied. When used in BindConfig
// STATE_PREBIND is currently the only valid value.
SocketState state = 6 [(validate.rules).enum = {defined_only: true}];
}

116
xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint.proto vendored Normal file
View File

@ -0,0 +1,116 @@
syntax = "proto3";
package envoy.config.endpoint.v3;
import "envoy/config/endpoint/v3/endpoint_components.proto";
import "envoy/type/v3/percent.proto";
import "google/api/annotations.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.endpoint.v3";
option java_outer_classname = "EndpointProto";
option java_multiple_files = true;
// [#protodoc-title: Endpoint configuration]
// Endpoint discovery :ref:`architecture overview <arch_overview_service_discovery_types_eds>`
// Each route from RDS will map to a single cluster or traffic split across
// clusters using weights expressed in the RDS WeightedCluster.
//
// With EDS, each cluster is treated independently from a LB perspective, with
// LB taking place between the Localities within a cluster and at a finer
// granularity between the hosts within a locality. The percentage of traffic
// for each endpoint is determined by both its load_balancing_weight, and the
// load_balancing_weight of its locality. First, a locality will be selected,
// then an endpoint within that locality will be chose based on its weight.
// [#next-free-field: 6]
message ClusterLoadAssignment {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.ClusterLoadAssignment";
// Load balancing policy settings.
// [#next-free-field: 6]
message Policy {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.ClusterLoadAssignment.Policy";
message DropOverload {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.ClusterLoadAssignment.Policy.DropOverload";
// Identifier for the policy specifying the drop.
string category = 1 [(validate.rules).string = {min_bytes: 1}];
// Percentage of traffic that should be dropped for the category.
type.v3.FractionalPercent drop_percentage = 2;
}
reserved 1, 5;
reserved "disable_overprovisioning";
// Action to trim the overall incoming traffic to protect the upstream
// hosts. This action allows protection in case the hosts are unable to
// recover from an outage, or unable to autoscale or unable to handle
// incoming traffic volume for any reason.
//
// At the client each category is applied one after the other to generate
// the 'actual' drop percentage on all outgoing traffic. For example:
//
// .. code-block:: json
//
// { "drop_overloads": [
// { "category": "throttle", "drop_percentage": 60 }
// { "category": "lb", "drop_percentage": 50 }
// ]}
//
// The actual drop percentages applied to the traffic at the clients will be
// "throttle"_drop = 60%
// "lb"_drop = 20% // 50% of the remaining 'actual' load, which is 40%.
// actual_outgoing_load = 20% // remaining after applying all categories.
repeated DropOverload drop_overloads = 2;
// Priority levels and localities are considered overprovisioned with this
// factor (in percentage). This means that we don't consider a priority
// level or locality unhealthy until the percentage of healthy hosts
// multiplied by the overprovisioning factor drops below 100.
// With the default value 140(1.4), Envoy doesn't consider a priority level
// or a locality unhealthy until their percentage of healthy hosts drops
// below 72%. For example:
//
// .. code-block:: json
//
// { "overprovisioning_factor": 100 }
//
// Read more at :ref:`priority levels <arch_overview_load_balancing_priority_levels>` and
// :ref:`localities <arch_overview_load_balancing_locality_weighted_lb>`.
google.protobuf.UInt32Value overprovisioning_factor = 3 [(validate.rules).uint32 = {gt: 0}];
// The max time until which the endpoints from this assignment can be used.
// If no new assignments are received before this time expires the endpoints
// are considered stale and should be marked unhealthy.
// Defaults to 0 which means endpoints never go stale.
google.protobuf.Duration endpoint_stale_after = 4 [(validate.rules).duration = {gt {}}];
}
// Name of the cluster. This will be the :ref:`service_name
// <envoy_api_field_config.cluster.v3.Cluster.EdsClusterConfig.service_name>` value if specified
// in the cluster :ref:`EdsClusterConfig
// <envoy_api_msg_config.cluster.v3.Cluster.EdsClusterConfig>`.
string cluster_name = 1 [(validate.rules).string = {min_bytes: 1}];
// List of endpoints to load balance to.
repeated LocalityLbEndpoints endpoints = 2;
// Map of named endpoints that can be referenced in LocalityLbEndpoints.
// [#not-implemented-hide:]
map<string, Endpoint> named_endpoints = 5;
// Load balancing policy settings.
Policy policy = 4;
}

141
xds/third_party/envoy/src/main/proto/envoy/config/endpoint/v3/endpoint_components.proto vendored Normal file
View File

@ -0,0 +1,141 @@
syntax = "proto3";
package envoy.config.endpoint.v3;
import "envoy/config/core/v3/address.proto";
import "envoy/config/core/v3/base.proto";
import "envoy/config/core/v3/health_check.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.endpoint.v3";
option java_outer_classname = "EndpointComponentsProto";
option java_multiple_files = true;
// [#protodoc-title: Endpoints]
// Upstream host identifier.
message Endpoint {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.endpoint.Endpoint";
// The optional health check configuration.
message HealthCheckConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.endpoint.Endpoint.HealthCheckConfig";
// Optional alternative health check port value.
//
// By default the health check address port of an upstream host is the same
// as the host's serving address port. This provides an alternative health
// check port. Setting this with a non-zero value allows an upstream host
// to have different health check address port.
uint32 port_value = 1 [(validate.rules).uint32 = {lte: 65535}];
}
// The upstream host address.
//
// .. attention::
//
// The form of host address depends on the given cluster type. For STATIC or EDS,
// it is expected to be a direct IP address (or something resolvable by the
// specified :ref:`resolver <envoy_api_field_config.core.v3.SocketAddress.resolver_name>`
// in the Address). For LOGICAL or STRICT DNS, it is expected to be hostname,
// and will be resolved via DNS.
core.v3.Address address = 1;
// The optional health check configuration is used as configuration for the
// health checker to contact the health checked host.
//
// .. attention::
//
// This takes into effect only for upstream clusters with
// :ref:`active health checking <arch_overview_health_checking>` enabled.
HealthCheckConfig health_check_config = 2;
}
// An Endpoint that Envoy can route traffic to.
// [#next-free-field: 6]
message LbEndpoint {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.endpoint.LbEndpoint";
// Upstream host identifier or a named reference.
oneof host_identifier {
Endpoint endpoint = 1;
// [#not-implemented-hide:]
string endpoint_name = 5;
}
// Optional health status when known and supplied by EDS server.
core.v3.HealthStatus health_status = 2;
// The endpoint metadata specifies values that may be used by the load
// balancer to select endpoints in a cluster for a given request. The filter
// name should be specified as *envoy.lb*. An example boolean key-value pair
// is *canary*, providing the optional canary status of the upstream host.
// This may be matched against in a route's
// :ref:`RouteAction <envoy_api_msg_config.route.v3.RouteAction>` metadata_match field
// to subset the endpoints considered in cluster load balancing.
core.v3.Metadata metadata = 3;
// The optional load balancing weight of the upstream host; at least 1.
// Envoy uses the load balancing weight in some of the built in load
// balancers. The load balancing weight for an endpoint is divided by the sum
// of the weights of all endpoints in the endpoint's locality to produce a
// percentage of traffic for the endpoint. This percentage is then further
// weighted by the endpoint's locality's load balancing weight from
// LocalityLbEndpoints. If unspecified, each host is presumed to have equal
// weight in a locality.
google.protobuf.UInt32Value load_balancing_weight = 4 [(validate.rules).uint32 = {gte: 1}];
}
// A group of endpoints belonging to a Locality.
// One can have multiple LocalityLbEndpoints for a locality, but this is
// generally only done if the different groups need to have different load
// balancing weights or different priorities.
// [#next-free-field: 7]
message LocalityLbEndpoints {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.endpoint.LocalityLbEndpoints";
// Identifies location of where the upstream hosts run.
core.v3.Locality locality = 1;
// The group of endpoints belonging to the locality specified.
repeated LbEndpoint lb_endpoints = 2;
// Optional: Per priority/region/zone/sub_zone weight; at least 1. The load
// balancing weight for a locality is divided by the sum of the weights of all
// localities at the same priority level to produce the effective percentage
// of traffic for the locality.
//
// Locality weights are only considered when :ref:`locality weighted load
// balancing <arch_overview_load_balancing_locality_weighted_lb>` is
// configured. These weights are ignored otherwise. If no weights are
// specified when locality weighted load balancing is enabled, the locality is
// assigned no load.
google.protobuf.UInt32Value load_balancing_weight = 3 [(validate.rules).uint32 = {gte: 1}];
// Optional: the priority for this LocalityLbEndpoints. If unspecified this will
// default to the highest priority (0).
//
// Under usual circumstances, Envoy will only select endpoints for the highest
// priority (0). In the event all endpoints for a particular priority are
// unavailable/unhealthy, Envoy will fail over to selecting endpoints for the
// next highest priority group.
//
// Priorities should range from 0 (highest) to N (lowest) without skipping.
uint32 priority = 5 [(validate.rules).uint32 = {lte: 128}];
// Optional: Per locality proximity value which indicates how close this
// locality is from the source locality. This value only provides ordering
// information (lower the value, closer it is to the source locality).
// This will be consumed by load balancing schemes that need proximity order
// to determine where to route the requests.
// [#not-implemented-hide:]
google.protobuf.UInt32Value proximity = 6;
}

30
xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/api_listener.proto vendored Normal file
View File

@ -0,0 +1,30 @@
syntax = "proto3";
package envoy.config.listener.v3;
import "google/protobuf/any.proto";
import "udpa/annotations/versioning.proto";
option java_package = "io.envoyproxy.envoy.config.listener.v3";
option java_outer_classname = "ApiListenerProto";
option java_multiple_files = true;
// [#protodoc-title: API listener]
// Describes a type of API listener, which is used in non-proxy clients. The type of API
// exposed to the non-proxy application depends on the type of API listener.
message ApiListener {
option (udpa.annotations.versioning).previous_message_type =
"envoy.config.listener.v2.ApiListener";
// The type in this field determines the type of API listener. At present, the following
// types are supported:
// envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager (HTTP)
// [#next-major-version: In the v3 API, replace this Any field with a oneof containing the
// specific config message for each type of API listener. We could not do this in v2 because
// it would have caused circular dependencies for go protos: lds.proto depends on this file,
// and http_connection_manager.proto depends on rds.proto, which is in the same directory as
// lds.proto, so lds.proto cannot depend on this file.]
google.protobuf.Any api_listener = 1;
}

235
xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener.proto vendored Normal file
View File

@ -0,0 +1,235 @@
syntax = "proto3";
package envoy.config.listener.v3;
import "envoy/config/core/v3/address.proto";
import "envoy/config/core/v3/base.proto";
import "envoy/config/core/v3/socket_option.proto";
import "envoy/config/listener/v3/api_listener.proto";
import "envoy/config/listener/v3/listener_components.proto";
import "envoy/config/listener/v3/udp_listener_config.proto";
import "google/api/annotations.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.listener.v3";
option java_outer_classname = "ListenerProto";
option java_multiple_files = true;
// [#protodoc-title: Listener configuration]
// Listener :ref:`configuration overview <config_listeners>`
// [#next-free-field: 22]
message Listener {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.Listener";
enum DrainType {
// Drain in response to calling /healthcheck/fail admin endpoint (along with the health check
// filter), listener removal/modification, and hot restart.
DEFAULT = 0;
// Drain in response to listener removal/modification and hot restart. This setting does not
// include /healthcheck/fail. This setting may be desirable if Envoy is hosting both ingress
// and egress listeners.
MODIFY_ONLY = 1;
}
// [#not-implemented-hide:]
message DeprecatedV1 {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Listener.DeprecatedV1";
// Whether the listener should bind to the port. A listener that doesn't
// bind can only receive connections redirected from other listeners that
// set use_original_dst parameter to true. Default is true.
//
// This is deprecated in v2, all Listeners will bind to their port. An
// additional filter chain must be created for every original destination
// port this listener may redirect to in v2, with the original port
// specified in the FilterChainMatch destination_port field.
//
// [#comment:TODO(PiotrSikora): Remove this once verified that we no longer need it.]
google.protobuf.BoolValue bind_to_port = 1;
}
// Configuration for listener connection balancing.
message ConnectionBalanceConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Listener.ConnectionBalanceConfig";
// A connection balancer implementation that does exact balancing. This means that a lock is
// held during balancing so that connection counts are nearly exactly balanced between worker
// threads. This is "nearly" exact in the sense that a connection might close in parallel thus
// making the counts incorrect, but this should be rectified on the next accept. This balancer
// sacrifices accept throughput for accuracy and should be used when there are a small number of
// connections that rarely cycle (e.g., service mesh gRPC egress).
message ExactBalance {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.Listener.ConnectionBalanceConfig.ExactBalance";
}
oneof balance_type {
option (validate.required) = true;
// If specified, the listener will use the exact connection balancer.
ExactBalance exact_balance = 1;
}
}
reserved 14, 4;
reserved "use_original_dst";
// The unique name by which this listener is known. If no name is provided,
// Envoy will allocate an internal UUID for the listener. If the listener is to be dynamically
// updated or removed via :ref:`LDS <config_listeners_lds>` a unique name must be provided.
string name = 1;
// The address that the listener should listen on. In general, the address must be unique, though
// that is governed by the bind rules of the OS. E.g., multiple listeners can listen on port 0 on
// Linux as the actual port will be allocated by the OS.
core.v3.Address address = 2 [(validate.rules).message = {required: true}];
// A list of filter chains to consider for this listener. The
// :ref:`FilterChain <envoy_api_msg_config.listener.v3.FilterChain>` with the most specific
// :ref:`FilterChainMatch <envoy_api_msg_config.listener.v3.FilterChainMatch>` criteria is used on a
// connection.
//
// Example using SNI for filter chain selection can be found in the
// :ref:`FAQ entry <faq_how_to_setup_sni>`.
repeated FilterChain filter_chains = 3;
// Soft limit on size of the listeners new connection read and write buffers.
// If unspecified, an implementation defined default is applied (1MiB).
google.protobuf.UInt32Value per_connection_buffer_limit_bytes = 5;
// Listener metadata.
core.v3.Metadata metadata = 6;
// [#not-implemented-hide:]
DeprecatedV1 deprecated_v1 = 7;
// The type of draining to perform at a listener-wide level.
DrainType drain_type = 8;
// Listener filters have the opportunity to manipulate and augment the connection metadata that
// is used in connection filter chain matching, for example. These filters are run before any in
// :ref:`filter_chains <envoy_api_field_config.listener.v3.Listener.filter_chains>`. Order matters as the
// filters are processed sequentially right after a socket has been accepted by the listener, and
// before a connection is created.
// UDP Listener filters can be specified when the protocol in the listener socket address in
// :ref:`protocol <envoy_api_field_config.core.v3.SocketAddress.protocol>` is :ref:`UDP
// <envoy_api_enum_value_config.core.v3.SocketAddress.Protocol.UDP>`.
// UDP listeners currently support a single filter.
repeated ListenerFilter listener_filters = 9;
// The timeout to wait for all listener filters to complete operation. If the timeout is reached,
// the accepted socket is closed without a connection being created unless
// `continue_on_listener_filters_timeout` is set to true. Specify 0 to disable the
// timeout. If not specified, a default timeout of 15s is used.
google.protobuf.Duration listener_filters_timeout = 15;
// Whether a connection should be created when listener filters timeout. Default is false.
//
// .. attention::
//
// Some listener filters, such as :ref:`Proxy Protocol filter
// <config_listener_filters_proxy_protocol>`, should not be used with this option. It will cause
// unexpected behavior when a connection is created.
bool continue_on_listener_filters_timeout = 17;
// Whether the listener should be set as a transparent socket.
// When this flag is set to true, connections can be redirected to the listener using an
// *iptables* *TPROXY* target, in which case the original source and destination addresses and
// ports are preserved on accepted connections. This flag should be used in combination with
// :ref:`an original_dst <config_listener_filters_original_dst>` :ref:`listener filter
// <envoy_api_field_config.listener.v3.Listener.listener_filters>` to mark the connections' local addresses as
// "restored." This can be used to hand off each redirected connection to another listener
// associated with the connection's destination address. Direct connections to the socket without
// using *TPROXY* cannot be distinguished from connections redirected using *TPROXY* and are
// therefore treated as if they were redirected.
// When this flag is set to false, the listener's socket is explicitly reset as non-transparent.
// Setting this flag requires Envoy to run with the *CAP_NET_ADMIN* capability.
// When this flag is not set (default), the socket is not modified, i.e. the transparent option
// is neither set nor reset.
google.protobuf.BoolValue transparent = 10;
// Whether the listener should set the *IP_FREEBIND* socket option. When this
// flag is set to true, listeners can be bound to an IP address that is not
// configured on the system running Envoy. When this flag is set to false, the
// option *IP_FREEBIND* is disabled on the socket. When this flag is not set
// (default), the socket is not modified, i.e. the option is neither enabled
// nor disabled.
google.protobuf.BoolValue freebind = 11;
// Additional socket options that may not be present in Envoy source code or
// precompiled binaries.
repeated core.v3.SocketOption socket_options = 13;
// Whether the listener should accept TCP Fast Open (TFO) connections.
// When this flag is set to a value greater than 0, the option TCP_FASTOPEN is enabled on
// the socket, with a queue length of the specified size
// (see `details in RFC7413 <https://tools.ietf.org/html/rfc7413#section-5.1>`_).
// When this flag is set to 0, the option TCP_FASTOPEN is disabled on the socket.
// When this flag is not set (default), the socket is not modified,
// i.e. the option is neither enabled nor disabled.
//
// On Linux, the net.ipv4.tcp_fastopen kernel parameter must include flag 0x2 to enable
// TCP_FASTOPEN.
// See `ip-sysctl.txt <https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt>`_.
//
// On macOS, only values of 0, 1, and unset are valid; other values may result in an error.
// To set the queue length on macOS, set the net.inet.tcp.fastopen_backlog kernel parameter.
google.protobuf.UInt32Value tcp_fast_open_queue_length = 12;
// Specifies the intended direction of the traffic relative to the local Envoy.
core.v3.TrafficDirection traffic_direction = 16;
// If the protocol in the listener socket address in :ref:`protocol
// <envoy_api_field_config.core.v3.SocketAddress.protocol>` is :ref:`UDP
// <envoy_api_enum_value_config.core.v3.SocketAddress.Protocol.UDP>`, this field specifies the actual udp
// listener to create, i.e. :ref:`udp_listener_name
// <envoy_api_field_config.listener.v3.UdpListenerConfig.udp_listener_name>` = "raw_udp_listener" for
// creating a packet-oriented UDP listener. If not present, treat it as "raw_udp_listener".
UdpListenerConfig udp_listener_config = 18;
// Used to represent an API listener, which is used in non-proxy clients. The type of API
// exposed to the non-proxy application depends on the type of API listener.
// When this field is set, no other field except for :ref:`name<envoy_api_field_config.listener.v3.Listener.name>`
// should be set.
//
// .. note::
//
// Currently only one ApiListener can be installed; and it can only be done via bootstrap config,
// not LDS.
//
// [#next-major-version: In the v3 API, instead of this messy approach where the socket
// listener fields are directly in the top-level Listener message and the API listener types
// are in the ApiListener message, the socket listener messages should be in their own message,
// and the top-level Listener should essentially be a oneof that selects between the
// socket listener and the various types of API listener. That way, a given Listener message
// can structurally only contain the fields of the relevant type.]
ApiListener api_listener = 19;
// The listener's connection balancer configuration, currently only applicable to TCP listeners.
// If no configuration is specified, Envoy will not attempt to balance active connections between
// worker threads.
ConnectionBalanceConfig connection_balance_config = 20;
// When this flag is set to true, listeners set the *SO_REUSEPORT* socket option and
// create one socket for each worker thread. This makes inbound connections
// distribute among worker threads roughly evenly in cases where there are a high number
// of connections. When this flag is set to false, all worker threads share one socket.
//
// Before Linux v4.19-rc1, new TCP connections may be rejected during hot restart
// (see `3rd paragraph in 'soreuseport' commit message
// <https://github.com/torvalds/linux/commit/c617f398edd4db2b8567a28e89>`_).
// This issue was fixed by `tcp: Avoid TCP syncookie rejected by SO_REUSEPORT socket
// <https://github.com/torvalds/linux/commit/40a1227ea845a37ab197dd1caffb60b047fa36b1>`_.
bool reuse_port = 21;
}

282
xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/listener_components.proto vendored Normal file
View File

@ -0,0 +1,282 @@
syntax = "proto3";
package envoy.config.listener.v3;
import "envoy/config/core/v3/address.proto";
import "envoy/config/core/v3/base.proto";
import "envoy/type/v3/range.proto";
import "google/protobuf/any.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.config.listener.v3";
option java_outer_classname = "ListenerComponentsProto";
option java_multiple_files = true;
// [#protodoc-title: Listener components]
// Listener :ref:`configuration overview <config_listeners>`
message Filter {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.listener.Filter";
reserved 3, 2;
reserved "config";
// The name of the filter to instantiate. The name must match a
// :ref:`supported filter <config_network_filters>`.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
// Filter specific configuration which depends on the filter being
// instantiated. See the supported filters for further documentation.
oneof config_type {
google.protobuf.Any typed_config = 4;
}
}
// Specifies the match criteria for selecting a specific filter chain for a
// listener.
//
// In order for a filter chain to be selected, *ALL* of its criteria must be
// fulfilled by the incoming connection, properties of which are set by the
// networking stack and/or listener filters.
//
// The following order applies:
//
// 1. Destination port.
// 2. Destination IP address.
// 3. Server name (e.g. SNI for TLS protocol),
// 4. Transport protocol.
// 5. Application protocols (e.g. ALPN for TLS protocol).
// 6. Source type (e.g. any, local or external network).
// 7. Source IP address.
// 8. Source port.
//
// For criteria that allow ranges or wildcards, the most specific value in any
// of the configured filter chains that matches the incoming connection is going
// to be used (e.g. for SNI ``www.example.com`` the most specific match would be
// ``www.example.com``, then ``*.example.com``, then ``*.com``, then any filter
// chain without ``server_names`` requirements).
//
// [#comment: Implemented rules are kept in the preference order, with deprecated fields
// listed at the end, because that's how we want to list them in the docs.
//
// [#comment:TODO(PiotrSikora): Add support for configurable precedence of the rules]
// [#next-free-field: 13]
message FilterChainMatch {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.listener.FilterChainMatch";
enum ConnectionSourceType {
// Any connection source matches.
ANY = 0;
// Match a connection originating from the same host.
SAME_IP_OR_LOOPBACK = 1;
// Match a connection originating from a different host.
EXTERNAL = 2;
}
reserved 1;
// Optional destination port to consider when use_original_dst is set on the
// listener in determining a filter chain match.
google.protobuf.UInt32Value destination_port = 8 [(validate.rules).uint32 = {lte: 65535 gte: 1}];
// If non-empty, an IP address and prefix length to match addresses when the
// listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
repeated core.v3.CidrRange prefix_ranges = 3;
// If non-empty, an IP address and suffix length to match addresses when the
// listener is bound to 0.0.0.0/:: or when use_original_dst is specified.
// [#not-implemented-hide:]
string address_suffix = 4;
// [#not-implemented-hide:]
google.protobuf.UInt32Value suffix_len = 5;
// Specifies the connection source IP match type. Can be any, local or external network.
ConnectionSourceType source_type = 12 [(validate.rules).enum = {defined_only: true}];
// The criteria is satisfied if the source IP address of the downstream
// connection is contained in at least one of the specified subnets. If the
// parameter is not specified or the list is empty, the source IP address is
// ignored.
repeated core.v3.CidrRange source_prefix_ranges = 6;
// The criteria is satisfied if the source port of the downstream connection
// is contained in at least one of the specified ports. If the parameter is
// not specified, the source port is ignored.
repeated uint32 source_ports = 7
[(validate.rules).repeated = {items {uint32 {lte: 65535 gte: 1}}}];
// If non-empty, a list of server names (e.g. SNI for TLS protocol) to consider when determining
// a filter chain match. Those values will be compared against the server names of a new
// connection, when detected by one of the listener filters.
//
// The server name will be matched against all wildcard domains, i.e. ``www.example.com``
// will be first matched against ``www.example.com``, then ``*.example.com``, then ``*.com``.
//
// Note that partial wildcards are not supported, and values like ``*w.example.com`` are invalid.
//
// .. attention::
//
// See the :ref:`FAQ entry <faq_how_to_setup_sni>` on how to configure SNI for more
// information.
repeated string server_names = 11;
// If non-empty, a transport protocol to consider when determining a filter chain match.
// This value will be compared against the transport protocol of a new connection, when
// it's detected by one of the listener filters.
//
// Suggested values include:
//
// * ``raw_buffer`` - default, used when no transport protocol is detected,
// * ``tls`` - set by :ref:`envoy.filters.listener.tls_inspector <config_listener_filters_tls_inspector>`
// when TLS protocol is detected.
string transport_protocol = 9;
// If non-empty, a list of application protocols (e.g. ALPN for TLS protocol) to consider when
// determining a filter chain match. Those values will be compared against the application
// protocols of a new connection, when detected by one of the listener filters.
//
// Suggested values include:
//
// * ``http/1.1`` - set by :ref:`envoy.filters.listener.tls_inspector
// <config_listener_filters_tls_inspector>`,
// * ``h2`` - set by :ref:`envoy.filters.listener.tls_inspector <config_listener_filters_tls_inspector>`
//
// .. attention::
//
// Currently, only :ref:`TLS Inspector <config_listener_filters_tls_inspector>` provides
// application protocol detection based on the requested
// `ALPN <https://en.wikipedia.org/wiki/Application-Layer_Protocol_Negotiation>`_ values.
//
// However, the use of ALPN is pretty much limited to the HTTP/2 traffic on the Internet,
// and matching on values other than ``h2`` is going to lead to a lot of false negatives,
// unless all connecting clients are known to use ALPN.
repeated string application_protocols = 10;
}
// A filter chain wraps a set of match criteria, an option TLS context, a set of filters, and
// various other parameters.
// [#next-free-field: 8]
message FilterChain {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.listener.FilterChain";
reserved 2;
reserved "tls_context";
// The criteria to use when matching a connection to this filter chain.
FilterChainMatch filter_chain_match = 1;
// A list of individual network filters that make up the filter chain for
// connections established with the listener. Order matters as the filters are
// processed sequentially as connection events happen. Note: If the filter
// list is empty, the connection will close by default.
repeated Filter filters = 3;
// Whether the listener should expect a PROXY protocol V1 header on new
// connections. If this option is enabled, the listener will assume that that
// remote address of the connection is the one specified in the header. Some
// load balancers including the AWS ELB support this option. If the option is
// absent or set to false, Envoy will use the physical peer address of the
// connection as the remote address.
google.protobuf.BoolValue use_proxy_proto = 4;
// [#not-implemented-hide:] filter chain metadata.
core.v3.Metadata metadata = 5;
// Optional custom transport socket implementation to use for downstream connections.
// To setup TLS, set a transport socket with name `tls` and
// :ref:`DownstreamTlsContext <envoy_api_msg_extensions.transport_sockets.tls.v3.DownstreamTlsContext>` in the `typed_config`.
// If no transport socket configuration is specified, new connections
// will be set up with plaintext.
core.v3.TransportSocket transport_socket = 6;
// [#not-implemented-hide:] The unique name (or empty) by which this filter chain is known. If no
// name is provided, Envoy will allocate an internal UUID for the filter chain. If the filter
// chain is to be dynamically updated or removed via FCDS a unique name must be provided.
string name = 7;
}
// [#not-implemented-hide:]
// Listener filter chain match configuration. This is a recursive structure which allows complex
// nested match configurations to be built using various logical operators.
// [#next-free-field: 6]
message ListenerFilterChainMatchPredicate {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.listener.ListenerFilterChainMatchPredicate";
// A set of match configurations used for logical operations.
message MatchSet {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.listener.ListenerFilterChainMatchPredicate.MatchSet";
// The list of rules that make up the set.
repeated ListenerFilterChainMatchPredicate rules = 1
[(validate.rules).repeated = {min_items: 2}];
}
oneof rule {
option (validate.required) = true;
// A set that describes a logical OR. If any member of the set matches, the match configuration
// matches.
MatchSet or_match = 1;
// A set that describes a logical AND. If all members of the set match, the match configuration
// matches.
MatchSet and_match = 2;
// A negation match. The match configuration will match if the negated match condition matches.
ListenerFilterChainMatchPredicate not_match = 3;
// The match configuration will always match.
bool any_match = 4 [(validate.rules).bool = {const: true}];
// Match destination port. Particularly, the match evaluation must use the recovered local port if
// the owning listener filter is after :ref:`an original_dst listener filter <config_listener_filters_original_dst>`.
type.v3.Int32Range destination_port_range = 5;
}
}
message ListenerFilter {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.listener.ListenerFilter";
reserved 2;
reserved "config";
// The name of the filter to instantiate. The name must match a
// :ref:`supported filter <config_listener_filters>`.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
// Filter specific configuration which depends on the filter being instantiated.
// See the supported filters for further documentation.
oneof config_type {
google.protobuf.Any typed_config = 3;
}
// [#not-implemented-hide:]
// Decide when to disable this listener filter on incoming traffic.
// Example:
// 0. always enable filter
// don't set `filter_disabled`
// 1. disable when the destination port is 3306
// rule.destination_port_range = Int32Range {start = 3306, end = 3307}
// 2. disable when the destination port is 3306 or 15000
// rule.or_match = MatchSet.rules [
// rule.destination_port_range = Int32Range {start = 3306, end = 3307},
// rule.destination_port_range = Int32Range {start = 15000, end = 15001},
// ]
ListenerFilterChainMatchPredicate filter_disabled = 4;
}

40
xds/third_party/envoy/src/main/proto/envoy/config/listener/v3/udp_listener_config.proto vendored Normal file
View File

@ -0,0 +1,40 @@
syntax = "proto3";
package envoy.config.listener.v3;
import "google/protobuf/any.proto";
import "google/protobuf/struct.proto";
import "udpa/annotations/versioning.proto";
option java_package = "io.envoyproxy.envoy.config.listener.v3";
option java_outer_classname = "UdpListenerConfigProto";
option java_multiple_files = true;
// [#protodoc-title: UDP Listener Config]
// Listener :ref:`configuration overview <config_listeners>`
message UdpListenerConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.listener.UdpListenerConfig";
reserved 2;
reserved "config";
// Used to look up UDP listener factory, matches "raw_udp_listener" or
// "quic_listener" to create a specific udp listener.
// If not specified, treat as "raw_udp_listener".
string udp_listener_name = 1;
// Used to create a specific listener factory. To some factory, e.g.
// "raw_udp_listener", config is not needed.
oneof config_type {
google.protobuf.Any typed_config = 3;
}
}
message ActiveRawUdpListenerConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.listener.ActiveRawUdpListenerConfig";
}

1561
xds/third_party/envoy/src/main/proto/envoy/config/route/v3/route_components.proto vendored Normal file
View File

File diff suppressed because it is too large Load Diff

500
xds/third_party/envoy/src/main/proto/envoy/extensions/transport_sockets/tls/v3/cert.proto vendored Normal file
View File

@ -0,0 +1,500 @@
syntax = "proto3";
package envoy.extensions.transport_sockets.tls.v3;
import "envoy/config/core/v3/base.proto";
import "envoy/config/core/v3/config_source.proto";
import "envoy/type/matcher/v3/string.proto";
import "google/protobuf/any.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/struct.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/sensitive.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v3";
option java_outer_classname = "CertProto";
option java_multiple_files = true;
// [#protodoc-title: Common TLS configuration]
message TlsParameters {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.TlsParameters";
enum TlsProtocol {
// Envoy will choose the optimal TLS version.
TLS_AUTO = 0;
// TLS 1.0
TLSv1_0 = 1;
// TLS 1.1
TLSv1_1 = 2;
// TLS 1.2
TLSv1_2 = 3;
// TLS 1.3
TLSv1_3 = 4;
}
// Minimum TLS protocol version. By default, it's ``TLSv1_2`` for clients and ``TLSv1_0`` for
// servers.
TlsProtocol tls_minimum_protocol_version = 1 [(validate.rules).enum = {defined_only: true}];
// Maximum TLS protocol version. By default, it's ``TLSv1_3`` for servers in non-FIPS builds, and
// ``TLSv1_2`` for clients and for servers using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`.
TlsProtocol tls_maximum_protocol_version = 2 [(validate.rules).enum = {defined_only: true}];
// If specified, the TLS listener will only support the specified `cipher list
// <https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#Cipher-suite-configuration>`_
// when negotiating TLS 1.0-1.2 (this setting has no effect when negotiating TLS 1.3). If not
// specified, the default list will be used.
//
// In non-FIPS builds, the default cipher list is:
//
// .. code-block:: none
//
// [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
// [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
// ECDHE-ECDSA-AES128-SHA
// ECDHE-RSA-AES128-SHA
// AES128-GCM-SHA256
// AES128-SHA
// ECDHE-ECDSA-AES256-GCM-SHA384
// ECDHE-RSA-AES256-GCM-SHA384
// ECDHE-ECDSA-AES256-SHA
// ECDHE-RSA-AES256-SHA
// AES256-GCM-SHA384
// AES256-SHA
//
// In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default cipher list is:
//
// .. code-block:: none
//
// ECDHE-ECDSA-AES128-GCM-SHA256
// ECDHE-RSA-AES128-GCM-SHA256
// ECDHE-ECDSA-AES128-SHA
// ECDHE-RSA-AES128-SHA
// AES128-GCM-SHA256
// AES128-SHA
// ECDHE-ECDSA-AES256-GCM-SHA384
// ECDHE-RSA-AES256-GCM-SHA384
// ECDHE-ECDSA-AES256-SHA
// ECDHE-RSA-AES256-SHA
// AES256-GCM-SHA384
// AES256-SHA
repeated string cipher_suites = 3;
// If specified, the TLS connection will only support the specified ECDH
// curves. If not specified, the default curves will be used.
//
// In non-FIPS builds, the default curves are:
//
// .. code-block:: none
//
// X25519
// P-256
//
// In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default curve is:
//
// .. code-block:: none
//
// P-256
repeated string ecdh_curves = 4;
}
// BoringSSL private key method configuration. The private key methods are used for external
// (potentially asynchronous) signing and decryption operations. Some use cases for private key
// methods would be TPM support and TLS acceleration.
message PrivateKeyProvider {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.auth.PrivateKeyProvider";
reserved 2;
reserved "config";
// Private key method provider name. The name must match a
// supported private key method provider type.
string provider_name = 1 [(validate.rules).string = {min_bytes: 1}];
// Private key method provider specific configuration.
oneof config_type {
google.protobuf.Any typed_config = 3 [(udpa.annotations.sensitive) = true];
}
}
// [#next-free-field: 7]
message TlsCertificate {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.TlsCertificate";
// The TLS certificate chain.
config.core.v3.DataSource certificate_chain = 1;
// The TLS private key.
config.core.v3.DataSource private_key = 2 [(udpa.annotations.sensitive) = true];
// BoringSSL private key method provider. This is an alternative to :ref:`private_key
// <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field. This can't be
// marked as ``oneof`` due to API compatibility reasons. Setting both :ref:`private_key
// <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` and
// :ref:`private_key_provider
// <envoy_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` fields will result in an
// error.
PrivateKeyProvider private_key_provider = 6;
// The password to decrypt the TLS private key. If this field is not set, it is assumed that the
// TLS private key is not password encrypted.
config.core.v3.DataSource password = 3 [(udpa.annotations.sensitive) = true];
// [#not-implemented-hide:]
config.core.v3.DataSource ocsp_staple = 4;
// [#not-implemented-hide:]
repeated config.core.v3.DataSource signed_certificate_timestamp = 5;
}
message TlsSessionTicketKeys {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.auth.TlsSessionTicketKeys";
// Keys for encrypting and decrypting TLS session tickets. The
// first key in the array contains the key to encrypt all new sessions created by this context.
// All keys are candidates for decrypting received tickets. This allows for easy rotation of keys
// by, for example, putting the new key first, and the previous key second.
//
// If :ref:`session_ticket_keys <envoy_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.session_ticket_keys>`
// is not specified, the TLS library will still support resuming sessions via tickets, but it will
// use an internally-generated and managed key, so sessions cannot be resumed across hot restarts
// or on different hosts.
//
// Each key must contain exactly 80 bytes of cryptographically-secure random data. For
// example, the output of ``openssl rand 80``.
//
// .. attention::
//
// Using this feature has serious security considerations and risks. Improper handling of keys
// may result in loss of secrecy in connections, even if ciphers supporting perfect forward
// secrecy are used. See https://www.imperialviolet.org/2013/06/27/botchingpfs.html for some
// discussion. To minimize the risk, you must:
//
// * Keep the session ticket keys at least as secure as your TLS certificate private keys
// * Rotate session ticket keys at least daily, and preferably hourly
// * Always generate keys using a cryptographically-secure random data source
repeated config.core.v3.DataSource keys = 1
[(validate.rules).repeated = {min_items: 1}, (udpa.annotations.sensitive) = true];
}
// [#next-free-field: 11]
message CertificateValidationContext {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.auth.CertificateValidationContext";
// Peer certificate verification mode.
enum TrustChainVerification {
// Perform default certificate verification (e.g., against CA / verification lists)
VERIFY_TRUST_CHAIN = 0;
// Connections where the certificate fails verification will be permitted.
// For HTTP connections, the result of certificate verification can be used in route matching. (
// see :ref:`validated <envoy_api_field_config.route.v3.RouteMatch.TlsContextMatchOptions.validated>` ).
ACCEPT_UNTRUSTED = 1;
}
reserved 4;
reserved "verify_subject_alt_name";
// TLS certificate data containing certificate authority certificates to use in verifying
// a presented peer certificate (e.g. server certificate for clusters or client certificate
// for listeners). If not specified and a peer certificate is presented it will not be
// verified. By default, a client certificate is optional, unless one of the additional
// options (:ref:`require_client_certificate
// <envoy_api_field_extensions.transport_sockets.tls.v3.DownstreamTlsContext.require_client_certificate>`,
// :ref:`verify_certificate_spki
// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_spki>`,
// :ref:`verify_certificate_hash
// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>`, or
// :ref:`match_subject_alt_names
// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.match_subject_alt_names>`) is also
// specified.
//
// It can optionally contain certificate revocation lists, in which case Envoy will verify
// that the presented peer certificate has not been revoked by one of the included CRLs.
//
// See :ref:`the TLS overview <arch_overview_ssl_enabling_verification>` for a list of common
// system CA locations.
config.core.v3.DataSource trusted_ca = 1;
// An optional list of base64-encoded SHA-256 hashes. If specified, Envoy will verify that the
// SHA-256 of the DER-encoded Subject Public Key Information (SPKI) of the presented certificate
// matches one of the specified values.
//
// A base64-encoded SHA-256 of the Subject Public Key Information (SPKI) of the certificate
// can be generated with the following command:
//
// .. code-block:: bash
//
// $ openssl x509 -in path/to/client.crt -noout -pubkey
// | openssl pkey -pubin -outform DER
// | openssl dgst -sha256 -binary
// | openssl enc -base64
// NvqYIYSbgK2vCJpQhObf77vv+bQWtc5ek5RIOwPiC9A=
//
// This is the format used in HTTP Public Key Pinning.
//
// When both:
// :ref:`verify_certificate_hash
// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>` and
// :ref:`verify_certificate_spki
// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_spki>` are specified,
// a hash matching value from either of the lists will result in the certificate being accepted.
//
// .. attention::
//
// This option is preferred over :ref:`verify_certificate_hash
// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>`,
// because SPKI is tied to a private key, so it doesn't change when the certificate
// is renewed using the same private key.
repeated string verify_certificate_spki = 3
[(validate.rules).repeated = {items {string {min_bytes: 44 max_bytes: 44}}}];
// An optional list of hex-encoded SHA-256 hashes. If specified, Envoy will verify that
// the SHA-256 of the DER-encoded presented certificate matches one of the specified values.
//
// A hex-encoded SHA-256 of the certificate can be generated with the following command:
//
// .. code-block:: bash
//
// $ openssl x509 -in path/to/client.crt -outform DER | openssl dgst -sha256 | cut -d" " -f2
// df6ff72fe9116521268f6f2dd4966f51df479883fe7037b39f75916ac3049d1a
//
// A long hex-encoded and colon-separated SHA-256 (a.k.a. "fingerprint") of the certificate
// can be generated with the following command:
//
// .. code-block:: bash
//
// $ openssl x509 -in path/to/client.crt -noout -fingerprint -sha256 | cut -d"=" -f2
// DF:6F:F7:2F:E9:11:65:21:26:8F:6F:2D:D4:96:6F:51:DF:47:98:83:FE:70:37:B3:9F:75:91:6A:C3:04:9D:1A
//
// Both of those formats are acceptable.
//
// When both:
// :ref:`verify_certificate_hash
// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_hash>` and
// :ref:`verify_certificate_spki
// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.verify_certificate_spki>` are specified,
// a hash matching value from either of the lists will result in the certificate being accepted.
repeated string verify_certificate_hash = 2
[(validate.rules).repeated = {items {string {min_bytes: 64 max_bytes: 95}}}];
// An optional list of Subject Alternative name matchers. Envoy will verify that the
// Subject Alternative Name of the presented certificate matches one of the specified matches.
//
// When a certificate has wildcard DNS SAN entries, to match a specific client, it should be
// configured with exact match type in the :ref:`string matcher <envoy_api_msg_type.matcher.v3.StringMatcher>`.
// For example if the certificate has "\*.example.com" as DNS SAN entry, to allow only "api.example.com",
// it should be configured as shown below.
//
// .. code-block:: yaml
//
// match_subject_alt_names:
// exact: "api.example.com"
//
// .. attention::
//
// Subject Alternative Names are easily spoofable and verifying only them is insecure,
// therefore this option must be used together with :ref:`trusted_ca
// <envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>`.
repeated type.matcher.v3.StringMatcher match_subject_alt_names = 9;
// [#not-implemented-hide:] Must present a signed time-stamped OCSP response.
google.protobuf.BoolValue require_ocsp_staple = 5;
// [#not-implemented-hide:] Must present signed certificate time-stamp.
google.protobuf.BoolValue require_signed_certificate_timestamp = 6;
// An optional `certificate revocation list
// <https://en.wikipedia.org/wiki/Certificate_revocation_list>`_
// (in PEM format). If specified, Envoy will verify that the presented peer
// certificate has not been revoked by this CRL. If this DataSource contains
// multiple CRLs, all of them will be used.
config.core.v3.DataSource crl = 7;
// If specified, Envoy will not reject expired certificates.
bool allow_expired_certificate = 8;
// Certificate trust chain verification mode.
TrustChainVerification trust_chain_verification = 10
[(validate.rules).enum = {defined_only: true}];
}
// TLS context shared by both client and server TLS contexts.
// [#next-free-field: 9]
message CommonTlsContext {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.CommonTlsContext";
message CombinedCertificateValidationContext {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.auth.CommonTlsContext.CombinedCertificateValidationContext";
// How to validate peer certificates.
CertificateValidationContext default_validation_context = 1
[(validate.rules).message = {required: true}];
// Config for fetching validation context via SDS API.
SdsSecretConfig validation_context_sds_secret_config = 2
[(validate.rules).message = {required: true}];
}
reserved 5;
// TLS protocol versions, cipher suites etc.
TlsParameters tls_params = 1;
// :ref:`Multiple TLS certificates <arch_overview_ssl_cert_select>` can be associated with the
// same context to allow both RSA and ECDSA certificates.
//
// Only a single TLS certificate is supported in client contexts. In server contexts, the first
// RSA certificate is used for clients that only support RSA and the first ECDSA certificate is
// used for clients that support ECDSA.
repeated TlsCertificate tls_certificates = 2;
// Configs for fetching TLS certificates via SDS API.
repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6
[(validate.rules).repeated = {max_items: 1}];
oneof validation_context_type {
// How to validate peer certificates.
CertificateValidationContext validation_context = 3;
// Config for fetching validation context via SDS API.
SdsSecretConfig validation_context_sds_secret_config = 7;
// Combined certificate validation context holds a default CertificateValidationContext
// and SDS config. When SDS server returns dynamic CertificateValidationContext, both dynamic
// and default CertificateValidationContext are merged into a new CertificateValidationContext
// for validation. This merge is done by Message::MergeFrom(), so dynamic
// CertificateValidationContext overwrites singular fields in default
// CertificateValidationContext, and concatenates repeated fields to default
// CertificateValidationContext, and logical OR is applied to boolean fields.
CombinedCertificateValidationContext combined_validation_context = 8;
}
// Supplies the list of ALPN protocols that the listener should expose. In
// practice this is likely to be set to one of two values (see the
// :ref:`codec_type
// <envoy_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.codec_type>`
// parameter in the HTTP connection manager for more information):
//
// * "h2,http/1.1" If the listener is going to support both HTTP/2 and HTTP/1.1.
// * "http/1.1" If the listener is only going to support HTTP/1.1.
//
// There is no default for this parameter. If empty, Envoy will not expose ALPN.
repeated string alpn_protocols = 4;
}
message UpstreamTlsContext {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.auth.UpstreamTlsContext";
// Common TLS context settings.
//
// .. attention::
//
// Server certificate verification is not enabled by default. Configure
// :ref:`trusted_ca<envoy_api_field_extensions.transport_sockets.tls.v3.CertificateValidationContext.trusted_ca>` to enable
// verification.
CommonTlsContext common_tls_context = 1;
// SNI string to use when creating TLS backend connections.
string sni = 2 [(validate.rules).string = {max_bytes: 255}];
// If true, server-initiated TLS renegotiation will be allowed.
//
// .. attention::
//
// TLS renegotiation is considered insecure and shouldn't be used unless absolutely necessary.
bool allow_renegotiation = 3;
// Maximum number of session keys (Pre-Shared Keys for TLSv1.3+, Session IDs and Session Tickets
// for TLSv1.2 and older) to store for the purpose of session resumption.
//
// Defaults to 1, setting this to 0 disables session resumption.
google.protobuf.UInt32Value max_session_keys = 4;
}
// [#next-free-field: 7]
message DownstreamTlsContext {
option (udpa.annotations.versioning).previous_message_type =
"envoy.api.v2.auth.DownstreamTlsContext";
// Common TLS context settings.
CommonTlsContext common_tls_context = 1;
// If specified, Envoy will reject connections without a valid client
// certificate.
google.protobuf.BoolValue require_client_certificate = 2;
// If specified, Envoy will reject connections without a valid and matching SNI.
// [#not-implemented-hide:]
google.protobuf.BoolValue require_sni = 3;
oneof session_ticket_keys_type {
// TLS session ticket key settings.
TlsSessionTicketKeys session_ticket_keys = 4;
// Config for fetching TLS session ticket keys via SDS API.
SdsSecretConfig session_ticket_keys_sds_secret_config = 5;
}
// If specified, session_timeout will change maximum lifetime (in seconds) of TLS session
// Currently this value is used as a hint to `TLS session ticket lifetime (for TLSv1.2)
// <https://tools.ietf.org/html/rfc5077#section-5.6>`
// only seconds could be specified (fractional seconds are going to be ignored).
google.protobuf.Duration session_timeout = 6 [(validate.rules).duration = {
lt {seconds: 4294967296}
gte {}
}];
}
message GenericSecret {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.GenericSecret";
// Secret of generic type and is available to filters.
config.core.v3.DataSource secret = 1 [(udpa.annotations.sensitive) = true];
}
message SdsSecretConfig {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.SdsSecretConfig";
// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
// When both name and config are specified, then secret can be fetched and/or reloaded via
// SDS. When only name is specified, then secret will be loaded from static resources.
string name = 1;
config.core.v3.ConfigSource sds_config = 2;
}
// [#next-free-field: 6]
message Secret {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.Secret";
// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
string name = 1;
oneof type {
TlsCertificate tls_certificate = 2;
TlsSessionTicketKeys session_ticket_keys = 3;
CertificateValidationContext validation_context = 4;
GenericSecret generic_secret = 5;
}
}

73
xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/regex.proto vendored Normal file
View File

@ -0,0 +1,73 @@
syntax = "proto3";
package envoy.type.matcher.v3;
import "google/protobuf/wrappers.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.type.matcher.v3";
option java_outer_classname = "RegexProto";
option java_multiple_files = true;
// [#protodoc-title: Regex matcher]
// A regex matcher designed for safety when used with untrusted input.
message RegexMatcher {
option (udpa.annotations.versioning).previous_message_type = "envoy.type.matcher.RegexMatcher";
// Google's `RE2 <https://github.com/google/re2>`_ regex engine. The regex string must adhere to
// the documented `syntax <https://github.com/google/re2/wiki/Syntax>`_. The engine is designed
// to complete execution in linear time as well as limit the amount of memory used.
message GoogleRE2 {
option (udpa.annotations.versioning).previous_message_type =
"envoy.type.matcher.RegexMatcher.GoogleRE2";
// This field controls the RE2 "program size" which is a rough estimate of how complex a
// compiled regex is to evaluate. A regex that has a program size greater than the configured
// value will fail to compile. In this case, the configured max program size can be increased
// or the regex can be simplified. If not specified, the default is 100.
google.protobuf.UInt32Value max_program_size = 1;
}
oneof engine_type {
option (validate.required) = true;
// Google's RE2 regex engine.
GoogleRE2 google_re2 = 1 [(validate.rules).message = {required: true}];
}
// The regex match string. The string must be supported by the configured engine.
string regex = 2 [(validate.rules).string = {min_bytes: 1}];
}
// Describes how to match a string and then produce a new string using a regular
// expression and a substitution string.
message RegexMatchAndSubstitute {
option (udpa.annotations.versioning).previous_message_type =
"envoy.type.matcher.RegexMatchAndSubstitute";
// The regular expression used to find portions of a string (hereafter called
// the "subject string") that should be replaced. When a new string is
// produced during the substitution operation, the new string is initially
// the same as the subject string, but then all matches in the subject string
// are replaced by the substitution string. If replacing all matches isn't
// desired, regular expression anchors can be used to ensure a single match,
// so as to replace just one occurrence of a pattern. Capture groups can be
// used in the pattern to extract portions of the subject string, and then
// referenced in the substitution string.
RegexMatcher pattern = 1;
// The string that should be substituted into matching portions of the
// subject string during a substitution operation to produce a new string.
// Capture groups in the pattern can be referenced in the substitution
// string. Note, however, that the syntax for referring to capture groups is
// defined by the chosen regular expression engine. Google's `RE2
// <https://github.com/google/re2>`_ regular expression engine uses a
// backslash followed by the capture group number to denote a numbered
// capture group. E.g., ``\1`` refers to capture group 1, and ``\2`` refers
// to capture group 2.
string substitution = 2;
}

69
xds/third_party/envoy/src/main/proto/envoy/type/matcher/v3/string.proto vendored Normal file
View File

@ -0,0 +1,69 @@
syntax = "proto3";
package envoy.type.matcher.v3;
import "envoy/type/matcher/v3/regex.proto";
import "udpa/annotations/versioning.proto";
import "envoy/annotations/deprecation.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.type.matcher.v3";
option java_outer_classname = "StringProto";
option java_multiple_files = true;
// [#protodoc-title: String matcher]
// Specifies the way to match a string.
// [#next-free-field: 7]
message StringMatcher {
option (udpa.annotations.versioning).previous_message_type = "envoy.type.matcher.StringMatcher";
reserved 4;
reserved "regex";
oneof match_pattern {
option (validate.required) = true;
// The input string must match exactly the string specified here.
//
// Examples:
//
// * *abc* only matches the value *abc*.
string exact = 1;
// The input string must have the prefix specified here.
// Note: empty prefix is not allowed, please use regex instead.
//
// Examples:
//
// * *abc* matches the value *abc.xyz*
string prefix = 2 [(validate.rules).string = {min_bytes: 1}];
// The input string must have the suffix specified here.
// Note: empty prefix is not allowed, please use regex instead.
//
// Examples:
//
// * *abc* matches the value *xyz.abc*
string suffix = 3 [(validate.rules).string = {min_bytes: 1}];
// The input string must match the regular expression specified here.
RegexMatcher safe_regex = 5 [(validate.rules).message = {required: true}];
}
// If true, indicates the exact/prefix/suffix matching should be case insensitive. This has no
// effect for the safe_regex match.
// For example, the matcher *data* will match both input string *Data* and *data* if set to true.
bool ignore_case = 6;
}
// Specifies a list of ways to match a string.
message ListStringMatcher {
option (udpa.annotations.versioning).previous_message_type =
"envoy.type.matcher.ListStringMatcher";
repeated StringMatcher patterns = 1 [(validate.rules).repeated = {min_items: 1}];
}

113
xds/third_party/envoy/src/main/proto/envoy/type/metadata/v3/metadata.proto vendored Normal file
View File

@ -0,0 +1,113 @@
syntax = "proto3";
package envoy.type.metadata.v3;
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.type.metadata.v3";
option java_outer_classname = "MetadataProto";
option java_multiple_files = true;
// [#protodoc-title: Metadata]
// MetadataKey provides a general interface using `key` and `path` to retrieve value from
// :ref:`Metadata <envoy_api_msg_config.core.v3.Metadata>`.
//
// For example, for the following Metadata:
//
// .. code-block:: yaml
//
// filter_metadata:
// envoy.xxx:
// prop:
// foo: bar
// xyz:
// hello: envoy
//
// The following MetadataKey will retrieve a string value "bar" from the Metadata.
//
// .. code-block:: yaml
//
// key: envoy.xxx
// path:
// - key: prop
// - key: foo
//
message MetadataKey {
option (udpa.annotations.versioning).previous_message_type = "envoy.type.metadata.v2.MetadataKey";
// Specifies the segment in a path to retrieve value from Metadata.
// Currently it is only supported to specify the key, i.e. field name, as one segment of a path.
message PathSegment {
option (udpa.annotations.versioning).previous_message_type =
"envoy.type.metadata.v2.MetadataKey.PathSegment";
oneof segment {
option (validate.required) = true;
// If specified, use the key to retrieve the value in a Struct.
string key = 1 [(validate.rules).string = {min_bytes: 1}];
}
}
// The key name of Metadata to retrieve the Struct from the metadata.
// Typically, it represents a builtin subsystem or custom extension.
string key = 1 [(validate.rules).string = {min_bytes: 1}];
// The path to retrieve the Value from the Struct. It can be a prefix or a full path,
// e.g. ``[prop, xyz]`` for a struct or ``[prop, foo]`` for a string in the example,
// which depends on the particular scenario.
//
// Note: Due to that only the key type segment is supported, the path can not specify a list
// unless the list is the last segment.
repeated PathSegment path = 2 [(validate.rules).repeated = {min_items: 1}];
}
// Describes what kind of metadata.
message MetadataKind {
option (udpa.annotations.versioning).previous_message_type =
"envoy.type.metadata.v2.MetadataKind";
// Represents dynamic metadata associated with the request.
message Request {
option (udpa.annotations.versioning).previous_message_type =
"envoy.type.metadata.v2.MetadataKind.Request";
}
// Represents metadata from :ref:`the route<envoy_api_field_config.route.v3.Route.metadata>`.
message Route {
option (udpa.annotations.versioning).previous_message_type =
"envoy.type.metadata.v2.MetadataKind.Route";
}
// Represents metadata from :ref:`the upstream cluster<envoy_api_field_config.cluster.v3.Cluster.metadata>`.
message Cluster {
option (udpa.annotations.versioning).previous_message_type =
"envoy.type.metadata.v2.MetadataKind.Cluster";
}
// Represents metadata from :ref:`the upstream
// host<envoy_api_field_config.endpoint.v3.LbEndpoint.metadata>`.
message Host {
option (udpa.annotations.versioning).previous_message_type =
"envoy.type.metadata.v2.MetadataKind.Host";
}
oneof kind {
option (validate.required) = true;
// Request kind of metadata.
Request request = 1;
// Route kind of metadata.
Route route = 2;
// Cluster kind of metadata.
Cluster cluster = 3;
// Host kind of metadata.
Host host = 4;
}
}

100
xds/third_party/envoy/src/main/proto/envoy/type/tracing/v3/custom_tag.proto vendored Normal file
View File

@ -0,0 +1,100 @@
syntax = "proto3";
package envoy.type.tracing.v3;
import "envoy/type/metadata/v3/metadata.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.type.tracing.v3";
option java_outer_classname = "CustomTagProto";
option java_multiple_files = true;
// [#protodoc-title: Custom Tag]
// Describes custom tags for the active span.
// [#next-free-field: 6]
message CustomTag {
option (udpa.annotations.versioning).previous_message_type = "envoy.type.tracing.v2.CustomTag";
// Literal type custom tag with static value for the tag value.
message Literal {
option (udpa.annotations.versioning).previous_message_type =
"envoy.type.tracing.v2.CustomTag.Literal";
// Static literal value to populate the tag value.
string value = 1 [(validate.rules).string = {min_bytes: 1}];
}
// Environment type custom tag with environment name and default value.
message Environment {
option (udpa.annotations.versioning).previous_message_type =
"envoy.type.tracing.v2.CustomTag.Environment";
// Environment variable name to obtain the value to populate the tag value.
string name = 1 [(validate.rules).string = {min_bytes: 1}];
// When the environment variable is not found,
// the tag value will be populated with this default value if specified,
// otherwise no tag will be populated.
string default_value = 2;
}
// Header type custom tag with header name and default value.
message Header {
option (udpa.annotations.versioning).previous_message_type =
"envoy.type.tracing.v2.CustomTag.Header";
// Header name to obtain the value to populate the tag value.
string name = 1
[(validate.rules).string = {min_bytes: 1 well_known_regex: HTTP_HEADER_NAME strict: false}];
// When the header does not exist,
// the tag value will be populated with this default value if specified,
// otherwise no tag will be populated.
string default_value = 2;
}
// Metadata type custom tag using
// :ref:`MetadataKey <envoy_api_msg_type.metadata.v3.MetadataKey>` to retrieve the protobuf value
// from :ref:`Metadata <envoy_api_msg_config.core.v3.Metadata>`, and populate the tag value with
// `the canonical JSON <https://developers.google.com/protocol-buffers/docs/proto3#json>`_
// representation of it.
message Metadata {
option (udpa.annotations.versioning).previous_message_type =
"envoy.type.tracing.v2.CustomTag.Metadata";
// Specify what kind of metadata to obtain tag value from.
metadata.v3.MetadataKind kind = 1;
// Metadata key to define the path to retrieve the tag value.
metadata.v3.MetadataKey metadata_key = 2;
// When no valid metadata is found,
// the tag value would be populated with this default value if specified,
// otherwise no tag would be populated.
string default_value = 3;
}
// Used to populate the tag name.
string tag = 1 [(validate.rules).string = {min_bytes: 1}];
// Used to specify what kind of custom tag.
oneof type {
option (validate.required) = true;
// A literal custom tag.
Literal literal = 2;
// An environment custom tag.
Environment environment = 3;
// A request header custom tag.
Header request_header = 4;
// A custom tag to obtain tag value from the metadata.
Metadata metadata = 5;
}
}

20
xds/third_party/envoy/src/main/proto/envoy/type/v3/http.proto vendored Normal file
View File

@ -0,0 +1,20 @@
syntax = "proto3";
package envoy.type.v3;
option java_package = "io.envoyproxy.envoy.type.v3";
option java_outer_classname = "HttpProto";
option java_multiple_files = true;
// [#protodoc-title: HTTP]
enum CodecClientType {
HTTP1 = 0;
HTTP2 = 1;
// [#not-implemented-hide:] QUIC implementation is not production ready yet. Use this enum with
// caution to prevent accidental execution of QUIC code. I.e. `!= HTTP2` is no longer sufficient
// to distinguish HTTP1 and HTTP2 traffic.
HTTP3 = 2;
}

55
xds/third_party/envoy/src/main/proto/envoy/type/v3/percent.proto vendored Normal file
View File

@ -0,0 +1,55 @@
syntax = "proto3";
package envoy.type.v3;
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
option java_package = "io.envoyproxy.envoy.type.v3";
option java_outer_classname = "PercentProto";
option java_multiple_files = true;
// [#protodoc-title: Percent]
// Identifies a percentage, in the range [0.0, 100.0].
message Percent {
option (udpa.annotations.versioning).previous_message_type = "envoy.type.Percent";
double value = 1 [(validate.rules).double = {lte: 100.0 gte: 0.0}];
}
// A fractional percentage is used in cases in which for performance reasons performing floating
// point to integer conversions during randomness calculations is undesirable. The message includes
// both a numerator and denominator that together determine the final fractional value.
//
// * **Example**: 1/100 = 1%.
// * **Example**: 3/10000 = 0.03%.
message FractionalPercent {
option (udpa.annotations.versioning).previous_message_type = "envoy.type.FractionalPercent";
// Fraction percentages support several fixed denominator values.
enum DenominatorType {
// 100.
//
// **Example**: 1/100 = 1%.
HUNDRED = 0;
// 10,000.
//
// **Example**: 1/10000 = 0.01%.
TEN_THOUSAND = 1;
// 1,000,000.
//
// **Example**: 1/1000000 = 0.0001%.
MILLION = 2;
}
// Specifies the numerator. Defaults to 0.
uint32 numerator = 1;
// Specifies the denominator. If the denominator specified is less than the numerator, the final
// fractional percentage is capped at 1 (100%).
DenominatorType denominator = 2 [(validate.rules).enum = {defined_only: true}];
}

47
xds/third_party/envoy/src/main/proto/envoy/type/v3/range.proto vendored Normal file
View File

@ -0,0 +1,47 @@
syntax = "proto3";
package envoy.type.v3;
import "udpa/annotations/versioning.proto";
option java_package = "io.envoyproxy.envoy.type.v3";
option java_outer_classname = "RangeProto";
option java_multiple_files = true;
// [#protodoc-title: Range]
// Specifies the int64 start and end of the range using half-open interval semantics [start,
// end).
message Int64Range {
option (udpa.annotations.versioning).previous_message_type = "envoy.type.Int64Range";
// start of the range (inclusive)
int64 start = 1;
// end of the range (exclusive)
int64 end = 2;
}
// Specifies the int32 start and end of the range using half-open interval semantics [start,
// end).
message Int32Range {
option (udpa.annotations.versioning).previous_message_type = "envoy.type.Int32Range";
// start of the range (inclusive)
int32 start = 1;
// end of the range (exclusive)
int32 end = 2;
}
// Specifies the double start and end of the range using half-open interval semantics [start,
// end).
message DoubleRange {
option (udpa.annotations.versioning).previous_message_type = "envoy.type.DoubleRange";
// start of the range (inclusive)
double start = 1;
// end of the range (exclusive)
double end = 2;
}

24
xds/third_party/envoy/src/main/proto/envoy/type/v3/semantic_version.proto vendored Normal file
View File

@ -0,0 +1,24 @@
syntax = "proto3";
package envoy.type.v3;
import "udpa/annotations/versioning.proto";
option java_package = "io.envoyproxy.envoy.type.v3";
option java_outer_classname = "SemanticVersionProto";
option java_multiple_files = true;
// [#protodoc-title: Semantic Version]
// Envoy uses SemVer (https://semver.org/). Major/minor versions indicate
// expected behaviors and APIs, the patch version field is used only
// for security fixes and can be generally ignored.
message SemanticVersion {
option (udpa.annotations.versioning).previous_message_type = "envoy.type.SemanticVersion";
uint32 major_number = 1;
uint32 minor_number = 2;
uint32 patch = 3;
}

1
xds/third_party/udpa/import.sh vendored
View File

@ -26,6 +26,7 @@ TARGET_PROTO_BASE_DIR=src/main/proto
FILES=( FILES=(
udpa/annotations/migrate.proto udpa/annotations/migrate.proto
udpa/annotations/sensitive.proto udpa/annotations/sensitive.proto
udpa/annotations/versioning.proto
udpa/data/orca/v1/orca_load_report.proto udpa/data/orca/v1/orca_load_report.proto
udpa/service/orca/v1/orca.proto udpa/service/orca/v1/orca.proto
) )

17
xds/third_party/udpa/src/main/proto/udpa/annotations/versioning.proto vendored Normal file
View File

@ -0,0 +1,17 @@
syntax = "proto3";
package udpa.annotations;
import "google/protobuf/descriptor.proto";
extend google.protobuf.MessageOptions {
// Magic number derived from 0x78 ('x') 0x44 ('D') 0x53 ('S')
VersioningAnnotation versioning = 7881811;
}
message VersioningAnnotation {
// Track the previous message type. E.g. this message might be
// udpa.foo.v3alpha.Foo and it was previously udpa.bar.v2.Bar. This
// information is consumed by UDPA via proto descriptors.
string previous_message_type = 1;
}